2 Unix SMB/CIFS implementation.
3 Samba utility functions
4 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2009
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "python/py3compat.h"
26 #include "librpc/ndr/libndr.h"
27 #include "param/provision.h"
28 #include "param/secrets.h"
30 #include "python/modules.h"
31 #include "param/pyparam.h"
32 #include "dynconfig/dynconfig.h"
34 static bool dict_insert(PyObject* dict,
38 if (PyDict_SetItemString(dict, key, value) == -1) {
46 static PyObject *provision_module(void)
48 PyObject *name = PyStr_FromString("samba.provision");
52 mod = PyImport_Import(name);
57 static PyObject *schema_module(void)
59 PyObject *name = PyStr_FromString("samba.schema");
63 mod = PyImport_Import(name);
68 static PyObject *ldb_module(void)
70 PyObject *name = PyStr_FromString("ldb");
74 mod = PyImport_Import(name);
79 static PyObject *PyLdb_FromLdbContext(struct ldb_context *ldb_ctx)
82 PyObject *ldb_mod = ldb_module();
83 PyTypeObject *ldb_ctx_type;
87 ldb_ctx_type = (PyTypeObject *)PyObject_GetAttrString(ldb_mod, "Ldb");
89 ret = (PyLdbObject *)ldb_ctx_type->tp_alloc(ldb_ctx_type, 0);
92 Py_XDECREF(ldb_ctx_type);
95 ret->mem_ctx = talloc_new(NULL);
96 ret->ldb_ctx = talloc_reference(ret->mem_ctx, ldb_ctx);
97 Py_XDECREF(ldb_ctx_type);
98 return (PyObject *)ret;
101 NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
102 struct provision_settings *settings,
103 struct provision_result *result)
105 const char *configfile;
106 PyObject *provision_mod = NULL, *provision_dict = NULL;
107 PyObject *provision_fn = NULL, *py_result = NULL;
108 PyObject *parameters = NULL, *py_lp_ctx = NULL, *py_domaindn = NULL;
110 struct ldb_context *samdb;
111 NTSTATUS status = NT_STATUS_OK;
113 DEBUG(0,("Provision for Become-DC test using python\n"));
116 py_update_path(); /* Put the samba path at the start of sys.path */
118 provision_mod = provision_module();
120 if (provision_mod == NULL) {
122 DEBUG(0, ("Unable to import provision Python module.\n"));
123 return NT_STATUS_UNSUCCESSFUL;
126 provision_dict = PyModule_GetDict(provision_mod);
128 if (provision_dict == NULL) {
129 DEBUG(0, ("Unable to get dictionary for provision module\n"));
130 return NT_STATUS_UNSUCCESSFUL;
133 provision_fn = PyDict_GetItemString(provision_dict, "provision_become_dc");
134 if (provision_fn == NULL) {
136 DEBUG(0, ("Unable to get provision_become_dc function\n"));
137 return NT_STATUS_UNSUCCESSFUL;
140 DEBUG(0,("New Server in Site[%s]\n",
141 settings->site_name));
143 DEBUG(0,("DSA Instance [%s]\n"
144 "\tinvocationId[%s]\n",
145 settings->ntds_dn_str,
146 settings->invocation_id == NULL?"None":GUID_string(mem_ctx, settings->invocation_id)));
148 DEBUG(0,("Paths under targetdir[%s]\n",
149 settings->targetdir));
150 parameters = PyDict_New();
152 configfile = lpcfg_configfile(lp_ctx);
153 if (configfile != NULL) {
154 if (!dict_insert(parameters, "smbconf",
155 PyStr_FromString(configfile))) {
156 status = NT_STATUS_UNSUCCESSFUL;
161 if (!dict_insert(parameters,
163 PyStr_FromString(settings->root_dn_str))) {
164 status = NT_STATUS_UNSUCCESSFUL;
167 if (settings->targetdir != NULL) {
168 if (!dict_insert(parameters,
170 PyStr_FromString(settings->targetdir))) {
171 status = NT_STATUS_UNSUCCESSFUL;
175 if (!dict_insert(parameters,
177 PyStr_FromString(settings->netbios_name))) {
178 status = NT_STATUS_UNSUCCESSFUL;
181 if (!dict_insert(parameters,
183 PyStr_FromString(settings->domain))) {
184 status = NT_STATUS_UNSUCCESSFUL;
187 if (!dict_insert(parameters,
189 PyStr_FromString(settings->realm))) {
190 status = NT_STATUS_UNSUCCESSFUL;
193 if (settings->root_dn_str) {
194 if (!dict_insert(parameters,
196 PyStr_FromString(settings->root_dn_str))) {
197 status = NT_STATUS_UNSUCCESSFUL;
202 if (settings->domain_dn_str) {
