sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

More formatting fixes.

Browse Source
This commit is contained in:
Jelmer Vernooij 2010-03-01 03:41:52 +01:00
parent 44c2d696bd
commit 20e1d5a72e
2 changed files with 84 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
source4/scripting/bin/upgradeprovision
View File

@ -1,4 +1,5 @@
#!/usr/bin/python #!/usr/bin/python
# vim: expandtab
# #
# Copyright (C) Matthieu Patou <mat@matws.net> 2009 # Copyright (C) Matthieu Patou <mat@matws.net> 2009
# #
@ -25,7 +26,6 @@ import shutil
import optparse import optparse
import os import os
import sys import sys
import re
import tempfile import tempfile
# Allow to run from s4 source directory (without installing samba) # Allow to run from s4 source directory (without installing samba)
sys.path.insert(0, "bin/python") sys.path.insert(0, "bin/python")
@ -135,7 +135,7 @@ def message(what,text):
:param what: Category of the message :param what: Category of the message
:param text: Message to print """ :param text: Message to print """
if (whatToLog & what) or (what <= 0 ): if (whatToLog & what) or what <= 0:
print text print text
if len(sys.argv) == 1: if len(sys.argv) == 1:
@ -160,6 +160,7 @@ def identic_rename(ldbobj,dn):
ldbobj.rename(dn,Dn(ldbobj,"%s=foo%s"%(before,after))) ldbobj.rename(dn,Dn(ldbobj,"%s=foo%s"%(before,after)))
ldbobj.rename(Dn(ldbobj,"%s=foo%s"%(before,after)),dn) ldbobj.rename(Dn(ldbobj,"%s=foo%s"%(before,after)),dn)
def populate_backlink(newpaths,creds,session,schemadn): def populate_backlink(newpaths,creds,session,schemadn):
"""Populate an array with all the back linked attributes """Populate an array with all the back linked attributes
@ -174,7 +175,6 @@ def populate_backlink(newpaths,creds,session,schemadn):
linkedAttHash = get_linked_attributes(Dn(newsam_ldb,str(schemadn)),newsam_ldb) linkedAttHash = get_linked_attributes(Dn(newsam_ldb,str(schemadn)),newsam_ldb)
backlinked.extend(linkedAttHash.values()) backlinked.extend(linkedAttHash.values())
# Create an array of attributes with a dn synthax (2.5.5.1)
def populate_dnsyntax(newpaths,creds,session,schemadn): def populate_dnsyntax(newpaths,creds,session,schemadn):
"""Populate an array with all the attributes that have DN synthax (oid 2.5.5.1) """Populate an array with all the attributes that have DN synthax (oid 2.5.5.1)
@ -188,6 +188,7 @@ def populate_dnsyntax(newpaths,creds,session,schemadn):
for elem in res: for elem in res:
dn_syntax_att.append(elem["lDAPDisplayName"]) dn_syntax_att.append(elem["lDAPDisplayName"])
def sanitychecks(credentials,session_info,names,paths): def sanitychecks(credentials,session_info,names,paths):
"""Populate an array with all the attributes that have DN synthax (oid 2.5.5.1) """Populate an array with all the attributes that have DN synthax (oid 2.5.5.1)
@ -203,13 +204,13 @@ def sanitychecks(credentials,session_info,names,paths):
scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"]) scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"])
if len(res) == 0: if len(res) == 0:
print "No DC found, your provision is most probalby hardly broken !" print "No DC found, your provision is most probalby hardly broken !"
return 0 return False
elif len(res) != 1: elif len(res) != 1:
print "Found %d domain controllers, for the moment upgradeprovision is not able to handle upgrade on \ print "Found %d domain controllers, for the moment upgradeprovision is not able to handle upgrade on \
domain with more than one DC, please demote the other(s) DC(s) before upgrading"%len(res) domain with more than one DC, please demote the other(s) DC(s) before upgrading"%len(res)
return 0 return False
else: else:
return 1 return True
def print_provision_key_parameters(names): def print_provision_key_parameters(names):
@ -234,6 +235,7 @@ def print_provision_key_parameters(names):
message(GUESS, "ntdsguid :"+names.ntdsguid) message(GUESS, "ntdsguid :"+names.ntdsguid)
message(GUESS, "domainlevel :"+str(names.domainlevel)) message(GUESS, "domainlevel :"+str(names.domainlevel))
def handle_security_desc(ischema, att, msgElt, hashallSD, old, new): def handle_security_desc(ischema, att, msgElt, hashallSD, old, new):
"""Check if the security descriptor has been modified. """Check if the security descriptor has been modified.
