本文整理汇总了Python中samba.samdb.SamDB.get_default_basedn方法的典型用法代码示例。如果您正苦于以下问题:Python SamDB.get_default_basedn方法的具体用法?Python SamDB.get_default_basedn怎么用?Python SamDB.get_default_basedn使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类samba.samdb.SamDB的用法示例。
在下文中一共展示了SamDB.get_default_basedn方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_rid_set_dbcheck_after_seize
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import get_default_basedn [as 别名]
def test_rid_set_dbcheck_after_seize(self):
"""Perform a join against the RID manager and assert we have a RID Set.
We seize the RID master role, then using dbcheck, we assert that we can
detect out of range users (and then bump the RID set as required)."""
fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
(fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
targetdir = self._test_join(fsmo_owner['dns_name'], "RIDALLOCTEST7")
try:
# Connect to the database
ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
smbconf = os.path.join(targetdir, "etc/smb.conf")
lp = self.get_loadparm()
new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
session_info=system_session(lp), lp=lp)
# 1. Get server name
res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
scope=ldb.SCOPE_BASE, attrs=["serverReference"])
# 2. Get server reference
server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0])
# 3. Assert we get the RID Set
res = new_ldb.search(base=server_ref_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
self.assertTrue("rIDSetReferences" in res[0])
rid_set_dn = ldb.Dn(new_ldb, res[0]["rIDSetReferences"][0])
# 4. Seize the RID Manager role
(result, out, err) = self.runsubcmd("fsmo", "seize", "--role", "rid", "-H", ldb_url, "-s", smbconf, "--force")
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
# 5. Add a new user (triggers RID set work)
new_ldb.newuser("ridalloctestuser", "[email protected]!")
# 6. Now fetch the RID SET
rid_set_res = new_ldb.search(base=rid_set_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
'rIDAllocationPool'])
next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
last_rid = (0xFFFFFFFF00000000 & next_pool) >> 32
# 7. Add user above the ridNextRid and at almost the end of the range.
#
m = ldb.Message()
m.dn = ldb.Dn(new_ldb, "CN=ridsettestuser2,CN=Users")
m.dn.add_base(new_ldb.get_default_basedn())
m['objectClass'] = ldb.MessageElement('user', ldb.FLAG_MOD_ADD, 'objectClass')
m['objectSid'] = ldb.MessageElement(ndr_pack(security.dom_sid(str(new_ldb.get_domain_sid()) + "-%d" % (last_rid - 3))),
ldb.FLAG_MOD_ADD,
'objectSid')
new_ldb.add(m, controls=["relax:0"])
# 8. Add user above the ridNextRid and at the end of the range
m = ldb.Message()
m.dn = ldb.Dn(new_ldb, "CN=ridsettestuser3,CN=Users")
m.dn.add_base(new_ldb.get_default_basedn())
m['objectClass'] = ldb.MessageElement('user', ldb.FLAG_MOD_ADD, 'objectClass')
m['objectSid'] = ldb.MessageElement(ndr_pack(security.dom_sid(str(new_ldb.get_domain_sid()) + "-%d" % last_rid)),
ldb.FLAG_MOD_ADD,
'objectSid')
new_ldb.add(m, controls=["relax:0"])
chk = dbcheck(new_ldb, verbose=False, fix=True, yes=True, quiet=True)
# Should have fixed two errors (wrong ridNextRid)
self.assertEqual(chk.check_database(DN=rid_set_dn, scope=ldb.SCOPE_BASE), 2)
# 9. Assert we get didn't show any other errors
chk = dbcheck(new_ldb, verbose=False, fix=False, quiet=True)
# 10. Add another user (checks RID rollover)
# We have seized the role, so we can do that.
new_ldb.newuser("ridalloctestuser3", "[email protected]!")
rid_set_res = new_ldb.search(base=rid_set_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
'rIDAllocationPool'])
next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
self.assertNotEqual(last_rid, (0xFFFFFFFF00000000 & next_pool) >> 32, "rid pool should have changed")
finally:
self._test_force_demote(fsmo_owner['dns_name'], "RIDALLOCTEST7")
shutil.rmtree(targetdir, ignore_errors=True)示例2: test_rid_set_dbcheck
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import get_default_basedn [as 别名]
def test_rid_set_dbcheck(self):
"""Perform a join against the RID manager and assert we have a RID Set.
