本文整理汇总了Python中samba.samdb.SamDB类的典型用法代码示例。如果您正苦于以下问题:Python SamDB类的具体用法?Python SamDB怎么用?Python SamDB使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了SamDB类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_modify_replicated_attributes
def test_modify_replicated_attributes(self):
# some timestamp ones
dn = 'CN=Guest,CN=Users,' + self.base_dn
value = 'hallooo'
for attr in ['carLicense', 'middleName']:
msg = ldb.Message()
msg.dn = ldb.Dn(self.samdb, dn)
msg[attr] = ldb.MessageElement(value,
ldb.FLAG_MOD_REPLACE,
attr)
try:
self.samdb.modify(msg)
self.fail("Failed to fail to modify %s %s" % (dn, attr))
except ldb.LdbError as e1:
(ecode, emsg) = e1.args
if ecode != ldb.ERR_REFERRAL:
self.fail("Failed to REFER when trying to modify %s %s" %
(dn, attr))
else:
m = re.search(r'(ldap://[^>]+)>', emsg)
if m is None:
self.fail("referral seems not to refer to anything")
address = m.group(1)
try:
tmpdb = SamDB(address, credentials=CREDS,
session_info=system_session(LP), lp=LP)
tmpdb.modify(msg)
except ldb.LdbError as e:
self.fail("couldn't modify referred location %s" %
address)
if address.lower().startswith(self.samdb.domain_dns_name()):
self.fail("referral address did not give a specific DC")示例2: run
def run(self, accountname, principal, H=None, credopts=None, sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
if H == None:
path = paths.samdb
else:
path = H
sam = SamDB(path, session_info=system_session(),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) == 0:
raise CommandError("Unable to find account name '%s'" % accountname)
assert(len(res) == 1)
msg = ldb.Message()
msg.dn = res[0].dn
msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal],
ldb.FLAG_MOD_DELETE,
"msDS-AllowedToDelegateTo")
try:
sam.modify(msg)
except Exception as err:
raise CommandError(err)示例3: SchemaTests_msDS_isRODC
class SchemaTests_msDS_isRODC(samba.tests.TestCase):
def setUp(self):
super(SchemaTests_msDS_isRODC, self).setUp()
self.ldb = SamDB(host, credentials=creds,
session_info=system_session(lp), lp=lp, options=ldb_options)
res = self.ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["defaultNamingContext"])
self.assertEquals(len(res), 1)
self.base_dn = res[0]["defaultNamingContext"][0]
def test_objectClass_ntdsdsa(self):
res = self.ldb.search(self.base_dn, expression="objectClass=nTDSDSA",
attrs=["msDS-isRODC"], controls=["search_options:1:2"])
for ldb_msg in res:
self.assertTrue("msDS-isRODC" in ldb_msg)
def test_objectClass_server(self):
res = self.ldb.search(self.base_dn, expression="objectClass=server",
attrs=["msDS-isRODC"], controls=["search_options:1:2"])
for ldb_msg in res:
ntds_search_dn = "CN=NTDS Settings,%s" % ldb_msg['dn']
try:
res_check = self.ldb.search(ntds_search_dn, attrs=["objectCategory"])
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
print("Server entry %s doesn't have a NTDS settings object" % res[0]['dn'])
else:
self.assertTrue("objectCategory" in res_check[0])
self.assertTrue("msDS-isRODC" in ldb_msg)示例4: run
def run(self, username=None, filter=None, credopts=None, sambaopts=None,
versionopts=None, H=None, newpassword=None,
must_change_at_next_login=None):
if filter is None and username is None:
raise CommandError("Either the username or '--filter' must be specified!")
password = newpassword
if password is None:
password = getpass("New Password: ")
if filter is None:
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
try:
samdb.setpassword(filter, password,
force_change_at_next_login=must_change_at_next_login,
username=username)
except Exception, e:
raise CommandError('Failed to set password for user "%s"' % username, e)示例5: run
def run(self, groupname, credopts=None, sambaopts=None,
versionopts=None, H=None, groupou=None, group_scope=None,
group_type=None, description=None, mail_address=None, notes=None, gid_number=None, nis_domain=None):
if (group_type or "Security") == "Security":
gtype = security_group.get(group_scope, GTYPE_SECURITY_GLOBAL_GROUP)
else:
gtype = distribution_group.get(group_scope, GTYPE_DISTRIBUTION_GLOBAL_GROUP)
if (gid_number is None and nis_domain is not None) or (gid_number is not None and nis_domain is None):
raise CommandError('Both --gid-number and --nis-domain have to be set for a RFC2307-enabled group. Operation cancelled.')