@ -251,15 +253,16 @@ def handle_security_desc(ischema, att, msgElt, hashallSD, old, new):
hashSD["oldSD"] = old[0][att] hashSD["oldSD"] = old[0][att]
hashSD["newSD"] = new[0][att] hashSD["newSD"] = new[0][att]
hashallSD[str(old[0].dn)] = hashSD hashallSD[str(old[0].dn)] = hashSD
return 1 return True
if att == "nTSecurityDescriptor" and msgElt.flags() == FLAG_MOD_REPLACE: if att == "nTSecurityDescriptor" and msgElt.flags() == FLAG_MOD_REPLACE:
if ischema == 0: if ischema == 0:
hashSD = {} hashSD = {}
hashSD["oldSD"] = ndr_unpack(security.descriptor, str(old[0][att])) hashSD["oldSD"] = ndr_unpack(security.descriptor, str(old[0][att]))
hashSD["newSD"] = ndr_unpack(security.descriptor, str(new[0][att])) hashSD["newSD"] = ndr_unpack(security.descriptor, str(new[0][att]))
hashallSD[str(old[0].dn)] = hashSD hashallSD[str(old[0].dn)] = hashSD
return 0 return False
return 0 return False
def handle_special_case(att, delta, new, old, ischema): def handle_special_case(att, delta, new, old, ischema):
"""Define more complicate update rules for some attributes """Define more complicate update rules for some attributes
@ -269,30 +272,30 @@ def handle_special_case(att, delta, new, old, ischema):
:param new: The reference object :param new: The reference object
:param old: The Updated object :param old: The Updated object
:param ischema: A boolean that indicate that the attribute is part of a schema object :param ischema: A boolean that indicate that the attribute is part of a schema object
:return: 1 to indicate that the attribute should be kept, 0 for discarding it :return: Tru to indicate that the attribute should be kept, False for discarding it
""" """
flag = delta.get(att).flags() flag = delta.get(att).flags()
if (att == "gPLink" or att == "gPCFileSysPath") and \ if (att == "gPLink" or att == "gPCFileSysPath") and \
flag == FLAG_MOD_REPLACE and str(new[0].dn).lower() == str(old[0].dn).lower(): flag == FLAG_MOD_REPLACE and str(new[0].dn).lower() == str(old[0].dn).lower():
delta.remove(att) delta.remove(att)
return 1 return True
if att == "forceLogoff": if att == "forceLogoff":
ref=0x8000000000000000 ref=0x8000000000000000
oldval=int(old[0][att][0]) oldval=int(old[0][att][0])
newval=int(new[0][att][0]) newval=int(new[0][att][0])
ref == old and ref == abs(new) ref == old and ref == abs(new)
return 1 return True
if (att == "adminDisplayName" or att == "adminDescription") and ischema: if (att == "adminDisplayName" or att == "adminDescription") and ischema:
return 1 return True
if (str(old[0].dn) == "CN=Samba4-Local-Domain,%s"%(str(names.schemadn))\ if (str(old[0].dn) == "CN=Samba4-Local-Domain,%s" % (str(names.schemadn))\
and att == "defaultObjectCategory" and flag == FLAG_MOD_REPLACE): and att == "defaultObjectCategory" and flag == FLAG_MOD_REPLACE):
return 1 return True
if (str(old[0].dn) == "CN=Title,%s"%(str(names.schemadn)) and att == "rangeUpper" and flag == FLAG_MOD_REPLACE): if (str(old[0].dn) == "CN=Title,%s"%(str(names.schemadn)) and att == "rangeUpper" and flag == FLAG_MOD_REPLACE):
return 1 return True
if ( (att == "member" or att == "servicePrincipalName") and flag == FLAG_MOD_REPLACE): if ((att == "member" or att == "servicePrincipalName") and flag == FLAG_MOD_REPLACE):
hash = {} hash = {}
newval = [] newval = []
changeDelta=0 changeDelta=0
@ -308,13 +311,13 @@ def handle_special_case(att, delta, new, old, ischema):
