[SCM] Samba Shared Repository - branch master updated
Jelmer Vernooij
jelmer at samba.org
Sat Nov 27 21:46:02 MST 2010
The branch, master has been updated
via 4cf85a7 s4-selftest: Ignore broken pipe error from grep.
via 7c65ab1 samba.provision: Fix setup_path.
via 8caac94 samba.provision: Add package with provision and backend modules.
via a7675bd s4-python: Fix formatting of docstrings for the purpose of pydoctor.
via 6fea636 Makefile: Add rule for pydoctor.
via ae48c62 samba.tests: Fix formatting.
from 092e923 s4-tests/bind.py: Use samba.tests.connect_samdb() instead of directly using SamDB class
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4cf85a719350942960d131adfd120eb649c5c861
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 28 04:58:52 2010 +0100
s4-selftest: Ignore broken pipe error from grep.
Autobuild-User: Jelmer Vernooij <jelmer at samba.org>
Autobuild-Date: Sun Nov 28 05:45:05 CET 2010 on sn-devel-104
commit 7c65ab12af355ca07c989cd3f1cdffba2a98362a
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 28 04:22:46 2010 +0100
samba.provision: Fix setup_path.
commit 8caac9462ac09b7ff99a7032329d0e56c2e0aac5
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 28 04:02:28 2010 +0100
samba.provision: Add package with provision and backend modules.
commit a7675bd5010641051096344bffb9ce569193a8fb
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 28 03:34:47 2010 +0100
s4-python: Fix formatting of docstrings for the purpose of pydoctor.
commit 6fea6368885a88f100def2aa230dfac1cb26b0d0
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 28 03:29:35 2010 +0100
Makefile: Add rule for pydoctor.
commit ae48c626c8587ee01553a0c49df9e32955ee4d3a
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 28 03:15:36 2010 +0100
samba.tests: Fix formatting.
-----------------------------------------------------------------------
Summary of changes:
source4/Makefile | 3 +
source4/scripting/python/samba/drs_utils.py | 80 ++--
.../samba/{provision.py => provision/__init__.py} | 490 ++++++++++----------
.../{provisionbackend.py => provision/backend.py} | 234 +++++-----
source4/scripting/python/samba/samdb.py | 109 +++--
source4/scripting/python/samba/schema.py | 30 +-
source4/scripting/python/samba/tests/__init__.py | 48 +-
source4/scripting/python/samba/tests/samdb.py | 21 +-
source4/scripting/python/samba/upgradehelpers.py | 58 ++-
source4/selftest/tests.py | 2 +-
source4/torture/drs/python/repl_schema.py | 10 +-
11 files changed, 559 insertions(+), 526 deletions(-)
rename source4/scripting/python/samba/{provision.py => provision/__init__.py} (82%)
rename source4/scripting/python/samba/{provisionbackend.py => provision/backend.py} (86%)
Changeset truncated at 500 lines:
diff --git a/source4/Makefile b/source4/Makefile
index b41b38c..838f0a9 100644
--- a/source4/Makefile
+++ b/source4/Makefile
@@ -63,3 +63,6 @@ ctags:
bin/%:: FORCE
$(WAF) --targets=`basename $@`
FORCE:
+
+pydoctor:
+ $(WAF) pydoctor
diff --git a/source4/scripting/python/samba/drs_utils.py b/source4/scripting/python/samba/drs_utils.py
index b5955b9..77f415e 100644
--- a/source4/scripting/python/samba/drs_utils.py
+++ b/source4/scripting/python/samba/drs_utils.py
@@ -29,38 +29,39 @@ def drs_DsBind(drs):
bind_info = drsuapi.DsBindInfoCtr()
