Changeset 740 for vendor/current/source4/scripting

vendor/current/source4/scripting/bin/autoidl

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	# -- coding: utf-8 --
3	3

vendor/current/source4/scripting/bin/fullschema

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
+#
 # Works out the full schema
 …
 import base64
 import optparse
-import os
 import sys
 …
 import samba
 from samba import getopt as options, Ldb
 from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError
+from ldb import SCOPE_SUBTREE, SCOPE_BASE
 import sys

vendor/current/source4/scripting/bin/get-descriptors

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
+#
 # Unix SMB/CIFS implementation.
 …
+#
-import getopt
 import optparse
 import sys
-import os
 import base64
-import re
 sys.path.insert(0, "bin/python")
 …
 from samba.auth import system_session
 import samba.getopt as options
-from samba import param
 from samba.ndr import ndr_pack, ndr_unpack
 from samba.dcerpc import security
 from samba import Ldb
 from samba.samdb import SamDB
 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+from ldb import SCOPE_SUBTREE, SCOPE_BASE
 parser = optparse.OptionParser("get-descriptor [options]")
 …
 class DescrGetter:
     def __init__(self, localdomain, remotedomain):
         self.samdb = SamDB(session_info=system_session(), lp=lp, options=["modules:paged_searches"])

vendor/current/source4/scripting/bin/minschema

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	#
3	3	# Works out the minimal schema for a set of objectclasses

vendor/current/source4/scripting/bin/rebuildextendeddn

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
+#
 # Unix SMB/CIFS implementation.
 …
+#
-import getopt
 import optparse
 import os
 …
 from samba.credentials import DONT_USE_KERBEROS
 from samba.auth import system_session
+from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \
+                        timestring, CHANGETYPE_MODIFY, CHANGETYPE_NONE
+from samba import Ldb
+from ldb import SCOPE_SUBTREE, SCOPE_BASE
 import ldb
 import samba.getopt as options
-from samba.samdb import SamDB
 from samba import param
+from samba.provision import ProvisionPaths, ProvisionNames,provision_paths_from_lp,get_dnsyntax_attributes,get_linked_attributes
+from samba.provision import ProvisionNames, provision_paths_from_lp
+from samba.schema import get_dnsyntax_attributes, get_linked_attributes
 parser = optparse.OptionParser("provision [options]")

vendor/current/source4/scripting/bin/rpcclient

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2
3	3	import sys, os, string

vendor/current/source4/scripting/bin/samba3dump

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	#
3	3	# Dump Samba3 data

vendor/current/source4/scripting/bin/setup_dns.sh

-              r414
+              r740
+}
 OBJECTGUID=$(bin/ldbsearch -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2)
+OBJECTGUID=$(bin/ldbsearch -s base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2)
 echo "Found objectGUID $OBJECTGUID"
 …
+}
 echo "Checking"
+rndc flush
 host $HOSTNAME.$DOMAIN
 host $OBJECTGUID._msdcs.$DOMAIN

vendor/current/source4/scripting/bin/smbstatus

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	# -- coding: utf-8 --
3	3	#

vendor/current/source4/scripting/bin/subunitrun

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Simple subunit testrunner for python
 …
 # Find right directory when running from source tree
 sys.path.insert(0, "bin/python")
-sys.path.insert(1, "../lib/subunit/python")
-from subunit import SubunitTestRunner
-from unittest import TestProgram
 import optparse
+import os
+from samba import param
+import samba
+samba.ensure_external_module("testtools", "testtools")
+samba.ensure_external_module("subunit", "subunit/python")
+from subunit.run import SubunitTestRunner
 import samba.getopt as options
 import samba.tests
 parser = optparse.OptionParser("subunitrun [options] <tests>")
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+try:
+    from subunit.run import TestProgram
+except ImportError:
+    from unittest import TestProgram
+else:
+    parser.add_option('-l', '--list', dest='listtests', default=False,
+                      help='List tests rather than running them.',
+                      action="store_true")
+args = parser.parse_args()[1]
+opts, args = parser.parse_args()
+samba.tests.cmdline_loadparm = sambaopts.get_loadparm()
+samba.tests.cmdline_credentials = credopts.get_credentials(samba.tests.cmdline_loadparm)
+samba.tests.cmdline_credentials = credopts.get_credentials(samba.tests.env_loadparm())
+if getattr(opts, "listtests", False):
+    args.insert(0, "--list")
 runner = SubunitTestRunner()

vendor/current/source4/scripting/python/examples/netbios.py

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2
3	3	# Unix SMB/CIFS implementation.

vendor/current/source4/scripting/python/examples/samr.py

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	# -- coding: utf-8 --
3	3

vendor/current/source4/scripting/python/examples/winreg.py

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	#
3	3	# tool to manipulate a remote registry

vendor/current/source4/scripting/python/modules.c

-              r414
+              r740
 */
+#include <Python.h>
 #include "includes.h"
 #include "scripting/python/modules.h"
 #include <Python.h>
+#include "dynconfig/dynconfig.h"
+extern void init_ldb(void);
+extern void init_security(void);
+extern void init_registry(void);
+extern void init_param(void);
+extern void init_misc(void);
+extern void init_ldb(void);
+extern void init_auth(void);
+extern void init_credentials(void);
+extern void init_tdb(void);
+extern void init_dcerpc(void);
+extern void init_events(void);
+extern void inituuid(void);
+extern void init_net(void);
+extern void initecho(void);
+extern void initdfs(void);
+extern void initdrsuapi(void);
+extern void initwinreg(void);
+extern void initepmapper(void);
+extern void initinitshutdown(void);
+extern void initmgmt(void);
+extern void initnet(void);
+extern void initatsvc(void);
+extern void initsamr(void);
+extern void initlsa(void);
+extern void initsvcctl(void);
+extern void initwkssvc(void);
+extern void initunixinfo(void);
+extern void init_libcli_nbt(void);
+extern void init_libcli_smb(void);
+static bool PySys_PathPrepend(PyObject *list, const char *path)
+{
+        PyObject *py_path = PyString_FromString(path);
+        if (py_path == NULL)
+                return false;
+static struct _inittab py_modules[] = { STATIC_LIBPYTHON_MODULES };
+void py_load_samba_modules(void)
+{
+        int i;
+        for (i = 0; i < ARRAY_SIZE(py_modules); i++) {
+                PyImport_ExtendInittab(&py_modules[i]);
+        }
+        return (PyList_Insert(list, 0, py_path) == 0);
+}
 void py_update_path(const char *bindir)
+bool py_update_path(void)
+{
+        char *newpath;
+        asprintf(&newpath, "%s/python:%s/../scripting/python:%s", bindir, bindir, Py_GetPath());
+        PySys_SetPath(newpath);
+        free(newpath);
+        PyObject *mod_sys, *py_path;
+        mod_sys = PyImport_ImportModule("sys");
+        if (mod_sys == NULL) {
+                return false;
+        }
+        py_path = PyObject_GetAttrString(mod_sys, "path");
+        if (py_path == NULL) {
+                return false;
+        }
+        if (!PyList_Check(py_path)) {
+                return false;
+        }
+        if (!PySys_PathPrepend(py_path, dyn_PYTHONDIR)) {
+                return false;
+        }
+        if (strcmp(dyn_PYTHONARCHDIR, dyn_PYTHONDIR) != 0) {
+                if (!PySys_PathPrepend(py_path, dyn_PYTHONARCHDIR)) {
+                        return false;
+                }
+        }
+        return true;
+}

vendor/current/source4/scripting/python/modules.h

-              r414
+              r740
 #define __SAMBA_PYTHON_MODULES_H__
+void py_load_samba_modules(void);
+void py_update_path(const char *bindir);
+#define py_iconv_convenience(mem_ctx) smb_iconv_convenience_init(mem_ctx, "ASCII", PyUnicode_GetDefaultEncoding(), true)
+bool py_update_path(void);
 #endif /* __SAMBA_PYTHON_MODULES_H__ */

