[PATCH] Saving work on SAMR/Kerberos binding

Zahari Zahariev zahari.zahariev at postpath.com
Mon Aug 3 08:00:42 MDT 2009 

---
 source4/lib/ldb/tests/python/samr-test.py |   94 +++++++++++++++++++++++++++++
 source4/libnet/py_net.c                   |   70 ++++++++++++++++++++--
 2 files changed, 159 insertions(+), 5 deletions(-)
 create mode 100755 source4/lib/ldb/tests/python/samr-test.py

diff --git a/source4/lib/ldb/tests/python/samr-test.py b/source4/lib/ldb/tests/python/samr-test.py
new file mode 100755
index 0000000..8ba46ff
--- /dev/null
+++ b/source4/lib/ldb/tests/python/samr-test.py
@@ -0,0 +1,94 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# This is unit with PPD tests
+
+import getopt
+import optparse
+import sys
+import os
+import base64
+import re
+
+sys.path.append("bin/python")
+sys.path.append("../lib/subunit/python")
+
+import samba.getopt as options
+
+# Some error messages that are being tested
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+from ldb import ERR_NO_SUCH_OBJECT, ERR_INVALID_DN_SYNTAX, ERR_UNWILLING_TO_PERFORM
+from ldb import ERR_INSUFFICIENT_ACCESS_RIGHTS
+
+# For running the test unit
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security
+
+from samba.auth import system_session
+from samba import Ldb
+from samba import net
+from subunit import SubunitTestRunner
+import unittest
+
+parser = optparse.OptionParser("ldap [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+#
+# Tests start here
+#
+
+class SamrTests(unittest.TestCase):
+
+    def delete_force(self, ldb, dn):
+        try:
+            ldb.delete(dn)
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+
+    def find_basedn(self, ldb):
+        res = ldb.search(base="", expression="", scope=SCOPE_BASE,
+                         attrs=["defaultNamingContext"])
+        self.assertEquals(len(res), 1)
+        return res[0]["defaultNamingContext"][0]
+
+    def setUp(self):
+        self.ldb_admin = ldb
+        self.base_dn = self.find_basedn(self.ldb_admin)
+        print "baseDN: %s" % self.base_dn
+
+    ########################################################################################
+
+    def test_samr(self):
+        print dir(net)
+        net.ChangePassword(account_name="Administrator", domain_name="ZAHARI", oldpassword="old123@", \
+                newpassword="new123@", level=1, credentials=creds)
+
+    ########################################################################################
+
+# Important unit running information
+
+if not "://" in host:
+    host = "ldap://%s" % host
+ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
+
+runner = SubunitTestRunner()
+rc = 0
+if not runner.run(unittest.makeSuite(SamrTests)).wasSuccessful():
+    rc = 1
+
+sys.exit(rc)
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index 5136fc5..1b9e8a0 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -1,18 +1,18 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    Samba utility functions
    Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2008
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -77,7 +77,7 @@ static PyObject *py_net_join(PyObject *cls, PyObject *args, PyObject *kwargs)
 		return NULL;
 	}
 
-	result = Py_BuildValue("sss", r.out.join_password, 
+	result = Py_BuildValue("sss", r.out.join_password,
 			       dom_sid_string(mem_ctx, r.out.domain_sid),
 			       r.out.domain_name);
 
@@ -89,11 +89,70 @@ static PyObject *py_net_join(PyObject *cls, PyObject *args, PyObject *kwargs)
 	return result;
 }
 
+static PyObject *py_net_change_password(PyObject *cls, PyObject *args, PyObject *kwargs)
+{
+	union libnet_ChangePassword r;
+	NTSTATUS status;
+	PyObject *result;
+	PyObject *py_creds;	
+	TALLOC_CTX *mem_ctx;
+	struct tevent_context *ev;
+	struct libnet_context *libnet_ctx;
+	struct cli_credentials *creds;
+	const char *kwnames[] = { "account_name", "domain_name", "oldpassword", "newpassword", 
+                              "level", "credentials", NULL };
+
+	// r.generic.level			= LIBNET_CHANGE_PASSWORD_GENERIC;
+	// r.generic.in.account_name	= cli_credentials_get_username(ctx->credentials);
+	// r.generic.in.domain_name	= cli_credentials_get_domain(ctx->credentials);
+	// r.generic.in.oldpassword	= cli_credentials_get_password(ctx->credentials);
+	// r.generic.in.newpassword	= new_password;
+
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssssiO:ChangePassword", discard_const_p(char *, kwnames),
+					 &r.generic.in.account_name, &r.generic.in.domain_name, &r.generic.in.oldpassword,
+					 &r.generic.in.newpassword, &r.generic.level, &py_creds))
+		return NULL;
+
+	// FIXME: we really need to get a context from the caller or we may end
+	// up with 2 event contexts
+	ev = s4_event_context_init(NULL);
+	mem_ctx = talloc_new(ev);
+
+	creds = cli_credentials_from_py_object(py_creds);
+	if (creds == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected credentials object");
+		return NULL;
+	}
+	
+	libnet_ctx = py_net_ctx(cls, ev, creds);
+
+	status = libnet_ChangePassword(libnet_ctx, mem_ctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetString(PyExc_RuntimeError, r.generic.out.error_string);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+    result = Py_BuildValue("s", r.generic.out.error_string);
+
+	talloc_free(mem_ctx);
+
+	if (result == NULL)
+		return NULL;
+
+	return result;
+}
+
 static char py_net_join_doc[] = "join(domain_name, netbios_name, join_type, level) -> (join_password, domain_sid, domain_name)\n\n" \
 "Join the domain with the specified name.";
 
+static char py_net_change_password_doc[] = "ChangePassword(account_name, domain_name, oldpassword, newpassword, level) -> (error_string)\n\n" \
+"Change password even with non-Administrator account.";
+
 static struct PyMethodDef net_methods[] = {
 	{"Join", (PyCFunction)py_net_join, METH_VARARGS|METH_KEYWORDS, py_net_join_doc},
+	{"ChangePassword", (PyCFunction)py_net_change_password, METH_VARARGS|METH_KEYWORDS, py_net_change_password_doc},
 	{NULL }
 };
 
@@ -101,3 +160,4 @@ void initnet(void)
 {
 	Py_InitModule("net", net_methods);
 }
+
-- 
1.5.6.3


--------------030509060707060400060802--

More information about the samba-technical mailing list