1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 # Based on the original in EJS:
5 # Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 __docformat__ = "restructuredText"
29 from samba.compat import PY3
31 from samba import _glue
33 from samba._ldb import Ldb as _Ldb
35 # samba._ldb is not yet ported to Python 3
39 def source_tree_topdir():
40 """Return the top level source directory."""
41 paths = ["../../..", "../../../.."]
43 topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p))
44 if os.path.exists(os.path.join(topdir, 'source4')):
46 raise RuntimeError("unable to find top level source directory")
50 """Return True if we are running from within the samba source tree"""
52 topdir = source_tree_topdir()
59 """Simple Samba-specific LDB subclass that takes care
60 of setting up the modules dir, credentials pointers, etc.
62 Please note that this is intended to be for all Samba LDB files,
63 not necessarily the Sam database. For Sam-specific helper
64 functions see samdb.py.
67 def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
68 credentials=None, flags=0, options=None):
69 """Opens a Samba Ldb file.
71 :param url: Optional LDB URL to open
72 :param lp: Optional loadparm object
73 :param modules_dir: Optional modules directory
74 :param session_info: Optional session information
75 :param credentials: Optional credentials, defaults to anonymous.
76 :param flags: Optional LDB flags
77 :param options: Additional options (optional)
79 This is different from a regular Ldb file in that the Samba-specific
80 modules-dir is used by default and that credentials and session_info
81 can be passed through (required by some modules).
84 if modules_dir is not None:
85 self.set_modules_dir(modules_dir)
87 self.set_modules_dir(os.path.join(samba.param.modules_dir(), "ldb"))
89 if session_info is not None:
90 self.set_session_info(session_info)
92 if credentials is not None:
93 self.set_credentials(credentials)
98 # This must be done before we load the schema, as these handlers for
99 # objectSid and objectGUID etc must take precedence over the 'binary
100 # attribute' declaration in the schema
101 self.register_samba_handlers()
108 self.set_utf8_casefold()
110 # Allow admins to force non-sync ldb for all databases
112 nosync_p = lp.get("nosync", "ldb")
113 if nosync_p is not None and nosync_p:
114 flags |= ldb.FLG_NOSYNC
116 self.set_create_perms(0o600)
119 self.connect(url, flags, options)
121 def searchone(self, attribute, basedn=None, expression=None,
122 scope=ldb.SCOPE_BASE):
123 """Search for one attribute as a string.
125 :param basedn: BaseDN for the search.
126 :param attribute: Name of the attribute
127 :param expression: Optional search expression.
128 :param scope: Search scope (defaults to base).
129 :return: Value of attribute as a string or None if it wasn't found.
131 res = self.search(basedn, scope, expression, [attribute])
132 if len(res) != 1 or res[0][attribute] is None:
134 values = set(res[0][attribute])
135 assert len(values) == 1
136 return self.schema_format_value(attribute, values.pop())
138 def erase_users_computers(self, dn):
139 """Erases user and computer objects from our AD.
141 This is needed since the 'samldb' module denies the deletion of primary
142 groups. Therefore all groups shouldn't be primary somewhere anymore.
146 res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
147 expression="(|(objectclass=user)(objectclass=computer))")
148 except ldb.LdbError as error:
149 (errno, estr) = error.args
150 if errno == ldb.ERR_NO_SUCH_OBJECT:
151 # Ignore no such object errors
158 self.delete(msg.dn, ["relax:0"])
159 except ldb.LdbError as error:
160 (errno, estr) = error.args
161 if errno != ldb.ERR_NO_SUCH_OBJECT:
162 # Ignore no such object errors
165 def erase_except_schema_controlled(self):
168 :note: Removes all records, except those that are controlled by
174 # Try to delete user/computer accounts to allow deletion of groups
175 self.erase_users_computers(basedn)
177 # Delete the 'visible' records, and the invisble 'deleted' records (if
178 # this DB supports it)
179 for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
180 "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
181 [], controls=["show_deleted:0", "show_recycled:0"]):
183 self.delete(msg.dn, ["relax:0"])
184 except ldb.LdbError as error:
185 (errno, estr) = error.args
186 if errno != ldb.ERR_NO_SUCH_OBJECT:
187 # Ignore no such object errors
190 res = self.search(basedn, ldb.SCOPE_SUBTREE,
191 "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
192 [], controls=["show_deleted:0", "show_recycled:0"])
195 # delete the specials
196 for attr in ["@SUBCLASSES", "@MODULES",
197 "@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
199 self.delete(attr, ["relax:0"])
200 except ldb.LdbError as error:
201 (errno, estr) = error.args
202 if errno != ldb.ERR_NO_SUCH_OBJECT:
203 # Ignore missing dn errors
207 """Erase this ldb, removing all records."""
208 self.erase_except_schema_controlled()
210 # delete the specials
211 for attr in ["@INDEXLIST", "@ATTRIBUTES"]:
213 self.delete(attr, ["relax:0"])
214 except ldb.LdbError as error:
215 (errno, estr) = error.args
216 if errno != ldb.ERR_NO_SUCH_OBJECT:
217 # Ignore missing dn errors
220 def load_ldif_file_add(self, ldif_path):
223 :param ldif_path: Path to LDIF file.
