[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Nov 26 22:06:09 MST 2009
The branch, master has been updated
via f6ecb4e... s4-torture: fixed expected error codes for s4 in SMB2-LOCK
via 0920e0b... s4-drstest: don't use getenv("LDB_URL") in test suites
via d78921d... s4-pvfs: fixed access check failure in SFILEINFO test
via d5387ed... s4-ldb: improve detection of whether the server has a GC port
via 7ea485a... s4-ldb: better to test for valid arguments in ldb library than commandline
via d3d7ca8... s4-smb2: SMB2 uses NT_STATUS_CANCELLED for cancelled locks
via 7c158bd... s4-smb2: sequence numbers are not checked in SMB2_OP_CANCEL
via 056473d... torture: fixed SMB2-LOCK valgrind error
via 04f235a... s4-smb2: check for invalid SMB2 lock ranges
via aa4c516... s4-smb2: check for an invalid lock flags combination
via 61a278f... s4-install: fixed install path for python scripts
via 8455a76... s4:upgradeprovision Rework update_machine_account_password() tranactions
via e6c1608... s4:dsdb Don't segfault with ldb_transaction_prepare_commit() without begin()
via 731f560... s4:upgradeprovision add 'exit $failed' to blackbox test
via d1faf7c... s4:upgradeprovision Use mkdtemp to create unique tempoary directory names
via 6f0f82f... s4:selftest Add tests for upgradeprovision
via b9f9588... s4:upgradeprovision Rework script, and reset machine account pw
via 2fd8314... s4:ldb Provide bindings for ldb_transaction_prepare_commit()
via 09338e6... s4:provision Make setting the domain SID in the self join optional
via 4a52ee3... Fix path to upgradeprovision
via 44bc8ac... s4: Improve updateprovision
via 81a21cb... s4: update What's new and explain how to upgrade a samba4 provision
via b25a42d... s4: Rename the script
from 1a8f838... s3-kerberos: Fix Bug #6929: build with recent heimdal.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f6ecb4efb063617771dfa519911ae8af069c0f9a
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Nov 27 14:54:22 2009 +1100
s4-torture: fixed expected error codes for s4 in SMB2-LOCK
I think the error/success codes returned by windows for these tests
are quite bogus. The ones s4 gives are much more reasonable. The
locking ones returning NT_STATUS_SUCCESS could lead to data loss, as
an application thinks it has a file locked correctly when it fact it
doesn't, so it could do an unsafe modify.
commit 0920e0b63b806c8ed4839271048dd4924ed02b2b
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Nov 27 14:42:05 2009 +1100
s4-drstest: don't use getenv("LDB_URL") in test suites
I was stumped for a while as to why the drs test suite was failing for
me. It turned out that it looked for LDB_URL in the environment, and
used it if set. I had it set in my terminal, and it was happily
munching on my sam.ldb while testing. Quite a cute bug really :-)
commit d78921d78ca0a9211f044092b9a7f29bcfdd5397
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Nov 27 14:22:29 2009 +1100
s4-pvfs: fixed access check failure in SFILEINFO test
matching windows behaviour is not always the right thing to do!
