[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-817-gc5dba4a

Matthias Dieter Wallnöfer mdw at samba.org
Wed Sep 30 08:02:42 MDT 2009


The branch, master has been updated
       via  c5dba4a82eb9f6cc199d20489c89a7765504919d (commit)
       via  9e7fb6a673f9251f00425f7217ebcdf86a1ed42d (commit)
       via  ad549072aa72ce27fd58246b92888d8299043398 (commit)
       via  2529def9fd28a0090a732443aea849cdad2315f5 (commit)
       via  a3f353722c946bc94b2ec6ba9c3c461a6bbea6ae (commit)
       via  0dadb566a95575f2525609441d65fffca2bf7916 (commit)
       via  cb50af5fe12a09a58c637f98fbf092988b70c579 (commit)
       via  b2e8519e321b2bfc304490adc1546e4ea0551844 (commit)
       via  955dab0ed7c3b69b0dd6736bd073b06eb2a79342 (commit)
       via  6637887373b9bee20a8fe8cc0b1e68f349cf49c3 (commit)
       via  d6f69ebcc2855b1ddf3d29fdf970f87910c44d21 (commit)
      from  1f2490e7d8b5a64caf75143041ce07bd2968839e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c5dba4a82eb9f6cc199d20489c89a7765504919d
Author: Andrew Kroeger <andrew at id10ts.net>
Date:   Fri Sep 25 15:10:40 2009 -0500

    s4:torture: data_blob_hex_string() output is now lowercase.
    
    Based on the change in commit fb84edabbe9f358031117de2cf78613c704ac600, these
    tests needs to expect lowercase output.

commit 9e7fb6a673f9251f00425f7217ebcdf86a1ed42d
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Sat Sep 26 18:37:56 2009 +0200

    s4:samba.tests.samdb - remove last relicts of the templates

commit ad549072aa72ce27fd58246b92888d8299043398
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Sep 22 14:10:52 2009 +0200

    s4:pyldb - Fixed the return value in "py_ldb_msg_diff"
    
    The case distinction shouldn't be needed also when "diff" is NULL.
    "PyLdbMessage_FromMessage" works with "NULL" arguments.

commit 2529def9fd28a0090a732443aea849cdad2315f5
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Sep 22 16:06:23 2009 +0200

    Revert "s4:wmic - Output enhancements"
    
    This reverts commit fb914640ad656b146f732ab33063575e2e47e37c.
    
    Jelmer requested the revert since he feels better when we reapply this change
    after his merge with the updated WMI branch.

commit a3f353722c946bc94b2ec6ba9c3c461a6bbea6ae
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Sep 23 14:32:03 2009 +0200

    Revert "python: create a script for reorgnizing an LDB file."
    
    This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298.
    
    abartlet claims that this patch could lead to data loss (look at technical
    mailing list)

commit 0dadb566a95575f2525609441d65fffca2bf7916
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Sep 22 14:09:37 2009 +0200

    s4:pwsettings - Improve error handling and introduce "choice" type
    
    - Improve the error handling according to Jelmer's suggestions
    - Print out the error messages on "stderr"
    - Add also here the "choice" type for arguments

commit cb50af5fe12a09a58c637f98fbf092988b70c579
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Sep 22 16:59:29 2009 +0200

    s4:provision - Lets the user choose between the supported forest/domain function levels
    
    Adds a parameter "--function-level" which allows to specify the domain and
    forest function level.

commit b2e8519e321b2bfc304490adc1546e4ea0551844
Author: Andrew Kroeger <andrew at id10ts.net>
Date:   Thu Sep 24 16:58:04 2009 -0500

    s4:provision: Show domains and forests are W2K8 DC capable.
    
    When adding a W2K8 DC to a domain running earlier DC versions, the "adprep"
    utility is used to perform schema updates and update other attributes as
    necessary.
    
    Adding these entries provides an indication that the adprep utility has been run
    with the /forestprep, /domainprep and /rodcprep arguments.  Although these
    entries indicate adprep has been run, nothing has been done to verify that the
    changes that the adprep utility would have made have actually been done.
    
