The branch, master has been updated via c76bd65... s4-samdb: Allow skipping global schema. via feeedf4... s4-provision: Proper handling of exceptions, use SamDB class but skip global schema. via 21ab06f... s4-python: Move samdb_ntds_objectGUID to pydsdb. via fe4b212... urgent_replication: Use standard comments rather than docstrings. from eebc66c... s3-spoolss: Added a winreg_getform1 function.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit c76bd65b608bed0810013b3a447a4a30fbed98bd Author: Jelmer Vernooij <jel...@samba.org> Date: Wed Apr 7 12:11:12 2010 +0200 s4-samdb: Allow skipping global schema. commit feeedf49cfc2edbfdfd0e5512904ea67f2daff11 Author: Jelmer Vernooij <jel...@samba.org> Date: Wed Apr 7 12:10:09 2010 +0200 s4-provision: Proper handling of exceptions, use SamDB class but skip global schema. commit 21ab06f8a233b38bee750250e455416ac0bef13e Author: Jelmer Vernooij <jel...@samba.org> Date: Sun Apr 4 03:30:03 2010 +0200 s4-python: Move samdb_ntds_objectGUID to pydsdb. commit fe4b212eba1d7645c8be98240a2630759050197d Author: Jelmer Vernooij <jel...@samba.org> Date: Sun Apr 4 03:08:05 2010 +0200 urgent_replication: Use standard comments rather than docstrings. ----------------------------------------------------------------------- Summary of changes: source4/dsdb/pydsdb.c | 148 ++++++++++++++++++++ source4/lib/ldb/tests/python/urgent_replication.py | 57 ++++---- source4/scripting/bin/samba_dnsupdate | 6 +- source4/scripting/bin/upgradeprovision | 3 +- source4/scripting/python/pyglue.c | 144 ------------------- source4/scripting/python/samba/__init__.py | 10 +- .../scripting/python/samba/netcmd/setpassword.py | 2 +- source4/scripting/python/samba/provision.py | 24 ++- source4/scripting/python/samba/samdb.py | 55 ++++++-- 9 files changed, 247 insertions(+), 202 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index ac9b93c..b18c127 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -21,6 +21,8 @@ #include "includes.h" #include "dsdb/samdb/samdb.h" #include "lib/ldb/pyldb.h" +#include "libcli/security/security.h" +#include "librpc/ndr/libndr.h" /* FIXME: These should be in a header file somewhere, once we finish moving * away from SWIG .. */ @@ -83,6 +85,138 @@ static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self, return ret; } +static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args) +{ + PyObject *py_ldb, *py_sid; + struct ldb_context *ldb; + struct dom_sid *sid; + bool ret; + + if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); + + ret = samdb_set_domain_sid(ldb, sid); + if (!ret) { + PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed"); + return NULL; + } + Py_RETURN_NONE; +} + +static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args) +{ + PyObject *py_ldb; + struct ldb_context *ldb; + const struct dom_sid *sid; + PyObject *ret; + char *retstr; + + if (!PyArg_ParseTuple(args, "O", &py_ldb)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + sid = samdb_domain_sid(ldb); + if (!sid) { + PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed"); + return NULL; + } + retstr = dom_sid_string(NULL, sid); + ret = PyString_FromString(retstr); + talloc_free(retstr); + return ret; +} + +static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args) +{ + PyObject *py_ldb, *result; + struct ldb_context *ldb; + TALLOC_CTX *mem_ctx; + const struct GUID *guid; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + if (!PyArg_ParseTuple(args, "O", &py_ldb)) { + talloc_free(mem_ctx); + return NULL; + } + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + guid = samdb_ntds_invocation_id(ldb); + if (guid == NULL) { + PyErr_SetString(PyExc_RuntimeError, + "Failed to find NTDS invocation ID"); + talloc_free(mem_ctx); + return NULL; + } + + result = PyString_FromString(GUID_string(mem_ctx, guid)); + talloc_free(mem_ctx); + return result; +} + +static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args) +{ + PyObject *py_ldb, *py_guid; + bool ret; + struct GUID guid; + struct ldb_context *ldb; + if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + GUID_from_string(PyString_AsString(py_guid), &guid); + + ret = samdb_set_ntds_invocation_id(ldb, &guid); + if (!ret) { + PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed"); + return NULL; + } + Py_RETURN_NONE; +} + +static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args) +{ + PyObject *py_ldb, *result; + struct ldb_context *ldb; + TALLOC_CTX *mem_ctx; + const struct GUID *guid; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + if (!PyArg_ParseTuple(args, "O", &py_ldb)) { + talloc_free(mem_ctx); + return NULL; + } + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + guid = samdb_ntds_objectGUID(ldb); + if (guid == NULL) { + PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID"); + talloc_free(mem_ctx); + return NULL; + } + + result = PyString_FromString(GUID_string(mem_ctx, guid)); + talloc_free(mem_ctx); + return result; +} + + static PyMethodDef py_dsdb_methods[] = { { "samdb_server_site_name", (PyCFunction)py_samdb_server_site_name, METH_VARARGS, "Get the server site name as a string"}, @@ -90,6 +224,20 @@ static PyMethodDef py_dsdb_methods[] = { (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS, "dsdb_convert_schema_to_openldap(ldb, target_str, mapping) -> str\n" "Create an OpenLDAP schema from a schema." }, + { "samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid, + METH_VARARGS, + "samdb_set_domain_sid(samdb, sid)\n" + "Set SID of domain to use." }, + { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, + METH_VARARGS, + "samdb_get_domain_sid(samdb)\n" + "Get SID of domain in use." }, + { "samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id, + METH_VARARGS, "get the NTDS invocation ID GUID as a string"}, + { "dsdb_set_ntds_invocation_id", (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS, + NULL }, + { "samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID, METH_VARARGS, + "get the NTDS objectGUID as a string"}, { NULL } }; diff --git a/source4/lib/ldb/tests/python/urgent_replication.py b/source4/lib/ldb/tests/python/urgent_replication.py index 86d6d65..41eae8d 100755 --- a/source4/lib/ldb/tests/python/urgent_replication.py +++ b/source4/lib/ldb/tests/python/urgent_replication.py @@ -1,6 +1,5 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -# This is a port of the original in testprogs/ejs/ldap.js import optparse import sys @@ -60,19 +59,19 @@ class UrgentReplicationTests(unittest.TestCase): print "baseDN: %s\n" % self.base_dn def test_nonurgent_object(self): - '''Test if the urgent replication is not activated - when handling a non urgent object''' + """Test if the urgent replication is not activated + when handling a non urgent object""" self.ldb.add({ "dn": "cn=nonurgenttest,cn=users," + self.base_dn, "objectclass":"user", "samaccountname":"nonurgenttest", "description":"nonurgenttest description"}); - ''' urgent replication should not be enabled when creating ''' + # urgent replication should not be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should not be enabled when modifying ''' + # urgent replication should not be enabled when modifying m = Message() m.dn = Dn(ldb, "cn=nonurgenttest,cn=users," + self.base_dn) m["description"] = MessageElement("new description", FLAG_MOD_REPLACE, @@ -81,7 +80,7 @@ class UrgentReplicationTests(unittest.TestCase): res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should not be enabled when deleting ''' + # urgent replication should not be enabled when deleting self.delete_force(self.ldb, "cn=nonurgenttest,cn=users," + self.base_dn) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); @@ -105,11 +104,11 @@ options: 1 instanceType: 4 systemFlags: 33554432""", ["relax:0"]); - ''' urgent replication should be enabled when creation ''' + # urgent replication should be enabled when creation res = glue.dsdb_load_partition_usn(self.ldb, "cn=Configuration," + self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should NOT be enabled when modifying ''' + # urgent replication should NOT be enabled when modifying m = Message() m.dn = Dn(ldb, "cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration," + self.base_dn) m["options"] = MessageElement("0", FLAG_MOD_REPLACE, @@ -118,7 +117,7 @@ systemFlags: 33554432""", ["relax:0"]); res = glue.dsdb_load_partition_usn(self.ldb, "cn=Configuration," + self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when deleting ''' + # urgent replication should be enabled when deleting self.delete_force(self.ldb, "cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration," + self.base_dn) res = glue.dsdb_load_partition_usn(self.ldb, "cn=Configuration," + self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); @@ -139,11 +138,11 @@ systemFlags: 33554432""", ["relax:0"]); "name": "test crossRef", "systemFlags": "1"}); - ''' urgent replication should be enabled when creating ''' + # urgent replication should be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, "cn=Configuration," + self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should