backend_list,
Context,
Signal,
- )
+)
'': False,
'N': False,
'NO': False,
- }
+ }
prompt = '[y/N]'
AUTO_USE_KERBEROS,
DONT_USE_KERBEROS,
MUST_USE_KERBEROS,
- )
+)
import sys
"trustAuthIncoming" : ndr_pack(outgoing),
"trustAuthOutgoing" : ndr_pack(outgoing),
"securityIdentifier" : ndr_pack(ctx.forestsid)
- }
+ }
ctx.local_samdb.add(rec)
rec = {
"userAccountControl" : str(samba.dsdb.UF_INTERDOMAIN_TRUST_ACCOUNT),
"clearTextPassword" : ctx.trustdom_pass.encode('utf-16-le'),
"samAccountName" : "%s$" % ctx.forest_domain_name
- }
+ }
ctx.local_samdb.add(rec)
drsblobs,
drsuapi,
misc,
- )
+)
from samba.common import dsdb_Dn
from samba.ndr import ndr_unpack, ndr_pack
from collections import Counter
'fEXTENDEDLINKTRACKING': 21, # XL
'fBASEONLY': 20, # BO
'fPARTITIONSECRET': 19, # SE
- }
+}
# ADTS: 2.2.10
bitFields["systemflags"] = {
'FLAG_CONFIG_ALLOW_MOVE': 2, # AM
'FLAG_CONFIG_ALLOW_RENAME': 1, # AR
'FLAG_DISALLOW_DELETE': 0 # DD
- }
+}
# ADTS: 2.2.11
bitFields["schemaflagsex"] = {
'FLAG_ATTR_IS_CRITICAL': 31
- }
+}
# ADTS: 3.1.1.2.2.2
oMObjectClassBER = {
Ldb,
werror,
WERRORError
- )
+)
from samba.netcmd import (
Command,
CommandError,
SuperCommand,
Option,
- )
+)
def _is_valid_ip(ip_string, address_families=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, computername, credopts=None, sambaopts=None, versionopts=None,
H=None, computerou=None, description=None, prepare_oldjoin=False,
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, computername, credopts=None, sambaopts=None,
versionopts=None, H=None):
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, sambaopts=None, credopts=None, versionopts=None, H=None):
lp = sambaopts.get_loadparm()
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, computername, credopts=None, sambaopts=None, versionopts=None,
H=None, computer_attrs=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, computername, new_ou_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
Command,
CommandError,
Option
- )
+)
from samba.dbchecker import dbcheck
Option("--reset-well-known-acls", dest="reset_well_known_acls", default=False, action="store_true", help="reset ACLs on objects with well known default ACL values to the default"),
Option("-H", "--URL", help="LDB URL for database or target server (defaults to local SAM database)",
type=str, metavar="URL", dest="H"),
- ]
+ ]
def run(self, DN=None, H=None, verbose=False, fix=False, yes=False,
cross_ncs=False, quiet=False,
CommandError,
SuperCommand,
Option
- )
+)
class cmd_delegation_show(Command):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["accountname"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["accountname", "onoff"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["accountname", "onoff"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["accountname", "principal"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["accountname", "principal"]
CommandError,
Option,
SuperCommand,
- )
+)
from samba.dcerpc import dnsp, dnsserver
from samba.dnsserver import ARecord, AAAARecord, PTRRecord, CNameRecord, NSRecord, MXRecord, SOARecord, SRVRecord, TXTRecord
CommandError,
SuperCommand,
Option
- )
+)
from samba.netcmd.fsmo import get_fsmo_roleowner
from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
from samba.samba3 import Samba3
UF_SERVER_TRUST_ACCOUNT,
UF_TRUSTED_FOR_DELEGATION,
UF_PARTIAL_SECRETS_ACCOUNT
- )
+)
from samba.provision import (
provision,
ProvisioningError,
DEFAULT_MIN_PWD_LENGTH,
setup_path
- )
+)
from samba.provision.common import (
FILL_FULL,
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("--principal", help="extract only this principal", type=str),
- ]
+ ]
takes_args = ["keytab"]
synopsis = "%prog <ip_address> [options]"
takes_options = [
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_args = ["address"]
Option("--partitions-only",