commit d5387edb88ce29ad1a6f864415c19486a20269af
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Nov 27 14:20:47 2009 +1100
s4-ldb: improve detection of whether the server has a GC port
We were trying to open $SERVER:3268 regardless, which could result in
creating a file called "localdc1:3268", which led to subsequent test
failures
commit 7ea485a1d20c1bf41926ebb4b0ae8f37a2d909f7
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Nov 27 14:18:39 2009 +1100
s4-ldb: better to test for valid arguments in ldb library than commandline
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
commit d3d7ca8eeab13c00705188102855525a21dd5345
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Nov 26 17:38:50 2009 +1100
s4-smb2: SMB2 uses NT_STATUS_CANCELLED for cancelled locks
commit 7c158bdb1d0e217e06f54d2e2cef12a5433d3578
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Nov 26 17:38:11 2009 +1100
s4-smb2: sequence numbers are not checked in SMB2_OP_CANCEL
commit 056473d58836ef3818e816f2d649ea35e7550264
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Nov 26 17:03:20 2009 +1100
torture: fixed SMB2-LOCK valgrind error
commit 04f235a9ebf45422c6ec2a971268c2c38dc081ad
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Nov 26 16:53:51 2009 +1100
s4-smb2: check for invalid SMB2 lock ranges
commit aa4c51602383d50b0801d854e752b575c70f7657
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Nov 26 16:35:03 2009 +1100
s4-smb2: check for an invalid lock flags combination
UNLOCK with FAIL_IMMEDIATELY is not allowed
commit 61a278fd8ab3feb26e6bc095d4f170fd97aa5c89
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Nov 26 13:06:01 2009 +1100
s4-install: fixed install path for python scripts
when we install python scripts we need to fix the internal path used
to find modules. We also need to install the scripts in the right
place. Most of them should go in $SBINDIR not share/setup/
commit 8455a765164abf43794e10390978b22156e5c50a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 27 08:10:54 2009 +1100
s4:upgradeprovision Rework update_machine_account_password() tranactions
This balances the transaction_begin() and transactin_prepare_commit() calls
Andrew Bartlett
commit e6c1608e909b9bbc1bdceeb24d57b9333c453a3d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 27 08:05:59 2009 +1100
s4:dsdb Don't segfault with ldb_transaction_prepare_commit() without begin()
It is up to other modules to complain if
ldb_transaction_prepare_commit() is called before
ldb_transaction_begin_transaction()
Andrew Bartlett
commit 731f560ecb0d2c075a04eb4431275f9127b061b7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 22:01:54 2009 +1100
s4:upgradeprovision add 'exit $failed' to blackbox test
commit d1faf7c90c8a23a2d09576ec45558ce457aa9d03
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 21:52:40 2009 +1100
s4:upgradeprovision Use mkdtemp to create unique tempoary directory names
commit 6f0f82f7ed9cd351b325d4ae275184b67c4b751b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 15:34:53 2009 +1100
s4:selftest Add tests for upgradeprovision
commit b9f95882f0fd9f453c6b90d1ca023111195d757b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 15:32:49 2009 +1100
s4:upgradeprovision Rework script, and reset machine account pw
The rework corrects some duplication and errors in the original
script, found when preparing an automated test of the script.
The code to reset the machine account password avoids issues with AES
keys and salting, which may not otherwise be solved by the upgrade.
Andrew Bartlett
commit 2fd831407d81a53f79fd4d207d086ee9882e7606
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 15:32:06 2009 +1100
s4:ldb Provide bindings for ldb_transaction_prepare_commit()
commit 09338e60bc0003abefd31902de721ecf8fee1552
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 14:57:39 2009 +1100
s4:provision Make setting the domain SID in the self join optional
commit 4a52ee3cd591051f05c086d61769ad16b9c8df58
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 12:15:22 2009 +1100
Fix path to upgradeprovision
