print("BindTest (no domain) with: " + self.username)
try:
ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
- lp=lp, ldap_only=True)
+ lp=lp, ldap_only=True)
except:
self.fail("Failed to connect without the domain set")
m = Message()
m.dn = Dn(self.ldb, self.ou)
m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000001:OU=o1,%s" % self.ou,
- FLAG_MOD_ADD, "otherWellKnownObjects")
+ FLAG_MOD_ADD, "otherWellKnownObjects")
self.ldb.modify(m)
m = Message()
m.dn = Dn(self.ldb, "OU=o1,%s" % self.ou)
m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000002:OU=o2,OU=o1,%s" % self.ou,
- FLAG_MOD_ADD, "otherWellKnownObjects")
+ FLAG_MOD_ADD, "otherWellKnownObjects")
self.ldb.modify(m)
m = Message()
m.dn = Dn(self.ldb, "OU=o2,OU=o1,%s" % self.ou)
m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000003:OU=o3,OU=o2,OU=o1,%s" % self.ou,
- FLAG_MOD_ADD, "otherWellKnownObjects")
+ FLAG_MOD_ADD, "otherWellKnownObjects")
self.ldb.modify(m)
m = Message()
m.dn = Dn(self.ldb, "OU=o3,OU=o2,OU=o1,%s" % self.ou)
m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
- FLAG_MOD_ADD, "otherWellKnownObjects")
+ FLAG_MOD_ADD, "otherWellKnownObjects")
self.ldb.modify(m)
# Create OU for users and groups
def test_u1_member_of_g4(self):
# Search without transitive match must return 0 results
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member=cn=u1,%s" % self.ou_users)
+ scope=SCOPE_BASE,
+ expression="member=cn=u1,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
- scope=SCOPE_BASE,
- expression="memberOf=cn=g4,%s" % self.ou_groups)
+ scope=SCOPE_BASE,
+ expression="memberOf=cn=g4,%s" % self.ou_groups)
self.assertEqual(len(res1), 0)
# Search with transitive match must return 1 results
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
- scope=SCOPE_BASE,
- expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
+ scope=SCOPE_BASE,
+ expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=u1,%s" % self.ou_users).lower())
def test_g1_member_of_g4(self):
# Search without transitive match must return 0 results
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member=cn=g1,%s" % self.ou_groups)
+ scope=SCOPE_BASE,
+ expression="member=cn=g1,%s" % self.ou_groups)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="memberOf=cn=g4,%s" % self.ou_groups)
+ scope=SCOPE_BASE,
+ expression="memberOf=cn=g4,%s" % self.ou_groups)
self.assertEqual(len(res1), 0)
# Search with transitive match must return 1 results
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
+ scope=SCOPE_BASE,
+ expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
def test_u1_groups(self):
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u1,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u1,%s" % self.ou_users)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u1,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u1,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
self.assertEqual(len(res1), 4)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
def test_u2_groups(self):
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u2,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u2,%s" % self.ou_users)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u2,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u2,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
self.assertEqual(len(res1), 3)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
def test_u3_groups(self):
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u3,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u3,%s" % self.ou_users)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u3,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u3,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
def test_u4_groups(self):
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u4,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u4,%s" % self.ou_users)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member=cn=u4,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member=cn=u4,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_users,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
self.assertEqual(len(res1), 0)
def test_extended_dn_u1(self):
res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
- scope=SCOPE_BASE,
- expression="objectClass=*",
- attrs=['objectSid', 'objectGUID'])
+ scope=SCOPE_BASE,
+ expression="objectClass=*",
+ attrs=['objectSid', 'objectGUID'])
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("cn=u1,%s" % self.ou_users).lower())
guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=<SID=%s>" % sid)
+ scope=SCOPE_SUBTREE,
+ expression="member=<SID=%s>" % sid)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=<GUID=%s>" % guid)
+ scope=SCOPE_SUBTREE,
+ expression="member=<GUID=%s>" % guid)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
self.assertEqual(len(res1), 4)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_ONELEVEL,
- expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
+ scope=SCOPE_ONELEVEL,
+ expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
self.assertEqual(len(res1), 4)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
self.assertEqual(len(res1), 4)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_ONELEVEL,
- expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
+ scope=SCOPE_ONELEVEL,
+ expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
self.assertEqual(len(res1), 4)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
def test_extended_dn_u2(self):
res1 = self.ldb.search("cn=u2,%s" % self.ou_users,
- scope=SCOPE_BASE,
- expression="objectClass=*",
- attrs=['objectSid', 'objectGUID'])
+ scope=SCOPE_BASE,
+ expression="objectClass=*",
+ attrs=['objectSid', 'objectGUID'])
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("cn=u2,%s" % self.ou_users).lower())
guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=<SID=%s>" % sid)
+ scope=SCOPE_SUBTREE,
+ expression="member=<SID=%s>" % sid)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=<GUID=%s>" % guid)
+ scope=SCOPE_SUBTREE,
+ expression="member=<GUID=%s>" % guid)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
self.assertEqual(len(res1), 3)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_ONELEVEL,
- expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
+ scope=SCOPE_ONELEVEL,
+ expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
self.assertEqual(len(res1), 3)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
self.assertEqual(len(res1), 3)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_ONELEVEL,
- expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
+ scope=SCOPE_ONELEVEL,
+ expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
self.assertEqual(len(res1), 3)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
def test_extended_dn_u3(self):
res1 = self.ldb.search("cn=u3,%s" % self.ou_users,
- scope=SCOPE_BASE,
- expression="objectClass=*",
- attrs=['objectSid', 'objectGUID'])
+ scope=SCOPE_BASE,
+ expression="objectClass=*",
+ attrs=['objectSid', 'objectGUID'])
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("cn=u3,%s" % self.ou_users).lower())
guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=<SID=%s>" % sid)
+ scope=SCOPE_SUBTREE,
+ expression="member=<SID=%s>" % sid)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member=<GUID=%s>" % guid)
+ scope=SCOPE_SUBTREE,
+ expression="member=<GUID=%s>" % guid)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_SUBTREE,
- expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
+ scope=SCOPE_SUBTREE,
+ expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
res1 = self.ldb.search(self.ou_groups,
- scope=SCOPE_ONELEVEL,
- expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
+ scope=SCOPE_ONELEVEL,
+ expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
def test_object_dn_binary(self):
res1 = self.ldb.search(self.ou_computers,
- scope=SCOPE_SUBTREE,
- expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
+ scope=SCOPE_SUBTREE,
+ expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
res1 = self.ldb.search(self.ou_computers,
- scope=SCOPE_ONELEVEL,
- expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
+ scope=SCOPE_ONELEVEL,
+ expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
res1 = self.ldb.search(self.ou_computers,
- scope=SCOPE_SUBTREE,
- expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
+ scope=SCOPE_SUBTREE,
+ expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
res1 = self.ldb.search(self.ou_computers,
- scope=SCOPE_ONELEVEL,
- expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
+ scope=SCOPE_ONELEVEL,
+ expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
def test_one_way_links(self):
res1 = self.ldb.search(self.ou,
- scope=SCOPE_SUBTREE,
- expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
+ scope=SCOPE_SUBTREE,
+ expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
res1 = self.ldb.search(self.ou,
- scope=SCOPE_ONELEVEL,
- expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
+ scope=SCOPE_ONELEVEL,
+ expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
res1 = self.ldb.search(self.ou,
- scope=SCOPE_SUBTREE,
- expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
+ scope=SCOPE_SUBTREE,
+ expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
self.assertTrue(("CN=e2,%s" % self.ou).lower() in dn_list)
res1 = self.ldb.search(self.ou,
- scope=SCOPE_ONELEVEL,
- expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
+ scope=SCOPE_ONELEVEL,
+ expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
self.assertEqual(len(res1), 2)
dn_list = [str(res.dn).lower() for res in res1]
self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
def test_not_linked_attrs(self):
res1 = self.ldb.search(self.base_dn,
- scope=SCOPE_BASE,
- expression="wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,%s" % self.base_dn)
+ scope=SCOPE_BASE,
+ expression="wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,%s" % self.base_dn)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), self.base_dn.lower())
def test_subtree(self):
res1 = self.ldb.search(self.ou,
- scope=SCOPE_SUBTREE,
- expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
+ scope=SCOPE_SUBTREE,
+ expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
self.assertEqual(len(res1), 1)
self.assertEqual(str(res1[0].dn).lower(), ("OU=o3,OU=o2,OU=o1,%s" % self.ou).lower())
res1 = self.ldb.search(self.ou,
- scope=SCOPE_ONELEVEL,
- expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
+ scope=SCOPE_ONELEVEL,
+ expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search(self.ou,
- scope=SCOPE_SUBTREE,
- expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
+ scope=SCOPE_SUBTREE,
+ expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
self.assertEqual(len(res1), 0)
res1 = self.ldb.search(self.ou,
- scope=SCOPE_ONELEVEL,
- expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
+ scope=SCOPE_ONELEVEL,
+ expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
self.assertEqual(len(res1), 0)
def test_unknown_oid(self):
self.assertEqual(len(res1), 0)
def test_nul_text(self):
- self.assertRaises(TypeError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="\00member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
- self.assertRaises(TypeError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840\00.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
- self.assertRaises(TypeError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u1\00,%s" % self.ou_users))
- self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
- self.assertRaises(LdbError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:"))
+ self.assertRaises(TypeError,
+ lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="\00member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
+ self.assertRaises(TypeError,
+ lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840\00.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
+ self.assertRaises(TypeError,
+ lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u1\00,%s" % self.ou_users))
+ self.assertRaises(LdbError,
+ lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
+ self.assertRaises(LdbError,
+ lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:"))
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=")
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=")
self.assertEqual(len(res1), 0)
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member=")
+ scope=SCOPE_BASE,
+ expression="member=")
self.assertEqual(len(res1), 0)
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=nonexistent")
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=nonexistent")
self.assertEqual(len(res1), 0)
res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member=nonexistent")
+ scope=SCOPE_BASE,
+ expression="member=nonexistent")
self.assertEqual(len(res1), 0)
- self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:cn=u1,%s" % self.ou_users))
- self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=cn=u1"))
- self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member:1.2.840.113556.1.4.1941:=cn="))
- self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
- scope=SCOPE_BASE,
- expression="member::=cn=u1,%s" % self.ou_users))
+ self.assertRaises(LdbError,
+ lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:cn=u1,%s" % self.ou_users))
+ self.assertRaises(LdbError,
+ lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=cn=u1"))
+ self.assertRaises(LdbError,
+ lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member:1.2.840.113556.1.4.1941:=cn="))
+ self.assertRaises(LdbError,
+ lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
+ scope=SCOPE_BASE,
+ expression="member::=cn=u1,%s" % self.ou_users))
def test_misc_matches(self):
res1 = self.ldb.search(self.ou_groups,
def test_search_scope_base_empty_db(self):
l = ldb.Ldb(self.url(), flags=self.flags())
self.assertEqual(len(l.search(ldb.Dn(l, "dc=foo1"),
- ldb.SCOPE_BASE)), 0)
+ ldb.SCOPE_BASE)), 0)
def test_search_scope_onelevel_empty_db(self):
l = ldb.Ldb(self.url(), flags=self.flags())
self.assertEqual(len(l.search(ldb.Dn(l, "dc=foo1"),
- ldb.SCOPE_ONELEVEL)), 0)
+ ldb.SCOPE_ONELEVEL)), 0)
def test_delete(self):
l = ldb.Ldb(self.url(), flags=self.flags())
# Now set this to unique index, but forget to check the result
try:
self.ldb.add({"dn": "@ATTRIBUTES",
- "y": "UNIQUE_INDEX"})
+ "y": "UNIQUE_INDEX"})
self.fail()
except ldb.LdbError:
pass
# Now set this to unique index, but forget to check the result
try:
self.ldb.add({"dn": "@ATTRIBUTES",
- "y": "UNIQUE_INDEX"})
+ "y": "UNIQUE_INDEX"})
except ldb.LdbError:
pass
# This should not turn up until the transaction is concluded
res11 = self.l.search(base="OU=OU11,DC=SAMBA,DC=ORG",
- scope=ldb.SCOPE_BASE)
+ scope=ldb.SCOPE_BASE)
self.assertEqual(len(res11), 0)
os.write(w2, b"search")
# This should now turn up, as the transaction is over
res11 = self.l.search(base="OU=OU11,DC=SAMBA,DC=ORG",
- scope=ldb.SCOPE_BASE)
+ scope=ldb.SCOPE_BASE)
self.assertEqual(len(res11), 1)
self.assertFalse(found11)
# This should not turn up until the transaction is concluded
res11 = self.l.search(base="OU=OU11,DC=SAMBA,DC=ORG",
- scope=ldb.SCOPE_BASE)
+ scope=ldb.SCOPE_BASE)
self.assertEqual(len(res11), 0)
os.write(w2, b"search")
# removed the read lock, but for ldb_tdb that happened as soon
# as we called the first res.next()
res11 = self.l.search(base="OU=OU11,DC=SAMBA,DC=ORG",
- scope=ldb.SCOPE_BASE)
+ scope=ldb.SCOPE_BASE)
self.assertEqual(len(res11), 0)
# These results are all collected at the first next(res) call
# This should now turn up, as the transaction is over and all
# read locks are gone
res11 = self.l.search(base="OU=OU11,DC=SAMBA,DC=ORG",
- scope=ldb.SCOPE_BASE)
+ scope=ldb.SCOPE_BASE)
self.assertEqual(len(res11), 1)
self.assertTrue(found)
def test_try_subdb_index(self):
try:
self.l.add({"dn": "@INDEXLIST",
- "@IDX_LMDB_SUBDB": [b"1"],
- "@IDXONE": [b"1"],
- "@IDXONE": [b"1"],
- "@IDXGUID": [b"objectUUID"],
- "@IDX_DN_GUID": [b"GUID"],
+ "@IDX_LMDB_SUBDB": [b"1"],
+ "@IDXONE": [b"1"],
+ "@IDXONE": [b"1"],
+ "@IDXGUID": [b"objectUUID"],
+ "@IDX_DN_GUID": [b"GUID"],
})
except ldb.LdbError as e:
code = e.args[0]
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option("--createkey", type="string", metavar="KEYNAME",
- help="create a key")
+ help="create a key")
opts, args = parser.parse_args()
try:
res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
- expression="(|(objectclass=user)(objectclass=computer))")
+ expression="(|(objectclass=user)(objectclass=computer))")
except ldb.LdbError as error:
(errno, estr) = error.args
if errno == ldb.ERR_NO_SUCH_OBJECT:
# Delete the 'visible' records, and the invisble 'deleted' records (if
# this DB supports it)
for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
- "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
- [], controls=["show_deleted:0", "show_recycled:0"]):
+ "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
+ [], controls=["show_deleted:0", "show_recycled:0"]):
try:
self.delete(msg.dn, ["relax:0"])
except ldb.LdbError as error:
raise
res = self.search(basedn, ldb.SCOPE_SUBTREE,
- "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
- [], controls=["show_deleted:0", "show_recycled:0"])
+ "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
+ [], controls=["show_deleted:0", "show_recycled:0"])
assert len(res) == 0
# delete the specials
var_end = text.find("}", var_start)
raise Exception("Not all variables substituted: %s" %
- text[var_start:var_end+1])
+ text[var_start:var_end+1])
def read_and_sub_file(file_name, subst_vars):
"""
if in_source_tree():
extra_path = os.path.join(source_tree_topdir(), source_tree_container,
- location)
+ location)
if not extra_path in sys.path:
sys.path.insert(0, extra_path)
sys.modules[modulename] = __import__(modulename)
__import__(modulename)
except ImportError:
import_bundled_package(modulename, location,
- source_tree_container="third_party",
- namespace="samba.third_party")
+ source_tree_container="third_party",
+ namespace="samba.third_party")
def dn_from_dns_name(dnsdomain):
self.name_map = {}
try:
res = samdb.search(base="CN=DnsAdmins,CN=Users,%s" % samdb.domain_dn(), scope=ldb.SCOPE_BASE,
- attrs=["objectSid"])
+ attrs=["objectSid"])
dnsadmins_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
self.name_map['DnsAdmins'] = str(dnsadmins_sid)
except ldb.LdbError as e5:
res = self.samdb.search(scope=ldb.SCOPE_BASE,
base="@SAMBA_DSDB",
attrs=["compatibleFeatures",
- "requiredFeatures"])
+ "requiredFeatures"])
if "compatibleFeatures" in res[0]:
self.compatibleFeatures = res[0]["compatibleFeatures"]
if "requiredFeatures" in res[0]:
m['value_%u' % i] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
if nval != '':
m['normv_%u' % i] = ldb.MessageElement(nval, ldb.FLAG_MOD_ADD,
- attrname)
+ attrname)
if self.do_modify(m, ["relax:0", "show_recycled:1"],
"Failed to normalise attribute %s" % attrname,
m.dn = obj.dn
m['value'] = ldb.MessageElement(forward_vals, ldb.FLAG_MOD_REPLACE, forward_attr)
if self.do_modify(m, ["local_oid:%s:1" % dsdb.DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS],
- "Failed to fix duplicate links in attribute '%s'" % forward_attr):
+ "Failed to fix duplicate links in attribute '%s'" % forward_attr):
self.report("Fixed duplicate links in attribute '%s'" % (forward_attr))
duplicate_cache_key = "%s:%s" % (str(obj.dn), forward_attr)
assert duplicate_cache_key in self.duplicate_link_cache
missing_forward_links, missing_error_count = \
self.find_missing_forward_links_from_backlinks(obj,
- attrname, syntax_oid,
- reverse_link_name,
- unique_dict)
+ attrname, syntax_oid,
+ reverse_link_name,
+ unique_dict)
error_count += missing_error_count
forward_links = [dn for dn in unique_dict.values()]
if guid is None:
error_count += 1
self.err_missing_dn_GUID_component(obj.dn, attrname, val, dsdb_dn,
- "missing GUID")
+ "missing GUID")
continue
guidstr = str(misc.GUID(guid))
nmsg.dn = dn
nmsg[attr] = ldb.MessageElement(replBlob, ldb.FLAG_MOD_REPLACE, attr)
if self.do_modify(nmsg, ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA,
- "local_oid:1.3.6.1.4.1.7165.4.3.14:0",
- "local_oid:1.3.6.1.4.1.7165.4.3.25:0"],
- "Failed to fix attribute %s" % attr):
+ "local_oid:1.3.6.1.4.1.7165.4.3.14:0",
+ "local_oid:1.3.6.1.4.1.7165.4.3.25:0"],
+ "Failed to fix attribute %s" % attr):
self.report("Fixed attribute '%s' of '%s'\n" % (attr, dn))
class SRVRecord(dnsserver.DNS_RPC_RECORD):
def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900,
- rank=dnsp.DNS_RANK_ZONE, node_flag=0):
+ rank=dnsp.DNS_RANK_ZONE, node_flag=0):
super(SRVRecord, self).__init__()
self.wType = dnsp.DNS_TYPE_SRV
self.dwFlags = rank | node_flag
class TXTRecord(dnsserver.DNS_RPC_RECORD):
def __init__(self, slist, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE,
- node_flag=0):
+ node_flag=0):
super(TXTRecord, self).__init__()
self.wType = dnsp.DNS_TYPE_TXT
self.dwFlags = rank | node_flag
def sendDsReplicaSync(drsuapiBind, drsuapi_handle, source_dsa_guid,
- naming_context, req_option):
+ naming_context, req_option):
"""Send DS replica sync request.
:param drsuapiBind: a drsuapi Bind object
def __init__(self, parser):
optparse.OptionGroup.__init__(self, parser, "Version Options")
self.add_option("-V", "--version", action="callback",
- callback=self._display_version,
- help="Display version number")
+ callback=self._display_version,
+ help="Display version number")
def _display_version(self, option, opt_str, arg, parser):
import samba
self.machine_pass = False
optparse.OptionGroup.__init__(self, parser, self.section)
self._add_option("--simple-bind-dn", metavar="DN", action="callback",
- callback=self._set_simple_bind_dn, type=str,
- help="DN to use for a simple bind")
+ callback=self._set_simple_bind_dn, type=str,
+ help="DN to use for a simple bind")
self._add_option("--password", metavar="PASSWORD", action="callback",
- help="Password", type=str, callback=self._set_password)
+ help="Password", type=str, callback=self._set_password)
self._add_option("-U", "--username", metavar="USERNAME",
- action="callback", type=str,
- help="Username", callback=self._parse_username)
+ action="callback", type=str,
+ help="Username", callback=self._parse_username)
self._add_option("-W", "--workgroup", metavar="WORKGROUP",
- action="callback", type=str,
- help="Workgroup", callback=self._parse_workgroup)
+ action="callback", type=str,
+ help="Workgroup", callback=self._parse_workgroup)
self._add_option("-N", "--no-pass", action="callback",
- help="Don't ask for a password",
- callback=self._set_no_password)
+ help="Don't ask for a password",
+ callback=self._set_no_password)
self._add_option("-k", "--kerberos", metavar="KERBEROS",
- action="callback", type=str,
- help="Use Kerberos", callback=self._set_kerberos)
+ action="callback", type=str,
+ help="Use Kerberos", callback=self._set_kerberos)
self._add_option("", "--ipaddress", metavar="IPADDRESS",
- action="callback", type=str,
- help="IP address of server",
- callback=self._set_ipaddress)
+ action="callback", type=str,
+ help="IP address of server",
+ callback=self._set_ipaddress)
self._add_option("-P", "--machine-pass",
- action="callback",
- help="Use stored machine account password",
- callback=self._set_machine_pass)
+ action="callback",
+ help="Use stored machine account password",
+ callback=self._set_machine_pass)
self._add_option("--krb5-ccache", metavar="KRB5CCNAME",
action="callback", type=str,
help="Kerberos Credentials cache",
def list(self, rootpath):
return os.path.join(rootpath,
- "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf")
+ "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf")
def listmachpol(self, rootpath):
return os.path.join(rootpath, "Machine/Registry.pol")
def get_dc_hostname(creds, lp):
net = Net(creds=creds, lp=lp)
cldap_ret = net.finddc(domain=lp.get('realm'), flags=(nbt.NBT_SERVER_LDAP |
- nbt.NBT_SERVER_DS))
+ nbt.NBT_SERVER_DS))
return cldap_ret.pdc_dns_name
''' Fetch a list of GUIDs for applicable GPOs '''
check_refresh_gpo_list(dc_hostname, lp, creds, gpos)
except:
logger.error('Failed downloading gpt cache from \'%s\' using SMB' \
- % dc_hostname)
+ % dc_hostname)
return
for gpo_obj in gpos:
ext.parse(ext.list(path), test_ldb, gp_db, lp)
except Exception as e:
logger.error('Failed to parse gpo %s for extension %s' % \
- (guid, str(ext)))
+ (guid, str(ext)))
logger.error('Message was: ' + str(e))
store.cancel()
continue
break
else:
vmap = dict((k, v.replace(',CN=Servers,', ',**,', 1))
- for k, v in vmap.items())
+ for k, v in vmap.items())
replacements.append(('**', 'CN=Servers'))
for v in vmap.values():
break
else:
vmap = dict((k, v.replace('CN=NTDS Settings,', '*,', 1))
- for k, v in vmap.items())
+ for k, v in vmap.items())
replacements.append(('*', 'CN=NTDS Settings'))
return vmap, replacements
url = lp.private_path("idmap.ldb")
super(IDmapDB, self).__init__(url=url, lp=lp, modules_dir=modules_dir,
- session_info=session_info, credentials=credentials, flags=flags,
- options=options)
+ session_info=session_info, credentials=credentials, flags=flags,
+ options=options)
def connect(self, url=None, flags=0, options=None):
super(IDmapDB, self).connect(url=self.lp.private_path(url), flags=flags,
- options=options)
+ options=options)
def increment_xid(self):
"""Increment xidNumber, if not present it create and assign it to the lowerBound
creds.set_kerberos_state(ctx.creds.get_kerberos_state())
machine_samdb = SamDB(url="ldap://%s" % ctx.server,
session_info=system_session(),
- credentials=creds, lp=ctx.lp)
+ credentials=creds, lp=ctx.lp)
except:
pass
else:
if token_res[0]["tokenGroups"][0] \
== res[0]["objectSID"][0]:
raise DCJoinException("Not removing account %s which "
- "looks like a Samba DC account "
- "matching the password we already have. "
- "To override, remove secrets.ldb and secrets.tdb"
- % ctx.samname)
+ "looks like a Samba DC account "
+ "matching the password we already have. "
+ "To override, remove secrets.ldb and secrets.tdb"
+ % ctx.samname)
ctx.del_noerror(res[0].dn, recursive=True)
res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
expression='(sAMAccountName=%s)' % ldb.binary_encode("dns-%s" % ctx.myname),
- attrs=[])
+ attrs=[])
if res:
raise DCJoinException("Not removing account %s which looks like "
- "a Samba DNS service account but does not "
- "have servicePrincipalName=%s" %
- (ldb.binary_encode("dns-%s" % ctx.myname),
- ldb.binary_encode("dns/%s" % ctx.dnshostname)))
+ "a Samba DNS service account but does not "
+ "have servicePrincipalName=%s" %
+ (ldb.binary_encode("dns-%s" % ctx.myname),
+ ldb.binary_encode("dns/%s" % ctx.dnshostname)))
def cleanup_old_join(ctx, force=False):
# TODO Is this supposed to be for the schema partition too?
expr = "(&(objectClass=crossRef)(ncName=%s))" % ldb.binary_encode(ctx.domaindns_zone)
domain = (ctx.samdb.search(scope=ldb.SCOPE_ONELEVEL,
- attrs=[],
- base=ctx.samdb.get_partitions_dn(),
- expression=expr), ctx.domaindns_zone)
+ attrs=[],
+ base=ctx.samdb.get_partitions_dn(),
+ expression=expr), ctx.domaindns_zone)
expr = "(&(objectClass=crossRef)(ncName=%s))" % ldb.binary_encode(ctx.forestdns_zone)
forest = (ctx.samdb.search(scope=ldb.SCOPE_ONELEVEL,
- attrs=[],
- base=ctx.samdb.get_partitions_dn(),
- expression=expr), ctx.forestdns_zone)
+ attrs=[],
+ base=ctx.samdb.get_partitions_dn(),
+ expression=expr), ctx.forestdns_zone)
for part, zone in (domain, forest):
if zone not in ctx.nc_list:
smbconf = ctx.lp.configfile
presult = provision(ctx.logger, system_session(), smbconf=smbconf,
- targetdir=ctx.targetdir, samdb_fill=FILL_DRS, realm=ctx.realm,
- rootdn=ctx.root_dn, domaindn=ctx.base_dn,
- schemadn=ctx.schema_dn, configdn=ctx.config_dn,
- serverdn=ctx.server_dn, domain=ctx.domain_name,
- hostname=ctx.myname, domainsid=ctx.domsid,
- machinepass=ctx.acct_pass, serverrole="active directory domain controller",
- sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
- use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend,
- plaintext_secrets=ctx.plaintext_secrets,
- backend_store=ctx.backend_store
+ targetdir=ctx.targetdir, samdb_fill=FILL_DRS, realm=ctx.realm,
+ rootdn=ctx.root_dn, domaindn=ctx.base_dn,
+ schemadn=ctx.schema_dn, configdn=ctx.config_dn,
+ serverdn=ctx.server_dn, domain=ctx.domain_name,
+ hostname=ctx.myname, domainsid=ctx.domsid,
+ machinepass=ctx.acct_pass, serverrole="active directory domain controller",
+ sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
+ use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend,
+ plaintext_secrets=ctx.plaintext_secrets,
+ backend_store=ctx.backend_store
)
print("Provision OK for domain DN %s" % presult.domaindn)
ctx.local_samdb = presult.samdb
repl = ctx.create_replicator(repl_creds, binding_options)
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
- destination_dsa_guid, schema=True, rodc=ctx.RODC,
- replica_flags=ctx.replica_flags)
+ destination_dsa_guid, schema=True, rodc=ctx.RODC,
+ replica_flags=ctx.replica_flags)
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
- destination_dsa_guid, rodc=ctx.RODC,
- replica_flags=ctx.replica_flags)
+ destination_dsa_guid, rodc=ctx.RODC,
+ replica_flags=ctx.replica_flags)
if not ctx.subdomain:
# Replicate first the critical object for the basedn
if not ctx.domain_replica_flags & drsuapi.DRSUAPI_DRS_CRITICAL_ONLY:
print("Replicating critical objects from the base DN of the domain")
ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
- destination_dsa_guid, rodc=ctx.RODC,
- replica_flags=ctx.domain_replica_flags)
+ destination_dsa_guid, rodc=ctx.RODC,
+ replica_flags=ctx.domain_replica_flags)
ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
if ctx.RODC:
repl.replicate(ctx.acct_dn, source_dsa_invocation_id,
- destination_dsa_guid,
- exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
+ destination_dsa_guid,
+ exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id,
- destination_dsa_guid,
- exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
+ destination_dsa_guid,
+ exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
elif ctx.rid_manager_dn != None:
# Try and get a RID Set if we can. This is only possible against the RID Master. Warn otherwise.
try:
binding_options = "sign"
dns_conn = dnsserver.dnsserver("ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),
- ctx.lp, ctx.creds)
+ ctx.lp, ctx.creds)
name_found = True
return ctx
def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None,
- netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None,
- netbios_domain=None, machinepass=None, adminpass=None, use_ntvfs=False,
- dns_backend=None, plaintext_secrets=False,
- backend_store=None):
+ netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None,
+ netbios_domain=None, machinepass=None, adminpass=None, use_ntvfs=False,
+ dns_backend=None, plaintext_secrets=False,
+ backend_store=None):
"""Join as a DC."""
ctx = DCJoinContext(logger, server, creds, lp, site, netbios_name,
targetdir, parent_domain, machinepass, use_ntvfs,
# do the provision with the new/renamed domain DN values
presult = provision(ctx.logger, system_session(),
- targetdir=ctx.targetdir, samdb_fill=FILL_DRS,
- realm=ctx.new_realm, lp=non_global_lp,
- rootdn=ctx.rename_dn(ctx.root_dn), domaindn=ctx.new_base_dn,
- schemadn=ctx.rename_dn(ctx.schema_dn),
- configdn=ctx.rename_dn(ctx.config_dn),
- domain=ctx.new_domain_name, domainsid=ctx.domsid,
- serverrole="active directory domain controller",
- dns_backend=ctx.dns_backend)
+ targetdir=ctx.targetdir, samdb_fill=FILL_DRS,
+ realm=ctx.new_realm, lp=non_global_lp,
+ rootdn=ctx.rename_dn(ctx.root_dn), domaindn=ctx.new_base_dn,
+ schemadn=ctx.rename_dn(ctx.schema_dn),
+ configdn=ctx.rename_dn(ctx.config_dn),
+ domain=ctx.new_domain_name, domainsid=ctx.domsid,
+ serverrole="active directory domain controller",
+ dns_backend=ctx.dns_backend)
print("Provision OK for renamed domain DN %s" % presult.domaindn)
ctx.local_samdb = presult.samdb
paragraphs = description.split('\n')
wrapped_paragraphs = [
textwrap.fill(p,
- desc_width,
- initial_indent=indent,
- subsequent_indent=indent)
+ desc_width,
+ initial_indent=indent,
+ subsequent_indent=indent)
for p in paragraphs]
result = "\n".join(wrapped_paragraphs) + "\n"
return result
if realm is None:
realm = lp.get('realm')
cldap_ret = net.finddc(domain=realm,
- flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
+ flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
return cldap_ret.pdc_dns_name
DC with the specified address'''
net = Net(creds=creds, lp=lp)
cldap_ret = net.finddc(address=address,
- flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
+ flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
return cldap_ret
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
filter = "(sAMAccountType=%u)" % (dsdb.ATYPE_WORKSTATION_TRUST)
takes_options = [
Option("--scope", dest="scope", default="SUB",
- help="Pass search scope that builds DN list. Options: SUB, ONE, BASE"),
+ help="Pass search scope that builds DN list. Options: SUB, ONE, BASE"),
Option("--fix", dest="fix", default=False, action='store_true',
help='Fix any errors found'),
Option("--yes", action='callback', callback=process_yes,
Option("--cross-ncs", dest="cross_ncs", default=False, action='store_true',
help="cross naming context boundaries"),
Option("-v", "--verbose", dest="verbose", action="store_true", default=False,
- help="Print more details of checking"),
+ help="Print more details of checking"),
Option("-q", "--quiet", action="store_true", default=False,
- help="don't print details of checking"),
+ help="don't print details of checking"),
Option("--attrs", dest="attrs", default=None, help="list of attributes to check (space separated)"),
Option("--reindex", dest="reindex", default=False, action="store_true", help="force database re-index"),
Option("--force-modules", dest="force_modules", default=False, action="store_true", help="force loading of Samba modules and ignore the @MODULES record (for very old databases)"),
else:
error_count = chk.check_database(DN=DN, scope=search_scope,
- controls=controls, attrs=attrs)
+ controls=controls, attrs=attrs)
except:
if started_transaction:
samdb.transaction_cancel()
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" %
- ldb.binary_encode(cleanedaccount),
- scope=ldb.SCOPE_SUBTREE,
- attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
+ ldb.binary_encode(cleanedaccount),
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
if len(res) == 0:
raise CommandError("Unable to find account name '%s'" % accountname)
assert(len(res) == 1)
self.outf.write("Account-DN: %s\n" % str(res[0].dn))
self.outf.write("UF_TRUSTED_FOR_DELEGATION: %s\n"
- % bool(uac & dsdb.UF_TRUSTED_FOR_DELEGATION))
+ % bool(uac & dsdb.UF_TRUSTED_FOR_DELEGATION))
self.outf.write("UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s\n" %
- bool(uac & dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION))
+ bool(uac & dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION))
if allowed is not None:
for a in allowed:
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag,
- flags_str="Trusted-to-Authenticate-for-Delegation",
- on=on, strict=True)
+ flags_str="Trusted-to-Authenticate-for-Delegation",
+ on=on, strict=True)
except Exception as err:
raise CommandError(err)
msg = ldb.Message()
msg.dn = res[0].dn
msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal],
- ldb.FLAG_MOD_ADD,
- "msDS-AllowedToDelegateTo")
+ ldb.FLAG_MOD_ADD,
+ "msDS-AllowedToDelegateTo")
try:
sam.modify(msg)
except Exception as err:
msg = ldb.Message()
msg.dn = res[0].dn
msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal],
- ldb.FLAG_MOD_DELETE,
- "msDS-AllowedToDelegateTo")
+ ldb.FLAG_MOD_DELETE,
+ "msDS-AllowedToDelegateTo")
try:
sam.modify(msg)
except Exception as err:
def dp_flags_string(dp_flags):
bitmap_defs = [ 'DNS_DP_AUTOCREATED', 'DNS_DP_LEGACY', 'DNS_DP_DOMAIN_DEFAULT',
- 'DNS_DP_FOREST_DEFAULT', 'DNS_DP_ENLISTED', 'DNS_DP_DELETED' ]
+ 'DNS_DP_FOREST_DEFAULT', 'DNS_DP_ENLISTED', 'DNS_DP_DELETED' ]
return bitmap_string(dnsserver, bitmap_defs, dp_flags)
dns_conn = dns_connect(server, self.lp, self.creds)
rec_match = dns_record_match(dns_conn, server, zone, name, record_type,
- olddata)
+ olddata)
if not rec_match:
raise CommandError('Record or zone does not exist.')
