# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
"""Functions for setting up a Samba Schema."""
from base64 import b64encode
-from ms_schema import read_ms_schema
-from samba.dcerpc import security
from samba import read_and_sub_file, substitute_var, check_all_substituted
-from samba.samdb import SamDB
-from samba import Ldb
+from samba.dcerpc import security
+from samba.ms_schema import read_ms_schema
from samba.ndr import ndr_pack
+from samba.samdb import SamDB
+from samba import dsdb
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL
import os
def get_schema_descriptor(domain_sid):
- sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \
- ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \
- "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \
- "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \
- "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \
- "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \
- "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \
- "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \
- ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \
- "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \
- "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \
- "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \
- "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \
- ";;WD)(AU;CISA;WP;;;WD)"
+ sddl = "O:SAG:SAD:AI(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)" \
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+ "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+ "(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+ "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+ "(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+ "(A;CI;RPLCLORC;;;AU)" \
+ "(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
+ "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+ "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+ "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
+ "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+ "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)" \
+ "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ER)" \
+ "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ER)" \
+ "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
+ "(AU;CISA;WP;;;WD)" \
+ "(AU;SA;CR;;;BA)" \
+ "(AU;SA;CR;;;DU)" \
+ "(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
+ "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
-
+
class Schema(object):
def __init__(self, setup_path, domain_sid, invocationid=None, schemadn=None,
- serverdn=None, files=None, prefixmap=None, am_rodc=False):
- """Load schema for the SamDB from the AD schema files and samba4_schema.ldif
-
+ files=None, override_prefixmap=None, additional_prefixmap=None):
+ """Load schema for the SamDB from the AD schema files and
+ samba4_schema.ldif
+
:param samdb: Load a schema into a SamDB.
:param setup_path: Setup path function.
:param schemadn: DN of the schema
- :param serverdn: DN of the server
-
- Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db
+
+ Returns the schema data loaded, to avoid double-parsing when then
+ needing to add it to the db
"""
self.schemadn = schemadn
- self.ldb = SamDB(global_schema=False, am_rodc=am_rodc)
- if serverdn is not None:
- self.ldb.set_ntds_settings_dn("CN=NTDS Settings,%s" % serverdn)
+ # We need to have the am_rodc=False just to keep some warnings quiet -
+ # this isn't a real SAM, so it's meaningless.
+ self.ldb = SamDB(global_schema=False, am_rodc=False)
if invocationid is not None:
self.ldb.set_invocation_id(invocationid)
self.schema_dn_modify = read_and_sub_file(
setup_path("provision_schema_basedn_modify.ldif"),
- {"SCHEMADN": schemadn, "SERVERDN": serverdn})
+ {"SCHEMADN": schemadn})
descr = b64encode(get_schema_descriptor(domain_sid))
self.schema_dn_add = read_and_sub_file(
setup_path("provision_schema_basedn.ldif"),
{"SCHEMADN": schemadn, "DESCRIPTOR": descr})
- self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
+ if override_prefixmap is not None:
+ self.prefixmap_data = override_prefixmap
+ else:
+ self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
- if prefixmap is not None:
- for map in prefixmap:
+ if additional_prefixmap is not None:
+ for map in additional_prefixmap:
self.prefixmap_data += "%s\n" % map
self.prefixmap_data = b64encode(self.prefixmap_data)
# We don't actually add this ldif, just parse it
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % self.prefixmap_data
- self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data)
+ self.set_from_ldif(prefixmap_ldif, self.schema_data)
+
+ def set_from_ldif(self, pf, df):
+ dsdb._dsdb_set_schema_from_ldif(self.ldb, pf, df)
def write_to_tmp_ldb(self, schemadb_path):
self.ldb.connect(url=schemadb_path)
self.ldb.add_ldif(self.schema_dn_add)
self.ldb.modify_ldif(self.schema_dn_modify)
self.ldb.add_ldif(self.schema_data)
- except:
+ except Exception:
self.ldb.transaction_cancel()
raise
else:
self.ldb.transaction_commit()
- # Return a hash with the forward attribute as a key and the back as the value
+ # Return a hash with the forward attribute as a key and the back as the
+ # value
def linked_attributes(self):
return get_linked_attributes(self.schemadn, self.ldb)
def dnsyntax_attributes(self):
return get_dnsyntax_attributes(self.schemadn, self.ldb)
+ def convert_to_openldap(self, target, mapping):
+ return dsdb._dsdb_convert_schema_to_openldap(self.ldb, target, mapping)
+
+
# Return a hash with the forward attribute as a key and the back as the value
def get_linked_attributes(schemadn,schemaldb):
attrs = ["linkID", "lDAPDisplayName"]
scope=SCOPE_SUBTREE)
if target is not None:
attributes[str(res[i]["lDAPDisplayName"])]=str(target)
-
+
return attributes
def ldb_with_schema(setup_dir=None,
schemadn="cn=schema,cn=configuration,dc=example,dc=com",
- serverdn="cn=server,cn=servers,cn=default-first-site-name,cn=sites,cn=cn=configuration,dc=example,dc=com",
- domainsid=None):
+ domainsid=None,
+ override_prefixmap=None):
"""Load schema for the SamDB from the AD schema files and samba4_schema.ldif
-
+
:param setup_dir: Setup path
:param schemadn: DN of the schema
:param serverdn: DN of the server
-
+
Returns the schema data loaded as an object, with .ldb being a
new ldb with the schema loaded. This allows certain tests to
operate without a remote or local schema.
"""
-
+
def setup_path(file):
return os.path.join(setup_dir, file)
domainsid = security.random_sid()
else:
domainsid = security.dom_sid(domainsid)
- return Schema(setup_path, domainsid, schemadn=schemadn, serverdn=serverdn)
+ return Schema(setup_path, domainsid, schemadn=schemadn,
+ override_prefixmap=override_prefixmap)