From 8a20e6830014a6c233a5eae42d4bb0b94c450e68 Mon Sep 17 00:00:00 2001 From: Mikhail Grebenkin Date: Mon, 19 Nov 2018 20:36:07 +0300 Subject: [PATCH] =?UTF-8?q?=D0=B2=D1=8B=D0=B4=D0=B5=D0=BB=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=B2=20=D0=BE=D1=82=D0=B4=D0=B5=D0=BB=D1=8C=D0=BD=D1=8B=D0=B9?= =?UTF-8?q?=20=D1=84=D0=B0=D0=B9=D0=BB=20=D0=BA=D0=BB=D0=B0=D1=81=D1=81=20?= =?UTF-8?q?=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5?= =?UTF-8?q?=D0=BB=D1=8F,=20=D1=80=D0=B5=D0=B0=D0=BB=D0=B8=D0=B7=D0=BE?= =?UTF-8?q?=D0=B2=D0=B0=D0=BB=20=D0=BC=D0=B5=D1=82=D0=BE=D0=B4=D1=8B.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- UserAd_class.py | 149 ++++++++++++++++++++++++++++++++++++++++++++++++ importer.py | 91 +---------------------------- 2 files changed, 150 insertions(+), 90 deletions(-) create mode 100644 UserAd_class.py diff --git a/UserAd_class.py b/UserAd_class.py new file mode 100644 index 0000000..1310b56 --- /dev/null +++ b/UserAd_class.py @@ -0,0 +1,149 @@ +import ldb +from samba.samdb import SamDB +from samba.auth import system_session +# from samba.ndr import ndr_pack, ndr_unpack +# from samba.dcerpc import security +import samba.param +# import base64 +# import binascii + +base = "CN=Users,DC=techgrow,DC=local" # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan" +domainName = 'techgrow.local' + + +class UserAd: + def __init__(self, sam, base, domainName, usrName, usrPass=''): + self.sam = sam + self.base = base + self.domainName = domainName + self.usrName = usrName + self.usrPass = usrPass + self.exists = self.chek_if_exists() + if not self.exists: + self.add() + self.memberOf = self.check_memberof() + + def chek_if_exists(self): + expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName + if len(self.sam.search(base=base, expression=expression, attrs=['sAMAccountName'])) > 0: + return True + else: + return False + + def check_memberof(self): + expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName + res = self.sam.search(base=base, expression=expression, attrs=['memberOf']) + groups = [] + for k in res[0]['memberOf']: + groups.append(str(k).split(',')[0].split('=')[1]) + return groups + + def add(self): + ld = {'dn': 'CN=%s,%s' % (self.usrName, base), + "sAMAccountName": self.usrName, + "userPrincipalName": "%s@%s" % (self.usrName, self.domainName), + "objectClass": "user", + "displayName": self.usrName, + "description": self.usrName, + "homeDirectory": r"\\%s\users\%s" % ("dc01", self.usrName), + 'scriptPath': "loginScr.cmd", + } + self.sam.transaction_start() + try: + self.sam.add(ld) + self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False) + except Exception as exc: + self.sam.transaction_cancel() + return exc + else: + self.sam.transaction_commit() + self.chek_if_exists() + return False + + def set_passwd(self): + self.sam.transaction_start() + try: + self.sam.setpassword("&(objectClass=user)(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False) + except Exception as exc: + self.sam.transaction_cancel() + return exc + else: + self.sam.transaction_commit() + return False + + def add_in_group(self, grpName): + self.sam.transaction_start() + try: + self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True) + except Exception as exc: + self.sam.transaction_cancel() + return exc + else: + self.sam.transaction_commit() + self.memberOf = self.check_memberof() + return False + + def remove_from_group(self, grpName): + self.sam.transaction_start() + try: + self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True) + except Exception as exc: + self.sam.transaction_cancel() + return exc + else: + self.sam.transaction_commit() + return False + + def remove(self): + smb_filter = ("(&(sAMAccountName=%s)(sAMAccountType=805306368))" % + ldb.binary_encode(self.usrName)) + + try: + res = self.sam.search(base=self.sam.domain_dn(), + scope=ldb.SCOPE_SUBTREE, + expression=smb_filter, + attrs=["dn"]) + user_dn = res[0].dn + except IndexError: + return 'Unable to find user "%s"' % self.usrName + + try: + self.sam.delete(user_dn) + except Exception as e: + return 'Failed to remove user "%s", %s' % (self.usrName, e) + return False + + def disable(self): + self.sam.transaction_start() + try: + self.sam.disable_account("&(objectClass=user)(samAccountName=%s)" % ldb.binary_encode(self.usrName)) + except Exception as exc: + self.sam.transaction_cancel() + return exc + else: + return False + + def enable(self): + self.sam.transaction_start() + try: + self.sam.enable_account("&(objectClass=user)(samAccountName=%s)" % ldb.binary_encode(self.usrName)) + except Exception as exc: + self.sam.transaction_cancel() + return exc + else: + return False + + +def main(): + lp = samba.param.LoadParm() + lp.load(samba.param.default_path()) # или lp.load("/etc/samba/smb.conf") + sam = SamDB(lp=lp, session_info=system_session()) + test_usr = UserAd(sam, base, domainName, 'tst', "secret34daD") + print test_usr.memberOf + err = test_usr.set_passwd() + if err: + print err + + +if __name__ == '__main__': + main() diff --git a/importer.py b/importer.py index 26be34e..30c7126 100644 --- a/importer.py +++ b/importer.py @@ -10,101 +10,12 @@ from samba.auth import system_session import samba.param # import base64 # import binascii +from UserAd_class import UserAd base = "CN=Users,DC=techgrow,DC=local" # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan" domainName = 'techgrow.local' -class UserAd: - def __init__(self, sam, base, domainName, usrName, usrPass=''): - self.sam = sam - self.base = base - self.domainName = domainName - self.usrName = usrName - self.usrPass = usrPass - self.exists = self.chek_if_exists() - if not self.exists: - self.add() - self.memberOf = self.check_memberof() - - def chek_if_exists(self): - expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName - if len(self.sam.search(base=base, expression=expression, attrs=['sAMAccountName'])) > 0: - return True - else: - return False - - def check_memberof(self): - expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName - res = self.sam.search(base=base, expression=expression, attrs=['memberOf']) - groups = [] - for k in res[0]['memberOf']: - groups.append(str(k).split(',')[0].split('=')[1]) - return groups - - def add(self): - ld = {'dn': 'CN=%s,%s' % (self.usrName, base), - "sAMAccountName": self.usrName, - "userPrincipalName": "%s@%s" % (self.usrName, self.domainName), - "objectClass": "user", - "displayName": self.usrName, - "description": self.usrName, - "homeDirectory": r"\\%s\users\%s" % ("dc01", self.usrName), - 'scriptPath': "loginScr.cmd", - } - self.sam.transaction_start() - try: - self.sam.add(ld) - self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False) - except Exception as exc: - self.sam.transaction_cancel() - return exc - else: - self.sam.transaction_commit() - self.chek_if_exists() - return False - - def set_passwd(self): - self.sam.transaction_start() - try: - self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False) - except Exception as exc: - self.sam.transaction_cancel() - return exc - else: - self.sam.transaction_commit() - return False - - def add_in_group(self, grpName): - self.sam.transaction_start() - try: - self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True) - except Exception as exc: - self.sam.transaction_cancel() - return exc - else: - self.sam.transaction_commit() - self.memberOf = self.check_memberof() - return False - - def remove_from_group(self, grpName): - self.sam.transaction_start() - try: - self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True) - except Exception as exc: - self.sam.transaction_cancel() - return exc - else: - self.sam.transaction_commit() - return False - - def delete(self): - return False - - def disable(self): - return False - - def users_make_ad(sam, base): expression = "(&(objectCategory=person)(objectClass=user))" users = {}