vendor/current/source4/scripting/python/pyglue.c

-              r414
+              r740
 */
+#include <Python.h>
 #include "includes.h"
-#include "ldb.h"
-#include "ldb_errors.h"
-#include "ldb_wrap.h"
-#include "param/param.h"
-#include "auth/credentials/credentials.h"
-#include "dsdb/samdb/samdb.h"
-#include "lib/ldb-samba/ldif_handlers.h"
-#include "librpc/ndr/libndr.h"
 #include "version.h"
-#include <Python.h>
-#include "lib/ldb/pyldb.h"
-#include "libcli/util/pyerrors.h"
-#include "libcli/security/security.h"
-#include "auth/pyauth.h"
 #include "param/pyparam.h"
+#include "auth/credentials/pycredentials.h"
+#ifndef Py_RETURN_NONE
+#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
+#endif
+/* FIXME: These should be in a header file somewhere, once we finish moving
+ * away from SWIG .. */
+#define PyErr_LDB_OR_RAISE(py_ldb, ldb) \
+/*      if (!PyLdb_Check(py_ldb)) { \
+                PyErr_SetString(py_ldb_get_exception(), "Ldb connection object required"); \
+                return NULL; \
+        } */\
+        ldb = PyLdb_AsLdbContext(py_ldb);
+static void PyErr_SetLdbError(PyObject *error, int ret, struct ldb_context *ldb_ctx)
+{
+        if (ret == LDB_ERR_PYTHON_EXCEPTION)
+                return; /* Python exception should already be set, just keep that */
+        PyErr_SetObject(error,
+                                        Py_BuildValue(discard_const_p(char, "(i,s)"), ret,
+                                  ldb_ctx == NULL?ldb_strerror(ret):ldb_errstring(ldb_ctx)));
+}
+static PyObject *py_ldb_get_exception(void)
+{
+        PyObject *mod = PyImport_ImportModule("ldb");
+        if (mod == NULL)
+                return NULL;
+        return PyObject_GetAttrString(mod, "LdbError");
+}
+#include "lib/socket/netif.h"
+void init_glue(void);
 static PyObject *py_generate_random_str(PyObject *self, PyObject *args)
 …
+}
+static PyObject *py_generate_random_password(PyObject *self, PyObject *args)
+{
+        int min, max;
+        PyObject *ret;
+        char *retstr;
+        if (!PyArg_ParseTuple(args, "ii", &min, &max))
+                return NULL;
+        retstr = generate_random_password(NULL, min, max);
+        if (retstr == NULL) {
+                return NULL;
+        }
+        ret = PyString_FromString(retstr);
+        talloc_free(retstr);
+        return ret;
+}
 static PyObject *py_unix2nttime(PyObject *self, PyObject *args)
+{
 …
         unix_to_nt_time(&nt, t);
+        return PyInt_FromLong((uint64_t)nt);
+        return PyLong_FromLongLong((uint64_t)nt);
+}
+static PyObject *py_nttime2unix(PyObject *self, PyObject *args)
+{
+        time_t t;
+        NTTIME nt;
+        if (!PyArg_ParseTuple(args, "K", &nt))
+                return NULL;
+        t = nt_time_to_unix(nt);
+        return PyInt_FromLong((uint64_t)t);
+}
+static PyObject *py_nttime2string(PyObject *self, PyObject *args)
+{
+        PyObject *ret;
+        NTTIME nt;
+        TALLOC_CTX *tmp_ctx;
+        const char *string;
+        if (!PyArg_ParseTuple(args, "K", &nt))
+                return NULL;
+        tmp_ctx = talloc_new(NULL);
+        if (tmp_ctx == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+        }
+        string = nt_time_string(tmp_ctx, nt);
+        ret =  PyString_FromString(string);
+        talloc_free(tmp_ctx);
+        return ret;
+}
 …
+}
+static PyObject *py_ldb_set_credentials(PyObject *self, PyObject *args)
+{
+        PyObject *py_creds, *py_ldb;
+        struct cli_credentials *creds;
+        struct ldb_context *ldb;
+        if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_creds))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        creds = cli_credentials_from_py_object(py_creds);
+        if (creds == NULL) {
+                PyErr_SetString(PyExc_TypeError, "Expected credentials object");
+                return NULL;
+        }
+        ldb_set_opaque(ldb, "credentials", creds);
+        Py_RETURN_NONE;
+}
+static PyObject *py_ldb_set_loadparm(PyObject *self, PyObject *args)
+{
+        PyObject *py_lp_ctx, *py_ldb;
+static PyObject *py_get_debug_level(PyObject *self)
+{
+        return PyInt_FromLong(DEBUGLEVEL);
+}
+/*
+  return the list of interface IPs we have configured
+  takes an loadparm context, returns a list of IPs in string form
+  Does not return addresses on 127.0.0.0/8
+ */
+static PyObject *py_interface_ips(PyObject *self, PyObject *args)
+{
+        PyObject *pylist;
+        int count;
+        TALLOC_CTX *tmp_ctx;
+        PyObject *py_lp_ctx;
         struct loadparm_context *lp_ctx;
+        struct ldb_context *ldb;
+        if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_lp_ctx))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        lp_ctx = lp_from_py_object(py_lp_ctx);
+        struct interface *ifaces;
+        int i, ifcount;
+        int all_interfaces;
+        if (!PyArg_ParseTuple(args, "Oi", &py_lp_ctx, &all_interfaces))
+                return NULL;
+        tmp_ctx = talloc_new(NULL);
+        if (tmp_ctx == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+        }
+        lp_ctx = lpcfg_from_py_object(tmp_ctx, py_lp_ctx);
         if (lp_ctx == NULL) {
+                PyErr_SetString(PyExc_TypeError, "Expected loadparm object");
+                return NULL;
+        }
+        ldb_set_opaque(ldb, "loadparm", lp_ctx);
+        Py_RETURN_NONE;
+}
+static PyObject *py_ldb_set_session_info(PyObject *self, PyObject *args)
+{
+        PyObject *py_session_info, *py_ldb;
+        struct auth_session_info *info;
+        struct ldb_context *ldb;
+        if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_session_info))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        /*if (!PyAuthSession_Check(py_session_info)) {
+                PyErr_SetString(PyExc_TypeError, "Expected session info object");
+                return NULL;
+        }*/
+        info = PyAuthSession_AsSession(py_session_info);
+        ldb_set_opaque(ldb, "sessionInfo", info);
+        Py_RETURN_NONE;
+}
+static PyObject *py_ldb_set_utf8_casefold(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        if (!PyArg_ParseTuple(args, "O", &py_ldb))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+        Py_RETURN_NONE;
+}
+static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args)
+{
+        PyObject *py_ldb, *py_sid;
+        struct ldb_context *ldb;
+        struct dom_sid *sid;
+        bool ret;
+        if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
+        ret = samdb_set_domain_sid(ldb, sid);
+        if (!ret) {
+                PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed");
+                return NULL;
+        }
+        Py_RETURN_NONE;
+}
+static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        const struct dom_sid *sid;
+        PyObject *ret;
+        char *retstr;
+        if (!PyArg_ParseTuple(args, "O", &py_ldb))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        sid = samdb_domain_sid(ldb);
+        if (!sid) {
+                PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
+                return NULL;
+        }
+        retstr = dom_sid_string(NULL, sid);
+        ret = PyString_FromString(retstr);
+        talloc_free(retstr);
+        return ret;
+}
+static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        int ret;
+        if (!PyArg_ParseTuple(args, "O", &py_ldb))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        ret = ldb_register_samba_handlers(ldb);
+        PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+        Py_RETURN_NONE;
+}
+static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb, *py_guid;
+        bool ret;
+        struct GUID guid;
+        struct ldb_context *ldb;
+        if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        GUID_from_string(PyString_AsString(py_guid), &guid);
+        ret = samdb_set_ntds_invocation_id(ldb, &guid);
+        if (!ret) {
+                PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
+                return NULL;
+        }
+        Py_RETURN_NONE;
+}
+static PyObject *py_dsdb_set_opaque_integer(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        int value;
+        int *old_val, *new_val;
+        char *py_opaque_name, *opaque_name_talloc;
+        struct ldb_context *ldb;
+        TALLOC_CTX *tmp_ctx;
+        if (!PyArg_ParseTuple(args, "Osi", &py_ldb, &py_opaque_name, &value))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        /* see if we have a cached copy */
+        old_val = (int *)ldb_get_opaque(ldb,
+                                        py_opaque_name);
+        if (old_val) {
+                *old_val = value;
+                Py_RETURN_NONE;
+        }
+        tmp_ctx = talloc_new(ldb);
+        if (tmp_ctx == NULL) {
+                goto failed;
+        }
+        new_val = talloc(tmp_ctx, int);
+        if (!new_val) {
+                goto failed;
+        }
+        opaque_name_talloc = talloc_strdup(tmp_ctx, py_opaque_name);
+        if (!opaque_name_talloc) {
+                goto failed;
+        }
+        *new_val = value;
+        /* cache the domain_sid in the ldb */
+        if (ldb_set_opaque(ldb, opaque_name_talloc, new_val) != LDB_SUCCESS) {
+                goto failed;
+        }
+        talloc_steal(ldb, new_val);
+        talloc_steal(ldb, opaque_name_talloc);
+                talloc_free(tmp_ctx);
+                return NULL;
+        }
+        load_interfaces(tmp_ctx, lpcfg_interfaces(lp_ctx), &ifaces);
+        count = iface_count(ifaces);
+        /* first count how many are not loopback addresses */
+        for (ifcount = i = 0; i<count; i++) {
+                const char *ip = iface_n_ip(ifaces, i);
+                if (!(!all_interfaces && iface_same_net(ip, "127.0.0.1", "255.0.0.0"))) {
+                        ifcount++;
+                }
+        }
+        pylist = PyList_New(ifcount);
+        for (ifcount = i = 0; i<count; i++) {
+                const char *ip = iface_n_ip(ifaces, i);
+                if (!(!all_interfaces && iface_same_net(ip, "127.0.0.1", "255.0.0.0"))) {
+                        PyList_SetItem(pylist, ifcount, PyString_FromString(ip));
+                        ifcount++;
+                }
+        }
         talloc_free(tmp_ctx);
+        Py_RETURN_NONE;
+failed:
+        talloc_free(tmp_ctx);
+        PyErr_SetString(PyExc_RuntimeError, "Failed to set opaque integer into the ldb!\n");
+        return NULL;
+}
+static PyObject *py_dsdb_set_global_schema(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        int ret;
+        if (!PyArg_ParseTuple(args, "O", &py_ldb))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        ret = dsdb_set_global_schema(ldb);
+        PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+        Py_RETURN_NONE;
+}
+static PyObject *py_dsdb_set_schema_from_ldif(PyObject *self, PyObject *args)
+{
+        WERROR result;
+        char *pf, *df;
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        if (!PyArg_ParseTuple(args, "Oss", &py_ldb, &pf, &df))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        result = dsdb_set_schema_from_ldif(ldb, pf, df);
+        PyErr_WERROR_IS_ERR_RAISE(result);
+        Py_RETURN_NONE;
+}
+static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self, PyObject *args)
+{
+        char *target_str, *mapping;
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        PyObject *ret;
+        char *retstr;
+        if (!PyArg_ParseTuple(args, "Oss", &py_ldb, &target_str, &mapping))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        retstr = dsdb_convert_schema_to_openldap(ldb, target_str, mapping);
+        if (!retstr) {
+                PyErr_SetString(PyExc_RuntimeError, "dsdb_convert_schema_to_openldap failed");
+                return NULL;
+        }
+        ret = PyString_FromString(retstr);
+        talloc_free(retstr);
+        return ret;
+}
+static PyObject *py_dsdb_write_prefixes_from_schema_to_ldb(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        WERROR result;
+        struct dsdb_schema *schema;
+        if (!PyArg_ParseTuple(args, "O", &py_ldb))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        schema = dsdb_get_schema(ldb);
+        if (!schema) {
+                PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on ldb!\n");
+                return NULL;
+        }
+        result = dsdb_write_prefixes_from_schema_to_ldb(NULL, ldb, schema);
+        PyErr_WERROR_IS_ERR_RAISE(result);
+        Py_RETURN_NONE;
+}
+static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args)
+{
+        PyObject *py_ldb;
+        struct ldb_context *ldb;
+        PyObject *py_from_ldb;
+        struct ldb_context *from_ldb;
+        struct dsdb_schema *schema;
+        int ret;
+        if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_from_ldb))
+                return NULL;
+        PyErr_LDB_OR_RAISE(py_ldb, ldb);
+        PyErr_LDB_OR_RAISE(py_from_ldb, from_ldb);
+        schema = dsdb_get_schema(from_ldb);
+        if (!schema) {
+                PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on 'from' ldb!\n");
+                return NULL;
+        }
+        ret = dsdb_reference_schema(ldb, schema, true);
+        PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+        Py_RETURN_NONE;
+}
+static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
+{
+        PyObject *py_sid;
+        struct dom_sid *sid;
+        uint32_t rid;
+        NTSTATUS status;
+        if(!PyArg_ParseTuple(args, "O", &py_sid))
+                return NULL;
+        sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
+        status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+        if (!NT_STATUS_IS_OK(status)) {
+                PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
+                return NULL;
+        }
+        return PyInt_FromLong(rid);
+        return pylist;
+}
 static PyMethodDef py_misc_methods[] = {
         { "generate_random_str", (PyCFunction)py_generate_random_str, METH_VARARGS,
+                "random_password(len) -> string\n"
+                "Generate random password with specified length." },
+                "generate_random_str(len) -> string\n"
+                "Generate random string with specified length." },
+        { "generate_random_password", (PyCFunction)py_generate_random_password,
+                METH_VARARGS, "generate_random_password(min, max) -> string\n"
+                "Generate random password with a length >= min and <= max." },
         { "unix2nttime", (PyCFunction)py_unix2nttime, METH_VARARGS,
                 "unix2nttime(timestamp) -> nttime" },
+        { "ldb_set_credentials", (PyCFunction)py_ldb_set_credentials, METH_VARARGS,
+                "ldb_set_credentials(ldb, credentials) -> None\n"
+                "Set credentials to use when connecting." },
+        { "ldb_set_session_info", (PyCFunction)py_ldb_set_session_info, METH_VARARGS,
+                "ldb_set_session_info(ldb, session_info)\n"
+                "Set session info to use when connecting." },
+        { "ldb_set_loadparm", (PyCFunction)py_ldb_set_loadparm, METH_VARARGS,
+                "ldb_set_loadparm(ldb, session_info)\n"
+                "Set loadparm context to use when connecting." },
+        { "samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid, METH_VARARGS,
+                "samdb_set_domain_sid(samdb, sid)\n"
+                "Set SID of domain to use." },
+        { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS,
+                "samdb_get_domain_sid(samdb)\n"
+                "Get SID of domain in use." },
+        { "ldb_register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS,
+                "ldb_register_samba_handlers(ldb)\n"
+                "Register Samba-specific LDB modules and schemas." },
+        { "ldb_set_utf8_casefold", (PyCFunction)py_ldb_set_utf8_casefold, METH_VARARGS,
+                "ldb_set_utf8_casefold(ldb)\n"
+                "Set the right Samba casefolding function for UTF8 charset." },
+        { "dsdb_set_ntds_invocation_id", (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS,
+                NULL },
+        { "dsdb_set_opaque_integer", (PyCFunction)py_dsdb_set_opaque_integer, METH_VARARGS,
+                NULL },
+        { "dsdb_set_global_schema", (PyCFunction)py_dsdb_set_global_schema, METH_VARARGS,
+                NULL },
+        { "dsdb_set_schema_from_ldif", (PyCFunction)py_dsdb_set_schema_from_ldif, METH_VARARGS,
+                NULL },
+        { "dsdb_write_prefixes_from_schema_to_ldb", (PyCFunction)py_dsdb_write_prefixes_from_schema_to_ldb, METH_VARARGS,
+                NULL },
+        { "dsdb_set_schema_from_ldb", (PyCFunction)py_dsdb_set_schema_from_ldb, METH_VARARGS,
+                NULL },
+        { "dsdb_convert_schema_to_openldap", (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS,
+                NULL },
+        { "dom_sid_to_rid", (PyCFunction)py_dom_sid_to_rid, METH_VARARGS,
+                NULL },
+        { "nttime2unix", (PyCFunction)py_nttime2unix, METH_VARARGS,
+                "nttime2unix(nttime) -> timestamp" },
+        { "nttime2string", (PyCFunction)py_nttime2string, METH_VARARGS,
+                "nttime2string(nttime) -> string" },
         { "set_debug_level", (PyCFunction)py_set_debug_level, METH_VARARGS,
                 "set debug level" },
+        { "get_debug_level", (PyCFunction)py_get_debug_level, METH_NOARGS,
+                "get debug level" },
+        { "interface_ips", (PyCFunction)py_interface_ips, METH_VARARGS,
+                "get interface IP address list"},
         { NULL }
 };
 void initglue(void)
+void init_glue(void)
+{
         PyObject *m;
+        m = Py_InitModule3("glue", py_misc_methods,
+        debug_setup_talloc_log();
+        m = Py_InitModule3("_glue", py_misc_methods,
                            "Python bindings for miscellaneous Samba functions.");
         if (m == NULL)
                 return;
+        PyModule_AddObject(m, "version", PyString_FromString(SAMBA_VERSION_STRING));
+        /* "userAccountControl" flags */
+        PyModule_AddObject(m, "UF_NORMAL_ACCOUNT", PyInt_FromLong(UF_NORMAL_ACCOUNT));
+        PyModule_AddObject(m, "UF_TEMP_DUPLICATE_ACCOUNT", PyInt_FromLong(UF_TEMP_DUPLICATE_ACCOUNT));
+        PyModule_AddObject(m, "UF_SERVER_TRUST_ACCOUNT", PyInt_FromLong(UF_SERVER_TRUST_ACCOUNT));
+        PyModule_AddObject(m, "UF_WORKSTATION_TRUST_ACCOUNT", PyInt_FromLong(UF_WORKSTATION_TRUST_ACCOUNT));
+        PyModule_AddObject(m, "UF_INTERDOMAIN_TRUST_ACCOUNT", PyInt_FromLong(UF_INTERDOMAIN_TRUST_ACCOUNT));
+        PyModule_AddObject(m, "UF_PASSWD_NOTREQD", PyInt_FromLong(UF_PASSWD_NOTREQD));
+        PyModule_AddObject(m, "UF_ACCOUNTDISABLE", PyInt_FromLong(UF_ACCOUNTDISABLE));
+        /* "groupType" flags */
+        PyModule_AddObject(m, "GTYPE_SECURITY_BUILTIN_LOCAL_GROUP", PyInt_FromLong(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP));
+        PyModule_AddObject(m, "GTYPE_SECURITY_GLOBAL_GROUP", PyInt_FromLong(GTYPE_SECURITY_GLOBAL_GROUP));
+        PyModule_AddObject(m, "GTYPE_SECURITY_DOMAIN_LOCAL_GROUP", PyInt_FromLong(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+        PyModule_AddObject(m, "GTYPE_SECURITY_UNIVERSAL_GROUP", PyInt_FromLong(GTYPE_SECURITY_UNIVERSAL_GROUP));
+        PyModule_AddObject(m, "GTYPE_DISTRIBUTION_GLOBAL_GROUP", PyInt_FromLong(GTYPE_DISTRIBUTION_GLOBAL_GROUP));
+        PyModule_AddObject(m, "GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP", PyInt_FromLong(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP));
+        PyModule_AddObject(m, "GTYPE_DISTRIBUTION_UNIVERSAL_GROUP", PyInt_FromLong(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP));
+        /* "sAMAccountType" flags */
+        PyModule_AddObject(m, "ATYPE_NORMAL_ACCOUNT", PyInt_FromLong(ATYPE_NORMAL_ACCOUNT));
+        PyModule_AddObject(m, "ATYPE_WORKSTATION_TRUST", PyInt_FromLong(ATYPE_WORKSTATION_TRUST));
+        PyModule_AddObject(m, "ATYPE_INTERDOMAIN_TRUST", PyInt_FromLong(ATYPE_INTERDOMAIN_TRUST));
+        PyModule_AddObject(m, "ATYPE_SECURITY_GLOBAL_GROUP", PyInt_FromLong(ATYPE_SECURITY_GLOBAL_GROUP));
+        PyModule_AddObject(m, "ATYPE_SECURITY_LOCAL_GROUP", PyInt_FromLong(ATYPE_SECURITY_LOCAL_GROUP));
+        PyModule_AddObject(m, "ATYPE_SECURITY_UNIVERSAL_GROUP", PyInt_FromLong(ATYPE_SECURITY_UNIVERSAL_GROUP));
+        PyModule_AddObject(m, "ATYPE_DISTRIBUTION_GLOBAL_GROUP", PyInt_FromLong(ATYPE_DISTRIBUTION_GLOBAL_GROUP));
+        PyModule_AddObject(m, "ATYPE_DISTRIBUTION_LOCAL_GROUP", PyInt_FromLong(ATYPE_DISTRIBUTION_LOCAL_GROUP));
+        PyModule_AddObject(m, "ATYPE_DISTRIBUTION_UNIVERSAL_GROUP", PyInt_FromLong(ATYPE_DISTRIBUTION_UNIVERSAL_GROUP));
+        /* "domainFunctionality", "forestFunctionality" flags in the rootDSE */
+        PyModule_AddObject(m, "DS_DOMAIN_FUNCTION_2000", PyInt_FromLong(DS_DOMAIN_FUNCTION_2000));
+        PyModule_AddObject(m, "DS_DOMAIN_FUNCTION_2003_MIXED", PyInt_FromLong(DS_DOMAIN_FUNCTION_2003_MIXED));
+        PyModule_AddObject(m, "DS_DOMAIN_FUNCTION_2003", PyInt_FromLong(DS_DOMAIN_FUNCTION_2003));
+        PyModule_AddObject(m, "DS_DOMAIN_FUNCTION_2008", PyInt_FromLong(DS_DOMAIN_FUNCTION_2008));
+        PyModule_AddObject(m, "DS_DOMAIN_FUNCTION_2008_R2", PyInt_FromLong(DS_DOMAIN_FUNCTION_2008_R2));
+        /* "domainControllerFunctionality" flags in the rootDSE */
+        PyModule_AddObject(m, "DS_DC_FUNCTION_2000", PyInt_FromLong(DS_DC_FUNCTION_2000));
+        PyModule_AddObject(m, "DS_DC_FUNCTION_2003", PyInt_FromLong(DS_DC_FUNCTION_2003));
+        PyModule_AddObject(m, "DS_DC_FUNCTION_2008", PyInt_FromLong(DS_DC_FUNCTION_2008));
+        PyModule_AddObject(m, "DS_DC_FUNCTION_2008_R2", PyInt_FromLong(DS_DC_FUNCTION_2008_R2));
+}
+        PyModule_AddObject(m, "version",
+                                           PyString_FromString(SAMBA_VERSION_STRING));
+        /* one of the most annoying things about python scripts is
+           that they don't die when you hit control-C. This fixes that
+           sillyness. As we do all database operations using
+           transactions, this is also safe.
+        */
+        signal(SIGINT, SIG_DFL);
+}

