[SCM] Samba Shared Repository - branch master updated
Jelmer Vernooij
jelmer at samba.org
Sun Mar 28 15:04:37 MDT 2010
The branch, master has been updated
via ba74823... upgradeprovision: Fix formatting, syntax error.
via d18d7cf... s4 upgradeprovision: add information about upgrade in oEMInformation to keep a better trace of different updates
via 8d3ff2d... s4: allow upgrade provision to fix acl and missing dir on GPO dirs
via ec48d36... provision: make gpo related function more reusable for upgradeprovision
via 66375cf... provision: Remove unnecessary whitespace.
via f4e3144... selftest: Update locations in README.
via 45f389b... selftest: Remove unused BuildFarm output file (now using subunit)
from 235cd3e... selftest: Remove html subunit formatter; it's too simple and really belongs in subunit or testrepository upstream.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ba74823c8f42dd3f4f0883163e42888ec35baf32
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Mar 28 22:58:36 2010 +0200
upgradeprovision: Fix formatting, syntax error.
commit d18d7cfa27a3f2a088c8f3ea9de4f9d8d89fea38
Author: Matthieu Patou <mat at matws.net>
Date: Mon Mar 29 00:37:26 2010 +0400
s4 upgradeprovision: add information about upgrade in oEMInformation to keep a better trace of different updates
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
commit 8d3ff2d41e9ffeb41d55613f645a72fbdda77861
Author: Matthieu Patou <mat at matws.net>
Date: Sun Mar 28 22:48:55 2010 +0400
s4: allow upgrade provision to fix acl and missing dir on GPO dirs
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
commit ec48d3693de25d7210c926f27ac859cbf97ef428
Author: Matthieu Patou <mat at matws.net>
Date: Tue Feb 23 19:11:58 2010 +0300
provision: make gpo related function more reusable for upgradeprovision
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
commit 66375cfba24fcf92122e83afeecaa14b9b2e3d2e
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Mar 28 22:42:31 2010 +0200
provision: Remove unnecessary whitespace.
commit f4e314457f5ec7857d59a52cb2318bea8e6f579e
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Mar 28 22:42:11 2010 +0200
selftest: Update locations in README.
commit 45f389b2538f4e1e45fad72142e11f0427a1eaf2
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Mar 28 21:56:09 2010 +0200
selftest: Remove unused BuildFarm output file (now using subunit)
-----------------------------------------------------------------------
Summary of changes:
selftest/BuildFarm.pm | 65 ---------------
selftest/README | 2 +-
source4/scripting/bin/upgradeprovision | 39 +++++++++-
source4/scripting/python/samba/provision.py | 112 +++++++++++++-------------
4 files changed, 93 insertions(+), 125 deletions(-)
delete mode 100644 selftest/BuildFarm.pm
Changeset truncated at 500 lines:
diff --git a/selftest/BuildFarm.pm b/selftest/BuildFarm.pm
deleted file mode 100644
index 80a91ac..0000000
--- a/selftest/BuildFarm.pm
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/usr/bin/perl
-# Convenience functions for writing output expected by the buildfarm
-# Copyright (C) 2009 Jelmer Vernooij <jelmer at samba.org>
-# Published under the GNU GPL, v3 or later
-
-package BuildFarm;
-
-use Exporter;
- at ISA = qw(Exporter);
- at EXPORT_OK = qw(start_testsuite end_testsuite skip_testsuite summary);
-
-use strict;
-
-sub start_testsuite($$)
-{
- my ($name, $duration) = @_;
- my $out = "";
-
- $out .= "--==--==--==--==--==--==--==--==--==--==--\n";
- $out .= "Running test $name (level 0 stdout)\n";
- $out .= "--==--==--==--==--==--==--==--==--==--==--\n";
- $out .= scalar(localtime())."\n";
- $out .= "SELFTEST RUNTIME: " . $duration . "s\n";
- $out .= "NAME: $name\n";
-
- print $out;
-}
-
-sub end_testsuite($$$$$)
-{
- my ($name, $duration, $ok, $output, $reason) = @_;
- my $out = "";
-
- $out .= "TEST RUNTIME: " . $duration . "s\n";
- if ($ok) {
- $out .= "ALL OK\n";
- } else {
- $out .= "ERROR: $reason\n";
- }
- $out .= "==========================================\n";
- if ($ok) {
- $out .= "TEST PASSED: $name\n";
- } else {
- $out .= "TEST FAILED: $name (status $reason)\n";
- }
- $out .= "==========================================\n";
-
- print $out;
-}
-
-sub skip_testsuite($)
-{
- my ($name) = @_;
-
- print "SKIPPED: $name\n";
-}
-
-sub summary($)
-{
- my ($duration) = @_;
-
- print "DURATION: " . $duration . " seconds\n";
-}
-
-1;
diff --git a/selftest/README b/selftest/README
index 4ae0436..6a2c406 100644
--- a/selftest/README
+++ b/selftest/README
@@ -15,7 +15,7 @@ format-subunit.pl, which is used by default as part of "make test".
