[SCM] Samba Shared Repository - branch master updated

Jelmer Vernooij jelmer at samba.org
Sat Feb 25 14:14:03 MST 2012


The branch, master has been updated
       via  fe3274d provision: Start splitting out provision result reporting from actual provisioning.
       via  2fd1046 provision: Properly close ldb transactions.
       via  9ecc68a 'samba-tool gpo': Properly close transaction.
       via  08a3d6d ntacl: There is no 'secrets database' configuration option.
       via  d06eeb7 Factor out sanitize_server_role.
      from  66f13ea Partially revert 1f0298dd1b1a939cb215e7b474178b217f8347f4

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit fe3274d9cb576f82366070a25a4a7eef4bd43708
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Feb 25 20:04:57 2012 +0100

    provision: Start splitting out provision result reporting from actual provisioning.
    
    Autobuild-User: Jelmer Vernooij <jelmer at samba.org>
    Autobuild-Date: Sat Feb 25 22:13:10 CET 2012 on sn-devel-104

commit 2fd10469c1ad55234d5350b10373b52f0bfd2cd0
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Feb 25 17:55:52 2012 +0100

    provision: Properly close ldb transactions.

commit 9ecc68abe707506b7dc10ce580c7c2ef6b95a785
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Feb 25 17:50:14 2012 +0100

    'samba-tool gpo': Properly close transaction.

commit 08a3d6d6ad2db15ddeec5cc9e57392ea01d881ad
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Feb 25 17:36:54 2012 +0100

    ntacl: There is no 'secrets database' configuration option.

commit d06eeb7949d6c4dd20c46de94e92f3144fa73b15
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Feb 25 17:35:41 2012 +0100

    Factor out sanitize_server_role.

-----------------------------------------------------------------------

Summary of changes:
 source4/scripting/python/samba/netcmd/gpo.py       |    8 +-
 source4/scripting/python/samba/netcmd/ntacl.py     |    2 +-
 .../scripting/python/samba/provision/__init__.py   |  139 ++++++++++++--------
 source4/scripting/python/samba/tests/provision.py  |   54 +++++++-
 4 files changed, 143 insertions(+), 60 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index bd3480e..94c70c6 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -916,11 +916,11 @@ class cmd_create(Command):
 
             # Set ACL
             conn.set_acl(sharepath, fs_sd)
-
-            self.samdb.transaction_commit()
-        except Exception, e:
+        except:
             self.samdb.transaction_cancel()
-            raise RuntimeError("Error adding GPO to AD", e)
+            raise
+        else:
+            self.samdb.transaction_commit()
 
         self.outf.write("GPO '%s' created as %s\n" % (displayname, gpo))
 
diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py
index 96d4c97..349c006 100644
--- a/source4/scripting/python/samba/netcmd/ntacl.py
+++ b/source4/scripting/python/samba/netcmd/ntacl.py
@@ -61,7 +61,7 @@ class cmd_ntacl_set(Command):
     def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None,
             credopts=None, sambaopts=None, versionopts=None):
         lp = sambaopts.get_loadparm()
-        path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
+        path = lp.private_path("secrets.ldb")
         creds = credopts.get_credentials(lp)
         creds.set_kerberos_state(DONT_USE_KERBEROS)
         try:
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index aa8736b..6f7adc1 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -2,7 +2,7 @@
 # Unix SMB/CIFS implementation.
 # backend code for provisioning a Samba4 server
 
-# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2010
+# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2012
 # Copyright (C) Andrew Bartlett <abartlet at samba.org> 2008-2009
 # Copyright (C) Oliver Liebel <oliver at itc.li> 2008-2009
 #
@@ -360,14 +360,30 @@ def get_last_provision_usn(sam):
 
 
 class ProvisionResult(object):
+    """Result of a provision.
+
+    :ivar server_role: The server role
+    :ivar paths: ProvisionPaths instance
+    :ivar domaindn: The domain dn, as string
+    """
 
     def __init__(self):
+        self.server_role = None
         self.paths = None
         self.domaindn = None
         self.lp = None
         self.samdb = None
         self.idmap = None
         self.names = None
+        self.domainsid = None
+
+    def report_logger(self, logger):
+        """Report this provision result to a logger."""
+        logger.info("Server Role:           %s" % self.server_role)
+        logger.info("Hostname:              %s" % self.names.hostname)
+        logger.info("NetBIOS Domain:        %s" % self.names.domain)
+        logger.info("DNS Domain:            %s" % self.names.dnsdomain)
+        logger.info("DOMAIN SID:            %s" % self.domainsid)
 
 
 def check_install(lp, session_info, credentials):
@@ -866,7 +882,6 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp):
     return secrets_ldb
 
 
-
 def setup_privileges(path, session_info, lp):
     """Setup the privileges database.
 