NOT be enabled when modifying ''' + # urgent replication should NOT be enabled when modifying m = Message() m.dn = Dn(ldb, "cn=test crossRef,CN=Partitions,CN=Configuration," + self.base_dn) m["systemFlags"] = MessageElement("0", FLAG_MOD_REPLACE, @@ -153,7 +152,7 @@ systemFlags: 33554432""", ["relax:0"]); self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when deleting ''' + # urgent replication should be enabled when deleting self.delete_force(self.ldb, "cn=test crossRef,CN=Partitions,CN=Configuration," + self.base_dn) res = glue.dsdb_load_partition_usn(self.ldb, "cn=Configuration," + self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); @@ -183,14 +182,14 @@ lDAPDisplayName: test attributeSchema name: test attributeSchema systemFlags: 0""", ["relax:0"]); - ''' urgent replication should be enabled when creating ''' + # urgent replication should be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, "cn=Schema,cn=Configuration," + self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); except LdbError: print "Not testing urgent replication when creating attributeSchema object ...\n" - ''' urgent replication should be enabled when modifying ''' + # urgent replication should be enabled when modifying m = Message() m.dn = Dn(ldb, "CN=test attributeSchema,CN=Schema,CN=Configuration," + self.base_dn) m["lDAPDisplayName"] = MessageElement("updated test attributeSchema", FLAG_MOD_REPLACE, @@ -226,14 +225,14 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCD systemFlags: 16 defaultHidingValue: TRUE""", ["relax:0"]); - ''' urgent replication should be enabled when creating ''' + # urgent replication should be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, "cn=Schema,cn=Configuration," + self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); except LdbError: print "Not testing urgent replication when creating classSchema object ...\n" - ''' urgent replication should be enabled when modifying ''' + # urgent replication should be enabled when modifying m = Message() m.dn = Dn(ldb, "CN=test classSchema,CN=Schema,CN=Configuration," + self.base_dn) m["lDAPDisplayName"] = MessageElement("updated test classSchema", FLAG_MOD_REPLACE, @@ -244,7 +243,6 @@ defaultHidingValue: TRUE""", ["relax:0"]); def test_secret_object(self): - '''Test if the urgent replication is activated when handling a secret object''' @@ -256,11 +254,11 @@ defaultHidingValue: TRUE""", ["relax:0"]); "currentValue":"xxxxxxx"}); - ''' urgent replication should be enabled when creationg ''' + # urgent replication should be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when modifying ''' + # urgent replication should be enabled when modifying m = Message() m.dn = Dn(ldb, "cn=test secret,cn=System," + self.base_dn) m["currentValue"] = MessageElement("yyyyyyyy", FLAG_MOD_REPLACE, @@ -269,7 +267,7 @@ defaultHidingValue: TRUE""", ["relax:0"]); res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should NOT be enabled when deleting ''' + # urgent replication should NOT be enabled when deleting self.delete_force(self.ldb, "cn=test secret,cn=System," + self.base_dn) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); @@ -289,11 +287,11 @@ systemFlags: -1946157056 isCriticalSystemObject: TRUE rIDAvailablePool: 133001-1073741823""", ["relax:0"]) - ''' urgent replication should be enabled when creating ''' + # urgent replication should be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when modifying ''' + # urgent replication should be enabled when modifying m = Message() m.dn = Dn(ldb, "CN=RID Manager test,CN=System," + self.base_dn) m["systemFlags"] = MessageElement("0", FLAG_MOD_REPLACE, @@ -302,7 +300,7 @@ rIDAvailablePool: 133001-1073741823""", ["relax:0"]) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should NOT be enabled when deleting ''' + # urgent replication should NOT be enabled when deleting self.delete_force(self.ldb, "CN=RID Manager test,CN=System," + self.base_dn) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); @@ -321,11 +319,11 @@ rIDAvailablePool: 133001-1073741823""", ["relax:0"]) "pwdLastSet":"0", "description":"urgent attributes test description"}); - ''' urgent replication should NOT be enabled when creating ''' + # urgent replication should NOT be enabled when creating res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when modifying userAccountControl ''' + # urgent replication should be enabled when modifying userAccountControl m = Message() m.dn = Dn(ldb, "cn=user UrgAttr