本文整理汇总了Python中samba.credentials.Credentials.set_machine_account方法的典型用法代码示例。如果您正苦于以下问题:Python Credentials.set_machine_account方法的具体用法?Python Credentials.set_machine_account怎么用?Python Credentials.set_machine_account使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类samba.credentials.Credentials的用法示例。
在下文中一共展示了Credentials.set_machine_account方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_join_records_can_update
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def test_join_records_can_update(self):
dc_creds = Credentials()
dc_creds.guess(self.join_ctx.lp)
dc_creds.set_machine_account(self.join_ctx.lp)
self.tkey_trans(creds=dc_creds)
p = self.make_name_packet(dns.DNS_OPCODE_UPDATE)
q = self.make_name_question(self.join_ctx.dnsdomain,
dns.DNS_QTYPE_SOA,
dns.DNS_QCLASS_IN)
questions = []
questions.append(q)
self.finish_name_packet(p, questions)
updates = []
# Delete the old expected IPs
IPs = samba.interface_ips(self.lp)
for IP in IPs[1:]:
if ":" in IP:
r = dns.res_rec()
r.name = self.join_ctx.dnshostname
r.rr_type = dns.DNS_QTYPE_AAAA
r.rr_class = dns.DNS_QCLASS_NONE
r.ttl = 0
r.length = 0xffff
rdata = IP
else:
r = dns.res_rec()
r.name = self.join_ctx.dnshostname
r.rr_type = dns.DNS_QTYPE_A
r.rr_class = dns.DNS_QCLASS_NONE
r.ttl = 0
r.length = 0xffff
rdata = IP
r.rdata = rdata
updates.append(r)
p.nscount = len(updates)
p.nsrecs = updates
mac = self.sign_packet(p, self.key_name)
(response, response_p) = self.dns_transaction_udp(p, self.server_ip)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.verify_packet(response, response_p, mac)
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
name = self.join_ctx.dnshostname
q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN)
questions.append(q)
self.finish_name_packet(p, questions)
(response, response_packet) = self.dns_transaction_tcp(p, host=self.server_ip)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
self.assertEquals(response.ancount, 1)示例2: _load_samba_environment
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def _load_samba_environment():
"""Load the samba configuration vars from smb.conf and the sam.db."""
params = samba.param.LoadParm()
params.load_default()
netbiosname = params.get("netbios name")
hostname = netbiosname.lower()
dnsdomain = params.get("realm")
dnsdomain = dnsdomain.lower()
creds = Credentials()
creds.guess(params)
creds.set_machine_account(params)
samdb_url = params.get('dcerpc_mapiproxy:samdb_url')
if samdb_url is None:
samdb_url = params.samdb_url()
samdb_ldb = SamDBWrapper(url=samdb_url,
session_info=system_session(),
credentials=creds,
lp=params)
domaindn = samdb_ldb.domain_dn()