backend_store = get_default_backend_store()
try:
result = provision(self.logger,
- session, smbconf=smbconf, targetdir=targetdir,
- samdb_fill=samdb_fill, realm=realm, domain=domain,
- domainguid=domain_guid, domainsid=domain_sid,
- hostname=host_name,
- hostip=host_ip, hostip6=host_ip6,
- sitename=site, ntdsguid=ntds_guid,
- invocationid=invocationid, adminpass=adminpass,
- krbtgtpass=krbtgtpass, machinepass=machinepass,
- dns_backend=dns_backend, dns_forwarder=dns_forwarder,
- dnspass=dnspass, root=root, nobody=nobody,
- users=users,
- serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
- backend_type=ldap_backend_type,
- ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, slapd_path=slapd_path,
- useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=use_ntvfs,
- use_rfc2307=use_rfc2307, skip_sysvolacl=False,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_backend_forced_uri=ldap_backend_forced_uri,
- nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode,
- base_schema=base_schema,
- plaintext_secrets=plaintext_secrets,
- backend_store=backend_store)
+ session, smbconf=smbconf, targetdir=targetdir,
+ samdb_fill=samdb_fill, realm=realm, domain=domain,
+ domainguid=domain_guid, domainsid=domain_sid,
+ hostname=host_name,
+ hostip=host_ip, hostip6=host_ip6,
+ sitename=site, ntdsguid=ntds_guid,
+ invocationid=invocationid, adminpass=adminpass,
+ krbtgtpass=krbtgtpass, machinepass=machinepass,
+ dns_backend=dns_backend, dns_forwarder=dns_forwarder,
+ dnspass=dnspass, root=root, nobody=nobody,
+ users=users,
+ serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
+ backend_type=ldap_backend_type,
+ ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, slapd_path=slapd_path,
+ useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=use_ntvfs,
+ use_rfc2307=use_rfc2307, skip_sysvolacl=False,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_backend_forced_uri=ldap_backend_forced_uri,
+ nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode,
+ base_schema=base_schema,
+ plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
except ProvisioningError as e:
raise CommandError("Provision failed", e)
ntds_guid = samdb.get_ntds_GUID()
msg = samdb.search(base=str(samdb.get_config_basedn()),
- scope=ldb.SCOPE_SUBTREE, expression="(objectGUID=%s)" % ntds_guid,
- attrs=['options'])
+ scope=ldb.SCOPE_SUBTREE, expression="(objectGUID=%s)" % ntds_guid,
+ attrs=['options'])
if len(msg) == 0 or "options" not in msg[0]:
raise CommandError("Failed to find options on %s" % ntds_guid)
raise CommandError("Error while sending a DsReplicaSync for partition '%s'" % str(part), string)
try:
remote_samdb = SamDB(url="ldap://%s" % server,
- session_info=system_session(),
- credentials=creds, lp=lp)
+ session_info=system_session(),
+ credentials=creds, lp=lp)
self.errf.write("Changing userControl and container\n")
res = remote_samdb.search(base=str(remote_samdb.domain_dn()),
- expression="(&(objectClass=user)(sAMAccountName=%s$))" %
+ expression="(&(objectClass=user)(sAMAccountName=%s$))" %
netbios_name.upper(),
- attrs=["userAccountControl"])
+ attrs=["userAccountControl"])
dc_dn = res[0].dn
uac = int(str(res[0]["userAccountControl"]))
msg.dn = dc_dn
msg["userAccountControl"] = ldb.MessageElement("%d" % uac,
- ldb.FLAG_MOD_REPLACE,
- "userAccountControl")
+ ldb.FLAG_MOD_REPLACE,
+ "userAccountControl")
remote_samdb.modify(msg)
msg.dn = dc_dn
msg["userAccountControl"] = ldb.MessageElement("%d" % uac,
- ldb.FLAG_MOD_REPLACE,
- "userAccountControl")
+ ldb.FLAG_MOD_REPLACE,
+ "userAccountControl")
remote_samdb.modify(msg)
raise CommandError("Error while renaming %s to %s" % (str(dc_dn), str(newdn)), e)
"CN=NTFRS Subscriptions"):
try:
remote_samdb.delete(ldb.Dn(remote_samdb,
- "%s,%s" % (s, str(newdn))))
+ "%s,%s" % (s, str(newdn))))
except ldb.LdbError as l:
pass
metavar="URL", dest="H"),
Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
Option("--forest-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
- help="The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)"),
+ help="The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)"),
Option("--domain-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
- help="The domain function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)")
- ]
+ help="The domain function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)")
+ ]
takes_args = ["subcommand"]
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
res_forest = samdb.search("CN=Partitions,%s" % samdb.get_config_basedn(),
- scope=ldb.SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ scope=ldb.SCOPE_BASE, attrs=["msDS-Behavior-Version"])
assert len(res_forest) == 1
res_domain = samdb.search(domain_dn, scope=ldb.SCOPE_BASE,
- attrs=["msDS-Behavior-Version", "nTMixedDomain"])
+ attrs=["msDS-Behavior-Version", "nTMixedDomain"])
assert len(res_domain) == 1
res_dc_s = samdb.search("CN=Sites,%s" % samdb.get_config_basedn(),
- scope=ldb.SCOPE_SUBTREE, expression="(objectClass=nTDSDSA)",
- attrs=["msDS-Behavior-Version"])
+ scope=ldb.SCOPE_SUBTREE, expression="(objectClass=nTDSDSA)",
+ attrs=["msDS-Behavior-Version"])
assert len(res_dc_s) >= 1
# default values, since "msDS-Behavior-Version" does not exist on Windows 2000 AD
m = ldb.Message()
m.dn = ldb.Dn(samdb, domain_dn)
m["nTMixedDomain"] = ldb.MessageElement("0",
- ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
+ ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
samdb.modify(m)
# Under partitions
m = ldb.Message()
m.dn = ldb.Dn(samdb, "CN=" + lp.get("workgroup") + ",CN=Partitions,%s" % samdb.get_config_basedn())
m["nTMixedDomain"] = ldb.MessageElement("0",
- ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
+ ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
try:
samdb.modify(m)
except ldb.LdbError as e:
# Under partitions
m = ldb.Message()
m.dn = ldb.Dn(samdb, "CN=" + lp.get("workgroup")
- + ",CN=Partitions,%s" % samdb.get_config_basedn())
+ + ",CN=Partitions,%s" % samdb.get_config_basedn())
m["msDS-Behavior-Version"]= ldb.MessageElement(
str(new_level_domain), ldb.FLAG_MOD_REPLACE,
"msDS-Behavior-Version")
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
res = samdb.search(domain_dn, scope=ldb.SCOPE_BASE,
- attrs=["pwdProperties", "pwdHistoryLength", "minPwdLength",
- "minPwdAge", "maxPwdAge", "lockoutDuration", "lockoutThreshold",
- "lockOutObservationWindow"])
+ attrs=["pwdProperties", "pwdHistoryLength", "minPwdLength",
+ "minPwdAge", "maxPwdAge", "lockoutDuration", "lockoutThreshold",
+ "lockOutObservationWindow"])
assert(len(res) == 1)
try:
pwd_props = int(res[0]["pwdProperties"][0])
metavar="URL", dest="H"),
Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
Option("--complexity", type="choice", choices=["on","off","default"],
- help="The password complexity (on | off | default). Default is 'on'"),
+ help="The password complexity (on | off | default). Default is 'on'"),
Option("--store-plaintext", type="choice", choices=["on","off","default"],
- help="Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off'"),
+ help="Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off'"),
Option("--history-length",
- help="The password history length (<integer> | default). Default is 24.", type=str),
+ help="The password history length (<integer> | default). Default is 24.", type=str),
Option("--min-pwd-length",
- help="The minimum password length (<integer> | default). Default is 7.", type=str),
+ help="The minimum password length (<integer> | default). Default is 7.", type=str),
Option("--min-pwd-age",
- help="The minimum password age (<integer in days> | default). Default is 1.", type=str),
+ help="The minimum password age (<integer in days> | default). Default is 1.", type=str),
Option("--max-pwd-age",
- help="The maximum password age (<integer in days> | default). Default is 43.", type=str),
+ help="The maximum password age (<integer in days> | default). Default is 43.", type=str),
Option("--account-lockout-duration",
- help="The the length of time an account is locked out after exeeding the limit on bad password attempts (<integer in mins> | default). Default is 30 mins.", type=str),
+ help="The the length of time an account is locked out after exeeding the limit on bad password attempts (<integer in mins> | default). Default is 30 mins.", type=str),
Option("--account-lockout-threshold",
- help="The number of bad password attempts allowed before locking out the account (<integer> | default). Default is 0 (never lock out).", type=str),
+ help="The number of bad password attempts allowed before locking out the account (<integer> | default). Default is 0 (never lock out).", type=str),
Option("--reset-account-lockout-after",
- help="After this time is elapsed, the recorded number of attempts restarts from zero (<integer> | default). Default is 30.", type=str),
- ]
+ help="After this time is elapsed, the recorded number of attempts restarts from zero (<integer> | default). Default is 30.", type=str),
+ ]
def run(self, H=None, min_pwd_age=None, max_pwd_age=None,
quiet=False, complexity=None, store_plaintext=None, history_length=None,
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
msgs = []
if complexity is not None or store_plaintext is not None:
m["pwdProperties"] = ldb.MessageElement(str(pwd_props),
- ldb.FLAG_MOD_REPLACE, "pwdProperties")
+ ldb.FLAG_MOD_REPLACE, "pwdProperties")
if history_length is not None:
if history_length == "default":
raise CommandError("Password history length must be in the range of 0 to 24!")
m["pwdHistoryLength"] = ldb.MessageElement(str(pwd_hist_len),
- ldb.FLAG_MOD_REPLACE, "pwdHistoryLength")
+ ldb.FLAG_MOD_REPLACE, "pwdHistoryLength")
msgs.append("Password history length changed!")
if min_pwd_length is not None:
raise CommandError("Minimum password length must be in the range of 0 to 14!")
m["minPwdLength"] = ldb.MessageElement(str(min_pwd_len),
- ldb.FLAG_MOD_REPLACE, "minPwdLength")
+ ldb.FLAG_MOD_REPLACE, "minPwdLength")
msgs.append("Minimum password length changed!")
if min_pwd_age is not None:
min_pwd_age_ticks = -int(min_pwd_age * (24 * 60 * 60 * 1e7))
m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age_ticks),
- ldb.FLAG_MOD_REPLACE, "minPwdAge")
+ ldb.FLAG_MOD_REPLACE, "minPwdAge")
msgs.append("Minimum password age changed!")
if max_pwd_age is not None:
max_pwd_age_ticks = -int(max_pwd_age * (24 * 60 * 60 * 1e7))
m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age_ticks),
- ldb.FLAG_MOD_REPLACE, "maxPwdAge")
+ ldb.FLAG_MOD_REPLACE, "maxPwdAge")
msgs.append("Maximum password age changed!")
if account_lockout_duration is not None:
account_lockout_duration_ticks = -int(account_lockout_duration * (60 * 1e7))
m["lockoutDuration"] = ldb.MessageElement(str(account_lockout_duration_ticks),
- ldb.FLAG_MOD_REPLACE, "lockoutDuration")
+ ldb.FLAG_MOD_REPLACE, "lockoutDuration")
msgs.append("Account lockout duration changed!")
if account_lockout_threshold is not None:
account_lockout_threshold = int(account_lockout_threshold)
m["lockoutThreshold"] = ldb.MessageElement(str(account_lockout_threshold),
- ldb.FLAG_MOD_REPLACE, "lockoutThreshold")
+ ldb.FLAG_MOD_REPLACE, "lockoutThreshold")
msgs.append("Account lockout threshold changed!")
if reset_account_lockout_after is not None:
reset_account_lockout_after_ticks = -int(reset_account_lockout_after * (60 * 1e7))
m["lockOutObservationWindow"] = ldb.MessageElement(str(reset_account_lockout_after_ticks),
- ldb.FLAG_MOD_REPLACE, "lockOutObservationWindow")
+ ldb.FLAG_MOD_REPLACE, "lockOutObservationWindow")
msgs.append("Duration to reset account lockout after changed!")
if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age:
try:
try:
samba.ntacls.setntacl(lp, tmpfile.name,
- "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
+ "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
eadb = False
except Exception:
# FIXME: Don't catch all exceptions here
nbt.NBT_SERVER_FOREST_ROOT: "FOREST_ROOT",
}
server_type_string = self.generic_bitmap_to_string(flag_map,
- remote_info.server_type, names_only=True)
+ remote_info.server_type, names_only=True)
self.outf.write("RemoteDC Netbios[%s] DNS[%s] ServerType[%s]\n" % (
remote_info.pdc_name,
remote_info.pdc_dns_name,
raise self.LocalRuntimeError(self, error, "failed to connect netlogon server")
try:
- local_netlogon_trusts = local_netlogon.netr_DsrEnumerateDomainTrusts(local_server,
- netlogon.NETR_TRUST_FLAG_IN_FOREST |
- netlogon.NETR_TRUST_FLAG_OUTBOUND |
- netlogon.NETR_TRUST_FLAG_INBOUND)
+ local_netlogon_trusts = \
+ local_netlogon.netr_DsrEnumerateDomainTrusts(local_server,
+ netlogon.NETR_TRUST_FLAG_IN_FOREST |
+ netlogon.NETR_TRUST_FLAG_OUTBOUND |
+ netlogon.NETR_TRUST_FLAG_INBOUND)
except RuntimeError as error:
if self.check_runtime_error(error, werror.WERR_RPC_S_PROCNUM_OUT_OF_RANGE):
# TODO: we could implement a fallback to lsa.EnumTrustDom()
lsaString = lsa.String()
lsaString.string = domain
try:
- local_tdo_full = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
+ local_tdo_full = \
+ local_lsa.QueryTrustedDomainInfoByName(local_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
local_tdo_info = local_tdo_full.info_ex
local_tdo_posix = local_tdo_full.posix_offset
except NTSTATUSError as error:
raise self.LocalRuntimeError(self, error, "QueryTrustedDomainInfoByName(FULL_INFO) failed")
try:
- local_tdo_enctypes = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES)
+ local_tdo_enctypes = \
+ local_lsa.QueryTrustedDomainInfoByName(local_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES)
except NTSTATUSError as error:
if self.check_runtime_error(error, ntstatus.NT_STATUS_INVALID_PARAMETER):
error = None
if error is not None:
raise self.LocalRuntimeError(self, error,
- "QueryTrustedDomainInfoByName(SUPPORTED_ENCRYPTION_TYPES) failed")
+ "QueryTrustedDomainInfoByName(SUPPORTED_ENCRYPTION_TYPES) failed")
local_tdo_enctypes = lsa.TrustDomainInfoSupportedEncTypes()
local_tdo_enctypes.enc_types = 0
try:
local_tdo_forest = None
if local_tdo_info.trust_attributes & lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE:
- local_tdo_forest = local_lsa.lsaRQueryForestTrustInformation(local_policy,
- lsaString, lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
+ local_tdo_forest = \
+ local_lsa.lsaRQueryForestTrustInformation(local_policy,
+ lsaString,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
except RuntimeError as error:
if self.check_runtime_error(error, ntstatus.NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE):
error = None
try:
lsaString.string = local_trust_info.domain_name.string
- local_old_netbios = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
+ local_old_netbios = \
+ local_lsa.QueryTrustedDomainInfoByName(local_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
raise CommandError("TrustedDomain %s already exist'" % lsaString.string)
except NTSTATUSError as error:
if not self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise self.LocalRuntimeError(self, error,
- "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
+ "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
lsaString.string))
try:
lsaString.string = local_trust_info.netbios_name.string
- local_old_dns = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
+ local_old_dns = \
+ local_lsa.QueryTrustedDomainInfoByName(local_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
raise CommandError("TrustedDomain %s already exist'" % lsaString.string)
except NTSTATUSError as error:
if not self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise self.LocalRuntimeError(self, error,
- "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
+ "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
lsaString.string))
if remote_trust_info:
try:
lsaString.string = remote_trust_info.domain_name.string
- remote_old_netbios = remote_lsa.QueryTrustedDomainInfoByName(remote_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
+ remote_old_netbios = \
+ remote_lsa.QueryTrustedDomainInfoByName(remote_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
raise CommandError("TrustedDomain %s already exist'" % lsaString.string)
except NTSTATUSError as error:
if not self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise self.RemoteRuntimeError(self, error,
- "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
+ "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
lsaString.string))
try:
lsaString.string = remote_trust_info.netbios_name.string
- remote_old_dns = remote_lsa.QueryTrustedDomainInfoByName(remote_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
+ remote_old_dns = \
+ remote_lsa.QueryTrustedDomainInfoByName(remote_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
raise CommandError("TrustedDomain %s already exist'" % lsaString.string)
except NTSTATUSError as error:
if not self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise self.RemoteRuntimeError(self, error,
- "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
+ "QueryTrustedDomainInfoByName(%s, FULL_INFO) failed" % (
lsaString.string))
try:
if remote_trust_info:
self.outf.write("Creating remote TDO.\n")
current_request = { "location": "remote", "name": "CreateTrustedDomainEx2"}
- remote_tdo_handle = remote_lsa.CreateTrustedDomainEx2(remote_policy,
- remote_trust_info,
- remote_auth_info,
- lsa.LSA_TRUSTED_DOMAIN_ALL_ACCESS)
+ remote_tdo_handle = \
+ remote_lsa.CreateTrustedDomainEx2(remote_policy,
+ remote_trust_info,
+ remote_auth_info,
+ lsa.LSA_TRUSTED_DOMAIN_ALL_ACCESS)
self.outf.write("Remote TDO created.\n")
if enc_types:
self.outf.write("Setting supported encryption types on remote TDO.\n")
# this triggers netr_GetForestTrustInformation to the remote domain
# and lsaRSetForestTrustInformation() locally, but new top level
# names are disabled by default.
- local_forest_info = local_netlogon.netr_DsRGetForestTrustInformation(local_netlogon_info.dc_unc,
- remote_lsa_info.dns_domain.string,
- netlogon.DS_GFTI_UPDATE_TDO)
+ local_forest_info = \
+ local_netlogon.netr_DsRGetForestTrustInformation(local_netlogon_info.dc_unc,
+ remote_lsa_info.dns_domain.string,
+ netlogon.DS_GFTI_UPDATE_TDO)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
try:
# here we try to enable all top level names
- local_forest_collision = local_lsa.lsaRSetForestTrustInformation(local_policy,
- remote_lsa_info.dns_domain,
- lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
- local_forest_info,
- 0)
+ local_forest_collision = \
+ local_lsa.lsaRSetForestTrustInformation(local_policy,
+ remote_lsa_info.dns_domain,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
+ local_forest_info,
+ 0)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "lsaRSetForestTrustInformation() failed")
# this triggers netr_GetForestTrustInformation to our domain.
# and lsaRSetForestTrustInformation() remotely, but new top level
# names are disabled by default.
- remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc,
- local_lsa_info.dns_domain.string,
- netlogon.DS_GFTI_UPDATE_TDO)
+ remote_forest_info = \
+ remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc,
+ local_lsa_info.dns_domain.string,
+ netlogon.DS_GFTI_UPDATE_TDO)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
try:
# here we try to enable all top level names
- remote_forest_collision = remote_lsa.lsaRSetForestTrustInformation(remote_policy,
- local_lsa_info.dns_domain,
- lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
- remote_forest_info,
- 0)
+ remote_forest_collision = \
+ remote_lsa.lsaRSetForestTrustInformation(remote_policy,
+ local_lsa_info.dns_domain,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
+ remote_forest_info,
+ 0)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "lsaRSetForestTrustInformation() failed")
self.outf.write("Validating outgoing trust...\n")
try:
local_trust_verify = local_netlogon.netr_LogonControl2Ex(local_netlogon_info.dc_unc,
- netlogon.NETLOGON_CONTROL_TC_VERIFY,
- 2,
- remote_lsa_info.dns_domain.string)
+ netlogon.NETLOGON_CONTROL_TC_VERIFY,
+ 2,
+ remote_lsa_info.dns_domain.string)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
self.outf.write("Validating incoming trust...\n")
try:
- remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc,
- netlogon.NETLOGON_CONTROL_TC_VERIFY,
- 2,
- local_lsa_info.dns_domain.string)
+ remote_trust_verify = \
+ remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc,
+ netlogon.NETLOGON_CONTROL_TC_VERIFY,
+ 2,
+ local_lsa_info.dns_domain.string)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
try:
lsaString.string = domain
local_tdo_info = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
+ lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
except NTSTATUSError as error:
if self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise CommandError("Failed to find trust for domain '%s'" % domain)
try:
lsaString.string = local_lsa_info.dns_domain.string
- remote_tdo_info = remote_lsa.QueryTrustedDomainInfoByName(remote_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
+ remote_tdo_info = \
+ remote_lsa.QueryTrustedDomainInfoByName(remote_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
except NTSTATUSError as error:
if not self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise self.RemoteRuntimeError(self, error, "QueryTrustedDomainInfoByName(%s)" % (
if local_tdo_info is not None:
try:
lsaString.string = local_tdo_info.domain_name.string
- local_tdo_handle = local_lsa.OpenTrustedDomainByName(local_policy,
- lsaString,
- security.SEC_STD_DELETE)
+ local_tdo_handle = \
+ local_lsa.OpenTrustedDomainByName(local_policy,
+ lsaString,
+ security.SEC_STD_DELETE)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "OpenTrustedDomainByName(%s)" % (
lsaString.string))
if remote_tdo_info is not None:
try:
lsaString.string = remote_tdo_info.domain_name.string
- remote_tdo_handle = remote_lsa.OpenTrustedDomainByName(remote_policy,
- lsaString,
- security.SEC_STD_DELETE)
+ remote_tdo_handle = \
+ remote_lsa.OpenTrustedDomainByName(remote_policy,
+ lsaString,
+ security.SEC_STD_DELETE)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "OpenTrustedDomainByName(%s)" % (
lsaString.string))
try:
lsaString = lsa.String()
lsaString.string = domain
- local_tdo_info = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
+ local_tdo_info = \
+ local_lsa.QueryTrustedDomainInfoByName(local_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
except NTSTATUSError as error:
if self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise CommandError("trusted domain object does not exist for domain [%s]" % domain)
raise self.LocalRuntimeError(self, error, "failed to connect netlogon server")
try:
- local_trust_verify = local_netlogon.netr_LogonControl2Ex(local_server,
- netlogon.NETLOGON_CONTROL_TC_VERIFY,
- 2,
- local_tdo_info.domain_name.string)
+ local_trust_verify = \
+ local_netlogon.netr_LogonControl2Ex(local_server,
+ netlogon.NETLOGON_CONTROL_TC_VERIFY,
+ 2,
+ local_tdo_info.domain_name.string)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
try:
server = local_trust_verify.trusted_dc_name.replace('\\', '')
domain_and_server = "%s\\%s" % (local_tdo_info.domain_name.string, server)
- local_trust_rediscover = local_netlogon.netr_LogonControl2Ex(local_server,
- netlogon.NETLOGON_CONTROL_REDISCOVER,
- 2,
- domain_and_server)
+ local_trust_rediscover = \
+ local_netlogon.netr_LogonControl2Ex(local_server,
+ netlogon.NETLOGON_CONTROL_REDISCOVER,
+ 2,
+ domain_and_server)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "NETLOGON_CONTROL_REDISCOVER failed")
raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server")
try:
- remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_server,
- netlogon.NETLOGON_CONTROL_TC_VERIFY,
- 2,
- local_lsa_info.dns_domain.string)
+ remote_trust_verify = \
+ remote_netlogon.netr_LogonControl2Ex(remote_server,
+ netlogon.NETLOGON_CONTROL_TC_VERIFY,
+ 2,
+ local_lsa_info.dns_domain.string)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
try:
server = remote_trust_verify.trusted_dc_name.replace('\\', '')
domain_and_server = "%s\\%s" % (local_lsa_info.dns_domain.string, server)
- remote_trust_rediscover = remote_netlogon.netr_LogonControl2Ex(remote_server,
- netlogon.NETLOGON_CONTROL_REDISCOVER,
- 2,
- domain_and_server)
+ remote_trust_rediscover = \
+ remote_netlogon.netr_LogonControl2Ex(remote_server,
+ netlogon.NETLOGON_CONTROL_REDISCOVER,
+ 2,
+ domain_and_server)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_REDISCOVER failed")
try:
lsaString = lsa.String()
lsaString.string = domain
- local_tdo_info = local_lsa.QueryTrustedDomainInfoByName(local_policy,
- lsaString, lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
+ local_tdo_info = \
+ local_lsa.QueryTrustedDomainInfoByName(local_policy,
+ lsaString,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX)
except NTSTATUSError as error:
if self.check_runtime_error(error, ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND):
raise CommandError("trusted domain object does not exist for domain [%s]" % domain)
# this triggers netr_GetForestTrustInformation to the remote domain
# and lsaRSetForestTrustInformation() locally, but new top level
# names are disabled by default.
- fresh_forest_info = local_netlogon.netr_DsRGetForestTrustInformation(local_netlogon_info.dc_unc,
- local_tdo_info.domain_name.string,
- netlogon_update_tdo)
+ fresh_forest_info = \
+ local_netlogon.netr_DsRGetForestTrustInformation(local_netlogon_info.dc_unc,
+ local_tdo_info.domain_name.string,
+ netlogon_update_tdo)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
try:
- fresh_forest_collision = local_lsa.lsaRSetForestTrustInformation(local_policy,
- local_tdo_info.domain_name,
- lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
- fresh_forest_info,
- lsa_update_check)
+ fresh_forest_collision = \
+ local_lsa.lsaRSetForestTrustInformation(local_policy,
+ local_tdo_info.domain_name,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
+ fresh_forest_info,
+ lsa_update_check)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "lsaRSetForestTrustInformation() failed")
try:
lsaString = lsa.String()
lsaString.string = local_tdo_info.domain_name.string
- stored_forest_info = local_lsa.lsaRQueryForestTrustInformation(local_policy,
+ stored_forest_info = \
+ local_lsa.lsaRQueryForestTrustInformation(local_policy,
lsaString,
lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
except RuntimeError as error:
try:
lsaString = lsa.String()
lsaString.string = local_tdo_info.domain_name.string
- local_forest_info = local_lsa.lsaRQueryForestTrustInformation(local_policy,
- lsaString,
- lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
+ local_forest_info = \
+ local_lsa.lsaRQueryForestTrustInformation(local_policy,
+ lsaString,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "lsaRQueryForestTrustInformation() failed")
try:
update_forest_collision = local_lsa.lsaRSetForestTrustInformation(local_policy,
- local_tdo_info.domain_name,
- lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
- update_forest_info, 0)
+ local_tdo_info.domain_name,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO,
+ update_forest_info, 0)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "lsaRSetForestTrustInformation() failed")
lsaString = lsa.String()
lsaString.string = local_tdo_info.domain_name.string
stored_forest_info = local_lsa.lsaRQueryForestTrustInformation(local_policy,
- lsaString,
- lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
+ lsaString,
+ lsa.LSA_FOREST_TRUST_DOMAIN_INFO)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "lsaRQueryForestTrustInformation() failed")
if len(ncs) == 0:
res = samdb.search(expression="", base="", scope=ldb.SCOPE_BASE,
- attrs=["namingContexts"])
+ attrs=["namingContexts"])
ncs = []
for nc in res[0]["namingContexts"]:
domain_dn = samdb.domain_dn()
infrastructure_dn = "CN=Infrastructure," + domain_dn
master = get_fsmo_roleowner(samdb, infrastructure_dn,
- 'infrastructure')
+ 'infrastructure')
if own_dn != master:
raise CommandError("This server is not the infrastructure master.")
