-#!/usr/bin/python
+#!/usr/bin/env python
# Unix SMB/CIFS implementation.
# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
__docformat__ = "restructuredText"
import os
+import sys
-def _in_source_tree():
+def in_source_tree():
"""Check whether the script is being run from the source dir. """
return os.path.exists("%s/../../../selftest/skip" % os.path.dirname(__file__))
# When running, in-tree, make sure bin/python is in the PYTHONPATH
-if _in_source_tree():
- import sys
+if in_source_tree():
srcdir = "%s/../../.." % os.path.dirname(__file__)
sys.path.append("%s/bin/python" % srcdir)
default_ldb_modules_dir = "%s/bin/modules/ldb" % srcdir
import ldb
-import glue
+from samba._ldb import Ldb as _Ldb
-class Ldb(ldb.Ldb):
+class Ldb(_Ldb):
"""Simple Samba-specific LDB subclass that takes care
of setting up the modules dir, credentials pointers, etc.
not necessarily the Sam database. For Sam-specific helper
functions see samdb.py.
"""
+
def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
credentials=None, flags=0, options=None):
"""Opens a Samba Ldb file.
# This must be done before we load the schema, as these handlers for
# objectSid and objectGUID etc must take precedence over the 'binary
# attribute' declaration in the schema
- glue.ldb_register_samba_handlers(self)
+ self.register_samba_handlers()
# TODO set debug
- def msg(l,text):
+ def msg(l, text):
print text
#self.set_debug(msg)
- glue.ldb_set_utf8_casefold(self)
+ self.set_utf8_casefold()
# Allow admins to force non-sync ldb for all databases
if lp is not None:
nosync_p = lp.get("nosync", "ldb")
if nosync_p is not None and nosync_p == True:
- flags |= FLG_NOSYNC
+ flags |= ldb.FLG_NOSYNC
- self.set_create_perms()
+ self.set_create_perms(0600)
if url is not None:
self.connect(url, flags, options)
- def set_session_info(self, session_info):
- glue.ldb_set_session_info(self, session_info)
-
- def set_credentials(self, credentials):
- glue.ldb_set_credentials(self, credentials)
-
- def set_loadparm(self, lp_ctx):
- glue.ldb_set_loadparm(self, lp_ctx)
-
- def set_create_perms(self, perms=0600):
- # we usually want Samba databases to be private. If we later find we
- # need one public, we will have to change this here
- super(Ldb, self).set_create_perms(perms)
-
def searchone(self, attribute, basedn=None, expression=None,
scope=ldb.SCOPE_BASE):
"""Search for one attribute as a string.
return self.schema_format_value(attribute, values.pop())
def erase_users_computers(self, dn):
- """Erases user and computer objects from our AD. This is needed since the 'samldb' module denies the deletion of primary groups. Therefore all groups shouldn't be primary somewhere anymore."""
+ """Erases user and computer objects from our AD.
+
+ This is needed since the 'samldb' module denies the deletion of primary
+ groups. Therefore all groups shouldn't be primary somewhere anymore.
+ """
try:
res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
try:
for msg in res:
- self.delete(msg.dn)
+ self.delete(msg.dn, ["relax:0"])
except ldb.LdbError, (errno, _):
if errno != ldb.ERR_NO_SUCH_OBJECT:
# Ignore no such object errors
raise
def erase_except_schema_controlled(self):
- """Erase this ldb, removing all records, except those that are controlled by Samba4's schema."""
+ """Erase this ldb.
+
+ :note: Removes all records, except those that are controlled by
+ Samba4's schema.
+ """
basedn = ""
# Delete the 'visible' records, and the invisble 'deleted' records (if this DB supports it)
for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
- "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
- [], controls=["show_deleted:0"]):
+ "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
+ [], controls=["show_deleted:0", "show_recycled:0"]):
try:
- self.delete(msg.dn)
+ self.delete(msg.dn, ["relax:0"])
except ldb.LdbError, (errno, _):
if errno != ldb.ERR_NO_SUCH_OBJECT:
# Ignore no such object errors
raise
res = self.search(basedn, ldb.SCOPE_SUBTREE,
- "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
- [], controls=["show_deleted:0"])
+ "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", [], controls=["show_deleted:0", "show_recycled:0"])
assert len(res) == 0
# delete the specials
for attr in ["@SUBCLASSES", "@MODULES",
"@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
try:
- self.delete(attr)
+ self.delete(attr, ["relax:0"])
except ldb.LdbError, (errno, _):
if errno != ldb.ERR_NO_SUCH_OBJECT:
# Ignore missing dn errors
def erase(self):
"""Erase this ldb, removing all records."""
-
self.erase_except_schema_controlled()
# delete the specials
for attr in ["@INDEXLIST", "@ATTRIBUTES"]:
try:
- self.delete(attr)
+ self.delete(attr, ["relax:0"])
except ldb.LdbError, (errno, _):
if errno != ldb.ERR_NO_SUCH_OBJECT:
# Ignore missing dn errors
raise
- def erase_partitions(self):
- """Erase an ldb, removing all records."""
