[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Jan 20 11:12:47 MST 2010
The branch, master has been updated
via 3471d36... selftest-s4: set the posix:eadb at the global level
via c12d536... s4-python: add some helper for converting ldb_flag to text
via 8c6fc09... upgradeprovision: forbid running upgradeprovision when there is more than 1 DC
via 929dbf8... upgradeprovision: mark rIDAvailablePool never upgraded
via 4d6cda7... upgradeprovision: reformat + add groupType as possibly overwritten
via 4c28e7f... upgradeprovision: improve info messages
via bd9fbda... Revert "s4:upgradeprovision - fix up the script regarding linked attributes"
via 9704249... upgradeprovision: never use xattr it's pointless in this usecase
via 0cdc39e... Add a comment to tdb_wrap to explain why it should be used instead of directly using tdb
via a4b01dd... s4: utils recreate in python setntacl and getntacl
via 1a143b8... s4: allow python code to dump NTACL object as well
via c637c52... provision: use message and do not display warning if the user choosed delibarately posix:eadb
via d4514a6... provision: introduce use-xattr parameter for defining where to store attributes
via 711c760... s4-tests: register new unit tests
via 10995d9... s4-python: add unit test for ntacls manipulation in python
via 3789ba2... s4-python: add more unit tests for xattr manipulation in python
via f0954c7... s4: update setntacl and getntacl to select the adaquate backend (fs/tdb) for storing xattr
via c442b25... s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that do not depend on pvfs objects
via e78626d... s4: Set acls correctly on all sysvol and scripts shares
via 9b70979... s4: Make unixid optional
via 028c9b1... s4: regroup gpo modification in one function, set acl on files accordingly with ACL in LDAP
via 08c59c3... s4: Create unit tests for python "samba.xattr" module
via c80ecd9... s4: add python bindings for wrap_(s|g)etxattr
from 45465cb... s4:selftest: add the samr-passwords-lockout test to knownfail
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3471d3677a781e6a03e1a8010946aa82ad7aad83
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 15 14:08:26 2010 +0300
selftest-s4: set the posix:eadb at the global level
commit c12d5363d6789528c8b63c71d171d30ccecc7109
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 12 19:49:49 2010 +0300
s4-python: add some helper for converting ldb_flag to text
commit 8c6fc09f18757e49e90936266fa763e0267d2e57
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 15 14:09:06 2010 +0300
upgradeprovision: forbid running upgradeprovision when there is more than 1 DC
commit 929dbf8ef817cb1646a5f82b9a0f0eece4ab84ee
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 19 01:53:01 2010 +0300
upgradeprovision: mark rIDAvailablePool never upgraded
handle properly the fact that missing object might depend on some other in order to be correctly created
debug change also if we are in debugall mode
commit 4d6cda75e3f0536c71741051ae4c643d11ab95d8
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 12 15:43:39 2010 +0300
upgradeprovision: reformat + add groupType as possibly overwritten
commit 4c28e7ff0cbd9a1e8c981c9ee6f5c48a8c7a0002
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 12 19:53:38 2010 +0300
upgradeprovision: improve info messages
commit bd9fbdab4c6ebe703800baccc274206fc1bd4ada
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 12 20:13:33 2010 +0300
Revert "s4:upgradeprovision - fix up the script regarding linked attributes"
This reverts commit 2cedefabc93c8a1fcb49d65a3f78a344e814f826.
commit 9704249ccc6d3d5f0a0c1860ab869d0304118849
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 19 01:56:30 2010 +0300
upgradeprovision: never use xattr it's pointless in this usecase
commit 0cdc39e7302adf86010d23ef0f08f3cbdcf6b1b2
Author: Matthieu Patou <mat at matws.net>
Date: Tue Jan 12 02:23:13 2010 +0300
Add a comment to tdb_wrap to explain why it should be used instead of directly using tdb
commit a4b01dd59c386c84776367b46b0fa726918dbebc
Author: Matthieu Patou <mat at matws.net>
Date: Sat Oct 24 15:34:31 2009 +0400
s4: utils recreate in python setntacl and getntacl
setntacl is able to set NTACL attribute from command line
getntacl now use getopt for parsing command line option and is also able to
dump the acl in the SDDL format.
