from samba.netcmd.domain_backup import cmd_domain_backup
string_version_to_constant = {
- "2008_R2" : DS_DOMAIN_FUNCTION_2008_R2,
+ "2008_R2": DS_DOMAIN_FUNCTION_2008_R2,
"2012": DS_DOMAIN_FUNCTION_2012,
"2012_R2": DS_DOMAIN_FUNCTION_2012_R2,
}
p = subprocess.Popen([testparm, '-s', '-l',
'--parameter-name=%s' % varname, smbconf],
stdout=subprocess.PIPE, stderr=errfile)
- (out,err) = p.communicate()
+ (out, err) = p.communicate()
errfile.close()
lines = out.split('\n')
if lines:
]
ntvfs_options = [
- Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
+ Option("--use-xattrs", type="choice", choices=["yes", "no", "auto"],
metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for "
"storing attributes likes ntacl when --use-ntvfs is set. "
def _get_nameserver_ip(self):
"""Grab the nameserver IP address from /etc/resolv.conf."""
from os import path
- RESOLV_CONF="/etc/resolv.conf"
+ RESOLV_CONF = "/etc/resolv.conf"
if not path.isfile(RESOLV_CONF):
self.logger.warning("Failed to locate %s" % RESOLV_CONF)
olduac = uac
- uac &= ~(UF_SERVER_TRUST_ACCOUNT|UF_TRUSTED_FOR_DELEGATION|UF_PARTIAL_SECRETS_ACCOUNT)
+ uac &= ~(UF_SERVER_TRUST_ACCOUNT |UF_TRUSTED_FOR_DELEGATION |UF_PARTIAL_SECRETS_ACCOUNT)
uac |= UF_WORKSTATION_TRUST_ACCOUNT
msg = ldb.Message()
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
+ Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
Option("--forest-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
help="The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)"),
Option("--domain-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
# Directly on the base DN
m = ldb.Message()
m.dn = ldb.Dn(samdb, domain_dn)
- m["msDS-Behavior-Version"]= ldb.MessageElement(
+ m["msDS-Behavior-Version"] = ldb.MessageElement(
str(new_level_domain), ldb.FLAG_MOD_REPLACE,
"msDS-Behavior-Version")
samdb.modify(m)
m = ldb.Message()
m.dn = ldb.Dn(samdb, "CN=" + lp.get("workgroup")
+ ",CN=Partitions,%s" % samdb.get_config_basedn())
- m["msDS-Behavior-Version"]= ldb.MessageElement(
+ m["msDS-Behavior-Version"] = ldb.MessageElement(
str(new_level_domain), ldb.FLAG_MOD_REPLACE,
"msDS-Behavior-Version")
try:
m = ldb.Message()
m.dn = ldb.Dn(samdb, "CN=Partitions,%s" % samdb.get_config_basedn())
- m["msDS-Behavior-Version"]= ldb.MessageElement(
+ m["msDS-Behavior-Version"] = ldb.MessageElement(
str(new_level_forest), ldb.FLAG_MOD_REPLACE,
"msDS-Behavior-Version")
samdb.modify(m)
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
- Option("--complexity", type="choice", choices=["on","off","default"],
+ Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
+ Option("--complexity", type="choice", choices=["on", "off", "default"],
help="The password complexity (on | off | default). Default is 'on'"),
- Option("--store-plaintext", type="choice", choices=["on","off","default"],
+ Option("--store-plaintext", type="choice", choices=["on", "off", "default"],
help="Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off'"),
Option("--history-length",
help="The password history length (<integer> | default). Default is 24.", type=str),
]
ntvfs_options = [
- Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
+ Option("--use-xattrs", type="choice", choices=["yes", "no", "auto"],
metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for "
"storing attributes likes ntacl when --use-ntvfs is set. "
server_type_string))
self.remote_server = remote_info.pdc_dns_name
- self.remote_binding_string="ncacn_np:%s[%s]" % (self.remote_server, remote_binding_options)
+ self.remote_binding_string = "ncacn_np:%s[%s]" % (self.remote_server, remote_binding_options)
self.remote_creds = remote_creds