commit 44bc8ac22c402e3d320e080f935636bf26e17500
Author: Matthieu Patou <mat at matws.net>
Date: Wed Nov 25 16:26:35 2009 +0300
s4: Improve updateprovision
* Define a simple upgrade process mode (module storage change, file name change, copy of new file)
* Move the schema, configuration and current object upgrade into full upgrade mode
* Added the --full switch to select the full upgrade mode, and made simple upgrade mode the default
* Make updateprovision works without any switch (update the provision in the default location)
* Cleanup the messages
* Create the reference provision in a subdirectory of the updated provision
commit 81a21cbc40821246f5e806fbb44826cef629bed2
Author: Matthieu Patou <mat at matws.net>
Date: Wed Nov 25 17:10:52 2009 +0300
s4: update What's new and explain how to upgrade a samba4 provision
commit b25a42d9073283f8e0bbd3b3e35862349b2f6243
Author: Matthieu Patou <mat at matws.net>
Date: Wed Nov 25 11:42:16 2009 +0300
s4: Rename the script
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW4.txt | 5 +-
source4/Makefile | 10 +-
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 4 +
source4/lib/ldb/common/ldb.c | 10 +
source4/lib/ldb/pyldb.c | 9 +
source4/lib/ldb/tests/python/ldap.py | 14 +-
source4/lib/ldb/tools/ldbrename.c | 9 -
source4/ntvfs/ntvfs_generic.c | 9 +
source4/ntvfs/posix/pvfs_lock.c | 6 +-
source4/ntvfs/posix/pvfs_open.c | 13 +-
source4/script/installmisc.sh | 35 +-
source4/scripting/bin/upgradeprovision | 747 ++++++++++++++++++++
source4/scripting/bin/upgradeschema.py | 694 ------------------
source4/scripting/python/samba/provision.py | 7 +-
source4/selftest/knownfail | 2 +
source4/selftest/tests.sh | 1 +
source4/setup/tests/blackbox_upgradeprovision.sh | 28 +
source4/smb_server/smb2/receive.c | 3 +-
source4/torture/drs/unit/prefixmap_tests.c | 25 +-
source4/torture/smb2/lock.c | 28 +-
upgrading-samba4.txt | 24 +
21 files changed, 928 insertions(+), 755 deletions(-)
create mode 100755 source4/scripting/bin/upgradeprovision
delete mode 100755 source4/scripting/bin/upgradeschema.py
create mode 100755 source4/setup/tests/blackbox_upgradeprovision.sh
create mode 100644 upgrading-samba4.txt
Changeset truncated at 500 lines:
diff --git a/WHATSNEW4.txt b/WHATSNEW4.txt
index 1cd66d5..e0ec6f1 100644
--- a/WHATSNEW4.txt
+++ b/WHATSNEW4.txt
@@ -65,7 +65,7 @@ directories.
CHANGES SINCE alpha8
=====================
-In the time since Samba4 alpha7 was released in Feburary 2009, Samba has
+In the time since Samba4 alpha8 was released in June 2009, Samba has
continued to evolve, but you may particularly notice these areas
(in no particular order):
@@ -117,6 +117,9 @@ KNOWN ISSUES
consult upgrading-samba4.txt. We have made a number of changes in
this release that should make it easier to upgrade in future.
+- ACL are not set by default on shares created by the provision.
+ Work is underway on this subject and it should be fixed in Alpha10.
+
RUNNING Samba4
==============
diff --git a/source4/Makefile b/source4/Makefile
index 03b4e73..8f23da5 100644
--- a/source4/Makefile
+++ b/source4/Makefile
@@ -114,14 +114,6 @@ libgpodir := libgpo
include data.mk
-INSTALL_SCRIPTS = $(addprefix scripting/bin/, \
- autoidl \
- samba3dump \
- rpcclient \
- smbstatus)
-
-$(foreach SCRIPT,$(INSTALL_SCRIPTS),$(eval $(call binary_install_template,$(SCRIPT))))
-
$(DESTDIR)$(bindir)/%: scripting/bin/% installdirs
@mkdir -p $(@D)
@echo Installing $(@F) as $@
@@ -253,7 +245,7 @@ installman:: manpages installdirs
@$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES)
installmisc:: installdirs
- @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir)
+ @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) $(DESTDIR)$(bindir) $(DESTDIR)$(sbindir) $(pythondir)
installpc:: installdirs
@$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES)
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 32f9cba..bd9af55 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -1212,6 +1212,10 @@ static int linked_attributes_prepare_commit(struct ldb_module *module)
