ó E®Uc@s°dZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddlm Z m Z mZmZddlmZmZmZddlmZmZddlmZdefd „ƒYZd efd „ƒYZd efd „ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZ defd„ƒYZ!de!fd„ƒYZ"de!fd„ƒYZ#dS(sGFunctions for setting up a Samba configuration (LDB and LDAP backends).iÿÿÿÿ(t b64encodeN(t SCOPE_BASEtSCOPE_ONELEVELtLdbErrort timestring(tLdbtread_and_sub_filet setup_file(t CredentialstDONT_USE_KERBEROS(tSchematSlapdAlreadyRunningcBseZd„ZRS(cCs*||_tt|ƒjd|jƒdS(NsKAnother slapd Instance seems already running on this host, listening to %s.(t ldapi_uritsuperR t__init__(tselfturi((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR0s (t__name__t __module__R(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR .st BackendResultcBseZd„ZRS(cCst|jƒ‚dS(s5Rerport this result to a particular logger. N(tNotImplementedErrort report_logger(Rtlogger((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR9s(RRR(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR7stLDAPBackendResultcBseZd„Zd„ZRS(cCs||_||_dS(N(tslapd_command_escapedtldapdir(RRR((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRBs cCsF|jdk rB|jdƒ|j|jƒ|jd|jƒndS(Ns?Use later the following commandline to start slapd, then Samba:sGThis slapd-Commandline is also stored under: %s/ldap_backend_startup.sh(RtNonetinfoR(RR((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRFs(RRRR(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR@s tProvisionBackendcBsAeZddddd„Zd„Zd„Zd„Zd„ZRS(cCsC||_||_d|_||_||_||_||_dS(sProvision a backend for samba4N(tpathstlpRt credentialstnamesRttypetldap_backend_type(Rt backend_typeRRR R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRTs      cCst|jƒ‚dS(sInitialize the backend.N(Rtinit(R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR$bscCst|jƒ‚dS(sStart the backend.N(Rtstart(R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR%fscCst|jƒ‚dS(sShutdown the backend.N(Rtshutdown(R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR&jscCst|jƒ‚dS(s>Post setup. :return: A BackendResult or None N(Rt post_setup(R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR'nsN(RRRRR$R%R&R'(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRRs    t LDBBackendcBs,eZd„Zd„Zd„Zd„ZRS(cCs'd|_tj|jjdtƒdS(Ns.d(RRtshutiltrmtreeRtsamdbtTrue(R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR$xs cCsdS(N((R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR%~scCsdS(N((R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR&scCsdS(N((R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR'„s(RRR$R%R&R'(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR(vs   