[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Nov 5 16:13:03 MST 2012
The branch, master has been updated
via ab30a8b provision: Make dsacl2fsacl() take a security.dom_sid, not str
via 0334515 provision: Also walk directories checking ACLs
via abbbbb5 wintest: Try harder to recover from apparent failure to dcpromo
via 0b7bb77 selftest: check that samba-tool gpo works for basic operations
via 26faa8f dsdb: Simplify DsCrackNameOneFilter a bit
via ec3cbb6 wafsamba.abi: Fix abi_match with both excludes and includes.
via d02c8ba wafsamba.samba_abi: Add basic unit tests.
via 97102fa buildtools: Remove extra space from global: line
via ea5ef95 wafsamba.samba_abi: Refactor abi_write_vscript to take file argument.
from 3d93616 s3:smbd: pass the current time to make_connection[_smb1]()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ab30a8bf0fb9bd4ee3c907183132f3b9abb67c7a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 20:44:14 2012 +1100
provision: Make dsacl2fsacl() take a security.dom_sid, not str
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
commit 033451587db21d6e4b829e89a64f894a32682131
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 15:22:02 2012 +1100
provision: Also walk directories checking ACLs
The directory walk was missed due to a cut-and-paste error.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit abbbbb5cdc39b71c0f243ff1e660d1f35a4923e3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 19:35:51 2012 +1100
wintest: Try harder to recover from apparent failure to dcpromo
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 0b7bb774ce836722d219d6e466a76b12c1a03de3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 12:57:17 2012 +1100
selftest: check that samba-tool gpo works for basic operations
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 26faa8fe3a42f9d1278d81773c8808b05fcd76f8
Author: Volker Lendecke <vl at samba.org>
Date: Sat Nov 3 09:36:29 2012 +0100
dsdb: Simplify DsCrackNameOneFilter a bit
For me "else" branches clutter my flow reading code. If we do a hard
return at the end of an "if" branch, "else" is not required.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ec3cbb6c476698523c9b5ac047787df101746891
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Mon Nov 5 19:36:30 2012 +0100
wafsamba.abi: Fix abi_match with both excludes and includes.
This fixes a regression introduced by 9c3e294400234ebdf9b98031bae583524fd0b0ac
which caused internal symbols in libldb to be exposed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9357
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stephen Gallagher <sgallagh at redhat.com>
commit d02c8ba122cef7d8b254e5be3ae757eb3bb14235
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Mon Nov 5 19:36:29 2012 +0100
wafsamba.samba_abi: Add basic unit tests.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stephen Gallagher <sgallagh at redhat.com>
commit 97102fa9963ba88f4ab72165a02071990031a73b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 6 07:48:52 2012 +1100
buildtools: Remove extra space from global: line
This makes it easier to put the expected values in a file
as we will not have trailing whitespace that is against git style.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ea5ef95fbebe28cca11f86a9015aab77522f5e18
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Mon Nov 5 19:36:28 2012 +0100
wafsamba.samba_abi: Refactor abi_write_vscript to take file argument.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stephen Gallagher <sgallagh at redhat.com>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_abi.py | 32 +++++----
buildtools/wafsamba/tests/test_abi.py | 67 ++++++++++++++++++++
selftest/target/Samba4.pm | 2 +-
source4/dsdb/samdb/cracknames.c | 5 +-
source4/scripting/python/samba/netcmd/gpo.py | 4 +-
source4/scripting/python/samba/ntacls.py | 3 +-
.../scripting/python/samba/provision/__init__.py | 6 +-
.../scripting/python/samba/tests/samba_tool/gpo.py | 57 +++++++++++++++++
source4/selftest/tests.py | 7 ++
wintest/wintest.py | 13 ++++-
10 files changed, 172 insertions(+), 24 deletions(-)
create mode 100644 source4/scripting/python/samba/tests/samba_tool/gpo.py
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index ed977ba..488dab8 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -152,22 +152,23 @@ def abi_process_file(fname, version, symmap):
symmap[symname] = version
f.close()
-def abi_write_vscript(vscript, libname, current_version, versions, symmap, abi_match):
- '''write a vscript file for a library in --version-script format
- :param vscript: Path to the vscript file
+def abi_write_vscript(f, libname, current_version, versions, symmap, abi_match):
+ """Write a vscript file for a library in --version-script format.
