From 786deaf9288c77b40892d6639113e580a7be6904 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Mar 2008 12:08:54 +1100 Subject: Make the setup/newuser and setup/setpassword scripts actually work... These need a testsuite, but this will come soon. Andrew Bartlett (This used to be commit fbcaa622bd1929399e32326349e96b6676a49b96) --- source4/scripting/python/samba/samdb.py | 58 ++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 16 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 3c6bb23c02..de0fd4ba04 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -77,10 +77,15 @@ unixName: %s :param user_dn: Dn of the account to enable. """ - res = self.search(user_dn, SCOPE_ONELEVEL, None, ["userAccountControl"]) + res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"]) assert len(res) == 1 - userAccountControl = res[0].userAccountControl - userAccountControl = userAccountControl - 2 # remove disabled bit + userAccountControl = res[0]["userAccountControl"][0] + userAccountControl = int(userAccountControl) + if (userAccountControl & 0x2): + userAccountControl = userAccountControl & ~0x2 # remove disabled bit + if (userAccountControl & 0x20): + userAccountControl = userAccountControl & ~0x20 # remove 'no password required' bit + mod = """ dn: %s changetype: modify @@ -103,13 +108,9 @@ userAccountControl: %u res = self.search("", scope=ldb.SCOPE_BASE, expression="(defaultNamingContext=*)", attrs=["defaultNamingContext"]) - assert(len(res) == 1 and res[0].defaultNamingContext is not None) + assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) domain_dn = res[0]["defaultNamingContext"][0] assert(domain_dn is not None) - dom_users = self.searchone(basedn=domain_dn, attribute="dn", - expression="name=Domain Users") - assert(dom_users is not None) - user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn) # @@ -123,19 +124,44 @@ userAccountControl: %u "sambaPassword": password, "objectClass": "user"}) - # add the user to the users group as well - modgroup = """ + # modify the userAccountControl to remove the disabled bit + self.enable_account(user_dn) + self.transaction_commit() + + def setpassword(self, filter, password): + """Set a password on a user record + + :param filter: LDAP filter to find the user (eg samccountname=name) + :param password: Password for the user + """ + # connect to the sam + self.transaction_start() + + # find the DNs for the domain + res = self.search("", scope=ldb.SCOPE_BASE, + expression="(defaultNamingContext=*)", + attrs=["defaultNamingContext"]) + assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) + domain_dn = res[0]["defaultNamingContext"][0] + assert(domain_dn is not None) + + res = self.search(domain_dn, scope=ldb.SCOPE_SUBTREE, + expression=filter, + attrs=[]) + assert(len(res) == 1) + user_dn = res[0].dn + + setpw = """ dn: %s changetype: modify -add: member -member: %s -""" % (dom_users, user_dn) - +replace: sambaPassword +sambaPassword: %s +""" % (user_dn, password) - self.modify(modgroup) + self.modify_ldif(setpw) # modify the userAccountControl to remove the disabled bit - enable_account(self, user_dn) + self.enable_account(user_dn) self.transaction_commit() def set_domain_sid(self, sid): -- cgit From 8f8c56bfbcbfe8f80afb09eb1d481a108b252bee Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Fri, 28 Mar 2008 01:08:49 -0500 Subject: Convert some more files to GPLv3. (This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907) --- source4/scripting/python/subunit/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/subunit/__init__.py b/source4/scripting/python/subunit/__init__.py index 3abfbf522e..ac3d0c3a40 100644 --- a/source4/scripting/python/subunit/__init__.py +++ b/source4/scripting/python/subunit/__init__.py @@ -5,7 +5,7 @@ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, -- cgit From 142fbfb3c1f9f8cda7f0edaa801f8345f23d805f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Mar 2008 21:57:15 +1100 Subject: Fix and test python scripts and kerberos This fixes up the python credentials interface in a