delta[att] = MessageElement(newval, FLAG_MOD_REPLACE, att) delta[att] = MessageElement(newval, FLAG_MOD_REPLACE, att)
else: else:
delta.remove(att) delta.remove(att)
return 1 return True
if (str(old[0].dn) == "%s"%(str(names.rootdn)) and att == "subRefs" and flag == FLAG_MOD_REPLACE): if (str(old[0].dn) == "%s"%(str(names.rootdn)) and att == "subRefs" and flag == FLAG_MOD_REPLACE):
return 1 return True
if str(delta.dn).endswith("CN=DisplaySpecifiers,%s"%names.configdn): if str(delta.dn).endswith("CN=DisplaySpecifiers,%s"%names.configdn):
return 1 return True
return 0 return False
def update_secrets(newpaths, paths, creds, session): def update_secrets(newpaths, paths, creds, session):
"""Update secrets.ldb """Update secrets.ldb
@ -373,12 +376,9 @@ def update_secrets(newpaths, paths, creds, session):
reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE) reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE) current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
delta = secrets_ldb.msg_diff(current[0],reference[0]) delta = secrets_ldb.msg_diff(current[0],reference[0])
i=0
for att in hashAttrNotCopied.keys(): for att in hashAttrNotCopied.keys():
delta.remove(att) delta.remove(att)
for att in delta: for att in delta:
i = i + 1
if att == "name": if att == "name":
message(CHANGE,"Found attribute name on %s, must rename the DN "%(current[0].dn)) message(CHANGE,"Found attribute name on %s, must rename the DN "%(current[0].dn))
identic_rename(secrets_ldb,reference[0].dn) identic_rename(secrets_ldb,reference[0].dn)
@ -389,17 +389,16 @@ def update_secrets(newpaths, paths, creds, session):
reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE) reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE) current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
delta = secrets_ldb.msg_diff(current[0],reference[0]) delta = secrets_ldb.msg_diff(current[0],reference[0])
i=0
for att in hashAttrNotCopied.keys(): for att in hashAttrNotCopied.keys():
delta.remove(att) delta.remove(att)
for att in delta: for att in delta:
i = i + 1
if att != "dn": if att != "dn":
message(CHANGE," Adding/Changing attribute %s to %s"%(att,current[0].dn)) message(CHANGE," Adding/Changing attribute %s to %s"%(att,current[0].dn))
delta.dn = current[0].dn delta.dn = current[0].dn
secrets_ldb.modify(delta) secrets_ldb.modify(delta)
def dump_denied_change(dn,att,flagtxt,current,reference): def dump_denied_change(dn,att,flagtxt,current,reference):
"""Print detailed information about why a changed is denied """Print detailed information about why a changed is denied
@ -414,16 +413,17 @@ def dump_denied_change(dn,att,flagtxt,current,reference):
i = 0 i = 0
for e in range(0,len(current)): for e in range(0,len(current)):
message(CHANGE,"old %d : %s"%(i,str(current[e]))) message(CHANGE,"old %d : %s"%(i,str(current[e])))
i=i+1 i+=1
if reference != None: if reference != None:
i = 0 i = 0
for e in range(0,len(reference)): for e in range(0,len(reference)):
message(CHANGE,"new %d : %s"%(i,str(reference[e]))) message(CHANGE,"new %d : %s"%(i,str(reference[e])))
i=i+1 i+=1
else: else:
message(CHANGE,"old : %s"%str(ndr_unpack( security.dom_sid,current[0]))) message(CHANGE,"old : %s"%str(ndr_unpack( security.dom_sid,current[0])))
message(CHANGE,"new : %s"%str(ndr_unpack( security.dom_sid,reference[0]))) message(CHANGE,"new : %s"%str(ndr_unpack( security.dom_sid,reference[0])))