talloc_get_type(ldb_module_get_private(module), struct la_private);
struct la_context *ac;
+ if (!la_private) {
+ /* prepare commit without begin_transaction - let someone else return the error, just don't segfault */
+ return ldb_next_prepare_commit(module);
+ }
/* walk the list backwards, to do the first entry first, as we
* added the entries with DLIST_ADD() which puts them at the
* start of the list */
diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c
index 3a8023a..94a5fb2 100644
--- a/source4/lib/ldb/common/ldb.c
+++ b/source4/lib/ldb/common/ldb.c
@@ -791,6 +791,16 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
ret = module->ops->del(module, req);
break;
case LDB_RENAME:
+ if (!ldb_dn_validate(req->op.rename.olddn)) {
+ ldb_asprintf_errstring(ldb, "ldb_rename: invalid olddn '%s'",
+ ldb_dn_get_linearized(req->op.rename.olddn));
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+ if (!ldb_dn_validate(req->op.rename.newdn)) {
+ ldb_asprintf_errstring(ldb, "ldb_rename: invalid newdn '%s'",
+ ldb_dn_get_linearized(req->op.rename.newdn));
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
FIRST_OP(ldb, rename);
ret = module->ops->rename(module, req);
break;
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index 0d1d2fa..0ba69e1 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -477,6 +477,12 @@ static PyObject *py_ldb_transaction_commit(PyLdbObject *self)
Py_RETURN_NONE;
}
+static PyObject *py_ldb_transaction_prepare_commit(PyLdbObject *self)
+{
+ PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_transaction_prepare_commit(PyLdb_AsLdbContext(self)), PyLdb_AsLdbContext(self));
+ Py_RETURN_NONE;
+}
+
static PyObject *py_ldb_transaction_cancel(PyLdbObject *self)
{
PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_transaction_cancel(PyLdb_AsLdbContext(self)), PyLdb_AsLdbContext(self));
@@ -1224,6 +1230,9 @@ static PyMethodDef py_ldb_methods[] = {
{ "transaction_start", (PyCFunction)py_ldb_transaction_start, METH_NOARGS,
"S.transaction_start() -> None\n"
"Start a new transaction." },
+ { "transaction_prepare_commit", (PyCFunction)py_ldb_transaction_prepare_commit, METH_NOARGS,
+ "S.transaction_prepare_commit() -> None\n"
+ "prepare to commit a new transaction (2-stage commit)." },
{ "transaction_commit", (PyCFunction)py_ldb_transaction_commit, METH_NOARGS,
"S.transaction_commit() -> None\n"
"commit a new transaction." },
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index a5a9d7c..408246b 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -1366,10 +1366,11 @@ member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
- res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
- self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
+ if gc_ldb is not None:
+ res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
+ self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
- self.assertEquals(res[0].dn, res3control[0].dn)
+ self.assertEquals(res[0].dn, res3control[0].dn)
ldb.delete(res[0].dn)
@@ -2038,8 +2039,11 @@ if not "://" in host:
host = "ldap://%s" % host
ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
-gc_ldb = Ldb("%s:3268" % host, credentials=creds,
- session_info=system_session(), lp=lp)
+if not "tdb://" in host:
+ gc_ldb = Ldb("%s:3268" % host, credentials=creds,
+ session_info=system_session(), lp=lp)
+else:
+ gc_ldb = None
runner = SubunitTestRunner()
rc = 0
diff --git a/source4/lib/ldb/tools/ldbrename.c b/source4/lib/ldb/tools/ldbrename.c
index fcae766..bfccacc 100644
--- a/source4/lib/ldb/tools/ldbrename.c
+++ b/source4/lib/ldb/tools/ldbrename.c
@@ -63,15 +63,6 @@ int main(int argc, const char **argv)
dn1 = ldb_dn_new(ldb, ldb, options->argv[0]);
dn2 = ldb_dn_new(ldb, ldb, options->argv[1]);
- if ( ! ldb_dn_validate(dn1)) {
- printf("Invalid DN1: %s\n", options->argv[0]);
- return -1;
- }
- if ( ! ldb_dn_validate(dn2)) {
- printf("Invalid DN2: %s\n", options->argv[1]);
- return -1;
- }
-
ret = ldb_rename(ldb, dn1, dn2);
if (ret == 0) {
printf("Renamed 1 record\n");