number of areas, with the aim of supporting '-k yes' as a command line option. (This enables the use of kerberos). As such, I've had to change the get_credentials call to take a loadparm context, so that the credentials can be initialised correctly. The test_kinit script has been modified to prove that this continues to work, as well as to provide greater code coverage of the kerberos paths. Andrew Bartlett (This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63) --- source4/scripting/python/samba/getopt.py | 15 ++++++++++++--- source4/scripting/python/samba/tests/samdb.py | 1 + 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index 088a5acf6f..82cb004b62 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -18,7 +18,7 @@ # import optparse -from credentials import Credentials +from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS class SambaOptions(optparse.OptionGroup): def __init__(self, parser): @@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup): help="Workgroup", callback=self._parse_workgroup) self.add_option("-N", "--no-pass", action="store_true", help="Don't ask for a password") + self.add_option("-k", "--kerberos", metavar="KERBEROS", + action="callback", type=str, + help="Use Kerberos", callback=self._set_kerberos) self.creds = Credentials() def _parse_username(self, option, opt_str, arg, parser): @@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup): def _set_password(self, option, opt_str, arg, parser): self.creds.set_password(arg) + def _set_kerberos(self, option, opt_str, arg, parser): + if bool(arg) or arg.lower() == "yes": + self.creds.set_kerberos_state(MUST_USE_KERBEROS) + else: + self.creds.set_kerberos_state(DONT_USE_KERBEROS) + def _set_simple_bind_dn(self, option, opt_str, arg, parser): self.creds.set_bind_dn(arg) - def get_credentials(self): - self.creds.guess() + def get_credentials(self, lp): + self.creds.guess(lp) if not self.no_pass: self.creds.set_cmdline_callbacks() return self.creds diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py index 40e56bebb5..3745dba6fc 100644 --- a/source4/scripting/python/samba/tests/samdb.py +++ b/source4/scripting/python/samba/tests/samdb.py @@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir): policyguid = uuid.random() setup_path = lambda x: os.path.join("setup", x) creds = Credentials() + creds.set_anonymous() domainsid = security.random_sid() hostguid = uuid.random() path = os.path.join(self.tempdir, "samdb.ldb") -- cgit From 238a1a52f1fd3cce0a0fd980c1717c8540a1c7a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Mar 2008 17:17:56 +1100 Subject: Rework 'compleated' message in provision to be more useful. In particular, this should draw attention to accidential 'standalone' server provisions and therefore cause less frustration. Andrew Bartlett (This used to be commit e906ae041a2b589ffceff97b74f7c4b01386382a) --- source4/scripting/python/samba/provision.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index d5e66d842c..b03457e57b 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -974,10 +974,6 @@ def provision(setup_dir, message, session_info, # provision-backend will set this path suggested slapd command line / fedorads.inf ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") - message("set DOMAIN SID: %s" % str(domainsid)) - message("Provisioning for %s in realm %s" % (names.domain, realm)) - message("Using administrator password: %s" % adminpass) - # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): message("Setting up share.ldb") @@ -1036,7 +1032,7 @@ def provision(setup_dir, message, session_info, nobody=nobody, nogroup=nogroup, wheel=wheel, users=users, backup=backup) - message("Setting up sam.ldb rootDSE marking as synchronized") + message("Compleating sam.ldb setup by marking as synchronized") setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif")) # Only make a zone file on the first DC, it should be replicated with DNS replication @@ -1051,19 +1047,25 @@ def provision(setup_dir, message, session_info, scope=SCOPE_SUBTREE) assert