def ldif_to_samdb(dburl, lp, ldif_file, forced_local_dsa=None): """Routine to import all objects and attributes that are relevent to the KCC algorithms from a previously exported LDIF file. The point of this function is to allow a programmer/debugger to import an LDIF file with non-security relevent information that was previously extracted from a DC database. The LDIF file is used to create a temporary abbreviated database. The KCC algorithm can then run against this abbreviated database for debug or test verification that the topology generated is computationally the same between different OSes and algorithms. :param dburl: path to the temporary abbreviated db to create :param ldif_file: path to the ldif file to import """ if os.path.exists(dburl): raise LdifError("Specify a database (%s) that doesn't already exist." % dburl) # Use ["modules:"] as we are attempting to build a sam # database as opposed to start it here. tmpdb = Ldb(url=dburl, session_info=system_session(), lp=lp, options=["modules:"]) tmpdb.transaction_start() try: data = read_and_sub_file(ldif_file, None) tmpdb.add_ldif(data, None) if forced_local_dsa: tmpdb.modify_ldif("""dn: @ROOTDSE changetype: modify replace: dsServiceName dsServiceName: CN=NTDS Settings,%s """ % forced_local_dsa) tmpdb.add_ldif("""dn: @MODULES @LIST: rootdse,extended_dn_in,extended_dn_out_ldb,objectguid - """) except Exception as estr: tmpdb.transaction_cancel() raise LdifError("Failed to import %s: %s" % (ldif_file, estr)) tmpdb.transaction_commit() # We have an abbreviated list of options here because we have built # an abbreviated database. We use the rootdse and extended-dn # modules only during this re-open samdb = SamDB(url=dburl, session_info=system_session(), lp=lp) return samdb
class OpenChangeDBWithLdbBackend(object): """The OpenChange database.""" def __init__(self, url): self.url = url self.ldb = Ldb(self.url) self.nttime = samba.unix2nttime(int(time.time())) def reopen(self): self.ldb = Ldb(self.url) def remove(self): """Remove an existing OpenChangeDB file.""" if os.path.exists(self.url): os.remove(self.url) self.reopen() def setup(self, names=None): self.ldb.add_ldif(""" dn: @OPTIONS checkBaseOnSearch: TRUE dn: @INDEXLIST @IDXATTR: cn dn: @ATTRIBUTES cn: CASE_INSENSITIVE dn: CASE_INSENSITIVE """) self.reopen() if names: self.add_rootDSE(names.ocserverdn, names.firstorg, names.firstou) def add_rootDSE(self, ocserverdn, firstorg, firstou): self.ldb.add({"dn": "@ROOTDSE", "defaultNamingContext": "CN=%s,CN=%s,%s" % (firstou, firstorg, ocserverdn), "rootDomainNamingContext": ocserverdn, "vendorName": "OpenChange Team (http://www.openchange.org)"}) def add_server(self, names): self.ldb.add({"dn": names.ocserverdn, "objectClass": ["top", "server"], "cn": names.netbiosname, "GlobalCount": "1", "ChangeNumber": "1", "ReplicaID": "1"}) self.ldb.add({"dn": "CN=%s,%s" % (names.firstorg, names.ocserverdn), "objectClass": ["top", "org"], "cn": names.firstorg}) self.ldb.add({"dn": "CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn), "objectClass": ["top", "ou"], "cn": names.firstou}) def add_root_public_folder(self, dn, fid, change_num, SystemIdx, childcount): self.ldb.add({"dn": dn, "objectClass": ["publicfolder"], "cn": fid, "PidTagFolderId": fid, "PidTagChangeNumber": change_num, "PidTagDisplayName": "Public Folder Root", "PidTagCreationTime": "%d" % self.nttime, "PidTagLastModificationTime": "%d" % self.nttime, "PidTagSubFolders": str(childcount != 0).upper(), "PidTagFolderChildCount": str(childcount), "SystemIdx": str(SystemIdx)}) def