commit 1a143b8a590f5173ccacb7368f3cf36a8785da33
Author: Matthieu Patou <mat at matws.net>
Date: Mon Jan 11 02:19:22 2010 +0300
s4: allow python code to dump NTACL object as well
commit c637c528762e5972bc47cc18f158186c670b4f7d
Author: Matthieu Patou <mat at matws.net>
Date: Sun Jan 17 22:50:31 2010 +0300
provision: use message and do not display warning if the user choosed delibarately posix:eadb
commit d4514a6539052b6944582ef8e5e1930b5f42ffd7
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 8 17:00:54 2010 +0300
provision: introduce use-xattr parameter for defining where to store attributes
This option allow simple user (non root) to invoke provision without facing an error
while insuring that ACL on shared files will always be set
commit 711c7606a5a2c36ea252ffd6d3aafc06fa5b675c
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 8 13:13:02 2010 +0300
s4-tests: register new unit tests
make unit test emit a visible warning
commit 10995d92565a5df6ba09ec6d209923f84184e99a
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 8 13:12:11 2010 +0300
s4-python: add unit test for ntacls manipulation in python
commit 3789ba2654fe958b80ebafeb380a1a2258dc9e32
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 8 13:10:30 2010 +0300
s4-python: add more unit tests for xattr manipulation in python
commit f0954c73723618f905cc8082546e9b4cf3e39ddf
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 8 13:06:47 2010 +0300
s4: update setntacl and getntacl to select the adaquate backend (fs/tdb) for storing xattr
commit c442b2534fd66bca262e1f27b43e085c75ec7989
Author: Matthieu Patou <mat at matws.net>
Date: Fri Jan 8 12:57:59 2010 +0300
s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that do not depend on pvfs objects
Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without
having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
commit e78626dc2e829e2fce2d63d9e313f5630f125e94
Author: Matthieu Patou <mat at matws.net>
Date: Sun Nov 22 20:50:30 2009 +0300
s4: Set acls correctly on all sysvol and scripts shares
commit 9b70979bc9b39d8dd5bc7752951f855d2dd87294
Author: Matthieu Patou <mat at matws.net>
Date: Sun Nov 22 19:50:31 2009 +0300
s4: Make unixid optional
Make unixid optional, if value not supplied next id from id pool will be used.
Create a function to get next id in id pool.
commit 028c9b1c154ce9b5d7876df76b04aba1f976d1a2
Author: Matthieu Patou <mat at matws.net>
Date: Wed Nov 18 21:07:25 2009 +0300
s4: regroup gpo modification in one function, set acl on files accordingly with ACL in LDAP
commit 08c59c38a2b117b2f2481cc6a02186b7df6305f2
Author: Matthieu Patou <mat at matws.net>
Date: Mon Dec 7 19:13:00 2009 +0300
s4: Create unit tests for python "samba.xattr" module
commit c80ecd9964285f3c4a5128389c4e330ab25cca1c
Author: Matthieu Patou <mat at matws.net>
Date: Mon Nov 9 20:53:34 2009 +0300
s4: add python bindings for wrap_(s|g)etxattr
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/xattr.idl | 1 +
selftest/target/Samba4.pm | 4 +-
source4/lib/tdb_wrap.h | 7 +
source4/librpc/config.mk | 11 +
source4/librpc/ndr/py_xattr.c | 94 +++++++++
source4/ntvfs/posix/xattr_tdb.c | 76 +++++---
source4/scripting/bin/upgradeprovision | 226 +++++++++++++++------
source4/scripting/python/config.mk | 21 ++
source4/scripting/python/pyglue.c | 4 +-
source4/scripting/python/pyxattr_native.c | 130 ++++++++++++
source4/scripting/python/pyxattr_tdb.c | 132 ++++++++++++
