def changeUserPasswd(self, uid, passwd, oldpasswd = None, bind = False):
"""
change SAMBA user password
@param uid: user name
@type uid: str
@param passwd: non encrypted password
@type passwd: str
"""
# Don't update the password if we are using smbk5passwd
conf = SambaConf()
if conf.isValueTrue(conf.getContent("global", "ldap passwd sync")) in (0, 1):
userdn = self.searchUserDN(uid)
r = AF().log(PLUGIN_NAME, AA.SAMBA_CHANGE_USER_PASS, [(userdn,AT.USER)])
# If the passwd has been encoded in the XML-RPC stream, decode it
if isinstance(passwd, xmlrpclib.Binary):
passwd = str(passwd)
s = self.l.search_s(userdn, ldap.SCOPE_BASE)
c, old = s[0]
new = old.copy()
new['sambaLMPassword'] = [smbpasswd.lmhash(passwd)]
new['sambaNTPassword'] = [smbpasswd.nthash(passwd)]
new['sambaPwdLastSet'] = [str(int(time()))]
# Update LDAP
modlist = ldap.modlist.modifyModlist(old, new)
self.l.modify_s(userdn, modlist)
self.runHook("samba.changeuserpasswd", uid, passwd)
r.commit()
return 0
def activate():
"""
this function define if the module "base" can be activated.
@return: return True if this module can be activate
@rtype: boolean
"""
config = SambaConfig("samba")
if config.disabled:
logger.info("samba plugin disabled by configuration.")
return False
if config.defaultSharesPath:
if config.defaultSharesPath.endswith("/"):
logger.error("Trailing / is not allowed in defaultSharesPath")
return False
if not os.path.exists(config.defaultSharesPath):
logger.error("The default shares path '%s' does not exist" %
config.defaultSharesPath)
return False
for cpath in config.authorizedSharePaths:
if cpath.endswith("/"):
logger.error("Trailing / is not allowed in authorizedSharePaths")
return False
if not os.path.exists(cpath):
logger.error("The authorized share path '%s' does not exist" %
cpath)
return False
# Verify if samba conf file exist
conf = config.samba_conf_file
if not os.path.exists(conf):
logger.error(conf + " does not exist")
return False
# validate smb.conf
smbconf = SambaConf()
if not smbconf.validate(conf):
logger.error("SAMBA configuration file is not valid")
return False
# For each share, test if it sharePath exists
for share in getDetailedShares():
shareName = share[0]
infos = shareInfo(shareName)
if infos:
sharePath = infos['sharePath']
if sharePath and not '%' in sharePath and not os.path.exists(
sharePath):
# only show error
logger.error("The samba share path '%s' does not exist." %
sharePath)
else:
return False
try:
ldapObj = ldapUserGroupControl()
except ldap.INVALID_CREDENTIALS:
logger.error("Can't bind to LDAP: invalid credentials.")
return False
# Test if the Samba LDAP schema is available in the directory
try:
schema = ldapObj.getSchema("sambaSamAccount")
if len(schema) <= 0:
logger.error("Samba schema is not included in LDAP directory")
return False
except:
logger.exception("invalid schema")
return False
# Verify if init script exist
init = config.samba_init_script
if not os.path.exists(init):
logger.error(init + " does not exist")
return False
# If SAMBA is defined as a PDC, make extra checks
if smbconf.isPdc():
samba = SambaLDAP()
# Create SAMBA computers account OU if it doesn't exist
head, path = samba.baseComputersDN.split(",", 1)
ouName = head.split("=")[1]
samba.addOu(ouName, path)
# Check that a sambaDomainName entry is in LDAP directory
domainInfos = samba.getDomain()
# Set domain policy
samba.setDomainPolicy()
if not domainInfos:
logger.error(
"Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration."
% smbconf.getContent("global", "workgroup"))
return False
smbconfbasesuffix = smbconf.getContent("global", "ldap suffix")
if not smbconfbasesuffix:
logger.error("SAMBA 'ldap suffix' option is not setted.")
return False
if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix):
logger.error(
"SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option."
)
return False
# Check that SAMBA and MMC given OU are in sync
for option in [
("ldap user suffix", "baseUsersDN", samba.baseUsersDN),
("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN),
("ldap machine suffix", "baseComputersDN", samba.baseComputersDN)
]:
smbconfsuffix = smbconf.getContent("global", option[0])
if not smbconfsuffix:
logger.error("SAMBA '" + option[0] + "' option is not setted")
return False
# Do a case insensitive comparison of the corresponding MMC / SAMBA options
if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn(
option[2])[0].lower():
logger.error("SAMBA option '" + option[0] +
"' is not equal to MMC '" + option[1] +
"' option.")
return False
# Check that "ldap delete dn" SAMBA option is set to "No"
smbconfdeletedn = smbconf.isValueTrue(
smbconf.getContent("global", "ldap delete dn"))
if smbconfdeletedn == 1:
logger.error("SAMBA option 'ldap delete dn' must be disabled.")
return False
# Check that Domain Computers group exists
# We need it to put a machine account in the right group when joigning it to the domain
if not samba.getDomainComputersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Admins group exists
if not samba.getDomainAdminsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Guests group exists
if not samba.getDomainGuestsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Users group exists
if not samba.getDomainUsersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that add machine script option is set, and that the given script exist
addMachineScript = smbconf.getContent("global", "add machine script")
if not addMachineScript:
logger.error("SAMBA 'add machine script' option is not set.")
return False
else:
script = addMachineScript.split(" ")[0]
if not os.path.exists(script):
logger.error(
"SAMBA 'add machine script' option is set to a non existing file: "
+ script)
return False
# Issue a warning if NSCD is running
if os.path.exists("/var/run/nscd.pid") or os.path.exists(
"/var/run/.nscd_socket") or os.path.exists("/var/run/nscd"):
logger.warning(
"Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server."