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
- ]
+ ]
openldap_options = [
Option("--ldapadminpass", type="string", metavar="PASSWORD",
Option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDA"),
Option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true"),
- ]
+ ]
ntvfs_options = [
Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
Option("--parent-domain", help="parent domain to create subdomain under", type=str),
Option("--adminpass", type="string", metavar="PASSWORD",
help="choose adminstrator password when joining as a subdomain (otherwise random)"),
- ]
+ ]
ntvfs_options = [
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
"to remove ALL references to (rather than this DC)", type=str),
Option("-q", "--quiet", help="Be quiet", action="store_true"),
Option("-v", "--verbose", help="Be verbose", action="store_true"),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, sambaopts=None, credopts=None,
versionopts=None, server=None,
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
}
takes_options = [
- ]
+ ]
def run(self, sambaopts=None, versionopts=None, localdcopts=None):
}
takes_options = [
- ]
+ ]
takes_args = ["domain"]
help="Skip validation of the trust.",
dest='validate',
default=True),
- ]
+ ]
takes_args = ["domain"]
help="Where to delete the trusted domain object: 'local' or 'both'.",
dest='delete_location',
default="both"),
- ]
+ ]
takes_args = ["domain"]
help="Where to validate the trusted domain object: 'local' or 'both'.",
dest='validate_location',
default="both"),
- ]
+ ]
takes_args = ["domain"]
help="Delete an existing msDS-SPNSuffixes attribute of the local forest. Can be specified multiple times.",
dest='delete_spn',
default=[]),
- ]
+ ]
takes_args = ["domain?"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, *ncs, **kwargs):
sambaopts = kwargs.get("sambaopts")
CommandError,
Option,
SuperCommand,
- )
+)
from samba.samdb import SamDB
from samba import drs_utils, nttime2string, dsdb
from samba.dcerpc import drsuapi, misc
Option("--local-online", help="pull changes into the local database (destination DC is ignored) as a normal online replication", action="store_true"),
Option("--async-op", help="use ASYNC_OP for the replication", action="store_true"),
Option("--single-object", help="Replicate only the object specified, instead of the whole Naming Context (only with --local)", action="store_true"),
- ]
+ ]
def drs_local_replicate(self, SOURCE_DC, NC, full_sync=False,
single_object=False,
("DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10", "DRS_EXT_GETCHGREQ_V10"),
("DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2", "DRS_EXT_RESERVED_FOR_WIN2K_OR_DOTNET_PART2"),
("DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3", "DRS_EXT_RESERVED_FOR_WIN2K_OR_DOTNET_PART3")
- ]
+ ]
optmap_ext = [
("DRSUAPI_SUPPORTED_EXTENSION_ADAM", "DRS_EXT_ADAM"),
takes_options = [
Option("--dsa-option", help="DSA option to enable/disable", type="str",
metavar="{+|-}IS_GC | {+|-}DISABLE_INBOUND_REPL | {+|-}DISABLE_OUTBOUND_REPL | {+|-}DISABLE_NTDSCONN_XLATE" ),
- ]
+ ]
option_map = {"IS_GC": 0x00000001,
"DISABLE_INBOUND_REPL": 0x00000002,
Option("-q", "--quiet", help="Be quiet", action="store_true"),
Option("--include-secrets", help="Also replicate secret values", action="store_true"),
Option("-v", "--verbose", help="Be verbose", action="store_true")
- ]
+ ]
takes_args = ["domain"]
CommandError,
SuperCommand,
Option,
- )
+)
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type="string"),
Option("--sddl", help="An ACE or group of ACEs to be added on the object",
type="string"),
- ]
+ ]
def find_trustee_sid(self, samdb, trusteedn):
res = samdb.search(base=trusteedn, expression="(objectClass=*)",
CommandError,
SuperCommand,
Option
- )
+)
class cmd_forest_show(Command):
"""Display forest settings.