tExistingBackendcBs)eZdddddd„Zd„ZRS(c Cs;tt|ƒjd|d|d|d|d|d|ƒdS(NR#RRR Rtldap_backend_forced_uri(R R-R(RR#RRR RR ((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRŠs  cCs8t|jƒ}|jdddtddƒd|_dS(Ntbasettscopet expressions(objectClass=OpenLDAProotDSE)topenldap(RR tsearchRR"(Rtldapi_db((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR$’sN(RRRRR$(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR-ˆst LDAPBackendc BsbeZddddddddddded„ Zd„Zd„Zd„Zd„Zd„Z RS(c Cs*tt|ƒjd|d|d|d|d|ƒ||_||_||_tjj|j dƒ|_ | |_ | |_ d|_d|_tjj|j dƒ|_| |_| |_| dk rÐ| |_n.dtjtjj|j d ƒd d ƒ|_tjj|j ƒs&tj|j ƒndS( NR#RRR Rtldaps slapd.pids ldapi://%stldapitsafeR0(R R6Rt domainsidtschemathostnametostpathtjoint private_dirRt ldapadminpasst slapd_pathRt slapd_commandRt slapd_pidtldap_backend_extra_porttldap_dryrun_modetldap_uriturllibtquotetexiststmkdir(RR#RRR RR:R;R<RARBRER.RF((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRžs(              %cCs ddlm}y±t|jƒ}|jdddtddƒyt|jdƒ}Wn(tk r~}|t j kr±‚q±n3Xz|j ƒ}Wd|j ƒX|j jd |ƒt|jƒ‚Wntk rÔnX|jdkró|d ƒ‚ntjj|jƒs!|j jd |jƒntjj|jƒsLtj|jd ƒntjj|jd ƒ}ytj|ƒWntk rˆnX|jj|ƒtƒ|_ |j j!|j"ƒ|j j#t$ƒ|j j%dƒ|j j&|j'ƒ|j j(dƒ|j)ƒdS(Niÿÿÿÿ(tProvisioningErrorR/R0R1R2s(objectClass=OpenLDAProotDSE)trs?Check for slapd process with PID: %s and terminate it manually.seWarning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path="/usr/local/libexec/slapd"!s"Path (%s) to slapd does not exist!iÀsschema-tmp.ldbs samba-admintEXTERNAL(*tsamba.provisionRLRRGR4RtopenRDtIOErrorterrnotENOENTtreadtcloseRRR RRBRR=R>RJtwarningtisdirRtmakedirsR?tunlinktOSErrorR;twrite_to_tmp_ldbRRtguessRtset_kerberos_stateR t set_usernamet set_passwordRAtset_forced_sasl_mecht provision(RRLR5tfterrtpt schemadb_path((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR$ÀsJ       cCsdS(N((R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRaùscCs¼ddlm}ddj|jƒd|_tjj|jdƒ}t|dƒ}z|j d|jdƒWd|j ƒXtj |d ƒt j |jd td tƒ|_d }xÌ|jjƒdkrƒyRtjd ƒt|jd|jd|jƒ}|jdddtddƒdSWq¸tk r|d }|dkr€|jjdddj|jƒdƒ|dƒ‚q€q¸Xq¸W|jjdddj|jƒdƒ|dƒ‚dS(Niÿÿÿÿ(RLs's' 'sldap_backend_startup.shtws #!/bin/sh s $@ iít close_fdstshelliiRRR/R0R1R2s(objectClass=OpenLDAProotDSE)is+Could not connect to slapd started with: %ss?slapd never accepted a connection within 15 seconds of startingsCould not start slapd with: %ss2slapd died before we could make a connection to it(RORLR?RCRR=R>RRPtwriteRUtchmodt subprocesstPopentslapd_provision_commandR,tFalsetslapdtpollRttimetsleepRRGRRR4RRRterror(RRLtldap_backend_scriptRbtcountR5((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR%üs2  !   ((cCsy|jjƒdkrut|jddƒdk r@|jjƒn%ddl}tj|jj|j ƒ|jj ƒndS(Nt terminateiÿÿÿÿ( RoRpRtgetattrRvtsignalR=tkilltpidtSIGTERMt communicate(RRx((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR&#s  cCst|j|jƒS(N(RRR(R((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR'2s N( RRRRnRR$RaR%R&R'(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR6œs   9  ' tOpenLDAPBackendcBsPeZdddddddddddededd„Zd„Zd„ZRS(cCsqddlm}tt|ƒjd|d|d|d|d|d|d |d | d | d | d | d|d| ƒ ||_||_tjj |j dƒ|_ tjj |j dƒ|_ tjj |j dƒ|_ tjj |j dƒ|_tjj |j dƒ|_tjj |j dƒ|_tjj |j dƒ|_t|jd|jjd|dƒgƒ|_dS(Niÿÿÿÿ(t setup_pathR#RRR RR:R;R<RARBRER.RFs slapd.confs modules.confs memberof.confsmmr_serverids.confsmmr_syncrepl.confsslapd.ds olc_seed.ldiftschemadntfilessschema_samba4.ldif(ROR~R R}Rt ol_mmr_urlstnosyncR=R>R?Rt slapdconft modulesconft memberofconftolmmrserveridsconftolmmrsyncreplconftolcdirt olcseedldifR R:R RR;(RR#RRRR RR:R;R<RARBRERFRR‚R.R~((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR9s*       cCs)tjj|ƒs%tj|dƒndS(sPCreate a database directory. :param dbdir: Database directory. iÀN(R=R>RJRX(Rtdbdir((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyt setup_db_dirWsc+ Cs ddlm}m}tjtjj|jdƒt ƒd}|j rPd}n|j j ƒ}d}d}x`|j ƒD]R}||dk rx|d|}|t|dƒi|d 6||d 6ƒ7}qxqxWt|d ƒi|d 6ƒ}d dg} |j jjddd|jjdtd| ƒ} d} xVtdt| ƒƒD]?} | | dd} | dkrod} n| d| d7} qBWd}d}d}d}d}d}d}d}d}|jdk r|j}td|jjdƒƒ}x"|D]}|jjd|ƒqõWt|ƒdkr4|dƒ‚nd}d}d}xÑ|D]Æ}|d}|t|dƒit|ƒd 6|d!6ƒ7}|d"}|d}|t|d#ƒit|ƒd$6|jjd%6|d!6|d&6ƒ7}|d}|t|d#ƒit|ƒd$6|jjd%6|d!6|d&6ƒ7}|d}|t|d#ƒit|ƒd$6d'|jjd%6|d!6|d&6ƒ7}|d}|t|d#ƒit|ƒd$6d(|jjd%6|d!6|d&6ƒ7}|d}|t|d#ƒit|ƒd$6|jjd%6|d!6|d&6ƒ7}qMWnd}d}|jdk rMd}d}d}|t|d)ƒiƒ7}d*}x°|D]¨}|d}|t|d+ƒit|ƒd 6|d!6ƒ7}|d}|t|d,ƒit|ƒd$6|d!6|d&6ƒ7}|t|d-ƒit|ƒd$6|d!6ƒ7}qmWt |d.ƒ|j!i|d/6|jd06|d16ƒnt |d2ƒ|j"i|jj#d36|jd46|jjd56|jjd66|jjd76|d86|d96|d:6|d;6|d<6|d=6|d>6|d?6|d@6|dA6|dB6|dC6| dD6ttj$ƒƒdE6|dF6ƒ|j%tjj|jddGƒƒ|j%tjj|jddHƒƒ|j%tjj|jddIƒƒ|j%tjj|jddJƒƒ|j%tjj|jddKƒƒ|j%tjj|jddLƒƒ|jdk rýd}ndM}t|dNƒi|jdO6|d&6|dP6ƒ} dQ}!dR}"t&||!ƒdSƒ}#z|j j'dT|#j(ƒƒ}$Wd|#j)ƒX|$dk st*‚t&tjj|j|"ƒdUƒ}#z|#j+|$ƒWd|#j)ƒX|j,dk r"|jdkrþdV|j,}%q(dW|jj-|jj#|j,ƒ}%nd}%|j.dX|j/dYg|_0t1|j0ƒ|_2|j0j3|j4dZgƒ|j4}&|%dk r•|&d|%}&n|j2j5|&ƒtj|j/t ƒtj6|j/d[ƒ|j7rät8j9dƒn|j.d\d]d^d_|j"dX|j/g}'t:j;|'d`t dat<ƒ}(|(dkrf |jj=dbdcddj|'ƒdcƒ|deƒ‚ntjj>tjj|j/dfƒƒs™ |deƒ‚ntj?