mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
samba.provision: Fix setup_path.
This commit is contained in:
Jelmer Vernooij
parent
8caac9462a
commit
7c65ab12af
@ -29,38 +29,39 @@ def drs_DsBind(drs):
|
||||
bind_info = drsuapi.DsBindInfoCtr()
|
||||
bind_info.length = 28
|
||||
bind_info.info = drsuapi.DsBindInfo28()
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
|
||||
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
|
||||
(info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
|
||||
|
||||
return (handle, info.info.supported_extensions)
|
||||
|
||||
|
||||
class drs_Replicate:
|
||||
'''DRS replication calls'''
|
||||
|
||||
@ -71,8 +72,6 @@ class drs_Replicate:
|
||||
self.samdb = samdb
|
||||
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
|
||||
|
||||
|
||||
|
||||
def drs_get_rodc_partial_attribute_set(self):
|
||||
'''get a list of attributes for RODC replication'''
|
||||
partial_attribute_set = drsuapi.DsPartialAttributeSet()
|
||||
@ -110,7 +109,6 @@ class drs_Replicate:
|
||||
partial_attribute_set.num_attids = len(attids)
|
||||
return partial_attribute_set
|
||||
|
||||
|
||||
def replicate(self, dn, source_dsa_invocation_id, destination_dsa_guid,
|
||||
schema=False, exop=drsuapi.DRSUAPI_EXOP_NONE, rodc=False,
|
||||
replica_flags=None):
|
||||
@ -120,23 +118,23 @@ class drs_Replicate:
|
||||
req8 = drsuapi.DsGetNCChangesRequest8()
|
||||
|
||||
req8.destination_dsa_guid = destination_dsa_guid
|
||||
req8.source_dsa_invocation_id = source_dsa_invocation_id
|
||||
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
|
||||
req8.source_dsa_invocation_id = source_dsa_invocation_id
|
||||
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
|
||||
req8.naming_context.dn = dn
|
||||
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
|
||||
req8.highwatermark.tmp_highest_usn = 0
|
||||
req8.highwatermark.reserved_usn = 0
|
||||
req8.highwatermark.highest_usn = 0
|
||||
req8.uptodateness_vector = None
|
||||
req8.highwatermark.reserved_usn = 0
|
||||
req8.highwatermark.highest_usn = 0
|
||||
req8.uptodateness_vector = None
|
||||
if replica_flags is not None:
|
||||
req8.replica_flags = replica_flags
|
||||
elif exop == drsuapi.DRSUAPI_EXOP_REPL_SECRET:
|
||||
req8.replica_flags = 0
|
||||
req8.replica_flags = 0
|
||||
else:
|
||||
req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
|
||||
drsuapi.DRSUAPI_DRS_PER_SYNC |
|
||||
drsuapi.DRSUAPI_DRS_GET_ANC |
|
||||
drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
|
||||
req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
|
||||
drsuapi.DRSUAPI_DRS_PER_SYNC |
|
||||
drsuapi.DRSUAPI_DRS_GET_ANC |
|
||||
drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
|
||||
if rodc:
|
||||
req8.replica_flags |= drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
|
||||
else:
|
||||
|
||||
@ -87,11 +87,11 @@ def find_setup_dir():
|
||||
if in_source_tree():
|
||||
# In source tree
|
||||
dirname = os.path.dirname(__file__)
|
||||
return os.path.normpath(os.path.join(dirname, "../../../setup"))
|
||||
return os.path.normpath(os.path.join(dirname, "../../../../setup"))
|
||||
else:
|
||||
import sys
|
||||
for prefix in [sys.prefix,
|
||||
os.path.join(os.path.dirname(__file__), "../../../..")]:
|
||||
os.path.join(os.path.dirname(__file__), "../../../../..")]:
|
||||
for suffix in ["share/setup", "share/samba/setup", "setup"]:
|
||||
ret = os.path.normpath(os.path.join(prefix, suffix))
|
||||
if os.path.isdir(ret):
|
||||
@ -469,7 +469,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
|
||||
for x in netbiosname:
|
||||
if x.isalnum() or x in VALID_NETBIOS_CHARS:
|
||||