Option("--action", type="choice", choices=["allow", "deny"],
help="""Deny or allow access"""),
Option("--objectdn", help="DN of the object whose SD to modify",
- type="string"),
+ type="string"),
Option("--trusteedn", help="DN of the entity that gets access",
- type="string"),
+ type="string"),
Option("--sddl", help="An ACE or group of ACEs to be added on the object",
- type="string"),
+ type="string"),
]
def find_trustee_sid(self, samdb, trusteedn):
res = samdb.search(base=trusteedn, expression="(objectClass=*)",
- scope=SCOPE_BASE)
+ scope=SCOPE_BASE)
assert(len(res) == 1)
return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
def read_descriptor(self, samdb, object_dn):
res = samdb.search(base=object_dn, scope=SCOPE_BASE,
- attrs=["nTSecurityDescriptor"])
+ attrs=["nTSecurityDescriptor"])
# we should theoretically always have an SD
assert(len(res) == 1)
desc = res[0]["nTSecurityDescriptor"][0]
def get_domain_sid(self, samdb):
res = samdb.search(base=samdb.domain_dn(),
- expression="(objectClass=*)", scope=SCOPE_BASE)
+ expression="(objectClass=*)", scope=SCOPE_BASE)
return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
def add_ace(self, samdb, object_dn, new_ace):
return self.usage()
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
cars = {'change-rid' : GUID_DRS_CHANGE_RID_MASTER,
'change-pdc' : GUID_DRS_CHANGE_PDC,
'change-infrastructure' : GUID_DRS_CHANGE_INFR_MASTER,
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
object_dn = "%s,%s" % (self.objectdn, domain_dn)
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
object_dn = "%s,%s" % (self.objectdn, domain_dn)
if 'fSMORoleOwner' in res[0]:
try:
master_guid = str(misc.GUID(ldb.Dn(samdb,
- res[0]['fSMORoleOwner'][0].decode('utf8'))
- .get_extended_component('GUID')))
+ res[0]['fSMORoleOwner'][0].decode('utf8'))
+ .get_extended_component('GUID')))
master_owner = str(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0].decode('utf8')))
except LdbError as e3:
(num, msg) = e3.args
help="Force seizing of role without attempting to transfer.",
action="store_true"),
Option("--role", type="choice", choices=["rid", "pdc", "infrastructure",
- "schema", "naming", "domaindns", "forestdns", "all"],
+ "schema", "naming", "domaindns", "forestdns", "all"],
help="""The FSMO role to seize or transfer.\n
rid=RidAllocationMasterRole\n
schema=SchemaMasterRole\n
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
Option("--role", type="choice", choices=["rid", "pdc", "infrastructure",
- "schema", "naming", "domaindns", "forestdns", "all"],
+ "schema", "naming", "domaindns", "forestdns", "all"],
help="""The FSMO role to seize or transfer.\n
rid=RidAllocationMasterRole\n
schema=SchemaMasterRole\n
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
- type=str, metavar="URL", dest="H")
+ type=str, metavar="URL", dest="H")
]
def run(self, username, H=None, sambaopts=None, credopts=None, versionopts=None):
secdesc = ndr_unpack(security.descriptor, secdesc_ndr)
except Exception:
self.outf.write("Failed to fetch gpo object with nTSecurityDescriptor %s\n" %
- g['dn'])
+ g['dn'])
continue
try:
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
Option("--disable", dest="disabled", default=False, action='store_true',
- help="Disable policy"),
+ help="Disable policy"),
Option("--enforce", dest="enforced", default=False, action='store_true',
- help="Enforce policy")
+ help="Enforce policy")
]
def run(self, container_dn, gpo, H=None, disabled=False, enforced=False,
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
Option("--groupou",
- help="Alternative location (without domainDN counterpart) to default CN=Users in which new user object will be created",
- type=str),
+ help="Alternative location (without domainDN counterpart) to default CN=Users in which new user object will be created",
+ type=str),
Option("--group-scope", type="choice", choices=["Domain", "Global", "Universal"],
- help="Group scope (Domain | Global | Universal)"),
+ help="Group scope (Domain | Global | Universal)"),
Option("--group-type", type="choice", choices=["Security", "Distribution"],
- help="Group type (Security | Distribution)"),
+ help="Group type (Security | Distribution)"),
Option("--description", help="Group's description", type=str),
Option("--mail-address", help="Group's email address", type=str),
Option("--notes", help="Groups's notes", type=str),
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
samdb.newgroup(groupname, groupou=groupou, grouptype = gtype,
- description=description, mailaddress=mail_address, notes=notes,
- gidnumber=gid_number, nisdomain=nis_domain)
+ description=description, mailaddress=mail_address, notes=notes,
+ gidnumber=gid_number, nisdomain=nis_domain)
except Exception as e:
# FIXME: catch more specific exception
raise CommandError('Failed to create group "%s"' % groupname, e)
credentials=creds, lp=lp)
groupmembers = listofmembers.split(',')
samdb.add_remove_group_members(groupname, groupmembers,
- add_members_operation=True)
+ add_members_operation=True)
except Exception as e:
# FIXME: catch more specific exception
raise CommandError('Failed to add members "%s" to group "%s"' % (
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
samdb.add_remove_group_members(groupname, listofmembers.split(","),
- add_members_operation=False)
+ add_members_operation=False)
except Exception as e:
# FIXME: Catch more specific exception
raise CommandError('Failed to remove members "%s" from group "%s"' % (listofmembers, groupname), e)
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
- expression=("(objectClass=group)"),
- attrs=["samaccountname", "grouptype"])
+ expression=("(objectClass=group)"),
+ attrs=["samaccountname", "grouptype"])
if (len(res) == 0):
return
if self.two_domains and not self.quiet:
self.outf.write("\n* Place-holders for %s:\n" % self.host)
self.outf.write(4*" " + "${DOMAIN_DN} => %s\n" %
- self.base_dn)
+ self.base_dn)
self.outf.write(4*" " + "${DOMAIN_NETBIOS} => %s\n" %
- self.domain_netbios)
+ self.domain_netbios)
self.outf.write(4*" " + "${SERVER_NAME} => %s\n" %
- self.server_names)
+ self.server_names)
self.outf.write(4*" " + "${DOMAIN_NAME} => %s\n" %
- self.domain_name)
+ self.domain_name)
def find_domain_sid(self):
res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
"""
"""
res = self.ldb.search(base="OU=Domain Controllers,%s" % self.base_dn,
- scope=SCOPE_SUBTREE, expression="(objectClass=computer)", attrs=["cn"])
+ scope=SCOPE_SUBTREE, expression="(objectClass=computer)", attrs=["cn"])
assert len(res) > 0
srv = []
for x in res:
def find_netbios(self):
res = self.ldb.search(base="CN=Partitions,%s" % self.config_dn,
- scope=SCOPE_SUBTREE, attrs=["nETBIOSName"])
+ scope=SCOPE_SUBTREE, attrs=["nETBIOSName"])
assert len(res) > 0
for x in res:
if "nETBIOSName" in x.keys():
#
# May contain DOMAIN_NETBIOS and SERVER_NAME
self.servername_attributes = [ "distinguishedName", "name", "CN", "sAMAccountName", "dNSHostName",
- "servicePrincipalName", "rIDSetReferences", "serverReference", "serverReferenceBL",
- "msDS-IsDomainFor", "interSiteTopologyGenerator",]
+ "servicePrincipalName", "rIDSetReferences", "serverReference", "serverReferenceBL",
+ "msDS-IsDomainFor", "interSiteTopologyGenerator",]
self.servername_attributes = [x.upper() for x in self.servername_attributes]
#
self.netbios_attributes = [ "servicePrincipalName", "CN", "distinguishedName", "nETBIOSName", "name",]
raise
try:
object2 = LDAPObject(connection=other.con,
- dn=other.dn_list[index],
- summary=other.summary,
- filter_list=self.filter_list,
- outf=self.outf, errf=self.errf)
+ dn=other.dn_list[index],
+ summary=other.summary,
+ filter_list=self.filter_list,
+ outf=self.outf, errf=self.errf)
except LdbError as e1:
(enum, estr) = e1.args
if enum == ERR_NO_SUCH_OBJECT:
takes_options = [
Option("-w", "--two", dest="two", action="store_true", default=False,
- help="Hosts are in two different domains"),
+ help="Hosts are in two different domains"),
Option("-q", "--quiet", dest="quiet", action="store_true", default=False,
- help="Do not print anything but relay on just exit code"),
+ help="Do not print anything but relay on just exit code"),
Option("-v", "--verbose", dest="verbose", action="store_true", default=False,
- help="Print all DN pairs that have been compared"),
+ help="Print all DN pairs that have been compared"),
Option("--sd", dest="descriptor", action="store_true", default=False,
- help="Compare nTSecurityDescriptor attibutes only"),
+ help="Compare nTSecurityDescriptor attibutes only"),
Option("--sort-aces", dest="sort_aces", action="store_true", default=False,
- help="Sort ACEs before comparison of nTSecurityDescriptor attribute"),
+ help="Sort ACEs before comparison of nTSecurityDescriptor attribute"),
Option("--view", dest="view", default="section",
- help="Display mode for nTSecurityDescriptor results. Possible values: section or collision."),
+ help="Display mode for nTSecurityDescriptor results. Possible values: section or collision."),
Option("--base", dest="base", default="",
- help="Pass search base that will build DN list for the first DC."),
+ help="Pass search base that will build DN list for the first DC."),
Option("--base2", dest="base2", default="",
- help="Pass search base that will build DN list for the second DC. Used when --two or when compare two different DNs."),
+ help="Pass search base that will build DN list for the second DC. Used when --two or when compare two different DNs."),
Option("--scope", dest="scope", default="SUB",
- help="Pass search scope that builds DN list. Options: SUB, ONE, BASE"),
+ help="Pass search scope that builds DN list. Options: SUB, ONE, BASE"),
Option("--filter", dest="filter", default="",
- help="List of comma separated attributes to ignore in the comparision"),
+ help="List of comma separated attributes to ignore in the comparision"),
Option("--skip-missing-dn", dest="skip_missing_dn", action="store_true", default=False,
- help="Skip report and failure due to missing DNs in one server or another"),
+ help="Skip report and failure due to missing DNs in one server or another"),
]
def run(self, URL1, URL2,
if b1 == b2:
if not quiet:
self.outf.write("\n* Result for [%s]: SUCCESS\n" %
- context)
+ context)
else:
if not quiet:
self.outf.write("\n* Result for [%s]: FAILURE\n" % context)
if create:
ldb_oper = ldb.FLAG_MOD_ADD
m["msDS-objectClass"] = ldb.MessageElement("msDS-PasswordSettings",
- ldb_oper, "objectClass")
+ ldb_oper, "objectClass")
else:
ldb_oper = ldb.FLAG_MOD_REPLACE
# the same args are used for both create and set commands
pwd_settings_options = [
Option("--complexity", type="choice", choices=["on", "off"],
- help="The password complexity (on | off)."),
+ help="The password complexity (on | off)."),
Option("--store-plaintext", type="choice", choices=["on", "off"],
- help="Store plaintext passwords where account have "
+ help="Store plaintext passwords where account have "
"'store passwords with reversible encryption' set (on | off)."),
Option("--history-length",
- help="The password history length (<integer>).", type=int),
+ help="The password history length (<integer>).", type=int),
Option("--min-pwd-length",
- help="The minimum password length (<integer>).", type=int),
+ help="The minimum password length (<integer>).", type=int),
Option("--min-pwd-age",
help=("The minimum password age (<integer in days>). "
"Default is domain setting."), type=int),
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
try:
precedence = int(precedence)
# lookup the current domain password-settings
res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_BASE,
- attrs=["pwdProperties", "pwdHistoryLength", "minPwdLength",
- "minPwdAge", "maxPwdAge", "lockoutDuration",
- "lockoutThreshold", "lockOutObservationWindow"])
+ attrs=["pwdProperties", "pwdHistoryLength", "minPwdLength",
+ "minPwdAge", "maxPwdAge", "lockoutDuration",
+ "lockoutThreshold", "lockOutObservationWindow"])
assert(len(res) == 1)
# use the domain settings for any missing arguments
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
# sanity-check the PSO exists
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
# sanity-check the PSO exists
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
res = samdb.search(pso_container(samdb), scope=ldb.SCOPE_SUBTREE,
attrs=['name', 'msDS-PasswordSettingsPrecedence'],
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
check_pso_valid(samdb, pso_dn, psoname)
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
show_pso_for_user(self.outf, samdb, username)
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
# sanity-check the PSO exists
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
# sanity-check the PSO exists
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
# For now we make assumptions about the CN
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
'(|(mustContain={0})(systemMustContain={0})))'.format(attribute)
may_res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
- expression=may_filt, attrs=['cn'])
+ expression=may_filt, attrs=['cn'])
must_res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
- expression=must_filt, attrs=['cn'])
+ expression=must_filt, attrs=['cn'])
self.outf.write('--- MAY contain ---\n')
for msg in may_res:
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
tab.append(name)
msg.dn = res[0].dn
msg["servicePrincipalName"] = ldb.MessageElement(tab, flag,
- "servicePrincipalName")
+ "servicePrincipalName")
if not found:
sam.modify(msg)
else:
for r in res:
listUser = "%s\n%s" % (listUser, str(r.dn))
raise CommandError("More than one user has the spn %s "
- "and no specific user was specified, list of users"
- " with this spn:%s" % (name, listUser))
+ "and no specific user was specified, list of users"
+ " with this spn:%s" % (name, listUser))
else:
result=res[0]
flag = ldb.FLAG_MOD_REPLACE
msg.dn = result.dn
msg["servicePrincipalName"] = ldb.MessageElement(tab, flag,
- "servicePrincipalName")
+ "servicePrincipalName")
sam.modify(msg)
else:
raise CommandError("Service principal %s not affected" % name)
# this is totally ugly, a real `quick' hack
for s in lp.services():
if (self.allow_access(lp.get("hosts deny"), lp.get("hosts allow"), cname,
- caddr) and
+ caddr) and
self.allow_access(lp.get("hosts deny", s), lp.get("hosts allow", s),
- cname, caddr)):
+ cname, caddr)):
logger.info("Allow connection from %s (%s) to %s", cname, caddr, s)
else:
logger.info("Deny connection from %s (%s) to %s", cname, caddr, s)
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
- expression=("(&(objectClass=user)(userAccountControl:%s:=%u))"
- % (ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT)),
- attrs=["samaccountname"])
+ expression=("(&(objectClass=user)(userAccountControl:%s:=%u))"
+ % (ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT)),
+ attrs=["samaccountname"])
if (len(res) == 0):
return
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
try:
samdb.enable_account(filter)
except Exception as msg:
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
try:
samdb.disable_account(filter)
except Exception as msg:
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
- credentials=creds, lp=lp)
+ credentials=creds, lp=lp)
try:
samdb.setexpiry(filter, days*24*3600, no_expiry_req=noexpiry)
def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf,
- lp):
+ lp):
"""Get key provision parameters (realm, domain, ...) from a given provision
:param samdb: An LDB object connected to the sam.ldb file
# That's a bit simplistic but it's ok as long as we have only 3
# partitions
current = samdb.search(expression="(objectClass=*)",
- base="", scope=ldb.SCOPE_BASE,
- attrs=["defaultNamingContext", "schemaNamingContext",
- "configurationNamingContext","rootDomainNamingContext",
- "namingContexts"])
+ base="", scope=ldb.SCOPE_BASE,
+ attrs=["defaultNamingContext", "schemaNamingContext",
+ "configurationNamingContext","rootDomainNamingContext",
+ "namingContexts"])
names.configdn = current[0]["configurationNamingContext"][0]
names.schemadn = current[0]["schemaNamingContext"][0]
if not (ldb.Dn(samdb, basedn) == (ldb.Dn(samdb,
- current[0]["defaultNamingContext"][0].decode('utf8')))):
+ current[0]["defaultNamingContext"][0].decode('utf8')))):
raise ProvisioningError(("basedn in %s (%s) and from %s (%s)"
"is not the same ..." % (paths.samdb,
- str(current[0]["defaultNamingContext"][0].decode('utf8')),
- paths.smbconf, basedn)))
+ str(current[0]["defaultNamingContext"][0].decode('utf8')),
+ paths.smbconf, basedn)))
names.domaindn=current[0]["defaultNamingContext"][0]
names.rootdn=current[0]["rootDomainNamingContext"][0]
# default site name
res3 = samdb.search(expression="(objectClass=site)",
- base="CN=Sites," + names.configdn, scope=ldb.SCOPE_ONELEVEL, attrs=["cn"])
+ base="CN=Sites," + names.configdn, scope=ldb.SCOPE_ONELEVEL, attrs=["cn"])
names.sitename = str(res3[0]["cn"])
# dns hostname and server dn
# invocation id/objectguid
res5 = samdb.search(expression="(objectClass=*)",
- base="CN=NTDS Settings,%s" % str(names.serverdn),
- scope=ldb.SCOPE_BASE,
- attrs=["invocationID", "objectGUID"])
+ base="CN=NTDS Settings,%s" % str(names.serverdn),
+ scope=ldb.SCOPE_BASE,
+ attrs=["invocationID", "objectGUID"])
names.invocation = str(ndr_unpack(misc.GUID, res5[0]["invocationId"][0]))
names.ntdsguid = str(ndr_unpack(misc.GUID, res5[0]["objectGUID"][0]))
# domain guid/sid
res6 = samdb.search(expression="(objectClass=*)", base=basedn,
- scope=ldb.SCOPE_BASE, attrs=["objectGUID",
- "objectSid","msDS-Behavior-Version" ])
+ scope=ldb.SCOPE_BASE, attrs=["objectGUID",
+ "objectSid","msDS-Behavior-Version" ])
names.domainguid = str(ndr_unpack(misc.GUID, res6[0]["objectGUID"][0]))
names.domainsid = ndr_unpack( security.dom_sid, res6[0]["objectSid"][0])
names.forestsid = ndr_unpack( security.dom_sid, res6[0]["objectSid"][0])
tab.append("%s-%s;%s" % (low, high, id))
delta = ldb.Message()
delta.dn = ldb.Dn(samdb, "@PROVISION")
- delta[LAST_PROVISION_USN_ATTRIBUTE] = ldb.MessageElement(tab,
- ldb.FLAG_MOD_REPLACE, LAST_PROVISION_USN_ATTRIBUTE)
+ delta[LAST_PROVISION_USN_ATTRIBUTE] = \
+ ldb.MessageElement(tab,
+ ldb.FLAG_MOD_REPLACE,
+ LAST_PROVISION_USN_ATTRIBUTE)
entry = samdb.search(expression='provisionnerID=*',
base="@PROVISION", scope=ldb.SCOPE_BASE,
attrs=["provisionnerID"])
delta = ldb.Message()
delta.dn = ldb.Dn(samdb, "@PROVISION")
- delta[LAST_PROVISION_USN_ATTRIBUTE] = ldb.MessageElement(tab,
- ldb.FLAG_MOD_ADD, LAST_PROVISION_USN_ATTRIBUTE)
+ delta[LAST_PROVISION_USN_ATTRIBUTE] = \
+ ldb.MessageElement(tab,
+ ldb.FLAG_MOD_ADD,
+ LAST_PROVISION_USN_ATTRIBUTE)
samdb.add(delta)
"""
try:
entry = sam.search(expression="%s=*" % LAST_PROVISION_USN_ATTRIBUTE,
- base="@PROVISION", scope=ldb.SCOPE_BASE,
- attrs=[LAST_PROVISION_USN_ATTRIBUTE, "provisionnerID"])
+ base="@PROVISION", scope=ldb.SCOPE_BASE,
+ attrs=[LAST_PROVISION_USN_ATTRIBUTE, "provisionnerID"])
except ldb.LdbError as e1:
(ecode, emsg) = e1.args
if ecode == ldb.ERR_NO_SUCH_OBJECT:
if lp.get("realm") == "":
raise Exception("Realm empty")
samdb = Ldb(lp.samdb_url(), session_info=session_info,
- credentials=credentials, lp=lp)
+ credentials=credentials, lp=lp)
if len(samdb.search("(cn=Administrator)")) != 1:
raise ProvisioningError("No administrator account found")
if serverrole == "active directory domain controller":
shares["sysvol"] = os.path.join(lp.get("state directory"), "sysvol")
shares["netlogon"] = os.path.join(shares["sysvol"], realm.lower(),
- "scripts")
+ "scripts")
else:
global_settings["passdb backend"] = "samba_dsdb"
:param machinepass: Machine password
"""
attrs = ["whenChanged",
- "secret",
- "priorSecret",
- "priorChanged",
- "krb5Keytab",
- "privateKeytab"]
+ "secret",
+ "priorSecret",
+ "priorChanged",
+ "krb5Keytab",
+ "privateKeytab"]
if realm is not None:
if dnsdomain is None:
# but we don't delete the old record that we are about to modify,
# because that would delete the keytab and previous password.
res = secretsdb.search(base="cn=Primary Domains", attrs=attrs,
- expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(distinguishedName=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
- scope=ldb.SCOPE_ONELEVEL)
+ expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(distinguishedName=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
+ scope=ldb.SCOPE_ONELEVEL)
for del_msg in res:
secretsdb.delete(del_msg.dn)
backend_credentials.authentication_requested()):
if backend_credentials.get_bind_dn() is not None:
setup_add_ldif(secrets_ldb,
- setup_path("secrets_simple_ldap.ldif"), {
+ setup_path("secrets_simple_ldap.ldif"), {
"LDAPMANAGERDN": backend_credentials.get_bind_dn(),
"LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
})
else:
setup_add_ldif(secrets_ldb,
- setup_path("secrets_sasl_ldap.ldif"), {
+ setup_path("secrets_sasl_ldap.ldif"), {
"LDAPADMINUSER": backend_credentials.get_username(),
"LDAPADMINREALM": backend_credentials.get_realm(),
"LDAPADMINPASS_B64": b64encode(backend_credentials.get_password()).decode('utf8')
def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
- dns_backend, dnspass, domainsid, next_rid, invocationid,
- policyguid, policyguid_dc,
- domainControllerFunctionality, ntdsguid=None, dc_rid=None):
+ dns_backend, dnspass, domainsid, next_rid, invocationid,
+ policyguid, policyguid_dc,
+ domainControllerFunctionality, ntdsguid=None, dc_rid=None):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
if ntdsguid is not None:
# Setup fSMORoleOwner entries to point at the newly created DC entry
setup_modify_ldif(samdb,
- setup_path("provision_self_join_modify_config.ldif"), {
+ setup_path("provision_self_join_modify_config.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DEFAULTSITE": names.sitename,
def setup_samdb(path, session_info, provision_backend, lp, names,
- logger, fill, serverrole, schema, am_rodc=False,
- plaintext_secrets=False, backend_store=None):
+ logger, fill, serverrole, schema, am_rodc=False,
+ plaintext_secrets=False, backend_store=None):
"""Setup a complete SAM Database.
:note: This will wipe the main SAM database file!
# Also wipes the database
setup_samdb_partitions(path, logger=logger, lp=lp,
- provision_backend=provision_backend, session_info=session_info,
- names=names, serverrole=serverrole, plaintext_secrets=plaintext_secrets,
- backend_store=backend_store)
+ provision_backend=provision_backend, session_info=session_info,
+ names=names, serverrole=serverrole, plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
# Load the database, but don's load the global schema and don't connect
# quite yet
def fill_samdb(samdb, lp, names, logger, policyguid,
- policyguid_dc, fill, adminpass, krbtgtpass, machinepass, dns_backend,
- dnspass, invocationid, ntdsguid, serverrole, am_rodc=False,
- dom_for_fun_level=None, schema=None, next_rid=None, dc_rid=None,
- backend_store=None):
+ policyguid_dc, fill, adminpass, krbtgtpass, machinepass, dns_backend,
+ dnspass, invocationid, ntdsguid, serverrole, am_rodc=False,
+ dom_for_fun_level=None, schema=None, next_rid=None, dc_rid=None,
+ backend_store=None):
if next_rid is None:
next_rid = 1000
samdb.set_opaque_integer("domainFunctionality", domainFunctionality)
samdb.set_opaque_integer("forestFunctionality", forestFunctionality)
samdb.set_opaque_integer("domainControllerFunctionality",
- domainControllerFunctionality)
+ domainControllerFunctionality)
samdb.set_domain_sid(str(names.domainsid))
samdb.set_invocation_id(invocationid)
# Now register this container in the root of the forest
msg = ldb.Message(ldb.Dn(samdb, names.domaindn))
msg["subRefs"] = ldb.MessageElement(names.configdn , ldb.FLAG_MOD_ADD,
- "subRefs")
+ "subRefs")
samdb.invocation_id = invocationid
logger.info("Modifying display specifiers and extended rights")
setup_modify_ldif(samdb,
- setup_path("provision_configuration_modify.ldif"), {
+ setup_path("provision_configuration_modify.ldif"), {
"CONFIGDN": names.configdn,
"DISPLAYSPECIFIERS_DESCRIPTOR": protected2_descr
})
})
logger.info("Modifying computers container")
setup_modify_ldif(samdb,
- setup_path("provision_computers_modify.ldif"), {
+ setup_path("provision_computers_modify.ldif"), {
"DOMAINDN": names.domaindn})
logger.info("Setting up sam.ldb data")
infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(names.domainsid)).decode('utf8')
logger.info("Setting up self join")
setup_self_join(samdb, admin_session_info, names=names, fill=fill,
- invocationid=invocationid,
- dns_backend=dns_backend,
- dnspass=dnspass,
- machinepass=machinepass,
- domainsid=names.domainsid,
- next_rid=next_rid,
- dc_rid=dc_rid,
- policyguid=policyguid,
- policyguid_dc=policyguid_dc,
- domainControllerFunctionality=domainControllerFunctionality,
- ntdsguid=ntdsguid)
+ invocationid=invocationid,
+ dns_backend=dns_backend,
+ dnspass=dnspass,
+ machinepass=machinepass,
+ domainsid=names.domainsid,
+ next_rid=next_rid,
+ dc_rid=dc_rid,
+ policyguid=policyguid,
+ policyguid_dc=policyguid_dc,
+ domainControllerFunctionality=domainControllerFunctionality,
+ ntdsguid=ntdsguid)
ntds_dn = "CN=NTDS Settings,%s" % names.serverdn
names.ntdsguid = samdb.searchone(basedn=ntds_dn,
- attribute="objectGUID", expression="", scope=ldb.SCOPE_BASE)
+ attribute="objectGUID", expression="", scope=ldb.SCOPE_BASE)
assert isinstance(names.ntdsguid, str)
return samdb
for root, dirs, files in os.walk(path, topdown=False):
for name in files:
setntacl(lp, os.path.join(root, name), acl, domsid,
- use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
+ use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
for name in dirs:
setntacl(lp, os.path.join(root, name), acl, domsid,
- use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
+ use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb):
# Set ACL for GPO root folder
root_policy_path = os.path.join(sysvol, dnsdomain, "Policies")
setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid),
- use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
+ use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn),
attrs=["cn", "nTSecurityDescriptor"],
def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
- domaindn, lp, use_ntvfs):
+ domaindn, lp, use_ntvfs):
"""Set the ACL for the sysvol share and the subfolders
:param samdb: An LDB object on the SAM db
def check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
- direct_db_access):
+ direct_db_access):
"""Set ACL on the sysvol/<dnsname>/Policies folder and the policy
folders beneath.
def checksysvolacl(samdb, netlogon, sysvol, domainsid, dnsdomain, domaindn,
- lp):
+ lp):
"""Set the ACL for the sysvol share and the subfolders
:param samdb: An LDB object on the SAM db
# Check acls on Policy folder and policies folders
check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
- direct_db_access)
+ direct_db_access)
def interface_ips_v4(lp):
samdb.transaction_start()
try:
samdb = fill_samdb(samdb, lp, names, logger=logger,
- schema=schema,
- policyguid=policyguid, policyguid_dc=policyguid_dc,
- fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass,
- invocationid=invocationid, machinepass=machinepass,
- dns_backend=dns_backend, dnspass=dnspass,
- ntdsguid=ntdsguid, serverrole=serverrole,
- dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
- next_rid=next_rid, dc_rid=dc_rid,
- backend_store=backend_store)
+ schema=schema,
+ policyguid=policyguid, policyguid_dc=policyguid_dc,
+ fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass,
+ invocationid=invocationid, machinepass=machinepass,
+ dns_backend=dns_backend, dnspass=dnspass,
+ ntdsguid=ntdsguid, serverrole=serverrole,
+ dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
+ next_rid=next_rid, dc_rid=dc_rid,
+ backend_store=backend_store)
# Set up group policies (domain policy and domain controller
# policy)
logger.info("Setting acl on sysvol skipped")
secretsdb_self_join(secrets_ldb, domain=names.domain,
- realm=names.realm, dnsdomain=names.dnsdomain,
- netbiosname=names.netbiosname, domainsid=names.domainsid,
- machinepass=machinepass, secure_channel_type=SEC_CHAN_BDC)
+ realm=names.realm, dnsdomain=names.dnsdomain,
+ netbiosname=names.netbiosname, domainsid=names.domainsid,
+ machinepass=machinepass, secure_channel_type=SEC_CHAN_BDC)
# Now set up the right msDS-SupportedEncryptionTypes into the DB
# In future, this might be determined from some configuration
# fix any dangling GUIDs from the provision
logger.info("Fixing provision GUIDs")
chk = dbcheck(samdb, samdb_schema=samdb, verbose=False, fix=True, yes=True,
- quiet=True)
+ quiet=True)
samdb.transaction_start()
try:
# a small number of GUIDs are missing because of ordering issues in the
'ipsecNegotiationPolicyReference',
'ipsecNFAReference'])
if chk.check_database(DN=names.schemadn, scope=ldb.SCOPE_SUBTREE,
- attrs=['attributeId', 'governsId']) != 0:
+ attrs=['attributeId', 'governsId']) != 0:
raise ProvisioningError("Duplicate attributeId or governsId in schema. Must be fixed manually!!")
except:
samdb.transaction_cancel()
def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
- maxuid, maxgid):
+ maxuid, maxgid):
"""Create AD entries for the fake ypserver.
This is needed for being able to manipulate posix attrs via ADUC.
hostip = hostips[0]
if len(hostips) > 1:
logger.warning("More than one IPv4 address found. Using %s",
- hostip)
+ hostip)
if hostip == "127.0.0.1":
hostip = None
if hostip is None:
return hostip6
def provision(logger, session_info, smbconf=None,
- targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
- domaindn=None, schemadn=None, configdn=None, serverdn=None,
- domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
- next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None,
- krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None,
- dns_backend=None, dns_forwarder=None, dnspass=None,
- invocationid=None, machinepass=None, ntdsguid=None,
- root=None, nobody=None, users=None, backup=None, aci=None,
- serverrole=None, dom_for_fun_level=None, backend_type=None,
- sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path=None,
- useeadb=False, am_rodc=False, lp=None, use_ntvfs=False,
- use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True,
- ldap_backend_forced_uri=None, nosync=False, ldap_dryrun_mode=False,
- ldap_backend_extra_port=None, base_schema=None,
- plaintext_secrets=False, backend_store=None):
+ targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
+ domaindn=None, schemadn=None, configdn=None, serverdn=None,
+ domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
+ next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None,
+ krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None,
+ dns_backend=None, dns_forwarder=None, dnspass=None,
+ invocationid=None, machinepass=None, ntdsguid=None,
+ root=None, nobody=None, users=None, backup=None, aci=None,
+ serverrole=None, dom_for_fun_level=None, backend_type=None,
+ sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path=None,
+ useeadb=False, am_rodc=False, lp=None, use_ntvfs=False,
+ use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True,
+ ldap_backend_forced_uri=None, nosync=False, ldap_dryrun_mode=False,
+ ldap_backend_extra_port=None, base_schema=None,
+ plaintext_secrets=False, backend_store=None):
"""Provision samba4
:note: caution, this wipes all existing data!
lp = samba.param.LoadParm()
lp.load(smbconf)
names = guess_names(lp=lp, hostname=hostname, domain=domain,
- dnsdomain=realm, serverrole=serverrole, domaindn=domaindn,
- configdn=configdn, schemadn=schemadn, serverdn=serverdn,
- sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
+ dnsdomain=realm, serverrole=serverrole, domaindn=domaindn,
+ configdn=configdn, schemadn=schemadn, serverdn=serverdn,
+ sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
paths = provision_paths_from_lp(lp, names.dnsdomain)
paths.bind_gid = bind_gid
ldapi_url = "ldapi://%s" % urllib_quote(paths.s4_ldapi_path, safe="")
schema = Schema(domainsid, invocationid=invocationid,
- schemadn=names.schemadn, base_schema=base_schema)
+ schemadn=names.schemadn, base_schema=base_schema)
if backend_type == "ldb":
provision_backend = LDBBackend(backend_type, paths=paths,
- lp=lp,
- names=names, logger=logger)
+ lp=lp,
+ names=names, logger=logger)
elif backend_type == "existing":
# If support for this is ever added back, then the URI will need to be
# specified again
provision_backend = ExistingBackend(backend_type, paths=paths,
- lp=lp,
- names=names, logger=logger,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
+ lp=lp,
+ names=names, logger=logger,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
- lp=lp,
- names=names, logger=logger, domainsid=domainsid,
- schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
- slapd_path=slapd_path,
- root=root)
+ lp=lp,
+ names=names, logger=logger, domainsid=domainsid,
+ schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
+ slapd_path=slapd_path,
+ root=root)
elif backend_type == "openldap":
provision_backend = OpenLDAPBackend(backend_type, paths=paths,
- lp=lp,
- names=names, logger=logger, domainsid=domainsid,
- schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
- slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_dryrun_mode=ldap_dryrun_mode, nosync=nosync,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
+ lp=lp,
+ names=names, logger=logger, domainsid=domainsid,
+ schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
+ slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_dryrun_mode=ldap_dryrun_mode, nosync=nosync,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
else:
raise ValueError("Unknown LDAP backend type selected")
logger.info("Setting up secrets.ldb")
secrets_ldb = setup_secretsdb(paths,
- session_info=session_info,
- backend_credentials=provision_backend.credentials, lp=lp)
+ session_info=session_info,
+ backend_credentials=provision_backend.credentials, lp=lp)
try:
logger.info("Setting up the registry")
if samdb_fill == FILL_FULL:
provision_fill(samdb, secrets_ldb, logger, names, paths,
- schema=schema, targetdir=targetdir, samdb_fill=samdb_fill,
- hostip=hostip, hostip6=hostip6,
- next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,
- krbtgtpass=krbtgtpass,
- policyguid=policyguid, policyguid_dc=policyguid_dc,
- invocationid=invocationid, machinepass=machinepass,
- ntdsguid=ntdsguid, dns_backend=dns_backend,
- dnspass=dnspass, serverrole=serverrole,
- dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
- lp=lp, use_ntvfs=use_ntvfs,
- skip_sysvolacl=skip_sysvolacl,
- backend_store=backend_store)
+ schema=schema, targetdir=targetdir, samdb_fill=samdb_fill,
+ hostip=hostip, hostip6=hostip6,
+ next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,
+ krbtgtpass=krbtgtpass,
+ policyguid=policyguid, policyguid_dc=policyguid_dc,
+ invocationid=invocationid, machinepass=machinepass,
+ ntdsguid=ntdsguid, dns_backend=dns_backend,
+ dnspass=dnspass, serverrole=serverrole,
+ dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
+ lp=lp, use_ntvfs=use_ntvfs,
+ skip_sysvolacl=skip_sysvolacl,
+ backend_store=backend_store)
if not is_heimdal_built():
create_kdc_conf(paths.kdcconf, realm, domain, os.path.dirname(lp.get("log file")))
if use_rfc2307:
provision_fake_ypserver(logger=logger, samdb=samdb,
- domaindn=names.domaindn, netbiosname=names.netbiosname,
- nisdomain=names.domain.lower(), maxuid=maxuid, maxgid=maxgid)
+ domaindn=names.domaindn, netbiosname=names.netbiosname,
+ nisdomain=names.domain.lower(), maxuid=maxuid, maxgid=maxgid)
return result
def provision_become_dc(smbconf=None, targetdir=None,
- realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None,
- serverdn=None, domain=None, hostname=None, domainsid=None,
- adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None,
- policyguid_dc=None, invocationid=None, machinepass=None, dnspass=None,
- dns_backend=None, root=None, nobody=None, users=None,
- backup=None, serverrole=None, ldap_backend=None,
- ldap_backend_type=None, sitename=None, debuglevel=1, use_ntvfs=False):
+ realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None,
+ serverdn=None, domain=None, hostname=None, domainsid=None,
+ adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None,
+ policyguid_dc=None, invocationid=None, machinepass=None, dnspass=None,
+ dns_backend=None, root=None, nobody=None, users=None,
+ backup=None, serverrole=None, ldap_backend=None,
+ ldap_backend_type=None, sitename=None, debuglevel=1, use_ntvfs=False):
logger = logging.getLogger("provision")
samba.set_debug_level(debuglevel)
res = provision(logger, system_session(),
- smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
- realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
- configdn=configdn, serverdn=serverdn, domain=domain,
- hostname=hostname, hostip=None, domainsid=domainsid,
- machinepass=machinepass,
- serverrole="active directory domain controller",
- sitename=sitename, dns_backend=dns_backend, dnspass=dnspass,
- use_ntvfs=use_ntvfs)
+ smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
+ realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
+ configdn=configdn, serverdn=serverdn, domain=domain,
+ hostname=hostname, hostip=None, domainsid=domainsid,
+ machinepass=machinepass,
+ serverrole="active directory domain controller",
+ sitename=sitename, dns_backend=dns_backend, dnspass=dnspass,
+ use_ntvfs=use_ntvfs)
res.lp.set("debuglevel", str(debuglevel))
return res
def __init__(self, uri):
self.ldapi_uri = uri
super(SlapdAlreadyRunning, self).__init__("Another slapd Instance "
- "seems already running on this host, listening to %s." %
- self.ldapi_uri)
+ "seems already running on this host, listening to %s." %
+ self.ldapi_uri)
class BackendResult(object):
class ProvisionBackend(object):
def __init__(self, backend_type, paths=None, lp=None,
- names=None, logger=None):
+ names=None, logger=None):
"""Provision a backend for samba4"""
self.paths = paths
self.lp = lp
class ExistingBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- names=None, logger=None, ldapi_uri=None):
+ names=None, logger=None, ldapi_uri=None):
super(ExistingBackend, self).__init__(backend_type=backend_type,
- paths=paths, lp=lp,
- names=names, logger=logger,
- ldap_backend_forced_uri=ldapi_uri)
+ paths=paths, lp=lp,
+ names=names, logger=logger,
+ ldap_backend_forced_uri=ldapi_uri)
def init(self):
# Check to see that this 'existing' LDAP backend in fact exists
ldapi_db = Ldb(self.ldapi_uri)
ldapi_db.search(base="", scope=SCOPE_BASE,
- expression="(objectClass=OpenLDAProotDSE)")
+ expression="(objectClass=OpenLDAProotDSE)")
# For now, assume existing backends at least emulate OpenLDAP
self.ldap_backend_type = "openldap"
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
- paths=paths, lp=lp,
- names=names, logger=logger)
+ paths=paths, lp=lp,
+ names=names, logger=logger)
self.domainsid = domainsid
self.schema = schema
try:
ldapi_db = Ldb(self.ldap_uri)
ldapi_db.search(base="", scope=SCOPE_BASE,
- expression="(objectClass=OpenLDAProotDSE)")
+ expression="(objectClass=OpenLDAProotDSE)")
try:
f = open(self.slapd_pid, "r")
except IOError as err:
raise ProvisioningError("Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=\"/usr/local/libexec/slapd\"!")
if not os.path.exists(self.slapd_path):
self.logger.warning("Path (%s) to slapd does not exist!",
- self.slapd_path)
+ self.slapd_path)
if not os.path.isdir(self.ldapdir):
os.makedirs(self.ldapdir, 0o700)
# subprocess context around, to kill this off at the successful
# end of the script
self.slapd = subprocess.Popen(self.slapd_provision_command,
- close_fds=True, shell=False)
+ close_fds=True, shell=False)
count = 0
while self.slapd.poll() is None:
time.sleep(1)
ldapi_db = Ldb(self.ldap_uri, lp=self.lp, credentials=self.credentials)
ldapi_db.search(base="", scope=SCOPE_BASE,
- expression="(objectClass=OpenLDAProotDSE)")
+ expression="(objectClass=OpenLDAProotDSE)")
# If we have got here, then we must have a valid connection to
# the LDAP server!
return
def post_setup(self):
return LDAPBackendResult(self.slapd_command_escaped,
- self.ldapdir)
+ self.ldapdir)
class OpenLDAPBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
- schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None, ldap_dryrun_mode=False,
- ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None):
+ credentials=None, names=None, logger=None, domainsid=None,
+ schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
+ ldap_backend_extra_port=None, ldap_dryrun_mode=False,
+ ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None):
from samba.provision import setup_path
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
- paths=paths, lp=lp,
- names=names, logger=logger,
- domainsid=domainsid, schema=schema, hostname=hostname,
- ldapadminpass=ldapadminpass, slapd_path=slapd_path,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_backend_forced_uri=ldap_backend_forced_uri,
- ldap_dryrun_mode=ldap_dryrun_mode)
+ paths=paths, lp=lp,
+ names=names, logger=logger,
+ domainsid=domainsid, schema=schema, hostname=hostname,
+ ldapadminpass=ldapadminpass, slapd_path=slapd_path,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_backend_forced_uri=ldap_backend_forced_uri,
+ ldap_dryrun_mode=ldap_dryrun_mode)
self.ol_mmr_urls = ol_mmr_urls
self.nosync = nosync
server_port_string = "ldap://0.0.0.0:%d" % self.ldap_backend_extra_port
else:
server_port_string = "ldap://%s.%s:%d" (self.names.hostname,
- self.names.dnsdomain, self.ldap_backend_extra_port)
+ self.names.dnsdomain, self.ldap_backend_extra_port)
else:
server_port_string = ""
# Prepare the 'result' information - the commands to return in
# particular
self.slapd_provision_command = [self.slapd_path, "-F" + self.olcdir,
- "-h"]
+ "-h"]
# copy this command so we have two version, one with -d0 and only
# ldapi (or the forced ldap_uri), and one with all the listen commands
from samba.provision import setup_path
super(FDSBackend, self).__init__(backend_type=backend_type,
- paths=paths, lp=lp,
- names=names, logger=logger,
- domainsid=domainsid, schema=schema, hostname=hostname,
- ldapadminpass=ldapadminpass, slapd_path=slapd_path,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_backend_forced_uri=ldap_backend_forced_uri,
- ldap_dryrun_mode=ldap_dryrun_mode)
+ paths=paths, lp=lp,
+ names=names, logger=logger,
+ domainsid=domainsid, schema=schema, hostname=hostname,
+ ldapadminpass=ldapadminpass, slapd_path=slapd_path,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_backend_forced_uri=ldap_backend_forced_uri,
+ ldap_dryrun_mode=ldap_dryrun_mode)
self.root = root
self.setup_ds_path = setup_ds_path
self.fedoradsinf = os.path.join(self.ldapdir, "fedorads.inf")
self.partitions_ldif = os.path.join(self.ldapdir,
- "fedorads-partitions.ldif")
+ "fedorads-partitions.ldif")
self.sasl_ldif = os.path.join(self.ldapdir, "fedorads-sasl.ldif")
self.dna_ldif = os.path.join(self.ldapdir, "fedorads-dna.ldif")
self.pam_ldif = os.path.join(self.ldapdir, "fedorads-pam.ldif")
self.refint_ldif = os.path.join(self.ldapdir, "fedorads-refint.ldif")
self.linked_attrs_ldif = os.path.join(self.ldapdir,
- "fedorads-linked-attributes.ldif")
+ "fedorads-linked-attributes.ldif")
self.index_ldif = os.path.join(self.ldapdir, "fedorads-index.ldif")
self.samba_ldif = os.path.join(self.ldapdir, "fedorads-samba.ldif")
self.samba3_ldif = os.path.join(self.ldapdir, "samba3.ldif")
self.retcode = subprocess.call(["bin/oLschema2ldif",
- "-I", self.samba3_schema,
- "-O", self.samba3_ldif,
- "-b", self.names.domaindn],
- close_fds=True, shell=False)
+ "-I", self.samba3_schema,
+ "-O", self.samba3_ldif,
+ "-b", self.names.domaindn],
+ close_fds=True, shell=False)
if self.retcode != 0:
raise Exception("Unable to convert Samba 3 schema.")
