r26506: Start running (really trivial) tests for upgrade script.

(This used to be commit 73bd4a9566d15f85a971e3a87cefbec2e2eece1c)

4 files changed, 317 insertions, 321 deletions

diff --git a/source4/scripting/python/samba/tests/upgrade.py b/source4/scripting/python/samba/tests/upgrade.py
index f46d869656..a25743425b 100644
--- a/source4/scripting/python/samba/tests/upgrade.py
+++ b/source4/scripting/python/samba/tests/upgrade.py
@@ -25,4 +25,4 @@ class RegkeyDnTests(TestCase):
         self.assertEquals("hive=NONE", regkey_to_dn(""))
 
     def test_nested(self):
-        self.assertEquals("key=foo,key=bar,hive=NONE", regkey_to_dn("foo/bar"))
+        self.assertEquals("key=bar,key=foo,hive=NONE", regkey_to_dn("foo/bar"))
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 1908e3ea55..783cc008d5 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -11,17 +11,19 @@ from provision import findnss
 import provision
 import grp
 import pwd
-from uuid import uuid4
-from param import default_configuration
+import uuid
 
 def regkey_to_dn(name):
     """Convert a registry key to a DN."""
-	dn = "hive=NONE"
+    dn = "hive=NONE"
 
-    for el in name.split("/")[1:]:
+    if name == "":
+        return dn
+
+    for el in name.split("/"):
         dn = "key=%s," % el + dn
 
-	return dn
+    return dn
 
 # Where prefix is any of:
 # - HKLM
@@ -33,39 +35,39 @@ def regkey_to_dn(name):
 
 def upgrade_registry(regdb,prefix,ldb):
     """Migrate registry contents."""
-    assert regdb is not None:
-	prefix_up = prefix.upper()
-	ldif = []
+    assert regdb is not None
+    prefix_up = prefix.upper()
+    ldif = []
 
     for rk in regdb.keys:
-		pts = rk.name.split("/")
+        pts = rk.name.split("/")
 
-		# Only handle selected hive
+        # Only handle selected hive
         if pts[0].upper() != prefix_up:
-			continue
+            continue
 
-		keydn = regkey_to_dn(rk.name)
+        keydn = regkey_to_dn(rk.name)
 
-		pts = rk.name.split("/")
+        pts = rk.name.split("/")
 
-		# Convert key name to dn
-		ldif[rk.name] = """
+        # Convert key name to dn
+        ldif[rk.name] = """
 dn: %s
 name: %s
 
 """ % (keydn, pts[0])
-		
+        
         for rv in rk.values:
-			ldif[rk.name + " (" + rv.name + ")"] = """
+            ldif[rk.name + " (" + rv.name + ")"] = """
 dn: %s,value=%s
 value: %s
 type: %d
 data:: %s""" % (keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data))
 
-	return ldif
+    return ldif
 
 def upgrade_sam_policy(samba3,dn):
-	ldif = """
+    ldif = """
 dn: %s
 changetype: modify
 replace: minPwdLength
@@ -80,30 +82,30 @@ samba3BadLockoutMinutes: %d
 samba3DisconnectTime: %d
 
 """ % (dn, samba3.policy.min_password_length, 
-	samba3.policy.password_history, samba3.policy.minimum_password_age,
-	samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
-	samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
-	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time)
-	
-	return ldif
+    samba3.policy.password_history, samba3.policy.minimum_password_age,
+    samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
+    samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
+    samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time)
+    
+    return ldif
 
 def upgrade_sam_account(ldb,acc,domaindn,domainsid):
     """Upgrade a SAM account."""
     if acc.nt_username is None or acc.nt_username == "":
-		acc.nt_username = acc.username
+        acc.nt_username = acc.username
 
     if acc.fullname is None:
-		acc.fullname = pwd.getpwnam(acc.fullname)[4]
+        acc.fullname = pwd.getpwnam(acc.fullname)[4]
 
-	acc.fullname = acc.fullname.split(",")[0]
+    acc.fullname = acc.fullname.split(",")[0]
 
     if acc.fullname is None:
-		acc.fullname = acc.username
-	
-	assert acc.fullname is not None
-	assert acc.nt_username is not None
+        acc.fullname = acc.username
+    
+    assert acc.fullname is not None
+    assert acc.nt_username is not None
 