Available testsuites
====================
The available testsuites are obtained from a script, usually
-selftest/samba{3,4}_tests.sh. This script should for each testsuite output
+source{3,4}/selftest/tests.sh. This script should for each testsuite output
the name of the test, the command to run and the environment that should be
provided. Use the included "plantest" function to generate the required output.
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 0e3f86d..8f01bd3 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -34,14 +34,14 @@ import samba
import samba.getopt as options
from samba.credentials import DONT_USE_KERBEROS
from samba.auth import system_session, admin_session
-from samba import Ldb
+from samba import Ldb, version
from ldb import SCOPE_SUBTREE, SCOPE_BASE, \
FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE,\
MessageElement, Message, Dn
from samba import param
from samba import glue
from samba.misc import messageEltFlagToString
-from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join
+from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct
from samba.provisionexceptions import ProvisioningError
from samba.schema import get_linked_attributes, Schema, get_schema_descriptor
from samba.dcerpc import security
@@ -82,7 +82,7 @@ hashAttrNotCopied = { "dn": 1, "whenCreated": 1, "whenChanged": 1, "objectGU
# mandatory to replace them otherwise the provision will be broken somehow.
hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace, "systemOnly":replace, "searchFlags":replace,
"mayContain":replace, "systemFlags":replace, "description":replace,
- "oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":replace,
+ "oEMInformation":never, "operatingSystemVersion":replace, "adminPropertyPages":replace,
"defaultSecurityDescriptor": replace, "wellKnownObjects":replace, "privilege":delete, "groupType":replace,
"rIDAvailablePool": never}
@@ -870,6 +870,38 @@ def update_machine_account_password(paths, creds, session, names):
secrets_ldb.transaction_cancel()
+def update_gpo(paths,creds,session,names):
+ """Create missing GPO file object if needed
+
+ Set ACL correctly also.
+ """
+ dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid)
+ if not os.path.isdir(dir):
+ create_gpo_struct(dir)
+
+ dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid_dc)
+ if not os.path.isdir(dir):
+ create_gpo_struct(dir)
+ samdb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
+ set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
+ names.domaindn, samdb, lp)
+
+def updateOEMInfo(paths, creds, session,names):
+ sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds, lp=lp,
+ options=["modules:samba_dsdb"])
+ res = sam_ldb.search(expression="(objectClass=*)",base=str(names.rootdn),
+ scope=SCOPE_BASE, attrs=["dn","oEMInformation"])
+ if len(res) > 0:
+ info = res[0]["oEMInformation"]
+ info = "%s, upgrade to %s"%(info,version)
+ delta = Message()
+ delta.dn = Dn(sam_ldb,str(res[0]["dn"]))
+ descr = get_schema_descriptor(names.domainsid)
+ delta["oEMInformation"] = MessageElement(info, FLAG_MOD_REPLACE,
+ "oEMInformation" )
+ sam_ldb.modify(delta)
+
+
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -911,6 +943,7 @@ if __name__ == '__main__':
update_sd(paths, creds, session,names)
update_sd(paths, creds, admin_session_info, names)
check_updated_sd(newpaths, paths, creds, session, names)
+ updateOEMInfo(paths,creds,session,names)
message(SIMPLE, "Upgrade finished !")