+
+ :param f: File-like object to write to
:param libname: Name of the library, uppercased
:param current_version: Current version
:param versions: Versions to consider
:param symmap: Dictionary mapping symbols -> version
- :param abi_match: List of symbols considered to be public in the current version
- '''
+ :param abi_match: List of symbols considered to be public in the current
+ version
+ """
invmap = {}
for s in symmap:
invmap.setdefault(symmap[s], []).append(s)
- f = open(vscript, mode='w')
last_key = ""
versions = sorted(versions, key=version_key)
for k in versions:
@@ -175,8 +176,8 @@ def abi_write_vscript(vscript, libname, current_version, versions, symmap, abi_m
if symver == current_version:
break
f.write("%s {\n" % symver)
- if k in invmap:
- f.write("\tglobal: \n")
+ if k in sorted(invmap.keys()):
+ f.write("\tglobal:\n")
for s in invmap.get(k, []):
f.write("\t\t%s;\n" % s);
f.write("}%s;\n\n" % last_key)
@@ -190,14 +191,13 @@ def abi_write_vscript(vscript, libname, current_version, versions, symmap, abi_m
f.write("\t\t%s;\n" % x)
else:
f.write("\t\t*;\n")
- if len(local_abi) > 0:
+ if abi_match != ["*"]:
f.write("\tlocal:\n")
for x in local_abi:
f.write("\t\t%s;\n" % x[1:])
- elif abi_match != ["*"]:
- f.write("\tlocal: *;\n")
+ if len(global_abi) > 0:
+ f.write("\t\t*;\n")
f.write("};\n")
- f.close()
def abi_build_vscript(task):
@@ -213,8 +213,12 @@ def abi_build_vscript(task):
version = basename[len(task.env.LIBNAME)+1:-len(".sigs")]
versions.append(version)
abi_process_file(fname, version, symmap)
- abi_write_vscript(tgt, task.env.LIBNAME, task.env.VERSION, versions, symmap,
- task.env.ABI_MATCH)
+ f = open(tgt, mode='w')
+ try:
+ abi_write_vscript(f, task.env.LIBNAME, task.env.VERSION, versions,
+ symmap, task.env.ABI_MATCH)
+ finally:
+ f.close()
def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None):
diff --git a/buildtools/wafsamba/tests/test_abi.py b/buildtools/wafsamba/tests/test_abi.py
index 0aa0d56..bba78c1 100644
--- a/buildtools/wafsamba/tests/test_abi.py
+++ b/buildtools/wafsamba/tests/test_abi.py
@@ -17,9 +17,12 @@
from wafsamba.tests import TestCase
from wafsamba.samba_abi import (
+ abi_write_vscript,
normalise_signature,
)
+from cStringIO import StringIO
+
class NormaliseSignatureTests(TestCase):
@@ -51,3 +54,67 @@ class NormaliseSignatureTests(TestCase):
'uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\\237\\350", node = "\\b\\000+\\020H`"}, if_version = 2',
normalise_signature('$244 = {uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\\237\\350", node = "\\b\\000+\\020H`"}, if_version = 2}'))
+
+class WriteVscriptTests(TestCase):
+
+ def test_one(self):
+ f = StringIO()
+ abi_write_vscript(f, "MYLIB", "1.0", [], {
+ "old": "1.0",
+ "new": "1.0"}, ["*"])
+ self.assertEquals(f.getvalue(), """\
+1.0 {
+\tglobal:
+\t\t*;
+};
+""")
+
+ def test_simple(self):
+ # No restrictions.