vendor/current/source4/scripting/python/samba/init.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+#
+#
 # Based on the original in EJS:
 # Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 import os
+def _in_source_tree():
+    """Check whether the script is being run from the source dir. """
+    return os.path.exists("%s/../../../selftest/skip" % os.path.dirname(__file__))
+# When running, in-tree, make sure bin/python is in the PYTHONPATH
+if _in_source_tree():
+    import sys
+    srcdir = "%s/../../.." % os.path.dirname(__file__)
+    sys.path.append("%s/bin/python" % srcdir)
+    default_ldb_modules_dir = "%s/bin/modules/ldb" % srcdir
+else:
+    default_ldb_modules_dir = None
+import sys
+def source_tree_topdir():
+    '''return the top level directory (the one containing the source4 directory)'''
+    paths = [ "../../..", "../../../.." ]
+    for p in paths:
+        topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p))
+        if os.path.exists(os.path.join(topdir, 'source4')):
+            return topdir
+    raise RuntimeError("unable to find top level source directory")
+def in_source_tree():
+    '''return True if we are running from within the samba source tree'''
+    try:
+        topdir = source_tree_topdir()
+    except RuntimeError:
+        return False
+    return True
 import ldb
+import glue
 class Ldb(ldb.Ldb):
     """Simple Samba-specific LDB subclass that takes care
+from samba._ldb import Ldb as _Ldb
+class Ldb(_Ldb):
+    """Simple Samba-specific LDB subclass that takes care
     of setting up the modules dir, credentials pointers, etc.
     Please note that this is intended to be for all Samba LDB files,
     not necessarily the Sam database. For Sam-specific helper
+    Please note that this is intended to be for all Samba LDB files,
+    not necessarily the Sam database. For Sam-specific helper
     functions see samdb.py.
     """
     def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
                  credentials=None, flags=0, options=None):
 …
         This is different from a regular Ldb file in that the Samba-specific
         modules-dir is used by default and that credentials and session_info
+        modules-dir is used by default and that credentials and session_info
         can be passed through (required by some modules).
         """
 …
         if modules_dir is not None:
             self.set_modules_dir(modules_dir)
-        elif default_ldb_modules_dir is not None:
-            self.set_modules_dir(default_ldb_modules_dir)
         elif lp is not None:
             self.set_modules_dir(os.path.join(lp.get("modules dir"), "ldb"))
 …
         # objectSid and objectGUID etc must take precedence over the 'binary
         # attribute' declaration in the schema
         glue.ldb_register_samba_handlers(self)
+        self.register_samba_handlers()
         # TODO set debug
         def msg(l,text):
+        def msg(l, text):
             print text
         #self.set_debug(msg)
         glue.ldb_set_utf8_casefold(self)
+        self.set_utf8_casefold()
         # Allow admins to force non-sync ldb for all databases
         if lp is not None:
             nosync_p = lp.get("nosync", "ldb")
+            if nosync_p is not None and nosync_p == true:
+                flags |= FLG_NOSYNC
+            if nosync_p is not None and nosync_p == True:
+                flags |= ldb.FLG_NOSYNC
+        self.set_create_perms(0600)
         if url is not None:
             self.connect(url, flags, options)
+    def set_credentials(self, credentials):
+        glue.ldb_set_credentials(self, credentials)
+    def set_session_info(self, session_info):
+        glue.ldb_set_session_info(self, session_info)
+    def set_loadparm(self, lp_ctx):
+        glue.ldb_set_loadparm(self, lp_ctx)
+    def searchone(self, attribute, basedn=None, expression=None,
+    def searchone(self, attribute, basedn=None, expression=None,
                   scope=ldb.SCOPE_BASE):
         """Search for one attribute as a string.
         :param basedn: BaseDN for the search.
         :param attribute: Name of the attribute
 …
     def erase_users_computers(self, dn):
+        """Erases user and computer objects from our AD. This is needed since the 'samldb' module denies the deletion of primary groups. Therefore all groups shouldn't be primary somewhere anymore."""
+        """Erases user and computer objects from our AD.
+        This is needed since the 'samldb' module denies the deletion of primary
+        groups. Therefore all groups shouldn't be primary somewhere anymore.
+        """
         try:
             res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
                       expression="(|(objectclass=user)(objectclass=computer))")
+        except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+            # Ignore no such object errors
+            return
+            pass
+        except ldb.LdbError, (errno, _):
+            if errno == ldb.ERR_NO_SUCH_OBJECT:
+                # Ignore no such object errors
+                return
+            else:
+                raise
         try:
             for msg in res:
+                self.delete(msg.dn)
+        except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+            # Ignore no such object errors
+            return
+                self.delete(msg.dn, ["relax:0"])
+        except ldb.LdbError, (errno, _):
+            if errno != ldb.ERR_NO_SUCH_OBJECT:
+                # Ignore no such object errors
+                raise
     def erase_except_schema_controlled(self):
+        """Erase this ldb, removing all records, except those that are controlled by Samba4's schema."""
+        """Erase this ldb.
+        :note: Removes all records, except those that are controlled by
+            Samba4's schema.
+        """
         basedn = ""
 …
         # Delete the 'visible' records, and the invisble 'deleted' records (if this DB supports it)
         for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
                                "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
                                [], controls=["show_deleted:0"]):
+        for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
+                       "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
+                       [], controls=["show_deleted:0", "show_recycled:0"]):
             try:
                 self.delete(msg.dn)
             except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
                 # Ignore no such object errors
                 pass
+        res = self.search(basedn, ldb.SCOPE_SUBTREE,
                           "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
                           [], controls=["show_deleted:0"])
+                self.delete(msg.dn, ["relax:0"])
+            except ldb.LdbError, (errno, _):
+                if errno != ldb.ERR_NO_SUCH_OBJECT:
+                    # Ignore no such object errors
+                    raise
+        res = self.search(basedn, ldb.SCOPE_SUBTREE,
+            "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", [], controls=["show_deleted:0", "show_recycled:0"])
         assert len(res) == 0
         # delete the specials
         for attr in ["@SUBCLASSES", "@MODULES",
+        for attr in ["@SUBCLASSES", "@MODULES",
                      "@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
             try:
+                self.delete(attr)
+            except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+                # Ignore missing dn errors
+                pass
+                self.delete(attr, ["relax:0"])
+            except ldb.LdbError, (errno, _):
+                if errno != ldb.ERR_NO_SUCH_OBJECT:
+                    # Ignore missing dn errors
+                    raise
     def erase(self):
         """Erase this ldb, removing all records."""
         self.erase_except_schema_controlled()
 …
         for attr in ["@INDEXLIST", "@ATTRIBUTES"]:
             try:
+                self.delete(attr)
+            except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+                # Ignore missing dn errors
+                pass
+    def erase_partitions(self):
+        """Erase an ldb, removing all records."""
+        def erase_recursive(self, dn):
+            try:
+                res = self.search(base=dn, scope=ldb.SCOPE_ONELEVEL, attrs=[],
+                                  controls=["show_deleted:0"])
+            except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+                # Ignore no such object errors
+                return
+                pass
+            for msg in res:
+                erase_recursive(self, msg.dn)
+            try:
+                self.delete(dn)
+            except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+                # Ignore no such object errors
+                pass
+        res = self.search("", ldb.SCOPE_BASE, "(objectClass=*)",
+                         ["namingContexts"])
+        assert len(res) == 1
+        if not "namingContexts" in res[0]:
+            return
+        for basedn in res[0]["namingContexts"]:
+            # Try to delete user/computer accounts to allow deletion of groups
+            self.erase_users_computers(basedn)
+            # Try and erase from the bottom-up in the tree
+            erase_recursive(self, basedn)
+                self.delete(attr, ["relax:0"])
+            except ldb.LdbError, (errno, _):
+                if errno != ldb.ERR_NO_SUCH_OBJECT:
+                    # Ignore missing dn errors
+                    raise
     def load_ldif_file_add(self, ldif_path):
 …
         self.add_ldif(open(ldif_path, 'r').read())
     def add_ldif(self, ldif):
+    def add_ldif(self, ldif, controls=None):
         """Add data based on a LDIF string.
 …
         for changetype, msg in self.parse_ldif(ldif):
             assert changetype == ldb.CHANGETYPE_NONE
             self.add(msg)
     def modify_ldif(self, ldif):
+            self.add(msg, controls)
+    def modify_ldif(self, ldif, controls=None):
         """Modify database based on a LDIF string.
 …
         """
         for changetype, msg in self.parse_ldif(ldif):
+            self.modify(msg)
+    def set_domain_sid(self, sid):
+        """Change the domain SID used by this LDB.
+        :param sid: The new domain sid to use.
+        """
+        glue.samdb_set_domain_sid(self, sid)
+    def domain_sid(self):
+        """Read the domain SID used by this LDB.
+        """
+        glue.samdb_get_domain_sid(self)
+    def set_schema_from_ldif(self, pf, df):
+        glue.dsdb_set_schema_from_ldif(self, pf, df)
+    def set_schema_from_ldb(self, ldb):
+        glue.dsdb_set_schema_from_ldb(self, ldb)
+    def write_prefixes_from_schema(self):
+        glue.dsdb_write_prefixes_from_schema_to_ldb(self)
+    def convert_schema_to_openldap(self, target, mapping):
+        return glue.dsdb_convert_schema_to_openldap(self, target, mapping)
+    def set_invocation_id(self, invocation_id):
+        """Set the invocation id for this SamDB handle.
+        :param invocation_id: GUID of the invocation id.
+        """
+        glue.dsdb_set_ntds_invocation_id(self, invocation_id)
+    def set_opaque_integer(self, name, value):
+        """Set an integer as an opaque (a flag or other value) value on the database
+        :param name: The name for the opaque value
+        :param value: The integer value
+        """
+        glue.dsdb_set_opaque_integer(self, name, value)
+            if changetype == ldb.CHANGETYPE_ADD:
+                self.add(msg, controls)
+            else:
+                self.modify(msg, controls)
 def substitute_var(text, values):
     """substitute strings of the form ${NAME} in str, replacing
     with substitutions from subobj.
+    """Substitute strings of the form ${NAME} in str, replacing
+    with substitutions from values.
     :param text: Text in which to subsitute.
     :param values: Dictionary with keys and values.
 …
 def check_all_substituted(text):
+    """Make sure that all substitution variables in a string have been replaced.
+    """Check that all substitution variables in a string have been replaced.
     If not, raise an exception.
     :param text: The text to search for substitution variables
     """
     if not "${" in text:
         return
     var_start = text.find("${")
     var_end = text.find("}", var_start)
+    raise Exception("Not all variables substituted: %s" % text[var_start:var_end+1])
+    raise Exception("Not all variables substituted: %s" %
+        text[var_start:var_end+1])
+def read_and_sub_file(file_name, subst_vars):
+    """Read a file and sub in variables found in it
+    :param file_name: File to be read (typically from setup directory)
+     param subst_vars: Optional variables to subsitute in the file.
+    """
+    data = open(file_name, 'r').read()
+    if subst_vars is not None:
+        data = substitute_var(data, subst_vars)
+        check_all_substituted(data)
+    return data
+def setup_file(template, fname, subst_vars=None):
+    """Setup a file in the private dir.
+    :param template: Path of the template file.
+    :param fname: Path of the file to create.
+    :param subst_vars: Substitution variables.
+    """
+    if os.path.exists(fname):
+        os.unlink(fname)
+    data = read_and_sub_file(template, subst_vars)
+    f = open(fname, 'w')
+    try:
+        f.write(data)
+    finally:
+        f.close()
 …
+def dom_sid_to_rid(sid_str):
+    """Converts a domain SID to the relative RID.
+    :param sid_str: The domain SID formatted as string
+    """
+    return glue.dom_sid_to_rid(sid_str)
+version = glue.version
+# "userAccountControl" flags
+UF_NORMAL_ACCOUNT = glue.UF_NORMAL_ACCOUNT
+UF_TEMP_DUPLICATE_ACCOUNT = glue.UF_TEMP_DUPLICATE_ACCOUNT
+UF_SERVER_TRUST_ACCOUNT = glue.UF_SERVER_TRUST_ACCOUNT
+UF_WORKSTATION_TRUST_ACCOUNT = glue.UF_WORKSTATION_TRUST_ACCOUNT
+UF_INTERDOMAIN_TRUST_ACCOUNT = glue.UF_INTERDOMAIN_TRUST_ACCOUNT
+UF_PASSWD_NOTREQD = glue.UF_PASSWD_NOTREQD
+UF_ACCOUNTDISABLE = glue.UF_ACCOUNTDISABLE
+# "groupType" flags
+GTYPE_SECURITY_BUILTIN_LOCAL_GROUP = glue.GTYPE_SECURITY_BUILTIN_LOCAL_GROUP
+GTYPE_SECURITY_GLOBAL_GROUP = glue.GTYPE_SECURITY_GLOBAL_GROUP
+GTYPE_SECURITY_DOMAIN_LOCAL_GROUP = glue.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP
+GTYPE_SECURITY_UNIVERSAL_GROUP = glue.GTYPE_SECURITY_UNIVERSAL_GROUP
+GTYPE_DISTRIBUTION_GLOBAL_GROUP = glue.GTYPE_DISTRIBUTION_GLOBAL_GROUP
+GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP = glue.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP
+GTYPE_DISTRIBUTION_UNIVERSAL_GROUP = glue.GTYPE_DISTRIBUTION_UNIVERSAL_GROUP
+# "sAMAccountType" flags
+ATYPE_NORMAL_ACCOUNT = glue.ATYPE_NORMAL_ACCOUNT
+ATYPE_WORKSTATION_TRUST = glue.ATYPE_WORKSTATION_TRUST
+ATYPE_INTERDOMAIN_TRUST = glue.ATYPE_INTERDOMAIN_TRUST
+ATYPE_SECURITY_GLOBAL_GROUP = glue.ATYPE_SECURITY_GLOBAL_GROUP
+ATYPE_SECURITY_LOCAL_GROUP = glue.ATYPE_SECURITY_LOCAL_GROUP
+ATYPE_SECURITY_UNIVERSAL_GROUP = glue.ATYPE_SECURITY_UNIVERSAL_GROUP
+ATYPE_DISTRIBUTION_GLOBAL_GROUP = glue.ATYPE_DISTRIBUTION_GLOBAL_GROUP
+ATYPE_DISTRIBUTION_LOCAL_GROUP = glue.ATYPE_DISTRIBUTION_LOCAL_GROUP
+ATYPE_DISTRIBUTION_UNIVERSAL_GROUP = glue.ATYPE_DISTRIBUTION_UNIVERSAL_GROUP
+# "domainFunctionality", "forestFunctionality" flags in the rootDSE */
+DS_DOMAIN_FUNCTION_2000 = glue.DS_DOMAIN_FUNCTION_2000
+DS_DOMAIN_FUNCTION_2003_MIXED = glue.DS_DOMAIN_FUNCTION_2003_MIXED
+DS_DOMAIN_FUNCTION_2003 = glue.DS_DOMAIN_FUNCTION_2003
+DS_DOMAIN_FUNCTION_2008 = glue.DS_DOMAIN_FUNCTION_2008
+DS_DOMAIN_FUNCTION_2008_R2 = glue.DS_DOMAIN_FUNCTION_2008_R2
+# "domainControllerFunctionality" flags in the rootDSE */
+DS_DC_FUNCTION_2000 = glue.DS_DC_FUNCTION_2000
+DS_DC_FUNCTION_2003 = glue.DS_DC_FUNCTION_2003
+DS_DC_FUNCTION_2008 = glue.DS_DC_FUNCTION_2008
+DS_DC_FUNCTION_2008_R2 = glue.DS_DC_FUNCTION_2008_R2
+def import_bundled_package(modulename, location):
+    """Import the bundled version of a package.
+    :note: This should only be called if the system version of the package
+        is not adequate.
+    :param modulename: Module name to import
+    :param location: Location to add to sys.path (can be relative to
+        ${srcdir}/lib)
+    """
+    if in_source_tree():
+        sys.path.insert(0, os.path.join(source_tree_topdir(), "lib", location))
+        sys.modules[modulename] = __import__(modulename)
+    else:
+        sys.modules[modulename] = __import__(
+            "samba.external.%s" % modulename, fromlist=["samba.external"])
+def ensure_external_module(modulename, location):
+    """Add a location to sys.path if an external dependency can't be found.
+    :param modulename: Module name to import
+    :param location: Location to add to sys.path (can be relative to
+        ${srcdir}/lib)
+    """
+    try:
+        __import__(modulename)
+    except ImportError:
+        import_bundled_package(modulename, location)
+from samba import _glue
+version = _glue.version
+interface_ips = _glue.interface_ips
+set_debug_level = _glue.set_debug_level
+get_debug_level = _glue.get_debug_level
+unix2nttime = _glue.unix2nttime
+nttime2string = _glue.nttime2string
+nttime2unix = _glue.nttime2unix
+unix2nttime = _glue.unix2nttime
+generate_random_password = _glue.generate_random_password

