__docformat__ = "restructuredText"
from samba.compat import urllib_quote
+from samba.compat import string_types
+from samba.compat import binary_type
from base64 import b64encode
import errno
import os
import time
import uuid
import socket
-import string
import tempfile
import samba.dsdb
from samba.ntacls import setntacl, getntacl, dsacl2fsacl
from samba.ndr import ndr_pack, ndr_unpack
from samba.provision.backend import (
- ExistingBackend,
FDSBackend,
LDBBackend,
OpenLDAPBackend,
"configurationNamingContext", "rootDomainNamingContext",
"namingContexts"])
- names.configdn = current[0]["configurationNamingContext"][0]
- names.schemadn = current[0]["schemaNamingContext"][0]
+ names.configdn = str(current[0]["configurationNamingContext"][0])
+ names.schemadn = str(current[0]["schemaNamingContext"][0])
if not (ldb.Dn(samdb, basedn) == (ldb.Dn(samdb,
current[0]["defaultNamingContext"][0].decode('utf8')))):
raise ProvisioningError(("basedn in %s (%s) and from %s (%s)"
str(current[0]["defaultNamingContext"][0].decode('utf8')),
paths.smbconf, basedn)))
- names.domaindn = current[0]["defaultNamingContext"][0]
- names.rootdn = current[0]["rootDomainNamingContext"][0]
+ names.domaindn = str(current[0]["defaultNamingContext"][0])
+ names.rootdn = str(current[0]["rootDomainNamingContext"][0])
names.ncs = current[0]["namingContexts"]
names.dnsforestdn = None
names.dnsdomaindn = None
for i in range(0, len(names.ncs)):
- nc = names.ncs[i]
+ nc = str(names.ncs[i])
dnsforestdn = "DC=ForestDnsZones,%s" % (str(names.rootdn))
if nc == dnsforestdn:
# default site name
res3 = samdb.search(expression="(objectClass=site)",
- base="CN=Sites," + names.configdn, scope=ldb.SCOPE_ONELEVEL, attrs=["cn"])
+ base="CN=Sites," + str(names.configdn), scope=ldb.SCOPE_ONELEVEL, attrs=["cn"])
names.sitename = str(res3[0]["cn"])
# dns hostname and server dn
attrs=["xidNumber", "type"])
if len(res9) != 1:
raise ProvisioningError("Unable to find uid/gid for Domain Admins rid (%s-%s" % (str(names.domainsid), security.DOMAIN_RID_ADMINISTRATOR))
- if res9[0]["type"][0] == "ID_TYPE_BOTH":
- names.root_gid = res9[0]["xidNumber"][0]
+ if str(res9[0]["type"][0]) == "ID_TYPE_BOTH":
+ names.root_gid = int(res9[0]["xidNumber"][0])
else:
names.root_gid = pwd.getpwuid(int(res9[0]["xidNumber"][0])).pw_gid
scope=ldb.SCOPE_BASE,
attrs=[LAST_PROVISION_USN_ATTRIBUTE, "dn"])
for e in entry[0][LAST_PROVISION_USN_ATTRIBUTE]:
- if not re.search(';', e):
- e = "%s;%s" % (e, id)
+ if not re.search(';', str(e)):
+ e = "%s;%s" % (str(e), id)
tab.append(str(e))
tab.append("%s-%s;%s" % (low, high, id))
return findnss(grp.getgrnam, names)[2]
+def get_root_uid(root, logger):
+ try:
+ root_uid = findnss_uid(root)
+ except KeyError as e:
+ logger.info(e)
+ logger.info("Assuming root user has UID zero")
+ root_uid = 0
+ return root_uid
+
+
def provision_paths_from_lp(lp, dnsdomain):
"""Set the default paths for provisioning.