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["value"]
CommandError,
SuperCommand,
Option,
- )
+)
from samba.samdb import SamDB
def get_fsmo_roleowner(samdb, roledn, role):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
forestdns=ForestDnsZonesMasterRole\n
all=all of the above\n
You must provide an Admin user and password."""),
- ]
+ ]
takes_args = []
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = []
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
forestdns=ForestDnsZonesMasterRole\n
all=all of the above\n
You must provide an Admin user and password."""),
- ]
+ ]
takes_args = []
CommandError,
Option,
SuperCommand,
- )
+)
from samba.samdb import SamDB
from samba import dsdb
from samba.dcerpc import security
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H")
- ]
+ ]
def run(self, H=None, sambaopts=None, credopts=None, versionopts=None):
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H")
- ]
+ ]
def run(self, username, H=None, sambaopts=None, credopts=None, versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
- ]
+ ]
def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
- ]
+ ]
def run(self, container_dn, H=None, sambaopts=None, credopts=None,
versionopts=None):
help="Disable policy"),
Option("--enforce", dest="enforced", default=False, action='store_true',
help="Enforce policy")
- ]
+ ]
def run(self, container_dn, gpo, H=None, disabled=False, enforced=False,
sambaopts=None, credopts=None, versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
- ]
+ ]
def run(self, container, gpo, H=None, sambaopts=None, credopts=None,
versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
- ]
+ ]
def run(self, gpo, H=None, sambaopts=None, credopts=None,
versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
- ]
+ ]
def run(self, container_dn, H=None, sambaopts=None, credopts=None,
versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
- ]
+ ]
def run(self, container_dn, inherit_state, H=None, sambaopts=None, credopts=None,
versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
Option("--tmpdir", help="Temporary directory for copying policy files", type=str)
- ]
+ ]
def run(self, gpo, H=None, tmpdir=None, sambaopts=None, credopts=None, versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
Option("--tmpdir", help="Temporary directory for copying policy files", type=str)
- ]
+ ]
def run(self, displayname, H=None, tmpdir=None, sambaopts=None, credopts=None,
versionopts=None):
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
- ]
+ ]
def run(self, gpo, H=None, sambaopts=None, credopts=None,
versionopts=None):
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H")
- ]
+ ]
def run(self, H=None, sambaopts=None, credopts=None, versionopts=None):
help="Verbose output, showing group type and group scope.",
action="store_true"),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, sambaopts=None, credopts=None, versionopts=None, H=None,
verbose=False):
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_args = ["groupname"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, groupname, new_parent_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, groupname, credopts=None, sambaopts=None, versionopts=None,
H=None, group_attrs=None):
Command,
CommandError,
Option,
- )
+)
global summary
summary = {}
help="List of comma separated attributes to ignore in the comparision"),
Option("--skip-missing-dn", dest="skip_missing_dn", action="store_true", default=False,
help="Skip report and failure due to missing DNs in one server or another"),
- ]
+ ]
def run(self, URL1, URL2,
context1=None, context2=None, context3=None, context4=None, context5=None,
takes_optiongroups = {
"versionopts": options.VersionOptions,
- }
+ }
subcommands = cache_loader()
from samba.netcmd import (
Command,
- )
+)
class cmd_time(Command):
"""Retrieve the time on a server.
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_args = ["server_name?"]
