[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Thu Dec 24 03:09:06 UTC 2015
The branch, master has been updated
via 8091f84 s4:samba-tool domain raise tool - make it aware of newer domain function levels
via 33ed975 s4:samba-tool domain raise tool - handle Windows 2000 mode AD domains correctly
from ada59ec s3:smbd: fix a corner case of the symlink verification
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8091f84fa472dd46c48d20b0487b275162790be9
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Mar 14 17:54:48 2014 +0100
s4:samba-tool domain raise tool - make it aware of newer domain function levels
http://msdn.microsoft.com/en-us/library/Cc223742.aspx
Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw at samba.org>
Autobuild-Date(master): Thu Dec 24 04:08:04 CET 2015 on sn-devel-144
commit 33ed975398e2904bb3f9b94f1119662a40508009
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Mar 14 17:36:17 2014 +0100
s4:samba-tool domain raise tool - handle Windows 2000 mode AD domains correctly
Considering http://msdn.microsoft.com/en-us/library/cc220262.aspx they do not
provide any "msDS-Behavior-Version" attributes.
gulikoza <gulikoza at users.sourceforge.net> noticed this correctly.
Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/domain.py | 78 ++++++++++++++++++++++++++++++-------------
1 file changed, 54 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 62f8bfa..8802803 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -68,6 +68,8 @@ from samba.dsdb import (
DS_DOMAIN_FUNCTION_2003_MIXED,
DS_DOMAIN_FUNCTION_2008,
DS_DOMAIN_FUNCTION_2008_R2,
+ DS_DOMAIN_FUNCTION_2012,
+ DS_DOMAIN_FUNCTION_2012_R2,
DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL,
DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL,
UF_WORKSTATION_TRUST_ACCOUNT,
@@ -969,10 +971,10 @@ class cmd_domain_level(Command):
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
Option("--quiet", help="Be quiet", action="store_true"),
- Option("--forest-level", type="choice", choices=["2003", "2008", "2008_R2"],
- help="The forest function level (2003 | 2008 | 2008_R2)"),
- Option("--domain-level", type="choice", choices=["2003", "2008", "2008_R2"],
- help="The domain function level (2003 | 2008 | 2008_R2)")
+ Option("--forest-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
+ help="The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)"),
+ Option("--domain-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
+ help="The domain function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)")
]
takes_args = ["subcommand"]
@@ -1000,27 +1002,34 @@ class cmd_domain_level(Command):
attrs=["msDS-Behavior-Version"])
assert len(res_dc_s) >= 1
- try:
+ # default values, since "msDS-Behavior-Version" does not exist on Windows 2000 AD
+ level_forest = DS_DOMAIN_FUNCTION_2000
+ level_domain = DS_DOMAIN_FUNCTION_2000
+
+ if "msDS-Behavior-Version" in res_forest[0]:
level_forest = int(res_forest[0]["msDS-Behavior-Version"][0])
+ if "msDS-Behavior-Version" in res_domain[0]:
level_domain = int(res_domain[0]["msDS-Behavior-Version"][0])
- level_domain_mixed = int(res_domain[0]["nTMixedDomain"][0])
+ level_domain_mixed = int(res_domain[0]["nTMixedDomain"][0])
- min_level_dc = int(res_dc_s[0]["msDS-Behavior-Version"][0]) # Init value
- for msg in res_dc_s:
- if int(msg["msDS-Behavior-Version"][0]) < min_level_dc:
+ min_level_dc = None
+ for msg in res_dc_s:
+ if "msDS-Behavior-Version" in msg:
+ if min_level_dc is None or int(msg["msDS-Behavior-Version"][0]) < min_level_dc:
min_level_dc = int(msg["msDS-Behavior-Version"][0])
+ else:
+ min_level_dc = DS_DOMAIN_FUNCTION_2000
+ # well, this is the least
+ break
- if level_forest < 0 or level_domain < 0:
- raise CommandError("Domain and/or forest function level(s) is/are invalid. Correct them or reprovision!")
- if min_level_dc < 0:
- raise CommandError("Lowest function level of a DC is invalid. Correct this or reprovision!")
- if level_forest > level_domain:
- raise CommandError("Forest function level is higher than the domain level(s). Correct this or reprovision!")
- if level_domain > min_level_dc:
- raise CommandError("Domain function level is higher than the lowest function level of a DC. Correct this or reprovision!")
-
- except KeyError:
- raise CommandError("Could not retrieve the actual domain, forest level and/or lowest DC function level!")