newnbname = "%s%c" % (newnbname, x)
|
||||
#force the length to be <16
|
||||
# force the length to be <16
|
||||
netbiosname = newnbname[0:15]
|
||||
assert netbiosname is not None
|
||||
netbiosname = netbiosname.upper()
|
||||
@ -751,11 +751,11 @@ def secretsdb_self_join(secretsdb, domain,
|
||||
"privateKeytab"]
|
||||
|
||||
if realm is not None:
|
||||
if dnsdomain is None:
|
||||
dnsdomain = realm.lower()
|
||||
dnsname = '%s.%s' % (netbiosname.lower(), dnsdomain.lower())
|
||||
if dnsdomain is None:
|
||||
dnsdomain = realm.lower()
|
||||
dnsname = '%s.%s' % (netbiosname.lower(), dnsdomain.lower())
|
||||
else:
|
||||
dnsname = None
|
||||
dnsname = None
|
||||
shortname = netbiosname.lower()
|
||||
|
||||
# We don't need to set msg["flatname"] here, because rdn_name will handle
|
||||
@ -764,11 +764,11 @@ def secretsdb_self_join(secretsdb, domain,
|
||||
msg["secureChannelType"] = [str(secure_channel_type)]
|
||||
msg["objectClass"] = ["top", "primaryDomain"]
|
||||
if dnsname is not None:
|
||||
msg["objectClass"] = ["top", "primaryDomain", "kerberosSecret"]
|
||||
msg["realm"] = [realm]
|
||||
msg["saltPrincipal"] = ["host/%s@%s" % (dnsname, realm.upper())]
|
||||
msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
|
||||
msg["privateKeytab"] = ["secrets.keytab"]
|
||||
msg["objectClass"] = ["top", "primaryDomain", "kerberosSecret"]
|
||||
msg["realm"] = [realm]
|
||||
msg["saltPrincipal"] = ["host/%s@%s" % (dnsname, realm.upper())]
|
||||
msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
|
||||
msg["privateKeytab"] = ["secrets.keytab"]
|
||||
|
||||
msg["secret"] = [machinepass]
|
||||
msg["samAccountName"] = ["%s$" % netbiosname]
|
||||
@ -780,10 +780,9 @@ def secretsdb_self_join(secretsdb, domain,
|
||||
# than one record for this SID, realm or netbios domain at a time,
|
||||
# but we don't delete the old record that we are about to modify,
|
||||
# because that would delete the keytab and previous password.
|
||||
res = secretsdb.search(base="cn=Primary Domains",
|
||||
attrs=attrs,
|
||||
expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
|
||||
scope=ldb.SCOPE_ONELEVEL)
|
||||
res = secretsdb.search(base="cn=Primary Domains", attrs=attrs,
|
||||
expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))),
|
||||
scope=ldb.SCOPE_ONELEVEL)
|
||||
|
||||
for del_msg in res:
|
||||
secretsdb.delete(del_msg.dn)
|
||||
@ -929,8 +928,7 @@ def setup_registry(path, setup_path, session_info, lp):
|
||||
:param lp: Loadparm context
|
||||
"""
|
||||
reg = samba.registry.Registry()
|
||||
hive = samba.registry.open_ldb(path, session_info=session_info,
|
||||
lp_ctx=lp)
|
||||
hive = samba.registry.open_ldb(path, session_info=session_info, lp_ctx=lp)
|
||||
reg.mount_hive(hive, samba.registry.HKEY_LOCAL_MACHINE)
|
||||
provision_reg = setup_path("provision.reg")
|
||||
assert os.path.exists(provision_reg)
|
||||
@ -970,8 +968,7 @@ def setup_samdb_rootdse(samdb, setup_path, names):
|
||||
})
|
||||
|
||||
|
||||
def setup_self_join(samdb, names,
|
||||
machinepass, dnspass,
|
||||
def setup_self_join(samdb, names, machinepass, dnspass,
|
||||
domainsid, next_rid, invocationid, setup_path,
|
||||
policyguid, policyguid_dc, domainControllerFunctionality,
|
||||
ntdsguid):
|
||||
@ -1316,6 +1313,7 @@ FILL_DRS = "DRS"
|
||||
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)"
|
||||
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)"
|
||||
|
||||
|
||||
def set_dir_acl(path, acl, lp, domsid):
|
||||
setntacl(lp, path, acl, domsid)
|
||||
for root, dirs, files in os.walk(path, topdown=False):
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
@ -113,7 +113,7 @@ class ExistingBackend(ProvisionBackend):
