svn commit: samba r13102 - in branches/SAMBA_4_0: source/scripting/libjs swat/install

tridge at samba.org tridge at samba.org
Tue Jan 24 01:52:56 GMT 2006 

Author: tridge
Date: 2006-01-24 01:52:56 +0000 (Tue, 24 Jan 2006)
New Revision: 13102

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13102

Log:

fixed the vampire code to correctly setup foreign sids and default
unix name mappings

Modified:
   branches/SAMBA_4_0/source/scripting/libjs/provision.js
   branches/SAMBA_4_0/swat/install/vampire.esp


Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===================================================================
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js	2006-01-24 01:52:42 UTC (rev 13101)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js	2006-01-24 01:52:56 UTC (rev 13102)
@@ -52,20 +52,20 @@
 /*
    add a foreign security principle
  */
-function add_foreign(str, sid, desc)
+function add_foreign(ldb, subobj, sid, desc)
 {
-	var add = "
-dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
+	var add = sprintf("
+dn: CN=%s,CN=ForeignSecurityPrincipals,%s
 objectClass: top
 objectClass: foreignSecurityPrincipal
-description: ${DESC}
+description: %s
 uSNCreated: 1
 uSNChanged: 1
-";
-	var sub = new Object();
-	sub.SID = sid;
-	sub.DESC = desc;
-	return str + substitute_var(add, sub);
+",
+			  sid, subobj.BASEDN, desc);
+	/* deliberately ignore errors from this, as the records may
+	   already exist */
+	ldb.add(add);
 }
 
 
@@ -78,6 +78,7 @@
 	var res = ldb.search(sprintf("objectSid=%s", sid), 
 			     NULL, ldb.SCOPE_DEFAULT, attrs);
 	if (res.length != 1) {
+		info.message("Failed to find record for objectSid %s\n", sid);
 		return false;
 	}
 	var mod = sprintf("
@@ -298,7 +299,22 @@
 	if (!ok) {
 		return false;
 	}
+	var attrs = new Array("objectSid");
+	var res = ldb.search("dnsDomain=" + subobj.REALM,
+			     NULL, ldb.SCOPE_DEFAULT, attrs);
+	if (res.length != 1) {
+		info.message("Failed to find dnsDomain %s\n", subobj.REALM);
+		return false;
+	}
+	var sid = res[0].objectSid;
 
+	/* add some foreign sids if they are not present already */
+	add_foreign(ldb, subobj, "S-1-5-7",  "Anonymous");
+	add_foreign(ldb, subobj, "S-1-1-0",  "World");
+	add_foreign(ldb, subobj, "S-1-5-2",  "Network");
+	add_foreign(ldb, subobj, "S-1-5-18", "System");
+	add_foreign(ldb, subobj, "S-1-5-11", "Authenticated Users");
+
 	/* some well known sids */
 	setup_name_mapping(info, ldb, "S-1-5-7",  subobj.NOBODY);
 	setup_name_mapping(info, ldb, "S-1-1-0",  subobj.NOGROUP);
@@ -307,14 +323,15 @@
 	setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
 	setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
 	setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
+	setup_name_mapping(info, ldb, "S-1-5-32-551", subobj.BACKUP);
 
 	/* and some well known domain rids */
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-500", subobj.ROOT);
+	setup_name_mapping(info, ldb, sid + "-518", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-519", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-512", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-513", subobj.USERS);
+	setup_name_mapping(info, ldb, sid + "-520", subobj.WHEEL);
 
 	return true;
 }
@@ -342,12 +359,6 @@
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
-	data = add_foreign(data, "S-1-5-7",  "Anonymous",           "${NOBODY}");
-	data = add_foreign(data, "S-1-1-0",  "World",               "${NOGROUP}");
-	data = add_foreign(data, "S-1-5-2",  "Network",             "${NOGROUP}");
-	data = add_foreign(data, "S-1-5-18", "System",              "${ROOT}");
-	data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
-
 	provision_next_usn = 1;
 
 	info.subobj = subobj;
@@ -381,6 +392,7 @@
 	setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
 	message("Setting up sam.ldb data\n");
 	setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
+
 	if (blank != false) {
 		return true;
 	}
@@ -458,6 +470,7 @@
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
 	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff");
+	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
 	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
@@ -656,6 +669,7 @@
 		message("Migration of remote domain to Samba failed: " + vampire_ctx.error_string);
 		return false;
 	}
+
 	return true;
 }
 

Modified: branches/SAMBA_4_0/swat/install/vampire.esp
===================================================================
--- branches/SAMBA_4_0/swat/install/vampire.esp	2006-01-24 01:52:42 UTC (rev 13101)
+++ branches/SAMBA_4_0/swat/install/vampire.esp	2006-01-24 01:52:56 UTC (rev 13102)
@@ -54,6 +54,8 @@
 		f.display();
 	} else if (!provision_validate(subobj, writefln)) {
 		f.display();
+	} else if (strupper(lp.get("server role")) == "PDC") {
+		writefln("You need to set 'server role' to 'member server' before starting the migration process");
 	} else {
 		var creds = credentials_init();
 		creds.set_username(form.ADMIN);
@@ -61,11 +63,16 @@
 		creds.set_domain(form.DOMAIN);
 		creds.set_realm(form.REALM);
 
+		var info = new Object();
+		info.message = writefln;
+
 		var paths = provision_default_paths(subobj);
+		var session_info = session.authinfo.session_info;
+		var credentials = session.authinfo.credentials;
 
 		/* Setup a basic database structure, but don't setup any users */
 		if (!provision(subobj, writefln, true, paths,
-			       session.authinfo.session_info, session.authinfo.credentials)) {
+			       session_info, credentials)) {
 			writefln("Provision failed!");
 
 		/* Join domain */
@@ -79,6 +86,8 @@
 		} else if (!provision_dns(subobj, writefln, paths,
 					  session.authinfo.session_info, session.authinfo.credentials)) {
 			writefln("DNS Provision failed!");
+		} else if (!setup_name_mappings(info, subobj, session_info, credentials)) {
+			writefln("Setup of name mappings failed!");			
 		} else {
 			var zonepath = paths.dns;
 			%>

More information about the samba-cvs mailing list