本文整理汇总了Python中samba.samdb.SamDB.modify_ldif方法的典型用法代码示例。如果您正苦于以下问题:Python SamDB.modify_ldif方法的具体用法?Python SamDB.modify_ldif怎么用?Python SamDB.modify_ldif使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类samba.samdb.SamDB的用法示例。
在下文中一共展示了SamDB.modify_ldif方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: SchemaTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class SchemaTests(samba.tests.TestCase):
def setUp(self):
super(SchemaTests, self).setUp()
self.ldb = SamDB(host, credentials=creds,
session_info=system_session(lp), lp=lp, options=ldb_options)
self.base_dn = self.ldb.domain_dn()
self.schema_dn = self.ldb.get_schema_basedn().get_linearized()
def test_generated_schema(self):
"""Testing we can read the generated schema via LDAP"""
res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE,
attrs=["objectClasses", "attributeTypes", "dITContentRules"])
self.assertEquals(len(res), 1)
self.assertTrue("dITContentRules" in res[0])
self.assertTrue("objectClasses" in res[0])
self.assertTrue("attributeTypes" in res[0])
def test_generated_schema_is_operational(self):
"""Testing we don't get the generated schema via LDAP by default"""
# Must keep the "*" form
res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE,
attrs=["*"])
self.assertEquals(len(res), 1)
self.assertFalse("dITContentRules" in res[0])
self.assertFalse("objectClasses" in res[0])
self.assertFalse("attributeTypes" in res[0])
def test_schemaUpdateNow(self):
"""Testing schemaUpdateNow"""
attr_name = "test-Attr" + time.strftime("%s", time.gmtime())
attr_ldap_display_name = attr_name.replace("-", "")
ldif = """
dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
objectClass: top
objectClass: attributeSchema
adminDescription: """ + attr_name + """
adminDisplayName: """ + attr_name + """
cn: """ + attr_name + """
attributeId: 1.2.840.""" + str(random.randint(1,100000)) + """.1.5.9940
attributeSyntax: 2.5.5.12
omSyntax: 64
instanceType: 4
isSingleValued: TRUE
systemOnly: FALSE
"""
self.ldb.add_ldif(ldif)
# We must do a schemaUpdateNow otherwise it's not 100% sure that the schema
# will contain the new attribute
ldif = """
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
"""
self.ldb.modify_ldif(ldif)
# Search for created attribute
res = []
res = self.ldb.search("cn=%s,%s" % (attr_name, self.schema_dn), scope=SCOPE_BASE,
attrs=["lDAPDisplayName","schemaIDGUID"])
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_display_name)
self.assertTrue("schemaIDGUID" in res[0])
class_name = "test-Class" + time.strftime("%s", time.gmtime())
class_ldap_display_name = class_name.replace("-", "")
# First try to create a class with a wrong "defaultObjectCategory"
ldif = """
dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
objectClass: top
objectClass: classSchema
defaultObjectCategory: CN=_
adminDescription: """ + class_name + """
adminDisplayName: """ + class_name + """
cn: """ + class_name + """
governsId: 1.2.840.""" + str(random.randint(1,100000)) + """.1.5.9939
instanceType: 4
objectClassCategory: 1
subClassOf: organizationalPerson
systemFlags: 16
rDNAttID: cn
systemMustContain: cn
systemMustContain: """ + attr_ldap_display_name + """
systemOnly: FALSE
"""
try:
self.ldb.add_ldif(ldif)
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
ldif = """
dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
objectClass: top
objectClass: classSchema
adminDescription: """ + class_name + """
adminDisplayName: """ + class_name + """
#.........这里部分代码省略.........
示例2: Schema
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class Schema(object):
def __init__(self, domain_sid, invocationid=None, schemadn=None,
files=None, override_prefixmap=None, additional_prefixmap=None):
from samba.provision import setup_path
"""Load schema for the SamDB from the AD schema files and
samba4_schema.ldif
:param samdb: Load a schema into a SamDB.