|
||||
super(ExistingBackend, self).__init__(backend_type=backend_type,
|
||||
paths=paths, setup_path=setup_path, lp=lp,
|
||||
credentials=credentials, names=names, logger=logger,
|
||||
ldap_backend_forced_uri=ldap_backend_forced_uri)
|
||||
ldap_backend_forced_uri=ldapi_uri)
|
||||
|
||||
def init(self):
|
||||
# Check to see that this 'existing' LDAP backend in fact exists
|
||||
@ -134,8 +134,8 @@ class LDAPBackend(ProvisionBackend):
|
||||
|
||||
def __init__(self, backend_type, paths=None, setup_path=None, lp=None,
|
||||
credentials=None, names=None, logger=None, domainsid=None,
|
||||
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
|
||||
ldap_backend_extra_port=None,
|
||||
schema=None, hostname=None, ldapadminpass=None,
|
||||
slapd_path=None, ldap_backend_extra_port=None,
|
||||
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
|
||||
|
||||
super(LDAPBackend, self).__init__(backend_type=backend_type,
|
||||
@ -250,8 +250,9 @@ class LDAPBackend(ProvisionBackend):
|
||||
try:
|
||||
ldapi_db = Ldb(self.ldap_uri, lp=self.lp, credentials=self.credentials)
|
||||
ldapi_db.search(base="", scope=SCOPE_BASE,
|
||||
expression="(objectClass=OpenLDAProotDSE)")
|
||||
# If we have got here, then we must have a valid connection to the LDAP server!
|
||||
expression="(objectClass=OpenLDAProotDSE)")
|
||||
# If we have got here, then we must have a valid connection to
|
||||
# the LDAP server!
|
||||
return
|
||||
except LdbError:
|
||||
time.sleep(1)
|
||||
@ -269,7 +270,7 @@ class LDAPBackend(ProvisionBackend):
|
||||
# and check its proper termination
|
||||
if self.slapd.poll() is None:
|
||||
# Kill the slapd
|
||||
if hasattr(self.slapd, "terminate"):
|
||||
if getattr(self.slapd, "terminate", None) is not None:
|
||||
self.slapd.terminate()
|
||||
else:
|
||||
# Older python versions don't have .terminate()
|
||||
@ -332,7 +333,8 @@ class OpenLDAPBackend(LDAPBackend):
|
||||
# Wipe the directories so we can start
|
||||
shutil.rmtree(os.path.join(self.ldapdir, "db"), True)
|
||||
|
||||
#Allow the test scripts to turn off fsync() for OpenLDAP as for TDB and LDB
|
||||
# Allow the test scripts to turn off fsync() for OpenLDAP as for TDB
|
||||
# and LDB
|
||||
nosync_config = ""
|
||||
if self.nosync:
|
||||
nosync_config = "dbnosync"
|
||||
@ -586,16 +588,19 @@ class FDSBackend(LDAPBackend):
|
||||
self.sambadn = "CN=Samba"
|
||||
|
||||
self.fedoradsinf = os.path.join(self.ldapdir, "fedorads.inf")
|
||||
self.partitions_ldif = os.path.join(self.ldapdir, "fedorads-partitions.ldif")
|
||||
self.partitions_ldif = os.path.join(self.ldapdir,
|
||||
"fedorads-partitions.ldif")
|
||||
self.sasl_ldif = os.path.join(self.ldapdir, "fedorads-sasl.ldif")
|
||||
self.dna_ldif = os.path.join(self.ldapdir, "fedorads-dna.ldif")
|
||||
self.pam_ldif = os.path.join(self.ldapdir, "fedorads-pam.ldif")
|
||||
self.refint_ldif = os.path.join(self.ldapdir, "fedorads-refint.ldif")
|
||||
self.linked_attrs_ldif = os.path.join(self.ldapdir, "fedorads-linked-attributes.ldif")
|
||||
self.linked_attrs_ldif = os.path.join(self.ldapdir,
|
||||
"fedorads-linked-attributes.ldif")
|
||||
self.index_ldif = os.path.join(self.ldapdir, "fedorads-index.ldif")
|
||||
self.samba_ldif = os.path.join(self.ldapdir, "fedorads-samba.ldif")
|
||||
|
||||
self.samba3_schema = self.setup_path("../../examples/LDAP/samba.schema")
|
||||
self.samba3_schema = self.setup_path(
|
||||
"../../examples/LDAP/samba.schema")
|
||||
self.samba3_ldif = os.path.join(self.ldapdir, "samba3.ldif")
|
||||
|
||||
self.retcode = subprocess.call(["bin/oLschema2ldif",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user