source4/scripting/python/samba/idmap.py | 28 +++-
source4/scripting/python/samba/misc.py | 33 +++
source4/scripting/python/samba/netcmd/__init__.py | 2 +
source4/scripting/python/samba/netcmd/ntacl.py | 119 +++++++++++
source4/scripting/python/samba/ntacls.py | 158 ++++++++++++++
source4/scripting/python/samba/provision.py | 102 +++++++---
source4/scripting/python/samba/tests/ntacls.py | 119 +++++++++++
source4/scripting/python/samba/tests/xattr.py | 127 ++++++++++++
source4/selftest/tests.sh | 2 +
source4/setup/provision | 26 +++-
source4/setup/provision.smb.conf.dc | 1 +
source4/setup/provision.smb.conf.member | 1 +
source4/setup/provision.smb.conf.standalone | 1 +
source4/utils/config.mk | 26 ---
source4/utils/getntacl.c | 121 -----------
source4/utils/setntacl.c | 28 ---
27 files changed, 1298 insertions(+), 302 deletions(-)
create mode 100644 source4/librpc/ndr/py_xattr.c
create mode 100644 source4/scripting/python/pyxattr_native.c
create mode 100644 source4/scripting/python/pyxattr_tdb.c
create mode 100644 source4/scripting/python/samba/misc.py
create mode 100644 source4/scripting/python/samba/netcmd/ntacl.py
create mode 100644 source4/scripting/python/samba/ntacls.py
create mode 100644 source4/scripting/python/samba/tests/ntacls.py
create mode 100644 source4/scripting/python/samba/tests/xattr.py
delete mode 100644 source4/utils/getntacl.c
delete mode 100644 source4/utils/setntacl.c
Changeset truncated at 500 lines:
diff --git a/librpc/idl/xattr.idl b/librpc/idl/xattr.idl
index 1dd98a9..bc8c20c 100644
--- a/librpc/idl/xattr.idl
+++ b/librpc/idl/xattr.idl
@@ -14,6 +14,7 @@ import "security.idl";
uuid("12345778-1234-abcd-0001-00000002"),
version(0.0),
helper("../librpc/ndr/ndr_xattr.h"),
+ pyhelper("librpc/ndr/py_xattr.c"),
pointer_default(unique)
]
interface xattr
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index f178849..e6ed0ab 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -556,6 +556,7 @@ sub provision_raw_step1($$)
[global]
netbios name = $ctx->{netbiosname}
netbios aliases = $ctx->{netbiosalias}
+ posix:eadb = $ctx->{lockdir}/eadb.tdb
workgroup = $ctx->{domain}
realm = $ctx->{realm}
private dir = $ctx->{privatedir}
@@ -732,7 +733,6 @@ sub provision($$$$$$$)
path = $ctx->{tmpdir}
read only = no
posix:sharedelay = 10000
- posix:eadb = $ctx->{lockdir}/eadb.tdb
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 500000
@@ -740,7 +740,6 @@ sub provision($$$$$$$)
path = $ctx->{tmpdir}/test1
read only = no
posix:sharedelay = 10000
- posix:eadb = $ctx->{lockdir}/eadb.tdb
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 50000
@@ -748,7 +747,6 @@ sub provision($$$$$$$)
path = $ctx->{tmpdir}/test2
read only = no
posix:sharedelay = 10000
- posix:eadb = $ctx->{lockdir}/eadb.tdb
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 50000
diff --git a/source4/lib/tdb_wrap.h b/source4/lib/tdb_wrap.h
index eb0191f..20ab53f 100644
--- a/source4/lib/tdb_wrap.h
+++ b/source4/lib/tdb_wrap.h
@@ -19,6 +19,13 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+/* IMPORTANT: tdb_wrap should be always prefered over tdb_context for end consumer functions
+ it's because if the code will be running inside smbd, then we must use the linked list
+ of open tdb files, to determine if the tdb we desire is already open
+ as otherwise, when you close the tdb (even on a different file descriptor),
+ ALL LOCKS are lost (due to a real screwup in the POSIX specification that nobody has been able to get fixed)