:param schemadn: DN of the schema
Returns the schema data loaded, to avoid double-parsing when then
needing to add it to the db
"""
self.schemadn = schemadn
# We need to have the am_rodc=False just to keep some warnings quiet -
# this isn't a real SAM, so it's meaningless.
self.ldb = SamDB(global_schema=False, am_rodc=False)
if invocationid is not None:
self.ldb.set_invocation_id(invocationid)
self.schema_data = read_ms_schema(
setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'),
setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt'))
if files is not None:
for file in files:
self.schema_data += open(file, 'r').read()
self.schema_data = substitute_var(self.schema_data,
{"SCHEMADN": schemadn})
check_all_substituted(self.schema_data)
self.schema_dn_modify = read_and_sub_file(
setup_path("provision_schema_basedn_modify.ldif"),
{"SCHEMADN": schemadn})
descr = b64encode(get_schema_descriptor(domain_sid))
self.schema_dn_add = read_and_sub_file(
setup_path("provision_schema_basedn.ldif"),
{"SCHEMADN": schemadn, "DESCRIPTOR": descr})
if override_prefixmap is not None:
self.prefixmap_data = override_prefixmap
else:
self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
if additional_prefixmap is not None:
for map in additional_prefixmap:
self.prefixmap_data += "%s\n" % map
self.prefixmap_data = b64encode(self.prefixmap_data)
# We don't actually add this ldif, just parse it
prefixmap_ldif = "dn: %s\nprefixMap:: %s\n\n" % (self.schemadn, self.prefixmap_data)
self.set_from_ldif(prefixmap_ldif, self.schema_data, self.schemadn)
def set_from_ldif(self, pf, df, dn):
dsdb._dsdb_set_schema_from_ldif(self.ldb, pf, df, dn)
def write_to_tmp_ldb(self, schemadb_path):
self.ldb.connect(url=schemadb_path)
self.ldb.transaction_start()
try:
self.ldb.add_ldif("""dn: @ATTRIBUTES
linkID: INTEGER
dn: @INDEXLIST
@IDXATTR: linkID
@IDXATTR: attributeSyntax
""")
# These bits of LDIF are supplied when the Schema object is created
self.ldb.add_ldif(self.schema_dn_add)
self.ldb.modify_ldif(self.schema_dn_modify)
self.ldb.add_ldif(self.schema_data)
except:
self.ldb.transaction_cancel()
raise
else:
self.ldb.transaction_commit()
# Return a hash with the forward attribute as a key and the back as the
# value
def linked_attributes(self):
return get_linked_attributes(self.schemadn, self.ldb)
def dnsyntax_attributes(self):
return get_dnsyntax_attributes(self.schemadn, self.ldb)
def convert_to_openldap(self, target, mapping):
return dsdb._dsdb_convert_schema_to_openldap(self.ldb, target, mapping)示例3: SchemaTests_msDS_IntId
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class SchemaTests_msDS_IntId(samba.tests.TestCase):
def setUp(self):
super(SchemaTests_msDS_IntId, self).setUp()
self.ldb = SamDB(host, credentials=creds,
session_info=system_session(lp), lp=lp, options=ldb_options)
res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
attrs=["schemaNamingContext", "defaultNamingContext",
"forestFunctionality"])
self.assertEquals(len(res), 1)
self.schema_dn = res[0]["schemaNamingContext"][0]
self.base_dn = res[0]["defaultNamingContext"][0]
self.forest_level = int(res[0]["forestFunctionality"][0])
def _ldap_schemaUpdateNow(self):
ldif = """
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
"""
self.ldb.modify_ldif(ldif)
def _make_obj_names(self, prefix):
class_name = prefix + time.strftime("%s", time.gmtime())
class_ldap_name = class_name.replace("-", "")
class_dn = "CN=%s,%s" % (class_name, self.schema_dn)
return (class_name, class_ldap_name, class_dn)
def _is_schema_base_object(self, ldb_msg):
"""Test systemFlags for SYSTEM_FLAG_SCHEMA_BASE_OBJECT (16)"""
systemFlags = 0
if "systemFlags" in ldb_msg:
systemFlags = int(ldb_msg["systemFlags"][0])
return (systemFlags & 16) != 0
def _make_attr_ldif(self, attr_name, attr_dn):
ldif = """
dn: """ + attr_dn + """
objectClass: top
objectClass: attributeSchema
adminDescription: """ + attr_name + """
adminDisplayName: """ + attr_name + """
cn: """ + attr_name + """
attributeId: 1.2.840.""" + str(random.randint(1,100000)) + """.1.5.9940
attributeSyntax: 2.5.5.12
omSyntax: 64
instanceType: 4
isSingleValued: TRUE
systemOnly: FALSE
"""
return ldif
def test_msDS_IntId_on_attr(self):
"""Testing msDs-IntId creation for Attributes.
