[SCM] Samba Shared Repository - branch master updated
Jelmer Vernooij
jelmer at samba.org
Sat Feb 25 14:14:03 MST 2012
The branch, master has been updated
via fe3274d provision: Start splitting out provision result reporting from actual provisioning.
via 2fd1046 provision: Properly close ldb transactions.
via 9ecc68a 'samba-tool gpo': Properly close transaction.
via 08a3d6d ntacl: There is no 'secrets database' configuration option.
via d06eeb7 Factor out sanitize_server_role.
from 66f13ea Partially revert 1f0298dd1b1a939cb215e7b474178b217f8347f4
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fe3274d9cb576f82366070a25a4a7eef4bd43708
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sat Feb 25 20:04:57 2012 +0100
provision: Start splitting out provision result reporting from actual provisioning.
Autobuild-User: Jelmer Vernooij <jelmer at samba.org>
Autobuild-Date: Sat Feb 25 22:13:10 CET 2012 on sn-devel-104
commit 2fd10469c1ad55234d5350b10373b52f0bfd2cd0
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sat Feb 25 17:55:52 2012 +0100
provision: Properly close ldb transactions.
commit 9ecc68abe707506b7dc10ce580c7c2ef6b95a785
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sat Feb 25 17:50:14 2012 +0100
'samba-tool gpo': Properly close transaction.
commit 08a3d6d6ad2db15ddeec5cc9e57392ea01d881ad
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sat Feb 25 17:36:54 2012 +0100
ntacl: There is no 'secrets database' configuration option.
commit d06eeb7949d6c4dd20c46de94e92f3144fa73b15
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sat Feb 25 17:35:41 2012 +0100
Factor out sanitize_server_role.
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/python/samba/netcmd/gpo.py | 8 +-
source4/scripting/python/samba/netcmd/ntacl.py | 2 +-
.../scripting/python/samba/provision/__init__.py | 139 ++++++++++++--------
source4/scripting/python/samba/tests/provision.py | 54 +++++++-
4 files changed, 143 insertions(+), 60 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index bd3480e..94c70c6 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -916,11 +916,11 @@ class cmd_create(Command):
# Set ACL
conn.set_acl(sharepath, fs_sd)
-
- self.samdb.transaction_commit()
- except Exception, e:
+ except:
self.samdb.transaction_cancel()
- raise RuntimeError("Error adding GPO to AD", e)
+ raise
+ else:
+ self.samdb.transaction_commit()
self.outf.write("GPO '%s' created as %s\n" % (displayname, gpo))
diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py
index 96d4c97..349c006 100644
--- a/source4/scripting/python/samba/netcmd/ntacl.py
+++ b/source4/scripting/python/samba/netcmd/ntacl.py
@@ -61,7 +61,7 @@ class cmd_ntacl_set(Command):
def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None,
credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
- path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
+ path = lp.private_path("secrets.ldb")
creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS)
try:
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index aa8736b..6f7adc1 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -2,7 +2,7 @@
# Unix SMB/CIFS implementation.
# backend code for provisioning a Samba4 server
-# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2010
+# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2012
# Copyright (C) Andrew Bartlett <abartlet at samba.org> 2008-2009
# Copyright (C) Oliver Liebel <oliver at itc.li> 2008-2009
#
@@ -360,14 +360,30 @@ def get_last_provision_usn(sam):
class ProvisionResult(object):
+ """Result of a provision.
+
+ :ivar server_role: The server role
+ :ivar paths: ProvisionPaths instance
+ :ivar domaindn: The domain dn, as string
+ """
def __init__(self):
+ self.server_role = None
self.paths = None
self.domaindn = None
self.lp = None
self.samdb = None
self.idmap = None
self.names = None
+ self.domainsid = None
+
+ def report_logger(self, logger):
+ """Report this provision result to a logger."""
+ logger.info("Server Role: %s" % self.server_role)
+ logger.info("Hostname: %s" % self.names.hostname)
+ logger.info("NetBIOS Domain: %s" % self.names.domain)
+ logger.info("DNS Domain: %s" % self.names.dnsdomain)
+ logger.info("DOMAIN SID: %s" % self.domainsid)
def check_install(lp, session_info, credentials):
@@ -866,7 +882,6 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp):
return secrets_ldb
-
def setup_privileges(path, session_info, lp):
"""Setup the privileges database.