+*/
+
#ifndef _TDB_WRAP_H_
#define _TDB_WRAP_H_
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index 5f8bc88..589cb5f 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -361,6 +361,11 @@ PUBLIC_DEPENDENCIES = \
NDR_TABLE_OBJ_FILES = ../librpc/ndr/ndr_table.o $(gen_ndrsrcdir)/tables.o
+[SUBSYSTEM::RPC_NDR_XATTR]
+PUBLIC_DEPENDENCIES = NDR_XATTR dcerpc
+
+RPC_NDR_XATTR_OBJ_FILES = ../librpc/gen_ndr/ndr_xattr_c.o
+
[SUBSYSTEM::RPC_NDR_ROT]
PUBLIC_DEPENDENCIES = NDR_ROT dcerpc
@@ -713,6 +718,12 @@ PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc NDR_SECURITY
python_dcerpc_security_OBJ_FILES = ../librpc/gen_ndr/py_security.o
+[PYTHON::python_dcerpc_xattr]
+LIBRARY_REALNAME = samba/dcerpc/xattr.$(SHLIBEXT)
+PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc python_dcerpc_security NDR_XATTR RPC_NDR_XATTR
+
+python_dcerpc_xattr_OBJ_FILES = ../librpc/gen_ndr/py_xattr.o
+
$(IDL_HEADER_FILES) $(IDL_NDR_PARSE_H_FILES) $(IDL_NDR_PARSE_C_FILES) \
$(IDL_NDR_CLIENT_C_FILES) $(IDL_NDR_CLIENT_H_FILES) \
$(IDL_NDR_SERVER_C_FILES) $(IDL_SWIG_FILES) \
diff --git a/source4/librpc/ndr/py_xattr.c b/source4/librpc/ndr/py_xattr.c
new file mode 100644
index 0000000..15f2b9c
--- /dev/null
+++ b/source4/librpc/ndr/py_xattr.c
@@ -0,0 +1,94 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Matthieu Patou <mat at matws.net> 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <Python.h>
+
+#ifndef Py_RETURN_NONE
+#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
+#endif
+static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
+{
+ PyObject *dict;
+ int i;
+ if (type->tp_dict == NULL)
+ type->tp_dict = PyDict_New();
+ dict = type->tp_dict;
+ for (i = 0; methods[i].ml_name; i++) {
+ PyObject *descr;
+ if (methods[i].ml_flags & METH_CLASS)
+ descr = PyCFunction_New(&methods[i], (PyObject *)type);
+ else
+ descr = PyDescr_NewMethod(type, &methods[i]);
+ PyDict_SetItemString(dict, methods[i].ml_name,
+ descr);
+ }
+}
+
+static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
+
+static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...)
+{
+ va_list ap;
+ char *s = NULL;
+ int i;
+
+ va_start(ap, format);
+ vasprintf(&s, format, ap);
+ va_end(ap);
+
+ for (i=0;i<ndr->depth;i++) {
+ printf(" ");
+ }
+
+ printf("%s\n", s);
+ free(s);
+}
+
+static PyObject *py_ntacl_print(PyObject *self, PyObject *args)
+{
+ struct xattr_NTACL *ntacl = py_talloc_get_ptr(self);
+ struct ndr_print *pr;
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_new(NULL);
+
+ pr = talloc_zero(mem_ctx, struct ndr_print);
+ if (!pr) return;
+ pr->print = ntacl_print_debug_helper;
+ ndr_print_xattr_NTACL(pr, "file", ntacl);
+
+ talloc_free(pr);
+
+ Py_RETURN_NONE;
+}
+
+static PyMethodDef py_ntacl_extra_methods[] = {
+ { "dump", (PyCFunction)py_ntacl_print, METH_NOARGS,
+ NULL },
+ { NULL }
+};
+
+static void py_xattr_NTACL_patch(PyTypeObject *type)
+{
+ PyType_AddMethods(type, py_ntacl_extra_methods);
+}
+
+#define PY_NTACL_PATCH py_xattr_NTACL_patch
+
+
diff --git a/source4/ntvfs/posix/xattr_tdb.c b/source4/ntvfs/posix/xattr_tdb.c
index aa13fee..69324a3 100644
--- a/source4/ntvfs/posix/xattr_tdb.c
+++ b/source4/ntvfs/posix/xattr_tdb.c
@@ -20,9 +20,9 @@
*/
#include "includes.h"
-#include "vfs_posix.h"
-#include "../tdb/include/tdb.h"
#include "tdb_wrap.h"
+#include "../tdb/include/tdb.h"
+#include "vfs_posix.h"
#define XATTR_LIST_ATTR ".xattr_list"
