[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Sat Sep 23 07:17:02 UTC 2017 

The branch, master has been updated
       via  7ddf479 scripting: Add script (backportable) to undo a GUID index
       via  5d404ea Do not re-use the attribute @IDXVERSION for SAMDB_INDEXING_VERSION
       via  effac54 dsdb: Set that Samba uses the GUID index in LDB
       via  a205369 provision: Add a fixed GUID to the samba4top objectclass definition
       via  7665d99 provision: Add a fixed objectGUID to the tmp DB used for LDAP backend schema work
       via  eabc344 provision: make clear that the tmp ldb is running in @IDXGUID mode
      from  5f2576a lib: gpo: Put enforced GPOs at the end of the list.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7ddf47951bd472841c5f365e5fff7d28b1ce4972
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Sep 11 21:39:44 2017 +1200

    scripting: Add script (backportable) to undo a GUID index
    
    This script allows the DB to be read, and re-indexed, by an earlier Samba version,
    most likely 4.7 with some backported patches.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Sat Sep 23 09:16:31 CEST 2017 on sn-devel-144

commit 5d404eaeababde2c4a046470b4633cfacfcecaa1
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Sep 8 15:31:55 2017 +1200

    Do not re-use the attribute @IDXVERSION for SAMDB_INDEXING_VERSION
    
    Confusing these two concepts is not a good idea, SAMDB_INDEXING_VERSION refers to
    a change in a Samba rule to canonicalise one of our attributes, not the
    in-DB index format.
    
    As we already change @INDEXLIST in this version, this commit
    is at no extra cost.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

commit effac54893f63fd5bd5bc7678b786f07b13134bd
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Aug 15 15:58:57 2017 +1200

    dsdb: Set that Samba uses the GUID index in LDB
    
    This is optional, but only to aid the downgrade script (and in case
    there is some major issue found with it).  We don't support that mode,
    as that would require us to test and maintain multiple code paths and
    not optimise queries to be GUID centric.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

commit a205369697009b85c198f3a8940705cb4bf53cbc
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Sep 2 16:33:19 2017 +1200

    provision: Add a fixed GUID to the samba4top objectclass definition
    
    This is only used in the OpenLDAP backend and will certainly be removed before this becomes production.
    
    (a production backend will use the real AD top objectclass)
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

commit 7665d999d276f4d6776b237968dc6aded940f4be
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Sep 2 16:31:21 2017 +1200

    provision: Add a fixed objectGUID to the tmp DB used for LDAP backend schema work
    
    This DB holds a copy of the schema, but now needs to have an objectGUID on each record.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

commit eabc34441698d3e49242d78e595e281da1436aeb
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Sep 2 16:21:29 2017 +1200

    provision: make clear that the tmp ldb is running in @IDXGUID mode
    
    This happended when the schema was set on the DB, forcing the full set of Samba behaviours
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/schema.py                 |  9 +++-
 source4/dsdb/schema/schema_set.c       | 21 ++++++++-
 source4/scripting/bin/sambaundoguididx | 84 ++++++++++++++++++++++++++++++++++
 source4/setup/schema_samba4.ldif       |  1 +
 4 files changed, 113 insertions(+), 2 deletions(-)
 create mode 100755 source4/scripting/bin/sambaundoguididx


Changeset truncated at 500 lines:

diff --git a/python/samba/schema.py b/python/samba/schema.py
index 839d681..3828003 100644
--- a/python/samba/schema.py
+++ b/python/samba/schema.py
@@ -126,15 +126,22 @@ class Schema(object):
         self.ldb.connect(url=schemadb_path)
         self.ldb.transaction_start()
         try:
+            # These are actually ignored, as the schema has been forced
+            # when the ldb object was created, and that overrides this
             self.ldb.add_ldif("""dn: @ATTRIBUTES
 linkID: INTEGER
 
 dn: @INDEXLIST
 @IDXATTR: linkID
 @IDXATTR: attributeSyntax
+ at IDXGUID: objectGUID
 """)
+
+            schema_dn_add = self.schema_dn_add \
+                            + "objectGUID: 24e2ca70-b093-4ae8-84c0-2d7ac652a1b8\n"
+
             # These bits of LDIF are supplied when the Schema object is created
-            self.ldb.add_ldif(self.schema_dn_add)
+            self.ldb.add_ldif(schema_dn_add)
             self.ldb.modify_ldif(self.schema_dn_modify)
             self.ldb.add_ldif(self.schema_data)
         except:
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 8141e32..ca7a307 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -69,9 +69,16 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
 	struct ldb_message *msg;
 	struct ldb_message *msg_idx;
 