"SERVERPORT": serverport})
setup_file(setup_path("fedorads-partitions.ldif"),
- self.partitions_ldif,
+ self.partitions_ldif,
{"CONFIGDN": self.names.configdn,
"SCHEMADN": self.names.schemadn,
"SAMBADN": self.sambadn,
f = open(setup_path(mapping), 'r')
try:
backend_schema_data = self.schema.convert_to_openldap("fedora-ds",
- f.read())
+ f.read())
finally:
f.close()
assert backend_schema_data is not None
self.credentials.set_bind_dn(self.names.ldapmanagerdn)
# Destory the target directory, or else setup-ds.pl will complain
- fedora_ds_dir = os.path.join(self.ldapdir,
- "slapd-" + self.ldap_instance)
+ fedora_ds_dir = \
+ os.path.join(self.ldapdir,
+ "slapd-" + self.ldap_instance)
shutil.rmtree(fedora_ds_dir, True)
self.slapd_provision_command = [self.slapd_path, "-D", fedora_ds_dir,
- "-i", self.slapd_pid]
+ "-i", self.slapd_pid]
# In the 'provision' command line, stay in the foreground so we can
# easily kill it
self.slapd_provision_command.append("-d0")
#the command for the final run is the normal script
- self.slapd_command = [os.path.join(self.ldapdir,
- "slapd-" + self.ldap_instance, "start-slapd")]
+ self.slapd_command = \
+ [os.path.join(self.ldapdir,
+ "slapd-" + self.ldap_instance, "start-slapd")]
# If we were just looking for crashes up to this point, it's a
# good time to exit before we realise we don't have Fedora DS on
raise ProvisioningError("Fedora DS LDAP-Backend must be setup with path to setup-ds, e.g. --setup-ds-path=\"/usr/sbin/setup-ds.pl\"!")
if not os.path.exists(self.setup_ds_path):
self.logger.warning("Path (%s) to slapd does not exist!",
- self.setup_ds_path)
+ self.setup_ds_path)
# Run the Fedora DS setup utility
retcode = subprocess.call([self.setup_ds_path, "--silent", "--file",
- self.fedoradsinf], close_fds=True, shell=False)
+ self.fedoradsinf], close_fds=True, shell=False)
if retcode != 0:
raise ProvisioningError("setup-ds failed")
m.dn = ldb.Dn(ldapi_db, dnstring)
ldapi_db.modify(m)
return LDAPBackendResult(self.credentials, self.slapd_command_escaped,
- self.ldapdir)
+ self.ldapdir)
class SRVRecord(dnsp.DnssrvRpcRecord):
def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900,
- rank=dnsp.DNS_RANK_ZONE):
+ rank=dnsp.DNS_RANK_ZONE):
super(SRVRecord, self).__init__()
self.wType = dnsp.DNS_TYPE_SRV
self.rank = rank
# CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
msg = ldb.Message(ldb.Dn(samdb, "CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)))
msg["objectClass"] = ["top", "container"]
- msg["nTSecurityDescriptor"] = ldb.MessageElement(sd_val, ldb.FLAG_MOD_ADD,
- "nTSecurityDescriptor")
+ msg["nTSecurityDescriptor"] = \
+ ldb.MessageElement(sd_val, ldb.FLAG_MOD_ADD,
+ "nTSecurityDescriptor")
samdb.add(msg)
props.append(ndr_pack(AgingEnabledTimeProperty()))
msg = ldb.Message(ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" % (dnsdomain, prefix, domaindn)))
msg["objectClass"] = ["top", "dnsZone"]
- msg["ntSecurityDescriptor"] = ldb.MessageElement(ndr_pack(sec), ldb.FLAG_MOD_ADD,
- "nTSecurityDescriptor")
+ msg["ntSecurityDescriptor"] = \
+ ldb.MessageElement(ndr_pack(sec),
+ ldb.FLAG_MOD_ADD,
+ "nTSecurityDescriptor")
msg["dNSProperty"] = ldb.MessageElement(props, ldb.FLAG_MOD_ADD, "dNSProperty")
samdb.add(msg)
def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname,
- hostip, hostip6):
+ hostip, hostip6):
fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
# DC=@ record
add_at_record(samdb, domain_container_dn, "DC=@", hostname, dnsdomain,
- hostip, hostip6)
+ hostip, hostip6)
# DC=<HOSTNAME> record
add_host_record(samdb, domain_container_dn, "DC=%s" % hostname, hostip,
- hostip6)
+ hostip6)
# DC=_kerberos._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp",
- fqdn_hostname, 88)
+ fqdn_hostname, 88)
# DC=_kerberos._tcp.<SITENAME>._sites record
add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp.%s._sites" %
- site, fqdn_hostname, 88)
+ site, fqdn_hostname, 88)
# DC=_kerberos._udp record
add_srv_record(samdb, domain_container_dn, "DC=_kerberos._udp",
- fqdn_hostname, 88)
+ fqdn_hostname, 88)
# DC=_kpasswd._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._tcp",
- fqdn_hostname, 464)
+ fqdn_hostname, 464)
# DC=_kpasswd._udp record
add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._udp",
- fqdn_hostname, 464)
+ fqdn_hostname, 464)
# DC=_ldap._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp", fqdn_hostname,
- 389)
+ 389)
# DC=_ldap._tcp.<SITENAME>._sites record
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites" %
- site, fqdn_hostname, 389)
+ site, fqdn_hostname, 389)
# FIXME: The number of SRV records depend on the various roles this DC has.
# _gc and _msdcs records are added if the we are the forest dc and not subdomain dc
# DC=_gc._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp", fqdn_hostname,
- 3268)
+ 3268)
# DC=_gc._tcp.<SITENAME>,_sites record
add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp.%s._sites" % site,
- fqdn_hostname, 3268)
+ fqdn_hostname, 3268)
# DC=_msdcs record
add_ns_glue_record(samdb, domain_container_dn, "DC=_msdcs", fqdn_hostname)
# DC=_ldap._tcp.<SITENAME>._sites.DomainDnsZones
add_srv_record(samdb, domain_container_dn,
- "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site, fqdn_hostname,
- 389)
+ "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site, fqdn_hostname,
+ 389)
# DC=_ldap._tcp.<SITENAME>._sites.ForestDnsZones
add_srv_record(samdb, domain_container_dn,
- "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site, fqdn_hostname,
- 389)
+ "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site, fqdn_hostname,
+ 389)
# DC=_ldap._tcp.DomainDnsZones
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.DomainDnsZones",
# DC=DomainDnsZones
add_host_record(samdb, domain_container_dn, "DC=DomainDnsZones", hostip,
- hostip6)
+ hostip6)
# DC=ForestDnsZones
add_host_record(samdb, domain_container_dn, "DC=ForestDnsZones", hostip,
- hostip6)
+ hostip6)
def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
# DC=@ record
add_at_record(samdb, forest_container_dn, "DC=@", hostname, dnsforest,
- None, None)
+ None, None)
# DC=_kerberos._tcp.dc record
add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.dc",
- fqdn_hostname, 88)
+ fqdn_hostname, 88)
# DC=_kerberos._tcp.<SITENAME>._sites.dc record
add_srv_record(samdb, forest_container_dn,
- "DC=_kerberos._tcp.%s._sites.dc" % site, fqdn_hostname, 88)
+ "DC=_kerberos._tcp.%s._sites.dc" % site, fqdn_hostname, 88)
# DC=_ldap._tcp.dc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.dc",
- fqdn_hostname, 389)
+ fqdn_hostname, 389)
# DC=_ldap._tcp.<SITENAME>._sites.dc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.dc" %
- site, fqdn_hostname, 389)
+ site, fqdn_hostname, 389)
# DC=_ldap._tcp.<SITENAME>._sites.gc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.gc" %
- site, fqdn_hostname, 3268)
+ site, fqdn_hostname, 3268)
# DC=_ldap._tcp.gc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.gc",
- fqdn_hostname, 3268)
+ fqdn_hostname, 3268)
# DC=_ldap._tcp.pdc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.pdc",
- fqdn_hostname, 389)
+ fqdn_hostname, 389)
# DC=gc record
add_host_record(samdb, forest_container_dn, "DC=gc", hostip, hostip6)
# DC=_ldap._tcp.<DOMAINGUID>.domains record
add_srv_record(samdb, forest_container_dn,
- "DC=_ldap._tcp.%s.domains" % domainguid, fqdn_hostname, 389)
+ "DC=_ldap._tcp.%s.domains" % domainguid, fqdn_hostname, 389)
# DC=<NTDSGUID>
add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid,
- fqdn_hostname)
+ fqdn_hostname)
def secretsdb_setup_dns(secretsdb, names, private_dir, binddns_dir, realm,
"DOMAINSID" : str(domainsid),
"DESCRIPTOR" : descr})
setup_add_ldif(dom_ldb,
- setup_path("provision_basedn_options.ldif"), None)
+ setup_path("provision_basedn_options.ldif"), None)
except:
logger.error(
metadata_file = "metadata.tdb"
try:
os.link(os.path.join(samldb_dir, metadata_file),
- os.path.join(dns_samldb_dir, metadata_file))
+ os.path.join(dns_samldb_dir, metadata_file))
os.link(os.path.join(private_dir, domainzone_file),
- os.path.join(dns_dir, domainzone_file))
+ os.path.join(dns_dir, domainzone_file))
if forestzone_file:
os.link(os.path.join(private_dir, forestzone_file),
os.path.join(dns_dir, forestzone_file))
pfile = partfile[nc]
if backend_store == "mdb":
mdb_copy(os.path.join(private_dir, pfile),
- os.path.join(dns_dir, pfile))
+ os.path.join(dns_dir, pfile))
else:
tdb_copy(os.path.join(private_dir, pfile),
- os.path.join(dns_dir, pfile))
+ os.path.join(dns_dir, pfile))
except:
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
- keytab_name):
+ keytab_name):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
dnsadmins_sid, fill_level):
# Set up additional partitions (DomainDnsZones, ForstDnsZones)
setup_dns_partitions(samdb, domainsid, domaindn, forestdn,
- names.configdn, names.serverdn, fill_level)
+ names.configdn, names.serverdn, fill_level)
# Set up MicrosoftDNS containers
add_dns_container(samdb, domaindn, "DC=DomainDnsZones", domainsid,
def setup_ad_dns(samdb, secretsdb, names, paths, lp, logger,
- dns_backend, os_level, dnspass=None, hostip=None, hostip6=None,
- targetdir=None, fill_level=FILL_FULL, backend_store=None):
+ dns_backend, os_level, dnspass=None, hostip=None, hostip6=None,
+ targetdir=None, fill_level=FILL_FULL, backend_store=None):
"""Provision DNS information (assuming GC role)
:param samdb: LDB object connected to sam.ldb file
def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
- dns_backend, os_level, site=None, dnspass=None, hostip=None,
- hostip6=None, targetdir=None, key_version_number=None,
- backend_store=None):
+ dns_backend, os_level, site=None, dnspass=None, hostip=None,
+ hostip6=None, targetdir=None, key_version_number=None,
+ backend_store=None):
"""Provision DNS information (assuming BIND9 backend in DC role)
:param samdb: LDB object connected to sam.ldb file
if len(a_recs) != orig_num_recs:
logger.info("updating %s keeping %d values, removing %s values" % \
- (a_name, len(a_recs), orig_num_recs - len(a_recs)))
+ (a_name, len(a_recs), orig_num_recs - len(a_recs)))
samdb.dns_replace(a_name, a_recs)
remove_hanging_dns_references(samdb, logger, dnsHostNameUpper, zones)
try:
msgs = samdb.search(base=ntds_dn, expression="objectClass=ntdsDSA",
- attrs=["objectGUID"], scope=ldb.SCOPE_BASE)
+ attrs=["objectGUID"], scope=ldb.SCOPE_BASE)
except LdbError as e5:
(enum, estr) = e5.args
if enum == ldb.ERR_NO_SUCH_OBJECT:
attrs=[],
expression="(&(objectClass=server)"
"(cn=%s))"
- % ldb.binary_encode(dc_name))
+ % ldb.binary_encode(dc_name))
except LdbError as e3:
(enum, estr) = e3.args
raise DemoteException("Failure checking if %s is an server "
self.url = url
super(SamDB, self).__init__(url=url, lp=lp, modules_dir=modules_dir,
- session_info=session_info, credentials=credentials, flags=flags,
- options=options)
+ session_info=session_info, credentials=credentials, flags=flags,
+ options=options)
if global_schema:
dsdb._dsdb_set_global_schema(self)
self.url = url
super(SamDB, self).connect(url=url, flags=flags,
- options=options)
+ options=options)
def am_rodc(self):
'''return True if we are an RODC'''
# The new user record. Note the reliance on the SAMLDB module which
# fills in the default informations
ldbmessage = {"dn": group_dn,
- "sAMAccountName": groupname,
- "objectClass": "group"}
+ "sAMAccountName": groupname,
+ "objectClass": "group"}
if grouptype is not None:
ldbmessage["groupType"] = normalise_int32(grouptype)
self.transaction_start()
try:
targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression=groupfilter, attrs=[])
+ expression=groupfilter, attrs=[])
if len(targetgroup) == 0:
raise Exception('Unable to find group "%s"' % groupname)
assert(len(targetgroup) == 1)
self.transaction_start()
try:
targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression=groupfilter, attrs=['member'])
+ expression=groupfilter, attrs=['member'])
if len(targetgroup) == 0:
raise Exception('Unable to find group "%s"' % groupname)
assert(len(targetgroup) == 1)
self.transaction_commit()
def newuser(self, username, password,
- force_password_change_at_next_login_req=False,
- useusernameascn=False, userou=None, surname=None, givenname=None,
- initials=None, profilepath=None, scriptpath=None, homedrive=None,
- homedirectory=None, jobtitle=None, department=None, company=None,
- description=None, mailaddress=None, internetaddress=None,
- telephonenumber=None, physicaldeliveryoffice=None, sd=None,
- setpassword=True, uidnumber=None, gidnumber=None, gecos=None,
- loginshell=None, uid=None, nisdomain=None, unixhome=None,
- smartcard_required=False):
+ force_password_change_at_next_login_req=False,
+ useusernameascn=False, userou=None, surname=None, givenname=None,
+ initials=None, profilepath=None, scriptpath=None, homedrive=None,
+ homedirectory=None, jobtitle=None, department=None, company=None,
+ description=None, mailaddress=None, internetaddress=None,
+ telephonenumber=None, physicaldeliveryoffice=None, sd=None,
+ setpassword=True, uidnumber=None, gidnumber=None, gecos=None,
+ loginshell=None, uid=None, nisdomain=None, unixhome=None,
+ smartcard_required=False):
"""Adds a new user with additional parameters
:param username: Name of the new user
ldbmessage2 = None
if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos,
- loginshell, nisdomain, unixhome))):
+ loginshell, nisdomain, unixhome))):
ldbmessage2 = ldb.Message()
ldbmessage2.dn = ldb.Dn(self, user_dn)
if uid is not None:
self.transaction_commit()
def setpassword(self, search_filter, password,
- force_change_at_next_login=False, username=None):
+ force_change_at_next_login=False, username=None):
"""Sets the password for a user
:param search_filter: LDAP filter to find the user (eg
self.transaction_start()
try:
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression=search_filter,
- attrs=["userAccountControl", "accountExpires"])
+ expression=search_filter,
+ attrs=["userAccountControl", "accountExpires"])
if len(res) == 0:
raise Exception('Unable to find user "%s"' % search_filter)
assert(len(res) == 1)
return dsdb._samdb_get_domain_sid(self)
domain_sid = property(get_domain_sid, set_domain_sid,
- "SID for the domain")
+ "SID for the domain")
def set_invocation_id(self, invocation_id):
"""Set the invocation id for this SamDB handle.
return dsdb._samdb_ntds_invocation_id(self)
invocation_id = property(get_invocation_id, set_invocation_id,
- "Invocation ID GUID")
+ "Invocation ID GUID")
def get_oid_from_attid(self, attid):
return dsdb._dsdb_get_oid_from_attid(self, attid)
def get_attid_from_lDAPDisplayName(self, ldap_display_name,
- is_schema_nc=False):
+ is_schema_nc=False):
'''return the attribute ID for a LDAP attribute as an integer as found in DRSUAPI'''
return dsdb._dsdb_get_attid_from_lDAPDisplayName(self,
- ldap_display_name, is_schema_nc)
+ ldap_display_name, is_schema_nc)
def get_syntax_oid_from_lDAPDisplayName(self, ldap_display_name):
'''return the syntax OID for a LDAP attribute as a string'''
res = self.search(expression="objectClass=attributeSchema",
controls=["search_options:1:2"],
attrs=["attributeID",
- "lDAPDisplayName"])
+ "lDAPDisplayName"])
if len(res) > 0:
for e in res:
strDisplay = str(e.get("lDAPDisplayName"))
return None
def set_attribute_replmetadata_version(self, dn, att, value,
- addifnotexist=False):
+ addifnotexist=False):
res = self.search(expression="distinguishedName=%s" % dn,
scope=ldb.SCOPE_SUBTREE,
controls=["search_options:1:2"],
replBlob = ndr_pack(repl)
msg = ldb.Message()
msg.dn = res[0].dn
- msg["replPropertyMetaData"] = ldb.MessageElement(replBlob,
- ldb.FLAG_MOD_REPLACE,
- "replPropertyMetaData")
+ msg["replPropertyMetaData"] = \
+ ldb.MessageElement(replBlob,
+ ldb.FLAG_MOD_REPLACE,
+ "replPropertyMetaData")
self.modify(msg, ["local_oid:1.3.6.1.4.1.7165.4.3.14:0"])
def write_prefixes_from_schema(self):
m.dn = ldb.Dn(self, "CN=Directory Service,CN=Windows NT,CN=Services,%s"
% self.get_config_basedn().get_linearized())
if dsheuristics is not None:
- m["dSHeuristics"] = ldb.MessageElement(dsheuristics,
- ldb.FLAG_MOD_REPLACE, "dSHeuristics")
+ m["dSHeuristics"] = \
+ ldb.MessageElement(dsheuristics,
+ ldb.FLAG_MOD_REPLACE,
+ "dSHeuristics")
else:
- m["dSHeuristics"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE,
- "dSHeuristics")
+ m["dSHeuristics"] = \
+ ldb.MessageElement([], ldb.FLAG_MOD_DELETE,
+ "dSHeuristics")
self.modify(m)
def get_dsheuristics(self):
# the schema files (and corresponding object version) that we know about
base_schemas = {
"2008_R2_old" : ("MS-AD_Schema_2K8_R2_Attributes.txt",
- "MS-AD_Schema_2K8_R2_Classes.txt",
- 47),
+ "MS-AD_Schema_2K8_R2_Classes.txt",
+ 47),
"2008_R2" : ("Attributes_for_AD_DS__Windows_Server_2008_R2.ldf",
"Classes_for_AD_DS__Windows_Server_2008_R2.ldf",
47),
self.schema_data += open(file, 'r').read()
self.schema_data = substitute_var(self.schema_data,
- {"SCHEMADN": schemadn})
+ {"SCHEMADN": schemadn})
check_all_substituted(self.schema_data)
schema_version = str(Schema.get_version(base_schema))
else:
domainsid = security.dom_sid(domainsid)
return Schema(domainsid, schemadn=schemadn,
- override_prefixmap=override_prefixmap)
+ override_prefixmap=override_prefixmap)
"""
ret = samdb.search(base=configDn, scope=ldb.SCOPE_SUBTREE,
- expression='(&(objectclass=Site)(cn=%s))' % siteName)
+ expression='(&(objectclass=Site)(cn=%s))' % siteName)
if len(ret) != 0:
raise SiteAlreadyExistsException('A site with the name %s already exists' % siteName)
def error(self, label):
raise NotImplementedError("%s on RemotedTestCases is not permitted." %
- label)
+ label)
def setUp(self):
self.error("setUp")
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self._assert_ncacn_np_serviceDescription(binding,
- msg["Authentication"]["serviceDescription"])
+ msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1],
msg["Authentication"]["authDescription"])
msg = messages[1]
self.assertEquals("Authorization", msg["type"])
self._assert_ncacn_np_serviceDescription(binding,
- msg["Authorization"]["serviceDescription"])
+ msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[2], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
msg = messages[2]
self.assertEquals("Authorization", msg["type"])
self._assert_ncacn_np_serviceDescription(binding,
- msg["Authorization"]["serviceDescription"])
+ msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[3], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(),
- creds.get_username()))
+ creds.get_username()))
self.samdb = SamDB(url="ldaps://%s" % os.environ["SERVER"],
lp=self.get_loadparm(),
creds = self.insta_creds(template=self.get_credentials())
creds.set_password("badPassword")
creds.set_bind_dn("%s\\%s" % (creds.get_domain(),
- creds.get_username()))
+ creds.get_username()))
thrown = False
try:
def test_nothing(self):
self.assertEquals("foo bar",
- samba.substitute_var("foo bar", {"bar": "bla"}))
+ samba.substitute_var("foo bar", {"bar": "bla"}))
def test_replace(self):
self.assertEquals("foo bla",
- samba.substitute_var("foo ${bar}", {"bar": "bla"}))
+ samba.substitute_var("foo ${bar}", {"bar": "bla"}))
def test_broken(self):
self.assertEquals("foo ${bdkjfhsdkfh sdkfh ",
- samba.substitute_var("foo ${bdkjfhsdkfh sdkfh ", {"bar": "bla"}))
+ samba.substitute_var("foo ${bdkjfhsdkfh sdkfh ", {"bar": "bla"}))
def test_unknown_var(self):
self.assertEquals("foo ${bla} gsff",
- samba.substitute_var("foo ${bla} gsff", {"bar": "bla"}))
+ samba.substitute_var("foo ${bla} gsff", {"bar": "bla"}))
def test_check_all_substituted(self):
samba.check_all_substituted("nothing to see here")
self.assertRaises(Exception, samba.check_all_substituted,
- "Not subsituted: ${FOOBAR}")
+ "Not subsituted: ${FOOBAR}")
class ArcfourTestCase(TestCase):
try:
l.add({"dn": "foo=dc", "bar": "bla"})
self.assertEquals(b"bla",
- l.searchone(basedn=ldb.Dn(l, "foo=dc"), attribute="bar"))
+ l.searchone(basedn=ldb.Dn(l, "foo=dc"), attribute="bar"))
finally:
del l
os.unlink(path)
def test_bare(self):
# Connect to the echo pipe
x = ClientConnection("ncalrpc:localhost[DEFAULT]",
- ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
- lp_ctx=samba.tests.env_loadparm())
+ ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+ lp_ctx=samba.tests.env_loadparm())
self.assertEquals(b"\x01\x00\x00\x00", x.request(0, chr(0) * 4))
def test_two_contexts(self):
x = ClientConnection("ncalrpc:localhost[DEFAULT]",
- ("12345778-1234-abcd-ef00-0123456789ac", 1),
- lp_ctx=samba.tests.env_loadparm())
+ ("12345778-1234-abcd-ef00-0123456789ac", 1),
+ lp_ctx=samba.tests.env_loadparm())
y = ClientConnection("ncalrpc:localhost",
- ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
- basis_connection=x, lp_ctx=samba.tests.env_loadparm())
+ ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+ basis_connection=x, lp_ctx=samba.tests.env_loadparm())
self.assertEquals(24, len(x.request(0, chr(0) * 8)))
self.assertEquals(b"\x01\x00\x00\x00", y.request(0, chr(0) * 4))
def test_bare_tcp(self):
# Connect to the echo pipe
x = ClientConnection("ncacn_ip_tcp:%s" % os.environ["SERVER"],
- ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
- lp_ctx=samba.tests.env_loadparm())
+ ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+ lp_ctx=samba.tests.env_loadparm())
self.assertEquals(b"\x01\x00\x00\x00", x.request(0, chr(0) * 4))
def test_two_contexts_tcp(self):
x = ClientConnection("ncacn_ip_tcp:%s" % os.environ["SERVER"],
- ("12345778-1234-abcd-ef00-0123456789ac", 1),
- lp_ctx=samba.tests.env_loadparm())
+ ("12345778-1234-abcd-ef00-0123456789ac", 1),
+ lp_ctx=samba.tests.env_loadparm())
y = ClientConnection("ncacn_ip_tcp:%s" % os.environ["SERVER"],
- ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
- basis_connection=x, lp_ctx=samba.tests.env_loadparm())
+ ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+ basis_connection=x, lp_ctx=samba.tests.env_loadparm())
self.assertEquals(24, len(x.request(0, chr(0) * 8)))
self.assertEquals(b"\x01\x00\x00\x00", y.request(0, chr(0) * 4))
# self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
# self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
# self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 2)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.ctx_list[1].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[1].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 2)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.ctx_list[1].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[1].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 2)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.ctx_list[1].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[1].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 2)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.ctx_list[1].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[1].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 2)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.ctx_list[1].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[1].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
+ dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
self.assertEquals(rep.u.ctx_list[0].reason, features)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
+ dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
self.assertEquals(rep.u.ctx_list[0].reason, features1)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
+ dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
+ dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
self.assertEquals(rep.u.ctx_list[0].reason, features)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
+ dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
self.assertEquals(rep.u.ctx_list[0].reason, features1)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
self.assertEquals(rep.u.auth_info, '\0' * 0)
def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
ndr32 = base.transfer_syntax_ndr()
tsf1_list = [ndr32]
if creds is not None:
# We always start with DCERPC_AUTH_LEVEL_INTEGRITY
auth_context = self.get_auth_context_creds(creds,
- auth_type=auth_type,
- auth_level=auth_level,
- auth_context_id=auth_context_id,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
+ auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
from_server = ""
(finished, to_server) = auth_context["gensec"].update(from_server)
self.assertFalse(finished)
def _test_auth_none_level_bind(self, auth_level,
reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
- auth_level=auth_level, reason=reason)
+ auth_level=auth_level, reason=reason)
def test_auth_none_none_bind(self):
return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_auth_none_connect_bind(self):
return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
def test_auth_none_0_bind(self):
return self._test_auth_none_level_bind(0,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_auth_none_7_bind(self):
return self._test_auth_none_level_bind(7,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_auth_none_255_bind(self):
return self._test_auth_none_level_bind(255,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def _test_auth_none_level_request(self, auth_level):
ndr32 = base.transfer_syntax_ndr()
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(len(rep.u.auth_info), 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertEquals(rep.u.auth_info, '\0' * 0)
ctx = self.prepare_presentation(abstract, ndr32)
req1 = self.generate_request(call_id = 1,
- pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
- context_id=ctx.context_id,
- opnum=0,
- stub="")
+ pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
+ context_id=ctx.context_id,
+ opnum=0,
+ stub="")
self.send_pdu(req1)
rep = self.recv_pdu(timeout=0.1)
self.assertIsNone(rep)
# And now try a new request
req2 = self.generate_request(call_id = 2,
- context_id=ctx.context_id,
- opnum=0,
- stub="")
+ context_id=ctx.context_id,
+ opnum=0,
+ stub="")
self.send_pdu(req2)
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
pfc_flags=pfc_flags)
req1 = self.generate_request(call_id = 1,
- pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
- context_id=ctx.context_id,
- opnum=0,
- stub="")
+ pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
+ context_id=ctx.context_id,
+ opnum=0,
+ stub="")
self.send_pdu(req1)
rep = self.recv_pdu(timeout=0.1)
self.assertIsNone(rep)
# And now try a new request
req2 = self.generate_request(call_id = 2,
- context_id=ctx.context_id-1,
- opnum=0,
- stub="")
+ context_id=ctx.context_id-1,
+ opnum=0,
+ stub="")
self.send_pdu(req2)
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
auth_length=0)
self.assertEquals(rep.u.reject_reason,
- dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
+ dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
self.assertEquals(rep.u.num_versions, 1)
self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
#self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
self.assertNotEquals(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
return auth_context["gensec"]
def _test_spnego_level_bind_nak(self, auth_level,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
c = self.get_user_creds()
return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
auth_level=auth_level, creds=c, reason=reason)
def test_spnego_none_bind(self):
return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_spnego_call_bind(self):
return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
def test_spnego_0_bind(self):
return self._test_spnego_level_bind_nak(0,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_spnego_7_bind(self):
return self._test_spnego_level_bind_nak(7,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_spnego_255_bind(self):
return self._test_spnego_level_bind_nak(255,
- reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
+ reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
def test_spnego_connect_bind_none(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
def test_spnego_connect_bind_sign(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
def test_spnego_connect_bind_seal(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
def test_spnego_packet_bind_none(self):
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
- request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
+ request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
def test_spnego_packet_bind_sign(self):
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
- request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
- response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
+ request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
+ response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
def test_spnego_packet_bind_sign(self):
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
- request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
- response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
+ request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
+ response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
def test_spnego_integrity_bind_none(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
- request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
+ request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
def test_spnego_integrity_bind_sign(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
- request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
- response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
+ request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
+ response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
def test_spnego_integrity_bind_seal(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
- request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
- response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
+ request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
+ response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
def test_spnego_privacy_bind_none(self):
# This fails...
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
- alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
+ alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
def test_spnego_privacy_bind_sign(self):
# This fails...
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
- alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
+ alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
def test_spnego_privacy_bind_seal(self):
return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
- g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
+ g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
# self.assertEquals(rep.u._pad1, '\0' * port_pad)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- samba.dcerpc.dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ samba.dcerpc.dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- samba.dcerpc.dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ samba.dcerpc.dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ctx.transfer_syntaxes[0])
ack = rep
if auth_context is None:
# self.assertEquals(rep.u._pad1, '\0' * 2)
self.assertEquals(rep.u.num_results, 1)
self.assertEquals(rep.u.ctx_list[0].result,
- samba.dcerpc.dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ samba.dcerpc.dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
self.assertEquals(rep.u.ctx_list[0].reason,
- samba.dcerpc.dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ samba.dcerpc.dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ctx.transfer_syntaxes[0])
self.assertNotEquals(rep.auth_length, 0)
self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
self.assertEqual(p.pfc_flags, pfc_flags)
self.assertEqual(p.drep, drep)
self.assertGreaterEqual(p.frag_length,
- samba.dcerpc.dcerpc.DCERPC_NCACN_PAYLOAD_OFFSET)
+ samba.dcerpc.dcerpc.DCERPC_NCACN_PAYLOAD_OFFSET)
if len(ai) > samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH:
self.assertEqual(p.auth_length,
- len(ai) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
+ len(ai) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
elif auth_length is not None:
self.assertEqual(p.auth_length, auth_length)
else:
def get_hklm(self):
return self.conn.OpenHKLM(None,
- winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS)
+ winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS)
def test_hklm(self):
handle = self.conn.OpenHKLM(None,
- winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS)
+ winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS)
self.conn.CloseKey(handle)
def test_getversion(self):
def test_getkeyinfo(self):
handle = self.conn.OpenHKLM(None,
- winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS)
+ winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS)
x = self.conn.QueryInfoKey(handle, winreg.String())
self.assertEquals(9, len(x)) # should return a 9-tuple
self.conn.CloseKey(handle)
name = share.name
share.comment = "now sucessfully modified "
parm_error = self.pipe.NetShareSetInfo(self.server_unc, name,
- 502, share, parm_error)
+ 502, share, parm_error)
def test_NetShareDel(self):
self.skipTest("Dangerous test")
share = self.getDummyShareObject()
parm_error = 0x00000000
self.expectFailure("NetShareAdd doesn't work properly from Python",
- self.conn.NetShareAdd, self.server_unc, 502, share, parm_error)
+ self.conn.NetShareAdd, self.server_unc, 502, share, parm_error)
self.conn.NetShareDel(self.server_unc, share.name, 0)
def ldap_get_zone_settings(self):
records = self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_BASE,
- expression="(&(objectClass=dnsZone)" +
- "(name={}))".format(self.zone),
+ expression="(&(objectClass=dnsZone)" +
+ "(name={}))".format(self.zone),
attrs=["dNSProperty"])
self.assertEqual(len(records), 1)
props = [ndr_unpack(dnsp.DnsProperty, r)
self.check_query_txt(prefix, txt)
self.assertIsNotNone(
dns_record_match(self.rpc_conn,
- self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT,
- '"\\"This is a test\\"" "" ""'))
+ self.server_ip,
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT,
+ '"\\"This is a test\\"" "" ""'))
prefix, txt = 'pad2textrec', ['"This is a test"', '', '', 'more text']
p = self.make_txt_update(prefix, txt)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.check_query_txt(prefix, ['NULL'])
self.assertIsNotNone(dns_record_match(self.rpc_conn, self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT, '"NULL"'))
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT, '"NULL"'))
prefix, txt = 'nulltextrec2', ['NULL\x00BYTE', 'NULL\x00BYTE']
p = self.make_txt_update(prefix, txt)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.check_query_txt(prefix, ['NULL', 'NULL'])
self.assertIsNotNone(dns_record_match(self.rpc_conn, self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT, '"NULL" "NULL"'))
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT, '"NULL" "NULL"'))
def test_update_add_null_char_rpc_to_dns(self):
prefix = 'rpcnulltextrec'
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.check_query_txt(prefix, txt)
self.assertIsNotNone(dns_record_match(self.rpc_conn, self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT, '"HIGH\xFFBYTE"'))
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT, '"HIGH\xFFBYTE"'))
def test_update_add_hex_rpc_to_dns(self):
prefix, txt = 'hextextrec', ['HIGH\xFFBYTE']
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.check_query_txt(prefix, txt)
self.assertIsNotNone(dns_record_match(self.rpc_conn, self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT, '"Th\\\\=is=is a test"'))
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT, '"Th\\\\=is=is a test"'))
# This test fails against Windows as it eliminates slashes in RPC
# One typical use for a slash is in records like 'var=value' to
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.check_query_txt(prefix, txt)
self.assertIsNotNone(dns_record_match(self.rpc_conn, self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT, '"\\"This is a test\\""' +
- ' "\\"and this is a test, too\\""'))
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT, '"\\"This is a test\\""' +
+ ' "\\"and this is a test, too\\""'))
def test_update_add_two_rpc_to_dns(self):
prefix, txt = 'textrec2', ['"This is a test"',
name = "%s.%s" % (prefix, self.get_dns_domain())
rec = data_to_dns_record(dnsp.DNS_TYPE_TXT,
- '"\\"This is a test\\""' +
- ' "\\"and this is a test, too\\""')
+ '"\\"This is a test\\""' +
+ ' "\\"and this is a test, too\\""')
add_rec_buf = dnsserver.DNS_RPC_RECORD_BUF()
add_rec_buf.rec = rec
try:
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.check_query_txt(prefix, txt)
self.assertIsNotNone(dns_record_match(self.rpc_conn, self.server_ip,
- self.get_dns_domain(),
- "%s.%s" % (prefix, self.get_dns_domain()),
- dnsp.DNS_TYPE_TXT, ''))
+ self.get_dns_domain(),
+ "%s.%s" % (prefix, self.get_dns_domain()),
+ dnsp.DNS_TYPE_TXT, ''))
def test_update_add_empty_rpc_to_dns(self):
prefix, txt = 'rpcemptytextrec', []
# registry shares appears to need sudo
self._set_arbitrary(['bin/testparm'],
- exceptions = ['client lanman auth',
- 'client plaintext auth',
- 'registry shares',
- 'smb ports',
- 'rpc server dynamic port range',
- 'name resolve order'])
+ exceptions = ['client lanman auth',
+ 'client plaintext auth',
+ 'registry shares',
+ 'smb ports',
+ 'rpc server dynamic port range',
+ 'name resolve order'])
self._test_empty(['bin/testparm'])
def test_default_s4(self):
self._test_default(['bin/samba-tool', 'testparm'])
self._set_defaults(['bin/samba-tool', 'testparm'])
self._set_arbitrary(['bin/samba-tool', 'testparm'],
- exceptions = ['smb ports',
- 'rpc server dynamic port range',
- 'name resolve order'])
+ exceptions = ['smb ports',
+ 'rpc server dynamic port range',
+ 'name resolve order'])
self._test_empty(['bin/samba-tool', 'testparm'])
def _test_default(self, program):
section = "test"
else:
self.fail("%s has no valid context" % param)
- p = subprocess.Popen(program + ["-s", self.smbconf,
- "--section-name", section, "--parameter-name", param],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=self.topdir).communicate()
+ p = subprocess.Popen(program + ["-s",
+ self.smbconf,
+ "--section-name",
+ section,
+ "--parameter-name",
+ param],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ cwd=self.topdir).communicate()
result = p[0].decode().upper().strip()
if result != default.upper():
if not (result == "" and default == '""'):
if len(failset) > 0:
self.fail(self._format_message(failset,
- "Parameters that do not have matching defaults:"))
+ "Parameters that do not have matching defaults:"))
def _set_defaults(self, program):
failset = set()
section = "test"
else:
self.fail("%s has no valid context" % param)
- p = subprocess.Popen(program + ["-s", self.smbconf,
- "--section-name", section, "--parameter-name", param,
- "--option", "%s = %s" % (param, default)],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=self.topdir).communicate()
+ p = subprocess.Popen(program + ["-s",
+ self.smbconf,
+ "--section-name",
+ section,
+ "--parameter-name",
+ param,
+ "--option",
+ "%s = %s" % (param, default)],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ cwd=self.topdir).communicate()
result = p[0].decode().upper().strip()
if result != default.upper():
if not (result == "" and default == '""'):
if len(failset) > 0:
self.fail(self._format_message(failset,
- "Parameters that do not have matching defaults:"))
+ "Parameters that do not have matching defaults:"))
def _set_arbitrary(self, program, exceptions=None):
arbitrary = {'string': 'string', 'boolean': 'yes', 'integer': '5',
if value_to_use is None:
self.fail("%s has an invalid type" % param)
- p = subprocess.Popen(program + ["-s", self.smbconf,
- "--section-name", section, "--parameter-name", param,
- "--option", "%s = %s" % (param, value_to_use)],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=self.topdir).communicate()
+ p = subprocess.Popen(program + ["-s",
+ self.smbconf,
+ "--section-name",
+ section,
+ "--parameter-name",
+ param,
+ "--option",
+ "%s = %s" % (param, value_to_use)],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ cwd=self.topdir).communicate()
result = p[0].decode().upper().strip()
if result != value_to_use.upper():
# currently no way to distinguish command lists
finally:
g.close()
- p = subprocess.Popen(program + ["-s", tempconf, "--suppress-prompt",
- "--option", "%s = %s" % (param, value_to_use)],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=self.topdir).communicate()
+ p = subprocess.Popen(program + ["-s",
+ tempconf,
+ "--suppress-prompt",
+ "--option",
+ "%s = %s" % (param, value_to_use)],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ cwd=self.topdir).communicate()
os.unlink(tempconf)
if len(failset) > 0:
self.fail(self._format_message(failset,
- "Parameters that were unexpectedly not set:"))
+ "Parameters that were unexpectedly not set:"))
def _test_empty(self, program):
- p = subprocess.Popen(program + ["-s", self.blankconf, "--suppress-prompt"],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=self.topdir).communicate()
+ p = subprocess.Popen(program + ["-s",
+ self.blankconf,
+ "--suppress-prompt"],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ cwd=self.topdir).communicate()
output = ""
for line in p[0].decode().splitlines():
msg = ldb.Message()
msg.dn = kept_dn
msg["manager"] = ldb.MessageElement("<SID=%s>" % removed_sid,
- ldb.FLAG_MOD_ADD,
- "manager")
+ ldb.FLAG_MOD_ADD,
+ "manager")
try:
self.samdb.modify(msg)
self.fail("No exception should get LDB_ERR_CONSTRAINT_VIOLATION")
msg = ldb.Message()
msg.dn = kept_dn
msg["manager"] = ldb.MessageElement("<GUID=%s>" % removed_guid,
- ldb.FLAG_MOD_ADD,
- "manager")
+ ldb.FLAG_MOD_ADD,
+ "manager")
try:
self.samdb.modify(msg)
self.fail("No exception should get LDB_ERR_CONSTRAINT_VIOLATION")
def test_parse_invalid(self):
self.assertRaises(optparse.OptionValueError,
- parse_kerberos_arg, "blah?", "--kerberos")
+ parse_kerberos_arg, "blah?", "--kerberos")
ds_paths = [None, 'CN=%s,%s' % (guid, dspath)]
for i in range(0, len(gpos)):
self.assertEquals(gpos[i].name, names[i],
- 'The gpo name did not match expected name %s' % gpos[i].name)
+ 'The gpo name did not match expected name %s' % gpos[i].name)
self.assertEquals(gpos[i].file_sys_path, file_sys_paths[i],
- 'file_sys_path did not match expected %s' % gpos[i].file_sys_path)
+ 'file_sys_path did not match expected %s' % gpos[i].file_sys_path)
self.assertEquals(gpos[i].ds_path, ds_paths[i],
- 'ds_path did not match expected %s' % gpos[i].ds_path)
+ 'ds_path did not match expected %s' % gpos[i].ds_path)
def test_gpo_ads_does_not_segfault(self):
with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
gpt.write(gpt_data % 42)
self.assertEquals(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], 42,
- 'gpo_get_sysvol_gpt_version() did not return the expected version')
+ 'gpo_get_sysvol_gpt_version() did not return the expected version')
with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
gpt.write(gpt_data % old_vers)
self.assertEquals(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], old_vers,
- 'gpo_get_sysvol_gpt_version() did not return the expected version')
+ 'gpo_get_sysvol_gpt_version() did not return the expected version')
def test_check_refresh_gpo_list(self):
cache = self.lp.cache_path('gpo_cache')
'{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
result = check_safe_path(before)
self.assertEquals(result, after, 'check_safe_path() didn\'t' \
- ' correctly convert \\ to /')
+ ' correctly convert \\ to /')
def test_gpt_ext_register(self):
this_path = os.path.dirname(os.path.realpath(__file__))
self.assertTrue(ret, 'Failed to register a gp ext')
gp_exts = list_gp_extensions(self.lp.configfile)
self.assertTrue(ext_guid in gp_exts.keys(),
- 'Failed to list gp exts')
+ 'Failed to list gp exts')
self.assertEquals(gp_exts[ext_guid]['DllName'], ext_path,
- 'Failed to list gp exts')
+ 'Failed to list gp exts')
unregister_gp_extension(ext_guid)
gp_exts = list_gp_extensions(self.lp.configfile)
self.assertTrue(ext_guid not in gp_exts.keys(),
- 'Failed to unregister gp exts')
+ 'Failed to unregister gp exts')
self.assertTrue(check_guid(ext_guid), 'Failed to parse valid guid')
self.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
lp, parser = parse_gpext_conf(self.lp.configfile)
self.assertTrue('test_section' in parser.sections(),
- 'test_section not found in gpext.conf')
+ 'test_section not found in gpext.conf')
self.assertEquals(parser.get('test_section', 'test_var'), ext_guid,
- 'Failed to find test variable in gpext.conf')
+ 'Failed to find test variable in gpext.conf')
parser.remove_section('test_section')
atomic_write_conf(lp, parser)
