sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured

Browse Source 
This will allow files to be correctly owned by the idmap that is imported.

This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2012-08-27 22:38:53 +10:00
parent 5aa9a6c936
commit 444c9ffad7
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source4/scripting/python/samba/provision/__init__.py
View File

@ -1594,7 +1594,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
invocationid=None, machinepass=None, ntdsguid=None, invocationid=None, machinepass=None, ntdsguid=None,
dns_backend=None, dnspass=None, dns_backend=None, dnspass=None,
serverrole=None, dom_for_fun_level=None, serverrole=None, dom_for_fun_level=None,
am_rodc=False, lp=None, use_ntvfs=False): am_rodc=False, lp=None, use_ntvfs=False, skip_sysvolacl=True):
# create/adapt the group policy GUIDs # create/adapt the group policy GUIDs
# Default GUID for default policy are described at # Default GUID for default policy are described at
# "How Core Group Policy Works" # "How Core Group Policy Works"
@ -1631,8 +1631,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
# policy) # policy)
create_default_gpo(paths.sysvol, names.dnsdomain, policyguid, create_default_gpo(paths.sysvol, names.dnsdomain, policyguid,
policyguid_dc) policyguid_dc)
setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid, if not skip_sysvolacl:
domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs) setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid,
domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs)
secretsdb_self_join(secrets_ldb, domain=names.domain, secretsdb_self_join(secrets_ldb, domain=names.domain,
realm=names.realm, dnsdomain=names.dnsdomain, realm=names.realm, dnsdomain=names.dnsdomain,
@ -1766,7 +1767,8 @@ def provision(logger, session_info, credentials, smbconf=None,
ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false", ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false",
useeadb=False, am_rodc=False, useeadb=False, am_rodc=False,
lp=None, use_ntvfs=False, lp=None, use_ntvfs=False,
use_rfc2307=False, maxuid=None, maxgid=None): use_rfc2307=False, maxuid=None, maxgid=None,
skip_sysvolacl=True):
"""Provision samba4 """Provision samba4
:note: caution, this wipes all existing data! :note: caution, this wipes all existing data!
@ -2014,7 +2016,8 @@ def provision(logger, session_info, credentials, smbconf=None,
ntdsguid=ntdsguid, dns_backend=dns_backend, ntdsguid=ntdsguid, dns_backend=dns_backend,
dnspass=dnspass, serverrole=serverrole, dnspass=dnspass, serverrole=serverrole,
dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc, dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
lp=lp, use_ntvfs=use_ntvfs) lp=lp, use_ntvfs=use_ntvfs,
skip_sysvolacl=skip_sysvolacl)
create_krb5_conf(paths.krb5conf, create_krb5_conf(paths.krb5conf,
dnsdomain=names.dnsdomain, hostname=names.hostname, dnsdomain=names.dnsdomain, hostname=names.hostname,

8
source4/scripting/python/samba/upgrade.py
View File

@ -26,7 +26,7 @@ import pwd
from samba import Ldb, registry from samba import Ldb, registry
from samba.param import LoadParm from samba.param import LoadParm
from samba.provision import provision, FILL_FULL, ProvisioningError from samba.provision import provision, FILL_FULL, ProvisioningError, setsysvolacl
from samba.samba3 import passdb from samba.samba3 import passdb
from samba.samba3 import param as s3param from samba.samba3 import param as s3param
from samba.dcerpc import lsa, samr, security from samba.dcerpc import lsa, samr, security
@ -828,7 +828,7 @@ Please fix this account before attempting to upgrade again
hostname=netbiosname.lower(), machinepass=machinepass, hostname=netbiosname.lower(), machinepass=machinepass,
serverrole=serverrole, samdb_fill=FILL_FULL, serverrole=serverrole, samdb_fill=FILL_FULL,
useeadb=useeadb, dns_backend=dns_backend, use_rfc2307=True, useeadb=useeadb, dns_backend=dns_backend, use_rfc2307=True,
use_ntvfs=use_ntvfs) use_ntvfs=use_ntvfs, skip_sysvolacl=True)
result.report_logger(logger) result.report_logger(logger)
# Import WINS database # Import WINS database
@ -902,5 +902,9 @@ Please fix this account before attempting to upgrade again
s4_passdb.update_sam_account(admin_userdata) s4_passdb.update_sam_account(admin_userdata)
logger.info("Administrator password has been set to password of user '%s'", admin_user) logger.info("Administrator password has been set to password of user '%s'", admin_user)
if result.server_role == "active directory domain controller":
setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol, result.paths.root_uid, result.paths.wheel_gid,
security.dom_sid(result.domainsid), result.names.dnsdomain, result.names.domaindn, result.lp, use_ntvfs)
# FIXME: import_registry(registry.Registry(), samba3.get_registry()) # FIXME: import_registry(registry.Registry(), samba3.get_registry())
# FIXME: shares # FIXME: shares