+ f = StringIO()
+ abi_write_vscript(f, "MYLIB", "1.0", ["0.1"], {
+ "old": "0.1",
+ "new": "1.0"}, ["*"])
+ self.assertEquals(f.getvalue(), """\
+MYLIB_0.1 {
+\tglobal:
+\t\told;
+};
+
+1.0 {
+\tglobal:
+\t\t*;
+};
+""")
+
+ def test_exclude(self):
+ f = StringIO()
+ abi_write_vscript(f, "MYLIB", "1.0", [], {
+ "exc_old": "0.1",
+ "old": "0.1",
+ "new": "1.0"}, ["!exc_*"])
+ self.assertEquals(f.getvalue(), """\
+1.0 {
+\tglobal:
+\t\t*;
+\tlocal:
+\t\texc_*;
+};
+""")
+
+ def test_excludes_and_includes(self):
+ f = StringIO()
+ abi_write_vscript(f, "MYLIB", "1.0", [], {
+ "pub_foo": "1.0",
+ "exc_bar": "1.0",
+ "other": "1.0"
+ }, ["pub_*", "!exc_*"])
+ self.assertEquals(f.getvalue(), """\
+1.0 {
+\tglobal:
+\t\tpub_*;
+\tlocal:
+\t\texc_*;
+\t\t*;
+};
+""")
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index fbc8117..20114c9 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -799,7 +799,7 @@ sub provision($$$$$$$$$)
[sysvol]
path = $ctx->{statedir}/sysvol
- read only = yes
+ read only = no
[netlogon]
path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 8b52aa3..f136dec 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -1070,7 +1070,10 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
if (sid == NULL) {
info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
return WERR_OK;
- } else if (samdb_find_attribute(sam_ctx, result, "objectClass", "domain")) {
+ }
+
+ if (samdb_find_attribute(sam_ctx, result, "objectClass",
+ "domain")) {
/* This can also find a DomainDNSZones entry,
* but it won't have the SID we just
* checked. */
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index 53bfcaa..347231b 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -975,9 +975,9 @@ class cmd_create(Command):
ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl()
# Create a file system security descriptor
- domain_sid = self.samdb.get_domain_sid()
+ domain_sid = security.dom_sid(self.samdb.get_domain_sid())
sddl = dsacl2fsacl(ds_sd, domain_sid)
- fs_sd = security.descriptor.from_sddl(sddl, security.dom_sid(domain_sid))
+ fs_sd = security.descriptor.from_sddl(sddl, domain_sid)
# Set ACL
sio = ( security.SECINFO_OWNER |
diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py
index f304047..89d450a 100644
--- a/source4/scripting/python/samba/ntacls.py
+++ b/source4/scripting/python/samba/ntacls.py
@@ -198,14 +198,13 @@ def ldapmask2filemask(ldm):
return filemask
-def dsacl2fsacl(dssddl, domsid):
+def dsacl2fsacl(dssddl, sid):
"""
This function takes an the SDDL representation of a DS
ACL and return the SDDL representation of this ACL adapted
for files. It's used for Policy object provision
"""
- sid = security.dom_sid(domsid)
ref = security.descriptor.from_sddl(dssddl, sid)
fdescr = security.descriptor()
fdescr.owner_sid = ref.owner_sid
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index b385556..47bc6f9 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1395,7 +1395,7 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, p
acl = ndr_unpack(security.descriptor,
str(policy["nTSecurityDescriptor"])).as_sddl()
policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
- set_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp,
+ set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
str(domainsid), use_ntvfs,
passdb=passdb)
@@ -1484,7 +1484,7 @@ def check_dir_acl(path, acl, lp, domainsid, direct_db_access):
if fsacl_sddl != acl:
raise ProvisioningError('%s ACL on GPO file %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
- for name in files:
+ for name in dirs:
fsacl = getntacl(lp, os.path.join(root, name), direct_db_access=direct_db_access)
if fsacl is None:
raise ProvisioningError('%s ACL on GPO directory %s %s not found!' % (acl_type(direct_db_access), os.path.join(root, name)))
@@ -1522,7 +1522,7 @@ def check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
acl = ndr_unpack(security.descriptor,
str(policy["nTSecurityDescriptor"])).as_sddl()
policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
- check_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp,
+ check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
domainsid, direct_db_access)
diff --git a/source4/scripting/python/samba/tests/samba_tool/gpo.py b/source4/scripting/python/samba/tests/samba_tool/gpo.py
new file mode 100644
index 0000000..84154f5
--- /dev/null
+++ b/source4/scripting/python/samba/tests/samba_tool/gpo.py
@@ -0,0 +1,57 @@
+# Unix SMB/CIFS implementation.
