From fbd82ed99af93bb7efa41b0aabb5c3784ea3e8a4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Sep 2012 09:20:46 +0200 Subject: [PATCH 01/36] replace: Support setproctitle(). This uses the setproctitle() from libc, libsetproctitle or libbsd. If none is available it provides a dummy implementation. (cherry picked from commit fd8d4ec34785e71de3f8458222d196d454d0e723) --- lib/replace/README | 1 + lib/replace/replace.c | 7 +++++++ lib/replace/replace.h | 9 +++++++++ lib/replace/wscript | 2 ++ source4/scripting/python/samba/netcmd/domain.py | 4 ++-- source4/smbd/process_onefork.c | 13 ------------- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/lib/replace/README b/lib/replace/README index 5399971..e960dc8 100644 --- a/lib/replace/README +++ b/lib/replace/README @@ -73,6 +73,7 @@ readlink symlink realpath poll +setproctitle Types: bool diff --git a/lib/replace/replace.c b/lib/replace/replace.c index 322bf49..bbfb7cf 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -904,3 +904,10 @@ int rep_usleep(useconds_t sec) return 0; } #endif /* HAVE_USLEEP */ + +#ifndef HAVE_SETPROCTITLE +void rep_setproctitle(const char *fmt, ...) +{ + return 0; +} +#endif diff --git a/lib/replace/replace.h b/lib/replace/replace.h index c7f9c71..bbea0fc 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -128,6 +128,10 @@ #include #endif +#ifdef HAVE_SETPROCTITLE_H +#include +#endif + #if STDC_HEADERS #include #include @@ -845,4 +849,9 @@ typedef long useconds_t; int usleep(useconds_t); #endif +#ifndef HAVE_SETPROCTITLE +#define setproctitle rep_setproctitle +void rep_setproctitle(const char *fmt, ...) PRINTF_ATTRIBUTE(1, 2); +#endif + #endif /* _LIBREPLACE_REPLACE_H */ diff --git a/lib/replace/wscript b/lib/replace/wscript index 2f632e1..0dbac06 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -183,6 +183,8 @@ def configure(conf): checklibc=True) if not conf.CHECK_FUNCS('getpeereid'): conf.CHECK_FUNCS_IN('getpeereid', 'bsd', headers='sys/types.h bsd/unistd.h') + if not conf.CHECK_FUNCS_IN('setproctitle', 'bsd', headers='sys/types.h bsd/unistd.h'): + conf.CHECK_FUNCS_IN('setproctitle', 'setproctitle', headers='setproctitle.h') conf.CHECK_CODE(''' struct ucred cred; diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 0ace70f..de529ba 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -393,8 +393,8 @@ class cmd_domain_provision(Command): serverrole=server_role, dom_for_fun_level=dom_for_fun_level, backend_type=ldap_backend_type, ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, - useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=(use_ntvfs), - use_rfc2307=(use_rfc2307)) + useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=use_ntvfs, + use_rfc2307=use_rfc2307) except ProvisioningError, e: raise CommandError("Provision failed", e) diff --git a/source4/smbd/process_onefork.c b/source4/smbd/process_onefork.c index 251e507..b5e93d9 100644 --- a/source4/smbd/process_onefork.c +++ b/source4/smbd/process_onefork.c @@ -32,19 +32,6 @@ #include "param/param.h" #include "ldb_wrap.h" -#ifdef HAVE_SETPROCTITLE -#ifdef HAVE_SETPROCTITLE_H -#include -#endif -#else -#define setproctitle none_setproctitle -static int none_setproctitle(const char *fmt, ...) PRINTF_ATTRIBUTE(1, 2); -static int none_setproctitle(const char *fmt, ...) -{ - return 0; -} -#endif - NTSTATUS process_model_onefork_init(void); /* -- 1.7.9.5 From 6540764d98a4cf4560207ed96a1c8c6f27ae128c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Sep 2012 01:22:56 +0200 Subject: [PATCH 02/36] replace: Avoid returning value in void setproctitle() replacement. Autobuild-User(master): Jelmer Vernooij Autobuild-Date(master): Tue Sep 25 06:38:40 CEST 2012 on sn-devel-104 (cherry picked from commit 6749cfb418cd8e21df626c7144f1f4db3b6770e7) --- lib/replace/replace.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/replace/replace.c b/lib/replace/replace.c index bbfb7cf..53d4df8 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -908,6 +908,5 @@ int rep_usleep(useconds_t sec) #ifndef HAVE_SETPROCTITLE void rep_setproctitle(const char *fmt, ...) { - return 0; } #endif -- 1.7.9.5 From 2424a1c9912ff96919ce0edfbc9cd7a665352aa1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Sep 2012 00:32:52 +0200 Subject: [PATCH 03/36] samba.provision: Fix formatting, NameErrors. (cherry picked from commit fdb873a203695f0b208967a561424c0357374e5b) --- .../scripting/python/samba/provision/__init__.py | 148 +++++++++++--------- 1 file changed, 80 insertions(+), 68 deletions(-) diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 706a023..c22d549 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1,4 +1,3 @@ - # Unix SMB/CIFS implementation. # backend code for provisioning a Samba4 server @@ -142,7 +141,9 @@ class ProvisionNames(object): self.sitename = None self.smbconf = None -def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp): + +def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, + lp): """Get key provision parameters (realm, domain, ...) from a given provision :param samdb: An LDB object connected to the sam.ldb file @@ -199,7 +200,7 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp) res4 = samdb.search(expression="(CN=%s)" % names.netbiosname, base="OU=Domain Controllers,%s" % basedn, scope=ldb.SCOPE_ONELEVEL, attrs=["dNSHostName"]) - names.hostname = str(res4[0]["dNSHostName"]).replace("." + names.dnsdomain,"") + names.hostname = str(res4[0]["dNSHostName"]).replace("." + names.dnsdomain, "") server_res = samdb.search(expression="serverReference=%s" % res4[0].dn, attrs=[], base=configdn) @@ -207,7 +208,8 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp) # invocation id/objectguid res5 = samdb.search(expression="(objectClass=*)", - base="CN=NTDS Settings,%s" % str(names.serverdn), scope=ldb.SCOPE_BASE, + base="CN=NTDS Settings,%s" % str(names.serverdn), + scope=ldb.SCOPE_BASE, attrs=["invocationID", "objectGUID"]) names.invocation = str(ndr_unpack(misc.GUID, res5[0]["invocationId"][0])) names.ntdsguid = str(ndr_unpack(misc.GUID, res5[0]["objectGUID"][0])) @@ -233,7 +235,8 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp) res8 = samdb.search(expression="(displayName=Default Domain Controllers" " Policy)", base="CN=Policies,CN=System," + basedn, - scope=ldb.SCOPE_ONELEVEL, attrs=["cn","displayName"]) + scope=ldb.SCOPE_ONELEVEL, + attrs=["cn","displayName"]) if len(res8) == 1: names.policyid_dc = str(res8[0]["cn"]).replace("{","").replace("}","") else: @@ -241,10 +244,9 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp) res9 = idmapdb.search(expression="(cn=%s)" % (security.SID_BUILTIN_ADMINISTRATORS), attrs=["xidNumber"]) - if len(res9) == 1: - names.wheel_gid = res9[0]["xidNumber"] - else: + if len(res9) != 1: raise ProvisioningError("Unable to find uid/gid for Domain Admins rid") + names.wheel_gid = res9[0]["xidNumber"] return names @@ -329,18 +331,18 @@ def get_last_provision_usn(sam): """Get USNs ranges modified by a provision or an upgradeprovision :param sam: An LDB object pointing to the sam.ldb - :return: a dictionnary which keys are invocation id and values are an array + :return: a dictionary which keys are invocation id and values are an array of integer representing the different ranges """ try: entry = sam.search(expression="%s=*" % LAST_PROVISION_USN_ATTRIBUTE, - base="@PROVISION", scope=ldb.SCOPE_BASE, - attrs=[LAST_PROVISION_USN_ATTRIBUTE, "provisionnerID"]) + base="@PROVISION", scope=ldb.SCOPE_BASE, + attrs=[LAST_PROVISION_USN_ATTRIBUTE, "provisionnerID"]) except ldb.LdbError, (ecode, emsg): if ecode == ldb.ERR_NO_SUCH_OBJECT: return None raise - if len(entry): + if len(entry) > 0: myids = [] range = {} p = re.compile(r'-') @@ -1143,11 +1145,10 @@ def setup_samdb(path, session_info, provision_backend, lp, names, return samdb -def fill_samdb(samdb, lp, names, - logger, domainsid, domainguid, policyguid, policyguid_dc, fill, - adminpass, krbtgtpass, machinepass, dns_backend, dnspass, invocationid, ntdsguid, - serverrole, am_rodc=False, dom_for_fun_level=None, schema=None, - next_rid=None, dc_rid=None): +def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, + policyguid_dc, fill, adminpass, krbtgtpass, machinepass, dns_backend, + dnspass, invocationid, ntdsguid, serverrole, am_rodc=False, + dom_for_fun_level=None, schema=None, next_rid=None, dc_rid=None): if next_rid is None: next_rid = 1000 @@ -1368,9 +1369,11 @@ def set_dir_acl(path, acl, lp, domsid, use_ntvfs): setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs) for root, dirs, files in os.walk(path, topdown=False): for name in files: - setntacl(lp, os.path.join(root, name), acl, domsid, use_ntvfs=use_ntvfs) + setntacl(lp, os.path.join(root, name), acl, domsid, + use_ntvfs=use_ntvfs) for name in dirs: - setntacl(lp, os.path.join(root, name), acl, domsid, use_ntvfs=use_ntvfs) + setntacl(lp, os.path.join(root, name), acl, domsid, + use_ntvfs=use_ntvfs) def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs): @@ -1387,7 +1390,8 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs): # Set ACL for GPO root folder root_policy_path = os.path.join(sysvol, dnsdomain, "Policies") - setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), use_ntvfs=use_ntvfs) + setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), + use_ntvfs=use_ntvfs) res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn), attrs=["cn", "nTSecurityDescriptor"], @@ -1401,8 +1405,8 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs): str(domainsid), use_ntvfs) -def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, domaindn, - lp, use_ntvfs): +def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, + domaindn, lp, use_ntvfs): """Set the ACL for the sysvol share and the subfolders :param samdb: An LDB object on the SAM db @@ -1416,14 +1420,16 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, domain """ if not use_ntvfs: - # This will ensure that the smbd code we are running when setting ACLs is initialised with the smb.conf + # This will ensure that the smbd code we are running when setting ACLs + # is initialised with the smb.conf s3conf = s3param.get_context() s3conf.load(lp.configfile) # ensure we are using the right samba_dsdb passdb backend, no matter what s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) passdb.reload_static_pdb() - # ensure that we init the samba_dsdb backend, so the domain sid is marked in secrets.tdb + # ensure that we init the samba_dsdb backend, so the domain sid is + # marked in secrets.tdb s4_passdb = passdb.PDB(s3conf.get("passdb backend")) # now ensure everything matches correctly, to avoid wierd issues @@ -1472,7 +1478,7 @@ def check_dir_acl(path, acl, lp, domainsid, direct_db_access): fsacl_sddl = fsacl.as_sddl(domainsid) if fsacl_sddl != acl: raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl)) - + for root, dirs, files in os.walk(path, topdown=False): for name in files: fsacl = getntacl(lp, os.path.join(root, name), direct_db_access=direct_db_access) @@ -1491,7 +1497,8 @@ def check_dir_acl(path, acl, lp, domainsid, direct_db_access): raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl)) -def check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, direct_db_access): +def check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, + direct_db_access): """Set ACL on the sysvol//Policies folder and the policy folders beneath. @@ -1510,7 +1517,7 @@ def check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, direct_db_ raise ProvisioningError('DB ACL on policy root %s %s not found!' % (acl_type(direct_db_access), root_policy_path)) fsacl_sddl = fsacl.as_sddl(domainsid) if fsacl_sddl != POLICIES_ACL: - raise ProvisioningError('%s ACL on policy root %s %s does not match expected value %s from provision' % (acl_type(direct_db_access), policy_root, fsacl_sddl, acl)) + raise ProvisioningError('%s ACL on policy root %s %s does not match expected value %s from provision' % (acl_type(direct_db_access), root_policy_path, fsacl_sddl, fsacl)) res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn), attrs=["cn", "nTSecurityDescriptor"], expression="", scope=ldb.SCOPE_ONELEVEL) @@ -1567,11 +1574,12 @@ def checksysvolacl(samdb, netlogon, sysvol, domainsid, dnsdomain, domaindn, raise ProvisioningError('%s ACL on sysvol directory %s %s does not match expected value %s from provision' % (acl_type(direct_db_access), dir_path, fsacl_sddl, SYSVOL_ACL)) # Check acls on Policy folder and policies folders - check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, direct_db_access) + check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, + direct_db_access) def interface_ips_v4(lp): - '''return only IPv4 IPs''' + """return only IPv4 IPs""" ips = samba.interface_ips(lp, False) ret = [] for i in ips: @@ -1579,8 +1587,9 @@ def interface_ips_v4(lp): ret.append(i) return ret + def interface_ips_v6(lp, linklocal=False): - '''return only IPv6 IPs''' + """return only IPv6 IPs""" ips = samba.interface_ips(lp, False) ret = [] for i in ips: @@ -1621,14 +1630,14 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, dnspass = samba.generate_random_password(128, 255) samdb = fill_samdb(samdb, lp, names, logger=logger, - domainsid=domainsid, schema=schema, domainguid=domainguid, - policyguid=policyguid, policyguid_dc=policyguid_dc, - fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, - invocationid=invocationid, machinepass=machinepass, - dns_backend=dns_backend, dnspass=dnspass, - ntdsguid=ntdsguid, serverrole=serverrole, - dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc, - next_rid=next_rid, dc_rid=dc_rid) + domainsid=domainsid, schema=schema, domainguid=domainguid, + policyguid=policyguid, policyguid_dc=policyguid_dc, + fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, + invocationid=invocationid, machinepass=machinepass, + dns_backend=dns_backend, dnspass=dnspass, + ntdsguid=ntdsguid, serverrole=serverrole, + dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc, + next_rid=next_rid, dc_rid=dc_rid) if serverrole == "active directory domain controller": @@ -1637,13 +1646,14 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, create_default_gpo(paths.sysvol, names.dnsdomain, policyguid, policyguid_dc) if not skip_sysvolacl: - setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid, - domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs) + setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, + paths.wheel_gid, domainsid, names.dnsdomain, + names.domaindn, lp, use_ntvfs) secretsdb_self_join(secrets_ldb, domain=names.domain, - realm=names.realm, dnsdomain=names.dnsdomain, - netbiosname=names.netbiosname, domainsid=domainsid, - machinepass=machinepass, secure_channel_type=SEC_CHAN_BDC) + realm=names.realm, dnsdomain=names.dnsdomain, + netbiosname=names.netbiosname, domainsid=domainsid, + machinepass=machinepass, secure_channel_type=SEC_CHAN_BDC) # Now set up the right msDS-SupportedEncryptionTypes into the DB # In future, this might be determined from some configuration @@ -1693,7 +1703,8 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, # provision code for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']: chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn), - scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory']) + scope=ldb.SCOPE_BASE, + attrs=['defaultObjectCategory']) chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn, scope=ldb.SCOPE_ONELEVEL, attrs=['ipsecOwnersReference', @@ -1736,9 +1747,12 @@ def sanitize_server_role(role): except KeyError: raise ValueError(role) -def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain, maxuid, maxgid): - """Creates AD entries for the fake ypserver - needed for being able to manipulate posix attrs via ADUC + +def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain, + maxuid, maxgid): + """Create AD entries for the fake ypserver. + + This is needed for being able to manipulate posix attrs via ADUC. """ samdb.transaction_start() try: @@ -1748,32 +1762,26 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain, max "NETBIOSNAME": netbiosname, "NISDOMAIN": nisdomain, }) - except Exception: + except: samdb.transaction_cancel() raise else: samdb.transaction_commit() - if maxuid != None: - pass - if maxgid != None: - pass + def provision(logger, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, - next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None, - domainguid=None, policyguid=None, policyguid_dc=None, + next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None, + krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, dns_backend=None, dns_forwarder=None, dnspass=None, invocationid=None, machinepass=None, ntdsguid=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, - serverrole=None, dom_for_fun_level=None, - backend_type=None, sitename=None, - ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false", - useeadb=False, am_rodc=False, - lp=None, use_ntvfs=False, - use_rfc2307=False, maxuid=None, maxgid=None, - skip_sysvolacl=True): + serverrole=None, dom_for_fun_level=None, backend_type=None, + sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false", + useeadb=False, am_rodc=False, lp=None, use_ntvfs=False, + use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True): """Provision samba4 :note: caution, this wipes all existing data! @@ -1923,12 +1931,12 @@ def provision(logger, session_info, credentials, smbconf=None, # Debian-like Linux systems, but hopefully other users # will get enough clue from it. raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. Try installing libacl1-dev or libacl-devel, then re-run configure and make.") - + raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.") try: smbd.chown(file.name, root_uid, wheel_gid) except Exception: - raise ProvisioningError("Unable to chown a file on your filesystem. You may not be running provision as root. ") + raise ProvisioningError("Unable to chown a file on your filesystem. You may not be running provision as root.") finally: file.close() @@ -1942,7 +1950,8 @@ def provision(logger, session_info, credentials, smbconf=None, lp=lp, credentials=credentials, names=names, logger=logger) elif backend_type == "existing": - # If support for this is ever added back, then the URI will need to be specified again + # If support for this is ever added back, then the URI will need to be + # specified again provision_backend = ExistingBackend(backend_type, paths=paths, lp=lp, credentials=credentials, names=names, logger=logger, @@ -2079,8 +2088,9 @@ def provision(logger, session_info, credentials, smbconf=None, result.backend_result = backend_result if use_rfc2307: - provision_fake_ypserver(logger=logger, samdb=samdb, domaindn=names.domaindn, netbiosname=names.netbiosname, - nisdomain=(names.domain).lower(), maxuid=maxuid, maxgid=maxgid) + provision_fake_ypserver(logger=logger, samdb=samdb, + domaindn=names.domaindn, netbiosname=names.netbiosname, + nisdomain=names.domain.lower(), maxuid=maxuid, maxgid=maxgid) return result @@ -2102,8 +2112,10 @@ def provision_become_dc(smbconf=None, targetdir=None, realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn, domain=domain, hostname=hostname, hostip=None, domainsid=domainsid, - machinepass=machinepass, serverrole="active directory domain controller", - sitename=sitename, dns_backend=dns_backend, dnspass=dnspass, use_ntvfs=use_ntvfs) + machinepass=machinepass, + serverrole="active directory domain controller", + sitename=sitename, dns_backend=dns_backend, dnspass=dnspass, + use_ntvfs=use_ntvfs) res.lp.set("debuglevel", str(debuglevel)) return res -- 1.7.9.5 From 3b8b1cfe53558316a64b5876eb9ea0f9fcf163b7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Sep 2012 00:33:09 +0200 Subject: [PATCH 04/36] samba.provision.backend: Fix formatting. (cherry picked from commit 858135920d54662a06252deac4dbf9191a251018) --- .../scripting/python/samba/provision/backend.py | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/scripting/python/samba/provision/backend.py b/source4/scripting/python/samba/provision/backend.py index dc127ed..5f04a05 100644 --- a/source4/scripting/python/samba/provision/backend.py +++ b/source4/scripting/python/samba/provision/backend.py @@ -42,6 +42,7 @@ from samba import Ldb, read_and_sub_file, setup_file from samba.credentials import Credentials, DONT_USE_KERBEROS from samba.schema import Schema + class SlapdAlreadyRunning(Exception): def __init__(self, uri): -- 1.7.9.5 From 5d0d1da8f270fdd6fe7808474366f1293f5daf0e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Sep 2012 00:34:00 +0200 Subject: [PATCH 05/36] samba.provision.sambadns: Fix formatting. (cherry picked from commit cd7dcf4571b321f39eda07c489dd16833d8d4185) --- .../scripting/python/samba/provision/sambadns.py | 183 ++++++++++++++------ 1 file changed, 126 insertions(+), 57 deletions(-) diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py index 257efd6..576a33f 100644 --- a/source4/scripting/python/samba/provision/sambadns.py +++ b/source4/scripting/python/samba/provision/sambadns.py @@ -28,15 +28,13 @@ import ldb from base64 import b64encode import samba from samba.ndr import ndr_pack, ndr_unpack -from samba import read_and_sub_file, setup_file +from samba import setup_file from samba.dcerpc import dnsp, misc, security from samba.dsdb import ( DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2003, - DS_DOMAIN_FUNCTION_2008, DS_DOMAIN_FUNCTION_2008_R2 ) -from base64 import b64encode from samba.provision.descriptor import ( get_domain_descriptor, get_dns_partition_descriptor @@ -54,13 +52,16 @@ def get_domainguid(samdb, domaindn): domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0])) return domainguid + def get_dnsadmins_sid(samdb, domaindn): res = samdb.search(base="CN=DnsAdmins,CN=Users,%s" % domaindn, scope=ldb.SCOPE_BASE, attrs=["objectSid"]) dnsadmins_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0]) return dnsadmins_sid + class ARecord(dnsp.DnssrvRpcRecord): + def __init__(self, ip_addr, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE): super(ARecord, self).__init__() self.wType = dnsp.DNS_TYPE_A @@ -69,7 +70,9 @@ class ARecord(dnsp.DnssrvRpcRecord): self.dwTtlSeconds = ttl self.data = ip_addr + class AAAARecord(dnsp.DnssrvRpcRecord): + def __init__(self, ip6_addr, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE): super(AAAARecord, self).__init__() self.wType = dnsp.DNS_TYPE_AAAA @@ -78,7 +81,9 @@ class AAAARecord(dnsp.DnssrvRpcRecord): self.dwTtlSeconds = ttl self.data = ip6_addr + class CNameRecord(dnsp.DnssrvRpcRecord): + def __init__(self, cname, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE): super(CNameRecord, self).__init__() self.wType = dnsp.DNS_TYPE_CNAME @@ -87,7 +92,9 @@ class CNameRecord(dnsp.DnssrvRpcRecord): self.dwTtlSeconds = ttl self.data = cname + class NSRecord(dnsp.DnssrvRpcRecord): + def __init__(self, dns_server, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE): super(NSRecord, self).__init__() self.wType = dnsp.DNS_TYPE_NS @@ -96,7 +103,9 @@ class NSRecord(dnsp.DnssrvRpcRecord): self.dwTtlSeconds = ttl self.data = dns_server + class SOARecord(dnsp.DnssrvRpcRecord): + def __init__(self, mname, rname, serial=1, refresh=900, retry=600, expire=86400, minimum=3600, ttl=3600, rank=dnsp.DNS_RANK_ZONE): super(SOARecord, self).__init__() @@ -113,7 +122,9 @@ class SOARecord(dnsp.DnssrvRpcRecord): soa.rname = rname self.data = soa + class SRVRecord(dnsp.DnssrvRpcRecord): + def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE): super(SRVRecord, self).__init__() @@ -128,7 +139,9 @@ class SRVRecord(dnsp.DnssrvRpcRecord): srv.wWeight = weight self.data = srv + class TXTRecord(dnsp.DnssrvRpcRecord): + def __init__(self, slist, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE): super(TXTRecord, self).__init__() self.wType = dnsp.DNS_TYPE_TXT @@ -140,7 +153,9 @@ class TXTRecord(dnsp.DnssrvRpcRecord): stringlist.str = slist self.data = stringlist + class TypeProperty(dnsp.DnsProperty): + def __init__(self, zone_type=dnsp.DNS_ZONE_TYPE_PRIMARY): super(TypeProperty, self).__init__() self.wDataLength = 1 @@ -148,7 +163,9 @@ class TypeProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_TYPE self.data = zone_type + class AllowUpdateProperty(dnsp.DnsProperty): + def __init__(self, allow_update=dnsp.DNS_ZONE_UPDATE_SECURE): super(AllowUpdateProperty, self).__init__() self.wDataLength = 1 @@ -156,7 +173,9 @@ class AllowUpdateProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_ALLOW_UPDATE self.data = allow_update + class SecureTimeProperty(dnsp.DnsProperty): + def __init__(self, secure_time=0): super(SecureTimeProperty, self).__init__() self.wDataLength = 1 @@ -164,7 +183,9 @@ class SecureTimeProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_SECURE_TIME self.data = secure_time + class NorefreshIntervalProperty(dnsp.DnsProperty): + def __init__(self, norefresh_interval=0): super(NorefreshIntervalProperty, self).__init__() self.wDataLength = 1 @@ -172,7 +193,9 @@ class NorefreshIntervalProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_NOREFRESH_INTERVAL self.data = norefresh_interval + class RefreshIntervalProperty(dnsp.DnsProperty): + def __init__(self, refresh_interval=0): super(RefreshIntervalProperty, self).__init__() self.wDataLength = 1 @@ -180,7 +203,9 @@ class RefreshIntervalProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_REFRESH_INTERVAL self.data = refresh_interval + class AgingStateProperty(dnsp.DnsProperty): + def __init__(self, aging_enabled=0): super(AgingStateProperty, self).__init__() self.wDataLength = 1 @@ -188,7 +213,9 @@ class AgingStateProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_AGING_STATE self.data = aging_enabled + class AgingEnabledTimeProperty(dnsp.DnsProperty): + def __init__(self, next_cycle_hours=0): super(AgingEnabledTimeProperty, self).__init__() self.wDataLength = 1 @@ -196,7 +223,9 @@ class AgingEnabledTimeProperty(dnsp.DnsProperty): self.id = dnsp.DSPROPERTY_ZONE_AGING_ENABLED_TIME self.data = next_cycle_hours -def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, serverdn): + +def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, + serverdn): domainzone_dn = "DC=DomainDnsZones,%s" % domaindn forestzone_dn = "DC=ForestDnsZones,%s" % forestdn descriptor = get_dns_partition_descriptor(domainsid) @@ -239,6 +268,7 @@ def add_dns_accounts(samdb, domaindn): "DOMAINDN": domaindn, }) + def add_dns_container(samdb, domaindn, prefix, domainsid, dnsadmins_sid): # CN=MicrosoftDNS,, sddl = "O:SYG:SYD:AI" \ @@ -254,6 +284,7 @@ def add_dns_container(samdb, domaindn, prefix, domainsid, dnsadmins_sid): "nTSecurityDescriptor") samdb.add(msg) + def add_rootservers(samdb, domaindn, prefix): rootservers = {} rootservers["a.root-servers.net"] = "198.41.0.4" @@ -345,6 +376,7 @@ def add_at_record(samdb, container_dn, prefix, hostname, dnsdomain, hostip, host msg["dnsRecord"] = ldb.MessageElement(at_records, ldb.FLAG_MOD_ADD, "dnsRecord") samdb.add(msg) + def add_srv_record(samdb, container_dn, prefix, host, port): srv_record = SRVRecord(host, port) msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn))) @@ -352,6 +384,7 @@ def add_srv_record(samdb, container_dn, prefix, host, port): msg["dnsRecord"] = ldb.MessageElement(ndr_pack(srv_record), ldb.FLAG_MOD_ADD, "dnsRecord") samdb.add(msg) + def add_ns_record(samdb, container_dn, prefix, host): ns_record = NSRecord(host) msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn))) @@ -359,6 +392,7 @@ def add_ns_record(samdb, container_dn, prefix, host): msg["dnsRecord"] = ldb.MessageElement(ndr_pack(ns_record), ldb.FLAG_MOD_ADD, "dnsRecord") samdb.add(msg) + def add_ns_glue_record(samdb, container_dn, prefix, host): ns_record = NSRecord(host, rank=dnsp.DNS_RANK_NS_GLUE) msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn))) @@ -366,6 +400,7 @@ def add_ns_glue_record(samdb, container_dn, prefix, host): msg["dnsRecord"] = ldb.MessageElement(ndr_pack(ns_record), ldb.FLAG_MOD_ADD, "dnsRecord") samdb.add(msg) + def add_cname_record(samdb, container_dn, prefix, host): cname_record = CNameRecord(host) msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn))) @@ -373,6 +408,7 @@ def add_cname_record(samdb, container_dn, prefix, host): msg["dnsRecord"] = ldb.MessageElement(ndr_pack(cname_record), ldb.FLAG_MOD_ADD, "dnsRecord") samdb.add(msg) + def add_host_record(samdb, container_dn, prefix, hostip, hostip6): host_records = [] if hostip: @@ -387,6 +423,7 @@ def add_host_record(samdb, container_dn, prefix, hostip, hostip6): msg["dnsRecord"] = ldb.MessageElement(host_records, ldb.FLAG_MOD_ADD, "dnsRecord") samdb.add(msg) + def add_domain_record(samdb, domaindn, prefix, dnsdomain, domainsid, dnsadmins_sid): # DC=,CN=MicrosoftDNS,, sddl = "O:SYG:BAD:AI" \ @@ -418,6 +455,7 @@ def add_domain_record(samdb, domaindn, prefix, dnsdomain, domainsid, dnsadmins_s msg["dNSProperty"] = ldb.MessageElement(props, ldb.FLAG_MOD_ADD, "dNSProperty") samdb.add(msg) + def add_msdcs_record(samdb, forestdn, prefix, dnsforest): # DC=_msdcs.,CN=MicrosoftDNS,, msg = ldb.Message(ldb.Dn(samdb, "DC=_msdcs.%s,CN=MicrosoftDNS,%s,%s" % @@ -426,7 +464,8 @@ def add_msdcs_record(samdb, forestdn, prefix, dnsforest): samdb.add(msg) -def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, hostip, hostip6): +def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, + hostip, hostip6): fqdn_hostname = "%s.%s" % (hostname, dnsdomain) @@ -435,33 +474,40 @@ def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, ho (dnsdomain, prefix, domaindn)) # DC=@ record - add_at_record(samdb, domain_container_dn, "DC=@", hostname, dnsdomain, hostip, hostip6) + add_at_record(samdb, domain_container_dn, "DC=@", hostname, dnsdomain, + hostip, hostip6) # DC= record - add_host_record(samdb, domain_container_dn, "DC=%s" % hostname, hostip, hostip6) + add_host_record(samdb, domain_container_dn, "DC=%s" % hostname, hostip, + hostip6) # DC=_kerberos._tcp record - add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp", fqdn_hostname, 88) + add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp", + fqdn_hostname, 88) # DC=_kerberos._tcp.._sites record - add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp.%s._sites" % site, - fqdn_hostname, 88) + add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp.%s._sites" % + site, fqdn_hostname, 88) # DC=_kerberos._udp record - add_srv_record(samdb, domain_container_dn, "DC=_kerberos._udp", fqdn_hostname, 88) + add_srv_record(samdb, domain_container_dn, "DC=_kerberos._udp", + fqdn_hostname, 88) # DC=_kpasswd._tcp record - add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._tcp", fqdn_hostname, 464) + add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._tcp", + fqdn_hostname, 464) # DC=_kpasswd._udp record - add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._udp", fqdn_hostname, 464) + add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._udp", + fqdn_hostname, 464) # DC=_ldap._tcp record - add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp", fqdn_hostname, 389) + add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp", fqdn_hostname, + 389) # DC=_ldap._tcp.._sites record - add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites" % site, - fqdn_hostname, 389) + add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites" % + site, fqdn_hostname, 389) # FIXME: The number of SRV records depend on the various roles this DC has. # _gc and _msdcs records are added if the we are the forest dc and not subdomain dc @@ -469,10 +515,12 @@ def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, ho # Assumption: current DC is GC and add all the entries # DC=_gc._tcp record - add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp", fqdn_hostname, 3268) + add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp", fqdn_hostname, + 3268) # DC=_gc._tcp.,_sites record - add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp.%s._sites" % site, fqdn_hostname, 3268) + add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp.%s._sites" % site, + fqdn_hostname, 3268) # DC=_msdcs record add_ns_glue_record(samdb, domain_container_dn, "DC=_msdcs", fqdn_hostname) @@ -483,12 +531,14 @@ def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, ho # Assumption: Additional entries won't hurt on os_level = 2000 # DC=_ldap._tcp.._sites.DomainDnsZones - add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site, - fqdn_hostname, 389) + add_srv_record(samdb, domain_container_dn, + "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site, fqdn_hostname, + 389) # DC=_ldap._tcp.._sites.ForestDnsZones - add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site, - fqdn_hostname, 389) + add_srv_record(samdb, domain_container_dn, + "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site, fqdn_hostname, + 389) # DC=_ldap._tcp.DomainDnsZones add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.DomainDnsZones", @@ -499,10 +549,12 @@ def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, ho fqdn_hostname, 389) # DC=DomainDnsZones - add_host_record(samdb, domain_container_dn, "DC=DomainDnsZones", hostip, hostip6) + add_host_record(samdb, domain_container_dn, "DC=DomainDnsZones", hostip, + hostip6) # DC=ForestDnsZones - add_host_record(samdb, domain_container_dn, "DC=ForestDnsZones", hostip, hostip6) + add_host_record(samdb, domain_container_dn, "DC=ForestDnsZones", hostip, + hostip6) def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname, @@ -515,41 +567,47 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname, (dnsforest, prefix, forestdn)) # DC=@ record - add_at_record(samdb, forest_container_dn, "DC=@", hostname, dnsforest, None, None) + add_at_record(samdb, forest_container_dn, "DC=@", hostname, dnsforest, + None, None) # DC=_kerberos._tcp.dc record - add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.dc", fqdn_hostname, 88) + add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.dc", + fqdn_hostname, 88) # DC=_kerberos._tcp.._sites.dc record - add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.%s._sites.dc" % site, - fqdn_hostname, 88) + add_srv_record(samdb, forest_container_dn, + "DC=_kerberos._tcp.%s._sites.dc" % site, fqdn_hostname, 88) # DC=_ldap._tcp.dc record - add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.dc", fqdn_hostname, 389) + add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.dc", + fqdn_hostname, 389) # DC=_ldap._tcp.._sites.dc record - add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.dc" % site, - fqdn_hostname, 389) + add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.dc" % + site, fqdn_hostname, 389) # DC=_ldap._tcp.._sites.gc record - add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.gc" % site, - fqdn_hostname, 3268) + add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.gc" % + site, fqdn_hostname, 3268) # DC=_ldap._tcp.gc record - add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.gc", fqdn_hostname, 3268) + add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.gc", + fqdn_hostname, 3268) # DC=_ldap._tcp.pdc record - add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.pdc", fqdn_hostname, 389) + add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.pdc", + fqdn_hostname, 389) # DC=gc record add_host_record(samdb, forest_container_dn, "DC=gc", hostip, hostip6) # DC=_ldap._tcp..domains record - add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s.domains" % domainguid, - fqdn_hostname, 389) + add_srv_record(samdb, forest_container_dn, + "DC=_ldap._tcp.%s.domains" % domainguid, fqdn_hostname, 389) # DC= - add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid, fqdn_hostname) + add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid, + fqdn_hostname) def secretsdb_setup_dns(secretsdb, names, private_dir, realm, @@ -671,6 +729,7 @@ def create_zone_file(lp, logger, paths, targetdir, dnsdomain, if targetdir is None: os.system(rndc + " unfreeze " + lp.get("realm")) + def tdb_copy(logger, file1, file2): """Copy tdb file using tdbbackup utility and rename it """ @@ -686,6 +745,7 @@ def tdb_copy(logger, file1, file2): else: raise Exception("Error copying %s" % file1) + def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid): """Create a copy of samdb and give write permissions to named for dns partitions """ @@ -717,9 +777,11 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid): "DOMAINGUID" : domainguid_line, "DOMAINSID" : str(domainsid), "DESCRIPTOR" : descr}) - setup_add_ldif(dom_ldb, setup_path("provision_basedn_options.ldif"), None) + setup_add_ldif(dom_ldb, + setup_path("provision_basedn_options.ldif"), None) except: - logger.error("Failed to setup database for BIND, AD based DNS cannot be used") + logger.error( + "Failed to setup database for BIND, AD based DNS cannot be used") raise del partfile[domaindn] @@ -737,7 +799,8 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid): os.link(os.path.join(private_dir, forestzone_file), os.path.join(dns_dir, forestzone_file)) except OSError: - logger.error("Failed to setup database for BIND, AD based DNS cannot be used") + logger.error( + "Failed to setup database for BIND, AD based DNS cannot be used") raise del partfile[domainzonedn] del partfile[forestzonedn] @@ -754,7 +817,8 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid): os.path.join(private_dir, pfile), os.path.join(dns_dir, pfile)) except: - logger.error("Failed to setup database for BIND, AD based DNS cannot be used") + logger.error( + "Failed to setup database for BIND, AD based DNS cannot be used") raise # Give bind read/write permissions dns partitions @@ -775,7 +839,8 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid): os.chmod(fpath, 0660) except OSError: if not os.environ.has_key('SAMBA_SELFTEST'): - logger.error("Failed to set permissions to sam.ldb* files, fix manually") + logger.error( + "Failed to set permissions to sam.ldb* files, fix manually") else: if not os.environ.has_key('SAMBA_SELFTEST'): logger.warning("""Unable to find group id for BIND, @@ -925,9 +990,9 @@ def fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn, domainguid, ntdsguid) -def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend, - os_level, site, dnspass=None, hostip=None, hostip6=None, - targetdir=None): +def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, + dns_backend, os_level, site, dnspass=None, hostip=None, hostip6=None, + targetdir=None): """Provision DNS information (assuming GC role) :param samdb: LDB object connected to sam.ldb file @@ -1011,13 +1076,14 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_back domainguid, names.ntdsguid, dnsadmins_sid) if dns_backend.startswith("BIND9_"): - setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend, - os_level, site=site, dnspass=dnspass, hostip=hostip, hostip6=hostip6, - targetdir=targetdir) + setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, + dns_backend, os_level, site=site, dnspass=dnspass, hostip=hostip, + hostip6=hostip6, targetdir=targetdir) + -def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend, - os_level, site=None, dnspass=None, hostip=None, hostip6=None, - targetdir=None): +def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, + dns_backend, os_level, site=None, dnspass=None, hostip=None, + hostip6=None, targetdir=None): """Provision DNS information (assuming BIND9 backend in DC role) :param samdb: LDB object connected to sam.ldb file @@ -1036,7 +1102,8 @@ def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_b :param targetdir: Target directory for creating DNS-related files for BIND9 """ - if not is_valid_dns_backend(dns_backend) or not dns_backend.startswith("BIND9_"): + if (not is_valid_dns_backend(dns_backend) or + not dns_backend.startswith("BIND9_")): raise Exception("Invalid dns backend: %r" % dns_backend) if not is_valid_os_level(os_level): @@ -1055,9 +1122,10 @@ def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_b if dns_backend == "BIND9_FLATFILE": create_zone_file(lp, logger, paths, targetdir, site=site, - dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6, - hostname=names.hostname, realm=names.realm, - domainguid=domainguid, ntdsguid=names.ntdsguid) + dnsdomain=names.dnsdomain, hostip=hostip, + hostip6=hostip6, hostname=names.hostname, + realm=names.realm, domainguid=domainguid, + ntdsguid=names.ntdsguid) if dns_backend == "BIND9_DLZ" and os_level >= DS_DOMAIN_FUNCTION_2003: create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid) @@ -1070,6 +1138,7 @@ def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_b dnsname = "%s.%s" % (names.hostname, names.dnsdomain), private_dir=paths.private_dir, keytab_name=paths.dns_keytab) - logger.info("See %s for an example configuration include file for BIND", paths.namedconf) + logger.info("See %s for an example configuration include file for BIND", + paths.namedconf) logger.info("and %s for further documentation required for secure DNS " "updates", paths.namedtxt) -- 1.7.9.5 From 09adc8ad43685f0b848414c4638f9f2480b49f35 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Sep 2012 00:34:14 +0200 Subject: [PATCH 06/36] samba.provision.common: Fix formatting. (cherry picked from commit ebcb6a744791478bfc4be0b94733ace540ab06bc) --- source4/scripting/python/samba/provision/common.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/source4/scripting/python/samba/provision/common.py b/source4/scripting/python/samba/provision/common.py index e9bcdf5..f96704b 100644 --- a/source4/scripting/python/samba/provision/common.py +++ b/source4/scripting/python/samba/provision/common.py @@ -28,8 +28,6 @@ __docformat__ = "restructuredText" import os -import tdb -import ldb from samba import read_and_sub_file from samba.param import setup_dir -- 1.7.9.5 From 58b2809d860fedde6fb788f5b7f4aadf49298e88 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Sep 2012 14:18:39 +0200 Subject: [PATCH 07/36] samba.netcmd: Formatting fixes, break lines. (cherry picked from commit 0ff2ea56d97cd8df7abeea8e819d7ec0bfd5b886) --- .../scripting/python/samba/netcmd/delegation.py | 20 ++- source4/scripting/python/samba/netcmd/dns.py | 137 ++++++++-------- source4/scripting/python/samba/netcmd/domain.py | 164 ++++++++++---------- source4/scripting/python/samba/netcmd/sites.py | 5 +- source4/scripting/python/samba/netcmd/spn.py | 31 ++-- source4/scripting/python/samba/netcmd/testparm.py | 20 +-- source4/scripting/python/samba/netcmd/time.py | 3 +- source4/scripting/python/samba/netcmd/user.py | 23 +-- 8 files changed, 209 insertions(+), 194 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 7296624..25ae202 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -55,7 +55,7 @@ class cmd_delegation_show(Command): # TODO once I understand how, use the domain info to naildown # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, @@ -63,7 +63,7 @@ class cmd_delegation_show(Command): if len(res) == 0: raise CommandError("Unable to find account name '%s'" % accountname) assert(len(res) == 1) - + uac = int(res[0].get("userAccountControl")[0]) allowed = res[0].get("msDS-AllowedToDelegateTo") @@ -91,7 +91,8 @@ class cmd_delegation_for_any_service(Command): takes_args = ["accountname", "onoff"] - def run(self, accountname, onoff, credopts=None, sambaopts=None, versionopts=None): + def run(self, accountname, onoff, credopts=None, sambaopts=None, + versionopts=None): on = False if onoff == "on": @@ -133,7 +134,8 @@ class cmd_delegation_for_any_protocol(Command): takes_args = ["accountname", "onoff"] - def run(self, accountname, onoff, credopts=None, sambaopts=None, versionopts=None): + def run(self, accountname, onoff, credopts=None, sambaopts=None, + versionopts=None): on = False if onoff == "on": @@ -175,7 +177,8 @@ class cmd_delegation_add_service(Command): takes_args = ["accountname", "principal"] - def run(self, accountname, principal, credopts=None, sambaopts=None, versionopts=None): + def run(self, accountname, principal, credopts=None, sambaopts=None, + versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) @@ -192,7 +195,7 @@ class cmd_delegation_add_service(Command): attrs=["msDS-AllowedToDelegateTo"]) if len(res) == 0: raise CommandError("Unable to find account name '%s'" % accountname) - assert(len(res) == 1) + assert(len(res) == 1) msg = ldb.Message() msg.dn = res[0].dn @@ -218,7 +221,8 @@ class cmd_delegation_del_service(Command): takes_args = ["accountname", "principal"] - def run(self, accountname, principal, credopts=None, sambaopts=None, versionopts=None): + def run(self, accountname, principal, credopts=None, sambaopts=None, + versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) @@ -235,7 +239,7 @@ class cmd_delegation_del_service(Command): attrs=["msDS-AllowedToDelegateTo"]) if len(res) == 0: raise CommandError("Unable to find account name '%s'" % accountname) - assert(len(res) == 1) + assert(len(res) == 1) msg = ldb.Message() msg.dn = res[0].dn diff --git a/source4/scripting/python/samba/netcmd/dns.py b/source4/scripting/python/samba/netcmd/dns.py index 8a79de0..b227e96 100644 --- a/source4/scripting/python/samba/netcmd/dns.py +++ b/source4/scripting/python/samba/netcmd/dns.py @@ -35,6 +35,7 @@ def dns_connect(server, lp, creds): dns_conn = dnsserver.dnsserver(binding_str, lp, creds) return dns_conn + def bool_string(flag): if flag == 0: ret = 'FALSE' @@ -44,6 +45,7 @@ def bool_string(flag): ret = 'UNKNOWN (0x%x)' % flag return ret + def enum_string(module, enum_defs, value): ret = None for e in enum_defs: @@ -54,6 +56,7 @@ def enum_string(module, enum_defs, value): ret = 'UNKNOWN (0x%x)' % value return ret + def bitmap_string(module, bitmap_defs, value): ret = '' for b in bitmap_defs: @@ -63,42 +66,50 @@ def bitmap_string(module, bitmap_defs, value): ret = 'NONE' return ret + def boot_method_string(boot_method): enum_defs = [ 'DNS_BOOT_METHOD_UNINITIALIZED', 'DNS_BOOT_METHOD_FILE', 'DNS_BOOT_METHOD_REGISTRY', 'DNS_BOOT_METHOD_DIRECTORY' ] return enum_string(dnsserver, enum_defs, boot_method) + def name_check_flag_string(check_flag): enum_defs = [ 'DNS_ALLOW_RFC_NAMES_ONLY', 'DNS_ALLOW_NONRFC_NAMES', 'DNS_ALLOW_MULTIBYTE_NAMES', 'DNS_ALLOW_ALL_NAMES' ] return enum_string(dnsserver, enum_defs, check_flag) + def zone_type_string(zone_type): enum_defs = [ 'DNS_ZONE_TYPE_CACHE', 'DNS_ZONE_TYPE_PRIMARY', 'DNS_ZONE_TYPE_SECONDARY', 'DNS_ZONE_TYPE_STUB', 'DNS_ZONE_TYPE_FORWARDER', 'DNS_ZONE_TYPE_SECONDARY_CACHE' ] return enum_string(dnsp, enum_defs, zone_type) + def zone_update_string(zone_update): enum_defs = [ 'DNS_ZONE_UPDATE_OFF', 'DNS_ZONE_UPDATE_SECURE', 'DNS_ZONE_UPDATE_SECURE' ] return enum_string(dnsp, enum_defs, zone_update) + def zone_secondary_security_string(security): enum_defs = [ 'DNS_ZONE_SECSECURE_NO_SECURITY', 'DNS_ZONE_SECSECURE_NS_ONLY', 'DNS_ZONE_SECSECURE_LIST_ONLY', 'DNS_ZONE_SECSECURE_NO_XFER' ] return enum_string(dnsserver, enum_defs, security) + def zone_notify_level_string(notify_level): enum_defs = [ 'DNS_ZONE_NOTIFY_OFF', 'DNS_ZONE_NOTIFY_ALL_SECONDARIES', 'DNS_ZONE_NOTIFY_LIST_ONLY' ] return enum_string(dnsserver, enum_defs, notify_level) + def dp_flags_string(dp_flags): bitmap_defs = [ 'DNS_DP_AUTOCREATED', 'DNS_DP_LEGACY', 'DNS_DP_DOMAIN_DEFAULT', 'DNS_DP_FOREST_DEFAULT', 'DNS_DP_ENLISTED', 'DNS_DP_DELETED' ] return bitmap_string(dnsserver, bitmap_defs, dp_flags) + def zone_flags_string(flags): bitmap_defs = [ 'DNS_RPC_ZONE_PAUSED', 'DNS_RPC_ZONE_SHUTDOWN', 'DNS_RPC_ZONE_REVERSE', 'DNS_RPC_ZONE_AUTOCREATED', @@ -107,6 +118,7 @@ def zone_flags_string(flags): 'DNS_RPC_ZONE_READONLY'] return bitmap_string(dnsserver, bitmap_defs, flags) + def ip4_array_string(array): ret = [] if not array: @@ -116,6 +128,7 @@ def ip4_array_string(array): ret.append(addr) return ret + def dns_addr_array_string(array): ret = [] if not array: @@ -132,6 +145,7 @@ def dns_addr_array_string(array): ret.append(addr) return ret + def dns_type_flag(rec_type): rtype = rec_type.upper() if rtype == 'A': @@ -158,6 +172,7 @@ def dns_type_flag(rec_type): raise CommandError('Unknown type of DNS record %s' % rec_type) return record_type + def dns_client_version(cli_version): version = cli_version.upper() if version == 'W2K': @@ -170,6 +185,7 @@ def dns_client_version(cli_version): raise CommandError('Unknown client version %s' % cli_version) return client_version + def print_serverinfo(outf, typeid, serverinfo): outf.write(' dwVersion : 0x%x\n' % serverinfo.dwVersion) outf.write(' fBootMethod : %s\n' % boot_method_string(serverinfo.fBootMethod)) @@ -384,7 +400,9 @@ class ARecord(dnsserver.DNS_RPC_RECORD): self._ip_addr = ip_addr[:] self.data = self._ip_addr + class AAAARecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, ip6_addr, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(AAAARecord, self).__init__() @@ -395,7 +413,9 @@ class AAAARecord(dnsserver.DNS_RPC_RECORD): self._ip6_addr = ip6_addr[:] self.data = self._ip6_addr + class PTRRecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, ptr, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(PTRRecord, self).__init__() @@ -409,7 +429,9 @@ class PTRRecord(dnsserver.DNS_RPC_RECORD): ptr_name.len = len(ptr) self.data = ptr_name + class CNameRecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, cname, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(CNameRecord, self).__init__() @@ -423,7 +445,9 @@ class CNameRecord(dnsserver.DNS_RPC_RECORD): cname_name.len = len(cname) self.data = cname_name + class NSRecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, dns_server, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(NSRecord, self).__init__() @@ -437,7 +461,9 @@ class NSRecord(dnsserver.DNS_RPC_RECORD): ns.len = len(dns_server) self.data = ns + class MXRecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, mail_server, preference, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(MXRecord, self).__init__() @@ -452,7 +478,9 @@ class MXRecord(dnsserver.DNS_RPC_RECORD): mx.nameExchange.len = len(mail_server) self.data = mx + class SOARecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, mname, rname, serial=1, refresh=900, retry=600, expire=86400, minimum=3600, ttl=3600, rank=dnsp.DNS_RANK_ZONE, node_flag=dnsp.DNS_RPC_FLAG_AUTH_ZONE_ROOT): @@ -474,7 +502,9 @@ class SOARecord(dnsserver.DNS_RPC_RECORD): soa.ZoneAdministratorEmail.len = len(rname) self.data = soa + class SRVRecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(SRVRecord, self).__init__() @@ -491,7 +521,9 @@ class SRVRecord(dnsserver.DNS_RPC_RECORD): srv.nameTarget.len = len(target) self.data = srv + class TXTRecord(dnsserver.DNS_RPC_RECORD): + def __init__(self, slist, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE, node_flag=0): super(TXTRecord, self).__init__() @@ -576,16 +608,9 @@ def dns_record_match(dns_conn, server, zone, name, record_type, data): select_flags = dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA try: - buflen, res = dns_conn.DnssrvEnumRecords2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, - 0, - server, - zone, - name, - None, - record_type, - select_flags, - None, - None) + buflen, res = dns_conn.DnssrvEnumRecords2( + dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, server, zone, name, None, + record_type, select_flags, None, None) except RuntimeError, e: return None @@ -667,18 +692,16 @@ class cmd_serverinfo(Command): choices=['w2k','dotnet','longhorn'], dest='cli_ver'), ] - def run(self, server, cli_ver, sambaopts=None, credopts=None, versionopts=None): + def run(self, server, cli_ver, sambaopts=None, credopts=None, + versionopts=None): self.lp = sambaopts.get_loadparm() self.creds = credopts.get_credentials(self.lp) dns_conn = dns_connect(server, self.lp, self.creds) client_version = dns_client_version(cli_ver) - typeid, res = dns_conn.DnssrvQuery2(client_version, - 0, - server, - None, - 'ServerInfo') + typeid, res = dns_conn.DnssrvQuery2(client_version, 0, server, + None, 'ServerInfo') print_serverinfo(self.outf, typeid, res) @@ -701,17 +724,15 @@ class cmd_zoneinfo(Command): choices=['w2k','dotnet','longhorn'], dest='cli_ver'), ] - def run(self, server, zone, cli_ver, sambaopts=None, credopts=None, versionopts=None): + def run(self, server, zone, cli_ver, sambaopts=None, credopts=None, + versionopts=None): self.lp = sambaopts.get_loadparm() self.creds = credopts.get_credentials(self.lp) dns_conn = dns_connect(server, self.lp, self.creds) client_version = dns_client_version(cli_ver) - typeid, res = dns_conn.DnssrvQuery2(client_version, - 0, - server, - zone, + typeid, res = dns_conn.DnssrvQuery2(client_version, 0, server, zone, 'ZoneInfo') print_zoneinfo(self.outf, typeid, res) @@ -783,9 +804,7 @@ class cmd_zonelist(Command): client_version = dns_client_version(cli_ver) typeid, res = dns_conn.DnssrvComplexOperation2(client_version, - 0, - server, - None, + 0, server, None, 'EnumZones', dnsserver.DNSSRV_TYPEID_DWORD, request_filter) @@ -850,13 +869,8 @@ class cmd_zonecreate(Command): zone_create_info.fAging = 0 zone_create_info.dwDpFlags = dnsserver.DNS_DP_DOMAIN_DEFAULT - res = dns_conn.DnssrvOperation2(client_version, - 0, - server, - None, - 0, - 'ZoneCreate', - typeid, + res = dns_conn.DnssrvOperation2(client_version, 0, server, None, + 0, 'ZoneCreate', typeid, zone_create_info) self.outf.write('Zone %s created successfully\n' % zone) @@ -874,7 +888,8 @@ class cmd_zonedelete(Command): "credopts": options.CredentialsOptions, } - def run(self, server, zone, sambaopts=None, credopts=None, versionopts=None): + def run(self, server, zone, sambaopts=None, credopts=None, + versionopts=None): self.lp = sambaopts.get_loadparm() self.creds = credopts.get_credentials(self.lp) @@ -882,11 +897,7 @@ class cmd_zonedelete(Command): zone = zone.lower() res = dns_conn.DnssrvOperation2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, - 0, - server, - zone, - 0, - 'DeleteZoneFromDs', + 0, server, zone, 0, 'DeleteZoneFromDs', dnsserver.DNSSRV_TYPEID_NULL, None) self.outf.write('Zone %s delete successfully\n' % zone) @@ -922,9 +933,10 @@ class cmd_query(Command): action='store_true', dest='only_children') ] - def run(self, server, zone, name, rtype, authority=False, cache=False, glue=False, - root=False, additional=False, no_children=False, only_children=False, - sambaopts=None, credopts=None, versionopts=None): + def run(self, server, zone, name, rtype, authority=False, cache=False, + glue=False, root=False, additional=False, no_children=False, + only_children=False, sambaopts=None, credopts=None, + versionopts=None): record_type = dns_type_flag(rtype) select_flags = 0 @@ -955,16 +967,9 @@ class cmd_query(Command): self.creds = credopts.get_credentials(self.lp) dns_conn = dns_connect(server, self.lp, self.creds) - buflen, res = dns_conn.DnssrvEnumRecords2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, - 0, - server, - zone, - name, - None, - record_type, - select_flags, - None, - None) + buflen, res = dns_conn.DnssrvEnumRecords2( + dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, server, zone, name, + None, record_type, select_flags, None, None) print_dnsrecords(self.outf, res) @@ -981,7 +986,8 @@ class cmd_roothints(Command): "credopts": options.CredentialsOptions, } - def run(self, server, name='.', sambaopts=None, credopts=None, versionopts=None): + def run(self, server, name='.', sambaopts=None, credopts=None, + versionopts=None): record_type = dnsp.DNS_TYPE_NS select_flags = (dnsserver.DNS_RPC_VIEW_ROOT_HINT_DATA | dnsserver.DNS_RPC_VIEW_ADDITIONAL_DATA) @@ -990,16 +996,9 @@ class cmd_roothints(Command): self.creds = credopts.get_credentials(self.lp) dns_conn = dns_connect(server, self.lp, self.creds) - buflen, res = dns_conn.DnssrvEnumRecords2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, - 0, - server, - '..RootHints', - name, - None, - record_type, - select_flags, - None, - None) + buflen, res = dns_conn.DnssrvEnumRecords2( + dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, server, '..RootHints', + name, None, record_type, select_flags, None, None) print_dnsrecords(self.outf, res) @@ -1027,7 +1026,8 @@ class cmd_add_record(Command): "credopts": options.CredentialsOptions, } - def run(self, server, zone, name, rtype, data, sambaopts=None, credopts=None, versionopts=None): + def run(self, server, zone, name, rtype, data, sambaopts=None, + credopts=None, versionopts=None): if rtype.upper() not in ('A','AAAA','PTR','CNAME','NS','MX','SRV','TXT'): raise CommandError('Adding record of type %s is not supported' % rtype) @@ -1039,7 +1039,8 @@ class cmd_add_record(Command): self.creds = credopts.get_credentials(self.lp) dns_conn = dns_connect(server, self.lp, self.creds) - rec_match = dns_record_match(dns_conn, server, zone, name, record_type, data) + rec_match = dns_record_match(dns_conn, server, zone, name, record_type, + data) if rec_match is not None: raise CommandError('Record already exists') @@ -1047,12 +1048,7 @@ class cmd_add_record(Command): add_rec_buf.rec = rec dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, - 0, - server, - zone, - name, - add_rec_buf, - None) + 0, server, zone, name, add_rec_buf, None) self.outf.write('Record added successfully\n') @@ -1093,7 +1089,8 @@ class cmd_update_record(Command): self.creds = credopts.get_credentials(self.lp) dns_conn = dns_connect(server, self.lp, self.creds) - rec_match = dns_record_match(dns_conn, server, zone, name, record_type, olddata) + rec_match = dns_record_match(dns_conn, server, zone, name, record_type, + olddata) if not rec_match: raise CommandError('Record does not exist') diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index de529ba..5644c7d 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -22,8 +22,6 @@ # along with this program. If not, see . # - - import samba.getopt as options import ldb import string @@ -127,15 +125,16 @@ class cmd_domain_info(Command): lp = sambaopts.get_loadparm() try: res = netcmd_get_domain_infos_via_cldap(lp, None, address) - print "Forest : %s" % res.forest - print "Domain : %s" % res.dns_domain - print "Netbios domain : %s" % res.domain_name - print "DC name : %s" % res.pdc_dns_name - print "DC netbios name : %s" % res.pdc_name - print "Server site : %s" % res.server_site - print "Client site : %s" % res.client_site except RuntimeError: raise CommandError("Invalid IP address '" + address + "'!") + self.outf.write("Forest : %s\n" % res.forest) + self.outf.write("Domain : %s\n" % res.dns_domain) + self.outf.write("Netbios domain : %s\n" % res.domain_name) + self.outf.write("DC name : %s\n" % res.pdc_dns_name) + self.outf.write("DC netbios name : %s\n" % res.pdc_name) + self.outf.write("Server site : %s\n" % res.server_site) + self.outf.write("Client site : %s\n" % res.client_site) + class cmd_domain_provision(Command): """Promotes an existing domain member or NT4 PDC to an AD DC""" @@ -220,38 +219,38 @@ class cmd_domain_provision(Command): takes_args = [] def run(self, sambaopts=None, credopts=None, versionopts=None, - interactive = None, - domain = None, - domain_guid = None, - domain_sid = None, - ntds_guid = None, - invocationid = None, - host_name = None, - host_ip = None, - host_ip6 = None, - adminpass = None, - krbtgtpass = None, - machinepass = None, - dns_backend = None, - dns_forwarder = None, - dnspass = None, - ldapadminpass = None, - root = None, - nobody = None, - wheel = None, - users = None, - quiet = None, - blank = None, - ldap_backend_type = None, - server_role = None, - function_level = None, - next_rid = None, - partitions_only = None, - targetdir = None, - ol_mmr_urls = None, - use_xattrs = None, - use_ntvfs = None, - use_rfc2307 = None): + interactive=None, + domain=None, + domain_guid=None, + domain_sid=None, + ntds_guid=None, + invocationid=None, + host_name=None, + host_ip=None, + host_ip6=None, + adminpass=None, + krbtgtpass=None, + machinepass=None, + dns_backend=None, + dns_forwarder=None, + dnspass=None, + ldapadminpass=None, + root=None, + nobody=None, + wheel=None, + users=None, + quiet=None, + blank=None, + ldap_backend_type=None, + server_role=None, + function_level=None, + next_rid=None, + partitions_only=None, + targetdir=None, + ol_mmr_urls=None, + use_xattrs=None, + use_ntvfs=None, + use_rfc2307=None): self.logger = self.get_logger("provision") if quiet: @@ -313,11 +312,11 @@ class cmd_domain_provision(Command): while True: adminpassplain = getpass("Administrator password: ") if not adminpassplain: - print >>sys.stderr, "Invalid administrator password." + self.errf.write("Invalid administrator password.\n") else: adminpassverify = getpass("Retype password: ") if not adminpassplain == adminpassverify: - print >>sys.stderr, "Sorry, passwords do not match." + self.errf.write("Sorry, passwords do not match.\n") else: adminpass = adminpassplain break @@ -422,7 +421,6 @@ class cmd_domain_provision(Command): handle.close() self.logger.warning("No nameserver found in %s" % RESOLV_CONF) - return None class cmd_domain_dcpromo(Command): @@ -477,16 +475,15 @@ class cmd_domain_dcpromo(Command): join_DC(server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, domain_critical_only=domain_critical_only, - machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, + machinepass=machinepass, use_ntvfs=use_ntvfs, + dns_backend=dns_backend, promote_existing=True) - return elif role == "RODC": join_RODC(server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, domain_critical_only=domain_critical_only, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, promote_existing=True) - return else: raise CommandError("Invalid role '%s' (possible values: DC, RODC)" % role) @@ -541,38 +538,35 @@ class cmd_domain_join(Command): role = role.upper() if role is None or role == "MEMBER": - (join_password, sid, domain_name) = net.join_member(domain, - netbios_name, - LIBNET_JOIN_AUTOMATIC, - machinepass=machinepass) + (join_password, sid, domain_name) = net.join_member( + domain, netbios_name, LIBNET_JOIN_AUTOMATIC, + machinepass=machinepass) - self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid)) - return + self.errf.write("Joined domain %s (%s)\n" % (domain_name, sid)) elif role == "DC": join_DC(server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, domain_critical_only=domain_critical_only, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) - return elif role == "RODC": join_RODC(server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, domain_critical_only=domain_critical_only, - machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) - return + machinepass=machinepass, use_ntvfs=use_ntvfs, + dns_backend=dns_backend) elif role == "SUBDOMAIN": netbios_domain = lp.get("workgroup") if parent_domain is None: parent_domain = ".".join(domain.split(".")