[PATCH 3/4] s4 provision: Handle transaction inside create secrets

[Matthieu Patou]

  create secrets used to leave the commit to calling function which is
  not good for the unittesting
---
 source4/scripting/python/samba/provision.py |   40 +++++++++++++++------------
 1 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 0c1c46c..1976a16 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -738,22 +738,29 @@ def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp):
     secrets_ldb = Ldb(path, session_info=session_info, 
                       lp=lp)
     secrets_ldb.transaction_start()
-    secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
-
-    if backend_credentials is not None and backend_credentials.authentication_requested():
-        if backend_credentials.get_bind_dn() is not None:
-            setup_add_ldif(secrets_ldb, setup_path("secrets_simple_ldap.ldif"), {
-                    "LDAPMANAGERDN": backend_credentials.get_bind_dn(),
-                    "LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password())
-                    })
-        else:
-            setup_add_ldif(secrets_ldb, setup_path("secrets_sasl_ldap.ldif"), {
-                    "LDAPADMINUSER": backend_credentials.get_username(),
-                    "LDAPADMINREALM": backend_credentials.get_realm(),
-                    "LDAPADMINPASS_B64": b64encode(backend_credentials.get_password())
-                    })
+    try:
+        secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
+
+        if backend_credentials is not None and backend_credentials.authentication_requested():
+            if backend_credentials.get_bind_dn() is not None:
+                setup_add_ldif(secrets_ldb, setup_path("secrets_simple_ldap.ldif"), {
+                        "LDAPMANAGERDN": backend_credentials.get_bind_dn(),
+                        "LDAPMANAGERPASS_B64": b64encode(backend_credentials.get_password())
+                        })
+            else:
+                setup_add_ldif(secrets_ldb, setup_path("secrets_sasl_ldap.ldif"), {
+                        "LDAPADMINUSER": backend_credentials.get_username(),
+                        "LDAPADMINREALM": backend_credentials.get_realm(),
+                        "LDAPADMINPASS_B64": b64encode(backend_credentials.get_password())
+                        })
+
+    except:
+        secrets_ldb.transaction_cancel()
+        raise
+    else:
+        secrets_ldb.transaction_commit()
+        return secrets_ldb
 
-    return secrets_ldb
 
 def setup_privileges(path, setup_path, session_info, lp):
     """Setup the privileges database.
@@ -1484,9 +1491,6 @@ def provision(setup_dir, message, session_info,
     create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, 
                                ldapi_url)
 
-    #Now commit the secrets.ldb to disk
-    secrets_ldb.transaction_commit()
-
     # the commit creates the dns.keytab, now chown it
     dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
     if (os.path.isfile(dns_keytab_path) and paths.bind_gid is not None):
-- 
1.7.0.4


--------------050001030301000908040904
Content-Type: text/x-patch;
 name="0001-s4-ldb-implement-comparaison-on-the-ldb-Message.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment;
 filename*0="0001-s4-ldb-implement-comparaison-on-the-ldb-Message.patch"