@@ -30,7 +30,7 @@
we need to maintain a list of attributes on each file, so that unlink
can automatically clean them up
*/
-static NTSTATUS xattr_tdb_add_list(struct pvfs_state *pvfs, const char *attr_name,
+static NTSTATUS xattr_tdb_add_list(struct tdb_wrap *ea_tdb, TALLOC_CTX *ctx, const char *attr_name,
const char *fname, int fd)
{
DATA_BLOB blob;
@@ -43,9 +43,9 @@ static NTSTATUS xattr_tdb_add_list(struct pvfs_state *pvfs, const char *attr_nam
return NT_STATUS_OK;
}
- mem_ctx = talloc_new(pvfs);
+ mem_ctx = talloc_new(ctx);
- status = pull_xattr_blob_tdb(pvfs, mem_ctx, XATTR_LIST_ATTR,
+ status = pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
fname, fd, 100, &blob);
if (!NT_STATUS_IS_OK(status)) {
blob = data_blob(NULL, 0);
@@ -68,16 +68,16 @@ static NTSTATUS xattr_tdb_add_list(struct pvfs_state *pvfs, const char *attr_nam
memcpy(blob.data + blob.length, attr_name, len);
blob.length += len;
- status = push_xattr_blob_tdb(pvfs, XATTR_LIST_ATTR, fname, fd, &blob);
+ status = push_xattr_blob_tdb_raw(ea_tdb,ctx, XATTR_LIST_ATTR, fname, fd, &blob);
talloc_free(mem_ctx);
return status;
}
/*
- form a key for using in the ea_db
+ form a key for using in the ea_tdb
*/
-static NTSTATUS get_ea_db_key(TALLOC_CTX *mem_ctx,
+static NTSTATUS get_ea_tdb_key(TALLOC_CTX *mem_ctx,
const char *attr_name,
const char *fname, int fd,
TDB_DATA *key)
@@ -108,26 +108,28 @@ static NTSTATUS get_ea_db_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+
/*
- pull a xattr as a blob, using the ea_db tdb
+ pull a xattr as a blob, using the ea_tdb_context tdb
*/
-NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs,
+NTSTATUS pull_xattr_blob_tdb_raw(struct tdb_wrap *ea_tdb,
TALLOC_CTX *mem_ctx,
- const char *attr_name,
- const char *fname,
- int fd,
+ const char *attr_name,
+ const char *fname,
+ int fd,
size_t estimated_size,
DATA_BLOB *blob)
{
TDB_DATA tkey, tdata;
NTSTATUS status;
- status = get_ea_db_key(mem_ctx, attr_name, fname, fd, &tkey);
+ status = get_ea_tdb_key(mem_ctx, attr_name, fname, fd, &tkey);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- tdata = tdb_fetch(pvfs->ea_db->tdb, tkey);
+ tdata = tdb_fetch(ea_tdb->tdb, tkey);
if (tdata.dptr == NULL) {
return NT_STATUS_NOT_FOUND;
}
@@ -141,19 +143,31 @@ NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs,
return NT_STATUS_OK;
}
+NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs,
+ TALLOC_CTX *mem_ctx,
+ const char *attr_name,
+ const char *fname,
+ int fd,
+ size_t estimated_size,
+ DATA_BLOB *blob)
+{
+ return pull_xattr_blob_tdb_raw(pvfs->ea_db,mem_ctx,attr_name,fname,fd,estimated_size,blob);
+}
+
/*
- push a xattr as a blob, using ea_db
+ push a xattr as a blob, using ea_tdb
*/
-NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs,
- const char *attr_name,
- const char *fname,
- int fd,
+NTSTATUS push_xattr_blob_tdb_raw(struct tdb_wrap *ea_tdb,
+ TALLOC_CTX *mem_ctx,
+ const char *attr_name,
+ const char *fname,
+ int fd,
const DATA_BLOB *blob)
{
TDB_DATA tkey, tdata;
NTSTATUS status;
- status = get_ea_db_key(pvfs, attr_name, fname, fd, &tkey);
+ status = get_ea_tdb_key(mem_ctx, attr_name, fname, fd, &tkey);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -161,25 +175,33 @@ NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs,
tdata.dptr = blob->data;
tdata.dsize = blob->length;
- if (tdb_chainlock(pvfs->ea_db->tdb, tkey) != 0) {
+ if (tdb_chainlock(ea_tdb->tdb, tkey) != 0) {