[1:]) - join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain, parent_domain=parent_domain, - site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir, - machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) - return + join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain, + parent_domain=parent_domain, site=site, + netbios_name=netbios_name, netbios_domain=netbios_domain, + targetdir=targetdir, machinepass=machinepass, + use_ntvfs=use_ntvfs, dns_backend=dns_backend) else: raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role) - class cmd_domain_demote(Command): """Demote ourselves from the role of Domain Controller""" @@ -612,9 +606,9 @@ class cmd_domain_demote(Command): break ntds_guid = samdb.get_ntds_GUID() - msg = samdb.search(base=str(samdb.get_config_basedn()), scope=ldb.SCOPE_SUBTREE, - expression="(objectGUID=%s)" % ntds_guid, - attrs=['options']) + msg = samdb.search(base=str(samdb.get_config_basedn()), + scope=ldb.SCOPE_SUBTREE, expression="(objectGUID=%s)" % ntds_guid, + attrs=['options']) if len(msg) == 0 or "options" not in msg[0]: raise CommandError("Failed to find options on %s" % ntds_guid) @@ -627,10 +621,11 @@ class cmd_domain_demote(Command): if len(res) != 0: raise CommandError("Current DC is still the owner of %d role(s), use the role command to transfer roles to another DC" % len(res)) - print "Using %s as partner server for the demotion" % server + self.errf.write("Using %s as partner server for the demotion\n" % + server) (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) - print "Desactivating inbound replication" + self.errf.write("Desactivating inbound replication\n") nmsg = ldb.Message() nmsg.dn = msg[0].dn @@ -641,14 +636,17 @@ class cmd_domain_demote(Command): if not (dsa_options & DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL) and not samdb.am_rodc(): - print "Asking partner server %s to synchronize from us" % server + self.errf.write("Asking partner server %s to synchronize from us\n" + % server) for part in (samdb.get_schema_basedn(), samdb.get_config_basedn(), samdb.get_root_basedn()): try: sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), drsuapi.DRSUAPI_DRS_WRIT_REP) except drsException, e: - print "Error while demoting, re-enabling inbound replication" + self.errf.write( + "Error while demoting, " + "re-enabling inbound replication\n") dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") samdb.modify(nmsg) @@ -658,7 +656,7 @@ class cmd_domain_demote(Command): session_info=system_session(), credentials=creds, lp=lp) - print "Changing userControl and container" + self.errf.write("Changing userControl and container\n") res = remote_samdb.search(base=str(remote_samdb.get_root_basedn()), expression="(&(objectClass=user)(sAMAccountName=%s$))" % netbios_name.upper(), @@ -667,14 +665,16 @@ class cmd_domain_demote(Command): uac = int(str(res[0]["userAccountControl"])) except Exception, e: - print "Error while demoting, re-enabling inbound replication" - dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL - nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") - samdb.modify(nmsg) - raise CommandError("Error while changing account control", e) + self.errf.write( + "Error while demoting, re-enabling inbound replication\n") + dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL + nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") + samdb.modify(nmsg) + raise CommandError("Error while changing account control", e) if (len(res) != 1): - print "Error while demoting, re-enabling inbound replication" + self.errf.write( + "Error while demoting, re-enabling inbound replication") dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") samdb.modify(nmsg) @@ -695,7 +695,8 @@ class cmd_domain_demote(Command): try: remote_samdb.modify(msg) except Exception, e: - print "Error while demoting, re-enabling inbound replication" + self.errf.write( + "Error while demoting, re-enabling inbound replication") dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") samdb.modify(nmsg) @@ -721,7 +722,8 @@ class cmd_domain_demote(Command): scope=ldb.SCOPE_ONELEVEL) if i == 100: - print "Error while demoting, re-enabling inbound replication" + self.errf.write( + "Error while demoting, re-enabling inbound replication\n") dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") samdb.modify(nmsg) @@ -745,7 +747,8 @@ class cmd_domain_demote(Command): newdn = ldb.Dn(remote_samdb, "%s,%s" % (newrdn, str(computer_dn))) remote_samdb.rename(dc_dn, newdn) except Exception, e: - print "Error while demoting, re-enabling inbound replication" + self.errf.write( + "Error while demoting, re-enabling inbound replication\n") dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") samdb.modify(nmsg) @@ -767,7 +770,8 @@ class cmd_domain_demote(Command): try: sendRemoveDsServer(drsuapiBind, drsuapi_handle, server_dsa_dn, domain) except drsException, e: - print "Error while demoting, re-enabling inbound replication" + self.errf.write( + "Error while demoting, re-enabling inbound replication\n") dsa_options ^= DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL nmsg["options"] = ldb.MessageElement(str(dsa_options), ldb.FLAG_MOD_REPLACE, "options") samdb.modify(nmsg) @@ -802,7 +806,7 @@ class cmd_domain_demote(Command): except ldb.LdbError, l: pass - self.outf.write("Demote successfull\n") + self.errf.write("Demote successfull\n") class cmd_domain_level(Command): diff --git a/source4/scripting/python/samba/netcmd/sites.py b/source4/scripting/python/samba/netcmd/sites.py index 49a9f9d..bf644f0 100644 --- a/source4/scripting/python/samba/netcmd/sites.py +++ b/source4/scripting/python/samba/netcmd/sites.py @@ -16,8 +16,6 @@ # along with this program. If not, see . # - - import os from samba import sites from samba.samdb import SamDB @@ -92,7 +90,8 @@ class cmd_sites_delete(Command): samdb.transaction_commit() except sites.SiteException, e: samdb.transaction_cancel() - raise CommandError("Error while removing site %s, error: %s" % (sitename, str(e))) + raise CommandError( + "Error while removing site %s, error: %s" % (sitename, str(e))) self.outf.write("Site %s removed!\n" % sitename) diff --git a/source4/scripting/python/samba/netcmd/spn.py b/source4/scripting/python/samba/netcmd/spn.py index 29fc4ce..79fa699 100644 --- a/source4/scripting/python/samba/netcmd/spn.py +++ b/source4/scripting/python/samba/netcmd/spn.py @@ -53,9 +53,9 @@ class cmd_spn_list(Command): # to the correct domain (cleaneduser, realm, domain) = _get_user_realm_domain(user) self.outf.write(cleaneduser+"\n") - res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser), - scope=ldb.SCOPE_SUBTREE, - attrs=["servicePrincipalName"]) + res = sam.search( + expression="samaccountname=%s" % ldb.binary_encode(cleaneduser), + scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName"]) if len(res) >0: spns = res[0].get("servicePrincipalName") found = False @@ -89,23 +89,24 @@ class cmd_spn_add(Command): ] takes_args = ["name", "user"] - def run(self, name, user, force=False, credopts=None, sambaopts=None, versionopts=None): + def run(self, name, user, force=False, credopts=None, sambaopts=None, + versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) paths = provision.provision_paths_from_lp(lp, lp.get("realm")) sam = SamDB(paths.samdb, session_info=system_session(), credentials=creds, lp=lp) - res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name), - scope=ldb.SCOPE_SUBTREE, - ) + res = sam.search( + expression="servicePrincipalName=%s" % ldb.binary_encode(name), + scope=ldb.SCOPE_SUBTREE) if len(res) != 0 and not force: raise CommandError("Service principal %s already" " affected to another user" % name) (cleaneduser, realm, domain) = _get_user_realm_domain(user) - res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser), - scope=ldb.SCOPE_SUBTREE, - attrs=["servicePrincipalName"]) + res = sam.search( + expression="samaccountname=%s" % ldb.binary_encode(cleaneduser), + scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName"]) if len(res) >0: res[0].dn msg = ldb.Message() @@ -145,15 +146,17 @@ class cmd_spn_delete(Command): takes_args = ["name", "user?"] - def run(self, name, user=None, credopts=None, sambaopts=None, versionopts=None): + def run(self, name, user=None, credopts=None, sambaopts=None, + versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) paths = provision.provision_paths_from_lp(lp, lp.get("realm")) sam = SamDB(paths.samdb, session_info=system_session(), credentials=creds, lp=lp) - res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name), - scope=ldb.SCOPE_SUBTREE, - attrs=["servicePrincipalName", "samAccountName"]) + res = sam.search( + expression="servicePrincipalName=%s" % ldb.binary_encode(name), + scope=ldb.SCOPE_SUBTREE, + attrs=["servicePrincipalName", "samAccountName"]) if len(res) >0: result = None if user is not None: diff --git a/source4/scripting/python/samba/netcmd/testparm.py b/source4/scripting/python/samba/netcmd/testparm.py index 5cb75e2..53357e4 100644 --- a/source4/scripting/python/samba/netcmd/testparm.py +++ b/source4/scripting/python/samba/netcmd/testparm.py @@ -70,11 +70,10 @@ class cmd_testparm(Command): takes_args = [] - def run(self, sambaopts, versionopts, - section_name=None, parameter_name=None, - client_ip=None, client_name=None, verbose=False, - suppress_prompt=None, - show_all_parameters=False, server=None): + def run(self, sambaopts, versionopts, section_name=None, + parameter_name=None, client_ip=None, client_name=None, + verbose=False, suppress_prompt=None, show_all_parameters=False, + server=None): if server: raise NotImplementedError("--server not yet implemented") if show_all_parameters: @@ -100,7 +99,8 @@ class cmd_testparm(Command): else: if section_name is not None or parameter_name is not None: if parameter_name is None: - lp[section_name].dump(sys.stdout, lp.default_service, verbose) + lp[section_name].dump(sys.stdout, lp.default_service, + verbose) else: self.outf.write(lp.get(parameter_name, section_name)+"\n") else: @@ -148,8 +148,9 @@ class cmd_testparm(Command): valid = False if winbind_separator == '+': - logger.error("'winbind separator = +' might cause problems with group " - "membership.") + logger.error( + "'winbind separator = +' might cause problems with group " + "membership.") valid = False return valid @@ -161,7 +162,8 @@ class cmd_testparm(Command): valid = True for s in lp.services(): if len(s) > 12: - logger.warning("You have some share names that are longer than 12 " + logger.warning( + "You have some share names that are longer than 12 " "characters. These may not be accessible to some older " "clients. (Eg. Windows9x, WindowsMe, and not listed in " "smbclient in Samba 3.0.)") diff --git a/source4/scripting/python/samba/netcmd/time.py b/source4/scripting/python/samba/netcmd/time.py index 92a7025..8f186bd 100644 --- a/source4/scripting/python/samba/netcmd/time.py +++ b/source4/scripting/python/samba/netcmd/time.py @@ -49,7 +49,8 @@ Example2 return the date and time of the local server. takes_args = ["server_name?"] - def run(self, server_name=None, credopts=None, sambaopts=None, versionopts=None): + def run(self, server_name=None, credopts=None, sambaopts=None, + versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) net = Net(creds, lp, server=credopts.ipaddress) diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py index 6ba6150..1172f4e 100644 --- a/source4/scripting/python/samba/netcmd/user.py +++ b/source4/scripting/python/samba/netcmd/user.py @@ -107,11 +107,13 @@ Example3 shows how to create a new user in the OrgUnit organizational unit. } def run(self, username, password=None, credopts=None, sambaopts=None, - versionopts=None, H=None, must_change_at_next_login=False, random_password=False, - use_username_as_cn=False, userou=None, surname=None, given_name=None, initials=None, - profile_path=None, script_path=None, home_drive=None, home_directory=None, + versionopts=None, H=None, must_change_at_next_login=False, + random_password=False, use_username_as_cn=False, userou=None, + surname=None, given_name=None, initials=None, profile_path=None, + script_path=None, home_drive=None, home_directory=None, job_title=None, department=None, company=None, description=None, - mail_address=None, internet_address=None, telephone_number=None, physical_delivery_office=None): + mail_address=None, internet_address=None, telephone_number=None, + physical_delivery_office=None): if random_password: password = generate_random_password(128, 255) @@ -131,8 +133,7 @@ Example3 shows how to create a new user in the OrgUnit organizational unit. try: samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - samdb.newuser(username, password, - force_password_change_at_next_login_req=must_change_at_next_login, + samdb.newuser(username, password, force_password_change_at_next_login_req=must_change_at_next_login, useusernameascn=use_username_as_cn, userou=userou, surname=surname, givenname=given_name, initials=initials, profilepath=profile_path, homedrive=home_drive, scriptpath=script_path, homedirectory=home_directory, jobtitle=job_title, department=department, company=company, description=description, @@ -147,10 +148,13 @@ Example3 shows how to create a new user in the OrgUnit organizational unit. class cmd_user_add(cmd_user_create): __doc__ = cmd_user_create.__doc__ # take this print out after the add subcommand is removed. - # the add subcommand is deprecated but left in for now to allow people to migrate to create + # the add subcommand is deprecated but left in for now to allow people to + # migrate to create def run(self, *args, **kwargs): - self.err.write("\nNote: samba-tool user add is deprecated. Please use samba-tool user create for the same function.\n") + self.err.write( + "Note: samba-tool user add is deprecated. " + "Please use samba-tool user create for the same function.\n") return super(self, cmd_user_add).run(*args, **kwargs) @@ -188,7 +192,8 @@ Example2 shows how to delete a user in the domain against the local server. su "versionopts": options.VersionOptions, } - def run(self, username, credopts=None, sambaopts=None, versionopts=None, H=None): + def run(self, username, credopts=None, sambaopts=None, versionopts=None, + H=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) -- 1.7.9.5 From b6113d78f24237b47f9b820c6be99e8af040f626 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Sep 2012 14:18:51 +0200 Subject: [PATCH 08/36] s4-python: Formatting fixes, break lines. Autobuild-User(master): Jelmer Vernooij Autobuild-Date(master): Sun Sep 16 15:58:04 CEST 2012 on sn-devel-104 (cherry picked from commit c0d4f2462f75e0bc0545402b76984b4e6fcb13f1) --- source4/scripting/python/samba/idmap.py | 2 - source4/scripting/python/samba/join.py | 51 ++++++++++---------- source4/scripting/python/samba/samba3/__init__.py | 5 ++ source4/scripting/python/samba/samdb.py | 1 - source4/scripting/python/samba/sd_utils.py | 9 ++-- source4/scripting/python/samba/tests/dns.py | 5 +- source4/scripting/python/samba/tests/gensec.py | 2 +- source4/scripting/python/samba/tests/hostconfig.py | 4 +- source4/scripting/python/samba/tests/messaging.py | 2 +- source4/scripting/python/samba/tests/posixacl.py | 6 +-- source4/scripting/python/samba/tests/provision.py | 12 +++-- source4/scripting/python/samba/tests/registry.py | 2 +- source4/scripting/python/samba/tests/samba3.py | 1 + source4/scripting/python/samba/upgrade.py | 17 ++++--- 14 files changed, 69 insertions(+), 50 deletions(-) diff --git a/source4/scripting/python/samba/idmap.py b/source4/scripting/python/samba/idmap.py index b651b20..0cb729f 100644 --- a/source4/scripting/python/samba/idmap.py +++ b/source4/scripting/python/samba/idmap.py @@ -96,5 +96,3 @@ cn: %s """ % (sid, unixid, sid, type_string, sid) self.add(self.parse_ldif(mod).next()[1]) - - diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index ac822fb..5ddc5db 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -44,7 +44,7 @@ class DCJoinException(Exception): class dc_join(object): - '''perform a DC join''' + """Perform a DC join.""" def __init__(ctx, server=None, creds=None, lp=None, site=None, netbios_name=None, targetdir=None, domain=None, @@ -166,7 +166,7 @@ class dc_join(object): pass def cleanup_old_join(ctx): - '''remove any DNs from a previous join''' + """Remove any DNs from a previous join.""" try: # find the krbtgt link print("checking sAMAccountName") @@ -219,7 +219,7 @@ class dc_join(object): pass def promote_possible(ctx): - '''confirm that the account is just a bare NT4 BDC or a member server, so can be safely promoted''' + """confirm that the account is just a bare NT4 BDC or a member server, so can be safely promoted""" if ctx.subdomain: # This shouldn't happen raise Exception("Can not promote into a subdomain") @@ -233,12 +233,12 @@ class dc_join(object): raise Exception("Account '%s' appears to be an active DC, use 'samba-tool domain join' if you must re-create this account" % ctx.samname) if (int(res[0]["userAccountControl"][0]) & (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT|samba.dsdb.UF_SERVER_TRUST_ACCOUNT) == 0): raise Exception("Account %s is not a domain member or a bare NT4 BDC, use 'samba-tool domain join' instead'" % ctx.samname) - + ctx.promote_from_dn = res[0].dn def find_dc(ctx, domain): - '''find a writeable DC for the given domain''' + """find a writeable DC for the given domain""" try: ctx.cldap_ret = ctx.net.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE) except Exception: @@ -484,7 +484,7 @@ class dc_join(object): rec["msDS-NeverRevealGroup"] = ctx.never_reveal_sid elif ctx.promote_existing: rec["msDS-NeverRevealGroup"] = [] - + if ctx.reveal_sid: rec["msDS-RevealOnDemandGroup"] = ctx.reveal_sid elif ctx.promote_existing: @@ -579,7 +579,7 @@ class dc_join(object): ctx.samdb.modify(m) def join_add_objects2(ctx): - '''add the various objects needed for the join, for subdomains post replication''' + """add the various objects needed for the join, for subdomains post replication""" print "Adding %s" % ctx.partition_dn # NOTE: windows sends a ntSecurityDescriptor here, we @@ -638,7 +638,7 @@ class dc_join(object): replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP) def join_provision(ctx): - '''provision the local SAM''' + """Provision the local SAM.""" print "Calling bare provision" @@ -662,7 +662,7 @@ class dc_join(object): ctx.names = presult.names def join_provision_own_domain(ctx): - '''provision the local SAM''' + """Provision the local SAM.""" # we now operate exclusively on the local database, which # we need to reopen in order to get the newly created schema @@ -697,7 +697,7 @@ class dc_join(object): print("Provision OK for domain %s" % ctx.names.dnsdomain) def join_replicate(ctx): - '''replicate the SAM''' + """Replicate the SAM.""" print "Starting replication" ctx.local_samdb.transaction_start() @@ -790,7 +790,7 @@ class dc_join(object): ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r) def join_finalise(ctx): - '''finalise the join, mark us synchronised and setup secrets db''' + """Finalise the join, mark us synchronised and setup secrets db.""" logger = logging.getLogger("provision") logger.addHandler(logging.StreamHandler(sys.stdout)) @@ -858,7 +858,7 @@ class dc_join(object): targetdir=ctx.targetdir) def join_setup_trusts(ctx): - '''provision the local SAM''' + """provision the local SAM.""" def arcfour_encrypt(key, data): from Crypto.Cipher import ARC4 @@ -988,7 +988,7 @@ class dc_join(object): ctx.promote_possible() else: ctx.cleanup_old_join() - + try: ctx.join_add_objects() ctx.join_provision() @@ -1008,7 +1008,7 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, targetdir=None, domain=None, domain_critical_only=False, machinepass=None, use_ntvfs=False, dns_backend=None, promote_existing=False): - """join as a RODC""" + """Join as a RODC.""" ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, machinepass, use_ntvfs, dns_backend, promote_existing) @@ -1022,11 +1022,12 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn) # setup some defaults for accounts that should be replicated to this RODC - ctx.never_reveal_sid = [ "" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY), - "" % security.SID_BUILTIN_ADMINISTRATORS, - "" % security.SID_BUILTIN_SERVER_OPERATORS, - "" % security.SID_BUILTIN_BACKUP_OPERATORS, - "" % security.SID_BUILTIN_ACCOUNT_OPERATORS ] + ctx.never_reveal_sid = [ + "" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY), + "" % security.SID_BUILTIN_ADMINISTRATORS, + "" % security.SID_BUILTIN_SERVER_OPERATORS, + "" % security.SID_BUILTIN_BACKUP_OPERATORS, + "" % security.SID_BUILTIN_ACCOUNT_OPERATORS] ctx.reveal_sid = "" % (ctx.domsid, security.DOMAIN_RID_RODC_ALLOW) mysid = ctx.get_mysid() @@ -1055,7 +1056,6 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, ctx.do_join() - print "Joined domain %s (SID %s) as an RODC" % (ctx.domain_name, ctx.domsid) @@ -1063,7 +1063,7 @@ def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, targetdir=None, domain=None, domain_critical_only=False, machinepass=None, use_ntvfs=False, dns_backend=None, promote_existing=False): - """join as a DC""" + """Join as a DC.""" ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, machinepass, use_ntvfs, dns_backend, promote_existing) @@ -1090,10 +1090,11 @@ def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, ctx.do_join() print "Joined domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid) -def join_subdomain(server=None, creds=None, lp=None, site=None, netbios_name=None, - targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None, - machinepass=None, use_ntvfs=False, dns_backend=None): - """join as a DC""" +def join_subdomain(server=None, creds=None, lp=None, site=None, + netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None, + netbios_domain=None, machinepass=None, use_ntvfs=False, + dns_backend=None): + """Join as a DC.""" ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain, machinepass, use_ntvfs, dns_backend) ctx.subdomain = True diff --git a/source4/scripting/python/samba/samba3/__init__.py b/source4/scripting/python/samba/samba3/__init__.py index 14db90a..acccff4 100644 --- a/source4/scripting/python/samba/samba3/__init__.py +++ b/source4/scripting/python/samba/samba3/__init__.py @@ -137,6 +137,7 @@ IDMAP_VERSION_V2 = 2 class IdmapDatabase(TdbDatabase): """Samba 3 ID map database reader.""" + def _check_version(self): assert fetch_int32(self.tdb, "IDMAP_VERSION\0") == IDMAP_VERSION_V2 @@ -199,6 +200,7 @@ class IdmapDatabase(TdbDatabase): class SecretsDatabase(TdbDatabase): """Samba 3 Secrets database reader.""" + def get_auth_password(self): return self.tdb.get("SECRETS/AUTH_PASSWORD") @@ -261,8 +263,10 @@ class SecretsDatabase(TdbDatabase): SHARE_DATABASE_VERSION_V1 = 1 SHARE_DATABASE_VERSION_V2 = 2 + class ShareInfoDatabase(TdbDatabase): """Samba 3 Share Info database reader.""" + def _check_version(self): assert fetch_int32(self.tdb, "INFO/version\0") in (SHARE_DATABASE_VERSION_V1, SHARE_DATABASE_VERSION_V2) @@ -355,6 +359,7 @@ class WinsDatabase(object): class Samba3(object): """Samba 3 configuration and state data reader.""" + def __init__(self, smbconfpath, s3_lp_ctx=None): """Open the configuration and data for a Samba 3 installation. diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 7db1b00..d83e0a6 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -431,7 +431,6 @@ member: %s else: self.transaction_commit() - def setpassword(self, search_filter, password, force_change_at_next_login=False, username=None): """Sets the password for a user diff --git a/source4/scripting/python/samba/sd_utils.py b/source4/scripting/python/samba/sd_utils.py index 61e5980..ded9bfc 100644 --- a/source4/scripting/python/samba/sd_utils.py +++ b/source4/scripting/python/samba/sd_utils.py @@ -26,15 +26,14 @@ from samba.dcerpc import security class SDUtils(object): - """Some utilities for manipulation of security descriptors - on objects""" + """Some utilities for manipulation of security descriptors on objects.""" def __init__(self, samdb): self.ldb = samdb self.domain_sid = security.dom_sid(self.ldb.get_domain_sid()) def modify_sd_on_dn(self, object_dn, sd, controls=None): - """ Modify security descriptor using either SDDL string + """Modify security descriptor using either SDDL string or security.descriptor object """ m = Message() @@ -61,7 +60,7 @@ class SDUtils(object): return ndr_unpack(security.dom_sid, res[0]["objectSid"][0]) def dacl_add_ace(self, object_dn, ace): - """ Adds an ACE to an objects security descriptor + """Add an ACE to an objects security descriptor """ desc = self.read_sd_on_dn(object_dn) desc_sddl = desc.as_sddl(self.domain_sid) @@ -75,7 +74,7 @@ class SDUtils(object): self.modify_sd_on_dn(object_dn, desc_sddl) def get_sd_as_sddl(self, object_dn, controls=None): - """ Return object nTSecutiryDescriptor in SDDL format + """Return object nTSecutiryDescriptor in SDDL format """ desc = self.read_sd_on_dn(object_dn, controls=controls) return desc.as_sddl(self.domain_sid) diff --git a/source4/scripting/python/samba/tests/dns.py b/source4/scripting/python/samba/tests/dns.py index 79d8736..6433b9f 100644 --- a/source4/scripting/python/samba/tests/dns.py +++ b/source4/scripting/python/samba/tests/dns.py @@ -112,7 +112,9 @@ class DNSTest(TestCase): if s is not None: s.close() + class TestSimpleQueries(DNSTest): + def test_one_a_query(self): "create a query packet containing one query record" p = self.make_name_packet(dns.DNS_OPCODE_QUERY) @@ -240,6 +242,7 @@ class TestSimpleQueries(DNSTest): class TestDNSUpdates(DNSTest): + def test_two_updates(self): "create two update requests" p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) @@ -429,7 +432,6 @@ class TestDNSUpdates(DNSTest): self.assertEquals(response.ancount, 1) self.assertEquals(response.answers[0].rdata.txt, '"This is a test" "and this is a test, too"') - def test_delete_record(self): "Test if deleting records works" @@ -510,6 +512,7 @@ class TestDNSUpdates(DNSTest): class TestComplexQueries(DNSTest): + def setUp(self): super(TestComplexQueries, self).setUp() p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) diff --git a/source4/scripting/python/samba/tests/gensec.py b/source4/scripting/python/samba/tests/gensec.py index 02302a8..712f177 100644 --- a/source4/scripting/python/samba/tests/gensec.py +++ b/source4/scripting/python/samba/tests/gensec.py @@ -67,7 +67,7 @@ class GensecTests(samba.tests.TestCase): client_finished = False server_finished = False server_to_client = "" - + """Run the actual call loop""" while client_finished == False and server_finished == False: if not client_finished: diff --git a/source4/scripting/python/samba/tests/hostconfig.py b/source4/scripting/python/samba/tests/hostconfig.py index 85cb1df..526dc0f 100644 --- a/source4/scripting/python/samba/tests/hostconfig.py +++ b/source4/scripting/python/samba/tests/hostconfig.py @@ -57,7 +57,9 @@ class ShareTests(TestCase): def test_iter(self): self.assertEquals([], list(self._get_shares({}))) self.assertEquals([], list(self._get_shares({"global":{}}))) - self.assertEquals(["bla"], list(self._get_shares({"global":{}, "bla":{}}))) + self.assertEquals( + ["bla"], + list(self._get_shares({"global":{}, "bla":{}}))) def test_len(self): shares = self._get_shares({"global": {}}) diff --git a/source4/scripting/python/samba/tests/messaging.py b/source4/scripting/python/samba/tests/messaging.py index b6c9a0ab..fd9aa8e 100644 --- a/source4/scripting/python/samba/tests/messaging.py +++ b/source4/scripting/python/samba/tests/messaging.py @@ -26,7 +26,7 @@ class MessagingTests(TestCase): def get_context(self, *args, **kwargs): return Messaging(*args, **kwargs) - + def test_register(self): x = self.get_context() def callback(): diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index b323f91..066cc97 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -18,10 +18,10 @@ """Tests for the Samba3 NT -> posix ACL layer""" -from samba.ntacls import setntacl, getntacl, XattrBackendError +from samba.ntacls import setntacl, getntacl from samba.dcerpc import xattr, security, smb_acl, idmap from samba.param import LoadParm -from samba.tests import TestCase, TestSkipped +from samba.tests import TestCase from samba import provision import random import os @@ -34,7 +34,7 @@ from samba.samba3 import param as s3param # print "a_perm: %o" % entry.a_perm # print "uid: %d" % entry.uid # print "gid: %d" % entry.gid - + class PosixAclMappingTests(TestCase): def test_setntacl(self): diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py index 9375f91..408c988 100644 --- a/source4/scripting/python/samba/tests/provision.py +++ b/source4/scripting/python/samba/tests/provision.py @@ -135,9 +135,15 @@ class SanitizeServerRoleTests(TestCase): self.assertRaises(ValueError, sanitize_server_role, "foo") def test_valid(self): - self.assertEquals("standalone server", sanitize_server_role("ROLE_STANDALONE")) - self.assertEquals("standalone server", sanitize_server_role("standalone")) - self.assertEquals("active directory domain controller", sanitize_server_role("domain controller")) + self.assertEquals( + "standalone server", + sanitize_server_role("ROLE_STANDALONE")) + self.assertEquals( + "standalone server", + sanitize_server_role("standalone")) + self.assertEquals( + "active directory domain controller", + sanitize_server_role("domain controller")) class DummyLogger(object): diff --git a/source4/scripting/python/samba/tests/registry.py b/source4/scripting/python/samba/tests/registry.py index 73fe06d..8016a0b 100644 --- a/source4/scripting/python/samba/tests/registry.py +++ b/source4/scripting/python/samba/tests/registry.py @@ -24,7 +24,7 @@ import samba.tests class HelperTests(samba.tests.TestCase): def test_predef_to_name(self): - self.assertEquals("HKEY_LOCAL_MACHINE", + self.assertEquals("HKEY_LOCAL_MACHINE", registry.get_predef_name(0x80000002)) def test_str_regtype(self): diff --git a/source4/scripting/python/samba/tests/samba3.py b/source4/scripting/python/samba/tests/samba3.py index 239a4b0..d83db0f 100644 --- a/source4/scripting/python/samba/tests/samba3.py +++ b/source4/scripting/python/samba/tests/samba3.py @@ -28,6 +28,7 @@ from samba.tests import TestCase, TestCaseInTempDir from samba.dcerpc.security import dom_sid import os + for p in [ "../../../../../testdata/samba3", "../../../../testdata/samba3" ]: DATADIR = os.path.join(os.path.dirname(__file__), p) if os.path.exists(DATADIR): diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 6b6a188..05d0dd6 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -32,7 +32,6 @@ from samba.samba3 import param as s3param from samba.dcerpc import lsa, samr, security from samba.dcerpc.security import dom_sid from samba.credentials import Credentials -from samba.auth import system_session from samba import dsdb from samba.ndr import ndr_pack from samba import unix2nttime @@ -93,7 +92,9 @@ def import_sam_policy(samdb, policy, logger): except ldb.LdbError, e: logger.warn("Could not set account policy, (%s)", str(e)) -def add_posix_attrs(logger, samdb, sid, name, nisdomain, xid_type, home=None, shell=None, pgid=None): + +def add_posix_attrs(logger, samdb, sid, name, nisdomain, xid_type, home=None, + shell=None, pgid=None): """Add posix attributes for the user/group :param samdb: Samba4 sam.ldb database @@ -156,6 +157,7 @@ def add_ad_posix_idmap_entry(samdb, sid, xid, xid_type, logger): 'Could not modify AD idmap entry for sid=%s, id=%s, type=%s (%s)', str(sid), str(xid), xid_type, str(e)) + def add_idmap_entry(idmapdb, sid, xid, xid_type, logger): """Create idmap entry @@ -545,8 +547,9 @@ def get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, user, attr): logger.warning("LDAP entry for user %s contains more than one %s", user, attr) return None -def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=False, dns_backend=None, - use_ntvfs=False): + +def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, + useeadb=False, dns_backend=None, use_ntvfs=False): """Upgrade from samba3 database to samba4 AD database :param samba3: samba3 object @@ -904,8 +907,10 @@ Please fix this account before attempting to upgrade again logger.info("Administrator password has been set to password of user '%s'", admin_user) if result.server_role == "active directory domain controller": - setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol, result.paths.root_uid, result.paths.wheel_gid, - security.dom_sid(result.domainsid), result.names.dnsdomain, result.names.domaindn, result.lp, use_ntvfs) + setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol, + result.paths.root_uid, result.paths.wheel_gid, + security.dom_sid(result.domainsid), result.names.dnsdomain, + result.names.domaindn, result.lp, use_ntvfs) # FIXME: import_registry(registry.Registry(), samba3.get_registry()) # FIXME: shares -- 1.7.9.5 From 5c9f3d8217d58e30687c4223931a42642b3075a1 Mon Sep 17 00:00:00 2001 From: Daniele Dario Date: Thu, 20 Sep 2012 15:05:13 +0200 Subject: [PATCH 09/36] Correct command help message Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Sep 20 16:55:17 CEST 2012 on sn-devel-104 (cherry picked from commit 48e6da64fd6cdd055008c7d3e42e8245435f422e) --- source4/scripting/python/samba/netcmd/ntacl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index 92239a7..e596ce9 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -94,7 +94,7 @@ class cmd_ntacl_set(Command): class cmd_ntacl_get(Command): - """Set ACLs on a file""" + """Get ACLs of a file""" synopsis = "%prog [options]" takes_optiongroups = { -- 1.7.9.5 From 6080894b889024855ff6821eb5138988c3e22661 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Sep 2012 08:21:27 +0200 Subject: [PATCH 10/36] samba-tool domain-provision: Fix docstring. (cherry picked from commit 61ce3e871a1fc1d16202d337d74c2e10f64b2c86) --- source4/scripting/python/samba/netcmd/domain.