Using dbcheck, we assert that we can detect out of range users."""
fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
(fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
targetdir = self._test_join(fsmo_owner['dns_name'], "RIDALLOCTEST6")
try:
# Connect to the database
ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
smbconf = os.path.join(targetdir, "etc/smb.conf")
lp = self.get_loadparm()
new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
session_info=system_session(lp), lp=lp)
# 1. Get server name
res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
scope=ldb.SCOPE_BASE, attrs=["serverReference"])
# 2. Get server reference
server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0])
# 3. Assert we get the RID Set
res = new_ldb.search(base=server_ref_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
self.assertTrue("rIDSetReferences" in res[0])
rid_set_dn = ldb.Dn(new_ldb, res[0]["rIDSetReferences"][0])
# 4. Add a new user (triggers RID set work)
new_ldb.newuser("ridalloctestuser", "[email protected]!")
# 5. Now fetch the RID SET
rid_set_res = new_ldb.search(base=rid_set_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
'rIDAllocationPool'])
next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
last_rid = (0xFFFFFFFF00000000 & next_pool) >> 32
# 6. Add user above the ridNextRid and at mid-range.
#
# We can do this with safety because this is an offline DB that will be
# destroyed.
m = ldb.Message()
m.dn = ldb.Dn(new_ldb, "CN=ridsettestuser1,CN=Users")
m.dn.add_base(new_ldb.get_default_basedn())
m['objectClass'] = ldb.MessageElement('user', ldb.FLAG_MOD_ADD, 'objectClass')
m['objectSid'] = ldb.MessageElement(ndr_pack(security.dom_sid(str(new_ldb.get_domain_sid()) + "-%d" % (last_rid - 10))),
ldb.FLAG_MOD_ADD,
'objectSid')
new_ldb.add(m, controls=["relax:0"])
# 7. Check the RID Set
chk = dbcheck(new_ldb, verbose=False, fix=True, yes=True, quiet=True)
# Should have one error (wrong rIDNextRID)
self.assertEqual(chk.check_database(DN=rid_set_dn, scope=ldb.SCOPE_BASE), 1)
# 8. Assert we get didn't show any other errors
chk = dbcheck(new_ldb, verbose=False, fix=False, quiet=True)
rid_set_res = new_ldb.search(base=rid_set_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
'rIDAllocationPool'])
last_allocated_rid = int(rid_set_res[0]["rIDNextRid"][0])
self.assertEquals(last_allocated_rid, last_rid - 10)
# 9. Assert that the range wasn't thrown away
next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
self.assertEqual(last_rid, (0xFFFFFFFF00000000 & next_pool) >> 32, "rid pool should have changed")
finally:
self._test_force_demote(fsmo_owner['dns_name'], "RIDALLOCTEST6")
shutil.rmtree(targetdir, ignore_errors=True)示例3: DsdbLockTestCase
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import get_default_basedn [as 别名]
class DsdbLockTestCase(SamDBTestCase):
def test_db_lock1(self):
basedn = self.samdb.get_default_basedn()
(r1, w1) = os.pipe()
pid = os.fork()
if pid == 0:
# In the child, close the main DB, re-open just one DB
del(self.samdb)
gc.collect()
self.samdb = SamDB(session_info=self.session,
lp=self.lp)
self.samdb.transaction_start()
dn = "cn=test_db_lock_user,cn=users," + str(basedn)
self.samdb.add({
"dn": dn,
"objectclass": "user",
})
self.samdb.delete(dn)
# Obtain a write lock
self.samdb.transaction_prepare_commit()
os.write(w1, b"prepared")
time.sleep(2)
# Drop the write lock
self.samdb.transaction_cancel()
os._exit(0)
self.assertEqual(os.read(r1, 8), b"prepared")
start = time.time()