-
- def erase_recursive(self, dn):
- try:
- res = self.search(base=dn, scope=ldb.SCOPE_ONELEVEL, attrs=[],
- controls=["show_deleted:0"])
- except ldb.LdbError, (errno, _):
- if errno == ldb.ERR_NO_SUCH_OBJECT:
- # Ignore no such object errors
- return
-
- for msg in res:
- erase_recursive(self, msg.dn)
-
- try:
- self.delete(dn)
- except ldb.LdbError, (errno, _):
- if errno != ldb.ERR_NO_SUCH_OBJECT:
- # Ignore no such object errors
- raise
-
- res = self.search("", ldb.SCOPE_BASE, "(objectClass=*)",
- ["namingContexts"])
- assert len(res) == 1
- if not "namingContexts" in res[0]:
- return
- for basedn in res[0]["namingContexts"]:
- # Try to delete user/computer accounts to allow deletion of groups
- self.erase_users_computers(basedn)
- # Try and erase from the bottom-up in the tree
- erase_recursive(self, basedn)
-
def load_ldif_file_add(self, ldif_path):
"""Load a LDIF file.
"""
for changetype, msg in self.parse_ldif(ldif):
assert changetype == ldb.CHANGETYPE_NONE
- self.add(msg,controls)
+ self.add(msg, controls)
def modify_ldif(self, ldif, controls=None):
"""Modify database based on a LDIF string.
:param ldif: LDIF text.
"""
for changetype, msg in self.parse_ldif(ldif):
- if (changetype == ldb.CHANGETYPE_ADD):
+ if changetype == ldb.CHANGETYPE_ADD:
self.add(msg, controls)
else:
self.modify(msg, controls)
- def set_domain_sid(self, sid):
- """Change the domain SID used by this LDB.
-
- :param sid: The new domain sid to use.
- """
- glue.samdb_set_domain_sid(self, sid)
-
- def domain_sid(self):
- """Read the domain SID used by this LDB.
-
- """
- glue.samdb_get_domain_sid(self)
-
- def set_schema_from_ldif(self, pf, df):
- glue.dsdb_set_schema_from_ldif(self, pf, df)
-
- def set_schema_from_ldb(self, ldb):
- glue.dsdb_set_schema_from_ldb(self, ldb)
-
- def write_prefixes_from_schema(self):
- glue.dsdb_write_prefixes_from_schema_to_ldb(self)
-
- def convert_schema_to_openldap(self, target, mapping):
- return glue.dsdb_convert_schema_to_openldap(self, target, mapping)
-
- def set_invocation_id(self, invocation_id):
- """Set the invocation id for this SamDB handle.
-
- :param invocation_id: GUID of the invocation id.
- """
- glue.dsdb_set_ntds_invocation_id(self, invocation_id)
-
- def get_invocation_id(self):
- "Get the invocation_id id"
- return glue.samdb_ntds_invocation_id(self)
-
- def get_ntds_GUID(self):
- "Get the NTDS objectGUID"
- return glue.samdb_ntds_objectGUID(self)
-
- def server_site_name(self):
- "Get the server site name"
- return glue.samdb_server_site_name(self)
-
- def set_opaque_integer(self, name, value):
- """Set an integer as an opaque (a flag or other value) value on the database
-
- :param name: The name for the opaque value
- :param value: The integer value
- """
- glue.dsdb_set_opaque_integer(self, name, value)
-
def substitute_var(text, values):
- """substitute strings of the form ${NAME} in str, replacing
- with substitutions from subobj.
+ """Substitute strings of the form ${NAME} in str, replacing
+ with substitutions from values.
:param text: Text in which to subsitute.
:param values: Dictionary with keys and values.
def check_all_substituted(text):
- """Make sure that all substitution variables in a string have been replaced.
+ """Check that all substitution variables in a string have been replaced.
+
If not, raise an exception.
:param text: The text to search for substitution variables
var_start = text.find("${")
var_end = text.find("}", var_start)
- raise Exception("Not all variables substituted: %s" % text[var_start:var_end+1])
+ raise Exception("Not all variables substituted: %s" %
+ text[var_start:var_end+1])
-def read_and_sub_file(file, subst_vars):
+def read_and_sub_file(file_name, subst_vars):
"""Read a file and sub in variables found in it
- :param file: File to be read (typically from setup directory)
+ :param file_name: File to be read (typically from setup directory)
param subst_vars: Optional variables to subsitute in the file.
"""
- data = open(file, 'r').read()
+ data = open(file_name, 'r').read()
if subst_vars is not None:
data = substitute_var(data, subst_vars)
check_all_substituted(data)
:param fname: Path of the file to create.
:param subst_vars: Substitution variables.
"""
- f = fname
-
- if os.path.exists(f):
- os.unlink(f)
+ if os.path.exists(fname):
+ os.unlink(fname)
data = read_and_sub_file(template, subst_vars)
- open(f, 'w').write(data)
+ f = open(fname, 'w')
+ try:
+ f.write(data)
+ finally:
+ f.close()
def valid_netbios_name(name):
"""Add a location to sys.path if an external dependency can't be found.
