From 1f28541a241d2dc4c5460344f817d56182a672ce Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 16 Dec 2008 09:21:55 +0100
Subject: s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and
 extended_dn_store.

By splitting the module, the extended_dn_in and extended_dn_store
moudles can use extended_dn_out to actually get the extended DN.  This
avoids code duplication.

The extended_dn_out module also contains a client implementation of
the OpenLDAP dereference control (draft-masarati-ldap-deref-00).

This also introduces a new control
'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module
to return whatever the 'storage format' is.  This allows us to work
with both OpenLDAP (which performs a dereference at run time) and LDB
(which stores the GUID and SID on disk).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/scripting/python/samba/provision.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 823d5e6ff6..9ee77bd376 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -459,8 +459,9 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
                     "ranged_results",
                     "anr",
                     "server_sort",
-                    "extended_dn",
                     "asq",
+                    "extended_dn_store",
+                    "extended_dn_in",
                     "rdn_name",
                     "objectclass",
                     "samldb",
-- 
cgit 


From ebe1e923c862798602b563211ec8c625fc4032ea Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 16 Dec 2008 09:18:21 +0100
Subject: s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference
 depending on the backend

This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*

When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/scripting/python/samba/provision.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 9ee77bd376..5da073c563 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -471,7 +471,8 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
     tdb_modules_list = [
                     "subtree_rename",
                     "subtree_delete",
-                    "linked_attributes"]
+                    "linked_attributes",
+                    "extended_dn_out_ldb"]
     modules_list2 = ["show_deleted",
                     "partition"]
  
@@ -489,11 +490,11 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
     if ldap_backend_type == "fedora-ds":
         backend_modules = ["nsuniqueid", "paged_searches"]
         # We can handle linked attributes here, as we don't have directory-side subtree operations
-        tdb_modules_list = ["linked_attributes"]
+        tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
     elif ldap_backend_type == "openldap":
-        backend_modules = ["normalise", "entryuuid", "paged_searches"]
+        backend_modules = ["entryuuid", "paged_searches"]
         # OpenLDAP handles subtree renames, so we don't want to do any of these things
-        tdb_modules_list = None
+        tdb_modules_list = ["extended_dn_out_dereference"]
     elif ldap_backend is not None:
         raise "LDAP Backend specified, but LDAP Backend Type not specified"
     elif serverrole == "domain controller":
-- 
cgit 


From 7a5b6a2ea194677c59ad6fab0aca3f102b5b2f46 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 18 Dec 2008 17:17:56 +1100
Subject: Handle different failure modes when we wipe the db in provision

We didn't handle the mode where we can't load the main sam.ldb due to
the modules being 'wrong', and when we did remove the file, we didn't
wipe the partitions.
---
 source4/scripting/python/samba/provision.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 5da073c563..95bff74e75 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -432,17 +432,18 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
     """
     assert session_info is not None
 
-    samdb = SamDB(samdb_path, session_info=session_info, 
-                  credentials=credentials, lp=lp)
-
-    # Wipes the database
     try:
+        samdb = SamDB(samdb_path, session_info=session_info, 
+                      credentials=credentials, lp=lp)
+        # Wipes the database
         samdb.erase()
     except:
         os.unlink(samdb_path)
-
-    samdb = SamDB(samdb_path, session_info=session_info, 
-                  credentials=credentials, lp=lp)
+        samdb = SamDB(samdb_path, session_info=session_info, 
+                      credentials=credentials, lp=lp)
+         # Wipes the database
+        samdb.erase()
+        
 
     #Add modules to the list to activate them by default
     #beware often order is important
-- 
cgit 


From 61a2d5c8784a99d4d0419a00375be91a3e9bfc33 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 18 Dec 2008 16:49:33 +0000
Subject: Use plain Python C API for registry module, rather than SWIG.