    The values used for the revision atttributes are as seen on a W2K8 DC (not
    W2K8 R2, which will probably have higher values).

commit 955dab0ed7c3b69b0dd6736bd073b06eb2a79342
Author: Andrew Kroeger <andrew at id10ts.net>
Date:   Sun Sep 20 21:36:47 2009 -0500

    s4:provision: Update schema version number to W2K8.
    
    We are running the W2K8 schema version, not the W2K3 version.

commit 6637887373b9bee20a8fe8cc0b1e68f349cf49c3
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Sep 25 14:16:34 2009 +0200

    s4:dsdb/common/util - remove introduced "samdb_is_capable_dc" call
    
    I came up with a better solution which is invoked when we try to join a domain
    as a DC (in file "libnet_become_dc.c"). Consider a following commit for this
    patch.

commit d6f69ebcc2855b1ddf3d29fdf970f87910c44d21
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Mon Sep 21 21:46:14 2009 +0200

    s4:domainlevel - General rework
    
    - We support domain/forest function levels >= (Windows) 2003 Native -> adapt the
      domain/forest and DC function level restrictions.
    - Consider also the lowest function level of a DC. The domain and forest function
      levels can never be higher than it.
    - Improve the error handling by printing out messages to "stderr"
    - Introduce the "choice" type for choice arguments (saves us some error handling)

-----------------------------------------------------------------------

Summary of changes:
 lib/util/tests/data_blob.c                        |    2 +-
 source4/dsdb/common/util.c                        |   57 -------
 source4/lib/ldb/pyldb.c                           |    2 -
 source4/lib/wmi/tools/wmic.c                      |  163 ++++++++-------------
 source4/scripting/bin/reorgldb.py                 |   60 --------
 source4/scripting/python/samba/provision.py       |   33 +++--
 source4/scripting/python/samba/tests/samdb.py     |    6 +-
 source4/setup/domainlevel                         |   92 ++++++++----
 source4/setup/provision                           |   25 ++-
 source4/setup/provision.ldif                      |    5 +
 source4/setup/provision_configuration.ldif        |   10 ++
 source4/setup/provision_schema_basedn_modify.ldif |    2 +-
 source4/setup/pwsettings                          |   23 ++--
 source4/torture/ldb/ldb.c                         |    4 +-
 14 files changed, 192 insertions(+), 292 deletions(-)
 delete mode 100755 source4/scripting/bin/reorgldb.py


Changeset truncated at 500 lines:

diff --git a/lib/util/tests/data_blob.c b/lib/util/tests/data_blob.c
index 875e5fd..f0b02b8 100644
--- a/lib/util/tests/data_blob.c
+++ b/lib/util/tests/data_blob.c
@@ -78,7 +78,7 @@ static bool test_cmp(struct torture_context *tctx)
 static bool test_hex_string(struct torture_context *tctx)
 {
 	DATA_BLOB a = data_blob_string_const("\xC\xA\xF\xE");
-	torture_assert_str_equal(tctx, data_blob_hex_string(tctx, &a), "0C0A0F0E", "hex string");
+	torture_assert_str_equal(tctx, data_blob_hex_string(tctx, &a), "0c0a0f0e", "hex string");
 	return true;
 }
 
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 45f19e9..72cbf63 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1433,63 +1433,6 @@ struct ldb_dn *samdb_server_site_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx
 }
 
