sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

python-samba-tool domain classicupgrade: Skip machine accounts that do not end in $

Browse Source 
These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2013-04-11 09:32:13 +10:00 committed by Stefan Metzmacher
parent 2044541530
commit 2e1f14355c
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
python/samba/upgrade.py
View File

@ -698,16 +698,17 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None,
user = s3db.getsampwnam(username)
acct_type = (user.acct_ctrl & (samr.ACB_NORMAL|samr.ACB_WSTRUST|samr.ACB_SVRTRUST|samr.ACB_DOMTRUST))
if (acct_type == samr.ACB_NORMAL or acct_type == samr.ACB_WSTRUST):
pass
elif acct_type == samr.ACB_SVRTRUST:
if acct_type == samr.ACB_SVRTRUST:
logger.warn(" Demoting BDC account trust for %s, this DC must be elevated to an AD DC using 'samba-tool domain promote'" % username[:-1])
user.acct_ctrl = (user.acct_ctrl & ~samr.ACB_SVRTRUST) | samr.ACB_WSTRUST
elif acct_type == samr.ACB_DOMTRUST:
logger.warn(" Skipping inter-domain trust from domain %s, this trust must be re-created as an AD trust" % username[:-1])
elif acct_type == (samr.ACB_WSTRUST) and username[-1] != '$':
logger.warn(" Skipping account %s that has ACB_WSTRUST (W) set but does not end in $. This account can not have worked, and is probably left over from a misconfiguration." % username)
continue
elif acct_type == (samr.ACB_NORMAL|samr.ACB_WSTRUST) and username[-1] == '$':
logger.warn(" Fixing account %s which had both ACB_NORMAL (U) and ACB_WSTRUST (W) set. Account will be marked as ACB_WSTRUST (W), i.e. as a domain member" % username)
user.acct_ctrl = (user.acct_ctrl & ~samr.ACB_NORMAL)
@ -716,6 +717,12 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None,
logger.warn(" Fixing account %s which had both ACB_NORMAL (U) and ACB_SVRTRUST (S) set. Account will be marked as ACB_WSTRUST (S), i.e. as a domain member" % username)
user.acct_ctrl = (user.acct_ctrl & ~samr.ACB_NORMAL)
elif acct_type == 0 and username[-1] != '$':
user.acct_ctrl = (user.acct_ctrl | samr.ACB_NORMAL)
elif (acct_type == samr.ACB_NORMAL or acct_type == samr.ACB_WSTRUST):
pass
else:
raise ProvisioningError("""Failed to upgrade due to invalid account %s, account control flags 0x%08X must have exactly one of
ACB_NORMAL (N, 0x%08X), ACB_WSTRUST (W 0x%08X), ACB_SVRTRUST (S 0x%08X) or ACB_DOMTRUST (D 0x%08X).