---
 source4/scripting/python/samba/provision.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 95bff74e75..b81f618a48 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -653,7 +653,7 @@ def setup_registry(path, setup_path, session_info, credentials, lp):
     reg = registry.Registry()
     hive = registry.open_ldb(path, session_info=session_info, 
                          credentials=credentials, lp_ctx=lp)
-    reg.mount_hive(hive, "HKEY_LOCAL_MACHINE")
+    reg.mount_hive(hive, registry.HKEY_LOCAL_MACHINE)
     provision_reg = setup_path("provision.reg")
     assert os.path.exists(provision_reg)
     reg.diff_apply(provision_reg)
-- 
cgit 


From 21702bfcdece4e71dcb4ab50e111911a5777f9a5 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 18 Dec 2008 20:43:05 +0000
Subject: Cope with slight changes in tdb API.

---
 source4/scripting/python/samba/samba3.py | 77 +++++++++++++++++++-------------
 1 file changed, 46 insertions(+), 31 deletions(-)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/samba3.py b/source4/scripting/python/samba/samba3.py
index 0e0c29dac8..a3dac27709 100644
--- a/source4/scripting/python/samba/samba3.py
+++ b/source4/scripting/python/samba/samba3.py
@@ -25,9 +25,28 @@ REGISTRY_VALUE_PREFIX = "SAMBA_REGVAL"
 REGISTRY_DB_VERSION = 1
 
 import os
+import struct
 import tdb
 
 
+def fetch_uint32(tdb, key):
+    try:
+        data = tdb[key]
+    except KeyError:
+        return None
+    assert len(data) == 4
+    return struct.unpack("<L", data)[0]
+
+
+def fetch_int32(tdb, key):
+    try:
+        data = tdb[key]
+    except KeyError:
+        return None
+    assert len(data) == 4
+    return struct.unpack("<l", data)[0]
+
+
 class TdbDatabase(object):
     """Simple Samba 3 TDB database reader."""
     def __init__(self, file):
@@ -60,7 +79,7 @@ class Registry(TdbDatabase):
 
     def keys(self):
         """Return list with all the keys."""
-        return [k.rstrip("\x00") for k in self.tdb.keys() if not k.startswith(REGISTRY_VALUE_PREFIX)]
+        return [k.rstrip("\x00") for k in self.tdb.iterkeys() if not k.startswith(REGISTRY_VALUE_PREFIX)]
 
     def subkeys(self, key):
         """Retrieve the subkeys for the specified key.
@@ -71,7 +90,6 @@ class Registry(TdbDatabase):
         data = self.tdb.get("%s\x00" % key)
         if data is None:
             return []
-        import struct
         (num, ) = struct.unpack("<L", data[0:4])
         keys = data[4:].split("\0")
         assert keys[-1] == ""
@@ -89,7 +107,6 @@ class Registry(TdbDatabase):
         if data is None:
             return {}
         ret = {}
-        import struct
         (num, ) = struct.unpack("<L", data[0:4])
         data = data[4:]
         for i in range(num):
@@ -115,16 +132,16 @@ class PolicyDatabase(TdbDatabase):
         :param file: Path to the file to open.
         """
         super(PolicyDatabase, self).__init__(file)
-        self.min_password_length = self.tdb.fetch_uint32("min password length\x00")
-        self.password_history = self.tdb.fetch_uint32("password history\x00")
-        self.user_must_logon_to_change_password = self.tdb.fetch_uint32("user must logon to change pasword\x00")
-        self.maximum_password_age = self.tdb.fetch_uint32("maximum password age\x00")
-        self.minimum_password_age = self.tdb.fetch_uint32("minimum password age\x00")
-        self.lockout_duration = self.tdb.fetch_uint32("lockout duration\x00")
-        self.reset_count_minutes = self.tdb.fetch_uint32("reset count minutes\x00")
-        self.bad_lockout_minutes = self.tdb.fetch_uint32("bad lockout minutes\x00")
-        self.disconnect_time = self.tdb.fetch_int32("disconnect time\x00")
-        self.refuse_machine_password_change = self.tdb.fetch_uint32("refuse machine password change\x00")
+        self.min_password_length = fetch_uint32(self.tdb, "min password length\x00")
+        self.password_history = fetch_uint32(self.tdb, "password history\x00")
+        self.user_must_logon_to_change_password = fetch_uint32(self.tdb, "user must logon to change pasword\x00")
+        self.maximum_password_age = fetch_uint32(self.tdb, "maximum password age\x00")
+        self.minimum_password_age = fetch_uint32(self.tdb, "minimum password age\x00")
+        self.lockout_duration = fetch_uint32(self.tdb, "lockout duration\x00")
+        self.reset_count_minutes = fetch_uint32(self.tdb, "reset count minutes\x00")
+        self.bad_lockout_minutes = fetch_uint32(self.tdb, "bad lockout minutes\x00")
+        self.disconnect_time = fetch_int32(self.tdb, "disconnect time\x00")
+        self.refuse_machine_password_change = fetch_uint32(self.tdb, "refuse machine password change\x00")
 