def handle_special_add(sam_ldb,dn,names): def handle_special_add(sam_ldb,dn,names):
"""Handle special operation (like remove) on some object needed during upgrade """Handle special operation (like remove) on some object needed during upgrade
@ -431,18 +431,18 @@ def handle_special_add(sam_ldb,dn,names):
:param sam_ldb: An Ldb object representing the SAM database :param sam_ldb: An Ldb object representing the SAM database
:param dn: DN of the object to inspect :param dn: DN of the object to inspect
:param names: list of key provision parameters""" :param names: list of key provision parameters"""
dntoremove=None dntoremove = None
if str(dn).lower() == ("CN=Certificate Service DCOM Access,CN=Builtin,%s"%names.rootdn).lower(): if str(dn).lower() == ("CN=Certificate Service DCOM Access,CN=Builtin,%s"%names.rootdn).lower():
#This entry was misplaced lets remove it if it exists #This entry was misplaced lets remove it if it exists
dntoremove="CN=Certificate Service DCOM Access,CN=Users,%s"%names.rootdn dntoremove = "CN=Certificate Service DCOM Access,CN=Users,%s"%names.rootdn
if str(dn).lower() == ("CN=Cryptographic Operators,CN=Builtin,%s"%names.rootdn).lower(): if str(dn).lower() == ("CN=Cryptographic Operators,CN=Builtin,%s"%names.rootdn).lower():
#This entry was misplaced lets remove it if it exists #This entry was misplaced lets remove it if it exists
dntoremove="CN=Cryptographic Operators,CN=Users,%s"%names.rootdn dntoremove = "CN=Cryptographic Operators,CN=Users,%s"%names.rootdn
if str(dn).lower() == ("CN=Event Log Readers,CN=Builtin,%s"%names.rootdn).lower(): if str(dn).lower() == ("CN=Event Log Readers,CN=Builtin,%s"%names.rootdn).lower():
#This entry was misplaced lets remove it if it exists #This entry was misplaced lets remove it if it exists
dntoremove="CN=Event Log Readers,CN=Users,%s"%names.rootdn dntoremove = "CN=Event Log Readers,CN=Users,%s"%names.rootdn
if dntoremove != None: if dntoremove != None:
res = sam_ldb.search(expression="objectClass=*",base=dntoremove, scope=SCOPE_BASE,attrs=["dn"],controls=["search_options:1:2"]) res = sam_ldb.search(expression="objectClass=*",base=dntoremove, scope=SCOPE_BASE,attrs=["dn"],controls=["search_options:1:2"])
@ -450,16 +450,13 @@ def handle_special_add(sam_ldb,dn,names):
message(CHANGE,"Existing object %s must be replaced by %s, removing old object"%(dntoremove,str(dn))) message(CHANGE,"Existing object %s must be replaced by %s, removing old object"%(dntoremove,str(dn)))
sam_ldb.delete(res[0]["dn"]) sam_ldb.delete(res[0]["dn"])
#Check if the one of the dn in the listdn will be created after the current dn
#hash is indexed by dn to be created, with each key is associated the creation order
#First dn to be created has the creation order 0, second has 1, ...
#Index contain the current creation order
def check_dn_nottobecreated(hash,index,listdn): def check_dn_nottobecreated(hash,index,listdn):
"""Check if one of the DN present in the list has a creation order greater than the current. """Check if one of the DN present in the list has a creation order greater than the current.
Hash is indexed by dn to be created, with each key is associated the creation order Hash is indexed by dn to be created, with each key is associated the creation order
First dn to be created has the creation order 0, second has 1, ... First dn to be created has the creation order 0, second has 1, ...