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index 1d81acf..d564db7 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -1106,6 +1106,9 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
/* only the first lock gives the UNLOCK bit - see
MS-SMB2 3.3.5.14 */
if (lck->smb2.in.locks[0].flags & SMB2_LOCK_FLAG_UNLOCK) {
+ if (lck->smb2.in.locks[0].flags & SMB2_LOCK_FLAG_FAIL_IMMEDIATELY) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
lck2->generic.in.ulock_cnt = lck->smb2.in.lock_count;
isunlock = true;
} else {
@@ -1113,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
isunlock = false;
}
for (i=0;i<lck->smb2.in.lock_count;i++) {
+ if (lck->smb2.in.locks[i].length > 1 &&
+ lck->smb2.in.locks[i].offset +
+ lck->smb2.in.locks[i].length <
+ lck->smb2.in.locks[i].offset) {
+ return NT_STATUS_INVALID_LOCK_RANGE;
+ }
if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source4/ntvfs/posix/pvfs_lock.c b/source4/ntvfs/posix/pvfs_lock.c
index 711c924..11757de 100644
--- a/source4/ntvfs/posix/pvfs_lock.c
+++ b/source4/ntvfs/posix/pvfs_lock.c
@@ -116,7 +116,11 @@ static void pvfs_pending_lock_continue(void *private_data, enum pvfs_wait_notice
/* we don't retry on a cancel */
if (reason == PVFS_WAIT_CANCEL) {
- status = NT_STATUS_FILE_LOCK_CONFLICT;
+ if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+ status = NT_STATUS_FILE_LOCK_CONFLICT;
+ } else {
+ status = NT_STATUS_CANCELLED;
+ }
} else {
/*
* here it's important to pass the pending pointer
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index b100c85..621db3c 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1941,15 +1941,12 @@ NTSTATUS pvfs_can_update_file_size(struct pvfs_state *pvfs,
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE;
/*
- * I would have thought that we would need to pass
- * SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA here too
- *
- * But you only need SEC_FILE_WRITE_ATTRIBUTE permissions
- * to set the filesize.
- *
- * --metze
+ * this code previous set only SEC_FILE_WRITE_ATTRIBUTE, with
+ * a comment that this seemed to be wrong, but matched windows
+ * behaviour. It now appears that this windows behaviour is
+ * just a bug.
*/
- access_mask = SEC_FILE_WRITE_ATTRIBUTE;
+ access_mask = SEC_FILE_WRITE_ATTRIBUTE | SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA;
delete_on_close = false;
break_to_none = true;
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh
index d0376b3..7851d1f 100755
--- a/source4/script/installmisc.sh
+++ b/source4/script/installmisc.sh
@@ -1,22 +1,53 @@
#!/bin/sh
# install miscellaneous files
+[ $# -eq 5 ] || {
+ echo "Usage: installmisc.sh SRCDIR SETUPDIR BINDDIR SBINDDIR PYTHONDIR"
+ exit 1
+}
+
SRCDIR="$1"
SETUPDIR="$2"
+BINDIR="$3"
+SBINDIR="$4"
+PYTHONDIR="$5"
cd $SRCDIR || exit 1
+# fixup a python script to use the right path
+fix_python_path() {
+ f="$1"
+ egrep 'sys.path.insert.*bin/python' $f > /dev/null && {
+ sed -i "s|\(sys.path.insert.*\)bin/python\(.*\)$|\1$PYTHONDIR\2|g" $f || exit 1
+ }
+}
+
echo "Installing setup templates"
mkdir -p $SETUPDIR || exit 1
+mkdir -p $SBINDIR || exit 1
+mkdir -p $BINDIR || exit 1
mkdir -p $SETUPDIR/ad-schema || exit 1
mkdir -p $SETUPDIR/display-specifiers || exit1
cp setup/ad-schema/*.txt $SETUPDIR/ad-schema || exit 1
cp setup/display-specifiers/*.txt $SETUPDIR/display-specifiers || exit 1
+
+echo "Installing sbin scripts from setup/*"
for p in domainlevel enableaccount newuser provision setexpiry setpassword pwsettings
do
- chmod a+x setup/$p
- cp setup/$p $SETUPDIR || exit 1
+ cp setup/$p $SBINDIR || exit 1
+ chmod a+x $SBINDIR/$p
+ fix_python_path $SBINDIR/$p || exit 1
done
+
+echo "Installing sbin scripts from scripting/bin/*"
+for p in upgradeprovision
+do
+ cp scripting/bin/$p $SBINDIR || exit 1
+ chmod a+x $SBINDIR/$p
+ fix_python_path $SBINDIR/$p || exit 1
+done
+
+echo "Installing remaining files in $SETUPDIR"
cp setup/schema-map-* $SETUPDIR || exit 1
cp setup/DB_CONFIG $SETUPDIR || exit 1
cp setup/*.inf $SETUPDIR || exit 1
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
new file mode 100755
index 0000000..9298c02
--- /dev/null
+++ b/source4/scripting/bin/upgradeprovision