+ if level_forest < DS_DOMAIN_FUNCTION_2000 or level_domain < DS_DOMAIN_FUNCTION_2000:
+ raise CommandError("Domain and/or forest function level(s) is/are invalid. Correct them or reprovision!")
+ if min_level_dc < DS_DOMAIN_FUNCTION_2000:
+ raise CommandError("Lowest function level of a DC is invalid. Correct this or reprovision!")
+ if level_forest > level_domain:
+ raise CommandError("Forest function level is higher than the domain level(s). Correct this or reprovision!")
+ if level_domain > min_level_dc:
+ raise CommandError("Domain function level is higher than the lowest function level of a DC. Correct this or reprovision!")
if subcommand == "show":
self.message("Domain and forest function level for domain '%s'" % domain_dn)
@@ -1043,8 +1052,12 @@ class cmd_domain_level(Command):
outstr = "2008"
elif level_forest == DS_DOMAIN_FUNCTION_2008_R2:
outstr = "2008 R2"
+ elif level_forest == DS_DOMAIN_FUNCTION_2012:
+ outstr = "2012"
+ elif level_forest == DS_DOMAIN_FUNCTION_2012_R2:
+ outstr = "2012 R2"
else:
- outstr = "higher than 2008 R2"
+ outstr = "higher than 2012 R2"
self.message("Forest function level: (Windows) " + outstr)
if level_domain == DS_DOMAIN_FUNCTION_2000 and level_domain_mixed != 0:
@@ -1059,8 +1072,12 @@ class cmd_domain_level(Command):
outstr = "2008"
elif level_domain == DS_DOMAIN_FUNCTION_2008_R2:
outstr = "2008 R2"
+ elif level_domain == DS_DOMAIN_FUNCTION_2012:
+ outstr = "2012"
+ elif level_domain == DS_DOMAIN_FUNCTION_2012_R2:
+ outstr = "2012 R2"
else:
- outstr = "higher than 2008 R2"
+ outstr = "higher than 2012 R2"
self.message("Domain function level: (Windows) " + outstr)
if min_level_dc == DS_DOMAIN_FUNCTION_2000:
@@ -1071,8 +1088,12 @@ class cmd_domain_level(Command):
outstr = "2008"
elif min_level_dc == DS_DOMAIN_FUNCTION_2008_R2:
outstr = "2008 R2"
+ elif min_level_dc == DS_DOMAIN_FUNCTION_2012:
+ outstr = "2012"
+ elif min_level_dc == DS_DOMAIN_FUNCTION_2012_R2:
+ outstr = "2012 R2"
else:
- outstr = "higher than 2008 R2"
+ outstr = "higher than 2012 R2"
self.message("Lowest function level of a DC: (Windows) " + outstr)
elif subcommand == "raise":
@@ -1085,10 +1106,13 @@ class cmd_domain_level(Command):
new_level_domain = DS_DOMAIN_FUNCTION_2008
elif domain_level == "2008_R2":
new_level_domain = DS_DOMAIN_FUNCTION_2008_R2
+ elif domain_level == "2012":
+ new_level_domain = DS_DOMAIN_FUNCTION_2012
+ elif domain_level == "2012_R2":
+ new_level_domain = DS_DOMAIN_FUNCTION_2012_R2
if new_level_domain <= level_domain and level_domain_mixed == 0:
raise CommandError("Domain function level can't be smaller than or equal to the actual one!")
-
if new_level_domain > min_level_dc:
raise CommandError("Domain function level can't be higher than the lowest function level of a DC!")
@@ -1141,10 +1165,16 @@ class cmd_domain_level(Command):
new_level_forest = DS_DOMAIN_FUNCTION_2008
elif forest_level == "2008_R2":
new_level_forest = DS_DOMAIN_FUNCTION_2008_R2
+ elif forest_level == "2012":
+ new_level_forest = DS_DOMAIN_FUNCTION_2012
+ elif forest_level == "2012_R2":
+ new_level_forest = DS_DOMAIN_FUNCTION_2012_R2
+
if new_level_forest <= level_forest:
raise CommandError("Forest function level can't be smaller than or equal to the actual one!")
if new_level_forest > level_domain:
raise CommandError("Forest function level can't be higher than the domain function level(s). Please raise it/them first!")
+
m = ldb.Message()
m.dn = ldb.Dn(samdb, "CN=Partitions,%s" % samdb.get_config_basedn())
m["msDS-Behavior-Version"]= ldb.MessageElement(
--
Samba Shared Repository
More information about the samba-cvs
mailing list