1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 # Based on the original in EJS:
5 # Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 __docformat__ = "restructuredText"
30 from samba import _glue
31 from samba._ldb import Ldb as _Ldb
32 from samba.compat import string_types
35 def source_tree_topdir():
36 """Return the top level source directory."""
37 paths = ["../../..", "../../../.."]
39 topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p))
40 if os.path.exists(os.path.join(topdir, 'source4')):
42 raise RuntimeError("unable to find top level source directory")
46 """Return True if we are running from within the samba source tree"""
48 topdir = source_tree_topdir()
55 """Simple Samba-specific LDB subclass that takes care
56 of setting up the modules dir, credentials pointers, etc.
58 Please note that this is intended to be for all Samba LDB files,
59 not necessarily the Sam database. For Sam-specific helper
60 functions see samdb.py.
63 def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
64 credentials=None, flags=0, options=None):
65 """Opens a Samba Ldb file.
67 :param url: Optional LDB URL to open
68 :param lp: Optional loadparm object
69 :param modules_dir: Optional modules directory
70 :param session_info: Optional session information
71 :param credentials: Optional credentials, defaults to anonymous.
72 :param flags: Optional LDB flags
73 :param options: Additional options (optional)
75 This is different from a regular Ldb file in that the Samba-specific
76 modules-dir is used by default and that credentials and session_info
77 can be passed through (required by some modules).
80 if modules_dir is not None:
81 self.set_modules_dir(modules_dir)
83 self.set_modules_dir(os.path.join(samba.param.modules_dir(), "ldb"))
85 if session_info is not None:
86 self.set_session_info(session_info)
88 if credentials is not None:
89 self.set_credentials(credentials)
94 # This must be done before we load the schema, as these handlers for
95 # objectSid and objectGUID etc must take precedence over the 'binary
96 # attribute' declaration in the schema
97 self.register_samba_handlers()
104 self.set_utf8_casefold()
106 # Allow admins to force non-sync ldb for all databases
108 nosync_p = lp.get("ldb:nosync")
109 if nosync_p is not None and nosync_p:
110 flags |= ldb.FLG_NOSYNC
112 self.set_create_perms(0o600)
115 self.connect(url, flags, options)
117 def searchone(self, attribute, basedn=None, expression=None,
118 scope=ldb.SCOPE_BASE):
119 """Search for one attribute as a string.
121 :param basedn: BaseDN for the search.
122 :param attribute: Name of the attribute
123 :param expression: Optional search expression.
124 :param scope: Search scope (defaults to base).
125 :return: Value of attribute as a string or None if it wasn't found.
127 res = self.search(basedn, scope, expression, [attribute])
128 if len(res) != 1 or res[0][attribute] is None:
130 values = set(res[0][attribute])
131 assert len(values) == 1
132 return self.schema_format_value(attribute, values.pop())
134 def erase_users_computers(self, dn):
135 """Erases user and computer objects from our AD.
137 This is needed since the 'samldb' module denies the deletion of primary
138 groups. Therefore all groups shouldn't be primary somewhere anymore.
142 res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
143 expression="(|(objectclass=user)(objectclass=computer))")
144 except ldb.LdbError as error:
145 (errno, estr) = error.args
146 if errno == ldb.ERR_NO_SUCH_OBJECT:
147 # Ignore no such object errors
154 self.delete(msg.dn, ["relax:0"])
155 except ldb.LdbError as error:
156 (errno, estr) = error.args
157 if errno != ldb.ERR_NO_SUCH_OBJECT:
158 # Ignore no such object errors
161 def erase_except_schema_controlled(self):
164 :note: Removes all records, except those that are controlled by
170 # Try to delete user/computer accounts to allow deletion of groups
171 self.erase_users_computers(basedn)
173 # Delete the 'visible' records, and the invisble 'deleted' records (if
174 # this DB supports it)
175 for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
176 "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
177 [], controls=["show_deleted:0", "show_recycled:0"]):
179 self.delete(msg.dn, ["relax:0"])
180 except ldb.LdbError as error:
181 (errno, estr) = error.args
182 if errno != ldb.ERR_NO_SUCH_OBJECT:
183 # Ignore no such object errors
186 res = self.search(basedn, ldb.SCOPE_SUBTREE,
187 "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
188 [], controls=["show_deleted:0", "show_recycled:0"])
191 # delete the specials
192 for attr in ["@SUBCLASSES", "@MODULES",
193 "@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
195 self.delete(attr, ["relax:0"])
196 except ldb.LdbError as error:
197 (errno, estr) = error.args
198 if errno != ldb.ERR_NO_SUCH_OBJECT:
199 # Ignore missing dn errors
203 """Erase this ldb, removing all records."""
204 self.erase_except_schema_controlled()
206 # delete the specials
207 for attr in ["@INDEXLIST", "@ATTRIBUTES"]:
209 self.delete(attr, ["relax:0"])
210 except ldb.LdbError as error:
211 (errno, estr) = error.args
212 if errno != ldb.ERR_NO_SUCH_OBJECT:
213 # Ignore missing dn errors
216 def load_ldif_file_add(self, ldif_path):
219 :param ldif_path: Path to LDIF file.
221 self.add_ldif(open(ldif_path, 'r').read())
223 def add_ldif(self, ldif, controls=None):
224 """Add data based on a LDIF string.
