2008-02-15 01:28:31 +03:00
/*
Unix SMB / CIFS implementation .
Samba utility functions
2009-09-23 13:01:52 +04:00
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2008 - 2009
2009-09-21 03:27:24 +04:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005
2008-02-15 01:28:31 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2010-12-12 23:40:03 +03:00
# include <Python.h>
# include <ldb.h>
# include <pyldb.h>
2008-02-15 01:28:31 +03:00
# include "includes.h"
2008-04-02 06:53:27 +04:00
# include "librpc/ndr/libndr.h"
2008-04-09 05:23:13 +04:00
# include "param/provision.h"
2009-09-21 03:27:24 +04:00
# include "param/secrets.h"
2011-08-14 17:34:08 +04:00
# include <pytalloc.h>
2012-12-28 18:37:14 +04:00
# include "python/modules.h"
2008-12-22 06:38:57 +03:00
# include "param/pyparam.h"
2010-04-21 06:01:16 +04:00
# include "dynconfig/dynconfig.h"
2008-02-15 01:28:31 +03:00
2009-09-23 16:22:36 +04:00
static PyObject * provision_module ( void )
{
PyObject * name = PyString_FromString ( " samba.provision " ) ;
if ( name = = NULL )
return NULL ;
return PyImport_Import ( name ) ;
}
2009-11-10 07:18:52 +03:00
static PyObject * schema_module ( void )
{
PyObject * name = PyString_FromString ( " samba.schema " ) ;
if ( name = = NULL )
return NULL ;
return PyImport_Import ( name ) ;
}
2009-12-20 20:31:27 +03:00
static PyObject * ldb_module ( void )
{
PyObject * name = PyString_FromString ( " ldb " ) ;
if ( name = = NULL )
return NULL ;
return PyImport_Import ( name ) ;
}
static PyObject * PyLdb_FromLdbContext ( struct ldb_context * ldb_ctx )
{
PyLdbObject * ret ;
PyObject * ldb_mod = ldb_module ( ) ;
PyTypeObject * ldb_ctx_type ;
if ( ldb_mod = = NULL )
return NULL ;
2010-01-20 06:27:38 +03:00
ldb_ctx_type = ( PyTypeObject * ) PyObject_GetAttrString ( ldb_mod , " Ldb " ) ;
2009-12-20 20:31:27 +03:00
ret = ( PyLdbObject * ) ldb_ctx_type - > tp_alloc ( ldb_ctx_type , 0 ) ;
if ( ret = = NULL ) {
PyErr_NoMemory ( ) ;
return NULL ;
}
ret - > mem_ctx = talloc_new ( NULL ) ;
ret - > ldb_ctx = talloc_reference ( ret - > mem_ctx , ldb_ctx ) ;
return ( PyObject * ) ret ;
}
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
NTSTATUS provision_bare ( TALLOC_CTX * mem_ctx , struct loadparm_context * lp_ctx ,
2008-04-10 07:23:17 +04:00
struct provision_settings * settings ,
struct provision_result * result )
2008-02-15 01:28:31 +03:00
{
2009-09-03 07:03:31 +04:00
const char * configfile ;
2010-09-23 02:35:36 +04:00
PyObject * provision_mod , * provision_dict , * provision_fn , * py_result , * parameters , * py_lp_ctx ;
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
2008-02-15 17:14:55 +03:00
DEBUG ( 0 , ( " Provision for Become-DC test using python \n " ) ) ;
2008-02-15 01:28:31 +03:00
Py_Initialize ( ) ;
2011-02-05 10:00:45 +03:00
py_update_path ( ) ; /* Put the samba path at the start of sys.path */
2008-02-15 01:28:31 +03:00
2009-09-23 16:22:36 +04:00
provision_mod = provision_module ( ) ;
2008-02-15 01:28:31 +03:00
2008-02-15 04:12:37 +03:00
if ( provision_mod = = NULL ) {
PyErr_Print ( ) ;
2008-02-15 01:28:31 +03:00
DEBUG ( 0 , ( " Unable to import provision Python module. \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
2008-02-15 04:12:37 +03:00
provision_dict = PyModule_GetDict ( provision_mod ) ;
if ( provision_dict = = NULL ) {
DEBUG ( 0 , ( " Unable to get dictionary for provision module \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
provision_fn = PyDict_GetItemString ( provision_dict , " provision_become_dc " ) ;
