def test_str(self):
x = ldb.Dn(self.ldb, "dc=foo12,bar=bloe")
self.assertEquals(x.__str__(), "dc=foo12,bar=bloe")
def newuser(self, username, password,
force_password_change_at_next_login_req=False,
useusernameascn=False, userou=None, surname=None, givenname=None,
initials=None, profilepath=None, scriptpath=None, homedrive=None,
homedirectory=None, jobtitle=None, department=None, company=None,
description=None, mailaddress=None, internetaddress=None,
telephonenumber=None, physicaldeliveryoffice=None, sd=None,
setpassword=True, uidnumber=None, gidnumber=None, gecos=None,
loginshell=None, uid=None, nisdomain=None, unixhome=None):
"""Adds a new user with additional parameters
:param username: Name of the new user
:param password: Password for the new user
:param force_password_change_at_next_login_req: Force password change
:param useusernameascn: Use username as cn rather that firstname +
initials + lastname
:param userou: Object container (without domainDN postfix) for new user
:param surname: Surname of the new user
:param givenname: First name of the new user
:param initials: Initials of the new user
:param profilepath: Profile path of the new user
:param scriptpath: Logon script path of the new user
:param homedrive: Home drive of the new user
:param homedirectory: Home directory of the new user
:param jobtitle: Job title of the new user
:param department: Department of the new user
:param company: Company of the new user
:param description: of the new user
:param mailaddress: Email address of the new user
:param internetaddress: Home page of the new user
:param telephonenumber: Phone number of the new user
:param physicaldeliveryoffice: Office location of the new user
:param sd: security descriptor of the object
:param setpassword: optionally disable password reset
:param uidnumber: RFC2307 Unix numeric UID of the new user
:param gidnumber: RFC2307 Unix primary GID of the new user
:param gecos: RFC2307 Unix GECOS field of the new user
:param loginshell: RFC2307 Unix login shell of the new user
:param uid: RFC2307 Unix username of the new user
:param nisdomain: RFC2307 Unix NIS domain of the new user
:param unixhome: RFC2307 Unix home directory of the new user
"""
displayname = ""
if givenname is not None:
displayname += givenname
if initials is not None:
displayname += ' %s.' % initials
if surname is not None:
displayname += ' %s' % surname
cn = username
if useusernameascn is None and displayname is not "":
cn = displayname
user_dn = "CN=%s,%s,%s" % (cn, (userou or "CN=Users"), self.domain_dn())
dnsdomain = ldb.Dn(self, self.domain_dn()).canonical_str().replace("/", "")
user_principal_name = "%s@%s" % (username, dnsdomain)
# The new user record. Note the reliance on the SAMLDB module which
# fills in the default informations
ldbmessage = {"dn": user_dn,
"sAMAccountName": username,
"userPrincipalName": user_principal_name,
"objectClass": "user"}
if surname is not None:
ldbmessage["sn"] = surname
if givenname is not None:
ldbmessage["givenName"] = givenname
if displayname is not "":
ldbmessage["displayName"] = displayname
ldbmessage["name"] = displayname
if initials is not None:
ldbmessage["initials"] = '%s.' % initials
if profilepath is not None:
ldbmessage["profilePath"] = profilepath
if scriptpath is not None:
ldbmessage["scriptPath"] = scriptpath
if homedrive is not None:
ldbmessage["homeDrive"] = homedrive
if homedirectory is not None:
ldbmessage["homeDirectory"] = homedirectory
if jobtitle is not None:
ldbmessage["title"] = jobtitle
if department is not None:
ldbmessage["department"] = department
if company is not None:
ldbmessage["company"] = company
if description is not None:
ldbmessage["description"] = description
if mailaddress is not None:
ldbmessage["mail"] = mailaddress
if internetaddress is not None:
ldbmessage["wWWHomePage"] = internetaddress
if telephonenumber is not None:
ldbmessage["telephoneNumber"] = telephonenumber
