[PATCH] Saving work on SAMR/Kerberos binding
Zahari Zahariev
zahari.zahariev at postpath.com
Mon Aug 3 08:00:42 MDT 2009
---
source4/lib/ldb/tests/python/samr-test.py | 94 +++++++++++++++++++++++++++++
source4/libnet/py_net.c | 70 ++++++++++++++++++++--
2 files changed, 159 insertions(+), 5 deletions(-)
create mode 100755 source4/lib/ldb/tests/python/samr-test.py
diff --git a/source4/lib/ldb/tests/python/samr-test.py b/source4/lib/ldb/tests/python/samr-test.py
new file mode 100755
index 0000000..8ba46ff
--- /dev/null
+++ b/source4/lib/ldb/tests/python/samr-test.py
@@ -0,0 +1,94 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# This is unit with PPD tests
+
+import getopt
+import optparse
+import sys
+import os
+import base64
+import re
+
+sys.path.append("bin/python")
+sys.path.append("../lib/subunit/python")
+
+import samba.getopt as options
+
+# Some error messages that are being tested
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+from ldb import ERR_NO_SUCH_OBJECT, ERR_INVALID_DN_SYNTAX, ERR_UNWILLING_TO_PERFORM
+from ldb import ERR_INSUFFICIENT_ACCESS_RIGHTS
+
+# For running the test unit
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security
+
+from samba.auth import system_session
+from samba import Ldb
+from samba import net
+from subunit import SubunitTestRunner
+import unittest
+
+parser = optparse.OptionParser("ldap [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+ parser.print_usage()
+ sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+#
+# Tests start here
+#
+
+class SamrTests(unittest.TestCase):
+
+ def delete_force(self, ldb, dn):
+ try:
+ ldb.delete(dn)
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+
+ def find_basedn(self, ldb):
+ res = ldb.search(base="", expression="", scope=SCOPE_BASE,
+ attrs=["defaultNamingContext"])
+ self.assertEquals(len(res), 1)
+ return res[0]["defaultNamingContext"][0]
+
+ def setUp(self):
+ self.ldb_admin = ldb
+ self.base_dn = self.find_basedn(self.ldb_admin)
+ print "baseDN: %s" % self.base_dn
+
+ ########################################################################################
+
+ def test_samr(self):
+ print dir(net)
+ net.ChangePassword(account_name="Administrator", domain_name="ZAHARI", oldpassword="old123@", \
+ newpassword="new123@", level=1, credentials=creds)
+
+ ########################################################################################
+
+# Important unit running information
+
+if not "://" in host:
+ host = "ldap://%s" % host
+ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
+
+runner = SubunitTestRunner()
+rc = 0
+if not runner.run(unittest.makeSuite(SamrTests)).wasSuccessful():
+ rc = 1
+
+sys.exit(rc)
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index 5136fc5..1b9e8a0 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -1,18 +1,18 @@
-/*
+/*
Unix SMB/CIFS implementation.
Samba utility functions
Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2008
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -77,7 +77,7 @@ static PyObject *py_net_join(PyObject *cls, PyObject *args, PyObject *kwargs)
return NULL;
}
- result = Py_BuildValue("sss", r.out.join_password,
+ result = Py_BuildValue("sss", r.out.join_password,
dom_sid_string(mem_ctx, r.out.domain_sid),
r.out.domain_name);
@@ -89,11 +89,70 @@ static PyObject *py_net_join(PyObject *cls, PyObject *args, PyObject *kwargs)
return result;
}
+static PyObject *py_net_change_password(PyObject *cls, PyObject *args, PyObject *kwargs)
+{
+ union libnet_ChangePassword r;
+ NTSTATUS status;
+ PyObject *result;
+ PyObject *py_creds;
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *ev;
+ struct libnet_context *libnet_ctx;
+ struct cli_credentials *creds;
+ const char *kwnames[] = { "account_name", "domain_name", "oldpassword", "newpassword",
+ "level", "credentials", NULL };
+
+ // r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
+ // r.generic.in.account_name = cli_credentials_get_username(ctx->credentials);
+ // r.generic.in.domain_name = cli_credentials_get_domain(ctx->credentials);
+ // r.generic.in.oldpassword = cli_credentials_get_password(ctx->credentials);
+ // r.generic.in.newpassword = new_password;
+
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssssiO:ChangePassword", discard_const_p(char *, kwnames),
+ &r.generic.in.account_name, &r.generic.in.domain_name, &r.generic.in.oldpassword,
+ &r.generic.in.newpassword, &r.generic.level, &py_creds))
+ return NULL;
+
+ // FIXME: we really need to get a context from the caller or we may end
+ // up with 2 event contexts
+ ev = s4_event_context_init(NULL);
+ mem_ctx = talloc_new(ev);
+
+ creds = cli_credentials_from_py_object(py_creds);
+ if (creds == NULL) {
+ PyErr_SetString(PyExc_TypeError, "Expected credentials object");
+ return NULL;
+ }
+
+ libnet_ctx = py_net_ctx(cls, ev, creds);
+
+ status = libnet_ChangePassword(libnet_ctx, mem_ctx, &r);
+ if (NT_STATUS_IS_ERR(status)) {
+ PyErr_SetString(PyExc_RuntimeError, r.generic.out.error_string);
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ result = Py_BuildValue("s", r.generic.out.error_string);
+
+ talloc_free(mem_ctx);
+
+ if (result == NULL)
+ return NULL;
+
+ return result;
+}
+
static char py_net_join_doc[] = "join(domain_name, netbios_name, join_type, level) -> (join_password, domain_sid, domain_name)\n\n" \
"Join the domain with the specified name.";
+static char py_net_change_password_doc[] = "ChangePassword(account_name, domain_name, oldpassword, newpassword, level) -> (error_string)\n\n" \
+"Change password even with non-Administrator account.";
+
static struct PyMethodDef net_methods[] = {
{"Join", (PyCFunction)py_net_join, METH_VARARGS|METH_KEYWORDS, py_net_join_doc},
+ {"ChangePassword", (PyCFunction)py_net_change_password, METH_VARARGS|METH_KEYWORDS, py_net_change_password_doc},
{NULL }
};
@@ -101,3 +160,4 @@ void initnet(void)
{
Py_InitModule("net", net_methods);
}
+
--
1.5.6.3
--------------030509060707060400060802--
More information about the samba-technical
mailing list