diff options
-rwxr-xr-x | source4/scripting/bin/samba3dump | 123 | ||||
-rw-r--r-- | source4/scripting/python/samba/samba3.py | 42 | ||||
-rw-r--r-- | source4/scripting/python/samba/upgrade.py | 4 |
3 files changed, 101 insertions, 68 deletions
diff --git a/source4/scripting/bin/samba3dump b/source4/scripting/bin/samba3dump index 44ffc6a861..0aa54d91cc 100755 --- a/source4/scripting/bin/samba3dump +++ b/source4/scripting/bin/samba3dump @@ -11,7 +11,7 @@ sys.path.append(os.path.join(os.path.dirname(__file__), "../python")) import samba import samba.samba3 -parser = optparse.OptionParser("provision <libdir> <smb.conf>") +parser = optparse.OptionParser("provision <libdir> [<smb.conf>]") parser.add_option("--format", type="choice", metavar="FORMAT", choices=["full", "summary"]) @@ -28,14 +28,22 @@ def print_samba3_policy(pol): print_header("Account Policies") print "Min password length: %d" % pol.min_password_length print "Password history length: %d" % pol.password_history - print "User must logon to change password: %d" % pol.user_must_logon_to_change_password - print "Maximum password age: %d" % pol.maximum_password_age - print "Minimum password age: %d" % pol.minimum_password_age - print "Lockout duration: %d" % pol.lockout_duration - print "Reset Count Minutes: %d" % pol.reset_count_minutes - print "Bad Lockout Minutes: %d" % pol.bad_lockout_minutes - print "Disconnect Time: %d" % pol.disconnect_time - print "Refuse Machine Password Change: %d" % pol.refuse_machine_password_change + if pol.user_must_logon_to_change_password: + print "User must logon to change password: %d" % pol.user_must_logon_to_change_password + if pol.maximum_password_age: + print "Maximum password age: %d" % pol.maximum_password_age + if pol.minimum_password_age: + print "Minimum password age: %d" % pol.minimum_password_age + if pol.lockout_duration: + print "Lockout duration: %d" % pol.lockout_duration + if pol.reset_count_minutes: + print "Reset Count Minutes: %d" % pol.reset_count_minutes + if pol.bad_lockout_minutes: + print "Bad Lockout Minutes: %d" % pol.bad_lockout_minutes + if pol.disconnect_time: + print "Disconnect Time: %d" % pol.disconnect_time + if pol.refuse_machine_password_change: + print "Refuse Machine Password Change: %d" % pol.refuse_machine_password_change def print_samba3_sam(samba3): print_header("SAM Database") @@ -56,55 +64,55 @@ def print_samba3_shares(samba3): def print_samba3_secrets(secrets): print_header("Secrets") - print "IPC Credentials:" - if secrets.ipc_cred.username_obtained: - print " User: %s\n" % secrets.ipc_cred.get_username - if secrets.ipc_cred.password_obtained: - print " Password: %s\n" % secrets.ipc_cred.get_password - - if secrets.ipc_cred.domain_obtained: - print " Domain: %s\n" % secrets.ipc_cred.get_domain - - print "LDAP passwords:" - for pw in secrets.ldappws: - print "\t%s -> %s" % (pw.dn, pw.password) - print "" + if secrets.get_auth_user(): + print "IPC Credentials:" + if secrets.get_auth_user(): + print " User: %s\n" % secrets.get_auth_user() + if secrets.get_auth_password(): + print " Password: %s\n" % secrets.get_auth_password() + if secrets.get_auth_domain(): + print " Domain: %s\n" % secrets.get_auth_domain() + + if len(list(secrets.ldap_dns())) > 0: + print "LDAP passwords:" + for dn in secrets.ldap_dns(): + print "\t%s -> %s" % (dn, secrets.get_ldap_bind_pw(dn)) + print "" print "Domains:" - for d in secrets.domains: - print "\t--- %s ---" % d.name - print "\tSID: %s" % d.sid - print "\tGUID: %s" % d.guid - print "\tPlaintext pwd: %s" % d.plaintext_pw - print "\tLast Changed: %lu" % d.last_change_time - print "\tSecure Channel Type: %d\n" % d.sec_channel_type + for domain in secrets.domains(): + print "\t--- %s ---" % domain + print "\tSID: %s" % secrets.get_sid(domain) + print "\tGUID: %s" % secrets.get_dom_guid(domain) + print "\tPlaintext pwd: %s" % secrets.get_machine_password(domain) + if secrets.get_machine_last_change_time(domain): + print "\tLast Changed: %lu" % secrets.get_machine_last_change_time(domain) + if secrets.get_machine_sec_channel_type(domain): + print "\tSecure Channel Type: %d\n" % secrets.get_machine_sec_channel_type(domain) print "Trusted domains:" - for td in secrets.trusted_domains: - for n in td.uni_name: - print "\t--- %s ---" % n - print "\tPassword: %s" % td.password - print "\tModified: %lu" % td.mod_time - print "\tSID: %s" % td.domain_sid + for td in secrets.trusted_domains(): + print td def print_samba3_regdb(regdb): print_header("Registry") - for k in regdb.keys: - print "%s\n" % k.name + for k in regdb.keys(): + print "%s" % k for v in regdb.values(k): print "\t%s: type %d, length %d" % (v.name, v.type, v.data.length) -def print_samba3_winsdb(samba3): +def print_samba3_winsdb(winsdb): print_header("WINS Database") - for e in samba3.winsentries: - print "%s, nb_flags: %x, type: %d, ttl: %lu, %d ips, fst: %s" % (e.name, e.nb_flags, e.type, e.ttl, e.ips.length, e.ips[0]) + for name in winsdb: + (ttl, ips, nb_flags) = winsdb[name] + print "%s, nb_flags: %s, ttl: %lu, %d ips, fst: %s" % (name, nb_flags, ttl, len(ips), ips[0]) def print_samba3_groupmappings(groupdb): print_header("Group Mappings") - for g in groupdb.groupmappings: + for sid in groupdb.groupsids(): print "\t--- Group: %s ---" % g.nt_name print "\tComment: %s" % g.comment print "\tGID: %d" % g.gid @@ -130,26 +138,33 @@ def print_samba3_idmapdb(idmapdb): print "%s -> UID %d" % (e.sid, e.unix_id) def print_samba3(samba3): - print_samba3_sam(samba3) print_samba3_policy(samba3.get_policy_db()) - print_samba3_shares(samba3) print_samba3_winsdb(samba3.get_wins_db()) print_samba3_regdb(samba3.get_registry()) print_samba3_secrets(samba3.get_secrets_db()) - print_samba3_groupmappings(samba3.get_groupmapping_db()) - print_samba3_aliases(samba3) + groupdb = samba3.get_groupmapping_db() + print_samba3_groupmappings(groupdb) + print_samba3_aliases(groupdb) print_samba3_idmapdb(samba3.get_idmap_db()) + print_samba3_shares(samba3) + print_samba3_sam(samba3) def print_samba3_summary(samba3): - print "WINS db entries: %d" % len(samba3.winsentries) - print "SAM Accounts: %d" % len(samba3.samaccounts) - print "Registry key count: %d" % len(samba3.registry.keys) - print "Shares (including [global]): %d" % len(samba3.shares) - print "Groupmap count: %d" % len(samba3.groupmappings) - print "Alias count: %d" % len(samba3.aliases) - print "Idmap count: %d" % len(samba3.idmapdb.mappings) - -samba3 = samba.samba3.Samba3(args[0], args[1]) + print "WINS db entries: %d" % len(samba3.get_wins_db()) + print "Registry key count: %d" % len(samba3.get_registry()) + groupdb = samba3.get_groupmapping_db() + print "Groupmap count: %d" % len(list(groupdb.groupsids())) + print "Alias count: %d" % len(list(groupdb.aliases())) + idmapdb = samba3.get_idmap_db() + print "Idmap count: %d" % (len(list(idmapdb.uids())) + len(list(idmapdb.gids()))) + +libdir = args[0] +if len(args) > 1: + smbconf = args[2] +else: + smbconf = os.path.join(libdir, "smb.conf") + +samba3 = samba.samba3.Samba3(libdir, smbconf) if opts.format == "summary": print_samba3_summary(samba3) diff --git a/source4/scripting/python/samba/samba3.py b/source4/scripting/python/samba/samba3.py index b75b24ba34..40443bd8ba 100644 --- a/source4/scripting/python/samba/samba3.py +++ b/source4/scripting/python/samba/samba3.py @@ -170,6 +170,16 @@ class SecretsDatabase: def get_dom_guid(self, host): return self.tdb.get("SECRETS/DOMGUID/%s" % host) + def ldap_dns(self): + for k in self.tdb.keys(): + if