if physicaldeliveryoffice is not None:
ldbmessage["physicalDeliveryOfficeName"] = physicaldeliveryoffice
if sd is not None:
ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
ldbmessage2 = None
if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos,
loginshell, nisdomain, unixhome))):
ldbmessage2 = ldb.Message()
ldbmessage2.dn = ldb.Dn(self, user_dn)
if uid is not None:
ldbmessage2["uid"] = ldb.MessageElement(str(uid), ldb.FLAG_MOD_REPLACE, 'uid')
if uidnumber is not None:
ldbmessage2["uidNumber"] = ldb.MessageElement(str(uidnumber), ldb.FLAG_MOD_REPLACE, 'uidNumber')
if gidnumber is not None:
ldbmessage2["gidNumber"] = ldb.MessageElement(str(gidnumber), ldb.FLAG_MOD_REPLACE, 'gidNumber')
if gecos is not None:
ldbmessage2["gecos"] = ldb.MessageElement(str(gecos), ldb.FLAG_MOD_REPLACE, 'gecos')
if loginshell is not None:
ldbmessage2["loginShell"] = ldb.MessageElement(str(loginshell), ldb.FLAG_MOD_REPLACE, 'loginShell')
if unixhome is not None:
ldbmessage2["unixHomeDirectory"] = ldb.MessageElement(
str(unixhome), ldb.FLAG_MOD_REPLACE, 'unixHomeDirectory')
if nisdomain is not None:
ldbmessage2["msSFU30NisDomain"] = ldb.MessageElement(
str(nisdomain), ldb.FLAG_MOD_REPLACE, 'msSFU30NisDomain')
ldbmessage2["msSFU30Name"] = ldb.MessageElement(
str(username), ldb.FLAG_MOD_REPLACE, 'msSFU30Name')
ldbmessage2["unixUserPassword"] = ldb.MessageElement(
'ABCD!efgh12345$67890', ldb.FLAG_MOD_REPLACE,
'unixUserPassword')
self.transaction_start()
try:
self.add(ldbmessage)
if ldbmessage2:
self.modify(ldbmessage2)
# Sets the password for it
if setpassword:
self.setpassword("(samAccountName=%s)" % ldb.binary_encode(username), password,
force_password_change_at_next_login_req)
except:
self.transaction_cancel()
raise
else:
self.transaction_commit()
def set_pwdProperties(self, value):
m = ldb.Message()
m.dn = ldb.Dn(self, self.domain_dn())
m["pwdProperties"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "pwdProperties")
self.modify(m)
def test_search_attrs(self):
l = ldb.Ldb(filename())
self.assertEquals(
len(l.search(ldb.Dn(l, ""), ldb.SCOPE_SUBTREE, "(dc=*)", ["dc"])),
0)
def test_delete(self):
l = ldb.Ldb(filename())
self.assertRaises(ldb.LdbError, lambda: l.delete(ldb.Dn(l, "dc=foo2")))
def test_repr(self):
self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "dc=foo29")
self.msg["dc"] = "foo"
self.assertEquals(
"Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})",
repr(self.msg))
def test_get_dn(self):
self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "@BASEINFO")
self.assertEquals("@BASEINFO", self.msg.get("dn").__str__())
def test_is_valid(self):
x = ldb.Dn(self.ldb, "dc=foo18,dc=bloe")
self.assertTrue(x.is_valid())
x = ldb.Dn(self.ldb, "")
self.assertTrue(x.is_valid())
def test_is_special(self):
x = ldb.Dn(self.ldb, "dc=foo19,bar=bloe")
self.assertFalse(x.is_special())
x = ldb.Dn(self.ldb, "@FOOBAR")
self.assertTrue(x.is_special())
def test_parent(self):
x = ldb.Dn(self.ldb, "dc=foo16,bar=bloe")
self.assertEquals("bar=bloe", x.parent().__str__())
def test_parent_nonexistant(self):
x = ldb.Dn(self.ldb, "@BLA")
self.assertEquals(None, x.parent())
def test_validate(self):
x = ldb.Dn(self.ldb, "dc=foo15,bar=bloe")
self.assertTrue(x.validate())
def test_get_casefold(self):
x = ldb.Dn(self.ldb, "dc=foo14,bar=bloe")
self.assertEquals(x.get_casefold(), "DC=FOO14,BAR=bloe")
def test_repr(self):
x = ldb.Dn(self.ldb, "dc=foo13,bla=blie")
self.assertEquals(x.__repr__(), "Dn('dc=foo13,bla=blie')")
def test_init_dn(self):
self.msg = ldb.Message(ldb.Dn(ldb.Ldb(), "dc=foo27"))
self.assertEquals("dc=foo27", str(self.msg.dn))
def test_check_special(self):
x = ldb.Dn(self.ldb, "dc=foo20,bar=bloe")
self.assertFalse(x.check_special("FOOBAR"))
x = ldb.Dn(self.ldb, "@FOOBAR")
self.assertTrue(x.check_special("@FOOBAR"))
def test_iter_items(self):
self.assertEquals(0, len(self.msg.items()))