return self.remote_server
def trustType_string(self, v):
types = {
- lsa.LSA_TRUST_TYPE_DOWNLEVEL : "DOWNLEVEL",
- lsa.LSA_TRUST_TYPE_UPLEVEL : "UPLEVEL",
- lsa.LSA_TRUST_TYPE_MIT : "MIT",
- lsa.LSA_TRUST_TYPE_DCE : "DCE",
+ lsa.LSA_TRUST_TYPE_DOWNLEVEL: "DOWNLEVEL",
+ lsa.LSA_TRUST_TYPE_UPLEVEL: "UPLEVEL",
+ lsa.LSA_TRUST_TYPE_MIT: "MIT",
+ lsa.LSA_TRUST_TYPE_DCE: "DCE",
}
return self.generic_enum_to_string(types, v)
def trustDirection_string(self, v):
directions = {
lsa.LSA_TRUST_DIRECTION_INBOUND |
- lsa.LSA_TRUST_DIRECTION_OUTBOUND : "BOTH",
- lsa.LSA_TRUST_DIRECTION_INBOUND : "INBOUND",
- lsa.LSA_TRUST_DIRECTION_OUTBOUND : "OUTBOUND",
+ lsa.LSA_TRUST_DIRECTION_OUTBOUND: "BOTH",
+ lsa.LSA_TRUST_DIRECTION_INBOUND: "INBOUND",
+ lsa.LSA_TRUST_DIRECTION_OUTBOUND: "OUTBOUND",
}
return self.generic_enum_to_string(directions, v)
def trustAttributes_string(self, v):
attributes = {
- lsa.LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE : "NON_TRANSITIVE",
- lsa.LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY : "UPLEVEL_ONLY",
- lsa.LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN : "QUARANTINED_DOMAIN",
- lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE : "FOREST_TRANSITIVE",
- lsa.LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION : "CROSS_ORGANIZATION",
- lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST : "WITHIN_FOREST",
- lsa.LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL : "TREAT_AS_EXTERNAL",
- lsa.LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION : "USES_RC4_ENCRYPTION",
+ lsa.LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE: "NON_TRANSITIVE",
+ lsa.LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY: "UPLEVEL_ONLY",
+ lsa.LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: "QUARANTINED_DOMAIN",
+ lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE: "FOREST_TRANSITIVE",
+ lsa.LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION: "CROSS_ORGANIZATION",
+ lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST: "WITHIN_FOREST",
+ lsa.LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: "TREAT_AS_EXTERNAL",
+ lsa.LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION: "USES_RC4_ENCRYPTION",
}
return self.generic_bitmap_to_string(attributes, v)
def kerb_EncTypes_string(self, v):
enctypes = {
- security.KERB_ENCTYPE_DES_CBC_CRC : "DES_CBC_CRC",
- security.KERB_ENCTYPE_DES_CBC_MD5 : "DES_CBC_MD5",
- security.KERB_ENCTYPE_RC4_HMAC_MD5 : "RC4_HMAC_MD5",
- security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 : "AES128_CTS_HMAC_SHA1_96",
- security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 : "AES256_CTS_HMAC_SHA1_96",
- security.KERB_ENCTYPE_FAST_SUPPORTED : "FAST_SUPPORTED",
- security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED : "COMPOUND_IDENTITY_SUPPORTED",
- security.KERB_ENCTYPE_CLAIMS_SUPPORTED : "CLAIMS_SUPPORTED",
- security.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED : "RESOURCE_SID_COMPRESSION_DISABLED",
+ security.KERB_ENCTYPE_DES_CBC_CRC: "DES_CBC_CRC",
+ security.KERB_ENCTYPE_DES_CBC_MD5: "DES_CBC_MD5",
+ security.KERB_ENCTYPE_RC4_HMAC_MD5: "RC4_HMAC_MD5",
+ security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96: "AES128_CTS_HMAC_SHA1_96",
+ security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96: "AES256_CTS_HMAC_SHA1_96",
+ security.KERB_ENCTYPE_FAST_SUPPORTED: "FAST_SUPPORTED",
+ security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED: "COMPOUND_IDENTITY_SUPPORTED",
+ security.KERB_ENCTYPE_CLAIMS_SUPPORTED: "CLAIMS_SUPPORTED",
