The branch, master has been updated
via ffe831452b4251dec3049ab08b125d1fade5fa21 (commit)
via 7268720ad468b087dc723d4efaf38412603409cb (commit)
from f410d23185f5c81dbc111285ea0ba9daf5fc111d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ffe831452b4251dec3049ab08b125d1fade5fa21
Author: Andrew Bartlett <[email protected]>
Date: Mon Sep 14 22:37:11 2009 -0700
s4:provision Prevent some invalid combinations of realm and domain
We don't do well (even just trying to create duplicate
servicePrincipalName values) with some of these combinations, so kill
it off early before the administrator thinks it's going to work.
Andrew Bartlett
commit 7268720ad468b087dc723d4efaf38412603409cb
Author: Matthieu Patou <[email protected]>
Date: Sat Sep 12 01:03:52 2009 +0400
s4: Script to build or rebuild extend DN attributes
This script can be used to upgrade a provision that didn't integrate
extended dn.
It can also be used to add missing extended DN that weren't created during
provision.
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/bin/rebuildextendeddn | 141 +++++++++++++++++++++++++++
source4/scripting/python/samba/provision.py | 9 ++
2 files changed, 150 insertions(+), 0 deletions(-)
create mode 100755 source4/scripting/bin/rebuildextendeddn
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/rebuildextendeddn
b/source4/scripting/bin/rebuildextendeddn
new file mode 100755
index 0000000..618d179
--- /dev/null
+++ b/source4/scripting/bin/rebuildextendeddn
@@ -0,0 +1,141 @@
+#!/usr/bin/python
+#
+# Unix SMB/CIFS implementation.
+# Extended attributes (re)building
+# Copyright (C) Matthieu Patou <[email protected]> 2009
+#
+# Based on provision a Samba4 server by
+# Copyright (C) Jelmer Vernooij <[email protected]> 2007-2008
+# Copyright (C) Andrew Bartlett <[email protected]> 2008
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import getopt
+import optparse
+import os
+import sys
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import Ldb, substitute_var, valid_netbios_name,
check_all_substituted
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \
+ timestring, CHANGETYPE_MODIFY, CHANGETYPE_NONE
+import ldb
+import samba.getopt as options
+from samba.samdb import SamDB
+from samba import param
+from samba.provision import ProvisionPaths,
ProvisionNames,provision_paths_from_lp,get_dnsyntax_attributes,get_linked_attributes
+
+parser = optparse.OptionParser("provision [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--targetdir", type="string", metavar="DIR",
+ help="Set target directory")
+
+opts = parser.parse_args()[0]
+
+def message(text):
+ """print a message if quiet is not set."""
+ if not opts.quiet:
+ print text
+
+if len(sys.argv) == 1:
+ opts.interactive = True
+
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+
+creds = credopts.get_credentials(lp)
+
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+session = system_session()
+
+
+def get_paths(targetdir=None,smbconf=None):
+ if targetdir is not None:
+ if (not os.path.exists(os.path.join(targetdir, "etc"))):
+ os.makedirs(os.path.join(targetdir, "etc"))
+ smbconf = os.path.join(targetdir, "etc", "smb.conf")
+ if smbconf is None:
+ smbconf = param.default_path()
+
+ if not os.path.exists(smbconf):
+ print >>sys.stderr, "Unable to find smb.conf .. "+smbconf
+ parser.print_usage()
+ sys.exit(1)
+
+ lp = param.LoadParm()
+ lp.load(smbconf)
+ paths = provision_paths_from_lp(lp,"foo")
+ return paths
+
+
+
+def rebuild_en_dn(credentials,session_info,paths):
+ lp = param.LoadParm()
+ lp.load(paths.smbconf)
+ names = ProvisionNames()
+ names.domain = lp.get("workgroup")
+ names.realm = lp.get("realm")
+ names.rootdn = "DC=" + names.realm.replace(".",",DC=")
+
+ attrs = ["dn" ]
+ dn = ""
+ sam_ldb = Ldb(paths.samdb, session_info=session_info,
credentials=credentials,lp=lp)
+ attrs2 = ["schemaNamingContext"]
+ res2 = sam_ldb.search(expression="(objectClass=*)",base="",
scope=SCOPE_BASE, attrs=attrs2)
+
attrs.extend(get_linked_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb).keys())
+
attrs.extend(get_dnsyntax_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb)),
+ sam_ldb.transaction_start()
+ res = sam_ldb.search(expression="(cn=*)", scope=SCOPE_SUBTREE,
attrs=attrs,controls=["search_options:1:2"]
+)
+ mod = ""
+ for i in range (0,len(res)):
+ #print >>sys.stderr,res[i].dn
+ dn = res[i].dn
+ for att in res[i]:
+ if ( (att != "dn" and att != "cn") and not (res[i][att]
is None) ):
+ m = ldb.Message()
+ m.dn = ldb.Dn(sam_ldb, str(dn))
+ saveatt = []
+ for j in range (0,len( res[i][att])):
+ mod = mod +att +":
"+str(res[i][att][j])+"\n"
+ saveatt.append(str(res[i][att][j]))
+ m[att] = ldb.MessageElement(saveatt,
ldb.FLAG_MOD_REPLACE, att)
+ sam_ldb.modify(m)
+ res3 =
sam_ldb.search(expression="(&(dn=%s)(%s=*))"%(dn,att),scope=SCOPE_SUBTREE,
attrs=[att],controls=["search_options:1:2"])
+ if( len(res3) == 0 or (len(res3[0][att])!=
len(saveatt))):
+ print >>sys.stderr, str(dn) + " has no
attr " +att+ " or a wrong value"
+ for satt in saveatt:
+ print >>sys.stderr,str(att)+"
= "+satt
+ sam_ldb.transaction_cancel()
+ sam_ldb.transaction_commit()
+
+
+
+
+paths = get_paths(targetdir=opts.targetdir,smbconf=smbconf)
+
+
+rebuild_en_dn(creds,session,paths)
+
diff --git a/source4/scripting/python/samba/provision.py
b/source4/scripting/python/samba/provision.py
index e21a3cb..8f7859c 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -421,6 +421,15 @@ def guess_names(lp=None, hostname=None, domain=None,
dnsdomain=None,
if not valid_netbios_name(domain):
raise InvalidNetbiosName(domain)
+ if netbiosname.upper() == realm.upper():
+ raise Exception("realm %s must not be equal to netbios domain name
%s", realm, netbiosname)
+
+ if hostname.upper() == realm.upper():
+ raise Exception("realm %s must not be equal to hostname %s", realm,
hostname)
+
+ if domain.upper() == realm.upper():
+ raise Exception("realm %s must not be equal to domain name %s", realm,
domain)
+
if rootdn is None:
rootdn = domaindn
--
Samba Shared Repository