self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "dc=foo28")
self.assertEquals(1, len(self.msg.items()))
def test_len(self):
x = ldb.Dn(self.ldb, "dc=foo21,bar=bloe")
self.assertEquals(2, len(x))
x = ldb.Dn(self.ldb, "dc=foo21")
self.assertEquals(1, len(x))
def test_keys(self):
self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "@BASEINFO")
self.msg["foo"] = ["bla"]
self.msg["bar"] = ["bla"]
self.assertEquals(["dn", "foo", "bar"], self.msg.keys())
def test_add_child(self):
x = ldb.Dn(self.ldb, "dc=foo22,bar=bloe")
self.assertTrue(x.add_child(ldb.Dn(self.ldb, "bla=bloe")))
self.assertEquals("bla=bloe,dc=foo22,bar=bloe", x.__str__())
def test_get_invalid(self):
self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "@BASEINFO")
self.assertRaises(TypeError, self.msg.get, 42)
def test_add_base(self):
x = ldb.Dn(self.ldb, "dc=foo23,bar=bloe")
base = ldb.Dn(self.ldb, "bla=bloe")
self.assertTrue(x.add_base(base))
self.assertEquals("dc=foo23,bar=bloe,bla=bloe", x.__str__())
def test_search_scope_base(self):
l = ldb.Ldb(filename())
self.assertEquals(
len(l.search(ldb.Dn(l, "dc=foo1"), ldb.SCOPE_ONELEVEL)), 0)
def test_add(self):
x = ldb.Dn(self.ldb, "dc=foo24")
y = ldb.Dn(self.ldb, "bar=bla")
self.assertEquals("dc=foo24,bar=bla", str(y + x))
def add_dns_records(
samdb, name, dns_conn, change_owner_sd,
server, ip_address_list, logger):
"""Add DNS A or AAAA records while creating computer. """
name = name.rstrip('$')
client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN
select_flags = dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA | dnsserver.DNS_RPC_VIEW_NO_CHILDREN
zone = samdb.domain_dns_name()
name_found = True
sd_helper = sd_utils.SDUtils(samdb)
try:
buflen, res = dns_conn.DnssrvEnumRecords2(
client_version,
0,
server,
zone,
name,
None,
dnsp.DNS_TYPE_ALL,
select_flags,
None,
None,
)
except WERRORError as e:
if e.args[0] == werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST:
name_found = False
pass
if name_found:
for rec in res.rec:
for record in rec.records:
if record.wType == dnsp.DNS_TYPE_A or record.wType == dnsp.DNS_TYPE_AAAA:
# delete record
del_rec_buf = dnsserver.DNS_RPC_RECORD_BUF()
del_rec_buf.rec = record
try:
dns_conn.DnssrvUpdateRecord2(
client_version,
0,
server,
zone,
name,
None,
del_rec_buf,
)
except WERRORError as e:
if e.args[0] != werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST:
raise
for ip_address in ip_address_list:
if _is_valid_ipv6(ip_address):
logger.info("Adding DNS AAAA record %s.%s for IPv6 IP: %s" % (
name, zone, ip_address))
rec = AAAARecord(ip_address)
elif _is_valid_ipv4(ip_address):
logger.info("Adding DNS A record %s.%s for IPv4 IP: %s" % (
name, zone, ip_address))
rec = ARecord(ip_address)
else:
raise ValueError('Invalid IP: {}'.format(ip_address))
# Add record
add_rec_buf = dnsserver.DNS_RPC_RECORD_BUF()
add_rec_buf.rec = rec
dns_conn.DnssrvUpdateRecord2(
client_version,
0,
server,
zone,
name,
add_rec_buf,
None,
)
if (len(ip_address_list) > 0):
domaindns_zone_dn = ldb.Dn(
samdb,
'DC=DomainDnsZones,%s' % samdb.get_default_basedn(),
)
dns_a_dn, ldap_record = samdb.dns_lookup(
"%s.%s" % (name, zone),
dns_partition=domaindns_zone_dn,
)
# Make the DC own the DNS record, not the administrator
sd_helper.modify_sd_on_dn(
dns_a_dn,
change_owner_sd,
controls=["sd_flags:1:%d" % (security.SECINFO_OWNER | security.SECINFO_GROUP)],
)
def test_canonical_string(self):
x = ldb.Dn(self.ldb, "dc=foo25,bar=bloe")
self.assertEquals("/bloe/foo25", x.canonical_str())
def set_minPwdLength(self, value):
m = ldb.Message()
m.dn = ldb.Dn(self, self.domain_dn())
m["minPwdLength"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "minPwdLength")
self.modify(m)
def test_canonical_ex_string(self):
x = ldb.Dn(self.ldb, "dc=foo26,bar=bloe")
self.assertEquals("/bloe\nfoo26", x.canonical_ex_str())
def test_edit_rid_master(self):
"""Test doing a RID allocation after changing the RID master from the original one.
