summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/drs_utils.py80
-rw-r--r--source4/scripting/python/samba/provision/__init__.py38
-rw-r--r--source4/scripting/python/samba/provision/backend.py27
3 files changed, 73 insertions, 72 deletions
diff --git a/source4/scripting/python/samba/drs_utils.py b/source4/scripting/python/samba/drs_utils.py
index b5955b9e08..77f415ed17 100644
--- a/source4/scripting/python/samba/drs_utils.py
+++ b/source4/scripting/python/samba/drs_utils.py
@@ -29,38 +29,39 @@ def drs_DsBind(drs):
bind_info = drsuapi.DsBindInfoCtr()
bind_info.length = 28
bind_info.info = drsuapi.DsBindInfo28()
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
(info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
return (handle, info.info.supported_extensions)
+
class drs_Replicate:
'''DRS replication calls'''
@@ -71,8 +72,6 @@ class drs_Replicate:
self.samdb = samdb
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
-
-
def drs_get_rodc_partial_attribute_set(self):
'''get a list of attributes for RODC replication'''
partial_attribute_set = drsuapi.DsPartialAttributeSet()
@@ -110,7 +109,6 @@ class drs_Replicate:
partial_attribute_set.num_attids = len(attids)
return partial_attribute_set
-
def replicate(self, dn, source_dsa_invocation_id, destination_dsa_guid,
schema=False, exop=drsuapi.DRSUAPI_EXOP_NONE, rodc=False,
replica_flags=None):
@@ -120,23 +118,23 @@ class drs_Replicate:
req8 = drsuapi.DsGetNCChangesRequest8()
req8.destination_dsa_guid = destination_dsa_guid
- req8.source_dsa_invocation_id = source_dsa_invocation_id
- req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
+ req8.source_dsa_invocation_id = source_dsa_invocation_id
+ req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = dn
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
- req8.highwatermark.reserved_usn = 0
- req8.highwatermark.highest_usn = 0
- req8.uptodateness_vector = None
+ req8.highwatermark.reserved_usn = 0
+ req8.highwatermark.highest_usn = 0
+ req8.uptodateness_vector = None
if replica_flags is not None:
req8.replica_flags = replica_flags
elif exop == drsuapi.DRSUAPI_EXOP_REPL_SECRET:
- req8.replica_flags = 0
+ req8.replica_flags = 0
else:
- req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
- drsuapi.DRSUAPI_DRS_PER_SYNC |
- drsuapi.DRSUAPI_DRS_GET_ANC |
- drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+ req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
+ drsuapi.DRSUAPI_DRS_PER_SYNC |
+ drsuapi.DRSUAPI_DRS_GET_ANC |
+ drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
if rodc:
req8.replica_flags |= drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
else:
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 1fed220507..6b32a71213 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -87,11 +87,11 @@ def find_setup_dir():
if in_source_tree():
# In source tree
dirname = os.path.dirname(__file__)
- return os.path.normpath(os.path.join(dirname, "../../../setup"))
+ return os.path.normpath(os.path.join(dirname, "../../../../setup"))
else:
import sys
for prefix in [sys.prefix,
- os.path.join(os.path.dirname(__file__), "../../../..")]:
+ os.path.join(os.path.dirname(__file__), "../../../../..")]:
for suffix in ["share/setup", "share/samba/setup", "setup"]:
ret = os.path.normpath(os.path.join(prefix, suffix))
if os.path.isdir(ret):
@@ -469,7 +469,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
for x in netbiosname:
if x.isalnum() or x in VALID_NETBIOS_CHARS:
newnbname = "%s%c" % (newnbname, x)
- #force the length to be <16
+ # force the length to be <16
netbiosname = newnbname[0:15]
assert netbiosname is not None
netbiosname = netbiosname.upper()
@@ -751,11 +751,11 @@ def secretsdb_self_join(secretsdb, domain,
"privateKeytab"]
if realm is not None:
- if dnsdomain is None:
- dnsdomain = realm.lower()
- dnsname = '%s.%s' % (netbiosname.lower(), dnsdomain.lower())
+ if dnsdomain is None:
+ dnsdomain = realm.lower()
+ dnsname = '%s.%s' % (netbiosname.lower(), dnsdomain.lower())
else:
- dnsname = None
+ dnsname = None
shortname = netbiosname.lower()
# We don't need to set msg["flatname"] here, because rdn_name will handle
@@ -764,11 +764,11 @@ def secretsdb_self_join(secretsdb, domain,
msg["secureChannelType"] = [str(secure_channel_type)]
msg["objectClass"] = ["top", "primaryDomain"]
if dnsname is not None:
- msg["objectClass"] = ["top", "primaryDomain", "kerberosSecret"]
- msg["realm"] = [realm]
- msg["saltPrincipal"] = ["host/%s@%s" % (dnsname, realm.upper())]
- msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
- msg["privateKeytab"] = ["secrets.keytab"]
+ msg["objectClass"] = ["top", "primaryDomain", "kerberosSecret"]
+ msg["realm"] = [realm]
+ msg["saltPrincipal"] = ["host/%s@%s" % (dnsname, realm.upper())]
+ msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
+ msg["privateKeytab"] = ["secrets.keytab"]
msg["secret"] = [machinepass]
msg["samAccountName"] = ["%s$" % netbiosname]