@@ -930,10 +945,9 @@ def setup_samdb_rootdse(samdb, names):
         })
 
 
-def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
-                    domainsid, next_rid, invocationid,
-                    policyguid, policyguid_dc, domainControllerFunctionality,
-                    ntdsguid, dc_rid=None):
+def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
+        dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc,
+        domainControllerFunctionality, ntdsguid=None, dc_rid=None):
     """Join a host to its own domain."""
     assert isinstance(invocationid, str)
     if ntdsguid is not None:
@@ -968,7 +982,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
               "DNSDOMAIN": names.dnsdomain,
               "DOMAINDN": names.domaindn})
 
-    # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
+    # If we are setting up a subdomain, then this has been replicated in, so we
+    # don't need to add it
     if fill == FILL_FULL:
         setup_add_ldif(samdb, setup_path("provision_self_join_config.ldif"), {
                 "CONFIGDN": names.configdn,
@@ -987,7 +1002,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
                     domainControllerFunctionality)})
 
     # Setup fSMORoleOwner entries to point at the newly created DC entry
-        setup_modify_ldif(samdb, setup_path("provision_self_join_modify_config.ldif"), {
+        setup_modify_ldif(samdb,
+            setup_path("provision_self_join_modify_config.ldif"), {
                 "CONFIGDN": names.configdn,
                 "SCHEMADN": names.schemadn,
                 "DEFAULTSITE": names.sitename,
@@ -997,9 +1013,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
 
     system_session_info = system_session()
     samdb.set_session_info(system_session_info)
-    # Setup fSMORoleOwner entries to point at the newly created DC entry
-
-    # to modify a serverReference under cn=config when we are a subdomain, we must
+    # Setup fSMORoleOwner entries to point at the newly created DC entry to
+    # modify a serverReference under cn=config when we are a subdomain, we must
     # be system due to ACLs
     setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
               "DOMAINDN": names.domaindn,
@@ -1029,7 +1044,6 @@ def getpolicypath(sysvolpath, dnsdomain, guid):
     :param guid: The GUID of the policy
     :return: A string with the complete path to the policy folder
     """
-
     if guid[0] != "{":
         guid = "{%s}" % guid
     policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
@@ -1097,6 +1111,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
 
     return samdb
 
+
 def fill_samdb(samdb, lp, names,
         logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
         adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
@@ -1502,21 +1517,54 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
 
     # fix any dangling GUIDs from the provision
     logger.info("Fixing provision GUIDs")
-    chk = dbcheck(samdb, samdb_schema=samdb,  verbose=False, fix=True, yes=True, quiet=True)
+    chk = dbcheck(samdb, samdb_schema=samdb, verbose=False, fix=True, yes=True,
+            quiet=True)
     samdb.transaction_start()
-    # a small number of GUIDs are missing because of ordering issues in the
-    # provision code
-    for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']:
-        chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn),
-                           scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory'])
-    chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn,
-                       scope=ldb.SCOPE_ONELEVEL,
-                       attrs=['ipsecOwnersReference',
-                              'ipsecFilterReference',
-                              'ipsecISAKMPReference',
-                              'ipsecNegotiationPolicyReference',
-                              'ipsecNFAReference'])
-    samdb.transaction_commit()
+    try:
+        # a small number of GUIDs are missing because of ordering issues in the
+        # provision code
+        for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']:
+            chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn),
+                               scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory'])
+        chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn,
+                           scope=ldb.SCOPE_ONELEVEL,
+                           attrs=['ipsecOwnersReference',
+                                  'ipsecFilterReference',
+                                  'ipsecISAKMPReference',
+                                  'ipsecNegotiationPolicyReference',
+                                  'ipsecNFAReference'])
+    except:
+        samdb.transaction_cancel()
+        raise
+    else:
+        samdb.transaction_commit()
+
+
+_ROLES_MAP = {
+    "ROLE_STANDALONE": "standalone",
+    "ROLE_DOMAIN_MEMBER": "member server",
+    "ROLE_DOMAIN_BDC": "domain controller",
+    "ROLE_DOMAIN_PDC": "domain controller",
+    "dc": "domain controller",
+    "member": "member server",
+    "domain controller": "domain controller",
+    "member server": "member server",
+    "standalone": "standalone",
+    }
+
+
+def sanitize_server_role(role):
+    """Sanitize a server role name.
+
+    :param role: Server role
+    :raise ValueError: If the role can not be interpreted
+    :return: Sanitized server role (one of "member server",
+        "domain controller", "standalone")
+    """
+    try:
+        return  _ROLES_MAP[role]
+    except KeyError:
+        raise ValueError(role)
 
 
 def provision(logger, session_info, credentials, smbconf=None,
@@ -1538,20 +1586,9 @@ def provision(logger, session_info, credentials, smbconf=None,
     :note: caution, this wipes all existing data!
     """
 