# UNCONNECTED_LDIF is a single site, unconnected 5DC database that was
# created using samba-tool domain join in testenv.
UNCONNECTED_LDIF = os.path.join(os.environ['SRCDIR_ABS'],
- "testdata/unconnected-intrasite.ldif")
+ "testdata/unconnected-intrasite.ldif")
MULTISITE_LDIF_DSAS = (
("CN=WIN08,CN=Servers,CN=Site-4,CN=Sites,CN=Configuration,DC=ad,DC=samba,DC=example,DC=com",
yield path, cmd
subcmds = getattr(cmd, "subcommands", {})
todo.extend([(path + " " + k, v) for (k, v) in
- subcmds.items()])
+ subcmds.items()])
class TestParmTests(NetCmdTestCase):
def test_no_client_ip(self):
out, err = self.run_netcmd(cmd_testparm, ["--client-name=foo"],
- retcode=-1)
+ retcode=-1)
self.assertEquals("", out)
self.assertEquals(
"ERROR: Both a DNS name and an IP address are "
missing.append(path)
if missing:
self.fail("The following commands do not have a synopsis set: %r" %
- missing)
+ missing)
def test_short_description_everywhere(self):
missing = []
def test_get_gpo_flags(self):
self.assertEquals(["GPO_FLAG_USER_DISABLE"],
- policy.get_gpo_flags(policy.GPO_FLAG_USER_DISABLE))
+ policy.get_gpo_flags(policy.GPO_FLAG_USER_DISABLE))
def test_get_gplink_options(self):
self.assertEquals(["GPLINK_OPT_DISABLE"],
- policy.get_gplink_options(policy.GPLINK_OPT_DISABLE))
+ policy.get_gplink_options(policy.GPLINK_OPT_DISABLE))
nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
nwrap_winbind_active = (nwrap_module_so_path != "" and
- nwrap_module_fn_prefix == "winbind")
+ nwrap_module_fn_prefix == "winbind")
LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
domsid = passdb.get_global_sam_sid()
session_info = self.get_session_info(domsid)
setntacl(self.lp, self.tempf, acl, str(domsid), use_ntvfs=False,
- session_info=session_info)
+ session_info=session_info)
facl = getntacl(self.lp, self.tempf)
self.assertEquals(facl.as_sddl(domsid),acl)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
nwrap_winbind_active = (nwrap_module_so_path != "" and
- nwrap_module_fn_prefix == "winbind")
+ nwrap_module_fn_prefix == "winbind")
LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
ldb = setup_secretsdb(paths, None, None, lp=env_loadparm())
try:
self.assertEquals("LSA Secrets",
- ldb.searchone(basedn="CN=LSA Secrets", attribute="CN").decode('utf8'))
+ ldb.searchone(basedn="CN=LSA Secrets", attribute="CN").decode('utf8'))
finally:
del ldb
os.unlink(path)
def test_same(self):
self.assertEquals("standalone server",
- sanitize_server_role("standalone server"))
+ sanitize_server_role("standalone server"))
self.assertEquals("member server",
- sanitize_server_role("member server"))
+ sanitize_server_role("member server"))
def test_invalid(self):
self.assertRaises(ValueError, sanitize_server_role, "foo")
result.adminpass = "geheim"
entries = self.report_logger(result)
self.assertEquals(entries[1],
- ("INFO", 'Admin password: geheim'))
+ ("INFO", 'Admin password: geheim'))
class DetermineNetbiosNameTests(TestCase):
def setUp(self):
super(IdmapDbTestCase, self).setUp()
self.idmapdb = IdmapDatabase(os.path.join(DATADIR,
- "winbindd_idmap"))
+ "winbindd_idmap"))
def test_user_hwm(self):
self.assertEquals(10000, self.idmapdb.get_user_hwm())
"@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,samba3sid,show_deleted_ignore,dsdb_flags_ignore,partition"})
ldb.add({"dn": "@PARTITION",
- "partition": ["%s" % (s4.basedn_casefold),
- "%s" % (s3.basedn_casefold)],
- "replicateEntries": ["@ATTRIBUTES", "@INDEXLIST"],
- "modules": "*:"})
+ "partition": ["%s" % (s4.basedn_casefold),
+ "%s" % (s3.basedn_casefold)],
+ "replicateEntries": ["@ATTRIBUTES", "@INDEXLIST"],
+ "modules": "*:"})
def setUp(self):
self.lp = env_loadparm()
"""Looking up by objectClass"""
msg = self.ldb.search(expression="(|(objectClass=user)(cn=Administrator))")
self.assertEquals(set([str(m.dn) for m in msg]),
- set(["unixName=Administrator,ou=Users,dc=vernstok,dc=nl",
- "unixName=nobody,ou=Users,dc=vernstok,dc=nl"]))
+ set(["unixName=Administrator,ou=Users,dc=vernstok,dc=nl",
+ "unixName=nobody,ou=Users,dc=vernstok,dc=nl"]))
def test_s3sam_modify(self):
# Adding a record that will be fallbacked
#
#
msg = self.ldb.search(expression="(cn=Foo)", base="cn=Foo",
- scope=SCOPE_BASE,
- attrs=['foo','blah','cn','showInAdvancedViewOnly'])
+ scope=SCOPE_BASE,
+ attrs=['foo','blah','cn','showInAdvancedViewOnly'])
self.assertEquals(len(msg), 1)
self.assertEquals(str(msg[0]["showInAdvancedViewOnly"]), "TRUE")
self.assertEquals(str(msg[0]["foo"]), "bar")
# Adding record that will be mapped
self.ldb.add({"dn": "cn=Niemand,cn=Users,dc=vernstok,dc=nl",
- "objectClass": "user",
- "unixName": "bin",
- "sambaUnicodePwd": "geheim",
- "cn": "Niemand"})
+ "objectClass": "user",
+ "unixName": "bin",
+ "sambaUnicodePwd": "geheim",
+ "cn": "Niemand"})
# Checking for existence of record (remote)
msg = self.ldb.search(expression="(unixName=bin)",
# Checking for existence of record (local && remote)
msg = self.ldb.search(expression="(&(unixName=bin)(sambaUnicodePwd=geheim))",
- attrs=['unixName','cn','dn', 'sambaUnicodePwd'])
+ attrs=['unixName','cn','dn', 'sambaUnicodePwd'])
self.assertEquals(len(msg), 1) # TODO: should check with more records
self.assertEquals(str(msg[0]["cn"]), "Niemand")
self.assertEquals(str(msg[0]["unixName"]), "bin")
# Checking for existence of record (local || remote)
msg = self.ldb.search(expression="(|(unixName=bin)(sambaUnicodePwd=geheim))",
- attrs=['unixName','cn','dn', 'sambaUnicodePwd'])
+ attrs=['unixName','cn','dn', 'sambaUnicodePwd'])
#print "got %d replies" % len(msg)
self.assertEquals(len(msg), 1) # TODO: should check with more records
self.assertEquals(str(msg[0]["cn"]), "Niemand")
msg = self.samba3.db.search(expression="(cn=Niemand)")
self.assertTrue(len(msg) >= 1)
self.assertEquals(str(msg[0]["sambaSID"]),
- "S-1-5-21-4231626423-2410014848-2360679739-2001")
+ "S-1-5-21-4231626423-2410014848-2360679739-2001")
self.assertEquals(str(msg[0]["displayName"]), "Niemand")
# Adding attribute...
# Search remote record by local DN
dn = self.samba4.dn("cn=A")
res = self.ldb.search(dn, scope=SCOPE_BASE,
- attrs=["dnsHostName", "lastLogon"])
+ attrs=["dnsHostName", "lastLogon"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn)
self.assertTrue(not "dnsHostName" in res[0])
# Search remote record by remote DN
dn = self.samba3.dn("cn=A")
res = self.samba3.db.search(dn, scope=SCOPE_BASE,
- attrs=["dnsHostName", "lastLogon", "sambaLogonTime"])
+ attrs=["dnsHostName", "lastLogon", "sambaLogonTime"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn)
self.assertTrue(not "dnsHostName" in res[0])
# Search split record by local DN
dn = self.samba4.dn("cn=X")
res = self.ldb.search(dn, scope=SCOPE_BASE,
- attrs=["dnsHostName", "lastLogon"])
+ attrs=["dnsHostName", "lastLogon"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn)
self.assertEquals(str(res[0]["dnsHostName"]), "x")
# Search split record by remote DN
dn = self.samba3.dn("cn=X")
res = self.samba3.db.search(dn, scope=SCOPE_BASE,
- attrs=["dnsHostName", "lastLogon", "sambaLogonTime"])
+ attrs=["dnsHostName", "lastLogon", "sambaLogonTime"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn)
self.assertTrue(not "dnsHostName" in res[0])
# Search by ignored attribute
res = self.ldb.search(expression="(revision=x)", scope=SCOPE_DEFAULT,
- attrs=["dnsHostName", "lastLogon"])
+ attrs=["dnsHostName", "lastLogon"])
self.assertEquals(len(res), 2)
res = sorted(res, key=attrgetter('dn'))
self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X"))
# Search by kept attribute
res = self.ldb.search(expression="(description=y)",
- scope=SCOPE_DEFAULT, attrs=["dnsHostName", "lastLogon"])
+ scope=SCOPE_DEFAULT, attrs=["dnsHostName", "lastLogon"])
self.assertEquals(len(res), 2)
res = sorted(res, key=attrgetter('dn'))
self.assertEquals(str(res[0].dn), self.samba4.dn("cn=C"))
# In most cases, this even works when the mapping is missing
# a `convert_operator' by enumerating the remote db.
res = self.ldb.search(expression="(primaryGroupID=512)",
- attrs=["dnsHostName", "lastLogon", "primaryGroupID"])
+ attrs=["dnsHostName", "lastLogon", "primaryGroupID"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), self.samba4.dn("cn=A"))
self.assertTrue(not "dnsHostName" in res[0])
# Add local record
dn = "cn=test,dc=idealx,dc=org"
self.ldb.add({"dn": dn,
- "cn": "test",
- "foo": "bar",
- "revision": "1",
- "description": "test"})
+ "cn": "test",
+ "foo": "bar",
+ "revision": "1",
+ "description": "test"})
# Check it's there
attrs = ["foo", "revision", "description"]
res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs)
dn = self.samba4.dn("cn=test")
dn2 = self.samba3.dn("cn=test")
self.samba3.db.add({"dn": dn2,
- "cn": "test",
- "description": "foo",
- "sambaBadPasswordCount": "3",
- "sambaNextRid": "1001"})
+ "cn": "test",
+ "description": "foo",
+ "sambaBadPasswordCount": "3",
+ "sambaNextRid": "1001"})
# Check it's there
res = self.samba3.db.search(dn2, scope=SCOPE_BASE,
- attrs=["description", "sambaBadPasswordCount", "sambaNextRid"])
+ attrs=["description", "sambaBadPasswordCount", "sambaNextRid"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn2)
self.assertEquals(str(res[0]["description"]), "foo")
self.ldb.modify_ldif(ldif)
# Check in mapped db
res = self.ldb.search(dn, scope=SCOPE_BASE,
- attrs=["description", "badPwdCount", "nextRid"])
+ attrs=["description", "badPwdCount", "nextRid"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn)
self.assertEquals(str(res[0]["description"]), "test")
self.assertEquals(str(res[0]["nextRid"]), "1001")
# Check in remote db
res = self.samba3.db.search(dn2, scope=SCOPE_BASE,
- attrs=["description", "sambaBadPasswordCount", "sambaNextRid"])
+ attrs=["description", "sambaBadPasswordCount", "sambaNextRid"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn2)
self.assertEquals(str(res[0]["description"]), "test")
# Check in mapped db
dn = dn2
res = self.ldb.search(dn, scope=SCOPE_BASE,
- attrs=["description", "badPwdCount", "nextRid"])
+ attrs=["description", "badPwdCount", "nextRid"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn)
self.assertEquals(str(res[0]["description"]), "test")
# Check in remote db
dn2 = self.samba3.dn("cn=toast")
res = self.samba3.db.search(dn2, scope=SCOPE_BASE,
- attrs=["description", "sambaBadPasswordCount", "sambaNextRid"])
+ attrs=["description", "sambaBadPasswordCount", "sambaNextRid"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn2)
self.assertEquals(str(res[0]["description"]), "test")
dn = self.samba4.dn("cn=test")
dn2 = self.samba3.dn("cn=test")
self.samba3.db.add({"dn": dn2,
- "cn": "test",
- "description": "foo",
- "sambaBadPasswordCount": "3",
- "sambaNextRid": "1001"})
+ "cn": "test",
+ "description": "foo",
+ "sambaBadPasswordCount": "3",
+ "sambaNextRid": "1001"})
# Modify local data of remote record
ldif = """
# Check in remote db
dn2 = self.samba3.dn("cn=toast")
res = self.samba3.db.search(dn2, scope=SCOPE_BASE,
- attrs=["description", "sambaBadPasswordCount", "sambaNextRid",
- "revision"])
+ attrs=["description", "sambaBadPasswordCount", "sambaNextRid",
+ "revision"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0].dn), dn2)
self.assertEquals(str(res[0]["description"]), "test")
dsdb.ATYPE_WORKSTATION_TRUST)
computerlist = self.samdb.search(base=self.samdb.domain_dn(),
- scope=ldb.SCOPE_SUBTREE,
- expression=search_filter,
- attrs=["samaccountname"])
+ scope=ldb.SCOPE_SUBTREE,
+ expression=search_filter,
+ attrs=["samaccountname"])
self.assertTrue(len(computerlist) > 0, "no computers found in samdb")
samaccountname = "%s$" % name
search_filter = ("(&(sAMAccountName=%s)(objectCategory=%s,%s))" %
(ldb.binary_encode(samaccountname),
- "CN=Computer,CN=Schema,CN=Configuration",
- self.samdb.domain_dn()))
+ "CN=Computer,CN=Schema,CN=Configuration",
+ self.samdb.domain_dn()))
computerlist = self.samdb.search(base=self.samdb.domain_dn(),
- scope=ldb.SCOPE_SUBTREE,
- expression=search_filter, attrs=[])
+ scope=ldb.SCOPE_SUBTREE,
+ expression=search_filter, attrs=[])
if computerlist:
return computerlist[0]
else:
def setUp(self):
super(ForestCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.domain_dn = self.samdb.domain_dn()
def tearDown(self):
def test_display(self):
"""Tests that we can display forest settings"""
(result, out, err) = self.runsublevelcmd("forest", ("directory_service",
- "show"),
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "show"),
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
"""Test that we can modify the dsheuristics setting"""
(result, out, err) = self.runsublevelcmd("forest", ("directory_service",
- "dsheuristics"), "0000002",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "dsheuristics"), "0000002",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
# Check that the output is sensible
samdb = self.getSamDB("-H", "ldap://%s" % os.environ["SERVER"],
- "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
+ "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
try:
res = samdb.search(base=ldb.Dn(samdb, "CN=Infrastructure,DC=DomainDnsZones") + samdb.get_default_basedn(),
- scope=ldb.SCOPE_BASE, attrs=["fsmoRoleOwner"])
+ scope=ldb.SCOPE_BASE, attrs=["fsmoRoleOwner"])
self.assertTrue("DomainDnsZonesMasterRole owner: " + res[0]["fsmoRoleOwner"][0] in out)
except ldb.LdbError as e:
def setUp(self):
super(GroupCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.groups = []
self.groups.append(self._randomGroup({"name": "testgroup1"}))
self.groups.append(self._randomGroup({"name": "testgroup2"}))
"--description=%s" % group["description"],
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","There shouldn't be any error message")
def _find_group(self, name):
search_filter = ("(&(sAMAccountName=%s)(objectCategory=%s,%s))" %
(ldb.binary_encode(name),
- "CN=Group,CN=Schema,CN=Configuration",
- self.samdb.domain_dn()))
+ "CN=Group,CN=Schema,CN=Configuration",
+ self.samdb.domain_dn()))
grouplist = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression=search_filter,
def setUp(self):
super(OUCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.ous = []
self.ous.append(self._randomOU({"name": "testou1"}))
self.ous.append(self._randomOU({"name": "testou2"}))
"Renamed ou '%s' still exists" % ou["name"])
found = self._find_ou(newouname)
self.assertIsNotNone(found,
- "Renamed ou '%s' does not exist" % newouname)
+ "Renamed ou '%s' does not exist" % newouname)
(result, out, err) = self.runsubcmd("ou", "rename",
"OU=%s" % newouname,
def _find_ou(self, name):
search_filter = ("(&(name=%s)(objectCategory=%s,%s))" %
(ldb.binary_encode(name),
- "CN=Organizational-Unit,CN=Schema,CN=Configuration",
- self.samdb.domain_dn()))
+ "CN=Organizational-Unit,CN=Schema,CN=Configuration",
+ self.samdb.domain_dn()))
oulist = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression=search_filter,
self.creds.guess(self.lp)
self.session = system_session()
self.ldb = SamDB("ldap://" + os.environ["DC_SERVER"],
- session_info=self.session, credentials=self.creds,lp=self.lp)
+ session_info=self.session, credentials=self.creds,lp=self.lp)
self.base_dn = self.ldb.domain_dn()
def setUp(self):
super(SchemaCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
def tearDown(self):
super(SchemaCmdTestCase, self).tearDown()
def test_display_attribute(self):
"""Tests that we can display schema attributes"""
(result, out, err) = self.runsublevelcmd("schema", ("attribute",
- "show"), "uid",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "show"), "uid",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
def test_modify_attribute_searchflags(self):
"""Tests that we can modify searchFlags of an attribute"""
(result, out, err) = self.runsublevelcmd("schema", ("attribute",
- "modify"), "uid", "--searchflags=9",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "modify"), "uid", "--searchflags=9",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdFail(result, 'Unknown flag 9, please see --help')
(result, out, err) = self.runsublevelcmd("schema", ("attribute",
- "modify"), "uid", "--searchflags=fATTINDEX",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "modify"), "uid", "--searchflags=fATTINDEX",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("modified cn=uid,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com", out)
(result, out, err) = self.runsublevelcmd("schema", ("attribute",
- "modify"), "uid",
- "--searchflags=fATTINDEX,fSUBTREEATTINDEX",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "modify"), "uid",
+ "--searchflags=fATTINDEX,fSUBTREEATTINDEX",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("modified cn=uid,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com", out)
(result, out, err) = self.runsublevelcmd("schema", ("attribute",
- "modify"), "uid",
- "--searchflags=fAtTiNdEx,fPRESERVEONDELETE",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "modify"), "uid",
+ "--searchflags=fAtTiNdEx,fPRESERVEONDELETE",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
def test_show_oc_attribute(self):
"""Tests that we can modify searchFlags of an attribute"""
(result, out, err) = self.runsublevelcmd("schema", ("attribute",
- "show_oc"), "cn",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "show_oc"), "cn",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
def test_display_objectclass(self):
"""Tests that we can display schema objectclasses"""
(result, out, err) = self.runsublevelcmd("schema", ("objectclass",
- "show"), "person",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ "show"), "person",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"],
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
def setUp(self):
super(UserCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.users = []
self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
for a in cache_attrs.keys():
v = cache_attrs[a].get("value", "")
self.assertMatch(out, "%s: %s" % (a, v),
- "syncpasswords --cache-ldb-initialize: %s: %s out[%s]" % (a, v, out))
+ "syncpasswords --cache-ldb-initialize: %s: %s out[%s]" % (a, v, out))
(result, out, err) = self.runsubcmd("user", "syncpasswords", "--no-wait")
self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --no-wait runs")
self.assertEqual(err,"","syncpasswords --no-wait")
self.assertMatch(out, "dirsync_loop(): results 0",
- "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
+ "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
for user in self.users:
self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
- "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
+ "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
for user in self.users:
newpasswd = self.randomPass()
self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --no-wait runs")
self.assertEqual(err,"","syncpasswords --no-wait")
self.assertMatch(out, "dirsync_loop(): results 0",
- "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
+ "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
- "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
+ "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
self.assertMatch(out, "# unicodePwd::: REDACTED SECRET ATTRIBUTE",
- "getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
+ "getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
self.assertMatch(out, "unicodePwd:: %s" % unicodePwd,
- "getpassword unicodePwd: out[%s]" % out)
+ "getpassword unicodePwd: out[%s]" % out)
self.assertMatch(out, "# supplementalCredentials::: REDACTED SECRET ATTRIBUTE",
- "getpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
+ "getpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
self.assertMatch(out, "supplementalCredentials:: ",
- "getpassword supplementalCredentials: out[%s]" % out)
+ "getpassword supplementalCredentials: out[%s]" % out)
if "virtualSambaGPG:: " in out:
self.assertMatch(out, "virtualClearTextUTF8:: %s" % virtualClearTextUTF8,
- "getpassword virtualClearTextUTF8: out[%s]" % out)
+ "getpassword virtualClearTextUTF8: out[%s]" % out)
self.assertMatch(out, "virtualClearTextUTF16:: %s" % virtualClearTextUTF16,
- "getpassword virtualClearTextUTF16: out[%s]" % out)
+ "getpassword virtualClearTextUTF16: out[%s]" % out)
self.assertMatch(out, "virtualSSHA: ",
- "getpassword virtualSSHA: out[%s]" % out)
+ "getpassword virtualSSHA: out[%s]" % out)
(result, out, err) = self.runsubcmd("user", "getpassword",
user["name"],
self.assertEqual(err,"","getpassword without url")
self.assertMatch(out, "Got password OK", "getpassword without url")
self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
- "getpassword: 'sAMAccountName': %s out[%s]" % (user["name"], out))
+ "getpassword: 'sAMAccountName': %s out[%s]" % (user["name"], out))
self.assertMatch(out, "unicodePwd:: %s" % unicodePwd,
- "getpassword unicodePwd: out[%s]" % out)
+ "getpassword unicodePwd: out[%s]" % out)
self.assertMatch(out, "supplementalCredentials:: ",
- "getpassword supplementalCredentials: out[%s]" % out)
+ "getpassword supplementalCredentials: out[%s]" % out)
self._verify_supplementalCredentials(out.replace("\nGot password OK\n", ""))
if "virtualSambaGPG:: " in out:
self.assertMatch(out, "virtualClearTextUTF8:: %s" % virtualClearTextUTF8,
- "getpassword virtualClearTextUTF8: out[%s]" % out)
+ "getpassword virtualClearTextUTF8: out[%s]" % out)
self.assertMatch(out, "virtualClearTextUTF16:: %s" % virtualClearTextUTF16,
- "getpassword virtualClearTextUTF16: out[%s]" % out)
+ "getpassword virtualClearTextUTF16: out[%s]" % out)
self.assertMatch(out, "virtualSSHA: ",
- "getpassword virtualSSHA: out[%s]" % out)
+ "getpassword virtualSSHA: out[%s]" % out)
for user in self.users:
newpasswd = self.randomPass()
"--attributes=sAMAccountName,company",
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err, "Error running show")
expected_out = """dn: CN=%s %s,CN=Users,%s
def _find_user(self, name):
search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
userlist = self.samdb.search(base=self.samdb.domain_dn(),
- scope=ldb.SCOPE_SUBTREE,
- expression=search_filter, attrs=[])
+ scope=ldb.SCOPE_SUBTREE,
+ expression=search_filter, attrs=[])
if userlist:
return userlist[0]
else:
def setUp(self):
super(UserCheckPwdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.old_min_pwd_age = self.samdb.get_minPwdAge()
self.samdb.set_minPwdAge("0")
self.ldb.modify(
msg,
controls=["local_oid:%s:0" %
- dsdb.DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID])
+ dsdb.DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID])
# gpg decryption not enabled.
# both virtual attributes specified, no rounds option
self.samdb = self.getSamDB(
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
+ os.environ["DC_PASSWORD"]))
self.dns_domain = self.samdb.domain_dns_name()
res = self.samdb.search(
base=self.samdb.get_config_basedn(),
def test_from_sddl_invalidtype2(self):
sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
self.assertRaises(TypeError, security.descriptor.from_sddl, sddl,
- "S-2-0-0")
+ "S-2-0-0")
def test_as_sddl(self):
text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
def test_privilege_name(self):
self.assertEquals("SeShutdownPrivilege",
- security.privilege_name(security.SEC_PRIV_SHUTDOWN))
+ security.privilege_name(security.SEC_PRIV_SHUTDOWN))
def test_privilege_id(self):
self.assertEquals(security.SEC_PRIV_SHUTDOWN,
- security.privilege_id("SeShutdownPrivilege"))
+ security.privilege_id("SeShutdownPrivilege"))
class CheckAccessTests(samba.tests.TestCase):
def test_list(self):
ls = [f['name'] for f in self.conn.list(addom)]
self.assertIn('scripts', ls,
- msg='"scripts" directory not found in sysvol')
+ msg='"scripts" directory not found in sysvol')
self.assertIn('Policies',ls,
- msg='"Policies" directory not found in sysvol')
+ msg='"Policies" directory not found in sysvol')
def test_unlink(self):
"""
contents = self.conn.loadfile(test_file)
self.assertEquals(contents.decode('utf8'), test_contents,
- msg='contents of test file did not match what was written')
+ msg='contents of test file did not match what was written')
# with python2 this will save/load str type (with embedded nulls)
# with python3 this will save/load bytes type
contents = self.conn.loadfile(test_file)
self.assertEquals(contents, test_literal_bytes_embed_nulls,
- msg='contents of test file did not match what was written')
+ msg='contents of test file did not match what was written')
# python3 only this will save/load unicode
def test_save_load_utfcontents(self):
contents = self.conn.loadfile(test_file)
self.assertEquals(contents.decode('utf8'), utf_contents,
- msg='contents of test file did not match what was written')
+ msg='contents of test file did not match what was written')
# with python2 this will save/load str type
# with python3 this will save/load bytes type
contents = self.conn.loadfile(test_file)
self.assertEquals(contents, binary_contents,
- msg='contents of test file did not match what was written')
+ msg='contents of test file did not match what was written')
def _format_message(self, dict_, message):
files = ["%s: %s" % (f, ', '.join([str(i + 1) for i in lines]))
- for f, lines in dict_.items()]
+ for f, lines in dict_.items()]
files.sort()
return message + '\n\n %s' % ('\n '.join(files))
self._push_file(tabs, fname, line_no)
if tabs:
self.fail(self._format_message(tabs,
- 'Tab characters were found in the following source files.'
- '\nThey should either be replaced by "\\t" or by spaces:'))
+ 'Tab characters were found in the following source files.'
+ '\nThey should either be replaced by "\\t" or by spaces:'))
def test_unix_newlines(self):
"""Check for unix new lines."""
self._push_file(illegal_newlines, fname, line_no)
if illegal_newlines:
self.fail(self._format_message(illegal_newlines,
- 'Non-unix newlines were found in the following source files:'))
+ 'Non-unix newlines were found in the following source files:'))
def test_trailing_whitespace(self):
"""Check that there is not trailing whitespace in Python files."""
self._push_file(trailing_whitespace, fname, line_no)
if trailing_whitespace:
self.fail(self._format_message(trailing_whitespace,
- 'Trailing whitespace was found in the following source files.'))
+ 'Trailing whitespace was found in the following source files.'))
def test_shebang_lines(self):
"""Check that files with shebang lines and only those are executable."""
self._push_file(files_without_shebang, fname, line_no)
if files_with_shebang:
self.fail(self._format_message(files_with_shebang,
- 'Files with shebang line that are not executable:'))
+ 'Files with shebang line that are not executable:'))
if files_without_shebang:
self.fail(self._format_message(files_without_shebang,
- 'Files without shebang line that are executable:'))
+ 'Files without shebang line that are executable:'))
def __init__(self, parser):
optparse.OptionGroup.__init__(self, parser, "Subunit Options")
self.add_option('-l', '--list', dest='listtests', default=False,
- help='List tests rather than running them.',
- action="store_true")
+ help='List tests rather than running them.',
+ action="store_true")
self.add_option('--load-list', dest='load_list', default=None,
- help='Specify a filename containing the test ids to use.')