-	ldif = """dn: cn=%s,%s
+    ldif = """dn: cn=%s,%s
 objectClass: top
 objectClass: user
 lastLogon: %d
@@ -136,31 +138,31 @@ acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
-	ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw))
+    ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw))
 
-	return ldif
+    return ldif
 
 def upgrade_sam_group(group,domaindn):
     """Upgrade a SAM group."""
-	if group.sid_name_use == 5: # Well-known group
-		return None
+    if group.sid_name_use == 5: # Well-known group
+        return None
 
     if group.nt_name in ("Domain Guests", "Domain Users", "Domain Admins"):
-		return None
-	
+        return None
+    
     if group.gid == -1:
-		gr = grp.getgrnam(grp.nt_name)
+        gr = grp.getgrnam(grp.nt_name)
     else:
-		gr = grp.getgrgid(grp.gid)
+        gr = grp.getgrgid(grp.gid)
 
     if gr is None:
-		group.unixname = "UNKNOWN"
+        group.unixname = "UNKNOWN"
     else:
-		group.unixname = gr.gr_name
+        group.unixname = gr.gr_name
 
-	assert group.unixname is not None
-	
-	ldif = """dn: cn=%s,%s
+    assert group.unixname is not None
+    
+    ldif = """dn: cn=%s,%s
 objectClass: top
 objectClass: group
 description: %s
@@ -171,11 +173,11 @@ samba3SidNameUse: %d
 """ % (group.nt_name, domaindn, 
 group.comment, group.nt_name, group.sid, group.unixname, group.sid_name_use)
 
-	return ldif
+    return ldif
 
 def upgrade_winbind(samba3,domaindn):
-	ldif = """
-		
+    ldif = """
+        
 dn: dc=none
 userHwm: %d
 groupHwm: %d
@@ -183,48 +185,48 @@ groupHwm: %d
 """ % (samba3.idmap.user_hwm, samba3.idmap.group_hwm)
 
     for m in samba3.idmap.mappings:
-		ldif += """
+        ldif += """
 dn: SID=%s,%s
 SID: %s
 type: %d
 unixID: %d""" % (m.sid, domaindn, m.sid, m.type, m.unix_id)
-	
-	return ldif
+    
+    return ldif
 
 def upgrade_wins(samba3):
     """Upgrade the WINS database."""
-	ldif = ""
-	version_id = 0
+    ldif = ""
+    version_id = 0
 
     for e in samba3.winsentries:
-		now = sys.nttime()
-		ttl = sys.unix2nttime(e.ttl)
+        now = sys.nttime()
+        ttl = sys.unix2nttime(e.ttl)
 
-		version_id+=1
+        version_id+=1
 
         numIPs = len(e.ips)
 
         if e.type == 0x1C:
-			rType = 0x2
+            rType = 0x2
         elif e.type & 0x80:
             if numIPs > 1:
-				rType = 0x2
+                rType = 0x2
             else:
-				rType = 0x1
+                rType = 0x1
         else:
             if numIPs > 1:
-				rType = 0x3
+                rType = 0x3
             else:
-				rType = 0x0
+                rType = 0x0
 
         if ttl > now:
-			rState = 0x0 # active
+            rState = 0x0 # active
         else:
-			rState = 0x1 # released
+            rState = 0x1 # released
 
-		nType = ((e.nb_flags & 0x60)>>5)
+        nType = ((e.nb_flags & 0x60)>>5)
 
-		ldif += """
+        ldif += """
 dn: name=%s,type=0x%02X
 type: 0x%02X
 name: %s
@@ -240,324 +242,322 @@ versionID: %llu
    ldaptime(ttl), version_id)
 
         for ip in e.ips:
-			ldif += "address: %s\n" % ip
+            ldif += "address: %s\n" % ip
 
-	ldif += """
+    ldif += """
 dn: CN=VERSION
 objectClass: winsMaxVersion
 maxVersion: %llu
 """ % version_id
 
-	return ldif
+    return ldif
 
 def upgrade_provision(lp, samba3):
-	subobj = Object()
+    subobj = Object()
 
-	domainname = samba3.configuration.get("workgroup")
-	
+    domainname = samba3.configuration.get("workgroup")
+    
     if domainname is None:
-		domainname = samba3.secrets.domains[0].name
-		print "No domain specified in smb.conf file, assuming '%s'\n" % domainname
-	
-	domsec = samba3.find_domainsecrets(domainname)
-	hostsec = samba3.find_domainsecrets(hostname())
-	realm = samba3.configuration.get("realm")
+        domainname = samba3.secrets.domains[0].name
+        print "No domain specified in smb.conf file, assuming '%s'\n" % domainname
+    
+    domsec = samba3.find_domainsecrets(domainname)
+    hostsec = samba3.find_domainsecrets(hostname())
+    realm = samba3.configuration.get("realm")
 
     if realm is None:
-		realm = domainname
-		print "No realm specified in smb.conf file, assuming '%s'\n" % realm
-	random_init(local)
+        realm = domainname
+        print "No realm specified in smb.conf file, assuming '%s'\n" % realm
+    random_init(local)
 
-	subobj.realm        = realm
-	subobj.domain       = domainname
-	subobj.hostname     = hostname()
+    subobj.realm        = realm
+    subobj.domain       = domainname
+    subobj.hostname     = hostname()
 
-	assert subobj.realm is not None
-	assert subobj.domain is not None
-	assert subobj.hostname is not None
+    assert subobj.realm is not None
+    assert subobj.domain is not None
+    assert subobj.hostname is not None
 
-	subobj.HOSTIP       = hostip()
+    subobj.HOSTIP       = hostip()
     if domsec is not None:
-		subobj.DOMAINGUID   = domsec.guid
-		subobj.DOMAINSID    = domsec.sid
+        subobj.DOMAINGUID   = domsec.guid
+        subobj.DOMAINSID    = domsec.sid
     else:
-		print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname
-		subobj.DOMAINGUID = uuid4()
-		subobj.DOMAINSID = randsid()
-	
+        print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname
+        subobj.DOMAINGUID = uuid.random()
+        subobj.DOMAINSID = randsid()
+    
     if hostsec:
-		subobj.HOSTGUID     = hostsec.guid
+        subobj.HOSTGUID     = hostsec.guid
     else:
-		subobj.HOSTGUID = uuid4()
-	subobj.invocationid = uuid4()
-	subobj.krbtgtpass   = randpass(12)
-	subobj.machinepass  = randpass(12)
-	subobj.adminpass    = randpass(12)
-	subobj.datestring   = datestring()
-	subobj.root         = findnss(pwd.getpwnam, "root")[4]
-	subobj.nobody       = findnss(pwd.getpwnam, "nobody")[4]
-	subobj.nogroup      = findnss(grp.getgrnam, "nogroup", "nobody")[2]
-	subobj.wheel        = findnss(grp.getgrnam, "wheel", "root")[2]
-	subobj.users        = findnss(grp.getgrnam, "users", "guest", "other")[2]
-	subobj.dnsdomain    = subobj.realm.lower()
-	subobj.dnsname      = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain)
-	subobj.basedn       = "DC=" + ",DC=".join(subobj.realm.split("."))
-	rdn_list = subobj.dnsdomain.split(".")
-	subobj.domaindn     = "DC=" + ",DC=".join(rdn_list)
-	subobj.domaindn_ldb = "users.ldb"
-	subobj.rootdn       = subobj.domaindn
-
-	modules_list        = ["rootdse",
-					"kludge_acl",
-					"paged_results",
-					"server_sort",
-					"extended_dn",
-					"asq",
-					"samldb",
-					"password_hash",
-					"operational",
-					"objectclass",
-					"rdn_name",
-					"show_deleted",
-					"partition"]
-	subobj.modules_list = ",".join(modules_list)
-
-	return subobj
+        subobj.HOSTGUID = uuid.random()
+    subobj.invocationid = uuid.random()
+    subobj.krbtgtpass   = randpass(12)
+    subobj.machinepass  = randpass(12)
+    subobj.adminpass    = randpass(12)
+    subobj.datestring   = datestring()
+    subobj.root         = findnss(pwd.getpwnam, "root")[4]
+    subobj.nobody       = findnss(pwd.getpwnam, "nobody")[4]
+    subobj.nogroup      = findnss(grp.getgrnam, "nogroup", "nobody")[2]
+    subobj.wheel        = findnss(grp.getgrnam, "wheel", "root")[2]
+    subobj.users        = findnss(grp.getgrnam, "users", "guest", "other")[2]
+    subobj.dnsdomain    = subobj.realm.lower()
+    subobj.dnsname      = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain)
+    subobj.basedn       = "DC=" + ",DC=".join(subobj.realm.split("."))
+    rdn_list = subobj.dnsdomain.split(".")
+    subobj.domaindn     = "DC=" + ",DC=".join(rdn_list)
+    subobj.domaindn_ldb = "users.ldb"
+    subobj.rootdn       = subobj.domaindn
+
+    modules_list        = ["rootdse",
+                    "kludge_acl",
+                    "paged_results",
+                    "server_sort",
+                    "extended_dn",
+                    "asq",
+                    "samldb",
+                    "password_hash",
+                    "operational",
+                    "objectclass",
+                    "rdn_name",
+                    "show_deleted",
+                    "partition"]
+    subobj.modules_list = ",".join(modules_list)
+
+    return subobj
 
 smbconf_keep = [
-	"dos charset", 
-	"unix charset",
-	"display charset",
-	"comment",
-	"path",
-	"directory",
-	"workgroup",
-	"realm",
-	"netbios name",
-	"netbios aliases",
-	"netbios scope",
-	"server string",
-	"interfaces",
-	"bind interfaces only",
-	"security",
-	"auth methods",
-	"encrypt passwords",
-	"null passwords",
-	"obey pam restrictions",
-	"password server",
-	"smb passwd file",
-	"private dir",
-	"passwd chat",
-	"password level",
-	"lanman auth",
-	"ntlm auth",
-	"client NTLMv2 auth",
-	"client lanman auth",
-	"client plaintext auth",
-	"read only",
-	"hosts allow",
-	"hosts deny",
-	"log level",
-	"debuglevel",
-	"log file",
-	"smb ports",
-	"large readwrite",
-	"max protocol",
-	"min protocol",
-	"unicode",
-	"read raw",
-	"write raw",
-	"disable netbios",
-	"nt status support",
-	"announce version",
-	"announce as",
-	"max mux",
-	"max xmit",
-	"name resolve order",
-	"max wins ttl",
-	"min wins ttl",
-	"time server",
-	"unix extensions",
-	"use spnego",
-	"server signing",
-	"client signing",
-	"max connections",
-	"paranoid server security",
-	"socket options",
-	"strict sync",
-	"max print jobs",
-	"printable",
-	"print ok",
-	"printer name",
-	"printer",
-	"map system",
-	"map hidden",
-	"map archive",
-	"preferred master",
-	"prefered master",
-	"local master",
-	"browseable",
-	"browsable",
-	"wins server",
-	"wins support",
-	"csc policy",
-	"strict locking",
-	"preload",
-	"auto services",
-	"lock dir",
-	"lock directory",
-	"pid directory",
-	"socket address",
-	"copy",
-	"include",
-	"available",
-	"volume",
-	"fstype",
-	"panic action",
-	"msdfs root",
-	"host msdfs",
-	"winbind separator"]
+    "dos charset", 
+    "unix charset",
+    "display charset",
+    "comment",
+    "path",
+    "directory",
+    "workgroup",
+    "realm",
+    "netbios name",
+    "netbios aliases",
+    "netbios scope",
+    "server string",
+    "interfaces",
+    "bind interfaces only",
+    "security",
+    "auth methods",
+    "encrypt passwords",
+    "null passwords",
+    "obey pam restrictions",
+    "password server",
+    "smb passwd file",
+    "private dir",
+    "passwd chat",
+    "password level",
+    "lanman auth",
+    "ntlm auth",
+    "client NTLMv2 auth",
+    "client lanman auth",
+    "client plaintext auth",
+    "read only",
+    "hosts allow",
+    "hosts deny",
+    "log level",
+    "debuglevel",
+    "log file",
+    "smb ports",
+    "large readwrite",
+    "max protocol",
+    "min protocol",
+    "unicode",
+    "read raw",
+    "write raw",
+    "disable netbios",
+    "nt status support",
+    "announce version",
+    "announce as",
+    "max mux",
+    "max xmit",
+    "name resolve order",
+    "max wins ttl",
+    "min wins ttl",
+    "time server",
+    "unix extensions",
+    "use spnego",
+    "server signing",
+    "client signing",
+    "max connections",
+    "paranoid server security",
+    "socket options",
+    "strict sync",
+    "max print jobs",
+    "printable",
+    "print ok",
+    "printer name",
+    "printer",
+    "map system",
+    "map hidden",
+    "map archive",
+    "preferred master",
+    "prefered master",
+    "local master",
+    "browseable",
+    "browsable",
+    "wins server",
+    "wins support",
+    "csc policy",
+    "strict locking",
+    "preload",
+    "auto services",
+    "lock dir",
+    "lock directory",
+    "pid directory",
+    "socket address",
+    "copy",
+    "include",
+    "available",
+    "volume",
+    "fstype",
+    "panic action",
+    "msdfs root",
+    "host msdfs",
+    "winbind separator"]
 
-#
-#   Remove configuration variables not present in Samba4
-#	oldconf: Old configuration structure
-#	mark: Whether removed configuration variables should be 
-#		kept in the new configuration as "samba3:<name>"
 def upgrade_smbconf(oldconf,mark):
-	data = oldconf.data()
-	newconf = param_init()
-
-	for (s in data) {
-		for (p in data[s]) {
-			keep = False
-			for (k in smbconf_keep) { 
+    """Remove configuration variables not present in Samba4
+
+    :param oldconf: Old configuration structure
+    :param mark: Whether removed configuration variables should be 
+        kept in the new configuration as "samba3:<name>"
+    """
+    data = oldconf.data()
+    newconf = param_init()
+
+    for s in data:
+        for p in data[s]:
+            keep = False
+            for k in smbconf_keep:
                 if smbconf_keep[k] == p:
-					keep = True
-					break
-			}
+                    keep = True
+                    break
 
             if keep:
-				newconf.set(s, p, oldconf.get(s, p))
+                newconf.set(s, p, oldconf.get(s, p))
             elif mark:
-				newconf.set(s, "samba3:"+p, oldconf.get(s,p))
-		}
-	}
+                newconf.set(s, "samba3:"+p, oldconf.get(s,p))
 
     if oldconf.get("domain logons") == "True":
-		newconf.set("server role", "domain controller")
+        newconf.set("server role", "domain controller")
     else:
         if oldconf.get("security") == "user":
-			newconf.set("server role", "standalone")
+            newconf.set("server role", "standalone")
         else:
-			newconf.set("server role", "member server")
+            newconf.set("server role", "member server")
 
-	return newconf
+    return newconf
 
 def upgrade(subobj, samba3, message, paths, session_info, credentials):
-	ret = 0
-	lp = loadparm_init()
-	samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials)
+    ret = 0
+    lp = loadparm_init()
+    samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials)
 
-	message("Writing configuration")
-	newconf = upgrade_smbconf(samba3.configuration,True)
-	newconf.save(paths.smbconf)
+    message("Writing configuration")
+    newconf = upgrade_smbconf(samba3.configuration,True)
+    newconf.save(paths.smbconf)
 
-	message("Importing account policies")
-	ldif = upgrade_sam_policy(samba3,subobj.BASEDN)
-	samdb.modify(ldif)
-	regdb = Ldb(paths.hklm)
+    message("Importing account policies")
+    ldif = upgrade_sam_policy(samba3,subobj.BASEDN)
+    samdb.modify(ldif)
+    regdb = Ldb(paths.hklm)
 
-	regdb.modify("
+    regdb.modify("""
 dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE
 replace: type
 type: 4
 replace: data
 data: %d
-" % samba3.policy.refuse_machine_password_change)
+""" % samba3.policy.refuse_machine_password_change)
 
-	message("Importing users")
+    message("Importing users")
     for account in samba3.samaccounts:
-		msg = "... " + account.username
-		ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID)
+        msg = "... " + account.username
+        ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID)
         try:
             samdb.add(ldif)
         except LdbError, e:
             # FIXME: Ignore 'Record exists' errors
-			msg += "... error: " + str(e)
-			ret += 1; 
-		message(msg)
+            msg += "... error: " + str(e)
+            ret += 1; 
+        message(msg)
 
-	message("Importing groups")
+    message("Importing groups")
     for mapping in samba3.groupmappings:
-		msg = "... " + mapping.nt_name
-		ldif = upgrade_sam_group(mapping, subobj.BASEDN)
+        msg = "... " + mapping.nt_name
+        ldif = upgrade_sam_group(mapping, subobj.BASEDN)
         if ldif is not None:
             try:
-			    samdb.add(ldif)
+                samdb.add(ldif)
             except LdbError, e:
                 # FIXME: Ignore 'Record exists' errors
-				msg += "... error: " + str(e)
-				ret += 1
-		message(msg)
+                msg += "... error: " + str(e)
+                ret += 1
+        message(msg)
 
-	message("Importing registry data")
+    message("Importing registry data")
     for hive in ["hkcr","hkcu","hklm","hkpd","hku","hkpt"]:
-		message("... " + hive)
-		regdb = Ldb(paths[hive])
-		ldif = upgrade_registry(samba3.registry, hive, regdb)
-		for (var j in ldif) {
-			var msg = "... ... " + j
+        message("... " + hive)
+        regdb = Ldb(paths[hive])
+        ldif = upgrade_registry(samba3.registry, hive, regdb)
+        for j in ldif:
+            msg = "... ... " + j
             try:
                 regdb.add(ldif[j])
             except LdbError, e:
                 # FIXME: Ignore 'Record exists' errors
-				msg += "... error: " + str(e)
-				ret += 1
-			message(msg)
+                msg += "... error: " + str(e)
+                ret += 1
+            message(msg)
 
-	message("Importing WINS data")
-	winsdb = Ldb(paths.winsdb)
-	ldb_erase(winsdb)
+    message("Importing WINS data")
+    winsdb = Ldb(paths.winsdb)
+    ldb_erase(winsdb)
 
-	ldif = upgrade_wins(samba3)
-	winsdb.add(ldif)
+    ldif = upgrade_wins(samba3)
+    winsdb.add(ldif)
 
-	# figure out ldapurl, if applicable
-	ldapurl = None
-	pdb = samba3.configuration.get_list("passdb backend")
+    # figure out ldapurl, if applicable
+    ldapurl = None
+    pdb = samba3.configuration.get_list("passdb backend")
     if pdb is not None:
         for backend in pdb:
             if len(backend) >= 7 and backend[0:7] == "ldapsam":
                 ldapurl = backend[7:]
 
-	# URL was not specified in passdb backend but ldap /is/ used
+    # URL was not specified in passdb backend but ldap /is/ used
     if ldapurl == "":
-	    ldapurl = "ldap://%s" % samba3.configuration.get("ldap server")
+        ldapurl = "ldap://%s" % samba3.configuration.get("ldap server")
 
-	# Enable samba3sam module if original passdb backend was ldap
+    # Enable samba3sam module if original passdb backend was ldap
     if ldapurl is not None:
-		message("Enabling Samba3 LDAP mappings for SAM database")
+        message("Enabling Samba3 LDAP mappings for SAM database")
 
-		samdb.modify("""
+        samdb.modify("""
 dn: @MODULES
 changetype: modify
 replace: @LIST
 @LIST: samldb,operational,objectguid,rdn_name,samba3sam
 """)
 
-		samdb.add("""
+        samdb.add("""
 dn: @MAP=samba3sam
-@MAP_URL: %s""", ldapurl))
+@MAP_URL: %s""" % ldapurl)
 
-	return ret
+    return ret
 
 def upgrade_verify(subobj, samba3, paths, message):
-	message("Verifying account policies")
+    message("Verifying account policies")
 
-	samldb = Ldb(paths.samdb)
+    samldb = Ldb(paths.samdb)
 
     for account in samba3.samaccounts:
-		msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))")
-		assert(len(msg) >= 1)
-	
-	# FIXME
+        msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))")
+        assert(len(msg) >= 1)
+    
+    # FIXME
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index eaf7276485..f0700a6956 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -294,4 +294,5 @@ then
 	plantest "auth.python" none PYTHONPATH=bin/python:scripting/python:auth/tests/ scripting/bin/subunitrun bindings
 	plantest "security.python" none PYTHONPATH=bin/python:scripting/python:libcli/security/tests/ scripting/bin/subunitrun bindings
 	plantest "param.python" none PYTHONPATH=bin/python:scripting/python:param/tests scripting/bin/subunitrun bindings
+	plantest "upgrade.python" none PYTHONPATH=bin/python:scripting/python scripting/bin/subunitrun samba.tests.upgrade
 fi
diff --git a/source4/setup/provision.py b/source4/setup/provision.py
index c9ee2a9217..c5f29c38ea 100755
--- a/source4/setup/provision.py
+++ b/source4/setup/provision.py
@@ -116,9 +116,9 @@ if opts.realm is None or opts.domain is None or opts.host_name is None:
 # cope with an initially blank smb.conf 
 lp = param.ParamFile()
 lp.read(opts.configfile)
-lp.set_string("realm", opts.realm);
-lp.set_string("workgroup", opts.domain);
-lp.set_string("server role", opts.server_role);
+lp.set_string("realm", opts.realm)
+lp.set_string("workgroup", opts.domain)
+lp.set_string("server role", opts.server_role)
 
 subobj = provision_guess(lp)
 subobj.domain_guid = opts.domain_guid
@@ -160,22 +160,17 @@ if opts.ldap_base:
 	provision_ldapbase(setup_dir, subobj, message, paths)
 	message("Please install the LDIF located in %s, %s and  into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif))
 elif opts.partitions_only:
-	provision_become_dc(setup_dir, subobj, message, False, 
-			            paths, system_session(), creds)
+    provision_become_dc(setup_dir, subobj, message, False, 
+                        paths, system_session(), creds)
 else:
-	provision(lp, setup_dir, subobj, message, opts.blank, paths, 
-			  system_session(), creds, opts.ldap_backend)
-	provision_dns(setup_dir, subobj, message, paths, 
-			      system_session(), creds)
-	message("To reproduce this provision, run with:")
-	message("--realm='" + subobj.realm_conf + "' --domain='" + subobj.domain_conf + "' --domain-guid='" + subobj.domain_guid + "' \\")
-	message("--policy-guid='" + subobj.policyguid + "' --host-name='" + subobj.hostname + "' --host-ip='" + subobj.hostip + "' \\")
-	message("--host-guid='" + subobj.host_guid + "' --invocationid='" + subobj.invocationid + "' \\")
-	message("--adminpass='" + subobj.adminpass + "' --krbtgtpass='" + subobj.krbtgtpass + "' \\")
-	message("--machinepass='" + subobj.machinepass + "' --dnspass='" + subobj.dnspass + "' \\")
-	message("--root='" + subobj.root + "' --nobody='" + subobj.nobody + "' --nogroup-'" + subobj.nogroup + "' \\")
-	message("--wheel='" + subobj.wheel + "' --users='" + subobj.users + "' --server-role='" + subobj.serverrole + "' \\")
-	message("--ldap-backend='" + subobj.ldap_backend + "' --ldap-module='" + subobj.ldapmodule + "' \\")
-	message("--aci='" + subobj.aci + "' \\")
+    provision(lp, setup_dir, subobj, message, opts.blank, paths, 
+              system_session(), creds, opts.ldap_backend)
+    provision_dns(setup_dir, subobj, message, paths, system_session(), creds)
+    message("To reproduce this provision, run with:")
+    def shell_escape(arg):
+        if " " in arg:
+            return '"%s"' % arg
+        return arg
+    message(" ".join([shell_escape(arg) for arg in sys.argv]))
 
 message("All OK")