add_sub_public_folder(self, dn, parentfid, fid, change_num, name, SystemIndex, childcount): self.ldb.add({"dn": dn, "objectClass": ["publicfolder"], "cn": fid, "PidTagFolderId": fid, "PidTagParentFolderId": parentfid, "PidTagChangeNumber": change_num, "PidTagDisplayName": name, "PidTagCreationTime": "%d" % self.nttime, "PidTagLastModificationTime": "%d" % self.nttime, "PidTagAttributeHidden": str(0), "PidTagAttributeReadOnly": str(0), "PidTagAttributeSystem": str(0), "PidTagContainerClass": "IPF.Note (check this)", "PidTagSubFolders": str(childcount != 0).upper(), "PidTagFolderChildCount": str(childcount), "FolderType": str(1), "SystemIdx": str(SystemIndex)}) def add_one_public_folder(self, parent_fid, path, children, SystemIndex, names, dn_prefix = None): name = path[-1] GlobalCount = self.get_message_GlobalCount(names.netbiosname) ChangeNumber = self.get_message_ChangeNumber(names.netbiosname) ReplicaID = self.get_message_ReplicaID(names.netbiosname) if dn_prefix is None: dn_prefix = "CN=publicfolders,CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn) fid = gen_mailbox_folder_fid(GlobalCount, ReplicaID) dn = "CN=%s,%s" % (fid, dn_prefix) change_num = gen_mailbox_folder_fid(ChangeNumber, ReplicaID) childcount = len(children) print "\t* %-40s: 0x%.16x (%s)" % (name, int(fid, 10), fid) if parent_fid == 0: self.add_root_public_folder(dn, fid, change_num, SystemIndex, childcount) else: self.add_sub_public_folder(dn, parent_fid, fid, change_num, name, SystemIndex, childcount) GlobalCount += 1 self.set_message_GlobalCount(names.netbiosname, GlobalCount=GlobalCount) ChangeNumber += 1 self.set_message_ChangeNumber(names.netbiosname, ChangeNumber=ChangeNumber) for name, grandchildren in children.iteritems(): self.add_one_public_folder(fid, path + (name,), grandchildren[0], grandchildren[1], names, dn) def add_public_folders(self, names): pfstoreGUID = str(uuid.uuid4()) self.ldb.add({"dn": "CN=publicfolders,CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn), "objectClass": ["container"], "cn": "publicfolders", "StoreGUID": pfstoreGUID, "ReplicaID": str(1)}) public_folders = _public_folders_meta(names) self.add_one_public_folder(0, ("Public Folder Root",), public_folders[0], public_folders[1], names) def lookup_server(self, cn, attributes=[]): # Step 1. Search Server object filter = "(&(objectClass=server)(cn=%s))" % cn res = self.ldb.search("", scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=attributes) if len(res) != 1: raise NoSuchServer(cn) return res[0] def lookup_mailbox_user(self, server, username, attributes=[]): """Check if a user already exists in openchange database. :param server: Server object name :param username: Username object :return: LDB Object of the user """ server_dn = self.lookup_server(server, []).dn # Step 2. Search User object filter = "(&(objectClass=mailbox)(cn=%s))" % (username) return self.ldb.search(server_dn, scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=attributes) def lookup_public_folder(self, server, displayname, attributes=[]): """Retrieve the record for a public folder matching a specific display name :param server: Server Object Name :param displayname: Display Name of the Folder :param attributes: Requested Attributes :return: LDB Object of the Folder """ server_dn = self.lookup_server(server, []).dn filter = "(&(objectClass=publicfolder)(PidTagDisplayName=%s))" % (displayname) return self.ldb.search(server_dn, scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=attributes) def get_message_attribute(self, server, attribute): """Retrieve attribute value from given message database (server). :param server: Server object name """ return int(self.lookup_server(server, [attribute])[attribute][0], 10) def get_message_ReplicaID(self, server): """Retrieve current mailbox Replica ID for given message database (server). :param server: Server object name """ return self.get_message_attribute(server, "ReplicaID") def get_message_GlobalCount(self, server): """Retrieve current mailbox Global Count for given message database (server). :param server: Server object name """ return self.get_message_attribute(server, "GlobalCount") def set_message_GlobalCount(self, server, GlobalCount): """Update current mailbox GlobalCount for given message database (server). :param server: Server object name :param index: Mailbox new GlobalCount value """ server_dn = self.lookup_server(server, []).dn newGlobalCount = """ dn: %s changetype: modify replace: GlobalCount GlobalCount: %d """ % (server_dn, GlobalCount) self.ldb.transaction_start() try: self.ldb.modify_ldif(newGlobalCount) finally: self.ldb.transaction_commit() def get_message_ChangeNumber(self, server): """Retrieve current mailbox Global Count for given message database (server). :param server: Server object name """ return self.get_message_attribute(server, "ChangeNumber") def set_message_ChangeNumber(self, server, ChangeNumber): """Update current mailbox ChangeNumber for given message database (server). :param server: Server object name :param index: Mailbox new ChangeNumber value """ server_dn = self.lookup_server(server, []).dn newChangeNumber = """ dn: %s changetype: modify replace: ChangeNumber ChangeNumber: %d """ % (server_dn, ChangeNumber) self.ldb.transaction_start() try: self.ldb.modify_ldif(newChangeNumber) finally: self.ldb.transaction_commit()
class Schema(object): def __init__(self, setup_path, domain_sid, schemadn=None, serverdn=None, files=None, prefixmap=None): """Load schema for the SamDB from the AD schema files and samba4_schema.ldif :param samdb: Load a schema into a SamDB. :param setup_path: Setup path function. :param schemadn: DN of the schema :param serverdn: DN of the server Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db """ self.schemadn = schemadn self.ldb = Ldb() self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'), setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt')) if files is not None: for file in files: self.schema_data += open(file, 'r').read() self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn}) check_all_substituted(self.schema_data) self.schema_dn_modify = read_and_sub_file(setup_path("provision_schema_basedn_modify.ldif"), {"SCHEMADN": schemadn, "SERVERDN": serverdn, }) descr = b64encode(get_schema_descriptor(domain_sid)) self.schema_dn_add = read_and_sub_file(setup_path("provision_schema_basedn.ldif"), {"SCHEMADN": schemadn, "DESCRIPTOR": descr }) self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read() if prefixmap is not None: for map in prefixmap: self.prefixmap_data += "%s\n" % map self.prefixmap_data = b64encode(self.prefixmap_data) # We don't actually add this ldif, just parse it prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % self.prefixmap_data self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data) def write_to_tmp_ldb(self, schemadb_path): self.ldb.connect(schemadb_path) self.ldb.transaction_start() self.ldb.add_ldif("""dn: @ATTRIBUTES linkID: INTEGER dn: @INDEXLIST @IDXATTR: linkID @IDXATTR: attributeSyntax """) # These bits of LDIF are supplied when the Schema object is created self.ldb.add_ldif(self.schema_dn_add) self.ldb.modify_ldif(self.schema_dn_modify) self.ldb.add_ldif(self.schema_data) self.ldb.transaction_commit() # Return a hash with the forward attribute as a key and the back as the value def linked_attributes(self): return get_linked_attributes(self.schemadn, self.ldb) def dnsyntax_attributes(self): return get_dnsyntax_attributes(self.schemadn, self.ldb)
