s4-provision Use ProvisioningError and the eadb

The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).

The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.

Andrew Bartlett

2 files changed, 27 insertions, 6 deletions

diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 09a66dbf13..aaadb6a418 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -26,7 +26,7 @@ import pwd
 
 from samba import Ldb, registry
 from samba.param import LoadParm
-from samba.provision import provision, FILL_FULL
+from samba.provision import provision, FILL_FULL, ProvisioningError
 from samba.samba3 import passdb
 from samba.samba3 import param as s3param
 from samba.dcerpc import lsa
@@ -414,7 +414,7 @@ def import_registry(samba4_registry, samba3_regdb):
             key_handle.set_value(value_name, value_type, value_data)
 
 
-def upgrade_from_samba3(samba3, logger, targetdir, session_info=None):
+def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=False):
     """Upgrade from samba3 database to samba4 AD database
 
     :param samba3: samba3 object
@@ -445,8 +445,7 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None):
 
     if not realm:
         if serverrole == "domain controller":
-            logger.warning("No realm specified in smb.conf file and being a DC. That upgrade path doesn't work! Please add a 'realm' directive to your old smb.conf to let us know which one you want to use (generally it's the upcased DNS domainname).")
-            return
+            raise ProvisioningError("No realm specified in smb.conf file and being a DC. That upgrade path doesn't work! Please add a 'realm' directive to your old smb.conf to let us know which one you want to use (it is the DNS name of the AD domain you wish to create.")
         else:
             realm = domainname.upper()
             logger.warning("No realm specified in smb.conf file, assuming '%s'",
@@ -554,7 +553,8 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None):
                        domainsid=str(domainsid), next_rid=next_rid,
                        dc_rid=machinerid,
                        hostname=netbiosname, machinepass=machinepass,
-                       serverrole=serverrole, samdb_fill=FILL_FULL)
+                       serverrole=serverrole, samdb_fill=FILL_FULL,
+                       useeadb=useeadb)
 
     # Import WINS database
     logger.info("Importing WINS database")
diff --git a/source4/setup/upgrade_from_s3 b/source4/setup/upgrade_from_s3
index 81609e0349..6aaf99d8c6 100755
--- a/source4/setup/upgrade_from_s3
+++ b/source4/setup/upgrade_from_s3
@@ -19,6 +19,7 @@
 import logging
 import optparse
 import os, sys
+import tempfile
 
 # Find right directory when running from source tree
 sys.path.insert(0, "bin/python")
@@ -29,6 +30,7 @@ from samba.auth import system_session
 from samba.upgrade import upgrade_from_samba3
 from samba.samba3 import Samba3
 from samba.samba3 import param as s3param
+from samba.provision import ProvisioningError
 
 def get_testparm_var(testparm, varname):
     cmd = "%s -s -l --parameter-name='%s' 2>/dev/null" % (testparm, varname)
@@ -51,6 +53,7 @@ parser.add_option("--libdir", type="string", metavar="DIR",
                   help="samba3 database directory")
 parser.add_option("--testparm", type="string", metavar="PATH",
                   help="samba3 testparm utility")
+parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
 
 opts, args = parser.parse_args()
 
@@ -88,6 +91,20 @@ else:
 
 s3conf = s3param.get_context()
 
+eadb = True
+if opts.use_xattrs == "yes":
+	eadb = False
+elif opts.use_xattrs == "auto" and not s3conf.get("posix:eadb"):
+	file = tempfile.NamedTemporaryFile()
+	try:
+		samba.ntacls.setntacl(lp, file.name,
+			"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
+		eadb = False
+	except:
+		logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
+			    "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
+	file.close()
+
 # Set correct default values from libdir or testparm
 paths = {}
 if libdir:
@@ -108,4 +125,8 @@ s3conf.load(smbconf)
 samba3 = Samba3(smbconf, s3conf)
 
 logger.info("Provisioning")
-upgrade_from_samba3(samba3, logger, targetdir, session_info=system_session())
+try:
+    upgrade_from_samba3(samba3, logger, targetdir, session_info=system_session(), useeadb=eadb)
+except ProvisioningError, e:
+	print str(e)
+	exit(1)