 /*
- * This works out if we are running on a supported forest/domain function
- * level. Basically this means that we don't support mixed/interim (NT 4 DC
- * support) levels.
- * If errmsg isn't NULL we write in an adequate error message for printing out
- * to the screen.
- */
-bool samdb_is_capable_dc(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
-	char **errmsg)
-{
-	int32_t level_forest, level_domain, level_domain_mixed;
-	bool ret = true;
-
-	level_forest = (int32_t) samdb_search_int64(ldb, mem_ctx, -1,
-		samdb_partitions_dn(ldb, mem_ctx), "msDS-Behavior-Version",
-		NULL);
-	level_domain = (int32_t) samdb_search_int64(ldb, mem_ctx, -1,
-		samdb_base_dn(ldb), "msDS-Behavior-Version", NULL);
-	level_domain_mixed = (int32_t) samdb_search_int64(ldb, mem_ctx, -1,
-		samdb_base_dn(ldb), "nTMixedDomain", NULL);
-
-	if (errmsg != NULL)
-		*errmsg = talloc_strdup(mem_ctx, "");
-
-	if (level_forest == -1 || level_domain == -1 || level_domain_mixed == -1) {
-		ret = false;
-		if (errmsg != NULL)
-			*errmsg = talloc_strdup_append(*errmsg,
-				"\nATTENTION: Invalid values for forest and/or domain function level!"
-			);
-	}
-
-	if (level_forest == DS_DOMAIN_FUNCTION_2003_MIXED) {
-		ret = false;
-		if (errmsg != NULL)
-			*errmsg = talloc_strdup_append(*errmsg,
-				"\nATTENTION: You run SAMBA 4 on the 2003 with mixed domains (NT4 DC support) forest level. This isn't supported!"
-			);
-	}
-	if ((level_domain == DS_DOMAIN_FUNCTION_2000 && level_domain_mixed != 0)
-		|| level_domain == DS_DOMAIN_FUNCTION_2003_MIXED) {
-		ret = false;
-		if (errmsg != NULL)
-			*errmsg = talloc_strdup_append(*errmsg,
-				"\nATTENTION: You run SAMBA 4 on a mixed/interim (NT4 DC support) domain level. This isn't supported!"
-			);
-	}
-
-	if ((!ret) && (errmsg != NULL)) {
-		*errmsg = talloc_strdup_append(*errmsg,
-			"\nPlease raise the domain and/or forest level to an adequate value. Use for this the 'domainlevel' tool, the MS AD MMC tools or manipulate the needed attributes directly."
-		);
-	}
-
-	return ret;
-}
-
-/*
   work out if we are the PDC for the domain of the current open ldb
 */
 bool samdb_is_pdc(struct ldb_context *ldb)
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index 1ba5109..0fe4da9 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -956,8 +956,6 @@ static PyObject *py_ldb_msg_diff(PyLdbObject *self, PyObject *args)
 	}
 
 	diff = ldb_msg_diff(PyLdb_AsLdbContext(self), PyLdbMessage_AsMessage(py_msg_old), PyLdbMessage_AsMessage(py_msg_new));
-	if (diff == NULL) 
-		return NULL;
 
 	py_ret = PyLdbMessage_FromMessage(diff);
 
diff --git a/source4/lib/wmi/tools/wmic.c b/source4/lib/wmi/tools/wmic.c
index d37e22d..bbfe5ed 100644
--- a/source4/lib/wmi/tools/wmic.c
+++ b/source4/lib/wmi/tools/wmic.c
@@ -35,91 +35,61 @@
 #include "lib/wmi/wmi.h"
 
 struct program_args {
-	char *hostname;
-	char *query;
-	char *ns;
+    char *hostname;
+    char *query;
+    char *ns;
 };
 
