[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sun Nov 11 07:49:02 MST 2012
The branch, master has been updated
via 1d81e52 selftest: Add tests for expected behaviour on directories as well as files
via a6a0155 pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
via 312f8dd selftest: Make samba.tests.ntacl also use TestCaseInTempDir
via b4d8629 samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
from c06d602 s3:smbd: Fix typo in got_duplicate_group check
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1d81e52bba65f05378db7027537aa27eb5bfa70a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 21:33:41 2012 +1100
selftest: Add tests for expected behaviour on directories as well as files
This is important because it covers the codepath which had the talloc
error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3
(vfs_acl_common: In add_directory_inheritable_components allocate on
psd as parent)
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
commit a6a01552efe69f6450425b001ad600ec056bd18c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 22:07:49 2012 +1100
pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 312f8ddae27f6fdf4f325edfa890a7b96cd348b8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 14:01:44 2012 +1100
selftest: Make samba.tests.ntacl also use TestCaseInTempDir
This follows on from the successful conversion of samba.tests.posixacl.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b4d8629f511005540cb1fbbbe9abfb278c064ba2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 11:35:02 2012 +1100
samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
Is is not required that these additional attributes be filled in, so
catch KeyError in both the nsswitch and ldap backend case.
We rework get_posix_attr_from_ldap_backend() so it raises KeyError
rather than trying to return None, and does not ignore other errors.
Andrew Bartlett
Tested-by: Chirana Gheorghita Eugeniu Theodor <office at adaptcom.ro>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/pysmbd.c | 2 +-
source4/scripting/python/samba/tests/ntacls.py | 68 ++++----
source4/scripting/python/samba/tests/posixacl.py | 201 +++++++++++++++++++++-
source4/scripting/python/samba/upgrade.py | 41 +++--
4 files changed, 255 insertions(+), 57 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index ed3e23a..6a6a812 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -179,7 +179,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode)
{
TALLOC_CTX *frame = talloc_stackframe();
- mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE;
+ mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE;
mode_t mode_user = (chmod_mode & 0700) >> 6;
mode_t mode_group = (chmod_mode & 070) >> 3;
diff --git a/source4/scripting/python/samba/tests/ntacls.py b/source4/scripting/python/samba/tests/ntacls.py
index 8cdf613..aa9ef68 100644
--- a/source4/scripting/python/samba/tests/ntacls.py
+++ b/source4/scripting/python/samba/tests/ntacls.py
@@ -1,5 +1,6 @@
# Unix SMB/CIFS implementation. Tests for ntacls manipulation
# Copyright (C) Matthieu Patou <mat at matws.net> 2009-2010
+# Copyright (C) Andrew Bartlett 2012
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,70 +21,63 @@
from samba.ntacls import setntacl, getntacl, XattrBackendError
from samba.dcerpc import xattr, security
from samba.param import LoadParm
-from samba.tests import TestCase, TestSkipped
+from samba.tests import TestCaseInTempDir, TestSkipped
import random
import os
-class NtaclsTests(TestCase):
+class NtaclsTests(TestCaseInTempDir):
def test_setntacl(self):
- random.seed()
lp = LoadParm()
- path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
- tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
- open(tempf, 'w').write("empty")
- lp.set("posix:eadb",os.path.join(path,"eadbtest.tdb"))
- setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
- os.unlink(tempf)
+ open(self.tempf, 'w').write("empty")
+ lp.set("posix:eadb",os.path.join(self.tempdir,"eadbtest.tdb"))
+ setntacl(lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
+ os.unlink(os.path.join(self.tempdir,"eadbtest.tdb"))
def test_setntacl_getntacl(self):
- random.seed()
lp = LoadParm()
- path = None
- path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
- tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
- open(tempf, 'w').write("empty")
- lp.set("posix:eadb",os.path.join(path,"eadbtest.tdb"))
- setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467")
- facl = getntacl(lp,tempf)
+ open(self.tempf, 'w').write("empty")
+ lp.set("posix:eadb",os.path.join(self.tempdir,"eadbtest.tdb"))
+ setntacl(lp,self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467")
+ facl = getntacl(lp,self.tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid),acl)
- os.unlink(tempf)
+ os.unlink(os.path.join(self.tempdir,"eadbtest.tdb"))
def test_setntacl_getntacl_param(self):
- random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
- path = os.environ['SELFTEST_PREFIX']
- tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
- open(tempf, 'w').write("empty")
- setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467","tdb",os.path.join(path,"eadbtest.tdb"))
- facl=getntacl(lp,tempf,"tdb",os.path.join(path,"eadbtest.tdb"))
+ open(self.tempf, 'w').write("empty")
+ setntacl(lp,self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467","tdb",os.path.join(self.tempdir,"eadbtest.tdb"))
+ facl=getntacl(lp,self.tempf,"tdb",os.path.join(self.tempdir,"eadbtest.tdb"))
domsid=security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(domsid),acl)
- os.unlink(tempf)
+ os.unlink(os.path.join(self.tempdir,"eadbtest.tdb"))
def test_setntacl_invalidbackend(self):
- random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
- path = os.environ['SELFTEST_PREFIX']
- tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