vendor/current/source4/scripting/python/samba/getopt.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Samba-specific bits for optparse
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 """Support for parsing Samba-related command-line options."""
-import optparse
-from credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
-from hostconfig import Hostconfig
 __docformat__ = "restructuredText"
+import optparse, os
+from samba.credentials import (
+    Credentials,
+    DONT_USE_KERBEROS,
+    MUST_USE_KERBEROS,
+    )
+from samba.hostconfig import Hostconfig
+import sys
 class SambaOptions(optparse.OptionGroup):
     """General Samba-related command line options."""
+    def __init__(self, parser):
+    def __init__(self, parser):
+        from samba.param import LoadParm
         optparse.OptionGroup.__init__(self, parser, "Samba Common Options")
         self.add_option("-s", "--configfile", action="callback",
                         type=str, metavar="FILE", help="Configuration file",
+                        type=str, metavar="FILE", help="Configuration file",
                         callback=self._load_configfile)
+        self.add_option("-d", "--debuglevel", action="callback",
+                        type=int, metavar="DEBUGLEVEL", help="debug level",
+                        callback=self._set_debuglevel)
+        self.add_option("--option", action="callback",
+                        type=str, metavar="OPTION", help="set smb.conf option from command line",
+                        callback=self._set_option)
+        self.add_option("--realm", action="callback",
+                        type=str, metavar="REALM", help="set the realm name",
+                        callback=self._set_realm)
         self._configfile = None
+        self._lp = LoadParm()
     def get_loadparm_path(self):
 …
         self._configfile = arg
+    def _set_debuglevel(self, option, opt_str, arg, parser):
+        self._lp.set('debug level', str(arg))
+    def _set_realm(self, option, opt_str, arg, parser):
+        self._lp.set('realm', arg)
+    def _set_option(self, option, opt_str, arg, parser):
+        if arg.find('=') == -1:
+            print("--option takes a 'a=b' argument")
+            sys.exit(1)
+        a = arg.split('=')
+        self._lp.set(a[0], a[1])
     def get_loadparm(self):
         """Return a loadparm object with data specified on the command line.  """
-        import os, param
-        lp = param.LoadParm()
         if self._configfile is not None:
             lp.load(self._configfile)
+            self._lp.load(self._configfile)
         elif os.getenv("SMB_CONF_PATH") is not None:
             lp.load(os.getenv("SMB_CONF_PATH"))
+            self._lp.load(os.getenv("SMB_CONF_PATH"))
         else:
             lp.load_default()
         return lp
+            self._lp.load_default()
+        return self._lp
     def get_hostconfig(self):
 …
     def __init__(self, parser):
         optparse.OptionGroup.__init__(self, parser, "Version Options")
+        self.add_option("--version", action="callback",
+                callback=self._display_version,
+                help="Display version number")
+    def _display_version(self, option, opt_str, arg, parser):
+        import samba
+        print samba.version
+        sys.exit(0)
 …
     """Command line options for specifying credentials."""
     def __init__(self, parser):
+        self.no_pass = False
+        self.no_pass = True
+        self.ipaddress = None
         optparse.OptionGroup.__init__(self, parser, "Credentials Options")
         self.add_option("--simple-bind-dn", metavar="DN", action="callback",
 …
         self.add_option("--password", metavar="PASSWORD", action="callback",
                         help="Password", type=str, callback=self._set_password)
         self.add_option("-U", "--username", metavar="USERNAME",
+        self.add_option("-U", "--username", metavar="USERNAME",
                         action="callback", type=str,
                         help="Username", callback=self._parse_username)
         self.add_option("-W", "--workgroup", metavar="WORKGROUP",
+        self.add_option("-W", "--workgroup", metavar="WORKGROUP",
                         action="callback", type=str,
                         help="Workgroup", callback=self._parse_workgroup)
         self.add_option("-N", "--no-pass", action="store_true",
                         help="Don't ask for a password")
         self.add_option("-k", "--kerberos", metavar="KERBEROS",
+        self.add_option("-k", "--kerberos", metavar="KERBEROS",
                         action="callback", type=str,
                         help="Use Kerberos", callback=self._set_kerberos)
+        self.add_option("", "--ipaddress", metavar="IPADDRESS",
+                        action="callback", type=str,
+                        help="IP address of server", callback=self._set_ipaddress)
         self.creds = Credentials()
 …
     def _set_password(self, option, opt_str, arg, parser):
         self.creds.set_password(arg)
+        self.no_pass = False
+    def _set_ipaddress(self, option, opt_str, arg, parser):
+        self.ipaddress = arg
     def _set_kerberos(self, option, opt_str, arg, parser):
         if bool(arg) or arg.lower() == "yes":
+        if arg.lower() in ["yes", 'true', '1']:
             self.creds.set_kerberos_state(MUST_USE_KERBEROS)
+        elif arg.lower() in ["no", 'false', '0']:
+            self.creds.set_kerberos_state(DONT_USE_KERBEROS)
         else:
             self.creds.set_kerberos_state(DONT_USE_KERBEROS)
+            raise optparse.BadOptionErr("invalid kerberos option: %s" % arg)
     def _set_simple_bind_dn(self, option, opt_str, arg, parser):
         self.creds.set_bind_dn(arg)
     def get_credentials(self, lp):
+    def get_credentials(self, lp, fallback_machine=False):
         """Obtain the credentials set on the command-line.
 …
         """
         self.creds.guess(lp)
         if not self.no_pass:
+        if self.no_pass:
             self.creds.set_cmdline_callbacks()
+        # possibly fallback to using the machine account, if we have
+        # access to the secrets db
+        if fallback_machine and not self.creds.authentication_requested():
+            try:
+                self.creds.set_machine_account(lp)
+            except Exception:
+                pass
         return self.creds
+class CredentialsOptionsDouble(CredentialsOptions):
+    """Command line options for specifying credentials of two servers."""
+    def __init__(self, parser):
+        CredentialsOptions.__init__(self, parser)
+        self.no_pass2 = True
+        self.add_option("--simple-bind-dn2", metavar="DN2", action="callback",
+                        callback=self._set_simple_bind_dn2, type=str,
+                        help="DN to use for a simple bind")
+        self.add_option("--password2", metavar="PASSWORD2", action="callback",
+                        help="Password", type=str, callback=self._set_password2)
+        self.add_option("--username2", metavar="USERNAME2",
+                        action="callback", type=str,
+                        help="Username for second server", callback=self._parse_username2)
+        self.add_option("--workgroup2", metavar="WORKGROUP2",
+                        action="callback", type=str,
+                        help="Workgroup for second server", callback=self._parse_workgroup2)
+        self.add_option("--no-pass2", action="store_true",
+                        help="Don't ask for a password for the second server")
+        self.add_option("--kerberos2", metavar="KERBEROS2",
+                        action="callback", type=str,
+                        help="Use Kerberos", callback=self._set_kerberos2)
+        self.creds2 = Credentials()
+    def _parse_username2(self, option, opt_str, arg, parser):
+        self.creds2.parse_string(arg)
+    def _parse_workgroup2(self, option, opt_str, arg, parser):
+        self.creds2.set_domain(arg)
+    def _set_password2(self, option, opt_str, arg, parser):
+        self.creds2.set_password(arg)
+        self.no_pass2 = False
+    def _set_kerberos2(self, option, opt_str, arg, parser):
+        if bool(arg) or arg.lower() == "yes":
+            self.creds2.set_kerberos_state(MUST_USE_KERBEROS)
+        else:
+            self.creds2.set_kerberos_state(DONT_USE_KERBEROS)
+    def _set_simple_bind_dn2(self, option, opt_str, arg, parser):
+        self.creds2.set_bind_dn(arg)
+    def get_credentials2(self, lp, guess=True):
+        """Obtain the credentials set on the command-line.
+        :param lp: Loadparm object to use.
+        :param guess: Try guess Credentials from environment
+        :return: Credentials object
+        """
+        if guess:
+            self.creds2.guess(lp)
+        elif not self.creds2.get_username():
+                self.creds2.set_anonymous()
+        if self.no_pass2:
+            self.creds2.set_cmdline_callbacks()
+        return self.creds2

vendor/current/source4/scripting/python/samba/hostconfig.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""Local host configuration."""
 from samdb import SamDB
 class Hostconfig(object):
     """Aggregate object that contains all information about the configuration
+    """Aggregate object that contains all information about the configuration
     of a Samba host."""
     def __init__(self, lp):
+    def __init__(self, lp):
         self.lp = lp
+    def get_shares(self):
+        return SharesContainer(self.lp)
     def get_samdb(self, session_info, credentials):
+        return SamDB(url=self.lp.get("sam database"),
+                     session_info=session_info, credentials=credentials,
+        """Access the SamDB host.
+        :param session_info: Session info to use
+        :param credentials: Credentials to access the SamDB with
+        """
+        return SamDB(url=self.lp.get("sam database"),
+                     session_info=session_info, credentials=credentials,
                      lp=self.lp)
+# TODO: Rather than accessing Loadparm directly here, we should really
+# have bindings to the param/shares.c and use those.
+class SharesContainer(object):
+    """A shares container."""
+    def __init__(self, lp):
+        self._lp = lp
+    def __getitem__(self, name):
+        if name == "global":
+            # [global] is not a share
+            raise KeyError
+        return Share(self._lp[name])
+    def __len__(self):
+        if "global" in self._lp.services():
+            return len(self._lp)-1
+        return len(self._lp)
+    def keys(self):
+        return [name for name in self._lp.services() if name != "global"]
+    def __iter__(self):
+        return iter(self.keys())
+class Share(object):
+    """A file share."""
+    def __init__(self, service):
+        self._service = service
+    def __getitem__(self, name):
+        return self._service[name]
+    def __setitem__(self, name, value):
+        self._service[name] = value

vendor/current/source4/scripting/python/samba/idmap.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
 __docformat__ = "restructuredText"
+import ldb
 import samba
 …
                 options=options)
+    def setup_name_mapping(self, sid, type, unixid):
+    def increment_xid(self):
+        """Increment xidNumber, if not present it create and assign it to the lowerBound
+        :return xid can that be used for SID/unixid mapping
+        """
+        res = self.search(expression="dn=CN=CONFIG", base="",
+                          scope=ldb.SCOPE_SUBTREE)
+        id = res[0].get("xidNumber")
+        flag = ldb.FLAG_MOD_REPLACE
+        if id is None:
+            id = res[0].get("lowerBound")
+            flag = ldb.FLAG_MOD_ADD
+        newid = int(str(id)) + 1
+        msg = ldb.Message()
+        msg.dn = ldb.Dn(self, "CN=CONFIG")
+        msg["xidNumber"] = ldb.MessageElement(str(newid), flag, "xidNumber")
+        self.modify(msg)
+        return id
+    def setup_name_mapping(self, sid, type, unixid=None):
         """Setup a mapping between a sam name and a unix name.
         :param sid: SID of the NT-side of the mapping.
         :param unixname: Unix name to map to.
+        :param unixname: Unix id to map to, if none supplied the next one will be selected
         """
+        if unixid is None:
+            unixid = self.increment_xid()
         type_string = ""
         if type == self.TYPE_UID:

vendor/current/source4/scripting/python/samba/ms_display_specifiers.py

r414	r740
1		#!/usr/bin/python
	1	#!/usr/bin/env python
2	2	#
3	3	# Create DisplaySpecifiers LDIF (as a string) from the documents provided by

vendor/current/source4/scripting/python/samba/ms_schema.py

-              r414
+              r740
-#!/usr/bin/env python
+#
 # create schema.ldif (as a string) from WSPP documentation
 …
+#
+"""Generate LDIF from WSPP documentation."""
 import re
 import base64
+import uuid
 bitFields = {}
 …
 # ADTS: 2.2.10
 bitFields["systemflags"] = {
     'FLAG_ATTR_NOT_REPLICATED': 31, 'FLAG_CR_NTDS_NC': 31,      # NR
     'FLAG_ATTR_REQ_PARTIAL_SET_MEMBER': 30, 'FLAG_CR_NTDS_DOMAIN': 30,  # PS
     'FLAG_ATTR_IS_CONSTRUCTED': 29, 'FLAG_CR_NTDS_NOT_GC_REPLICATED': 29,       # CS
     'FLAG_ATTR_IS_OPERATIONAL': 28,     # OP
     'FLAG_SCHEMA_BASE_OBJECT': 27,      # BS
     'FLAG_ATTR_IS_RDN': 26,     # RD
     'FLAG_DISALLOW_MOVE_ON_DELETE': 6,  # DE
     'FLAG_DOMAIN_DISALLOW_MOVE': 5,     # DM
     'FLAG_DOMAIN_DISALLOW_RENAME': 4,   # DR
     'FLAG_CONFIG_ALLOW_LIMITED_MOVE': 3,        # AL
     'FLAG_CONFIG_ALLOW_MOVE': 2,        # AM
     'FLAG_CONFIG_ALLOW_RENAME': 1,      # AR
     'FLAG_DISALLOW_DELETE': 0   # DD
+    'FLAG_ATTR_NOT_REPLICATED': 31, 'FLAG_CR_NTDS_NC': 31,     # NR
+    'FLAG_ATTR_REQ_PARTIAL_SET_MEMBER': 30, 'FLAG_CR_NTDS_DOMAIN': 30,     # PS
+    'FLAG_ATTR_IS_CONSTRUCTED': 29, 'FLAG_CR_NTDS_NOT_GC_REPLICATED': 29,     # CS
+    'FLAG_ATTR_IS_OPERATIONAL': 28,     # OP
+    'FLAG_SCHEMA_BASE_OBJECT': 27,     # BS
+    'FLAG_ATTR_IS_RDN': 26,     # RD
+    'FLAG_DISALLOW_MOVE_ON_DELETE': 6,     # DE
+    'FLAG_DOMAIN_DISALLOW_MOVE': 5,     # DM
+    'FLAG_DOMAIN_DISALLOW_RENAME': 4,     # DR
+    'FLAG_CONFIG_ALLOW_LIMITED_MOVE': 3,     # AL
+    'FLAG_CONFIG_ALLOW_MOVE': 2,     # AM
+    'FLAG_CONFIG_ALLOW_RENAME': 1,     # AR
+    'FLAG_DISALLOW_DELETE': 0     # DD
+    }
 …
     entry.insert(1, ["objectClass", ["top", objectClass]])
     entry.insert(2, ["cn", cn])
+    entry.insert(2, ["objectGUID", str(uuid.uuid4())])
+    entry.insert(2, ["adminDescription", cn])
+    entry.insert(2, ["adminDisplayName", cn])
     for l in entry:
 …
     print read_ms_schema(attr_file, classes_file)