@@ -930,10 +945,9 @@ def setup_samdb_rootdse(samdb, names):
})
-def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
- domainsid, next_rid, invocationid,
- policyguid, policyguid_dc, domainControllerFunctionality,
- ntdsguid, dc_rid=None):
+def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
+ dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc,
+ domainControllerFunctionality, ntdsguid=None, dc_rid=None):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
if ntdsguid is not None:
@@ -968,7 +982,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn})
- # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
+ # If we are setting up a subdomain, then this has been replicated in, so we
+ # don't need to add it
if fill == FILL_FULL:
setup_add_ldif(samdb, setup_path("provision_self_join_config.ldif"), {
"CONFIGDN": names.configdn,
@@ -987,7 +1002,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
domainControllerFunctionality)})
# Setup fSMORoleOwner entries to point at the newly created DC entry
- setup_modify_ldif(samdb, setup_path("provision_self_join_modify_config.ldif"), {
+ setup_modify_ldif(samdb,
+ setup_path("provision_self_join_modify_config.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DEFAULTSITE": names.sitename,
@@ -997,9 +1013,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
system_session_info = system_session()
samdb.set_session_info(system_session_info)
- # Setup fSMORoleOwner entries to point at the newly created DC entry
-
- # to modify a serverReference under cn=config when we are a subdomain, we must
+ # Setup fSMORoleOwner entries to point at the newly created DC entry to
+ # modify a serverReference under cn=config when we are a subdomain, we must
# be system due to ACLs
setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
"DOMAINDN": names.domaindn,
@@ -1029,7 +1044,6 @@ def getpolicypath(sysvolpath, dnsdomain, guid):
:param guid: The GUID of the policy
:return: A string with the complete path to the policy folder
"""
-
if guid[0] != "{":
guid = "{%s}" % guid
policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
@@ -1097,6 +1111,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
return samdb
+
def fill_samdb(samdb, lp, names,
logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
@@ -1502,21 +1517,54 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
# fix any dangling GUIDs from the provision
logger.info("Fixing provision GUIDs")
- chk = dbcheck(samdb, samdb_schema=samdb, verbose=False, fix=True, yes=True, quiet=True)
+ chk = dbcheck(samdb, samdb_schema=samdb, verbose=False, fix=True, yes=True,
+ quiet=True)
samdb.transaction_start()
- # a small number of GUIDs are missing because of ordering issues in the
- # provision code
- for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']:
- chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn),
- scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory'])
- chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn,
- scope=ldb.SCOPE_ONELEVEL,
- attrs=['ipsecOwnersReference',
- 'ipsecFilterReference',
- 'ipsecISAKMPReference',
- 'ipsecNegotiationPolicyReference',
- 'ipsecNFAReference'])
- samdb.transaction_commit()
+ try:
+ # a small number of GUIDs are missing because of ordering issues in the
+ # provision code
+ for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']:
+ chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn),
+ scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory'])
+ chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn,
+ scope=ldb.SCOPE_ONELEVEL,
+ attrs=['ipsecOwnersReference',
+ 'ipsecFilterReference',
+ 'ipsecISAKMPReference',
+ 'ipsecNegotiationPolicyReference',
+ 'ipsecNFAReference'])
+ except:
+ samdb.transaction_cancel()
+ raise
+ else:
+ samdb.transaction_commit()
+
+
+_ROLES_MAP = {
+ "ROLE_STANDALONE": "standalone",
+ "ROLE_DOMAIN_MEMBER": "member server",
+ "ROLE_DOMAIN_BDC": "domain controller",
+ "ROLE_DOMAIN_PDC": "domain controller",
+ "dc": "domain controller",
+ "member": "member server",
+ "domain controller": "domain controller",
+ "member server": "member server",
+ "standalone": "standalone",
+ }
+
+
+def sanitize_server_role(role):
+ """Sanitize a server role name.
+
+ :param role: Server role
+ :raise ValueError: If the role can not be interpreted
+ :return: Sanitized server role (one of "member server",
+ "domain controller", "standalone")
+ """
+ try:
+ return _ROLES_MAP[role]
+ except KeyError:
+ raise ValueError(role)
def provision(logger, session_info, credentials, smbconf=None,
@@ -1538,20 +1586,9 @@ def provision(logger, session_info, credentials, smbconf=None,
:note: caution, this wipes all existing data!
