1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 # Based on the original in EJS:
5 # Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 __docformat__ = "restructuredText"
30 from samba import _glue
31 from samba._ldb import Ldb as _Ldb
32 from samba.compat import string_types
35 def source_tree_topdir():
36 """Return the top level source directory."""
37 paths = ["../../..", "../../../.."]
39 topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p))
40 if os.path.exists(os.path.join(topdir, 'source4')):
42 raise RuntimeError("unable to find top level source directory")
46 """Return True if we are running from within the samba source tree"""
48 topdir = source_tree_topdir()
55 """Simple Samba-specific LDB subclass that takes care
56 of setting up the modules dir, credentials pointers, etc.
58 Please note that this is intended to be for all Samba LDB files,
59 not necessarily the Sam database. For Sam-specific helper
60 functions see samdb.py.
63 def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
64 credentials=None, flags=0, options=None):
65 """Opens a Samba Ldb file.
67 :param url: Optional LDB URL to open
68 :param lp: Optional loadparm object
69 :param modules_dir: Optional modules directory
70 :param session_info: Optional session information
71 :param credentials: Optional credentials, defaults to anonymous.
72 :param flags: Optional LDB flags
73 :param options: Additional options (optional)
75 This is different from a regular Ldb file in that the Samba-specific
76 modules-dir is used by default and that credentials and session_info
77 can be passed through (required by some modules).
80 if modules_dir is not None:
81 self.set_modules_dir(modules_dir)
83 self.set_modules_dir(os.path.join(samba.param.modules_dir(), "ldb"))
85 if session_info is not None:
86 self.set_session_info(session_info)
88 if credentials is not None:
89 self.set_credentials(credentials)
94 # This must be done before we load the schema, as these handlers for
95 # objectSid and objectGUID etc must take precedence over the 'binary
96 # attribute' declaration in the schema
97 self.register_samba_handlers()
102 # self.set_debug(msg)
104 self.set_utf8_casefold()
106 # Allow admins to force non-sync ldb for all databases
108 nosync_p = lp.get("ldb:nosync")
109 if nosync_p is not None and nosync_p:
110 flags |= ldb.FLG_NOSYNC
112 self.set_create_perms(0o600)
115 self.connect(url, flags, options)
117 def searchone(self, attribute, basedn=None, expression=None,
118 scope=ldb.SCOPE_BASE):
119 """Search for one attribute as a string.
121 :param basedn: BaseDN for the search.
122 :param attribute: Name of the attribute
123 :param expression: Optional search expression.
124 :param scope: Search scope (defaults to base).
125 :return: Value of attribute as a string or None if it wasn't found.
127 res = self.search(basedn, scope, expression, [attribute])
128 if len(res) != 1 or res[0][attribute] is None:
130 values = set(res[0][attribute])
131 assert len(values) == 1
132 return self.schema_format_value(attribute, values.pop())
134 def erase_users_computers(self, dn):
135 """Erases user and computer objects from our AD.
137 This is needed since the 'samldb' module denies the deletion of primary
138 groups. Therefore all groups shouldn't be primary somewhere anymore.
142 res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
143 expression="(|(objectclass=user)(objectclass=computer))")
144 except ldb.LdbError as error:
145 (errno, estr) = error.args
146 if errno == ldb.ERR_NO_SUCH_OBJECT:
147 # Ignore no such object errors
154 self.delete(msg.dn, ["relax:0"])
155 except ldb.LdbError as error:
156 (errno, estr) = error.args
157 if errno != ldb.ERR_NO_SUCH_OBJECT:
158 # Ignore no such object errors
161 def erase_except_schema_controlled(self):
164 :note: Removes all records, except those that are controlled by
170 # Try to delete user/computer accounts to allow deletion of groups
171 self.erase_users_computers(basedn)
173 # Delete the 'visible' records, and the invisble 'deleted' records (if
174 # this DB supports it)
175 for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
176 "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
177 [], controls=["show_deleted:0", "show_recycled:0"]):
179 self.delete(msg.dn, ["relax:0"])
180 except ldb.LdbError as error:
181 (errno, estr) = error.args
182 if errno != ldb.ERR_NO_SUCH_OBJECT:
183 # Ignore no such object errors
186 res = self.search(basedn, ldb.SCOPE_SUBTREE,
187 "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
188 [], controls=["show_deleted:0", "show_recycled:0"])
191 # delete the specials
192 for attr in ["@SUBCLASSES", "@MODULES",
193 "@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
195 self.delete(attr, ["relax:0"])
196 except ldb.LdbError as error:
197 (errno, estr) = error.args
198 if errno != ldb.ERR_NO_SUCH_OBJECT:
199 # Ignore missing dn errors
203 """Erase this ldb, removing all records."""
204 self.erase_except_schema_controlled()
206 # delete the specials
207 for attr in ["@INDEXLIST", "@ATTRIBUTES"]:
209 self.delete(attr, ["relax:0"])
210 except ldb.LdbError as error:
211 (errno, estr) = error.args
212 if errno != ldb.ERR_NO_SUCH_OBJECT:
213 # Ignore missing dn errors
216 def load_ldif_file_add(self, ldif_path):
219 :param ldif_path: Path to LDIF file.
