[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Tue Apr 2 15:08:04 MDT 2013
The branch, v4-0-test has been updated
via 20b0adc Make sure that we only propogate the INHERITED flag when we are allowed to.
via e95a1cd build: Do not pass CPP="" to pidl, skip the env variable entirely
via ad0bc91 build: Remove the forced use of only the first part of the compiler string
via 5225216 scripting: No longer install samba_upgradeprovision
via 12907e7 scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them
via bf68cd4 samba-tool classicupgrade: Do not print the admin password during upgrade
via 6bcef4e s4-dbcheck: Allow forcing an override of an old @MODULES record
via 81a75d0 selftest: Add test for rfc2307 mapping handling
via c820ab7 s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307
via 0f174b7 build: Set LD_LIBRARY_PATH in install_with_python.sh
from 9ec44d4 Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 20b0adc9a6da3e9c1c6dcbd65c8f76f921de88ff
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date: Wed Mar 27 19:36:43 2013 -0700
Make sure that we only propogate the INHERITED flag when we are allowed to.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Tue Apr 2 23:07:34 CEST 2013 on sn-devel-104
commit e95a1cded19f7a7af0ecb51c8a575a564b912185
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 22 13:47:46 2013 +1100
build: Do not pass CPP="" to pidl, skip the env variable entirely
This will cause pidl to use $CC -E instead.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit afe9343880ee27cf9fe937c6379c469435ef20d6)
The last 2 patches address bug #9739 - [PATCH] PIDL build fixes for hosts
without CPP (Solaris 11).
commit ad0bc9130d1d02fd0280e89c393f3d28b596d0a8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 22 13:06:43 2013 +1100
build: Remove the forced use of only the first part of the compiler string
This corrects parts of 378295c3fe813c70815a14c7de608e4a859bd6cc and
301d59caf2ee6f49e108b748b0e38221dec9bb96. This is seen if CC="ccache
gcc" and CPP isn't used for some reason.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 7dc6dfd90c5182ed85042b22d4864d3e9b007531)
commit 5225216d76df523bec29c8a08815c412deedac06
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 28 00:03:19 2013 +1100
scripting: No longer install samba_upgradeprovision
This tool is an important part of the toolkit a Samba Team member can
use to assist a user with the upgrade of a very old Samba 4.0 AD DC
installation.
However, like all powerful tools, it has sharp edges, and these need
to have more protection added before we recommend the tool be used.
The WHATSNEW already indicated that this tool should not be used but a
large number of users have run it, and due to lack of testing in the
past, some have run into bugs.
While this tool can be run in debug modes, by default it simply fixes
the database following a series of internal rule. This does a good
job much of the time, but does not request permission in the way that
dbcheck does, and will create extra objects for things like the DNS
partitions.
By removing this from the installed binaries, we provide another
signal that it should not be used right now, until these matters are
fixed and some clear documentation on how to safely use the tool can
be written.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Tue Mar 12 02:51:23 CET 2013 on sn-devel-104
(cherry picked from commit 389197e7c31e8d6616e6503181c088940ddb5986)
Fix bug #9728 - DO NOT install samba_upgradeprovision in 4.0.x.
commit 12907e7f7f1d9fda4dc33da87849ac86a234c9a8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 28 10:05:40 2012 +1100
scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them
This allows the script to be used to create/remove the samba-specific dns-SERVER account
when we do not need to create the in-directory partition.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
(cherry picked from commit edbc26bca84ee77b5a9571ba8dc9416c0db25906)
Fix bug #9721 - samba_upgradedns patch for robustness (do not guess addresses
when just changing roles).
commit bf68cd42178dd6cc7bea2cb381dcf53f3c7c27a4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Dec 22 09:28:05 2012 +1100
samba-tool classicupgrade: Do not print the admin password during upgrade
This changes the code to only set and show a new password if no admin
user is found during the upgrade.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
(cherry picked from commit 051a1a9c6417c2cbffa7d091ae477a6c7922d363)
Fix bug #samba-tool classicupgrade patch to not print incorrect admin passwords.