k.startswith("SECRETS/LDAP_BIND_PW/"): + yield k[len("SECRETS/LDAP_BIND_PW/"):].rstrip("\0") + + def domains(self): + for k in self.tdb.keys(): + if k.startswith("SECRETS/SID/"): + yield k[len("SECRETS/SID/"):].rstrip("\0") + def get_ldap_bind_pw(self, host): return self.tdb.get("SECRETS/LDAP_BIND_PW/%s" % host) @@ -177,10 +187,10 @@ class SecretsDatabase: return self.tdb.get("SECRETS/AFS_KEYFILE/%s" % host) def get_machine_sec_channel_type(self, host): - return self.tdb.get("SECRETS/MACHINE_SEC_CHANNEL_TYPE/%s" % host) + return self.tdb.fetch_uint32("SECRETS/MACHINE_SEC_CHANNEL_TYPE/%s" % host) def get_machine_last_change_time(self, host): - return self.tdb.get("SECRETS/MACHINE_LAST_CHANGE_TIME/%s" % host) + return self.tdb.fetch_uint32("SECRETS/MACHINE_LAST_CHANGE_TIME/%s" % host) def get_machine_password(self, host): return self.tdb.get("SECRETS/MACHINE_PASSWORD/%s" % host) @@ -191,6 +201,11 @@ class SecretsDatabase: def get_domtrust_acc(self, host): return self.tdb.get("SECRETS/$DOMTRUST.ACC/%s" % host) + def trusted_domains(self): + for k in self.tdb.keys(): + if k.startswith("SECRETS/$DOMTRUST.ACC/"): + yield k[len("SECRETS/$DOMTRUST.ACC/"):].rstrip("\0") + def get_random_seed(self): return self.tdb.get("INFO/random_seed") @@ -307,6 +322,9 @@ class SmbpasswdFile: def __getitem__(self, name): return self.users[name] + def __iter__(self): + return iter(self.entries) + def close(self): # For consistency pass @@ -363,7 +381,6 @@ class WinsDatabase: if l[0] == "#": # skip comments continue entries = shellsplit(l.rstrip("\n")) - print entries name = entries[0] ttl = int(entries[1]) i = 2 @@ -382,31 +399,34 @@ class WinsDatabase: def __len__(self): return len(self.entries) + def __iter__(self): + return iter(self.entries) + def close(self): # for consistency pass class Samba3: - def __init__(self, smbconfpath, libdir): + def __init__(self, libdir, smbconfpath): self.smbconfpath = smbconfpath self.libdir = libdir def get_policy_db(self): - return PolicyDatabase(os.path.join(libdir, "account_policy.tdb")) + return PolicyDatabase(os.path.join(self.libdir, "account_policy.tdb")) def get_registry(self): - return Registry(os.path.join(libdir, "registry.tdb")) + return Registry(os.path.join(self.libdir, "registry.tdb")) def get_secrets_db(self): - return SecretsDatabase(os.path.join(libdir, "secrets.tdb")) + return SecretsDatabase(os.path.join(self.libdir, "secrets.tdb")) def get_shares_db(self): - return ShareInfoDatabase(os.path.join(libdir, "share_info.tdb")) + return ShareInfoDatabase(os.path.join(self.libdir, "share_info.tdb")) def get_idmap_db(self): - return IdmapDatabase(os.path.join(libdir, "winbindd_idmap.tdb")) + return IdmapDatabase(os.path.join(self.libdir, "winbindd_idmap.tdb")) def get_wins_db(self): - return WinsDatabase(os.path.join(libdir, "wins.dat")) + return WinsDatabase(os.path.join(self.libdir, "wins.dat")) def get_groupmapping_db(self): - return GroupMappingDatabase(os.path.join(libdir, "group_mapping.tdb")) + return GroupMappingDatabase(os.path.join(self.libdir, "group_mapping.tdb")) diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 4f2ab46ef0..375c39eb5a 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -447,7 +447,6 @@ def upgrade_smbconf(oldconf,mark): def upgrade(subobj, samba3, message, paths, session_info, credentials): ret = 0 - lp = loadparm_init() samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) message("Writing configuration") @@ -455,8 +454,7 @@ def upgrade(subobj, samba3, message, paths, session_info, credentials): newconf.save(paths.smbconf) message("Importing account policies") - ldif = upgrade_sam_policy(samba3,subobj.BASEDN) - samdb.modify(ldif) + samdb.modify_ldif(upgrade_sam_policy(samba3,subobj.BASEDN)) regdb = Ldb(paths.hklm) regdb.modify(""" |