bind_info.length = 28
bind_info.info = drsuapi.DsBindInfo28()
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
+ bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
(info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
return (handle, info.info.supported_extensions)
+
class drs_Replicate:
'''DRS replication calls'''
@@ -71,8 +72,6 @@ class drs_Replicate:
self.samdb = samdb
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
-
-
def drs_get_rodc_partial_attribute_set(self):
'''get a list of attributes for RODC replication'''
partial_attribute_set = drsuapi.DsPartialAttributeSet()
@@ -110,7 +109,6 @@ class drs_Replicate:
partial_attribute_set.num_attids = len(attids)
return partial_attribute_set
-
def replicate(self, dn, source_dsa_invocation_id, destination_dsa_guid,
schema=False, exop=drsuapi.DRSUAPI_EXOP_NONE, rodc=False,
replica_flags=None):
@@ -120,23 +118,23 @@ class drs_Replicate:
req8 = drsuapi.DsGetNCChangesRequest8()
req8.destination_dsa_guid = destination_dsa_guid
- req8.source_dsa_invocation_id = source_dsa_invocation_id
- req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
+ req8.source_dsa_invocation_id = source_dsa_invocation_id
+ req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = dn
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
- req8.highwatermark.reserved_usn = 0
- req8.highwatermark.highest_usn = 0
- req8.uptodateness_vector = None
+ req8.highwatermark.reserved_usn = 0
+ req8.highwatermark.highest_usn = 0
+ req8.uptodateness_vector = None
if replica_flags is not None:
req8.replica_flags = replica_flags
elif exop == drsuapi.DRSUAPI_EXOP_REPL_SECRET:
- req8.replica_flags = 0
+ req8.replica_flags = 0
else:
- req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
- drsuapi.DRSUAPI_DRS_PER_SYNC |
- drsuapi.DRSUAPI_DRS_GET_ANC |
- drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+ req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
+ drsuapi.DRSUAPI_DRS_PER_SYNC |
+ drsuapi.DRSUAPI_DRS_GET_ANC |
+ drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
if rodc:
req8.replica_flags |= drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
else:
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision/__init__.py
similarity index 82%
rename from source4/scripting/python/samba/provision.py
rename to source4/scripting/python/samba/provision/__init__.py
index b5f37b5..6b32a71 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -25,6 +25,8 @@
"""Functions for setting up a Samba configuration."""
+__docformat__ = "restructuredText"
+
from base64 import b64encode
import os
import re
@@ -62,7 +64,7 @@ from samba.idmap import IDmapDB
from samba.ms_display_specifiers import read_ms_ldif
from samba.ntacls import setntacl, dsacl2fsacl
from samba.ndr import ndr_pack,ndr_unpack
-from samba.provisionbackend import (
+from samba.provision.backend import (
ExistingBackend,
FDSBackend,
LDBBackend,
@@ -74,20 +76,22 @@ from samba.schema import Schema
from samba.samdb import SamDB
VALID_NETBIOS_CHARS = " !#$%&'()-.@^_{}~"
-__docformat__ = "restructuredText"
DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04fB984F9"
+DEFAULTSITE = "Default-First-Site-Name"
+LAST_PROVISION_USN_ATTRIBUTE = "lastProvisionUSN"
+
def find_setup_dir():
"""Find the setup directory used by provision."""