Index contain the current creation order Index contain the current creation order
:param hash: Hash holding the different DN of the object to be created as key :param hash: Hash holding the different DN of the object to be created as key
:param index: Current creation order :param index: Current creation order
:param listdn: List of DNs on which the current DN depends on :param listdn: List of DNs on which the current DN depends on
@ -473,6 +470,7 @@ def check_dn_nottobecreated(hash,index,listdn):
return str(dn) return str(dn)
return None return None
def add_missing_object(newsam_ldb, sam_ldb, dn, names, basedn, hash, index): def add_missing_object(newsam_ldb, sam_ldb, dn, names, basedn, hash, index):
"""Add a new object if the dependencies are satisfied """Add a new object if the dependencies are satisfied
@ -484,7 +482,7 @@ def add_missing_object(newsam_ldb, sam_ldb, dn, names, basedn, hash, index):
:param basedn: DN of the partition to be updated :param basedn: DN of the partition to be updated
:param hash: Hash holding the different DN of the object to be created as key :param hash: Hash holding the different DN of the object to be created as key
:param index: Current creation order :param index: Current creation order
:return: 1 if the object was created 0 otherwise""" :return: True if the object was created False otherwise"""
handle_special_add(sam_ldb,dn,names) handle_special_add(sam_ldb,dn,names)
reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn,
scope=SCOPE_SUBTREE,controls=["search_options:1:2"]) scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
@ -500,11 +498,12 @@ def add_missing_object(newsam_ldb, sam_ldb, dn, names, basedn, hash, index):
if depend_on_yet_tobecreated != None: if depend_on_yet_tobecreated != None:
message(CHANGE,"Object %s depends on %s in attribute %s, delaying the creation" message(CHANGE,"Object %s depends on %s in attribute %s, delaying the creation"
%(str(dn),depend_on_yet_tobecreated,str(att))) %(str(dn),depend_on_yet_tobecreated,str(att)))
return 0 return False
delta.dn = dn delta.dn = dn
message(CHANGE,"Object %s will be added"%dn) message(CHANGE,"Object %s will be added"%dn)
sam_ldb.add(delta,["relax:0"]) sam_ldb.add(delta,["relax:0"])
return 1 return True
def gen_dn_index_hash(listMissing): def gen_dn_index_hash(listMissing):
"""Generate a hash associating the DN to its creation order """Generate a hash associating the DN to its creation order
@ -516,6 +515,7 @@ def gen_dn_index_hash(listMissing):
hash[str(listMissing[i]).lower()] = i hash[str(listMissing[i]).lower()] = i
return hash return hash
def add_missing_entries(newsam_ldb, sam_ldb, names, basedn,list): def add_missing_entries(newsam_ldb, sam_ldb, names, basedn,list):
"""Add the missing object whose DN is the list """Add the missing object whose DN is the list
@ -535,7 +535,7 @@ def add_missing_entries(newsam_ldb, sam_ldb, names, basedn,list):
listDefered = [] listDefered = []
hashMissing = gen_dn_index_hash(listMissing) hashMissing = gen_dn_index_hash(listMissing)
for dn in listMissing: for dn in listMissing:
ret = add_missing_object(newsam_ldb,sam_ldb,dn,names,basedn,hashMissing,index) ret = add_missing_object(newsam_ldb,sam_ldb,dn,names,basedn,hashMissing,index)
index = index + 1 index = index + 1
if ret == 0: if ret == 0:
#DN can't be created because it depends on some other DN in the list #DN can't be created because it depends on some other DN in the list
@ -544,15 +544,13 @@ def add_missing_entries(newsam_ldb, sam_ldb, names, basedn,list):
raise ProvisioningError("Unable to insert missing elements: circular references") raise ProvisioningError("Unable to insert missing elements: circular references")
# Check difference between the current provision and the reference provision.
# It looks for all objects which base DN is name. If ischema is "false" then
# the scan is done in cross partition mode.
# If "ischema" is true, then special handling is done for dealing with schema
def check_diff_name(newpaths, paths, creds, session, basedn, names, ischema): def check_diff_name(newpaths, paths, creds, session, basedn, names, ischema):
"""Check differences between the reference provision and the upgraded one. """Check differences between the reference provision and the upgraded one.