This should set rIDNextRID to 0 on the new RID master."""
# 1. a. Transfer role to non-RID master
# b. Check that it succeeds correctly
#
# 2. a. Call the RID alloc against the former master.
# b. Check that it succeeds.
fsmo_dn = ldb.Dn(
self.ldb_dc1,
"CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
(fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
# 1. Swap RID master role
m = ldb.Message()
m.dn = ldb.Dn(self.ldb_dc1, "")
m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE,
"becomeRidMaster")
# Make sure that ldb_dc1 == RID Master
server_dn = str(
ldb.Dn(self.ldb_dc1, self.ldb_dc1.get_dsServiceName()).parent())
# self.ldb_dc1 == LOCALDC
if server_dn == fsmo_owner['server_dn']:
# ldb_dc1 == VAMPIREDC
ldb_dc1, ldb_dc2 = self.ldb_dc2, self.ldb_dc1
else:
# Otherwise switch the two
ldb_dc1, ldb_dc2 = self.ldb_dc1, self.ldb_dc2
try:
# ldb_dc1 is now RID MASTER (as VAMPIREDC)
ldb_dc1.modify(m)
except ldb.LdbError as e1:
(num, msg) = e1.args
self.fail("Failed to reassign RID Master " + msg)
try:
# 2. Perform a RID alloc
req8 = self._exop_req8(
dest_dsa=fsmo_owner["ntds_guid"],
invocation_id=fsmo_not_owner["invocation_id"],
nc_dn_str=fsmo_dn,
exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
(drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"])
# 3. Make sure the allocation succeeds
try:
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
except RuntimeError as e:
self.fail("RID allocation failed: " + str(e))
fsmo_dn = ldb.Dn(
self.ldb_dc1,
"CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
self.assertEqual(level, 6, "Expected level 6 response!")
self.assertEqual(ctr.source_dsa_guid,
misc.GUID(fsmo_not_owner["ntds_guid"]))
self.assertEqual(ctr.source_dsa_invocation_id,
misc.GUID(fsmo_not_owner["invocation_id"]))
ctr6 = ctr
self.assertEqual(ctr6.extended_ret,
drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
self.assertEqual(ctr6.object_count, 3)
self.assertNotEqual(ctr6.first_object, None)
self.assertEqual(
ldb.Dn(ldb_dc2, ctr6.first_object.object.identifier.dn),
fsmo_dn)
self.assertNotEqual(ctr6.first_object.next_object, None)
self.assertNotEqual(ctr6.first_object.next_object.next_object,
None)
second_object = ctr6.first_object.next_object.object
self.assertEqual(ldb.Dn(self.ldb_dc1, second_object.identifier.dn),
fsmo_owner["rid_set_dn"])
third_object = ctr6.first_object.next_object.next_object.object
self.assertEqual(ldb.Dn(self.ldb_dc1, third_object.identifier.dn),
fsmo_owner["server_acct_dn"])
finally:
# Swap the RID master back for other tests
m = ldb.Message()
m.dn = ldb.Dn(ldb_dc2, "")
m["becomeRidMaster"] = ldb.MessageElement("1",
ldb.FLAG_MOD_REPLACE,
"becomeRidMaster")
try:
ldb_dc2.modify(m)
except ldb.LdbError as e:
(num, msg) = e.args
self.fail("Failed to restore RID Master " + msg)
def test_eq(self):
x = ldb.Dn(self.ldb, "dc=foo11,bar=bloe")
y = ldb.Dn(self.ldb, "dc=foo11,bar=bloe")
self.assertEquals(x, y)
y = ldb.Dn(self.ldb, "dc=foo11,bar=blie")
self.assertNotEquals(x, y)