2008-02-15 04:12:37 +03:00
if ( provision_fn = = NULL ) {
PyErr_Print ( ) ;
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
DEBUG ( 0 , ( " Unable to get provision_become_dc function \n " ) ) ;
2008-02-15 04:12:37 +03:00
return NT_STATUS_UNSUCCESSFUL ;
}
2008-02-15 01:28:31 +03:00
2008-04-09 08:55:01 +04:00
DEBUG ( 0 , ( " New Server in Site[%s] \n " ,
settings - > site_name ) ) ;
2008-02-15 01:28:31 +03:00
DEBUG ( 0 , ( " DSA Instance [%s] \n "
" \t invocationId[%s] \n " ,
2008-02-15 17:14:55 +03:00
settings - > ntds_dn_str ,
settings - > invocation_id = = NULL ? " None " : GUID_string ( mem_ctx , settings - > invocation_id ) ) ) ;
2008-02-15 01:28:31 +03:00
2010-04-11 19:43:56 +04:00
DEBUG ( 0 , ( " Paths under targetdir[%s] \n " ,
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
settings - > targetdir ) ) ;
2008-02-15 01:28:31 +03:00
parameters = PyDict_New ( ) ;
2010-07-16 08:32:42 +04:00
configfile = lpcfg_configfile ( lp_ctx ) ;
2009-03-04 05:58:07 +03:00
if ( configfile ! = NULL ) {
PyDict_SetItemString ( parameters , " smbconf " ,
PyString_FromString ( configfile ) ) ;
}
2008-04-14 18:01:15 +04:00
2008-02-15 17:14:55 +03:00
PyDict_SetItemString ( parameters , " rootdn " ,
PyString_FromString ( settings - > root_dn_str ) ) ;
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
if ( settings - > targetdir ! = NULL )
PyDict_SetItemString ( parameters , " targetdir " ,
PyString_FromString ( settings - > targetdir ) ) ;
2008-02-15 17:14:55 +03:00
PyDict_SetItemString ( parameters , " hostname " ,
PyString_FromString ( settings - > netbios_name ) ) ;
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
PyDict_SetItemString ( parameters , " domain " ,
PyString_FromString ( settings - > domain ) ) ;
PyDict_SetItemString ( parameters , " realm " ,
PyString_FromString ( settings - > realm ) ) ;
if ( settings - > root_dn_str )
PyDict_SetItemString ( parameters , " rootdn " ,
PyString_FromString ( settings - > root_dn_str ) ) ;
if ( settings - > domain_dn_str )
PyDict_SetItemString ( parameters , " domaindn " ,
PyString_FromString ( settings - > domain_dn_str ) ) ;
if ( settings - > schema_dn_str )
PyDict_SetItemString ( parameters , " schemadn " ,
PyString_FromString ( settings - > schema_dn_str ) ) ;
if ( settings - > config_dn_str )
PyDict_SetItemString ( parameters , " configdn " ,
PyString_FromString ( settings - > config_dn_str ) ) ;
2008-04-04 05:55:45 +04:00
if ( settings - > server_dn_str )
PyDict_SetItemString ( parameters , " serverdn " ,
PyString_FromString ( settings - > server_dn_str ) ) ;
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
if ( settings - > site_name )
PyDict_SetItemString ( parameters , " sitename " ,
PyString_FromString ( settings - > site_name ) ) ;
2008-02-15 17:14:55 +03:00
PyDict_SetItemString ( parameters , " machinepass " ,
Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-06 13:55:26 +03:00
PyString_FromString ( settings - > machine_password ) ) ;
2008-02-15 01:28:31 +03:00
2009-09-03 07:03:31 +04:00
PyDict_SetItemString ( parameters , " debuglevel " , PyInt_FromLong ( DEBUGLEVEL ) ) ;
2012-08-21 13:58:18 +04:00
PyDict_SetItemString ( parameters , " use_ntvfs " , PyInt_FromLong ( settings - > use_ntvfs ) ) ;
2008-04-10 07:23:17 +04:00
py_result = PyEval_CallObjectWithKeywords ( provision_fn , NULL , parameters ) ;
2008-02-15 01:28:31 +03:00
Py_DECREF ( parameters ) ;
2008-04-10 07:23:17 +04:00
if ( py_result = = NULL ) {
2008-02-15 01:28:31 +03:00
PyErr_Print ( ) ;
