Lines 50-61
import univention.debug2 as ud
|
Link Here
|
---|
|
50 |
from ldap.controls import LDAPControl |
50 |
from ldap.controls import LDAPControl |
51 |
from ldap.controls import SimplePagedResultsControl |
51 |
from ldap.controls import SimplePagedResultsControl |
52 |
from ldap.filter import escape_filter_chars |
52 |
from ldap.filter import escape_filter_chars |
53 |
from samba.dcerpc import nbt |
|
|
54 |
from samba.param import LoadParm |
53 |
from samba.param import LoadParm |
55 |
from samba.net import Net |
54 |
from samba.net import Net |
56 |
from samba.credentials import Credentials, DONT_USE_KERBEROS |
55 |
from samba.credentials import Credentials, DONT_USE_KERBEROS |
57 |
from samba import drs_utils |
56 |
from samba import drs_utils |
58 |
from samba.dcerpc import drsuapi, lsa, security |
57 |
from samba.dcerpc import drsuapi, lsa, nbt |
|
|
58 |
import samba.dcerpc.security |
59 |
import samba.dcerpc.misc |
59 |
import samba.dcerpc.samr |
60 |
import samba.dcerpc.samr |
60 |
from tempfile import NamedTemporaryFile |
61 |
from tempfile import NamedTemporaryFile |
61 |
|
62 |
|
Lines 964-971
class ad(univention.connector.ucs):
|
Link Here
|
---|
|
964 |
repl_creds.set_username(self.ad_ldap_bind_username) |
965 |
repl_creds.set_username(self.ad_ldap_bind_username) |
965 |
repl_creds.set_password(self.lo_ad.bindpw) |
966 |
repl_creds.set_password(self.lo_ad.bindpw) |
966 |
|
967 |
|
967 |
binding_options = "seal,print" |
968 |
binding_options = "seal" |
968 |
self.drs, self.drsuapi_handle, bind_supported_extensions = drs_utils.drsuapi_connect(self.ad_ldap_host, lp, repl_creds) |
969 |
# self.drs, self.drsuapi_handle, bind_supported_extensions = drs_utils.drsuapi_connect(self.ad_ldap_host, lp, repl_creds) |
|
|
970 |
## Code from drs_utils.py adjusted to match repo_epoch of server |
971 |
binding_string = "ncacn_ip_tcp:%s[%s]" % (self.ad_ldap_host, binding_options) |
972 |
self.drs = drsuapi.drsuapi(binding_string, lp, repl_creds) |
973 |
|
974 |
bind_info = drsuapi.DsBindInfoCtr() |
975 |
bind_info.length = 28 |
976 |
bind_info.info = drsuapi.DsBindInfo28() |
977 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE |
978 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION |
979 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI |
980 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 |
981 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS |
982 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 |
983 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION |
984 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE |
985 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 |
986 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION |
987 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 |
988 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD |
989 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND |
990 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO |
991 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION |
992 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 |
993 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP |
994 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY |
995 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 |
996 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 |
997 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 |
998 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS |
999 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 |
1000 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 |
1001 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 |
1002 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 |
1003 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 |
1004 |
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT |
1005 |
(info, self.drsuapi_handle) = self.drs.DsBind(samba.dcerpc.misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info) |
1006 |
if info.info.repl_epoch != bind_info.info.repl_epoch: |
1007 |
ud.debug(ud.LDAP, ud.PROCESS, 'Adjusting to AD Replication Epoch: %s' % info.info.repl_epoch) |
1008 |
bind_info.info.repl_epoch = info.info.repl_epoch |
1009 |
(info, self.drsuapi_handle) = self.drs.DsBind(samba.dcerpc.misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info) |
969 |
|
1010 |
|
970 |
dcinfo = drsuapi.DsGetDCInfoRequest1() |
1011 |
dcinfo = drsuapi.DsGetDCInfoRequest1() |
971 |
dcinfo.level = 1 |
1012 |
dcinfo.level = 1 |
Lines 999-1010
class ad(univention.connector.ucs):
|
Link Here
|
---|
|
999 |
binding = "ncacn_np:%s[%s]" % (self.ad_ldap_host, binding_options) |
1040 |
binding = "ncacn_np:%s[%s]" % (self.ad_ldap_host, binding_options) |
1000 |
|
1041 |
|
1001 |
self.samr = samba.dcerpc.samr.samr(binding, lp, creds) |
1042 |
self.samr = samba.dcerpc.samr.samr(binding, lp, creds) |
1002 |
handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) |
1043 |
handle = self.samr.Connect2(None, samba.dcerpc.security.SEC_FLAG_MAXIMUM_ALLOWED) |
1003 |
|
1044 |
|
1004 |
sam_domain = lsa.String() |
1045 |
sam_domain = lsa.String() |
1005 |
sam_domain.string = self.ad_netbios_domainname |
1046 |
sam_domain.string = self.ad_netbios_domainname |
1006 |
sid = self.samr.LookupDomain(handle, sam_domain) |
1047 |
sid = self.samr.LookupDomain(handle, sam_domain) |
1007 |
self.dom_handle = self.samr.OpenDomain(handle, security.SEC_FLAG_MAXIMUM_ALLOWED, sid) |
1048 |
self.dom_handle = self.samr.OpenDomain(handle, samba.dcerpc.security.SEC_FLAG_MAXIMUM_ALLOWED, sid) |
1008 |
|
1049 |
|
1009 |
def get_kerberos_ticket(self): |
1050 |
def get_kerberos_ticket(self): |
1010 |
p1 = subprocess.Popen(['kdestroy',], close_fds=True) |
1051 |
p1 = subprocess.Popen(['kdestroy',], close_fds=True) |