diff options
-rw-r--r-- | source4/scripting/python/samba/provision/__init__.py | 63 | ||||
-rw-r--r-- | source4/scripting/python/samba/tests/provision.py | 19 |
2 files changed, 57 insertions, 25 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index aa8736bb3d..d37176007b 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -866,7 +866,6 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp): return secrets_ldb - def setup_privileges(path, session_info, lp): """Setup the privileges database. @@ -930,10 +929,9 @@ def setup_samdb_rootdse(samdb, names): }) -def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass, - domainsid, next_rid, invocationid, - policyguid, policyguid_dc, domainControllerFunctionality, - ntdsguid, dc_rid=None): +def setup_self_join(samdb, admin_session_info, names, fill, machinepass, + dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc, + domainControllerFunctionality, ntdsguid=None, dc_rid=None): """Join a host to its own domain.""" assert isinstance(invocationid, str) if ntdsguid is not None: @@ -968,7 +966,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass "DNSDOMAIN": names.dnsdomain, "DOMAINDN": names.domaindn}) - # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it + # If we are setting up a subdomain, then this has been replicated in, so we + # don't need to add it if fill == FILL_FULL: setup_add_ldif(samdb, setup_path("provision_self_join_config.ldif"), { "CONFIGDN": names.configdn, @@ -987,7 +986,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass domainControllerFunctionality)}) # Setup fSMORoleOwner entries to point at the newly created DC entry - setup_modify_ldif(samdb, setup_path("provision_self_join_modify_config.ldif"), { + setup_modify_ldif(samdb, + setup_path("provision_self_join_modify_config.ldif"), { "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, "DEFAULTSITE": names.sitename, @@ -997,9 +997,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass system_session_info = system_session() samdb.set_session_info(system_session_info) - # Setup fSMORoleOwner entries to point at the newly created DC entry - - # to modify a serverReference under cn=config when we are a subdomain, we must + # Setup fSMORoleOwner entries to point at the newly created DC entry to + # modify a serverReference under cn=config when we are a subdomain, we must # be system due to ACLs setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), { "DOMAINDN": names.domaindn, @@ -1029,7 +1028,6 @@ def getpolicypath(sysvolpath, dnsdomain, guid): :param guid: The GUID of the policy :return: A string with the complete path to the policy folder """ - if guid[0] != "{": guid = "{%s}" % guid policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid) @@ -1097,6 +1095,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names, return samdb + def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, policyguid_dc, fill, adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid, @@ -1519,6 +1518,33 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, samdb.transaction_commit() +_ROLES_MAP = { + "ROLE_STANDALONE": "standalone", + "ROLE_DOMAIN_MEMBER": "member server", + "ROLE_DOMAIN_BDC": "domain controller", + "ROLE_DOMAIN_PDC": "domain controller", + "dc": "domain controller", + "member": "member server", + "domain controller": "domain controller", + "member server": "member server", + "standalone": "standalone", + } + + +def sanitize_server_role(role): + """Sanitize a server role name. + + :param role: Server role + :raise ValueError: If the role can not be interpreted + :return: Sanitized server role (one of "member server", + "domain controller", "standalone") + """ + try: + return _ROLES_MAP[role] + except KeyError: + raise ValueError(role) + + def provision(logger, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, @@ -1538,20 +1564,9 @@ def provision(logger, session_info, credentials, smbconf=None, :note: caution, this wipes all existing data! """ - roles = {} - roles["ROLE_STANDALONE"] = "standalone" - roles["ROLE_DOMAIN_MEMBER"] = "member server" - roles["ROLE_DOMAIN_BDC"] = "domain controller" - roles["ROLE_DOMAIN_PDC"] = "domain controller" - roles["dc"] = "domain controller" - roles["member"] = "member server" - roles["domain controller"] = "domain controller" - roles["member server"] = "member server" - roles["standalone"] = "standalone" - try: - serverrole = roles[serverrole] - except KeyError: + serverrole = sanitize_server_role(serverrole) + except ValueError: raise ProvisioningError('server role (%s) should be one of "domain controller", "member server", "standalone"' % serverrole) if ldapadminpass is None: diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py index dd3e7258a8..4582939090 100644 --- a/source4/scripting/python/samba/tests/provision.py +++ b/source4/scripting/python/samba/tests/provision.py @@ -20,7 +20,12 @@ """Tests for samba.provision.""" import os -from samba.provision import setup_secretsdb, findnss, ProvisionPaths +from samba.provision import ( + ProvisionPaths, + sanitize_server_role, + setup_secretsdb, + findnss, + ) import samba.tests from samba.tests import env_loadparm, TestCase @@ -115,3 +120,15 @@ class Disabled(object): raise NotImplementedError(self.test_vampire) +class SanitizeServerRoleTests(TestCase): + + def test_same(self): + self.assertEquals("standalone", sanitize_server_role("standalone")) + self.assertEquals("member server", + sanitize_server_role("member server")) + + def test_invalid(self): + self.assertRaises(ValueError, sanitize_server_role, "foo") + + def test_valid(self): + self.assertEquals("standalone", sanitize_server_role("ROLE_STANDALONE")) |