:param modulename: Module name to import
- :param location: Location to add to sys.path (can be relative to
- ${srcdir}/lib
+ :param location: Location to add to sys.path (can be relative to
+ ${srcdir}/lib)
"""
try:
__import__(modulename)
except ImportError:
- import sys
- if _in_source_tree():
- sys.path.insert(0,
+ if in_source_tree():
+ sys.path.insert(0,
os.path.join(os.path.dirname(__file__),
"../../../../lib", location))
__import__(modulename)
sys.modules[modulename] = __import__(
"samba.external.%s" % modulename, fromlist=["samba.external"])
-version = glue.version
-
-# "userAccountControl" flags
-UF_NORMAL_ACCOUNT = glue.UF_NORMAL_ACCOUNT
-UF_TEMP_DUPLICATE_ACCOUNT = glue.UF_TEMP_DUPLICATE_ACCOUNT
-UF_SERVER_TRUST_ACCOUNT = glue.UF_SERVER_TRUST_ACCOUNT
-UF_WORKSTATION_TRUST_ACCOUNT = glue.UF_WORKSTATION_TRUST_ACCOUNT
-UF_INTERDOMAIN_TRUST_ACCOUNT = glue.UF_INTERDOMAIN_TRUST_ACCOUNT
-UF_PASSWD_NOTREQD = glue.UF_PASSWD_NOTREQD
-UF_ACCOUNTDISABLE = glue.UF_ACCOUNTDISABLE
-
-# "groupType" flags
-GTYPE_SECURITY_BUILTIN_LOCAL_GROUP = glue.GTYPE_SECURITY_BUILTIN_LOCAL_GROUP
-GTYPE_SECURITY_GLOBAL_GROUP = glue.GTYPE_SECURITY_GLOBAL_GROUP
-GTYPE_SECURITY_DOMAIN_LOCAL_GROUP = glue.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP
-GTYPE_SECURITY_UNIVERSAL_GROUP = glue.GTYPE_SECURITY_UNIVERSAL_GROUP
-GTYPE_DISTRIBUTION_GLOBAL_GROUP = glue.GTYPE_DISTRIBUTION_GLOBAL_GROUP
-GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP = glue.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP
-GTYPE_DISTRIBUTION_UNIVERSAL_GROUP = glue.GTYPE_DISTRIBUTION_UNIVERSAL_GROUP
-
-# "sAMAccountType" flags
-ATYPE_NORMAL_ACCOUNT = glue.ATYPE_NORMAL_ACCOUNT
-ATYPE_WORKSTATION_TRUST = glue.ATYPE_WORKSTATION_TRUST
-ATYPE_INTERDOMAIN_TRUST = glue.ATYPE_INTERDOMAIN_TRUST
-ATYPE_SECURITY_GLOBAL_GROUP = glue.ATYPE_SECURITY_GLOBAL_GROUP
-ATYPE_SECURITY_LOCAL_GROUP = glue.ATYPE_SECURITY_LOCAL_GROUP
-ATYPE_SECURITY_UNIVERSAL_GROUP = glue.ATYPE_SECURITY_UNIVERSAL_GROUP
-ATYPE_DISTRIBUTION_GLOBAL_GROUP = glue.ATYPE_DISTRIBUTION_GLOBAL_GROUP
-ATYPE_DISTRIBUTION_LOCAL_GROUP = glue.ATYPE_DISTRIBUTION_LOCAL_GROUP
-ATYPE_DISTRIBUTION_UNIVERSAL_GROUP = glue.ATYPE_DISTRIBUTION_UNIVERSAL_GROUP
-
-# "domainFunctionality", "forestFunctionality" flags in the rootDSE */
-DS_DOMAIN_FUNCTION_2000 = glue.DS_DOMAIN_FUNCTION_2000
-DS_DOMAIN_FUNCTION_2003_MIXED = glue.DS_DOMAIN_FUNCTION_2003_MIXED
-DS_DOMAIN_FUNCTION_2003 = glue.DS_DOMAIN_FUNCTION_2003
-DS_DOMAIN_FUNCTION_2008 = glue.DS_DOMAIN_FUNCTION_2008
-DS_DOMAIN_FUNCTION_2008_R2 = glue.DS_DOMAIN_FUNCTION_2008_R2
-
-# "domainControllerFunctionality" flags in the rootDSE */
-DS_DC_FUNCTION_2000 = glue.DS_DC_FUNCTION_2000
-DS_DC_FUNCTION_2003 = glue.DS_DC_FUNCTION_2003
-DS_DC_FUNCTION_2008 = glue.DS_DC_FUNCTION_2008
-DS_DC_FUNCTION_2008_R2 = glue.DS_DC_FUNCTION_2008_R2
+from samba import _glue
+version = _glue.version
+interface_ips = _glue.interface_ips
+set_debug_level = _glue.set_debug_level
+get_debug_level = _glue.get_debug_level
+unix2nttime = _glue.unix2nttime
+nttime2string = _glue.nttime2string
+nttime2unix = _glue.nttime2unix
+unix2nttime = _glue.unix2nttime
+generate_random_password = _glue.generate_random_password