+ help='Specify a filename containing the test ids to use.')
class TestProgram(BaseTestProgram):
def test_version(self):
import_wins(self.ldb, {})
self.assertEquals("VERSION",
- str(self.ldb.search(expression="(objectClass=winsMaxVersion)")[0]["cn"]))
+ str(self.ldb.search(expression="(objectClass=winsMaxVersion)")[0]["cn"]))
# Test that updating an already up-to-date secretsdb works fine
self.secretsdb = self._getCurrentFormatDb()
self.assertEquals(None,
- update_secrets(self.referencedb, self.secretsdb, dummymessage))
+ update_secrets(self.referencedb, self.secretsdb, dummymessage))
def test_update_modules(self):
empty_db = self._getEmptyDb()
from samba.auth import system_session
from samba.provision import getpolicypath,find_provision_key_parameters
from samba.upgradehelpers import (get_paths, get_ldbs,
- identic_rename,
- updateOEMInfo, getOEMInfo, update_gpo,
- delta_update_basesamdb,
- update_dns_account_password,
- search_constructed_attrs_stored,
- increment_calculated_keyversion_number)
+ identic_rename,
+ updateOEMInfo, getOEMInfo, update_gpo,
+ delta_update_basesamdb,
+ update_dns_account_password,
+ search_constructed_attrs_stored,
+ increment_calculated_keyversion_number)
from samba.tests import env_loadparm, TestCaseInTempDir
from samba.tests.provision import create_dummy_secretsdb
import ldb
self.paths = paths
self.ldbs = get_ldbs(paths, self.creds, system_session(), self.lp)
self.names = find_provision_key_parameters(self.ldbs.sam,
- self.ldbs.secrets, self.ldbs.idmap, paths, smb_conf_path,
- self.lp)
+ self.ldbs.secrets, self.ldbs.idmap, paths, smb_conf_path,
+ self.lp)
self.referencedb = create_dummy_secretsdb(
os.path.join(self.tempdir, "ref.ldb"))
self.names.rootdn,
hash)
self.assertEqual(self.ldbs.sam.get_attribute_replmetadata_version(dn,
- "unicodePwd"),
+ "unicodePwd"),
140)
# This function should not decrement the version
hash[dn.lower()] = 130
self.names.rootdn,
hash)
self.assertEqual(self.ldbs.sam.get_attribute_replmetadata_version(dn,
- "unicodePwd"),
+ "unicodePwd"),
140)
def test_identic_rename(self):
guestDN = ldb.Dn(self.ldbs.sam, "CN=Guest,CN=Users,%s" % rootdn)
identic_rename(self.ldbs.sam, guestDN)
res = self.ldbs.sam.search(expression="(name=Guest)", base=rootdn,
- scope=ldb.SCOPE_SUBTREE, attrs=["dn"])
+ scope=ldb.SCOPE_SUBTREE, attrs=["dn"])
self.assertEquals(len(res), 1)
self.assertEquals(str(res[0]["dn"]), "CN=Guest,CN=Users,%s" % rootdn)
def test_update_gpo_simple(self):
dir = getpolicypath(self.paths.sysvol, self.names.dnsdomain,
- self.names.policyid)
+ self.names.policyid)
shutil.rmtree(dir)
self.assertFalse(os.path.isdir(dir))
update_gpo(self.paths, self.ldbs.sam, self.names, self.lp, dummymessage)
os.mkdir(path)
os.mkdir(os.path.join(path, self.names.dnsdomain))
os.mkdir(os.path.join(os.path.join(path, self.names.dnsdomain),
- "Policies"))
+ "Policies"))
update_gpo(self.paths, self.ldbs.sam, self.names, self.lp, dummymessage)
shutil.rmtree(path)
self.paths.sysvol = save
def test_update_dns_account(self):
update_dns_account_password(self.ldbs.sam, self.ldbs.secrets,
- self.names)
+ self.names)
def test_updateOEMInfo(self):
realm = self.lp.get("realm")
open(tempf, 'w').write("empty")
try:
samba.xattr_native.wrap_setxattr(tempf, "user.unittests",
- ndr_pack(ntacl))
+ ndr_pack(ntacl))
except IOError:
raise SkipTest("the filesystem where the tests are runned do not support XATTR")
os.unlink(tempf)
open(tempf, 'w').write("empty")
try:
samba.xattr_tdb.wrap_setxattr(eadb_path,
- tempf, "user.unittests", ndr_pack(ntacl))
+ tempf, "user.unittests", ndr_pack(ntacl))
finally:
os.unlink(tempf)
os.unlink(eadb_path)
open(tempf, 'w').write("empty")
try:
self.assertRaises(IOError, samba.xattr_tdb.wrap_setxattr,
- os.path.join("nonexistent", "eadb.tdb"), tempf,
- "user.unittests", ndr_pack(ntacl))
+ os.path.join("nonexistent", "eadb.tdb"), tempf,
+ "user.unittests", ndr_pack(ntacl))
finally:
os.unlink(tempf)
open(tempf, 'w').write("empty")
try:
samba.xattr_tdb.wrap_setxattr(eadb_path, tempf, "user.unittests",
- reftxt)
+ reftxt)
text = samba.xattr_tdb.wrap_getxattr(eadb_path, tempf,
- "user.unittests")
+ "user.unittests")
self.assertEquals(text, reftxt)
finally:
os.unlink(tempf)
open(tempf, 'w').write("empty")
try:
samba.posix_eadb.wrap_setxattr(eadb_path,
- tempf, "user.unittests", ndr_pack(ntacl))
+ tempf, "user.unittests", ndr_pack(ntacl))
finally:
os.unlink(tempf)
os.unlink(eadb_path)
open(tempf, 'w').write("empty")
try:
samba.posix_eadb.wrap_setxattr(eadb_path, tempf, "user.unittests",
- reftxt)
+ reftxt)
text = samba.posix_eadb.wrap_getxattr(eadb_path, tempf,
- "user.unittests")
+ "user.unittests")
self.assertEquals(text, reftxt)
finally:
os.unlink(tempf)
if 'min password length' in policy:
m['a01'] = ldb.MessageElement(str(policy['min password length']),
- ldb.FLAG_MOD_REPLACE, 'minPwdLength')
+ ldb.FLAG_MOD_REPLACE, 'minPwdLength')
if 'password history' in policy:
m['a02'] = ldb.MessageElement(str(policy['password history']),
- ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength')
+ ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength')
if 'minimum password age' in policy:
min_pw_age_unix = policy['minimum password age']
min_pw_age_nt = int(-min_pw_age_unix * (1e7))
m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE,
- 'minPwdAge')
+ 'minPwdAge')
if 'maximum password age' in policy:
max_pw_age_unix = policy['maximum password age']
lockout_duration_nt = unix2nttime(lockout_duration_mins * 60)
m['a05'] = ldb.MessageElement(str(lockout_duration_nt),
- ldb.FLAG_MOD_REPLACE, 'lockoutDuration')
+ ldb.FLAG_MOD_REPLACE, 'lockoutDuration')
try:
samdb.modify(m)
def add_posix_attrs(logger, samdb, sid, name, nisdomain, xid_type, home=None,
- shell=None, pgid=None):
+ shell=None, pgid=None):
"""Add posix attributes for the user/group
:param samdb: Samba4 sam.ldb database
else:
try:
idmapdb.add({"dn": "CN=%s" % str(sid),
- "cn": str(sid),
- "objectClass": "sidMap",
- "objectSid": ndr_pack(sid),
- "type": xid_type,
- "xidNumber": str(xid)})
+ "cn": str(sid),
+ "objectClass": "sidMap",
+ "objectSid": ndr_pack(sid),
+ "type": xid_type,
+ "xidNumber": str(xid)})
except ldb.LdbError as e:
logger.warn(
'Could not add idmap entry for sid=%s, id=%s, type=%s (%s)',
m.dn.add_base(samdb.get_default_basedn())
m['objectClass'] = ldb.MessageElement('group', ldb.FLAG_MOD_ADD, 'objectClass')
m['objectSid'] = ldb.MessageElement(ndr_pack(groupmap.sid), ldb.FLAG_MOD_ADD,
- 'objectSid')
+ 'objectSid')
m['sAMAccountName'] = ldb.MessageElement(groupmap.nt_name, ldb.FLAG_MOD_ADD,
- 'sAMAccountName')
+ 'sAMAccountName')
if groupmap.comment:
m['description'] = ldb.MessageElement(groupmap.comment, ldb.FLAG_MOD_ADD,
- 'description')
+ 'description')
# Fix up incorrect 'well known' groups that are actually builtin (per test above) to be aliases
if groupmap.sid_name_use == lsa.SID_NAME_ALIAS or groupmap.sid_name_use == lsa.SID_NAME_WKN_GRP:
m['groupType'] = ldb.MessageElement(str(dsdb.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP),
- ldb.FLAG_MOD_ADD, 'groupType')
+ ldb.FLAG_MOD_ADD, 'groupType')
try:
samdb.add(m, controls=["relax:0"])
"""
try:
msg = ldb_object.search(base_dn, scope=ldb.SCOPE_SUBTREE,
- expression=("(&(objectClass=posixAccount)(uid=%s))"
- % (user)), attrs=[attr])
+ expression=("(&(objectClass=posixAccount)(uid=%s))"
+ % (user)), attrs=[attr])
except ldb.LdbError as e:
raise ProvisioningError("Failed to retrieve attribute %s for user %s, the error is: %s" % (attr, user, e))
else:
def upgrade_from_samba3(samba3, logger, targetdir, session_info=None,
- useeadb=False, dns_backend=None, use_ntvfs=False):
+ useeadb=False, dns_backend=None, use_ntvfs=False):
"""Upgrade from samba3 database to samba4 AD database
:param samba3: samba3 object
if not domainname:
domainname = secrets_db.domains()[0]
logger.warning("No workgroup specified in smb.conf file, assuming '%s'",
- domainname)
+ domainname)
if not realm:
if serverrole == "ROLE_DOMAIN_BDC" or serverrole == "ROLE_DOMAIN_PDC":
else:
realm = domainname.upper()
logger.warning("No realm specified in smb.conf file, assuming '%s'",
- realm)
+ realm)
# Find machine account and password
next_rid = 1000
if result.server_role == "active directory domain controller":
setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol,
- result.paths.root_uid, result.paths.root_gid,
- security.dom_sid(result.domainsid), result.names.dnsdomain,
- result.names.domaindn, result.lp, use_ntvfs)
+ result.paths.root_uid, result.paths.root_gid,
+ security.dom_sid(result.domainsid), result.names.dnsdomain,
+ result.names.domaindn, result.lp, use_ntvfs)
# FIXME: import_registry(registry.Registry(), samba3.get_registry())
# FIXME: shares
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import ldb
from samba.provision import (provision_paths_from_lp,
- getpolicypath, set_gpos_acl, create_gpo_struct,
- provision, ProvisioningError,
- setsysvolacl, secretsdb_self_join)
+ getpolicypath, set_gpos_acl, create_gpo_struct,
+ provision, ProvisioningError,
+ setsysvolacl, secretsdb_self_join)
from samba.provision.common import FILL_FULL
from samba.dcerpc import xattr, drsblobs, security
from samba.dcerpc.misc import SEC_CHAN_BDC
CHANGEALL = 0xff
hashAttrNotCopied = set(["dn", "whenCreated", "whenChanged", "objectGUID",
- "uSNCreated", "replPropertyMetaData", "uSNChanged", "parentGUID",
- "objectCategory", "distinguishedName", "nTMixedDomain",
- "showInAdvancedViewOnly", "instanceType", "msDS-Behavior-Version",
- "nextRid", "cn", "versionNumber", "lmPwdHistory", "pwdLastSet",
- "ntPwdHistory", "unicodePwd","dBCSPwd", "supplementalCredentials",
- "gPCUserExtensionNames", "gPCMachineExtensionNames","maxPwdAge", "secret",
- "possibleInferiors", "privilege", "sAMAccountType"])
+ "uSNCreated", "replPropertyMetaData", "uSNChanged", "parentGUID",
+ "objectCategory", "distinguishedName", "nTMixedDomain",
+ "showInAdvancedViewOnly", "instanceType", "msDS-Behavior-Version",
+ "nextRid", "cn", "versionNumber", "lmPwdHistory", "pwdLastSet",
+ "ntPwdHistory", "unicodePwd","dBCSPwd", "supplementalCredentials",
+ "gPCUserExtensionNames", "gPCMachineExtensionNames","maxPwdAge", "secret",
+ "possibleInferiors", "privilege", "sAMAccountType"])
class ProvisionLDB(object):
os.mkdir(provdir)
logger.info("Provision stored in %s", provdir)
return provision(logger, session, smbconf=smbconf,
- targetdir=provdir, samdb_fill=FILL_FULL, realm=names.realm,
- domain=names.domain, domainguid=names.domainguid,
- domainsid=names.domainsid, ntdsguid=names.ntdsguid,
- policyguid=names.policyid, policyguid_dc=names.policyid_dc,
- hostname=names.netbiosname.lower(), hostip=None, hostip6=None,
- invocationid=names.invocation, adminpass=names.adminpass,
- krbtgtpass=None, machinepass=None, dnspass=None, root=None,
- nobody=None, users=None,
- serverrole="domain controller",
- backend_type=None, ldapadminpass=None, ol_mmr_urls=None,
- slapd_path=None,
- dom_for_fun_level=names.domainlevel, dns_backend=names.dns_backend,
- useeadb=True, use_ntvfs=True, base_schema=base_schema)
+ targetdir=provdir, samdb_fill=FILL_FULL, realm=names.realm,
+ domain=names.domain, domainguid=names.domainguid,
+ domainsid=names.domainsid, ntdsguid=names.ntdsguid,
+ policyguid=names.policyid, policyguid_dc=names.policyid_dc,
+ hostname=names.netbiosname.lower(), hostip=None, hostip6=None,
+ invocationid=names.invocation, adminpass=names.adminpass,
+ krbtgtpass=None, machinepass=None, dnspass=None, root=None,
+ nobody=None, users=None,
+ serverrole="domain controller",
+ backend_type=None, ldapadminpass=None, ol_mmr_urls=None,
+ slapd_path=None,
+ dom_for_fun_level=names.domainlevel, dns_backend=names.dns_backend,
+ useeadb=True, use_ntvfs=True, base_schema=base_schema)
def dn_sort(x, y):
machinepass = samba.generate_random_machine_password(128, 255)
mputf16 = machinepass.encode('utf-16-le')
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
- ldb.FLAG_MOD_REPLACE,
- "clearTextPassword")
+ ldb.FLAG_MOD_REPLACE,
+ "clearTextPassword")
samdb.modify(msg)
res = samdb.search(expression=("samAccountName=%s$" % names.netbiosname),
- attrs=["msDs-keyVersionNumber"])
+ attrs=["msDs-keyVersionNumber"])
assert(len(res) == 1)
kvno = int(str(res[0]["msDs-keyVersionNumber"]))
secChanType = int(secrets_msg[0]["secureChannelType"][0])
secretsdb_self_join(secrets_ldb, domain=names.domain,
- realm=names.realm,
- domainsid=names.domainsid,
- dnsdomain=names.dnsdomain,
- netbiosname=names.netbiosname,
- machinepass=machinepass,
- key_version_number=kvno,
- secure_channel_type=secChanType)
+ realm=names.realm,
+ domainsid=names.domainsid,
+ dnsdomain=names.dnsdomain,
+ netbiosname=names.netbiosname,
+ machinepass=machinepass,
+ key_version_number=kvno,
+ secure_channel_type=secChanType)
else:
raise ProvisioningError("Unable to find a Secure Channel"
"of type SEC_CHAN_BDC")
machinepass = samba.generate_random_password(128, 255)
mputf16 = machinepass.encode('utf-16-le')
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
- ldb.FLAG_MOD_REPLACE,
- "clearTextPassword")
+ ldb.FLAG_MOD_REPLACE,
+ "clearTextPassword")
samdb.modify(msg)
res = samdb.search(expression=expression,
- attrs=["msDs-keyVersionNumber"])
+ attrs=["msDs-keyVersionNumber"])
assert(len(res) == 1)
kvno = str(res[0]["msDs-keyVersionNumber"])
ldb.FLAG_MOD_REPLACE,
"secret")
msg["msDS-KeyVersionNumber"] = ldb.MessageElement(kvno,
- ldb.FLAG_MOD_REPLACE,
- "msDS-KeyVersionNumber")
+ ldb.FLAG_MOD_REPLACE,
+ "msDS-KeyVersionNumber")
secrets_ldb.modify(msg)
if obj["num"] > limit_print:
dt = _glue.nttime2string(_glue.unix2nttime(k*60))
print("%s # of modification: %d \tmin: %d max: %d" % (dt , obj["num"],
- obj["min"],
- obj["max"]))
+ obj["min"],
+ obj["max"]))
if hash_ts[k]["num"] > 600:
kept_record.append(k)
obj = hash_ts[k]
if obj.get("skipped") is None:
ldif = "%slastProvisionUSN: %d-%d;%s\n" % (ldif, obj["min"],
- obj["max"], id)
+ obj["max"], id)
if ldif != "":
file = tempfile.mktemp(dir=dest, prefix="usnprov", suffix=".ldif")
if name == "":
if have_swat:
start_response('301 Redirect',
- [('Location', urljoin(application_uri(environ), 'swat')),])
+ [('Location', urljoin(application_uri(environ), 'swat')),])
return []
else:
return render_placeholder(environ, start_response)
# Get the xattr attributes if any
try:
attribute = samba.xattr_native.wrap_getxattr(frompath,
- xattr.XATTR_NTACL_NAME)
+ xattr.XATTR_NTACL_NAME)
samba.xattr_native.wrap_setxattr(topath,
- xattr.XATTR_NTACL_NAME,
- attribute)
+ xattr.XATTR_NTACL_NAME,
+ attribute)
except Exception:
pass
# FIXME:Catch a specific exception
# We split out this so the isolated ad_dc tests do not wait for ad_dc_ntvfs tests (which are long)
"samba-fileserver" : [ ("random-sleep", "script/random-sleep.sh 60 600", "text/plain"),
- ("configure", "./configure.developer --without-ad-dc --without-ldap --without-ads --without-json-audit --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"),
- ("make", "make -j", "text/plain"),
- ("test", "make test FAIL_IMMEDIATELY=1 TESTS='--include-env=fileserver'", "text/plain"),
- ("check-clean-tree", "script/clean-source-tree.sh", "text/plain")],
+ ("configure", "./configure.developer --without-ad-dc --without-ldap --without-ads --without-json-audit --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"),
+ ("make", "make -j", "text/plain"),
+ ("test", "make test FAIL_IMMEDIATELY=1 TESTS='--include-env=fileserver'", "text/plain"),
+ ("check-clean-tree", "script/clean-source-tree.sh", "text/plain")],
# We split out this so the isolated ad_dc tests do not wait for ad_dc_ntvfs tests (which are long)
"samba-ad-dc" : [ ("random-sleep", "script/random-sleep.sh 60 600", "text/plain"),
# We split out this so the isolated ad_dc tests do not wait for ad_dc_ntvfs tests (which are long)
"samba-ad-dc-2" : [ ("random-sleep", "script/random-sleep.sh 60 600", "text/plain"),
- ("configure", "./configure.developer --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"),
- ("make", "make -j", "text/plain"),
- ("test", "make test FAIL_IMMEDIATELY=1 TESTS='--include-env=chgdcpass --include-env=vampire_2000_dc --include-env=fl2000dc'", "text/plain"),
- ("check-clean-tree", "script/clean-source-tree.sh", "text/plain")],
+ ("configure", "./configure.developer --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"),
+ ("make", "make -j", "text/plain"),
+ ("test", "make test FAIL_IMMEDIATELY=1 TESTS='--include-env=chgdcpass --include-env=vampire_2000_dc --include-env=fl2000dc'", "text/plain"),
+ ("check-clean-tree", "script/clean-source-tree.sh", "text/plain")],
"samba-test-only" : [ ("configure", "./configure.developer --with-selftest-prefix=./bin/ab --abi-check-disable" + samba_configure_params, "text/plain"),
("make", "make -j", "text/plain"),
rebase_remote,
rebase_remote, rebase_branch
),
- "test/plain" ) ]
+ "test/plain" ) ]
self.retry = builder('retry', retry_task, cp=False)
self.need_retry = False
dir=test_master, output=True)
if diff == '':
do_print("No differences between HEAD and %s/%s - exiting" %
- (rebase_remote, rebase_branch))
+ (rebase_remote, rebase_branch))
sys.exit(0)
run_cmd("git describe %s/%s" %
(rebase_remote, rebase_branch),
parser.add_option("", "--autogen-command", help="command to use for autogen (default ./autogen.sh)",
type='str', default="./autogen.sh")
parser.add_option("", "--configure", help="run configure.developer before each build",
- action="store_true", default=False)
+ action="store_true", default=False)
parser.add_option("", "--configure-command", help="the command for configure (default ./configure.developer)",
type='str', default="./configure.developer")
parser.add_option("", "--build-command", help="the command to build the tree (default 'make -j')",
parser.add_option("-o", "--output", dest="output",
help='output file', metavar="FILE")
parser.add_option("--mode", type="choice", metavar="<FUNCTIONS|S3PROTO|LIBPROTO|PARAMDEFS|PARAMTABLE>",
- choices=["FUNCTIONS", "S3PROTO", "LIBPROTO", "PARAMDEFS", "PARAMTABLE"], default="FUNCTIONS")
+ choices=["FUNCTIONS", "S3PROTO", "LIBPROTO", "PARAMDEFS", "PARAMTABLE"], default="FUNCTIONS")
parser.add_option("--scope", metavar="<GLOBAL|LOCAL>",
choices = ["GLOBAL", "LOCAL"], default="GLOBAL")
exitcode = 1
else:
raise AssertionError("Recognized but unhandled result %r" %
- result)
+ result)
elif command == "testsuite":
msg_ops.start_testsuite(arg.strip())
elif command == "progress":
class PlainFormatter(TestsuiteEnabledTestResult):
def __init__(self, verbose, immediate, statistics,
- totaltests=None):
+ totaltests=None):
super(PlainFormatter, self).__init__()
self.verbose = verbose
self.immediate = immediate
try:
lines = f.readlines()
config_hash = dict((x[0], ' '.join(x[1:]))
- for x in map(lambda line: line.strip().split(' ')[1:],
- filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
+ for x in map(lambda line: line.strip().split(' ')[1:],
+ filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
finally:
f.close()
try:
lines = f.readlines()
config_hash = dict((x[0], ' '.join(x[1:]))
- for x in map(lambda line: line.strip().split(' ')[1:],
- filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
+ for x in map(lambda line: line.strip().split(' ')[1:],
+ filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
finally:
f.close()
plantestsuite("samba3.blackbox.registry.upgrade", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/test_registry_upgrade.sh"), net, dbwrap_tool])
tests = ["FDPASS", "LOCK1", "LOCK2", "LOCK3", "LOCK4", "LOCK5", "LOCK6", "LOCK7", "LOCK9",
- "UNLINK", "BROWSE", "ATTR", "TRANS2", "TORTURE",
- "OPLOCK1", "OPLOCK2", "OPLOCK4", "STREAMERROR",
- "DIR", "DIR1", "DIR-CREATETIME", "TCON", "TCONDEV", "RW1", "RW2", "RW3", "LARGE_READX", "RW-SIGNING",
- "OPEN", "XCOPY", "RENAME", "DELETE", "DELETE-LN", "WILDDELETE", "PROPERTIES", "W2K",
- "TCON2", "IOCTL", "CHKPATH", "FDSESS", "CHAIN1", "CHAIN2", "OWNER-RIGHTS",
- "CHAIN3", "PIDHIGH", "CLI_SPLICE",
- "UID-REGRESSION-TEST", "SHORTNAME-TEST",
- "CASE-INSENSITIVE-CREATE", "SMB2-BASIC", "NTTRANS-FSCTL", "SMB2-NEGPROT",
- "SMB2-SESSION-REAUTH", "SMB2-SESSION-RECONNECT", "SMB2-FTRUNCATE",
- "SMB2-ANONYMOUS", "SMB2-DIR-FSYNC",
- "CLEANUP1",
- "CLEANUP2",
- "CLEANUP4",
- "BAD-NBT-SESSION"]
+ "UNLINK", "BROWSE", "ATTR", "TRANS2", "TORTURE",
+ "OPLOCK1", "OPLOCK2", "OPLOCK4", "STREAMERROR",
+ "DIR", "DIR1", "DIR-CREATETIME", "TCON", "TCONDEV", "RW1", "RW2", "RW3", "LARGE_READX", "RW-SIGNING",
+ "OPEN", "XCOPY", "RENAME", "DELETE", "DELETE-LN", "WILDDELETE", "PROPERTIES", "W2K",
+ "TCON2", "IOCTL", "CHKPATH", "FDSESS", "CHAIN1", "CHAIN2", "OWNER-RIGHTS",
+ "CHAIN3", "PIDHIGH", "CLI_SPLICE",
+ "UID-REGRESSION-TEST", "SHORTNAME-TEST",
+ "CASE-INSENSITIVE-CREATE", "SMB2-BASIC", "NTTRANS-FSCTL", "SMB2-NEGPROT",
+ "SMB2-SESSION-REAUTH", "SMB2-SESSION-RECONNECT", "SMB2-FTRUNCATE",
+ "SMB2-ANONYMOUS", "SMB2-DIR-FSYNC",
+ "CLEANUP1",
+ "CLEANUP2",
+ "CLEANUP4",
+ "BAD-NBT-SESSION"]
for t in tests:
plantestsuite("samba3.smbtorture_s3.plain(fileserver).%s" % t, "fileserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/tmp', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
plansmbtorture4testsuite(t, "simpleserver", "//%s/%s %s" % ('$SERVER_IP', s, ' -U$USERNAME%$PASSWORD'), description=s)
posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL", "POSIX-SYMLINK-EA", "POSIX-OFD-LOCK",
- "POSIX-STREAM-DELETE", "WINDOWS-BAD-SYMLINK" ]
+ "POSIX-STREAM-DELETE", "WINDOWS-BAD-SYMLINK" ]
for t in posix_tests:
plantestsuite("samba3.smbtorture_s3.plain(nt4_dc).%s" % t, "nt4_dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
plantestsuite("samba3.wbinfo_simple.(%s:local).%s" % (env, t), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
plantestsuite("samba3.wbinfo_name_lookup", env,
[ os.path.join(srcdir(),
- "nsswitch/tests/test_wbinfo_name_lookup.sh"),
+ "nsswitch/tests/test_wbinfo_name_lookup.sh"),
'$DOMAIN', '$REALM', '$DC_USERNAME' ])
env = "ad_member:local"
plantestsuite("samba3.wbinfo_user_info", env,
[ os.path.join(srcdir(),
- "nsswitch/tests/test_wbinfo_user_info.sh"),
+ "nsswitch/tests/test_wbinfo_user_info.sh"),
'$DOMAIN', '$REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe' ])
env = "fl2008r2dc:local"
plantestsuite("samba3.wbinfo_user_info", env,
[ os.path.join(srcdir(),
- "nsswitch/tests/test_wbinfo_user_info.sh"),
+ "nsswitch/tests/test_wbinfo_user_info.sh"),
'$TRUST_DOMAIN', '$TRUST_REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe' ])
env = "ad_member"
options = binding_string + " -U$USERNAME%$PASSWORD"
plansmbtorture4testsuite(test, "nt4_dc", options, 'over ncacn_np with [%s%s%s] ' % (a, s, e))
plantestsuite("samba3.blackbox.rpcclient over ncacn_np with [%s%s%s] " % (a, s, e), "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient.sh"),
- "none", options, configuration])
+ "none", options, configuration])
# We should try more combinations in future, but this is all
# the pre-calculated credentials cache supports at the moment
"$PREFIX/ktest/krb5_ccache-3", binding_string, "-k", configuration])
plantestsuite("samba3.blackbox.rpcclient_samlogon", "ad_member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
- "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration])
+ "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration])
plantestsuite("samba3.blackbox.sharesec", "simpleserver:local",
[os.path.join(samba3srcdir, "script/tests/test_sharesec.sh"),
configuration, os.path.join(bindir(), "sharesec"), "tmp"])
parser.set_defaults(config_file="/etc/samba/smb.conf")
parser.add_option("--client-username", dest="client_username",\
- help="User name for the client. [default: foo]")
+ help="User name for the client. [default: foo]")
parser.add_option("--client-password", dest="client_password",\
- help="Password the client will send. [default: secret]")
+ help="Password the client will send. [default: secret]")
parser.add_option("--client-domain", dest="client_domain",\
- help="Domain the client authenticates for. [default: FOO]")
+ help="Domain the client authenticates for. [default: FOO]")
parser.add_option("--client-helper", dest="client_helper",\
- help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
+ help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
parser.add_option("--client-use-cached-creds", dest="client_use_cached_creds",\
- help="Use winbindd credentials cache (rather than default username/pw)", action="store_true")
+ help="Use winbindd credentials cache (rather than default username/pw)", action="store_true")
parser.add_option("--target-hostname", dest="target_hostname",\
- help="Target hostname for kerberos")
+ help="Target hostname for kerberos")
parser.add_option("--target-service", dest="target_service",\
- help="Target service for kerberos")
+ help="Target service for kerberos")
parser.add_option("--server-username", dest="server_username",\
- help="User name server uses for local auth. [default: foo]")
+ help="User name server uses for local auth. [default: foo]")
parser.add_option("--server-password", dest="server_password",\
- help="Password server uses for local auth. [default: secret]")
+ help="Password server uses for local auth. [default: secret]")
parser.add_option("--server-domain", dest="server_domain",\
- help="Domain server uses for local auth. [default: FOO]")
+ help="Domain server uses for local auth. [default: FOO]")
parser.add_option("--server-helper", dest="server_helper",\
- help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
+ help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
parser.add_option("--server-use-winbindd", dest="server_use_winbindd",\
- help="Use winbindd to check the password (rather than default username/pw)", action="store_true")
+ help="Use winbindd to check the password (rather than default username/pw)", action="store_true")
parser.add_option("--require-membership-of", dest="sid",\
- help="Require that the user is a member of this group to authenticate.")
+ help="Require that the user is a member of this group to authenticate.")
parser.add_option("-s", "--configfile", dest="config_file",\
- help="Path to smb.conf file. [default:/etc/samba/smb.conf")
+ help="Path to smb.conf file. [default:/etc/samba/smb.conf")
(opts, args) = parser.parse_args()
if len(args) != 1:
# add admins to the Domain Admins group
self.ldb_admin.add_remove_group_members("Domain Admins", [self.usr_admin_owner],
- add_members_operation=True)
+ add_members_operation=True)
self.ldb_admin.add_remove_group_members("Domain Admins", [self.usr_admin_not_owner],
- add_members_operation=True)
+ add_members_operation=True)
self.ldb_owner = self.get_ldb_connection(self.usr_admin_owner, self.user_pass)
self.ldb_notowner = self.get_ldb_connection(self.usr_admin_not_owner, self.user_pass)
# Make sure top OU is deleted (and so everything under it)
def assert_top_ou_deleted(self):
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s,%s)" % (
+ expression="(distinguishedName=%s,%s)" % (
"OU=test_add_ou1", self.base_dn))
self.assertEqual(len(res), 0)
self.fail()
# Make sure we HAVE created the one of two objects -- user
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s,%s)" %
- ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1",
- self.base_dn))
+ expression="(distinguishedName=%s,%s)" %
+ ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1",
+ self.base_dn))
self.assertNotEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s,%s)" %
- ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1",
- self.base_dn) )
+ expression="(distinguishedName=%s,%s)" %
+ ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1",
+ self.base_dn) )
self.assertEqual(len(res), 0)
def test_add_u4(self):
res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
self.assertTrue(len(res) > 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s,%s)" % ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+ expression="(distinguishedName=%s,%s)" % ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
self.assertTrue(len(res) > 0)
def test_add_anonymous(self):
displayName: test_changed"""
self.ldb_user.modify_ldif(ldif)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % self.get_user_dn("test_modify_user1"))
+ expression="(distinguishedName=%s)" % self.get_user_dn("test_modify_user1"))
self.assertEqual(res[0]["displayName"][0], "test_changed")
# Second test object -- Group
print("Testing modify on Group object")
displayName: test_changed"""
self.ldb_user.modify_ldif(ldif)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" %
- self.get_user_dn("test_modify_user1"))
+ expression="(distinguishedName=%s)" %
+ self.get_user_dn("test_modify_user1"))
self.assertEqual(res[0]["displayName"][0], "test_changed")
# Modify on attribute you do not have rights for granted
ldif = """
displayName: test_changed"""
self.ldb_user.modify_ldif(ldif)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" %
- str("CN=test_modify_group1,CN=Users," + self.base_dn))
+ expression="(distinguishedName=%s)" %
+ str("CN=test_modify_group1,CN=Users," + self.base_dn))
self.assertEqual(res[0]["displayName"][0], "test_changed")
# Modify on attribute you do not have rights for granted
ldif = """
displayName: test_changed"""
self.ldb_user.modify_ldif(ldif)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % str("OU=test_modify_ou1,"
- + self.base_dn))
+ expression="(distinguishedName=%s)" % str("OU=test_modify_ou1,"
+ + self.base_dn))
self.assertEqual(res[0]["displayName"][0], "test_changed")
# Modify on attribute you do not have rights for granted
ldif = """
self.sd_utils.dacl_add_ace("CN=test_modify_group2,CN=Users," + self.base_dn, mod)
self.ldb_user2.modify_ldif(ldif)
res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s)" \
- % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
+ % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
self.assertEqual(res[0]["Member"][0], self.get_user_dn(self.user_with_sm))
#but not other users
ldif = """
Member: """ + self.get_user_dn(self.user_with_wp)
self.ldb_user.modify_ldif(ldif)
res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s)" \
- % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
+ % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
self.assertEqual(res[0]["Member"][0], self.get_user_dn(self.user_with_wp))
ldif = """
dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
Member: CN=test_modify_user2,CN=Users,""" + self.base_dn
self.ldb_user.modify_ldif(ldif)
res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s)" \
- % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
+ % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
self.assertEqual(res[0]["Member"][0], "CN=test_modify_user2,CN=Users," + self.base_dn)
def test_modify_anonymous(self):
def create_clean_ou(self, object_dn):
""" Base repeating setup for unittests to follow """
res = self.ldb_admin.search(base=self.base_dn, scope=SCOPE_SUBTREE, \
- expression="distinguishedName=%s" % object_dn)
+ expression="distinguishedName=%s" % object_dn)
# Make sure top testing OU has been deleted before starting the test
self.assertEqual(len(res), 0)
self.ldb_admin.create_ou(object_dn)
# Try to delete User object
self.ldb_user.delete(user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
def test_delete_u3(self):
# Try to delete User object
self.ldb_user.delete(user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
def test_delete_anonymous(self):
# Rename 'User object' having WP to AU
self.ldb_user.rename(user_dn, rename_user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % rename_user_dn)
+ expression="(distinguishedName=%s)" % rename_user_dn)
self.assertNotEqual(len(res), 0)
def test_rename_u3(self):
# Rename 'User object' having WP to AU
self.ldb_user.rename(user_dn, rename_user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % rename_user_dn)
+ expression="(distinguishedName=%s)" % rename_user_dn)
self.assertNotEqual(len(res), 0)
def test_rename_u4(self):
# Rename 'User object' having SD and CC to AU
self.ldb_user.rename(user_dn, rename_user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % rename_user_dn)
+ expression="(distinguishedName=%s)" % rename_user_dn)
self.assertNotEqual(len(res), 0)
def test_rename_u5(self):
# Rename 'User object' having SD and CC to AU
self.ldb_user.rename(user_dn, rename_user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % rename_user_dn)
+ expression="(distinguishedName=%s)" % rename_user_dn)
self.assertNotEqual(len(res), 0)
def test_rename_u6(self):
# Rename 'User object' having SD and CC to AU
self.ldb_user.rename(user_dn, rename_user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % rename_user_dn)
+ expression="(distinguishedName=%s)" % rename_user_dn)
self.assertNotEqual(len(res), 0)
def test_rename_u7(self):
# Rename 'User object' having SD and CC to AU
self.ldb_user.rename(user_dn, rename_user_dn)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % user_dn)
+ expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(len(res), 0)
res = self.ldb_admin.search(self.base_dn,
- expression="(distinguishedName=%s)" % rename_user_dn)
+ expression="(distinguishedName=%s)" % rename_user_dn)
self.assertNotEqual(len(res), 0)
def test_rename_u8(self):
self.ldb_admin.newuser(self.regular_user, self.user_pass)
self.ldb_admin.add_remove_group_members("Domain Admins", [self.regular_user],
- add_members_operation=True)
+ add_members_operation=True)
self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
self.sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
guid = res[0]["objectGUID"][0]
self.ldb_admin.delete(self.get_user_dn(new_user))
res = self.ldb_admin.search(base="<GUID=%s>" % self.GUID_string(guid),
- scope=SCOPE_BASE, controls=["show_deleted:1"])
+ scope=SCOPE_BASE, controls=["show_deleted:1"])
self.assertEquals(len(res), 1)
return str(res[0].dn)
ctx.managedby = admin_dn
ctx.userAccountControl = (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |
- samba.dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |
- samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT)
+ samba.dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |
+ samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT)
ctx.connection_dn = "CN=RODC Connection (FRS),%s" % ctx.ntds_dn
ctx.secure_channel_type = misc.SEC_CHAN_RODC
for x in range(1, 1000):
samdb = SamDB(host, credentials=creds,
- session_info=system_session(self.lp), lp=self.lp)
+ session_info=system_session(self.lp), lp=self.lp)
samdb.search(base=samdb.domain_dn(),
scope=SCOPE_BASE, attrs=["*"])
print("Checking for preserved attributes list")
preserved_list = ["nTSecurityDescriptor", "attributeID", "attributeSyntax", "dNReferenceUpdate", "dNSHostName",
- "flatName", "governsID", "groupType", "instanceType", "lDAPDisplayName", "legacyExchangeDN",
- "isDeleted", "isRecycled", "lastKnownParent", "msDS-LastKnownRDN", "mS-DS-CreatorSID",
- "mSMQOwnerID", "nCName", "objectClass", "distinguishedName", "objectGUID", "objectSid",
- "oMSyntax", "proxiedObjectName", "name", "replPropertyMetaData", "sAMAccountName",
- "securityIdentifier", "sIDHistory", "subClassOf", "systemFlags", "trustPartner", "trustDirection",
- "trustType", "trustAttributes", "userAccountControl", "uSNChanged", "uSNCreated", "whenCreated"]
+ "flatName", "governsID", "groupType", "instanceType", "lDAPDisplayName", "legacyExchangeDN",
+ "isDeleted", "isRecycled", "lastKnownParent", "msDS-LastKnownRDN", "mS-DS-CreatorSID",
+ "mSMQOwnerID", "nCName", "objectClass", "distinguishedName", "objectGUID", "objectSid",
+ "oMSyntax", "proxiedObjectName", "name", "replPropertyMetaData", "sAMAccountName",
+ "securityIdentifier", "sIDHistory", "subClassOf", "systemFlags", "trustPartner", "trustDirection",
+ "trustType", "trustAttributes", "userAccountControl", "uSNChanged", "uSNCreated", "whenCreated"]
for a in liveObj:
if a in preserved_list:
try:
res = self.ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE, attrs=[])
+ scope=SCOPE_BASE, attrs=[])
self.fail()
except LdbError as e2:
(num, _) = e2.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
try:
res = self.ldb.search("cn=entry1,cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE, attrs=[])
+ scope=SCOPE_BASE, attrs=[])
self.fail()
except LdbError as e3:
(num, _) = e3.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
try:
res = self.ldb.search("cn=entry2,cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE, attrs=[])
+ scope=SCOPE_BASE, attrs=[])
self.fail()
except LdbError as e4:
(num, _) = e4.args
# Performs some protected object delete testing
res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
- attrs=["dsServiceName", "dNSHostName"])
+ attrs=["dsServiceName", "dNSHostName"])
self.assertEquals(len(res), 1)
# Delete failing since DC's nTDSDSA object is protected
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
res = self.ldb.search(self.base_dn, attrs=["rIDSetReferences"],
- expression="(&(objectClass=computer)(dNSHostName=" + res[0]["dNSHostName"][0] + "))")
+ expression="(&(objectClass=computer)(dNSHostName=" + res[0]["dNSHostName"][0] + "))")
self.assertEquals(len(res), 1)
# Deletes failing since DC's rIDSet object is protected
self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
res = self.ldb.search("cn=Partitions," + self.configuration_dn, attrs=[],
- expression="(nCName=%s)" % self.base_dn)
+ expression="(nCName=%s)" % self.base_dn)
self.assertEquals(len(res), 1)
try:
# add admins to the Domain Admins group
self.ldb_admin.add_remove_group_members("Domain Admins", [self.admin_user],
- add_members_operation=True)
+ add_members_operation=True)
def tearDown(self):
super(SimpleDirsyncTests, self).tearDown()
res = self.ldb_dirsync.search(self.base_dn, expression="samaccountname=*", controls=["dirsync:1:0:1"])
try:
self.ldb_simple.search(self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:0:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:0:1"])
except LdbError as l:
self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
self.ldb_dirsync = self.get_ldb_connection(self.dirsync_user, self.user_pass)
try:
self.ldb_simple.search(self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:0:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:0:1"])
except LdbError as l:
print(l)
self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
try:
self.ldb_simple.search("CN=Users,%s" % self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:0:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:0:1"])
except LdbError as l:
print(l)
self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
try:
self.ldb_simple.search("CN=Users,%s" % self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:1:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:1:1"])
except LdbError as l:
print(l)
self.assertTrue(str(l).find("LDAP_UNWILLING_TO_PERFORM") != -1)
try:
self.ldb_dirsync.search("CN=Users,%s" % self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:0:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:0:1"])
except LdbError as l:
print(l)
self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
try:
self.ldb_admin.search("CN=Users,%s" % self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:0:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:0:1"])
except LdbError as l:
print(l)
self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
try:
self.ldb_admin.search("CN=Users,%s" % self.base_dn,
- expression="samaccountname=*",
- controls=["dirsync:1:1:1"])
+ expression="samaccountname=*",
+ controls=["dirsync:1:1:1"])
except LdbError as l:
print(l)
self.assertTrue(str(l).find("LDAP_UNWILLING_TO_PERFORM") != -1)
controls=["dirsync:1:0:1"])
count = len(res.msgs[0])
res2 = self.ldb_admin.search(self.base_dn,
- expression="samaccountname=Administrator",
- controls=["dirsync:1:0:1"])
+ expression="samaccountname=Administrator",
+ controls=["dirsync:1:0:1"])
count2 = len(res2.msgs[0])
self.assertEqual(count, count2)
# Let's search for members
self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
res = self.ldb_simple.search(self.base_dn,
- expression="(name=Administrators)",
- controls=["dirsync:1:1:1"])
+ expression="(name=Administrators)",
+ controls=["dirsync:1:1:1"])
self.assertTrue(len(res[0].get("member")) > 0)
size = len(res[0].get("member"))
ctl[3] = "10000"
control1 = str(":".join(ctl))
self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
- add_members_operation=True)
+ add_members_operation=True)
res = self.ldb_simple.search(self.base_dn,
- expression="(name=Administrators)",
- controls=[control1])
+ expression="(name=Administrators)",
+ controls=[control1])
self.assertEqual(len(res[0].get("member")), size + 1)
ctl = str(res.controls[0]).split(":")
# remove the user from the group
self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
- add_members_operation=False)
+ add_members_operation=False)
res = self.ldb_simple.search(self.base_dn,
- expression="(name=Administrators)",
- controls=[control1])
+ expression="(name=Administrators)",
+ controls=[control1])
self.assertEqual(len(res[0].get("member")), size )
self.ldb_admin.newgroup("testgroup")
self.ldb_admin.add_remove_group_members("testgroup", [self.simple_user],
- add_members_operation=True)
+ add_members_operation=True)
res = self.ldb_admin.search(self.base_dn,
expression="(name=testgroup)",
control1 = str(":".join(ctl))
self.ldb_admin.add_remove_group_members("testgroup", [self.simple_user],
- add_members_operation=False)
+ add_members_operation=False)
res = self.ldb_admin.search(self.base_dn,
expression="(name=testgroup)",
ctl[3] = "10000"
control1 = str(":".join(ctl))
self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
- add_members_operation=True)
+ add_members_operation=True)
self.ldb_admin.add_remove_group_members("Administrators", [self.dirsync_user],
- add_members_operation=True)
+ add_members_operation=True)
res = self.ldb_admin.search(self.base_dn,
# remove the user from the group
self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
- add_members_operation=False)
+ add_members_operation=False)
res = self.ldb_admin.search(self.base_dn,
expression="(name=Administrators)",
control2 = str(":".join(ctl))
self.ldb_admin.add_remove_group_members("Administrators", [self.dirsync_user],
- add_members_operation=False)
+ add_members_operation=False)
res = self.ldb_admin.search(self.base_dn,
expression="(name=Administrators)",
# Specify LDAP_DIRSYNC_OBJECT_SECURITY
res = self.ldb_simple.search(self.base_dn,
- expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
- controls=["dirsync:1:1:1"])
+ expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+ controls=["dirsync:1:1:1"])
guid = None
for e in res:
delete_force(self.ldb_admin, ouname)
res = self.ldb_simple.search(self.base_dn,
- expression="(objectClass=organizationalUnit)",
- controls=[control1])
+ expression="(objectClass=organizationalUnit)",
+ controls=[control1])
self.assertEqual(len(res), 1)
guid2 = str(ndr_unpack(misc.GUID,res[0].get("objectGUID")[0]))
self.assertEqual(guid2, guid)
from samba import Ldb
from samba.samdb import SamDB
from samba.dsdb import (UF_NORMAL_ACCOUNT,
- UF_WORKSTATION_TRUST_ACCOUNT,
- UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
- ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
- SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
- SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
+ UF_WORKSTATION_TRUST_ACCOUNT,
+ UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
+ ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security, lsa
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("person", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("computer", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("X", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("user", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("person", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# This does not work since object class "leaf" is not auxiliary nor it
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("leaf", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "person", "bootableDevice"],
- FLAG_MOD_REPLACE, "objectClass")
+ FLAG_MOD_REPLACE, "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["person", "bootableDevice"],
- FLAG_MOD_REPLACE, "objectClass")
+ FLAG_MOD_REPLACE, "objectClass")
ldb.modify(m)
# This does not work since object class "leaf" is not auxiliary nor it
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "person", "bootableDevice",
- "leaf"], FLAG_MOD_REPLACE, "objectClass")
+ "leaf"], FLAG_MOD_REPLACE, "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Add an attribute specific to the "bootableDevice" class
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["bootParameter"] = MessageElement("test", FLAG_MOD_ADD,
- "bootParameter")
+ "bootParameter")
ldb.modify(m)
# Classes can be removed unless attributes of them are used. Now there
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["bootParameter"] = MessageElement("test", FLAG_MOD_DELETE,
- "bootParameter")
+ "bootParameter")
ldb.modify(m)