|j"ƒ|j.dgdhdidX|j/g})t:j@|)djt:jAdat<ƒ}*|*jBj+| ƒ|*jCƒdS(kNiÿÿÿÿ(RLR~tdbR0tdbnosyncs# Generated from Samba4 schema t s memberof.conft MEMBER_ATTRt MEMBEROF_ATTRs refint.conft LINK_ATTRStlinkIDtlDAPDisplayNameR2sG(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))R/R1tattrsit objectGUIDt entryUUIDsindex s eq t,sUsing LDAP-URL: is$At least 2 LDAP-URLs needed for MMR!s MirrorMode Ons# by dn=cn=replicator,cn=samba readsmmr_serverids.conftSERVERIDt LDAPSERVERi smmr_syncrepl.conftRIDtMMRDNt MMR_PASSWORDsdc=DomainDNSZones,sdc=ForestDNSZones,s olc_mmr.confiôsolc_serverid.confsolc_syncrepl.confsolc_syncrepl_seed.confs olc_seed.ldiftOLC_SERVER_ID_CONFtOLC_PWtOLC_SYNCREPL_CONFs slapd.conft DNSDOMAINtLDAPDIRtDOMAINDNtCONFIGDNtSCHEMADNtMEMBEROF_CONFIGt MIRRORMODEtREPLICATOR_ACLtMMR_SERVERIDS_CONFIGtMMR_SYNCREPL_SCHEMA_CONFIGtMMR_SYNCREPL_CONFIG_CONFIGtMMR_SYNCREPL_DOMAINDNS_CONFIGtMMR_SYNCREPL_FORESTDNS_CONFIGtMMR_SYNCREPL_USER_CONFIGtOLC_SYNCREPL_CONFIGtOLC_MMR_CONFIGt REFINT_CONFIGt INDEX_CONFIGt ADMIN_UIDtNOSYNCt forestdnst domaindnstusertconfigR;tsambat#s cn=samba.ldift LDAPADMINPASStMMRsschema-map-openldap-2.3sbackend-schema.schemaRMR3Rfsldap://0.0.0.0:%dsldap://%s.%s:%ds-Fs-hs-d0iøs-Ttests-nt0s-fRgRhsEconversion from slapd.conf to cn=config failed slapd started with: %ss's' 's.conversion from slapd.conf to cn=config failedscn=config.ldifs-Tadds-bscn=sambatstdin(DRORLR~R)R*R=R>R?RR,R‚R;tlinked_attributestkeysRRtldbR4R RRtrangetlenRRAtfiltertsplitRRtstrtconfigdntdomaindnRR‰Rƒt dnsdomaintgetuidR‹RPtconvert_to_openldapRTRUtAssertionErrorRiRER<RBRˆRmtlistRCtextendRGtappendRXRFtsystexitRktcallRnRsRJtremoveRltPIPER½R|(+RRLR~t nosync_configtlnkattrtrefint_attributestmemberof_configtattt refint_configR”trest index_configtit index_attrt mmr_on_configtmmr_replicator_acltmmr_serverids_configtmmr_syncrepl_schema_configtmmr_syncrepl_config_configtmmr_syncrepl_domaindns_configtmmr_syncrepl_forestdns_configtmmr_syncrepl_user_configtmmr_passturl_listturltserveridtridtolc_syncrepl_configtolc_mmr_configtolc_serverids_configtolc_syncrepl_seed_configtmmrtcn_sambatmappingtbackend_schemaRbtbackend_schema_datatserver_port_stringturist slapd_cmdtretcodet cn_samba_cmdRd((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRa_s€"                                            """"""      !       %$N(RRRRnRR‹Ra(((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyR}7s   t FDSBackendcBsJeZddddddddddeddd„ Zd„Zd„ZRS(cCs^ddlm}tt|ƒjd|d|d|d|d|d|d |d |d | d | d | dtd| ƒ | |_||_|jj j ƒ|_ d|_ t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_t jj|jdƒ|_|dƒ|_t jj|jdƒ|_tjdd|jd|jd|jjgd td!t ƒ|_!