if dnsdomain is None:
dnsdomain = lp.get("realm")
if dnsdomain is None or dnsdomain == "":
- raise ProvisioningError("guess_names: 'realm' not specified in supplied %s!", lp.configfile)
+ raise ProvisioningError(
+ "guess_names: 'realm' not specified in supplied %s!" %
+ lp.configfile)
dnsdomain = dnsdomain.lower()
if backend_credentials.get_bind_dn() is not None:
setup_add_ldif(secrets_ldb,
setup_path("secrets_simple_ldap.ldif"), {
- "LDAPMANAGERDN": backend_credentials.get_bind_dn(),
- "LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
- })
+ "LDAPMANAGERDN": backend_credentials.get_bind_dn(),
+ "LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
+ })
else:
setup_add_ldif(secrets_ldb,
setup_path("secrets_sasl_ldap.ldif"), {
- "LDAPADMINUSER": backend_credentials.get_username(),
- "LDAPADMINREALM": backend_credentials.get_realm(),
- "LDAPADMINPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
- })
+ "LDAPADMINUSER": backend_credentials.get_username(),
+ "LDAPADMINREALM": backend_credentials.get_realm(),
+ "LDAPADMINPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
+ })
except:
secrets_ldb.transaction_cancel()
raise
finally:
os.umask(umask_original)
- with os.fdopen(fd, 'w') as f:
+ with os.fdopen(fd, 'wb') as f:
key = samba.generate_random_bytes(16)
f.write(key)
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
if ntdsguid is not None:
- ntdsguid_line = "objectGUID: %s\n" %ntdsguid
+ ntdsguid_line = "objectGUID: %s\n" % ntdsguid
else:
ntdsguid_line = ""
"DOMAIN_CONTROLLER_FUNCTIONALITY": str(
domainControllerFunctionality)})
- # Setup fSMORoleOwner entries to point at the newly created DC entry
+ # Setup fSMORoleOwner entries to point at the newly created DC entry
+ setup_modify_ldif(samdb,
+ setup_path("provision_self_join_modify_schema.ldif"), {
+ "SCHEMADN": names.schemadn,
+ "SERVERDN": names.serverdn,
+ },
+ controls=["provision:0", "relax:0"])
setup_modify_ldif(samdb,
setup_path("provision_self_join_modify_config.ldif"), {
- "CONFIGDN": names.configdn,
- "SCHEMADN": names.schemadn,
- "DEFAULTSITE": names.sitename,
- "NETBIOSNAME": names.netbiosname,
- "SERVERDN": names.serverdn,
- })
+ "CONFIGDN": names.configdn,
+ "DEFAULTSITE": names.sitename,
+ "NETBIOSNAME": names.netbiosname,
+ "SERVERDN": names.serverdn,
+ })
system_session_info = system_session()
samdb.set_session_info(system_session_info)
# The LDIF here was created when the Schema object was constructed
ignore_checks_oid = "local_oid:%s:0" % samba.dsdb.DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID
+ schema_controls = [
+ "provision:0",
+ "relax:0",
+ ignore_checks_oid
+ ]
+
logger.info("Setting up sam.ldb schema")
- samdb.add_ldif(schema.schema_dn_add,
- controls=["relax:0", ignore_checks_oid])
- samdb.modify_ldif(schema.schema_dn_modify,
- controls=[ignore_checks_oid])
+ samdb.add_ldif(schema.schema_dn_add, controls=schema_controls)
+ samdb.modify_ldif(schema.schema_dn_modify, controls=schema_controls)
samdb.write_prefixes_from_schema()
- samdb.add_ldif(schema.schema_data, controls=["relax:0", ignore_checks_oid])
+ samdb.add_ldif(schema.schema_data, controls=schema_controls)
setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
{"SCHEMADN": names.schemadn},
- controls=["relax:0", ignore_checks_oid])
+ controls=schema_controls)
# Now register this container in the root of the forest
msg = ldb.Message(ldb.Dn(samdb, names.domaindn))
setup_add_ldif(samdb, setup_path("extended-rights.ldif"), {
"CONFIGDN": names.configdn,
- "INC2012" : incl_2012,
+ "INC2012": incl_2012,
})
logger.info("Setting up display specifiers")
logger.info("Modifying display specifiers and extended rights")
setup_modify_ldif(samdb,
setup_path("provision_configuration_modify.ldif"), {
- "CONFIGDN": names.configdn,
- "DISPLAYSPECIFIERS_DESCRIPTOR": protected2_descr
- })
+ "CONFIGDN": names.configdn,
+ "DISPLAYSPECIFIERS_DESCRIPTOR": protected2_descr
+ })
logger.info("Adding users container")
users_desc = b64encode(get_domain_users_descriptor(names.domainsid)).decode('utf8')