# Classes can be removed unless attributes of them are used.
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("container", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Replace top-most structural class to "inetOrgPerson" and reset it
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("user", FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Add a new auxiliary object class "posixAccount" to "ldaptestuser"
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("posixAccount", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Be sure that "top" is the first and the (most) structural object class
m = Message()
m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcontainer," + self.base_dn)
m["isCriticalSystemObject"] = MessageElement("TRUE", FLAG_MOD_REPLACE,
- "isCriticalSystemObject")
+ "isCriticalSystemObject")
try:
ldb.modify(m)
self.fail()
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
- + self.base_dn)
+ + self.base_dn)
try:
self.ldb.add({
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
- "thisdoesnotexist")
+ "thisdoesnotexist")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_DELETE,
- "ipProtocolNumber")
+ "ipProtocolNumber")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_REPLACE,
- "ipProtocolNumber")
+ "ipProtocolNumber")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
- "sAMAccountName")
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["instanceType"] = MessageElement("0", FLAG_MOD_REPLACE,
- "instanceType")
+ "instanceType")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["instanceType"] = MessageElement([], FLAG_MOD_REPLACE,
- "instanceType")
+ "instanceType")
try:
ldb.modify(m)
self.fail()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("group", 0, "objectClass")
m["dn"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn, 0,
- "dn")
+ "dn")
try:
ldb.add(m)
self.fail()
self.assertTrue(len(res) == 1)
self.assertTrue("distinguishedName" in res[0])
self.assertTrue(Dn(ldb, res[0]["distinguishedName"][0])
- == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
+ == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
# The "dn" shortcut isn't supported
m = Message()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
- "name")
+ "name")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["cn"] = MessageElement("ldaptestuser",
- FLAG_MOD_REPLACE, "cn")
+ FLAG_MOD_REPLACE, "cn")
try:
ldb.modify(m)
self.fail()
""")
res2 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertFalse("description" in res2[0])
self.assertEqual(res[0]["usnCreated"], res2[0]["usnCreated"])
""")
res3 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res3[0])
self.assertEqual("test", str(res3[0]["description"][0]))
""")
res4 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res4[0])
self.assertEqual("test", str(res4[0]["description"][0]))
""")
res5 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res5[0])
self.assertEqual("test2", str(res5[0]["description"][0]))
""")
res6 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertFalse("description" in res6[0])
self.assertEqual(res[0]["usnCreated"], res6[0]["usnCreated"])
""")
res7 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res7[0])
self.assertEqual("test3", str(res7[0]["description"][0]))
""")
res8 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertFalse("description" in res8[0])
self.assertEqual(res[0]["usnCreated"], res8[0]["usnCreated"])
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "memberOf")
+ FLAG_MOD_ADD, "memberOf")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "member")
+ FLAG_MOD_ADD, "member")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_REPLACE, "memberOf")
+ FLAG_MOD_REPLACE, "memberOf")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_DELETE, "memberOf")
+ FLAG_MOD_DELETE, "memberOf")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_DELETE, "member")
+ FLAG_MOD_DELETE, "member")
ldb.modify(m)
# This should yield no results since the member attribute for
"cN": "LDAPtestCOMPUTER"})
ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
- "objectClass": "computer",
- "cn": "LDAPtest2COMPUTER",
- "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
- "displayname": "ldap testy"})
+ "objectClass": "computer",
+ "cn": "LDAPtest2COMPUTER",
+ "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
+ "displayname": "ldap testy"})
try:
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
# Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
try:
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- expression="(&(cn=ldaptestuser4)(objectClass=user))",
- scope=SCOPE_SUBTREE)
+ expression="(&(cn=ldaptestuser4)(objectClass=user))",
+ scope=SCOPE_SUBTREE)
self.fail(res)
except LdbError as e102:
(num, _) = e102.args
# Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
try:
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
+ expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
self.fail()
except LdbError as e103:
(num, _) = e103.args
def test_netlogon_highestcommitted_usn(self):
"""Testing for netlogon and highestCommittedUSN via LDAP"""
res = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["netlogon", "highestCommittedUSN"])
+ attrs=["netlogon", "highestCommittedUSN"])
self.assertEquals(len(res), 0)
def test_namingContexts(self):
"""Testing for namingContexts in rootDSE"""
res = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
+ attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
self.assertEquals(len(res), 1)
ncs = set([])
self.assertTrue(int(res[0]["domainControllerFunctionality"][0]) >= int(res[0]["domainFunctionality"][0]))
res2 = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["dsServiceName", "serverName"])
+ attrs=["dsServiceName", "serverName"])
self.assertEquals(len(res2), 1)
self.assertEquals(len(res2[0]["dsServiceName"]), 1)
def setUp(self):
super(SchemaTests, self).setUp()
self.ldb = SamDB(host, credentials=creds,
- session_info=system_session(lp), lp=lp, options=ldb_options)
+ session_info=system_session(lp), lp=lp, options=ldb_options)
self.base_dn = self.ldb.domain_dn()
self.schema_dn = self.ldb.get_schema_basedn().get_linearized()
def test_generated_schema(self):
"""Testing we can read the generated schema via LDAP"""
res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE,
- attrs=["objectClasses", "attributeTypes", "dITContentRules"])
+ attrs=["objectClasses", "attributeTypes", "dITContentRules"])
self.assertEquals(len(res), 1)
self.assertTrue("dITContentRules" in res[0])
self.assertTrue("objectClasses" in res[0])
# linkID generation isn't available before 2003
res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
- attrs=["domainControllerFunctionality"])
+ attrs=["domainControllerFunctionality"])
self.assertEquals(len(res), 1)
dc_level = int(res[0]["domainControllerFunctionality"][0])
if dc_level < DS_DOMAIN_FUNCTION_2003:
def setUp(self):
super(SchemaTests_msDS_IntId, self).setUp()
self.ldb = SamDB(host, credentials=creds,
- session_info=system_session(lp), lp=lp, options=ldb_options)
+ session_info=system_session(lp), lp=lp, options=ldb_options)
res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
- attrs=["schemaNamingContext", "defaultNamingContext",
- "forestFunctionality"])
+ attrs=["schemaNamingContext", "defaultNamingContext",
+ "forestFunctionality"])
self.assertEquals(len(res), 1)
self.schema_dn = res[0]["schemaNamingContext"][0]
self.base_dn = res[0]["defaultNamingContext"][0]
def setUp(self):
super(SchemaTests_msDS_isRODC, self).setUp()
self.ldb = SamDB(host, credentials=creds,
- session_info=system_session(lp), lp=lp, options=ldb_options)
+ session_info=system_session(lp), lp=lp, options=ldb_options)
res = self.ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["defaultNamingContext"])
self.assertEquals(len(res), 1)
self.base_dn = res[0]["defaultNamingContext"][0]
def setUp(self):
super(SyntaxTests, self).setUp()
self.ldb = samba.tests.connect_samdb(host, credentials=creds,
- session_info=system_session(lp), lp=lp)
+ session_info=system_session(lp), lp=lp)
self.base_dn = self.ldb.domain_dn()
self.schema_dn = self.ldb.get_schema_basedn().get_linearized()
self._setup_dn_string_test()
# add object with correct value
object_name1 = "obj-DN-String1" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:ABCDE:" + self.base_dn)
+ self.dn_string_attribute, ": S:5:ABCDE:" + self.base_dn)
self.ldb.add_ldif(ldif)
# search by specifying the DN part only
res = self.ldb.search(base=self.base_dn,
- scope=SCOPE_SUBTREE,
- expression="(%s=%s)" % (self.dn_string_attribute, self.base_dn))
+ scope=SCOPE_SUBTREE,
+ expression="(%s=%s)" % (self.dn_string_attribute, self.base_dn))
self.assertEquals(len(res), 0)
# search by specifying the string part only
res = self.ldb.search(base=self.base_dn,
- scope=SCOPE_SUBTREE,
- expression="(%s=S:5:ABCDE)" % self.dn_string_attribute)
+ scope=SCOPE_SUBTREE,
+ expression="(%s=S:5:ABCDE)" % self.dn_string_attribute)
self.assertEquals(len(res), 0)
# search by DN+Stirng
res = self.ldb.search(base=self.base_dn,
- scope=SCOPE_SUBTREE,
- expression="(%s=S:5:ABCDE:%s)" % (self.dn_string_attribute, self.base_dn))
+ scope=SCOPE_SUBTREE,
+ expression="(%s=S:5:ABCDE:%s)" % (self.dn_string_attribute, self.base_dn))
self.assertEquals(len(res), 1)
# add object with wrong format
object_name2 = "obj-DN-String2" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name2, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:ABCD:" + self.base_dn)
+ self.dn_string_attribute, ": S:5:ABCD:" + self.base_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e:
# add object with the same dn but with different string value in case
ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:abcde:" + self.base_dn)
+ self.dn_string_attribute, ": S:5:abcde:" + self.base_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e1:
# add object with the same dn but with different string value
ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:FGHIJ:" + self.base_dn)
+ self.dn_string_attribute, ": S:5:FGHIJ:" + self.base_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e2:
# add object with the same dn but with different dn and string value
ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:FGHIJ:" + self.schema_dn)
+ self.dn_string_attribute, ": S:5:FGHIJ:" + self.schema_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e3:
# add object with the same dn but with different dn value
ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:ABCDE:" + self.schema_dn)
+ self.dn_string_attribute, ": S:5:ABCDE:" + self.schema_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e4:
# add object with GUID instead of DN
object_name3 = "obj-DN-String3" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name3, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:ABCDE:<GUID=%s>" % str(uuid.uuid4()))
+ self.dn_string_attribute, ": S:5:ABCDE:<GUID=%s>" % str(uuid.uuid4()))
try:
self.ldb.add_ldif(ldif)
except LdbError as e5:
# add object with SID instead of DN
object_name4 = "obj-DN-String4" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name4, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:ABCDE:<SID=%s>" % self.ldb.get_domain_sid())
+ self.dn_string_attribute, ": S:5:ABCDE:<SID=%s>" % self.ldb.get_domain_sid())
try:
self.ldb.add_ldif(ldif)
except LdbError as e6:
# add object with random string instead of DN
object_name5 = "obj-DN-String5" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name5, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
- self.dn_string_attribute, ": S:5:ABCDE:randomSTRING")
+ self.dn_string_attribute, ": S:5:ABCDE:randomSTRING")
try:
self.ldb.add_ldif(ldif)
except LdbError as e7:
# add obeject with correct value
object_name1 = "obj-DN-Binary1" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:1234:" + self.base_dn)
+ self.dn_binary_attribute, ": B:4:1234:" + self.base_dn)
self.ldb.add_ldif(ldif)
# search by specifyingthe DN part
res = self.ldb.search(base=self.base_dn,
- scope=SCOPE_SUBTREE,
- expression="(%s=%s)" % (self.dn_binary_attribute, self.base_dn))
+ scope=SCOPE_SUBTREE,
+ expression="(%s=%s)" % (self.dn_binary_attribute, self.base_dn))
self.assertEquals(len(res), 0)
# search by specifying the binary part
res = self.ldb.search(base=self.base_dn,
- scope=SCOPE_SUBTREE,
- expression="(%s=B:4:1234)" % self.dn_binary_attribute)
+ scope=SCOPE_SUBTREE,
+ expression="(%s=B:4:1234)" % self.dn_binary_attribute)
self.assertEquals(len(res), 0)
# search by DN+Binary
res = self.ldb.search(base=self.base_dn,
- scope=SCOPE_SUBTREE,
- expression="(%s=B:4:1234:%s)" % (self.dn_binary_attribute, self.base_dn))
+ scope=SCOPE_SUBTREE,
+ expression="(%s=B:4:1234:%s)" % (self.dn_binary_attribute, self.base_dn))
self.assertEquals(len(res), 1)
# add object with wrong format - 5 bytes instead of 4, 8, 16, 32...
object_name2 = "obj-DN-Binary2" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name2, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:5:67890:" + self.base_dn)
+ self.dn_binary_attribute, ": B:5:67890:" + self.base_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e8:
# add object with the same dn but with different binary value
ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:5678:" + self.base_dn)
+ self.dn_binary_attribute, ": B:4:5678:" + self.base_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e9:
# add object with the same dn but with different binary and dn value
ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:5678:" + self.schema_dn)
+ self.dn_binary_attribute, ": B:4:5678:" + self.schema_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e10:
# add object with the same dn but with different dn value
ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:1234:" + self.schema_dn)
+ self.dn_binary_attribute, ": B:4:1234:" + self.schema_dn)
try:
self.ldb.add_ldif(ldif)
except LdbError as e11:
# add object with GUID instead of DN
object_name3 = "obj-DN-Binary3" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name3, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:1234:<GUID=%s>" % str(uuid.uuid4()))
+ self.dn_binary_attribute, ": B:4:1234:<GUID=%s>" % str(uuid.uuid4()))
try:
self.ldb.add_ldif(ldif)
except LdbError as e12:
# add object with SID instead of DN
object_name4 = "obj-DN-Binary4" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name4, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:1234:<SID=%s>" % self.ldb.get_domain_sid())
+ self.dn_binary_attribute, ": B:4:1234:<SID=%s>" % self.ldb.get_domain_sid())
try:
self.ldb.add_ldif(ldif)
except LdbError as e13:
# add object with random string instead of DN
object_name5 = "obj-DN-Binary5" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name5, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
- self.dn_binary_attribute, ": B:4:1234:randomSTRING")
+ self.dn_binary_attribute, ": B:4:1234:randomSTRING")
try:
self.ldb.add_ldif(ldif)
except LdbError as e14:
if mode == "absent":
self.assertFalse(name in res[0],
- msg="attr[%s] not missing on dn[%s]" %
- (name, res[0].dn))
+ msg="attr[%s] not missing on dn[%s]" %
+ (name, res[0].dn))
return
self.assertTrue(name in res[0],
configuration_dn = self.ldb.get_config_basedn().get_linearized()
res = self.ldb.search(base_dn,
- scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"])
+ scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"])
if "lockoutDuration" in res[0]:
lockoutDuration = res[0]["lockoutDuration"][0]
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["unicodePwd"] = MessageElement("XXXXXXXXXXXXXXXX", FLAG_MOD_REPLACE,
- "unicodePwd")
+ "unicodePwd")
try:
self.ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["unicodePwd"] = MessageElement("\"thatsAcomplPASS2\"".encode('utf-16-le'),
- FLAG_MOD_REPLACE, "unicodePwd")
+ FLAG_MOD_REPLACE, "unicodePwd")
self.ldb.modify(m)
def test_unicodePwd_clear_change(self):
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["dBCSPwd"] = MessageElement("XXXXXXXXXXXXXXXX", FLAG_MOD_REPLACE,
- "dBCSPwd")
+ "dBCSPwd")
try:
self.ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("thatsAcomplPASS2", FLAG_MOD_REPLACE,
- "userPassword")
+ "userPassword")
self.ldb.modify(m)
def test_userPassword_clear_change(self):
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["clearTextPassword"] = MessageElement("thatsAcomplPASS2".encode('utf-16-le'),
- FLAG_MOD_REPLACE, "clearTextPassword")
+ FLAG_MOD_REPLACE, "clearTextPassword")
self.ldb.modify(m)
# this passes against s4
except LdbError as e10:
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("myPassword", FLAG_MOD_ADD,
- "userPassword")
+ "userPassword")
self.ldb.modify(m)
res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["userPassword"])
+ scope=SCOPE_BASE, attrs=["userPassword"])
self.assertTrue(len(res) == 1)
self.assertTrue("userPassword" in res[0])
self.assertEquals(res[0]["userPassword"][0], "myPassword")
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("myPassword2", FLAG_MOD_REPLACE,
- "userPassword")
+ "userPassword")
self.ldb.modify(m)
res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["userPassword"])
+ scope=SCOPE_BASE, attrs=["userPassword"])
self.assertTrue(len(res) == 1)
self.assertTrue("userPassword" in res[0])
self.assertEquals(res[0]["userPassword"][0], "myPassword2")
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement([], FLAG_MOD_DELETE,
- "userPassword")
+ "userPassword")
self.ldb.modify(m)
res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["userPassword"])
+ scope=SCOPE_BASE, attrs=["userPassword"])
self.assertTrue(len(res) == 1)
self.assertFalse("userPassword" in res[0])
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("myPassword3", FLAG_MOD_REPLACE,
- "userPassword")
+ "userPassword")
self.ldb.modify(m)
res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["userPassword"])
+ scope=SCOPE_BASE, attrs=["userPassword"])
self.assertTrue(len(res) == 1)
self.assertTrue("userPassword" in res[0])
self.assertEquals(res[0]["userPassword"][0], "myPassword3")
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("myPassword4", FLAG_MOD_REPLACE,
- "userPassword")
+ "userPassword")
self.ldb.modify(m)
res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["userPassword"])
+ scope=SCOPE_BASE, attrs=["userPassword"])
self.assertTrue(len(res) == 1)
self.assertTrue("userPassword" in res[0])
self.assertEquals(res[0]["userPassword"][0], "myPassword4")
m = Message()
m.dn = Dn(ldb1, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("thatsAcomplPASS1", FLAG_MOD_REPLACE,
- "userPassword")
+ "userPassword")
ldb1.modify(m)
res = ldb1.search("cn=testuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb2, "cn=testuser,cn=users," + self.base_dn)
m["userPassword"] = MessageElement("thatsAcomplPASS2", FLAG_MOD_REPLACE,
- "userPassword")
+ "userPassword")
ldb2.modify(m)
res = ldb2.search("cn=testuser,cn=users," + self.base_dn,
from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
from samba.samdb import SamDB
from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_ACCOUNTDISABLE,
- UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
- UF_PARTIAL_SECRETS_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT,
- UF_INTERDOMAIN_TRUST_ACCOUNT, UF_SMARTCARD_REQUIRED,
- UF_PASSWD_NOTREQD, UF_LOCKOUT, UF_PASSWORD_EXPIRED, ATYPE_NORMAL_ACCOUNT,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
- GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP,
- GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, GTYPE_DISTRIBUTION_GLOBAL_GROUP,
- GTYPE_DISTRIBUTION_UNIVERSAL_GROUP,
- ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_UNIVERSAL_GROUP,
- ATYPE_SECURITY_LOCAL_GROUP, ATYPE_DISTRIBUTION_GLOBAL_GROUP,
- ATYPE_DISTRIBUTION_UNIVERSAL_GROUP, ATYPE_DISTRIBUTION_LOCAL_GROUP,
- ATYPE_WORKSTATION_TRUST)
+ UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
+ UF_PARTIAL_SECRETS_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT,
+ UF_INTERDOMAIN_TRUST_ACCOUNT, UF_SMARTCARD_REQUIRED,
+ UF_PASSWD_NOTREQD, UF_LOCKOUT, UF_PASSWORD_EXPIRED, ATYPE_NORMAL_ACCOUNT,
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
+ GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP,
+ GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, GTYPE_DISTRIBUTION_GLOBAL_GROUP,
+ GTYPE_DISTRIBUTION_UNIVERSAL_GROUP,
+ ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_UNIVERSAL_GROUP,
+ ATYPE_SECURITY_LOCAL_GROUP, ATYPE_DISTRIBUTION_GLOBAL_GROUP,
+ ATYPE_DISTRIBUTION_UNIVERSAL_GROUP, ATYPE_DISTRIBUTION_LOCAL_GROUP,
+ ATYPE_WORKSTATION_TRUST)
from samba.dcerpc.security import (DOMAIN_RID_USERS, DOMAIN_RID_ADMINS,
- DOMAIN_RID_DOMAIN_MEMBERS, DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
+ DOMAIN_RID_DOMAIN_MEMBERS, DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
from samba.ndr import ndr_unpack
from samba.dcerpc import drsblobs
scope=SCOPE_BASE, attrs=["objectSID"])
self.assertTrue(len(res1) == 1)
group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
- res1[0]["objectSID"][0])).split()[1]
+ res1[0]["objectSID"][0])).split()[1]
res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["objectSID"])
self.assertTrue(len(res1) == 1)
group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
- res1[0]["objectSID"][0])).split()[1]
+ res1[0]["objectSID"][0])).split()[1]
# Try to create a user with an invalid account name
try:
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
- "primaryGroupID")
+ "primaryGroupID")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
- "primaryGroupID")
+ "primaryGroupID")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE,
- "userAccountControl")
+ "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE,
- "userAccountControl")
+ "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_SERVER_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE,
- "userAccountControl")
+ "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_PARTIAL_SECRETS_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE,
- "userAccountControl")
+ "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("administrator", FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement(res1[0]["sAMAccountName"][0], FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
ldb.modify(m)
# And another (free) name should be possible as well
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("xxx_ldaptestuser_xxx", FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
ldb.modify(m)
# We should be able to reset our actual primary group
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(DOMAIN_RID_USERS), FLAG_MOD_REPLACE,
- "primaryGroupID")
+ "primaryGroupID")
ldb.modify(m)
# Try to add invalid primary group
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
- "primaryGroupID")
+ "primaryGroupID")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(group_rid_1),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(group_rid_1),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
ldb.modify(m)
# Try to delete group 1 - should be denied
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(group_rid_2),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
ldb.modify(m)
# Swap the groups (does not really make sense but does the same)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(group_rid_1),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
m["primaryGroupID"] = MessageElement(str(group_rid_2),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
ldb.modify(m)
# Old primary group should contain a "member" attribute for the user,
self.assertTrue(len(res1) == 1)
self.assertTrue(len(res1[0]["member"]) == 1)
self.assertEquals(res1[0]["member"][0].lower(),
- ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
+ ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["member"])
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["groupType"] = MessageElement(str(GTYPE_SECURITY_GLOBAL_GROUP), FLAG_MOD_ADD,
- "groupType")
+ "groupType")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement("513", FLAG_MOD_ADD,
- "primaryGroupID")
+ "primaryGroupID")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_ADD,
- "userAccountControl")
+ "userAccountControl")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectSid"] = MessageElement("xxxxxxxxxxxxxxxx", FLAG_MOD_ADD,
- "objectSid")
+ "objectSid")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
- "sAMAccountType")
+ "sAMAccountType")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("test", FLAG_MOD_ADD,
- "sAMAccountName")
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_UNIVERSAL_GROUP)
+ ATYPE_SECURITY_UNIVERSAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_LOCAL_GROUP)
+ ATYPE_SECURITY_LOCAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+ ATYPE_DISTRIBUTION_GLOBAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+ ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_LOCAL_GROUP)
+ ATYPE_DISTRIBUTION_LOCAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
# Modify operation
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
# Invalid attribute
try:
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["groupType"] = MessageElement("0",
- FLAG_MOD_REPLACE, "groupType")
+ FLAG_MOD_REPLACE, "groupType")
ldb.modify(m)
self.fail()
except LdbError as e39:
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
# Change to "local" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_UNIVERSAL_GROUP)
+ ATYPE_SECURITY_UNIVERSAL_GROUP)
# Change back to "global"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
# Change back to "universal"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_UNIVERSAL_GROUP)
+ ATYPE_SECURITY_UNIVERSAL_GROUP)
# Change to "local"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_LOCAL_GROUP)
+ ATYPE_SECURITY_LOCAL_GROUP)
# Change to "global" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_UNIVERSAL_GROUP)
+ ATYPE_SECURITY_UNIVERSAL_GROUP)
# Change to "builtin local" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
# Change to "builtin local" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+ ATYPE_DISTRIBUTION_GLOBAL_GROUP)
# Change to local (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+ ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
# Change back to "global"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+ ATYPE_DISTRIBUTION_GLOBAL_GROUP)
# Change back to "universal"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+ ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
# Change to "local"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_LOCAL_GROUP)
+ ATYPE_DISTRIBUTION_LOCAL_GROUP)
# Change to "global" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+ ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
# Change back to "global"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+ ATYPE_DISTRIBUTION_GLOBAL_GROUP)
# Both group types: this performs only random checks - all possibilities
# would require too much code.
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
# Change to "local" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+ ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
# Change back to "global"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
# Change back to "universal"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_UNIVERSAL_GROUP)
+ ATYPE_SECURITY_UNIVERSAL_GROUP)
# Change to "local"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_DISTRIBUTION_LOCAL_GROUP)
+ ATYPE_DISTRIBUTION_LOCAL_GROUP)
# Change to "global" (shouldn't work)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_UNIVERSAL_GROUP)
+ ATYPE_SECURITY_UNIVERSAL_GROUP)
# Change back to "global"
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_SECURITY_GLOBAL_GROUP)
+ ATYPE_SECURITY_GLOBAL_GROUP)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertFalse("lockoutTime" in res1[0])
self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
# As user you can only switch from a normal account to a workstation
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement("0",
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
except LdbError as e64:
(num, _) = e64.args
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
m = Message()
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
try:
m = Message()
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertFalse("lockoutTime" in res1[0])
self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
try:
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
# As computer you can switch from a normal account to a workstation
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement("0",
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
except LdbError as e73:
(num, _) = e73.args
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
m = Message()
attrs=["sAMAccountType", "userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_NORMAL_ACCOUNT)
+ ATYPE_NORMAL_ACCOUNT)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
scope=SCOPE_BASE, attrs=["sAMAccountType"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST)
try:
m = Message()
attrs=["userAccountControl"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["userAccountControl"][0]),
- UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
+ UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
m = Message()
m.dn = Dn(ldb, "<SID=" + ldb.get_domain_sid() + "-" + str(DOMAIN_RID_ADMINS) + ">")
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(DOMAIN_RID_ADMINS),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
ldb.modify(m)
m = Message()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["primaryGroupID"] = MessageElement(str(DOMAIN_RID_USERS),
- FLAG_MOD_REPLACE, "primaryGroupID")
+ FLAG_MOD_REPLACE, "primaryGroupID")
ldb.modify(m)
m = Message()
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 1)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 1)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 1)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 1)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNotNone(spcbmd)
self.assertEqual(spcbmd.version, 1)
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 2)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 2)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 2)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 2)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNotNone(spcbmd)
self.assertEqual(spcbmd.version, 2)
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 1)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 1)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 1)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 1)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNone(spcbmd)
m = Message()
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 2)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 2)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 2)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 2)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNotNone(spcbmd)
self.assertEqual(spcbmd.version, 1)
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 2)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 2)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 2)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 2)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNotNone(spcbmd)
self.assertEqual(spcbmd.version, 1)
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 1)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 1)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 1)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 1)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNotNone(spcbmd)
self.assertEqual(spcbmd.version, 1)
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
res[0]["replPropertyMetaData"][0])
lastsetmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
self.assertIsNotNone(lastsetmd)
self.assertEqual(lastsetmd.version, 1)
nthashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_unicodePwd)
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
self.assertIsNotNone(nthashmd)
self.assertEqual(nthashmd.version, 1)
nthistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
self.assertIsNotNone(nthistmd)
self.assertEqual(nthistmd.version, 1)
lmhashmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
self.assertIsNotNone(lmhashmd)
self.assertEqual(lmhashmd.version, 1)
lmhistmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
self.assertIsNotNone(lmhistmd)
self.assertEqual(lmhistmd.version, 1)
spcbmd = self.find_repl_meta_data(rpmd,
- drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
self.assertIsNotNone(spcbmd)
self.assertEqual(spcbmd.version, 1)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT),
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_SERVER_TRUST_ACCOUNT),
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT),
- FLAG_MOD_REPLACE, "userAccountControl")
+ FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
- "description")
+ "description")
ldb.modify(m)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
- "description")
+ "description")
ldb.modify(m)
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
- "description")
+ "description")
ldb.modify(m)
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
- "description")
+ "description")
ldb.modify(m)
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["description"])
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["description"] = MessageElement("desc1", FLAG_MOD_ADD,
- "description")
+ "description")
ldb.modify(m)
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
def setUp(self):
super(DescriptorTests, self).setUp()
self.ldb_admin = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp,
- options=ldb_options)
+ options=ldb_options)
self.base_dn = self.ldb_admin.domain_dn()
self.configuration_dn = self.ldb_admin.get_config_basedn().get_linearized()
self.schema_dn = self.ldb_admin.get_schema_basedn().get_linearized()
# SCHEMA
# CONFIGURATION
delete_force(self.ldb_admin, "CN=test-specifier1,CN=test-container1,CN=DisplaySpecifiers," \
- + self.configuration_dn)
+ + self.configuration_dn)
delete_force(self.ldb_admin, "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn)
def setUp(self):
def create_clean_ou(self, object_dn):
""" Base repeating setup for unittests to follow """
res = self.ldb_admin.search(base=self.base_dn, scope=SCOPE_SUBTREE, \
- expression="distinguishedName=%s" % object_dn)
+ expression="distinguishedName=%s" % object_dn)
# Make sure top testing OU has been deleted before starting the test
self.assertEqual(len(res), 0)
self.ldb_admin.create_ou(object_dn)
SECINFO_SACL)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- [], controls=None)
+ [], controls=None)
self.assertFalse("nTSecurityDescriptor" in res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["name"], controls=None)
+ ["name"], controls=None)
self.assertFalse("nTSecurityDescriptor" in res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["name"], controls=["sd_flags:1:%d" % (sd_flags)])
+ ["name"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertFalse("nTSecurityDescriptor" in res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- [], controls=["sd_flags:1:%d" % (sd_flags)])
+ [], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["*"], controls=["sd_flags:1:%d" % (sd_flags)])
+ ["*"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["nTSecurityDescriptor", "*"], controls=["sd_flags:1:%d" % (sd_flags)])
+ ["nTSecurityDescriptor", "*"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["*", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
+ ["*", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["nTSecurityDescriptor", "name"], controls=["sd_flags:1:%d" % (sd_flags)])
+ ["nTSecurityDescriptor", "name"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["name", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
+ ["name", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["nTSecurityDescriptor"], controls=None)
+ ["nTSecurityDescriptor"], controls=None)
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["name", "nTSecurityDescriptor"], controls=None)
+ ["name", "nTSecurityDescriptor"], controls=None)
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
- ["nTSecurityDescriptor", "name"], controls=None)
+ ["nTSecurityDescriptor", "name"], controls=None)
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
"""This search is done by the windows dc join..."""