talloc_free(tkey.dptr);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- status = xattr_tdb_add_list(pvfs, attr_name, fname, fd);
+ status = xattr_tdb_add_list(ea_tdb,mem_ctx, attr_name, fname, fd);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- if (tdb_store(pvfs->ea_db->tdb, tkey, tdata, TDB_REPLACE) == -1) {
+ if (tdb_store(ea_tdb->tdb, tkey, tdata, TDB_REPLACE) == -1) {
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
}
done:
- tdb_chainunlock(pvfs->ea_db->tdb, tkey);
+ tdb_chainunlock(ea_tdb->tdb, tkey);
talloc_free(tkey.dptr);
return status;
}
+NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs,
+ const char *attr_name,
+ const char *fname,
+ int fd,
+ const DATA_BLOB *blob)
+{
+ return push_xattr_blob_tdb_raw(pvfs->ea_db,pvfs,attr_name,fname,fd,blob);
+}
/*
@@ -191,7 +213,7 @@ NTSTATUS delete_xattr_tdb(struct pvfs_state *pvfs, const char *attr_name,
TDB_DATA tkey;
NTSTATUS status;
- status = get_ea_db_key(NULL, attr_name, fname, fd, &tkey);
+ status = get_ea_tdb_key(NULL, attr_name, fname, fd, &tkey);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -217,7 +239,7 @@ NTSTATUS unlink_xattr_tdb(struct pvfs_state *pvfs, const char *fname)
const char *s;
NTSTATUS status;
- status = pull_xattr_blob_tdb(pvfs, mem_ctx, XATTR_LIST_ATTR,
+ status = pull_xattr_blob_tdb(pvfs, mem_ctx, XATTR_LIST_ATTR,
fname, -1, 100, &blob);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 23980cd..e2ee8d0 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -46,6 +46,7 @@ import samba.getopt as options
from samba.samdb import SamDB
from samba import param
from samba import glue
+from samba.misc import messageEltFlagToString
from samba.provision import ProvisionNames,provision_paths_from_lp,find_setup_dir,FILL_FULL,provision, get_domain_descriptor, get_config_descriptor, secretsdb_self_join
from samba.provisionexceptions import ProvisioningError
from samba.schema import get_dnsyntax_attributes, get_linked_attributes, Schema, get_schema_descriptor
@@ -53,6 +54,7 @@ from samba.dcerpc import misc, security
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc.misc import SEC_CHAN_BDC
+never=0
replace=2^ldb.FLAG_MOD_REPLACE
add=2^ldb.FLAG_MOD_ADD
delete=2^ldb.FLAG_MOD_DELETE
@@ -70,22 +72,26 @@ CHANGEALL = 0xff
# do not exist in the destination object).
# This is most probably because they are populated automatcally when object is
# created
-hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1,"replPropertyMetaData": 1,"uSNChanged": 1,\
- "uSNCreated": 1,"parentGUID": 1,"objectCategory": 1,"distinguishedName": 1,\
- "showInAdvancedViewOnly": 1,"instanceType": 1, "cn": 1, "msDS-Behavior-Version":1, "nextRid":1,\
- "nTMixedDomain": 1,"versionNumber":1, "lmPwdHistory":1, "pwdLastSet": 1, "ntPwdHistory":1, "unicodePwd":1,\
- "dBCSPwd":1,"supplementalCredentials":1,"gPCUserExtensionNames":1, "gPCMachineExtensionNames":1,\
+# This also apply to imported object from reference provision
+hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1,"replPropertyMetaData": 1,"uSNChanged": 1,
+ "uSNCreated": 1,"parentGUID": 1,"objectCategory": 1,"distinguishedName": 1,
+ "showInAdvancedViewOnly": 1,"instanceType": 1, "cn": 1, "msDS-Behavior-Version":1, "nextRid":1,
+ "nTMixedDomain": 1,"versionNumber":1, "lmPwdHistory":1, "pwdLastSet": 1, "ntPwdHistory":1, "unicodePwd":1,
+ "dBCSPwd":1,"supplementalCredentials":1,"gPCUserExtensionNames":1, "gPCMachineExtensionNames":1,