 static void parse_args(int argc, char *argv[], struct program_args *pmyargs)
 {
-	poptContext pc;
-	int opt, i;
-
-	int argc_new;
-	char **argv_new;
-
-	struct poptOption long_options[] = {
-		POPT_AUTOHELP
-		POPT_COMMON_SAMBA
-		POPT_COMMON_CONNECTION
-		POPT_COMMON_CREDENTIALS
-		POPT_COMMON_VERSION
-		{"namespace", 0, POPT_ARG_STRING, &pmyargs->ns, 0,
-		 "WMI namespace, default to root\\cimv2", 0},
-		POPT_TABLEEND
-	};
-
-	pc = poptGetContext("wmi", argc, (const char **) argv,
-		long_options, POPT_CONTEXT_KEEP_FIRST);
-
-	poptSetOtherOptionHelp(pc, "//host query\n\nExample: wmic -U [domain/]adminuser%password //host \"select * from Win32_ComputerSystem\"");
-
-	while ((opt = poptGetNextOpt(pc)) != -1) {
-		poptPrintUsage(pc, stdout, 0);
-		poptFreeContext(pc);
-		exit(1);
-	}
-
-	argv_new = discard_const_p(char *, poptGetArgs(pc));
-
-	argc_new = argc;
-	for (i = 0; i < argc; i++) {
-		if (argv_new[i] == NULL) {
-			argc_new = i;
-			break;
-		}
-	}
-
-	if (argc_new != 3 || argv_new[1][0] != '/'
-			|| argv_new[1][1] != '/') {
-		poptPrintUsage(pc, stdout, 0);
-		poptFreeContext(pc);
-		exit(1);
-	}
-
-	pmyargs->hostname = argv_new[1] + 2;
-	pmyargs->query = argv_new[2];
+    poptContext pc;
+    int opt, i;
+
+    int argc_new;
+    char **argv_new;
+
+    struct poptOption long_options[] = {
+	POPT_AUTOHELP
+	POPT_COMMON_SAMBA
+	POPT_COMMON_CONNECTION
+	POPT_COMMON_CREDENTIALS
+	POPT_COMMON_VERSION
+	{"namespace", 0, POPT_ARG_STRING, &pmyargs->ns, 0,
+	 "WMI namespace, default to root\\cimv2", 0},
+	POPT_TABLEEND
+    };
+
+    pc = poptGetContext("wmi", argc, (const char **) argv,
+	        long_options, POPT_CONTEXT_KEEP_FIRST);
+
+    poptSetOtherOptionHelp(pc, "//host query\n\nExample: wmic -U [domain/]adminuser%password //host \"select * from Win32_ComputerSystem\"");
+
+    while ((opt = poptGetNextOpt(pc)) != -1) {
+	poptPrintUsage(pc, stdout, 0);
 	poptFreeContext(pc);
-}
+	exit(1);
+    }
 
-static void escape_string(const char *src, char *dst, int len)
-{
-	char *p = dst, *end = dst + len - 1;
-	const char *q = src;
+    argv_new = discard_const_p(char *, poptGetArgs(pc));
 
-	if ( q == NULL) {
-		strncpy( dst, "(null)", len);
-		return;
+    argc_new = argc;
+    for (i = 0; i < argc; i++) {
+	if (argv_new[i] == NULL) {
+	    argc_new = i;
+	    break;
 	}
+    }
 
-	while ( *q && p <= end ) {
-		if ( strchr( "|\\(),", *q)) {
-			*p++ = '\\';
-			*p++ = *q++;
-		} else if ( *q == '\n' ) {
-			*p++ = '\\';
-			*p++ = 'n';
-			q++;
-		} else if ( *q == '\r' ) {
-			*p++ = '\\';
-			*p++ = 'r';
-			q++;
-		} else {
-			*p++ = *q++;
-		}
-	}
+    if (argc_new != 3 || argv_new[1][0] != '/'
+	|| argv_new[1][1] != '/') {
+	poptPrintUsage(pc, stdout, 0);
+	poptFreeContext(pc);
+	exit(1);
+    }
 
-	*p++ = 0;
+    pmyargs->hostname = argv_new[1] + 2;
+    pmyargs->query = argv_new[2];
+    poptFreeContext(pc);
 }
 
 #define WERR_CHECK(msg) if (!W_ERROR_IS_OK(result)) { \
@@ -129,33 +99,20 @@ static void escape_string(const char *src, char *dst, int len)
 			    DEBUG(1, ("OK   : %s\n", msg)); \
 			}
 