isinstance(hostguid, str) - message("Setting up DNS zone: %s" % names.dnsdomain) create_zone_file(paths.dns, setup_path, samdb, hostname=names.hostname, hostip=hostip, dnsdomain=names.dnsdomain, domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, domainguid=domainguid, hostguid=hostguid) message("Please install the zone located in %s into your DNS server" % paths.dns) - message("Setting up phpLDAPadmin configuration") create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig) + message("Once the above files are installed, your server will be ready to use") + message("Server Type: %s" % serverrole) + message("Hostname: %s" % names.hostname) + message("NetBIOS Domain: %s" % names.domain) + message("DNS Domain: %s" % names.dnsdomain) + message("DOMAIN SID: %s" % str(domainsid)) + message("Admin password: %s" % adminpass) + result = ProvisionResult() result.domaindn = domaindn result.paths = paths -- cgit From 2ab6dd9ea58c7f09791f45077df084447fc7de69 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2008 11:38:58 +1100 Subject: Remove references to setting the host GUID, as the repl_meta_data module prohibits it anyway. Andrew Bartlett (This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91) --- source4/scripting/python/samba/provision.py | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index b03457e57b..50d9f8d2ff 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -695,13 +695,8 @@ def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname, def setup_self_join(samdb, names, machinepass, dnspass, domainsid, invocationid, setup_path, - policyguid, hostguid=None): + policyguid): """Join a host to its own domain.""" - if hostguid is not None: - hostguid_add = "objectGUID: %s" % hostguid - else: - hostguid_add = "" - setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, @@ -714,7 +709,6 @@ def setup_self_join(samdb, names, "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, - "HOSTGUID_ADD": hostguid_add, "DNSDOMAIN": names.dnsdomain}) setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { "POLICYGUID": policyguid, @@ -727,7 +721,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, names, message, domainsid, aci, domainguid, policyguid, fill, adminpass, krbtgtpass, - machinepass, hostguid, invocationid, dnspass, + machinepass, invocationid, dnspass, serverrole, ldap_backend=None, ldap_backend_type=None): """Setup a complete SAM Database. @@ -880,7 +874,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, dnspass=dnspass, machinepass=machinepass, domainsid=domainsid, policyguid=policyguid, - hostguid=hostguid, setup_path=setup_path) #We want to setup the index last, as adds are faster unindexed @@ -902,7 +895,7 @@ def provision(setup_dir, message, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, hostip=None, domainsid=None, - hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, + adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, @@ -1006,7 +999,7 @@ def provision(setup_dir, message, session_info, aci=aci, domainguid=domainguid, policyguid=policyguid, fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, - hostguid=hostguid, invocationid=invocationid, + invocationid=invocationid, machinepass=machinepass, dnspass=dnspass, serverrole=serverrole, ldap_backend=ldap_backend, ldap_backend_type=ldap_backend_type) @@ -1077,7 +1070,7 @@ def provision_become_dc(setup_dir=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, domainsid=None, - hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, + adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, -- cgit From 3c0c6acc594fba1f1d28e49cb105c99fa1649a18 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Tue, 1 Apr 2008 19:51:24 -0500 Subject: provision: Add support for IPv6 (bz #4593). (This used to be commit 8585a3c77d5dfe97bca3f08716fc06ac2819f578) --- source4/scripting/python/samba/provision.py | 34 +++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 9 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index b03457e57b..870f64ecc9 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -28,7 +28,7 @@ import pwd import grp import time import uuid, misc -from socket import gethostname, gethostbyname +import socket import param import registry import samba @@ -267,7 +267,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole= rootdn=None, domaindn=None, configdn=None, schemadn=None, sitename=None): if hostname is None: - hostname = gethostname().split(".")