CommandError,
SuperCommand,
Option,
- )
+)
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("-q", "--quiet", help="Be quiet", action="store_true"),
Option("--use-ntvfs", help="Set the ACLs directly to the TDB or xattr for use with the ntvfs file server", action="store_true"),
Option("--use-s3fs", help="Set the ACLs for use with the default s3fs file server via the VFS layer", action="store_true"),
Option("--service", help="Name of the smb.conf service to use when applying the ACLs", type="string")
- ]
+ ]
takes_args = ["acl","file"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_args = ["file"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("--as-sddl", help="Output ACL in the SDDL format", action="store_true"),
Option("--use-ntvfs", help="Get the ACLs directly from the TDB or xattr used with the ntvfs file server", action="store_true"),
Option("--use-s3fs", help="Get the ACLs for use via the VFS layer used by the default s3fs file server", action="store_true"),
Option("--service", help="Name of the smb.conf service to use when getting the ACLs", type="string")
- ]
+ ]
takes_args = ["file"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("--use-ntvfs", help="Set the ACLs for use with the ntvfs file server", action="store_true"),
Option("--use-s3fs", help="Set the ACLs for use with the default s3fs file server", action="store_true")
- ]
+ ]
def run(self, use_ntvfs=False, use_s3fs=False,
credopts=None, sambaopts=None, versionopts=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
CommandError,
Option,
SuperCommand,
- )
+)
from samba.samdb import SamDB
from samba import dsdb
from operator import attrgetter
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, old_ou_dn, new_ou_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, old_ou_dn, new_parent_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, ou_dn, credopts=None, sambaopts=None, versionopts=None,
H=None, description=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, ou_dn, credopts=None, sambaopts=None, versionopts=None,
H=None, full_dn=False, recursive=False):
type=str, metavar="URL", dest="H"),
Option("--full-dn", dest="full_dn", default=False, action='store_true',
help="Display DNs including the base DN."),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, sambaopts=None, credopts=None, versionopts=None, H=None,
full_dn=False):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, ou_dn, credopts=None, sambaopts=None, versionopts=None,
H=None, force_subtree_delete=False):
help="Return only processes associated with one particular name"),
Option("--pid", type=int,
help="Return only names assoicated with one particular PID"),
- ]
+ ]
takes_args = []
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = pwd_settings_options + [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
- ]
+ ]
takes_args = ["psoname", "precedence"]
def run(self, psoname, precedence, H=None, min_pwd_age=None,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = pwd_settings_options + [
Option("--precedence", type=int,
"Lower precedence is better (<integer>).")),
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["psoname"]
def run(self, psoname, H=None, precedence=None, min_pwd_age=None,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
- ]
+ ]
takes_args = ["psoname"]
def run(self, psoname, H=None, credopts=None, sambaopts=None,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
- ]
+ ]
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
- ]
+ ]
takes_args = ["psoname"]
def run(self, psoname, H=None, credopts=None, sambaopts=None,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
- ]
+ ]
takes_args = ["username"]
def run(self, username, H=None, credopts=None, sambaopts=None,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
- ]
+ ]
takes_args = ["psoname", "user_or_group"]
def run(self, psoname, user_or_group, H=None, credopts=None,
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str),
- ]
+ ]
takes_args = ["psoname", "user_or_group"]
def run(self, psoname, user_or_group, H=None, credopts=None,
Option("--server", help="DC to use", type=str),
Option("--file", help="Read account list from a file, or - for stdin (one per line)", type=str),
Option("--ignore-errors", help="When preloading multiple accounts, skip any failing accounts", action="store_true"),
- ]
+ ]
takes_args = ["account*"]
CommandError,
SuperCommand,
Option
- )
+)
class cmd_schema_attribute_modify(Command):
"""Modify attribute settings in the schema partition.
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("--searchflags", help="Search Flags for the attribute", type=str),
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["attribute"]
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["attribute"]
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["attribute"]
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
- }
+ }
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
- ]
+ ]
takes_args = ["objectclass"]
CommandError,
SuperCommand,
Option,
- )
+)
class cmd_sites_create(Command):
CommandError,
SuperCommand,
Option
- )
+)
class cmd_spn_list(Command):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_args = ["user"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_options = [
Option("--force", help="Force the addition of the spn"
" even it exists already", action="store_true"),
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
takes_args = ["name", "user?"]
