class SambaAD:
"""
Handle sam.ldb: users and computers
"""
def __init__(self):
self.smb_conf = SambaConf()
self.samdb_url = os.path.join(self.smb_conf.private_dir(), 'sam.ldb')
self.samdb = SamDB(url=self.samdb_url, session_info=system_session(),
lp=LoadParm())
# v Users ---------------------------------------------------------------------
def isUserEnabled(self, username):
if type(username) != type(''):
raise TypeError("username is expected to be string")
search_filter = "(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(
username)
userlist = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression=search_filter,
attrs=["userAccountControl"])
if not userlist:
return False
uac_flags = int(userlist[0]["userAccountControl"][0])
return 0 == (uac_flags & dsdb.UF_ACCOUNTDISABLE)
def existsUser(self, username):
return username in self._samba_tool("user list")
def updateUserPassword(self, username, password):
self._samba_tool("user setpassword %s --newpassword='******'" %
(username, password))
return True
def createUser(self, username, password, given_name=None, surname=None):
cmd = "user create %s '%s'" % (username, password)
if given_name and surname:
cmd += " --given-name='%s' --surname='%s'" % (given_name, surname)
self._samba_tool(cmd)
return True
def createGroup(self, name, description):
cmd = 'group add ' + name
if description:
cmd += ' --description=' + description
self._samba_tool(cmd)
return True
def enableUser(self, username):
self._samba_tool("user enable %s" % username)
return True
def disableUser(self, username):
self._samba_tool("user disable %s" % username)
return True
def deleteUser(self, username):
self._samba_tool("user delete %s" % username)
return True
def _samba_tool(self, cmd):
samba_tool = os.path.join(self.smb_conf.prefix, "bin/samba-tool")
cmd = samba_tool + " " + cmd
exit_code, std_out, std_err = shlaunch(cmd)
if exit_code != 0:
error_msg = "Error processing `%s`:\n" % cmd
if std_err:
error_msg += "\n".join(std_err)
if std_out:
error_msg += "\n".join(std_out)
logger.error(error_msg)
raise SambaToolException(error_msg)
return std_out
# v Machines ------------------------------------------------------------------
def _listComputersInContainer(self, container_dn, name_suffix=''):
computers = self.samdb.search(base=container_dn,
scope=ldb.SCOPE_ONELEVEL,
expression="(objectClass=computer)",
attrs=["name", "description", "operatingSystem"])
res = []
if computers:
for computer in computers:
try:
description = computer["description"]
except KeyError:
description = computer["operatingSystem"]
res.append({
"name": str(computer["name"]) + name_suffix,
"description": str(description),
"enabled": 1 # TODO: get what the state actually is
})
return res
def listDomainMembers(self):
"""
Returns list of Computer objects description
@return: list of dicts with Computer name and description
@rtype: list
"""
dcs = self._listComputersInContainer(
"OU=Domain Controllers,%s" % self.samdb.domain_dn(), ' (dc)')
computers = self._listComputersInContainer(
"CN=Computers,%s" % self.samdb.domain_dn())
return dcs + computers
def deleteMachine(self, name): # TODO
return True
def getMachine(self, name):
container_dn = "CN=Computers,%s" % self.samdb.domain_dn()
computers = self.samdb.search(base=container_dn,
scope=ldb.SCOPE_ONELEVEL,
expression="(&(objectClass=computer)(name=%s))" % name,
attrs=["description", "operatingSystem"])
if not computers or len(computers) < 1:
return {'name': name, 'description': 'Unknown', 'enabled': False}
c = computers[0]
description = str(c.get('description', c.get('operatingSystem')))
return {'name': name, 'description': description, 'enabled': True}
def editMachine(self, name, description, enabled): # TODO
return True
class SambaAD:
"""
Handle sam.ldb: users and computers
"""
def __init__(self):
self.smb_conf = SambaConf()
self.samdb_url = os.path.join(self.smb_conf.private_dir(), 'sam.ldb')
self.samdb = SamDB(url=self.samdb_url,
session_info=system_session(),
lp=LoadParm())
# v Users ---------------------------------------------------------------------
def isUserEnabled(self, username):
search_filter = "(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(
to_str(username))
userlist = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression=search_filter,
attrs=["userAccountControl"])
if not userlist:
return False
uac_flags = int(userlist[0]["userAccountControl"][0])
return 0 == (uac_flags & dsdb.UF_ACCOUNTDISABLE)
def existsUser(self, username):
return to_str(username) in self._samba_tool("user list")
def updateUserPassword(self, username, password):
self._samba_tool("user setpassword %s --newpassword='******'" %
(username, password))
return True
def createUser(self, username, password, given_name=None, surname=None):
cmd = "user create %s '%s'" % (username, password)
if given_name and surname:
cmd += " --given-name='%s' --surname='%s'" % (to_str(given_name),
to_str(surname))
self._samba_tool(cmd)
return True
def createGroup(self, name, description):
cmd = 'group add ' + name
if description:
cmd += ' --description=' + description
self._samba_tool(cmd)
return True
def enableUser(self, username):
self._samba_tool("user enable %s" % username)
return True
def disableUser(self, username):
self._samba_tool("user disable %s" % username)
return True
def deleteUser(self, username):
self._samba_tool("user delete %s" % username)
return True
def _samba_tool(self, cmd):
samba_tool = os.path.join(self.smb_conf.prefix, "bin/samba-tool")
cmd = samba_tool + " " + cmd
exit_code, std_out, std_err = shlaunch(cmd)
if exit_code != 0:
error_msg = "Error processing `%s`:\n" % cmd
if std_err:
error_msg += "\n".join(std_err)
if std_out:
error_msg += "\n".join(std_out)
logger.error(error_msg)
raise SambaToolException(error_msg)
return std_out
# v Machines ------------------------------------------------------------------
def _listComputersInContainer(self, container_dn, name_suffix=''):
computers = self.samdb.search(
base=container_dn,
scope=ldb.SCOPE_ONELEVEL,
expression="(objectClass=computer)",
attrs=["name", "description", "operatingSystem"])
res = []
if computers:
for computer in computers:
description = computer.get("description",
computer.get("operatingSystem", ""))
res.append({
"name": str(computer["name"]) + name_suffix,
"description": str(description),
"enabled": 1 # TODO: get what the state actually is
})
return res
def listDomainMembers(self):
"""
Returns list of Computer objects description
@return: list of dicts with Computer name and description
@rtype: list
"""
dcs = self._listComputersInContainer(
"OU=Domain Controllers,%s" % self.samdb.domain_dn(), ' (dc)')
computers = self._listComputersInContainer("CN=Computers,%s" %
self.samdb.domain_dn())
return dcs + computers
def deleteMachine(self, name): # TODO
return True
def getMachine(self, name):
container_dn = "CN=Computers,%s" % self.samdb.domain_dn()
computers = self.samdb.search(
base=container_dn,
scope=ldb.SCOPE_ONELEVEL,
expression="(&(objectClass=computer)(name=%s))" % name,
attrs=["description", "operatingSystem"])
if not computers or len(computers) < 1:
return {'name': name, 'description': 'Unknown', 'enabled': False}
c = computers[0]
description = str(c.get('description', c.get('operatingSystem')))
return {'name': name, 'description': description, 'enabled': True}
def editMachine(self, name, description, enabled): # TODO
return True