- open(tempf, 'w').write("empty")
- self.assertRaises(XattrBackendError, setntacl, lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467","ttdb", os.path.join(path,"eadbtest.tdb"))
+ open(self.tempf, 'w').write("empty")
+ self.assertRaises(XattrBackendError, setntacl, lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467","ttdb", os.path.join(self.tempdir,"eadbtest.tdb"))
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise TestSkipped("Running test as root, test skipped")
- random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
- path = os.environ['SELFTEST_PREFIX']
- tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
- open(tempf, 'w').write("empty")
- lp.set("posix:eadb", os.path.join(path,"eadbtest.tdb"))
- self.assertRaises(Exception, setntacl, lp, tempf ,acl,
+ open(self.tempf, 'w').write("empty")
+ lp.set("posix:eadb", os.path.join(self.tempdir,"eadbtest.tdb"))
+ self.assertRaises(Exception, setntacl, lp, self.tempf ,acl,
"S-1-5-21-2212615479-2695158682-2101375467","native")
- os.unlink(tempf)
+
+
+ def setUp(self):
+ super(NtaclsTests, self).setUp()
+ self.tempf = os.path.join(self.tempdir, "test")
+ open(self.tempf, 'w').write("empty")
+
+ def tearDown(self):
+ os.unlink(self.tempf)
+ super(NtaclsTests, self).tearDown()
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
index 5e10f8d..9df904b 100644
--- a/source4/scripting/python/samba/tests/posixacl.py
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -214,6 +214,18 @@ class PosixAclMappingTests(TestCaseInTempDir):
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(acl, facl.as_sddl(anysid))
+ def test_setposixacl_dir_getntacl_smbd(self):
+ lp = LoadParm()
+ s3conf = s3param.get_context()
+ s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
+ user_SID = s4_passdb.uid_to_sid(os.stat(self.tempdir).st_uid)
+ smbd.set_simple_acl(self.tempdir, 0750)
+ facl = getntacl(lp, self.tempdir, direct_db_access=False)
+ acl = "O:%sG:BAD:(A;;0x001f01ff;;;%s)(A;;0x001200a9;;;BA)(A;;WO;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001f01ff;;;CG)(A;OICIIO;0x001f01ff;;;WD)" % (user_SID, user_SID)
+
+ anysid = security.dom_sid(security.SID_NT_SELF)
+ self.assertEquals(acl, facl.as_sddl(anysid))
+
def test_setposixacl_group_getntacl_smbd(self):
lp = LoadParm()
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
@@ -246,7 +258,25 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[2].a_perm, 0)
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
- self.assertEquals(posix_acl.acl[3].a_perm, 6)
+ self.assertEquals(posix_acl.acl[3].a_perm, 7)
+
+ def test_setposixacl_dir_getposixacl(self):
+ lp = LoadParm()
+ smbd.set_simple_acl(self.tempdir, 0750)
+ posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
+ self.assertEquals(posix_acl.count, 4)
+
+ self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
+ self.assertEquals(posix_acl.acl[0].a_perm, 7)
+
+ self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[1].a_perm, 5)
+
+ self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
+ self.assertEquals(posix_acl.acl[2].a_perm, 0)
+
+ self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[3].a_perm, 7)
def test_setposixacl_group_getposixacl(self):
lp = LoadParm()
@@ -274,7 +304,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[3].info.gid, BA_gid)
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_MASK)
- self.assertEquals(posix_acl.acl[4].a_perm, 6)
+ self.assertEquals(posix_acl.acl[4].a_perm, 7)
def test_setntacl_sysvol_check_getposixacl(self):
lp = LoadParm()
@@ -396,6 +426,173 @@ class PosixAclMappingTests(TestCaseInTempDir):
#
+ def test_setntacl_sysvol_dir_check_getposixacl(self):
+ lp = LoadParm()
+ s3conf = s3param.get_context()
+ acl = provision.SYSVOL_ACL
+ domsid = passdb.get_global_sam_sid()
+ setntacl(lp, self.tempdir,acl,str(domsid), use_ntvfs=False)
+ facl = getntacl(lp, self.tempdir)
+ self.assertEquals(facl.as_sddl(domsid),acl)
+ posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
+
+ LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
+ BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
+ SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
+ SY_sid = security.dom_sid(security.SID_NT_SYSTEM)
+ AU_sid = security.dom_sid(security.SID_NT_AUTHENTICATED_USERS)
+
+ s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
+
+ # These assertions correct for current plugin_s4_dc selftest
+ # configuration. When other environments have a broad range of
+ # groups mapped via passdb, we can relax some of these checks
+ (LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
+ self.assertEquals(LA_type, idmap.ID_TYPE_UID)
+ (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
+ self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
+ (SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
+ self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
+ (SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
+ self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
+ (AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
+ self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
+
+ self.assertEquals(posix_acl.count, 9)
+
+ self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[0].a_perm, 7)
+ self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
+
+ self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[1].a_perm, 7)
+ self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
+
+ self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
+ self.assertEquals(posix_acl.acl[2].a_perm, 0)
+
+ self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
+ self.assertEquals(posix_acl.acl[3].a_perm, 7)
+
+ self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[4].a_perm, 7)
+
+ self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[5].a_perm, 5)
+ self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
+