vendor/current/source4/scripting/python/samba/ndr.py

-              r414
+              r740
-#!/usr/bin/python
 # -*- coding: utf-8 -*-
 # Unix SMB/CIFS implementation.
 # Copyright Â© Jelmer Vernooij <jelmer@samba.org> 2008
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""Network Data Representation (NDR) marshalling and unmarshalling."""
 def ndr_pack(object):
+    return object.__ndr_pack__()
+    """Pack a NDR object.
+    :param object: Object to pack
+    :return: String object with marshalled object.
+    """
+    ndr_pack = getattr(object, "__ndr_pack__", None)
+    if ndr_pack is None:
+        raise TypeError("%r is not a NDR object" % object)
+    return ndr_pack()
 def ndr_unpack(cls, data):
+    """NDR unpack an object.
+    :param cls: Class of the object to unpack
+    :param data: Buffer to unpack
+    :return: Unpacked object
+    """
     object = cls()
     object.__ndr_unpack__(data)
     return object
+def ndr_print(object):
+    return object.__ndr_print__()

vendor/current/source4/scripting/python/samba/samba3.py

-              r414
+              r740
-#!/usr/bin/python
 # Unix SMB/CIFS implementation.
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 class Registry(TdbDatabase):
     """Simple read-only support for reading the Samba3 registry.
     :note: This object uses the same syntax for registry key paths as
         Samba 3. This particular format uses forward slashes for key path
 …
         for i, l in enumerate(open(filename, 'r').xreadlines()):
             l = l.strip()
             if not l:
+            if not l or l[0] == '#' or l[0] == ';':
                 continue
             if l[0] == "[" and l[-1] == "]":
 …
     def get_policy_db(self):
         return PolicyDatabase(self.libdir_path("account_policy.tdb"))
     def get_registry(self):
         return Registry(self.libdir_path("registry.tdb"))

vendor/current/source4/scripting/python/samba/samdb.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2010
 # Copyright (C) Matthias Dieter Wallnoefer 2009
+#
 # Based on the original in EJS:
 # Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 import samba
-import glue
 import ldb
-from samba.idmap import IDmapDB
-import pwd
 import time
 import base64
+from samba import dsdb
+from samba.ndr import ndr_unpack, ndr_pack
+from samba.dcerpc import drsblobs, misc
 __docformat__ = "restructuredText"
 class SamDB(samba.Ldb):
     """The SAM database."""
+    hash_oid_name = {}
     def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
+                 credentials=None, flags=0, options=None):
+        """Opens the SAM Database
+        For parameter meanings see the super class (samba.Ldb)
+        """
+                 credentials=None, flags=0, options=None, global_schema=True,
+                 auto_connect=True, am_rodc=None):
         self.lp = lp
+        if url is None:
+                url = lp.get("sam database")
+        if not auto_connect:
+            url = None
+        elif url is None and lp is not None:
+            url = lp.get("sam database")
         super(SamDB, self).__init__(url=url, lp=lp, modules_dir=modules_dir,
+                session_info=session_info, credentials=credentials, flags=flags,
+            session_info=session_info, credentials=credentials, flags=flags,
+            options=options)
+        if global_schema:
+            dsdb._dsdb_set_global_schema(self)
+        if am_rodc is not None:
+            dsdb._dsdb_set_am_rodc(self, am_rodc)
+    def connect(self, url=None, flags=0, options=None):
+        if self.lp is not None:
+            url = self.lp.private_path(url)
+        super(SamDB, self).connect(url=url, flags=flags,
                 options=options)
+        glue.dsdb_set_global_schema(self)
+    def connect(self, url=None, flags=0, options=None):
+        super(SamDB, self).connect(url=self.lp.private_path(url), flags=flags,
+                options=options)
+    def am_rodc(self):
+        return dsdb._am_rodc(self)
     def domain_dn(self):
+        # find the DNs for the domain
+        res = self.search(base="",
+                          scope=ldb.SCOPE_BASE,
+                          expression="(defaultNamingContext=*)",
+                          attrs=["defaultNamingContext"])
+        assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
+        return res[0]["defaultNamingContext"][0]
+    def enable_account(self, filter):
+        return str(self.get_default_basedn())
+    def enable_account(self, search_filter):
         """Enables an account
+        :param filter: LDAP filter to find the user (eg samccountname=name)
+        :param search_filter: LDAP filter to find the user (eg
+            samccountname=name)
         """
         res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                           expression=filter, attrs=["userAccountControl"])
+                          expression=search_filter, attrs=["userAccountControl"])
         assert(len(res) == 1)
         user_dn = res[0].dn
         userAccountControl = int(res[0]["userAccountControl"][0])
+        if (userAccountControl & 0x2):
+            userAccountControl = userAccountControl & ~0x2 # remove disabled bit
+        if (userAccountControl & 0x20):
+            userAccountControl = userAccountControl & ~0x20 # remove 'no password required' bit
+        if userAccountControl & 0x2:
+            # remove disabled bit
+            userAccountControl = userAccountControl & ~0x2
+        if userAccountControl & 0x20:
+             # remove 'no password required' bit
+            userAccountControl = userAccountControl & ~0x20
         mod = """
 …
 """ % (user_dn, userAccountControl)
         self.modify_ldif(mod)
     def force_password_change_at_next_login(self, filter):
+    def force_password_change_at_next_login(self, search_filter):
         """Forces a password change at next login
+        :param filter: LDAP filter to find the user (eg samccountname=name)
+        :param search_filter: LDAP filter to find the user (eg
+            samccountname=name)
         """
         res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                           expression=filter, attrs=[])
+                          expression=search_filter, attrs=[])
         assert(len(res) == 1)
         user_dn = res[0].dn
 …
         self.modify_ldif(mod)
+    def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False):
+        """Adds a new user
+        Note: This call adds also the ID mapping for winbind; therefore it works
+        *only* on SAMBA 4.
+    def newgroup(self, groupname, groupou=None, grouptype=None,
+                 description=None, mailaddress=None, notes=None, sd=None):
+        """Adds a new group with additional parameters
+        :param groupname: Name of the new group
+        :param grouptype: Type of the new group
+        :param description: Description of the new group
+        :param mailaddress: Email address of the new group
+        :param notes: Notes of the new group
+        :param sd: security descriptor of the object
+        """
+        group_dn = "CN=%s,%s,%s" % (groupname, (groupou or "CN=Users"), self.domain_dn())
+        # The new user record. Note the reliance on the SAMLDB module which
+        # fills in the default informations
+        ldbmessage = {"dn": group_dn,
+            "sAMAccountName": groupname,
+            "objectClass": "group"}
+        if grouptype is not None:
+            ldbmessage["groupType"] = "%d" % grouptype
+        if description is not None:
+            ldbmessage["description"] = description
+        if mailaddress is not None:
+            ldbmessage["mail"] = mailaddress
+        if notes is not None:
+            ldbmessage["info"] = notes
+        if sd is not None:
+            ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
+        self.add(ldbmessage)
+    def deletegroup(self, groupname):
+        """Deletes a group
+        :param groupname: Name of the target group
+        """
+        groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+        self.transaction_start()
+        try:
+            targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                               expression=groupfilter, attrs=[])
+            if len(targetgroup) == 0:
+                raise Exception('Unable to find group "%s"' % groupname)
+            assert(len(targetgroup) == 1)
+            self.delete(targetgroup[0].dn)
+        except Exception:
+            self.transaction_cancel()
+            raise
+        else:
+            self.transaction_commit()
+    def add_remove_group_members(self, groupname, listofmembers,
+                                  add_members_operation=True):
+        """Adds or removes group members
+        :param groupname: Name of the target group
+        :param listofmembers: Comma-separated list of group members
+        :param add_members_operation: Defines if its an add or remove
+            operation
+        """
+        groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+        groupmembers = listofmembers.split(',')
+        self.transaction_start()
+        try:
+            targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                               expression=groupfilter, attrs=['member'])
+            if len(targetgroup) == 0:
+                raise Exception('Unable to find group "%s"' % groupname)
+            assert(len(targetgroup) == 1)
+            modified = False
+            addtargettogroup = """
+dn: %s
+changetype: modify
+""" % (str(targetgroup[0].dn))
+            for member in groupmembers:
+                targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                                    expression="(|(sAMAccountName=%s)(CN=%s))" % (member, member), attrs=[])
+                if len(targetmember) != 1:
+                    continue
+                if add_members_operation is True and (targetgroup[0].get('member') is None or str(targetmember[0].dn) not in targetgroup[0]['member']):
+                    modified = True
+                    addtargettogroup += """add: member
+member: %s
+""" % (str(targetmember[0].dn))
+                elif add_members_operation is False and (targetgroup[0].get('member') is not None and str(targetmember[0].dn) in targetgroup[0]['member']):
+                    modified = True
+                    addtargettogroup += """delete: member
+member: %s
+""" % (str(targetmember[0].dn))
+            if modified is True:
+                self.modify_ldif(addtargettogroup)
+        except Exception:
+            self.transaction_cancel()
+            raise
+        else:
+            self.transaction_commit()
+    def newuser(self, username, password,
+            force_password_change_at_next_login_req=False,
+            useusernameascn=False, userou=None, surname=None, givenname=None,
+            initials=None, profilepath=None, scriptpath=None, homedrive=None,
+            homedirectory=None, jobtitle=None, department=None, company=None,
+            description=None, mailaddress=None, internetaddress=None,
+            telephonenumber=None, physicaldeliveryoffice=None, sd=None,
+            setpassword=True):
+        """Adds a new user with additional parameters
         :param username: Name of the new user
-        :param unixname: Name of the unix user to map to
         :param password: Password for the new user
         :param force_password_change_at_next_login_req: Force password change
+        """
+        :param useusernameascn: Use username as cn rather that firstname +
+            initials + lastname
+        :param userou: Object container (without domainDN postfix) for new user
+        :param surname: Surname of the new user
+        :param givenname: First name of the new user
+        :param initials: Initials of the new user
+        :param profilepath: Profile path of the new user
+        :param scriptpath: Logon script path of the new user
+        :param homedrive: Home drive of the new user
+        :param homedirectory: Home directory of the new user
+        :param jobtitle: Job title of the new user
+        :param department: Department of the new user
+        :param company: Company of the new user
+        :param description: of the new user
+        :param mailaddress: Email address of the new user
+        :param internetaddress: Home page of the new user
+        :param telephonenumber: Phone number of the new user
+        :param physicaldeliveryoffice: Office location of the new user
+        :param sd: security descriptor of the object
+        :param setpassword: optionally disable password reset
+        """
+        displayname = ""
+        if givenname is not None:
+            displayname += givenname
+        if initials is not None:
+            displayname += ' %s.' % initials
+        if surname is not None:
+            displayname += ' %s' % surname
+        cn = username
+        if useusernameascn is None and displayname is not "":
+            cn = displayname
+        user_dn = "CN=%s,%s,%s" % (cn, (userou or "CN=Users"), self.domain_dn())
+        dnsdomain = ldb.Dn(self, self.domain_dn()).canonical_str().replace("/", "")
+        user_principal_name = "%s@%s" % (username, dnsdomain)
+        # The new user record. Note the reliance on the SAMLDB module which
+        # fills in the default informations
+        ldbmessage = {"dn": user_dn,
+                      "sAMAccountName": username,
+                      "userPrincipalName": user_principal_name,
+                      "objectClass": "user"}
+        if surname is not None:
+            ldbmessage["sn"] = surname
+        if givenname is not None:
+            ldbmessage["givenName"] = givenname
+        if displayname is not "":
+            ldbmessage["displayName"] = displayname
+            ldbmessage["name"] = displayname
+        if initials is not None:
+            ldbmessage["initials"] = '%s.' % initials
+        if profilepath is not None:
+            ldbmessage["profilePath"] = profilepath
+        if scriptpath is not None:
+            ldbmessage["scriptPath"] = scriptpath
+        if homedrive is not None:
+            ldbmessage["homeDrive"] = homedrive
+        if homedirectory is not None:
+            ldbmessage["homeDirectory"] = homedirectory
+        if jobtitle is not None:
+            ldbmessage["title"] = jobtitle
+        if department is not None:
+            ldbmessage["department"] = department
+        if company is not None:
+            ldbmessage["company"] = company
+        if description is not None:
+            ldbmessage["description"] = description
+        if mailaddress is not None:
+            ldbmessage["mail"] = mailaddress
+        if internetaddress is not None:
+            ldbmessage["wWWHomePage"] = internetaddress
+        if telephonenumber is not None:
+            ldbmessage["telephoneNumber"] = telephonenumber
+        if physicaldeliveryoffice is not None:
+            ldbmessage["physicalDeliveryOfficeName"] = physicaldeliveryoffice
+        if sd is not None:
+            ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
         self.transaction_start()
         try:
+            user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn())
+            # The new user record. Note the reliance on the SAMLDB module which
+            # fills in the default informations
+            self.add({"dn": user_dn,
+                "sAMAccountName": username,
+                "objectClass": "user"})
+            self.add(ldbmessage)
             # Sets the password for it
+            self.setpassword("(dn=" + user_dn + ")", password,
+              force_password_change_at_next_login_req)
+            # Gets the user SID (for the account mapping setup)
+            res = self.search(user_dn, scope=ldb.SCOPE_BASE,
+                              expression="objectclass=*",
+                              attrs=["objectSid"])
+            assert len(res) == 1
+            user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0])
+            try:
+                idmap = IDmapDB(lp=self.lp)
+                user = pwd.getpwnam(unixname)
+                # setup ID mapping for this UID
+                idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
+            except KeyError:
+                pass
+        except:
+            if setpassword:
+                self.setpassword("(samAccountName=%s)" % username, password,
+                                 force_password_change_at_next_login_req)
+        except Exception:
             self.transaction_cancel()
             raise
+        self.transaction_commit()
+    def setpassword(self, filter, password, force_password_change_at_next_login_req=False):
+        else:
+            self.transaction_commit()
+    def setpassword(self, search_filter, password,
+            force_change_at_next_login=False, username=None):
         """Sets the password for a user
+        Note: This call uses the "userPassword" attribute to set the password.
+        This works correctly on SAMBA 4 and on Windows DCs with
+        "2003 Native" or higer domain function level.
+        :param filter: LDAP filter to find the user (eg samccountname=name)
+        :param search_filter: LDAP filter to find the user (eg
+            samccountname=name)
         :param password: Password for the user
         :param force_password_change_at_next_login_req: Force password change
+        :param force_change_at_next_login: Force password change
         """
         self.transaction_start()
         try:
             res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                              expression=filter, attrs=[])
+            assert(len(res) == 1)
+                              expression=search_filter, attrs=[])
+            if len(res) == 0:
+                raise Exception('Unable to find user "%s"' % (username or search_filter))
+            if len(res) > 1:
+                raise Exception('Matched %u multiple users with filter "%s"' % (len(res), search_filter))
             user_dn = res[0].dn
             setpw = """
 dn: %s
 changetype: modify
 replace: userPassword
 userPassword:: %s
 """ % (user_dn, base64.b64encode(password))
+replace: unicodePwd
+unicodePwd:: %s
+""" % (user_dn, base64.b64encode(("\"" + password + "\"").encode('utf-16-le')))
             self.modify_ldif(setpw)
             if force_password_change_at_next_login_req:
+            if force_change_at_next_login:
                 self.force_password_change_at_next_login(
                   "(dn=" + str(user_dn) + ")")
             #  modify the userAccountControl to remove the disabled bit
             self.enable_account(filter)
         except:
+            self.enable_account(search_filter)
+        except Exception:
             self.transaction_cancel()
             raise
+        self.transaction_commit()
+    def setexpiry(self, filter, expiry_seconds, no_expiry_req=False):
+        else:
+            self.transaction_commit()
+    def setexpiry(self, search_filter, expiry_seconds, no_expiry_req=False):
         """Sets the account expiry for a user
+        :param filter: LDAP filter to find the user (eg samccountname=name)
+        :param search_filter: LDAP filter to find the user (eg
+            samaccountname=name)
         :param expiry_seconds: expiry time from now in seconds
         :param no_expiry_req: if set, then don't expire password
 …
         try:
             res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                           expression=filter,
+                          expression=search_filter,
                           attrs=["userAccountControl", "accountExpires"])
             assert(len(res) == 1)
 …
             else:
                 userAccountControl = userAccountControl & ~0x10000
                 accountExpires = glue.unix2nttime(expiry_seconds + int(time.time()))
+                accountExpires = samba.unix2nttime(expiry_seconds + int(time.time()))
             setexp = """
 …
             self.modify_ldif(setexp)
         except:
+        except Exception:
             self.transaction_cancel()
             raise
+        self.transaction_commit();
+        else:
+            self.transaction_commit()
+    def set_domain_sid(self, sid):
+        """Change the domain SID used by this LDB.
+        :param sid: The new domain sid to use.
+        """
+        dsdb._samdb_set_domain_sid(self, sid)
+    def get_domain_sid(self):
+        """Read the domain SID used by this LDB. """
+        return dsdb._samdb_get_domain_sid(self)
+    domain_sid = property(get_domain_sid, set_domain_sid,
+        "SID for the domain")
+    def set_invocation_id(self, invocation_id):
+        """Set the invocation id for this SamDB handle.
+        :param invocation_id: GUID of the invocation id.
+        """
+        dsdb._dsdb_set_ntds_invocation_id(self, invocation_id)
+    def get_invocation_id(self):
+        """Get the invocation_id id"""
+        return dsdb._samdb_ntds_invocation_id(self)
+    invocation_id = property(get_invocation_id, set_invocation_id,
+        "Invocation ID GUID")
+    def get_oid_from_attid(self, attid):
+        return dsdb._dsdb_get_oid_from_attid(self, attid)
+    def get_attid_from_lDAPDisplayName(self, ldap_display_name,
+            is_schema_nc=False):
+        return dsdb._dsdb_get_attid_from_lDAPDisplayName(self,
+            ldap_display_name, is_schema_nc)
+    def set_ntds_settings_dn(self, ntds_settings_dn):
+        """Set the NTDS Settings DN, as would be returned on the dsServiceName
+        rootDSE attribute.
+        This allows the DN to be set before the database fully exists
+        :param ntds_settings_dn: The new DN to use
+        """
+        dsdb._samdb_set_ntds_settings_dn(self, ntds_settings_dn)
+    def get_ntds_GUID(self):
+        """Get the NTDS objectGUID"""
+        return dsdb._samdb_ntds_objectGUID(self)
+    def server_site_name(self):
+        """Get the server site name"""
+        return dsdb._samdb_server_site_name(self)
+    def load_partition_usn(self, base_dn):
+        return dsdb._dsdb_load_partition_usn(self, base_dn)
+    def set_schema(self, schema):
+        self.set_schema_from_ldb(schema.ldb)
+    def set_schema_from_ldb(self, ldb_conn):
+        dsdb._dsdb_set_schema_from_ldb(self, ldb_conn)
+    def dsdb_DsReplicaAttribute(self, ldb, ldap_display_name, ldif_elements):
+        return dsdb._dsdb_DsReplicaAttribute(ldb, ldap_display_name, ldif_elements)
+    def get_attribute_from_attid(self, attid):
+        """ Get from an attid the associated attribute
+        :param attid: The attribute id for searched attribute
+        :return: The name of the attribute associated with this id
+        """
+        if len(self.hash_oid_name.keys()) == 0:
+            self._populate_oid_attid()
+        if self.hash_oid_name.has_key(self.get_oid_from_attid(attid)):
+            return self.hash_oid_name[self.get_oid_from_attid(attid)]
+        else:
+            return None
+    def _populate_oid_attid(self):
+        """Populate the hash hash_oid_name.
+        This hash contains the oid of the attribute as a key and
+        its display name as a value
+        """
+        self.hash_oid_name = {}
+        res = self.search(expression="objectClass=attributeSchema",
+                           controls=["search_options:1:2"],
+                           attrs=["attributeID",
+                           "lDAPDisplayName"])
+        if len(res) > 0:
+            for e in res:
+                strDisplay = str(e.get("lDAPDisplayName"))
+                self.hash_oid_name[str(e.get("attributeID"))] = strDisplay
+    def get_attribute_replmetadata_version(self, dn, att):
+        """Get the version field trom the replPropertyMetaData for
+        the given field
+        :param dn: The on which we want to get the version
+        :param att: The name of the attribute
+        :return: The value of the version field in the replPropertyMetaData
+            for the given attribute. None if the attribute is not replicated
+        """
+        res = self.search(expression="dn=%s" % dn,
+                            scope=ldb.SCOPE_SUBTREE,
+                            controls=["search_options:1:2"],
+                            attrs=["replPropertyMetaData"])
+        if len(res) == 0:
+            return None
+        repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                            str(res[0]["replPropertyMetaData"]))
+        ctr = repl.ctr
+        if len(self.hash_oid_name.keys()) == 0:
+            self._populate_oid_attid()
+        for o in ctr.array:
+            # Search for Description
+            att_oid = self.get_oid_from_attid(o.attid)
+            if self.hash_oid_name.has_key(att_oid) and\
+               att.lower() == self.hash_oid_name[att_oid].lower():
+                return o.version
+        return None
+    def set_attribute_replmetadata_version(self, dn, att, value,
+            addifnotexist=False):
+        res = self.search(expression="dn=%s" % dn,
+                            scope=ldb.SCOPE_SUBTREE,
+                            controls=["search_options:1:2"],
+                            attrs=["replPropertyMetaData"])
+        if len(res) == 0:
+            return None
+        repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                            str(res[0]["replPropertyMetaData"]))
+        ctr = repl.ctr
+        now = samba.unix2nttime(int(time.time()))
+        found = False
+        if len(self.hash_oid_name.keys()) == 0:
+            self._populate_oid_attid()
+        for o in ctr.array:
+            # Search for Description
+            att_oid = self.get_oid_from_attid(o.attid)
+            if self.hash_oid_name.has_key(att_oid) and\
+               att.lower() == self.hash_oid_name[att_oid].lower():
+                found = True
+                seq = self.sequence_number(ldb.SEQ_NEXT)
+                o.version = value
+                o.originating_change_time = now
+                o.originating_invocation_id = misc.GUID(self.get_invocation_id())
+                o.originating_usn = seq
+                o.local_usn = seq
+        if not found and addifnotexist and len(ctr.array) >0:
+            o2 = drsblobs.replPropertyMetaData1()
+            o2.attid = 589914
+            att_oid = self.get_oid_from_attid(o2.attid)
+            seq = self.sequence_number(ldb.SEQ_NEXT)
+            o2.version = value
+            o2.originating_change_time = now
+            o2.originating_invocation_id = misc.GUID(self.get_invocation_id())
+            o2.originating_usn = seq
+            o2.local_usn = seq
+            found = True
+            tab = ctr.array
+            tab.append(o2)
+            ctr.count = ctr.count + 1
+            ctr.array = tab
+        if found :
+            replBlob = ndr_pack(repl)
+            msg = ldb.Message()
+            msg.dn = res[0].dn
+            msg["replPropertyMetaData"] = ldb.MessageElement(replBlob,
+                                                ldb.FLAG_MOD_REPLACE,
+                                                "replPropertyMetaData")
+            self.modify(msg, ["local_oid:1.3.6.1.4.1.7165.4.3.14:0"])
+    def write_prefixes_from_schema(self):
+        dsdb._dsdb_write_prefixes_from_schema_to_ldb(self)
+    def get_partitions_dn(self):
+        return dsdb._dsdb_get_partitions_dn(self)
+    def set_minPwdAge(self, value):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self, self.domain_dn())
+        m["minPwdAge"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "minPwdAge")
+        self.modify(m)
+    def get_minPwdAge(self):
+        res = self.search(self.domain_dn(), scope=ldb.SCOPE_BASE, attrs=["minPwdAge"])
+        if len(res) == 0:
+            return None
+        elif not "minPwdAge" in res[0]:
+            return None
+        else:
+            return res[0]["minPwdAge"][0]
+    def set_minPwdLength(self, value):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self, self.domain_dn())
+        m["minPwdLength"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "minPwdLength")
+        self.modify(m)
+    def get_minPwdLength(self):
+        res = self.search(self.domain_dn(), scope=ldb.SCOPE_BASE, attrs=["minPwdLength"])
+        if len(res) == 0:
+            return None
+        elif not "minPwdLength" in res[0]:
+            return None
+        else:
+            return res[0]["minPwdLength"][0]
+    def set_pwdProperties(self, value):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self, self.domain_dn())
+        m["pwdProperties"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "pwdProperties")
+        self.modify(m)
+    def get_pwdProperties(self):
+        res = self.search(self.domain_dn(), scope=ldb.SCOPE_BASE, attrs=["pwdProperties"])
+        if len(res) == 0:
+            return None
+        elif not "pwdProperties" in res[0]:
+            return None
+        else:
+            return res[0]["pwdProperties"][0]
+    def set_dsheuristics(self, dsheuristics):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self, "CN=Directory Service,CN=Windows NT,CN=Services,%s"
+                      % self.get_config_basedn().get_linearized())
+        if dsheuristics is not None:
+            m["dSHeuristics"] = ldb.MessageElement(dsheuristics,
+                ldb.FLAG_MOD_REPLACE, "dSHeuristics")
+        else:
+            m["dSHeuristics"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE,
+                "dSHeuristics")
+        self.modify(m)
+    def get_dsheuristics(self):
+        res = self.search("CN=Directory Service,CN=Windows NT,CN=Services,%s"
+                          % self.get_config_basedn().get_linearized(),
+                          scope=ldb.SCOPE_BASE, attrs=["dSHeuristics"])
+        if len(res) == 0:
+            dsheuristics = None
+        elif "dSHeuristics" in res[0]:
+            dsheuristics = res[0]["dSHeuristics"][0]
+        else:
+            dsheuristics = None
+        return dsheuristics
+    def create_ou(self, ou_dn, description=None, name=None, sd=None):
+        """Creates an organizationalUnit object
+        :param ou_dn: dn of the new object
+        :param description: description attribute
+        :param name: name atttribute
+        :param sd: security descriptor of the object, can be
+        an SDDL string or security.descriptor type
+        """
+        m = {"dn": ou_dn,
+             "objectClass": "organizationalUnit"}
+        if description:
+            m["description"] = description
+        if name:
+            m["name"] = name
+        if sd:
+            m["nTSecurityDescriptor"] = ndr_pack(sd)
+        self.add(m)