         # FIXME: Read privileges as well
 
@@ -143,14 +160,14 @@ MEMBEROF_PREFIX = "MEMBEROF/"
 class GroupMappingDatabase(TdbDatabase):
     """Samba 3 group mapping database reader."""
     def _check_version(self):
-        assert self.tdb.fetch_int32("INFO/version\x00") in (GROUPDB_DATABASE_VERSION_V1, GROUPDB_DATABASE_VERSION_V2)
+        assert fetch_int32(self.tdb, "INFO/version\x00") in (GROUPDB_DATABASE_VERSION_V1, GROUPDB_DATABASE_VERSION_V2)
 
     def groupsids(self):
         """Retrieve the SIDs for the groups in this database.
 
         :return: List with sids as strings.
         """
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith(GROUP_PREFIX):
                 yield k[len(GROUP_PREFIX):].rstrip("\0")
 
@@ -164,14 +181,13 @@ class GroupMappingDatabase(TdbDatabase):
         data = self.tdb.get("%s%s\0" % (GROUP_PREFIX, sid))
         if data is None:
             return data
-        import struct
         (gid, sid_name_use) = struct.unpack("<lL", data[0:8])
         (nt_name, comment, _) = data[8:].split("\0")
         return (gid, sid_name_use, nt_name, comment)
 
     def aliases(self):
         """Retrieve the aliases in this database."""
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith(MEMBEROF_PREFIX):
                 yield k[len(MEMBEROF_PREFIX):].rstrip("\0")
 
@@ -189,17 +205,17 @@ IDMAP_VERSION_V2 = 2
 class IdmapDatabase(TdbDatabase):
     """Samba 3 ID map database reader."""
     def _check_version(self):
-        assert self.tdb.fetch_int32("IDMAP_VERSION\0") == IDMAP_VERSION_V2
+        assert fetch_int32(self.tdb, "IDMAP_VERSION\0") == IDMAP_VERSION_V2
 
     def uids(self):
         """Retrieve a list of all uids in this database."""
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith(IDMAP_USER_PREFIX):
                 yield int(k[len(IDMAP_USER_PREFIX):].rstrip("\0"))
 
     def gids(self):
         """Retrieve a list of all gids in this database."""
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith(IDMAP_GROUP_PREFIX):
                 yield int(k[len(IDMAP_GROUP_PREFIX):].rstrip("\0"))
 
@@ -222,11 +238,11 @@ class IdmapDatabase(TdbDatabase):
 
     def get_user_hwm(self):
         """Obtain the user high-water mark."""
-        return self.tdb.fetch_uint32(IDMAP_HWM_USER)
+        return fetch_uint32(self.tdb, IDMAP_HWM_USER)
 
     def get_group_hwm(self):
         """Obtain the group high-water mark."""
-        return self.tdb.fetch_uint32(IDMAP_HWM_GROUP)
+        return fetch_uint32(self.tdb, IDMAP_HWM_GROUP)
 
 
 class SecretsDatabase(TdbDatabase):
@@ -244,7 +260,7 @@ class SecretsDatabase(TdbDatabase):
         return self.tdb.get("SECRETS/DOMGUID/%s" % host)
 
     def ldap_dns(self):
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith("SECRETS/LDAP_BIND_PW/"):
                 yield k[len("SECRETS/LDAP_BIND_PW/"):].rstrip("\0")
 