-    roles = {}
-    roles["ROLE_STANDALONE"] = "standalone"
-    roles["ROLE_DOMAIN_MEMBER"] = "member server"
-    roles["ROLE_DOMAIN_BDC"] = "domain controller"
-    roles["ROLE_DOMAIN_PDC"] = "domain controller"
-    roles["dc"] = "domain controller"
-    roles["member"] = "member server"
-    roles["domain controller"] = "domain controller"
-    roles["member server"] = "member server"
-    roles["standalone"] = "standalone"
-
     try:
-        serverrole = roles[serverrole]
-    except KeyError:
+        serverrole = sanitize_server_role(serverrole)
+    except ValueError:
         raise ProvisioningError('server role (%s) should be one of "domain controller", "member server", "standalone"' % serverrole)
 
     if ldapadminpass is None:
@@ -1790,15 +1827,20 @@ def provision(logger, session_info, credentials, smbconf=None,
                 logger.info("Failed to chown %s to bind gid %u",
                             dns_keytab_path, paths.bind_gid)
 
+    logger.info("Once the above files are installed, your Samba4 server will be ready to use")
+    result = ProvisionResult()
+    result.server_role = serverrole
+    result.domaindn = domaindn
+    result.paths = paths
+    result.names = names
+    result.lp = lp
+    result.samdb = samdb
+    result.idmap = idmap
+    result.domainsid = str(domainsid)
+    result.report_logger(logger)
     logger.info("A phpLDAPadmin configuration file suitable for administering the Samba 4 LDAP server has been created in %s .",
             paths.phpldapadminconfig)
 
-    logger.info("Once the above files are installed, your Samba4 server will be ready to use")
-    logger.info("Server Role:           %s" % serverrole)
-    logger.info("Hostname:              %s" % names.hostname)
-    logger.info("NetBIOS Domain:        %s" % names.domain)
-    logger.info("DNS Domain:            %s" % names.dnsdomain)
-    logger.info("DOMAIN SID:            %s" % str(domainsid))
     if samdb_fill == FILL_FULL:
         if adminpass_generated:
             logger.info("Admin password:        %s" % adminpass)
@@ -1818,13 +1860,6 @@ def provision(logger, session_info, credentials, smbconf=None,
             logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh",
                     provision_backend.ldapdir)
 
-    result = ProvisionResult()
-    result.domaindn = domaindn
-    result.paths = paths
-    result.names = names
-    result.lp = lp
-    result.samdb = samdb
-    result.idmap = idmap
     return result
 
 
diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py
index dd3e725..fc8451c 100644
--- a/source4/scripting/python/samba/tests/provision.py
+++ b/source4/scripting/python/samba/tests/provision.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 # Unix SMB/CIFS implementation.
-# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2008
+# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2012
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,7 +20,14 @@
 """Tests for samba.provision."""
 
 import os
-from samba.provision import setup_secretsdb, findnss, ProvisionPaths
+from samba.provision import (
+    ProvisionNames,
+    ProvisionPaths,
+    ProvisionResult,
+    sanitize_server_role,
+    setup_secretsdb,
+    findnss,
+    )
 import samba.tests
 from samba.tests import env_loadparm, TestCase
 
@@ -61,7 +68,7 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
         finally:
             del ldb
             os.unlink(path)
-            
+
 
 class FindNssTests(TestCase):
     """Test findnss() function."""
@@ -115,3 +122,44 @@ class Disabled(object):
         raise NotImplementedError(self.test_vampire)
 
 
+class SanitizeServerRoleTests(TestCase):
+
+    def test_same(self):
+        self.assertEquals("standalone", sanitize_server_role("standalone"))
+        self.assertEquals("member server",
+            sanitize_server_role("member server"))
+
+    def test_invalid(self):
+        self.assertRaises(ValueError, sanitize_server_role, "foo")
+
+    def test_valid(self):
+        self.assertEquals("standalone", sanitize_server_role("ROLE_STANDALONE"))
+
+
+class DummyLogger(object):
+
+    def __init__(self):
+        self.entries = []
+
+    def info(self, text):
+        self.entries.append(("INFO", text))
+
+
+class ProvisionResultTests(TestCase):
+
+    def test_report_logger(self):
+        logger = DummyLogger()
+        result = ProvisionResult()
+        result.server_role = "domain controller"
+        result.names = ProvisionNames()
+        result.names.hostname = "hostnaam"
+        result.names.domain = "DOMEIN"
+        result.names.dnsdomain = "dnsdomein"
+        result.domainsid = "S1-1-1"
+        result.report_logger(logger)
+        self.assertEquals(logger.entries, [
+            ('INFO', 'Server Role:           domain controller'),
+            ('INFO', 'Hostname:              hostnaam'),
+            ('INFO', 'NetBIOS Domain:        DOMEIN'),
+            ('INFO', 'DNS Domain:            dnsdomein'),
+            ('INFO', 'DOMAIN SID:            S1-1-1')])


-- 
Samba Shared Repository


More information about the samba-cvs mailing list