[0].lower() + hostname = socket.gethostname().split(".")[0].lower() netbiosname = hostname.upper() if not valid_netbios_name(netbiosname): @@ -348,7 +348,7 @@ def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrol if not os.path.exists(smbconf): if hostname is None: - hostname = gethostname().split(".")[0].lower() + hostname = socket.gethostname().split(".")[0].lower() if serverrole is None: serverrole = "standalone" @@ -901,7 +901,7 @@ FILL_DRS = "DRS" def provision(setup_dir, message, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, - domain=None, hostname=None, hostip=None, domainsid=None, + domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, @@ -955,7 +955,12 @@ def provision(setup_dir, message, session_info, paths = provision_paths_from_lp(lp, names.dnsdomain) if hostip is None: - hostip = gethostbyname(names.hostname) + hostip = socket.getaddrinfo(names.hostname, None, socket.AF_INET, socket.AI_CANONNAME, socket.IPPROTO_IP)[0][-1][0] + + if hostip6 is None: + try: + hostip6 = socket.getaddrinfo(names.hostname, None, socket.AF_INET6, socket.AI_CANONNAME, socket.IPPROTO_IP)[0][-1][0] + except socket.gaierror: pass if serverrole is None: serverrole = lp.get("server role") @@ -1048,7 +1053,8 @@ def provision(setup_dir, message, session_info, assert isinstance(hostguid, str) create_zone_file(paths.dns, setup_path, samdb, - hostname=names.hostname, hostip=hostip, dnsdomain=names.dnsdomain, + hostname=names.hostname, hostip=hostip, + hostip6=hostip6, dnsdomain=names.dnsdomain, domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, domainguid=domainguid, hostguid=hostguid) message("Please install the zone located in %s into your DNS server" % paths.dns) @@ -1114,7 +1120,7 @@ def provision_backend(setup_dir=None, message=None, return os.path.join(setup_dir, file) if hostname is None: - hostname = gethostname().split(".")[0].lower() + hostname = socket.gethostname().split(".")[0].lower() if root is None: root = findnss(pwd.getpwnam, ["root"])[0] @@ -1247,7 +1253,7 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri): def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, - hostip, hostname, dnspass, realm, domainguid, hostguid): + hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid): """Write out a DNS zone file, from the info in the current database. :param path: Path of the new file. @@ -1255,7 +1261,8 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, :param samdb: SamDB object :param dnsdomain: DNS Domain name :param domaindn: DN of the Domain - :param hostip: Local IP + :param hostip: Local IPv4 IP + :param hostip6: Local IPv6 IP :param hostname: Local hostname :param dnspass: Password for DNS :param realm: Realm name @@ -1264,6 +1271,13 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, """ assert isinstance(domainguid, str) + hostip6_base_line = "" + hostip6_host_line = "" + + if hostip6 is not None: + hostip6_base_line = " IN AAAA " + hostip6 + hostip6_host_line = hostname + " IN AAAA " + hostip6 + setup_file(setup_path("provision.zone"), path, { "DNSPASS_B64": b64encode(dnspass), "HOSTNAME": hostname, @@ -1274,6 +1288,8 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, "DATESTRING": time.strftime("%Y%m%d%H"), "DEFAULTSITE": DEFAULTSITE, "HOSTGUID": hostguid, + "HOSTIP6_BASE_LINE": hostip6_base_line, + "HOSTIP6_HOST_LINE": hostip6_host_line, }) def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/scripting/python/misc.i | 1 + source4/scripting/python/misc_wrap.c | 1 + 2 files changed, 2 insertions(+) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/misc.i b/source4/scripting/python/misc.i index a11b2fb825..e04e6a6906 100644 --- a/source4/scripting/python/misc.i +++ b/source4/scripting/python/misc.i @@ -25,6 +25,7 @@ #include "auth/credentials/credentials.h" #include "dsdb/samdb/samdb.h" #include "lib/ldb-samba/ldif_handlers.h" +#include "librpc/ndr/libndr.h" %} %import "stdint.i" diff --git a/source4/scripting/python/misc_wrap.c b/source4/scripting/python/misc_wrap.c index cf85e91e1e..579d1f379f 100644 --- a/source4/scripting/python/misc_wrap.c +++ b/source4/scripting/python/misc_wrap.c @@ -2533,6 +2533,7 @@ static swig_module_info swig_module = {swig_types, 27, 0, 0, 0, 0}; #include "auth/credentials/credentials.h" #include "dsdb/samdb/samdb.h" #include "lib/ldb-samba/ldif_handlers.h" +#include "librpc/ndr/libndr.h" SWIGINTERN int -- cgit From 8ac91d913231ecd7ead595b93032c7486f67c949 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 1 Apr 2008 00:17:00 +0200 Subject: provision: Set up id mappings in the idmap db, only map Administrator. (This used to be commit 206b7d387c6d17e5cc40fd45b489abac9235a7a4) --- source4/scripting/python/samba/idmap.py | 73 +++++++++++++++++++++ source4/scripting/python/samba/provision.py | 98 ++++++++++++++--------------- source4/scripting/python/samba/samdb.py | 19 ------ 3 files changed, 120 insertions(+), 70 deletions(-) create mode 100644 source4/scripting/python/samba/idmap.py (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/idmap.py b/source4/scripting/python/samba/idmap.py new file mode 100644 index 0000000000..355565968a --- /dev/null +++ b/source4/scripting/python/samba/idmap.py @@ -0,0 +1,73 @@ +#!/usr/bin/python + +# Unix SMB/CIFS implementation. +# Copyright (C) 2008 Kai Blin +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +"""Convenience functions for using the idmap database.""" + +import samba +import ldb + +class IDmapDB(samba.Ldb): + """The IDmap database.""" + + # Mappings for ID_TYPE_UID, ID_TYPE_GID and ID_TYPE_BOTH + TYPE_UID = 1 + TYPE_GID = 2 + TYPE_BOTH = 3 + + def __init__(self, url=None, session_info=None, credentials=None, + modules_dir=None, lp=None): + """Open the IDmap Database. + + :param url: URL of the database. + """ + super(IDmapDB, self).__init__(session_info=session_info, credentials=credentials, + modules_dir=modules_dir, lp=lp) + if url: + self.connect(url) + + + def setup_name_mapping(self, sid, type, unixid): + """Setup a mapping between a sam name and a unix name. + + :param sid: SID of the NT-side of the mapping. + :param unixname: Unix name to map to. + """ + type_string = "" + if type == self.TYPE_UID: + type_string = "ID_TYPE_UID" + elif type == self.TYPE_GID: + type_string = "ID_TYPE_GID" + elif type == self.TYPE_BOTH: + type_string = "ID_TYPE_BOTH" + else: + return + + mod = """ +dn: CN=%s +xidNumber: %s +objectSid: %s +objectClass: sidMap +type: %s +cn: %s + +""" % (sid, unixid, sid, type_string, sid) + self.add(self.parse_ldif(mod).next()[1]) + + diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index dfeb61e52b..a8ced61c4b 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -35,6 +35,7 @@ import samba from auth import system_session from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted from samba.samdb import SamDB +from samba.idmap import IDmapDB import security import urllib from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \ @@ -397,45 +398,32 @@ def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrol return lp -def setup_name_mappings(ldb, sid, domaindn, root, nobody, nogroup, users, - wheel, backup): +def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, + users_gid, wheel_gid, backup_gid): """setup reasonable name mappings for sam names to unix names. - - :param ldb: SamDB object. + + :param samdb: SamDB object. + :param idmap: IDmap db object. :param sid: The domain sid. :param domaindn: The domain DN. - :param root: Name of the UNIX root user. - :param nobody: Name of the UNIX nobody user. - :param nogroup: Name of the unix nobody group. - :param users: Name of the unix users group. - :param wheel: Name of the wheel group (users that can become root). - :param backup: Name of