vendor/current/source4/scripting/python/samba/tests/init.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+#
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2010
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 import ldb
 import samba
+import samba.auth
+from samba import param
+from samba.samdb import SamDB
+import subprocess
 import tempfile
+import unittest
+class LdbTestCase(unittest.TestCase):
+# Other modules import these two classes from here, for convenience:
+from testtools.testcase import (
+    TestCase as TesttoolsTestCase,
+    TestSkipped,
+    )
+class TestCase(TesttoolsTestCase):
+    """A Samba test case."""
+    def setUp(self):
+        super(TestCase, self).setUp()
+        test_debug_level = os.getenv("TEST_DEBUG_LEVEL")
+        if test_debug_level is not None:
+            test_debug_level = int(test_debug_level)
+            self._old_debug_level = samba.get_debug_level()
+            samba.set_debug_level(test_debug_level)
+            self.addCleanup(samba.set_debug_level, test_debug_level)
+    def get_loadparm(self):
+        return env_loadparm()
+    def get_credentials(self):
+        return cmdline_credentials
+class LdbTestCase(TesttoolsTestCase):
     """Trivial test case for running tests against a LDB."""
     def setUp(self):
+        super(LdbTestCase, self).setUp()
         self.filename = os.tempnam()
         self.ldb = samba.Ldb(self.filename)
 …
 class TestCaseInTempDir(unittest.TestCase):
+class TestCaseInTempDir(TestCase):
     def setUp(self):
 …
+class SubstituteVarTestCase(unittest.TestCase):
+    def test_empty(self):
+        self.assertEquals("", samba.substitute_var("", {}))
+    def test_nothing(self):
+        self.assertEquals("foo bar", samba.substitute_var("foo bar", {"bar": "bla"}))
+    def test_replace(self):
+        self.assertEquals("foo bla", samba.substitute_var("foo ${bar}", {"bar": "bla"}))
+    def test_broken(self):
+        self.assertEquals("foo ${bdkjfhsdkfh sdkfh ",
+                samba.substitute_var("foo ${bdkjfhsdkfh sdkfh ", {"bar": "bla"}))
+    def test_unknown_var(self):
+        self.assertEquals("foo ${bla} gsff",
+                samba.substitute_var("foo ${bla} gsff", {"bar": "bla"}))
+    def test_check_all_substituted(self):
+        samba.check_all_substituted("nothing to see here")
+        self.assertRaises(Exception, samba.check_all_substituted, "Not subsituted: ${FOOBAR}")
+class LdbExtensionTests(TestCaseInTempDir):
+    def test_searchone(self):
+        path = self.tempdir + "/searchone.ldb"
+        l = samba.Ldb(path)
+        try:
+            l.add({"dn": "foo=dc", "bar": "bla"})
+            self.assertEquals("bla", l.searchone(basedn=ldb.Dn(l, "foo=dc"), attribute="bar"))
+        finally:
+            del l
+            os.unlink(path)
+cmdline_loadparm = None
+def env_loadparm():
+    lp = param.LoadParm()
+    try:
+        lp.load(os.environ["SMB_CONF_PATH"])
+    except KeyError:
+        raise Exception("SMB_CONF_PATH not set")
+    return lp
+def env_get_var_value(var_name):
+    """Returns value for variable in os.environ
+    Function throws AssertionError if variable is defined.
+    Unit-test based python tests require certain input params
+    to be set in environment, otherwise they can't be run
+    """
+    assert var_name in os.environ.keys(), "Please supply %s in environment" % var_name
+    return os.environ[var_name]
 cmdline_credentials = None
+class RpcInterfaceTestCase(unittest.TestCase):
+    def get_loadparm(self):
+        assert cmdline_loadparm is not None
+        return cmdline_loadparm
+    def get_credentials(self):
+        return cmdline_credentials
+class ValidNetbiosNameTests(unittest.TestCase):
+class RpcInterfaceTestCase(TestCase):
+    """DCE/RPC Test case."""
+class ValidNetbiosNameTests(TestCase):
     def test_valid(self):
 …
     def test_invalid_characters(self):
         self.assertFalse(samba.valid_netbios_name("*BLA"))
+class BlackboxProcessError(subprocess.CalledProcessError):
+    """This exception is raised when a process run by check_output() returns
+    a non-zero exit status. Exception instance should contain
+    the exact exit code (S.returncode), command line (S.cmd),
+    process output (S.stdout) and process error stream (S.stderr)"""
+    def __init__(self, returncode, cmd, stdout, stderr):
+        super(BlackboxProcessError, self).__init__(returncode, cmd)
+        self.stdout = stdout
+        self.stderr = stderr
+    def __str__(self):
+        return "Command '%s'; exit status %d; stdout: '%s'; stderr: '%s'" % (self.cmd, self.returncode,
+                                                                             self.stdout, self.stderr)
+class BlackboxTestCase(TestCase):
+    """Base test case for blackbox tests."""
+    def _make_cmdline(self, line):
+        bindir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../bin"))
+        parts = line.split(" ")
+        if os.path.exists(os.path.join(bindir, parts[0])):
+            parts[0] = os.path.join(bindir, parts[0])
+        line = " ".join(parts)
+        return line
+    def check_run(self, line):
+        line = self._make_cmdline(line)
+        subprocess.check_call(line, shell=True)
+    def check_output(self, line):
+        line = self._make_cmdline(line)
+        p = subprocess.Popen(line, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, close_fds=True)
+        retcode = p.wait()
+        if retcode:
+            raise BlackboxProcessError(retcode, line, p.stdout.read(), p.stderr.read())
+        return p.stdout.read()
+def connect_samdb(samdb_url, lp=None, session_info=None, credentials=None,
+                  flags=0, ldb_options=None, ldap_only=False):
+    """Create SamDB instance and connects to samdb_url database.
+    :param samdb_url: Url for database to connect to.
+    :param lp: Optional loadparm object
+    :param session_info: Optional session information
+    :param credentials: Optional credentials, defaults to anonymous.
+    :param flags: Optional LDB flags
+    :param ldap_only: If set, only remote LDAP connection will be created.
+    Added value for tests is that we have a shorthand function
+    to make proper URL for ldb.connect() while using default
+    parameters for connection based on test environment
+    """
+    samdb_url = samdb_url.lower()
+    if not "://" in samdb_url:
+        if not ldap_only and os.path.isfile(samdb_url):
+            samdb_url = "tdb://%s" % samdb_url
+        else:
+            samdb_url = "ldap://%s" % samdb_url
+    # use 'paged_search' module when connecting remotely
+    if samdb_url.startswith("ldap://"):
+        ldb_options = ["modules:paged_searches"]
+    elif ldap_only:
+        raise AssertionError("Trying to connect to %s while remote "
+                             "connection is required" % samdb_url)
+    # set defaults for test environment
+    if lp is None:
+        lp = env_loadparm()
+    if session_info is None:
+        session_info = samba.auth.system_session(lp)
+    if credentials is None:
+        credentials = cmdline_credentials
+    return SamDB(url=samdb_url,
+                 lp=lp,
+                 session_info=session_info,
+                 credentials=credentials,
+                 flags=flags,
+                 options=ldb_options)
+def connect_samdb_ex(samdb_url, lp=None, session_info=None, credentials=None,
+                     flags=0, ldb_options=None, ldap_only=False):
+    """Connects to samdb_url database
+    :param samdb_url: Url for database to connect to.
+    :param lp: Optional loadparm object
+    :param session_info: Optional session information
+    :param credentials: Optional credentials, defaults to anonymous.
+    :param flags: Optional LDB flags
+    :param ldap_only: If set, only remote LDAP connection will be created.
+    :return: (sam_db_connection, rootDse_record) tuple
+    """
+    sam_db = connect_samdb(samdb_url, lp, session_info, credentials,
+                           flags, ldb_options, ldap_only)
+    # fetch RootDse
+    res = sam_db.search(base="", expression="", scope=ldb.SCOPE_BASE,
+                        attrs=["*"])
+    return (sam_db, res[0])
+def delete_force(samdb, dn):
+    try:
+        samdb.delete(dn)
+    except ldb.LdbError, (num, _):
+        assert(num == ldb.ERR_NO_SUCH_OBJECT)