"maxPwdAge":1, "mail":1, "secret":1,"possibleInferiors":1, "sAMAccountType":1}
# Usually for an object that already exists we do not overwrite attributes as
# they might have been changed for good reasons. Anyway for a few of them it's
# mandatory to replace them otherwise the provision will be broken somehow.
-hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,"systemOnly":replace, "searchFlags":replace,\
- "mayContain":replace, "systemFlags":replace,"description":replace,
- "oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":replace,
- "defaultSecurityDescriptor": replace,"wellKnownObjects":replace,"privilege":delete}
-backlinked = []
+hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,"systemOnly":replace, "searchFlags":replace,
+ "mayContain":replace, "systemFlags":replace,"description":replace,
+ "oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":replace,
+ "defaultSecurityDescriptor": replace,"wellKnownObjects":replace,"privilege":delete,"groupType":replace,
+ "rIDAvailablePool": never}
+
+backlinked = []
+dn_syntax_att = []
def define_what_to_log(opts):
what = 0
if opts.debugchange:
@@ -152,7 +158,15 @@ def identic_rename(ldbobj,dn):
# Create an array of backlinked attributes
def populate_backlink(newpaths,creds,session,schemadn):
newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
- backlinked.extend(get_linked_attributes(ldb.Dn(newsam_ldb,str(schemadn)),newsam_ldb).values())
+ linkedAttHash = get_linked_attributes(ldb.Dn(newsam_ldb,str(schemadn)),newsam_ldb)
+ backlinked.extend(linkedAttHash.values())
+
+# Create an array of attributes with a dn synthax (2.5.5.1)
+def populate_dnsyntax(newpaths,creds,session,schemadn):
+ newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
+ res = newsam_ldb.search(expression="(attributeSyntax=2.5.5.1)",base=ldb.Dn(newsam_ldb,str(schemadn)), scope=SCOPE_SUBTREE, attrs=["lDAPDisplayName"])
+ for elem in res:
+ dn_syntax_att.append(elem["lDAPDisplayName"])
# Get Paths for important objects (ldb, keytabs ...)
def get_paths(targetdir=None,smbconf=None):
@@ -175,6 +189,23 @@ def get_paths(targetdir=None,smbconf=None):
paths = provision_paths_from_lp(lp,"foo")
return paths
+
+def sanitychecks(credentials,session_info,names,paths):
+ sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp,options=["modules:samba_dsdb"])
+ # First update the SD for the rootdn
+ sam_ldb.set_session_info(session)
+ res = sam_ldb.search(expression="objectClass=ntdsdsa",base=str(names.configdn), scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"])
+ if len(res) == 0:
+ print "No DC found, your provision is most probalby hardly broken !"
+ return 0
+ elif len(res) != 1:
+ print "Found %d domain controllers, for the moment upgradeprovision is not able to handle upgrade on \
+domain with more than one DC, please demote the other DC before upgrading"%len(res)
+ return 0
+ else:
+ return 1
+
+
# This function guesses (fetches) informations needed to make a fresh provision
# from the current provision
# It includes: realm, workgroup, partitions, netbiosname, domain guid, ...
@@ -315,7 +346,7 @@ def newprovision(names,setup_dir,creds,session,smbconf):
setup_ds_path=None,
nosync=None,
dom_for_fun_level=names.domainlevel,
- ldap_dryrun_mode=None)
+ ldap_dryrun_mode=None,useeadb=True)
return provdir
# This function sorts two DNs in the lexicographical order and put higher level
@@ -493,6 +524,107 @@ def update_secrets(newpaths,paths,creds,session):
delta.dn = current[0].dn
secrets_ldb.modify(delta)
+def dump_denied_change(dn,att,flagtxt,current,reference):
+ message(CHANGE, "dn= "+str(dn)+" "+att+" with flag "+flagtxt+" is not allowed to be changed/removed, I discard this change ...")
+ if att != "objectSid" :
+ i = 0
+ for e in range(0,len(current)):
+ message(CHANGE,"old %d : %s"%(i,str(current[e])))
+ i=i+1
--
Samba Shared Repository
More information about the samba-cvs
mailing list