See MS-ADTS - 3.1.1.Attributes
This test should verify that:
- Creating attribute with 'msDS-IntId' fails with ERR_UNWILLING_TO_PERFORM
- Adding 'msDS-IntId' on existing attribute fails with ERR_CONSTRAINT_VIOLATION
- Creating attribute with 'msDS-IntId' set and FLAG_SCHEMA_BASE_OBJECT flag
set fails with ERR_UNWILLING_TO_PERFORM
- Attributes created with FLAG_SCHEMA_BASE_OBJECT not set have
'msDS-IntId' attribute added internally
"""
# 1. Create attribute without systemFlags
# msDS-IntId should be created if forest functional
# level is >= DS_DOMAIN_FUNCTION_2003
# and missing otherwise
(attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("msDS-IntId-Attr-1-")
ldif = self._make_attr_ldif(attr_name, attr_dn)
# try to add msDS-IntId during Attribute creation
ldif_fail = ldif + "msDS-IntId: -1993108831\n"
try:
self.ldb.add_ldif(ldif_fail)
self.fail("Adding attribute with preset msDS-IntId should fail")
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# add the new attribute and update schema
self.ldb.add_ldif(ldif)
self._ldap_schemaUpdateNow()
# Search for created attribute
res = []
res = self.ldb.search(attr_dn, scope=SCOPE_BASE,
attrs=["lDAPDisplayName", "msDS-IntId", "systemFlags"])
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_name)
if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
if self._is_schema_base_object(res[0]):
self.assertTrue("msDS-IntId" not in res[0])
else:
self.assertTrue("msDS-IntId" in res[0])
else:
self.assertTrue("msDS-IntId" not in res[0])
msg = Message()
#.........这里部分代码省略.........
示例4: deprovision_schema
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
def deprovision_schema(setup_path, names, lp, creds, reporter, ldif, msg, modify_mode=False):
"""Deprovision/unmodify schema using LDIF specified file, by reverting the
modifications contained therein.
:param setup_path: Path to the setup directory.
:param names: provision names object.
:param lp: Loadparm context
:param creds: Credentials Context
:param reporter: A progress reporter instance (subclass of AbstractProgressReporter)
:param ldif: path to the LDIF file
:param msg: reporter message
:param modify_mode: whether entries are added or modified
"""
session_info = system_session()
db = SamDB(url=get_ldb_url(lp, creds, names), session_info=session_info,
credentials=creds, lp=lp)
db.transaction_start()
try:
reporter.reportNextStep(msg)
ldif_content = read_and_sub_file(setup_path(ldif),
{"FIRSTORG": names.firstorg,
"FIRSTORGDN": names.firstorgdn,
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DOMAINDN": names.domaindn,
"DOMAIN": names.domain,
"DNSDOMAIN": names.dnsdomain,
"NETBIOSNAME": names.netbiosname,
"HOSTNAME": names.hostname
})
if modify_mode:
lines = ldif_content.splitlines()
keep_line = False
entries = []
current_entry = []
entries.append(current_entry)
for line in lines:
skip_this_line = False
if line.startswith("dn:") or line == "":
# current_entry.append("")
current_entry = []
entries.append(current_entry)
keep_line = True
elif line.startswith("add:"):
keep_line = True
line = "delete:" + line[4:]
elif line.startswith("replace:"):
keep_line = False
elif line.startswith("#") or line.strip() == "":
skip_this_line = True
if keep_line and not skip_this_line:
current_entry.append(line)
entries.reverse()
for entry in entries:
ldif_content = "\n".join(entry)
print ldif_content
try:
db.modify_ldif(ldif_content)
except:
pass
else:
lines = ldif_content.splitlines()