|j!d"krt"d#ƒ‚nt#|j$d$|jj%d%|d&ƒ|jgd'd(d)gƒ|_&dS(*Niÿÿÿÿ(R~R#RRR RR:R;R<RARBRER.RFsCN=Sambas fedorads.infsfedorads-partitions.ldifsfedorads-sasl.ldifsfedorads-dna.ldifsfedorads-pam.ldifsfedorads-refint.ldifsfedorads-linked-attributes.ldifsfedorads-index.ldifsfedorads-samba.ldifs ../../examples/LDAP/samba.schemas samba3.ldifsbin/oLschema2ldifs-Is-Os-bRgRhis!Unable to convert Samba 3 schema.RR€sschema_samba4.ldiftadditional_prefixmaps1000:1.3.6.1.4.1.7165.2.1s1001:1.3.6.1.4.1.7165.2.2('ROR~R RùRR.troott setup_ds_pathR t netbiosnametlowert ldap_instancetsambadnR=R>R?Rt fedoradsinftpartitions_ldift sasl_ldiftdna_ldiftpam_ldift refint_ldiftlinked_attrs_ldift index_ldift samba_ldift samba3_schemat samba3_ldifRkRÑRÇR,RnR÷t ExceptionR R:RR;(RR#RRR RR:R;R<RARBRERFRûRüR~((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRcsP              c Csddlm}m}|jdk r5d|j}nd}t|dƒ|ji |jd6|jd6|j j d6|j d 6|j j d 6|j d 6|j jd 6|jd 6|d6ƒt|dƒ|ji|j jd6|j jd6|jd6ƒt|dƒ|ji|jd6ƒt|dƒ|ji|j j d 6|jd6t|jƒd6ƒt|dƒ|jƒ|jjƒ}t|dƒdƒ}z|jƒ}Wd|jƒXd}d}d} x©|jƒD]›} || dk rË|t|dƒit| ƒd6| d6ƒ7}|t|dƒi| d6|| d6ƒ7}|t|d ƒi| d!6ƒ7}| d"7} qËqËWt|j d#ƒ}z|j!|ƒWd|jƒXt|j"d#ƒ}z|j!|ƒWd|jƒXd$g} |jj#j$d%d&d'|j jd(t%d)| ƒ} xdt&d*t'| ƒƒD]M} | | d$d*} | d+krHd,} n|t|d ƒi| d!6ƒ7}qWt|j(d#ƒ}z|j!|ƒWd|jƒXt|d-ƒ|j)i|jd6|jd.6ƒd/}d0}t||ƒdƒ}z|jj*d1|jƒƒ}Wd|jƒX|dk s*t+‚tt,j-j.|j |ƒd#ƒ}z|j!|ƒWd|jƒX|j/j0|j jƒt,j-j.|j d2|j ƒ}t1j2|t3ƒ|j4d3|d4|j5g|_6|j6j7d5ƒt,j-j.|j d2|j d6ƒg|_8|j9rt:j;d*ƒn|j<dkr<|d7ƒ‚nt,j-j=|j<ƒsj|j>j?d8|j<ƒnt@jA|j<d9d:|jgd;t3d<tBƒ}|d*kr²|d=ƒ‚nt@jAt,j-j.|j d2|j d>ƒd?|jd4|j)gd;t3d<tBƒ}|d*kr|d@ƒ‚ndS(ANiÿÿÿÿ(RLR~s ServerPort=%dR0s fedorads.inftROOTtHOSTNAMER R¡R¢t LDAP_INSTANCEt LDAPMANAGERDNtLDAPMANAGERPASSt SERVERPORTsfedorads-partitions.ldifR£R¤tSAMBADNsfedorads-sasl.ldifsfedorads-dna.ldift DOMAINSIDsfedorads-pam.ldifsfedorads-refint-delete.ldifRMisfedorads-refint-add.ldift ARG_NUMBERt LINK_ATTRsfedorads-linked-attributes.ldifRRsfedorads-index.ldiftATTRiRfR“R2sG(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))R/R1R”iR•t nsUniqueIdsfedorads-samba.ldifRºsschema-map-fedora-ds-1.0s 99_ad.ldifs fedora-dssslapd-s-Ds-is-d0s start-slapdsiFedora DS LDAP-Backend must be setup with path to setup-ds, e.g. --setup-ds-path="/usr/sbin/setup-ds.pl"!s"Path (%s) to slapd does not exist!s--silents--fileRgRhssetup-ds failedtldif2dbs-ssldif2db failed(CRORLR~RERRRRûR<R RÈRRÇRÿt ldapmanagerdnRARRÆRRRRRÅR:RR;R¾RPRTRUR¿RRRiRRÀR4RRÁRÂRR RÊRËR=R>R?Rt set_bind_dnR)R*R,RBRDRmRÎRCRFRÏRÐRüRJRRVRkRÑRn(RRLR~t serverportRÕRbRÙR×RÛtargnumtattrR”RÚRÜRñRòRót fedora_ds_dirR÷((s;/usr/lib/python2.7/dist-packages/samba/provision/backend.pyRašsÚ                         !      7 cCs·t|jd|jƒ}d|j}tjƒ}tj|gtjdƒ|ds0         "  $›ÿ+