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
try:
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
samdb.newgroup(groupname, groupou=groupou, grouptype = gtype,
description=description, mailaddress=mail_address, notes=notes,
gidnumber=gid_number, nisdomain=nis_domain)
except Exception as e:
# FIXME: catch more specific exception
raise CommandError('Failed to create group "%s"' % groupname, e)
self.outf.write("Added group %s\n" % groupname)示例6: DirsyncBaseTests
class DirsyncBaseTests(samba.tests.TestCase):
def setUp(self):
super(DirsyncBaseTests, self).setUp()
self.ldb_admin = SamDB(ldapshost, credentials=creds, session_info=system_session(lp), lp=lp)
self.base_dn = self.ldb_admin.domain_dn()
self.domain_sid = security.dom_sid(self.ldb_admin.get_domain_sid())
self.user_pass = samba.generate_random_password(12, 16)
self.configuration_dn = self.ldb_admin.get_config_basedn().get_linearized()
self.sd_utils = sd_utils.SDUtils(self.ldb_admin)
#used for anonymous login
print("baseDN: %s" % self.base_dn)
def get_user_dn(self, name):
return "CN=%s,CN=Users,%s" % (name, self.base_dn)
def get_ldb_connection(self, target_username, target_password):
creds_tmp = Credentials()
creds_tmp.set_username(target_username)
creds_tmp.set_password(target_password)
creds_tmp.set_domain(creds.get_domain())
creds_tmp.set_realm(creds.get_realm())
creds_tmp.set_workstation(creds.get_workstation())
creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
| gensec.FEATURE_SEAL)
creds_tmp.set_kerberos_state(DONT_USE_KERBEROS) # kinit is too expensive to use in a tight loop
ldb_target = SamDB(url=ldaphost, credentials=creds_tmp, lp=lp)
return ldb_target示例7: run
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
infrastructure_dn = "CN=Infrastructure," + domain_dn
naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
schema_dn = samdb.get_schema_basedn()
rid_dn = "CN=RID Manager$,CN=System," + domain_dn
domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn)
pdcEmulator = get_fsmo_roleowner(samdb, domain_dn)
namingMaster = get_fsmo_roleowner(samdb, naming_dn)
schemaMaster = get_fsmo_roleowner(samdb, schema_dn)
ridMaster = get_fsmo_roleowner(samdb, rid_dn)
domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
forestdnszonesMaster = get_fsmo_roleowner(samdb, forestdns_dn)
self.message("SchemaMasterRole owner: " + schemaMaster)
self.message("InfrastructureMasterRole owner: " + infrastructureMaster)
self.message("RidAllocationMasterRole owner: " + ridMaster)
self.message("PdcEmulationMasterRole owner: " + pdcEmulator)
self.message("DomainNamingMasterRole owner: " + namingMaster)
self.message("DomainDnsZonesMasterRole owner: " + domaindnszonesMaster)
self.message("ForestDnsZonesMasterRole owner: " + forestdnszonesMaster)示例8: test_1000_binds
def test_1000_binds(self):
for x in range(1, 1000):
samdb = SamDB(host, credentials=creds,
session_info=system_session(self.lp), lp=self.lp)
samdb.search(base=samdb.domain_dn(),
scope=SCOPE_BASE, attrs=["*"])示例9: run
def run(self, attribute, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
may_filt = '(&(objectClass=classSchema)' \
'(|(mayContain={0})(systemMayContain={0})))'.format(attribute)
must_filt = '(&(objectClass=classSchema)' \
'(|(mustContain={0})(systemMustContain={0})))'.format(attribute)
may_res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
expression=may_filt, attrs=['cn'])
must_res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
expression=must_filt, attrs=['cn'])
self.outf.write('--- MAY contain ---\n')
for msg in may_res:
self.outf.write('%s\n' % msg['cn'][0])
self.outf.write('--- MUST contain ---\n')
for msg in must_res:
self.outf.write('%s\n' % msg['cn'][0])示例10: run
def run(self, computername, new_ou_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = ldb.Dn(samdb, samdb.domain_dn())
samaccountname = computername
if not computername.endswith('$'):
samaccountname = "%s$" % computername
filter = ("(&(sAMAccountName=%s)(sAMAccountType=%u))" %
(ldb.binary_encode(samaccountname),
dsdb.ATYPE_WORKSTATION_TRUST))
try:
res = samdb.search(base=domain_dn,
expression=filter,
scope=ldb.SCOPE_SUBTREE)
computer_dn = res[0].dn
except IndexError:
raise CommandError('Unable to find computer "%s"' % (computername))
full_new_ou_dn = ldb.Dn(samdb, new_ou_dn)
if not full_new_ou_dn.is_child_of(domain_dn):
full_new_ou_dn.add_base(domain_dn)
new_computer_dn = ldb.Dn(samdb, str(computer_dn))
new_computer_dn.remove_base_components(len(computer_dn)-1)
new_computer_dn.add_base(full_new_ou_dn)
try:
samdb.rename(computer_dn, new_computer_dn)
except Exception as e:
raise CommandError('Failed to move computer "%s"' % computername, e)
self.outf.write('Moved computer "%s" to "%s"\n' %
(computername, new_ou_dn))示例11: run
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
res = samdb.search(pso_container(samdb), scope=ldb.SCOPE_SUBTREE,
attrs=['name', 'msDS-PasswordSettingsPrecedence'],
expression="(objectClass=msDS-PasswordSettings)")
# an unprivileged search against Windows returns nothing here. On Samba
# we get the PSO names, but not their attributes
if len(res) == 0 or 'msDS-PasswordSettingsPrecedence' not in res[0]:
self.outf.write("No PSOs are present, or you don't have permission to view them.\n")
return
# sort the PSOs so they're displayed in order of precedence
pso_list = sorted(res, cmp=pso_cmp)
self.outf.write("Precedence | PSO name\n")
self.outf.write("--------------------------------------------------\n")
for pso in pso_list:
precedence = pso['msDS-PasswordSettingsPrecedence']
self.outf.write("%-10s | %s\n" %(precedence, pso['name']))示例12: run
def run(self, username=None, filter=None, credopts=None, sambaopts=None,
versionopts=None, H=None, newpassword=None,
must_change_at_next_login=False, random_password=False,
smartcard_required=False, clear_smartcard_required=False):
if filter is None and username is None:
raise CommandError("Either the username or '--filter' must be specified!")