@@ -0,0 +1,747 @@
+#!/usr/bin/python
+#
+# Copyright (C) Matthieu Patou <mat at matws.net> 2009
+#
+# Based on provision a Samba4 server by
+# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2008
+# Copyright (C) Andrew Bartlett <abartlet at samba.org> 2008
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+import getopt
+import shutil
+import optparse
+import os
+import sys
+import random
+import string
+import re
+import base64
+import tempfile
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+from base64 import b64encode
+
+import samba
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session, admin_session
+from samba import Ldb
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+import ldb
+import samba.getopt as options
+from samba.samdb import SamDB
+from samba import param
+from samba.provision import ProvisionNames,provision_paths_from_lp,find_setup_dir,FILL_FULL,provision
+from samba.provisionexceptions import ProvisioningError
+from samba.schema import get_dnsyntax_attributes, get_linked_attributes, Schema
+from samba.dcerpc import misc, security
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc.misc import SEC_CHAN_BDC
+
+replace=2^ldb.FLAG_MOD_REPLACE
+add=2^ldb.FLAG_MOD_ADD
+delete=2^ldb.FLAG_MOD_DELETE
+
+#Errors are always logged
+ERROR = -1
+SIMPLE = 0x00
+CHANGE = 0x01
+CHANGESD = 0x02
+GUESS = 0x04
+PROVISION = 0x08
+CHANGEALL = 0xff
+
+# Attributes that not copied from the reference provision even if they do not exists in the destination object
+# This is most probably because they are populated automatcally when object is created
+hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1,"replPropertyMetaData": 1,"uSNChanged": 1,\
+ "uSNCreated": 1,"parentGUID": 1,"objectCategory": 1,"distinguishedName": 1,\
+ "showInAdvancedViewOnly": 1,"instanceType": 1, "cn": 1, "msDS-Behavior-Version":1, "nextRid":1,\
+ "nTMixedDomain": 1,"versionNumber":1, "lmPwdHistory":1, "pwdLastSet": 1, "ntPwdHistory":1, "unicodePwd":1,\
+ "dBCSPwd":1,"supplementalCredentials":1,"gPCUserExtensionNames":1, "gPCMachineExtensionNames":1,\
+ "maxPwdAge":1, "mail":1, "secret":1}
+
+# Usually for an object that already exists we do not overwrite attributes as they might have been changed for good
+# reasons. Anyway for a few of thems it's mandatory to replace them otherwise the provision will be broken somehow.
+hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,"systemOnly":replace, "searchFlags":replace,\
+ "mayContain":replace, "systemFlags":replace,
+ "oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":1,"possibleInferiors":replace+delete}
+backlinked = []
+
+def define_what_to_log(opts):
+ what = 0
+ if opts.debugchange:
+ what = what | CHANGE
+ if opts.debugchangesd:
+ what = what | CHANGESD
+ if opts.debugguess:
+ what = what | GUESS
+ if opts.debugprovision:
+ what = what | PROVISION
+ if opts.debugall:
+ what = what | CHANGEALL
+ return what
+
+
+parser = optparse.OptionParser("provision [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--setupdir", type="string", metavar="DIR",
+ help="directory with setup files")
+parser.add_option("--debugprovision", help="Debug provision", action="store_true")
+parser.add_option("--debugguess", help="Print information on what is different but won't be changed", action="store_true")
+parser.add_option("--debugchange", help="Print information on what is different but won't be changed", action="store_true")
+parser.add_option("--debugchangesd", help="Print information security descriptors differences", action="store_true")
+parser.add_option("--debugall", help="Print all available information (very verbose)", action="store_true")
+parser.add_option("--full", help="Perform full upgrade of the samdb (schema, configuration, new objects, ...", action="store_true")
+parser.add_option("--targetdir", type="string", metavar="DIR",
+ help="Set target directory")
+
+opts = parser.parse_args()[0]
+
+whatToLog = define_what_to_log(opts)
+
+def messageprovision(text):
+ """print a message if quiet is not set."""