)
# Check that os level is set to 255
oslevel = smbconf.getContent("global", "os level")
if int(oslevel) < 255:
logger.debug("Set SAMBA os level to 255.")
smbconf.setContent("global", "os level", "255")
smbconf.save()
reloadSamba()
try:
from mmc.plugins.dashboard.manager import DashboardManager
from mmc.plugins.samba.panel import SambaPanel
DM = DashboardManager()
DM.register_panel(SambaPanel("samba"))
except ImportError:
pass
return True
def activate():
"""
this function define if the module "base" can be activated.
@return: return True if this module can be activate
@rtype: boolean
"""
config = SambaConfig("samba")
if config.disabled:
logger.info("samba plugin disabled by configuration.")
return False
if config.defaultSharesPath:
if config.defaultSharesPath.endswith("/"):
logger.error("Trailing / is not allowed in defaultSharesPath")
return False
if not os.path.exists(config.defaultSharesPath):
logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath)
return False
for cpath in config.authorizedSharePaths:
if cpath.endswith("/"):
logger.error("Trailing / is not allowed in authorizedSharePaths")
return False
if not os.path.exists(cpath):
logger.error("The authorized share path '%s' does not exist" % cpath)
return False
# Verify if samba conf file exist
conf = config.samba_conf_file
if not os.path.exists(conf):
logger.error(conf + " does not exist")
return False
# validate smb.conf
smbconf = SambaConf()
if not smbconf.validate(conf):
logger.error("SAMBA configuration file is not valid")
return False
# For each share, test if it sharePath exists
for share in getDetailedShares():
shareName = share[0]
infos = shareInfo(shareName)
if infos:
sharePath = infos["sharePath"]
if sharePath and not "%" in sharePath and not os.path.exists(sharePath):
# only show error
logger.error("The samba share path '%s' does not exist." % sharePath)
else:
return False
try:
ldapObj = ldapUserGroupControl()
except ldap.INVALID_CREDENTIALS:
logger.error("Can't bind to LDAP: invalid credentials.")
return False
# Test if the Samba LDAP schema is available in the directory
try:
schema = ldapObj.getSchema("sambaSamAccount")
if len(schema) <= 0:
logger.error("Samba schema is not included in LDAP directory")
return False
except:
logger.exception("invalid schema")
return False
# Verify if init script exist
init = config.samba_init_script
if not os.path.exists(init):
logger.error(init + " does not exist")
return False
# If SAMBA is defined as a PDC, make extra checks
if smbconf.isPdc():
samba = SambaLDAP()
# Create SAMBA computers account OU if it doesn't exist
head, path = samba.baseComputersDN.split(",", 1)
ouName = head.split("=")[1]
samba.addOu(ouName, path)
# Check that a sambaDomainName entry is in LDAP directory
domainInfos = samba.getDomain()
# Set domain policy
samba.setDomainPolicy()
if not domainInfos:
logger.error(
"Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration."
% smbconf.getContent("global", "workgroup")
)
return False
smbconfbasesuffix = smbconf.getContent("global", "ldap suffix")
if not smbconfbasesuffix:
logger.error("SAMBA 'ldap suffix' option is not setted.")
return False
if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix):
logger.error("SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option.")
return False
# Check that SAMBA and MMC given OU are in sync
for option in [
("ldap user suffix", "baseUsersDN", samba.baseUsersDN),
("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN),
("ldap machine suffix", "baseComputersDN", samba.baseComputersDN),
]:
smbconfsuffix = smbconf.getContent("global", option[0])
if not smbconfsuffix:
logger.error("SAMBA '" + option[0] + "' option is not setted")
return False
# Do a case insensitive comparison of the corresponding MMC / SAMBA options
if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn(option[2])[0].lower():
logger.error("SAMBA option '" + option[0] + "' is not equal to MMC '" + option[1] + "' option.")
return False
# Check that "ldap delete dn" SAMBA option is set to "No"
smbconfdeletedn = smbconf.isValueTrue(smbconf.getContent("global", "ldap delete dn"))
if smbconfdeletedn == 1:
logger.error("SAMBA option 'ldap delete dn' must be disabled.")
return False
# Check that Domain Computers group exists
# We need it to put a machine account in the right group when joigning it to the domain
if not samba.getDomainComputersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Admins group exists
if not samba.getDomainAdminsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Guests group exists
if not samba.getDomainGuestsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Users group exists
if not samba.getDomainUsersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that add machine script option is set, and that the given script exist
addMachineScript = smbconf.getContent("global", "add machine script")
if not addMachineScript:
logger.error("SAMBA 'add machine script' option is not set.")
return False
else:
script = addMachineScript.split(" ")[0]
if not os.path.exists(script):
logger.error("SAMBA 'add machine script' option is set to a non existing file: " + script)
return False
# Issue a warning if NSCD is running
if (
os.path.exists("/var/run/nscd.pid")
or os.path.exists("/var/run/.nscd_socket")
or os.path.exists("/var/run/nscd")
):
logger.warning("Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server.")
# Check that os level is set to 255
oslevel = smbconf.getContent("global", "os level")
if int(oslevel) < 255:
logger.debug("Set SAMBA os level to 255.")
smbconf.setContent("global", "os level", "255")
smbconf.save()
reloadSamba()
try:
from mmc.plugins.dashboard.manager import DashboardManager
from mmc.plugins.samba.panel import SambaPanel
DM = DashboardManager()
DM.register_panel(SambaPanel("samba"))
except ImportError:
pass
return True
