summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsource4/scripting/bin/upgradeprovision139
1 files changed, 68 insertions, 71 deletions
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 6e47897c64..da827ace42 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -141,10 +141,10 @@ if setup_dir is None:
session = system_session()
# simple helper to allow back and forth rename
-def identic_rename(ldb,dn):
+def identic_rename(ldbobj,dn):
(before,sep,after)=str(dn).partition('=')
- ldb.rename(dn,ldb.Dn(ldb,"%s=foo%s"%(before,after)))
- ldb.rename(ldb.Dn(ldb,"%s=foo%s"%(before,after)),dn)
+ ldbobj.rename(dn,ldb.Dn(ldbobj,"%s=foo%s"%(before,after)))
+ ldbobj.rename(ldb.Dn(ldbobj,"%s=foo%s"%(before,after)),dn)
# Create an array of backlinked attributes
def populate_backlink(newpaths,creds,session,schemadn):
@@ -197,16 +197,16 @@ def guess_names_from_current_provision(credentials,session_info,paths):
# That's a bit simplistic but it's ok as long as we have only 3 partitions
attrs2 = ["defaultNamingContext", "schemaNamingContext","configurationNamingContext","rootDomainNamingContext"]
- res2 = samdb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
+ current = samdb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
- names.configdn = res2[0]["configurationNamingContext"]
+ names.configdn = current[0]["configurationNamingContext"]
configdn = str(names.configdn)
- names.schemadn = res2[0]["schemaNamingContext"]
- if not (ldb.Dn(samdb, basedn) == (ldb.Dn(samdb, res2[0]["defaultNamingContext"][0]))):
- raise ProvisioningError(("basedn in %s (%s) and from %s (%s) is not the same ..." % (paths.samdb, str(res2[0]["defaultNamingContext"][0]), paths.smbconf, basedn)))
+ names.schemadn = current[0]["schemaNamingContext"]
+ if not (ldb.Dn(samdb, basedn) == (ldb.Dn(samdb, current[0]["defaultNamingContext"][0]))):
+ raise ProvisioningError(("basedn in %s (%s) and from %s (%s) is not the same ..." % (paths.samdb, str(current[0]["defaultNamingContext"][0]), paths.smbconf, basedn)))
- names.domaindn=res2[0]["defaultNamingContext"]
- names.rootdn=res2[0]["rootDomainNamingContext"]
+ names.domaindn=current[0]["defaultNamingContext"]
+ names.rootdn=current[0]["rootDomainNamingContext"]
# default site name
attrs3 = ["cn"]
res3= samdb.search(expression="(objectClass=*)",base="CN=Sites,"+configdn, scope=SCOPE_ONELEVEL, attrs=attrs3)
@@ -412,28 +412,28 @@ def update_secrets(newpaths,paths,creds,session):
message(SIMPLE,"update secrets.ldb")
newsecrets_ldb = Ldb(newpaths.secrets, session_info=session, credentials=creds,lp=lp)
secrets_ldb = Ldb(paths.secrets, session_info=session, credentials=creds,lp=lp, options=["modules:samba_secrets"])
- res = newsecrets_ldb.search(expression="dn=@MODULES",base="", scope=SCOPE_SUBTREE)
- res2 = secrets_ldb.search(expression="dn=@MODULES",base="", scope=SCOPE_SUBTREE)
- delta = secrets_ldb.msg_diff(res2[0],res[0])
- delta.dn = res2[0].dn
+ reference = newsecrets_ldb.search(expression="dn=@MODULES",base="", scope=SCOPE_SUBTREE)
+ current = secrets_ldb.search(expression="dn=@MODULES",base="", scope=SCOPE_SUBTREE)
+ delta = secrets_ldb.msg_diff(current[0],reference[0])
+ delta.dn = current[0].dn
secrets_ldb.modify(delta)
newsecrets_ldb = Ldb(newpaths.secrets, session_info=session, credentials=creds,lp=lp)
secrets_ldb = Ldb(paths.secrets, session_info=session, credentials=creds,lp=lp)
- res = newsecrets_ldb.search(expression="objectClass=top",base="", scope=SCOPE_SUBTREE,attrs=["dn"])
- res2 = secrets_ldb.search(expression="objectClass=top",base="", scope=SCOPE_SUBTREE,attrs=["dn"])
+ reference = newsecrets_ldb.search(expression="objectClass=top",base="", scope=SCOPE_SUBTREE,attrs=["dn"])
+ current = secrets_ldb.search(expression="objectClass=top",base="", scope=SCOPE_SUBTREE,attrs=["dn"])
hash_new = {}
hash = {}
listMissing = []
listPresent = []
empty = ldb.Message()
- for i in range(0,len(res)):
- hash_new[str(res[i]["dn"]).lower()] = res[i]["dn"]
+ for i in range(0,len(reference)):
+ hash_new[str(reference[i]["dn"]).lower()] = reference[i]["dn"]
# Create a hash for speeding the search of existing object in the current provision
- for i in range(0,len(res2)):
- hash[str(res2[i]["dn"]).lower()] = res2[i]["dn"]
+ for i in range(0,len(current)):
