shutil.rmtree(provdir)
os.mkdir(provdir)
logger.info("Provision stored in %s", provdir)
+ dns_backend="BIND9_FLATFILE"
provision(logger, session, creds, smbconf=smbconf,
targetdir=provdir, samdb_fill=FILL_FULL, realm=names.realm,
domain=names.domain, domainguid=names.domainguid,
serverrole="domain controller", ldap_backend_extra_port=None,
backend_type=None, ldapadminpass=None, ol_mmr_urls=None,
slapd_path=None, setup_ds_path=None, nosync=None,
- dom_for_fun_level=names.domainlevel,
+ dom_for_fun_level=names.domainlevel, dns_backend=dns_backend,
ldap_dryrun_mode=None, useeadb=True)
return hash
-def get_diff_sddls(refsddl, cursddl):
+def get_diff_sddls(refsddl, cursddl, checkSacl = True):
"""Get the difference between 2 sddl
This function split the textual representation of ACL into smaller
:param refsddl: First sddl to compare
:param cursddl: Second sddl to compare
+ :param checkSacl: If false we skip the sacl checks
:return: A string that explain difference between sddls
"""
txt = "%s\tGroup mismatch: %s (in ref) %s" \
"(in current)\n" % (txt, hash_ref["group"], hash_cur["group"])
- for part in ["dacl", "sacl"]:
+ parts = [ "dacl" ]
+ if checkSacl:
+ parts.append("sacl")
+ for part in parts:
if hash_cur.has_key(part) and hash_ref.has_key(part):
# both are present, check if they contain the same ACE
of the updated provision
"""
- messagefunc(SIMPLE, "update secrets.ldb")
- reference = newsecrets_ldb.search(expression="dn=@MODULES", base="",
- scope=SCOPE_SUBTREE)
- current = secrets_ldb.search(expression="dn=@MODULES", base="",
- scope=SCOPE_SUBTREE)
+ messagefunc(SIMPLE, "Update of secrets.ldb")
+ reference = newsecrets_ldb.search(base="@MODULES", scope=SCOPE_BASE)
+ current = secrets_ldb.search(base="@MODULES", scope=SCOPE_BASE)
assert reference, "Reference modules list can not be empty"
if len(current) == 0:
# No modules present
"""
res = samdb.search(expression="(objectClass=*)", base=str(rootdn),
scope=SCOPE_BASE, attrs=["dn", "oEMInformation"])
- if len(res) > 0:
+ if len(res) > 0 and res[0].get("oEMInformation"):
info = res[0]["oEMInformation"]
return info
else:
res = samdb.search(expression="(objectClass=*)", base=rootdn,
scope=SCOPE_BASE, attrs=["dn", "oEMInformation"])
if len(res) > 0:
- info = res[0]["oEMInformation"]
+ if res[0].get("oEMInformation"):
+ info = str(res[0]["oEMInformation"])
+ else:
+ info = ""
info = "%s, upgrade to %s" % (info, version)
delta = ldb.Message()
delta.dn = ldb.Dn(samdb, str(res[0]["dn"]))
dir = getpolicypath(paths.sysvol, names.dnsdomain, names.policyid_dc)
if not os.path.isdir(dir):
create_gpo_struct(dir)
+
+ def acl_error(e):
+ if os.geteuid() == 0:
+ message(ERROR, "Unable to set ACLs on policies related objects: %s" % e)
+ else:
+ message(ERROR, "Unable to set ACLs on policies related objects. "
+ "ACLs must be set as root if file system ACLs "
+ "(rather than posix:eadb) are used.")
+
# We always reinforce acls on GPO folder because they have to be in sync
# with the one in DS
try:
set_gpos_acl(paths.sysvol, names.dnsdomain, names.domainsid,
names.domaindn, samdb, lp)
except TypeError, e:
- message(ERROR, "Unable to set ACLs on policies related objects,"
- " if not using posix:eadb, you must be root to do it")
+ acl_error(e)
if resetacls:
try:
setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid,
names.domainsid, names.dnsdomain, names.domaindn, lp)
except TypeError, e:
- message(ERROR, "Unable to set ACLs on sysvol share, if not using"
- "posix:eadb, you must be root to do it")
+ acl_error(e)
+
def increment_calculated_keyversion_number(samdb, rootdn, hashDns):
"""For a given hash associating dn and a number, this function will