@@ -780,10 +780,9 @@ def secretsdb_self_join(secretsdb, domain,
# than one record for this SID, realm or netbios domain at a time,
# but we don't delete the old record that we are about to modify,
# because that would delete the keytab and previous password.
- res = secretsdb.search(base="cn=Primary Domains",
- attrs=attrs,
- expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
- scope=ldb.SCOPE_ONELEVEL)
+ res = secretsdb.search(base="cn=Primary Domains", attrs=attrs,
+ expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
+ scope=ldb.SCOPE_ONELEVEL)
for del_msg in res:
secretsdb.delete(del_msg.dn)
@@ -929,8 +928,7 @@ def setup_registry(path, setup_path, session_info, lp):
:param lp: Loadparm context
"""
reg = samba.registry.Registry()
- hive = samba.registry.open_ldb(path, session_info=session_info,
- lp_ctx=lp)
+ hive = samba.registry.open_ldb(path, session_info=session_info, lp_ctx=lp)
reg.mount_hive(hive, samba.registry.HKEY_LOCAL_MACHINE)
provision_reg = setup_path("provision.reg")
assert os.path.exists(provision_reg)
@@ -970,8 +968,7 @@ def setup_samdb_rootdse(samdb, setup_path, names):
})
-def setup_self_join(samdb, names,
- machinepass, dnspass,
+def setup_self_join(samdb, names, machinepass, dnspass,
domainsid, next_rid, invocationid, setup_path,
policyguid, policyguid_dc, domainControllerFunctionality,
ntdsguid):
@@ -1316,6 +1313,7 @@ FILL_DRS = "DRS"
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)"
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)"
+
def set_dir_acl(path, acl, lp, domsid):
setntacl(lp, path, acl, domsid)
for root, dirs, files in os.walk(path, topdown=False):
diff --git a/source4/scripting/python/samba/provision/backend.py b/source4/scripting/python/samba/provision/backend.py
index 32bcfeca95..8bd9d1f8e5 100644
--- a/source4/scripting/python/samba/provision/backend.py
+++ b/source4/scripting/python/samba/provision/backend.py
@@ -13,7 +13,7 @@
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@@ -113,7 +113,7 @@ class ExistingBackend(ProvisionBackend):
super(ExistingBackend, self).__init__(backend_type=backend_type,
paths=paths, setup_path=setup_path, lp=lp,
credentials=credentials, names=names, logger=logger,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
+ ldap_backend_forced_uri=ldapi_uri)
def init(self):
# Check to see that this 'existing' LDAP backend in fact exists
@@ -134,8 +134,8 @@ class LDAPBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, setup_path=None, lp=None,
credentials=None, names=None, logger=None, domainsid=None,
- schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None,
+ schema=None, hostname=None, ldapadminpass=None,
+ slapd_path=None, ldap_backend_extra_port=None,
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
@@ -250,8 +250,9 @@ class LDAPBackend(ProvisionBackend):
try:
ldapi_db = Ldb(self.ldap_uri, lp=self.lp, credentials=self.credentials)
ldapi_db.search(base="", scope=SCOPE_BASE,
- expression="(objectClass=OpenLDAProotDSE)")
- # If we have got here, then we must have a valid connection to the LDAP server!
+ expression="(objectClass=OpenLDAProotDSE)")
+ # If we have got here, then we must have a valid connection to
+ # the LDAP server!
return
except LdbError:
time.sleep(1)
@@ -269,7 +270,7 @@ class LDAPBackend(ProvisionBackend):
# and check its proper termination
if self.slapd.poll() is None:
# Kill the slapd
- if hasattr(self.slapd, "terminate"):
+ if getattr(self.slapd, "terminate", None) is not None:
self.slapd.terminate()
else:
# Older python versions don't have .terminate()
@@ -332,7 +333,8 @@ class OpenLDAPBackend(LDAPBackend):
# Wipe the directories so we can start
shutil.rmtree(os.path.join(self.ldapdir, "db"), True)
- #Allow the test scripts to turn off fsync() for OpenLDAP as for TDB and LDB
+ # Allow the test scripts to turn off fsync() for OpenLDAP as for TDB
+ # and LDB
nosync_config = ""
if self.nosync:
nosync_config = "dbnosync"
@@ -586,16 +588,19 @@ class FDSBackend(LDAPBackend):
self.sambadn = "CN=Samba"
self.fedoradsinf = os.path.join(self.ldapdir, "fedorads.inf")
- self.partitions_ldif = os.path.join(self.ldapdir, "fedorads-partitions.ldif")
+ self.partitions_ldif = os.path.join(self.ldapdir,
+ "fedorads-partitions.ldif")
self.sasl_ldif = os.path.join(self.ldapdir, "fedorads-sasl.ldif")
self.dna_ldif = os.path.join(self.ldapdir, "fedorads-dna.ldif")
self.pam_ldif = os.path.join(self.ldapdir, "fedorads-pam.ldif")
self.refint_ldif = os.path.join(self.ldapdir, "fedorads-refint.ldif")
- self.linked_attrs_ldif = os.path.join(self.ldapdir, "fedorads-linked-attributes.ldif")
+ self.linked_attrs_ldif = os.path.join(self.ldapdir,
+ "fedorads-linked-attributes.ldif")
self.index_ldif = os.path.join(self.ldapdir, "fedorads-index.ldif")
self.samba_ldif = os.path.join(self.ldapdir, "fedorads-samba.ldif")
- self.samba3_schema = self.setup_path("../../examples/LDAP/samba.schema")
+ self.samba3_schema = self.setup_path(
+ "../../examples/LDAP/samba.schema")
self.samba3_ldif = os.path.join(self.ldapdir, "samba3.ldif")
self.retcode = subprocess.call(["bin/oLschema2ldif",