本文整理汇总了Python中samba.credentials.Credentials.set_kerberos_state方法的典型用法代码示例。如果您正苦于以下问题:Python Credentials.set_kerberos_state方法的具体用法?Python Credentials.set_kerberos_state怎么用?Python Credentials.set_kerberos_state使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类samba.credentials.Credentials的用法示例。
在下文中一共展示了Credentials.set_kerberos_state方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: insta_creds
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
def insta_creds(self, template=None, username=None, userpass=None, kerberos_state=None):
if template is None:
assert template is not None
if username is not None:
assert userpass is not None
if username is None:
assert userpass is None
username = template.get_username()
userpass = template.get_password()
if kerberos_state is None:
kerberos_state = template.get_kerberos_state()
# get a copy of the global creds or a the passed in creds
c = Credentials()
c.set_username(username)
c.set_password(userpass)
c.set_domain(template.get_domain())
c.set_realm(template.get_realm())
c.set_workstation(template.get_workstation())
c.set_gensec_features(c.get_gensec_features()
| gensec.FEATURE_SEAL)
c.set_kerberos_state(kerberos_state)
return c示例2: CredentialsOptionsDouble
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
class CredentialsOptionsDouble(CredentialsOptions):
"""Command line options for specifying credentials of two servers."""
def __init__(self, parser):
CredentialsOptions.__init__(self, parser)
self.no_pass2 = True
self.add_option("--simple-bind-dn2", metavar="DN2", action="callback",
callback=self._set_simple_bind_dn2, type=str,
help="DN to use for a simple bind")
self.add_option("--password2", metavar="PASSWORD2", action="callback",
help="Password", type=str,
callback=self._set_password2)
self.add_option("--username2", metavar="USERNAME2",
action="callback", type=str,
help="Username for second server",
callback=self._parse_username2)
self.add_option("--workgroup2", metavar="WORKGROUP2",
action="callback", type=str,
help="Workgroup for second server",
callback=self._parse_workgroup2)
self.add_option("--no-pass2", action="store_true",
help="Don't ask for a password for the second server")
self.add_option("--kerberos2", metavar="KERBEROS2",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos2)
self.creds2 = Credentials()
def _parse_username2(self, option, opt_str, arg, parser):
self.creds2.parse_string(arg)
def _parse_workgroup2(self, option, opt_str, arg, parser):
self.creds2.set_domain(arg)
def _set_password2(self, option, opt_str, arg, parser):
self.creds2.set_password(arg)
self.no_pass2 = False
def _set_kerberos2(self, option, opt_str, arg, parser):
if bool(arg) or arg.lower() == "yes":
self.creds2.set_kerberos_state(MUST_USE_KERBEROS)
else:
self.creds2.set_kerberos_state(DONT_USE_KERBEROS)
def _set_simple_bind_dn2(self, option, opt_str, arg, parser):
self.creds2.set_bind_dn(arg)
def get_credentials2(self, lp, guess=True):
"""Obtain the credentials set on the command-line.
:param lp: Loadparm object to use.
