summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/pydsdb.c148
-rwxr-xr-xsource4/scripting/bin/samba_dnsupdate6
-rwxr-xr-xsource4/scripting/bin/upgradeprovision3
-rw-r--r--source4/scripting/python/pyglue.c144
-rw-r--r--source4/scripting/python/samba/provision.py11
-rw-r--r--source4/scripting/python/samba/samdb.py50
6 files changed, 200 insertions, 162 deletions
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index ac9b93cc27..b18c127776 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -21,6 +21,8 @@
#include "includes.h"
#include "dsdb/samdb/samdb.h"
#include "lib/ldb/pyldb.h"
+#include "libcli/security/security.h"
+#include "librpc/ndr/libndr.h"
/* FIXME: These should be in a header file somewhere, once we finish moving
* away from SWIG .. */
@@ -83,6 +85,138 @@ static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self,
return ret;
}
+static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args)
+{
+ PyObject *py_ldb, *py_sid;
+ struct ldb_context *ldb;
+ struct dom_sid *sid;
+ bool ret;
+
+ if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
+
+ ret = samdb_set_domain_sid(ldb, sid);
+ if (!ret) {
+ PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed");
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
+{
+ PyObject *py_ldb;
+ struct ldb_context *ldb;
+ const struct dom_sid *sid;
+ PyObject *ret;
+ char *retstr;
+
+ if (!PyArg_ParseTuple(args, "O", &py_ldb))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ sid = samdb_domain_sid(ldb);
+ if (!sid) {
+ PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
+ return NULL;
+ }
+ retstr = dom_sid_string(NULL, sid);
+ ret = PyString_FromString(retstr);
+ talloc_free(retstr);
+ return ret;
+}
+
+static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args)
+{
+ PyObject *py_ldb, *result;
+ struct ldb_context *ldb;
+ TALLOC_CTX *mem_ctx;
+ const struct GUID *guid;
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ guid = samdb_ntds_invocation_id(ldb);
+ if (guid == NULL) {
+ PyErr_SetString(PyExc_RuntimeError,
+ "Failed to find NTDS invocation ID");
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ result = PyString_FromString(GUID_string(mem_ctx, guid));
+ talloc_free(mem_ctx);
+ return result;
+}
+
+static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
+{
+ PyObject *py_ldb, *py_guid;
+ bool ret;
+ struct GUID guid;
+ struct ldb_context *ldb;
+ if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+ GUID_from_string(PyString_AsString(py_guid), &guid);
+
+ ret = samdb_set_ntds_invocation_id(ldb, &guid);
+ if (!ret) {
+ PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args)
+{
+ PyObject *py_ldb, *result;
+ struct ldb_context *ldb;
+ TALLOC_CTX *mem_ctx;
+ const struct GUID *guid;
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ guid = samdb_ntds_objectGUID(ldb);
+ if (guid == NULL) {
+ PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID");
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ result = PyString_FromString(GUID_string(mem_ctx, guid));
+ talloc_free(mem_ctx);
+ return result;
+}
+
+
static PyMethodDef py_dsdb_methods[] = {
{ "samdb_server_site_name", (PyCFunction)py_samdb_server_site_name,
METH_VARARGS, "Get the server site name as a string"},
@@ -90,6 +224,20 @@ static PyMethodDef py_dsdb_methods[] = {
(PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS,
"dsdb_convert_schema_to_openldap(ldb, target_str, mapping) -> str\n"
"Create an OpenLDAP schema from a schema." },
+ { "samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid,
+ METH_VARARGS,
+ "samdb_set_domain_sid(samdb, sid)\n"
+ "Set SID of domain to use." },
+ { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid,
+ METH_VARARGS,
+ "samdb_get_domain_sid(samdb)\n"
+ "Get SID of domain in use." },
+ { "samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id,
+ METH_VARARGS, "get the NTDS invocation ID GUID as a string"},
+ { "dsdb_set_ntds_invocation_id", (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS,
+ NULL },
+ { "samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID, METH_VARARGS,
+ "get the NTDS objectGUID as a string"},
{ NULL }
};
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index b3956aa2c4..73611c8901 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -34,7 +34,6 @@ import samba
import optparse
from samba import getopt as options
from ldb import SCOPE_BASE
-from samba import glue
from samba.auth import system_session
from samba.samdb import SamDB
@@ -69,7 +68,7 @@ if opts.all_interfaces:
else:
all_interfaces = False
-IPs = glue.interface_ips(lp, all_interfaces)
+IPs = samba.interface_ips(lp, all_interfaces)
nsupdate_cmd = lp.get('nsupdate command')
if len(IPs) == 0:
@@ -200,7 +199,8 @@ def get_subst_vars():
global lp
vars = {}
- samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), lp=lp)
+ samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ lp=lp)
vars['DNSDOMAIN'] = lp.get('realm').lower()
vars['HOSTNAME'] = lp.get('netbios name').lower() + "." + vars['DNSDOMAIN']
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 8f01bd3bf0..234152b002 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -39,7 +39,6 @@ from ldb import SCOPE_SUBTREE, SCOPE_BASE, \
FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE,\
MessageElement, Message, Dn
from samba import param
-from samba import glue
from samba.misc import messageEltFlagToString
from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct
from samba.provisionexceptions import ProvisioningError
@@ -845,7 +844,7 @@ def update_machine_account_password(paths, creds, session, names):
assert(len(res) == 1)
msg = Message(res[0].dn)
- machinepass = glue.generate_random_password(128, 255)
+ machinepass = samba.generate_random_password(128, 255)
msg["userPassword"] = MessageElement(machinepass, FLAG_MOD_REPLACE, "userPassword")
sam_ldb.modify(msg)
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 8639958561..8d19b06ddf 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -117,72 +117,6 @@ static PyObject *py_set_debug_level(PyObject *self, PyObject *args)
Py_RETURN_NONE;
}
-static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args)
-{
- PyObject *py_ldb, *py_sid;
- struct ldb_context *ldb;
- struct dom_sid *sid;
- bool ret;
-
- if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid))
- return NULL;
-
- PyErr_LDB_OR_RAISE(py_ldb, ldb);
-
- sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
-
- ret = samdb_set_domain_sid(ldb, sid);
- if (!ret) {
- PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed");
- return NULL;
- }
- Py_RETURN_NONE;
-}
-
-static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
-{
- PyObject *py_ldb;
- struct ldb_context *ldb;
- const struct dom_sid *sid;
- PyObject *ret;
- char *retstr;
-
- if (!PyArg_ParseTuple(args, "O", &py_ldb))
- return NULL;
-
- PyErr_LDB_OR_RAISE(py_ldb, ldb);
-
- sid = samdb_domain_sid(ldb);
- if (!sid) {
- PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
- return NULL;
- }
- retstr = dom_sid_string(NULL, sid);
- ret = PyString_FromString(retstr);
- talloc_free(retstr);
- return ret;
-}
-
-static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
-{
- PyObject *py_ldb, *py_guid;
- bool ret;
- struct GUID guid;
- struct ldb_context *ldb;
- if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid))
- return NULL;
-
- PyErr_LDB_OR_RAISE(py_ldb, ldb);
- GUID_from_string(PyString_AsString(py_guid), &guid);
-
- ret = samdb_set_ntds_invocation_id(ldb, &guid);
- if (!ret) {
- PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
- return NULL;
- }
- Py_RETURN_NONE;
-}
-
static PyObject *py_dsdb_set_global_schema(PyObject *self, PyObject *args)
{
PyObject *py_ldb;
@@ -314,72 +248,6 @@ static PyObject *py_dsdb_load_partition_usn(PyObject *self, PyObject *args)
return result;
}
-static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args)
-{
- PyObject *py_ldb, *result;
- struct ldb_context *ldb;
- TALLOC_CTX *mem_ctx;
- const struct GUID *guid;
-
- mem_ctx = talloc_new(NULL);
- if (mem_ctx == NULL) {
- PyErr_NoMemory();
- return NULL;
- }
-
- if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
- talloc_free(mem_ctx);
- return NULL;
- }
-
- PyErr_LDB_OR_RAISE(py_ldb, ldb);
-
- guid = samdb_ntds_invocation_id(ldb);
- if (guid == NULL) {
- PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS invocation ID");
- talloc_free(mem_ctx);
- return NULL;
- }
-
- result = PyString_FromString(GUID_string(mem_ctx, guid));
- talloc_free(mem_ctx);
- return result;
-}
-
-
-static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args)
-{
- PyObject *py_ldb, *result;
- struct ldb_context *ldb;
- TALLOC_CTX *mem_ctx;
- const struct GUID *guid;
-
- mem_ctx = talloc_new(NULL);
- if (mem_ctx == NULL) {
- PyErr_NoMemory();
- return NULL;
- }
-
- if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
- talloc_free(mem_ctx);
- return NULL;
- }
-
- PyErr_LDB_OR_RAISE(py_ldb, ldb);
-
- guid = samdb_ntds_objectGUID(ldb);
- if (guid == NULL) {
- PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID");
- talloc_free(mem_ctx);
- return NULL;
- }
-
- result = PyString_FromString(GUID_string(mem_ctx, guid));
- talloc_free(mem_ctx);
- return result;
-}
-
-
/*
return the list of interface IPs we have configured
takes an loadparm context, returns a list of IPs in string form
@@ -442,14 +310,6 @@ static PyMethodDef py_misc_methods[] = {
"Generate random password with a length >= min and <= max." },
{ "unix2nttime", (PyCFunction)py_unix2nttime, METH_VARARGS,
"unix2nttime(timestamp) -> nttime" },
- { "samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid, METH_VARARGS,
- "samdb_set_domain_sid(samdb, sid)\n"
- "Set SID of domain to use." },
- { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS,
- "samdb_get_domain_sid(samdb)\n"
- "Get SID of domain in use." },
- { "dsdb_set_ntds_invocation_id", (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS,
- NULL },
{ "dsdb_set_global_schema", (PyCFunction)py_dsdb_set_global_schema, METH_VARARGS,
NULL },
{ "dsdb_set_schema_from_ldif", (PyCFunction)py_dsdb_set_schema_from_ldif, METH_VARARGS,
@@ -462,10 +322,6 @@ static PyMethodDef py_misc_methods[] = {
"set debug level" },
{ "dsdb_load_partition_usn", (PyCFunction)py_dsdb_load_partition_usn, METH_VARARGS,
"get uSNHighest and uSNUrgent from the partition @REPLCHANGED"},
- { "samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id, METH_VARARGS,
- "get the NTDS invocation ID GUID as a string"},
- { "samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID, METH_VARARGS,
- "get the NTDS objectGUID as a string"},
{ "interface_ips", (PyCFunction)py_interface_ips, METH_VARARGS,
"get interface IP address list"},
{ NULL }
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index f3c5bcc6fb..d23333c66e 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -894,8 +894,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
samdb.set_opaque_integer("forestFunctionality", forestFunctionality)
samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality)
- samdb.set_domain_sid(str(domainsid))
- samdb.set_invocation_id(invocationid)
+ samdb.domain_sid = str(domainsid)
+ samdb.invocation_id = invocationid
message("Adding DomainDN: %s" % names.domaindn)
@@ -947,11 +947,12 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
message("Reopening sam.ldb with new schema")
samdb.transaction_commit()
- samdb = Ldb(session_info=admin_session_info,
- credentials=provision_backend.credentials, lp=lp)
+ samdb = SamDB(session_info=admin_session_info,
+ credentials=provision_backend.credentials, lp=lp,
+ global_schema=False)
samdb.connect(path)
samdb.transaction_start()
- samdb.set_invocation_id(invocationid)
+ samdb.invocation_id = invocationid
message("Setting up sam.ldb configuration data")
setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 22e8f46226..f584adb515 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -23,6 +23,7 @@
"""Convenience functions for using the SAM."""
+import dsdb
import samba
import glue
import ldb
@@ -38,10 +39,6 @@ class SamDB(samba.Ldb):
def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
credentials=None, flags=0, options=None):
- """Opens the SAM Database
- For parameter meanings see the super class (samba.Ldb)
- """
-
self.lp = lp
if url is None:
url = lp.get("sam database")
@@ -107,7 +104,8 @@ pwdLastSet: 0
""" % (user_dn)
self.modify_ldif(mod)
- def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False):
+ def newuser(self, username, unixname, password,
+ force_password_change_at_next_login_req=False):
"""Adds a new user
Note: This call adds also the ID mapping for winbind; therefore it works
@@ -154,7 +152,7 @@ pwdLastSet: 0
raise
self.transaction_commit()
- def setpassword(self, filter, password, force_password_change_at_next_login_req=False):
+ def setpassword(self, filter, password, force_change_at_next_login=False):
"""Sets the password for a user
Note: This call uses the "userPassword" attribute to set the password.
@@ -163,7 +161,7 @@ pwdLastSet: 0
:param filter: LDAP filter to find the user (eg samccountname=name)
:param password: Password for the user
- :param force_password_change_at_next_login_req: Force password change
+ :param force_change_at_next_login: Force password change
"""
self.transaction_start()
try:
@@ -181,7 +179,7 @@ userPassword:: %s
self.modify_ldif(setpw)
- if force_password_change_at_next_login_req:
+ if force_change_at_next_login:
self.force_password_change_at_next_login(
"(dn=" + str(user_dn) + ")")
@@ -230,3 +228,39 @@ accountExpires: %u
self.transaction_cancel()
raise
self.transaction_commit()
+
+ def set_domain_sid(self, sid):
+ """Change the domain SID used by this LDB.
+
+ :param sid: The new domain sid to use.
+ """
+ dsdb.samdb_set_domain_sid(self, sid)
+
+ def get_domain_sid(self):
+ """Read the domain SID used by this LDB.
+
+ """
+ dsdb.samdb_get_domain_sid(self)
+
+ def set_invocation_id(self, invocation_id):
+ """Set the invocation id for this SamDB handle.
+
+ :param invocation_id: GUID of the invocation id.
+ """
+ dsdb.dsdb_set_ntds_invocation_id(self, invocation_id)
+
+ def get_invocation_id(self):
+ "Get the invocation_id id"
+ return dsdb.samdb_ntds_invocation_id(self)
+
+ invocation_id = property(get_invocation_id, set_invocation_id)
+
+ domain_sid = property(get_domain_sid, set_domain_sid)
+
+ def get_ntds_GUID(self):
+ "Get the NTDS objectGUID"
+ return dsdb.samdb_ntds_objectGUID(self)
+
+ def server_site_name(self):
+ "Get the server site name"
+ return dsdb.samdb_server_site_name(self)