221 self.add_ldif(open(ldif_path, 'r').read())
223 def add_ldif(self, ldif, controls=None):
224 """Add data based on a LDIF string.
226 :param ldif: LDIF text.
228 for changetype, msg in self.parse_ldif(ldif):
229 assert changetype == ldb.CHANGETYPE_NONE
230 self.add(msg, controls)
232 def modify_ldif(self, ldif, controls=None):
233 """Modify database based on a LDIF string.
235 :param ldif: LDIF text.
237 for changetype, msg in self.parse_ldif(ldif):
238 if changetype == ldb.CHANGETYPE_ADD:
239 self.add(msg, controls)
241 self.modify(msg, controls)
244 def substitute_var(text, values):
245 """Substitute strings of the form ${NAME} in str, replacing
246 with substitutions from values.
248 :param text: Text in which to subsitute.
249 :param values: Dictionary with keys and values.
252 for (name, value) in values.items():
253 assert isinstance(name, string_types), "%r is not a string" % name
254 assert isinstance(value, string_types), "Value %r for %s is not a string" % (value, name)
255 text = text.replace("${%s}" % name, value)
260 def check_all_substituted(text):
261 """Check that all substitution variables in a string have been replaced.
263 If not, raise an exception.
265 :param text: The text to search for substitution variables
270 var_start = text.find("${")
271 var_end = text.find("}", var_start)
273 raise Exception("Not all variables substituted: %s" %
274 text[var_start:var_end + 1])
277 def read_and_sub_file(file_name, subst_vars):
278 """Read a file and sub in variables found in it
280 :param file_name: File to be read (typically from setup directory)
281 param subst_vars: Optional variables to subsitute in the file.
283 data = open(file_name, 'r').read()
284 if subst_vars is not None:
285 data = substitute_var(data, subst_vars)
286 check_all_substituted(data)
290 def setup_file(template, fname, subst_vars=None):
291 """Setup a file in the private dir.
293 :param template: Path of the template file.
294 :param fname: Path of the file to create.
295 :param subst_vars: Substitution variables.
297 if os.path.exists(fname):
300 data = read_and_sub_file(template, subst_vars)
307 MAX_NETBIOS_NAME_LEN = 15
310 def is_valid_netbios_char(c):
311 return (c.isalnum() or c in " !#$%&'()-.@^_{}~")
314 def valid_netbios_name(name):
315 """Check whether a name is valid as a NetBIOS name. """
316 # See crh's book (1.4.1.1)
317 if len(name) > MAX_NETBIOS_NAME_LEN:
320 if not is_valid_netbios_char(x):
325 def import_bundled_package(modulename, location, source_tree_container,
327 """Import the bundled version of a package.
329 :note: This should only be called if the system version of the package
332 :param modulename: Module name to import
333 :param location: Location to add to sys.path (can be relative to
334 ${srcdir}/${source_tree_container})
335 :param source_tree_container: Directory under source root that
336 contains the bundled third party modules.
337 :param namespace: Namespace to import module from, when not in source tree
340 extra_path = os.path.join(source_tree_topdir(), source_tree_container,
342 if not extra_path in sys.path:
343 sys.path.insert(0, extra_path)
344 sys.modules[modulename] = __import__(modulename)
346 sys.modules[modulename] = __import__(
347 "%s.%s" % (namespace, modulename), fromlist=[namespace])
350 def ensure_third_party_module(modulename, location):
351 """Add a location to sys.path if a third party dependency can't be found.
353 :param modulename: Module name to import
354 :param location: Location to add to sys.path (can be relative to
355 ${srcdir}/third_party)
358 __import__(modulename)
360 import_bundled_package(modulename, location,
361 source_tree_container="third_party",
362 namespace="samba.third_party")
365 def dn_from_dns_name(dnsdomain):
366 """return a DN from a DNS name domain/forest root"""
367 return "DC=" + ",DC=".join(dnsdomain.split("."))
370 def current_unix_time():
371 return int(time.time())
374 def string_to_byte_array(string):
375 blob = [0] * len(string)
377 for i in range(len(string)):
378 blob[i] = ord(string[i])
383 def arcfour_encrypt(key, data):
384 from samba.crypto import arcfour_crypt_blob
385 return arcfour_crypt_blob(data, key)
387 version = _glue.version
388 interface_ips = _glue.interface_ips
389 fault_setup = _glue.fault_setup
390 set_debug_level = _glue.set_debug_level
391 get_debug_level = _glue.get_debug_level
392 unix2nttime = _glue.unix2nttime
393 nttime2string = _glue.nttime2string
394 nttime2unix = _glue.nttime2unix
395 unix2nttime = _glue.unix2nttime
396 generate_random_password = _glue.generate_random_password
397 generate_random_machine_password = _glue.generate_random_machine_password
398 check_password_quality = _glue.check_password_quality
399 generate_random_bytes = _glue.generate_random_bytes
400 strcasecmp_m = _glue.strcasecmp_m
401 strstr_m = _glue.strstr_m
402 is_ntvfs_fileserver_built = _glue.is_ntvfs_fileserver_built
403 is_heimdal_built = _glue.is_heimdal_built
405 NTSTATUSError = _glue.NTSTATUSError
406 HRESULTError = _glue.HRESULTError
407 WERRORError = _glue.WERRORError
408 DsExtendedError = _glue.DsExtendedError