:param guess: Try guess Credentials from environment
:return: Credentials object
"""
if guess:
self.creds2.guess(lp)
elif not self.creds2.get_username():
self.creds2.set_anonymous()
if self.no_pass2:
self.creds2.set_cmdline_callbacks()
return self.creds2示例3: _get_smb_connection
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
def _get_smb_connection(self, service='SysVol'):
# Connect to SMB using kerberos
parm = param.LoadParm()
creds = Credentials()
creds.set_kerberos_state(MUST_USE_KERBEROS)
creds.guess(parm)
conn = smb.SMB(self._get_server_name(), service, lp=parm, creds=creds)
return conn示例4: join_replicate
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
def join_replicate(ctx):
'''replicate the SAM'''
print "Starting replication"
ctx.local_samdb.transaction_start()
try:
source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id())
if ctx.ntds_guid is None:
print("Using DS_BIND_GUID_W2K3")
destination_dsa_guid = misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID_W2K3)
else:
destination_dsa_guid = ctx.ntds_guid
if ctx.RODC:
repl_creds = Credentials()
repl_creds.guess(ctx.lp)
repl_creds.set_kerberos_state(DONT_USE_KERBEROS)
repl_creds.set_username(ctx.samname)
repl_creds.set_password(ctx.acct_pass)
else:
repl_creds = ctx.creds
binding_options = "seal"
if int(ctx.lp.get("log level")) >= 5:
binding_options += ",print"
repl = drs_utils.drs_Replicate(
"ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),
ctx.lp, repl_creds, ctx.local_samdb)
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
destination_dsa_guid, schema=True, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
if not ctx.subdomain:
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
if ctx.RODC:
repl.replicate(ctx.acct_dn, source_dsa_invocation_id,
destination_dsa_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id,
destination_dsa_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
ctx.repl = repl
ctx.source_dsa_invocation_id = source_dsa_invocation_id
ctx.destination_dsa_guid = destination_dsa_guid
print "Committing SAM database"
except:
ctx.local_samdb.transaction_cancel()
raise
else:
ctx.local_samdb.transaction_commit()示例5: NtlmDisabledTests
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
class NtlmDisabledTests(TestCase):
def setUp(self):
super(NtlmDisabledTests, self).setUp()
self.lp = self.get_loadparm()
self.server = os.getenv("SERVER")
self.creds = Credentials()
self.creds.guess(self.lp)
self.creds.set_username(os.getenv("USERNAME"))
self.creds.set_domain(self.server)
self.creds.set_password(os.getenv("PASSWORD"))
self.creds.set_kerberos_state(DONT_USE_KERBEROS)
def tearDown(self):
super(NtlmDisabledTests, self).tearDown()
def test_ntlm_connection(self):
try:
conn = srvsvc.srvsvc("ncacn_np:%s[smb2,ntlm]" % self.server, self.lp, self.creds)
self.assertIsNotNone(conn)
except NTSTATUSError as e:
# NTLM might be blocked on this server
enum = ctypes.c_uint32(e[0]).value
if enum == ntstatus.NT_STATUS_NTLM_BLOCKED:
self.fail("NTLM is disabled on this server")
else:
raise
def test_samr_change_password(self):
self.creds.set_kerberos_state(MUST_USE_KERBEROS)
conn = samr.samr("ncacn_np:%s[krb5,seal,smb2]" % os.getenv("SERVER"))
# we want to check whether this gets rejected outright because NTLM is
# disabled, so we don't actually need to encrypt a valid password here
server = lsa.String()
server.string = self.server
username = lsa.String()
username.string = os.getenv("USERNAME")
try:
conn.ChangePasswordUser2(server, username, None, None, True, None, None)
except NTSTATUSError as e:
# changing passwords should be rejected when NTLM is disabled
enum = ctypes.c_uint32(e[0]).value
if enum == ntstatus.NT_STATUS_NTLM_BLOCKED:
self.fail("NTLM is disabled on this server")
elif enum == ntstatus.NT_STATUS_WRONG_PASSWORD:
# expected error case when NTLM is enabled
pass
else:
raise示例6: get_creds
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
def get_creds(self, target_username, target_password):
creds_tmp = Credentials()
creds_tmp.set_username(target_username)
creds_tmp.set_password(target_password)
creds_tmp.set_domain(creds.get_domain())
creds_tmp.set_realm(creds.get_realm())
creds_tmp.set_workstation(creds.get_workstation())
creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
| gensec.FEATURE_SEAL)
creds_tmp.set_kerberos_state(DONT_USE_KERBEROS) # kinit is too expensive to use in a tight loop
return creds_tmp示例7: get_ldb_connection
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
def get_ldb_connection(self, target_username, target_password):
creds_tmp = Credentials()
creds_tmp.set_username(target_username)
creds_tmp.set_password(target_password)
creds_tmp.set_domain(creds.get_domain())
creds_tmp.set_realm(creds.get_realm())
creds_tmp.set_workstation(creds.get_workstation())
creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
| gensec.FEATURE_SEAL)
creds_tmp.set_kerberos_state(DONT_USE_KERBEROS) # kinit is too expensive to use in a tight loop
ldb_target = SamDB(url=ldaphost, credentials=creds_tmp, lp=lp)
return ldb_target示例8: CredentialsOptions
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
class CredentialsOptions(optparse.OptionGroup):
"""Command line options for specifying credentials."""
