diff options
Diffstat (limited to 'source4/scripting/bin/upgradeprovision')
-rwxr-xr-x | source4/scripting/bin/upgradeprovision | 124 |
1 files changed, 63 insertions, 61 deletions
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 242d040c7d..1c33132769 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -44,8 +44,8 @@ from ldb import (SCOPE_SUBTREE, SCOPE_BASE, from samba import param from samba.provision import (find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join, - ProvisioningError, getLastProvisionUSN, - get_max_usn, updateProvisionUSN) + ProvisioningError, get_last_provision_usn, + get_max_usn, update_provision_usn) from samba.schema import get_linked_attributes, Schema, get_schema_descriptor from samba.dcerpc import security, drsblobs from samba.ndr import ndr_unpack @@ -298,7 +298,7 @@ def handle_special_case(att, delta, new, old, usn): # We do most of the special case handle if we do not have the # highest usn as otherwise the replPropertyMetaData will guide us more # correctly - if usn == None: + if usn is None: if (att == "member" and flag == FLAG_MOD_REPLACE): hash = {} newval = [] @@ -317,9 +317,9 @@ def handle_special_case(att, delta, new, old, usn): delta.remove(att) return True - if (att == "gPLink" or att == "gPCFileSysPath") and \ - flag == FLAG_MOD_REPLACE and\ - str(new[0].dn).lower() == str(old[0].dn).lower(): + if (att in ("gPLink", "gPCFileSysPath") and + flag == FLAG_MOD_REPLACE and + str(new[0].dn).lower() == str(old[0].dn).lower()): delta.remove(att) return True @@ -330,10 +330,10 @@ def handle_special_case(att, delta, new, old, usn): ref == old and ref == abs(new) return True - if (att == "adminDisplayName" or att == "adminDescription"): + if att in ("adminDisplayName", "adminDescription"): return True - if (str(old[0].dn) == "CN=Samba4-Local-Domain, %s" % (str(names.schemadn))\ + if (str(old[0].dn) == "CN=Samba4-Local-Domain, %s" % (names.schemadn) and att == "defaultObjectCategory" and flag == FLAG_MOD_REPLACE): return True @@ -351,7 +351,7 @@ def handle_special_case(att, delta, new, old, usn): # This is a bit of special animal as we might have added # already SPN entries to the list that has to be modified # So we go in detail to try to find out what has to be added ... - if ( att == "servicePrincipalName" and flag == FLAG_MOD_REPLACE): + if (att == "servicePrincipalName" and flag == FLAG_MOD_REPLACE): hash = {} newval = [] changeDelta=0 @@ -388,24 +388,25 @@ def dump_denied_change(dn, att, flagtxt, current, reference): for e in range(0, len(current)): message(CHANGE, "old %d : %s" % (i, str(current[e]))) i+=1 - if reference != None: + if reference is not None: i = 0 for e in range(0, len(reference)): message(CHANGE, "new %d : %s" % (i, str(reference[e]))) i+=1 else: - message(CHANGE, "old : %s" % str(ndr_unpack( security.dom_sid, current[0]))) - message(CHANGE, "new : %s" % str(ndr_unpack( security.dom_sid, reference[0]))) + message(CHANGE, "old : %s" % ndr_unpack(security.dom_sid, current[0])) + message(CHANGE, "new : %s" % ndr_unpack(security.dom_sid, reference[0])) def handle_special_add(samdb, dn, names): """Handle special operation (like remove) on some object needed during - upgrade + upgrade This is mostly due to wrong creation of the object in previous provision. :param samdb: An Ldb object representing the SAM database :param dn: DN of the object to inspect - :param names: list of key provision parameters""" + :param names: list of key provision parameters + """ dntoremove = None objDn = Dn(samdb, "CN=IIS_IUSRS, CN=Builtin, %s" % names.rootdn) @@ -431,11 +432,11 @@ def handle_special_add(samdb, dn, names): #This entry was misplaced lets remove it if it exists dntoremove = "CN=Event Log Readers, CN=Users, %s" % names.rootdn - objDn = Dn(samdb,"CN=System,CN=WellKnown Security Principals,"\ + objDn = Dn(samdb,"CN=System,CN=WellKnown Security Principals," "CN=Configuration,%s" % names.rootdn) if dn == objDn: - oldDn = Dn(samdb,"CN=Well-Known-Security-Id-System,"\ - "CN=WellKnown Security Principals,"\ + oldDn = Dn(samdb,"CN=Well-Known-Security-Id-System," + "CN=WellKnown Security Principals," "CN=Configuration,%s" % names.rootdn) res = samdb.search(expression="(dn=%s)" % oldDn, @@ -443,23 +444,24 @@ def handle_special_add(samdb, dn, names): scope=SCOPE_SUBTREE, attrs=["dn"], controls=["search_options:1:2"]) if len(res) > 0: - message(CHANGE, "Existing object %s must be replaced by %s,"\ + message(CHANGE, "Existing object %s must be replaced by %s," "Renaming old object" % (str(oldDn), str(dn))) samdb.rename(oldDn, objDn) return 