class OpenChangeDBWithLdbBackend(object): """The OpenChange database.""" def __init__(self, url): self.url = url self.ldb = Ldb(self.url) self.nttime = samba.unix2nttime(int(time.time())) def reopen(self): self.ldb = Ldb(self.url) def remove(self): """Remove an existing OpenChangeDB file.""" if os.path.exists(self.url): os.remove(self.url) self.reopen() def setup(self, names=None): self.ldb.add_ldif(""" dn: @OPTIONS checkBaseOnSearch: TRUE dn: @INDEXLIST @IDXATTR: cn dn: @ATTRIBUTES cn: CASE_INSENSITIVE dn: CASE_INSENSITIVE """) self.reopen() if names: self.add_rootDSE(names.ocserverdn, names.firstorg, names.firstou) def add_rootDSE(self, ocserverdn, firstorg, firstou): self.ldb.add({ "dn": "@ROOTDSE", "defaultNamingContext": "CN=%s,CN=%s,%s" % (firstou, firstorg, ocserverdn), "rootDomainNamingContext": ocserverdn, "vendorName": "OpenChange Team (http://www.openchange.org)" }) def add_server(self, names): self.ldb.add({ "dn": names.ocserverdn, "objectClass": ["top", "server"], "cn": names.netbiosname, "GlobalCount": "1", "ChangeNumber": "1", "ReplicaID": "1" }) self.ldb.add({ "dn": "CN=%s,%s" % (names.firstorg, names.ocserverdn), "objectClass": ["top", "org"], "cn": names.firstorg }) self.ldb.add({ "dn": "CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn), "objectClass": ["top", "ou"], "cn": names.firstou }) def add_root_public_folder(self, dn, fid, change_num, SystemIdx, childcount): self.ldb.add({ "dn": dn, "objectClass": ["publicfolder"], "cn": fid, "PidTagFolderId": fid, "PidTagChangeNumber": change_num, "PidTagDisplayName": "Public Folder Root", "PidTagCreationTime": "%d" % self.nttime, "PidTagLastModificationTime": "%d" % self.nttime, "PidTagSubFolders": str(childcount != 0).upper(), "PidTagFolderChildCount": str(childcount), "SystemIdx": str(SystemIdx) }) def add_sub_public_folder(self, dn, parentfid, fid, change_num, name, SystemIndex, childcount): self.ldb.add({ "dn": dn, "objectClass": ["publicfolder"], "cn": fid, "PidTagFolderId": fid, "PidTagParentFolderId": parentfid, "PidTagChangeNumber": change_num, "PidTagDisplayName": name, "PidTagCreationTime": "%d" % self.nttime, "PidTagLastModificationTime": "%d" % self.nttime, "PidTagAttributeHidden": str(0), "PidTagAttributeReadOnly": str(0), "PidTagAttributeSystem": str(0), "PidTagContainerClass": "IPF.Note (check this)", "PidTagSubFolders": str(childcount != 0).upper(), "PidTagFolderChildCount": str(childcount), "FolderType": str(1), "SystemIdx": str(SystemIndex) }) def add_one_public_folder(self, parent_fid, path, children, SystemIndex, names, dn_prefix=None): name = path[-1] GlobalCount = self.get_message_GlobalCount(names.netbiosname) ChangeNumber = self.get_message_ChangeNumber(names.netbiosname) ReplicaID = self.get_message_ReplicaID(names.netbiosname) if dn_prefix is None: dn_prefix = "CN=publicfolders,CN=%s,CN=%s,%s" % ( names.firstou, names.firstorg, names.ocserverdn) fid = gen_mailbox_folder_fid(GlobalCount, ReplicaID) dn = "CN=%s,%s" % (fid, dn_prefix) change_num = gen_mailbox_folder_fid(ChangeNumber, ReplicaID) childcount = len(children) print "\t* %-40s: 0x%.16x (%s)" % (name, int(fid, 10), fid) if parent_fid == 0: self.add_root_public_folder(dn, fid, change_num, SystemIndex, childcount) else: self.add_sub_public_folder(dn, parent_fid, fid, change_num, name, SystemIndex, childcount) GlobalCount += 1 self.set_message_GlobalCount(names.netbiosname, GlobalCount=GlobalCount) ChangeNumber += 1 self.set_message_ChangeNumber(names.netbiosname, ChangeNumber=ChangeNumber) for name, grandchildren in children.iteritems(): self.add_one_public_folder(fid, path + (name, ), grandchildren[0], grandchildren[1], names, dn) def add_public_folders(self, names): pfstoreGUID = str(uuid.uuid4()) self.ldb.add({ "dn": "CN=publicfolders,CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn), "objectClass": ["container"], "cn": "publicfolders", "StoreGUID": pfstoreGUID, "ReplicaID": str(1) }) public_folders = _public_folders_meta(names) self.add_one_public_folder(0, ("Public Folder Root", ), public_folders[0], public_folders[1], names) def lookup_server(self, cn, attributes=[]): # Step 1. Search Server object filter = "(&(objectClass=server)(cn=%s))" % cn res = self.ldb.search("", scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=attributes) if len(res) != 1: raise NoSuchServer(cn) return res[0] def lookup_mailbox_user(self, server, username, attributes=[]): """Check if a user already exists in openchange database. :param server: Server object name :param username: Username object :return: LDB Object of the user """ server_dn = self.lookup_server(server, []).dn # Step 2. Search User object filter = "(&(objectClass=mailbox)(cn=%s))" % (username) return self.ldb.search(server_dn, scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=attributes) def lookup_public_folder(self, server, displayname, attributes=[]): """Retrieve the record for a public folder matching a specific display name :param server: Server Object Name :param displayname: Display Name of the Folder :param attributes: Requested Attributes :return: LDB Object of the Folder """ server_dn = self.lookup_server(server, []).dn filter = "(&(objectClass=publicfolder)(PidTagDisplayName=%s))" % ( displayname) return self.ldb.search(server_dn, scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=attributes) def get_message_attribute(self, server, attribute): """Retrieve attribute value from given message database (server). :param server: Server object name """ return int(self.lookup_server(server, [attribute])[attribute][0], 10) def get_message_ReplicaID(self, server): """Retrieve current mailbox Replica ID for given message database (server). :param server: Server object name """ return self.get_message_attribute(server, "ReplicaID") def get_message_GlobalCount(self, server): """Retrieve current mailbox Global Count for given message database (server). :param server: Server object name """ return self.get_message_attribute(server, "GlobalCount") def set_message_GlobalCount(self, server, GlobalCount): """Update current mailbox GlobalCount for given message database (server). :param server: Server object name :param index: Mailbox new GlobalCount value """ server_dn = self.lookup_server(server, []).dn newGlobalCount = """ dn: %s changetype: modify replace: GlobalCount GlobalCount: %d """ % (server_dn, GlobalCount) self.ldb.transaction_start() try: self.ldb.modify_ldif(newGlobalCount) finally: self.ldb.transaction_commit() def get_message_ChangeNumber(self, server): """Retrieve current mailbox Global Count for given message database (server). :param server: Server object name """ return self.get_message_attribute(server, "ChangeNumber") def set_message_ChangeNumber(self, server, ChangeNumber): """Update current mailbox ChangeNumber for given message database (server). :param server: Server object name :param index: Mailbox new ChangeNumber value """ server_dn = self.lookup_server(server, []).dn newChangeNumber = """ dn: %s changetype: modify replace: ChangeNumber ChangeNumber: %d """ % (server_dn, ChangeNumber) self.ldb.transaction_start() try: self.ldb.modify_ldif(newChangeNumber) finally: self.ldb.transaction_commit()