It looks for all objects which base DN is name. If ischema is "false" then
the scan is done in cross partition mode.
If "ischema" is true, then special handling is done for dealing with schema
This function will also add the missing object and update existing object to add This function will also add the missing object and update existing object to add
or remove attributes that were missing. or remove attributes that were missing.
:param newpaths: List of paths for different provision objects from the reference provision :param newpaths: List of paths for different provision objects from the reference provision
@ -625,7 +623,8 @@ def check_diff_name(newpaths, paths, creds, session, basedn, names, ischema):
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp, options=["modules:samba_dsdb"]) sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp, options=["modules:samba_dsdb"])
sam_ldb.transaction_start() sam_ldb.transaction_start()
# XXX: This needs to be wrapped in try/except so we
# abort on exceptions.
message(SIMPLE,"There are %d missing objects"%(len(listMissing))) message(SIMPLE,"There are %d missing objects"%(len(listMissing)))
add_missing_entries(newsam_ldb,sam_ldb,names,basedn,listMissing) add_missing_entries(newsam_ldb,sam_ldb,names,basedn,listMissing)
changed = 0 changed = 0
@ -652,15 +651,14 @@ def check_diff_name(newpaths, paths, creds, session, basedn, names, ischema):
if att == "name": if att == "name":
delta.remove(att) delta.remove(att)
continue continue
if handle_security_desc(ischema,att,msgElt,hashallSD,current,reference) == 0: if not handle_security_desc(ischema,att,msgElt,hashallSD,current,reference):
delta.remove(att) delta.remove(att)
continue continue
if (not hashOverwrittenAtt.has_key(att) or not (hashOverwrittenAtt.get(att)&2^msgElt.flags())): if (not hashOverwrittenAtt.has_key(att) or not (hashOverwrittenAtt.get(att)&2^msgElt.flags())):
if hashOverwrittenAtt.has_key(att) and hashOverwrittenAtt.get(att)==never: if hashOverwrittenAtt.has_key(att) and hashOverwrittenAtt.get(att)==never:
delta.remove(att) delta.remove(att)
continue continue
if handle_special_case(att,delta,reference,current,ischema)==0 and msgElt.flags()!=FLAG_MOD_ADD: if not handle_special_case(att,delta,reference,current,ischema) and msgElt.flags()!=FLAG_MOD_ADD:
i = 0
if opts.debugchange or opts.debugall: if opts.debugchange or opts.debugall:
try: try:
dump_denied_change(dn,att,messageEltFlagToString(msgElt.flags()),current[0][att],reference[0][att]) dump_denied_change(dn,att,messageEltFlagToString(msgElt.flags()),current[0][att],reference[0][att])
@ -678,6 +676,7 @@ def check_diff_name(newpaths, paths, creds, session, basedn, names, ischema):
message(SIMPLE,"There are %d changed objects"%(changed)) message(SIMPLE,"There are %d changed objects"%(changed))
return hashallSD return hashallSD
def check_updated_sd(newpaths, paths, creds, session, names): def check_updated_sd(newpaths, paths, creds, session, names):
"""Check if the security descriptor in the upgraded provision are the same as the reference """Check if the security descriptor in the upgraded provision are the same as the reference
@ -703,6 +702,7 @@ def check_updated_sd(newpaths, paths, creds, session, names):
print "%s new sddl/sddl in ref"%key print "%s new sddl/sddl in ref"%key
print "%s\n%s"%(sddl,hash_new[key]) print "%s\n%s"%(sddl,hash_new[key])
def update_sd(paths, creds, session, names): def update_sd(paths, creds, session, names):
"""Update security descriptor of the current provision """Update security descriptor of the current provision
@ -760,6 +760,8 @@ def update_sd(paths, creds, session, names):
delta["whenCreated"] = MessageElement(hash[key], FLAG_MOD_REPLACE, "whenCreated" ) delta["whenCreated"] = MessageElement(hash[key], FLAG_MOD_REPLACE, "whenCreated" )
sam_ldb.modify(delta,["recalculate_sd:0"]) sam_ldb.modify(delta,["recalculate_sd:0"])
except: except:
# XXX: We should always catch an explicit exception.
# What could go wrong here?
sam_ldb.transaction_cancel() sam_ldb.transaction_cancel()
res = sam_ldb.search(expression="objectClass=*", base=str(names.rootdn), scope=SCOPE_SUBTREE,\ res = sam_ldb.search(expression="objectClass=*", base=str(names.rootdn), scope=SCOPE_SUBTREE,\
attrs=["dn","nTSecurityDescriptor"], controls=["search_options:1:2"]) attrs=["dn","nTSecurityDescriptor"], controls=["search_options:1:2"])
@ -788,24 +790,26 @@ def update_basesamdb(newpaths, paths, names):
os.mkdir(samldbdir) os.mkdir(samldbdir)
os.chmod(samldbdir,0700) os.chmod(samldbdir,0700)
if os.path.isfile(schemaldb): if os.path.isfile(schemaldb):
shutil.copy(schemaldb,os.path.join(samldbdir,"%s.ldb"%str(names.schemadn).upper())) shutil.copy(schemaldb, os.path.join(samldbdir, "%s.ldb"%str(names.schemadn).upper()))
os.remove(schemaldb) os.remove(schemaldb)
if os.path.isfile(usersldb): if os.path.isfile(usersldb):
shutil.copy(usersldb,os.path.join(samldbdir,"%s.ldb"%str(names.rootdn).upper())) shutil.copy(usersldb, os.path.join(samldbdir, "%s.ldb"%str(names.rootdn).upper()))
os.remove(usersldb) os.remove(usersldb)
if os.path.isfile(configldb): if os.path.isfile(configldb):
shutil.copy(configldb,os.path.join(samldbdir,"%s.ldb"%str(names.configdn).upper())) shutil.copy(configldb, os.path.join(samldbdir, "%s.ldb"%str(names.configdn).upper()))
os.remove(configldb) os.remove(configldb)
def update_privilege(newpaths, paths): def update_privilege(newpaths, paths):
"""Update the privilege database """Update the privilege database
:param newpaths: List of paths for different provision objects from the reference provision :param newpaths: List of paths for different provision objects from the reference provision
:param paths: List of paths for different provision objects from the upgraded provision""" :param paths: List of paths for different provision objects from the upgraded provision"""
message(SIMPLE,"Copy privilege") message(SIMPLE, "Copy privilege")
shutil.copy(os.path.join(newpaths.private_dir,"privilege.ldb"),os.path.join(paths.private_dir,"privilege.ldb")) shutil.copy(os.path.join(newpaths.private_dir, "privilege.ldb"),
os.path.join(paths.private_dir, "privilege.ldb"))
# For each partition check the differences
def update_samdb(newpaths, paths, creds, session, names): def update_samdb(newpaths, paths, creds, session, names):
"""Upgrade the SAM DB contents for all the provision """Upgrade the SAM DB contents for all the provision
@ -822,6 +826,7 @@ def update_samdb(newpaths, paths, creds, session, names):
hashSD = check_diff_name(newpaths,paths,creds,session,str(names.rootdn),names,0) hashSD = check_diff_name(newpaths,paths,creds,session,str(names.rootdn),names,0)
message(SIMPLE,"Done with scanning") message(SIMPLE,"Done with scanning")
def update_machine_account_password(paths, creds, session, names): def update_machine_account_password(paths, creds, session, names):
"""Update (change) the password of the current DC both in the SAM db and in secret one """Update (change) the password of the current DC both in the SAM db and in secret one
@ -864,12 +869,12 @@ def update_machine_account_password(paths, creds, session, names):
else: else:
secrets_ldb.transaction_cancel() secrets_ldb.transaction_cancel()
def setup_path(file): def setup_path(file):
return os.path.join(setup_dir, file) return os.path.join(setup_dir, file)
cmd = os.environ["_"]
m = re.match('(^|.*/)pydoc$',cmd) if __name__ == '__main__':