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None, ["1.1"],
- controls=["extended_dn:1:0", "sd_flags:1:0", "search_options:1:1"])
+ controls=["extended_dn:1:0", "sd_flags:1:0", "search_options:1:1"])
self.assertFalse("nTSecurityDescriptor" in res[0])
class RightsAttributesTests(DescriptorTests):
self.sd_utils.dacl_add_ace(object_dn, mod)
_ldb = self.get_ldb_connection("testuser_attr", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["sDRightsEffective"])
+ attrs=["sDRightsEffective"])
#user whould have no rights at all
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["sDRightsEffective"][0], "0")
mod = "(A;CI;WD;;;%s)" % str(user_sid)
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["sDRightsEffective"])
+ attrs=["sDRightsEffective"])
#user whould have DACL_SECURITY_INFORMATION
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["sDRightsEffective"][0], ("%d") % SECINFO_DACL)
mod = "(A;CI;WO;;;%s)" % str(user_sid)
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["sDRightsEffective"])
+ attrs=["sDRightsEffective"])
#user whould have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["sDRightsEffective"][0], ("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER))
#no way to grant security privilege bu adding ACE's so we use a memeber of Domain Admins
_ldb = self.get_ldb_connection("testuser_attr2", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["sDRightsEffective"])
+ attrs=["sDRightsEffective"])
#user whould have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["sDRightsEffective"][0], \
self.sd_utils.dacl_add_ace(object_dn, mod)
_ldb = self.get_ldb_connection("testuser_attr", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["allowedChildClassesEffective"])
+ attrs=["allowedChildClassesEffective"])
#there should be no allowed child classes
self.assertEquals(len(res), 1)
self.assertFalse("allowedChildClassesEffective" in res[0].keys())
mod = "(OA;CI;CC;bf967aba-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["allowedChildClassesEffective"])
+ attrs=["allowedChildClassesEffective"])
# allowedChildClassesEffective should only have one value, user
self.assertEquals(len(res), 1)
self.assertEquals(len(res[0]["allowedChildClassesEffective"]), 1)
self.sd_utils.dacl_add_ace(object_dn, mod)
_ldb = self.get_ldb_connection("testuser_attr", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["allowedAttributesEffective"])
+ attrs=["allowedAttributesEffective"])
#there should be no allowed attributes
self.assertEquals(len(res), 1)
self.assertFalse("allowedAttributesEffective" in res[0].keys())
mod3 = "(OA;CI;WP;9a7ad949-ca53-11d1-bbd0-0080c76670c0;;%s)" % str(user_sid)
self.sd_utils.dacl_add_ace(object_dn, mod + mod2 + mod3)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
- attrs=["allowedAttributesEffective"])
+ attrs=["allowedAttributesEffective"])
# value should only contain user and managedBy
self.assertEquals(len(res), 1)
self.assertEquals(len(res[0]["allowedAttributesEffective"]), 2)
self.test_group0_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group0, [self.test_user],
- add_members_operation=True)
+ add_members_operation=True)
self.test_group1 = "tokengroups_group1"
self.admin_ldb.newgroup(self.test_group1, grouptype=dsdb.GTYPE_SECURITY_GLOBAL_GROUP)
self.test_group1_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group1, [self.test_user],
- add_members_operation=True)
+ add_members_operation=True)
self.test_group2 = "tokengroups_group2"
self.admin_ldb.newgroup(self.test_group2, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
self.test_group2_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group2, [self.test_user],
- add_members_operation=True)
+ add_members_operation=True)
self.test_group3 = "tokengroups_group3"
self.admin_ldb.newgroup(self.test_group3, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
self.test_group3_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group3, [self.test_group1],
- add_members_operation=True)
+ add_members_operation=True)
self.test_group4 = "tokengroups_group4"
self.admin_ldb.newgroup(self.test_group4, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
self.test_group4_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group4, [self.test_group3],
- add_members_operation=True)
+ add_members_operation=True)
self.test_group5 = "tokengroups_group5"
self.admin_ldb.newgroup(self.test_group5, grouptype=dsdb.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)
samr_conn = samba.dcerpc.samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, creds)
samr_handle = samr_conn.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
samr_domain = samr_conn.OpenDomain(samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED,
- domain_sid)
+ domain_sid)
user_handle = samr_conn.OpenUser(samr_domain, security.SEC_FLAG_MAXIMUM_ALLOWED, user_rid)
rids = samr_conn.GetGroupsForUser(user_handle)
samr_dns = set()
self.assertEqual(rid.attributes, samr.SE_GROUP_MANDATORY | samr.SE_GROUP_ENABLED_BY_DEFAULT| samr.SE_GROUP_ENABLED)
sid = "%s-%d" % (domain_sid, rid.rid)
res = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
- attrs=[])
+ attrs=[])
samr_dns.add(res[0].dn.get_casefold())
user_info = samr_conn.QueryUserInfo(user_handle, 1)
from samba.tests.subunitrun import TestProgram, SubunitOptions
from ldb import (LdbError, ERR_NO_SUCH_OBJECT, Message,
- MessageElement, Dn, FLAG_MOD_REPLACE)
+ MessageElement, Dn, FLAG_MOD_REPLACE)
import samba.tests
import samba.dsdb as dsdb
import samba.getopt as options
m = Message()
m.dn = Dn(self.ldb, "cn=nonurgenttest,cn=users," + self.base_dn)
m["description"] = MessageElement("new description", FLAG_MOD_REPLACE,
- "description")
+ "description")
self.ldb.modify(m)
res = self.ldb.load_partition_usn(self.base_dn)
self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration," + self.base_dn)
m["options"] = MessageElement("0", FLAG_MOD_REPLACE,
- "options")
+ "options")
self.ldb.modify(m)
res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "cn=test crossRef,CN=Partitions,CN=Configuration," + self.base_dn)
m["systemFlags"] = MessageElement("0", FLAG_MOD_REPLACE,
- "systemFlags")
+ "systemFlags")
self.ldb.modify(m)
res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
self.assertNotEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "CN=test attributeSchema,CN=Schema,CN=Configuration," + self.base_dn)
m["lDAPDisplayName"] = MessageElement("updatedTestAttributeSchema", FLAG_MOD_REPLACE,
- "lDAPDisplayName")
+ "lDAPDisplayName")
self.ldb.modify(m)
res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "CN=test classSchema,CN=Schema,CN=Configuration," + self.base_dn)
m["lDAPDisplayName"] = MessageElement("updatedTestClassSchema", FLAG_MOD_REPLACE,
- "lDAPDisplayName")
+ "lDAPDisplayName")
self.ldb.modify(m)
res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "cn=test secret,cn=System," + self.base_dn)
m["currentValue"] = MessageElement("yyyyyyyy", FLAG_MOD_REPLACE,
- "currentValue")
+ "currentValue")
self.ldb.modify(m)
res = self.ldb.load_partition_usn(self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "CN=RID Manager test,CN=System," + self.base_dn)
m["systemFlags"] = MessageElement("0", FLAG_MOD_REPLACE,
- "systemFlags")
+ "systemFlags")
self.ldb.modify(m)
res = self.ldb.load_partition_usn(self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(str(dsdb.UF_NORMAL_ACCOUNT+dsdb.UF_DONT_EXPIRE_PASSWD), FLAG_MOD_REPLACE,
- "userAccountControl")
+ "userAccountControl")
self.ldb.modify(m)
res = self.ldb.load_partition_usn(self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
m["lockoutTime"] = MessageElement("1", FLAG_MOD_REPLACE,
- "lockoutTime")
+ "lockoutTime")
self.ldb.modify(m)
res = self.ldb.load_partition_usn(self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
m = Message()
m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
m["pwdLastSet"] = MessageElement("-1", FLAG_MOD_REPLACE,
- "pwdLastSet")
+ "pwdLastSet")
self.ldb.modify(m)
res = self.ldb.load_partition_usn(self.base_dn)
self.assertEquals(res["uSNHighest"], res["uSNUrgent"])
deal with the objects originally found.
"""
attrs = ['cn'] + [x for x in self.users[0].keys() if x not in
- ('dn', 'objectclass')]
+ ('dn', 'objectclass')]
user_number = 0
iteration = 0
for attr in attrs:
for attr in attrs:
show_deleted_control = "show_deleted:1"
expected_order = self.get_expected_order_showing_deleted(attr,
- expression=expression,
- base=base,
- scope=ldb.SCOPE_ONELEVEL)
+ expression=expression,
+ base=base,
+ scope=ldb.SCOPE_ONELEVEL)
print ("searching for attr %s amongst %d deleted objects" %
(attr, len(expected_order)))
sort_control = "server_sort:1:0:%s" % attr
def plansmbtorture4testsuite(name, env, options, modname=None):
return selftesthelpers.plansmbtorture4testsuite(name, env, options,
- target='samba4', modname=modname)
+ target='samba4', modname=modname)
samba4srcdir = source4dir()
samba4bindir = bindir()
try:
lines = f.readlines()
config_hash = dict((x[0], ' '.join(x[1:]))
- for x in map(lambda line: line.strip().split(' ')[1:],
- filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
+ for x in map(lambda line: line.strip().split(' ')[1:],
+ filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
finally:
f.close()
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
- "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
+ "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
creds_options = [
'--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD',
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
- "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
+ "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
for t in smbtorture4_testsuites("ldap."):
plansmbtorture4testsuite(t, "ad_dc_ntvfs", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]:
options = "ncalrpc: --option='iconv:use_builtin_handlers=false'"
plansmbtorture4testsuite(t, "none", options,
- modname="samba4.%s.system.iconv" % t)
+ modname="samba4.%s.system.iconv" % t)
tdbtorture4 = binpath("tdbtorture")
if os.path.exists(tdbtorture4):
plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name)
plansmbtorture4testsuite('base.xcopy', "ad_dc",
- ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
+ ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient4])
for mech in [
plantestsuite("samba4.sam.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.user_account_control.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
planoldpythontestsuite("ad_dc_ntvfs", "dsdb_schema_info",
- extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
- name="samba4.schemaInfo.python(ad_dc_ntvfs)",
- extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'])
+ extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
+ name="samba4.schemaInfo.python(ad_dc_ntvfs)",
+ extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'])
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dsdb_schema_attributes")
for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
# check that a restored DC matches the original DC (backupfromdc)
plantestsuite("samba4.blackbox.ldapcmp_restore", env,
- ["PYTHON=%s" % python,
- os.path.join(bbdir, "ldapcmp_restoredc.sh"),
- '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
+ ["PYTHON=%s" % python,
+ os.path.join(bbdir, "ldapcmp_restoredc.sh"),
+ '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
# basic test that we can join the testenv DC
plantestsuite("samba4.blackbox.join_ldapcmp", env,
- ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
+ ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc",
[python,
# this is a basic sanity-check of Kerberos/NTLM user login
for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc"]:
plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env,
- [python, os.path.join(samba4srcdir, "dsdb/tests/python/login_basics.py"),
- "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
- '$LOADLIST', '$LISTOPT'])
+ [python, os.path.join(samba4srcdir, "dsdb/tests/python/login_basics.py"),
+ "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
+ '$LOADLIST', '$LISTOPT'])
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc")
planpythontestsuite("ad_dc:local", "samba.tests.posixacl", py3_compatible=True)
planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl", py3_compatible=True)
plantestsuite_loadlist("samba4.deletetest.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/deletetest.py"),
- '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+ '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
extra_options = []
plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P',
- '--workgroup=$DOMAIN', '--realm=$REALM',
- '--option=torture:krb5-hostname=$SERVER',
- '--option=torture:run_removedollar_test=true',
- '--option=torture:expect_machine_account=true'] + extra_options,
+ '--workgroup=$DOMAIN', '--realm=$REALM',
+ '--option=torture:krb5-hostname=$SERVER',
+ '--option=torture:run_removedollar_test=true',
+ '--option=torture:expect_machine_account=true'] + extra_options,
"samba4.krb5.kdc with machine account")
def _get_identifier(self, ldb_conn, dn):
res = ldb_conn.search(dn, scope=ldb.SCOPE_BASE,
- attrs=["objectGUID", "objectSid"])
+ attrs=["objectGUID", "objectSid"])
id = drsuapi.DsReplicaObjectIdentifier()
id.guid = ndr_unpack(misc.GUID, res[0]['objectGUID'][0])
if "objectSid" in res[0]:
if l.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE:
state = "Act"
print(" v%u %s changed %u" %(l.meta_data.version, state,
- l.meta_data.originating_change_time))
+ l.meta_data.originating_change_time))
print("HWM: %d" %(ctr6.new_highwatermark.highest_usn))
print("Tmp HWM: %d" %(ctr6.new_highwatermark.tmp_highest_usn))
drsuapi.DRSUAPI_DRS_WRIT_REP)
self._check_replication([ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
self._check_replication([ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
m = ldb.Message()
m.dn = ldb.Dn(self.ldb_dc1, ou1)
self.ldb_dc1.modify(m)
(hwm2, utdv2) = self._check_replication([ou2,dc3,ou1],
- drsuapi.DRSUAPI_DRS_WRIT_REP)
+ drsuapi.DRSUAPI_DRS_WRIT_REP)
self._check_replication([ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
self._check_replication([ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([ou1],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- highwatermark=hwm1)
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ highwatermark=hwm1)
self._check_replication([ou1],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- highwatermark=hwm1)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ highwatermark=hwm1)
self._check_replication([ou1],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- uptodateness_vector=utdv1)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ uptodateness_vector=utdv1)
m = ldb.Message()
m.dn = ldb.Dn(self.ldb_dc1, ou2)
self.ldb_dc1.modify(m)
(hwm3, utdv3) = self._check_replication([dc3,ou1,ou2],
- drsuapi.DRSUAPI_DRS_WRIT_REP)
+ drsuapi.DRSUAPI_DRS_WRIT_REP)
self._check_replication([ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
self._check_replication([ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([ou1,ou2],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- highwatermark=hwm1)
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ highwatermark=hwm1)
self._check_replication([ou1,ou2],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- highwatermark=hwm1)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ highwatermark=hwm1)
self._check_replication([ou1,ou2],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- uptodateness_vector=utdv1)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ uptodateness_vector=utdv1)
m = ldb.Message()
m.dn = ldb.Dn(self.ldb_dc1, self.ou)
self.ldb_dc1.modify(m)
(hwm4, utdv4) = self._check_replication([dc3,ou1,ou2,self.ou],
- drsuapi.DRSUAPI_DRS_WRIT_REP)
+ drsuapi.DRSUAPI_DRS_WRIT_REP)
self._check_replication([self.ou,ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
self._check_replication([self.ou,ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([self.ou,ou2],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- uptodateness_vector=utdv2)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ uptodateness_vector=utdv2)
cn3 = "CN=get_anc3,%s" % ou2
self.ldb_dc1.add({
cn3_id = self._get_identifier(self.ldb_dc1, cn3)
(hwm5, utdv5) = self._check_replication([dc3,ou1,ou2,self.ou,cn3],
- drsuapi.DRSUAPI_DRS_WRIT_REP)
+ drsuapi.DRSUAPI_DRS_WRIT_REP)
self._check_replication([self.ou,ou1,ou2,dc3,cn3],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
self._check_replication([self.ou,ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
m = ldb.Message()
m.dn = ldb.Dn(self.ldb_dc1, ou2)
m["managedBy"] = ldb.MessageElement(dc3, ldb.FLAG_MOD_ADD, "managedBy")
self.ldb_dc1.modify(m)
ou2_managedBy_dc3 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- ou2_id.guid, dc3_id.guid)
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ ou2_id.guid, dc3_id.guid)
(hwm6, utdv6) = self._check_replication([dc3,ou1,self.ou,cn3,ou2],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- expected_links=[ou2_managedBy_dc3])
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ expected_links=[ou2_managedBy_dc3])
# Can fail against Windows due to equal precedence of dc3, cn3
self._check_replication([self.ou,ou1,ou2,dc3,cn3],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[ou2_managedBy_dc3])
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[ou2_managedBy_dc3])
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
self._check_replication([self.ou,ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- uptodateness_vector=utdv5,
- expected_links=[ou2_managedBy_dc3])
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ uptodateness_vector=utdv5,
+ expected_links=[ou2_managedBy_dc3])
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- uptodateness_vector=utdv5)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ uptodateness_vector=utdv5)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- uptodateness_vector=utdv5)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ uptodateness_vector=utdv5)
m = ldb.Message()
m.dn = ldb.Dn(self.ldb_dc1, dc3)
m["managedBy"] = ldb.MessageElement(ou1, ldb.FLAG_MOD_ADD, "managedBy")
self.ldb_dc1.modify(m)
dc3_managedBy_ou1 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- dc3_id.guid, ou1_id.guid)
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ dc3_id.guid, ou1_id.guid)
(hwm7, utdv7) = self._check_replication([ou1,self.ou,cn3,ou2,dc3],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1])
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1])
# Can fail against Windows due to equal precedence of dc3, cn3
#self._check_replication([self.ou,ou1,ou2,dc3,cn3],
# expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1])
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- expected_links=[dc3_managedBy_ou1])
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ expected_links=[dc3_managedBy_ou1])
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- expected_links=[dc3_managedBy_ou1])
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ expected_links=[dc3_managedBy_ou1])
self._check_replication([self.ou,ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[dc3_managedBy_ou1])
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[dc3_managedBy_ou1])
# GET_TGT seems to override DRS_CRITICAL_ONLY and also returns any
# object(s) that relate to the linked attributes (similar to GET_ANC)
self._check_replication([ou1, dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
- expected_links=[dc3_managedBy_ou1], dn_ordered=False)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+ expected_links=[dc3_managedBy_ou1], dn_ordered=False)
# Change DC3's managedBy to OU2 instead of OU1
# Note that the OU1 managedBy linked attribute will still exist as
self.ldb_dc1.modify(m)
dc3_managedBy_ou1.flags &= ~drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
dc3_managedBy_ou2 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- dc3_id.guid, ou2_id.guid)
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ dc3_id.guid, ou2_id.guid)
(hwm8, utdv8) = self._check_replication([ou1,self.ou,cn3,ou2,dc3],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1,dc3_managedBy_ou2])
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1,dc3_managedBy_ou2])
# Can fail against Windows due to equal precedence of dc3, cn3
#self._check_replication([self.ou,ou1,ou2,dc3,cn3],
# expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1,dc3_managedBy_ou2])
self._check_replication([dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2])
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2])
self._check_replication([self.ou,ou1,ou2,dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2])
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2])
# GET_TGT will also return any DNs referenced by the linked attributes
# (including the Tombstone attribute)
self._check_replication([ou1, ou2, dc3],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2], dn_ordered=False)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2], dn_ordered=False)
# Use the highwater-mark prior to changing ManagedBy - this should
# only return the old/Tombstone and new linked attributes (we already
# know all the DNs)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- highwatermark=hwm7)
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ highwatermark=hwm7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- highwatermark=hwm7)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ highwatermark=hwm7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- highwatermark=hwm7)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ highwatermark=hwm7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- highwatermark=hwm7)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ highwatermark=hwm7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- highwatermark=hwm7)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ highwatermark=hwm7)
# Repeat the above set of tests using the uptodateness_vector
# instead of the highwater-mark
self._check_replication([],
- drsuapi.DRSUAPI_DRS_WRIT_REP,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- uptodateness_vector=utdv7)
+ drsuapi.DRSUAPI_DRS_WRIT_REP,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ uptodateness_vector=utdv7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_WRIT_REP|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- uptodateness_vector=utdv7)
+ drsuapi.DRSUAPI_DRS_WRIT_REP|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ uptodateness_vector=utdv7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- uptodateness_vector=utdv7)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ uptodateness_vector=utdv7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
- drsuapi.DRSUAPI_DRS_GET_ANC,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- uptodateness_vector=utdv7)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY|
+ drsuapi.DRSUAPI_DRS_GET_ANC,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ uptodateness_vector=utdv7)
self._check_replication([],
- drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
- more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
- expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
- uptodateness_vector=utdv7)
+ drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+ more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+ expected_links=[dc3_managedBy_ou1,dc3_managedBy_ou2],
+ uptodateness_vector=utdv7)
def test_FSMONotOwner(self):
"""Test role transfer with against DC not owner of the role"""
self.ldb_dc1.add({"dn": group_dn, "objectclass": "group"})
u1_guid = misc.GUID(self.ldb_dc1.search(base=user1_dn,
- attrs=["objectGUID"])[0]['objectGUID'][0])
+ attrs=["objectGUID"])[0]['objectGUID'][0])
u2_guid = misc.GUID(self.ldb_dc1.search(base=user2_dn,
- attrs=["objectGUID"])[0]['objectGUID'][0])
+ attrs=["objectGUID"])[0]['objectGUID'][0])
u3_guid = misc.GUID(self.ldb_dc1.search(base=user3_dn,
- attrs=["objectGUID"])[0]['objectGUID'][0])
+ attrs=["objectGUID"])[0]['objectGUID'][0])
g_guid = misc.GUID(self.ldb_dc1.search(base=group_dn,
- attrs=["objectGUID"])[0]['objectGUID'][0])
+ attrs=["objectGUID"])[0]['objectGUID'][0])
self.add_linked_attribute(group_dn, user1_dn,
attr='member')
g_guid, u3_guid)
expected_links = set([set_inactive,
- AbstractLink(drsuapi.DRSUAPI_ATTID_member,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- g_guid,
- u1_guid),
- AbstractLink(drsuapi.DRSUAPI_ATTID_member,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- g_guid,
- u2_guid),
- AbstractLink(drsuapi.DRSUAPI_ATTID_member,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- g_guid,
- u3_guid),
- AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- g_guid,
- u1_guid),
- AbstractLink(drsuapi.DRSUAPI_ATTID_nonSecurityMember,
- drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
- g_guid,
- u2_guid),
+ AbstractLink(drsuapi.DRSUAPI_ATTID_member,
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ g_guid,
+ u1_guid),
+ AbstractLink(drsuapi.DRSUAPI_ATTID_member,
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ g_guid,
+ u2_guid),
+ AbstractLink(drsuapi.DRSUAPI_ATTID_member,
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ g_guid,
+ u3_guid),
+ AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ g_guid,
+ u1_guid),
+ AbstractLink(drsuapi.DRSUAPI_ATTID_nonSecurityMember,
+ drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+ g_guid,
+ u2_guid),
])
dc_guid_1 = self.ldb_dc1.get_invocation_id()
drs, drs_handle = self._ds_bind(self.dnsname_dc1)
req8 = self._exop_req8(dest_dsa=None,
- invocation_id=dc_guid_1,
- nc_dn_str=group_dn,
- exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+ invocation_id=dc_guid_1,
+ nc_dn_str=group_dn,
+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
for link in ctr.linked_attributes:
try:
target_guid = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
- link.value.blob).guid
+ link.value.blob).guid
except:
target_guid = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3Binary,
link.value.blob).guid
self.sync_DCs(sync_order=sync_order)
res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
# check the object has only have one occurence of the single-valued
# attribute and it matches on both DCs
self.sync_DCs(sync_order=sync_order)
res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
# check the object has only have one occurence of the single-valued
# attribute and it matches on both DCs
self.sync_DCs(sync_order=sync_order)
res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
# Although the more up-to-date link value is deleted, this shouldn't
# trump DC1's active link
self.sync_DCs(sync_order=sync_order)
res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
# check the object has only have one occurence of the single-valued
# attribute and it matches on both DCs
self.sync_DCs(sync_order=sync_order)
res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
- scope=SCOPE_BASE, attrs=["managedBy"])
+ scope=SCOPE_BASE, attrs=["managedBy"])
# check the object has only have one occurence of the single-valued
# attribute and it matches on both DCs
def add_object(self, cn, objectclass):
dn = "CN=%s,%s" % (cn, self.ou)
self.samdb.add({'cn': cn,
- 'objectclass': objectclass,
- 'dn': dn})
+ 'objectclass': objectclass,
+ 'dn': dn})
return dn
ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
ctx.never_reveal_sid = [ "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
- "<SID=%s>" % security.SID_BUILTIN_ADMINISTRATORS,
- "<SID=%s>" % security.SID_BUILTIN_SERVER_OPERATORS,
- "<SID=%s>" % security.SID_BUILTIN_BACKUP_OPERATORS,
- "<SID=%s>" % security.SID_BUILTIN_ACCOUNT_OPERATORS ]
+ "<SID=%s>" % security.SID_BUILTIN_ADMINISTRATORS,
+ "<SID=%s>" % security.SID_BUILTIN_SERVER_OPERATORS,
+ "<SID=%s>" % security.SID_BUILTIN_BACKUP_OPERATORS,
+ "<SID=%s>" % security.SID_BUILTIN_ACCOUNT_OPERATORS ]
ctx.reveal_sid = "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_ALLOW)
mysid = ctx.get_mysid()
drs, drs_handle = self._ds_bind(self.dnsname_dc1)
req8 = self._exop_req8(dest_dsa=None,
- invocation_id=dc_guid_1,
- nc_dn_str=c_dn,
- exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
- replica_flags=drsuapi.DRSUAPI_DRS_SYNC_FORCED)
+ invocation_id=dc_guid_1,
+ nc_dn_str=c_dn,
+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+ replica_flags=drsuapi.DRSUAPI_DRS_SYNC_FORCED)
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
# Check that DC2 got the DC1 object, and OU1 was make into conflict
res1 = self.ldb_dc2.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertFalse('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
# Check that DC2 got the DC1 object, and OU1 was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
# Check that DC2 got the DC1 object, and OU2 was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]), "Got %s for %s" % (str(res2[0]["name"][0]), self.ou2))
# Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
# Check that DC2 got the DC1 object, and SELF.OU1 was made into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
# Check that DC2 got the DC1 object, and OU2 was made into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
# Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
# Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
# Check that DC2 got the DC1 object, and OU2 was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
# Check that DC2 got the DC1 object, and one or other object was make into conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % ou1_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % ou2_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % ou1_child in str(res1[0]["name"][0]) or 'CNF:%s' % ou2_child in str(res2[0]["name"][0]))
# Check that DC2 got the DC1 object, and the renames are all correct
res1 = self.ldb_dc2.search(base="<GUID=%s>" % ou1_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc2.search(base="<GUID=%s>" % ou2_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res3 = self.ldb_dc2.search(base="<GUID=%s>" % ou3_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0].dn)
print(res2[0].dn)
print(res3[0].dn)
# Check that DC1 got the DC2 object, and the renames are all correct
res1 = self.ldb_dc1.search(base="<GUID=%s>" % ou1_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % ou2_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res3 = self.ldb_dc1.search(base="<GUID=%s>" % ou3_child,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0].dn)
print(res2[0].dn)
print(res3[0].dn)
# Check the latest change won and SELF.OU1 was made into a conflict
res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
- scope=SCOPE_BASE, attrs=["name"])
+ scope=SCOPE_BASE, attrs=["name"])
print(res1[0]["name"][0])
print(res2[0]["name"][0])
self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
try:
# 2. Perform a RID alloc
req8 = self._exop_req8(dest_dsa=fsmo_owner["ntds_guid"],
- invocation_id=fsmo_not_owner["invocation_id"],
- nc_dn_str=fsmo_dn,
- exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+ invocation_id=fsmo_not_owner["invocation_id"],
+ nc_dn_str=fsmo_dn,
+ exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
(drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"])
# 3. Make sure the allocation succeeds
m = ldb.Message()
m.dn = fsmo_dn
m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
- ldb.FLAG_MOD_REPLACE,
- "fSMORoleOwner")
+ ldb.FLAG_MOD_REPLACE,
+ "fSMORoleOwner")
new_ldb.modify(m)
# 1. Get server name
m = ldb.Message()
m.dn = fsmo_dn
m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
- ldb.FLAG_MOD_REPLACE,
- "fSMORoleOwner")
+ ldb.FLAG_MOD_REPLACE,
+ "fSMORoleOwner")
new_ldb.modify(m)
# 1. Get server name
m = ldb.Message()
m.dn = fsmo_dn
m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
- ldb.FLAG_MOD_REPLACE,
- "fSMORoleOwner")
+ ldb.FLAG_MOD_REPLACE,
+ "fSMORoleOwner")
new_ldb.modify(m)
# 1. Get server name
# Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was started.'
nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
out = self.check_output("samba-tool drs replicate --async-op %s %s %s %s" % (self.dc1,
- self.dc2,
- nc_name,
- self.cmdline_creds))
+ self.dc2,
+ nc_name,
+ self.cmdline_creds))
self.assertTrue("Replicate from" in out)
self.assertTrue("was started" in out)
# Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was started.'
nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
out = self.check_output("samba-tool drs replicate --local-online --async-op %s %s %s" % (self.dc1,
- self.dc2,
- nc_name))
+ self.dc2,
+ nc_name))
self.assertTrue("Replicate from" in out)
self.assertTrue("was started" in out)
def demote_self():
# While we have this cloned, try demoting the other server on the clone
out = self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H %s/private/sam.ldb"
- % (self.dc1,
- self.tempdir))
+ % (self.dc1,
+ self.tempdir))
self.assertRaises(samba.tests.BlackboxProcessError, demote_self)
# While we have this cloned, try demoting the other server on the clone
t.cmd_contains("bin/net ads testjoin", ["Join is OK"])
t.cmd_contains("bin/net ads dns register ${HOSTNAME}.${WIN_REALM} -P", ["Successfully registered hostname with DNS"])
t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}",
- ['${HOSTNAME}.${WIN_REALM} has address'])
+ ['${HOSTNAME}.${WIN_REALM} has address'])
def create_root_account(t, vm):
t.setwinvars(vm)
t.chdir("${PREFIX}")
t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
t.run_cmd(['sbin/samba',
- '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
+ '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
t.port_wait("${INTERFACE_IP}", 139)
def test_smbclient(t):
'''test that DNS is OK'''
t.info("Testing DNS")
t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
- ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
+ ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
- ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
+ ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
- ['${HOSTNAME}.${LCREALM} has address'])
+ ['${HOSTNAME}.${LCREALM} has address'])
def test_kerberos(t):
'''test that kerberos is OK'''
t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
- [ "INBOUND NEIGHBORS",
- "${BASEDN}",
- "Last attempt .* was successful",
- "CN=Configuration,${BASEDN}",
- "Last attempt .* was successful",
- "CN=Configuration,${BASEDN}", # cope with either order
- "Last attempt .* was successful",
- "OUTBOUND NEIGHBORS",
- "${BASEDN}",
- "Last success",
- "CN=Configuration,${BASEDN}",
- "Last success",
- "CN=Configuration,${BASEDN}",
- "Last success"],
+ [ "INBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}", # cope with either order
+ "Last attempt .* was successful",
+ "OUTBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success"],
ordered=True,
regex=True)
t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
- [ "INBOUND NEIGHBORS",
- "${BASEDN}",
- "Last attempt .* was successful",
- "CN=Configuration,${BASEDN}",
- "Last attempt .* was successful",
- "CN=Configuration,${BASEDN}",
- "Last attempt .* was successful",
- "OUTBOUND NEIGHBORS",
- "${BASEDN}",
- "Last success",
- "CN=Configuration,${BASEDN}",
- "Last success",
- "CN=Configuration,${BASEDN}",
- "Last success" ],
+ [ "INBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt .* was successful",
+ "OUTBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success",
+ "CN=Configuration,${BASEDN}",
+ "Last success" ],
ordered=True,
regex=True)
t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
- [ "INBOUND NEIGHBORS",
- "OUTBOUND NEIGHBORS",
- "${BASEDN}",
- "Last attempt.*was successful",
- "CN=Configuration,${BASEDN}",
- "Last attempt.*was successful",
- "CN=Configuration,${BASEDN}",
- "Last attempt.*was successful" ],
+ [ "INBOUND NEIGHBORS",
+ "OUTBOUND NEIGHBORS",
+ "${BASEDN}",
+ "Last attempt.*was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt.*was successful",
+ "CN=Configuration,${BASEDN}",
+ "Last attempt.*was successful" ],
ordered=True,
regex=True)
child.expect("DSA invocationID")
t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
- [ "INBOUND NEIGHBORS",
- "OUTBOUND NEIGHBORS",
- "${WIN_BASEDN}",
- "Last attempt .* was successful",
- "CN=Configuration,${WIN_BASEDN}",
- "Last attempt .* was successful",
- "CN=Configuration,${WIN_BASEDN}",
- "Last attempt .* was successful" ],
+ [ "INBOUND NEIGHBORS",
+ "OUTBOUND NEIGHBORS",
+ "${WIN_BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${WIN_BASEDN}",
+ "Last attempt .* was successful",
+ "CN=Configuration,${WIN_BASEDN}",
+ "Last attempt .* was successful" ],
ordered=True,
regex=True)
def named_supports_gssapi_keytab(self):
'''see if named supports tkey-gssapi-keytab'''
self.write_file("${PREFIX}/named.conf.test",
- 'options { tkey-gssapi-keytab "test"; };')
+ 'options { tkey-gssapi-keytab "test"; };')
try:
self.run_cmd("${NAMED_CHECKCONF} ${PREFIX}/named.conf.test")
except subprocess.CalledProcessError:
elif self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
if self.named_supports_gssapi_keytab():
self.setvar("NAMED_TKEY_OPTION",
- 'tkey-gssapi-keytab "${PREFIX}/bind-dns/dns.keytab";')
+ 'tkey-gssapi-keytab "${PREFIX}/bind-dns/dns.keytab";')
else:
self.info("LCREALM=${LCREALM}")
self.setvar("NAMED_TKEY_OPTION",
- '''tkey-gssapi-credential "DNS/${LCREALM}";
+ '''tkey-gssapi-credential "DNS/${LCREALM}";
tkey-domain "${LCREALM}";
''')
self.putenv('KEYTAB_FILE', '${PREFIX}/bind-dns/dns.keytab')
if self.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
self.write_file('etc/named.conf',
- '''
+ '''
zone "%s" IN {
type forward;
forward only;
for d in domains:
self.write_file('etc/named.conf',
- '''
+ '''
zone "%s" IN {
type forward;
forward only;
child.expect("C:")
child.sendline("netdom join ${WIN_HOSTNAME} /Domain:%s /UserD:%s /PasswordD:%s" % (domain, username, password))
i = child.expect(["The command completed successfully",
- "The specified domain either does not exist or could not be contacted."], timeout=120)
+ "The specified domain either does not exist or could not be contacted."], timeout=120)
if i == 0:
break
time.sleep(10)
self.parser.add_option("--nocleanup", action='store_true', default=False, help='disable cleanup code')
self.parser.add_option("--use-ntvfs", action='store_true', default=False, help='use NTVFS for the fileserver')
self.parser.add_option("--dns-backend", type="choice",
- choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
- help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " \
- "BIND9_FLATFILE uses bind9 text database to store zone information, " \
- "BIND9_DLZ uses samba4 AD to store zone information, " \
- "NONE skips the DNS setup entirely (not recommended)",
- default="SAMBA_INTERNAL")
+ choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " \
+ "BIND9_FLATFILE uses bind9 text database to store zone information, " \
+ "BIND9_DLZ uses samba4 AD to store zone information, " \
+ "NONE skips the DNS setup entirely (not recommended)",
+ default="SAMBA_INTERNAL")
self.opts, self.args = self.parser.parse_args()