# remove reference provision now that everything is done !
shutil.rmtree(provisiondir)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 1d5e61c..17dc470 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -236,7 +236,7 @@ def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
"""
assert isinstance(ldif_path, str)
data = read_and_sub_file(ldif_path, subst_vars)
- ldb.add_ldif(data,controls)
+ ldb.add_ldif(data, controls)
def setup_modify_ldif(ldb, ldif_path, subst_vars=None):
@@ -247,7 +247,6 @@ def setup_modify_ldif(ldb, ldif_path, subst_vars=None):
:param subst_vars: Optional dictionary with substitution variables.
"""
data = read_and_sub_file(ldif_path, subst_vars)
-
ldb.modify_ldif(data)
@@ -301,13 +300,9 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.hku = "hku.ldb"
paths.hkpd = "hkpd.ldb"
paths.hkpt = "hkpt.ldb"
-
paths.sysvol = lp.get("path", "sysvol")
-
paths.netlogon = lp.get("path", "netlogon")
-
paths.smbconf = lp.configfile
-
return paths
@@ -476,7 +471,7 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
"SIDGENERATOR_LINE": sid_generator_line,
"PRIVATEDIR_LINE": privatedir_line,
"LOCKDIR_LINE": lockdir_line,
- "POSIXEADB_LINE": posixeadb_line
+ "POSIXEADB_LINE": posixeadb_line
})
@@ -812,24 +807,25 @@ def setup_self_join(samdb, names,
"DNSPASS_B64": b64encode(dnspass),
})
+def getpolicypath(sysvolpath, dnsdomain, guid):
+ if guid[0] != "{":
+ guid = "{%s}" % guid
+ policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
+ return policy_path
-def setup_gpo(paths,names,samdb,policyguid,policyguid_dc,domainsid):
- policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
- "{" + policyguid + "}")
+def create_gpo_struct(policy_path):
os.makedirs(policy_path, 0755)
open(os.path.join(policy_path, "GPT.INI"), 'w').write(
"[General]\r\nVersion=65543")
os.makedirs(os.path.join(policy_path, "MACHINE"), 0755)
os.makedirs(os.path.join(policy_path, "USER"), 0755)
- policy_path_dc = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
- "{" + policyguid_dc + "}")
- os.makedirs(policy_path_dc, 0755)
- open(os.path.join(policy_path_dc, "GPT.INI"), 'w').write(
- "[General]\r\nVersion=2")
- os.makedirs(os.path.join(policy_path_dc, "MACHINE"), 0755)
- os.makedirs(os.path.join(policy_path_dc, "USER"), 0755)
+def setup_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):
+ policy_path = getpolicypath(sysvolpath,dnsdomain,policyguid)
+ create_gpo_struct(policy_path)
+ policy_path = getpolicypath(sysvolpath,dnsdomain,policyguid_dc)
+ create_gpo_struct(policy_path)
def setup_samdb(path, setup_path, session_info, provision_backend, lp,
names, message,
@@ -1040,44 +1036,48 @@ FILL_DRS = "DRS"
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)"
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)"
-def set_gpo_acl(path,acl,lp,domsid):
- setntacl(lp,path,acl,domsid)
- for root, dirs, files in os.walk(path, topdown=False):
- for name in files:
- setntacl(lp,os.path.join(root, name),acl,domsid)
- for name in dirs:
- setntacl(lp,os.path.join(root, name),acl,domsid)
-
-def setsysvolacl(samdb,names,netlogon,sysvol,gid,domainsid,lp):
- canchown = 1
- try:
- os.chown(sysvol,-1,gid)
- except:
- canchown = 0
-
- setntacl(lp,sysvol,SYSVOL_ACL,str(domainsid))