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 5644c7d..ad0ca58 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -137,9 +137,9 @@ class cmd_domain_info(Command): class cmd_domain_provision(Command): - """Promotes an existing domain member or NT4 PDC to an AD DC""" + """Provision a domain.""" - synopsis = "%prog [DC|RODC] [options]" + synopsis = "%prog [options]" takes_optiongroups = { "sambaopts": options.SambaOptions, -- 1.7.9.5 From 1e761b641daa9b1cd3ef85b4fa9e5fbd16ec12e0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Sep 2012 08:26:12 +0200 Subject: [PATCH 11/36] samba-tool domain-provision: Avoid python2.5-isms. (cherry picked from commit 6641d76562db10e6289c5e819b1296d8f6df37bf) --- source4/scripting/python/samba/netcmd/domain.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index ad0ca58..2e8d7c9 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -265,7 +265,10 @@ class cmd_domain_provision(Command): creds.set_kerberos_state(DONT_USE_KERBEROS) - suggested_forwarder = dns_forwarder is None and self._get_nameserver_ip() or dns_forwarder + if (dns_forwarder is None and self._get_nameserver_ip() or dns_forwarder): + suggested_forwarder = True + else: + suggested_forwarder = False if len(self.raw_argv) == 1: interactive = True -- 1.7.9.5 From e499eff1a5a1924d683ee6f5154ea3faeab2366b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Sep 2012 23:02:05 +0200 Subject: [PATCH 12/36] samba-tool domain provision: DNS forwarder is not a boolean. Autobuild-User(master): Jelmer Vernooij Autobuild-Date(master): Tue Sep 25 00:48:43 CEST 2012 on sn-devel-104 (cherry picked from commit f44ad3671876802a42846597be901257633e8ca3) --- source4/scripting/python/samba/netcmd/domain.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 2e8d7c9..4c76f0b 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -265,10 +265,10 @@ class cmd_domain_provision(Command): creds.set_kerberos_state(DONT_USE_KERBEROS) - if (dns_forwarder is None and self._get_nameserver_ip() or dns_forwarder): - suggested_forwarder = True + if dns_forwarder is not None: + suggested_forwarder = dns_forwarder else: - suggested_forwarder = False + suggested_forwarder = self._get_nameserver_ip() if len(self.raw_argv) == 1: interactive = True -- 1.7.9.5 From ba7a726f9a24553706ce596ad16fe91b3ff1dc91 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Sep 2012 20:49:22 +0200 Subject: [PATCH 13/36] s4-python: Override SIGINT handler in scripts only. Override the SIGINT handler in a few select cases only, rather than doing so in one of the samba Python modules. I've done this where it matters most; we can add this code to other scripts too if necessary. This means that importing the 'samba' module from a third party application does not have side-effects on the state of the signal handlers. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9068 (cherry picked from commit fa332b71dc71d23f1475ed6c25a6376934ab652a) --- source4/scripting/bin/samba-tool | 7 +++++++ source4/scripting/bin/samba_upgradeprovision | 6 ++++++ source4/scripting/bin/smbstatus | 8 +++++++- source4/scripting/bin/subunitrun | 6 ++++++ source4/scripting/python/pyglue.c | 7 ------- 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/source4/scripting/bin/samba-tool b/source4/scripting/bin/samba-tool index 8ec6514b..bb96626 100755 --- a/source4/scripting/bin/samba-tool +++ b/source4/scripting/bin/samba-tool @@ -1,6 +1,7 @@ #!/usr/bin/env python # Unix SMB/CIFS implementation. +# Copyright (C) Jelmer Vernooij 2008-2012 # Copyright (C) Amitay Isaacs 2011 # Copyright (C) Giampaolo Lauria 2011 # @@ -23,6 +24,12 @@ import sys # Find right direction when running from source tree sys.path.insert(0, "bin/python") +# make sure the script dies immediately when hitting control-C, +# rather than raising KeyboardInterrupt. As we do all database +# operations using transactions, this is safe. +import signal +signal.signal(signal.SIGINT, signal.SIG_DFL) + from samba.netcmd.main import cmd_sambatool cmd = cmd_sambatool() subcommand = None diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index 344d7f5..54ffbea 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -66,6 +66,12 @@ from samba.upgradehelpers import (dn_sort, get_paths, newprovision, print_provision_ranges) from samba.xattr import copytree_with_xattrs +# make sure the script dies immediately when hitting control-C, +# rather than raising KeyboardInterrupt. As we do all database +# operations using transactions, this is safe. +import signal +signal.signal(signal.SIGINT, signal.SIG_DFL) + replace=2**FLAG_MOD_REPLACE add=2**FLAG_MOD_ADD delete=2**FLAG_MOD_DELETE diff --git a/source4/scripting/bin/smbstatus b/source4/scripting/bin/smbstatus index 055753b..7ff98df 100755 --- a/source4/scripting/bin/smbstatus +++ b/source4/scripting/bin/smbstatus @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- # # provide information on connected users and open files -# Copyright Ç’ Jelmer Vernooij 2008 +# Copyright (c) Jelmer Vernooij 2008 # # Based on the original in EJS: # Copyright Andrew Tridgell 2005 @@ -11,6 +11,12 @@ import os, sys +# make sure the script dies immediately when hitting control-C, +# rather than raising KeyboardInterrupt. As we do all database +# operations using transactions, this is safe. +import signal +signal.signal(signal.SIGINT, signal.SIG_DFL) + sys.path.insert(0, "bin/python") import optparse diff --git a/source4/scripting/bin/subunitrun b/source4/scripting/bin/subunitrun index df46b08..15a78bf 100755 --- a/source4/scripting/bin/subunitrun +++ b/source4/scripting/bin/subunitrun @@ -28,6 +28,12 @@ import sys +# make sure the script dies immediately when hitting control-C, +# rather than raising KeyboardInterrupt. As we do all database +# operations using transactions, this is safe. +import signal +signal.signal(signal.SIGINT, signal.SIG_DFL) + # Find right directory when running from source tree sys.path.insert(0, "bin/python") diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index cc312ba..c21de46 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -244,12 +244,5 @@ void init_glue(void) PyModule_AddObject(m, "version", PyString_FromString(SAMBA_VERSION_STRING)); - - /* one of the most annoying things about python scripts is - that they don't die when you hit control-C. This fixes that - sillyness. As we do all database operations using - transactions, this is also safe. - */ - signal(SIGINT, SIG_DFL); } -- 1.7.9.5 From ab9cc27be6bf34cbe8f95bc9248ae61fb90188fc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2012 10:40:17 +1000 Subject: [PATCH 14/36] selftest: Remove invalid security=share and rename secshare to simpleserver This avoids the loadparm code failing due to the invalid smb.conf entry, and removes the very last hint of security=share! Andrew Bartlett (cherry picked from commit b320e7f93b5905558efa879992c125af66f0043c) --- selftest/target/Samba3.pm | 13 ++++++------- source3/selftest/tests.py | 6 +++--- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c1f8fbd..ef22b02 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -153,8 +153,8 @@ sub setup_env($$$) if ($envname eq "s3dc") { return $self->setup_s3dc("$path/s3dc"); - } elsif ($envname eq "secshare") { - return $self->setup_secshare("$path/secshare"); + } elsif ($envname eq "simpleserver") { + return $self->setup_simpleserver("$path/simpleserver"); } elsif ($envname eq "maptoguest") { return $self->setup_maptoguest("$path/maptoguest"); } elsif ($envname eq "ktest") { @@ -337,7 +337,7 @@ sub setup_admember($$$$) return $ret; } -sub setup_secshare($$) +sub setup_simpleserver($$) { my ($self, $path) = @_; my $vfs_modulesdir_abs = $ENV{VFSLIBDIR}; @@ -346,8 +346,7 @@ sub setup_secshare($$) my $prefix_abs = abs_path($path); - my $secshare_options = " - security = share + my $simpleserver_options = " lanman auth = yes vfs objects = $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so @@ -361,7 +360,7 @@ sub setup_secshare($$) my $vars = $self->provision($path, "LOCALSHARE4", "local4pass", - $secshare_options); + $simpleserver_options); $vars or return undef; @@ -371,7 +370,7 @@ sub setup_secshare($$) return undef; } - $self->{vars}->{secshare} = $vars; + $self->{vars}->{simpleserver} = $vars; return $vars; } diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index f4a0d54..b07b690 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -104,7 +104,7 @@ for t in tests: tests = ["RW1", "RW2", "RW3"] for t in tests: - plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(secshare).%s" % t, "secshare", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) + plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) posix_tests=[ "POSIX", "POSIX-APPEND"] @@ -200,7 +200,7 @@ plantestsuite("samba3.ntlm_auth.krb5(ktest:local) old ccache", "ktest:local", [o plantestsuite("samba3.ntlm_auth.krb5(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth, '$PREFIX/ktest/krb5_ccache-3', '$SERVER', configuration]) -for env in ["maptoguest", "secshare"]: +for env in ["maptoguest", "simpleserver"]: plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) local creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbclient, configuration + " --option=clientntlmv2auth=no --option=clientlanmanauth=yes"]) env = "maptoguest" @@ -343,7 +343,7 @@ for t in tests: plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpcase -U$USERNAME%$PASSWORD') elif t == "raw.samba3hide" or t == "raw.samba3checkfsp" or t == "raw.samba3closeerr": plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') - plansmbtorturetestsuite(t, "secshare", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') + plansmbtorturetestsuite(t, "simpleserver", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') elif t == "raw.session" or t == "smb2.session": plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD', 'plain') -- 1.7.9.5 From 3a64d144f05cc837b73650266a40a393d1d0b7ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2012 09:48:48 +1000 Subject: [PATCH 15/36] samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent This may be the cause of some of the large failure modes on the build farm. Andrew Bartlett (cherry picked from commit 6d7c651f2f61b481c1e1ade1e2e0e756ccef2210) --- source3/Makefile.in | 2 +- source4/scripting/bin/samba_dnsupdate | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 2ad8ecc..0e72fea 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -3328,7 +3328,7 @@ test:: all torture timelimit VFSLIBDIR="$(builddir)/bin" \ RUN_FROM_BUILD_FARM="$(RUN_FROM_BUILD_FARM)" \ SUBUNIT_FORMATTER="$(SUBUNIT_FORMATTER)" \ - PERL="$(PERL)" PYTHON="$(PYTHON)" \ + PERL="$(PERL)" PYTHON="$(PYTHON)" PYTHONPATH="$(srcdir)/../bin/python" \ $(srcdir)/selftest/s3-selftest.sh test-%: diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index d21496c..ab87356 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -278,10 +278,17 @@ def call_nsupdate(d): print "Calling nsupdate for %s" % d if opts.use_file is not None: - wfile = open(opts.use_file, 'a') - fcntl.lockf(wfile, fcntl.LOCK_EX) + rfile = open(opts.use_file, 'r+') + fcntl.lockf(rfile, fcntl.LOCK_EX) + (file_dir, file_name) = os.path.split(opts.use_file) + (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX") + wfile = os.fdopen(tmp_fd, 'a') + rfile.seek(0) + for line in rfile: + wfile.write(line) wfile.write(str(d)+"\n") - fcntl.lockf(wfile, fcntl.LOCK_UN) + os.rename(tmpfile, opts.use_file) + fcntl.lockf(rfile, fcntl.LOCK_UN) return normalised_name = d.name.rstrip('.') + '.' -- 1.7.9.5 From a54d569f11fc70037eebabdecdd7cc339ee48c94 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2012 10:02:43 +1000 Subject: [PATCH 16/36] samba_dnsupdate: Safely update/create names for Samba3 targets as well This avoids unlocked writes to the dns_hosts_file, and may fix some of our issues on the build farm where large numbers of tests fail due to failed name resolution. Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Sep 26 05:48:25 CEST 2012 on sn-devel-104 (cherry picked from commit 3c4d0ce46995f82921f538757783fa7a678a7fc1) --- selftest/target/Samba3.pm | 11 +++++++---- source4/scripting/bin/samba_dnsupdate | 18 ++++++++++++++---- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index ef22b02..df8b55c 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1067,10 +1067,13 @@ domusers:X:$gid_domusers: } print "DONE\n"; - open(HOSTS, ">>$ENV{SELFTEST_PREFIX}/dns_host_file") or die("Unable to open $ENV{SELFTEST_PREFIX}/dns_host_file"); - print HOSTS "A $server. $server_ip -"; - close(HOSTS); + open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list"); + print DNS_UPDATE_LIST "A $server. $server_ip"; + close(DNS_UPDATE_LIST); + + if (system("$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$dns_host_file -s $conffile --update-list=$prefix/dns_update_list --no-substiutions --no-credentials") != 0) { + die "Unable to update hostname into $dns_host_file"; + } $ret{SERVER_IP} = $server_ip; $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index ab87356..2f2c7b5 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -65,6 +65,7 @@ parser.add_option("--use-file", type="string", help="Use a file, rather than rea parser.add_option("--update-list", type="string", help="Add DNS names from the given file") parser.add_option("--fail-immediately", action='store_true', help="Exit on first failure") parser.add_option("--no-credentials", dest='nocreds', action='store_true', help="don't try and get credentials") +parser.add_option("--no-substiutions", dest='nosubs', action='store_true', help="don't try and expands variables in file specified by --update-list") creds = None ccachename = None @@ -278,7 +279,13 @@ def call_nsupdate(d): print "Calling nsupdate for %s" % d if opts.use_file is not None: - rfile = open(opts.use_file, 'r+') + try: + rfile = open(opts.use_file, 'r+') + except IOError: + # Perhaps create it + rfile = open(opts.use_file, 'w+') + # Open it for reading again, in case someone else got to it first + rfile = open(opts.use_file, 'r+') fcntl.lockf(rfile, fcntl.LOCK_EX) (file_dir, file_name) = os.path.split(opts.use_file) (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX") @@ -432,10 +439,13 @@ os.environ['KRB5_CONFIG'] = krb5conf file = open(dns_update_list, "r") -samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), lp=lp) +if opts.nosubs: + sub_vars = {} +else: + samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), lp=lp) -# get the substitution dictionary -sub_vars = get_subst_vars(samdb) + # get the substitution dictionary + sub_vars = get_subst_vars(samdb) # build up a list of update commands to pass to nsupdate update_list = [] -- 1.7.9.5 From 7ddf646395a4e8666c0db0f3047ac631aa2dccb6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Sep 2012 22:34:36 +0200 Subject: [PATCH 17/36] samba-tool: Hide 'samba-tool domain samba3upgrade'. This subcommand is provided for backwards compatibility only; new use of it should be discouraged. Its new name is 'samba-tool domain classicupgrade'. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9047 (cherry picked from commit c5e83ee9a57d2d6648941e064f7c1156e52419a9) --- source4/scripting/python/samba/netcmd/__init__.py | 13 ++++++----- source4/scripting/python/samba/netcmd/domain.py | 24 +++++++++++++++------ 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py index f8ce5ab..3581678 100644 --- a/source4/scripting/python/samba/netcmd/__init__.py +++ b/source4/scripting/python/samba/netcmd/__init__.py @@ -1,5 +1,5 @@ # Unix SMB/CIFS implementation. -# Copyright (C) Jelmer Vernooij 2009-2011 +# Copyright (C) Jelmer Vernooij 2009-2012 # Copyright (C) Theresa Halloran 2011 # # This program is free software; you can redistribute it and/or modify @@ -70,6 +70,8 @@ class Command(object): takes_options = [] takes_optiongroups = {} + hidden = False + raw_argv = None raw_args = None raw_kwargs = None @@ -199,9 +201,11 @@ class SuperCommand(Command): subcmds = self.subcommands.keys() subcmds.sort() max_length = max([len(c) for c in subcmds]) - for cmd in subcmds: - self.outf.write(" %*s - %s\n" % ( - -max_length, cmd, self.subcommands[cmd].short_description)) + for cmd_name in subcmds: + cmd = self.subcommands[cmd_name] + if not cmd.hidden: + self.outf.write(" %*s - %s\n" % ( + -max_length, cmd_name, cmd.short_description)) if subcommand in [None]: raise CommandError("You must specify a subcommand") if subcommand in ['help', '-h', '--help']: @@ -210,7 +214,6 @@ class SuperCommand(Command): raise CommandError("No such subcommand '%s'" % subcommand) - class CommandError(Exception): """An exception class for samba-tool Command errors.""" diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 4c76f0b..43e9259 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -2,7 +2,7 @@ # # Copyright Matthias Dieter Wallnoefer 2009 # Copyright Andrew Kroeger 2009 -# Copyright Jelmer Vernooij 2007-2009 +# Copyright Jelmer Vernooij 2007-2012 # Copyright Giampaolo Lauria 2011 # Copyright Matthieu Patou 2011 # Copyright Andrew Bartlett 2008 @@ -1230,7 +1230,7 @@ class cmd_domain_classicupgrade(Command): takes_args = ["smbconf"] - def run(self, smbconf=None, targetdir=None, dbdir=None, testparm=None, + def run(self, smbconf=None, targetdir=None, dbdir=None, testparm=None, quiet=False, verbose=False, use_xattrs=None, sambaopts=None, versionopts=None, dns_backend=None, use_ntvfs=False): @@ -1308,22 +1308,32 @@ class cmd_domain_classicupgrade(Command): for p in paths: s3conf.set(p, paths[p]) - + # load smb.conf parameters logger.info("Reading smb.conf") s3conf.load(smbconf) samba3 = Samba3(smbconf, s3conf) - + logger.info("Provisioning") - upgrade_from_samba3(samba3, logger, targetdir, session_info=system_session(), + upgrade_from_samba3(samba3, logger, targetdir, session_info=system_session(), useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) + +class cmd_domain_samba3upgrade(cmd_domain_classicupgrade): + __doc__ = cmd_domain_classicupgrade.__doc__ + + # This command is present for backwards compatibility only, + # and should not be shown. + + hidden = True + + class cmd_domain(SuperCommand): """Domain management""" subcommands = {} subcommands["demote"] = cmd_domain_demote() - if type(cmd_domain_export_keytab).__name__ != 'NoneType': + if cmd_domain_export_keytab is not None: subcommands["exportkeytab"] = cmd_domain_export_keytab() subcommands["info"] = cmd_domain_info() subcommands["provision"] = cmd_domain_provision() @@ -1332,4 +1342,4 @@ class cmd_domain(SuperCommand): subcommands["level"] = cmd_domain_level() subcommands["passwordsettings"] = cmd_domain_passwordsettings() subcommands["classicupgrade"] = cmd_domain_classicupgrade() - subcommands["samba3upgrade"] = cmd_domain_classicupgrade() + subcommands["samba3upgrade"] = cmd_domain_samba3upgrade() -- 1.7.9.5 From d60894f296f29cf6a95d62deb7e4b5b4d2e1e8b5 Mon Sep 17 00:00:00 2001 From: Ricky Nance Date: Wed, 26 Sep 2012 17:24:40 -0700 Subject: [PATCH 18/36] samba-tool domain provision: DNS forwarder default Provision would break with an exception if there was no value given for the DNS forwarder, this simply sets a default to "none". Signed-off-by: Jelmer Vernooij Autobuild-User(master): Jelmer Vernooij Autobuild-Date(master): Thu Sep 27 04:35:33 CEST 2012 on sn-devel-104 (cherry picked from commit ee0012de1af1a3899856bcdb80033d1a82d5b174) --- source4/scripting/python/samba/netcmd/domain.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 43e9259..ba4165a 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -269,6 +269,8 @@ class cmd_domain_provision(Command): suggested_forwarder = dns_forwarder else: suggested_forwarder = self._get_nameserver_ip() + if suggested_forwarder is None: + suggested_forwarder = "none" if len(self.raw_argv) == 1: interactive = True -- 1.7.9.5 From ab0d53c2b95d8f7b357812b93f8e93eae486f1a5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 27 Sep 2012 09:30:26 -0700 Subject: [PATCH 19/36] samba.tests.source: Check for trailing whitespace in Python files. (cherry picked from commit 6986f7bdda56d693c642945485006f9660053758) --- source4/scripting/python/samba/tests/source.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/tests/source.py b/source4/scripting/python/samba/tests/source.py index 0876b04..2612ae6 100644 --- a/source4/scripting/python/samba/tests/source.py +++ b/source4/scripting/python/samba/tests/source.py @@ -183,6 +183,16 @@ class TestSource(TestCase): self.fail(self._format_message(illegal_newlines, 'Non-unix newlines were found in the following source files:')) + def test_trailing_whitespace(self): + """Check that there is not trailing whitespace in Python files.""" + trailing_whitespace = {} + for fname, line_no, line in self._iter_source_files_lines(): + if line.rstrip("\n").endswith(" "): + self._push_file(trailing_whitespace, fname, line_no) + if trailing_whitespace: + self.fail(self._format_message(trailing_whitespace, + 'Trailing whitespace was found in the following source files.')) + def test_shebang_lines(self): """Check that files with shebang lines and only those are executable.""" files_with_shebang = {} @@ -246,4 +256,9 @@ class TestSource(TestCase): checker.report_error = report_error checker.check_all() if len(pep8_errors) > 0: - self.fail('there were %d pep8 errors' % len(pep8_errors)) + d = {} + for (fname, line_no, offset, text, check) in pep8_errors: + d.setdefault(fname, []).append(line_no - 1) + self.fail(self._format_message(d, + 'There were %d PEP8 errors:' % len(pep8_errors))) + -- 1.7.9.5 From 97a34353b35e0234fb4143fb71c5f3c373999339 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 27 Sep 2012 09:30:47 -0700 Subject: [PATCH 20/36] s4-python: Various formatting fixes. * Trailing whitespace * use of "==" where "is" should be used * double spaces (cherry picked from commit 2a797f29aa12f6847844af504026be52db659fbb) --- buildtools/wafsamba/nothreads.py | 6 +- buildtools/wafsamba/samba_abi.py | 2 +- buildtools/wafsamba/samba_autoconf.py | 10 +- buildtools/wafsamba/samba_bundled.py | 2 +- buildtools/wafsamba/samba_deps.py | 8 +- buildtools/wafsamba/samba_dist.py | 4 +- buildtools/wafsamba/samba_headers.py | 1 - buildtools/wafsamba/samba_optimisation.py | 2 +- buildtools/wafsamba/samba_patterns.py | 2 +- buildtools/wafsamba/samba_utils.py | 10 +- buildtools/wafsamba/samba_version.py | 2 +- buildtools/wafsamba/stale_files.py | 2 +- buildtools/wafsamba/wafsamba.py | 4 +- source4/scripting/bin/samba_dnsupdate | 15 ++- source4/scripting/bin/samba_kcc | 117 +++++++++-------- source4/scripting/bin/samba_upgradeprovision | 16 +-- source4/scripting/python/samba/__init__.py | 2 +- source4/scripting/python/samba/dbchecker.py | 8 +- source4/scripting/python/samba/drs_utils.py | 2 +- source4/scripting/python/samba/kcc_utils.py | 46 +++---- source4/scripting/python/samba/ms_schema.py | 34 ++--- source4/scripting/python/samba/netcmd/__init__.py | 2 +- .../scripting/python/samba/netcmd/delegation.py | 6 +- source4/scripting/python/samba/netcmd/domain.py | 20 +-- source4/scripting/python/samba/netcmd/fsmo.py | 2 +- source4/scripting/python/samba/netcmd/gpo.py | 4 +- source4/scripting/python/samba/netcmd/ldapcmp.py | 7 +- source4/scripting/python/samba/netcmd/ntacl.py | 18 ++- source4/scripting/python/samba/netcmd/spn.py | 14 +-- source4/scripting/python/samba/ntacls.py | 18 +-- .../scripting/python/samba/provision/__init__.py | 4 +- .../scripting/python/samba/provision/backend.py | 2 +- source4/scripting/python/samba/schema.py | 8 +- source4/scripting/python/samba/tests/auth.py | 4 +- source4/scripting/python/samba/tests/core.py | 4 +- .../scripting/python/samba/tests/credentials.py | 6 +- .../scripting/python/samba/tests/dcerpc/bare.py | 12 +- .../python/samba/tests/dcerpc/registry.py | 2 +- .../scripting/python/samba/tests/dcerpc/unix.py | 2 +- source4/scripting/python/samba/tests/dns.py | 4 +- source4/scripting/python/samba/tests/gensec.py | 8 +- source4/scripting/python/samba/tests/provision.py | 2 +- source4/scripting/python/samba/tests/samba3.py | 4 +- source4/scripting/python/samba/tests/samba3sam.py | 132 ++++++++++---------- .../python/samba/tests/samba_tool/ntacl.py | 8 +- source4/scripting/python/samba/tests/samdb.py | 10 +- .../python/samba/tests/upgradeprovision.py | 2 +- source4/scripting/python/samba/tests/xattr.py | 2 +- source4/scripting/python/samba/upgrade.py | 6 +- source4/scripting/python/samba/upgradehelpers.py | 12 +- 50 files changed, 311 insertions(+), 309 deletions(-) diff --git a/buildtools/wafsamba/nothreads.py b/buildtools/wafsamba/nothreads.py index 90babf4..075dcd3 100644 --- a/buildtools/wafsamba/nothreads.py +++ b/buildtools/wafsamba/nothreads.py @@ -132,8 +132,10 @@ class Parallel(object): self.frozen = [] elif not self.count: (jobs, tmp) = self.manager.get_next_set() - if jobs != None: self.maxjobs = jobs - if tmp: self.outstanding += tmp + if jobs is not None: + self.maxjobs = jobs + if tmp: + self.outstanding += tmp break def get_out(self): diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py index f5cac8a..ed977ba 100644 --- a/buildtools/wafsamba/samba_abi.py +++ b/buildtools/wafsamba/samba_abi.py @@ -154,7 +154,7 @@ def abi_process_file(fname, version, symmap): def abi_write_vscript(vscript, libname, current_version, versions, symmap, abi_match): '''write a vscript file for a library in --version-script format - + :param vscript: Path to the vscript file :param libname: Name of the library, uppercased :param current_version: Current version diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index 50039fc..5d3cc5a 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -62,9 +62,9 @@ def COMPOUND_END(conf, result): conf.check_message_1 = conf.saved_check_message_1 conf.check_message_2 = conf.saved_check_message_2 p = conf.check_message_2 - if result == True: + if result: p('ok ') - elif result == False: + elif not result: p('not found', 'YELLOW') else: p(result) @@ -241,7 +241,7 @@ def CHECK_FUNC(conf, f, link=True, lib=None, headers=None): conf.COMPOUND_START('Checking for %s' % f) - if link is None or link == True: + if link is None or link: ret = CHECK_CODE(conf, # this is based on the autoconf strategy ''' @@ -284,7 +284,7 @@ def CHECK_FUNC(conf, f, link=True, lib=None, headers=None): headers=headers, msg='Checking for macro %s' % f) - if not ret and (link is None or link == False): + if not ret and (link is None or not link): ret = CHECK_VARIABLE(conf, f, define=define, headers=headers, @@ -470,7 +470,7 @@ def CONFIG_SET(conf, option): if option not in conf.env: return False v = conf.env[option] - if v == None: + if v is None: return False if v == []: return False diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index 1a5d565..b8a4101 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -78,7 +78,7 @@ def LIB_MAY_BE_BUNDLED(conf, libname): @conf def LIB_MUST_BE_BUNDLED(conf, libname): - return ('ALL' in conf.env.BUNDLED_LIBS or + return ('ALL' in conf.env.BUNDLED_LIBS or libname in conf.env.BUNDLED_LIBS) @conf diff --git a/buildtools/wafsamba/samba_deps.py b/buildtools/wafsamba/samba_deps.py index f073e41..3220f35 100644 --- a/buildtools/wafsamba/samba_deps.py +++ b/buildtools/wafsamba/samba_deps.py @@ -136,7 +136,7 @@ def build_includes(self): includes = [] # maybe add local includes - if getattr(self, 'local_include', True) == True and getattr(self, 'local_include_first', True): + if getattr(self, 'local_include', True) and getattr(self, 'local_include_first', True): includes.append('.') includes.extend(self.samba_includes_extended) @@ -153,7 +153,7 @@ def build_includes(self): t = bld.name_to_obj(d, bld.env) bld.ASSERT(t is not None, "Unable to find dependency %s for %s" % (d, self.sname)) inclist = getattr(t, 'samba_includes_extended', [])[:] - if getattr(t, 'local_include', True) == True: + if getattr(t, 'local_include', True): inclist.append('.') if inclist == []: continue @@ -169,7 +169,7 @@ def build_includes(self): relpath = os_path_relpath(inc, mypath) includes.append(relpath) - if getattr(self, 'local_include', True) == True and not getattr(self, 'local_include_first', True): + if getattr(self, 'local_include', True) and not getattr(self, 'local_include_first', True): includes.append('.') # now transform the includes list to be relative to the top directory @@ -306,7 +306,7 @@ def check_orphaned_targets(bld, tgt_list): debug('deps: checking for orphaned targets') for t in tgt_list: - if getattr(t, 'samba_used', False) == True: + if getattr(t, 'samba_used', False): continue type = target_dict[t.sname] if not type in ['BINARY', 'LIBRARY', 'MODULE', 'ET', 'PYTHON']: diff --git a/buildtools/wafsamba/samba_dist.py b/buildtools/wafsamba/samba_dist.py index 82492e1..fae2759 100644 --- a/buildtools/wafsamba/samba_dist.py +++ b/buildtools/wafsamba/samba_dist.py @@ -98,10 +98,10 @@ def vcs_dir_contents(path): return Utils.cmd_output(ls_files_cmd, cwd=cwd, env=env).split() -def dist(appname='',version=''): +def dist(appname='', version=''): def add_files_to_tarball(tar, srcdir, srcsubdir, dstdir, dstsubdir, blacklist, files): - if blacklist == None: + if blacklist is None: blacklist = [] for f in files: abspath = os.path.join(srcdir, f) diff --git a/buildtools/wafsamba/samba_headers.py b/buildtools/wafsamba/samba_headers.py index cca6420..50ccad7 100644 --- a/buildtools/wafsamba/samba_headers.py +++ b/buildtools/wafsamba/samba_headers.py @@ -119,7 +119,6 @@ def public_headers_simple(bld, public_headers, header_path=None, public_headers_ h_name = h inst_name = os.path.basename(h) bld.INSTALL_FILES('${INCLUDEDIR}', h_name, destname=inst_name) - def PUBLIC_HEADERS(bld, public_headers, header_path=None, public_headers_install=True): diff --git a/buildtools/wafsamba/samba_optimisation.py b/buildtools/wafsamba/samba_optimisation.py index 2436e9b..f0f430d 100644 --- a/buildtools/wafsamba/samba_optimisation.py +++ b/buildtools/wafsamba/samba_optimisation.py @@ -31,7 +31,7 @@ def apply_incpaths(self): for path in self.to_list(self.includes): if not path in lst: - if preproc.go_absolute or path[0] != '/': #os.path.isabs(path): + if preproc.go_absolute or path[0] != '/': # os.path.isabs(path): lst.append(path) else: self.env.prepend_value('CPPPATH', path) diff --git a/buildtools/wafsamba/samba_patterns.py b/buildtools/wafsamba/samba_patterns.py index dc988c5..615d918 100644 --- a/buildtools/wafsamba/samba_patterns.py +++ b/buildtools/wafsamba/samba_patterns.py @@ -21,7 +21,7 @@ def write_version_header(task): def SAMBA_MKVERSION(bld, target): '''generate the version.h header for Samba''' - t = bld.SAMBA_GENERATOR('VERSION', + t = bld.SAMBA_GENERATOR('VERSION', rule=write_version_header, source= 'VERSION', target=target, diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py index c252663..c1869df 100644 --- a/buildtools/wafsamba/samba_utils.py +++ b/buildtools/wafsamba/samba_utils.py @@ -256,7 +256,7 @@ def ENFORCE_GROUP_ORDERING(bld): @feature('*') @before('exec_rule', 'apply_core', 'collect') def force_previous_groups(self): - if getattr(self.bld, 'enforced_group_ordering', False) == True: + if getattr(self.bld, 'enforced_group_ordering', False): return self.bld.enforced_group_ordering = True @@ -274,7 +274,7 @@ def ENFORCE_GROUP_ORDERING(bld): debug('group: Forcing up to group %s for target %s', group_name(g), self.name or self.target) break - if stop != None: + if stop is not None: break if stop is None: return @@ -502,15 +502,15 @@ def CHECK_MAKEFLAGS(bld): if v == 'j': jobs_set = True elif v == 'k': - Options.options.keep = True + Options.options.keep = True elif opt == '-j': jobs_set = True elif opt == '-k': - Options.options.keep = True + Options.options.keep = True if not jobs_set: # default to one job Options.options.jobs = 1 - + Build.BuildContext.CHECK_MAKEFLAGS = CHECK_MAKEFLAGS option_groups = {} diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py index e82fd47..67ff232 100644 --- a/buildtools/wafsamba/samba_version.py +++ b/buildtools/wafsamba/samba_version.py @@ -132,7 +132,7 @@ class SambaVersion(object): def __init__(self, version_dict, path, env=None, is_install=True): '''Determine the version number of samba -See VERSION for the format. Entries on that file are +See VERSION for the format. Entries on that file are also accepted as dictionary entries here ''' diff --git a/buildtools/wafsamba/stale_files.py b/buildtools/wafsamba/stale_files.py index 5a91367..2dd08e1 100644 --- a/buildtools/wafsamba/stale_files.py +++ b/buildtools/wafsamba/stale_files.py @@ -47,7 +47,7 @@ def replace_refill_task_list(self): # paranoia if bin_base[-4:] != '/bin': raise Utils.WafError("Invalid bin base: %s" % bin_base) - + # obtain the expected list of files expected = [] for i in range(len(bld.task_manager.groups)): diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index 50bd4fa..59d3a2c 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -285,7 +285,7 @@ def SAMBA_LIBRARY(bld, libname, source, if pc_files is not None and not private_library: bld.PKG_CONFIG_FILES(pc_files, vnum=vnum) - if (manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and + if (manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']): bld.MANPAGES(manpages) @@ -670,7 +670,7 @@ def SAMBA_SCRIPT(bld, name, pattern, installdir, installname=None): bld.SET_BUILD_GROUP('build_source') for s in TO_LIST(source): iname = s - if installname != None: + if installname is not None: iname = installname target = os.path.join(installdir, iname) tgtdir = os.path.dirname(os.path.join(bld.srcnode.abspath(bld.env), '..', target)) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 2f2c7b5..a700118 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -150,11 +150,16 @@ class dnsobj(object): raise Exception("Received unexpected DNS reply of type %s" % self.type) def __str__(self): - if d.type == "A": return "%s %s %s" % (self.type, self.name, self.ip) - if d.type == "AAAA": return "%s %s %s" % (self.type, self.name, self.ip) - if d.type == "SRV": return "%s %s %s %s" % (self.type, self.name, self.dest, self.port) - if d.type == "CNAME": return "%s %s %s" % (self.type, self.name, self.dest) - if d.type == "NS": return "%s %s %s" % (self.type, self.name, self.dest) + if d.type == "A": + return "%s %s %s" % (self.type, self.name, self.ip) + if d.type == "AAAA": + return "%s %s %s" % (self.type, self.name, self.ip) + if d.type == "SRV": + return "%s %s %s %s" % (self.type, self.name, self.dest, self.port) + if d.type == "CNAME": + return "%s %s %s" % (self.type, self.name, self.dest) + if d.type == "NS": + return "%s %s %s" % (self.type, self.name, self.dest) def parse_dns_line(line, sub_vars): diff --git a/source4/scripting/bin/samba_kcc b/source4/scripting/bin/samba_kcc index 2f169a8..e3d38c9 100755 --- a/source4/scripting/bin/samba_kcc +++ b/source4/scripting/bin/samba_kcc @@ -301,10 +301,10 @@ class KCC(object): # # Bit NTDSCONN_OPT_RODC_TOPOLOGY is clear in cn!options if same_site: - if cn_conn.is_generated() == False: + if not cn_conn.is_generated(): continue - if self.my_site.is_cleanup_ntdsconn_disabled() == True: + if self.my_site.is_cleanup_ntdsconn_disabled(): continue # Loop thru connections looking for a duplicate that @@ -328,10 +328,10 @@ class KCC(object): (cn_conn.whenCreated == cn2_conn.whenCreated and cmp(cn_conn.guid, cn2_conn.guid) < 0)) - if lesser == True: + if lesser: break - if lesser and cn_conn.is_rodc_topology() == False: + if lesser and not cn_conn.is_rodc_topology(): cn_conn.to_be_deleted = True # Given an nTDSConnection object cn, if the DC with the nTDSDSA @@ -359,29 +359,29 @@ class KCC(object): # else: # different site - if mydsa.is_istg() == False: + if not mydsa.is_istg(): continue - if cn_conn.is_generated() == False: + if not cn_conn.is_generated(): continue - if self.keep_connection(cn_conn) == True: + if self.keep_connection(cn_conn): continue # XXX - To be implemented - if all_connected == False: + if not all_connected: continue - if cn_conn.is_rodc_topology() == False: + if not cn_conn.is_rodc_topology(): cn_conn.to_be_deleted = True if opts.readonly: for dnstr, connect in mydsa.connect_table.items(): - if connect.to_be_deleted == True: + if connect.to_be_deleted: logger.info("TO BE DELETED:\n%s" % connect) - if connect.to_be_added == True: + if connect.to_be_added: logger.info("TO BE ADDED:\n%s" % connect) # Peform deletion from our tables but perform @@ -480,7 +480,7 @@ class KCC(object): drsuapi.DRSUAPI_DRS_NEVER_NOTIFY) == 0x0: t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_NEVER_NOTIFY - elif same_site == False: + elif not same_site: if (t_repsFrom.replica_flags & drsuapi.DRSUAPI_DRS_NEVER_NOTIFY) == 0x0: @@ -491,7 +491,7 @@ class KCC(object): # not in the same site and the # NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION bit is # clear in cn!options - if (same_site == False and + if (not same_site and (cn_conn.options & dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION) == 0x0): @@ -509,7 +509,7 @@ class KCC(object): # Bits DRS_DISABLE_AUTO_SYNC and DRS_DISABLE_PERIODIC_SYNC are # set in t.replicaFlags if and only if cn!enabledConnection = false. - if cn_conn.is_enabled() == False: + if not cn_conn.is_enabled(): if (t_repsFrom.replica_flags & drsuapi.DRSUAPI_DRS_DISABLE_AUTO_SYNC) == 0x0: @@ -586,10 +586,10 @@ class KCC(object): # We're not currently supporting SMTP replication # so is_smtp_replication_available() is currently # always returning False - if (same_site == True or - cn_conn.transport_dnstr == None or + if (same_site or + cn_conn.transport_dnstr is None or cn_conn.transport_dnstr.find("CN=IP") == 0 or - is_smtp_replication_available() == False): + not is_smtp_replication_available()): if (t_repsFrom.replica_flags & drsuapi.DRSUAPI_DRS_MAIL_REP) != 0x0: @@ -614,14 +614,14 @@ class KCC(object): t_repsFrom.dns_name2 = nastr else: - if (t_repsFrom.replica_flags & \ + if (t_repsFrom.replica_flags & drsuapi.DRSUAPI_DRS_MAIL_REP) == 0x0: t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_MAIL_REP # We have a transport type but its not an # object in the database if cn_conn.transport_dnstr not in self.transport_table.keys(): - raise Exception("Missing inter-site transport - (%s)" % \ + raise Exception("Missing inter-site transport - (%s)" % cn_conn.transport_dnstr) x_transport = self.transport_table[cn_conn.transport_dnstr] @@ -656,7 +656,7 @@ class KCC(object): attrs=attrs) except ldb.ldbError, (enum, estr): raise Exception \ - ("Unable to find attr (%s) for (%s) - (%s)" % \ + ("Unable to find attr (%s) for (%s) - (%s)" % (x_transport.address_attr, pdnstr, estr)) msg = res[0] @@ -696,15 +696,14 @@ class KCC(object): # cn!fromServer references an nTDSDSA object. s_dsa = None - if cn_conn.is_enabled() == True and \ - cn_conn.is_rodc_topology() == False: + if cn_conn.is_enabled() and not cn_conn.is_rodc_topology(): s_dnstr = cn_conn.get_from_dnstr() if s_dnstr is not None: s_dsa = self.get_dsa(s_dnstr) # No DSA matching this source DN string? - if s_dsa == None: + if s_dsa is None: return False, None # To imply a repsFrom tuple is needed, each of these @@ -718,7 +717,7 @@ class KCC(object): # the local DC s_rep = s_dsa.get_current_replica(n_rep.nc_dnstr) - if s_rep is None or s_rep.is_present() == False: + if s_rep is None or not s_rep.is_present(): return False, None # To imply a repsFrom tuple is needed, each of these @@ -733,10 +732,10 @@ class KCC(object): # replica, cn!transportType has no value, or # cn!transportType has an RDN of CN=IP. # - implied = (s_rep.is_ro() == False or n_rep.is_partial() == True) and \ - (n_rep.is_domain() == False or - n_rep.is_partial() == True or - cn_conn.transport_dnstr == None or + implied = (not s_rep.is_ro() or n_rep.is_partial()) and \ + (not n_rep.is_domain() or + n_rep.is_partial() or + cn_conn.transport_dnstr is None or cn_conn.transport_dnstr.find("CN=IP") == 0) if implied: @@ -815,7 +814,7 @@ class KCC(object): # is a child of the local DC's nTDSDSA object and # (cn!fromServer = s) and (cn!options) does not contain # NTDSCONN_OPT_RODC_TOPOLOGY or NULL if no such (cn) exists. - if cn_conn and cn_conn.is_rodc_topology() == True: + if cn_conn and cn_conn.is_rodc_topology(): cn_conn = None # KCC removes this repsFrom tuple if any of the following @@ -831,8 +830,8 @@ class KCC(object): s_rep = s_dsa.get_current_replica(n_rep.nc_dnstr) if cn_conn is None or \ - s_rep is None or s_rep.is_present() == False or \ - (n_rep.is_ro() == False and s_rep.is_partial() == True): + s_rep is None or not s_rep.is_present() or \ + (not n_rep.is_ro() and s_rep.is_partial()): t_repsFrom.to_be_deleted = True continue @@ -846,7 +845,7 @@ class KCC(object): for cn_dnstr, cn_conn in self.my_dsa.connect_table.items(): implied, s_dsa = self.is_repsFrom_implied(n_rep, cn_conn) - if implied == False: + if not implied: continue # Loop thru the existing repsFrom tupples (if any) and @@ -860,7 +859,7 @@ class KCC(object): s_dsa = None break - if s_dsa == None: + if s_dsa is None: continue # Create a new RepsFromTo and proceed to modify @@ -995,7 +994,7 @@ class KCC(object): # Skip dc if self.my_site.same_site(dsa): needed, ro, partial = part.should_be_present(dsa) - if needed == False or (partial == True and partial_ok == False): + if not needed or (partial and not partial_ok): continue # ELSE @@ -1005,7 +1004,7 @@ class KCC(object): # Skip dc else: rep = dsa.get_current_replica(part.nc_dnstr) - if rep is None or (rep.is_partial() and partial_ok == False): + if rep is None or (rep.is_partial() and not partial_ok): continue # IF AmIRODC() and cr!nCName corresponds to default NC then @@ -1013,7 +1012,7 @@ class KCC(object): # IF dsaobj.msDS-Behavior-Version < DS_BEHAVIOR_WIN2008 # Skip dc if self.my_dsa.is_ro() and part.is_default(): - if dsa.is_minimum_behavior(DS_BEHAVIOR_WIN2008) == False: + if not dsa.is_minimum_behavior(DS_BEHAVIOR_WIN2008): continue # IF t!name != "IP" and the parent object of dc has no value for @@ -1036,7 +1035,7 @@ class KCC(object): # IF BridgeheadDCFailed(dc!objectGUID, detectFailedDCs) = TRUE # Skip dc - if self.is_bridgehead_failed(dsa, detect_failed) == True: + if self.is_bridgehead_failed(dsa, detect_failed): continue logger.debug("get_all_bridgeheads: dsadn=%s" % dsa.dsa_dnstr) @@ -1048,7 +1047,7 @@ class KCC(object): # servers, and otherwise by ascending objectGUID # ELSE # SORT bhs in a random order - if site.is_random_bridgehead_disabled() == True: + if site.is_random_bridgehead_disabled(): bhs.sort(sort_dsa_by_gc_and_guid) else: random.shuffle(bhs) @@ -1132,8 +1131,8 @@ class KCC(object): # IF bits NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT and # NTDSCONN_OPT_USE_NOTIFY are set in cn - if cn.is_override_notify_default() == True and \ - cn.is_use_notify() == True: + if cn.is_override_notify_default() and \ + cn.is_use_notify(): # IF bit NTDSSITELINK_OPT_USE_NOTIFY is clear in # ri.Options @@ -1142,7 +1141,7 @@ class KCC(object): # NTDSCONN_OPT_USE_NOTIFY in cn!options if (link_opt & dsdb.NTDSSITELINK_OPT_USE_NOTIFY) == 0: cn.options &= \ - ~(dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT | \ + ~(dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT | dsdb.NTDSCONN_OPT_USE_NOTIFY) cn.set_modified(True) @@ -1156,13 +1155,13 @@ class KCC(object): # NTDSCONN_OPT_USE_NOTIFY in cn!options if (link_opt & dsdb.NTDSSITELINK_OPT_USE_NOTIFY) != 0: cn.options |= \ - (dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT | \ + (dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT | dsdb.NTDSCONN_OPT_USE_NOTIFY) cn.set_modified(True) # IF bit NTDSCONN_OPT_TWOWAY_SYNC is set in cn!options - if cn.is_twoway_sync() == True: + if cn.is_twoway_sync(): # IF bit NTDSSITELINK_OPT_TWOWAY_SYNC is clear in # ri.Options @@ -1186,14 +1185,14 @@ class KCC(object): # IF bit NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION is set # in cn!options - if cn.is_intersite_compression_disabled() == True: + if cn.is_intersite_compression_disabled(): # IF bit NTDSSITELINK_OPT_DISABLE_COMPRESSION is clear # in ri.Options # Perform an originating update to clear bit # NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION in # cn!options - if (link_opt & \ + if (link_opt & dsdb.NTDSSITELINK_OPT_DISABLE_COMPRESSION) == 0: cn.options &= \ ~dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION @@ -1206,7 +1205,7 @@ class KCC(object): # Perform an originating update to set bit # NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION in # cn!options - if (link_opt & \ + if (link_opt & dsdb.NTDSSITELINK_OPT_DISABLE_COMPRESSION) != 0: cn.options |= \ dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION @@ -1214,7 +1213,7 @@ class KCC(object): # Display any modified connection if opts.readonly: - if cn.to_be_modified == True: + if cn.to_be_modified: logger.info("TO BE MODIFIED:\n%s" % cn) ldsa.commit_connections(self.samdb, ro=True) @@ -1295,7 +1294,7 @@ class KCC(object): # Display any added connection if opts.readonly: - if cn.to_be_added == True: + if cn.to_be_added: logger.info("TO BE ADDED:\n%s" % cn) lbh.commit_connections(self.samdb, ro=True) @@ -1658,7 +1657,7 @@ class KCC(object): # If we haven't been told to turn off stale connection # detection and this dsa has a stale connection then # continue - if detect_stale and self.is_stale_link_connection(dc_s) == True: + if detect_stale and self.is_stale_link_connection(dc_s): continue # Replica meets criteria. Add it to table indexed @@ -1669,7 +1668,7 @@ class KCC(object): # on the local DC, append to R each partial replica (p of x) # such that p "is present" on a DC satisfying the same # criteria defined above for full replica DCs. - if partial == True: + if partial: # Now we loop thru all the DSAs looking for # partial NC replicas that match the naming @@ -1731,7 +1730,7 @@ class KCC(object): # If we haven't been told to turn off stale connection # detection and this dsa has a stale connection then # continue - if detect_stale and self.is_stale_link_connection(dc_s) == True: + if detect_stale and self.is_stale_link_connection(dc_s): continue # Replica meets criteria. Add it to table indexed @@ -1808,11 +1807,11 @@ class KCC(object): findex = rindex = random.randint(0, r_len-1) # while this node doesn't have sufficient edges - while tnode.has_sufficient_edges() == False: + while not tnode.has_sufficient_edges(): # If this edge can be successfully added (i.e. not # the same node and edge doesn't already exist) then # select a new random index for the next round - if tnode.add_edge_from(graph_list[rindex].dsa_dnstr) == True: + if tnode.add_edge_from(graph_list[rindex].dsa_dnstr): findex = rindex = random.randint(0, r_len-1) else: # Otherwise continue looking against each node @@ -1850,7 +1849,7 @@ class KCC(object): if mysite.is_intrasite_topology_disabled(): return - detect_stale = (mysite.is_detect_stale_disabled() == False) + detect_stale = (not mysite.is_detect_stale_disabled()) # Loop thru all the partitions. for partdn, part in self.part_table.items(): @@ -1890,11 +1889,11 @@ class KCC(object): if opts.readonly: # Display any to be added or modified repsFrom for dnstr, connect in mydsa.connect_table.items(): - if connect.to_be_deleted == True: + if connect.to_be_deleted: logger.info("TO BE DELETED:\n%s" % connect) - if connect.to_be_modified == True: + if connect.to_be_modified: logger.info("TO BE MODIFIED:\n%s" % connect) - if connect.to_be_added == True: + if connect.to_be_added: logger.info("TO BE ADDED:\n%s" % connect) mydsa.commit_connections(self.samdb, ro=True) @@ -2330,9 +2329,9 @@ def sort_replica_by_dsa_guid(rep1, rep2): return cmp(rep1.rep_dsa_guid, rep2.rep_dsa_guid) def sort_dsa_by_gc_and_guid(dsa1, dsa2): - if dsa1.is_gc() == True and dsa2.is_gc() == False: + if dsa1.is_gc() and not dsa2.is_gc(): return -1 - if dsa1.is_gc() == False and dsa2.is_gc() == True: + if not dsa1.is_gc() and dsa2.is_gc(): return +1 return cmp(dsa1.dsa_guid, dsa2.dsa_guid) diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index 54ffbea..b3fb0b0 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -869,7 +869,7 @@ def checkKeepAttributeOldMtd(delta, att, reference, current, else: if hashOverwrittenAtt.get(att)&2**msgElt.flags() : continue - elif hashOverwrittenAtt.get(att)==never: + elif hashOverwrittenAtt.get(att) == never: delta.remove(att) continue @@ -961,8 +961,8 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current, message(CHANGESD, "%ssd are not identical:\n%s" % (txt, diff)) txt = "" if attrUSN == -1: - message(CHANGESD, "But the SD has been changed by someonelse "\ - "so it's impossible to know if the difference"\ + message(CHANGESD, "But the SD has been changed by someonelse " + "so it's impossible to know if the difference" " cames from the modification or from a previous bug") dnNotToRecalculate.append(str(dn)) else: @@ -1342,7 +1342,7 @@ def rebuild_sd(samdb, names): listKeys.sort(dn_sort) if len(dnToRecalculate) != 0: - message(CHANGESD, "%d DNs have been marked as needed to be recalculated"\ + message(CHANGESD, "%d DNs have been marked as needed to be recalculated" ", recalculating %d due to inheritance" % (len(dnToRecalculate), len(listKeys))) @@ -1372,7 +1372,7 @@ def hasATProvision(samdb): scope=SCOPE_BASE, attrs=["dn"]) - if entry != None and len(entry) == 1: + if entry is not None and len(entry) == 1: return True else: return False @@ -1695,10 +1695,10 @@ if __name__ == '__main__': v = v + 1 message(CHANGE, - "Find last provision USN, %d invocation(s) for a total of %d ranges" % \ + "Find last provision USN, %d invocation(s) for a total of %d ranges" % (len(lastProvisionUSNs.keys()), v /2 )) - if lastProvisionUSNs.get("default") != None: + if lastProvisionUSNs.get("default") is not None: message(CHANGE, "Old style for usn ranges used") lastProvisionUSNs[str(names.invocation)] = lastProvisionUSNs["default"] del lastProvisionUSNs["default"] @@ -1709,7 +1709,7 @@ if __name__ == '__main__': minobj = 5 (hash_id, nb_obj) = findprovisionrange(ldbs.sam, ldb.Dn(ldbs.sam, str(names.rootdn))) message(SIMPLE, "Here is a list of changes that modified more than %d objects in 1 minute." % minobj) - message(SIMPLE, "Usually changes made by provision and upgradeprovision are those who affect a couple"\ + message(SIMPLE, "Usually changes made by provision and upgradeprovision are those who affect a couple" " of hundred of objects or more") message(SIMPLE, "Total number of objects: %d" % nb_obj) message(SIMPLE, "") diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 23c6ed7..cd2a309 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -105,7 +105,7 @@ class Ldb(_Ldb): # Allow admins to force non-sync ldb for all databases if lp is not None: nosync_p = lp.get("nosync", "ldb") - if nosync_p is not None and nosync_p == True: + if nosync_p is not None and nosync_p: flags |= ldb.FLG_NOSYNC self.set_create_perms(0600) diff --git a/source4/scripting/python/samba/dbchecker.py b/source4/scripting/python/samba/dbchecker.py index a6495fc..e1be6c4 100644 --- a/source4/scripting/python/samba/dbchecker.py +++ b/source4/scripting/python/samba/dbchecker.py @@ -380,8 +380,8 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) m = ldb.Message() m.dn = obj.dn m['lastKnownParent'] = ldb.MessageElement(str(obj.dn.parent()), ldb.FLAG_MOD_REPLACE, 'lastKnownParent') - - if self.do_modify(m, [], + + if self.do_modify(m, [], "Failed to set lastKnownParent on lostAndFound object at %s" % (new_dn + lost_and_found)): self.report("Set lastKnownParent on lostAndFound object at %s" % (new_dn + lost_and_found)) keep_transaction = True @@ -473,7 +473,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) if is_deleted and not target_is_deleted and reverse_link_name is not None: revealed_dn = self.find_revealed_link(obj.dn, attrname, guid) rmd_flags = revealed_dn.dn.get_extended_component("RMD_FLAGS") - if rmd_flags != None and (int(rmd_flags) & 1) == 0: + if rmd_flags is not None and (int(rmd_flags) & 1) == 0: # the RMD_FLAGS for this link should be 1, as the target is deleted self.err_incorrect_rmd_flags(obj, attrname, revealed_dn) continue @@ -551,7 +551,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) return True if dn == self.rid_dn: return True - + return False def calculate_instancetype(self, dn): diff --git a/source4/scripting/python/samba/drs_utils.py b/source4/scripting/python/samba/drs_utils.py index 09f3054..481eec2 100644 --- a/source4/scripting/python/samba/drs_utils.py +++ b/source4/scripting/python/samba/drs_utils.py @@ -246,7 +246,7 @@ class drs_Replicate(object): while True: (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req) - if ctr.first_object == None and ctr.object_count != 0: + if ctr.first_object is None and ctr.object_count != 0: raise RuntimeError("DsGetNCChanges: NULL first_object with object_count=%u" % (ctr.object_count)) self.net.replicate_chunk(self.replication_state, level, ctr, schema=schema, req_level=req_level, req=req) diff --git a/source4/scripting/python/samba/kcc_utils.py b/source4/scripting/python/samba/kcc_utils.py index 281479b..57c3187 100644 --- a/source4/scripting/python/samba/kcc_utils.py +++ b/source4/scripting/python/samba/kcc_utils.py @@ -73,7 +73,7 @@ class NamingContext(object): scope=ldb.SCOPE_BASE, attrs=attrs) except ldb.LdbError, (enum, estr): - raise Exception("Unable to find naming context (%s)" % \ + raise Exception("Unable to find naming context (%s)" % (self.nc_dnstr, estr)) msg = res[0] if "objectGUID" in msg: @@ -213,7 +213,7 @@ class NCReplica(NamingContext): def set_instantiated_flags(self, flags=None): '''Set or clear NC replica instantiated flags''' - if (flags == None): + if flags is None: self.rep_instantiated_flags = 0 else: self.rep_instantiated_flags = flags @@ -337,7 +337,7 @@ class NCReplica(NamingContext): # replacement list. Build a list # of to be deleted reps which we will # remove from rep_repsFrom list below - if repsFrom.to_be_deleted == True: + if repsFrom.to_be_deleted: delreps.append(repsFrom) modify = True continue @@ -361,7 +361,7 @@ class NCReplica(NamingContext): # need to be deleted or input option has informed # us to be "readonly" (ro). Leave database # record "as is" - if modify == False or ro == True: + if not modify or ro: return m = ldb.Message() @@ -380,7 +380,7 @@ class NCReplica(NamingContext): def dumpstr_to_be_deleted(self): text="" for repsFrom in self.rep_repsFrom: - if repsFrom.to_be_deleted == True: + if repsFrom.to_be_deleted: if text: text = text + "\n%s" % repsFrom else: @@ -390,7 +390,7 @@ class NCReplica(NamingContext): def dumpstr_to_be_modified(self): text="" for repsFrom in self.rep_repsFrom: - if repsFrom.is_modified() == True: + if repsFrom.is_modified(): if text: text = text + "\n%s" % repsFrom else: @@ -948,13 +948,13 @@ class NTDSConnection(object): self.to_be_deleted = False # No database modification requested - if ro == True: + if ro: return try: samdb.delete(self.dnstr) except ldb.LdbError, (enum, estr): - raise Exception("Could not delete nTDSConnection for (%s) - (%s)" % \ + raise Exception("Could not delete nTDSConnection for (%s) - (%s)" % (self.dnstr, estr)) def commit_added(self, samdb, ro=False): @@ -966,7 +966,7 @@ class NTDSConnection(object): self.to_be_added = False # No database modification requested - if ro == True: + if ro: return # First verify we don't have this entry to ensure nothing @@ -979,10 +979,10 @@ class NTDSConnection(object): except ldb.LdbError, (enum, estr): if enum != ldb.ERR_NO_SUCH_OBJECT: - raise Exception("Unable to search for (%s) - (%s)" % \ + raise Exception("Unable to search for (%s) - (%s)" % (self.dnstr, estr)) if found: - raise Exception("nTDSConnection for (%s) already exists!" % \ + raise Exception("nTDSConnection for (%s) already exists!" % self.dnstr) if self.enabled: @@ -995,10 +995,10 @@ class NTDSConnection(object): m.dn = ldb.Dn(samdb, self.dnstr) m["objectClass"] = \ - ldb.MessageElement("nTDSConnection", ldb.FLAG_MOD_ADD, \ + ldb.MessageElement("nTDSConnection", ldb.FLAG_MOD_ADD, "objectClass") m["showInAdvancedViewOnly"] = \ - ldb.MessageElement("TRUE", ldb.FLAG_MOD_ADD, \ + ldb.MessageElement("TRUE", ldb.FLAG_MOD_ADD, "showInAdvancedViewOnly") m["enabledConnection"] = \ ldb.MessageElement(enablestr, ldb.FLAG_MOD_ADD, "enabledConnection") @@ -1007,12 +1007,12 @@ class NTDSConnection(object): m["options"] = \ ldb.MessageElement(str(self.options), ldb.FLAG_MOD_ADD, "options") m["systemFlags"] = \ - ldb.MessageElement(str(self.system_flags), ldb.FLAG_MOD_ADD, \ + ldb.MessageElement(str(self.system_flags), ldb.FLAG_MOD_ADD, "systemFlags") if self.transport_dnstr is not None: m["transportType"] = \ - ldb.MessageElement(str(self.transport_dnstr), ldb.FLAG_MOD_ADD, \ + ldb.MessageElement(str(self.transport_dnstr), ldb.FLAG_MOD_ADD, "transportType") if self.schedule is not None: @@ -1022,7 +1022,7 @@ class NTDSConnection(object): try: samdb.add(m) except ldb.LdbError, (enum, estr): - raise Exception("Could not add nTDSConnection for (%s) - (%s)" % \ + raise Exception("Could not add nTDSConnection for (%s) - (%s)" % (self.dnstr, estr)) def commit_modified(self, samdb, ro=False): @@ -1034,7 +1034,7 @@ class NTDSConnection(object): self.to_be_modified = False # No database modification requested - if ro == True: + if ro: return # First verify we have this entry to ensure nothing @@ -1047,9 +1047,9 @@ class NTDSConnection(object): if enum == ldb.ERR_NO_SUCH_OBJECT: found = False else: - raise Exception("Unable to search for (%s) - (%s)" % \ + raise Exception("Unable to search for (%s) - (%s)" % (self.dnstr, estr)) - if found == False: + if not found: raise Exception("nTDSConnection for (%s) doesn't exist!" % self.dnstr) @@ -1143,7 +1143,7 @@ class NTDSConnection(object): sched.headerArray[i].offset: return False - for a, b in zip(self.schedule.dataArray[i].slots, \ + for a, b in zip(self.schedule.dataArray[i].slots, sched.dataArray[i].slots): if a != b: return False @@ -1617,7 +1617,7 @@ class Site(object): # If readonly database then do not perform a # persistent update - if ro == True: + if ro: return True # Perform update to the samdb @@ -1767,7 +1767,7 @@ class GraphNode(object): # the DC on which ri "is present". # # c.options does not contain NTDSCONN_OPT_RODC_TOPOLOGY - if connect and connect.is_rodc_topology() == False: + if connect and not connect.is_rodc_topology(): exists = True else: exists = False @@ -2157,7 +2157,7 @@ class Vertex(object): # We have a full replica which is the largest # value so exit - if rep.is_partial() == False: + if not rep.is_partial(): self.color = VertexColor.red break else: diff --git a/source4/scripting/python/samba/ms_schema.py b/source4/scripting/python/samba/ms_schema.py index 6f7cc67..c16693c 100644 --- a/source4/scripting/python/samba/ms_schema.py +++ b/source4/scripting/python/samba/ms_schema.py @@ -28,7 +28,7 @@ bitFields = {} bitFields["searchflags"] = { 'fATTINDEX': 31, # IX 'fPDNTATTINDEX': 30, # PI - 'fANR': 29, #AR + 'fANR': 29, # AR 'fPRESERVEONDELETE': 28, # PR 'fCOPY': 27, # CP 'fTUPLEINDEX': 26, # TP @@ -85,7 +85,7 @@ multivalued_attrs = set(["auxiliaryclass","maycontain","mustcontain","posssuperi def __read_folded_line(f, buffer): """ reads a line from an LDIF file, unfolding it""" line = buffer - + while True: l = f.readline() @@ -98,7 +98,7 @@ def __read_folded_line(f, buffer): # preserves '\n ' line = line + l else: - # non-continued line + # non-continued line if line == "": line = l @@ -111,7 +111,7 @@ def __read_folded_line(f, buffer): # buffer contains the start of the next possibly folded line buffer = l break - + return (line, buffer) @@ -122,13 +122,13 @@ def __read_raw_entries(f): attr_type_re = re.compile("^([A-Za-z]+[A-Za-z0-9-]*):") buffer = "" - + while True: entry = [] - + while True: (l, buffer) = __read_folded_line(f, buffer) - + if l[:1] == "#": continue @@ -140,7 +140,7 @@ def __read_raw_entries(f): if m: if l[-1:] == "\n": l = l[:-1] - + entry.append(l) else: print >>sys.stderr, "Invalid line: %s" % l, @@ -170,7 +170,7 @@ def __convert_bitfield(key, value): value = value.replace("\n ", "") value = value.replace(" ", "") - + try: # some attributes already have numeric values o = int(value) @@ -186,7 +186,7 @@ def __convert_bitfield(key, value): def __write_ldif_one(entry): """Write out entry as LDIF""" out = [] - + for l in entry: if isinstance(l[1], str): vl = [l[1]] @@ -196,21 +196,21 @@ def __write_ldif_one(entry): if l[0].lower() == 'omobjectclass': out.append("%s:: %s" % (l[0], l[1])) continue - + for v in vl: out.append("%s: %s" % (l[0], v)) return "\n".join(out) - + def __transform_entry(entry, objectClass): """Perform transformations required to convert the LDIF-like schema file entries to LDIF, including Samba-specific stuff.""" - + entry = [l.split(":", 1) for l in entry] cn = "" - + for l in entry: key = l[0].lower() l[1] = l[1].lstrip() @@ -243,7 +243,7 @@ def __transform_entry(entry, objectClass): entry.insert(2, ["objectGUID", str(uuid.uuid4())]) entry.insert(2, ["adminDescription", cn]) entry.insert(2, ["adminDisplayName", cn]) - + for l in entry: key = l[0].lower() @@ -256,7 +256,7 @@ def __parse_schema_file(filename, objectClass): """Load and transform a schema file.""" out = [] - + f = open(filename, "rU") for entry in __read_raw_entries(f): out.append(__write_ldif_one(__transform_entry(entry, objectClass))) @@ -269,7 +269,7 @@ def read_ms_schema(attr_file, classes_file, dump_attributes = True, dump_classes attr_ldif = "" classes_ldif = "" - + if dump_attributes: attr_ldif = __parse_schema_file(attr_file, "attributeSchema") if dump_classes: diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py index 3581678..c542dc6 100644 --- a/source4/scripting/python/samba/netcmd/__init__.py +++ b/source4/scripting/python/samba/netcmd/__init__.py @@ -158,7 +158,7 @@ class Command(object): undetermined_max_args = True else: max_args += 1 - if (len(args) < min_args) or (undetermined_max_args == False and len(args) > max_args): + if (len(args) < min_args) or (not undetermined_max_args and len(args) > max_args): parser.print_usage() return -1 diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 25ae202..8b2a1bc 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -56,7 +56,7 @@ class cmd_delegation_show(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, attrs=["userAccountControl", "msDS-AllowedToDelegateTo"]) @@ -189,7 +189,7 @@ class cmd_delegation_add_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, attrs=["msDS-AllowedToDelegateTo"]) @@ -233,7 +233,7 @@ class cmd_delegation_del_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, attrs=["msDS-AllowedToDelegateTo"]) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index ba4165a..be591ea 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -173,9 +173,9 @@ class cmd_domain_provision(Command): help="choose machine password (otherwise random)"), Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"], - help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " \ - "BIND9_FLATFILE uses bind9 text database to store zone information, " \ - "BIND9_DLZ uses samba4 AD to store zone information, " \ + help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " + "BIND9_FLATFILE uses bind9 text database to store zone information, " + "BIND9_DLZ uses samba4 AD to store zone information, " "NONE skips the DNS setup entirely (not recommended)", default="SAMBA_INTERNAL"), Option("--dnspass", type="string", metavar="PASSWORD", @@ -452,8 +452,8 @@ class cmd_domain_dcpromo(Command): action="store_true"), Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"], - help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " \ - "BIND9_DLZ uses samba4 AD to store zone information, " \ + help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " + "BIND9_DLZ uses samba4 AD to store zone information, " "NONE skips the DNS setup entirely (this DC will not be a DNS server)", default="SAMBA_INTERNAL") ] @@ -518,8 +518,8 @@ class cmd_domain_join(Command): action="store_true"), Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"], - help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " \ - "BIND9_DLZ uses samba4 AD to store zone information, " \ + help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " + "BIND9_DLZ uses samba4 AD to store zone information, " "NONE skips the DNS setup entirely (this DC will not be a DNS server)", default="SAMBA_INTERNAL") ] @@ -1223,9 +1223,9 @@ class cmd_domain_classicupgrade(Command): action="store_true"), Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"], - help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " \ - "BIND9_FLATFILE uses bind9 text database to store zone information, " \ - "BIND9_DLZ uses samba4 AD to store zone information, " \ + help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), " + "BIND9_FLATFILE uses bind9 text database to store zone information, " + "BIND9_DLZ uses samba4 AD to store zone information, " "NONE skips the DNS setup entirely (this DC will not be a DNS server)", default="SAMBA_INTERNAL") ] diff --git a/source4/scripting/python/samba/netcmd/fsmo.py b/source4/scripting/python/samba/netcmd/fsmo.py index 86c6949..a610588 100644 --- a/source4/scripting/python/samba/netcmd/fsmo.py +++ b/source4/scripting/python/samba/netcmd/fsmo.py @@ -256,7 +256,7 @@ all=all of the above"""), creds = credopts.get_credentials(lp, fallback_machine=True) samdb = SamDB(url=H, session_info=system_session(), - credentials=creds, lp=lp) + credentials=creds, lp=lp) if role == "all": transfer_role(self.outf, "rid", samdb) diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index d2d19e2..ee0de98 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -879,7 +879,7 @@ class cmd_create(Command): Option("--tmpdir", help="Temporary directory for copying policy files", type=str) ] - def run(self, displayname, H=None, tmpdir=None, sambaopts=None, credopts=None, + def run(self, displayname, H=None, tmpdir=None, sambaopts=None, credopts=None, versionopts=None): self.lp = sambaopts.get_loadparm() @@ -926,7 +926,7 @@ class cmd_create(Command): gpt_contents = "[General]\r\nVersion=0\r\n" file(os.path.join(gpodir, "GPT.INI"), "w").write(gpt_contents) except Exception, e: - raise CommandError("Error Creating GPO files", e) + raise CommandError("Error Creating GPO files", e) # Connect to DC over SMB [dom_name, service, sharepath] = parse_unc(unc_path) diff --git a/source4/scripting/python/samba/netcmd/ldapcmp.py b/source4/scripting/python/samba/netcmd/ldapcmp.py index ea4f930..d4a2dde 100644 --- a/source4/scripting/python/samba/netcmd/ldapcmp.py +++ b/source4/scripting/python/samba/netcmd/ldapcmp.py @@ -28,14 +28,13 @@ import sys import samba import samba.getopt as options from samba import Ldb -from samba.ndr import ndr_pack, ndr_unpack +from samba.ndr import ndr_unpack from samba.dcerpc import security from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, ERR_NO_SUCH_OBJECT, LdbError from samba.netcmd import ( Command, CommandError, Option, - SuperCommand, ) global summary @@ -103,7 +102,7 @@ class LDAPBase(object): def find_servers(self): """ """ - res = self.ldb.search(base="OU=Domain Controllers,%s" % self.base_dn, \ + res = self.ldb.search(base="OU=Domain Controllers,%s" % self.base_dn, scope=SCOPE_SUBTREE, expression="(objectClass=computer)", attrs=["cn"]) assert len(res) > 0 srv = [] @@ -112,7 +111,7 @@ class LDAPBase(object): return srv def find_netbios(self): - res = self.ldb.search(base="CN=Partitions,%s" % self.config_dn, \ + res = self.ldb.search(base="CN=Partitions,%s" % self.config_dn, scope=SCOPE_SUBTREE, attrs=["nETBIOSName"]) assert len(res) > 0 for x in res: diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index e596ce9..edbcd7e 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -172,7 +172,7 @@ class cmd_ntacl_sysvolreset(Command): netlogon = lp.get("path", "netlogon") sysvol = lp.get("path", "sysvol") try: - samdb = SamDB(session_info=system_session(), + samdb = SamDB(session_info=system_session(), lp=lp) except Exception, e: raise CommandError("Unable to open samdb:", e) @@ -207,10 +207,10 @@ class cmd_ntacl_sysvolreset(Command): if use_ntvfs: logger.warning("Please note that POSIX permissions have NOT been changed, only the stored NT ACL") - + provision.setsysvolacl(samdb, netlogon, sysvol, - LA_uid, BA_gid, domain_sid, - lp.get("realm").lower(), samdb.domain_dn(), + LA_uid, BA_gid, domain_sid, + lp.get("realm").lower(), samdb.domain_dn(), lp, use_ntvfs=use_ntvfs) class cmd_ntacl_sysvolcheck(Command): @@ -223,8 +223,7 @@ class cmd_ntacl_sysvolcheck(Command): "versionopts": options.VersionOptions, } - def run(self, - credopts=None, sambaopts=None, versionopts=None): + def run(self, credopts=None, sambaopts=None, versionopts=None): lp = sambaopts.get_loadparm() path = lp.private_path("secrets.ldb") creds = credopts.get_credentials(lp) @@ -234,16 +233,15 @@ class cmd_ntacl_sysvolcheck(Command): netlogon = lp.get("path", "netlogon") sysvol = lp.get("path", "sysvol") try: - samdb = SamDB(session_info=system_session(), - lp=lp) + samdb = SamDB(session_info=system_session(), lp=lp) except Exception, e: raise CommandError("Unable to open samdb:", e) domain_sid = security.dom_sid(samdb.domain_sid) provision.checksysvolacl(samdb, netlogon, sysvol, - domain_sid, - lp.get("realm").lower(), samdb.domain_dn(), + domain_sid, + lp.get("realm").lower(), samdb.domain_dn(), lp) diff --git a/source4/scripting/python/samba/netcmd/spn.py b/source4/scripting/python/samba/netcmd/spn.py index 79fa699..564fd59 100644 --- a/source4/scripting/python/samba/netcmd/spn.py +++ b/source4/scripting/python/samba/netcmd/spn.py @@ -60,7 +60,7 @@ class cmd_spn_list(Command): spns = res[0].get("servicePrincipalName") found = False flag = ldb.FLAG_MOD_ADD - if spns != None: + if spns is not None: self.outf.write( "User %s has the following servicePrincipalName: \n" % res[0].dn) @@ -84,7 +84,7 @@ class cmd_spn_add(Command): "versionopts": options.VersionOptions, } takes_options = [ - Option("--force", help="Force the addition of the spn"\ + Option("--force", help="Force the addition of the spn" " even it exists already", action="store_true"), ] takes_args = ["name", "user"] @@ -99,7 +99,7 @@ class cmd_spn_add(Command): res = sam.search( expression="servicePrincipalName=%s" % ldb.binary_encode(name), scope=ldb.SCOPE_SUBTREE) - if len(res) != 0 and not force: + if len(res) != 0 and not force: raise CommandError("Service principal %s already" " affected to another user" % name) @@ -114,7 +114,7 @@ class cmd_spn_add(Command): tab = [] found = False flag = ldb.FLAG_MOD_ADD - if spns != None: + if spns is not None: for e in spns: if str(e) == name: found = True @@ -172,8 +172,8 @@ class cmd_spn_delete(Command): listUser = "" for r in res: listUser = "%s\n%s" % (listUser, str(r.dn)) - raise CommandError("More than one user has the spn %s "\ - "and no specific user was specified, list of users"\ + raise CommandError("More than one user has the spn %s " + "and no specific user was specified, list of users" " with this spn:%s" % (name, listUser)) else: result=res[0] @@ -182,7 +182,7 @@ class cmd_spn_delete(Command): msg = ldb.Message() spns = result.get("servicePrincipalName") tab = [] - if spns != None: + if spns is not None: for e in spns: if str(e) != name: tab.append(str(e)) diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 38c31c6..2108a64 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -63,7 +63,7 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): attribute = backend_obj.wrap_getxattr(dbname, file, xattr.XATTR_NTACL_NAME) except Exception: - # FIXME: Don't catch all exceptions, just those related to opening + # FIXME: Don't catch all exceptions, just those related to opening # xattrdb print "Fail to open %s" % dbname attribute = samba.xattr_native.wrap_getxattr(file, @@ -96,10 +96,10 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True backend_obj.wrap_setxattr(dbname, file, xattr.XATTR_NTACL_NAME, ndr_pack(ntacl)) except Exception: - # FIXME: Don't catch all exceptions, just those related to opening + # FIXME: Don't catch all exceptions, just those related to opening # xattrdb print "Fail to open %s" % dbname - samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME, + samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME, ndr_pack(ntacl)) else: samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME, @@ -144,14 +144,14 @@ def ldapmask2filemask(ldm): filemask = ldm & STANDARD_RIGHTS_ALL if (ldm & RIGHT_DS_READ_PROPERTY) and (ldm & RIGHT_DS_LIST_CONTENTS): - filemask = filemask | (SYNCHRONIZE | FILE_LIST_DIRECTORY |\ - FILE_READ_ATTRIBUTES | FILE_READ_EA |\ + filemask = filemask | (SYNCHRONIZE | FILE_LIST_DIRECTORY | + FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA | FILE_EXECUTE) if ldm & RIGHT_DS_WRITE_PROPERTY: - filemask = filemask | (SYNCHRONIZE | FILE_WRITE_DATA |\ - FILE_APPEND_DATA | FILE_WRITE_EA |\ - FILE_WRITE_ATTRIBUTES | FILE_ADD_FILE |\ + filemask = filemask | (SYNCHRONIZE | FILE_WRITE_DATA | + FILE_APPEND_DATA | FILE_WRITE_EA | + FILE_WRITE_ATTRIBUTES | FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY) if ldm & RIGHT_DS_CREATE_CHILD: @@ -165,7 +165,7 @@ def ldapmask2filemask(ldm): def dsacl2fsacl(dssddl, domsid): """ - + This function takes an the SDDL representation of a DS ACL and return the SDDL representation of this ACL adapted for files. It's used for Policy object provision diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index c22d549..c5b2037 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -358,7 +358,7 @@ def get_last_provision_usn(sam): if (len(myids) > 0 and id not in myids): continue tab2 = p.split(tab1[0]) - if range.get(id) == None: + if range.get(id) is None: range[id] = [] range[id].append(tab2[0]) range[id].append(tab2[1]) @@ -1743,7 +1743,7 @@ def sanitize_server_role(role): "active directory domain controller", "standalone server") """ try: - return _ROLES_MAP[role] + return _ROLES_MAP[role] except KeyError: raise ValueError(role) diff --git a/source4/scripting/python/samba/provision/backend.py b/source4/scripting/python/samba/provision/backend.py index 5f04a05..f88b0db 100644 --- a/source4/scripting/python/samba/provision/backend.py +++ b/source4/scripting/python/samba/provision/backend.py @@ -384,7 +384,7 @@ class OpenLDAPBackend(LDAPBackend): lnkattr = self.schema.linked_attributes() refint_attributes = "" memberof_config = "# Generated from Samba4 schema\n" - for att in lnkattr.keys(): + for att in lnkattr.keys(): if lnkattr[att] is not None: refint_attributes = refint_attributes + " " + att diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py index 25ffa31..2d13150 100644 --- a/source4/scripting/python/samba/schema.py +++ b/source4/scripting/python/samba/schema.py @@ -155,16 +155,16 @@ dn: @INDEXLIST return dsdb._dsdb_convert_schema_to_openldap(self.ldb, target, mapping) -# Return a hash with the forward attribute as a key and the back as the value +# Return a hash with the forward attribute as a key and the back as the value def get_linked_attributes(schemadn,schemaldb): attrs = ["linkID", "lDAPDisplayName"] res = schemaldb.search(expression="(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=schemadn, scope=SCOPE_ONELEVEL, attrs=attrs) attributes = {} for i in range (0, len(res)): expression = "(&(objectclass=attributeSchema)(linkID=%d)(attributeSyntax=2.5.5.1))" % (int(res[i]["linkID"][0])+1) - target = schemaldb.searchone(basedn=schemadn, - expression=expression, - attribute="lDAPDisplayName", + target = schemaldb.searchone(basedn=schemadn, + expression=expression, + attribute="lDAPDisplayName", scope=SCOPE_SUBTREE) if target is not None: attributes[str(res[i]["lDAPDisplayName"])]=str(target) diff --git a/source4/scripting/python/samba/tests/auth.py b/source4/scripting/python/samba/tests/auth.py index 9894ba8..f71e1a7 100644 --- a/source4/scripting/python/samba/tests/auth.py +++ b/source4/scripting/python/samba/tests/auth.py @@ -15,9 +15,9 @@ # along with this program. If not, see . # -"""Tests for the Auth Python bindings. +"""Tests for the Auth Python bindings. -Note that this just tests the bindings work. It does not intend to test +Note that this just tests the bindings work. It does not intend to test the functionality, that's already done in other tests. """ diff --git a/source4/scripting/python/samba/tests/core.py b/source4/scripting/python/samba/tests/core.py index dbde832..8206e68 100644 --- a/source4/scripting/python/samba/tests/core.py +++ b/source4/scripting/python/samba/tests/core.py @@ -36,11 +36,11 @@ class SubstituteVarTestCase(TestCase): samba.substitute_var("foo ${bar}", {"bar": "bla"})) def test_broken(self): - self.assertEquals("foo ${bdkjfhsdkfh sdkfh ", + self.assertEquals("foo ${bdkjfhsdkfh sdkfh ", samba.substitute_var("foo ${bdkjfhsdkfh sdkfh ", {"bar": "bla"})) def test_unknown_var(self): - self.assertEquals("foo ${bla} gsff", + self.assertEquals("foo ${bla} gsff", samba.substitute_var("foo ${bla} gsff", {"bar": "bla"})) def test_check_all_substituted(self): diff --git a/source4/scripting/python/samba/tests/credentials.py b/source4/scripting/python/samba/tests/credentials.py index c8aed92..95ee0fa 100644 --- a/source4/scripting/python/samba/tests/credentials.py +++ b/source4/scripting/python/samba/tests/credentials.py @@ -15,9 +15,9 @@ # along with this program. If not, see . # -"""Tests for the Credentials Python bindings. +"""Tests for the Credentials Python bindings. -Note that this just tests the bindings work. It does not intend to test +Note that this just tests the bindings work. It does not intend to test the functionality, that's already done in other tests. """ @@ -78,7 +78,7 @@ class CredentialsTests(samba.tests.TestCase): def test_get_nt_hash(self): self.creds.set_password("geheim") - self.assertEquals('\xc2\xae\x1f\xe6\xe6H\x84cRE>\x81o*\xeb\x93', + self.assertEquals('\xc2\xae\x1f\xe6\xe6H\x84cRE>\x81o*\xeb\x93', self.creds.get_nt_hash()) def test_guess(self): diff --git a/source4/scripting/python/samba/tests/dcerpc/bare.py b/source4/scripting/python/samba/tests/dcerpc/bare.py index 04d470e..3efbf9d 100644 --- a/source4/scripting/python/samba/tests/dcerpc/bare.py +++ b/source4/scripting/python/samba/tests/dcerpc/bare.py @@ -26,26 +26,26 @@ class BareTestCase(samba.tests.TestCase): def test_bare(self): # Connect to the echo pipe - x = ClientConnection("ncalrpc:localhost[DEFAULT]", + x = ClientConnection("ncalrpc:localhost[DEFAULT]", ("60a15ec5-4de8-11d7-a637-005056a20182", 1), lp_ctx=samba.tests.env_loadparm()) self.assertEquals("\x01\x00\x00\x00", x.request(0, chr(0) * 4)) def test_alter_context(self): - x = ClientConnection("ncalrpc:localhost[DEFAULT]", + x = ClientConnection("ncalrpc:localhost[DEFAULT]", ("12345778-1234-abcd-ef00-0123456789ac", 1), lp_ctx=samba.tests.env_loadparm()) - y = ClientConnection("ncalrpc:localhost", + y = ClientConnection("ncalrpc:localhost", ("60a15ec5-4de8-11d7-a637-005056a20182", 1), basis_connection=x, lp_ctx=samba.tests.env_loadparm()) x.alter_context(("60a15ec5-4de8-11d7-a637-005056a20182", 1)) # FIXME: self.assertEquals("\x01\x00\x00\x00", x.request(0, chr(0) * 4)) def test_two_connections(self): - x = ClientConnection("ncalrpc:localhost[DEFAULT]", - ("60a15ec5-4de8-11d7-a637-005056a20182", 1), + x = ClientConnection("ncalrpc:localhost[DEFAULT]", + ("60a15ec5-4de8-11d7-a637-005056a20182", 1), lp_ctx=samba.tests.env_loadparm()) - y = ClientConnection("ncalrpc:localhost", + y = ClientConnection("ncalrpc:localhost", ("60a15ec5-4de8-11d7-a637-005056a20182", 1), basis_connection=x, lp_ctx=samba.tests.env_loadparm()) self.assertEquals("\x01\x00\x00\x00", y.request(0, chr(0) * 4)) diff --git a/source4/scripting/python/samba/tests/dcerpc/registry.py b/source4/scripting/python/samba/tests/dcerpc/registry.py index b707437..c7bcbfd 100644 --- a/source4/scripting/python/samba/tests/dcerpc/registry.py +++ b/source4/scripting/python/samba/tests/dcerpc/registry.py @@ -44,7 +44,7 @@ class WinregTests(RpcInterfaceTestCase): self.conn.CloseKey(handle) def test_getkeyinfo(self): - handle = self.conn.OpenHKLM(None, + handle = self.conn.OpenHKLM(None, winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS) x = self.conn.QueryInfoKey(handle, winreg.String()) self.assertEquals(9, len(x)) # should return a 9-tuple diff --git a/source4/scripting/python/samba/tests/dcerpc/unix.py b/source4/scripting/python/samba/tests/dcerpc/unix.py index 20fbf99..e8ef4da 100644 --- a/source4/scripting/python/samba/tests/dcerpc/unix.py +++ b/source4/scripting/python/samba/tests/dcerpc/unix.py @@ -44,6 +44,6 @@ class UnixinfoTests(RpcInterfaceTestCase): def test_uidtosid(self): self.conn.UidToSid(1000) - + def test_uidtosid_fail(self): self.assertRaises(TypeError, self.conn.UidToSid, "100") diff --git a/source4/scripting/python/samba/tests/dns.py b/source4/scripting/python/samba/tests/dns.py index 6433b9f..49d699e 100644 --- a/source4/scripting/python/samba/tests/dns.py +++ b/source4/scripting/python/samba/tests/dns.py @@ -47,13 +47,13 @@ class DNSTest(TestCase): def assert_dns_rcode_equals(self, packet, rcode): "Helper function to check return code" p_errcode = packet.operation & 0x000F - self.assertEquals(p_errcode, rcode, "Expected RCODE %s, got %s" % \ + self.assertEquals(p_errcode, rcode, "Expected RCODE %s, got %s" % (self.errstr(rcode), self.errstr(p_errcode))) def assert_dns_opcode_equals(self, packet, opcode): "Helper function to check opcode" p_opcode = packet.operation & 0x7800 - self.assertEquals(p_opcode, opcode, "Expected OPCODE %s, got %s" % \ + self.assertEquals(p_opcode, opcode, "Expected OPCODE %s, got %s" % (opcode, p_opcode)) def make_name_packet(self, opcode, qid=None): diff --git a/source4/scripting/python/samba/tests/gensec.py b/source4/scripting/python/samba/tests/gensec.py index 712f177..e270c41 100644 --- a/source4/scripting/python/samba/tests/gensec.py +++ b/source4/scripting/python/samba/tests/gensec.py @@ -17,7 +17,7 @@ """Tests for GENSEC. -Note that this just tests the bindings work. It does not intend to test +Note that this just tests the bindings work. It does not intend to test the functionality, that's already done in other tests. """ @@ -54,7 +54,7 @@ class GensecTests(samba.tests.TestCase): self.gensec_client.want_feature(gensec.FEATURE_SEAL) self.gensec_client.start_mech_by_sasl_name("GSSAPI") - self.gensec_server = gensec.Security.start_server(settings=self.settings, + self.gensec_server = gensec.Security.start_server(settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)) creds = Credentials() creds.guess(self.lp_ctx) @@ -69,7 +69,7 @@ class GensecTests(samba.tests.TestCase): server_to_client = "" """Run the actual call loop""" - while client_finished == False and server_finished == False: + while not client_finished and not server_finished: if not client_finished: print "running client gensec_update" (client_finished, client_to_server) = self.gensec_client.update(server_to_client) @@ -118,7 +118,7 @@ class GensecTests(samba.tests.TestCase): """Run the actual call loop""" i = 0 - while client_finished == False or server_finished == False: + while not client_finished or not server_finished: i += 1 if not client_finished: print "running client gensec_update: %d: %r" % (len(server_to_client), server_to_client) diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py index 408c988..f7fb407 100644 --- a/source4/scripting/python/samba/tests/provision.py +++ b/source4/scripting/python/samba/tests/provision.py @@ -126,7 +126,7 @@ class Disabled(object): class SanitizeServerRoleTests(TestCase): def test_same(self): - self.assertEquals("standalone server", + self.assertEquals("standalone server", sanitize_server_role("standalone server")) self.assertEquals("member server", sanitize_server_role("member server")) diff --git a/source4/scripting/python/samba/tests/samba3.py b/source4/scripting/python/samba/tests/samba3.py index d83db0f..0a7f13c 100644 --- a/source4/scripting/python/samba/tests/samba3.py +++ b/source4/scripting/python/samba/tests/samba3.py @@ -55,8 +55,8 @@ class RegistryTestCase(TestCase): self.assertEquals(["SOFTWARE", "SYSTEM"], self.registry.subkeys("HKLM")) def test_values(self): - self.assertEquals({'DisplayName': (1L, 'E\x00v\x00e\x00n\x00t\x00 \x00L\x00o\x00g\x00\x00\x00'), - 'ErrorControl': (4L, '\x01\x00\x00\x00')}, + self.assertEquals({'DisplayName': (1L, 'E\x00v\x00e\x00n\x00t\x00 \x00L\x00o\x00g\x00\x00\x00'), + 'ErrorControl': (4L, '\x01\x00\x00\x00')}, self.registry.values("HKLM/SYSTEM/CURRENTCONTROLSET/SERVICES/EVENTLOG")) diff --git a/source4/scripting/python/samba/tests/samba3sam.py b/source4/scripting/python/samba/tests/samba3sam.py index e463472..9c017fb 100644 --- a/source4/scripting/python/samba/tests/samba3sam.py +++ b/source4/scripting/python/samba/tests/samba3sam.py @@ -56,7 +56,7 @@ class MapBaseTestCase(TestCaseInTempDir): "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,samba3sid,show_deleted,partition"}) ldb.add({"dn": "@PARTITION", - "partition": ["%s" % (s4.basedn_casefold), + "partition": ["%s" % (s4.basedn_casefold), "%s" % (s3.basedn_casefold)], "replicateEntries": ["@ATTRIBUTES", "@INDEXLIST"], "modules": "*:"}) @@ -79,7 +79,7 @@ class MapBaseTestCase(TestCaseInTempDir): tempdir = self.tempdir class Target: - """Simple helper class that contains data for a specific SAM + """Simple helper class that contains data for a specific SAM connection.""" def __init__(self, basedn, dn, lp): @@ -169,9 +169,9 @@ class Samba3SamTestCase(MapBaseTestCase): """Looking up mapped entry containing SID""" msg = self.ldb.search(expression="(cn=Replicator)") self.assertEquals(len(msg), 1) - self.assertEquals(str(msg[0].dn), + self.assertEquals(str(msg[0].dn), "cn=Replicator,ou=Groups,dc=vernstok,dc=nl") - self.assertTrue("objectSid" in msg[0]) + self.assertTrue("objectSid" in msg[0]) self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", msg[0]["objectSid"]) oc = set(msg[0]["objectClass"]) @@ -180,28 +180,28 @@ class Samba3SamTestCase(MapBaseTestCase): def test_search_by_objclass(self): """Looking up by objectClass""" msg = self.ldb.search(expression="(|(objectClass=user)(cn=Administrator))") - self.assertEquals(set([str(m.dn) for m in msg]), - set(["unixName=Administrator,ou=Users,dc=vernstok,dc=nl", + self.assertEquals(set([str(m.dn) for m in msg]), + set(["unixName=Administrator,ou=Users,dc=vernstok,dc=nl", "unixName=nobody,ou=Users,dc=vernstok,dc=nl"])) def test_s3sam_modify(self): # Adding a record that will be fallbacked - self.ldb.add({"dn": "cn=Foo", - "foo": "bar", - "blah": "Blie", - "cn": "Foo", + self.ldb.add({"dn": "cn=Foo", + "foo": "bar", + "blah": "Blie", + "cn": "Foo", "showInAdvancedViewOnly": "TRUE"} ) # Checking for existence of record (local) - # TODO: This record must be searched in the local database, which is + # TODO: This record must be searched in the local database, which is # currently only supported for base searches # msg = ldb.search(expression="(cn=Foo)", ['foo','blah','cn','showInAdvancedViewOnly')] # TODO: Actually, this version should work as well but doesn't... - # - # - msg = self.ldb.search(expression="(cn=Foo)", base="cn=Foo", - scope=SCOPE_BASE, + # + # + msg = self.ldb.search(expression="(cn=Foo)", base="cn=Foo", + scope=SCOPE_BASE, attrs=['foo','blah','cn','showInAdvancedViewOnly']) self.assertEquals(len(msg), 1) self.assertEquals(str(msg[0]["showInAdvancedViewOnly"]), "TRUE") @@ -216,14 +216,14 @@ class Samba3SamTestCase(MapBaseTestCase): "cn": "Niemand"}) # Checking for existence of record (remote) - msg = self.ldb.search(expression="(unixName=bin)", + msg = self.ldb.search(expression="(unixName=bin)", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) self.assertEquals(len(msg), 1) self.assertEquals(str(msg[0]["cn"]), "Niemand") self.assertEquals(str(msg[0]["sambaUnicodePwd"]), "geheim") # Checking for existence of record (local && remote) - msg = self.ldb.search(expression="(&(unixName=bin)(sambaUnicodePwd=geheim))", + msg = self.ldb.search(expression="(&(unixName=bin)(sambaUnicodePwd=geheim))", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) self.assertEquals(len(msg), 1) # TODO: should check with more records self.assertEquals(str(msg[0]["cn"]), "Niemand") @@ -231,7 +231,7 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(str(msg[0]["sambaUnicodePwd"]), "geheim") # Checking for existence of record (local || remote) - msg = self.ldb.search(expression="(|(unixName=bin)(sambaUnicodePwd=geheim))", + msg = self.ldb.search(expression="(|(unixName=bin)(sambaUnicodePwd=geheim))", attrs=['unixName','cn','dn', 'sambaUnicodePwd']) #print "got %d replies" % len(msg) self.assertEquals(len(msg), 1) # TODO: should check with more records @@ -242,7 +242,7 @@ class Samba3SamTestCase(MapBaseTestCase): # Checking for data in destination database msg = self.samba3.db.search(expression="(cn=Niemand)") self.assertTrue(len(msg) >= 1) - self.assertEquals(str(msg[0]["sambaSID"]), + self.assertEquals(str(msg[0]["sambaSID"]), "S-1-5-21-4231626423-2410014848-2360679739-2001") self.assertEquals(str(msg[0]["displayName"]), "Niemand") @@ -286,13 +286,13 @@ delete: description self.assertTrue(not "description" in msg[0]) # Renaming record... - self.ldb.rename("cn=Niemand,cn=Users,dc=vernstok,dc=nl", + self.ldb.rename("cn=Niemand,cn=Users,dc=vernstok,dc=nl", "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") # Checking whether DN has changed... msg = self.ldb.search(expression="(cn=Niemand2)") self.assertEquals(len(msg), 1) - self.assertEquals(str(msg[0].dn), + self.assertEquals(str(msg[0].dn), "cn=Niemand2,cn=Users,dc=vernstok,dc=nl") # Deleting record... @@ -377,7 +377,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 "objectClass": "posixAccount", "cn": "A", "sambaNextRid": "x", - "sambaBadPasswordCount": "x", + "sambaBadPasswordCount": "x", "sambaLogonTime": "x", "description": "x", "sambaSID": "S-1-5-21-4231626423-2410014848-2360679739-552", @@ -405,7 +405,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Search remote record by local DN dn = self.samba4.dn("cn=A") - res = self.ldb.search(dn, scope=SCOPE_BASE, + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) @@ -414,7 +414,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Search remote record by remote DN dn = self.samba3.dn("cn=A") - res = self.samba3.db.search(dn, scope=SCOPE_BASE, + res = self.samba3.db.search(dn, scope=SCOPE_BASE, attrs=["dnsHostName", "lastLogon", "sambaLogonTime"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) @@ -424,7 +424,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Search split record by local DN dn = self.samba4.dn("cn=X") - res = self.ldb.search(dn, scope=SCOPE_BASE, + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) @@ -433,7 +433,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Search split record by remote DN dn = self.samba3.dn("cn=X") - res = self.samba3.db.search(dn, scope=SCOPE_BASE, + res = self.samba3.db.search(dn, scope=SCOPE_BASE, attrs=["dnsHostName", "lastLogon", "sambaLogonTime"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) @@ -444,7 +444,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Testing search by attribute # Search by ignored attribute - res = self.ldb.search(expression="(revision=x)", scope=SCOPE_DEFAULT, + res = self.ldb.search(expression="(revision=x)", scope=SCOPE_DEFAULT, attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 2) res = sorted(res, key=attrgetter('dn')) @@ -456,7 +456,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[1]["lastLogon"]), "y") # Search by kept attribute - res = self.ldb.search(expression="(description=y)", + res = self.ldb.search(expression="(description=y)", scope=SCOPE_DEFAULT, attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 2) res = sorted(res, key=attrgetter('dn')) @@ -500,10 +500,10 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 res[0]["objectSid"]) self.assertTrue("objectSid" in res[0]) - # Search by generated attribute + # Search by generated attribute # In most cases, this even works when the mapping is missing # a `convert_operator' by enumerating the remote db. - res = self.ldb.search(expression="(primaryGroupID=512)", + res = self.ldb.search(expression="(primaryGroupID=512)", attrs=["dnsHostName", "lastLogon", "primaryGroupID"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), self.samba4.dn("cn=A")) @@ -520,10 +520,10 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # print obj + ": " + res[i][obj] # } # print "---" - # + # # Search by remote name of renamed attribute */ - res = self.ldb.search(expression="(sambaBadPasswordCount=*)", + res = self.ldb.search(expression="(sambaBadPasswordCount=*)", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 0) @@ -562,7 +562,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Testing search by parse tree # Search by conjunction of local attributes - res = self.ldb.search(expression="(&(codePage=x)(revision=x))", + res = self.ldb.search(expression="(&(codePage=x)(revision=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 2) res = sorted(res, key=attrgetter('dn')) @@ -574,7 +574,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[1]["lastLogon"]), "y") # Search by conjunction of remote attributes - res = self.ldb.search(expression="(&(lastLogon=x)(description=x))", + res = self.ldb.search(expression="(&(lastLogon=x)(description=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 2) res = sorted(res, key=attrgetter('dn')) @@ -584,9 +584,9 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(str(res[1]["dnsHostName"]), "x") self.assertEquals(str(res[1]["lastLogon"]), "x") - - # Search by conjunction of local and remote attribute - res = self.ldb.search(expression="(&(codePage=x)(description=x))", + + # Search by conjunction of local and remote attribute + res = self.ldb.search(expression="(&(codePage=x)(description=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 2) res = sorted(res, key=attrgetter('dn')) @@ -599,15 +599,15 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # Search by conjunction of local and remote attribute w/o match attrs = ["dnsHostName", "lastLogon"] - res = self.ldb.search(expression="(&(codePage=x)(nextRid=x))", + res = self.ldb.search(expression="(&(codePage=x)(nextRid=x))", attrs=attrs) self.assertEquals(len(res), 0) - res = self.ldb.search(expression="(&(revision=x)(lastLogon=z))", + res = self.ldb.search(expression="(&(revision=x)(lastLogon=z))", attrs=attrs) self.assertEquals(len(res), 0) # Search by disjunction of local attributes - res = self.ldb.search(expression="(|(revision=x)(dnsHostName=x))", + res = self.ldb.search(expression="(|(revision=x)(dnsHostName=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 2) res = sorted(res, key=attrgetter('dn')) @@ -619,7 +619,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[1]["lastLogon"]), "y") # Search by disjunction of remote attributes - res = self.ldb.search(expression="(|(badPwdCount=x)(lastLogon=x))", + res = self.ldb.search(expression="(|(badPwdCount=x)(lastLogon=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 3) res = sorted(res, key=attrgetter('dn')) @@ -634,7 +634,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[2]["lastLogon"]), "x") # Search by disjunction of local and remote attribute - res = self.ldb.search(expression="(|(revision=x)(lastLogon=y))", + res = self.ldb.search(expression="(|(revision=x)(lastLogon=y))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 3) res = sorted(res, key=attrgetter('dn')) @@ -649,12 +649,12 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[2]["lastLogon"]), "y") # Search by disjunction of local and remote attribute w/o match - res = self.ldb.search(expression="(|(codePage=y)(nextRid=z))", + res = self.ldb.search(expression="(|(codePage=y)(nextRid=z))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 0) # Search by negated local attribute - res = self.ldb.search(expression="(!