commit 6bcef4e23c0a320f50d586a8a380e7a6e1bb910d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 23 15:18:13 2012 +1000
s4-dbcheck: Allow forcing an override of an old @MODULES record
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 99d872ee9261a299add4718c38234dfe9f7658fc)
Fix bug #9719 - dbcheck patch from master needed in 4.0.
commit 81a75d00b2e42207b7bc546bc343d7ad59c2d62a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 28 12:36:06 2012 +1100
selftest: Add test for rfc2307 mapping handling
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c9d2ca585e198b1006bbf7f1a3c988c1188b66cb)
The last 2 patches address bug #9718 - rfc2307 patches not yet in 4.0.
commit c820ab7ac5ac7c757d9d1e573b3af4b39a338309
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 26 20:48:12 2012 +1100
s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307
This change matches the source3/idmap/idmap_ad.c code, and allows this
feature to work with only the setting of the UID/GID in Active
Directory Users and Computers.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5e0fcb04a48d96669ed4376bfa17f679e3582236)
commit 0f174b74f37bf22639d22d083fef2692479fd6b1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jan 10 12:00:03 2013 +1100
build: Set LD_LIBRARY_PATH in install_with_python.sh
This ensures that the python install finishes correctly.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 10 14:00:13 CET 2013 on sn-devel-104
(cherry picked from commit 213e7260a83d4349132e8c159798b476cec3f814)
Fix bug #9717 - install_with_python fix not yet in 4.0.x.
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_pidl.py | 6 +-
install_with_python.sh | 2 +
libcli/security/secdesc.c | 3 +-
nsswitch/tests/test_rfc2307_mapping.sh | 181 ++++++++++++++++++++++
selftest/selftest.pl | 5 +-
selftest/target/Samba4.pm | 8 +-
source4/scripting/bin/samba_upgradedns | 43 +++---
source4/scripting/python/samba/dbchecker.py | 9 +
source4/scripting/python/samba/netcmd/dbcheck.py | 24 +++-
source4/scripting/python/samba/upgrade.py | 11 ++-
source4/scripting/wscript_build | 2 +-
source4/selftest/tests.py | 1 +
source4/winbind/idmap.c | 9 +-
testprogs/blackbox/dbcheck.sh | 5 +
14 files changed, 270 insertions(+), 39 deletions(-)
create mode 100755 nsswitch/tests/test_rfc2307_mapping.sh
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_pidl.py b/buildtools/wafsamba/samba_pidl.py
index 4056359..2393c72 100644
--- a/buildtools/wafsamba/samba_pidl.py
+++ b/buildtools/wafsamba/samba_pidl.py
@@ -59,9 +59,9 @@ def SAMBA_PIDL(bld, pname, source,
# the cd .. is needed because pidl currently is sensitive to the directory it is run in
cpp = ""
cc = ""
- if bld.CONFIG_SET("CPP"):
+ if bld.CONFIG_SET("CPP") and bld.CONFIG_GET("CPP") != "":
if isinstance(bld.CONFIG_GET("CPP"), list):
- cpp = 'CPP="%s"' % bld.CONFIG_GET("CPP")[0]
+ cpp = 'CPP="%s"' % " ".join(bld.CONFIG_GET("CPP"))
else:
cpp = 'CPP="%s"' % bld.CONFIG_GET("CPP")
@@ -71,7 +71,7 @@ def SAMBA_PIDL(bld, pname, source,
if bld.CONFIG_SET("CC"):
if isinstance(bld.CONFIG_GET("CC"), list):
- cc = 'CC="%s"' % bld.CONFIG_GET("CC")[0]
+ cc = 'CC="%s"' % " ".join(bld.CONFIG_GET("CC"))
else:
cc = 'CC="%s"' % bld.CONFIG_GET("CC")
diff --git a/install_with_python.sh b/install_with_python.sh
index 47ff780..7b51e5c 100755
--- a/install_with_python.sh
+++ b/install_with_python.sh
@@ -14,6 +14,8 @@ shift
PATH=$PREFIX/python/bin:$PATH
export PATH
+LD_LIBRARY_PATH=$PREFIX/python/lib:$LD_LIBRARY_PATH
+export LD_LIBRARY_PATH
VERSION="Python-2.6.5"
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index d2c5833..10d068c 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -614,7 +614,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