203 if (!dict_insert(parameters,
205 PyStr_FromString(settings->domain_dn_str))) {
206 status = NT_STATUS_UNSUCCESSFUL;
211 if (settings->schema_dn_str) {
212 if (!dict_insert(parameters,
214 PyStr_FromString(settings->schema_dn_str))) {
215 status = NT_STATUS_UNSUCCESSFUL;
219 if (settings->config_dn_str) {
220 if (!dict_insert(parameters,
222 PyStr_FromString(settings->config_dn_str))) {
223 status = NT_STATUS_UNSUCCESSFUL;
227 if (settings->server_dn_str) {
228 if (!dict_insert(parameters,
230 PyStr_FromString(settings->server_dn_str))) {
231 status = NT_STATUS_UNSUCCESSFUL;
235 if (settings->site_name) {
236 if (!dict_insert(parameters,
238 PyStr_FromString(settings->site_name))) {
239 status = NT_STATUS_UNSUCCESSFUL;
244 if (!dict_insert(parameters,
246 PyStr_FromString(settings->machine_password))){
247 status = NT_STATUS_UNSUCCESSFUL;
251 if (!dict_insert(parameters,
253 PyInt_FromLong(DEBUGLEVEL))) {
254 status = NT_STATUS_UNSUCCESSFUL;
258 if (!dict_insert(parameters,
260 PyInt_FromLong(settings->use_ntvfs))) {
261 status = NT_STATUS_UNSUCCESSFUL;
265 py_result = PyEval_CallObjectWithKeywords(provision_fn, NULL, parameters);
267 if (py_result == NULL) {
268 status = NT_STATUS_UNSUCCESSFUL;
272 py_domaindn = PyObject_GetAttrString(py_result, "domaindn");
273 result->domaindn = talloc_strdup(mem_ctx, PyStr_AsString(py_domaindn));
276 py_lp_ctx = PyObject_GetAttrString(py_result, "lp");
277 if (py_lp_ctx == NULL) {
278 DEBUG(0, ("Missing 'lp' attribute"));
279 status = NT_STATUS_UNSUCCESSFUL;
282 result->lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
284 samdb = pyldb_Ldb_AsLdbContext(PyObject_GetAttrString(py_result, "samdb"));
286 DEBUG(0, ("Missing 'samdb' attribute"));
287 status = NT_STATUS_UNSUCCESSFUL;
290 result->samdb = samdb;
291 status = NT_STATUS_OK;
293 Py_CLEAR(parameters);
294 Py_CLEAR(provision_mod);
295 Py_CLEAR(provision_fn);
296 Py_CLEAR(provision_dict);
299 Py_CLEAR(py_domaindn);
300 if (!NT_STATUS_IS_OK(status)) {
307 static PyObject *py_dom_sid_FromSid(struct dom_sid *sid)
309 PyObject *mod_security = NULL, *dom_sid_Type = NULL, *result = NULL;
311 mod_security = PyImport_ImportModule("samba.dcerpc.security");
312 if (mod_security == NULL) {
316 dom_sid_Type = PyObject_GetAttrString(mod_security, "dom_sid");
317 if (dom_sid_Type == NULL) {
318 Py_DECREF(mod_security);
322 result = pytalloc_reference((PyTypeObject *)dom_sid_Type, sid);
323 Py_DECREF(mod_security);
324 Py_DECREF(dom_sid_Type);
328 NTSTATUS provision_store_self_join(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
329 struct tevent_context *event_ctx,
330 struct provision_store_self_join_settings *settings,
331 const char **error_string)
334 PyObject *provision_mod = NULL, *provision_dict = NULL;
335 PyObject *provision_fn = NULL, *py_result = NULL;
336 PyObject *parameters = NULL, *py_sid = NULL;
337 struct ldb_context *ldb = NULL;
338 TALLOC_CTX *tmp_mem = talloc_new(mem_ctx);
340 NTSTATUS status = NT_STATUS_OK;
341 *error_string = NULL;
344 status = NT_STATUS_UNSUCCESSFUL;
348 /* Open the secrets database */
349 ldb = secrets_db_connect(tmp_mem, lp_ctx);
352 = talloc_asprintf(mem_ctx,
353 "Could not open secrets database");
354 status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
358 ret = ldb_transaction_start(ldb);
360 if (ret != LDB_SUCCESS) {
362 = talloc_asprintf(mem_ctx,
363 "Could not start transaction on secrets database: %s", ldb_errstring(ldb));
364 status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
369 py_update_path(); /* Put the samba path at the start of sys.path */
370 provision_mod = provision_module();
372 if (provision_mod == NULL) {
374 = talloc_asprintf(mem_ctx, "Unable to import provision Python module.");
375 status = NT_STATUS_UNSUCCESSFUL;