rootdn = domaindn
configdn = "CN=Configuration," + rootdn
# FIXME: Hardcoded strings, those should be queried to LDB, just like
# openchange.provision.guess_names_from_smbconf does.
firstorg = FIRST_ORGANIZATION
firstou = FIRST_ORGANIZATION_UNIT
username_mail = False
if params.get("auth:usernames are emails") == 'yes':
username_mail = True
sam_environ = {"samdb_ldb": samdb_ldb,
"private_dir": params.get("private dir"),
"domaindn": domaindn,
"oc_user_basedn": "CN=%s,CN=%s,CN=%s,%s" \
% (firstou, firstorg, netbiosname, domaindn),
"firstorgdn": ("CN=%s,CN=Microsoft Exchange,CN=Services,%s"
% (firstorg, configdn)),
"legacyserverdn": ("/o=%s/ou=%s/cn=Configuration/cn=Servers"
"/cn=%s"
% (firstorg, firstou, netbiosname)),
"hostname": hostname,
"dnsdomain": dnsdomain,
'username_mail': username_mail,
}
# OpenChange dispatcher DB names
return sam_environ示例3: test_max_update_size
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def test_max_update_size(self):
"""Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
"""Start up a client and server GENSEC instance to test things with"""
self.gensec_client = gensec.Security.start_client(self.settings)
self.gensec_client.set_credentials(self.get_credentials())
self.gensec_client.want_feature(gensec.FEATURE_SIGN)
self.gensec_client.set_max_update_size(5)
self.gensec_client.start_mech_by_name("spnego")
self.gensec_server = gensec.Security.start_server(
settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)
)
creds = Credentials()
creds.guess(self.lp_ctx)
creds.set_machine_account(self.lp_ctx)
self.gensec_server.set_credentials(creds)
self.gensec_server.want_feature(gensec.FEATURE_SIGN)
self.gensec_server.set_max_update_size(5)
self.gensec_server.start_mech_by_name("spnego")
client_finished = False
server_finished = False
server_to_client = ""
"""Run the actual call loop"""
i = 0
while not client_finished or not server_finished:
i += 1
if not client_finished:
print("running client gensec_update: %d: %r" % (len(server_to_client), server_to_client))
(client_finished, client_to_server) = self.gensec_client.update(server_to_client)
if not server_finished:
print("running server gensec_update: %d: %r" % (len(client_to_server), client_to_server))
(server_finished, server_to_client) = self.gensec_server.update(client_to_server)
"""Here we expect a lot more than the typical 1 or 2 roundtrips"""
self.assertTrue(i > 10)
session_info = self.gensec_server.session_info()
test_string = "Hello Server"
test_wrapped = self.gensec_client.wrap(test_string)
test_unwrapped = self.gensec_server.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
test_string = "Hello Client"
test_wrapped = self.gensec_server.wrap(test_string)
test_unwrapped = self.gensec_client.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
client_session_key = self.gensec_client.session_key()
server_session_key = self.gensec_server.session_key()
self.assertEqual(client_session_key, server_session_key)示例4: test_pac_groups
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def test_pac_groups(self):
if creds.get_kerberos_state() == DONT_USE_KERBEROS:
self.skipTest("Kerberos disabled, skipping PAC test")
settings = {}
settings["lp_ctx"] = lp
settings["target_hostname"] = lp.get("netbios name")
gensec_client = gensec.Security.start_client(settings)
gensec_client.set_credentials(creds)
gensec_client.want_feature(gensec.FEATURE_SEAL)
gensec_client.start_mech_by_sasl_name("GSSAPI")
auth_context = AuthContext(lp_ctx=lp, ldb=self.ldb, methods=[])
gensec_server = gensec.Security.start_server(settings, auth_context)
machine_creds = Credentials()
machine_creds.guess(lp)
machine_creds.set_machine_account(lp)
gensec_server.set_credentials(machine_creds)
gensec_server.want_feature(gensec.FEATURE_SEAL)
gensec_server.start_mech_by_sasl_name("GSSAPI")
client_finished = False
server_finished = False
server_to_client = ""
# Run the actual call loop.
while client_finished == False and server_finished == False:
if not client_finished:
print "running client gensec_update"
(client_finished, client_to_server) = gensec_client.update(server_to_client)
if not server_finished:
print "running server gensec_update"
(server_finished, server_to_client) = gensec_server.update(client_to_server)
session = gensec_server.session_info()
token = session.security_token
pac_sids = []
for s in token.sids:
pac_sids.append(str(s))
sidset1 = set(pac_sids)
sidset2 = set(self.user_sids)
if len(sidset1.difference(sidset2)):
print("token sids don't match")
print("difference : %s" % sidset1.difference(sidset2))
self.fail(msg="calculated groups don't match against user PAC tokenGroups")示例5: test_update
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def test_update(self):
"""Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
"""Start up a client and server GENSEC instance to test things with"""
self.gensec_client = gensec.Security.start_client(self.settings)
self.gensec_client.set_credentials(self.get_credentials())
self.gensec_client.want_feature(gensec.FEATURE_SEAL)
self.gensec_client.start_mech_by_sasl_name("GSSAPI")
self.gensec_server = gensec.Security.start_server(
settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)
)
creds = Credentials()
creds.guess(self.lp_ctx)
creds.set_machine_account(self.lp_ctx)
self.gensec_server.set_credentials(creds)
self.gensec_server.want_feature(gensec.FEATURE_SEAL)
self.gensec_server.start_mech_by_sasl_name("GSSAPI")
client_finished = False
server_finished = False
server_to_client = ""
"""Run the actual call loop"""
while not client_finished and not server_finished:
if not client_finished:
print("running client gensec_update")
(client_finished, client_to_server) = self.gensec_client.update(server_to_client)
if not server_finished:
print("running server gensec_update")
(server_finished, server_to_client) = self.gensec_server.update(client_to_server)
session_info = self.gensec_server.session_info()
test_string = "Hello Server"
test_wrapped = self.gensec_client.wrap(test_string)
test_unwrapped = self.gensec_server.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
test_string = "Hello Client"
test_wrapped = self.gensec_server.wrap(test_string)
test_unwrapped = self.gensec_client.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
client_session_key = self.gensec_client.session_key()
server_session_key = self.gensec_server.session_key()
self.assertEqual(client_session_key, server_session_key)示例6: _load_samba_environment
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def _load_samba_environment(retries):
"""Load the samba configuration vars from smb.conf and the sam.db."""