if in_source_tree():
# In source tree
dirname = os.path.dirname(__file__)
- return os.path.normpath(os.path.join(dirname, "../../../setup"))
+ return os.path.normpath(os.path.join(dirname, "../../../../setup"))
else:
import sys
for prefix in [sys.prefix,
- os.path.join(os.path.dirname(__file__), "../../../..")]:
+ os.path.join(os.path.dirname(__file__), "../../../../..")]:
for suffix in ["share/setup", "share/samba/setup", "setup"]:
ret = os.path.normpath(os.path.join(prefix, suffix))
if os.path.isdir(ret):
@@ -112,6 +116,7 @@ def get_sites_descriptor(domain_sid):
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
+
def get_config_descriptor(domain_sid):
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
@@ -131,6 +136,7 @@ def get_config_descriptor(domain_sid):
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
+
def get_domain_descriptor(domain_sid):
sddl= "O:BAG:BAD:AI(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \
"(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)" \
@@ -184,8 +190,6 @@ def get_domain_descriptor(domain_sid):
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
-DEFAULTSITE = "Default-First-Site-Name"
-LAST_PROVISION_USN_ATTRIBUTE = "lastProvisionUSN"
class ProvisionPaths(object):
@@ -241,7 +245,7 @@ def update_provision_usn(samdb, low, high, replace=False):
tab = []
if not replace:
- entry = samdb.search(expression="(&(dn=@PROVISION)(%s=*))" % \
+ entry = samdb.search(expression="(&(dn=@PROVISION)(%s=*))" %
LAST_PROVISION_USN_ATTRIBUTE, base="",
scope=ldb.SCOPE_SUBTREE,
attrs=[LAST_PROVISION_USN_ATTRIBUTE, "dn"])
@@ -252,8 +256,7 @@ def update_provision_usn(samdb, low, high, replace=False):
delta = ldb.Message()
delta.dn = ldb.Dn(samdb, "@PROVISION")
delta[LAST_PROVISION_USN_ATTRIBUTE] = ldb.MessageElement(tab,
- ldb.FLAG_MOD_REPLACE,
- LAST_PROVISION_USN_ATTRIBUTE)
+ ldb.FLAG_MOD_REPLACE, LAST_PROVISION_USN_ATTRIBUTE)
samdb.modify(delta)
@@ -272,8 +275,7 @@ def set_provision_usn(samdb, low, high):
delta = ldb.Message()
delta.dn = ldb.Dn(samdb, "@PROVISION")
delta[LAST_PROVISION_USN_ATTRIBUTE] = ldb.MessageElement(tab,
- ldb.FLAG_MOD_ADD,
- LAST_PROVISION_USN_ATTRIBUTE)
+ ldb.FLAG_MOD_ADD, LAST_PROVISION_USN_ATTRIBUTE)
samdb.add(delta)
@@ -292,14 +294,15 @@ def get_max_usn(samdb,basedn):
"paged_results:1:1"])
return res[0]["uSNChanged"]
+
def get_last_provision_usn(sam):
"""Get the lastest USN modified by a provision or an upgradeprovision
:param sam: An LDB object pointing to the sam.ldb
- :return an integer corresponding to the highest USN modified by
- (upgrade)provision, 0 is this value is unknown"""
-
- entry = sam.search(expression="(&(dn=@PROVISION)(%s=*))" % \
+ :return: an integer corresponding to the highest USN modified by
+ (upgrade)provision, 0 is this value is unknown
+ """
+ entry = sam.search(expression="(&(dn=@PROVISION)(%s=*))" %
LAST_PROVISION_USN_ATTRIBUTE,
base="", scope=ldb.SCOPE_SUBTREE,
attrs=[LAST_PROVISION_USN_ATTRIBUTE])
@@ -316,6 +319,7 @@ def get_last_provision_usn(sam):
else:
return None
+
class ProvisionResult(object):
def __init__(self):
@@ -384,7 +388,8 @@ def setup_modify_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
def setup_ldb(ldb, ldif_path, subst_vars):
- """Import a LDIF a file into a LDB handle, optionally substituting variables.
+ """Import a LDIF a file into a LDB handle, optionally substituting
+ variables.
:note: Either all LDIF data will be added or none (using transactions).
@@ -418,9 +423,12 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.keytab = "secrets.keytab"
paths.shareconf = os.path.join(paths.private_dir, "share.ldb")
- paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
- paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb")
- paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb")
+ paths.samdb = os.path.join(paths.private_dir,
+ lp.get("sam database") or "samdb.ldb")
+ paths.idmapdb = os.path.join(paths.private_dir,
+ lp.get("idmap database") or "idmap.ldb")
+ paths.secrets = os.path.join(paths.private_dir,
+ lp.get("secrets database") or "secrets.ldb")
paths.privilege = os.path.join(paths.private_dir, "privilege.ldb")
paths.dns = os.path.join(paths.private_dir, "dns", dnsdomain + ".zone")
paths.dns_update_list = os.path.join(paths.private_dir, "dns_update_list")
@@ -461,7 +469,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
for x in netbiosname:
if x.isalnum() or x in VALID_NETBIOS_CHARS:
newnbname = "%s%c" % (newnbname, x)
- #force the length to be <16
+ # force the length to be <16
netbiosname = newnbname[0:15]
assert netbiosname is not None
netbiosname = netbiosname.upper()
@@ -542,7 +550,8 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
names.netbiosname = netbiosname
names.hostname = hostname
names.sitename = sitename
- names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
+ names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (
+ netbiosname, sitename, configdn)
return names
@@ -658,7 +667,8 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid,
:param root_uid: uid of the UNIX root user.