+ self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[6].a_perm, 7)
+ self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
+
+ self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[7].a_perm, 5)
+ self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
+
+ self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[8].a_perm, 7)
+
+
+# check that it matches:
+# user::rwx
+# user:root:rwx (selftest user actually)
+# group::rwx
+# group:3000000:rwx
+# group:3000001:r-x
+# group:3000002:rwx
+# group:3000003:r-x
+# mask::rwx
+# other::---
+
+
+ def test_setntacl_policies_dir_check_getposixacl(self):
+ lp = LoadParm()
+ s3conf = s3param.get_context()
+ acl = provision.POLICIES_ACL
+ domsid = passdb.get_global_sam_sid()
+ setntacl(lp, self.tempdir,acl,str(domsid), use_ntvfs=False)
+ facl = getntacl(lp, self.tempdir)
+ self.assertEquals(facl.as_sddl(domsid),acl)
+ posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
+
+ LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
+ BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
+ SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
+ SY_sid = security.dom_sid(security.SID_NT_SYSTEM)
+ AU_sid = security.dom_sid(security.SID_NT_AUTHENTICATED_USERS)
+ PA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_POLICY_ADMINS))
+
+ s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
+
+ # These assertions correct for current plugin_s4_dc selftest
+ # configuration. When other environments have a broad range of
+ # groups mapped via passdb, we can relax some of these checks
+ (LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
+ self.assertEquals(LA_type, idmap.ID_TYPE_UID)
+ (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
+ self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
+ (SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
+ self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
+ (SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
+ self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
+ (AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
+ self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
+ (PA_gid,PA_type) = s4_passdb.sid_to_id(PA_sid)
+ self.assertEquals(PA_type, idmap.ID_TYPE_BOTH)
+
+ self.assertEquals(posix_acl.count, 10)
+
+ self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[0].a_perm, 7)
+ self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
+
+ self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[1].a_perm, 7)
+ self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
+
+ self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
+ self.assertEquals(posix_acl.acl[2].a_perm, 0)
+
+ self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
+ self.assertEquals(posix_acl.acl[3].a_perm, 7)
+
+ self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[4].a_perm, 7)
+
+ self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[5].a_perm, 5)
+ self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
+
+ self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[6].a_perm, 7)
+ self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
+
+ self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[7].a_perm, 5)
+ self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
+
+ self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[8].a_perm, 7)
+ self.assertEquals(posix_acl.acl[8].info.gid, PA_gid)
+
+ self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[9].a_perm, 7)
+
+
+# check that it matches:
+# user::rwx
+# user:root:rwx (selftest user actually)
+# group::rwx
+# group:3000000:rwx
+# group:3000001:r-x
+# group:3000002:rwx
+# group:3000003:r-x
+# group:3000004:rwx
+# mask::rwx
+# other::---
+
+
+
def test_setntacl_policies_check_getposixacl(self):
lp = LoadParm()
s3conf = s3param.get_context()
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 786bb65..13d33c1 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -539,13 +539,14 @@ def get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, user, attr):
expression=("(&(objectClass=posixAccount)(uid=%s))"
% (user)), attrs=[attr])
except ldb.LdbError, e:
- logger.warning("Failed to retrieve attribute %s for user %s, the error is: %s", attr, user, e)
+ raise ProvisioningError("Failed to retrieve attribute %s for user %s, the error is: %s", attr, user, e)
else:
- if msg.count == 1:
+ if msg.count <= 1:
+ # This will raise KeyError (which is what we want) if there isn't a entry for this user
return msg[0][attr][0]
else:
logger.warning("LDAP entry for user %s contains more than one %s", user, attr)
- return None
+ raise KeyError
def upgrade_from_samba3(samba3, logger, targetdir, session_info=None,
@@ -794,23 +795,29 @@ Please fix this account before attempting to upgrade again
for entry in userlist:
username = entry['account_name']
if username in uids.keys():
- if ldap:
- homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "homeDirectory")
- shells[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "loginShell")
- pgids[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "gidNumber")
- else:
- try:
+ try:
+ if ldap:
+ homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "homeDirectory")
+ else:
homes[username] = pwd.getpwnam(username).pw_dir
- except KeyError:
- pass
- try:
+ except KeyError:
+ pass
+
+ try:
+ if ldap:
+ shells[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "loginShell")
+ else:
shells[username] = pwd.getpwnam(username).pw_shell
- except KeyError:
- pass
- try:
+ except KeyError:
+ pass
+
+ try:
+ if ldap:
+ pgids[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "gidNumber")
+ else:
pgids[username] = pwd.getpwnam(username).pw_gid
- except KeyError:
- pass
+ except KeyError:
+ pass
logger.info("Reading WINS database")
samba3_winsdb = None
--
Samba Shared Repository
More information about the samba-cvs
mailing list