class Schema(object): def __init__(self, setup_path, domain_sid, schemadn=None, serverdn=None, files=None, prefixmap=None): """Load schema for the SamDB from the AD schema files and samba4_schema.ldif :param samdb: Load a schema into a SamDB. :param setup_path: Setup path function. :param schemadn: DN of the schema :param serverdn: DN of the server Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db """ self.schemadn = schemadn self.ldb = Ldb() self.schema_data = read_ms_schema( setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'), setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt')) if files is not None: for file in files: self.schema_data += open(file, 'r').read() self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn}) check_all_substituted(self.schema_data) self.schema_dn_modify = read_and_sub_file( setup_path("provision_schema_basedn_modify.ldif"), { "SCHEMADN": schemadn, "SERVERDN": serverdn, }) descr = b64encode(get_schema_descriptor(domain_sid)) self.schema_dn_add = read_and_sub_file( setup_path("provision_schema_basedn.ldif"), { "SCHEMADN": schemadn, "DESCRIPTOR": descr }) self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read() if prefixmap is not None: for map in prefixmap: self.prefixmap_data += "%s\n" % map self.prefixmap_data = b64encode(self.prefixmap_data) # We don't actually add this ldif, just parse it prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % self.prefixmap_data self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data) def write_to_tmp_ldb(self, schemadb_path): self.ldb.connect(schemadb_path) self.ldb.transaction_start() self.ldb.add_ldif("""dn: @ATTRIBUTES linkID: INTEGER dn: @INDEXLIST @IDXATTR: linkID @IDXATTR: attributeSyntax """) # These bits of LDIF are supplied when the Schema object is created self.ldb.add_ldif(self.schema_dn_add) self.ldb.modify_ldif(self.schema_dn_modify) self.ldb.add_ldif(self.schema_data) self.ldb.transaction_commit() # Return a hash with the forward attribute as a key and the back as the value def linked_attributes(self): return get_linked_attributes(self.schemadn, self.ldb) def dnsyntax_attributes(self): return get_dnsyntax_attributes(self.schemadn, self.ldb)
opts = parser.parse_args()[0] lp = sambaopts.get_loadparm() smbconf = lp.configfile if not opts.database: print "Parameter database is mandatory" sys.exit(1) creds = credopts.get_credentials(lp) creds.set_kerberos_state(DONT_USE_KERBEROS) session = system_session() empty = ldb.Message() newname="%s.new"%(opts.database) if os.path.exists(newname): os.remove(newname) old_ldb = Ldb(opts.database, session_info=session, credentials=creds,lp=lp) new_ldb = Ldb(newname,session_info=session, credentials=creds,lp=lp) new_ldb.transaction_start() res = old_ldb.search(expression="(dn=*)",base="", scope=SCOPE_SUBTREE) for i in range(0,len(res)): if str(res[i].dn) == "@BASEINFO": continue if str(res[i].dn).startswith("@INDEX:"): continue delta = new_ldb.msg_diff(empty,res[i]) delta.dn = res[i].dn delta.remove("distinguishedName") new_ldb.add(delta) new_ldb.transaction_commit()
opts = parser.parse_args()[0] lp = sambaopts.get_loadparm() smbconf = lp.configfile if not opts.database: print "Parameter database is mandatory" sys.exit(1) creds = credopts.get_credentials(lp) creds.set_kerberos_state(DONT_USE_KERBEROS) session = system_session() empty = ldb.Message() newname = "%s.new" % (opts.database) if os.path.exists(newname): os.remove(newname) old_ldb = Ldb(opts.database, session_info=session, credentials=creds, lp=lp) new_ldb = Ldb(newname, session_info=session, credentials=creds, lp=lp) new_ldb.transaction_start() res = old_ldb.search(expression="(dn=*)", base="", scope=SCOPE_SUBTREE) for i in range(0, len(res)): if str(res[i].dn) == "@BASEINFO": continue if str(res[i].dn).startswith("@INDEX:"): continue delta = new_ldb.msg_diff(empty, res[i]) delta.dn = res[i].dn delta.remove("distinguishedName") new_ldb.add(delta) new_ldb.transaction_commit()