-#define RETURN_CVAR_ARRAY_STR_START(arr) {\
-        uint32_t i;\
+#define RETURN_CVAR_ARRAY_STR(fmt, arr) {\
+	uint32_t i;\
 	char *r;\
 \
-        if (!arr) {\
-                return talloc_strdup(mem_ctx, "(null)");\
-        }\
+	if (!arr) {\
+	        return talloc_strdup(mem_ctx, "NULL");\
+	}\
 	r = talloc_strdup(mem_ctx, "(");\
-        for (i = 0; i < arr->count; ++i) {
-
-
-#define RETURN_CVAR_ARRAY_STR_END(fmt, arr, item) \
-		r = talloc_asprintf_append(r, fmt "%s", item, (i+1 == arr->count)?"":",");\
-        }\
-        return talloc_asprintf_append(r, ")");\
+	for (i = 0; i < arr->count; ++i) {\
+		r = talloc_asprintf_append(r, fmt "%s", arr->item[i], (i+1 == arr->count)?"":",");\
+	}\
+	return talloc_asprintf_append(r, ")");\
 }
 
-#define RETURN_CVAR_ARRAY_STR(fmt, arr) \
-	RETURN_CVAR_ARRAY_STR_START(arr) \
-	RETURN_CVAR_ARRAY_STR_END(fmt, arr, arr->item[i])
-
-#define RETURN_CVAR_ARRAY_ESCAPED(fmt, arr) \
-	RETURN_CVAR_ARRAY_STR_START(arr) \
-	char buf[2048]; \
-	escape_string( arr->item[i], buf, 2048); \
-	RETURN_CVAR_ARRAY_STR_END(fmt, arr, buf)
-
 char *string_CIMVAR(TALLOC_CTX *mem_ctx, union CIMVAR *v, enum CIMTYPE_ENUMERATION cimtype)
 {
 	switch (cimtype) {
@@ -172,11 +129,7 @@ char *string_CIMVAR(TALLOC_CTX *mem_ctx, union CIMVAR *v, enum CIMTYPE_ENUMERATI
 	case CIM_BOOLEAN: return talloc_asprintf(mem_ctx, "%s", v->v_boolean?"True":"False");
 	case CIM_STRING:
 	case CIM_DATETIME:
-	case CIM_REFERENCE: {
-		char buf[2048];
-		escape_string((char*) v-> v_string, buf, 2048);
-		return talloc_asprintf(mem_ctx, "%s", buf);
-	}
+	case CIM_REFERENCE: return talloc_asprintf(mem_ctx, "%s", v->v_string);
 	case CIM_CHAR16: return talloc_asprintf(mem_ctx, "Unsupported");
 	case CIM_OBJECT: return talloc_asprintf(mem_ctx, "Unsupported");
 	case CIM_ARR_SINT8: RETURN_CVAR_ARRAY_STR("%d", v->a_sint8);
@@ -190,9 +143,9 @@ char *string_CIMVAR(TALLOC_CTX *mem_ctx, union CIMVAR *v, enum CIMTYPE_ENUMERATI
 	case CIM_ARR_REAL32: RETURN_CVAR_ARRAY_STR("%f", v->a_real32);
 	case CIM_ARR_REAL64: RETURN_CVAR_ARRAY_STR("%f", v->a_real64);
 	case CIM_ARR_BOOLEAN: RETURN_CVAR_ARRAY_STR("%d", v->a_boolean);
-	case CIM_ARR_STRING: RETURN_CVAR_ARRAY_ESCAPED("%s", v->a_string);
-	case CIM_ARR_DATETIME: RETURN_CVAR_ARRAY_ESCAPED("%s", v->a_datetime);
-	case CIM_ARR_REFERENCE: RETURN_CVAR_ARRAY_ESCAPED("%s", v->a_reference);
+	case CIM_ARR_STRING: RETURN_CVAR_ARRAY_STR("%s", v->a_string);
+	case CIM_ARR_DATETIME: RETURN_CVAR_ARRAY_STR("%s", v->a_datetime);
+	case CIM_ARR_REFERENCE: RETURN_CVAR_ARRAY_STR("%s", v->a_reference);
 	default: return talloc_asprintf(mem_ctx, "Unsupported");
 	}
 }
diff --git a/source4/scripting/bin/reorgldb.py b/source4/scripting/bin/reorgldb.py
deleted file mode 100755
index 571363f..0000000
--- a/source4/scripting/bin/reorgldb.py
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (C) Matthieu Patou <mat at matws.net> 2009
-# This script realize an offline reorganisation of an LDB
