sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-11 00:59:11 +03:00
Code Activity

s4:provision Move 'Schema' into it's own file

Browse Source
This commit is contained in:
Andrew Bartlett
2009-10-30 14:31:25 +11:00
parent 76d289bb0e
commit 4be253fe2f
5 changed files with 160 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
source4/scripting/python/samba/provision.py
View File

@ -43,7 +43,7 @@ import shutil
from credentials import Credentials, DONT_USE_KERBEROS
from auth import system_session, admin_session
from samba import version, Ldb, substitute_var, valid_netbios_name
from samba import check_all_substituted
from samba import check_all_substituted, read_and_sub_file
from samba import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008
from samba.samdb import SamDB
from samba.idmap import IDmapDB
@ -51,8 +51,8 @@ from samba.dcerpc import security
from samba.ndr import ndr_pack
import urllib
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, timestring
from ms_schema import read_ms_schema
from ms_display_specifiers import read_ms_ldif
from schema import Schema
from signal import SIGTERM
from dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA
@ -73,20 +73,6 @@ def find_setup_dir():
return ret
raise Exception("Unable to find setup directory.")
def get_schema_descriptor(domain_sid):
sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
"(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
"(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
"(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
"S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
"(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \
"(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
"(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
sec = security.descriptor.from_sddl(sddl, domain_sid)
return b64encode(ndr_pack(sec))
def get_config_descriptor(domain_sid):
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
@ -182,97 +168,6 @@ class ProvisionResult(object):
self.lp = None
self.samdb = None
class Schema(object):
def __init__(self, setup_path, domain_sid, schemadn=None,
serverdn=None, sambadn=None):
"""Load schema for the SamDB from the AD schema files and samba4_schema.ldif
:param samdb: Load a schema into a SamDB.
:param setup_path: Setup path function.
:param schemadn: DN of the schema
:param serverdn: DN of the server
Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db
"""
self.schemadn = schemadn
self.ldb = Ldb()
self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'),
setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt'))
self.schema_data += open(setup_path("schema_samba4.ldif"), 'r').read()
self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn})
check_all_substituted(self.schema_data)
self.schema_dn_modify = read_and_sub_file(setup_path("provision_schema_basedn_modify.ldif"),
{"SCHEMADN": schemadn,
"SERVERDN": serverdn,
})
descr = get_schema_descriptor(domain_sid)
self.schema_dn_add = read_and_sub_file(setup_path("provision_schema_basedn.ldif"),
{"SCHEMADN": schemadn,
"DESCRIPTOR": descr
})
prefixmap = open(setup_path("prefixMap.txt"), 'r').read()
prefixmap = b64encode(prefixmap)
# We don't actually add this ldif, just parse it
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % prefixmap
self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data)
def write_to_tmp_ldb(self, schemadb_path):
self.ldb.connect(schemadb_path)
self.ldb.transaction_start()
self.ldb.add_ldif("""dn: @ATTRIBUTES
linkID: INTEGER
dn: @INDEXLIST
@IDXATTR: linkID
@IDXATTR: attributeSyntax
""")
# These bits of LDIF are supplied when the Schema object is created
self.ldb.add_ldif(self.schema_dn_add)
self.ldb.modify_ldif(self.schema_dn_modify)
self.ldb.add_ldif(self.schema_data)
self.ldb.transaction_commit()
# Return a hash with the forward attribute as a key and the back as the value
def linked_attributes(self):
return get_linked_attributes(self.schemadn, self.ldb)
def dnsyntax_attributes(self):
return get_dnsyntax_attributes(self.schemadn, self.ldb)
# Return a hash with the forward attribute as a key and the back as the value
def get_linked_attributes(schemadn,schemaldb):
attrs = ["linkID", "lDAPDisplayName"]
res = schemaldb.search(expression="(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
attributes = {}
for i in range (0, len(res)):
expression = "(&(objectclass=attributeSchema)(linkID=%d)(attributeSyntax=2.5.5.1))" % (int(res[i]["linkID"][0])+1)
target = schemaldb.searchone(basedn=schemadn,
expression=expression,
attribute="lDAPDisplayName",
scope=SCOPE_SUBTREE)
if target is not None:
attributes[str(res[i]["lDAPDisplayName"])]=str(target)
return attributes
def get_dnsyntax_attributes(schemadn,schemaldb):
attrs = ["linkID", "lDAPDisplayName"]
res = schemaldb.search(expression="(&(!(linkID=*))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
attributes = []
for i in range (0, len(res)):
attributes.append(str(res[i]["lDAPDisplayName"]))
return attributes
def check_install(lp, session_info, credentials):
"""Check whether the current install seems ok.
@ -307,19 +202,6 @@ findnss_uid = lambda names: findnss(pwd.getpwnam, names)[2]
findnss_gid = lambda names: findnss(grp.getgrnam, names)[2]
def read_and_sub_file(file, subst_vars):
"""Read a file and sub in variables found in it
:param file: File to be read (typically from setup directory)
param subst_vars: Optional variables to subsitute in the file.
"""
data = open(file, 'r').read()
if subst_vars is not None:
data = substitute_var(data, subst_vars)
check_all_substituted(data)
return data
def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
"""Setup a ldb in the private dir.