def __init__(self, parser, special_name=None):
self.special_name = special_name
if special_name is not None:
self.section = "Credentials Options (%s)" % special_name
else:
self.section = "Credentials Options"
self.ask_for_password = True
self.ipaddress = None
self.machine_pass = False
optparse.OptionGroup.__init__(self, parser, self.section)
self._add_option("--simple-bind-dn", metavar="DN", action="callback",
callback=self._set_simple_bind_dn, type=str,
help="DN to use for a simple bind")
self._add_option("--password", metavar="PASSWORD", action="callback",
help="Password", type=str, callback=self._set_password)
self._add_option("-U", "--username", metavar="USERNAME",
action="callback", type=str,
help="Username", callback=self._parse_username)
self._add_option("-W", "--workgroup", metavar="WORKGROUP",
action="callback", type=str,
help="Workgroup", callback=self._parse_workgroup)
self._add_option("-N", "--no-pass", action="callback",
help="Don't ask for a password",
callback=self._set_no_password)
self._add_option("-k", "--kerberos", metavar="KERBEROS",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos)
self._add_option("", "--ipaddress", metavar="IPADDRESS",
action="callback", type=str,
help="IP address of server",
callback=self._set_ipaddress)
self._add_option("-P", "--machine-pass",
action="callback",
help="Use stored machine account password",
callback=self._set_machine_pass)
self._add_option("--krb5-ccache", metavar="KRB5CCNAME",
action="callback", type=str,
help="Kerberos Credentials cache",
callback=self._set_krb5_ccache)
self.creds = Credentials()
def _add_option(self, *args1, **kwargs):
if self.special_name is None:
return self.add_option(*args1, **kwargs)
args2 = ()
for a in args1:
if not a.startswith("--"):
continue
args2 += (a.replace("--", "--%s-" % self.special_name),)
self.add_option(*args2, **kwargs)
def _parse_username(self, option, opt_str, arg, parser):
self.creds.parse_string(arg)
self.machine_pass = False
def _parse_workgroup(self, option, opt_str, arg, parser):
self.creds.set_domain(arg)
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
self.ask_for_password = False
self.machine_pass = False
def _set_no_password(self, option, opt_str, arg, parser):
self.ask_for_password = False
def _set_machine_pass(self, option, opt_str, arg, parser):
self.machine_pass = True
def _set_ipaddress(self, option, opt_str, arg, parser):
self.ipaddress = arg
def _set_kerberos(self, option, opt_str, arg, parser):
self.creds.set_kerberos_state(parse_kerberos_arg(arg, opt_str))
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
self.creds.set_bind_dn(arg)
def _set_krb5_ccache(self, option, opt_str, arg, parser):
self.creds.set_named_ccache(arg)
def get_credentials(self, lp, fallback_machine=False):
"""Obtain the credentials set on the command-line.
:param lp: Loadparm object to use.
:return: Credentials object
"""
self.creds.guess(lp)
if self.machine_pass:
self.creds.set_machine_account(lp)
elif self.ask_for_password:
self.creds.set_cmdline_callbacks()
# possibly fallback to using the machine account, if we have
# access to the secrets db
#.........这里部分代码省略.........