PyErr_Clear ( ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
2008-04-10 07:23:17 +04:00
result - > domaindn = talloc_strdup ( mem_ctx , PyString_AsString ( PyObject_GetAttrString ( py_result , " domaindn " ) ) ) ;
2008-04-11 02:43:23 +04:00
/* FIXME paths */
2010-09-23 02:35:36 +04:00
py_lp_ctx = PyObject_GetAttrString ( py_result , " lp " ) ;
if ( py_lp_ctx = = NULL ) {
DEBUG ( 0 , ( " Missing 'lp' attribute " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
2010-09-23 03:44:17 +04:00
result - > lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
2011-08-07 19:08:56 +04:00
result - > samdb = pyldb_Ldb_AsLdbContext ( PyObject_GetAttrString ( py_result , " samdb " ) ) ;
2008-04-11 02:43:23 +04:00
2008-02-15 01:28:31 +03:00
return NT_STATUS_OK ;
}
2009-09-21 03:27:24 +04:00
2009-09-23 13:01:52 +04:00
static PyObject * py_dom_sid_FromSid ( struct dom_sid * sid )
{
PyObject * mod_security , * dom_sid_Type ;
mod_security = PyImport_ImportModule ( " samba.dcerpc.security " ) ;
if ( mod_security = = NULL )
return NULL ;
dom_sid_Type = PyObject_GetAttrString ( mod_security , " dom_sid " ) ;
if ( dom_sid_Type = = NULL )
return NULL ;
2011-08-10 17:15:18 +04:00
return pytalloc_reference ( ( PyTypeObject * ) dom_sid_Type , sid ) ;
2009-09-23 13:01:52 +04:00
}
2009-09-21 03:27:24 +04:00
NTSTATUS provision_store_self_join ( TALLOC_CTX * mem_ctx , struct loadparm_context * lp_ctx ,
struct tevent_context * event_ctx ,
struct provision_store_self_join_settings * settings ,
const char * * error_string )
{
int ret ;
PyObject * provision_mod , * provision_dict , * provision_fn , * py_result , * parameters , * py_sid ;
struct ldb_context * ldb ;
TALLOC_CTX * tmp_mem = talloc_new ( mem_ctx ) ;
2017-05-23 05:13:14 +03:00
* error_string = NULL ;
2009-09-21 03:27:24 +04:00
if ( ! tmp_mem ) {
return NT_STATUS_NO_MEMORY ;
}
/* Open the secrets database */
2010-10-11 09:43:07 +04:00
ldb = secrets_db_connect ( tmp_mem , lp_ctx ) ;
2009-09-21 03:27:24 +04:00
if ( ! ldb ) {
* error_string
= talloc_asprintf ( mem_ctx ,
" Could not open secrets database " ) ;
talloc_free ( tmp_mem ) ;
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO ;
}
ret = ldb_transaction_start ( ldb ) ;
if ( ret ! = LDB_SUCCESS ) {
* error_string
= talloc_asprintf ( mem_ctx ,
" Could not start transaction on secrets database: %s " , ldb_errstring ( ldb ) ) ;
talloc_free ( tmp_mem ) ;
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO ;
}
Py_Initialize ( ) ;
2011-02-05 10:00:45 +03:00
py_update_path ( ) ; /* Put the samba path at the start of sys.path */
2009-09-23 16:22:36 +04:00
provision_mod = provision_module ( ) ;
2009-09-21 03:27:24 +04:00
if ( provision_mod = = NULL ) {
PyErr_Print ( ) ;
* error_string
= talloc_asprintf ( mem_ctx , " Unable to import provision Python module. " ) ;
talloc_free ( tmp_mem ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
provision_dict = PyModule_GetDict ( provision_mod ) ;
if ( provision_dict = = NULL ) {
* error_string
= talloc_asprintf ( mem_ctx , " Unable to get dictionary for provision module " ) ;
talloc_free ( tmp_mem ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
provision_fn = PyDict_GetItemString ( provision_dict , " secretsdb_self_join " ) ;
if ( provision_fn = = NULL ) {
PyErr_Print ( ) ;
* error_string
= talloc_asprintf ( mem_ctx , " Unable to get provision_become_dc function " ) ;
talloc_free ( tmp_mem ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
parameters = PyDict_New ( ) ;
PyDict_SetItemString ( parameters , " secretsdb " ,