# These are harder to do with the new code structure
Option("--show-all-parameters", action="store_true", default=False,
help="Show the parameters, type, possible values")
- ]
+ ]
takes_args = []
gensec,
generate_random_password,
Ldb,
- )
+)
from samba.net import Net
from samba.netcmd import (
CommandError,
SuperCommand,
Option,
- )
+)
from samba.compat import text_type
try:
"python-gpgme required"
disabled_virtual_attributes = {
- }
+}
virtual_attributes = {
"virtualClearTextUTF8": {
"flags": ldb.ATTR_FLAG_FORCE_BASE64_LDIF,
- },
+ },
"virtualClearTextUTF16": {
"flags": ldb.ATTR_FLAG_FORCE_BASE64_LDIF,
- },
+ },
"virtualSambaGPG": {
"flags": ldb.ATTR_FLAG_FORCE_BASE64_LDIF,
- },
- }
+ },
+}
get_random_bytes_fn = None
if get_random_bytes_fn is None:
h = hashlib.sha1()
h = None
virtual_attributes["virtualSSHA"] = {
- }
+ }
except ImportError as e:
reason = "hashlib.sha1()"
if random_reason:
reason += " required"
disabled_virtual_attributes["virtualSSHA"] = {
"reason" : reason,
- }
+ }
for (alg, attr) in [("5", "virtualCryptSHA256"), ("6", "virtualCryptSHA512")]:
try:
v = get_crypt_value(alg, "")
v = None
virtual_attributes[attr] = {
- }
+ }
except ImportError as e:
reason = "crypt"
if random_reason:
reason += " required"
disabled_virtual_attributes[attr] = {
"reason" : reason,
- }
+ }
except NotImplementedError as e:
reason = "modern '$%s$' salt in crypt(3) required" % (alg)
disabled_virtual_attributes[attr] = {
"reason" : reason,
- }
+ }
# Add the wDigest virtual attributes, virtualWDigest01 to virtualWDigest29
for x in range(1, 30):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, username, password=None, credopts=None, sambaopts=None,
versionopts=None, H=None, must_change_at_next_login=False,
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, username, credopts=None, sambaopts=None, versionopts=None,
H=None):
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, sambaopts=None, credopts=None, versionopts=None, H=None):
lp = sambaopts.get_loadparm()
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
Option("--filter", help="LDAP Filter to set password on", type=str),
- ]
+ ]
takes_args = ["username?"]
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
Option("--filter", help="LDAP Filter to set password on", type=str),
- ]
+ ]
takes_args = ["username?"]
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, username=None, sambaopts=None, credopts=None,
versionopts=None, filter=None, H=None):
takes_options = [
Option("--newpassword", help="New password", type=str),
- ]
+ ]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, credopts=None, sambaopts=None, versionopts=None,
newpassword=None):
Option("--clear-smartcard-required",
help="Don't require a smartcard for interactive logons",
action="store_true"),
- ]
+ ]
takes_args = ["username?"]
Option("--decrypt-samba-gpg",
help=decrypt_samba_gpg_help,
action="store_true", default=False, dest="decrypt_samba_gpg"),
- ]
+ ]
takes_args = ["username?"]