示例9: LDAPBackend
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
class LDAPBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None,
slapd_path=None, ldap_backend_extra_port=None,
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
names=names, logger=logger)
self.domainsid = domainsid
self.schema = schema
self.hostname = hostname
self.ldapdir = os.path.join(paths.private_dir, "ldap")
self.ldapadminpass = ldapadminpass
self.slapd_path = slapd_path
self.slapd_command = None
self.slapd_command_escaped = None
self.slapd_pid = os.path.join(self.ldapdir, "slapd.pid")
self.ldap_backend_extra_port = ldap_backend_extra_port
self.ldap_dryrun_mode = ldap_dryrun_mode
if ldap_backend_forced_uri is not None:
self.ldap_uri = ldap_backend_forced_uri
else:
self.ldap_uri = "ldapi://%s" % urllib_quote(
os.path.join(self.ldapdir, "ldapi"), safe="")
if not os.path.exists(self.ldapdir):
os.mkdir(self.ldapdir)
def init(self):
from samba.provision import ProvisioningError
# we will shortly start slapd with ldapi for final provisioning. first
# check with ldapsearch -> rootDSE via self.ldap_uri if another
# instance of slapd is already running
try:
ldapi_db = Ldb(self.ldap_uri)
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
try:
f = open(self.slapd_pid, "r")
except IOError as err:
if err != errno.ENOENT:
raise
else:
try:
p = f.read()
finally:
f.close()
self.logger.info("Check for slapd process with PID: %s and terminate it manually." % p)
raise SlapdAlreadyRunning(self.ldap_uri)
except LdbError:
# XXX: We should never be catching all Ldb errors
pass
# Try to print helpful messages when the user has not specified the
# path to slapd
if self.slapd_path is None:
raise ProvisioningError("Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=\"/usr/local/libexec/slapd\"!")
if not os.path.exists(self.slapd_path):
self.logger.warning("Path (%s) to slapd does not exist!",
self.slapd_path)
if not os.path.isdir(self.ldapdir):
os.makedirs(self.ldapdir, 0o700)
# Put the LDIF of the schema into a database so we can search on
# it to generate schema-dependent configurations in Fedora DS and
# OpenLDAP
schemadb_path = os.path.join(self.ldapdir, "schema-tmp.ldb")
try:
os.unlink(schemadb_path)
except OSError:
pass
self.schema.write_to_tmp_ldb(schemadb_path)
self.credentials = Credentials()
self.credentials.guess(self.lp)
# Kerberos to an ldapi:// backend makes no sense (we also force EXTERNAL)
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.credentials.set_username("samba-admin")
self.credentials.set_password(self.ldapadminpass)
self.credentials.set_forced_sasl_mech("EXTERNAL")
self.provision()
def provision(self):
pass
def start(self):
from samba.provision import ProvisioningError
self.slapd_command_escaped = "\'" + "\' \'".join(self.slapd_command) + "\'"
ldap_backend_script = os.path.join(self.ldapdir, "ldap_backend_startup.sh")
#.........这里部分代码省略.........
示例10: CredentialsOptions
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
class CredentialsOptions(optparse.OptionGroup):
"""Command line options for specifying credentials."""
def __init__(self, parser):
self.no_pass = True
self.ipaddress = None
optparse.OptionGroup.__init__(self, parser, "Credentials Options")
self.add_option("--simple-bind-dn", metavar="DN", action="callback",
callback=self._set_simple_bind_dn, type=str,
help="DN to use for a simple bind")
self.add_option("--password", metavar="PASSWORD", action="callback",
help="Password", type=str, callback=self._set_password)
self.add_option("-U", "--username", metavar="USERNAME",
action="callback", type=str,
help="Username", callback=self._parse_username)
self.add_option("-W", "--workgroup", metavar="WORKGROUP",
action="callback", type=str,
help="Workgroup", callback=self._parse_workgroup)
self.add_option("-N", "--no-pass", action="store_true",
help="Don't ask for a password")
self.add_option("-k", "--kerberos", metavar="KERBEROS",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos)
self.add_option("", "--ipaddress", metavar="IPADDRESS",
action="callback", type=str,
help="IP address of server", callback=self._set_ipaddress)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
self.creds.parse_string(arg)
def _parse_workgroup(self, option, opt_str, arg, parser):
self.creds.set_domain(arg)
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
self.no_pass = False
def _set_ipaddress(self, option, opt_str, arg, parser):
self.ipaddress = arg
def _set_kerberos(self, option, opt_str, arg, parser):
if arg.lower() in ["yes", 'true', '1']:
self.creds.set_kerberos_state(MUST_USE_KERBEROS)
elif arg.lower() in ["no", 'false', '0']:
self.creds.set_kerberos_state(DONT_USE_KERBEROS)
else:
raise optparse.BadOptionErr("invalid kerberos option: %s" % arg)
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
self.creds.set_bind_dn(arg)
def get_credentials(self, lp, fallback_machine=False):
"""Obtain the credentials set on the command-line.