params = samba.param.LoadParm()
params.load_default()
netbiosname = params.get("netbios name")
hostname = netbiosname.lower()
dnsdomain = params.get("realm")
dnsdomain = dnsdomain.lower()
creds = Credentials()
creds.guess(params)
creds.set_machine_account(params)
samdb_url = params.get('dcerpc_mapiproxy:samdb_url')
if samdb_url is None:
samdb_url = params.samdb_url()
samdb_ldb = None
backoff = 0.2
next_retry = 0
while samdb_ldb is None:
try:
samdb_ldb = SamDBWrapper(url=samdb_url,
session_info=system_session(),
credentials=creds,
lp=params)
except ldb.LdbError as ex:
number, desc = ex
if number == ldb.ERR_OPERATIONS_ERROR:
# this is a cannot connect error
if retries != 0:
next_retry += 1
if next_retry > retries:
logger.error("Maximum samba connection retries reached (%i)"
% retries)
raise ex
logger.warn("Cannot connect to samba server. Backing off for %.2f seconds"
% backoff)
time.sleep(backoff)
backoff *= 2
if backoff > 60:
backoff = 60
else:
raise ex
domaindn = samdb_ldb.domain_dn()
rootdn = domaindn
configdn = "CN=Configuration," + rootdn
firstorg = None
firstorg_basedn = 'CN=Microsoft Exchange,CN=Services,' + configdn
res = samdb_ldb.search(base=firstorg_basedn, scope=ldb.SCOPE_ONELEVEL, expression='(objectClass=msExchOrganizationContainer)', attrs=['cn'])
if res:
if len(res) > 1:
logger.warn('More than one exchange organization found')
firstorg = res[0]['cn'][0]
if not firstorg:
raise Exception("Cannot find first exchange organization in samba database")
firstou = None
firstou_basedn = "CN=Administrative Groups,CN=%s,%s" %(firstorg, firstorg_basedn)
res = samdb_ldb.search(base=firstou_basedn, scope=ldb.SCOPE_ONELEVEL, expression='(objectClass=msExchAdminGroup)', attrs=['cn'])
if res:
if len(res) > 1:
logger.warn('More than one exchange administration group found')
firstou = res[0]['cn'][0]
if not firstou:
raise Exception("Cannot find exchange first organization unit in samba database")
username_mail = False
if params.get("auth:usernames are emails") == 'yes':
username_mail = True
sam_environ = {"samdb_ldb": samdb_ldb,
"private_dir": params.get("private dir"),
"domaindn": domaindn,
"oc_user_basedn": "CN=%s,CN=%s,CN=%s,%s" \
% (firstou, firstorg, netbiosname, domaindn),
"firstorgdn": ("CN=%s,CN=Microsoft Exchange,CN=Services,%s"
% (firstorg, configdn)),
"legacyserverdn": ("/o=%s/ou=%s/cn=Configuration/cn=Servers"
"/cn=%s"
% (firstorg, firstou, netbiosname)),
"hostname": hostname,
"dnsdomain": dnsdomain,
'username_mail': username_mail,
}
return sam_environ示例7: CredentialsOptions
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
class CredentialsOptions(optparse.OptionGroup):
"""Command line options for specifying credentials."""