# We need to hold this iterator open to hold the all-record lock.
res = self.samdb.search_iterator()
# This should take at least 2 seconds because the transaction
# has a write lock on one backend db open
# Release the locks
for l in res:
pass
end = time.time()
self.assertGreater(end - start, 1.9)
(got_pid, status) = os.waitpid(pid, 0)
self.assertEqual(got_pid, pid)
self.assertTrue(os.WIFEXITED(status))
self.assertEqual(os.WEXITSTATUS(status), 0)
def test_db_lock2(self):
basedn = self.samdb.get_default_basedn()
(r1, w1) = os.pipe()
(r2, w2) = os.pipe()
pid = os.fork()
if pid == 0:
# In the child, close the main DB, re-open
del(self.samdb)
gc.collect()
self.samdb = SamDB(session_info=self.session,
lp=self.lp)
# We need to hold this iterator open to hold the all-record lock.
res = self.samdb.search_iterator()
os.write(w2, b"start")
if (os.read(r1, 7) != b"started"):
os._exit(1)
os.write(w2, b"add")
if (os.read(r1, 5) != b"added"):
os._exit(2)
# Wait 2 seconds to block prepare_commit() in the child.
os.write(w2, b"prepare")
time.sleep(2)
# Release the locks
for l in res:
pass
if (os.read(r1, 8) != b"prepared"):
os._exit(3)
os._exit(0)
# We can start the transaction during the search
# because both just grab the all-record read lock.
self.assertEqual(os.read(r2, 5), b"start")
self.samdb.transaction_start()
os.write(w1, b"started")
self.assertEqual(os.read(r2, 3), b"add")
dn = "cn=test_db_lock_user,cn=users," + str(basedn)
self.samdb.add({
"dn": dn,
#.........这里部分代码省略.........
示例4: PassWordHashTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import get_default_basedn [as 别名]
class PassWordHashTests(TestCase):
def setUp(self):
self.lp = samba.tests.env_loadparm()
super(PassWordHashTests, self).setUp()
def set_store_cleartext(self, cleartext):
# get the current pwdProperties
pwdProperties = self.ldb.get_pwdProperties()
# update the clear-text properties flag
props = int(pwdProperties)
if cleartext:
props |= DOMAIN_PASSWORD_STORE_CLEARTEXT
else:
props &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT
self.ldb.set_pwdProperties(str(props))
# Add a user to ldb, this will exercise the password_hash code
# and calculate the appropriate supplemental credentials
def add_user(self, options=None, clear_text=False, ldb=None):
# set any needed options
if options is not None:
for (option, value) in options:
self.lp.set(option, value)
if ldb is None:
self.creds = Credentials()
self.session = system_session()
self.creds.guess(self.lp)
self.session = system_session()
self.ldb = SamDB(session_info=self.session,
credentials=self.creds,
lp=self.lp)
else:
self.ldb = ldb
res = self.ldb.search(base=self.ldb.get_config_basedn(),
expression="ncName=%s" % self.ldb.get_default_basedn(),
attrs=["nETBIOSName"])
self.netbios_domain = res[0]["nETBIOSName"][0]
self.dns_domain = self.ldb.domain_dns_name()
# Gets back the basedn
base_dn = self.ldb.domain_dn()
# Gets back the configuration basedn
configuration_dn = self.ldb.get_config_basedn().get_linearized()
# permit password changes during this test
PasswordCommon.allow_password_changes(self, self.ldb)
self.base_dn = self.ldb.domain_dn()
account_control = 0
if clear_text:
# Restore the current domain setting on exit.
pwdProperties = self.ldb.get_pwdProperties()
self.addCleanup(self.ldb.set_pwdProperties, pwdProperties)
# Update the domain setting
self.set_store_cleartext(clear_text)
account_control |= UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
# (Re)adds the test user USER_NAME with password USER_PASS
# and userPrincipalName UPN
delete_force(self.ldb, "cn=" + USER_NAME + ",cn=users," + self.base_dn)
self.ldb.add({
"dn": "cn=" + USER_NAME + ",cn=users," + self.base_dn,
"objectclass": "user",
"sAMAccountName": USER_NAME,
"userPassword": USER_PASS,
"userPrincipalName": UPN,
"userAccountControl": str(account_control)
})
# Get the supplemental credentials for the user under test
def get_supplemental_creds(self):
base = "cn=" + USER_NAME + ",cn=users," + self.base_dn
res = self.ldb.search(scope=ldb.SCOPE_BASE,
base=base,
attrs=["supplementalCredentials"])
self.assertIs(True, len(res) > 0)
obj = res[0]
sc_blob = obj["supplementalCredentials"][0]
sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
return sc
# Calculate and validate a Wdigest value
def check_digest(self, user, realm, password, digest):
expected = calc_digest(user, realm, password)
actual = binascii.hexlify(bytearray(digest))
error = "Digest expected[%s], actual[%s], " \
"user[%s], realm[%s], pass[%s]" % \
(expected, actual, user, realm, password)
self.assertEquals(expected, actual, error)
# Check all of the 29 expected WDigest values
#
def check_wdigests(self, digests):
#.........这里部分代码省略.........
示例5: DsdbTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import get_default_basedn [as 别名]
#.........这里部分代码省略.........
(errno, estr) = e.args
if errno != ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION:
self.fail("Got %s should have got ERR_UNSUPPORTED_CRITICAL_EXTENSION"
% e[1])
# Allocate a unique RID for use in the objectSID tests.
#
def allocate_rid(self):
self.samdb.transaction_start()
try:
rid = self.samdb.allocate_rid()
except:
self.samdb.transaction_cancel()
raise
self.samdb.transaction_commit()
return str(rid)
# Ensure that duplicate objectSID's are permitted for foreign security
# principals.
#
def test_duplicate_objectSIDs_allowed_on_foreign_security_principals(self):
#
# We need to build a foreign security principal SID
# i.e a SID not in the current domain.
#
dom_sid = self.samdb.get_domain_sid()
if str(dom_sid).endswith("0"):
c = "9"
else:
c = "0"
sid_str = str(dom_sid)[:-1] + c + "-1000"
sid = ndr_pack(security.dom_sid(sid_str))
basedn = self.samdb.get_default_basedn()
dn = "CN=%s,CN=ForeignSecurityPrincipals,%s" % (sid_str, basedn)
#
# First without control
#
try:
self.samdb.add({
"dn": dn,
"objectClass": "foreignSecurityPrincipal"})
self.fail("No exception should get ERR_OBJECT_CLASS_VIOLATION")
except ldb.LdbError as e:
(code, msg) = e.args
self.assertEqual(code, ldb.ERR_OBJECT_CLASS_VIOLATION, str(e))
werr = "%08X" % werror.WERR_DS_MISSING_REQUIRED_ATT
self.assertTrue(werr in msg, msg)
try:
self.samdb.add({
"dn": dn,
"objectClass": "foreignSecurityPrincipal",
"objectSid": sid})
self.fail("No exception should get ERR_UNWILLING_TO_PERFORM")
except ldb.LdbError as e:
(code, msg) = e.args
self.assertEqual(code, ldb.ERR_UNWILLING_TO_PERFORM, str(e))
werr = "%08X" % werror.WERR_DS_ILLEGAL_MOD_OPERATION
self.assertTrue(werr in msg, msg)
#
# We need to use the provision control
# in order to add foreignSecurityPrincipal