if (!container) {
new_flags = 0;
} else {
- new_flags &= ~SEC_ACE_FLAG_INHERIT_ONLY;
+ new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY
+ | SEC_ACE_FLAG_INHERITED_ACE);
if (!(new_flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
diff --git a/nsswitch/tests/test_rfc2307_mapping.sh b/nsswitch/tests/test_rfc2307_mapping.sh
new file mode 100755
index 0000000..f1e3ea9
--- /dev/null
+++ b/nsswitch/tests/test_rfc2307_mapping.sh
@@ -0,0 +1,181 @@
+#!/bin/sh
+# Blackbox test for wbinfo and rfc2307 mappings
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_rfc2307_mapping.sh DOMAIN USERNAME PASSWORD SERVER UID_RFC2307TEST GID_RFC2307TEST
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+USERNAME=$2
+PASSWORD=$3
+SERVER=$4
+UID_RFC2307TEST=$5
+GID_RFC2307TEST=$6
+shift 6
+
+failed=0
+samba4bindir="$BINDIR"
+wbinfo="$VALGRIND $samba4bindir/wbinfo"
+samba_tool="$VALGRIND $samba4bindir/samba-tool"
+ldbmodify="$samba4bindir/ldbmodify"
+
+. `dirname $0`/../../testprogs/blackbox/subunit.sh
+
+testfail() {
+ name="$1"
+ shift
+ cmdline="$*"
+ echo "test: $name"
+ $cmdline
+ status=$?
+ if [ x$status = x0 ]; then
+ echo "failure: $name"
+ else
+ echo "success: $name"
+ fi
+ return $status
+}
+
+knownfail() {
+ name="$1"
+ shift
+ cmdline="$*"
+ echo "test: $name"
+ $cmdline
+ status=$?
+ if [ x$status = x0 ]; then
+ echo "failure: $name [unexpected success]"
+ status=1
+ else
+ echo "knownfail: $name"
+ status=0
+ fi
+ return $status
+}
+
+
+# Create new testing account
+testit "user add" $samba_tool user create --given-name="rfc2307" --surname="Tester" --initial="UT" rfc2307_test_user testp at ssw0Rd $@
+
+#test creation of six different groups
+testit "group add" $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Security' rfc2307_test_group $@
+
+# Create new testing group
+
+# Convert name to SID
+testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_user" || failed=`expr $failed + 1`
+user_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_user" | cut -d " " -f1`
+echo "$DOMAIN/rfc2307_test_user resolved to $user_sid"
+
+testit "wbinfo -s $user_sid against $TARGET" $wbinfo -s $user_sid || failed=`expr $failed + 1`
+user_name=`$wbinfo -s $user_sid | cut -d " " -f1| tr a-z A-Z`
+echo "$user_sid resolved to $user_name"
+
+tested_name=`echo $DOMAIN/rfc2307_test_user | tr a-z A-Z`
+
+# Now check that wbinfo works correctly (sid <=> name)
+echo "test: wbinfo -s check for sane mapping"
+if test x$user_name != x$tested_name; then
+ echo "$user_name does not match $tested_name"
+ echo "failure: wbinfo -s check for sane mapping"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -s check for sane mapping"
+fi
+
+testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $user_name || failed=`expr $failed + 1`
+test_sid=`$wbinfo -n $tested_name | cut -d " " -f1`
+
+echo "test: wbinfo -n check for sane mapping"
+if test x$user_sid != x$test_sid; then
+ echo "$user_sid does not match $test_sid"
+ echo "failure: wbinfo -n check for sane mapping"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -n check for sane mapping"
+fi
+
+testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_group" || failed=`expr $failed + 1`
+group_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_group" | cut -d " " -f1`
+echo "$DOMAIN/rfc2307_test_group resolved to $group_sid"
+
+# Then add a uidNumber to the group record using ldbmodify
+cat > $PREFIX/tmpldbmodify <<EOF
+dn: <SID=$user_sid>
+changetype: modify
+add: uidNumber
+uidNumber: $UID_RFC2307TEST
+EOF
+
+testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1`
+
+# Then add a gidNumber to the group record using ldbmodify