def __init__(self, parser, special_name=None):
self.special_name = special_name
if special_name is not None:
self.section = "Credentials Options (%s)" % special_name
else:
self.section = "Credentials Options"
self.ask_for_password = True
self.ipaddress = None
self.machine_pass = False
optparse.OptionGroup.__init__(self, parser, self.section)
self._add_option("--simple-bind-dn", metavar="DN", action="callback",
callback=self._set_simple_bind_dn, type=str,
help="DN to use for a simple bind")
self._add_option("--password", metavar="PASSWORD", action="callback",
help="Password", type=str, callback=self._set_password)
self._add_option("-U", "--username", metavar="USERNAME",
action="callback", type=str,
help="Username", callback=self._parse_username)
self._add_option("-W", "--workgroup", metavar="WORKGROUP",
action="callback", type=str,
help="Workgroup", callback=self._parse_workgroup)
self._add_option("-N", "--no-pass", action="callback",
help="Don't ask for a password",
callback=self._set_no_password)
self._add_option("-k", "--kerberos", metavar="KERBEROS",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos)
self._add_option("", "--ipaddress", metavar="IPADDRESS",
action="callback", type=str,
help="IP address of server",
callback=self._set_ipaddress)
self._add_option("-P", "--machine-pass",
action="callback",
help="Use stored machine account password",
callback=self._set_machine_pass)
self._add_option("--krb5-ccache", metavar="KRB5CCNAME",
action="callback", type=str,
help="Kerberos Credentials cache",
callback=self._set_krb5_ccache)
self.creds = Credentials()
def _add_option(self, *args1, **kwargs):
if self.special_name is None:
return self.add_option(*args1, **kwargs)
args2 = ()
for a in args1:
if not a.startswith("--"):
continue
args2 += (a.replace("--", "--%s-" % self.special_name),)
self.add_option(*args2, **kwargs)
def _parse_username(self, option, opt_str, arg, parser):
self.creds.parse_string(arg)
self.machine_pass = False
def _parse_workgroup(self, option, opt_str, arg, parser):
self.creds.set_domain(arg)
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
self.ask_for_password = False
self.machine_pass = False
def _set_no_password(self, option, opt_str, arg, parser):
self.ask_for_password = False
def _set_machine_pass(self, option, opt_str, arg, parser):
self.machine_pass = True
def _set_ipaddress(self, option, opt_str, arg, parser):
self.ipaddress = arg
def _set_kerberos(self, option, opt_str, arg, parser):
self.creds.set_kerberos_state(parse_kerberos_arg(arg, opt_str))
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
self.creds.set_bind_dn(arg)
def _set_krb5_ccache(self, option, opt_str, arg, parser):
self.creds.set_named_ccache(arg)
def get_credentials(self, lp, fallback_machine=False):
"""Obtain the credentials set on the command-line.
:param lp: Loadparm object to use.
:return: Credentials object
"""
self.creds.guess(lp)
if self.machine_pass:
self.creds.set_machine_account(lp)
elif self.ask_for_password:
self.creds.set_cmdline_callbacks()
# possibly fallback to using the machine account, if we have
# access to the secrets db
#.........这里部分代码省略.........
示例8: _load_samba_environment
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
def _load_samba_environment():
"""Load the samba configuration vars from smb.conf and the sam.db."""