lines.reverse()
for line in lines:
if line.startswith("dn:"):
db.delete(line[4:])
except:
db.transaction_cancel()
raise
db.transaction_commit()示例5: SchemaTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class SchemaTests(samba.tests.TestCase):
def setUp(self):
super(SchemaTests, self).setUp()
self.ldb = SamDB(host, credentials=creds,
session_info=system_session(lp), lp=lp, options=ldb_options)
self.base_dn = self.ldb.domain_dn()
self.schema_dn = self.ldb.get_schema_basedn().get_linearized()
def test_generated_schema(self):
"""Testing we can read the generated schema via LDAP"""
res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE,
attrs=["objectClasses", "attributeTypes", "dITContentRules"])
self.assertEquals(len(res), 1)
self.assertTrue("dITContentRules" in res[0])
self.assertTrue("objectClasses" in res[0])
self.assertTrue("attributeTypes" in res[0])
def test_generated_schema_is_operational(self):
"""Testing we don't get the generated schema via LDAP by default"""
# Must keep the "*" form
res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE,
attrs=["*"])
self.assertEquals(len(res), 1)
self.assertFalse("dITContentRules" in res[0])
self.assertFalse("objectClasses" in res[0])
self.assertFalse("attributeTypes" in res[0])
def test_schemaUpdateNow(self):
"""Testing schemaUpdateNow"""
attr_name = "test-Attr" + time.strftime("%s", time.gmtime())
attr_ldap_display_name = attr_name.replace("-", "")
ldif = """
dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
objectClass: top
objectClass: attributeSchema
adminDescription: """ + attr_name + """
adminDisplayName: """ + attr_name + """
cn: """ + attr_name + """
attributeId: 1.2.840.""" + str(random.randint(1,100000)) + """.1.5.9940
attributeSyntax: 2.5.5.12
omSyntax: 64
instanceType: 4
isSingleValued: TRUE
systemOnly: FALSE
"""
self.ldb.add_ldif(ldif)
# We must do a schemaUpdateNow otherwise it's not 100% sure that the schema
# will contain the new attribute
ldif = """
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
"""
self.ldb.modify_ldif(ldif)
# Search for created attribute
res = []
res = self.ldb.search("cn=%s,%s" % (attr_name, self.schema_dn), scope=SCOPE_BASE,
attrs=["lDAPDisplayName","schemaIDGUID", "msDS-IntID"])
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_display_name)
self.assertTrue("schemaIDGUID" in res[0])
if "msDS-IntId" in res[0]:
msDS_IntId = int(res[0]["msDS-IntId"][0])
if msDS_IntId < 0:
msDS_IntId += (1 << 32)
else:
msDS_IntId = None
class_name = "test-Class" + time.strftime("%s", time.gmtime())
class_ldap_display_name = class_name.replace("-", "")
# First try to create a class with a wrong "defaultObjectCategory"
ldif = """
dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
objectClass: top
objectClass: classSchema
defaultObjectCategory: CN=_
adminDescription: """ + class_name + """
adminDisplayName: """ + class_name + """
cn: """ + class_name + """
governsId: 1.2.840.""" + str(random.randint(1,100000)) + """.1.5.9939
instanceType: 4
objectClassCategory: 1
subClassOf: organizationalPerson
systemFlags: 16
rDNAttID: cn
systemMustContain: cn
systemMustContain: """ + attr_ldap_display_name + """
systemOnly: FALSE
"""
try:
self.ldb.add_ldif(ldif)
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
#.........这里部分代码省略.........
示例6: Schema
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
#.........这里部分代码省略.........
if base_schema is None:
base_schema = Schema.default_base_schema()