1 - if dntoremove != None: + if dntoremove is not None: res = samdb.search(expression="(dn=%s)" % dntoremove, base=str(names.rootdn), scope=SCOPE_SUBTREE, attrs=["dn"], controls=["search_options:1:2"]) if len(res) > 0: - message(CHANGE, "Existing object %s must be replaced by %s,"\ + message(CHANGE, "Existing object %s must be replaced by %s," "removing old object" % (dntoremove, str(dn))) samdb.delete(res[0]["dn"]) return 0 + def check_dn_nottobecreated(hash, index, listdn): """Check if one of the DN present in the list has a creation order greater than the current. @@ -476,7 +478,7 @@ def check_dn_nottobecreated(hash, index, listdn): :param listdn: List of DNs on which the current DN depends on :return: None if the current object do not depend on other object or if all object have been created before.""" - if listdn == None: + if listdn is None: return None for dn in listdn: key = str(dn).lower() @@ -519,10 +521,10 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index): for att in dn_syntax_att: depend_on_yet_tobecreated = check_dn_nottobecreated(hash, index, delta.get(str(att))) - if depend_on_yet_tobecreated != None: - message(CHANGE, "Object %s depends on %s in attribute %s," \ - "delaying the creation" % (str(dn), \ - depend_on_yet_tobecreated, str(att))) + if depend_on_yet_tobecreated is not None: + message(CHANGE, "Object %s depends on %s in attribute %s," + "delaying the creation" % (dn, + depend_on_yet_tobecreated, att)) return False delta.dn = dn @@ -581,7 +583,7 @@ def add_deletedobj_containers(ref_samdb, samdb, names): attrs=["dn", "wellKnownObjects"]) targetWKO = "%s:%s" % (wkoPrefix, str(reference[0]["dn"])) - found = 0 + found = False if len(res[0]) > 0: wko = res[0]["wellKnownObjects"] @@ -589,7 +591,7 @@ def add_deletedobj_containers(ref_samdb, samdb, names): # The wellKnownObject that we want to add. for o in wko: if str(o) == targetWKO: - found = 1 + found = True listwko.append(str(o)) if not found: @@ -656,7 +658,7 @@ def handle_links(samdb, att, basedn, dn, value, ref_value, delta): blacklist = {} hash = {} newlinklist = [] - changed = 0 + changed = False newlinklist.extend(value) @@ -677,7 +679,7 @@ def handle_links(samdb, att, basedn, dn, value, ref_value, delta): for e in ref_value: if not blacklist.has_key(e) and not hash.has_key(e): newlinklist.append(str(e)) - changed = 1 + changed = True if changed: delta[att] = MessageElement(newlinklist, FLAG_MOD_REPLACE, att) else: @@ -749,7 +751,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): delta.remove("name") - if len(delta.items()) > 1 and usns != None: + if len(delta.items()) > 1 and usns is not None: # Fetch the replPropertyMetaData res = samdb.search(expression="dn=%s" % (str(dn)), base=basedn, scope=SCOPE_SUBTREE, controls=controls, @@ -772,7 +774,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): txt = "" for att in delta: - if usns != None: + if usns is not None: # We have updated by provision usn information so let's exploit # replMetadataProperties if forwardlinked.has_key(att): @@ -807,47 +809,47 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): # was done in handle_special_case continue attrUSN = hash_attr_usn.get(att) - if att == "forceLogoff" and attrUSN == None: + if att == "forceLogoff" and attrUSN is None: continue - if attrUSN == None: + if attrUSN is None: delta.remove(att) continue if attrUSN == -1: # This attribute was last modified by another DC forget # about it - message(CHANGE, "%sAttribute: %s has been" \ + message(CHANGE, "%sAttribute: %s has been" "created/modified/deleted by another DC," " do nothing" % (txt, att )) txt = "" delta.remove(att) continue - elif usn_in_range(int(attrUSN), usns) == 0: - message(CHANGE, "%sAttribute: %s has been" \ - "created/modified/deleted not during a" \ - " provision or upgradeprovision: current" \ + elif not usn_in_range(int(attrUSN), usns): + message(CHANGE, "%sAttribute: %s has been" + "created/modified/deleted not during a" + " provision or upgradeprovision: current" " usn %d , do nothing" % (txt, att, attrUSN)) txt = "" delta.remove(att) continue else: if att == "defaultSecurityDescriptor": - defSDmodified = 1 + defSDmodified = True if attrUSN: - message(CHANGE, "%sAttribute: %s will be modified" \ - "/deleted it was last modified" \ - "during a provision, current usn:" \ + message(CHANGE, "%sAttribute: %s will be modified" + "/deleted it was last modified" + "during a provision, current usn:" "%d" % (txt, att, attrUSN)) txt = "" else: - message(CHANGE, "%sAttribute: %s