diff options
-rw-r--r-- | source4/dsdb/pydsdb.c | 148 | ||||
-rwxr-xr-x | source4/scripting/bin/samba_dnsupdate | 6 | ||||
-rwxr-xr-x | source4/scripting/bin/upgradeprovision | 3 | ||||
-rw-r--r-- | source4/scripting/python/pyglue.c | 144 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 11 | ||||
-rw-r--r-- | source4/scripting/python/samba/samdb.py | 50 |
6 files changed, 200 insertions, 162 deletions
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index ac9b93cc27..b18c127776 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -21,6 +21,8 @@ #include "includes.h" #include "dsdb/samdb/samdb.h" #include "lib/ldb/pyldb.h" +#include "libcli/security/security.h" +#include "librpc/ndr/libndr.h" /* FIXME: These should be in a header file somewhere, once we finish moving * away from SWIG .. */ @@ -83,6 +85,138 @@ static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self, return ret; } +static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args) +{ + PyObject *py_ldb, *py_sid; + struct ldb_context *ldb; + struct dom_sid *sid; + bool ret; + + if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); + + ret = samdb_set_domain_sid(ldb, sid); + if (!ret) { + PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed"); + return NULL; + } + Py_RETURN_NONE; +} + +static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args) +{ + PyObject *py_ldb; + struct ldb_context *ldb; + const struct dom_sid *sid; + PyObject *ret; + char *retstr; + + if (!PyArg_ParseTuple(args, "O", &py_ldb)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + sid = samdb_domain_sid(ldb); + if (!sid) { + PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed"); + return NULL; + } + retstr = dom_sid_string(NULL, sid); + ret = PyString_FromString(retstr); + talloc_free(retstr); + return ret; +} + +static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args) +{ + PyObject *py_ldb, *result; + struct ldb_context *ldb; + TALLOC_CTX *mem_ctx; + const struct GUID *guid; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + if (!PyArg_ParseTuple(args, "O", &py_ldb)) { + talloc_free(mem_ctx); + return NULL; + } + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + guid = samdb_ntds_invocation_id(ldb); + if (guid == NULL) { + PyErr_SetString(PyExc_RuntimeError, + "Failed to find NTDS invocation ID"); + talloc_free(mem_ctx); + return NULL; + } + + result = PyString_FromString(GUID_string(mem_ctx, guid)); + talloc_free(mem_ctx); + return result; +} + +static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args) +{ + PyObject *py_ldb, *py_guid; + bool ret; + struct GUID guid; + struct ldb_context *ldb; + if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + GUID_from_string(PyString_AsString(py_guid), &guid); + + ret = samdb_set_ntds_invocation_id(ldb, &guid); + if (!ret) { + PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed"); + return NULL; + } + Py_RETURN_NONE; +} + +static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args) +{ + PyObject *py_ldb, *result; + struct ldb_context *ldb; + TALLOC_CTX *mem_ctx; + const struct GUID *guid; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + if (!PyArg_ParseTuple(args, "O", &py_ldb)) { + talloc_free(mem_ctx); + return NULL; + } + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + guid = samdb_ntds_objectGUID(ldb); + if (guid == NULL) { + PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID"); + talloc_free(mem_ctx); + return NULL; + } + + result = PyString_FromString(GUID_string(mem_ctx, guid)); + talloc_free(mem_ctx); + return result; +} + + static PyMethodDef py_dsdb_methods[] = { { "samdb_server_site_name", (PyCFunction)py_samdb_server_site_name, METH_VARARGS, "Get the server site name as a string"}, @@ -90,6 +224,20 @@ static PyMethodDef py_dsdb_methods[] = { (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS, "dsdb_convert_schema_to_openldap(ldb, target_str, mapping) -> str\n" "Create an OpenLDAP schema from a schema." }, + { "samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid, + METH_VARARGS, + "samdb_set_domain_sid(samdb, sid)\n" + "Set SID of domain to use." }, + { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, + METH_VARARGS, + "samdb_get_domain_sid(samdb)\n" + "Get SID of domain in use." }, + { "samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id, + METH_VARARGS, "get the NTDS invocation ID GUID as a string"}, + { "dsdb_set_ntds_invocation_id", (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS, + NULL }, + { "samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID, METH_VARARGS, + "get the NTDS objectGUID as a string"}, { NULL } }; diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index b3956aa2c4..73611c8901 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -34,7 +34,6 @@ import samba import optparse from samba import getopt as options from ldb import SCOPE_BASE -from samba import glue from samba.auth import system_session from samba.samdb import SamDB @@ -69,7 +68,7 @@ if opts.all_interfaces: else: all_interfaces = False -IPs = glue.interface_ips(lp, all_interfaces) +IPs = samba.interface_ips(lp, all_interfaces) nsupdate_cmd = lp.get('nsupdate command') if len(IPs) == 0: @@ -200,7 +199,8 @@ def get_subst_vars(): global lp vars = {} - samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), lp=lp) + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), + lp=lp) vars['DNSDOMAIN'] = lp.get('realm').lower() vars['HOSTNAME'] = lp.get('netbios name').lower() + "." + vars['DNSDOMAIN'] diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 8f01bd3bf0..234152b002 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -39,7 +39,6 @@ from ldb import SCOPE_SUBTREE, SCOPE_BASE, \ FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE,\ MessageElement, Message, Dn from samba import param -from samba import glue from samba.misc import messageEltFlagToString from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct from samba.provisionexceptions import ProvisioningError @@ -845,7 +844,7 @@ def update_machine_account_password(paths, creds, session, names): assert(len(res) == 1) msg = Message(res[0].dn) - machinepass = glue.generate_random_password(128, 255) + machinepass = samba.generate_random_password(128, 255) msg["userPassword"] = MessageElement(machinepass, FLAG_MOD_REPLACE, "userPassword") sam_ldb.modify(msg) diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index 8639958561..8d19b06ddf 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -117,72 +117,6 @@ static PyObject *py_set_debug_level(PyObject *self, PyObject *args) Py_RETURN_NONE; } -static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args) -{ - PyObject *py_ldb, *py_sid; - struct ldb_context *ldb; - struct dom_sid *sid; - bool ret; - - if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid)) - return NULL; - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - - sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); - - ret = samdb_set_domain_sid(ldb, sid); - if (!ret) { - PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed"); - return NULL; - } - Py_RETURN_NONE; -} - -static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args) -{ - PyObject *py_ldb; - struct ldb_context *ldb; - const struct dom_sid *sid; - PyObject *ret; - char *retstr; - - if (!PyArg_ParseTuple(args, "O", &py_ldb)) - return NULL; - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - - sid = samdb_domain_sid(ldb); - if (!sid) { - PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed"); - return NULL; - } - retstr = dom_sid_string(NULL, sid); - ret = PyString_FromString(retstr); - talloc_free(retstr); - return ret; -} - -static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args) -{ - PyObject *py_ldb, *py_guid; - bool ret; - struct GUID guid; - struct ldb_context *ldb; - if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid)) - return NULL; - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - GUID_from_string(PyString_AsString(py_guid), &guid); - - ret = samdb_set_ntds_invocation_id(ldb, &guid); - if (!ret) { - PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed"); - return NULL; - } - Py_RETURN_NONE; -} - static PyObject *py_dsdb_set_global_schema(PyObject *self, PyObject *args) { PyObject *py_ldb; @@ -314,72 +248,6 @@ static PyObject *py_dsdb_load_partition_usn(PyObject *self, PyObject *args) return result; } -static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args) -{ - PyObject *py_ldb, *result; - struct ldb_context *ldb; - TALLOC_CTX *mem_ctx; - const struct GUID *guid; - - mem_ctx = talloc_new(NULL); - if (mem_ctx == NULL) { - PyErr_NoMemory(); - return NULL; - } - - if (!PyArg_ParseTuple(args, "O", &py_ldb)) { - talloc_free(mem_ctx); - return NULL; - } - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - - guid = samdb_ntds_invocation_id(ldb); - if (guid == NULL) { - PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS invocation ID"); - talloc_free(mem_ctx); - return NULL; - } - - result = PyString_FromString(GUID_string(mem_ctx, guid)); - talloc_free(mem_ctx); - return result; -} - - -static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args) -{ - PyObject *py_ldb, *result; - struct ldb_context *ldb; - TALLOC_CTX *mem_ctx; - const struct GUID *guid; - - mem_ctx = talloc_new(NULL); - if (mem_ctx == NULL) { - PyErr_NoMemory(); - return NULL; - } - - if (!PyArg_ParseTuple(args, "O", &py_ldb)) { - talloc_free(mem_ctx); - return NULL; - } - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - - guid = samdb_ntds_objectGUID(ldb); - if (guid == NULL) { - PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID"); - talloc_free(mem_ctx); - return NULL; - } - - result = PyString_FromString(GUID_string(mem_ctx, guid)); - talloc_free(mem_ctx); - return result; -} - - /* return the list of interface IPs we have configured takes an loadparm context, returns a list of IPs in string form @@ -442,14 +310,6 @@ static PyMethodDef py_misc_methods[] = { "Generate random password with a length >= min and <= max." }, { "unix2nttime", (PyCFunction)py_unix2nttime, METH_VARARGS, "unix2nttime(timestamp) -> nttime" }, - { "samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid, METH_VARARGS, - "samdb_set_domain_sid(samdb, sid)\n" - "Set SID of domain to use." }, - { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS, - "samdb_get_domain_sid(samdb)\n" - "Get SID of domain in use." }, - { "dsdb_set_ntds_invocation_id", (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS, - NULL }, { "dsdb_set_global_schema", (PyCFunction)py_dsdb_set_global_schema, METH_VARARGS, NULL }, { "dsdb_set_schema_from_ldif", (PyCFunction)py_dsdb_set_schema_from_ldif, METH_VARARGS, @@ -462,10 +322,6 @@ static PyMethodDef py_misc_methods[] = { "set debug level" }, { "dsdb_load_partition_usn", (PyCFunction)py_dsdb_load_partition_usn, METH_VARARGS, "get uSNHighest and uSNUrgent from the partition @REPLCHANGED"}, - { "samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id, METH_VARARGS, - "get the NTDS invocation ID GUID as a string"}, - { "samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID, METH_VARARGS, - "get the NTDS objectGUID as a string"}, { "interface_ips", (PyCFunction)py_interface_ips, METH_VARARGS, "get interface IP address list"}, { NULL } diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index f3c5bcc6fb..d23333c66e 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -894,8 +894,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, samdb.set_opaque_integer("forestFunctionality", forestFunctionality) samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality) - samdb.set_domain_sid(str(domainsid)) - samdb.set_invocation_id(invocationid) + samdb.domain_sid = str(domainsid) + samdb.invocation_id = invocationid message("Adding DomainDN: %s" % names.domaindn) @@ -947,11 +947,12 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, message("Reopening sam.ldb with new schema") samdb.transaction_commit() - samdb = Ldb(session_info=admin_session_info, - credentials=provision_backend.credentials, lp=lp) + samdb = SamDB(session_info=admin_session_info, + credentials=provision_backend.credentials, lp=lp, + global_schema=False) samdb.connect(path) samdb.transaction_start() - samdb.set_invocation_id(invocationid) + samdb.invocation_id = invocationid message("Setting up sam.ldb configuration data") setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 22e8f46226..f584adb515 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -23,6 +23,7 @@ """Convenience functions for using the SAM.""" +import dsdb import samba import glue import ldb @@ -38,10 +39,6 @@ class SamDB(samba.Ldb): def __init__(self, url=None, lp=None, modules_dir=None, session_info=None, credentials=None, flags=0, options=None): - """Opens the SAM Database - For parameter meanings see the super class (samba.Ldb) - """ - self.lp = lp if url is None: url = lp.get("sam database") @@ -107,7 +104,8 @@ pwdLastSet: 0 """ % (user_dn) self.modify_ldif(mod) - def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False): + def newuser(self, username, unixname, password, + force_password_change_at_next_login_req=False): """Adds a new user Note: This call adds also the ID mapping for winbind; therefore it works @@ -154,7 +152,7 @@ pwdLastSet: 0 raise self.transaction_commit() - def setpassword(self, filter, password, force_password_change_at_next_login_req=False): + def setpassword(self, filter, password, force_change_at_next_login=False): """Sets the password for a user Note: This call uses the "userPassword" attribute to set the password. @@ -163,7 +161,7 @@ pwdLastSet: 0 :param filter: LDAP filter to find the user (eg samccountname=name) :param password: Password for the user - :param force_password_change_at_next_login_req: Force password change + :param force_change_at_next_login: Force password change """ self.transaction_start() try: @@ -181,7 +179,7 @@ userPassword:: %s self.modify_ldif(setpw) - if force_password_change_at_next_login_req: + if force_change_at_next_login: self.force_password_change_at_next_login( "(dn=" + str(user_dn) + ")") @@ -230,3 +228,39 @@ accountExpires: %u self.transaction_cancel() raise self.transaction_commit() + + def set_domain_sid(self, sid): + """Change the domain SID used by this LDB. + + :param sid: The new domain sid to use. + """ + dsdb.samdb_set_domain_sid(self, sid) + + def get_domain_sid(self): + """Read the domain SID used by this LDB. + + """ + dsdb.samdb_get_domain_sid(self) + + def set_invocation_id(self, invocation_id): + """Set the invocation id for this SamDB handle. + + :param invocation_id: GUID of the invocation id. + """ + dsdb.dsdb_set_ntds_invocation_id(self, invocation_id) + + def get_invocation_id(self): + "Get the invocation_id id" + return dsdb.samdb_ntds_invocation_id(self) + + invocation_id = property(get_invocation_id, set_invocation_id) + + domain_sid = property(get_domain_sid, set_domain_sid) + + def get_ntds_GUID(self): + "Get the NTDS objectGUID" + return dsdb.samdb_ntds_objectGUID(self) + + def server_site_name(self): + "Get the server site name" + return dsdb.samdb_server_site_name(self) |