From 787a6aacc3003731784b29fd92c683036c8730a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 16 Feb 2013 21:58:57 +1100 Subject: samba_upgradeprovision: Remove auto-detection of pre-alpha9 databases These are incredibly rare, and administrators running such databases not only ask the Samba Team for help personally, they can read --help. Andrew Bartlett Reviewed-by: Stefan Metzmacher --- selftest/knownfail | 6 ++++-- source4/scripting/bin/samba_upgradeprovision | 11 ++++++----- testprogs/blackbox/upgradeprovision-oldrelease.sh | 5 +---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index 80c27ae0e1..180a543f79 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -159,8 +159,10 @@ ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 ^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change ^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database -^samba4.blackbox.upgradeprovision.*.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right -^samba4.blackbox.upgradeprovision.*.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right +^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right +^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right +^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right +^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right ^samba3.smb2.create.gentest ^samba3.smb2.create.blob ^samba3.smb2.create.open diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index 25c3ac2501..36f6a60068 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -191,6 +191,8 @@ parser.add_option("--db_backup_only", action="store_true", help="Do the backup of the database in the provision, skip the sysvol / netlogon shares") parser.add_option("--full", action="store_true", help="Perform full upgrade of the samdb (schema, configuration, new objects, ...") +parser.add_option("--very-old-pre-alpha9", action="store_true", + help="Perform additional forced SD resets required for a database from before Samba 4.0.0alpha9.") opts = parser.parse_args()[0] @@ -1591,9 +1593,8 @@ def sync_calculated_attributes(samdb, names): # and this database has not changed between 2009 and Samba 4.0.3 in Feb 2013 (at least) # 10)get the oemInfo field, this field contains information about the different # provision that have been done -# 11)Depending on whether oemInfo has the string "alpha9" or alphaxx (x as an -# integer) or none of this the following things are done -# A) When alpha9 or alphaxx is present +# 11)Depending on if the --very-old-pre-alpha9 flag is set the following things are done +# A) When alpha9 or alphaxx not specified (default) # The base sam.ldb file is updated by looking at the difference between # referrence one and the current one. Everything is copied with the # exception of lastProvisionUSN attributes. @@ -1819,7 +1820,7 @@ if __name__ == '__main__': deltaattr = None # 11) message(GUESS, oem) - if oem is None or hasATProvision(ldbs.sam) or re.match(".*alpha((9)|(\d\d+)).*", str(oem)): + if oem is None or hasATProvision(ldbs.sam) or not opts.very_old_pre_alpha9: # 11) A # Starting from alpha9 we can consider that the structure is quite ok # and that we should do only dela @@ -1918,7 +1919,7 @@ if __name__ == '__main__': # 16) SD should be created with admin but as some previous acl were so wrong # that admin can't modify them we have first to recreate them with the good # form but with system account and then give the ownership to admin ... - if str(oem) != "" and not re.match(r'.*alpha(9|\d\d+)', str(oem)): + if opts.very_old_pre_alpha9: message(SIMPLE, "Fixing very old provision SD") rebuild_sd(ldbs.sam, names) diff --git a/testprogs/blackbox/upgradeprovision-oldrelease.sh b/testprogs/blackbox/upgradeprovision-oldrelease.sh index 593babcd5a..93565a1c1f 100755 --- a/testprogs/blackbox/upgradeprovision-oldrelease.sh +++ b/testprogs/blackbox/upgradeprovision-oldrelease.sh @@ -120,10 +120,7 @@ if [ -d $release_dir ]; then testit "upgradeprovision" upgradeprovision testit "upgradeprovision_full" upgradeprovision_full testit "reindex" reindex - # So far, only releases before 4.0.0rc6 need a dbcheck if upgradeprovision has already been run - if [ x$RELEASE != x"release-4-0-0" ]; then - testit_expect_failure "dbcheck" dbcheck - fi + testit_expect_failure "dbcheck" dbcheck testit_expect_failure "dbcheck_full" dbcheck_full testit "dbcheck_clean" dbcheck_clean testit "dbcheck_full_clean" dbcheck_full_clean -- cgit