will be added because" \ + message(CHANGE, "%sAttribute: %s will be added because" " it hasn't existed before " % (txt, att)) txt = "" continue else: # Old school way of handling things for pre alpha12 upgrade - defSDmodified = 1 + defSDmodified = True msgElt = delta.get(att) if att == "nTSecurityDescriptor": @@ -882,9 +884,9 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid): delta.dn = dn if len(delta.items()) >1: attributes=", ".join(delta.keys()) - message(CHANGE, "%s is different from the reference one, changed" \ + message(CHANGE, "%s is different from the reference one, changed" " attributes: %s\n" % (dn, attributes)) - changed = changed + 1 + changed += 1 samdb.modify(delta) return changed @@ -1000,7 +1002,7 @@ def check_updated_sd(ref_sam, cur_sam, names): if sddl != hash[key]: txt = get_diff_sddls(hash[key], sddl) if txt != "": - message(CHANGESD, "On object %s ACL is different"\ + message(CHANGESD, "On object %s ACL is different" " \n%s" % (current[i]["dn"], txt)) @@ -1062,7 +1064,7 @@ def rebuild_sd(samdb, names): controls=["search_options:1:2"]) for obj in res: if not (str(obj["dn"]) == str(names.rootdn) or - str(obj["dn"]) == str(names.configdn) or \ + str(obj["dn"]) == str(names.configdn) or str(obj["dn"]) == str(names.schemadn)): hash[str(obj["dn"])] = obj["whenCreated"] @@ -1212,7 +1214,7 @@ def update_machine_account_password(samdb, secrets_ldb, names): key_version_number=kvno, secure_channel_type=secChanType) else: - raise ProvisioningError("Unable to find a Secure Channel" \ + raise ProvisioningError("Unable to find a Secure Channel" "of type SEC_CHAN_BDC") @@ -1356,7 +1358,7 @@ def setup_path(file): if __name__ == '__main__': global defSDmodified - defSDmodified = 0 + defSDmodified = False # From here start the big steps of the program # 1) First get files paths paths = get_paths(param, smbconf=smbconf) @@ -1376,8 +1378,8 @@ if __name__ == '__main__': names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap, paths, smbconf, lp) # 4) - lastProvisionUSNs = getLastProvisionUSN(ldbs.sam) - if lastProvisionUSNs != None: + lastProvisionUSNs = get_last_provision_usn(ldbs.sam) + if lastProvisionUSNs is not None: message(CHANGE, "Find a last provision USN, %d range(s)" % len(lastProvisionUSNs)) @@ -1388,7 +1390,7 @@ if __name__ == '__main__': # ldbs = get_ldbs(paths, creds, adm_session, lp) if not sanitychecks(ldbs.sam, names): - message(SIMPLE, "Sanity checks for the upgrade fails, checks messages" \ + message(SIMPLE, "Sanity checks for the upgrade fails, checks messages" " and correct them before rerunning upgradeprovision") sys.exit(1) @@ -1449,9 +1451,9 @@ if __name__ == '__main__': if opts.full: if not update_samdb(new_ldbs.sam, ldbs.sam, names, lastProvisionUSNs, schema): - message(SIMPLE, "Rollbacking every changes. Check the reason" \ + message(SIMPLE, "Rollbacking every changes. Check the reason" " of the problem") - message(SIMPLE, "In any case your system as it was before" \ + message(SIMPLE, "In any case your system as it was before" " the upgrade") ldbs.groupedRollback() new_ldbs.groupedRollback() @@ -1481,7 +1483,7 @@ if __name__ == '__main__': # 18) We rebuild SD only if defaultSecurityDescriptor is modified # But in fact we should do it also if one object has its SD modified as # child might need rebuild - if defSDmodified == 1: + if defSDmodified: message(SIMPLE, "Updating SD") ldbs.sam.set_session_info(adm_session) # Alpha10 was a bit broken still @@ -1502,21 +1504,21 @@ if __name__ == '__main__': # 21) check_for_DNS(newpaths.private_dir, paths.private_dir) # 22) - if lastProvisionUSNs != None: - updateProvisionUSN(ldbs.sam, minUSN, maxUSN) - if opts.full and (names.policyid == None or names.policyid_dc == None): + if lastProvisionUSNs is not None: + update_provision_usn(ldbs.sam, minUSN, maxUSN) + if opts.full and (names.policyid is None or names.policyid_dc is None): update_policyids(names, ldbs.sam) if opts.full or opts.resetfileacl: try: update_gpo(paths, ldbs.sam, names, lp, message, 1) except ProvisioningError, e: - message(ERROR, "The policy for domain controller is missing," \ + message(ERROR, "The policy for domain controller is missing," " you should restart upgradeprovision with --full") else: try: update_gpo(paths, ldbs.sam, names, lp, message, 0) except ProvisioningError, e: - message(ERROR, "The policy for domain controller is missing," \ + message(ERROR, "The policy for domain controller is missing," " you should restart upgradeprovision with --full") ldbs.groupedCommit() new_ldbs.groupedCommit() |