Option("--terminate",
help="Send a SIGTERM to an already running (daemon) process",
action="store_true", default=False, dest="terminate"),
- ]
+ ]
def run(self, cache_ldb_initialize=False, cache_ldb=None,
H=None, filter=None,
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, username, credopts=None, sambaopts=None, versionopts=None,
H=None, editor=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, username, credopts=None, sambaopts=None, versionopts=None,
H=None, user_attrs=None):
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
- }
+ }
def run(self, username, new_parent_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
valid_netbios_name,
version,
is_heimdal_built,
- )
+)
from samba.dcerpc import security, misc
from samba.dcerpc.misc import (
SEC_CHAN_BDC,
SEC_CHAN_WKSTA,
- )
+)
from samba.dsdb import (
DS_DOMAIN_FUNCTION_2003,
DS_DOMAIN_FUNCTION_2008_R2,
ENC_ALL_TYPES,
- )
+)
from samba.idmap import IDmapDB
from samba.ms_display_specifiers import read_ms_ldif
from samba.ntacls import setntacl, getntacl, dsacl2fsacl
FDSBackend,
LDBBackend,
OpenLDAPBackend,
- )
+)
from samba.descriptor import (
get_empty_descriptor,
get_config_descriptor,
get_dns_forest_microsoft_dns_descriptor,
get_dns_domain_microsoft_dns_descriptor,
get_managed_service_accounts_descriptor,
- )
+)
from samba.provision.common import (
setup_path,
setup_add_ldif,
get_dnsadmins_sid,
setup_ad_dns,
create_dns_update_list
- )
+)
import samba.param
import samba.registry
"workgroup": domain,
"realm": realm,
"server role": serverrole,
- }
+ }
if lp is None:
lp = samba.param.LoadParm()
setup_path("secrets_simple_ldap.ldif"), {
"LDAPMANAGERDN": backend_credentials.get_bind_dn(),
"LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
- })
+ })
else:
setup_add_ldif(secrets_ldb,
setup_path("secrets_sasl_ldap.ldif"), {
"LDAPADMINUSER": backend_credentials.get_username(),
"LDAPADMINREALM": backend_credentials.get_realm(),
"LDAPADMINPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
- })
+ })
except:
secrets_ldb.transaction_cancel()
raise
"ROOTDN" : names.rootdn,
"CONFIGDN": names.configdn,
"SERVERDN": names.serverdn,
- })
+ })
def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
"DEFAULTSITE": names.sitename,
"NETBIOSNAME": names.netbiosname,
"SERVERDN": names.serverdn,
- })
+ })
system_session_info = system_session()
samdb.set_session_info(system_session_info)
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"SAMBA_VERSION_STRING": version,
"MIN_PWD_LENGTH": str(DEFAULT_MIN_PWD_LENGTH)
- })
+ })
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
if fill == FILL_FULL:
"SYSTEM_DESCRIPTOR": system_desc,
"BUILTIN_DESCRIPTOR": builtin_desc,
"DOMAIN_CONTROLLERS_DESCRIPTOR": controllers_desc,
- })
+ })
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
if fill == FILL_FULL:
setup_add_ldif(samdb, setup_path("provision_well_known_sec_princ.ldif"), {
"CONFIGDN": names.configdn,
"WELLKNOWNPRINCIPALS_DESCRIPTOR": protected1wd_descr,
- }, controls=["relax:0", "provision:0"])
+ }, controls=["relax:0", "provision:0"])
if fill == FILL_FULL or fill == FILL_SUBDOMAIN:
setup_modify_ldif(samdb,
"DOMAINSID": str(names.domainsid),
"ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')).decode('utf8'),
"KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le')).decode('utf8')
- }, controls=["relax:0", "provision:0"])
+ }, controls=["relax:0", "provision:0"])
logger.info("Setting up self join")
setup_self_join(samdb, admin_session_info, names=names, fill=fill,