225 self.add_ldif(open(ldif_path, 'r').read())
227 def add_ldif(self, ldif, controls=None):
228 """Add data based on a LDIF string.
230 :param ldif: LDIF text.
232 for changetype, msg in self.parse_ldif(ldif):
233 assert changetype == ldb.CHANGETYPE_NONE
234 self.add(msg, controls)
236 def modify_ldif(self, ldif, controls=None):
237 """Modify database based on a LDIF string.
239 :param ldif: LDIF text.
241 for changetype, msg in self.parse_ldif(ldif):
242 if changetype == ldb.CHANGETYPE_ADD:
243 self.add(msg, controls)
245 self.modify(msg, controls)
248 def substitute_var(text, values):
249 """Substitute strings of the form ${NAME} in str, replacing
250 with substitutions from values.
252 :param text: Text in which to subsitute.
253 :param values: Dictionary with keys and values.
256 for (name, value) in values.items():
257 assert isinstance(name, str), "%r is not a string" % name
258 assert isinstance(value, str), "Value %r for %s is not a string" % (value, name)
259 text = text.replace("${%s}" % name, value)
264 def check_all_substituted(text):
265 """Check that all substitution variables in a string have been replaced.
267 If not, raise an exception.
269 :param text: The text to search for substitution variables
274 var_start = text.find("${")
275 var_end = text.find("}", var_start)
277 raise Exception("Not all variables substituted: %s" %
278 text[var_start:var_end+1])
281 def read_and_sub_file(file_name, subst_vars):
282 """Read a file and sub in variables found in it
284 :param file_name: File to be read (typically from setup directory)
285 param subst_vars: Optional variables to subsitute in the file.
287 data = open(file_name, 'r').read()
288 if subst_vars is not None:
289 data = substitute_var(data, subst_vars)
290 check_all_substituted(data)
294 def setup_file(template, fname, subst_vars=None):
295 """Setup a file in the private dir.
297 :param template: Path of the template file.
298 :param fname: Path of the file to create.
299 :param subst_vars: Substitution variables.
301 if os.path.exists(fname):
304 data = read_and_sub_file(template, subst_vars)
311 MAX_NETBIOS_NAME_LEN = 15
312 def is_valid_netbios_char(c):
313 return (c.isalnum() or c in " !#$%&'()-.@^_{}~")
316 def valid_netbios_name(name):
317 """Check whether a name is valid as a NetBIOS name. """
318 # See crh's book (1.4.1.1)
319 if len(name) > MAX_NETBIOS_NAME_LEN:
322 if not is_valid_netbios_char(x):
327 def import_bundled_package(modulename, location, source_tree_container,
329 """Import the bundled version of a package.
331 :note: This should only be called if the system version of the package
334 :param modulename: Module name to import
335 :param location: Location to add to sys.path (can be relative to
336 ${srcdir}/${source_tree_container})
337 :param source_tree_container: Directory under source root that
338 contains the bundled third party modules.
339 :param namespace: Namespace to import module from, when not in source tree
342 extra_path = os.path.join(source_tree_topdir(), source_tree_container,
344 if not extra_path in sys.path:
345 sys.path.insert(0, extra_path)
346 sys.modules[modulename] = __import__(modulename)
348 sys.modules[modulename] = __import__(
349 "%s.%s" % (namespace, modulename), fromlist=[namespace])
352 def ensure_third_party_module(modulename, location):
353 """Add a location to sys.path if a third party dependency can't be found.
355 :param modulename: Module name to import
356 :param location: Location to add to sys.path (can be relative to
357 ${srcdir}/third_party)
360 __import__(modulename)
362 import_bundled_package(modulename, location,
363 source_tree_container="third_party",
364 namespace="samba.third_party")
367 def dn_from_dns_name(dnsdomain):
368 """return a DN from a DNS name domain/forest root"""
369 return "DC=" + ",DC=".join(dnsdomain.split("."))
371 def current_unix_time():
372 return int(time.time())
374 def string_to_byte_array(string):
375 blob = [0] * len(string)
377 for i in range(len(string)):
378 blob[i] = ord(string[i])
382 def arcfour_encrypt(key, data):
384 from Crypto.Cipher import ARC4
386 return c.encrypt(data)
387 except ImportError as e:
390 from M2Crypto.RC4 import RC4
392 return c.update(data)
393 except ImportError as e:
395 raise Exception("arcfour_encrypt() requires " +
396 "python*-crypto or python*-m2crypto or m2crypto")
398 version = _glue.version
399 interface_ips = _glue.interface_ips
400 set_debug_level = _glue.set_debug_level
401 get_debug_level = _glue.get_debug_level
402 unix2nttime = _glue.unix2nttime
403 nttime2string = _glue.nttime2string
404 nttime2unix = _glue.nttime2unix
405 unix2nttime = _glue.unix2nttime
406 generate_random_password = _glue.generate_random_password
407 generate_random_machine_password = _glue.generate_random_machine_password
408 strcasecmp_m = _glue.strcasecmp_m
409 strstr_m = _glue.strstr_m
410 is_ntvfs_fileserver_built = _glue.is_ntvfs_fileserver_built
412 NTSTATUSError = _glue.NTSTATUSError
413 HRESULTError = _glue.HRESULTError
414 WERRORError = _glue.WERRORError
415 DsExtendedError = _glue.DsExtendedError