Changeset 988 for vendor/current/source4/scripting

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

Location:

vendor/current/source4/scripting

Files:

• bin/enablerecyclebin (modified) (3 diffs)
• bin/findprovisionusnranges (added)
• bin/gen_hresult.py (added)
• bin/gen_ntstatus.py (added)
• bin/minschema (modified) (1 diff)
• bin/mymachinepw (modified) (1 diff)
• bin/rebuildextendeddn (modified) (3 diffs)
• bin/renamedc (added)
• bin/rpcclient (modified) (9 diffs)
• bin/samba-tool (added)
• bin/samba3dump (modified) (4 diffs)
• bin/samba_backup (modified) (4 diffs)
• bin/samba_dnsupdate (modified) (20 diffs)
• bin/samba_kcc (added)
• bin/samba_spnupdate (modified) (10 diffs)
• bin/samba_upgradedns (added)
• bin/samba_upgradeprovision (added)
• bin/setup_dns.sh (modified) (1 diff)
• bin/smbstatus (modified) (5 diffs)
• bin/subunitrun (modified) (3 diffs)
• bin/testparm (deleted)
• bin/upgradeprovision (deleted)
• bin/wscript_build (added)
• devel/addlotscontacts (added)
• devel/chgkrbtgtpass (added)
• devel/chgtdcpass (modified) (1 diff)
• devel/crackname (added)
• devel/createtrust (added)
• devel/demodirsync.py (added)
• devel/drs/vampire_ad.sh (modified) (1 diff)
• devel/getncchanges (modified) (6 diffs)
• devel/repl_cleartext_pwd.py (added)
• devel/selftest-vars.sh (modified) (2 diffs)
• devel/speedtest.py (modified) (4 diffs)
• python (deleted)
• wscript_build (modified) (1 diff)

vendor/current/source4/scripting/bin/enablerecyclebin

@@ -3 +3 @@
 # enabled the Recycle Bin optional feature
 #
-import base64
 import optparse
-import os
 import sys
 
@@ -13 +11 @@
 import samba
 from samba import getopt as options, Ldb
-from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError
+from ldb import SCOPE_BASE
 import sys
 import ldb
@@ -49 +47 @@
 msg.dn = ldb.Dn(sam_ldb, "")
 msg["enableOptionalFeature"] = ldb.MessageElement(
-                             "CN=Partitions," +  str(configbase) + ":766ddcd8-acd0-445e-f3b9-a7f9b6744f2a",
-                             ldb.FLAG_MOD_ADD, "enableOptionalFeature")
+     "CN=Partitions," +  str(configbase) + ":766ddcd8-acd0-445e-f3b9-a7f9b6744f2a",
+     ldb.FLAG_MOD_ADD, "enableOptionalFeature")
 res = sam_ldb.modify(msg)
 

vendor/current/source4/scripting/bin/minschema

@@ -6 +6 @@
 import base64
 import optparse
-import os
 import sys
 

vendor/current/source4/scripting/bin/mymachinepw

@@ -43 +43 @@
 secrets = ldb.Ldb(path)
 
-search = "(&(objectclass=primaryDomain)(samaccountname=" + \
-          netbios + "$))"
+search = ("(&(objectclass=primaryDomain)(samaccountname=" +
+      netbios + "$))")
 
 msg = secrets.search(expression=search, attrs=['secret'])

vendor/current/source4/scripting/bin/rebuildextendeddn

@@ -9 +9 @@
 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
 #
-#   
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-#   
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#   
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
@@ -48 +47 @@
 parser.add_option_group(credopts)
 parser.add_option("--targetdir", type="string", metavar="DIR", 
-                          help="Set target directory")
+                  help="Set target directory")
 
 opts = parser.parse_args()[0]
 
 def message(text):
-        """print a message if quiet is not set."""
-        if not opts.quiet:
-                print text
+    """print a message if quiet is not set."""
+    if not opts.quiet:
+        print text
 
 if len(sys.argv) == 1:
-        opts.interactive = True
+    opts.interactive = True
 
 lp = sambaopts.get_loadparm()
@@ -71 +70 @@
 
 def get_paths(targetdir=None,smbconf=None):
-        if targetdir is not None:
-                if (not os.path.exists(os.path.join(targetdir, "etc"))):
-                        os.makedirs(os.path.join(targetdir, "etc"))
-                smbconf = os.path.join(targetdir, "etc", "smb.conf")
-        if smbconf is None:
-                        smbconf = param.default_path()
+    if targetdir is not None:
+        if (not os.path.exists(os.path.join(targetdir, "etc"))):
+            os.makedirs(os.path.join(targetdir, "etc"))
+        smbconf = os.path.join(targetdir, "etc", "smb.conf")
+    if smbconf is None:
+            smbconf = param.default_path()
 
-        if not os.path.exists(smbconf):
-                print >>sys.stderr, "Unable to find smb.conf .. "+smbconf
-                parser.print_usage()
-                sys.exit(1)
+    if not os.path.exists(smbconf):
+        print >>sys.stderr, "Unable to find smb.conf .. "+smbconf
+        parser.print_usage()
+        sys.exit(1)
 
-        lp = param.LoadParm()
-        lp.load(smbconf)
-        paths = provision_paths_from_lp(lp,"foo")
-        return paths
+    lp = param.LoadParm()
+    lp.load(smbconf)
+    paths = provision_paths_from_lp(lp,"foo")
+    return paths
 