379 provision_dict = PyModule_GetDict(provision_mod);
381 if (provision_dict == NULL) {
383 = talloc_asprintf(mem_ctx, "Unable to get dictionary for provision module");
384 status = NT_STATUS_UNSUCCESSFUL;
388 provision_fn = PyDict_GetItemString(provision_dict, "secretsdb_self_join");
389 if (provision_fn == NULL) {
391 = talloc_asprintf(mem_ctx, "Unable to get provision_become_dc function");
392 status = NT_STATUS_UNSUCCESSFUL;
396 parameters = PyDict_New();
398 if(!dict_insert(parameters,
400 PyLdb_FromLdbContext(ldb))){
401 status = NT_STATUS_UNSUCCESSFUL;
404 if (!dict_insert(parameters,
406 PyStr_FromString(settings->domain_name))) {
407 status = NT_STATUS_UNSUCCESSFUL;
410 if (settings->realm != NULL) {
411 if (!dict_insert(parameters,
413 PyStr_FromString(settings->realm))) {
414 status = NT_STATUS_UNSUCCESSFUL;
418 if (!dict_insert(parameters,
420 PyStr_FromString(settings->machine_password))) {
421 status = NT_STATUS_UNSUCCESSFUL;
424 if (!dict_insert(parameters,
426 PyStr_FromString(settings->netbios_name))) {
427 status = NT_STATUS_UNSUCCESSFUL;
431 py_sid = py_dom_sid_FromSid(settings->domain_sid);
432 if (py_sid == NULL) {
433 status = NT_STATUS_UNSUCCESSFUL;
437 if (!dict_insert(parameters,
440 status = NT_STATUS_UNSUCCESSFUL;
444 if (!dict_insert(parameters,
445 "secure_channel_type",
446 PyInt_FromLong(settings->secure_channel_type))) {
447 status = NT_STATUS_UNSUCCESSFUL;
451 if (!dict_insert(parameters,
452 "key_version_number",
453 PyInt_FromLong(settings->key_version_number))) {
454 status = NT_STATUS_UNSUCCESSFUL;
458 py_result = PyEval_CallObjectWithKeywords(provision_fn, NULL, parameters);
460 if (py_result == NULL) {
461 ldb_transaction_cancel(ldb);
462 status = NT_STATUS_UNSUCCESSFUL;
466 ret = ldb_transaction_commit(ldb);
467 if (ret != LDB_SUCCESS) {
469 = talloc_asprintf(mem_ctx,
470 "Could not commit transaction on secrets database: %s", ldb_errstring(ldb));
471 status = NT_STATUS_INTERNAL_DB_ERROR;
475 status = NT_STATUS_OK;
477 talloc_free(tmp_mem);
478 Py_CLEAR(parameters);
479 Py_CLEAR(provision_mod);
480 Py_CLEAR(provision_fn);
481 Py_CLEAR(provision_dict);
484 if (!NT_STATUS_IS_OK(status)) {
492 struct ldb_context *provision_get_schema(TALLOC_CTX *mem_ctx,
493 struct loadparm_context *lp_ctx,
494 const char *schema_dn,
495 DATA_BLOB *override_prefixmap)
497 PyObject *schema_mod, *schema_dict, *schema_fn, *py_result, *parameters;
498 PyObject *py_ldb = NULL;
499 struct ldb_context *ldb_result = NULL;
501 py_update_path(); /* Put the samba path at the start of sys.path */
503 schema_mod = schema_module();
505 if (schema_mod == NULL) {
507 DEBUG(0, ("Unable to import schema Python module.\n"));
511 schema_dict = PyModule_GetDict(schema_mod);
513 if (schema_dict == NULL) {
514 DEBUG(0, ("Unable to get dictionary for schema module\n"));
518 schema_fn = PyDict_GetItemString(schema_dict, "ldb_with_schema");
519 if (schema_fn == NULL) {
521 DEBUG(0, ("Unable to get schema_get_ldb function\n"));
525 parameters = PyDict_New();
528 if (!dict_insert(parameters,
530 PyStr_FromString(schema_dn))) {
535 if (override_prefixmap) {
536 if (!dict_insert(parameters,
537 "override_prefixmap",
538 PyBytes_FromStringAndSize(
539 (const char *)override_prefixmap->data,
540 override_prefixmap->length))) {
545 py_result = PyEval_CallObjectWithKeywords(schema_fn, NULL, parameters);
547 Py_DECREF(parameters);
549 if (py_result == NULL) {
555 py_ldb = PyObject_GetAttrString(py_result, "ldb");
556 Py_DECREF(py_result);
557 ldb_result = pyldb_Ldb_AsLdbContext(py_ldb);
559 * #TODO #FIXME There is a leak here !!!
560 * Looks like ldb is a new object returned from schema_fn
561 * We extract the ldb_ctx from that which rightly
562 * will be destoryed when py_ldb is decremented.
563 * Presently the ldb_context is returned (but the owning