# we can ignore the possible == at the end
# of the base64 string
# we just need to replace '+' by '.'
- b64salt = base64.b64encode(salt)[0:16].replace('+', '.')
+ b64salt = base64.b64encode(salt)[0:16].replace('+', '.').decode('utf8')
crypt_salt = ""
if rounds != 0:
crypt_salt = "$%s$rounds=%s$%s$" % (alg, rounds, b64salt)
h.update(u8)
h.update(salt)
bv = h.digest() + salt
- v = "{SSHA}" + base64.b64encode(bv)
+ v = "{SSHA}" + base64.b64encode(bv).decode('utf8')
elif a == "virtualCryptSHA256":
rounds = get_rounds(attr_opts[a])
x = get_virtual_crypt_value(a, 5, rounds, username, account_name)
self.sync_command = sync_command
add_ldif = "dn: %s\n" % self.cache_dn
add_ldif += "objectClass: userSyncPasswords\n"
- add_ldif += "samdbUrl:: %s\n" % base64.b64encode(self.samdb_url)
- add_ldif += "dirsyncFilter:: %s\n" % base64.b64encode(self.dirsync_filter)
+ add_ldif += "samdbUrl:: %s\n" % base64.b64encode(self.samdb_url).decode('utf8')
+ add_ldif += "dirsyncFilter:: %s\n" % base64.b64encode(self.dirsync_filter).decode('utf8')
for a in self.dirsync_attrs:
- add_ldif += "dirsyncAttribute:: %s\n" % base64.b64encode(a)
+ add_ldif += "dirsyncAttribute:: %s\n" % base64.b64encode(a).decode('utf8')
add_ldif += "dirsyncControl: %s\n" % self.dirsync_controls[0]
for a in self.password_attrs:
- add_ldif += "passwordAttribute:: %s\n" % base64.b64encode(a)
+ add_ldif += "passwordAttribute:: %s\n" % base64.b64encode(a).decode('utf8')
if self.decrypt_samba_gpg == True:
add_ldif += "decryptSambaGPG: TRUE\n"
else:
setup_add_ldif(secrets_ldb,
setup_path("secrets_simple_ldap.ldif"), {
"LDAPMANAGERDN": backend_credentials.get_bind_dn(),
- "LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password())
+ "LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
})
else:
setup_add_ldif(secrets_ldb,
setup_path("secrets_sasl_ldap.ldif"), {
"LDAPADMINUSER": backend_credentials.get_username(),
"LDAPADMINREALM": backend_credentials.get_realm(),
- "LDAPADMINPASS_B64": b64encode(backend_credentials.get_password())
+ "LDAPADMINPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
})
except:
secrets_ldb.transaction_cancel()
"INVOCATIONID": invocationid,
"NETBIOSNAME": names.netbiosname,
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
- "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
+ "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')).decode('utf8'),
"DOMAINSID": str(domainsid),
"DCRID": str(dc_rid),
"SAMBA_VERSION_STRING": version,
"INVOCATIONID": invocationid,
"NETBIOSNAME": names.netbiosname,
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
- "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
+ "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')).decode('utf8'),
"DOMAINSID": str(domainsid),
"DCRID": str(dc_rid),
"SAMBA_VERSION_STRING": version,
setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn,
- "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
+ "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')).decode('utf8'),
"HOSTNAME" : names.hostname,
"DNSNAME" : '%s.%s' % (
names.netbiosname.lower(), names.dnsdomain.lower())
else:
domainguid_line = ""
- descr = b64encode(get_domain_descriptor(names.domainsid))
+ descr = b64encode(get_domain_descriptor(names.domainsid)).decode('utf8')
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
"DOMAINSID": str(names.domainsid),
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
if fill == FILL_FULL:
logger.info("Adding configuration container")
- descr = b64encode(get_config_descriptor(names.domainsid))
+ descr = b64encode(get_config_descriptor(names.domainsid)).decode('utf8')
setup_add_ldif(samdb, setup_path("provision_configuration_basedn.ldif"), {
"CONFIGDN": names.configdn,
"DESCRIPTOR": descr,
if fill == FILL_FULL:
logger.info("Setting up sam.ldb configuration data")
- partitions_descr = b64encode(get_config_partitions_descriptor(names.domainsid))
- sites_descr = b64encode(get_config_sites_descriptor(names.domainsid))
- ntdsquotas_descr = b64encode(get_config_ntds_quotas_descriptor(names.domainsid))
- protected1_descr = b64encode(get_config_delete_protected1_descriptor(names.domainsid))
- protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(names.domainsid))
- protected2_descr = b64encode(get_config_delete_protected2_descriptor(names.domainsid))
+ partitions_descr = b64encode(get_config_partitions_descriptor(names.domainsid)).decode('utf8')
+ sites_descr = b64encode(get_config_sites_descriptor(names.domainsid)).decode('utf8')
+ ntdsquotas_descr = b64encode(get_config_ntds_quotas_descriptor(names.domainsid)).decode('utf8')
+ protected1_descr = b64encode(get_config_delete_protected1_descriptor(names.domainsid)).decode('utf8')
+ protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(names.domainsid)).decode('utf8')
+ protected2_descr = b64encode(get_config_delete_protected2_descriptor(names.domainsid)).decode('utf8')
if "2008" in schema.base_schema:
# exclude 2012-specific changes if we're using a 2008 schema
})
logger.info("Adding users container")
- users_desc = b64encode(get_domain_users_descriptor(names.domainsid))
+ users_desc = b64encode(get_domain_users_descriptor(names.domainsid)).decode('utf8')
setup_add_ldif(samdb, setup_path("provision_users_add.ldif"), {
"DOMAINDN": names.domaindn,
"USERS_DESCRIPTOR": users_desc
setup_modify_ldif(samdb, setup_path("provision_users_modify.ldif"), {
"DOMAINDN": names.domaindn})
logger.info("Adding computers container")
- computers_desc = b64encode(get_domain_computers_descriptor(names.domainsid))
+ computers_desc = b64encode(get_domain_computers_descriptor(names.domainsid)).decode('utf8')
setup_add_ldif(samdb, setup_path("provision_computers_add.ldif"), {
"DOMAINDN": names.domaindn,
"COMPUTERS_DESCRIPTOR": computers_desc
setup_path("provision_computers_modify.ldif"), {
"DOMAINDN": names.domaindn})
logger.info("Setting up sam.ldb data")
- infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(names.domainsid))
- lostandfound_desc = b64encode(get_domain_delete_protected2_descriptor(names.domainsid))
- system_desc = b64encode(get_domain_delete_protected1_descriptor(names.domainsid))
- builtin_desc = b64encode(get_domain_builtin_descriptor(names.domainsid))
- controllers_desc = b64encode(get_domain_controllers_descriptor(names.domainsid))
+ infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(names.domainsid)).decode('utf8')
+ lostandfound_desc = b64encode(get_domain_delete_protected2_descriptor(names.domainsid)).decode('utf8')
+ system_desc = b64encode(get_domain_delete_protected1_descriptor(names.domainsid)).decode('utf8')
+ builtin_desc = b64encode(get_domain_builtin_descriptor(names.domainsid)).decode('utf8')
+ controllers_desc = b64encode(get_domain_controllers_descriptor(names.domainsid)).decode('utf8')
setup_add_ldif(samdb, setup_path("provision.ldif"), {
"CREATTIME": str(samba.unix2nttime(int(time.time()))),
"DOMAINDN": names.domaindn,
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
if fill == FILL_FULL:
- managedservice_descr = b64encode(get_managed_service_accounts_descriptor(names.domainsid))
+ managedservice_descr = b64encode(get_managed_service_accounts_descriptor(names.domainsid)).decode('utf8')
setup_modify_ldif(samdb,
setup_path("provision_configuration_references.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn})
logger.info("Setting up well known security principals")
- protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(names.domainsid))
+ protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(names.domainsid)).decode('utf8')
setup_add_ldif(samdb, setup_path("provision_well_known_sec_princ.ldif"), {
"CONFIGDN": names.configdn,
"WELLKNOWNPRINCIPALS_DESCRIPTOR": protected1wd_descr,
setup_add_ldif(samdb, setup_path("provision_users.ldif"), {
"DOMAINDN": names.domaindn,
"DOMAINSID": str(names.domainsid),
- "ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
- "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
+ "ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')).decode('utf8'),
+ "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le')).decode('utf8')
}, controls=["relax:0", "provision:0"])
logger.info("Setting up self join")
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": domainzone_dn,
- "SECDESC" : b64encode(descriptor)
+ "SECDESC" : b64encode(descriptor).decode('utf8')
})
if fill_level != FILL_SUBDOMAIN:
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": forestzone_dn,
- "SECDESC" : b64encode(descriptor)
+ "SECDESC" : b64encode(descriptor).decode('utf8')
})
domainzone_guid = get_domainguid(samdb, domainzone_dn)
"ZONE_DNS": domainzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
- "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc),
- "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc),
+ "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
+ "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
"CONFIGDN": configdn,
"ZONE_DNS": forestzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
- "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc),
- "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc),
+ "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
+ "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
"CONFIGDN": configdn,
"REALM": realm,
"DNSDOMAIN": dnsdomain,
"DNS_KEYTAB": dns_keytab_path,
- "DNSPASS_B64": b64encode(dnspass.encode('utf-8')),
+ "DNSPASS_B64": b64encode(dnspass.encode('utf-8')).decode('utf8'),
"KEY_VERSION_NUMBER": str(key_version_number),
"HOSTNAME": names.hostname,
"DNSNAME" : '%s.%s' % (
dom_ldb.add(index_res[0])
domainguid_line = "objectGUID: %s\n-" % domainguid
- descr = b64encode(get_domain_descriptor(domainsid))
+ descr = b64encode(get_domain_descriptor(domainsid)).decode('utf8')
setup_add_ldif(dom_ldb, setup_path("provision_basedn.ldif"), {
"DOMAINDN" : names.domaindn,
"DOMAINGUID" : domainguid_line,