:param nobody_uid: uid of the UNIX nobody user.
:param users_gid: gid of the UNIX users group.
- :param wheel_gid: gid of the UNIX wheel group."""
+ :param wheel_gid: gid of the UNIX wheel group.
+ """
idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid)
idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid)
@@ -733,7 +743,7 @@ def secretsdb_self_join(secretsdb, domain,
:param secretsdb: Ldb Handle to the secrets database
:param machinepass: Machine password
"""
- attrs=["whenChanged",
+ attrs = ["whenChanged",
"secret",
"priorSecret",
"priorChanged",
@@ -741,23 +751,24 @@ def secretsdb_self_join(secretsdb, domain,
"privateKeytab"]
if realm is not None:
- if dnsdomain is None:
- dnsdomain = realm.lower()
- dnsname = '%s.%s' % (netbiosname.lower(), dnsdomain.lower())
+ if dnsdomain is None:
+ dnsdomain = realm.lower()
+ dnsname = '%s.%s' % (netbiosname.lower(), dnsdomain.lower())
else:
- dnsname = None
+ dnsname = None
shortname = netbiosname.lower()
- #We don't need to set msg["flatname"] here, because rdn_name will handle it, and it causes problems for modifies anyway
+ # We don't need to set msg["flatname"] here, because rdn_name will handle
+ # it, and it causes problems for modifies anyway
msg = ldb.Message(ldb.Dn(secretsdb, "flatname=%s,cn=Primary Domains" % domain))
msg["secureChannelType"] = [str(secure_channel_type)]
msg["objectClass"] = ["top", "primaryDomain"]
if dnsname is not None:
- msg["objectClass"] = ["top", "primaryDomain", "kerberosSecret"]
- msg["realm"] = [realm]
- msg["saltPrincipal"] = ["host/%s@%s" % (dnsname, realm.upper())]
- msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
- msg["privateKeytab"] = ["secrets.keytab"]
+ msg["objectClass"] = ["top", "primaryDomain", "kerberosSecret"]
+ msg["realm"] = [realm]
+ msg["saltPrincipal"] = ["host/%s@%s" % (dnsname, realm.upper())]
+ msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
+ msg["privateKeytab"] = ["secrets.keytab"]
msg["secret"] = [machinepass]
msg["samAccountName"] = ["%s$" % netbiosname]