self.base_schema = base_schema
self.schemadn = schemadn
# We need to have the am_rodc=False just to keep some warnings quiet -
# this isn't a real SAM, so it's meaningless.
self.ldb = SamDB(global_schema=False, am_rodc=False)
if invocationid is not None:
self.ldb.set_invocation_id(invocationid)
self.schema_data = read_ms_schema(
setup_path('ad-schema/%s' % Schema.base_schemas[base_schema][0]),
setup_path('ad-schema/%s' % Schema.base_schemas[base_schema][1]))
if files is not None:
for file in files:
self.schema_data += open(file, 'r').read()
self.schema_data = substitute_var(self.schema_data,
{"SCHEMADN": schemadn})
check_all_substituted(self.schema_data)
schema_version = str(Schema.get_version(base_schema))
self.schema_dn_modify = read_and_sub_file(
setup_path("provision_schema_basedn_modify.ldif"),
{"SCHEMADN": schemadn, "OBJVERSION" : schema_version})
descr = b64encode(get_schema_descriptor(domain_sid)).decode('utf8')
self.schema_dn_add = read_and_sub_file(
setup_path("provision_schema_basedn.ldif"),
{"SCHEMADN": schemadn, "DESCRIPTOR": descr})
if override_prefixmap is not None:
self.prefixmap_data = override_prefixmap
else:
self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
if additional_prefixmap is not None:
for map in additional_prefixmap:
self.prefixmap_data += "%s\n" % map
self.prefixmap_data = b64encode(self.prefixmap_data).decode('utf8')
# We don't actually add this ldif, just parse it
prefixmap_ldif = "dn: %s\nprefixMap:: %s\n\n" % (self.schemadn, self.prefixmap_data)
self.set_from_ldif(prefixmap_ldif, self.schema_data, self.schemadn)
@staticmethod
def default_base_schema():
"""Returns the default base schema to use"""
return "2008_R2"
@staticmethod
def get_version(base_schema):
"""Returns the base schema's object version, e.g. 47 for 2008_R2"""
return Schema.base_schemas[base_schema][2]
def set_from_ldif(self, pf, df, dn):
dsdb._dsdb_set_schema_from_ldif(self.ldb, pf, df, dn)
def write_to_tmp_ldb(self, schemadb_path):
self.ldb.connect(url=schemadb_path)
self.ldb.transaction_start()
try:
# These are actually ignored, as the schema has been forced
# when the ldb object was created, and that overrides this
self.ldb.add_ldif("""dn: @ATTRIBUTES
linkID: INTEGER
dn: @INDEXLIST
@IDXATTR: linkID
@IDXATTR: attributeSyntax
@IDXGUID: objectGUID
""")
schema_dn_add = self.schema_dn_add \
+ "objectGUID: 24e2ca70-b093-4ae8-84c0-2d7ac652a1b8\n"
# These bits of LDIF are supplied when the Schema object is created
self.ldb.add_ldif(schema_dn_add)
self.ldb.modify_ldif(self.schema_dn_modify)
self.ldb.add_ldif(self.schema_data)
except:
self.ldb.transaction_cancel()
raise
else:
self.ldb.transaction_commit()
# Return a hash with the forward attribute as a key and the back as the
# value
def linked_attributes(self):
return get_linked_attributes(self.schemadn, self.ldb)
def dnsyntax_attributes(self):
return get_dnsyntax_attributes(self.schemadn, self.ldb)
def convert_to_openldap(self, target, mapping):
return dsdb._dsdb_convert_schema_to_openldap(self.ldb, target, mapping)示例7: LDAPNotificationTest
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class LDAPNotificationTest(samba.tests.TestCase):
def setUp(self):
super(samba.tests.TestCase, self).setUp()
self.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
self.base_dn = self.ldb.domain_dn()
res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
self.assertEquals(len(res), 1)
self.user_sid_dn = "<SID=%s>" % str(ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["tokenGroups"][0]))
def test_simple_search(self):
"""Testing a notification with an modify and a timeout"""
if not url.startswith("ldap"):
self.fail(msg="This test is only valid on ldap")
msg1 = None
search1 = self.ldb.search_iterator(base=self.user_sid_dn,
expression="(objectClass=*)",
scope=ldb.SCOPE_SUBTREE,
attrs=["name", "objectGUID", "displayName"])
for reply in search1:
self.assertIsInstance(reply, ldb.Message)
self.assertIsNone(msg1)
msg1 = reply
res1 = search1.result()
search2 = self.ldb.search_iterator(base=self.base_dn,
expression="(objectClass=*)",
scope=ldb.SCOPE_SUBTREE,
attrs=["name", "objectGUID", "displayName"])
refs2 = 0
msg2 = None
for reply in search2:
if isinstance(reply, str):
refs2 += 1
continue
self.assertIsInstance(reply, ldb.Message)
if reply["objectGUID"][0] == msg1["objectGUID"][0]:
self.assertIsNone(msg2)
msg2 = reply
self.assertEqual(msg1.dn, msg2.dn)
self.assertEqual(len(msg1), len(msg2))
self.assertEqual(msg1["name"], msg2["name"])
#self.assertEqual(msg1["displayName"], msg2["displayName"])
res2 = search2.result()
self.ldb.modify_ldif("""
dn: """ + self.user_sid_dn + """
changetype: modify
replace: otherLoginWorkstations
otherLoginWorkstations: BEFORE"
""")
notify1 = self.ldb.search_iterator(base=self.base_dn,
expression="(objectClass=*)",
scope=ldb.SCOPE_SUBTREE,
attrs=["name", "objectGUID", "displayName"],
controls=["notification:1"],
timeout=1)
self.ldb.modify_ldif("""
dn: """ + self.user_sid_dn + """
changetype: modify
replace: otherLoginWorkstations
otherLoginWorkstations: AFTER"
""")
msg3 = None
for reply in notify1:
self.assertIsInstance(reply, ldb.Message)
if reply["objectGUID"][0] == msg1["objectGUID"][0]:
self.assertIsNone(msg3)
msg3 = reply
self.assertEqual(msg1.dn, msg3.dn)
self.assertEqual(len(msg1), len(msg3))
self.assertEqual(msg1["name"], msg3["name"])
#self.assertEqual(msg1["displayName"], msg3["displayName"])
try:
res = notify1.result()
self.fail()
except LdbError as e10:
(num, _) = e10.args
self.assertEquals(num, ERR_TIME_LIMIT_EXCEEDED)
self.assertIsNotNone(msg3)
self.ldb.modify_ldif("""
dn: """ + self.user_sid_dn + """
changetype: delete
delete: otherLoginWorkstations
""")
def test_max_search(self):
"""Testing the max allowed notifications"""
if not url.startswith("ldap"):
self.fail(msg="This test is only valid on ldap")
max_notifications = 5
notifies = [None] * (max_notifications + 1)
#.........这里部分代码省略.........