-# file it helps to reduce (sometime drastically) the
-# size of LDB files.
-import sys
-import optparse
-import os
-sys.path.insert(0, "bin/python")
-
-import samba
-from samba.credentials import DONT_USE_KERBEROS
-from samba.auth import system_session
-from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted
-from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
-import ldb
-import samba.getopt as options
-from samba.samdb import SamDB
-from samba import param
-from samba.provision import ProvisionPaths, ProvisionNames,provision_paths_from_lp, Schema
-
-parser = optparse.OptionParser("provision [options]")
-sambaopts = options.SambaOptions(parser)
-parser.add_option_group(sambaopts)
-parser.add_option_group(options.VersionOptions(parser))
-credopts = options.CredentialsOptions(parser)
-parser.add_option_group(credopts)
-parser.add_option("--database", type="string", metavar="FILE",
-        help="LDB to reorganize")
-opts = parser.parse_args()[0]
-lp = sambaopts.get_loadparm()
-smbconf = lp.configfile
-
-if not opts.database:
-	print "Parameter database is mandatory"
-	sys.exit(1)
-creds = credopts.get_credentials(lp)
-creds.set_kerberos_state(DONT_USE_KERBEROS)
-session = system_session()
-empty = ldb.Message()
-newname="%s.new"%(opts.database)
-if os.path.exists(newname):
-	os.remove(newname)
-old_ldb = Ldb(opts.database, session_info=session, credentials=creds,lp=lp)
-new_ldb = Ldb(newname,session_info=session, credentials=creds,lp=lp)
-
-new_ldb.transaction_start()
-res = old_ldb.search(expression="(dn=*)",base="", scope=SCOPE_SUBTREE)
-for i in range(0,len(res)):
-	if str(res[i].dn) == "@BASEINFO":
-		continue
-	if str(res[i].dn).startswith("@INDEX:"):
-		continue
-	delta = new_ldb.msg_diff(empty,res[i])
-	delta.dn = res[i].dn
-	delta.remove("distinguishedName")
-	new_ldb.add(delta)
-
-new_ldb.transaction_commit()
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 64491c2..3fb6ed6 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -44,7 +44,7 @@ from credentials import Credentials, DONT_USE_KERBEROS
 from auth import system_session, admin_session
 from samba import version, Ldb, substitute_var, valid_netbios_name
 from samba import check_all_substituted
-from samba import DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008, DS_DC_FUNCTION_2008_R2
+from samba import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008
 from samba.samdb import SamDB
 from samba.idmap import IDmapDB
 from samba.dcerpc import security
@@ -926,22 +926,33 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
                 domainsid, domainguid, policyguid, policyguid_dc,
                 fill, adminpass, krbtgtpass, 
                 machinepass, invocationid, dnspass,
-                serverrole, schema=None, ldap_backend=None):
+                serverrole, dom_for_fun_level=None,
+                schema=None, ldap_backend=None):
     """Setup a complete SAM Database.
     