"member server": "member server",
"standalone": "standalone server",
"standalone server": "standalone server",
- }
+}
def sanitize_server_role(role):
"DOMAINDN": domaindn,
"NETBIOSNAME": netbiosname,
"NISDOMAIN": nisdomain,
- })
+ })
except:
samdb.transaction_cancel()
raise
"DNSDOMAIN": dnsdomain,
"HOSTNAME": hostname,
"REALM": realm,
- })
+ })
class ProvisioningError(Exception):
setup_file(setup_path("fedorads-samba.ldif"), self.samba_ldif, {
"SAMBADN": self.sambadn,
"LDAPADMINPASS": self.ldapadminpass
- })
+ })
mapping = "schema-map-fedora-ds-1.0"
backend_schema = "99_ad.ldif"
DS_DOMAIN_FUNCTION_2008_R2,
DS_DOMAIN_FUNCTION_2012_R2,
DS_DOMAIN_FUNCTION_2016
- )
+)
from samba.descriptor import (
get_domain_descriptor,
get_domain_delete_protected1_descriptor,
get_dns_partition_descriptor,
get_dns_forest_microsoft_dns_descriptor,
get_dns_domain_microsoft_dns_descriptor
- )
+)
from samba.provision.common import (
setup_path,
setup_add_ldif,
FILL_SUBDOMAIN,
FILL_NT4SYNC,
FILL_DRS,
- )
+)
from samba.samdb import get_default_backend_store
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": domainzone_dn,
"SECDESC" : b64encode(descriptor).decode('utf8')
- })
+ })
if fill_level != FILL_SUBDOMAIN:
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": forestzone_dn,
"SERVERDN": serverdn,
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
- })
+ })
setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
"CONFIGDN": configdn,
"SERVERDN": serverdn,
def add_dns_accounts(samdb, domaindn):
setup_add_ldif(samdb, setup_path("provision_dns_accounts_add.ldif"), {
"DOMAINDN": domaindn,
- })
+ })
def add_dns_container(samdb, domaindn, prefix, domain_sid, dnsadmins_sid, forest=False):
"HOSTIP6_HOST_LINE": hostip6_host_line,
"GC_MSDCS_IP_LINE": gc_msdcs_ip_line,
"GC_MSDCS_IP6_LINE": gc_msdcs_ip6_line,
- })
+ })
if paths.bind_gid is not None:
try:
"DNS_KEYTAB": keytab_name,
"DNS_KEYTAB_ABS": os.path.join(binddns_dir, keytab_name),
"PRIVATE_DIR": binddns_dir
- })
+ })
def is_valid_dns_backend(dns_backend):
DONT_USE_KERBEROS,
MUST_USE_KERBEROS,
parse_kerberos_arg,
- )
+)
import samba.tests
class KerberosOptionTests(samba.tests.TestCase):
sanitize_server_role,
setup_secretsdb,
findnss,
- )
+)
import samba.tests
from samba.tests import env_loadparm, TestCase
netr_Authenticator,
netr_WorkstationInformation,
MSV1_0_ALLOW_MSVCHAPV2
- )
+)
from samba.dcerpc.misc import SEC_CHAN_WKSTA
from samba.dsdb import (
UF_WORKSTATION_TRUST_ACCOUNT,
"sambaSID": "S-1-5-21-4231626423-2410014848-2360679739",
"sambaNextRid": "2000",
"sambaDomainName": "TESTS"
- })
+ })
# Add a set of split records
self.ldb.add_ldif("""
computer = {
"name": self.randomName(),
"description": self.randomName(count=100),
- }
+ }
computer.update(base)
return computer
ou = {
"name": self.randomName(),
"description": self.randomName(count=100),
- }
+ }
ou.update(base)
return ou
group = {
"name": self.randomName(),
"description": self.randomName(count=100),
- }
+ }
group.update(base)
return group
ou = {
"name": self.randomName(),
"description": self.randomName(count=100),
- }
+ }
ou.update(base)
return ou
"description": self.randomName(count=100),
"createUserFn": self._create_user,
"checkUserFn": self._check_user,
- }
+ }
user.update(base)
return user
from samba.tests import (
TestCase,
- )
+)
def get_python_source_files():
SkipTest,
TestCase,
TestCaseInTempDir,
- )
+)
import random
import shutil
import os
"pass" : ".",
"fail" : ".",
"retry" : "."