"""
- roles = {}
- roles["ROLE_STANDALONE"] = "standalone"
- roles["ROLE_DOMAIN_MEMBER"] = "member server"
- roles["ROLE_DOMAIN_BDC"] = "domain controller"
- roles["ROLE_DOMAIN_PDC"] = "domain controller"
- roles["dc"] = "domain controller"
- roles["member"] = "member server"
- roles["domain controller"] = "domain controller"
- roles["member server"] = "member server"
- roles["standalone"] = "standalone"
-
try:
- serverrole = roles[serverrole]
- except KeyError:
+ serverrole = sanitize_server_role(serverrole)
+ except ValueError:
raise ProvisioningError('server role (%s) should be one of "domain controller", "member server", "standalone"' % serverrole)
if ldapadminpass is None:
@@ -1790,15 +1827,20 @@ def provision(logger, session_info, credentials, smbconf=None,
logger.info("Failed to chown %s to bind gid %u",
dns_keytab_path, paths.bind_gid)
+ logger.info("Once the above files are installed, your Samba4 server will be ready to use")
+ result = ProvisionResult()
+ result.server_role = serverrole
+ result.domaindn = domaindn
+ result.paths = paths
+ result.names = names
+ result.lp = lp
+ result.samdb = samdb
+ result.idmap = idmap
+ result.domainsid = str(domainsid)
+ result.report_logger(logger)
logger.info("A phpLDAPadmin configuration file suitable for administering the Samba 4 LDAP server has been created in %s .",
paths.phpldapadminconfig)
- logger.info("Once the above files are installed, your Samba4 server will be ready to use")
- logger.info("Server Role: %s" % serverrole)
- logger.info("Hostname: %s" % names.hostname)
- logger.info("NetBIOS Domain: %s" % names.domain)
- logger.info("DNS Domain: %s" % names.dnsdomain)
- logger.info("DOMAIN SID: %s" % str(domainsid))
if samdb_fill == FILL_FULL:
if adminpass_generated:
logger.info("Admin password: %s" % adminpass)
@@ -1818,13 +1860,6 @@ def provision(logger, session_info, credentials, smbconf=None,
logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh",
provision_backend.ldapdir)
- result = ProvisionResult()
- result.domaindn = domaindn
- result.paths = paths
- result.names = names
- result.lp = lp
- result.samdb = samdb
- result.idmap = idmap
return result
diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py
index dd3e725..fc8451c 100644
--- a/source4/scripting/python/samba/tests/provision.py
+++ b/source4/scripting/python/samba/tests/provision.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
# Unix SMB/CIFS implementation.
-# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2008
+# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2012
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,14 @@
"""Tests for samba.provision."""
import os
-from samba.provision import setup_secretsdb, findnss, ProvisionPaths
+from samba.provision import (
+ ProvisionNames,
+ ProvisionPaths,
+ ProvisionResult,
+ sanitize_server_role,
+ setup_secretsdb,
+ findnss,
+ )
import samba.tests
from samba.tests import env_loadparm, TestCase
@@ -61,7 +68,7 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
finally:
del ldb
os.unlink(path)
-
+
class FindNssTests(TestCase):
"""Test findnss() function."""
@@ -115,3 +122,44 @@ class Disabled(object):
raise NotImplementedError(self.test_vampire)
+class SanitizeServerRoleTests(TestCase):
+
+ def test_same(self):
+ self.assertEquals("standalone", sanitize_server_role("standalone"))
+ self.assertEquals("member server",
+ sanitize_server_role("member server"))
+
+ def test_invalid(self):
+ self.assertRaises(ValueError, sanitize_server_role, "foo")
+
+ def test_valid(self):
+ self.assertEquals("standalone", sanitize_server_role("ROLE_STANDALONE"))
+
+
+class DummyLogger(object):
+
+ def __init__(self):
+ self.entries = []
+
+ def info(self, text):
+ self.entries.append(("INFO", text))
+
+
+class ProvisionResultTests(TestCase):
+
+ def test_report_logger(self):
+ logger = DummyLogger()
+ result = ProvisionResult()
+ result.server_role = "domain controller"
+ result.names = ProvisionNames()
+ result.names.hostname = "hostnaam"
+ result.names.domain = "DOMEIN"
+ result.names.dnsdomain = "dnsdomein"
+ result.domainsid = "S1-1-1"
+ result.report_logger(logger)
+ self.assertEquals(logger.entries, [
+ ('INFO', 'Server Role: domain controller'),
+ ('INFO', 'Hostname: hostnaam'),
+ ('INFO', 'NetBIOS Domain: DOMEIN'),
+ ('INFO', 'DNS Domain: dnsdomein'),
+ ('INFO', 'DOMAIN SID: S1-1-1')])
--
Samba Shared Repository
More information about the samba-cvs
mailing list