def get_session_info(self, domsid=DOM_SID): """ Get session_info for setntacl. """ if str(domsid) != str(self.samdb.get_domain_sid()): # fake it with admin session as domsid is not in local db admin_session = auth.admin_session(self.lp, str(domsid)) auth.session_info_fill_unix(admin_session, lp_ctx=self.lp, user_name="Administrator") return admin_session dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR) flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS | auth.AUTH_SESSION_INFO_AUTHENTICATED | auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) session = auth.user_session(self.samdb, lp_ctx=self.lp, dn=dn, session_info_flags=flags) auth.session_info_fill_unix(session, lp_ctx=self.lp, user_name="Administrator") return session
def test_offline_manual_seized_ridalloc_add_user_as_admin(self): """Peform the same actions as test_offline_samba_tool_seized_ridalloc, but do not create the RID set. Confirm that user-add correctly creates the RID Set.""" fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn()) (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn) targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST4") try: # Connect to the database ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb") lp = self.get_loadparm() new_ldb = SamDB(ldb_url, credentials=self.get_credentials(), session_info=admin_session(lp, self.ldb_dc1.get_domain_sid()), lp=lp) serviceName = new_ldb.get_dsServiceName() m = ldb.Message() m.dn = fsmo_dn m["fSMORoleOwner"] = ldb.MessageElement(serviceName, ldb.FLAG_MOD_REPLACE, "fSMORoleOwner") new_ldb.modify(m) # 1. Get server name res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()), scope=ldb.SCOPE_BASE, attrs=["serverReference"]) # 2. Get server reference server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0]) # Assert that no RID Set has been set res = new_ldb.search(base=server_ref_dn, scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences']) self.assertFalse("rIDSetReferences" in res[0]) smbconf = os.path.join(targetdir, "etc/smb.conf") # Create a user to allocate a RID Set for itself (the RID master) new_ldb.newuser("ridalloctestuser", "P@ssword!") # 3. Assert we get the RID Set res = new_ldb.search(base=server_ref_dn, scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences']) self.assertTrue("rIDSetReferences" in res[0]) finally: self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST4") shutil.rmtree(targetdir, ignore_errors=True)
def test_offline_manual_seized_ridalloc_add_user_as_admin(self): """Peform the same actions as test_offline_samba_tool_seized_ridalloc, but do not create the RID set. Confirm that user-add correctly creates the RID Set.""" fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn()) (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn) targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST4") try: # Connect to the database ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb") lp = self.get_loadparm() new_ldb = SamDB(ldb_url, credentials=self.get_credentials(), session_info=admin_session(lp, self.ldb_dc1.get_domain_sid()), lp=lp) serviceName = new_ldb.get_dsServiceName() m = ldb.Message() m.dn = fsmo_dn m["fSMORoleOwner"] = ldb.MessageElement(serviceName, ldb.FLAG_MOD_REPLACE, "fSMORoleOwner") new_ldb.modify(m) # 1. Get server name res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()), scope=ldb.SCOPE_BASE, attrs=["serverReference"]) # 2. Get server reference server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8')) # Assert that no RID Set has been set res = new_ldb.search(base=server_ref_dn, scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences']) self.assertFalse("rIDSetReferences" in res[0]) smbconf = os.path.join(targetdir, "etc/smb.conf") # Create a user to allocate a RID Set for itself (the RID master) new_ldb.newuser("ridalloctestuser", "P@ssword!") # 3. Assert we get the RID Set res = new_ldb.search(base=server_ref_dn, scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences']) self.assertTrue("rIDSetReferences" in res[0]) finally: self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST4") shutil.rmtree(targetdir, ignore_errors=True)
def setUp(self): super(AuthAdminSessionTests, self).setUp() self.lp = samba.tests.env_loadparm() self.admin_session = auth.admin_session(self.lp, "S-1-5-21-2212615479-2695158682-2101375467")