- for root, dirs, files in os.walk(sysvol, topdown=False):
- for name in files:
- if canchown:
- os.chown(os.path.join(root, name),-1,gid)
- setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
- for name in dirs:
- if canchown:
- os.chown(os.path.join(root, name),-1,gid)
- setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
-
- # Set ACL for GPO
- policy_path = os.path.join(sysvol, names.dnsdomain, "Policies")
- set_gpo_acl(policy_path,dsacl2fsacl(POLICIES_ACL,str(domainsid)),lp,str(domainsid))
- res = samdb.search(base="CN=Policies,CN=System,%s"%(names.domaindn),
- attrs=["cn","nTSecurityDescriptor"],
- expression="", scope=ldb.SCOPE_ONELEVEL)
- for policy in res:
- acl = ndr_unpack(security.descriptor,str(policy["nTSecurityDescriptor"])).as_sddl()
- policy_path = os.path.join(sysvol, names.dnsdomain, "Policies",
- str(policy["cn"]))
- set_gpo_acl(policy_path,dsacl2fsacl(acl,str(domainsid)),lp,str(domainsid))
+def set_dir_acl(path, acl, lp, domsid):
+ setntacl(lp, path, acl, domsid)
+ for root, dirs, files in os.walk(path, topdown=False):
+ for name in files:
+ setntacl(lp, os.path.join(root, name), acl, domsid)
+ for name in dirs:
+ setntacl(lp, os.path.join(root, name), acl, domsid)
+
+
+def set_gpo_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp):
+ # Set ACL for GPO
+ policy_path = os.path.join(sysvol, dnsdomain, "Policies")
+ set_dir_acl(policy_path,dsacl2fsacl(POLICIES_ACL, str(domainsid)),
+ lp, str(domainsid))
+ res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn),
+ attrs=["cn","nTSecurityDescriptor"],
+ expression="", scope=ldb.SCOPE_ONELEVEL)
+ for policy in res:
+ acl = ndr_unpack(security.descriptor,str(policy["nTSecurityDescriptor"])).as_sddl()
+ policy_path = getpolicypath(sysvol,dnsdomain,str(policy["cn"]))
+ set_dir_acl(policy_path,dsacl2fsacl(acl,str(domainsid)),lp,str(domainsid))
+
+def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn,
+ lp):
+ try:
+ os.chown(sysvol,-1,gid)
+ except:
+ canchown = False
+ else:
+ canchown = True
+ setntacl(lp,sysvol,SYSVOL_ACL,str(domainsid))
+ for root, dirs, files in os.walk(sysvol, topdown=False):
+ for name in files:
+ if canchown:
+ os.chown(os.path.join(root, name),-1,gid)
+ setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
+ for name in dirs:
+ if canchown:
+ os.chown(os.path.join(root, name),-1,gid)
+ setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
+ set_gpo_acl(sysvol,dnsdomain,domainsid,domaindn,samdb,lp)
def provision(setup_dir, message, session_info,
@@ -1330,8 +1330,8 @@ def provision(setup_dir, message, session_info,
if serverrole == "domain controller":
# Set up group policies (domain policy and domain controller policy)
- setup_gpo(paths,names,samdb,policyguid,policyguid_dc,domainsid)
- setsysvolacl(samdb,names,paths.netlogon,paths.sysvol,wheel_gid,domainsid,lp)
+ setup_gpo(paths.sysvol,names.dnsdomain,policyguid,policyguid_dc)
+ setsysvolacl(samdb,paths.netlogon,paths.sysvol,wheel_gid,domainsid,names.dnsdomain,names.domaindn,lp)
message("Setting up sam.ldb rootDSE marking as synchronized")
setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
--
Samba Shared Repository
More information about the samba-cvs
mailing list