logger.info("Modifying computers container")
setup_modify_ldif(samdb,
setup_path("provision_computers_modify.ldif"), {
- "DOMAINDN": names.domaindn})
+ "DOMAINDN": names.domaindn})
logger.info("Setting up sam.ldb data")
infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(names.domainsid)).decode('utf8')
lostandfound_desc = b64encode(get_domain_delete_protected2_descriptor(names.domainsid)).decode('utf8')
ntds_dn = "CN=NTDS Settings,%s" % names.serverdn
names.ntdsguid = samdb.searchone(basedn=ntds_dn,
- attribute="objectGUID", expression="", scope=ldb.SCOPE_BASE)
- assert isinstance(names.ntdsguid, str)
+ attribute="objectGUID", expression="", scope=ldb.SCOPE_BASE).decode('utf8')
+ assert isinstance(names.ntdsguid, string_types)
return samdb
for policy in res:
acl = ndr_unpack(security.descriptor,
- str(policy["nTSecurityDescriptor"])).as_sddl()
+ policy["nTSecurityDescriptor"][0]).as_sddl()
policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
str(domainsid), use_ntvfs,
fsacl = getntacl(lp, os.path.join(root, name),
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
if fsacl is None:
- raise ProvisioningError('%s ACL on GPO file %s %s not found!' % (acl_type(direct_db_access), os.path.join(root, name)))
+ raise ProvisioningError('%s ACL on GPO file %s not found!' %
+ (acl_type(direct_db_access),
+ os.path.join(root, name)))
fsacl_sddl = fsacl.as_sddl(domainsid)
if fsacl_sddl != acl:
raise ProvisioningError('%s ACL on GPO file %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
fsacl = getntacl(lp, os.path.join(root, name),
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
if fsacl is None:
- raise ProvisioningError('%s ACL on GPO directory %s %s not found!' % (acl_type(direct_db_access), os.path.join(root, name)))
+ raise ProvisioningError('%s ACL on GPO directory %s not found!'
+ % (acl_type(direct_db_access),
+ os.path.join(root, name)))
fsacl_sddl = fsacl.as_sddl(domainsid)
if fsacl_sddl != acl:
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
for policy in res:
acl = ndr_unpack(security.descriptor,
- str(policy["nTSecurityDescriptor"])).as_sddl()
+ policy["nTSecurityDescriptor"][0]).as_sddl()
policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
domainsid, direct_db_access)
direct_db_access)
-def interface_ips_v4(lp):
+def interface_ips_v4(lp, all_interfaces=False):
"""return only IPv4 IPs"""
- ips = samba.interface_ips(lp, False)
+ ips = samba.interface_ips(lp, all_interfaces)
ret = []
for i in ips:
if i.find(':') == -1:
backend_store=backend_store)
domainguid = samdb.searchone(basedn=samdb.get_default_basedn(),
- attribute="objectGUID")
- assert isinstance(domainguid, str)
+ attribute="objectGUID").decode('utf8')
+ assert isinstance(domainguid, string_types)
lastProvisionUSNs = get_last_provision_usn(samdb)
maxUSN = get_max_usn(samdb, str(names.rootdn))
if domainsid is None:
domainsid = security.random_sid()
- root_uid = findnss_uid([root or "root"])
+ root_uid = get_root_uid([root or "root"], logger)
nobody_uid = findnss_uid([nobody or "nobody"])
users_gid = findnss_gid([users or "users", 'users', 'other', 'staff'])
root_gid = pwd.getpwuid(root_uid).pw_gid
paths = provision_paths_from_lp(lp, names.dnsdomain)
paths.bind_gid = bind_gid
- paths.root_uid = root_uid;
+ paths.root_uid = root_uid
paths.root_gid = root_gid
hostip = determine_host_ip(logger, lp, hostip)
provision_backend = LDBBackend(backend_type, paths=paths,
lp=lp,
names=names, logger=logger)
- elif backend_type == "existing":
- # If support for this is ever added back, then the URI will need to be
- # specified again
- provision_backend = ExistingBackend(backend_type, paths=paths,
- lp=lp,
- names=names, logger=logger,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
lp=lp,
adminpass = samba.generate_random_password(12, 32)
adminpass_generated = True
else:
- adminpass = unicode(adminpass, 'utf-8')
+ if isinstance(adminpass, binary_type):
+ adminpass = adminpass.decode('utf-8')
adminpass_generated = False
if samdb_fill == FILL_FULL:
git.samba.org / metze / samba / wip.git / blobdiff