From 964e412ead6af1ef2ccfba351161e9a865a251ac Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Aug 2014 11:23:57 +1200 Subject: [PATCH] python: Use the security.dom_sid type for ctx.domsid in join.py and provision Change-Id: I1266f77184d68aae6a39a73bac8a432fdd707b2e Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Reviewed-By: Jelmer Vernooij --- python/samba/join.py | 10 +++++----- python/samba/netcmd/domain.py | 4 ++++ python/samba/provision/__init__.py | 2 -- python/samba/upgrade.py | 2 +- python/samba/upgradehelpers.py | 2 +- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/python/samba/join.py b/python/samba/join.py index 63f83767e0e..59e4d5c1a5a 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -94,7 +94,7 @@ class dc_join(object): ctx.root_dn = str(ctx.samdb.get_root_basedn()) ctx.schema_dn = str(ctx.samdb.get_schema_basedn()) ctx.config_dn = str(ctx.samdb.get_config_basedn()) - ctx.domsid = ctx.samdb.get_domain_sid() + ctx.domsid = security.dom_sid(ctx.samdb.get_domain_sid()) ctx.forestsid = ctx.domsid ctx.domain_name = ctx.get_domain_name() ctx.forest_domain_name = ctx.get_forest_domain_name() @@ -372,7 +372,7 @@ class dc_join(object): def create_tmp_samdb(ctx): '''create a temporary samdb object for schema queries''' - ctx.tmp_schema = Schema(security.dom_sid(ctx.domsid), + ctx.tmp_schema = Schema(ctx.domsid, schemadn=ctx.schema_dn) ctx.tmp_samdb = SamDB(session_info=system_session(), url=None, auto_connect=False, credentials=ctx.creds, lp=ctx.lp, global_schema=False, @@ -924,7 +924,7 @@ class dc_join(object): realm=ctx.realm, dnsdomain=ctx.dnsdomain, netbiosname=ctx.myname, - domainsid=security.dom_sid(ctx.domsid), + domainsid=ctx.domsid, machinepass=ctx.acct_pass, secure_channel_type=ctx.secure_channel_type, key_version_number=ctx.key_version_number) @@ -967,7 +967,7 @@ class dc_join(object): info = lsa.TrustDomainInfoInfoEx() info.domain_name.string = ctx.dnsdomain info.netbios_name.string = ctx.domain_name - info.sid = security.dom_sid(ctx.domsid) + info.sid = ctx.domsid info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST @@ -1210,7 +1210,7 @@ def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None, ctx.base_dn = samba.dn_from_dns_name(dnsdomain) ctx.forestsid = ctx.domsid - ctx.domsid = str(security.random_sid()) + ctx.domsid = security.random_sid() ctx.acct_dn = None ctx.dnshostname = "%s.%s" % (ctx.myname.lower(), ctx.dnsdomain) ctx.trustdom_pass = samba.generate_random_password(128, 128) diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index 9e9b30df0e7..fe34f9434b8 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -35,6 +35,7 @@ from samba.join import join_RODC, join_DC, join_subdomain from samba.auth import system_session from samba.samdb import SamDB from samba.dcerpc import drsuapi +from samba.dcerpc import security from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX, DOMAIN_PASSWORD_STORE_CLEARTEXT from samba.netcmd import ( Command, @@ -406,6 +407,9 @@ class cmd_domain_provision(Command): if ldap_backend_forced_uri is not None: self.logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less") + if domain_sid is not None: + domain_sid = security.dom_sid(domain_sid) + session = system_session() try: result = provision(self.logger, diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 06daa0ec7d8..ca80e42058d 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -1956,8 +1956,6 @@ def provision(logger, session_info, smbconf=None, if domainsid is None: domainsid = security.random_sid() - else: - domainsid = security.dom_sid(domainsid) root_uid = findnss_uid([root or "root"]) nobody_uid = findnss_uid([nobody or "nobody"]) diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py index 11a66a61161..94b77323124 100644 --- a/python/samba/upgrade.py +++ b/python/samba/upgrade.py @@ -725,7 +725,7 @@ Please fix this account before attempting to upgrade again # Do full provision result = provision(logger, session_info, targetdir=targetdir, realm=realm, domain=domainname, - domainsid=str(domainsid), next_rid=next_rid, + domainsid=domainsid, next_rid=next_rid, dc_rid=machinerid, adminpass = adminpass, dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003, hostname=netbiosname.lower(), machinepass=machinepass, diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py index d2b0a1872f3..ed63c25268e 100644 --- a/python/samba/upgradehelpers.py +++ b/python/samba/upgradehelpers.py @@ -246,7 +246,7 @@ def newprovision(names, session, smbconf, provdir, logger): return provision(logger, session, smbconf=smbconf, targetdir=provdir, samdb_fill=FILL_FULL, realm=names.realm, domain=names.domain, domainguid=names.domainguid, - domainsid=str(names.domainsid), ntdsguid=names.ntdsguid, + domainsid=names.domainsid, ntdsguid=names.ntdsguid, policyguid=names.policyid, policyguid_dc=names.policyid_dc, hostname=names.netbiosname.lower(), hostip=None, hostip6=None, invocationid=names.invocation, adminpass=names.adminpass,