+ if opts.debugprovision or opts.debugall:
+ print text
+
+def message(what,text):
+ """print a message if quiet is not set."""
+ if (whatToLog & what) or (what <= 0 ):
+ print text
+
+if len(sys.argv) == 1:
+ opts.interactive = True
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+setup_dir = opts.setupdir
+if setup_dir is None:
+ setup_dir = find_setup_dir()
+
+session = system_session()
+
+# Create an array of backlinked attributes
+def populate_backlink(newpaths,creds,session,schemadn):
+ newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
+ backlinked.extend(get_linked_attributes(ldb.Dn(newsam_ldb,str(schemadn)),newsam_ldb).values())
+
+# Get Paths for important objects (ldb, keytabs ...)
+def get_paths(targetdir=None,smbconf=None):
+ if targetdir is not None:
+ if (not os.path.exists(os.path.join(targetdir, "etc"))):
+ os.makedirs(os.path.join(targetdir, "etc"))
+ smbconf = os.path.join(targetdir, "etc", "smb.conf")
+ if smbconf is None:
+ smbconf = param.default_path()
+
+ if not os.path.exists(smbconf):
+ message(ERROR,"Unable to find smb.conf ..")
+ parser.print_usage()
+ sys.exit(1)
+
+ lp = param.LoadParm()
+ lp.load(smbconf)
+# Normaly we need the domain name for this function but for our needs it's pointless
+ paths = provision_paths_from_lp(lp,"foo")
+ return paths
+
+# This function guess(fetch) informations needed to make a fresh provision from the current provision
+# It includes: realm, workgroup, partitions, netbiosname, domain guid, ...
+def guess_names_from_current_provision(credentials,session_info,paths):
+ lp = param.LoadParm()
+ lp.load(paths.smbconf)
+ names = ProvisionNames()
+ # NT domain, kerberos realm, root dn, domain dn, domain dns name
+ names.domain = string.upper(lp.get("workgroup"))
+ names.realm = lp.get("realm")
+ basedn = "DC=" + names.realm.replace(".",",DC=")
+ names.dnsdomain = names.realm
+ names.realm = string.upper(names.realm)
+ # netbiosname
+ secrets_ldb = Ldb(paths.secrets, session_info=session_info, credentials=credentials,lp=lp, options=["modules:samba_secrets"])
+ # Get the netbiosname first (could be obtained from smb.conf in theory)
+ attrs = ["sAMAccountName"]
+ res = secrets_ldb.search(expression="(flatname=%s)"%names.domain,base="CN=Primary Domains", scope=SCOPE_SUBTREE, attrs=attrs)
+ names.netbiosname = str(res[0]["sAMAccountName"]).replace("$","")
+
+ names.smbconf = smbconf
+ #It's important here to let ldb load with the old module or it's quite certain that the LDB won't load ...
+ samdb = Ldb(paths.samdb, session_info=session_info,
+ credentials=credentials, lp=lp, options=["modules:samba_dsdb"])
+
+ # That's a bit simplistic but it's ok as long as we have only 3 partitions
+ attrs2 = ["defaultNamingContext", "schemaNamingContext","configurationNamingContext","rootDomainNamingContext"]
+ res2 = samdb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
+
+ names.configdn = res2[0]["configurationNamingContext"]
+ configdn = str(names.configdn)
+ names.schemadn = res2[0]["schemaNamingContext"]
--
Samba Shared Repository
More information about the samba-cvs
mailing list