示例8: AuthLogPassChangeTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
#.........这里部分代码省略.........
def isLastExpectedMessage(msg):
return ((msg["type"] == "Authentication") and
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["authDescription"] ==
"OemChangePasswordUser2"))
username = os.environ["USERNAME"]
server = os.environ["SERVER"]
password = os.environ["PASSWORD"]
server_param = "--server=%s" % server
creds = "-U%s%%%s" % (username, password)
call(["bin/net", "rap", server_param,
"password", USER_NAME, "notMyPassword", "notGoingToBeMyPassword",
server, creds, "--option=client ipc max protocol=nt1"])
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(7,
len(messages),
"Did not receive the expected number of messages")
def test_ldap_change_password(self):
def isLastExpectedMessage(msg):
return ((msg["type"] == "Authentication") and
(msg["Authentication"]["status"] == "NT_STATUS_OK") and
(msg["Authentication"]["serviceDescription"] ==
"LDAP Password Change") and
(msg["Authentication"]["authDescription"] ==
"LDAP Modify"))
new_password = samba.generate_random_password(32, 32)
self.ldb.modify_ldif(
"dn: cn=" + USER_NAME + ",cn=users," + self.base_dn + "\n" +
"changetype: modify\n" +
"delete: userPassword\n" +
"userPassword: " + USER_PASS + "\n" +
"add: userPassword\n" +
"userPassword: " + new_password + "\n")
messages = self.waitForMessages(isLastExpectedMessage)
print("Received %d messages" % len(messages))
self.assertEquals(4,
len(messages),
"Did not receive the expected number of messages")
#
# Currently this does not get logged, so we expect to only see the log
# entries for the underlying ldap bind.
#
def test_ldap_change_password_bad_user(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authorization" and
msg["Authorization"]["serviceDescription"] == "LDAP" and
msg["Authorization"]["authType"] == "krb5")
new_password = samba.generate_random_password(32, 32)
try:
self.ldb.modify_ldif(
"dn: cn=" + "badUser" + ",cn=users," + self.base_dn + "\n" +
"changetype: modify\n" +
"delete: userPassword\n" +
"userPassword: " + USER_PASS + "\n" +
"add: userPassword\n" +
"userPassword: " + new_password + "\n")示例9: PasswordTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class PasswordTests(PasswordTestCase):
def setUp(self):
super(PasswordTests, self).setUp()
self.ldb = SamDB(url=host, session_info=system_session(lp), credentials=creds, lp=lp)
# Gets back the basedn
base_dn = self.ldb.domain_dn()
# Gets back the configuration basedn
configuration_dn = self.ldb.get_config_basedn().get_linearized()
# permit password changes during this test
self.allow_password_changes()
self.base_dn = self.ldb.domain_dn()
# (Re)adds the test user "testuser" with no password atm
delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)
self.ldb.add({
"dn": "cn=testuser,cn=users," + self.base_dn,
"objectclass": "user",
"sAMAccountName": "testuser"})
# Tests a password change when we don't have any password yet with a
# wrong old password
try:
self.ldb.modify_ldif("""
dn: cn=testuser,cn=users,""" + self.base_dn + """
changetype: modify
delete: userPassword
userPassword: noPassword
add: userPassword
userPassword: thatsAcomplPASS2
""")
self.fail()
except LdbError as e:
(num, msg) = e.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
# Windows (2008 at least) seems to have some small bug here: it
# returns "0000056A" on longer (always wrong) previous passwords.
self.assertTrue('00000056' in msg)
# Sets the initial user password with a "special" password change
# I think that this internally is a password set operation and it can
# only be performed by someone which has password set privileges on the
# account (at least in s4 we do handle it like that).
self.ldb.modify_ldif("""
dn: cn=testuser,cn=users,""" + self.base_dn + """
changetype: modify
delete: userPassword
add: userPassword
userPassword: thatsAcomplPASS1
""")
# But in the other way around this special syntax doesn't work
try:
self.ldb.modify_ldif("""
dn: cn=testuser,cn=users,""" + self.base_dn + """
changetype: modify
delete: userPassword
userPassword: thatsAcomplPASS1
add: userPassword
""")
self.fail()
except LdbError as e1:
(num, _) = e1.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
# Enables the user account
self.ldb.enable_account("(sAMAccountName=testuser)")
# Open a second LDB connection with the user credentials. Use the
# command line credentials for informations like the domain, the realm
# and the workstation.
creds2 = Credentials()
creds2.set_username("testuser")
creds2.set_password("thatsAcomplPASS1")
creds2.set_domain(creds.get_domain())
creds2.set_realm(creds.get_realm())
creds2.set_workstation(creds.get_workstation())
creds2.set_gensec_features(creds2.get_gensec_features()
| gensec.FEATURE_SEAL)
self.ldb2 = SamDB(url=host, credentials=creds2, lp=lp)
def test_unicodePwd_hash_set(self):
"""Performs a password hash set operation on 'unicodePwd' which should be prevented"""
# Notice: Direct hash password sets should never work
m = Message()
m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
m["unicodePwd"] = MessageElement("XXXXXXXXXXXXXXXX", FLAG_MOD_REPLACE,
"unicodePwd")
try:
self.ldb.modify(m)
self.fail()
except LdbError as e2:
(num, _) = e2.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
#.........这里部分代码省略.........
示例10: LDAPNotificationTest
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
class LDAPNotificationTest(samba.tests.TestCase):
def setUp(self):
super(samba.tests.TestCase, self).setUp()
self.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
self.base_dn = self.ldb.domain_dn()
res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
self.assertEquals(len(res), 1)
self.user_sid_dn = "<SID=%s>" % str(ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["tokenGroups"][0]))
def test_simple_search(self):
"""Testing a notification with an modify and a timeout"""
if not url.startswith("ldap"):
self.fail(msg="This test is only valid on ldap")
msg1 = None
search1 = self.ldb.search_iterator(base=self.user_sid_dn,
expression="(objectClass=*)",
scope=ldb.SCOPE_SUBTREE,
attrs=["name", "objectGUID", "displayName"])
for reply in search1:
self.assertIsInstance(reply, ldb.Message)
self.assertIsNone(msg1)
msg1 = reply
res1 = search1.result()
search2 = self.ldb.search_iterator(base=self.base_dn,
expression="(objectClass=*)",
scope=ldb.SCOPE_SUBTREE,
attrs=["name", "objectGUID", "displayName"])
refs2 = 0
msg2 = None
for reply in search2:
if isinstance(reply, str):
refs2 += 1
continue
self.assertIsInstance(reply, ldb.Message)
if reply["objectGUID"][0] == msg1["objectGUID"][0]:
self.assertIsNone(msg2)
msg2 = reply
self.assertEqual(msg1.dn, msg2.dn)
self.assertEqual(len(msg1), len(msg2))
self.assertEqual(msg1["name"], msg2["name"])
#self.assertEqual(msg1["displayName"], msg2["displayName"])
res2 = search2.result()
self.ldb.modify_ldif("""
dn: """ + self.user_sid_dn + """
changetype: modify
replace: otherLoginWorkstations
otherLoginWorkstations: BEFORE"
""")
notify1 = self.ldb.search_iterator(base=self.base_dn,
expression="(objectClass=*)",
scope=ldb.SCOPE_SUBTREE,
attrs=["name", "objectGUID", "displayName"],
controls=["notification:1"],
timeout=1)
self.ldb.modify_ldif("""
dn: """ + self.user_sid_dn + """
changetype: modify
replace: otherLoginWorkstations
otherLoginWorkstations: AFTER"
""")
msg3 = None
for reply in notify1:
self.assertIsInstance(reply, ldb.Message)
if reply["objectGUID"][0] == msg1["objectGUID"][0]:
self.assertIsNone(msg3)
msg3 = reply
self.assertEqual(msg1.dn, msg3.dn)
self.assertEqual(len(msg1), len(msg3))
self.assertEqual(msg1["name"], msg3["name"])
#self.assertEqual(msg1["displayName"], msg3["displayName"])
try:
res = notify1.result()
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_TIME_LIMIT_EXCEEDED)
self.assertIsNotNone(msg3)
self.ldb.modify_ldif("""
dn: """ + self.user_sid_dn + """
changetype: delete
delete: otherLoginWorkstations
""")示例11: AuditLogDsdbTests
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
#.........这里部分代码省略.........