password = newpassword
if smartcard_required:
if password is not None and password is not '':
raise CommandError('It is not allowed to specifiy '
'--newpassword '
'together with --smartcard-required.')
if must_change_at_next_login:
raise CommandError('It is not allowed to specifiy '
'--must-change-at-next-login '
'together with --smartcard-required.')
if clear_smartcard_required:
raise CommandError('It is not allowed to specifiy '
'--clear-smartcard-required '
'together with --smartcard-required.')
if random_password and not smartcard_required:
password = generate_random_password(128, 255)
while True:
if smartcard_required:
break
if password is not None and password is not '':
break
password = getpass("New Password: ")
passwordverify = getpass("Retype Password: ")
if not password == passwordverify:
password = None
self.outf.write("Sorry, passwords do not match.\n")
if filter is None:
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
if smartcard_required:
command = ""
try:
command = "Failed to set UF_SMARTCARD_REQUIRED for user '%s'" % (username or filter)
flags = dsdb.UF_SMARTCARD_REQUIRED
samdb.toggle_userAccountFlags(filter, flags, on=True)
command = "Failed to enable account for user '%s'" % (username or filter)
samdb.enable_account(filter)
except Exception, msg:
# FIXME: catch more specific exception
raise CommandError("%s: %s" % (command, msg))
self.outf.write("Added UF_SMARTCARD_REQUIRED OK\n")示例13: run
def run(self, accountname, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
if len(res) == 0:
raise CommandError("Unable to find account name '%s'" % accountname)
assert(len(res) == 1)
uac = int(res[0].get("userAccountControl")[0])
allowed = res[0].get("msDS-AllowedToDelegateTo")
self.outf.write("Account-DN: %s\n" % str(res[0].dn))
self.outf.write("UF_TRUSTED_FOR_DELEGATION: %s\n"
% bool(uac & dsdb.UF_TRUSTED_FOR_DELEGATION))
self.outf.write("UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s\n" %
bool(uac & dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION))
if allowed is not None:
for a in allowed:
self.outf.write("msDS-AllowedToDelegateTo: %s\n" % a)示例14: run
def run(self, subcommand, H=None, min_pwd_age=None, max_pwd_age=None,
quiet=False, complexity=None, store_plaintext=None, history_length=None,
min_pwd_length=None, credopts=None, sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
res = samdb.search(domain_dn, scope=ldb.SCOPE_BASE,
attrs=["pwdProperties", "pwdHistoryLength", "minPwdLength",
"minPwdAge", "maxPwdAge"])
assert(len(res) == 1)
try:
pwd_props = int(res[0]["pwdProperties"][0])
pwd_hist_len = int(res[0]["pwdHistoryLength"][0])
cur_min_pwd_len = int(res[0]["minPwdLength"][0])
# ticks -> days
cur_min_pwd_age = int(abs(int(res[0]["minPwdAge"][0])) / (1e7 * 60 * 60 * 24))
if int(res[0]["maxPwdAge"][0]) == -0x8000000000000000:
cur_max_pwd_age = 0
else:
cur_max_pwd_age = int(abs(int(res[0]["maxPwdAge"][0])) / (1e7 * 60 * 60 * 24))
except Exception, e:
raise CommandError("Could not retrieve password properties!", e)示例15: run
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
object_dn = "%s,%s" % (self.objectdn, domain_dn)
# Show all the settings we know how to set in the forest object!
res = samdb.search(base=object_dn, scope=ldb.SCOPE_BASE,
attrs=self.attributes)
# Now we just display these attributes. The value is that
# we make them a bit prettier and human accessible.
# There should only be one response!
res_object = res[0]
self.outf.write("Settings for %s\n" % object_dn)
for attr in self.attributes:
try:
self.outf.write("%s: %s\n" % (attr, res_object[attr][0]))
except KeyError:
self.outf.write("%s: <NO VALUE>\n" % attr)