if not m:
# From here start the big steps of the program # From here start the big steps of the program
# First get files paths # First get files paths
paths=get_paths(param,smbconf=smbconf) paths=get_paths(param,smbconf=smbconf)
@ -892,7 +897,7 @@ if not m:
populate_backlink(newpaths, creds, session,names.schemadn) populate_backlink(newpaths, creds, session,names.schemadn)
populate_dnsyntax(newpaths, creds, session,names.schemadn) populate_dnsyntax(newpaths, creds, session,names.schemadn)
# Check the difference # Check the difference
update_basesamdb(newpaths, paths,names) update_basesamdb(newpaths, paths, names)
if opts.full: if opts.full:
update_samdb(newpaths, paths, creds, session, names) update_samdb(newpaths, paths, creds, session, names)
@ -902,10 +907,10 @@ if not m:
# SD should be created with admin but as some previous acl were so wrong that admin can't modify them we have first # SD should be created with admin but as some previous acl were so wrong that admin can't modify them we have first
# to recreate them with the good form but with system account and then give the ownership to admin ... # to recreate them with the good form but with system account and then give the ownership to admin ...
admin_session_info = admin_session(lp, str(names.domainsid)) admin_session_info = admin_session(lp, str(names.domainsid))
message(SIMPLE,"Updating SD") message(SIMPLE, "Updating SD")
update_sd(paths, creds, session,names) update_sd(paths, creds, session,names)
update_sd(paths, creds, admin_session_info, names) update_sd(paths, creds, admin_session_info, names)
check_updated_sd(newpaths, paths, creds, session, names) check_updated_sd(newpaths, paths, creds, session, names)
message(SIMPLE,"Upgrade finished !") message(SIMPLE, "Upgrade finished !")
# remove reference provision now that everything is done ! # remove reference provision now that everything is done !
shutil.rmtree(provisiondir) shutil.rmtree(provisiondir)

26
source4/scripting/python/samba/upgradehelpers.py
View File

@ -193,6 +193,7 @@ def newprovision(names,setup_dir,creds,session,smbconf,provdir,messagefunc):
dom_for_fun_level=names.domainlevel, dom_for_fun_level=names.domainlevel,
ldap_dryrun_mode=None,useeadb=True) ldap_dryrun_mode=None,useeadb=True)
def dn_sort(x,y): def dn_sort(x,y):
"""Sorts two DNs in the lexicographical order it and put higher level DN before. """Sorts two DNs in the lexicographical order it and put higher level DN before.
@ -203,25 +204,18 @@ def dn_sort(x,y):
p = re.compile(r'(?<!\\),') p = re.compile(r'(?<!\\),')
tab1 = p.split(str(x)) tab1 = p.split(str(x))
tab2 = p.split(str(y)) tab2 = p.split(str(y))
min = 0 minimum = min(len(tab1), len(tab2))
if (len(tab1) > len(tab2)): len1 = len(tab1)-1
min = len(tab2) len2 = len(tab2)-1
elif (len(tab1) < len(tab2)):
min = len(tab1)
else:
min = len(tab1)
len1=len(tab1)-1
len2=len(tab2)-1
space = " "
# Note: python range go up to upper limit but do not include it # Note: python range go up to upper limit but do not include it
for i in range(0,min): for i in range(0,minimum):
ret=cmp(tab1[len1-i],tab2[len2-i]) ret = cmp(tab1[len1-i],tab2[len2-i])
if(ret != 0): if ret != 0:
return ret return ret
else: else:
if(i==min-1): if i == minimum-1:
assert len1!=len2,"PB PB PB"+space.join(tab1)+" / "+space.join(tab2) assert len1!=len2,"PB PB PB"+" ".join(tab1)+" / "+" ".join(tab2)
if(len1>len2): if len1 > len2:
return 1 return 1
else: else:
return -1 return -1