+cat > $PREFIX/tmpldbmodify <<EOF
+dn: <SID=$group_sid>
+changetype: modify
+add: gidNumber
+gidNumber: $GID_RFC2307TEST
+EOF
+
+testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1`
+
+rm -f $PREFIX/tmpldbmodify
+
+# Now check we get a correct SID for the UID
+
+testit "wbinfo -U against $TARGET" $wbinfo -U $UID_RFC2307TEST || failed=`expr $failed + 1`
+
+echo "test: wbinfo -U check for sane mapping"
+sid_for_user=`$wbinfo -U $UID_RFC2307TEST`
+if test x"$sid_for_user" != x"$user_sid"; then
+ echo "uid $UID_RFC2307TEST mapped to $sid_for_user, not $user_sid"
+ echo "failure: wbinfo -U check for sane mapping"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -U check for sane mapping"
+fi
+
+testit "wbinfo -G against $TARGET" $wbinfo -G $GID_RFC2307TEST || failed=`expr $failed + 1`
+
+echo "test: wbinfo -G check for sane mapping"
+sid_for_group=`$wbinfo -G $GID_RFC2307TEST`
+if test x$sid_for_group != "x$group_sid"; then
+ echo "gid $GID_RFC2307TEST mapped to $sid_for_group, not $group_sid"
+ echo "failure: wbinfo -G check for sane mapping"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -G check for sane mapping"
+fi
+
+# Now check we get the right UID from the SID
+testit "wbinfo -S against $TARGET" $wbinfo -S "$user_sid" || failed=`expr $failed + 1`
+
+echo "test: wbinfo -S check for sane mapping"
+uid_for_user_sid=`$wbinfo -S $user_sid`
+if test 0$uid_for_user_sid -ne $UID_RFC2307TEST; then
+ echo "$user_sid mapped to $uid_for_sid, not $UID_RFC2307TEST"
+ echo "failure: wbinfo -S check for sane mapping"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -S check for sane mapping"
+fi
+
+# Now check we get the right GID from the SID
+testit "wbinfo -Y" $wbinfo -Y "$group_sid" || failed=`expr $failed + 1`
+
+echo "test: wbinfo -Y check for sane mapping"
+gid_for_user_sid=`$wbinfo -Y $group_sid`
+if test 0$gid_for_user_sid -ne $GID_RFC2307TEST; then
+ echo "$group_sid mapped to $gid_for_sid, not $GID_RFC2307TEST"
+ echo "failure: wbinfo -Y check for sane mapping"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -Y check for sane mapping"
+fi
+
+testit "group delete" $samba_tool group delete rfc2307_test_group $@
+testit "user delete" $samba_tool user delete rfc2307_test_user $@
+
+exit $failed
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index c750aa2..b516eef 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -714,8 +714,11 @@ my @exported_envvars = (
# nss_wrapper
"NSS_WRAPPER_PASSWD",
- "NSS_WRAPPER_GROUP"
+ "NSS_WRAPPER_GROUP",
+ # UID/GID for rfc2307 mapping tests
+ "UID_RFC2307TEST",
+ "GID_RFC2307TEST"
);
$SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub {
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index d17a37c..c8e71c8 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -602,6 +602,8 @@ sub provision_raw_step1($$)
# remove this again, when our smb2 client library
# supports signin on compound related requests
server signing = on
+
+ idmap_ldb:use rfc2307=yes
";
print CONFFILE "
@@ -628,6 +630,7 @@ nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
";
close(PWD);
+ my $uid_rfc2307test = 65533;
open(GRP, ">$ctx->{nsswrap_group}");
print GRP "
@@ -638,6 +641,7 @@ nobody:x:65533:
nogroup:x:65534:nobody
";
close(GRP);
+ my $gid_rfc2307test = 65532;
my $configuration = "--configfile=$ctx->{smb_conf}";
@@ -680,7 +684,9 @@ nogroup:x:65534:nobody
SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
SAMBA_TEST_LOG_POS => 0,
NSS_WRAPPER_WINBIND_SO_PATH => Samba::nss_wrapper_winbind_so_path($self),
- LOCAL_PATH => $ctx->{share}
+ LOCAL_PATH => $ctx->{share},
+ UID_RFC2307TEST => $uid_rfc2307test,