+ hash[str(current[i]["dn"]).lower()] = current[i]["dn"]
for k in hash_new.keys():
if not hash.has_key(k):
@@ -441,21 +441,21 @@ def update_secrets(newpaths,paths,creds,session):
else:
listPresent.append(hash_new[k])
for entry in listMissing:
- res = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
- res2 = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
- delta = secrets_ldb.msg_diff(empty,res[0])
+ reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
+ current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
+ delta = secrets_ldb.msg_diff(empty,reference[0])
for att in hashAttrNotCopied.keys():
delta.remove(att)
- message(CHANGE,"Entry %s is missing from secrets.ldb"%res[0].dn)
+ message(CHANGE,"Entry %s is missing from secrets.ldb"%reference[0].dn)
for att in delta:
message(CHANGE," Adding attribute %s"%att)
- delta.dn = res[0].dn
+ delta.dn = reference[0].dn
secrets_ldb.add(delta)
for entry in listPresent:
- res = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
- res2 = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
- delta = secrets_ldb.msg_diff(res2[0],res[0])
+ reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
+ current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
+ delta = secrets_ldb.msg_diff(current[0],reference[0])
i=0
for att in hashAttrNotCopied.keys():
delta.remove(att)
@@ -463,25 +463,25 @@ def update_secrets(newpaths,paths,creds,session):
i = i + 1
if att == "name":
- message(CHANGE,"Found attribute name on %s, must rename the DN "%(res2[0].dn))
- identic_rename(secrets_ldb,res[0].dn)
+ message(CHANGE,"Found attribute name on %s, must rename the DN "%(current[0].dn))
+ identic_rename(secrets_ldb,reference[0].dn)
else:
delta.remove(att)
for entry in listPresent:
- res = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
- res2 = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
- delta = secrets_ldb.msg_diff(res2[0],res[0])
+ reference = newsecrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
+ current = secrets_ldb.search(expression="dn=%s"%entry,base="", scope=SCOPE_SUBTREE)
+ delta = secrets_ldb.msg_diff(current[0],reference[0])
i=0
for att in hashAttrNotCopied.keys():
delta.remove(att)
for att in delta:
i = i + 1
if att != "dn":
- message(CHANGE," Adding/Changing attribute %s to %s"%(att,res2[0].dn))
+ message(CHANGE," Adding/Changing attribute %s to %s"%(att,current[0].dn))
- delta.dn = res2[0].dn
+ delta.dn = current[0].dn
secrets_ldb.modify(delta)
@@ -495,27 +495,27 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
hashallSD = {}
listMissing = []
listPresent = []
- res = []
- res2 = []
+ reference = []
+ current = []
# Connect to the reference provision and get all the attribute in the partition referred by name
newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp, options=["modules:samba_dsdb"])
sam_ldb.transaction_start()
if ischema:
- res = newsam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"])
- res2 = sam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"])
+ reference = newsam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"])
+ current = sam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"])
else:
- res = newsam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"])
- res2 = sam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"])
+ reference = newsam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"])
+ current = sam_ldb.search(expression="objectClass=*",base=basedn, scope=SCOPE_SUBTREE,attrs=["dn"],controls=["search_options:1:2"])
sam_ldb.transaction_commit()
# Create a hash for speeding the search of new object
- for i in range(0,len(res)):
- hash_new[str(res[i]["dn"]).lower()] = res[i]["dn"]
+ for i in range(0,len(reference)):
+ hash_new[str(reference[i]["dn"]).lower()] = reference[i]["dn"]
# Create a hash for speeding the search of existing object in the current provision
- for i in range(0,len(res2)):
- hash[str(res2[i]["dn"]).lower()] = res2[i]["dn"]
+ for i in range(0,len(current)):
+ hash[str(current[i]["dn"]).lower()] = current[i]["dn"]
for k in hash_new.keys():
if not hash.has_key(k):
@@ -548,8 +548,8 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
empty = ldb.Message()