+ security.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED: "RESOURCE_SID_COMPRESSION_DISABLED",
}
return self.generic_bitmap_to_string(enctypes, v)
return "Status[Enabled]"
flags = {
- lsa.LSA_TLN_DISABLED_NEW : "Disabled-New",
- lsa.LSA_TLN_DISABLED_ADMIN : "Disabled",
- lsa.LSA_TLN_DISABLED_CONFLICT : "Disabled-Conflicting",
+ lsa.LSA_TLN_DISABLED_NEW: "Disabled-New",
+ lsa.LSA_TLN_DISABLED_ADMIN: "Disabled",
+ lsa.LSA_TLN_DISABLED_CONFLICT: "Disabled-Conflicting",
}
return "Status[%s]" % self.generic_bitmap_to_string(flags, e_flags, names_only=True)
return "Status[Enabled]"
flags = {
- lsa.LSA_SID_DISABLED_ADMIN : "Disabled-SID",
- lsa.LSA_SID_DISABLED_CONFLICT : "Disabled-SID-Conflicting",
- lsa.LSA_NB_DISABLED_ADMIN : "Disabled-NB",
- lsa.LSA_NB_DISABLED_CONFLICT : "Disabled-NB-Conflicting",
+ lsa.LSA_SID_DISABLED_ADMIN: "Disabled-SID",
+ lsa.LSA_SID_DISABLED_CONFLICT: "Disabled-SID-Conflicting",
+ lsa.LSA_NB_DISABLED_ADMIN: "Disabled-NB",
+ lsa.LSA_NB_DISABLED_CONFLICT: "Disabled-NB-Conflicting",
}
return "Status[%s]" % self.generic_bitmap_to_string(flags, e_flags, names_only=True)
enc_types.enc_types = security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
enc_types.enc_types |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
- local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
+ local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
local_policy_access |= lsa.LSA_POLICY_TRUST_ADMIN
local_policy_access |= lsa.LSA_POLICY_CREATE_SECRET
# 512 bytes and a 2 bytes confounder is required.
#
def random_trust_secret(length):
- pw = samba.generate_random_machine_password(length//2, length//2)
+ pw = samba.generate_random_machine_password(length // 2, length // 2)
return string_to_byte_array(pw.encode('utf-16-le'))
if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_INBOUND:
def run(self, domain, sambaopts=None, localdcopts=None, credopts=None, versionopts=None,
delete_location=None):
- local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
+ local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
local_policy_access |= lsa.LSA_POLICY_TRUST_ADMIN
local_policy_access |= lsa.LSA_POLICY_CREATE_SECRET
if delete_location == "local":
remote_policy_access = None
else:
- remote_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
+ remote_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
remote_policy_access |= lsa.LSA_POLICY_TRUST_ADMIN
remote_policy_access |= lsa.LSA_POLICY_CREATE_SECRET
def run(self, domain, sambaopts=None, versionopts=None, credopts=None, localdcopts=None,
validate_location=None):
- local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
+ local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
local_server = self.setup_local_server(sambaopts, localdcopts)
try:
continue
raise CommandError("value[%s] specified for --enable-sid and --disable-sid" % e)
- local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
+ local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
if require_update:
local_policy_access |= lsa.LSA_POLICY_TRUST_ADMIN
print("Defunct object %s doesn't exist, skipping" % self.dn)
return True
elif self.unknown_oid is not None:
- print("Skipping unknown OID %s for object %s" %(self.unknown_oid, self.dn))
+ print("Skipping unknown OID %s for object %s" % (self.unknown_oid, self.dn))
return True
return False
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("-q", "--quiet", help="Be quiet", action="store_true"), #unused
+ Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
Option("-v", "--verbose", help="Be verbose", action="store_true"),
Option("--schema", type="choice", metavar="SCHEMA",
choices=["2012", "2012_R2"],