vendor/current/source4/scripting/python/samba/tests/dcerpc/init.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
 # Unix SMB/CIFS implementation.
 # Copyright Â© Jelmer Vernooij <jelmer@samba.org> 2008
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 …
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""Tests for the DCE/RPC Python bindings."""

vendor/current/source4/scripting/python/samba/tests/dcerpc/bare.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
 …
+#
+"""Tests for samba.dcerpc.bare."""
 from samba.dcerpc import ClientConnection
+from unittest import TestCase
+from samba.tests import cmdline_loadparm
+import samba.tests
+class BareTestCase(TestCase):
+class BareTestCase(samba.tests.TestCase):
     def test_bare(self):
         # Connect to the echo pipe
         x = ClientConnection("ncalrpc:localhost[DEFAULT]",
+                ("60a15ec5-4de8-11d7-a637-005056a20182", 1), lp_ctx=cmdline_loadparm)
+                ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+                lp_ctx=samba.tests.env_loadparm())
         self.assertEquals("\x01\x00\x00\x00", x.request(0, chr(0) * 4))
     def test_alter_context(self):
         x = ClientConnection("ncalrpc:localhost[DEFAULT]",
+                ("12345778-1234-abcd-ef00-0123456789ac", 1), lp_ctx=cmdline_loadparm)
+                ("12345778-1234-abcd-ef00-0123456789ac", 1),
+                lp_ctx=samba.tests.env_loadparm())
         y = ClientConnection("ncalrpc:localhost",
                 ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
                 basis_connection=x, lp_ctx=cmdline_loadparm)
+                basis_connection=x, lp_ctx=samba.tests.env_loadparm())
         x.alter_context(("60a15ec5-4de8-11d7-a637-005056a20182", 1))
         # FIXME: self.assertEquals("\x01\x00\x00\x00", x.request(0, chr(0) * 4))
 …
     def test_two_connections(self):
         x = ClientConnection("ncalrpc:localhost[DEFAULT]",
+                ("60a15ec5-4de8-11d7-a637-005056a20182", 1), lp_ctx=cmdline_loadparm)
+                ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+                lp_ctx=samba.tests.env_loadparm())
         y = ClientConnection("ncalrpc:localhost",
                 ("60a15ec5-4de8-11d7-a637-005056a20182", 1),
                 basis_connection=x, lp_ctx=cmdline_loadparm)
+                basis_connection=x, lp_ctx=samba.tests.env_loadparm())
         self.assertEquals("\x01\x00\x00\x00", y.request(0, chr(0) * 4))

vendor/current/source4/scripting/python/samba/tests/dcerpc/misc.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+import unittest
+"""Tests for samba.dcerpc.misc."""
 from samba.dcerpc import misc
+import samba.tests
 text1 = "76f53846-a7c2-476a-ae2c-20e2b80d7b34"
 text2 = "344edffa-330a-4b39-b96e-2c34da52e8b1"
 class GUIDTests(unittest.TestCase):
+class GUIDTests(samba.tests.TestCase):
     def test_str(self):
 …
         self.assertEquals(0, cmp(guid1, guid2))
         self.assertEquals(guid1, guid2)
 class PolicyHandleTests(unittest.TestCase):
+class PolicyHandleTests(samba.tests.TestCase):
     def test_init(self):

vendor/current/source4/scripting/python/samba/tests/dcerpc/registry.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+"""Tests for samba.dcerpc.registry."""
 from samba.dcerpc import winreg
 from samba.tests import RpcInterfaceTestCase
 …
     def setUp(self):
+        super(WinregTests, self).setUp()
         self.conn = winreg.winreg("ncalrpc:", self.get_loadparm(),
                                   self.get_credentials())

vendor/current/source4/scripting/python/samba/tests/dcerpc/rpcecho.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+"""Tests for samba.dceprc.rpcecho."""
 from samba.dcerpc import echo
 from samba.ndr import ndr_pack, ndr_unpack
+import unittest
+from samba.tests import RpcInterfaceTestCase
+from samba.tests import RpcInterfaceTestCase, TestCase
 …
     def setUp(self):
+        super(RpcEchoTests, self).setUp()
         self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm())
 …
     def test_abstract_syntax(self):
         self.assertEquals(("60a15ec5-4de8-11d7-a637-005056a20182", 1),
+        self.assertEquals(("60a15ec5-4de8-11d7-a637-005056a20182", 1),
                           self.conn.abstract_syntax)
 …
 class NdrEchoTests(unittest.TestCase):
+class NdrEchoTests(TestCase):
     def test_info1_push(self):

vendor/current/source4/scripting/python/samba/tests/dcerpc/sam.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
 …
+#
+"""Tests for samba.dcerpc.sam."""
 from samba.dcerpc import samr, security
 from samba.tests import RpcInterfaceTestCase
 …
     def setUp(self):
+        super(SamrTests, self).setUp()
         self.conn = samr.samr("ncalrpc:", self.get_loadparm())
 …
     def test_connect2(self):
         handle = self.conn.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        self.assertTrue(handle is not None)
     def test_EnumDomains(self):

vendor/current/source4/scripting/python/samba/tests/dcerpc/unix.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+"""Tests for samba.dcerpc.unixinfo."""
 from samba.dcerpc import unixinfo
 from samba.tests import RpcInterfaceTestCase
 …
     def setUp(self):
+        super(UnixinfoTests, self).setUp()
         self.conn = unixinfo.unixinfo("ncalrpc:", self.get_loadparm())
     def test_getpwuid(self):
+    def test_getpwuid_int(self):
         infos = self.conn.GetPWUid(range(512))
         self.assertEquals(512, len(infos))
 …
         self.assertTrue(isinstance(infos[0].homedir, unicode))
+    def test_getpwuid(self):
+        infos = self.conn.GetPWUid(map(long, range(512)))
+        self.assertEquals(512, len(infos))
+        self.assertEquals("/bin/false", infos[0].shell)
+        self.assertTrue(isinstance(infos[0].homedir, unicode))
     def test_gidtosid(self):
         self.conn.GidToSid(1000)
+        self.conn.GidToSid(1000L)
     def test_uidtosid(self):
         self.conn.UidToSid(1000)
+    def test_uidtosid_fail(self):
+        self.assertRaises(TypeError, self.conn.UidToSid, "100")

vendor/current/source4/scripting/python/samba/tests/provision.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+"""Tests for samba.provision."""
 import os
 from samba.provision import setup_secretsdb, findnss
+from samba.provision import setup_secretsdb, findnss, ProvisionPaths
 import samba.tests
+from ldb import Dn
+from samba import param
+import unittest
+from samba.tests import env_loadparm, TestCase
+lp = samba.tests.cmdline_loadparm
+def create_dummy_secretsdb(path, lp=None):
+    """Create a dummy secrets database for use in tests.
+setup_dir = "setup"
+def setup_path(file):
+    return os.path.join(setup_dir, file)
+    :param path: Path to store the secrets db
+    :param lp: Optional loadparm context. A simple one will
+        be generated if not specified.
+    """
+    if lp is None:
+        lp = env_loadparm()
+    paths = ProvisionPaths()
+    paths.secrets = path
+    paths.private_dir = os.path.dirname(path)
+    paths.keytab = "no.keytab"
+    paths.dns_keytab = "no.dns.keytab"
+    secrets_ldb = setup_secretsdb(paths, None, None, lp=lp)
+    secrets_ldb.transaction_commit()
+    return secrets_ldb
 …
     """Some simple tests for individual functions in the provisioning code.
     """
     def test_setup_secretsdb(self):
         path = os.path.join(self.tempdir, "secrets.ldb")
+        ldb = setup_secretsdb(path, setup_path, None, None, lp=lp)
+        paths = ProvisionPaths()
+        paths.secrets = path
+        paths.private_dir = os.path.dirname(path)
+        paths.keytab = "no.keytab"
+        paths.dns_keytab = "no.dns.keytab"
+        ldb = setup_secretsdb(paths, None, None, lp=env_loadparm())
         try:
             self.assertEquals("LSA Secrets",
 …
 class FindNssTests(unittest.TestCase):
+class FindNssTests(TestCase):
     """Test findnss() function."""
     def test_nothing(self):
         def x(y):
 …
 class Disabled(object):
     def test_setup_templatesdb(self):
         raise NotImplementedError(self.test_setup_templatesdb)
 …
         raise NotImplementedError(self.test_vampire)
-    def test_erase_partitions(self):
-        raise NotImplementedError(self.test_erase_partitions)