messages = self.waitForMessages(1, net, dn=dn)
print("Received %d messages" % len(messages))
self.assertEquals(1,
len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["dsdbChange"]
self.assertEquals("Modify", audit["operation"])
self.assertFalse(audit["performedAsSystem"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
self.remoteAddress)
session_id = self.get_session()
self.assertEquals(session_id, audit["sessionId"])
# We skip the check for self.get_service_description() as this
# is subject to a race between smbd and the s4 rpc_server code
# as to which will set the description as it is DCE/RPC over SMB
self.assertTrue(self.is_guid(audit["transactionId"]))
attributes = audit["attributes"]
self.assertEquals(1, len(attributes))
actions = attributes["clearTextPassword"]["actions"]
self.assertEquals(1, len(actions))
self.assertTrue(actions[0]["redacted"])
self.assertEquals("replace", actions[0]["action"])
def test_ldap_change_password(self):
dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn
self.discardSetupMessages(dn)
new_password = samba.generate_random_password(32, 32)
dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn
self.ldb.modify_ldif(
"dn: " + dn + "\n" +
"changetype: modify\n" +
"delete: userPassword\n" +
"userPassword: " + USER_PASS + "\n" +
"add: userPassword\n" +
"userPassword: " + new_password + "\n")
messages = self.waitForMessages(1)
print("Received %d messages" % len(messages))
self.assertEquals(1,
len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["dsdbChange"]
self.assertEquals("Modify", audit["operation"])
self.assertFalse(audit["performedAsSystem"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
self.remoteAddress)
self.assertTrue(self.is_guid(audit["sessionId"]))
session_id = self.get_session()
self.assertEquals(session_id, audit["sessionId"])
service_description = self.get_service_description()
self.assertEquals(service_description, "LDAP")
attributes = audit["attributes"]
self.assertEquals(1, len(attributes))
actions = attributes["userPassword"]["actions"]
self.assertEquals(2, len(actions))
self.assertTrue(actions[0]["redacted"])
self.assertEquals("delete", actions[0]["action"])
self.assertTrue(actions[1]["redacted"])示例12:
# 需要导入模块: from samba.samdb import SamDB [as 别名]
# 或者: from samba.samdb.SamDB import modify_ldif [as 别名]
systemFlags: 33554432
objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,%(samba4_ldap_base)s
''' % ldif_dict
samdb.add_ldif(site_add_ldif)
print "created site %s" % opts.site
if opts.sitelink and not opts.createsitelink:
## and add it to the sitelink
sitelink_modify_ldif='''
dn: CN=%(sitelink)s,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,%(samba4_ldap_base)s
changetype: modify
add: siteList
siteList: CN=%(branchsite_name)s,CN=Sites,CN=Configuration,%(samba4_ldap_base)s
''' % ldif_dict
samdb.modify_ldif(sitelink_modify_ldif)
print "added site %s to sitelink %s" % (opts.site, opts.sitelink)
elif opts.site:
res = samdb.search("CN=Configuration,%s" % samba4_ldap_base, scope=ldb.SCOPE_SUBTREE, expression="(&(objectClass=site)(cn=%s))" % opts.site)
if not res:
print >> sys.stderr, "site %s not found" % opts.site
sys.exit(1)
if opts.createsitelink:
res = samdb.search("CN=Configuration,%s" % samba4_ldap_base, scope=ldb.SCOPE_SUBTREE, expression="(&(objectClass=siteLink)(cn=%s))" % opts.sitelink)
if res:
print >> sys.stderr, "sitelink %s already exists" % opts.sitelink
if not opts.ignore_exists:
sys.exit(1)