summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2010-03-28 22:58:36 +0200
committerJelmer Vernooij <jelmer@samba.org>2010-03-28 22:58:36 +0200
commitba74823c8f42dd3f4f0883163e42888ec35baf32 (patch)
tree338302efb1368e3309e5db5394d8dbd398e5e1df
parentd18d7cfa27a3f2a088c8f3ea9de4f9d8d89fea38 (diff)
downloadsamba-ba74823c8f42dd3f4f0883163e42888ec35baf32.tar.gz
samba-ba74823c8f42dd3f4f0883163e42888ec35baf32.tar.bz2
samba-ba74823c8f42dd3f4f0883163e42888ec35baf32.zip
upgradeprovision: Fix formatting, syntax error.
-rwxr-xr-xsource4/scripting/bin/upgradeprovision37
-rw-r--r--source4/scripting/python/samba/provision.py97
2 files changed, 69 insertions, 65 deletions
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index bdc58c3f59..8f01bd3bf0 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -41,7 +41,7 @@ from ldb import SCOPE_SUBTREE, SCOPE_BASE, \
from samba import param
from samba import glue
from samba.misc import messageEltFlagToString
-from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct
+from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct
from samba.provisionexceptions import ProvisioningError
from samba.schema import get_linked_attributes, Schema, get_schema_descriptor
from samba.dcerpc import security
@@ -871,22 +871,24 @@ def update_machine_account_password(paths, creds, session, names):
def update_gpo(paths,creds,session,names):
- """Create missing GPO file object if needed
+ """Create missing GPO file object if needed
- Set ACL correctly also.
- """
- dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid)
- if not os.path.isdir(dir):
- create_gpo_struct(dir)
-
- dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid_dc)
- if not os.path.isdir(dir):
- create_gpo_struct(dir)
- samdb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
- set_gpo_acl(path.sysvol,names.dnsdomain,names.domainsid,names.domaindn,samdb,lp)
-
-def updateOEMInfo(paths,creds,session,names):
- sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp, options=["modules:samba_dsdb"])
+ Set ACL correctly also.
+ """
+ dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid)
+ if not os.path.isdir(dir):
+ create_gpo_struct(dir)
+
+ dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid_dc)
+ if not os.path.isdir(dir):
+ create_gpo_struct(dir)
+ samdb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
+ set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
+ names.domaindn, samdb, lp)
+
+def updateOEMInfo(paths, creds, session,names):
+ sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds, lp=lp,
+ options=["modules:samba_dsdb"])
res = sam_ldb.search(expression="(objectClass=*)",base=str(names.rootdn),
scope=SCOPE_BASE, attrs=["dn","oEMInformation"])
if len(res) > 0:
@@ -895,7 +897,8 @@ def updateOEMInfo(paths,creds,session,names):
delta = Message()
delta.dn = Dn(sam_ldb,str(res[0]["dn"]))
descr = get_schema_descriptor(names.domainsid)
- delta["oEMInformation"] = MessageElement(info, FLAG_MOD_REPLACE, "oEMInformation" )
+ delta["oEMInformation"] = MessageElement(info, FLAG_MOD_REPLACE,
+ "oEMInformation" )
sam_ldb.modify(delta)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 83e6e02daf..17dc470dec 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -36,7 +36,6 @@ import param
import registry
import urllib
import shutil
-import string
import ldb
@@ -472,7 +471,7 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
"SIDGENERATOR_LINE": sid_generator_line,
"PRIVATEDIR_LINE": privatedir_line,
"LOCKDIR_LINE": lockdir_line,
- "POSIXEADB_LINE": posixeadb_line
+ "POSIXEADB_LINE": posixeadb_line
})
@@ -807,10 +806,11 @@ def setup_self_join(samdb, names,
"NTDSGUID": names.ntdsguid,
"DNSPASS_B64": b64encode(dnspass),
})
-def getpolicypath(sysvolpath,dnsdomain,guid):
- if string.find(guid,"{",0,1) == -1:
- guid = "{%s}"%guid
- policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid )
+
+def getpolicypath(sysvolpath, dnsdomain, guid):
+ if guid[0] != "{":
+ guid = "{%s}" % guid
+ policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
return policy_path
def create_gpo_struct(policy_path):
@@ -820,8 +820,7 @@ def create_gpo_struct(policy_path):
os.makedirs(os.path.join(policy_path, "MACHINE"), 0755)
os.makedirs(os.path.join(policy_path, "USER"), 0755)
-def setup_gpo(sysvolpath,dnsdomain,policyguid,policyguid_dc):
-
+def setup_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):
policy_path = getpolicypath(sysvolpath,dnsdomain,policyguid)
create_gpo_struct(policy_path)
@@ -1037,46 +1036,48 @@ FILL_DRS = "DRS"
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)"
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)"
-def set_dir_acl(path,acl,lp,domsid):
- setntacl(lp,path,acl,domsid)
- for root, dirs, files in os.walk(path, topdown=False):
- for name in files:
- setntacl(lp,os.path.join(root, name),acl,domsid)
- for name in dirs:
- setntacl(lp,os.path.join(root, name),acl,domsid)
-
-def set_gpo_acl(sysvol,dnsdomain,domainsid,domaindn,samdb,lp):
- # Set ACL for GPO
- policy_path = os.path.join(sysvol, dnsdomain, "Policies")
- set_dir_acl(policy_path,dsacl2fsacl(POLICIES_ACL,str(domainsid)),lp,str(domainsid))
- res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn),
- attrs=["cn","nTSecurityDescriptor"],
- expression="", scope=ldb.SCOPE_ONELEVEL)
- for policy in res:
- acl = ndr_unpack(security.descriptor,str(policy["nTSecurityDescriptor"])).as_sddl()
- policy_path = getpolicypath(sysvol,dnsdomain,str(policy["cn"]))
- set_dir_acl(policy_path,dsacl2fsacl(acl,str(domainsid)),lp,str(domainsid))
-
-def setsysvolacl(samdb,netlogon,sysvol,gid,domainsid,dnsdomain,domaindn,lp):
- canchown = 1
- try:
- os.chown(sysvol,-1,gid)
- except:
- canchown = 0
-
- setntacl(lp,sysvol,SYSVOL_ACL,str(domainsid))
- for root, dirs, files in os.walk(sysvol, topdown=False):
- for name in files:
- if canchown:
- os.chown(os.path.join(root, name),-1,gid)
- setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
- for name in dirs:
- if canchown:
- os.chown(os.path.join(root, name),-1,gid)
- setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
- set_gpo_acl(sysvol,dnsdomain,domainsid,domaindn,samdb,lp)
-
-
+def set_dir_acl(path, acl, lp, domsid):
+ setntacl(lp, path, acl, domsid)
+ for root, dirs, files in os.walk(path, topdown=False):
+ for name in files:
+ setntacl(lp, os.path.join(root, name), acl, domsid)
+ for name in dirs:
+ setntacl(lp, os.path.join(root, name), acl, domsid)
+
+
+def set_gpo_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp):
+ # Set ACL for GPO
+ policy_path = os.path.join(sysvol, dnsdomain, "Policies")
+ set_dir_acl(policy_path,dsacl2fsacl(POLICIES_ACL, str(domainsid)),
+ lp, str(domainsid))
+ res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn),
+ attrs=["cn","nTSecurityDescriptor"],
+ expression="", scope=ldb.SCOPE_ONELEVEL)
+ for policy in res:
+ acl = ndr_unpack(security.descriptor,str(policy["nTSecurityDescriptor"])).as_sddl()
+ policy_path = getpolicypath(sysvol,dnsdomain,str(policy["cn"]))
+ set_dir_acl(policy_path,dsacl2fsacl(acl,str(domainsid)),lp,str(domainsid))
+
+def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn,
+ lp):
+ try:
+ os.chown(sysvol,-1,gid)
+ except:
+ canchown = False
+ else:
+ canchown = True
+
+ setntacl(lp,sysvol,SYSVOL_ACL,str(domainsid))
+ for root, dirs, files in os.walk(sysvol, topdown=False):
+ for name in files:
+ if canchown:
+ os.chown(os.path.join(root, name),-1,gid)
+ setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
+ for name in dirs:
+ if canchown:
+ os.chown(os.path.join(root, name),-1,gid)
+ setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
+ set_gpo_acl(sysvol,dnsdomain,domainsid,domaindn,samdb,lp)
def provision(setup_dir, message, session_info,