:param lp: Loadparm object to use.
:return: Credentials object
"""
self.creds.guess(lp)
if self.no_pass:
self.creds.set_cmdline_callbacks()
# possibly fallback to using the machine account, if we have
# access to the secrets db
if fallback_machine and not self.creds.authentication_requested():
try:
self.creds.set_machine_account(lp)
except Exception:
pass
return self.creds示例11: BasePasswordTestCase
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
#.........这里部分代码省略.........
except LdbError as e:
(num, msg) = e.args
self.assertEquals(num, ERR_INVALID_CREDENTIALS)
# Succeed to reset everything to 0
ldb = SamDB(url=self.host_url, credentials=creds, lp=self.lp)
return ldb
def assertLoginFailure(self, url, creds, lp, errno=ERR_INVALID_CREDENTIALS):
try:
ldb = SamDB(url=url, credentials=creds, lp=lp)
self.fail("Login unexpectedly succeeded")
except LdbError as e1:
(num, msg) = e1.args
if errno is not None:
self.assertEquals(num, errno, ("Login failed in the wrong way"
"(got err %d, expected %d)" %
(num, errno)))
def setUp(self):
super(BasePasswordTestCase, self).setUp()
self.global_creds.set_gensec_features(self.global_creds.get_gensec_features() |
gensec.FEATURE_SEAL)
self.template_creds = Credentials()
self.template_creds.set_username("testuser")
self.template_creds.set_password("thatsAcomplPASS1")
self.template_creds.set_domain(self.global_creds.get_domain())
self.template_creds.set_realm(self.global_creds.get_realm())
self.template_creds.set_workstation(self.global_creds.get_workstation())
self.template_creds.set_gensec_features(self.global_creds.get_gensec_features())
self.template_creds.set_kerberos_state(self.global_creds.get_kerberos_state())
# Gets back the basedn
base_dn = self.ldb.domain_dn()
# Gets back the configuration basedn
configuration_dn = self.ldb.get_config_basedn().get_linearized()
res = self.ldb.search(base_dn,
scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"])
if "lockoutDuration" in res[0]:
lockoutDuration = res[0]["lockoutDuration"][0]
else:
lockoutDuration = 0
if "lockoutObservationWindow" in res[0]:
lockoutObservationWindow = res[0]["lockoutObservationWindow"][0]
else:
lockoutObservationWindow = 0
if "lockoutThreshold" in res[0]:
lockoutThreshold = res[0]["lockoutThreshold"][0]
else:
lockoutTreshold = 0
self.addCleanup(self.ldb.modify_ldif, """
dn: """ + base_dn + """
changetype: modify
replace: lockoutDuration
lockoutDuration: """ + str(lockoutDuration) + """
replace: lockoutObservationWindow
lockoutObservationWindow: """ + str(lockoutObservationWindow) + """示例12: join_replicate
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
def join_replicate(ctx):
"""Replicate the SAM."""
