From 787a6aacc3003731784b29fd92c683036c8730a7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 16 Feb 2013 21:58:57 +1100
Subject: samba_upgradeprovision: Remove auto-detection of pre-alpha9 databases

These are incredibly rare, and administrators running such databases
not only ask the Samba Team for help personally, they can read --help.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 selftest/knownfail                                |  6 ++++--
 source4/scripting/bin/samba_upgradeprovision      | 11 ++++++-----
 testprogs/blackbox/upgradeprovision-oldrelease.sh |  5 +----
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index 80c27ae0e1..180a543f79 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -159,8 +159,10 @@
 ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
 ^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change
 ^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database
-^samba4.blackbox.upgradeprovision.*.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
-^samba4.blackbox.upgradeprovision.*.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
+^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
+^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
+^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
+^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
 ^samba3.smb2.create.gentest
 ^samba3.smb2.create.blob
 ^samba3.smb2.create.open
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index 25c3ac2501..36f6a60068 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -191,6 +191,8 @@ parser.add_option("--db_backup_only", action="store_true",
                   help="Do the backup of the database in the provision, skip the sysvol / netlogon shares")
 parser.add_option("--full", action="store_true",
                   help="Perform full upgrade of the samdb (schema, configuration, new objects, ...")
+parser.add_option("--very-old-pre-alpha9", action="store_true",
+                  help="Perform additional forced SD resets required for a database from before Samba 4.0.0alpha9.")
 
 opts = parser.parse_args()[0]
 
@@ -1591,9 +1593,8 @@ def sync_calculated_attributes(samdb, names):
 #    and this database has not changed between 2009 and Samba 4.0.3 in Feb 2013 (at least)
 # 10)get the oemInfo field, this field contains information about the different
 #    provision that have been done
-# 11)Depending  on whether oemInfo has the string "alpha9" or alphaxx (x as an
-#    integer) or none of this the following things are done
-#    A) When alpha9 or alphaxx is present
+# 11)Depending on if the --very-old-pre-alpha9 flag is set the following things are done
+#    A) When alpha9 or alphaxx not specified (default)
 #       The base sam.ldb file is updated by looking at the difference between
 #       referrence one and the current one. Everything is copied with the
 #       exception of lastProvisionUSN attributes.
@@ -1819,7 +1820,7 @@ if __name__ == '__main__':
         deltaattr = None
     # 11)
         message(GUESS, oem)
-        if oem is None or hasATProvision(ldbs.sam) or re.match(".*alpha((9)|(\d\d+)).*", str(oem)):
+        if oem is None or hasATProvision(ldbs.sam) or not opts.very_old_pre_alpha9:
             # 11) A
             # Starting from alpha9 we can consider that the structure is quite ok
             # and that we should do only dela
@@ -1918,7 +1919,7 @@ if __name__ == '__main__':
         # 16) SD should be created with admin but as some previous acl were so wrong
         # that admin can't modify them we have first to recreate them with the good
         # form but with system account and then give the ownership to admin ...
-        if str(oem) != "" and not re.match(r'.*alpha(9|\d\d+)', str(oem)):
+        if opts.very_old_pre_alpha9:
             message(SIMPLE, "Fixing very old provision SD")
             rebuild_sd(ldbs.sam, names)
 
diff --git a/testprogs/blackbox/upgradeprovision-oldrelease.sh b/testprogs/blackbox/upgradeprovision-oldrelease.sh
index 593babcd5a..93565a1c1f 100755
--- a/testprogs/blackbox/upgradeprovision-oldrelease.sh
+++ b/testprogs/blackbox/upgradeprovision-oldrelease.sh
@@ -120,10 +120,7 @@ if [ -d $release_dir ]; then
     testit "upgradeprovision" upgradeprovision
     testit "upgradeprovision_full" upgradeprovision_full
     testit "reindex" reindex
-    # So far, only releases before 4.0.0rc6 need a dbcheck if upgradeprovision has already been run
-    if [ x$RELEASE != x"release-4-0-0" ]; then
-	testit_expect_failure "dbcheck" dbcheck
-    fi
+    testit_expect_failure "dbcheck" dbcheck
     testit_expect_failure "dbcheck_full" dbcheck_full
     testit "dbcheck_clean" dbcheck_clean
     testit "dbcheck_full_clean" dbcheck_full_clean
-- 
cgit