226 :param ldif: LDIF text.
228 for changetype, msg in self.parse_ldif(ldif):
229 assert changetype == ldb.CHANGETYPE_NONE
230 self.add(msg, controls)
232 def modify_ldif(self, ldif, controls=None):
233 """Modify database based on a LDIF string.
235 :param ldif: LDIF text.
237 for changetype, msg in self.parse_ldif(ldif):
238 if changetype == ldb.CHANGETYPE_ADD:
239 self.add(msg, controls)
241 self.modify(msg, controls)
244 def substitute_var(text, values):
245 """Substitute strings of the form ${NAME} in str, replacing
246 with substitutions from values.
248 :param text: Text in which to subsitute.
249 :param values: Dictionary with keys and values.
252 for (name, value) in values.items():
253 assert isinstance(name, string_types), "%r is not a string" % name
254 assert isinstance(value, string_types), "Value %r for %s is not a string" % (value, name)
255 text = text.replace("${%s}" % name, value)
260 def check_all_substituted(text):
261 """Check that all substitution variables in a string have been replaced.
263 If not, raise an exception.
265 :param text: The text to search for substitution variables
270 var_start = text.find("${")
271 var_end = text.find("}", var_start)
273 raise Exception("Not all variables substituted: %s" %
274 text[var_start:var_end+1])
277 def read_and_sub_file(file_name, subst_vars):
278 """Read a file and sub in variables found in it
280 :param file_name: File to be read (typically from setup directory)
281 param subst_vars: Optional variables to subsitute in the file.
283 data = open(file_name, 'r').read()
284 if subst_vars is not None:
285 data = substitute_var(data, subst_vars)
286 check_all_substituted(data)
290 def setup_file(template, fname, subst_vars=None):
291 """Setup a file in the private dir.
293 :param template: Path of the template file.
294 :param fname: Path of the file to create.
295 :param subst_vars: Substitution variables.
297 if os.path.exists(fname):
300 data = read_and_sub_file(template, subst_vars)
307 MAX_NETBIOS_NAME_LEN = 15
308 def is_valid_netbios_char(c):
309 return (c.isalnum() or c in " !#$%&'()-.@^_{}~")
312 def valid_netbios_name(name):
313 """Check whether a name is valid as a NetBIOS name. """
314 # See crh's book (1.4.1.1)
315 if len(name) > MAX_NETBIOS_NAME_LEN:
318 if not is_valid_netbios_char(x):
323 def import_bundled_package(modulename, location, source_tree_container,
325 """Import the bundled version of a package.
327 :note: This should only be called if the system version of the package
330 :param modulename: Module name to import
331 :param location: Location to add to sys.path (can be relative to
332 ${srcdir}/${source_tree_container})
333 :param source_tree_container: Directory under source root that
334 contains the bundled third party modules.
335 :param namespace: Namespace to import module from, when not in source tree
338 extra_path = os.path.join(source_tree_topdir(), source_tree_container,
340 if not extra_path in sys.path:
341 sys.path.insert(0, extra_path)
342 sys.modules[modulename] = __import__(modulename)
344 sys.modules[modulename] = __import__(
345 "%s.%s" % (namespace, modulename), fromlist=[namespace])
348 def ensure_third_party_module(modulename, location):
349 """Add a location to sys.path if a third party dependency can't be found.
351 :param modulename: Module name to import
352 :param location: Location to add to sys.path (can be relative to
353 ${srcdir}/third_party)
356 __import__(modulename)
358 import_bundled_package(modulename, location,
359 source_tree_container="third_party",
360 namespace="samba.third_party")
363 def dn_from_dns_name(dnsdomain):
364 """return a DN from a DNS name domain/forest root"""
365 return "DC=" + ",DC=".join(dnsdomain.split("."))
367 def current_unix_time():
368 return int(time.time())
370 def string_to_byte_array(string):
371 blob = [0] * len(string)
373 for i in range(len(string)):
374 blob[i] = ord(string[i])
378 def arcfour_encrypt(key, data):
379 from samba.crypto import arcfour_crypt_blob
380 return arcfour_crypt_blob(data, key)
382 version = _glue.version
383 interface_ips = _glue.interface_ips
384 fault_setup = _glue.fault_setup
385 set_debug_level = _glue.set_debug_level
386 get_debug_level = _glue.get_debug_level
387 unix2nttime = _glue.unix2nttime
388 nttime2string = _glue.nttime2string
389 nttime2unix = _glue.nttime2unix
390 unix2nttime = _glue.unix2nttime
391 generate_random_password = _glue.generate_random_password
392 generate_random_machine_password = _glue.generate_random_machine_password
393 check_password_quality = _glue.check_password_quality
394 generate_random_bytes = _glue.generate_random_bytes
395 strcasecmp_m = _glue.strcasecmp_m
396 strstr_m = _glue.strstr_m
397 is_ntvfs_fileserver_built = _glue.is_ntvfs_fileserver_built
398 is_heimdal_built = _glue.is_heimdal_built
400 NTSTATUSError = _glue.NTSTATUSError
401 HRESULTError = _glue.HRESULTError
402 WERRORError = _glue.WERRORError
403 DsExtendedError = _glue.DsExtendedError