print "Starting replication"
ctx.local_samdb.transaction_start()
try:
source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id())
if ctx.ntds_guid is None:
print("Using DS_BIND_GUID_W2K3")
destination_dsa_guid = misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID_W2K3)
else:
destination_dsa_guid = ctx.ntds_guid
if ctx.RODC:
repl_creds = Credentials()
repl_creds.guess(ctx.lp)
repl_creds.set_kerberos_state(DONT_USE_KERBEROS)
repl_creds.set_username(ctx.samname)
repl_creds.set_password(ctx.acct_pass)
else:
repl_creds = ctx.creds
binding_options = "seal"
if int(ctx.lp.get("log level")) >= 5:
binding_options += ",print"
repl = drs_utils.drs_Replicate(
"ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),
ctx.lp, repl_creds, ctx.local_samdb)
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
destination_dsa_guid, schema=True, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
if not ctx.subdomain:
# Replicate first the critical object for the basedn
if not ctx.domain_replica_flags & drsuapi.DRSUAPI_DRS_CRITICAL_ONLY:
print "Replicating critical objects from the base DN of the domain"
ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC
else:
ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_GET_ANC
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
print "Done with always replicated NC (base, config, schema)"
for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
if nc in ctx.nc_list:
print "Replicating %s" % (str(nc))
repl.replicate(nc, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
if 'DC=ForestDnsZones,%s' % ctx.root_dn in ctx.nc_list:
repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
# FIXME At this point we should add an entry in the forestdns and domaindns NC
# (those under CN=Partions,DC=...)
# in order to indicate that we hold a replica for this NC
if ctx.RODC:
repl.replicate(ctx.acct_dn, source_dsa_invocation_id,
destination_dsa_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id,
destination_dsa_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
ctx.repl = repl
ctx.source_dsa_invocation_id = source_dsa_invocation_id
ctx.destination_dsa_guid = destination_dsa_guid
print "Committing SAM database"
except:
ctx.local_samdb.transaction_cancel()
raise
else:
ctx.local_samdb.transaction_commit()示例13: ProvisionModel
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
class ProvisionModel(BaseModel):
def __init__(self,username,password):
BaseModel.__init__(self,username,password);
#if self.isAuthenticate():
self.opts = Options();
#self.creds = self.opts.get_credentials(self.opts.lp)
self.creds = Credentials()
self.creds.guess(self.opts.lp)
self.creds.set_kerberos_state(DONT_USE_KERBEROS)
self.session = system_session()
def SetupDomain(self):
#dom_for_fun_level
result = True
if self.opts.function_level is None:
self.opts.dom_for_fun_level = DS_DOMAIN_FUNCTION_2003 #default
elif self.opts.function_level == "2000":
self.opts.dom_for_fun_level = DS_DOMAIN_FUNCTION_2000
elif self.opts.function_level == "2003":
self.opts.dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
elif self.opts.function_level == "2008":
self.opts.dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
elif self.opts.function_level == "2008_R2":
self.opts.dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
if self.opts.blank:
self.opts.samdb_fill = FILL_NT4SYNC
elif self.opts.partitions_only:
self.opts.samdb_fill = FILL_DRS
self.opts.eadb = True
if self.opts.use_xattrs == "yes":
self.opts.eadb = False
elif self.opts.use_xattrs == "auto" and not self.opts.lp.get("posix:eadb"):
file = tempfile.NamedTemporaryFile()
try:
samba.ntacls.setntacl(self.opts.lp, file.name,
"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
self.opts.eadb = False
except:
logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
"If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
file.close()
#logger.addHandler(logging.StreamHandler(sys.stdout))
#if opts.quiet:
# logger.setLevel(logging.WARNING)
#else:
# logger.setLevel(logging.INFO)
# buffer debug messages so they can be sent with error emails
#memory_handler = logging.handlers.MemoryHandler(1024*10)
#memory_handler.setLevel(logging.DEBUG)
# attach handlers
msg = "data: start provision\n\n"
response.write(msg);
self.logger = logging.getLogger(__name__)
LogOutput = ListBufferingHandler(1000);
self.logger.addHandler(LogOutput)
self.logger.setLevel(logging.WARNING)
self.logger.setLevel(logging.INFO)
try:
provision(self.logger
,self.session
,self.creds
, smbconf=self.opts.smbconf
# ,targetdir=self.opts.targetdir
,samdb_fill=self.opts.samdb_fill
,realm=self.opts.realm
,domain=self.opts.domain,
# domainguid=self.opts.domain_guid, domainsid=self.opts.domain_sid,
# hostname=self.opts.host_name,
# hostip=self.opts.host_ip, hostip6=self.opts.host_ip6,
# ntdsguid=self.opts.ntds_guid,
# invocationid=self.opts.invocationid,
adminpass=self.opts.adminpass,
# krbtgtpass=self.opts.krbtgtpass, machinepass=self.opts.machinepass,
# dns_backend=self.opts.dns_backend,
# dnspass=self.opts.dnspass, root=self.opts.root, nobody=self.opts.nobody,
# wheel=self.opts.wheel, users=self.opts.users,
serverrole=self.opts.server_role, dom_for_fun_level=self.opts.dom_for_fun_level,
# ldap_backend_extra_port=self.opts.ldap_backend_extra_port,
# ldap_backend_forced_uri=self.opts.ldap_backend_forced_uri,
# backend_type=self.opts.ldap_backend_type,
# ldapadminpass=self.opts.ldapadminpass, ol_mmr_urls=self.opts.ol_mmr_urls,
# slapd_path=self.opts.slapd_path, setup_ds_path=self.opts.setup_ds_path,
# nosync=self.opts.ldap_backend_nosync, ldap_dryrun_mode=self.opts.ldap_dryrun_mode,
useeadb=self.opts.eadb,
# next_rid=self.opts.next_rid,
lp=self.opts.lp)
#except ProvisioningError, e:
except Exception,e:
if(len(e.args)>1):
self.SetError(e.args[1],e.args[0])
self.logger.warning('Error: %s :%s',e.args[1], e.args[0])
else:
self.logger.warning('Error: %s :%s',e.args, 0)
#.........这里部分代码省略.........
示例14: PyCredentialsTests
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_kerberos_state [as 别名]
#.........这里部分代码省略.........
# Establish sealed schannel netlogon connection over TCP/IP
#
def get_netlogon_connection(self):
return netlogon.netlogon("ncacn_ip_tcp:%s[schannel,seal]" % self.server,
self.lp,
self.machine_creds)
#
# Create the machine account
def create_machine_account(self):
self.machine_pass = samba.generate_random_password(32, 32)
self.machine_name = MACHINE_NAME
self.machine_dn = "cn=%s,%s" % (self.machine_name, self.ldb.domain_dn())
# remove the account if it exists, this will happen if a previous test
# run failed
delete_force(self.ldb, self.machine_dn)
utf16pw = unicode(
'"' + self.machine_pass.encode('utf-8') + '"', 'utf-8'
).encode('utf-16-le')
self.ldb.add({
"dn": self.machine_dn,
"objectclass": "computer",
"sAMAccountName": "%s$" % self.machine_name,
"userAccountControl":
str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
"unicodePwd": utf16pw})
self.machine_creds = Credentials()
self.machine_creds.guess(self.get_loadparm())
self.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
self.machine_creds.set_kerberos_state(DONT_USE_KERBEROS)
self.machine_creds.set_password(self.machine_pass)
self.machine_creds.set_username(self.machine_name + "$")
self.machine_creds.set_workstation(self.machine_name)
#
# Create a test user account
def create_user_account(self):
self.user_pass = samba.generate_random_password(32, 32)
self.user_name = USER_NAME
self.user_dn = "cn=%s,%s" % (self.user_name, self.ldb.domain_dn())
# remove the account if it exists, this will happen if a previous test
# run failed
delete_force(self.ldb, self.user_dn)
utf16pw = unicode(
'"' + self.user_pass.encode('utf-8') + '"', 'utf-8'
).encode('utf-16-le')
self.ldb.add({
"dn": self.user_dn,
"objectclass": "user",
"sAMAccountName": "%s" % self.user_name,
"userAccountControl": str(UF_NORMAL_ACCOUNT),
"unicodePwd": utf16pw})
self.user_creds = Credentials()
self.user_creds.guess(self.get_loadparm())
self.user_creds.set_password(self.user_pass)
self.user_creds.set_username(self.user_name)
self.user_creds.set_workstation(self.machine_name)
pass