+	struct loadparm_context *lp_ctx =
+		talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				struct loadparm_context);
 	/* setup our own attribute name to schema handler */
 	ldb_schema_attribute_set_override_handler(ldb, dsdb_attribute_handler_override, schema);
 	ldb_schema_set_override_indexlist(ldb, true);
+	if (lp_ctx == NULL ||
+	    lpcfg_parm_bool(lp_ctx, NULL, "dsdb", "guid index", true)) {
+		ldb_schema_set_override_GUID_index(ldb, "objectGUID", "GUID");
+	}
 
 	if (!write_indices_and_attributes) {
 		return ret;
@@ -108,8 +115,20 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
 		goto op_error;
 	}
 
+	if (lp_ctx == NULL ||
+	    lpcfg_parm_bool(lp_ctx, NULL, "dsdb", "guid index", true)) {
+		ret = ldb_msg_add_string(msg_idx, "@IDXGUID", "objectGUID");
+		if (ret != LDB_SUCCESS) {
+			goto op_error;
+		}
+
+		ret = ldb_msg_add_string(msg_idx, "@IDX_DN_GUID", "GUID");
+		if (ret != LDB_SUCCESS) {
+			goto op_error;
+		}
+	}
 
-	ret = ldb_msg_add_string(msg_idx, "@IDXVERSION", SAMDB_INDEXING_VERSION);
+	ret = ldb_msg_add_string(msg_idx, "@SAMDB_INDEXING_VERSION", SAMDB_INDEXING_VERSION);
 	if (ret != LDB_SUCCESS) {
 		goto op_error;
 	}
diff --git a/source4/scripting/bin/sambaundoguididx b/source4/scripting/bin/sambaundoguididx
new file mode 100755
index 0000000..24a95e2
--- /dev/null
+++ b/source4/scripting/bin/sambaundoguididx
@@ -0,0 +1,84 @@
+#!/usr/bin/env python
+import optparse
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+
+import samba
+import ldb
+import urllib
+import os
+from samba import getopt as options
+from samba.samdb import SamDB
+from samba.dbchecker import dbcheck
+from samba.credentials import Credentials
+parser = optparse.OptionParser("sambaundoguididx")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(options.VersionOptions(parser))
+parser.add_option("-H", "--URL", help="LDB URL for database",
+                  type=str, metavar="URL", dest="H")
+opts, args = parser.parse_args()
+
+if len(args) != 0:
+    parser.print_usage()
+    sys.exit(1)
+
+lp_ctx = sambaopts.get_loadparm()
+lp_ctx.set("dsdb:guid index", "false")
+
+if opts.H is None:
+    url = lp_ctx.samdb_url()
+else:
+    url = opts.H
+
+samdb = ldb.Ldb(url=url, options=["modules:"])
+
+partitions = samdb.search(base="@PARTITION",
+			  scope=ldb.SCOPE_BASE,
+                          attrs=["partition"])
+
+modmsg = ldb.Message()
+modmsg.dn = ldb.Dn(samdb, '@INDEXLIST')
+modmsg.add(ldb.MessageElement(
+    elements=[],
+    flags=ldb.FLAG_MOD_REPLACE,
+    name='@IDXGUID'))
+modmsg.add(ldb.MessageElement(
+    elements=[],
+    flags=ldb.FLAG_MOD_REPLACE,
+    name='@IDX_DN_GUID'))
+
+samdb.transaction_start()
+samdb.modify(modmsg)
+
+privatedir = os.path.dirname(url)
+
+dbs = []
+for part in partitions[0]['partition']:
+    file_quoted = part.split(":")[1]
+    tdbname = urllib.unquote(file_quoted)
+    tdbpath = os.path.join(privatedir, tdbname)
+
+    db = ldb.Ldb(url=tdbpath, options=["modules:"])
+    db.transaction_start()
+    db.modify(modmsg)
+    dbs.append(db)
+
+for db in dbs:
+    db.transaction_commit()
+
+samdb.transaction_commit()
+
+print "Re-opening with the full DB stack"
+samdb = SamDB(url=url,
+                          lp=lp_ctx)
+print "Re-triggering another re-index"
+chk = dbcheck(samdb)
+
+chk.reindex_database()
+
+print "Your database has been downgraded to DN-based index values."
+
+print "NOTE: Any use of a Samba 4.8 tool including ldbsearch will auto-upgrade back to GUID index mode"
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index fcfaf98..4fd729e 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -293,6 +293,7 @@ objectClass: top
 objectClass: classSchema
 cn: Samba4Top
 subClassOf: top
+objectGUID: 4af54ff0-ff3c-4f17-8fb0-611ec83ddfb4
 governsID: 1.3.6.1.4.1.7165.4.2.1
 mayContain: msDS-ObjectReferenceBL
 rDNAttID: cn


-- 
Samba Shared Repository

More information about the samba-cvs mailing list