@@ -253,7 +269,7 @@ class SecretsDatabase(TdbDatabase):
 
         :return: Iterator over the names of domains in this database.
         """
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith("SECRETS/SID/"):
                 yield k[len("SECRETS/SID/"):].rstrip("\0")
 
@@ -264,10 +280,10 @@ class SecretsDatabase(TdbDatabase):
         return self.tdb.get("SECRETS/AFS_KEYFILE/%s" % host)
 
     def get_machine_sec_channel_type(self, host):
-        return self.tdb.fetch_uint32("SECRETS/MACHINE_SEC_CHANNEL_TYPE/%s" % host)
+        return fetch_uint32(self.tdb, "SECRETS/MACHINE_SEC_CHANNEL_TYPE/%s" % host)
 
     def get_machine_last_change_time(self, host):
-        return self.tdb.fetch_uint32("SECRETS/MACHINE_LAST_CHANGE_TIME/%s" % host)
+        return fetch_uint32(self.tdb, "SECRETS/MACHINE_LAST_CHANGE_TIME/%s" % host)
             
     def get_machine_password(self, host):
         return self.tdb.get("SECRETS/MACHINE_PASSWORD/%s" % host)
@@ -279,7 +295,7 @@ class SecretsDatabase(TdbDatabase):
         return self.tdb.get("SECRETS/$DOMTRUST.ACC/%s" % host)
 
     def trusted_domains(self):
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith("SECRETS/$DOMTRUST.ACC/"):
                 yield k[len("SECRETS/$DOMTRUST.ACC/"):].rstrip("\0")
 
@@ -296,7 +312,7 @@ SHARE_DATABASE_VERSION_V2 = 2
 class ShareInfoDatabase(TdbDatabase):
     """Samba 3 Share Info database reader."""
     def _check_version(self):
-        assert self.tdb.fetch_int32("INFO/version\0") in (SHARE_DATABASE_VERSION_V1, SHARE_DATABASE_VERSION_V2)
+        assert fetch_int32(self.tdb, "INFO/version\0") in (SHARE_DATABASE_VERSION_V1, SHARE_DATABASE_VERSION_V2)
 
     def get_secdesc(self, name):
         """Obtain the security descriptor on a particular share.
@@ -492,12 +508,12 @@ class LdapSam(object):
 class TdbSam(TdbDatabase):
     """Samba 3 TDB passdb backend reader."""
     def _check_version(self):
-        self.version = self.tdb.fetch_uint32("INFO/version\0") or 0
+        self.version = fetch_uint32(self.tdb, "INFO/version\0") or 0
         assert self.version in (0, 1, 2)
 
     def usernames(self):
         """Iterate over the usernames in this Tdb database."""
-        for k in self.tdb.keys():
+        for k in self.tdb.iterkeys():
             if k.startswith(TDBSAM_USER_PREFIX):
                 yield k[len(TDBSAM_USER_PREFIX):].rstrip("\0")
 
@@ -506,7 +522,6 @@ class TdbSam(TdbDatabase):
     def __getitem__(self, name):
         data = self.tdb["%s%s\0" % (TDBSAM_USER_PREFIX, name)]
         user = SAMUser(name)
-        import struct
     
         def unpack_string(data):
             (length, ) = struct.unpack("<L", data[:4])
-- 
cgit 


From f52fc2f90ebf314de71f7150093bd641c3989b3c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 19 Dec 2008 09:47:59 +1100
Subject: Move aggregate schema stub to it's own file

This should make it easier to import just the schema entries from the
WSPP docs.

Andrew Bartlett
---
 source4/scripting/python/samba/provision.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index b81f618a48..3711ed7bab 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -830,6 +830,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
         message("Setting up sam.ldb AD schema")
         setup_add_ldif(samdb, setup_path("schema.ldif"), 
                        {"SCHEMADN": names.schemadn})
+        setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), 
+                       {"SCHEMADN": names.schemadn})
 
         message("Setting up sam.ldb configuration data")
         setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
-- 
cgit