     :note: This will wipe the main SAM database file!
     """
 
-    # Do NOT change these default values without discussion with the team and reslease manager.  
-    domainFunctionality = DS_DOMAIN_FUNCTION_2008
-    forestFunctionality = DS_DOMAIN_FUNCTION_2008
+    # ATTENTION: Do NOT change these default values without discussion with the
+    # team and/or release manager. They have a big impact on the whole program!
     domainControllerFunctionality = DS_DC_FUNCTION_2008
 
+    if dom_for_fun_level is None:
+        dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
+    if dom_for_fun_level < DS_DOMAIN_FUNCTION_2003:
+        raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level lower than Windows 2003 (Native). This isn't supported!")
+
+    if dom_for_fun_level > domainControllerFunctionality:
+        raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008). This won't work!")
+
+    domainFunctionality = dom_for_fun_level
+    forestFunctionality = dom_for_fun_level
+
     # Also wipes the database
     setup_samdb_partitions(path, setup_path, message=message, lp=lp,
                            credentials=credentials, session_info=session_info,
-                           names=names, 
-                           ldap_backend=ldap_backend, serverrole=serverrole)
+                           names=names, ldap_backend=ldap_backend,
+                           serverrole=serverrole)
 
     if (schema == None):
         schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn,
@@ -1136,7 +1147,8 @@ def provision(setup_dir, message, session_info,
               policyguid=None, policyguid_dc=None, invocationid=None,
               machinepass=None, 
               dnspass=None, root=None, nobody=None, users=None, 
-              wheel=None, backup=None, aci=None, serverrole=None, 
+              wheel=None, backup=None, aci=None, serverrole=None,
+              dom_for_fun_level=None,
               ldap_backend_extra_port=None, ldap_backend_type=None,
               sitename=None,
               ol_mmr_urls=None, ol_olc=None, 
@@ -1155,7 +1167,6 @@ def provision(setup_dir, message, session_info,
     else:
       domainsid = security.dom_sid(domainsid)
 
-
     # create/adapt the group policy GUIDs
     if policyguid is None:
         policyguid = str(uuid.uuid4())
@@ -1289,7 +1300,9 @@ def provision(setup_dir, message, session_info,
                         adminpass=adminpass, krbtgtpass=krbtgtpass,
                         invocationid=invocationid, 
                         machinepass=machinepass, dnspass=dnspass,
-                        serverrole=serverrole, ldap_backend=provision_backend)
+                        serverrole=serverrole,
+                        dom_for_fun_level=dom_for_fun_level,
+                        ldap_backend=provision_backend)
 
     if serverrole == "domain controller":
         if paths.netlogon is None:
diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py
index 8c7bb0a..d56f75b 100644
--- a/source4/scripting/python/samba/tests/samdb.py
+++ b/source4/scripting/python/samba/tests/samdb.py
@@ -19,7 +19,7 @@
 from samba.auth import system_session
 from samba.credentials import Credentials
 import os
-from samba.provision import setup_samdb, guess_names, setup_templatesdb, make_smbconf, find_setup_dir
+from samba.provision import setup_samdb, guess_names, make_smbconf, find_setup_dir
 from samba.samdb import SamDB
 from samba.tests import TestCaseInTempDir
 from samba.dcerpc import security
@@ -71,8 +71,6 @@ class SamDBTestCase(TestCaseInTempDir):
                             serverrole=serverrole, 
                             domaindn=self.domaindn, configdn=configdn, 
                             schemadn=schemadn)
-        setup_templatesdb(os.path.join(self.tempdir, "templates.ldb"), 
-                          self.setup_path, session_info=session_info, lp=self.lp)
         self.samdb = setup_samdb(path, self.setup_path, session_info, creds, 
                                  self.lp, names, 
                                  lambda x: None, domainsid, 
@@ -82,7 +80,7 @@ class SamDBTestCase(TestCaseInTempDir):
                                  "secret", "domain controller")
 
     def tearDown(self):
-        for f in ['templates.ldb', 'schema.ldb', 'configuration.ldb', 
+        for f in ['schema.ldb', 'configuration.ldb',
                   'users.ldb', 'samdb.ldb', 'smb.conf']:
             os.remove(os.path.join(self.tempdir, f))
         super(SamDBTestCase, self).tearDown()
diff --git a/source4/setup/domainlevel b/source4/setup/domainlevel
index ceab735..c37d811 100755
--- a/source4/setup/domainlevel
+++ b/source4/setup/domainlevel
@@ -18,6 +18,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+# Notice: At the moment we have some more checks to do here on the special
+# attributes (consider attribute "msDS-Behavior-Version). This is due to the
+# fact that we on s4 LDB don't implement their change policy (only certain
+# values, only increments possible...) yet.
+
 import sys
 
 # Find right directory when running from source tree
@@ -32,6 +37,8 @@ from samba.samdb import SamDB


-- 
Samba Shared Repository


More information about the samba-cvs mailing list