test,cn=users," + self.base_dn) m["userAccountControl"] = MessageElement("0", FLAG_MOD_REPLACE, @@ -334,7 +332,7 @@ rIDAvailablePool: 133001-1073741823""", ["relax:0"]) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when modifying lockoutTime ''' + # urgent replication should be enabled when modifying lockoutTime m = Message() m.dn = Dn(ldb, "cn=user UrgAttr test,cn=users," + self.base_dn) m["lockoutTime"] = MessageElement("1", FLAG_MOD_REPLACE, @@ -343,7 +341,7 @@ rIDAvailablePool: 133001-1073741823""", ["relax:0"]) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should be enabled when modifying pwdLastSet ''' + # urgent replication should be enabled when modifying pwdLastSet m = Message() m.dn = Dn(ldb, "cn=user UrgAttr test,cn=users," + self.base_dn) m["pwdLastSet"] = MessageElement("1", FLAG_MOD_REPLACE, @@ -352,7 +350,8 @@ rIDAvailablePool: 133001-1073741823""", ["relax:0"]) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should NOT be enabled when modifying a not-urgent attribute ''' + # urgent replication should NOT be enabled when modifying a not-urgent + # attribute m = Message() m.dn = Dn(ldb, "cn=user UrgAttr test,cn=users," + self.base_dn) m["description"] = MessageElement("updated urgent attributes test description", @@ -361,7 +360,7 @@ rIDAvailablePool: 133001-1073741823""", ["relax:0"]) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); - ''' urgent replication should NOT be enabled when deleting ''' + # urgent replication should NOT be enabled when deleting self.delete_force(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn) res = glue.dsdb_load_partition_usn(self.ldb, self.base_dn) self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"]); diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index b3956aa..73611c8 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -34,7 +34,6 @@ import samba import optparse from samba import getopt as options from ldb import SCOPE_BASE -from samba import glue from samba.auth import system_session from samba.samdb import SamDB @@ -69,7 +68,7 @@ if opts.all_interfaces: else: all_interfaces = False -IPs = glue.interface_ips(lp, all_interfaces) +IPs = samba.interface_ips(lp, all_interfaces) nsupdate_cmd = lp.get('nsupdate command') if len(IPs) == 0: @@ -200,7 +199,8 @@ def get_subst_vars(): global lp vars = {} - samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), lp=lp) + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), + lp=lp) vars['DNSDOMAIN'] = lp.get('realm').lower() vars['HOSTNAME'] = lp.get('netbios name').lower() + "." + vars['DNSDOMAIN'] diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 8f01bd3..234152b 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -39,7 +39,6 @@ from ldb import SCOPE_SUBTREE, SCOPE_BASE, \ FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE,\ MessageElement, Message, Dn from samba import param -from samba import glue from samba.misc import messageEltFlagToString from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct from samba.provisionexceptions import ProvisioningError @@ -845,7 +844,7 @@ def update_machine_account_password(paths, creds, session, names): assert(len(res) == 1) msg = Message(res[0].dn) - machinepass = glue.generate_random_password(128, 255) + machinepass = samba.generate_random_password(128, 255) msg["userPassword"] = MessageElement(machinepass, FLAG_MOD_REPLACE, "userPassword") sam_ldb.modify(msg) diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index 8639958..8d19b06 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -117,72 +117,6 @@ static PyObject *py_set_debug_level(PyObject *self, PyObject *args) Py_RETURN_NONE; } -static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args) -{ - PyObject *py_ldb, *py_sid; - struct ldb_context *ldb; - struct dom_sid *sid; - bool ret; - - if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid)) - return NULL; - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - - sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); - - ret = samdb_set_domain_sid(ldb, sid); - if (!ret) { - PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed"); - return NULL; - } - Py_RETURN_NONE; -} - -static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args) -{ - PyObject *py_ldb; - struct ldb_context *ldb; - const struct dom_sid *sid; - PyObject *ret; - char *retstr; - - if (!PyArg_ParseTuple(args, "O", &py_ldb)) - return NULL; - - PyErr_LDB_OR_RAISE(py_ldb, ldb); - - sid = samdb_domain_sid(ldb); - if (!sid) { - PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed"); -- Samba Shared Repository