@@ -769,10 +780,9 @@ def secretsdb_self_join(secretsdb, domain,
# than one record for this SID, realm or netbios domain at a time,
# but we don't delete the old record that we are about to modify,
# because that would delete the keytab and previous password.
- res = secretsdb.search(base="cn=Primary Domains",
- attrs=attrs,
- expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
- scope=ldb.SCOPE_ONELEVEL)
+ res = secretsdb.search(base="cn=Primary Domains", attrs=attrs,
+ expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
+ scope=ldb.SCOPE_ONELEVEL)
for del_msg in res:
secretsdb.delete(del_msg.dn)
@@ -780,38 +790,37 @@ def secretsdb_self_join(secretsdb, domain,
res = secretsdb.search(base=msg.dn, attrs=attrs, scope=ldb.SCOPE_BASE)
if len(res) == 1:
- msg["priorSecret"] = [res[0]["secret"][0]]
- msg["priorWhenChanged"] = [res[0]["whenChanged"][0]]
+ msg["priorSecret"] = [res[0]["secret"][0]]
+ msg["priorWhenChanged"] = [res[0]["whenChanged"][0]]
- try:
- msg["privateKeytab"] = [res[0]["privateKeytab"][0]]
- except KeyError:
- pass
+ try:
+ msg["privateKeytab"] = [res[0]["privateKeytab"][0]]
+ except KeyError:
+ pass
- try:
- msg["krb5Keytab"] = [res[0]["krb5Keytab"][0]]
- except KeyError:
- pass
+ try:
+ msg["krb5Keytab"] = [res[0]["krb5Keytab"][0]]
+ except KeyError:
+ pass
- for el in msg:
- if el != 'dn':
- msg[el].set_flags(ldb.FLAG_MOD_REPLACE)
- secretsdb.modify(msg)
- secretsdb.rename(res[0].dn, msg.dn)
+ for el in msg:
+ if el != 'dn':
+ msg[el].set_flags(ldb.FLAG_MOD_REPLACE)
+ secretsdb.modify(msg)
+ secretsdb.rename(res[0].dn, msg.dn)
else:
- spn = [ 'HOST/%s' % shortname ]
- if secure_channel_type == SEC_CHAN_BDC and dnsname is not None:
- # we are a domain controller then we add servicePrincipalName entries
- # for the keytab code to update
- spn.extend([ 'HOST/%s' % dnsname ])
- msg["servicePrincipalName"] = spn
+ spn = [ 'HOST/%s' % shortname ]
+ if secure_channel_type == SEC_CHAN_BDC and dnsname is not None:
+ # we are a domain controller then we add servicePrincipalName
+ # entries for the keytab code to update.
+ spn.extend([ 'HOST/%s' % dnsname ])
+ msg["servicePrincipalName"] = spn
- secretsdb.add(msg)
+ secretsdb.add(msg)
-def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
- realm, dnsdomain,
- dns_keytab_path, dnspass):
+def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir, realm,
+ dnsdomain, dns_keytab_path, dnspass):
"""Add DNS specific bits to a secrets database.
:param secretsdb: Ldb Handle to the secrets database
@@ -829,7 +838,8 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
"DNS_KEYTAB": dns_keytab_path,
"DNSPASS_B64": b64encode(dnspass),
"HOSTNAME": names.hostname,
- "DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower())
+ "DNSNAME" : '%s.%s' % (
+ names.netbiosname.lower(), names.dnsdomain.lower())
})
@@ -837,7 +847,7 @@ def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp):
"""Setup the secrets database.
:note: This function does not handle exceptions and transaction on purpose,
- it's up to the caller to do this job.
+ it's up to the caller to do this job.
:param path: Path to the secrets database.
:param setup_path: Get the path to a setup file.
@@ -869,14 +879,17 @@ def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp):
try:
secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
- if backend_credentials is not None and backend_credentials.authentication_requested():
+ if (backend_credentials is not None and
+ backend_credentials.authentication_requested()):
if backend_credentials.get_bind_dn() is not None:
- setup_add_ldif(secrets_ldb, setup_path("secrets_simple_ldap.ldif"), {
+ setup_add_ldif(secrets_ldb,
+ setup_path("secrets_simple_ldap.ldif"), {
"LDAPMANAGERDN": backend_credentials.get_bind_dn(),
"LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password())
})
else:
- setup_add_ldif(secrets_ldb, setup_path("secrets_sasl_ldap.ldif"), {
+ setup_add_ldif(secrets_ldb,
+ setup_path("secrets_sasl_ldap.ldif"), {
"LDAPADMINUSER": backend_credentials.get_username(),
"LDAPADMINREALM": backend_credentials.get_realm(),
"LDAPADMINPASS_B64": b64encode(backend_credentials.get_password())
@@ -887,6 +900,7 @@ def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp):
secrets_ldb.transaction_cancel()
raise
+
def setup_privileges(path, setup_path, session_info, lp):
"""Setup the privileges database.
@@ -914,8 +928,7 @@ def setup_registry(path, setup_path, session_info, lp):
:param lp: Loadparm context
"""
reg = samba.registry.Registry()
- hive = samba.registry.open_ldb(path, session_info=session_info,
- lp_ctx=lp)
+ hive = samba.registry.open_ldb(path, session_info=session_info, lp_ctx=lp)
reg.mount_hive(hive, samba.registry.HKEY_LOCAL_MACHINE)
provision_reg = setup_path("provision.reg")
--
Samba Shared Repository
More information about the samba-cvs
mailing list