the backup group.""" + :param root_uid: uid of the UNIX root user. + :param nobody_uid: uid of the UNIX nobody user. + :param users_gid: gid of the UNIX users group. + :param wheel_gid: gid of the UNIX wheel group. + :param backup_gid: gid of the UNIX backup group.""" # add some foreign sids if they are not present already - ldb.add_foreign(domaindn, "S-1-5-7", "Anonymous") - ldb.add_foreign(domaindn, "S-1-1-0", "World") - ldb.add_foreign(domaindn, "S-1-5-2", "Network") - ldb.add_foreign(domaindn, "S-1-5-18", "System") - ldb.add_foreign(domaindn, "S-1-5-11", "Authenticated Users") - - # some well known sids - ldb.setup_name_mapping(domaindn, "S-1-5-7", nobody) - ldb.setup_name_mapping(domaindn, "S-1-1-0", nogroup) - ldb.setup_name_mapping(domaindn, "S-1-5-2", nogroup) - ldb.setup_name_mapping(domaindn, "S-1-5-18", root) - ldb.setup_name_mapping(domaindn, "S-1-5-11", users) - ldb.setup_name_mapping(domaindn, "S-1-5-32-544", wheel) - ldb.setup_name_mapping(domaindn, "S-1-5-32-545", users) - ldb.setup_name_mapping(domaindn, "S-1-5-32-546", nogroup) - ldb.setup_name_mapping(domaindn, "S-1-5-32-551", backup) - - # and some well known domain rids - ldb.setup_name_mapping(domaindn, sid + "-500", root) - ldb.setup_name_mapping(domaindn, sid + "-518", wheel) - ldb.setup_name_mapping(domaindn, sid + "-519", wheel) - ldb.setup_name_mapping(domaindn, sid + "-512", wheel) - ldb.setup_name_mapping(domaindn, sid + "-513", users) - ldb.setup_name_mapping(domaindn, sid + "-520", wheel) + samdb.add_foreign(domaindn, "S-1-5-7", "Anonymous") + samdb.add_foreign(domaindn, "S-1-1-0", "World") + samdb.add_foreign(domaindn, "S-1-5-2", "Network") + samdb.add_foreign(domaindn, "S-1-5-18", "System") + samdb.add_foreign(domaindn, "S-1-5-11", "Authenticated Users") + idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid) + idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid) + idmap.setup_name_mapping("S-1-5-32-551", idmap.TYPE_GID, backup_gid) + + idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid) + idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid) def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, credentials, names, @@ -663,8 +651,8 @@ def setup_idmapdb(path, setup_path, session_info, credentials, lp): if os.path.exists(path): os.unlink(path) - idmap_ldb = Ldb(path, session_info=session_info, credentials=credentials, - lp=lp) + idmap_ldb = IDmapDB(path, session_info=session_info, + credentials=credentials, lp=lp) idmap_ldb.erase() idmap_ldb.load_ldif_file_add(setup_path("idmap_init.ldif")) @@ -924,18 +912,25 @@ def provision(setup_dir, message, session_info, if dnspass is None: dnspass = misc.random_password(12) if root is None: - root = findnss(pwd.getpwnam, ["root"])[0] + root_uid = findnss(pwd.getpwnam, ["root"])[2] + else: + root_uid = findnss(pwd.getpwnam, [root])[2] if nobody is None: - nobody = findnss(pwd.getpwnam, ["nobody"])[0] - if nogroup is None: - nogroup = findnss(grp.getgrnam, ["nogroup", "nobody"])[0] + nobody_uid = findnss(pwd.getpwnam, ["nobody"])[2] + else: + nobody_uid = findnss(pwd.getpwnam, [nobody])[2] if users is None: - users = findnss(grp.getgrnam, ["users", "guest", "other", "unknown", - "usr"])[0] + users_gid = findnss(grp.getgrnam, ["users"])[2] + else: + users_gid = findnss(grp.getgrnam, [users])[2] if wheel is None: - wheel = findnss(grp.getgrnam, ["wheel", "root", "staff", "adm"])[0] + wheel_gid = findnss(grp.getgrnam, ["wheel", "adm"])[2] + else: + wheel_gid = findnss(grp.getgrnam, [wheel])[2] if backup is None: - backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0] + backup_gid = findnss(grp.getgrnam, ["backup", "staff"])[2] + else: + backup_gid = findnss(grp.getgrnam, [backup])[2] if aci is None: aci = "# no aci for local ldb" @@ -994,8 +989,8 @@ def provision(setup_dir, message, session_info, credentials=credentials, lp=lp) message("Setting up idmap db") - setup_idmapdb(paths.idmapdb, setup_path, session_info=session_info, - credentials=credentials, lp=lp) + idmap = setup_idmapdb(paths.idmapdb, setup_path, session_info=session_info, + credentials=credentials, lp=lp) samdb = setup_samdb(paths.samdb, setup_path, session_info=session_info, credentials=credentials, lp=lp, names=names, @@ -1026,11 +1021,12 @@ def provision(setup_dir, message, session_info, machinepass=machinepass, dnsdomain=names.dnsdomain) if samdb_fill == FILL_FULL: - setup_name_mappings(samdb, str(domainsid), names.domaindn, root=root, - nobody=nobody, nogroup=nogroup, wheel=wheel, - users=users, backup=backup) - - message("Compleating sam.ldb setup by marking as synchronized") + setup_name_mappings(samdb, idmap, str(domainsid), names.domaindn, + root_uid=root_uid, nobody_uid=nobody_uid, + users_gid=users_gid, wheel_gid=wheel_gid, + backup_gid=backup_gid) + + message("Setting up sam.ldb rootDSE marking as synchronized") setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif")) # Only make a zone file on the first DC, it should be replicated with DNS replication diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index de0fd4ba04..bc3eef7879 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -53,25 +53,6 @@ description: %s for msg in self.parse_ldif(add): self.add(msg[1]) - def setup_name_mapping(self, domaindn, sid, unixname): - """Setup a mapping between a sam name and a unix name. - - :param domaindn: DN of the domain. - :param sid: SID of the NT-side of the mapping. - :param unixname: Unix name to map to. - """ - res = self.search(domaindn, ldb.SCOPE_SUBTREE, - "objectSid=%s" % sid, ["dn"]) - assert len(res) == 1, "Failed to find record for objectSid %s" % sid - - mod = """ -dn: %s -changetype: modify -replace: unixName -unixName: %s -""" % (res[0].dn, unixname) - self.modify(self.parse_ldif(mod).next()[1]) - def enable_account(self, user_dn): """Enable an account. -- cgit From c26387a473fd26ac51c74c001b520d7fd7d353ec Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 3 Apr 2008 00:01:34 +0200 Subject: provision: Remove backup group mapping Some distros seem to neither have a backup nor a staff group. (This used to be commit 21fcf7c419658b3ae296428ca7a4ccf2288c17fe) --- source4/scripting/python/samba/provision.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index a8ced61c4b..6917aa1a54 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -399,7 +399,7 @@ def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrol return lp def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, - users_gid, wheel_gid, backup_gid): + users_gid, wheel_gid): """setup reasonable name mappings for sam names to unix names. :param samdb: SamDB object. @@ -409,8 +409,7 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, :param root_uid: uid of the UNIX root user. :param nobody_uid: uid of the UNIX nobody user. :param users_gid: gid of the UNIX users group. - :param wheel_gid: gid of the UNIX wheel group. - :param backup_gid: gid of the UNIX backup group.""" + :param wheel_gid: gid of the UNIX wheel group.""" # add some foreign sids if they are not present already samdb.add_foreign(domaindn, "S-1-5-7", "Anonymous") samdb.add_foreign(domaindn, "S-1-1-0", "World") @@ -420,7 +419,6 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid) idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid) - idmap.setup_name_mapping("S-1-5-32-551", idmap.TYPE_GID, backup_gid) idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid) idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid) @@ -927,10 +925,6 @@ def provision(setup_dir, message, session_info, wheel_gid = findnss(grp.getgrnam, ["wheel", "adm"])[2] else: wheel_gid = findnss(grp.getgrnam, [wheel])[2] - if backup is None: - backup_gid = findnss(grp.getgrnam, ["backup", "staff"])[2] - else: - backup_gid = findnss(grp.getgrnam, [backup])[2] if aci is None: aci = "# no aci for local ldb" @@ -1023,8 +1017,7 @@ def provision(setup_dir, message, session_info, if samdb_fill == FILL_FULL: setup_name_mappings(samdb, idmap, str(domainsid), names.domaindn, root_uid=root_uid, nobody_uid=nobody_uid, - users_gid=users_gid, wheel_gid=wheel_gid, - backup_gid=backup_gid) + users_gid=users_gid, wheel_gid=wheel_gid) message("Setting up sam.ldb rootDSE marking as synchronized") setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif")) -- cgit From 57bf8d2e33c69c8a642070c4c4ba8c00681e42cc Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 8 Apr 2008 02:48:54 +0200 Subject: Add Python bindings for DFS. (This used to be commit 4319971ccb42618a3298a5f26f63fa4c9b255849) --- source4/scripting/python/modules.