PyLdb_FromLdbContext ( ldb ) ) ;
PyDict_SetItemString ( parameters , " domain " ,
PyString_FromString ( settings - > domain_name ) ) ;
2010-02-15 12:29:47 +03:00
if ( settings - > realm ! = NULL ) {
PyDict_SetItemString ( parameters , " realm " ,
PyString_FromString ( settings - > realm ) ) ;
}
2009-09-21 03:27:24 +04:00
PyDict_SetItemString ( parameters , " machinepass " ,
PyString_FromString ( settings - > machine_password ) ) ;
PyDict_SetItemString ( parameters , " netbiosname " ,
PyString_FromString ( settings - > netbios_name ) ) ;
py_sid = py_dom_sid_FromSid ( settings - > domain_sid ) ;
2009-09-23 13:01:52 +04:00
if ( py_sid = = NULL ) {
Py_DECREF ( parameters ) ;
goto failure ;
}
2009-09-21 03:27:24 +04:00
PyDict_SetItemString ( parameters , " domainsid " ,
py_sid ) ;
PyDict_SetItemString ( parameters , " secure_channel_type " ,
PyInt_FromLong ( settings - > secure_channel_type ) ) ;
PyDict_SetItemString ( parameters , " key_version_number " ,
PyInt_FromLong ( settings - > key_version_number ) ) ;
py_result = PyEval_CallObjectWithKeywords ( provision_fn , NULL , parameters ) ;
Py_DECREF ( parameters ) ;
if ( py_result = = NULL ) {
2009-09-23 13:01:52 +04:00
goto failure ;
2009-09-21 03:27:24 +04:00
}
ret = ldb_transaction_commit ( ldb ) ;
if ( ret ! = LDB_SUCCESS ) {
* error_string
= talloc_asprintf ( mem_ctx ,
" Could not commit transaction on secrets database: %s " , ldb_errstring ( ldb ) ) ;
talloc_free ( tmp_mem ) ;
return NT_STATUS_INTERNAL_DB_ERROR ;
}
talloc_free ( tmp_mem ) ;
return NT_STATUS_OK ;
2009-09-23 13:01:52 +04:00
failure :
ldb_transaction_cancel ( ldb ) ;
talloc_free ( tmp_mem ) ;
PyErr_Print ( ) ;
PyErr_Clear ( ) ;
return NT_STATUS_UNSUCCESSFUL ;
2009-09-21 03:27:24 +04:00
}
2009-11-10 07:18:52 +03:00
2011-11-14 11:52:51 +04:00
struct ldb_context * provision_get_schema ( TALLOC_CTX * mem_ctx ,
struct loadparm_context * lp_ctx ,
const char * schema_dn ,
2010-06-10 15:33:45 +04:00
DATA_BLOB * override_prefixmap )
2009-11-10 07:18:52 +03:00
{
PyObject * schema_mod , * schema_dict , * schema_fn , * py_result , * parameters ;
Py_Initialize ( ) ;
2011-02-05 10:00:45 +03:00
py_update_path ( ) ; /* Put the samba path at the start of sys.path */
2009-11-10 07:18:52 +03:00
schema_mod = schema_module ( ) ;
if ( schema_mod = = NULL ) {
PyErr_Print ( ) ;
DEBUG ( 0 , ( " Unable to import schema Python module. \n " ) ) ;
return NULL ;
}
schema_dict = PyModule_GetDict ( schema_mod ) ;
if ( schema_dict = = NULL ) {
DEBUG ( 0 , ( " Unable to get dictionary for schema module \n " ) ) ;
return NULL ;
}
schema_fn = PyDict_GetItemString ( schema_dict , " ldb_with_schema " ) ;
if ( schema_fn = = NULL ) {
PyErr_Print ( ) ;
DEBUG ( 0 , ( " Unable to get schema_get_ldb function \n " ) ) ;
return NULL ;
}
parameters = PyDict_New ( ) ;
2011-11-14 11:52:51 +04:00
if ( schema_dn ) {
PyDict_SetItemString ( parameters , " schemadn " ,
PyString_FromString ( schema_dn ) ) ;
}
2010-06-10 15:33:45 +04:00
if ( override_prefixmap ) {
PyDict_SetItemString ( parameters , " override_prefixmap " ,
PyString_FromStringAndSize ( ( const char * ) override_prefixmap - > data ,
override_prefixmap - > length ) ) ;
}
2009-11-10 07:18:52 +03:00
py_result = PyEval_CallObjectWithKeywords ( schema_fn , NULL , parameters ) ;
Py_DECREF ( parameters ) ;
if ( py_result = = NULL ) {
PyErr_Print ( ) ;
PyErr_Clear ( ) ;
return NULL ;
}
2011-08-07 19:08:56 +04:00
return pyldb_Ldb_AsLdbContext ( PyObject_GetAttrString ( py_result , " ldb " ) ) ;
2009-11-10 07:18:52 +03:00
}