message(SIMPLE,"There are %d missing objects"%(len(listMissing)))
for dn in listMissing:
- res = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
- delta = sam_ldb.msg_diff(empty,res[0])
+ reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
+ delta = sam_ldb.msg_diff(empty,reference[0])
for att in hashAttrNotCopied.keys():
delta.remove(att)
for att in backlinked:
@@ -560,17 +560,14 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
changed = 0
for dn in listPresent:
- res = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
- res2 = sam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
- if ((str(res2[0].dn) != str(res[0].dn)) and (str(res2[0].dn).upper() == str(res[0].dn).upper())):
- message(CHANGE,"Name are the same but case change, let's rename %s to %s"%(str(res2[0].dn),str(res[0].dn)))
- (before,sep,after)=str(res2[0].dn).partition('=')
- sam_ldb.rename(res2[0].dn,ldb.Dn(sam_ldb,"%s=foo%s"%(before,after)))
- sam_ldb.rename(ldb.Dn(sam_ldb,"%s=foo%s"%(before,after)),res[0].dn)
-
- res = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
-
- delta = sam_ldb.msg_diff(res2[0],res[0])
+ reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
+ current = sam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
+ if ((str(current[0].dn) != str(reference[0].dn)) and (str(current[0].dn).upper() == str(reference[0].dn).upper())):
+ message(CHANGE,"Name are the same but case change, let's rename %s to %s"%(str(current[0].dn),str(reference[0].dn)))
+ identic_rename(sam_ldb,reference[0].dn)
+ current = sam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
+
+ delta = sam_ldb.msg_diff(current[0],reference[0])
for att in hashAttrNotCopied.keys():
delta.remove(att)
for att in backlinked:
@@ -585,20 +582,20 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
if att == "name":
delta.remove(att)
continue
- if handle_security_desc(ischema,att,msgElt,hashallSD,res2,res):
+ if handle_security_desc(ischema,att,msgElt,hashallSD,current,reference):
delta.remove(att)
continue
if (not hashOverwrittenAtt.has_key(att) or not (hashOverwrittenAtt.get(att)&2^msgElt.flags())):
- if handle_special_case(att,delta,res,res2,ischema)==0 and msgElt.flags()!=ldb.FLAG_MOD_ADD:
+ if handle_special_case(att,delta,reference,current,ischema)==0 and msgElt.flags()!=ldb.FLAG_MOD_ADD:
i = 0
if opts.debugchange:
message(CHANGE, "dn= "+str(dn)+ " "+att + " with flag "+str(msgElt.flags())+ " is not allowed to be changed/removed, I discard this change ...")
- for e in range(0,len(res2[0][att])):
- message(CHANGE,"old %d : %s"%(i,str(res2[0][att][e])))
+ for e in range(0,len(current[0][att])):
+ message(CHANGE,"old %d : %s"%(i,str(current[0][att][e])))
if msgElt.flags() == 2:
i = 0
- for e in range(0,len(res[0][att])):
- message(CHANGE,"new %d : %s"%(i,str(res[0][att][e])))
+ for e in range(0,len(reference[0][att])):
+ message(CHANGE,"new %d : %s"%(i,str(reference[0][att][e])))
delta.remove(att)
delta.dn = dn
if len(delta.items()) >1:
@@ -615,16 +612,16 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
def check_updated_sd(newpaths,paths,creds,session,names):
newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
- res = newsam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
- res2 = sam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
+ reference = newsam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
+ current = sam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
hash_new = {}
- for i in range(0,len(res)):
- hash_new[str(res[i]["dn"]).lower()] = ndr_unpack(security.descriptor,str(res[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
+ for i in range(0,len(reference)):
+ hash_new[str(reference[i]["dn"]).lower()] = ndr_unpack(security.descriptor,str(reference[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
- for i in range(0,len(res2)):
- key = str(res2[i]["dn"]).lower()
+ for i in range(0,len(current)):
+ key = str(current[i]["dn"]).lower()
if hash_new.has_key(key):
- sddl = ndr_unpack(security.descriptor,str(res2[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
+ sddl = ndr_unpack(security.descriptor,str(current[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
if sddl != hash_new[key]:
print "%s new sddl/sddl in ref"%key
print "%s\n%s"%(sddl,hash_new[key])