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/modules.c b/source4/scripting/python/modules.c index 2ecad20b8e..eccf556ab1 100644 --- a/source4/scripting/python/modules.c +++ b/source4/scripting/python/modules.c @@ -35,6 +35,7 @@ extern void init_events(void); extern void inituuid(void); extern void init_net(void); extern void initecho(void); +extern void initdfs(void); extern void initwinreg(void); extern void initepmapper(void); extern void initinitshutdown(void); -- cgit From f253c3ad91d66aeb594e8088c462257277748263 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 8 Apr 2008 03:18:43 +0200 Subject: Add python bindings for unixinfo. (This used to be commit 068c2f858a0c7e325cb8a1f2ca36e32b31fe1f77) --- source4/scripting/python/modules.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/modules.c b/source4/scripting/python/modules.c index eccf556ab1..603c1df21c 100644 --- a/source4/scripting/python/modules.c +++ b/source4/scripting/python/modules.c @@ -47,6 +47,7 @@ static void initdcerpc_security(void) {} extern void initlsa(void); extern void initsvcctl(void); extern void initwkssvc(void); +extern void initunixinfo(void); extern void init_libcli_nbt(void); extern void init_libcli_smb(void); -- cgit From 5cf6c42658755f0a126a5bd6cdd9f215779b75a8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 8 Apr 2008 03:23:53 +0200 Subject: Add python bindings for drsuapi. (This used to be commit ba3f0312f0dda47fb16ed9b8eee3750b209e0dad) --- source4/scripting/python/modules.c | 1 + source4/scripting/python/pyrpc.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/modules.c b/source4/scripting/python/modules.c index 603c1df21c..ba85994636 100644 --- a/source4/scripting/python/modules.c +++ b/source4/scripting/python/modules.c @@ -36,6 +36,7 @@ extern void inituuid(void); extern void init_net(void); extern void initecho(void); extern void initdfs(void); +extern void initdrsuapi(void); extern void initwinreg(void); extern void initepmapper(void); extern void initinitshutdown(void); diff --git a/source4/scripting/python/pyrpc.h b/source4/scripting/python/pyrpc.h index 3a5d235cfc..f4d0f37c39 100644 --- a/source4/scripting/python/pyrpc.h +++ b/source4/scripting/python/pyrpc.h @@ -26,7 +26,7 @@ #define dom_sid2_Type dom_sid_Type #define dom_sid28_Type dom_sid_Type #define dom_sid2_Check dom_sid_Check -#define dom_sid28_Check dom_sid28_Check +#define dom_sid28_Check dom_sid_Check /* This macro is only provided by Python >= 2.3 */ #ifndef PyAPI_DATA -- cgit From 1f474f4a545752f7ac0ad402d01d1e768b973dbe Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 8 Apr 2008 03:29:12 +0200 Subject: Add trivial test for unixinfo interface. (This used to be commit b6b7171f70114bd27ca8db09964c65cacb9cea92) --- .../scripting/python/samba/tests/dcerpc/unix.py | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 source4/scripting/python/samba/tests/dcerpc/unix.py (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/tests/dcerpc/unix.py b/source4/scripting/python/samba/tests/dcerpc/unix.py new file mode 100644 index 0000000000..99c84c08da --- /dev/null +++ b/source4/scripting/python/samba/tests/dcerpc/unix.py @@ -0,0 +1,30 @@ +#!/usr/bin/python + +# Unix SMB/CIFS implementation. +# Copyright (C) Jelmer Vernooij 2008 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import unixinfo +import unittest +from samba.tests import get_loadparm + +class UnixinfoTests(unittest.TestCase): + def setUp(self): + self.conn = unixinfo.unixinfo("ncalrpc:", get_loadparm()) + + def test_getpwuid(self): + (count, infos) = self.conn.GetPWUid(1, [0]) + self.assertEquals(1, len(infos)) -- cgit