+# Copyright (C) Andrew Bartlett 2012
+#
+# based on time.py:
+# Copyright (C) Sean Dague <sdague at linux.vnet.ibm.com> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+from samba.tests.samba_tool.base import SambaToolCmdTest
+
+class GpoCmdTestCase(SambaToolCmdTest):
+ """Tests for samba-tool time subcommands"""
+
+ gpo_name = "testgpo"
+
+ def test_gpo_list(self):
+ """Run gpo list against the server and make sure it looks accurate"""
+ (result, out, err) = self.runsubcmd("gpo", "listall", "-H", "ldap://%s" % os.environ["SERVER"])
+ self.assertCmdSuccess(result, "Ensuring gpo listall ran successfully")
+
+ def test_fetchfail(self):
+ """Run against a non-existent GPO, and make sure it fails (this hard-coded UUID is very unlikely to exist"""
+ (result, out, err) = self.runsubcmd("gpo", "fetch", "c25cac17-a02a-4151-835d-fae17446ee43", "-H", "ldap://%s" %
+os.environ["SERVER"])
+ self.assertEquals(result, -1, "check for result code")
+
+ def test_fetch(self):
+ """Run against a real GPO, and make sure it passes"""
+ (result, out, err) = self.runsubcmd("gpo", "fetch", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "--tmpdir", os.environ['SELFTEST_PREFIX'])
+ self.assertCmdSuccess(result, "Ensuring gpo fetched successfully")
+
+ def setUp(self):
+ """set up a temporary GPO to work with"""
+ super(GpoCmdTestCase, self).setUp()
+ (result, out, err) = self.runsubcmd("gpo", "create", self.gpo_name, "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
+ self.gpo_guid = "{%s}" % out.split("{")[1].split("}")[0]
+
+ self.assertCmdSuccess(result, "Ensuring gpo created successfully")
+
+ def tearDown(self):
+ """remove the temporary GPO to work with"""
+ (result, out, err) = self.runsubcmd("gpo", "del", self.gpo_guid, "-H", "ldap://%s" % os.environ["SERVER"], "-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, "Ensuring gpo deleted successfully")
+ super(GpoCmdTestCase, self).tearDown()
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index ca5bdd3..58936e8 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -405,6 +405,13 @@ planpythontestsuite("dc:local", "samba.tests.dcerpc.bare")
planpythontestsuite("dc:local", "samba.tests.dcerpc.unix")
planpythontestsuite("dc:local", "samba.tests.dcerpc.srvsvc")
planpythontestsuite("dc:local", "samba.tests.samba_tool.timecmd")
+
+# We run this test against both AD DC implemetnations because it is
+# the only test we have of GPO get/set behaviour, and this involves
+# the file server as well as the LDAP server.
+planpythontestsuite("dc:local", "samba.tests.samba_tool.gpo")
+planpythontestsuite("plugin_s4_dc:local", "samba.tests.samba_tool.gpo")
+
planpythontestsuite("dc:local", "samba.tests.samba_tool.processes")
planpythontestsuite("dc:local", "samba.tests.samba_tool.user")
planpythontestsuite("dc:local", "samba.tests.samba_tool.group")
diff --git a/wintest/wintest.py b/wintest/wintest.py
index c0f1eeb..61664ae 100644
--- a/wintest/wintest.py
+++ b/wintest/wintest.py
@@ -852,12 +852,23 @@ RebootOnCompletion=No
child.expect("C:")
child.expect("C:")
child.sendline("dcpromo /answer:answers.txt")
- i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240)
+ i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:", pexpect.TIMEOUT], timeout=240)
if i == 1 or i == 2:
raise Exception("dcpromo failed")
+ if i == 4: # timeout
+ child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}")
+
child.sendline("shutdown -r -t 0")
self.port_wait("${WIN_IP}", 139, wait_for_fail=True)
self.port_wait("${WIN_IP}", 139)
+
+ child = self.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}")
+ # Check if we became a DC by now
+ if not self.get_is_dc(child):
+ raise Exception("dcpromo failed (and wasn't a DC even after rebooting)")
+ # Give DNS registration a kick
+ child.sendline("ipconfig /registerdns")
+
self.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'], retries=60, delay=5 )
--
Samba Shared Repository
More information about the samba-cvs
mailing list