vendor/current/source4/scripting/python/samba/tests/samba3.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+import unittest
+from samba.samba3 import GroupMappingDatabase, Registry, PolicyDatabase, SecretsDatabase, TdbSam
+from samba.samba3 import WinsDatabase, SmbpasswdFile, ACB_NORMAL, IdmapDatabase, SAMUser, ParamFile
+"""Tests for samba.samba3."""
+from samba.samba3 import (GroupMappingDatabase, Registry, PolicyDatabase,
+        SecretsDatabase, TdbSam)
+from samba.samba3 import (WinsDatabase, SmbpasswdFile, ACB_NORMAL,
+        IdmapDatabase, SAMUser, ParamFile)
+from samba.tests import TestCase
 import os
+DATADIR=os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3")
+print "Samba 3 data dir: %s" % DATADIR
+class RegistryTestCase(unittest.TestCase):
+    def setUp(self):
+for p in [ "../../../../../testdata/samba3", "../../../../testdata/samba3" ]:
+    DATADIR = os.path.join(os.path.dirname(__file__), p)
+    if os.path.exists(DATADIR):
+        break
+class RegistryTestCase(TestCase):
+    def setUp(self):
+        super(RegistryTestCase, self).setUp()
         self.registry = Registry(os.path.join(DATADIR, "registry.tdb"))
     def tearDown(self):
         self.registry.close()
+        super(RegistryTestCase, self).tearDown()
     def test_length(self):
 …
+class PolicyTestCase(unittest.TestCase):
+    def setUp(self):
+class PolicyTestCase(TestCase):
+    def setUp(self):
+        super(PolicyTestCase, self).setUp()
         self.policy = PolicyDatabase(os.path.join(DATADIR, "account_policy.tdb"))
 …
+class GroupsTestCase(unittest.TestCase):
+    def setUp(self):
+class GroupsTestCase(TestCase):
+    def setUp(self):
+        super(GroupsTestCase, self).setUp()
         self.groupdb = GroupMappingDatabase(os.path.join(DATADIR, "group_mapping.tdb"))
     def tearDown(self):
         self.groupdb.close()
+        super(GroupsTestCase, self).tearDown()
     def test_group_length(self):
 …
+class SecretsDbTestCase(unittest.TestCase):
+    def setUp(self):
+class SecretsDbTestCase(TestCase):
+    def setUp(self):
+        super(SecretsDbTestCase, self).setUp()
         self.secretsdb = SecretsDatabase(os.path.join(DATADIR, "secrets.tdb"))
     def tearDown(self):
         self.secretsdb.close()
+        super(SecretsDbTestCase, self).tearDown()
     def test_get_sid(self):
 …
+class TdbSamTestCase(unittest.TestCase):
+    def setUp(self):
+class TdbSamTestCase(TestCase):
+    def setUp(self):
+        super(TdbSamTestCase, self).setUp()
         self.samdb = TdbSam(os.path.join(DATADIR, "passdb.tdb"))
     def tearDown(self):
         self.samdb.close()
+        super(TdbSamTestCase, self).tearDown()
     def test_usernames(self):
 …
+class WinsDatabaseTestCase(unittest.TestCase):
+    def setUp(self):
+class WinsDatabaseTestCase(TestCase):
+    def setUp(self):
+        super(WinsDatabaseTestCase, self).setUp()
         self.winsdb = WinsDatabase(os.path.join(DATADIR, "wins.dat"))
 …
     def tearDown(self):
         self.winsdb.close()
+class SmbpasswdTestCase(unittest.TestCase):
+    def setUp(self):
+        super(WinsDatabaseTestCase, self).tearDown()
+class SmbpasswdTestCase(TestCase):
+    def setUp(self):
+        super(SmbpasswdTestCase, self).setUp()
         self.samdb = SmbpasswdFile(os.path.join(DATADIR, "smbpasswd"))
 …
     def tearDown(self):
         self.samdb.close()
+class IdmapDbTestCase(unittest.TestCase):
+    def setUp(self):
+        self.idmapdb = IdmapDatabase(os.path.join(DATADIR, "winbindd_idmap.tdb"))
+        super(SmbpasswdTestCase, self).tearDown()
+class IdmapDbTestCase(TestCase):
+    def setUp(self):
+        super(IdmapDbTestCase, self).setUp()
+        self.idmapdb = IdmapDatabase(os.path.join(DATADIR,
+            "winbindd_idmap.tdb"))
     def test_user_hwm(self):
 …
     def tearDown(self):
         self.idmapdb.close()
+class ShareInfoTestCase(unittest.TestCase):
+    def setUp(self):
+        self.shareinfodb = ShareInfoDatabase(os.path.join(DATADIR, "share_info.tdb"))
+    # FIXME: needs proper data so it can be tested
+    def tearDown(self):
+        self.shareinfodb.close()
+class ParamTestCase(unittest.TestCase):
+        super(IdmapDbTestCase, self).tearDown()
+class ParamTestCase(TestCase):
     def test_init(self):
         file = ParamFile()

vendor/current/source4/scripting/python/samba/tests/samdb.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation. Tests for SamDB
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+#
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
+#
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""Tests for samba.samdb."""
+import logging
+import os
+import uuid
 from samba.auth import system_session
 from samba.credentials import Credentials
+import os
 from samba.provision import setup_samdb, guess_names, setup_templatesdb, make_smbconf, find_setup_dir
 from samba.samdb import SamDB
+from samba.provision import (setup_samdb, guess_names, make_smbconf,
+    provision_paths_from_lp)
+from samba.provision import DEFAULT_POLICY_GUID, DEFAULT_DC_POLICY_GUID
+from samba.provision.backend import ProvisionBackend
 from samba.tests import TestCaseInTempDir
 from samba.dcerpc import security
+from unittest import TestCase
+import uuid
+from samba.schema import Schema
 from samba import param
 …
 class SamDBTestCase(TestCaseInTempDir):
     """Base-class for tests with a Sam Database.
     This is used by the Samba SamDB-tests, but e.g. also by the OpenChange
     provisioning tests (which need a Sam).
     """
-    def setup_path(self, relpath):
-        return os.path.join(find_setup_dir(), relpath)
     def setUp(self):
 …
         schemadn = "CN=Schema," + configdn
         domainguid = str(uuid.uuid4())
+        policyguid = str(uuid.uuid4())
+        creds = Credentials()
+        creds.set_anonymous()
+        policyguid = DEFAULT_POLICY_GUID
         domainsid = security.random_sid()
-        hostguid = str(uuid.uuid4())
         path = os.path.join(self.tempdir, "samdb.ldb")
         session_info = system_session()
 …
         dnsdomain="example.com"
         serverrole="domain controller"
+        policyguid_dc = DEFAULT_DC_POLICY_GUID
         smbconf = os.path.join(self.tempdir, "smb.conf")
         make_smbconf(smbconf, self.setup_path, hostname, domain, dnsdomain,
+        make_smbconf(smbconf, hostname, domain, dnsdomain,
                      serverrole, self.tempdir)
 …
                             domaindn=self.domaindn, configdn=configdn,
                             schemadn=schemadn)
+        setup_templatesdb(os.path.join(self.tempdir, "templates.ldb"),
+                          self.setup_path, session_info=session_info, lp=self.lp)
+        self.samdb = setup_samdb(path, self.setup_path, session_info, creds,
+                                 self.lp, names,
+                                 lambda x: None, domainsid,
+                                 domainguid,
+                                 policyguid, False, "secret",
+                                 "secret", "secret", invocationid,
+                                 "secret", "domain controller")
+        paths = provision_paths_from_lp(self.lp, names.dnsdomain)
+        logger = logging.getLogger("provision")
+        provision_backend = ProvisionBackend("ldb", paths=paths,
+                lp=self.lp, credentials=None,
+                names=names, logger=logger)
+        schema = Schema(domainsid, invocationid=invocationid,
+                schemadn=names.schemadn, serverdn=names.serverdn,
+                am_rodc=False)
+        self.samdb = setup_samdb(path, session_info,
+                provision_backend, self.lp, names, logger,
+                domainsid, domainguid, policyguid, policyguid_dc, False,
+                "secret", "secret", "secret", invocationid, "secret",
+                None, "domain controller", schema=schema)
     def tearDown(self):
         for f in ['templates.ldb', 'schema.ldb', 'configuration.ldb',
+        for f in ['schema.ldb', 'configuration.ldb',
                   'users.ldb', 'samdb.ldb', 'smb.conf']:
             os.remove(os.path.join(self.tempdir, f))
         super(SamDBTestCase, self).tearDown()
-# disable this test till andrew works it out ...
-class SamDBTests(SamDBTestCase):
-    """Tests for the SamDB implementation."""
-    print "samdb add_foreign disabled for now"
-#    def test_add_foreign(self):

vendor/current/source4/scripting/python/samba/tests/upgrade.py

-              r414
+              r740
 #!/usr/bin/python
+#!/usr/bin/env python
 # Unix SMB/CIFS implementation.
 …
+#
+from samba import Ldb
+"""Tests for samba.upgrade."""
 from samba.upgrade import import_wins
 from samba.tests import LdbTestCase
 class WinsUpgradeTests(LdbTestCase):
     def test_upgrade(self):
         winsdb = {

vendor/current/source4/scripting/python/samba/upgrade.py

-              r414
+              r740
+#!/usr/bin/python
+# backend code for upgrading from Samba3
+# Copyright Jelmer Vernooij 2005-2007
+#
+#       backend code for upgrading from Samba3
+#       Copyright Jelmer Vernooij 2005-2007
+#       Released under the GNU GPL v3 or later
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
 """Support code for upgrading from Samba 3 to Samba 4."""
 …
 __docformat__ = "restructuredText"
-from provision import provision, FILL_DRS
 import grp
 import ldb
 import time
 import pwd
+import registry
 from samba import Ldb
+from samba import Ldb, registry
 from samba.param import LoadParm
+from samba.provision import provision
 def import_sam_policy(samldb, policy, dn):
 …
 samba3DisconnectTime: %d
 """ % (dn, policy.min_password_length,
+""" % (dn, policy.min_password_length,
     policy.password_history, policy.minimum_password_age,
     policy.maximum_password_age, policy.lockout_duration,
 …
 def import_sam_account(samldb,acc,domaindn,domainsid):
     """Import a Samba 3 SAM account.
     :param samldb: Samba 4 SAM Database handle
     :param acc: Samba 3 account
 …
     if acc.fullname is None:
         acc.fullname = acc.username
     assert acc.fullname is not None
     assert acc.nt_username is not None
 …
         "samba3DirDrive": acc.dir_drive,
         "samba3MungedDial": acc.munged_dial,
         "samba3Homedir": acc.homedir,
         "samba3LogonScript": acc.logon_script,
+        "samba3Homedir": acc.homedir,
+        "samba3LogonScript": acc.logon_script,
         "samba3ProfilePath": acc.profile_path,
         "samba3Workstations": acc.workstations,
 …
 def import_sam_group(samldb, sid, gid, sid_name_use, nt_name, comment, domaindn):
     """Upgrade a SAM group.
     :param samldb: SAM database.
     :param gid: Group GID
 …
     if nt_name in ("Domain Guests", "Domain Users", "Domain Admins"):
         return None
     if gid == -1:
         gr = grp.getgrnam(nt_name)
 …
     assert unixname is not None
     samldb.add({
         "dn": "cn=%s,%s" % (nt_name, domaindn),
         "objectClass": ["top", "group"],
         "description": comment,
         "cn": nt_name,
+        "cn": nt_name,
         "objectSid": sid,
         "unixName": unixname,
 …
 def import_wins(samba4_winsdb, samba3_winsdb):
     """Import settings from a Samba3 WINS database.
     :param samba4_winsdb: WINS database to import to
     :param samba3_winsdb: WINS database to import from
 …
                        "maxVersion": str(version_id)})
-def upgrade_provision(samba3, setup_dir, message, credentials, session_info, smbconf, targetdir):
-    oldconf = samba3.get_conf()
-    if oldconf.get("domain logons") == "True":
-        serverrole = "domain controller"
-    else:
-        if oldconf.get("security") == "user":
-            serverrole = "standalone"
-        else:
-            serverrole = "member server"
-    domainname = oldconf.get("workgroup")
-    if domainname:
-        domainname = str(domainname)
-    realm = oldconf.get("realm")
-    netbiosname = oldconf.get("netbios name")
-    secrets_db = samba3.get_secrets_db()
-    if domainname is None:
-        domainname = secrets_db.domains()[0]
-        message("No domain specified in smb.conf file, assuming '%s'" % domainname)
-    if realm is None:
-        realm = domainname.lower()
-        message("No realm specified in smb.conf file, assuming '%s'\n" % realm)
-    domainguid = secrets_db.get_domain_guid(domainname)
-    domainsid = secrets_db.get_sid(domainname)
-    if domainsid is None:
-        message("Can't find domain secrets for '%s'; using random SID\n" % domainname)
-    if netbiosname is not None:
-        machinepass = secrets_db.get_machine_password(netbiosname)
-    else:
-        machinepass = None
-    result = provision(setup_dir=setup_dir, message=message,
-                       samdb_fill=FILL_DRS, smbconf=smbconf, session_info=session_info,
-                       credentials=credentials, realm=realm,
-                       domain=domainname, domainsid=domainsid, domainguid=domainguid,
-                       machinepass=machinepass, serverrole=serverrole, targetdir=targetdir)
-    import_wins(Ldb(result.paths.winsdb), samba3.get_wins_db())
-    # FIXME: import_registry(registry.Registry(), samba3.get_registry())
-    # FIXME: import_idmap(samdb,samba3.get_idmap_db(),domaindn)
-    groupdb = samba3.get_groupmapping_db()
-    for sid in groupdb.groupsids():
-        (gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid)
-        # FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn)
-    # FIXME: Aliases
-    passdb = samba3.get_sam_db()
-    for name in passdb:
-        user = passdb[name]
-        #FIXME: import_sam_account(result.samdb, user, domaindn, domainsid)
-    if hasattr(passdb, 'ldap_url'):
-        message("Enabling Samba3 LDAP mappings for SAM database")
-        enable_samba3sam(result.samdb, passdb.ldap_url)
 def enable_samba3sam(samdb, ldapurl):
     """Enable Samba 3 LDAP URL database.
 …
 smbconf_keep = [
     "dos charset",
+    "dos charset",
     "unix charset",
     "display charset",
 …
     :param oldconf: Old configuration structure
     :param mark: Whether removed configuration variables should be
+    :param mark: Whether removed configuration variables should be
         kept in the new configuration as "samba3:<name>"
     """
 …
+def upgrade_provision(samba3, logger, credentials, session_info,
+                      smbconf, targetdir):
+    oldconf = samba3.get_conf()
+    if oldconf.get("domain logons") == "True":
+        serverrole = "domain controller"
+    else:
+        if oldconf.get("security") == "user":
+            serverrole = "standalone"
+        else:
+            serverrole = "member server"
+    domainname = oldconf.get("workgroup")
+    realm = oldconf.get("realm")
+    netbiosname = oldconf.get("netbios name")
+    secrets_db = samba3.get_secrets_db()
+    if domainname is None:
+        domainname = secrets_db.domains()[0]
+        logger.warning("No domain specified in smb.conf file, assuming '%s'",
+                domainname)
+    if realm is None:
+        if oldconf.get("domain logons") == "True":
+            logger.warning("No realm specified in smb.conf file and being a DC. That upgrade path doesn't work! Please add a 'realm' directive to your old smb.conf to let us know which one you want to use (generally it's the upcased DNS domainname).")
+            return
+        else:
+            realm = domainname.upper()
+            logger.warning("No realm specified in smb.conf file, assuming '%s'",
+                    realm)
+    domainguid = secrets_db.get_domain_guid(domainname)
+    domainsid = secrets_db.get_sid(domainname)
+    if domainsid is None:
+        logger.warning("Can't find domain secrets for '%s'; using random SID",
+            domainname)
+    if netbiosname is not None:
+        machinepass = secrets_db.get_machine_password(netbiosname)
+    else:
+        machinepass = None
+    result = provision(logger=logger,
+                       session_info=session_info, credentials=credentials,
+                       targetdir=targetdir, realm=realm, domain=domainname,
+                       domainguid=domainguid, domainsid=domainsid,
+                       hostname=netbiosname, machinepass=machinepass,
+                       serverrole=serverrole)
+    import_wins(Ldb(result.paths.winsdb), samba3.get_wins_db())
+    # FIXME: import_registry(registry.Registry(), samba3.get_registry())
+    # FIXME: import_idmap(samdb,samba3.get_idmap_db(),domaindn)
+    groupdb = samba3.get_groupmapping_db()
+    for sid in groupdb.groupsids():
+        (gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid)
+        # FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn)
+    # FIXME: Aliases
+    passdb = samba3.get_sam_db()
+    for name in passdb:
+        user = passdb[name]
+        #FIXME: import_sam_account(result.samdb, user, domaindn, domainsid)
+    if hasattr(passdb, 'ldap_url'):
+        logger.info("Enabling Samba3 LDAP mappings for SAM database")
+        enable_samba3sam(result.samdb, passdb.ldap_url)

vendor/current/source4/scripting/python/uuidmodule.c

-              r414
+              r740
 */
+#include <Python.h>
 #include "includes.h"
-#include <Python.h>
 #include "librpc/ndr/libndr.h"

Context Navigation

Legend:

Download in other formats: