diff options
-rwxr-xr-x | source4/scripting/bin/upgradeprovision | 124 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 41 | ||||
-rw-r--r-- | source4/scripting/python/samba/tests/provision.py | 2 | ||||
-rw-r--r-- | source4/scripting/python/samba/tests/upgradeprovision.py | 22 | ||||
-rw-r--r-- | source4/scripting/python/samba/tests/upgradeprovisionneeddc.py | 35 | ||||
-rwxr-xr-x | source4/scripting/python/samba/upgradehelpers.py | 39 |
6 files changed, 141 insertions, 122 deletions
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 242d040c7d..1c33132769 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -44,8 +44,8 @@ from ldb import (SCOPE_SUBTREE, SCOPE_BASE, from samba import param from samba.provision import (find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join, - ProvisioningError, getLastProvisionUSN, - get_max_usn, updateProvisionUSN) + ProvisioningError, get_last_provision_usn, + get_max_usn, update_provision_usn) from samba.schema import get_linked_attributes, Schema, get_schema_descriptor from samba.dcerpc import security, drsblobs from samba.ndr import ndr_unpack @@ -298,7 +298,7 @@ def handle_special_case(att, delta, new, old, usn): # We do most of the special case handle if we do not have the # highest usn as otherwise the replPropertyMetaData will guide us more # correctly - if usn == None: + if usn is None: if (att == "member" and flag == FLAG_MOD_REPLACE): hash = {} newval = [] @@ -317,9 +317,9 @@ def handle_special_case(att, delta, new, old, usn): delta.remove(att) return True - if (att == "gPLink" or att == "gPCFileSysPath") and \ - flag == FLAG_MOD_REPLACE and\ - str(new[0].dn).lower() == str(old[0].dn).lower(): + if (att in ("gPLink", "gPCFileSysPath") and + flag == FLAG_MOD_REPLACE and + str(new[0].dn).lower() == str(old[0].dn).lower()): delta.remove(att) return True @@ -330,10 +330,10 @@ def handle_special_case(att, delta, new, old, usn): ref == old and ref == abs(new) return True - if (att == "adminDisplayName" or att == "adminDescription"): + if att in ("adminDisplayName", "adminDescription"): return True - if (str(old[0].dn) == "CN=Samba4-Local-Domain, %s" % (str(names.schemadn))\ + if (str(old[0].dn) == "CN=Samba4-Local-Domain, %s" % (names.schemadn) and att == "defaultObjectCategory" and flag == FLAG_MOD_REPLACE): return True @@ -351,7 +351,7 @@ def handle_special_case(att, delta, new, old, usn): # This is a bit of special animal as we might have added # already SPN entries to the list that has to be modified # So we go in detail to try to find out what has to be added ... - if ( att == "servicePrincipalName" and flag == FLAG_MOD_REPLACE): + if (att == "servicePrincipalName" and flag == FLAG_MOD_REPLACE): hash = {} newval = [] changeDelta=0 @@ -388,24 +388,25 @@ def dump_denied_change(dn, att, flagtxt, current, reference): for e in range(0, len(current)): message(CHANGE, "old %d : %s" % (i, str(current[e]))) i+=1 - if reference != None: + if reference is not None: i = 0 for e in range(0, len(reference)): message(CHANGE, "new %d : %s" % (i, str(reference[e]))) i+=1 else: - message(CHANGE, "old : %s" % str(ndr_unpack( security.dom_sid, current[0]))) - message(CHANGE, "new : %s" % str(ndr_unpack( security.dom_sid, reference[0]))) + message(CHANGE, "old : %s" % ndr_unpack(security.dom_sid, current[0])) + message(CHANGE, "new : %s" % ndr_unpack(security.dom_sid, reference[0])) def handle_special_add(samdb, dn, names): """Handle special operation (like remove) on some object needed during - upgrade + upgrade This is mostly due to wrong creation of the object in previous provision. :param samdb: An Ldb object representing the SAM database :param dn: DN of the object to inspect - :param names: list of key provision parameters""" + :param names: list of key provision parameters + """ dntoremove = None objDn = Dn(samdb, "CN=IIS_IUSRS, CN=Builtin, %s" % names.rootdn) @@ -431,11 +432,11 @@ def handle_special_add(samdb, dn, names): #This entry was misplaced lets remove it if it exists dntoremove = "CN=Event Log Readers, CN=Users, %s" % names.rootdn - objDn = Dn(samdb,"CN=System,CN=WellKnown Security Principals,"\ + objDn = Dn(samdb,"CN=System,CN=WellKnown Security Principals," "CN=Configuration,%s" % names.rootdn) if dn == objDn: - oldDn = Dn(samdb,"CN=Well-Known-Security-Id-System,"\ - "CN=WellKnown Security Principals,"\ + oldDn = Dn(samdb,"CN=Well-Known-Security-Id-System," + "CN=WellKnown Security Principals," "CN=Configuration,%s" % names.rootdn) res = samdb.search(expression="(dn=%s)" % oldDn, @@ -443,23 +444,24 @@ def handle_special_add(samdb, dn, names): scope=SCOPE_SUBTREE, attrs=["dn"], controls=["search_options:1:2"]) if len(res) > 0: - message(CHANGE, "Existing object %s must be replaced by %s,"\ + message(CHANGE, "Existing object %s must be replaced by %s," "Renaming old object" % (str(oldDn), str(dn))) samdb.rename(oldDn, objDn) return 1 - if dntoremove != None: + if dntoremove is not None: res = samdb.search(expression="(dn=%s)" % dntoremove, base=str(names.rootdn), scope=SCOPE_SUBTREE, attrs=["dn"], controls=["search_options:1:2"]) if len(res) > 0: - message(CHANGE, "Existing object %s must be replaced by %s,"\ + message(CHANGE, "Existing object %s must be replaced by %s," "removing old object" % (dntoremove, str(dn))) samdb.delete(res[0]["dn"]) return 0 + def check_dn_nottobecreated(hash, index, listdn): """Check if one of the DN present in the list has a creation order greater than the current. @@ -476,7 +478,7 @@ def check_dn_nottobecreated(hash, index, listdn): :param listdn: List of DNs on which the current DN depends on :return: None if the current object do not depend on other object or if all object have been created before.""" - if listdn == None: + if listdn is None: return None for dn in listdn: key = str(dn).lower() @@ -519,10 +521,10 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index): for att in dn_syntax_att: depend_on_yet_tobecreated = check_dn_nottobecreated(hash, index, delta.get(str(att))) - if depend_on_yet_tobecreated != None: - message(CHANGE, "Object %s depends on %s in attribute %s," \ - "delaying the creation" % (str(dn), \ - depend_on_yet_tobecreated, str(att))) + if depend_on_yet_tobecreated is not None: + message(CHANGE, "Object %s depends on %s in attribute %s," + "delaying the creation" % (dn, + depend_on_yet_tobecreated, att)) return False delta.dn = dn @@ -581,7 +583,7 @@ def add_deletedobj_containers(ref_samdb, samdb, names): attrs=["dn", "wellKnownObjects"]) targetWKO = "%s:%s" % (wkoPrefix, str(reference[0]["dn"])) - found = 0 + found = False if len(res[0]) > 0: wko = res[0]["wellKnownObjects"] @@ -589,7 +591,7 @@ def add_deletedobj_containers(ref_samdb, samdb, names): # The wellKnownObject that we want to add. for o in wko: if str(o) == targetWKO: - found = 1 + found = True listwko.append(str(o)) if not found: @@ -656,7 +658,7 @@ def handle_links(samdb, att, basedn, dn, value, ref_value, delta): blacklist = {} hash = {} newlinklist = [] - changed = 0 + changed = False newlinklist.extend(value) @@ -677,7 +679,7 @@ def handle_links(samdb, att, basedn, dn, value, ref_value, delta): for e in ref_value: if not blacklist.has_key(e) and not hash.has_key(e): newlinklist.append(str(e)) - changed = 1 + changed = True if changed: delta[att] = MessageElement(newlinklist, FLAG_MOD_REPLACE, att) else: @@ -749,7 +751,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): delta.remove("name") - if len(delta.items()) > 1 and usns != None: + if len(delta.items()) > 1 and usns is not None: # Fetch the replPropertyMetaData res = samdb.search(expression="dn=%s" % (str(dn)), base=basedn, scope=SCOPE_SUBTREE, controls=controls, @@ -772,7 +774,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): txt = "" for att in delta: - if usns != None: + if usns is not None: # We have updated by provision usn information so let's exploit # replMetadataProperties if forwardlinked.has_key(att): @@ -807,47 +809,47 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): # was done in handle_special_case continue attrUSN = hash_attr_usn.get(att) - if att == "forceLogoff" and attrUSN == None: + if att == "forceLogoff" and attrUSN is None: continue - if attrUSN == None: + if attrUSN is None: delta.remove(att) continue if attrUSN == -1: # This attribute was last modified by another DC forget # about it - message(CHANGE, "%sAttribute: %s has been" \ + message(CHANGE, "%sAttribute: %s has been" "created/modified/deleted by another DC," " do nothing" % (txt, att )) txt = "" delta.remove(att) continue - elif usn_in_range(int(attrUSN), usns) == 0: - message(CHANGE, "%sAttribute: %s has been" \ - "created/modified/deleted not during a" \ - " provision or upgradeprovision: current" \ + elif not usn_in_range(int(attrUSN), usns): + message(CHANGE, "%sAttribute: %s has been" + "created/modified/deleted not during a" + " provision or upgradeprovision: current" " usn %d , do nothing" % (txt, att, attrUSN)) txt = "" delta.remove(att) continue else: if att == "defaultSecurityDescriptor": - defSDmodified = 1 + defSDmodified = True if attrUSN: - message(CHANGE, "%sAttribute: %s will be modified" \ - "/deleted it was last modified" \ - "during a provision, current usn:" \ + message(CHANGE, "%sAttribute: %s will be modified" + "/deleted it was last modified" + "during a provision, current usn:" "%d" % (txt, att, attrUSN)) txt = "" else: - message(CHANGE, "%sAttribute: %s will be added because" \ + message(CHANGE, "%sAttribute: %s will be added because" " it hasn't existed before " % (txt, att)) txt = "" continue else: # Old school way of handling things for pre alpha12 upgrade - defSDmodified = 1 + defSDmodified = True msgElt = delta.get(att) if att == "nTSecurityDescriptor": @@ -882,9 +884,9 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): delta.dn = dn if len(delta.items()) >1: attributes=", ".join(delta.keys()) - message(CHANGE, "%s is different from the reference one, changed" \ + message(CHANGE, "%s is different from the reference one, changed" " attributes: %s\n" % (dn, attributes)) - changed = changed + 1 + changed += 1 samdb.modify(delta) return changed @@ -1000,7 +1002,7 @@ def check_updated_sd(ref_sam, cur_sam, names): if sddl != hash[key]: txt = get_diff_sddls(hash[key], sddl) if txt != "": - message(CHANGESD, "On object %s ACL is different"\ + message(CHANGESD, "On object %s ACL is different" " \n%s" % (current[i]["dn"], txt)) @@ -1062,7 +1064,7 @@ def rebuild_sd(samdb, names): controls=["search_options:1:2"]) for obj in res: if not (str(obj["dn"]) == str(names.rootdn) or - str(obj["dn"]) == str(names.configdn) or \ + str(obj["dn"]) == str(names.configdn) or str(obj["dn"]) == str(names.schemadn)): hash[str(obj["dn"])] = obj["whenCreated"] @@ -1212,7 +1214,7 @@ def update_machine_account_password(samdb, secrets_ldb, names): key_version_number=kvno, secure_channel_type=secChanType) else: - raise ProvisioningError("Unable to find a Secure Channel" \ + raise ProvisioningError("Unable to find a Secure Channel" "of type SEC_CHAN_BDC") @@ -1356,7 +1358,7 @@ def setup_path(file): if __name__ == '__main__': global defSDmodified - defSDmodified = 0 + defSDmodified = False # From here start the big steps of the program # 1) First get files paths paths = get_paths(param, smbconf=smbconf) @@ -1376,8 +1378,8 @@ if __name__ == '__main__': names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap, paths, smbconf, lp) # 4) - lastProvisionUSNs = getLastProvisionUSN(ldbs.sam) - if lastProvisionUSNs != None: + lastProvisionUSNs = get_last_provision_usn(ldbs.sam) + if lastProvisionUSNs is not None: message(CHANGE, "Find a last provision USN, %d range(s)" % len(lastProvisionUSNs)) @@ -1388,7 +1390,7 @@ if __name__ == '__main__': # ldbs = get_ldbs(paths, creds, adm_session, lp) if not sanitychecks(ldbs.sam, names): - message(SIMPLE, "Sanity checks for the upgrade fails, checks messages" \ + message(SIMPLE, "Sanity checks for the upgrade fails, checks messages" " and correct them before rerunning upgradeprovision") sys.exit(1) @@ -1449,9 +1451,9 @@ if __name__ == '__main__': if opts.full: if not update_samdb(new_ldbs.sam, ldbs.sam, names, lastProvisionUSNs, schema): - message(SIMPLE, "Rollbacking every changes. Check the reason" \ + message(SIMPLE, "Rollbacking every changes. Check the reason" " of the problem") - message(SIMPLE, "In any case your system as it was before" \ + message(SIMPLE, "In any case your system as it was before" " the upgrade") ldbs.groupedRollback() new_ldbs.groupedRollback() @@ -1481,7 +1483,7 @@ if __name__ == '__main__': # 18) We rebuild SD only if defaultSecurityDescriptor is modified # But in fact we should do it also if one object has its SD modified as # child might need rebuild - if defSDmodified == 1: + if defSDmodified: message(SIMPLE, "Updating SD") ldbs.sam.set_session_info(adm_session) # Alpha10 was a bit broken still @@ -1502,21 +1504,21 @@ if __name__ == '__main__': # 21) check_for_DNS(newpaths.private_dir, paths.private_dir) # 22) - if lastProvisionUSNs != None: - updateProvisionUSN(ldbs.sam, minUSN, maxUSN) - if opts.full and (names.policyid == None or names.policyid_dc == None): + if lastProvisionUSNs is not None: + update_provision_usn(ldbs.sam, minUSN, maxUSN) + if opts.full and (names.policyid is None or names.policyid_dc is None): update_policyids(names, ldbs.sam) if opts.full or opts.resetfileacl: try: update_gpo(paths, ldbs.sam, names, lp, message, 1) except ProvisioningError, e: - message(ERROR, "The policy for domain controller is missing," \ + message(ERROR, "The policy for domain controller is missing," " you should restart upgradeprovision with --full") else: try: update_gpo(paths, ldbs.sam, names, lp, message, 0) except ProvisioningError, e: - message(ERROR, "The policy for domain controller is missing," \ + message(ERROR, "The policy for domain controller is missing," " you should restart upgradeprovision with --full") ldbs.groupedCommit() new_ldbs.groupedCommit() diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 5aaa833030..873be6730d 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -81,6 +81,7 @@ def find_setup_dir(): # hard coded at this point, but will probably be changed when # we enable different fsmo roles + def get_config_descriptor(domain_sid): sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ @@ -192,8 +193,10 @@ class ProvisionNames(object): self.sitename = None self.smbconf = None -def updateProvisionUSN(samdb, low, high, replace = 0): + +def update_provision_usn(samdb, low, high, replace=False): """Update the field provisionUSN in sam.ldb + This field is used to track range of USN modified by provision and upgradeprovision. This value is used afterward by next provision to figure out if @@ -203,26 +206,28 @@ def updateProvisionUSN(samdb, low, high, replace = 0): :param low: The lowest USN modified by this upgrade :param high: The highest USN modified by this upgrade :param replace: A boolean indicating if the range should replace any - existing one or appended (default)""" + existing one or appended (default) + """ tab = [] if not replace: entry = samdb.search(expression="(&(dn=@PROVISION)(%s=*))" % \ LAST_PROVISION_USN_ATTRIBUTE, base="", scope=ldb.SCOPE_SUBTREE, - attrs=[LAST_PROVISION_USN_ATTRIBUTE,"dn"]) + attrs=[LAST_PROVISION_USN_ATTRIBUTE, "dn"]) for e in entry[0][LAST_PROVISION_USN_ATTRIBUTE]: tab.append(str(e)) - tab.append("%s-%s"%(str(low), str(high))) + tab.append("%s-%s" % (low, high)) delta = ldb.Message() - delta.dn = ldb.Dn(samdb,"@PROVISION") + delta.dn = ldb.Dn(samdb, "@PROVISION") delta[LAST_PROVISION_USN_ATTRIBUTE] = ldb.MessageElement(tab, ldb.FLAG_MOD_REPLACE, LAST_PROVISION_USN_ATTRIBUTE) samdb.modify(delta) -def setProvisionUSN(samdb, low, high): + +def set_provision_usn(samdb, low, high): """Set the field provisionUSN in sam.ldb This field is used to track range of USN modified by provision and upgradeprovision. @@ -233,14 +238,15 @@ def setProvisionUSN(samdb, low, high): :param low: The lowest USN modified by this upgrade :param high: The highest USN modified by this upgrade""" tab = [] - tab.append("%s-%s"%(str(low), str(high))) + tab.append("%s-%s" % (low, high)) delta = ldb.Message() - delta.dn = ldb.Dn(samdb,"@PROVISION") + delta.dn = ldb.Dn(samdb, "@PROVISION") delta[LAST_PROVISION_USN_ATTRIBUTE] = ldb.MessageElement(tab, ldb.FLAG_MOD_ADD, LAST_PROVISION_USN_ATTRIBUTE) samdb.add(delta) + def get_max_usn(samdb,basedn): """ This function return the biggest USN present in the provision @@ -256,7 +262,7 @@ def get_max_usn(samdb,basedn): "paged_results:1:1"]) return res[0]["uSNChanged"] -def getLastProvisionUSN(sam): +def get_last_provision_usn(sam): """Get the lastest USN modified by a provision or an upgradeprovision :param sam: An LDB object pointing to the sam.ldb @@ -541,7 +547,7 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, privdir = os.path.join(targetdir, "private") else: privdir = default_lp.get("private dir") - posixeadb_line = "posix:eadb = " + os.path.abspath(os.path.join(privdir,"eadb.tdb")) + posixeadb_line = "posix:eadb = " + os.path.abspath(os.path.join(privdir, "eadb.tdb")) else: posixeadb_line = "" @@ -1159,7 +1165,7 @@ def set_gpo_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp): set_dir_acl(policy_path,dsacl2fsacl(POLICIES_ACL, str(domainsid)), lp, str(domainsid)) res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn), - attrs=["cn","nTSecurityDescriptor"], + attrs=["cn", "nTSecurityDescriptor"], expression="", scope=ldb.SCOPE_ONELEVEL) for policy in res: acl = ndr_unpack(security.descriptor, @@ -1322,8 +1328,8 @@ def provision(setup_dir, logger, session_info, if not os.path.exists(paths.private_dir): os.mkdir(paths.private_dir) - if not os.path.exists(os.path.join(paths.private_dir,"tls")): - os.mkdir(os.path.join(paths.private_dir,"tls")) + if not os.path.exists(os.path.join(paths.private_dir, "tls")): + os.mkdir(os.path.join(paths.private_dir, "tls")) ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") @@ -1489,12 +1495,12 @@ def provision(setup_dir, logger, session_info, logger.info("A Kerberos configuration suitable for Samba 4 has been " "generated at %s", paths.krb5conf) - lastProvisionUSNs = getLastProvisionUSN(samdb) + lastProvisionUSNs = get_last_provision_usn(samdb) maxUSN = get_max_usn(samdb, str(names.rootdn)) if lastProvisionUSNs != None: - updateProvisionUSN(samdb, 0, maxUSN, 1) + update_provision_usn(samdb, 0, maxUSN, 1) else: - setProvisionUSN(samdb, 0, maxUSN) + set_provision_usn(samdb, 0, maxUSN) if serverrole == "domain controller": create_dns_update_list(lp, logger, paths, setup_path) @@ -1545,7 +1551,6 @@ def provision(setup_dir, logger, session_info, logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh", provision_backend.ldapdir) - result = ProvisionResult() result.domaindn = domaindn result.paths = paths @@ -1708,6 +1713,7 @@ def create_named_conf(paths, setup_path, realm, dnsdomain, setup_file(setup_path("named.conf.update"), paths.namedconf_update) + def create_named_txt(path, setup_path, realm, dnsdomain, private_dir, keytab_name): """Write out a file containing zone statements suitable for inclusion in a @@ -1729,6 +1735,7 @@ def create_named_txt(path, setup_path, realm, dnsdomain, "PRIVATE_DIR": private_dir }) + def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm): """Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py index b5cc57c4d9..aa4de660a0 100644 --- a/source4/scripting/python/samba/tests/provision.py +++ b/source4/scripting/python/samba/tests/provision.py @@ -40,9 +40,11 @@ def create_dummy_secretsdb(path, lp=None): secrets_ldb.transaction_commit() return secrets_ldb + class ProvisionTestCase(samba.tests.TestCaseInTempDir): """Some simple tests for individual functions in the provisioning code. """ + def test_setup_secretsdb(self): path = os.path.join(self.tempdir, "secrets.ldb") ldb = setup_secretsdb(path, setup_path, None, None, lp=env_loadparm()) diff --git a/source4/scripting/python/samba/tests/upgradeprovision.py b/source4/scripting/python/samba/tests/upgradeprovision.py index f0306fe6a1..e40262b37a 100644 --- a/source4/scripting/python/samba/tests/upgradeprovision.py +++ b/source4/scripting/python/samba/tests/upgradeprovision.py @@ -23,16 +23,13 @@ from samba.upgradehelpers import (usn_in_range, dn_sort, construct_existor_expr) from samba.tests.provision import create_dummy_secretsdb -from samba.tests import env_loadparm, TestCaseInTempDir +from samba.tests import TestCaseInTempDir from samba import Ldb from ldb import SCOPE_SUBTREE import samba.tests -lp = env_loadparm() - def dummymessage(a=None, b=None): - if 0: - print "none" + pass class UpgradeProvisionTestCase(TestCaseInTempDir): @@ -60,7 +57,8 @@ class UpgradeProvisionTestCase(TestCaseInTempDir): self.assertEquals(dn_sort("dc=toto,dc=tata", "cn=foo,dc=toto,dc=tata"), -1) self.assertEquals(dn_sort("cn=bar, dc=toto,dc=tata", - "cn=foo, dc=toto,dc=tata"),-1) + "cn=foo, dc=toto,dc=tata"), -1) + def test_get_diff_sddl(self): sddl = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\ (A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CIIDSA;WP;;;WD)" @@ -75,19 +73,19 @@ class UpgradeProvisionTestCase(TestCaseInTempDir): sddl5 = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\ (A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" - self.assertEquals(get_diff_sddls(sddl, sddl1) ,"") + self.assertEquals(get_diff_sddls(sddl, sddl1), "") txt = get_diff_sddls(sddl, sddl2) - self.assertEquals(txt ,"\tOwner mismatch: SA (in ref) BA(in current)\n") + self.assertEquals(txt, "\tOwner mismatch: SA (in ref) BA(in current)\n") txt = get_diff_sddls(sddl, sddl3) - self.assertEquals(txt ,"\tGroup mismatch: DU (in ref) BA(in current)\n") + self.assertEquals(txt, "\tGroup mismatch: DU (in ref) BA(in current)\n") txt = get_diff_sddls(sddl, sddl4) txtmsg = "\tPart dacl is different between reference and current here\ is the detail:\n\t\t(A;CIID;RPWPCRCCLCLORCWOWDSW;;;BA) ACE is not present in\ the reference\n\t\t(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA) ACE is not present in\ the current\n" - self.assertEquals(txt , txtmsg) + self.assertEquals(txt, txtmsg) txt = get_diff_sddls(sddl, sddl5) - self.assertEquals(txt ,"\tCurrent ACL hasn't a sacl part\n") + self.assertEquals(txt, "\tCurrent ACL hasn't a sacl part\n") def test_construct_existor_expr(self): res = construct_existor_expr([]) @@ -99,7 +97,9 @@ class UpgradeProvisionTestCase(TestCaseInTempDir): res = construct_existor_expr(["foo", "bar"]) self.assertEquals(res, "(|(foo=*)(bar=*))") + class UpdateSecretsTests(samba.tests.TestCaseInTempDir): + def setUp(self): super(UpdateSecretsTests, self).setUp() self.referencedb = create_dummy_secretsdb( diff --git a/source4/scripting/python/samba/tests/upgradeprovisionneeddc.py b/source4/scripting/python/samba/tests/upgradeprovisionneeddc.py index 32d6c0975b..3b0a695d83 100644 --- a/source4/scripting/python/samba/tests/upgradeprovisionneeddc.py +++ b/source4/scripting/python/samba/tests/upgradeprovisionneeddc.py @@ -20,6 +20,8 @@ import os import re import shutil + +from samba import param from samba.credentials import Credentials from samba.auth import system_session from samba.provision import getpolicypath @@ -27,67 +29,66 @@ from samba.upgradehelpers import (get_paths, get_ldbs, find_provision_key_parameters, identic_rename, updateOEMInfo, getOEMInfo, update_gpo, delta_update_basesamdb,search_constructed_attrs_stored) - -from samba.tests.provision import create_dummy_secretsdb -from samba import param from samba.tests import env_loadparm, TestCaseInTempDir +from samba.tests.provision import create_dummy_secretsdb import ldb def dummymessage(a=None, b=None): - if 0: - print "none" + pass -lp = env_loadparm() -smbConfPath = "%s/%s/%s" % (os.environ["SELFTEST_PREFIX"], "dc", "etc/smb.conf") +smb_conf_path = "%s/%s/%s" % (os.environ["SELFTEST_PREFIX"], "dc", "etc/smb.conf") class UpgradeProvisionBasicLdbHelpersTestCase(TestCaseInTempDir): """Some simple tests for individual functions in the provisioning code. """ def test_get_ldbs(self): - paths = get_paths(param, None, smbConfPath) + paths = get_paths(param, None, smb_conf_path) creds = Credentials() + lp = env_loadparm() creds.guess(lp) get_ldbs(paths, creds, system_session(), lp) def test_find_key_param(self): - paths = get_paths(param, None, smbConfPath) + paths = get_paths(param, None, smb_conf_path) creds = Credentials() + lp = env_loadparm() creds.guess(lp) rootdn = "dc=samba,dc=example,dc=com" ldbs = get_ldbs(paths, creds, system_session(), lp) names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap, - paths, smbConfPath, lp) + paths, smb_conf_path, lp) self.assertEquals(names.realm, "SAMBA.EXAMPLE.COM") - self.assertTrue(str(names.rootdn).lower() == rootdn.lower()) + self.assertEquals(str(names.rootdn).lower(), rootdn.lower()) self.assertTrue(names.policyid_dc != None) self.assertTrue(names.ntdsguid != "") class UpgradeProvisionWithLdbTestCase(TestCaseInTempDir): + def _getEmptyDbName(self): return os.path.join(self.tempdir, "sam.ldb") def setUp(self): super(UpgradeProvisionWithLdbTestCase, self).setUp() - paths = get_paths(param, None, smbConfPath) + paths = get_paths(param, None, smb_conf_path) self.creds = Credentials() - self.creds.guess(lp) + self.lp = env_loadparm() + self.creds.guess(self.lp) self.paths = paths - self.ldbs = get_ldbs(paths, self.creds, system_session(), lp) - self.lp = lp + self.ldbs = get_ldbs(paths, self.creds, system_session(), self.lp) self.names = find_provision_key_parameters(self.ldbs.sam, self.ldbs.secrets, - self.ldbs.idmap, paths, smbConfPath, lp) + self.ldbs.idmap, paths, smb_conf_path, self.lp) self.referencedb = create_dummy_secretsdb( os.path.join(self.tempdir, "ref.ldb")) - def test_search_constructed_attrs_stored(self): hashAtt = search_constructed_attrs_stored(self.ldbs.sam, self.names.rootdn, ["msds-KeyVersionNumber"]) self.assertFalse(hashAtt.has_key("msds-KeyVersionNumber")) + def test_identic_rename(self): rootdn = "DC=samba,DC=example,DC=com" diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py index db6ea560a2..5a37dab108 100755 --- a/source4/scripting/python/samba/upgradehelpers.py +++ b/source4/scripting/python/samba/upgradehelpers.py @@ -166,6 +166,7 @@ def get_ldbs(paths, creds, session, lp): return ldbs + def usn_in_range(usn, range): """Check if the usn is in one of the range provided. To do so, the value is checked to be between the lower bound and @@ -174,25 +175,27 @@ def usn_in_range(usn, range): :param usn: A integer value corresponding to the usn that we want to update :param range: A list of integer representing ranges, lower bounds are in the even indices, higher in odd indices - :return: 1 if the usn is in one of the range, 0 otherwise""" + :return: True if the usn is in one of the range, False otherwise + """ idx = 0 - cont = 1 - ok = 0 - while (cont == 1): + cont = True + ok = False + while cont: if idx == len(range): - cont = 0 + cont = False continue if usn < int(range[idx]): if idx %2 == 1: - ok = 1 - cont = 0 + ok = True + cont = False if usn == int(range[idx]): - cont = 0 - ok = 1 + cont = False + ok = True idx = idx + 1 return ok + def get_paths(param, targetdir=None, smbconf=None): """Get paths to important provision objects (smb.conf, ldb files, ...) @@ -237,6 +240,7 @@ def update_policyids(names, samdb): else: names.policyid_dc = None + def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp): """Get key provision parameters (realm, domain, ...) from a given provision @@ -246,8 +250,8 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp) :param paths: A list of path to provision object :param smbconf: Path to the smb.conf file :param lp: A LoadParm object - :return: A list of key provision parameters""" - + :return: A list of key provision parameters + """ names = ProvisionNames() names.adminpass = None @@ -408,16 +412,19 @@ def dn_sort(x, y): return -1 return ret + def identic_rename(ldbobj, dn): """Perform a back and forth rename to trigger renaming on attribute that - can't be directly modified. + can't be directly modified. :param lbdobj: An Ldb Object - :param dn: DN of the object to manipulate """ + :param dn: DN of the object to manipulate + """ (before, sep, after)=str(dn).partition('=') ldbobj.rename(dn, ldb.Dn(ldbobj, "%s=foo%s" % (before, after))) ldbobj.rename(ldb.Dn(ldbobj, "%s=foo%s" % (before, after)), dn) + def chunck_acl(acl): """Return separate ACE of an ACL @@ -659,7 +666,7 @@ def update_gpo(paths, samdb, names, lp, message, force=0): Set ACL correctly also. Check ACLs for sysvol/netlogon dirs also """ - resetacls = 0 + resetacls = False try: ntacls.checkset_backend(lp, None, None) eadbname = lp.get("posix:eadb") @@ -674,10 +681,10 @@ def update_gpo(paths, samdb, names, lp, message, force=0): attribute = samba.xattr_native.wrap_getxattr(paths.sysvol, xattr.XATTR_NTACL_NAME) except: - resetacls = 1 + resetacls = True if force: - resetacls = 1 + resetacls = True dir = getpolicypath(paths.sysvol, names.dnsdomain, names.policyid) if not os.path.isdir(dir): |