+ GID_RFC2307TEST => $gid_rfc2307test
};
return $ret;
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index ba597cf..f389ef7 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -278,27 +278,6 @@ if __name__ == '__main__':
logger.error("Cannot create AD based DNS for OS level < 2003")
sys.exit(1)
- logger.info("Looking up IPv4 addresses")
- hostip = interface_ips_v4(lp)
- try:
- hostip.remove('127.0.0.1')
- except ValueError:
- pass
- if not hostip:
- logger.error("No IPv4 addresses found")
- sys.exit(1)
- else:
- hostip = hostip[0]
- logger.debug("IPv4 addresses: %s" % hostip)
-
- logger.info("Looking up IPv6 addresses")
- hostip6 = interface_ips_v6(lp, linklocal=False)
- if not hostip6:
- hostip6 = None
- else:
- hostip6 = hostip6[0]
- logger.debug("IPv6 addresses: %s" % hostip6)
-
domaindn = names.domaindn
forestdn = names.rootdn
@@ -351,6 +330,28 @@ if __name__ == '__main__':
ncname = msg[0]['nCName'][0]
except Exception, e:
logger.info("Creating DNS partitions")
+
+ logger.info("Looking up IPv4 addresses")
+ hostip = interface_ips_v4(lp)
+ try:
+ hostip.remove('127.0.0.1')
+ except ValueError:
+ pass
+ if not hostip:
+ logger.error("No IPv4 addresses found")
+ sys.exit(1)
+ else:
+ hostip = hostip[0]
+ logger.debug("IPv4 addresses: %s" % hostip)
+
+ logger.info("Looking up IPv6 addresses")
+ hostip6 = interface_ips_v6(lp, linklocal=False)
+ if not hostip6:
+ hostip6 = None
+ else:
+ hostip6 = hostip6[0]
+ logger.debug("IPv6 addresses: %s" % hostip6)
+
create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn,
dnsadmins_sid)
diff --git a/source4/scripting/python/samba/dbchecker.py b/source4/scripting/python/samba/dbchecker.py
index 0bda0c2..06fd827 100644
--- a/source4/scripting/python/samba/dbchecker.py
+++ b/source4/scripting/python/samba/dbchecker.py
@@ -936,3 +936,12 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
m['add'] = ldb.MessageElement('NONE', ldb.FLAG_MOD_ADD, 'force_reindex')
m['delete'] = ldb.MessageElement('NONE', ldb.FLAG_MOD_DELETE, 'force_reindex')
return self.do_modify(m, [], 're-indexed database', validate=False)
+
+ ###############################################
+ # reset @MODULES
+ def reset_modules(self):
+ '''reset @MODULES to that needed for current sam.ldb (to read a very old database)'''
+ m = ldb.Message()
+ m.dn = ldb.Dn(self.samdb, "@MODULES")
+ m['@LIST'] = ldb.MessageElement('samba_dsdb', ldb.FLAG_MOD_REPLACE, '@LIST')
+ return self.do_modify(m, [], 'reset @MODULES on database', validate=False)
diff --git a/source4/scripting/python/samba/netcmd/dbcheck.py b/source4/scripting/python/samba/netcmd/dbcheck.py
index e4ec6b3..889b0ff 100644
--- a/source4/scripting/python/samba/netcmd/dbcheck.py
+++ b/source4/scripting/python/samba/netcmd/dbcheck.py
@@ -55,6 +55,7 @@ class cmd_dbcheck(Command):
help="don't print details of checking"),
Option("--attrs", dest="attrs", default=None, help="list of attributes to check (space separated)"),
Option("--reindex", dest="reindex", default=False, action="store_true", help="force database re-index"),
+ Option("--force-modules", dest="force_modules", default=False, action="store_true", help="force loading of Samba modules and ignore the @MODULES record (for very old databases)"),
Option("-H", "--URL", help="LDB URL for database or target server (defaults to local SAM database)",
type=str, metavar="URL", dest="H"),
]
@@ -62,7 +63,7 @@ class cmd_dbcheck(Command):
def run(self, DN=None, H=None, verbose=False, fix=False, yes=False,
cross_ncs=False, quiet=False,
scope="SUB", credopts=None, sambaopts=None, versionopts=None,
- attrs=None, reindex=False):
+ attrs=None, reindex=False, force_modules=False):
lp = sambaopts.get_loadparm()