(revision=x))", + res = self.ldb.search(expression="(!(revision=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 6) res = sorted(res, key=attrgetter('dn')) @@ -672,7 +672,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[3]["lastLogon"]), "z") # Search by negated remote attribute - res = self.ldb.search(expression="(!(description=x))", + res = self.ldb.search(expression="(!(description=x))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 4) res = sorted(res, key=attrgetter('dn')) @@ -684,7 +684,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[1]["lastLogon"]), "z") # Search by negated conjunction of local attributes - res = self.ldb.search(expression="(!(&(codePage=x)(revision=x)))", + res = self.ldb.search(expression="(!(&(codePage=x)(revision=x)))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 6) res = sorted(res, key=attrgetter('dn')) @@ -702,7 +702,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[3]["lastLogon"]), "z") # Search by negated conjunction of remote attributes - res = self.ldb.search(expression="(!(&(lastLogon=x)(description=x)))", + res = self.ldb.search(expression="(!(&(lastLogon=x)(description=x)))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 6) res = sorted(res, key=attrgetter('dn')) @@ -720,7 +720,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[3]["lastLogon"]), "z") # Search by negated conjunction of local and remote attribute - res = self.ldb.search(expression="(!(&(codePage=x)(description=x)))", + res = self.ldb.search(expression="(!(&(codePage=x)(description=x)))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 6) res = sorted(res, key=attrgetter('dn')) @@ -738,7 +738,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[3]["lastLogon"]), "z") # Search by negated disjunction of local attributes - res = self.ldb.search(expression="(!(|(revision=x)(dnsHostName=x)))", + res = self.ldb.search(expression="(!(|(revision=x)(dnsHostName=x)))", attrs=["dnsHostName", "lastLogon"]) res = sorted(res, key=attrgetter('dn')) self.assertEquals(str(res[0].dn), self.samba4.dn("cn=A")) @@ -755,7 +755,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[3]["lastLogon"]), "z") # Search by negated disjunction of remote attributes - res = self.ldb.search(expression="(!(|(badPwdCount=x)(lastLogon=x)))", + res = self.ldb.search(expression="(!(|(badPwdCount=x)(lastLogon=x)))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 5) res = sorted(res, key=attrgetter('dn')) @@ -770,7 +770,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[2]["lastLogon"]), "z") # Search by negated disjunction of local and remote attribute - res = self.ldb.search(expression="(!(|(revision=x)(lastLogon=y)))", + res = self.ldb.search(expression="(!(|(revision=x)(lastLogon=y)))", attrs=["dnsHostName", "lastLogon"]) self.assertEquals(len(res), 5) res = sorted(res, key=attrgetter('dn')) @@ -813,7 +813,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 """Modification of local records.""" # Add local record dn = "cn=test,dc=idealx,dc=org" - self.ldb.add({"dn": dn, + self.ldb.add({"dn": dn, "cn": "test", "foo": "bar", "revision": "1", @@ -827,11 +827,11 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 self.assertEquals(str(res[0]["revision"]), "1") self.assertEquals(str(res[0]["description"]), "test") # Check it's not in the local db - res = self.samba4.db.search(expression="(cn=test)", + res = self.samba4.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 0) # Check it's not in the remote db - res = self.samba3.db.search(expression="(cn=test)", + res = self.samba3.db.search(expression="(cn=test)", scope=SCOPE_DEFAULT, attrs=attrs) self.assertEquals(len(res), 0) @@ -874,13 +874,13 @@ description: foo # Add remote record dn = self.samba4.dn("cn=test") dn2 = self.samba3.dn("cn=test") - self.samba3.db.add({"dn": dn2, + self.samba3.db.add({"dn": dn2, "cn": "test", "description": "foo", "sambaBadPasswordCount": "3", "sambaNextRid": "1001"}) # Check it's there - res = self.samba3.db.search(dn2, scope=SCOPE_BASE, + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=["description", "sambaBadPasswordCount", "sambaNextRid"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) @@ -909,7 +909,7 @@ badPwdCount: 4 """ self.ldb.modify_ldif(ldif) # Check in mapped db - res = self.ldb.search(dn, scope=SCOPE_BASE, + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["description", "badPwdCount", "nextRid"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) @@ -917,7 +917,7 @@ badPwdCount: 4 self.assertEquals(str(res[0]["badPwdCount"]), "4") self.assertEquals(str(res[0]["nextRid"]), "1001") # Check in remote db - res = self.samba3.db.search(dn2, scope=SCOPE_BASE, + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=["description", "sambaBadPasswordCount", "sambaNextRid"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) @@ -930,16 +930,16 @@ badPwdCount: 4 self.ldb.rename(dn, dn2) # Check in mapped db dn = dn2 - res = self.ldb.search(dn, scope=SCOPE_BASE, + res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["description", "badPwdCount", "nextRid"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn) self.assertEquals(str(res[0]["description"]), "test") self.assertEquals(str(res[0]["badPwdCount"]), "4") self.assertEquals(str(res[0]["nextRid"]), "1001") - # Check in remote db + # Check in remote db dn2 = self.samba3.dn("cn=toast") - res = self.samba3.db.search(dn2, scope=SCOPE_BASE, + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=["description", "sambaBadPasswordCount", "sambaNextRid"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) @@ -961,7 +961,7 @@ badPwdCount: 4 # Add remote record (same as before) dn = self.samba4.dn("cn=test") dn2 = self.samba3.dn("cn=test") - self.samba3.db.add({"dn": dn2, + self.samba3.db.add({"dn": dn2, "cn": "test", "description": "foo", "sambaBadPasswordCount": "3", @@ -1030,7 +1030,7 @@ description: test self.assertTrue(not "nextRid" in res[0]) self.assertEquals(str(res[0]["revision"]), "1") # Check in remote db - attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) @@ -1069,7 +1069,7 @@ revision: 2 self.assertTrue(not "nextRid" in res[0]) self.assertEquals(str(res[0]["revision"]), "2") # Check in remote db - attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", + attrs = ["description", "sambaBadPasswordCount", "sambaNextRid", "revision"] res = self.samba3.db.search(dn2, scope=SCOPE_BASE, attrs=attrs) self.assertEquals(len(res), 1) @@ -1102,8 +1102,8 @@ revision: 2 self.assertEquals(str(res[0]["revision"]), "2") # Check in remote db dn2 = self.samba3.dn("cn=toast") - res = self.samba3.db.search(dn2, scope=SCOPE_BASE, - attrs=["description", "sambaBadPasswordCount", "sambaNextRid", + res = self.samba3.db.search(dn2, scope=SCOPE_BASE, + attrs=["description", "sambaBadPasswordCount", "sambaNextRid", "revision"]) self.assertEquals(len(res), 1) self.assertEquals(str(res[0].dn), dn2) diff --git a/source4/scripting/python/samba/tests/samba_tool/ntacl.py b/source4/scripting/python/samba/tests/samba_tool/ntacl.py index d00b9a0..2a329fe 100644 --- a/source4/scripting/python/samba/tests/samba_tool/ntacl.py +++ b/source4/scripting/python/samba/tests/samba_tool/ntacl.py @@ -29,14 +29,14 @@ class NtACLCmdSysvolTestCase(SambaToolCmdTest): def test_ntvfs(self): - (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", + (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", "--use-ntvfs") self.assertCmdSuccess(result) self.assertEquals(out,"","Shouldn't be any output messages") self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err) def test_s3fs(self): - (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", + (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", "--use-s3fs") self.assertCmdSuccess(result) @@ -44,7 +44,7 @@ class NtACLCmdSysvolTestCase(SambaToolCmdTest): self.assertEquals(out,"","Shouldn't be any output messages") def test_ntvfs_check(self): - (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", + (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", "--use-ntvfs") self.assertCmdSuccess(result) self.assertEquals(out,"","Shouldn't be any output messages") @@ -56,7 +56,7 @@ class NtACLCmdSysvolTestCase(SambaToolCmdTest): self.assertEquals(out,"","Shouldn't be any output messages") def test_s3fs_check(self): - (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", + (result, out, err) = self.runsubcmd("ntacl", "sysvolreset", "--use-s3fs") self.assertCmdSuccess(result) diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py index c9537f5..5c80391 100644 --- a/source4/scripting/python/samba/tests/samdb.py +++ b/source4/scripting/python/samba/tests/samdb.py @@ -54,7 +54,7 @@ class SamDBTestCase(TestCaseInTempDir): hostname="foo" domain="EXAMPLE" - dnsdomain="example.com" + dnsdomain="example.com" serverrole="domain controller" policyguid_dc = DEFAULT_DC_POLICY_GUID @@ -65,10 +65,10 @@ class SamDBTestCase(TestCaseInTempDir): self.lp = param.LoadParm() self.lp.load(smbconf) - names = guess_names(lp=self.lp, hostname=hostname, - domain=domain, dnsdomain=dnsdomain, - serverrole=serverrole, - domaindn=self.domaindn, configdn=configdn, + names = guess_names(lp=self.lp, hostname=hostname, + domain=domain, dnsdomain=dnsdomain, + serverrole=serverrole, + domaindn=self.domaindn, configdn=configdn, schemadn=schemadn) paths = provision_paths_from_lp(self.lp, names.dnsdomain) diff --git a/source4/scripting/python/samba/tests/upgradeprovision.py b/source4/scripting/python/samba/tests/upgradeprovision.py index 85b7cc7..c1c70c4 100644 --- a/source4/scripting/python/samba/tests/upgradeprovision.py +++ b/source4/scripting/python/samba/tests/upgradeprovision.py @@ -18,7 +18,7 @@ """Tests for samba.upgradeprovision.""" import os -from samba.upgradehelpers import (usn_in_range, dn_sort, +from samba.upgradehelpers import (usn_in_range, dn_sort, get_diff_sddls, update_secrets, construct_existor_expr) diff --git a/source4/scripting/python/samba/tests/xattr.py b/source4/scripting/python/samba/tests/xattr.py index 34e95b5..89add28 100644 --- a/source4/scripting/python/samba/tests/xattr.py +++ b/source4/scripting/python/samba/tests/xattr.py @@ -48,7 +48,7 @@ class XattrTests(TestCase): tempf = self._tmpfilename() open(tempf, 'w').write("empty") try: - samba.xattr_native.wrap_setxattr(tempf, "user.unittests", + samba.xattr_native.wrap_setxattr(tempf, "user.unittests", ndr_pack(ntacl)) except IOError: raise TestSkipped("the filesystem where the tests are runned do not support XATTR") diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 05d0dd6..194983c 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -883,9 +883,9 @@ Please fix this account before attempting to upgrade again s4_passdb.add_sam_account(userdata[username]) if username in uids: add_ad_posix_idmap_entry(result.samdb, userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger) - if (username in homes) and (homes[username] != None) and \ - (username in shells) and (shells[username] != None) and \ - (username in pgids) and (pgids[username] != None): + if (username in homes) and (homes[username] is not None) and \ + (username in shells) and (shells[username] is not None) and \ + (username in pgids) and (pgids[username] is not None): add_posix_attrs(samdb=result.samdb, sid=userdata[username].user_sid, name=username, nisdomain=domainname.lower(), xid_type="ID_TYPE_UID", home=homes[username], shell=shells[username], pgid=pgids[username], logger=logger) logger.info("Adding users to groups") diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py index 0b6c7e6..ebb038e 100644 --- a/source4/scripting/python/samba/upgradehelpers.py +++ b/source4/scripting/python/samba/upgradehelpers.py @@ -252,9 +252,9 @@ def newprovision(names, creds, session, smbconf, provdir, logger): invocationid=names.invocation, adminpass=names.adminpass, krbtgtpass=None, machinepass=None, dnspass=None, root=None, nobody=None, wheel=None, users=None, - serverrole="domain controller", + serverrole="domain controller", backend_type=None, ldapadminpass=None, ol_mmr_urls=None, - slapd_path=None, + slapd_path=None, dom_for_fun_level=names.domainlevel, dns_backend=dns_backend, useeadb=True, use_ntvfs=True) @@ -864,7 +864,7 @@ def findprovisionrange(samdb, basedn): minutestamp =_glue.nttime2unix(o.originating_change_time)/60 hash_ts = hash_id.get(str(o.originating_invocation_id)) - if hash_ts == None: + if hash_ts is None: ob = {} ob["min"] = o.originating_usn ob["max"] = o.originating_usn @@ -873,7 +873,7 @@ def findprovisionrange(samdb, basedn): hash_ts = {} else: ob = hash_ts.get(minutestamp) - if ob == None: + if ob is None: ob = {} ob["min"] = o.originating_usn ob["max"] = o.originating_usn @@ -935,12 +935,12 @@ def print_provision_ranges(dic, limit_print, dest, samdb_path, invocationid): for k in kept_record: obj = hash_ts[k] - if obj.get("skipped") == None: + if obj.get("skipped") is None: ldif = "%slastProvisionUSN: %d-%d;%s\n" % (ldif, obj["min"], obj["max"], id) if ldif != "": - if dest == None: + if dest is None: dest = "/tmp" file = tempfile.mktemp(dir=dest, prefix="usnprov", suffix=".ldif") -- 1.7.9.5 From de608d00530647e623aca7989c742e4afe95c6e6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 27 Sep 2012 09:34:36 -0700 Subject: [PATCH 21/36] sanba.upgradehelpers: Use standard functionality for getting temp dir. (cherry picked from commit 0883e174bfdec22a4ff373041afce396cfe7fd7b) --- source4/scripting/python/samba/upgradehelpers.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py index ebb038e..55de4be 100644 --- a/source4/scripting/python/samba/upgradehelpers.py +++ b/source4/scripting/python/samba/upgradehelpers.py @@ -940,9 +940,6 @@ def print_provision_ranges(dic, limit_print, dest, samdb_path, invocationid): obj["max"], id) if ldif != "": - if dest is None: - dest = "/tmp" - file = tempfile.mktemp(dir=dest, prefix="usnprov", suffix=".ldif") print print "To track the USNs modified/created by provision and upgrade proivsion," -- 1.7.9.5 From 7c6101f5edd99ab2f79e8da995459012dcf68194 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Tue, 2 Oct 2012 14:30:25 -0700 Subject: [PATCH 22/36] s4-provision: do not skip setting the acls on sysvol Autobuild-User(master): Matthieu Patou Autobuild-Date(master): Wed Oct 3 10:26:06 CEST 2012 on sn-devel-104 (cherry picked from commit c1677e3b2fe42de309459fd8f8b3bea48bca5055) --- source4/scripting/python/samba/netcmd/domain.py | 2 +- .../scripting/python/samba/provision/__init__.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index be591ea..a9ad086 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -398,7 +398,7 @@ class cmd_domain_provision(Command): backend_type=ldap_backend_type, ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=use_ntvfs, - use_rfc2307=use_rfc2307) + use_rfc2307=use_rfc2307, skip_sysvolacl=False) except ProvisioningError, e: raise CommandError("Provision failed", e) diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index c5b2037..f1da4db 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1607,7 +1607,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, invocationid=None, machinepass=None, ntdsguid=None, dns_backend=None, dnspass=None, serverrole=None, dom_for_fun_level=None, - am_rodc=False, lp=None, use_ntvfs=False, skip_sysvolacl=True): + am_rodc=False, lp=None, use_ntvfs=False, skip_sysvolacl=False): # create/adapt the group policy GUIDs # Default GUID for default policy are described at # "How Core Group Policy Works" @@ -1649,6 +1649,8 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid, domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs) + else: + print "Setting acl on sysvol skipped" secretsdb_self_join(secrets_ldb, domain=names.domain, realm=names.realm, dnsdomain=names.dnsdomain, -- 1.7.9.5 From 7fa791e480c27939becb349200c1a1ca2050581a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 3 Oct 2012 10:26:55 +0200 Subject: [PATCH 23/36] provision: Use logger rather than print. Autobuild-User(master): Jelmer Vernooij Autobuild-Date(master): Wed Oct 3 14:24:09 CEST 2012 on sn-devel-104 (cherry picked from commit df23b17fa99409f680bbda3abcbb6d8eb7c498b0) --- .../scripting/python/samba/provision/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index f1da4db..d5d57d2 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1650,7 +1650,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, paths.wheel_gid, domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs) else: - print "Setting acl on sysvol skipped" + logger.info("Setting acl on sysvol skipped") secretsdb_self_join(secrets_ldb, domain=names.domain, realm=names.realm, dnsdomain=names.dnsdomain, -- 1.7.9.5 From 473a9f32f1ed7b6d028c1784cee1d2cf76fbb6df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 19 Sep 2012 12:03:21 +0200 Subject: [PATCH 24/36] s4: samba_backup: Fix typos. Signed-off-by: Stefan Metzmacher (cherry picked from commit 9a6f648122c274cc93fd8edff8616c9ffffeb6aa) --- source4/scripting/bin/samba_backup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/scripting/bin/samba_backup b/source4/scripting/bin/samba_backup index 75ebec6..8f9cc83 100755 --- a/source4/scripting/bin/samba_backup +++ b/source4/scripting/bin/samba_backup @@ -35,12 +35,12 @@ DAYS=90 WHEN=`date +%d%m%y` if [ ! -d $WHERE ]; then - echo "Missing backup directorty $WHERE" + echo "Missing backup directory $WHERE" exit 1 fi if [ ! -d $FROMWHERE ]; then - echo "Missing or wrong provision directorty $FROMWHERE" + echo "Missing or wrong provision directory $FROMWHERE" exit 1 fi -- 1.7.9.5 From a2b228a594eaa9b6c1505d1d6bc22933848c808e Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Tue, 25 Sep 2012 02:00:23 -0700 Subject: [PATCH 25/36] devel-crackname: Print if count > 0 (cherry picked from commit e332f989091411602ef7f286ebb2f5b1462550e4) --- source4/scripting/devel/crackname | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/source4/scripting/devel/crackname b/source4/scripting/devel/crackname index 133b853..b6a372e 100755 --- a/source4/scripting/devel/crackname +++ b/source4/scripting/devel/crackname @@ -71,5 +71,8 @@ if __name__ == "__main__": req.names = [names] (result, ctr) = drs.DsCrackNames(drs_handle, 1, req) - print ctr.array[0].status - print ctr.array[0].result_name + print "# of result %d" %ctr.count + if ctr.count: + print ctr.array[0].status + print ctr.array[0].result_name + print ctr.array[0].dns_domain_name -- 1.7.9.5 From 93def9dc92c46340d4e8d2008ac25dfc6b4cff3f Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 7 Oct 2012 21:52:25 -0700 Subject: [PATCH 26/36] s4-join: add some documentation (cherry picked from commit d57e0d8a6d213543a772a517551cca053cece85e) --- source4/scripting/python/samba/join.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 5ddc5db..6d268b2 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -426,7 +426,7 @@ class dc_join(object): def join_add_ntdsdsa(ctx): '''add the ntdsdsa object''' - # FIXME: the partition (NC) assignment has to be made dynamic + print "Adding %s" % ctx.ntds_dn rec = { "dn" : ctx.ntds_dn, @@ -755,6 +755,9 @@ class dc_join(object): repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) + # FIXME At this point we should add an entry in the forestdns and domaindns NC + # (those under CN=Partions,DC=...) + # in order to indicate that we hold a replica for this NC if ctx.RODC: repl.replicate(ctx.acct_dn, source_dsa_invocation_id, @@ -795,6 +798,11 @@ class dc_join(object): logger = logging.getLogger("provision") logger.addHandler(logging.StreamHandler(sys.stdout)) + # FIXME we shouldn't do this in all cases + # If for some reasons we joined in another site than the one of + # DC we just replicated from then we don't need to send the updatereplicateref + # as replication between sites is time based and on the initiative of the + # requesting DC print "Sending DsReplicateUpdateRefs for all the partitions" for nc in ctx.full_nc_list: ctx.send_DsReplicaUpdateRefs(nc) @@ -971,6 +979,8 @@ class dc_join(object): def do_join(ctx): + # full_nc_list is the list of naming context (NC) for which we will + # send a updateRef command to the partner DC ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ] ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn ] -- 1.7.9.5 From 8fbdf0868932d083900a8821ad18e3cf857d7a08 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sat, 29 Sep 2012 10:15:05 -0700 Subject: [PATCH 27/36] s4-join: factorize code, add info (cherry picked from commit 95ea6d765b98d9cbdebaa8e23aad91525d94ad40) --- source4/scripting/python/samba/join.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 6d268b2..7b511f8 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -115,6 +115,7 @@ class dc_join(object): ctx.dnsdomain = ctx.samdb.domain_dns_name() ctx.dnsforest = ctx.samdb.forest_dns_name() ctx.domaindns_zone = 'DC=DomainDnsZones,%s' % ctx.base_dn + ctx.forestdns_zone = 'DC=ForestDnsZones,%s' % ctx.base_dn res_domaindns = ctx.samdb.search(scope=ldb.SCOPE_ONELEVEL, attrs=[], @@ -745,11 +746,14 @@ class dc_join(object): repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) + print "Done with always replicated NC (base, config, schema)" - if ctx.domaindns_zone in ctx.nc_list: - repl.replicate(ctx.domaindns_zone, source_dsa_invocation_id, - destination_dsa_guid, rodc=ctx.RODC, - replica_flags=ctx.replica_flags) + for nc in (ctx.domaindns_zone, ctx.forestdns_zone): + if nc in ctx.nc_list: + print "Replicating %s" % (str(nc)) + repl.replicate(nc, source_dsa_invocation_id, + destination_dsa_guid, rodc=ctx.RODC, + replica_flags=ctx.replica_flags) if 'DC=ForestDnsZones,%s' % ctx.root_dn in ctx.nc_list: repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id, @@ -803,7 +807,7 @@ class dc_join(object): # DC we just replicated from then we don't need to send the updatereplicateref # as replication between sites is time based and on the initiative of the # requesting DC - print "Sending DsReplicateUpdateRefs for all the partitions" + print "Sending DsReplicateUpdateRefs for all the replicated partitions" for nc in ctx.full_nc_list: ctx.send_DsReplicaUpdateRefs(nc) -- 1.7.9.5 From cf08aa7b2f0f95cd5ed3cdc87ecd7151383b6aba Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 8 Oct 2012 09:47:37 +0200 Subject: [PATCH 28/36] samba-tool: Fix typo in usage. Karolin (cherry picked from commit 171bf9827bffdb25cee0b0ddd0ddc20cc056fdd0) --- source4/scripting/python/samba/netcmd/sites.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/netcmd/sites.py b/source4/scripting/python/samba/netcmd/sites.py index bf644f0..ae63dea 100644 --- a/source4/scripting/python/samba/netcmd/sites.py +++ b/source4/scripting/python/samba/netcmd/sites.py @@ -62,7 +62,7 @@ class cmd_sites_create(Command): self.outf.write("Site %s created !\n" % sitename) class cmd_sites_delete(Command): - """Delete a new site""" + """Delete an existing site""" synopsis = "%prog [options]" -- 1.7.9.5 From 58b3372e4abd94e53456a361dfa355f0b9623946 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 8 Oct 2012 11:47:22 +0200 Subject: [PATCH 29/36] samba-tool: Clarify usage of --help. Karolin (cherry picked from commit a2f3ec0577e275604d15b4bb853705ed18cdd963) --- source4/scripting/python/samba/netcmd/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py index c542dc6..ec2d222 100644 --- a/source4/scripting/python/samba/netcmd/__init__.py +++ b/source4/scripting/python/samba/netcmd/__init__.py @@ -209,7 +209,7 @@ class SuperCommand(Command): if subcommand in [None]: raise CommandError("You must specify a subcommand") if subcommand in ['help', '-h', '--help']: - self.outf.write("For more help on a specific subcommand, please type: %s (-h|--help)\n" % myname) + self.outf.write("For more help on a specific subcommand, please type: %s (-h|--help)\n" % myname) return 0 raise CommandError("No such subcommand '%s'" % subcommand) -- 1.7.9.5 From a769a45bb520111b5cc4d9e2b46bacd823103f3c Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 8 Oct 2012 12:32:58 +0200 Subject: [PATCH 30/36] samba-tool: Unify usage messages. Karolin Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Oct 8 14:26:52 CEST 2012 on sn-devel-104 (cherry picked from commit acea51cc37ff9171c9e18ff0c21b825080aa4b8e) --- source4/scripting/python/samba/netcmd/dbcheck.py | 2 +- .../scripting/python/samba/netcmd/delegation.py | 4 ++-- source4/scripting/python/samba/netcmd/dns.py | 14 ++++++------ source4/scripting/python/samba/netcmd/domain.py | 16 ++++++------- source4/scripting/python/samba/netcmd/drs.py | 10 ++++---- source4/scripting/python/samba/netcmd/dsacl.py | 2 +- source4/scripting/python/samba/netcmd/fsmo.py | 6 ++--- source4/scripting/python/samba/netcmd/gpo.py | 24 ++++++++++---------- source4/scripting/python/samba/netcmd/group.py | 12 +++++----- source4/scripting/python/samba/netcmd/ntacl.py | 8 +++---- source4/scripting/python/samba/netcmd/rodc.py | 2 +- source4/scripting/python/samba/netcmd/sites.py | 4 ++-- source4/scripting/python/samba/netcmd/user.py | 16 ++++++------- 13 files changed, 60 insertions(+), 60 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/dbcheck.py b/source4/scripting/python/samba/netcmd/dbcheck.py index eb22812..e4ec6b3 100644 --- a/source4/scripting/python/samba/netcmd/dbcheck.py +++ b/source4/scripting/python/samba/netcmd/dbcheck.py @@ -29,7 +29,7 @@ from samba.dbchecker import dbcheck class cmd_dbcheck(Command): - """check local AD database for errors""" + """Check local AD database for errors.""" synopsis = "%prog [] [options]" takes_optiongroups = { diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 8b2a1bc..14182b2 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -165,7 +165,7 @@ class cmd_delegation_for_any_protocol(Command): class cmd_delegation_add_service(Command): - """Add a service principal as msDS-AllowedToDelegateTo""" + """Add a service principal as msDS-AllowedToDelegateTo.""" synopsis = "%prog [options]" @@ -209,7 +209,7 @@ class cmd_delegation_add_service(Command): class cmd_delegation_del_service(Command): - """Delete a service principal as msDS-AllowedToDelegateTo""" + """Delete a service principal as msDS-AllowedToDelegateTo.""" synopsis = "%prog [options]" diff --git a/source4/scripting/python/samba/netcmd/dns.py b/source4/scripting/python/samba/netcmd/dns.py index b227e96..8bd3249 100644 --- a/source4/scripting/python/samba/netcmd/dns.py +++ b/source4/scripting/python/samba/netcmd/dns.py @@ -674,7 +674,7 @@ def dns_record_match(dns_conn, server, zone, name, record_type, data): class cmd_serverinfo(Command): - """Query for Server information""" + """Query for Server information.""" synopsis = '%prog [options]' @@ -706,7 +706,7 @@ class cmd_serverinfo(Command): class cmd_zoneinfo(Command): - """Query for zone information""" + """Query for zone information.""" synopsis = '%prog [options]' @@ -738,7 +738,7 @@ class cmd_zoneinfo(Command): class cmd_zonelist(Command): - """Query for zones""" + """Query for zones.""" synopsis = '%prog [options]' @@ -817,7 +817,7 @@ class cmd_zonelist(Command): class cmd_zonecreate(Command): - """Create a zone""" + """Create a zone.""" synopsis = '%prog [options]' @@ -876,7 +876,7 @@ class cmd_zonecreate(Command): class cmd_zonedelete(Command): - """Delete a zone""" + """Delete a zone.""" synopsis = '%prog [options]' @@ -974,7 +974,7 @@ class cmd_query(Command): class cmd_roothints(Command): - """Query root hints""" + """Query root hints.""" synopsis = '%prog [] [options]' @@ -1169,7 +1169,7 @@ class cmd_delete_record(Command): class cmd_dns(SuperCommand): - """Domain Name Service (DNS) management""" + """Domain Name Service (DNS) management.""" subcommands = {} subcommands['serverinfo'] = cmd_serverinfo() diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index a9ad086..67732b1 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -81,7 +81,7 @@ def get_testparm_var(testparm, smbconf, varname): try: import samba.dckeytab class cmd_domain_export_keytab(Command): - """Dumps kerberos keys of the domain into a keytab""" + """Dump Kerberos keys of the domain into a keytab.""" synopsis = "%prog [options]" @@ -106,7 +106,7 @@ except: class cmd_domain_info(Command): - """Print basic info about a domain and the DC passed as parameter""" + """Print basic info about a domain and the DC passed as parameter.""" synopsis = "%prog [options]" @@ -405,7 +405,7 @@ class cmd_domain_provision(Command): result.report_logger(self.logger) def _get_nameserver_ip(self): - """Grab the nameserver IP address from /etc/resolv.conf""" + """Grab the nameserver IP address from /etc/resolv.conf.""" from os import path RESOLV_CONF="/etc/resolv.conf" @@ -429,7 +429,7 @@ class cmd_domain_provision(Command): class cmd_domain_dcpromo(Command): - """Promotes an existing domain member or NT4 PDC to an AD DC""" + """Promote an existing domain member or NT4 PDC to an AD DC.""" synopsis = "%prog [DC|RODC] [options]" @@ -494,7 +494,7 @@ class cmd_domain_dcpromo(Command): class cmd_domain_join(Command): - """Joins domain as either member or backup domain controller""" + """Join domain as either member or backup domain controller.""" synopsis = "%prog [DC|RODC|MEMBER|SUBDOMAIN] [options]" @@ -573,7 +573,7 @@ class cmd_domain_join(Command): class cmd_domain_demote(Command): - """Demote ourselves from the role of Domain Controller""" + """Demote ourselves from the role of Domain Controller.""" synopsis = "%prog [options]" @@ -815,7 +815,7 @@ class cmd_domain_demote(Command): class cmd_domain_level(Command): - """Raises domain and forest function levels""" + """Raise domain and forest function levels.""" synopsis = "%prog (show|raise ) [options]" @@ -1019,7 +1019,7 @@ class cmd_domain_level(Command): class cmd_domain_passwordsettings(Command): - """Sets password settings + """Set password settings. Password complexity, history length, minimum password length, the minimum and maximum password age) on a Samba4 server. diff --git a/source4/scripting/python/samba/netcmd/drs.py b/source4/scripting/python/samba/netcmd/drs.py index e14f72f..fc71b69 100644 --- a/source4/scripting/python/samba/netcmd/drs.py +++ b/source4/scripting/python/samba/netcmd/drs.py @@ -80,7 +80,7 @@ def drs_parse_ntds_dn(ntds_dn): class cmd_drs_showrepl(Command): - """show replication status""" + """Show replication status.""" synopsis = "%prog [] [options]" @@ -194,7 +194,7 @@ class cmd_drs_showrepl(Command): class cmd_drs_kcc(Command): - """trigger knowledge consistency center run""" + """Trigger knowledge consistency center run.""" synopsis = "%prog [] [options]" @@ -263,7 +263,7 @@ def drs_local_replicate(self, SOURCE_DC, NC): class cmd_drs_replicate(Command): - """replicate a naming context between two DCs""" + """Replicate a naming context between two DCs.""" synopsis = "%prog [options]" @@ -339,7 +339,7 @@ class cmd_drs_replicate(Command): class cmd_drs_bind(Command): - """show DRS capabilities of a server""" + """Show DRS capabilities of a server.""" synopsis = "%prog [] [options]" @@ -438,7 +438,7 @@ class cmd_drs_bind(Command): class cmd_drs_options(Command): - """query or change 'options' for NTDS Settings object of a domain controller""" + """Query or change 'options' for NTDS Settings object of a Domain Controller.""" synopsis = "%prog [] [options]" diff --git a/source4/scripting/python/samba/netcmd/dsacl.py b/source4/scripting/python/samba/netcmd/dsacl.py index ac09a0b..36b0938 100644 --- a/source4/scripting/python/samba/netcmd/dsacl.py +++ b/source4/scripting/python/samba/netcmd/dsacl.py @@ -45,7 +45,7 @@ from samba.netcmd import ( class cmd_dsacl_set(Command): - """Modify access list on a directory object""" + """Modify access list on a directory object.""" synopsis = "%prog [options]" car_help = """ The access control right to allow or deny """ diff --git a/source4/scripting/python/samba/netcmd/fsmo.py b/source4/scripting/python/samba/netcmd/fsmo.py index a610588..71d9879 100644 --- a/source4/scripting/python/samba/netcmd/fsmo.py +++ b/source4/scripting/python/samba/netcmd/fsmo.py @@ -69,7 +69,7 @@ def transfer_role(outf, role, samdb): class cmd_fsmo_seize(Command): - """Seize the role""" + """Seize the role.""" synopsis = "%prog [options]" @@ -161,7 +161,7 @@ all=all of the above"""), class cmd_fsmo_show(Command): - """Show the roles""" + """Show the roles.""" synopsis = "%prog [options]" @@ -224,7 +224,7 @@ class cmd_fsmo_show(Command): class cmd_fsmo_transfer(Command): - """Transfer the role""" + """Transfer the role.""" synopsis = "%prog [options]" diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index ee0de98..412e736 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -284,7 +284,7 @@ def create_directory_hier(conn, remotedir): class cmd_listall(Command): - """list all GPOs""" + """List all GPOs.""" synopsis = "%prog [options]" @@ -321,7 +321,7 @@ class cmd_listall(Command): class cmd_list(Command): - """list GPOs for an account""" + """List GPOs for an account.""" synopsis = "%prog [options]" @@ -435,7 +435,7 @@ class cmd_list(Command): class cmd_show(Command): - """Show information for a GPO""" + """Show information for a GPO.""" synopsis = "%prog [options]" @@ -479,7 +479,7 @@ class cmd_show(Command): class cmd_getlink(Command): - """List GPO Links for a container""" + """List GPO Links for a container.""" synopsis = "%prog [options]" @@ -526,7 +526,7 @@ class cmd_getlink(Command): class cmd_setlink(Command): - """Add or Update a GPO link to a container""" + """Add or update a GPO link to a container.""" synopsis = "%prog [options]" @@ -616,7 +616,7 @@ class cmd_setlink(Command): class cmd_dellink(Command): - """Delete GPO link from a container""" + """Delete GPO link from a container.""" synopsis = "%prog [options]" @@ -655,7 +655,7 @@ class cmd_dellink(Command): class cmd_listcontainers(Command): - """List all linked containers for a GPO""" + """List all linked containers for a GPO.""" synopsis = "%prog [options]" @@ -691,7 +691,7 @@ class cmd_listcontainers(Command): class cmd_getinheritance(Command): - """Get inheritance flag for a container""" + """Get inheritance flag for a container.""" synopsis = "%prog [options]" @@ -735,7 +735,7 @@ class cmd_getinheritance(Command): class cmd_setinheritance(Command): - """Set inheritance flag on a container""" + """Set inheritance flag on a container.""" synopsis = "%prog [options]" @@ -789,7 +789,7 @@ class cmd_setinheritance(Command): class cmd_fetch(Command): - """Download a GPO""" + """Download a GPO.""" synopsis = "%prog [options]" @@ -862,7 +862,7 @@ class cmd_fetch(Command): class cmd_create(Command): - """Create an empty GPO""" + """Create an empty GPO.""" synopsis = "%prog [options]" @@ -995,7 +995,7 @@ class cmd_create(Command): class cmd_del(Command): - """Delete GPO""" + """Delete a GPO.""" synopsis = "%prog [options]" diff --git a/source4/scripting/python/samba/netcmd/group.py b/source4/scripting/python/samba/netcmd/group.py index 3a5ef01..a13cb84 100644 --- a/source4/scripting/python/samba/netcmd/group.py +++ b/source4/scripting/python/samba/netcmd/group.py @@ -40,7 +40,7 @@ distribution_group = dict({"Domain": GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, "Glo class cmd_group_add(Command): - """Creates a new AD group + """Creates a new AD group. This command creates a new Active Directory group. The groupname specified on the command is a unique sAMAccountName. @@ -115,7 +115,7 @@ Example2 adds a new distribution group to the local server. The command is run class cmd_group_delete(Command): - """Deletes an AD group + """Deletes an AD group. The command deletes an existing AD group from the Active Directory domain. The groupname specified on the command is the sAMAccountName. @@ -165,7 +165,7 @@ Example2 deletes group Group2 from the local server. The command is run under r class cmd_group_add_members(Command): - """Add members to an AD group + """Add members to an AD group. This command adds one or more members to an existing Active Directory group. The command accepts one or more group member names seperated by commas. A group member may be a user or computer account or another Active Directory group. @@ -217,7 +217,7 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro class cmd_group_remove_members(Command): - """Remove members from an AD group + """Remove members from an AD group. This command removes one or more members from an existing Active Directory group. The command accepts one or more group member names seperated by commas. A group member may be a user or computer account or another Active Directory group that is a member of the group specified on the command. @@ -267,7 +267,7 @@ Example2 shows how to remove a single user account, User2, from the supergroup A class cmd_group_list(Command): - """List all groups""" + """List all groups.""" synopsis = "%prog [options]" @@ -301,7 +301,7 @@ class cmd_group_list(Command): class cmd_group_list_members(Command): - """List all members of an AD group + """List all members of an AD group. This command lists members from an existing Active Directory group. The command accepts one group name. diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index edbcd7e..2f72fca 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -40,7 +40,7 @@ from samba.netcmd import ( class cmd_ntacl_set(Command): - """Set ACLs on a file""" + """Set ACLs on a file.""" synopsis = "%prog [options]" @@ -94,7 +94,7 @@ class cmd_ntacl_set(Command): class cmd_ntacl_get(Command): - """Get ACLs of a file""" + """Get ACLs of a file.""" synopsis = "%prog [options]" takes_optiongroups = { @@ -147,7 +147,7 @@ class cmd_ntacl_get(Command): class cmd_ntacl_sysvolreset(Command): - """Reset sysvol ACLs to defaults (including correct ACLs on GPOs)""" + """Reset sysvol ACLs to defaults (including correct ACLs on GPOs).""" synopsis = "%prog [options]" takes_optiongroups = { @@ -214,7 +214,7 @@ class cmd_ntacl_sysvolreset(Command): lp, use_ntvfs=use_ntvfs) class cmd_ntacl_sysvolcheck(Command): - """Check sysvol ACLs match defaults (including correct ACLs on GPOs)""" + """Check sysvol ACLs match defaults (including correct ACLs on GPOs).""" synopsis = "%prog [options]" takes_optiongroups = { diff --git a/source4/scripting/python/samba/netcmd/rodc.py b/source4/scripting/python/samba/netcmd/rodc.py index f9df69d..7b643c7 100644 --- a/source4/scripting/python/samba/netcmd/rodc.py +++ b/source4/scripting/python/samba/netcmd/rodc.py @@ -26,7 +26,7 @@ from samba.drs_utils import drs_Replicate class cmd_rodc_preload(Command): - """Preload one account for an RODC""" + """Preload one account for an RODC.""" synopsis = "%prog (||) [options]" diff --git a/source4/scripting/python/samba/netcmd/sites.py b/source4/scripting/python/samba/netcmd/sites.py index ae63dea..c846228 100644 --- a/source4/scripting/python/samba/netcmd/sites.py +++ b/source4/scripting/python/samba/netcmd/sites.py @@ -29,7 +29,7 @@ from samba.netcmd import ( class cmd_sites_create(Command): - """Create a new site""" + """Create a new site.""" synopsis = "%prog [options]" @@ -62,7 +62,7 @@ class cmd_sites_create(Command): self.outf.write("Site %s created !\n" % sitename) class cmd_sites_delete(Command): - """Delete an existing site""" + """Delete an existing site.""" synopsis = "%prog [options]" diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py index 1172f4e..914e47f 100644 --- a/source4/scripting/python/samba/netcmd/user.py +++ b/source4/scripting/python/samba/netcmd/user.py @@ -38,7 +38,7 @@ from samba.netcmd import ( class cmd_user_create(Command): - """Creates a new user + """Create a new user. This command creates a new user account in the Active Directory domain. The username specified on the command is the sAMaccountName. @@ -159,7 +159,7 @@ class cmd_user_add(cmd_user_create): class cmd_user_delete(Command): - """Deletes a user + """Delete a user. This command deletes a user account from the Active Directory domain. The username specified on the command is the sAMAccountName. @@ -207,7 +207,7 @@ Example2 shows how to delete a user in the domain against the local server. su class cmd_user_list(Command): - """List all users""" + """List all users.""" synopsis = "%prog [options]" @@ -242,7 +242,7 @@ class cmd_user_list(Command): class cmd_user_enable(Command): - """Enables a user + """Enable an user. This command enables a user account for logon to an Active Directory domain. The username specified on the command is the sAMAccountName. The username may also be specified using the --filter option. @@ -311,7 +311,7 @@ Example3 shows how to enable a user in the domain against a local LDAP server. class cmd_user_disable(Command): - """Disable a user""" + """Disable an user.""" synopsis = "%prog (|--filter ) [options]" @@ -349,7 +349,7 @@ class cmd_user_disable(Command): class cmd_user_setexpiry(Command): - """Sets the expiration of a user account + """Set the expiration of a user account. This command sets the expiration of a user account. The username specified on the command is the sAMAccountName. The username may also be specified using the --filter option. @@ -420,7 +420,7 @@ Example4 shows how to set the account expiration so that it will never expire. class cmd_user_password(Command): - """Change password for a user account (the one provided in authentication) + """Change password for a user account (the one provided in authentication). """ synopsis = "%prog [options]" @@ -465,7 +465,7 @@ class cmd_user_password(Command): class cmd_user_setpassword(Command): - """Sets or resets the password of a user account + """Set or reset the password of a user account. This command sets or resets the logon password for a user account. The username specified on the command is the sAMAccountName. The username may also be specified using the --filter option. -- 1.7.9.5 From 1f3a0375098d87e2ec31215bdf9d3d865723cd2a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Oct 2012 12:45:20 +0200 Subject: [PATCH 31/36] s4:samba-tool: add optional epilog to _create_parser() metze (cherry picked from commit 8d4943dcf943dc83b9b663d3d025fb1a8dbcba86) --- source4/scripting/python/samba/netcmd/__init__.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py index ec2d222..677f4f0 100644 --- a/source4/scripting/python/samba/netcmd/__init__.py +++ b/source4/scripting/python/samba/netcmd/__init__.py @@ -40,6 +40,11 @@ class PlainHelpFormatter(optparse.IndentedHelpFormatter): result = "\n".join(wrapped_paragraphs) + "\n" return result + def format_epilog(self, epilog): + if epilog: + return "\n" + epilog + "\n" + else: + return "" class Command(object): """A samba-tool command.""" @@ -117,12 +122,12 @@ class Command(object): if force_traceback or samba.get_debug_level() >= 3: traceback.print_tb(etraceback) - def _create_parser(self, prog): + def _create_parser(self, prog, epilog=None): parser = optparse.OptionParser( usage=self.synopsis, description=self.full_description, formatter=PlainHelpFormatter(), - prog=prog) + prog=prog,epilog=epilog) parser.add_options(self.takes_options) optiongroups = {} for name, optiongroup in self.takes_optiongroups.iteritems(): -- 1.7.9.5 From e0f1f17a6ade8ab4a502b264826e47844fb59579 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Oct 2012 12:47:47 +0200 Subject: [PATCH 32/36] s4:samba-tool: use normal option parsing in SuperCommand We use the epilog to print the subcommands. metze (cherry picked from commit 2fce71c89af66c1467f0a18b97e237b307387620) --- source4/scripting/python/samba/netcmd/__init__.py | 23 ++++++++++++--------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py index 677f4f0..a3edf50 100644 --- a/source4/scripting/python/samba/netcmd/__init__.py +++ b/source4/scripting/python/samba/netcmd/__init__.py @@ -201,22 +201,25 @@ class SuperCommand(Command): return self.subcommands[subcommand]._run( "%s %s" % (myname, subcommand), *args) - self.usage(myname) - self.outf.write("Available subcommands:\n") + epilog = "\nAvailable subcommands:\n" subcmds = self.subcommands.keys() subcmds.sort() max_length = max([len(c) for c in subcmds]) for cmd_name in subcmds: cmd = self.subcommands[cmd_name] if not cmd.hidden: - self.outf.write(" %*s - %s\n" % ( - -max_length, cmd_name, cmd.short_description)) - if subcommand in [None]: - raise CommandError("You must specify a subcommand") - if subcommand in ['help', '-h', '--help']: - self.outf.write("For more help on a specific subcommand, please type: %s (-h|--help)\n" % myname) - return 0 - raise CommandError("No such subcommand '%s'" % subcommand) + epilog += " %*s - %s\n" % ( + -max_length, cmd_name, cmd.short_description) + epilog += "For more help on a specific subcommand, please type: %s (-h|--help)\n" % myname + + parser, optiongroups = self._create_parser(myname, epilog=epilog) + args_list = list(args) + if subcommand: + args_list.insert(0, subcommand) + opts, args = parser.parse_args(args_list) + + parser.print_help() + return -1 class CommandError(Exception): -- 1.7.9.5 From 7554fe80370e7c18c6aa107f840bab18be8336a2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Oct 2012 12:50:33 +0200 Subject: [PATCH 33/36] s4:samba-tool: allow 'samba-tool --version' metze (cherry picked from commit 309434a77396680b5a40985157da44aaddb5ca71) --- source4/scripting/python/samba/netcmd/main.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source4/scripting/python/samba/netcmd/main.py b/source4/scripting/python/samba/netcmd/main.py index 5ffeef0..af3abfd 100644 --- a/source4/scripting/python/samba/netcmd/main.py +++ b/source4/scripting/python/samba/netcmd/main.py @@ -17,6 +17,8 @@ """The main samba-tool command implementation.""" +from samba import getopt as options + from samba.netcmd import SuperCommand from samba.netcmd.dbcheck import cmd_dbcheck from samba.netcmd.delegation import cmd_delegation @@ -41,6 +43,10 @@ from samba.netcmd.vampire import cmd_vampire class cmd_sambatool(SuperCommand): """Main samba administration tool.""" + takes_optiongroups = { + "versionopts": options.VersionOptions, + } + subcommands = {} subcommands["dbcheck"] = cmd_dbcheck() subcommands["delegation"] = cmd_delegation() -- 1.7.9.5 From a3bd71ddc5dc9b3d1f8632a02e6d5978efc984be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Oct 2012 12:50:52 +0200 Subject: [PATCH 34/36] s4:scripting/python: add '-V' as alias for '--version' metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Oct 8 17:52:52 CEST 2012 on sn-devel-104 (cherry picked from commit 8746faf846fb4f4552e648f4e4e05510b8bd1ef4) --- source4/scripting/python/samba/getopt.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index 1818ff3..c3c0800 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -100,7 +100,7 @@ class VersionOptions(optparse.OptionGroup): """Command line option for printing Samba version.""" def __init__(self, parser): optparse.OptionGroup.__init__(self, parser, "Version Options") - self.add_option("--version", action="callback", + self.add_option("-V", "--version", action="callback", callback=self._display_version, help="Display version number") -- 1.7.9.5 From 7f3575a37e66eeaf3db1c7b67f37d81ee8770fef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 5 Oct 2012 10:19:17 +1000 Subject: [PATCH 35/36] samba-tool: skip chown in sysvolreset when it would fail on a GID This skips the chown of the files if (for example) the domain Admins group were to own the file and not be able to because the group maps only to a GID. This essentially papers over the problem, but may be enough to get us past the Samba 4.0 release. Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Oct 9 15:24:44 CEST 2012 on sn-devel-104 (cherry picked from commit 2f0753b456c4d9b4eb52f128a83c8ba19adde160) --- source4/scripting/python/samba/ntacls.py | 37 ++++++++++++++++++-- .../scripting/python/samba/provision/__init__.py | 24 +++++++------ 2 files changed, 48 insertions(+), 13 deletions(-) diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 2108a64..44cbbe9 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -21,7 +21,7 @@ import os import samba.xattr_native, samba.xattr_tdb, samba.posix_eadb -from samba.dcerpc import security, xattr +from samba.dcerpc import security, xattr, idmap from samba.ndr import ndr_pack, ndr_unpack from samba.samba3 import smbd @@ -82,10 +82,43 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL) -def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True): +def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None): sid = security.dom_sid(domsid) sd = security.descriptor.from_sddl(sddl, sid) + if not use_ntvfs and skip_invalid_chown: + # Check if the owner can be resolved as a UID + (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid) + if ((owner_type != idmap.ID_TYPE_UID) and (owner_type != idmap.ID_TYPE_BOTH)): + # Check if this particular owner SID was domain admins, + # because we special-case this as mapping to + # 'administrator' instead. + if sd.owner_sid == security.dom_sid("%s-%d" % (domsid, security.DOMAIN_RID_ADMINS)): + administrator = security.dom_sid("%s-%d" % (domsid, security.DOMAIN_RID_ADMINISTRATOR)) + (admin_id, admin_type) = passdb.sid_to_id(administrator) + + # Confirm we have a UID for administrator + if ((admin_type == idmap.ID_TYPE_UID) or (admin_type == idmap.ID_TYPE_BOTH)): + + # Set it, changing the owner to 'administrator' rather than domain admins + sd2 = security.descriptor.from_sddl(sddl, sid) + sd2.owner_sid = administrator + + smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2) + + # and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set + use_ntvfs = True + else: + raise XattrBackendError("Unable to find UID for domain administrator %s, got id %d of type %d" % (administrator, admin_id, admin_type)) + else: + # For all other owning users, reset the owner to root + # and then set the ACL without changing the owner + # + # This won't work in test environments, as it tries a real (rather than xattr-based fake) chown + + os.chown(file, 0, 0) + smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) + if use_ntvfs: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) ntacl = xattr.NTACL() diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index d5d57d2..9966192 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1365,18 +1365,18 @@ SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)" -def set_dir_acl(path, acl, lp, domsid, use_ntvfs): - setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs) +def set_dir_acl(path, acl, lp, domsid, use_ntvfs, passdb): + setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb) for root, dirs, files in os.walk(path, topdown=False): for name in files: setntacl(lp, os.path.join(root, name), acl, domsid, - use_ntvfs=use_ntvfs) + use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb) for name in dirs: setntacl(lp, os.path.join(root, name), acl, domsid, - use_ntvfs=use_ntvfs) + use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb) -def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs): +def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb): """Set ACL on the sysvol//Policies folder and the policy folders beneath. @@ -1391,7 +1391,7 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs): # Set ACL for GPO root folder root_policy_path = os.path.join(sysvol, dnsdomain, "Policies") setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), - use_ntvfs=use_ntvfs) + use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb) res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn), attrs=["cn", "nTSecurityDescriptor"], @@ -1402,7 +1402,8 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs): str(policy["nTSecurityDescriptor"])).as_sddl() policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"])) set_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp, - str(domainsid), use_ntvfs) + str(domainsid), use_ntvfs, + passdb=passdb) def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, @@ -1418,6 +1419,7 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, :param dnsdomain: The DNS name of the domain :param domaindn: The DN of the domain (ie. DC=...) """ + s4_passdb = None if not use_ntvfs: # This will ensure that the smbd code we are running when setting ACLs @@ -1453,19 +1455,19 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, canchown = True # Set the SYSVOL_ACL on the sysvol folder and subfolder (first level) - setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs) + setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) for root, dirs, files in os.walk(sysvol, topdown=False): for name in files: if use_ntvfs and canchown: os.chown(os.path.join(root, name), -1, gid) - setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs) + setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) for name in dirs: if use_ntvfs and canchown: os.chown(os.path.join(root, name), -1, gid) - setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs) + setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) # Set acls on Policy folder and policies folders - set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs) + set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) def acl_type(direct_db_access): if direct_db_access: -- 1.7.9.5 From 39b9b0dbbd291965335d1db0e8fc9a72372b26e7 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Tue, 9 Oct 2012 11:53:21 +0200 Subject: [PATCH 36/36] samba-tool: Some more unifications... in the usage message. Karolin (cherry picked from commit f9a4a9bfe11c1551b490a0bd12fb6904b4a6542b) The last 36 patches address bug #9271 - backport samba-tool fixes from master. --- .../scripting/python/samba/netcmd/delegation.py | 2 +- source4/scripting/python/samba/netcmd/domain.py | 2 +- source4/scripting/python/samba/netcmd/drs.py | 2 +- source4/scripting/python/samba/netcmd/dsacl.py | 2 +- source4/scripting/python/samba/netcmd/fsmo.py | 2 +- source4/scripting/python/samba/netcmd/gpo.py | 2 +- source4/scripting/python/samba/netcmd/group.py | 2 +- source4/scripting/python/samba/netcmd/ldapcmp.py | 2 +- source4/scripting/python/samba/netcmd/ntacl.py | 2 +- source4/scripting/python/samba/netcmd/rodc.py | 2 +- source4/scripting/python/samba/netcmd/sites.py | 2 +- source4/scripting/python/samba/netcmd/spn.py | 2 +- source4/scripting/python/samba/netcmd/time.py | 2 +- source4/scripting/python/samba/netcmd/user.py | 2 +- source4/scripting/python/samba/netcmd/vampire.py | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 14182b2..47dffb0 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -253,7 +253,7 @@ class cmd_delegation_del_service(Command): class cmd_delegation(SuperCommand): - """Delegation management""" + """Delegation management.""" subcommands = {} subcommands["show"] = cmd_delegation_show() diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 67732b1..6e3f35a 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -1331,7 +1331,7 @@ class cmd_domain_samba3upgrade(cmd_domain_classicupgrade): class cmd_domain(SuperCommand): - """Domain management""" + """Domain management.""" subcommands = {} subcommands["demote"] = cmd_domain_demote() diff --git a/source4/scripting/python/samba/netcmd/drs.py b/source4/scripting/python/samba/netcmd/drs.py index fc71b69..074b7af 100644 --- a/source4/scripting/python/samba/netcmd/drs.py +++ b/source4/scripting/python/samba/netcmd/drs.py @@ -501,7 +501,7 @@ class cmd_drs_options(Command): class cmd_drs(SuperCommand): - """Directory Replication Services (DRS) management""" + """Directory Replication Services (DRS) management.""" subcommands = {} subcommands["bind"] = cmd_drs_bind() diff --git a/source4/scripting/python/samba/netcmd/dsacl.py b/source4/scripting/python/samba/netcmd/dsacl.py index 36b0938..28aa843 100644 --- a/source4/scripting/python/samba/netcmd/dsacl.py +++ b/source4/scripting/python/samba/netcmd/dsacl.py @@ -176,7 +176,7 @@ class cmd_dsacl_set(Command): class cmd_dsacl(SuperCommand): - """DS ACLs manipulation""" + """DS ACLs manipulation.""" subcommands = {} subcommands["set"] = cmd_dsacl_set() diff --git a/source4/scripting/python/samba/netcmd/fsmo.py b/source4/scripting/python/samba/netcmd/fsmo.py index 71d9879..15d1d49 100644 --- a/source4/scripting/python/samba/netcmd/fsmo.py +++ b/source4/scripting/python/samba/netcmd/fsmo.py @@ -269,7 +269,7 @@ all=all of the above"""), class cmd_fsmo(SuperCommand): - """Flexible Single Master Operations (FSMO) roles management""" + """Flexible Single Master Operations (FSMO) roles management.""" subcommands = {} subcommands["seize"] = cmd_fsmo_seize() diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 412e736..53bfcaa 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -1073,7 +1073,7 @@ class cmd_del(Command): class cmd_gpo(SuperCommand): - """Group Policy Object (GPO) management""" + """Group Policy Object (GPO) management.""" subcommands = {} subcommands["listall"] = cmd_listall() diff --git a/source4/scripting/python/samba/netcmd/group.py b/source4/scripting/python/samba/netcmd/group.py index a13cb84..731d4c1 100644 --- a/source4/scripting/python/samba/netcmd/group.py +++ b/source4/scripting/python/samba/netcmd/group.py @@ -365,7 +365,7 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com class cmd_group(SuperCommand): - """Group management""" + """Group management.""" subcommands = {} subcommands["add"] = cmd_group_add() diff --git a/source4/scripting/python/samba/netcmd/ldapcmp.py b/source4/scripting/python/samba/netcmd/ldapcmp.py index d4a2dde..8398205 100644 --- a/source4/scripting/python/samba/netcmd/ldapcmp.py +++ b/source4/scripting/python/samba/netcmd/ldapcmp.py @@ -864,7 +864,7 @@ class LDAPBundel(object): class cmd_ldapcmp(Command): - """compare two ldap databases""" + """Compare two ldap databases.""" synopsis = "%prog (domain|configuration|schema|dnsdomain|dnsforest) [options]" takes_optiongroups = { diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index 2f72fca..838f9ba 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -246,7 +246,7 @@ class cmd_ntacl_sysvolcheck(Command): class cmd_ntacl(SuperCommand): - """NT ACLs manipulation""" + """NT ACLs manipulation.""" subcommands = {} subcommands["set"] = cmd_ntacl_set() diff --git a/source4/scripting/python/samba/netcmd/rodc.py b/source4/scripting/python/samba/netcmd/rodc.py index 7b643c7..2dc6112 100644 --- a/source4/scripting/python/samba/netcmd/rodc.py +++ b/source4/scripting/python/samba/netcmd/rodc.py @@ -102,7 +102,7 @@ class cmd_rodc_preload(Command): class cmd_rodc(SuperCommand): - """Read-Only Domain Controller (RODC) management""" + """Read-Only Domain Controller (RODC) management.""" subcommands = {} subcommands["preload"] = cmd_rodc_preload() diff --git a/source4/scripting/python/samba/netcmd/sites.py b/source4/scripting/python/samba/netcmd/sites.py index c846228..09df55e 100644 --- a/source4/scripting/python/samba/netcmd/sites.py +++ b/source4/scripting/python/samba/netcmd/sites.py @@ -98,7 +98,7 @@ class cmd_sites_delete(Command): class cmd_sites(SuperCommand): - """Sites management""" + """Sites management.""" subcommands = {} subcommands["create"] = cmd_sites_create() diff --git a/source4/scripting/python/samba/netcmd/spn.py b/source4/scripting/python/samba/netcmd/spn.py index 564fd59..03d072e 100644 --- a/source4/scripting/python/samba/netcmd/spn.py +++ b/source4/scripting/python/samba/netcmd/spn.py @@ -196,7 +196,7 @@ class cmd_spn_delete(Command): class cmd_spn(SuperCommand): - """Service Principal Name (SPN) management""" + """Service Principal Name (SPN) management.""" subcommands = {} subcommands["add"] = cmd_spn_add() diff --git a/source4/scripting/python/samba/netcmd/time.py b/source4/scripting/python/samba/netcmd/time.py index 8f186bd..694b6ad 100644 --- a/source4/scripting/python/samba/netcmd/time.py +++ b/source4/scripting/python/samba/netcmd/time.py @@ -25,7 +25,7 @@ from samba.netcmd import ( ) class cmd_time(Command): - """Retrieve the time on a server + """Retrieve the time on a server. This command returns the date and time of the Active Directory server specified on the command. The server name specified may be the local server or a remote server. If the servername is not specified, the command returns the time and date of the local AD server. diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py index 914e47f..619fe30 100644 --- a/source4/scripting/python/samba/netcmd/user.py +++ b/source4/scripting/python/samba/netcmd/user.py @@ -552,7 +552,7 @@ Example3 shows how an administrator would reset TestUser3 user's password to pas class cmd_user(SuperCommand): - """User management""" + """User management.""" subcommands = {} subcommands["add"] = cmd_user_create() diff --git a/source4/scripting/python/samba/netcmd/vampire.py b/source4/scripting/python/samba/netcmd/vampire.py index 4e3389d..b12222e 100644 --- a/source4/scripting/python/samba/netcmd/vampire.py +++ b/source4/scripting/python/samba/netcmd/vampire.py @@ -29,7 +29,7 @@ from samba.netcmd import ( class cmd_vampire(Command): - """Join and synchronise a remote AD domain to the local server""" + """Join and synchronise a remote AD domain to the local server.""" synopsis = "%prog [options] " takes_optiongroups = { -- 1.7.9.5