mirror of
https://github.com/samba-team/samba.git
synced 2025-07-11 00:59:11 +03:00
s4:provision Move 'Schema' into it's own file
This commit is contained in:
@ -43,7 +43,7 @@ import shutil
|
||||
from credentials import Credentials, DONT_USE_KERBEROS
|
||||
from auth import system_session, admin_session
|
||||
from samba import version, Ldb, substitute_var, valid_netbios_name
|
||||
from samba import check_all_substituted
|
||||
from samba import check_all_substituted, read_and_sub_file
|
||||
from samba import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008
|
||||
from samba.samdb import SamDB
|
||||
from samba.idmap import IDmapDB
|
||||
@ -51,8 +51,8 @@ from samba.dcerpc import security
|
||||
from samba.ndr import ndr_pack
|
||||
import urllib
|
||||
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, timestring
|
||||
from ms_schema import read_ms_schema
|
||||
from ms_display_specifiers import read_ms_ldif
|
||||
from schema import Schema
|
||||
from signal import SIGTERM
|
||||
from dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA
|
||||
|
||||
@ -73,20 +73,6 @@ def find_setup_dir():
|
||||
return ret
|
||||
raise Exception("Unable to find setup directory.")
|
||||
|
||||
def get_schema_descriptor(domain_sid):
|
||||
sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
|
||||
"(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
|
||||
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
|
||||
"(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
|
||||
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
|
||||
"(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
|
||||
"S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
|
||||
"(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \
|
||||
"(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
|
||||
"(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
|
||||
sec = security.descriptor.from_sddl(sddl, domain_sid)
|
||||
return b64encode(ndr_pack(sec))
|
||||
|
||||
def get_config_descriptor(domain_sid):
|
||||
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
|
||||
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
|
||||
@ -182,97 +168,6 @@ class ProvisionResult(object):
|
||||
self.lp = None
|
||||
self.samdb = None
|
||||
|
||||
|
||||
class Schema(object):
|
||||
def __init__(self, setup_path, domain_sid, schemadn=None,
|
||||
serverdn=None, sambadn=None):
|
||||
"""Load schema for the SamDB from the AD schema files and samba4_schema.ldif
|
||||
|
||||
:param samdb: Load a schema into a SamDB.
|
||||
:param setup_path: Setup path function.
|
||||
:param schemadn: DN of the schema
|
||||
:param serverdn: DN of the server
|
||||
|
||||
Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db
|
||||
"""
|
||||
|
||||
self.schemadn = schemadn
|
||||
self.ldb = Ldb()
|
||||
self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'),
|
||||
setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt'))
|
||||
self.schema_data += open(setup_path("schema_samba4.ldif"), 'r').read()
|
||||
self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn})
|
||||
check_all_substituted(self.schema_data)
|
||||
|
||||
self.schema_dn_modify = read_and_sub_file(setup_path("provision_schema_basedn_modify.ldif"),
|
||||
{"SCHEMADN": schemadn,
|
||||
"SERVERDN": serverdn,
|
||||
})
|
||||
|
||||
descr = get_schema_descriptor(domain_sid)
|
||||
self.schema_dn_add = read_and_sub_file(setup_path("provision_schema_basedn.ldif"),
|
||||
{"SCHEMADN": schemadn,
|
||||
"DESCRIPTOR": descr
|
||||
})
|
||||
|
||||
prefixmap = open(setup_path("prefixMap.txt"), 'r').read()
|
||||
prefixmap = b64encode(prefixmap)
|
||||
|
||||
|
||||
|
||||
# We don't actually add this ldif, just parse it
|
||||
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % prefixmap
|
||||
self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data)
|
||||
|
||||
def write_to_tmp_ldb(self, schemadb_path):
|
||||
self.ldb.connect(schemadb_path)
|
||||
self.ldb.transaction_start()
|
||||
|
||||
self.ldb.add_ldif("""dn: @ATTRIBUTES
|
||||
linkID: INTEGER
|
||||
|
||||
dn: @INDEXLIST
|
||||
@IDXATTR: linkID
|
||||
@IDXATTR: attributeSyntax
|
||||
""")
|
||||
# These bits of LDIF are supplied when the Schema object is created
|
||||
self.ldb.add_ldif(self.schema_dn_add)
|
||||
self.ldb.modify_ldif(self.schema_dn_modify)
|
||||
self.ldb.add_ldif(self.schema_data)
|
||||
self.ldb.transaction_commit()
|
||||
|
||||
# Return a hash with the forward attribute as a key and the back as the value
|
||||
def linked_attributes(self):
|
||||
return get_linked_attributes(self.schemadn, self.ldb)
|
||||
|
||||
def dnsyntax_attributes(self):
|
||||
return get_dnsyntax_attributes(self.schemadn, self.ldb)
|
||||
|
||||
# Return a hash with the forward attribute as a key and the back as the value
|
||||
def get_linked_attributes(schemadn,schemaldb):
|
||||
attrs = ["linkID", "lDAPDisplayName"]
|
||||
res = schemaldb.search(expression="(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
|
||||
attributes = {}
|
||||
for i in range (0, len(res)):
|
||||
expression = "(&(objectclass=attributeSchema)(linkID=%d)(attributeSyntax=2.5.5.1))" % (int(res[i]["linkID"][0])+1)
|
||||
target = schemaldb.searchone(basedn=schemadn,
|
||||
expression=expression,
|
||||
attribute="lDAPDisplayName",
|
||||
scope=SCOPE_SUBTREE)
|
||||
if target is not None:
|
||||
attributes[str(res[i]["lDAPDisplayName"])]=str(target)
|
||||
|
||||
return attributes
|
||||
|
||||
def get_dnsyntax_attributes(schemadn,schemaldb):
|
||||
attrs = ["linkID", "lDAPDisplayName"]
|
||||
res = schemaldb.search(expression="(&(!(linkID=*))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
|
||||
attributes = []
|
||||
for i in range (0, len(res)):
|
||||
attributes.append(str(res[i]["lDAPDisplayName"]))
|
||||
|
||||
return attributes
|
||||
|
||||
def check_install(lp, session_info, credentials):
|
||||
"""Check whether the current install seems ok.
|
||||
|
||||
@ -307,19 +202,6 @@ findnss_uid = lambda names: findnss(pwd.getpwnam, names)[2]
|
||||
findnss_gid = lambda names: findnss(grp.getgrnam, names)[2]
|
||||
|
||||
|
||||
def read_and_sub_file(file, subst_vars):
|
||||
"""Read a file and sub in variables found in it
|
||||
|
||||
:param file: File to be read (typically from setup directory)
|
||||
param subst_vars: Optional variables to subsitute in the file.
|
||||
"""
|
||||
data = open(file, 'r').read()
|
||||
if subst_vars is not None:
|
||||
data = substitute_var(data, subst_vars)
|
||||
check_all_substituted(data)
|
||||
return data
|
||||
|
||||
|
||||
def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
|
||||
"""Setup a ldb in the private dir.
|
||||
|
||||
|
Reference in New Issue
Block a user