params = samba.param.LoadParm()
params.load_default()
netbiosname = params.get("netbios name")
hostname = netbiosname.lower()
dnsdomain = params.get("realm")
dnsdomain = dnsdomain.lower()
creds = Credentials()
creds.guess(params)
creds.set_machine_account(params)
samdb_url = params.get('dcerpc_mapiproxy:samdb_url')
if samdb_url is None:
samdb_url = params.samdb_url()
samdb_ldb = SamDBWrapper(url=samdb_url,
session_info=system_session(),
credentials=creds,
lp=params)
domaindn = samdb_ldb.domain_dn()
rootdn = domaindn
configdn = "CN=Configuration," + rootdn
firstorg = None
firstorg_basedn = 'CN=Microsoft Exchange,CN=Services,' + configdn
res = samdb_ldb.search(base=firstorg_basedn, scope=ldb.SCOPE_ONELEVEL, expression='(objectClass=msExchOrganizationContainer)', attrs=['cn'])
if res:
if len(res) > 1:
logger.warn('More than one exchange organization found')
firstorg = res[0]['cn'][0]
if not firstorg:
raise Exception("Cannot find first exchange organization in samba database")
firstou = None
firstou_basedn = "CN=Administrative Groups,CN=%s,%s" %(firstorg, firstorg_basedn)
res = samdb_ldb.search(base=firstou_basedn, scope=ldb.SCOPE_ONELEVEL, expression='(objectClass=msExchAdminGroup)', attrs=['cn'])
if res:
if len(res) > 1:
logger.warn('More than one exchange administration group found')
firstou = res[0]['cn'][0]
if not firstou:
raise Exception("Cannot find exchange first organization unit in samba database")
username_mail = False
if params.get("auth:usernames are emails") == 'yes':
username_mail = True
sam_environ = {"samdb_ldb": samdb_ldb,
"private_dir": params.get("private dir"),
"domaindn": domaindn,
"oc_user_basedn": "CN=%s,CN=%s,CN=%s,%s" \
% (firstou, firstorg, netbiosname, domaindn),
"firstorgdn": ("CN=%s,CN=Microsoft Exchange,CN=Services,%s"
% (firstorg, configdn)),
"legacyserverdn": ("/o=%s/ou=%s/cn=Configuration/cn=Servers"
"/cn=%s"
% (firstorg, firstou, netbiosname)),
"hostname": hostname,
"dnsdomain": dnsdomain,
'username_mail': username_mail,
}
# OpenChange dispatcher DB names
return sam_environ示例9: CredentialsOptions
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import set_machine_account [as 别名]
class CredentialsOptions(optparse.OptionGroup):
"""Command line options for specifying credentials."""
def __init__(self, parser):
self.no_pass = True
self.ipaddress = None
optparse.OptionGroup.__init__(self, parser, "Credentials Options")
self.add_option("--simple-bind-dn", metavar="DN", action="callback",
callback=self._set_simple_bind_dn, type=str,
help="DN to use for a simple bind")
self.add_option("--password", metavar="PASSWORD", action="callback",
help="Password", type=str, callback=self._set_password)
self.add_option("-U", "--username", metavar="USERNAME",
action="callback", type=str,
help="Username", callback=self._parse_username)
self.add_option("-W", "--workgroup", metavar="WORKGROUP",
action="callback", type=str,
help="Workgroup", callback=self._parse_workgroup)
self.add_option("-N", "--no-pass", action="store_true",
help="Don't ask for a password")
self.add_option("-k", "--kerberos", metavar="KERBEROS",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos)
self.add_option("", "--ipaddress", metavar="IPADDRESS",
action="callback", type=str,
help="IP address of server", callback=self._set_ipaddress)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
self.creds.parse_string(arg)
def _parse_workgroup(self, option, opt_str, arg, parser):
self.creds.set_domain(arg)
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
self.no_pass = False
def _set_ipaddress(self, option, opt_str, arg, parser):
self.ipaddress = arg
def _set_kerberos(self, option, opt_str, arg, parser):
if arg.lower() in ["yes", 'true', '1']:
self.creds.set_kerberos_state(MUST_USE_KERBEROS)
elif arg.lower() in ["no", 'false', '0']:
self.creds.set_kerberos_state(DONT_USE_KERBEROS)
else:
raise optparse.BadOptionErr("invalid kerberos option: %s" % arg)
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
self.creds.set_bind_dn(arg)
def get_credentials(self, lp, fallback_machine=False):
"""Obtain the credentials set on the command-line.
:param lp: Loadparm object to use.
:return: Credentials object
"""
self.creds.guess(lp)
if self.no_pass:
self.creds.set_cmdline_callbacks()
# possibly fallback to using the machine account, if we have
# access to the secrets db
if fallback_machine and not self.creds.authentication_requested():
try:
self.creds.set_machine_account(lp)
except Exception:
pass
return self.creds