- }
+}
defaulttasks = [ "ctdb",
"samba",
rebase_remote, rebase_branch,
rebase_remote,
rebase_remote, rebase_branch
- ),
+ ),
"test/plain" ) ]
self.retry = builder('retry', retry_task, cp=False)
"--maximum-runtime=$SELFTEST_MAXTIME",
"--basedir=$SELFTEST_TMPDIR",
"--format=subunit"
- ] + get_env_torture_options()
+] + get_env_torture_options()
def plansmbtorture4testsuite(name, env, options, target, modname=None):
smbtorture4_options.extend([
'--option=torture:sharedelay=100000',
'--option=torture:writetimeupdatedelay=500000',
- ])
+])
def plansmbtorture4testsuite(name, env, options, description=''):
if description == '':
"sAMAccountName": username,
"userAccountControl": str(UF_NORMAL_ACCOUNT),
"unicodePwd": utf16pw,
- })
+ })
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE,
"objectclass": "user",
"userAccountControl": str(UF_NORMAL_ACCOUNT),
"unicodePwd": "\"thatsAcomplPASS2\"".encode('utf-16-le')
- })
+ })
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE,
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectclass": "user",
"userAccountControl": str(UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE),
- })
+ })
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE,
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectclass": "user",
"userAccountControl": str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED|UF_ACCOUNTDISABLE),
- })
+ })
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE,
["CN=Enterprise Admins","CN=Users,"],
["CN=Administrator","CN=Users,"],
["CN=Domain Controllers","CN=Users,"],
- ]
+ ]
from ldb import (
SCOPE_SUBTREE,
- )
+)
import drs_base, ldb
SCOPE_BASE,
Message,
FLAG_MOD_REPLACE,
- )
+)
from samba.compat import cmp_fn
class DrsBaseTestCase(SambaToolCmdTest):
self.ldb_dc1.add({
"dn": ou1,
"objectclass": "organizationalUnit"
- })
+ })
ou1_id = self._get_identifier(self.ldb_dc1, ou1)
ou2 = "OU=get_anc2,%s" % ou1
self.ldb_dc1.add({
"dn": ou2,
"objectclass": "organizationalUnit"
- })
+ })
ou2_id = self._get_identifier(self.ldb_dc1, ou2)
dc3 = "CN=test_anc_dc_%u,%s" % (random.randint(0, 4294967295), ou2)
self.ldb_dc1.add({
"dn": dc3,
"objectclass": "computer",
"userAccountControl": "%d" % (samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_SERVER_TRUST_ACCOUNT)
- })
+ })
dc3_id = self._get_identifier(self.ldb_dc1, dc3)
# Add some linked attributes (for checking GET_TGT behaviour)
self.ldb_dc1.add({
"dn": non_nc_ou,
"objectclass": "organizationalUnit"
- })
+ })
req8 = self._exop_req8(dest_dsa=None,
invocation_id=self.ldb_dc1.get_invocation_id(),
nc_dn_str=non_nc_ou,
self.ldb_dc1.add({
"dn": ou1,
"objectclass": "organizationalUnit"
- })
+ })
ou1_id = self._get_identifier(self.ldb_dc1, ou1)
ou2 = "OU=get_anc2,%s" % ou1
self.ldb_dc1.add({
"dn": ou2,
"objectclass": "organizationalUnit"
- })
+ })
ou2_id = self._get_identifier(self.ldb_dc1, ou2)
dc3 = "CN=test_anc_dc_%u,%s" % (random.randint(0, 4294967295), ou2)
self.ldb_dc1.add({
"dn": dc3,
"objectclass": "computer",
"userAccountControl": "%d" % (samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_SERVER_TRUST_ACCOUNT)
- })
+ })
dc3_id = self._get_identifier(self.ldb_dc1, dc3)
(hwm1, utdv1) = self._check_replication([ou1,ou2,dc3],
self.ldb_dc1.add({
"dn": cn3,
"objectclass": "container",
- })
+ })
cn3_id = self._get_identifier(self.ldb_dc1, cn3)
(hwm5, utdv5) = self._check_replication([dc3,ou1,ou2,self.ou,cn3],
from ldb import (
SCOPE_BASE,
SCOPE_SUBTREE,
- )
+)
import drs_base, ldb
from samba.dcerpc.drsuapi import *
Message,
FLAG_MOD_ADD,
FLAG_MOD_REPLACE
- )
+)
from samba.dcerpc import drsuapi, misc
from samba.drs_utils import drs_DsBind
from samba import dsdb