summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/provision/__init__.py63
-rw-r--r--source4/scripting/python/samba/tests/provision.py19
2 files changed, 57 insertions, 25 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index aa8736bb3d..d37176007b 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -866,7 +866,6 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp):
return secrets_ldb
-
def setup_privileges(path, session_info, lp):
"""Setup the privileges database.
@@ -930,10 +929,9 @@ def setup_samdb_rootdse(samdb, names):
})
-def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
- domainsid, next_rid, invocationid,
- policyguid, policyguid_dc, domainControllerFunctionality,
- ntdsguid, dc_rid=None):
+def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
+ dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc,
+ domainControllerFunctionality, ntdsguid=None, dc_rid=None):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
if ntdsguid is not None:
@@ -968,7 +966,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn})
- # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
+ # If we are setting up a subdomain, then this has been replicated in, so we
+ # don't need to add it
if fill == FILL_FULL:
setup_add_ldif(samdb, setup_path("provision_self_join_config.ldif"), {
"CONFIGDN": names.configdn,
@@ -987,7 +986,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
domainControllerFunctionality)})
# Setup fSMORoleOwner entries to point at the newly created DC entry
- setup_modify_ldif(samdb, setup_path("provision_self_join_modify_config.ldif"), {
+ setup_modify_ldif(samdb,
+ setup_path("provision_self_join_modify_config.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DEFAULTSITE": names.sitename,
@@ -997,9 +997,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass
system_session_info = system_session()
samdb.set_session_info(system_session_info)
- # Setup fSMORoleOwner entries to point at the newly created DC entry
-
- # to modify a serverReference under cn=config when we are a subdomain, we must
+ # Setup fSMORoleOwner entries to point at the newly created DC entry to
+ # modify a serverReference under cn=config when we are a subdomain, we must
# be system due to ACLs
setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
"DOMAINDN": names.domaindn,
@@ -1029,7 +1028,6 @@ def getpolicypath(sysvolpath, dnsdomain, guid):
:param guid: The GUID of the policy
:return: A string with the complete path to the policy folder
"""
-
if guid[0] != "{":
guid = "{%s}" % guid
policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
@@ -1097,6 +1095,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
return samdb
+
def fill_samdb(samdb, lp, names,
logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
@@ -1519,6 +1518,33 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
samdb.transaction_commit()
+_ROLES_MAP = {
+ "ROLE_STANDALONE": "standalone",
+ "ROLE_DOMAIN_MEMBER": "member server",
+ "ROLE_DOMAIN_BDC": "domain controller",
+ "ROLE_DOMAIN_PDC": "domain controller",
+ "dc": "domain controller",
+ "member": "member server",
+ "domain controller": "domain controller",
+ "member server": "member server",
+ "standalone": "standalone",
+ }
+
+
+def sanitize_server_role(role):
+ """Sanitize a server role name.
+
+ :param role: Server role
+ :raise ValueError: If the role can not be interpreted
+ :return: Sanitized server role (one of "member server",
+ "domain controller", "standalone")
+ """
+ try:
+ return _ROLES_MAP[role]
+ except KeyError:
+ raise ValueError(role)
+
+
def provision(logger, session_info, credentials, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None,
@@ -1538,20 +1564,9 @@ def provision(logger, session_info, credentials, smbconf=None,
:note: caution, this wipes all existing data!
"""
- roles = {}
- roles["ROLE_STANDALONE"] = "standalone"
- roles["ROLE_DOMAIN_MEMBER"] = "member server"
- roles["ROLE_DOMAIN_BDC"] = "domain controller"
- roles["ROLE_DOMAIN_PDC"] = "domain controller"
- roles["dc"] = "domain controller"
- roles["member"] = "member server"
- roles["domain controller"] = "domain controller"
- roles["member server"] = "member server"
- roles["standalone"] = "standalone"
-
try:
- serverrole = roles[serverrole]
- except KeyError:
+ serverrole = sanitize_server_role(serverrole)
+ except ValueError:
raise ProvisioningError('server role (%s) should be one of "domain controller", "member server", "standalone"' % serverrole)
if ldapadminpass is None:
diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py
index dd3e7258a8..4582939090 100644
--- a/source4/scripting/python/samba/tests/provision.py
+++ b/source4/scripting/python/samba/tests/provision.py
@@ -20,7 +20,12 @@
"""Tests for samba.provision."""
import os
-from samba.provision import setup_secretsdb, findnss, ProvisionPaths
+from samba.provision import (
+ ProvisionPaths,
+ sanitize_server_role,
+ setup_secretsdb,
+ findnss,
+ )
import samba.tests
from samba.tests import env_loadparm, TestCase
@@ -115,3 +120,15 @@ class Disabled(object):
raise NotImplementedError(self.test_vampire)
+class SanitizeServerRoleTests(TestCase):
+
+ def test_same(self):
+ self.assertEquals("standalone", sanitize_server_role("standalone"))
+ self.assertEquals("member server",
+ sanitize_server_role("member server"))
+
+ def test_invalid(self):
+ self.assertRaises(ValueError, sanitize_server_role, "foo")
+
+ def test_valid(self):
+ self.assertEquals("standalone", sanitize_server_role("ROLE_STANDALONE"))