@@ -73,8 +74,16 @@ class cmd_dbcheck(Command):
else:
creds = None
- samdb = SamDB(session_info=system_session(), url=H,
- credentials=creds, lp=lp)
+ if force_modules:
+ samdb = SamDB(session_info=system_session(), url=H,
+ credentials=creds, lp=lp, options=["modules=samba_dsdb"])
+ else:
+ try:
+ samdb = SamDB(session_info=system_session(), url=H,
+ credentials=creds, lp=lp)
+ except:
+ raise CommandError("Failed to connect to DB at %s. If this is a really old sam.ldb (before alpha9), then try again with --force-modules" % H)
+
if H is None or not over_ldap:
samdb_schema = samdb
@@ -105,13 +114,20 @@ class cmd_dbcheck(Command):
started_transaction = True
try:
chk = dbcheck(samdb, samdb_schema=samdb_schema, verbose=verbose,
- fix=fix, yes=yes, quiet=quiet, in_transaction=started_transaction)
+ fix=fix, yes=yes, quiet=quiet, in_transaction=started_transaction)
if reindex:
self.outf.write("Re-indexing...\n")
error_count = 0
if chk.reindex_database():
self.outf.write("completed re-index OK\n")
+
+ elif force_modules:
+ self.outf.write("Resetting @MODULES...\n")
+ error_count = 0
+ if chk.reset_modules():
+ self.outf.write("completed @MODULES reset OK\n")
+
else:
error_count = chk.check_database(DN=DN, scope=search_scope,
controls=controls, attrs=attrs)
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 13d33c1..d6f906b 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -35,6 +35,7 @@ from samba.credentials import Credentials
from samba import dsdb
from samba.ndr import ndr_pack
from samba import unix2nttime
+from samba import generate_random_password
def import_sam_policy(samdb, policy, logger):
@@ -829,11 +830,19 @@ Please fix this account before attempting to upgrade again
if not (serverrole == "ROLE_DOMAIN_BDC" or serverrole == "ROLE_DOMAIN_PDC"):
dns_backend = "NONE"
+ # If we found an admin user, set a fake pw that we will override.
+ # This avoids us printing out an admin password that we won't actually
+ # set.
+ if admin_user:
+ adminpass = generate_random_password(12, 32)
+ else:
+ adminpass = None
+
# Do full provision
result = provision(logger, session_info, None,
targetdir=targetdir, realm=realm, domain=domainname,
domainsid=str(domainsid), next_rid=next_rid,
- dc_rid=machinerid,
+ dc_rid=machinerid, adminpass = adminpass,
dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003,
hostname=netbiosname.lower(), machinepass=machinepass,
serverrole=serverrole, samdb_fill=FILL_FULL,
diff --git a/source4/scripting/wscript_build b/source4/scripting/wscript_build
index 9af23f6..39408ba 100644
--- a/source4/scripting/wscript_build
+++ b/source4/scripting/wscript_build
@@ -4,7 +4,7 @@ from samba_utils import MODE_755
sbin_files = None
if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
- sbin_files = 'bin/samba_upgradeprovision bin/samba_dnsupdate bin/samba_spnupdate bin/samba_upgradedns bin/samba_kcc'
+ sbin_files = 'bin/samba_dnsupdate bin/samba_spnupdate bin/samba_upgradedns bin/samba_kcc'
if sbin_files:
bld.INSTALL_FILES('${SBINDIR}',
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 977b539..cad7558 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -308,6 +308,7 @@ plantestsuite("samba4.blackbox.nmblookup(dc)", "dc", [os.path.join(samba4srcdir,
plantestsuite("samba4.blackbox.locktest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
+plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"])
plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4])
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index a6cc88f..3773c1d 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
LDB_SCOPE_SUBTREE,
--
Samba Shared Repository
More information about the samba-cvs
mailing list