From 4be253fe2fe7b24f322952f94c973a5d250aec4b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Oct 2009 14:31:25 +1100 Subject: s4:provision Move 'Schema' into it's own file --- source4/scripting/bin/rebuildextendeddn | 3 +- source4/scripting/bin/upgradeschema.py | 5 +- source4/scripting/python/samba/__init__.py | 13 +++ source4/scripting/python/samba/provision.py | 122 +----------------------- source4/scripting/python/samba/schema.py | 140 ++++++++++++++++++++++++++++ 5 files changed, 160 insertions(+), 123 deletions(-) create mode 100644 source4/scripting/python/samba/schema.py diff --git a/source4/scripting/bin/rebuildextendeddn b/source4/scripting/bin/rebuildextendeddn index 618d179719..5ae27aa027 100755 --- a/source4/scripting/bin/rebuildextendeddn +++ b/source4/scripting/bin/rebuildextendeddn @@ -40,7 +40,8 @@ import ldb import samba.getopt as options from samba.samdb import SamDB from samba import param -from samba.provision import ProvisionPaths, ProvisionNames,provision_paths_from_lp,get_dnsyntax_attributes,get_linked_attributes +from samba.provision import ProvisionPaths, ProvisionNames, provision_paths_from_lp +from samba.schema import get_dnsyntax_attributes, get_linked_attributes parser = optparse.OptionParser("provision [options]") sambaopts = options.SambaOptions(parser) diff --git a/source4/scripting/bin/upgradeschema.py b/source4/scripting/bin/upgradeschema.py index 52579480cd..cf8262aef9 100755 --- a/source4/scripting/bin/upgradeschema.py +++ b/source4/scripting/bin/upgradeschema.py @@ -44,7 +44,8 @@ import ldb import samba.getopt as options from samba.samdb import SamDB from samba import param -from samba.provision import ProvisionNames,provision_paths_from_lp,find_setup_dir,Schema,get_linked_attributes,FILL_FULL,provision +from samba.provision import ProvisionNames,provision_paths_from_lp,find_setup_dir,FILL_FULL,provision +from samba.schema import get_dnsyntax_attributes, get_linked_attributes, Schema from samba.dcerpc import misc, security from samba.ndr import ndr_pack, ndr_unpack @@ -283,7 +284,7 @@ def newprovision(names,setup_dir,creds,session,smbconf): wheel=None, users=None, serverrole="domain controller", ldap_backend_extra_port=None, - ldap_backend_type=None, + backend_type=None, ldapadminpass=None, ol_mmr_urls=None, slapd_path=None, diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 57cefdd137..b334fda77b 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -323,6 +323,19 @@ def check_all_substituted(text): raise Exception("Not all variables substituted: %s" % text[var_start:var_end+1]) +def read_and_sub_file(file, subst_vars): + """Read a file and sub in variables found in it + + :param file: File to be read (typically from setup directory) + param subst_vars: Optional variables to subsitute in the file. + """ + data = open(file, 'r').read() + if subst_vars is not None: + data = substitute_var(data, subst_vars) + check_all_substituted(data) + return data + + def valid_netbios_name(name): """Check whether a name is valid as a NetBIOS name. """ # See crh's book (1.4.1.1) diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index a6b8420994..f570599e62 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -43,7 +43,7 @@ import shutil from credentials import Credentials, DONT_USE_KERBEROS from auth import system_session, admin_session from samba import version, Ldb, substitute_var, valid_netbios_name -from samba import check_all_substituted +from samba import check_all_substituted, read_and_sub_file from samba import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008 from samba.samdb import SamDB from samba.idmap import IDmapDB @@ -51,8 +51,8 @@ from samba.dcerpc import security from samba.ndr import ndr_pack import urllib from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, timestring -from ms_schema import read_ms_schema from ms_display_specifiers import read_ms_ldif +from schema import Schema from signal import SIGTERM from dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA @@ -73,20 +73,6 @@ def find_setup_dir(): return ret raise Exception("Unable to find setup directory.") -def get_schema_descriptor(domain_sid): - sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \ - "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \ - "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \ - "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \ - "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \ - "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)" - sec = security.descriptor.from_sddl(sddl, domain_sid) - return b64encode(ndr_pack(sec)) - def get_config_descriptor(domain_sid): sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ @@ -182,97 +168,6 @@ class ProvisionResult(object): self.lp = None self.samdb = None - -class Schema(object): - def __init__(self, setup_path, domain_sid, schemadn=None, - serverdn=None, sambadn=None): - """Load schema for the SamDB from the AD schema files and samba4_schema.ldif - - :param samdb: Load a schema into a SamDB. - :param setup_path: Setup path function. - :param schemadn: DN of the schema - :param serverdn: DN of the server - - Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db - """ - - self.schemadn = schemadn - self.ldb = Ldb() - self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'), - setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt')) - self.schema_data += open(setup_path("schema_samba4.ldif"), 'r').read() - self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn}) - check_all_substituted(self.schema_data) - - self.schema_dn_modify = read_and_sub_file(setup_path("provision_schema_basedn_modify.ldif"), - {"SCHEMADN": schemadn, - "SERVERDN": serverdn, - }) - - descr = get_schema_descriptor(domain_sid) - self.schema_dn_add = read_and_sub_file(setup_path("provision_schema_basedn.ldif"), - {"SCHEMADN": schemadn, - "DESCRIPTOR": descr - }) - - prefixmap = open(setup_path("prefixMap.txt"), 'r').read() - prefixmap = b64encode(prefixmap) - - - - # We don't actually add this ldif, just parse it - prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % prefixmap - self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data) - - def write_to_tmp_ldb(self, schemadb_path): - self.ldb.connect(schemadb_path) - self.ldb.transaction_start() - - self.ldb.add_ldif("""dn: @ATTRIBUTES -linkID: INTEGER - -dn: @INDEXLIST -@IDXATTR: linkID -@IDXATTR: attributeSyntax -""") - # These bits of LDIF are supplied when the Schema object is created - self.ldb.add_ldif(self.schema_dn_add) - self.ldb.modify_ldif(self.schema_dn_modify) - self.ldb.add_ldif(self.schema_data) - self.ldb.transaction_commit() - - # Return a hash with the forward attribute as a key and the back as the value - def linked_attributes(self): - return get_linked_attributes(self.schemadn, self.ldb) - - def dnsyntax_attributes(self): - return get_dnsyntax_attributes(self.schemadn, self.ldb) - -# Return a hash with the forward attribute as a key and the back as the value -def get_linked_attributes(schemadn,schemaldb): - attrs = ["linkID", "lDAPDisplayName"] - res = schemaldb.search(expression="(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs) - attributes = {} - for i in range (0, len(res)): - expression = "(&(objectclass=attributeSchema)(linkID=%d)(attributeSyntax=2.5.5.1))" % (int(res[i]["linkID"][0])+1) - target = schemaldb.searchone(basedn=schemadn, - expression=expression, - attribute="lDAPDisplayName", - scope=SCOPE_SUBTREE) - if target is not None: - attributes[str(res[i]["lDAPDisplayName"])]=str(target) - - return attributes - -def get_dnsyntax_attributes(schemadn,schemaldb): - attrs = ["linkID", "lDAPDisplayName"] - res = schemaldb.search(expression="(&(!(linkID=*))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs) - attributes = [] - for i in range (0, len(res)): - attributes.append(str(res[i]["lDAPDisplayName"])) - - return attributes - def check_install(lp, session_info, credentials): """Check whether the current install seems ok. @@ -307,19 +202,6 @@ findnss_uid = lambda names: findnss(pwd.getpwnam, names)[2] findnss_gid = lambda names: findnss(grp.getgrnam, names)[2] -def read_and_sub_file(file, subst_vars): - """Read a file and sub in variables found in it - - :param file: File to be read (typically from setup directory) - param subst_vars: Optional variables to subsitute in the file. - """ - data = open(file, 'r').read() - if subst_vars is not None: - data = substitute_var(data, subst_vars) - check_all_substituted(data) - return data - - def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]): """Setup a ldb in the private dir. diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py new file mode 100644 index 0000000000..0f34c4edda --- /dev/null +++ b/source4/scripting/python/samba/schema.py @@ -0,0 +1,140 @@ +# +# Unix SMB/CIFS implementation. +# backend code for provisioning a Samba4 server +# +# Copyright (C) Jelmer Vernooij 2007-2008 +# Copyright (C) Andrew Bartlett 2008-2009 +# Copyright (C) Oliver Liebel 2008-2009 +# +# Based on the original in EJS: +# Copyright (C) Andrew Tridgell 2005 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +"""Functions for setting up a Samba Schema.""" + +from base64 import b64encode +from ms_schema import read_ms_schema +from samba.dcerpc import security +from samba import read_and_sub_file, substitute_var, check_all_substituted +from samba import Ldb +from samba.ndr import ndr_pack +from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE + +def get_schema_descriptor(domain_sid): + sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \ + "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ + "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ + "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \ + "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \ + "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \ + "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \ + "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \ + "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \ + "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)" + sec = security.descriptor.from_sddl(sddl, domain_sid) + return b64encode(ndr_pack(sec)) + + +class Schema(object): + def __init__(self, setup_path, domain_sid, schemadn=None, + serverdn=None, sambadn=None): + """Load schema for the SamDB from the AD schema files and samba4_schema.ldif + + :param samdb: Load a schema into a SamDB. + :param setup_path: Setup path function. + :param schemadn: DN of the schema + :param serverdn: DN of the server + + Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db + """ + + self.schemadn = schemadn + self.ldb = Ldb() + self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'), + setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt')) + self.schema_data += open(setup_path("schema_samba4.ldif"), 'r').read() + self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn}) + check_all_substituted(self.schema_data) + + self.schema_dn_modify = read_and_sub_file(setup_path("provision_schema_basedn_modify.ldif"), + {"SCHEMADN": schemadn, + "SERVERDN": serverdn, + }) + + descr = get_schema_descriptor(domain_sid) + self.schema_dn_add = read_and_sub_file(setup_path("provision_schema_basedn.ldif"), + {"SCHEMADN": schemadn, + "DESCRIPTOR": descr + }) + + prefixmap = open(setup_path("prefixMap.txt"), 'r').read() + prefixmap = b64encode(prefixmap) + + + + # We don't actually add this ldif, just parse it + prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % prefixmap + self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data) + + def write_to_tmp_ldb(self, schemadb_path): + self.ldb.connect(schemadb_path) + self.ldb.transaction_start() + + self.ldb.add_ldif("""dn: @ATTRIBUTES +linkID: INTEGER + +dn: @INDEXLIST +@IDXATTR: linkID +@IDXATTR: attributeSyntax +""") + # These bits of LDIF are supplied when the Schema object is created + self.ldb.add_ldif(self.schema_dn_add) + self.ldb.modify_ldif(self.schema_dn_modify) + self.ldb.add_ldif(self.schema_data) + self.ldb.transaction_commit() + + # Return a hash with the forward attribute as a key and the back as the value + def linked_attributes(self): + return get_linked_attributes(self.schemadn, self.ldb) + + def dnsyntax_attributes(self): + return get_dnsyntax_attributes(self.schemadn, self.ldb) + +# Return a hash with the forward attribute as a key and the back as the value +def get_linked_attributes(schemadn,schemaldb): + attrs = ["linkID", "lDAPDisplayName"] + res = schemaldb.search(expression="(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs) + attributes = {} + for i in range (0, len(res)): + expression = "(&(objectclass=attributeSchema)(linkID=%d)(attributeSyntax=2.5.5.1))" % (int(res[i]["linkID"][0])+1) + target = schemaldb.searchone(basedn=schemadn, + expression=expression, + attribute="lDAPDisplayName", + scope=SCOPE_SUBTREE) + if target is not None: + attributes[str(res[i]["lDAPDisplayName"])]=str(target) + + return attributes + +def get_dnsyntax_attributes(schemadn,schemaldb): + attrs = ["linkID", "lDAPDisplayName"] + res = schemaldb.search(expression="(&(!(linkID=*))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs) + attributes = [] + for i in range (0, len(res)): + attributes.append(str(res[i]["lDAPDisplayName"])) + + return attributes + -- cgit