 
 
 def rebuild_en_dn(credentials,session_info,paths):
-        lp = param.LoadParm()
-        lp.load(paths.smbconf)
-        names = ProvisionNames()
-        names.domain = lp.get("workgroup")
-        names.realm = lp.get("realm")
-        names.rootdn = "DC=" + names.realm.replace(".",",DC=")
-        
-        attrs = ["dn" ]
-        dn = ""
-        sam_ldb = Ldb(paths.samdb, session_info=session_info, credentials=credentials,lp=lp)
-        attrs2 = ["schemaNamingContext"]
-        res2 = sam_ldb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
-        attrs.extend(get_linked_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb).keys())
-        attrs.extend(get_dnsyntax_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb)),     
-        sam_ldb.transaction_start()
-        res = sam_ldb.search(expression="(cn=*)", scope=SCOPE_SUBTREE, attrs=attrs,controls=["search_options:1:2"]
-)
-        mod = ""
-        for i in range (0,len(res)):
-                #print >>sys.stderr,res[i].dn
-                dn = res[i].dn
-                for att in res[i]:
-                        if ( (att != "dn" and att != "cn") and not (res[i][att] is None) ):
-                                m = ldb.Message()
-                                m.dn = ldb.Dn(sam_ldb, str(dn))
-                                saveatt = []
-                                for j in range (0,len( res[i][att])):
-                                        mod = mod +att +": "+str(res[i][att][j])+"\n"
-                                        saveatt.append(str(res[i][att][j]))
-                                m[att] = ldb.MessageElement(saveatt, ldb.FLAG_MOD_REPLACE, att)
-                                sam_ldb.modify(m)
-                                res3 = sam_ldb.search(expression="(&(dn=%s)(%s=*))"%(dn,att),scope=SCOPE_SUBTREE, attrs=[att],controls=["search_options:1:2"])
-                                if( len(res3) == 0  or (len(res3[0][att])!= len(saveatt))):
-                                        print >>sys.stderr, str(dn) + " has no attr " +att+ " or a wrong value"
-                                        for satt in saveatt:
-                                                print >>sys.stderr,str(att)+"   =       "+satt
-                                        sam_ldb.transaction_cancel()
-        sam_ldb.transaction_commit()
+    lp = param.LoadParm()
+    lp.load(paths.smbconf)
+    names = ProvisionNames()
+    names.domain = lp.get("workgroup")
+    names.realm = lp.get("realm")
+    names.rootdn = "DC=" + names.realm.replace(".",",DC=")
+
+    attrs = ["dn" ]
+    dn = ""
+    sam_ldb = Ldb(paths.samdb, session_info=session_info, credentials=credentials,lp=lp)
+    attrs2 = ["schemaNamingContext"]
+    res2 = sam_ldb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
+    attrs.extend(get_linked_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb).keys())
+    attrs.extend(get_dnsyntax_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb))
+    sam_ldb.transaction_start()
+    res = sam_ldb.search(expression="(cn=*)", scope=SCOPE_SUBTREE, attrs=attrs,controls=["search_options:1:2"])
+    mod = ""
+    for i in range (0,len(res)):
+        #print >>sys.stderr,res[i].dn
+        dn = res[i].dn
+        for att in res[i]:
+            if ( (att != "dn" and att != "cn") and not (res[i][att] is None) ):
+                m = ldb.Message()
+                m.dn = ldb.Dn(sam_ldb, str(dn))
+                saveatt = []
+                for j in range (0,len( res[i][att])):
+                    mod = mod +att +": "+str(res[i][att][j])+"\n"
+                    saveatt.append(str(res[i][att][j]))
+                m[att] = ldb.MessageElement(saveatt, ldb.FLAG_MOD_REPLACE, att)
+                sam_ldb.modify(m)
+                res3 = sam_ldb.search(expression="(&(distinguishedName=%s)(%s=*))"%(dn,att),scope=SCOPE_SUBTREE, attrs=[att],controls=["search_options:1:2"])
+                if( len(res3) == 0  or (len(res3[0][att])!= len(saveatt))):
+                    print >>sys.stderr, str(dn) + " has no attr " +att+ " or a wrong value"
+                    for satt in saveatt:
+                        print >>sys.stderr,str(att)+"    =    "+satt
+                    sam_ldb.transaction_cancel()
+    sam_ldb.transaction_commit()
 
 
-
-                
-paths = get_paths(targetdir=opts.targetdir,smbconf=smbconf)
-
+paths = get_paths(targetdir=opts.targetdir, smbconf=smbconf)
 
 rebuild_en_dn(creds,session,paths)

vendor/current/source4/scripting/bin/rpcclient

@@ -24 +24 @@
         if attr == 'this' or attr == 'thisown':
             continue
-        
+
         result[attr] = getattr(obj, attr)
 
@@ -52 +52 @@
         except dcerpc.NTSTATUS, arg:
             print 'The command returned an error: %s' % arg[1]
-            
+
     # Command handlers
 
@@ -68 +68 @@
         else:
             print 'Command exited with signal %d' % os.WTERMSIG(status)
-            
+
     def do_EOF(self, line):
         """Exits rpcclient."""
@@ -78 +78 @@
     def do_SamrEnumDomains(self, line):
         """Enumerate domain names."""
-        
+
         usage = 'usage: SamrEnumDomains'
 
@@ -117 +117 @@
 
     def do_SamrQueryDomInfo(self, line):
-        """Return information about a domain designated by its SID."""
-
-        usage = 'SamrQueryDomInfo DOMAIN_SID [info_level]'
-
-        parser = OptionParser(usage)
-        options, args = parser.parse_args(string.split(line))
-
-        if (len(args) == 0) or (len(args) > 2):
-            print 'usage:', usage
-            return
-
-        pipe = dcerpc.pipe_connect(
-            'ncacn_np:%s' % self.server,
-            dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
-            self.cred)
-
-        connect_handle = samr.Connect(pipe)
-        domain_handle = connect_handle.OpenDomain(args[0])
-
-        if (len(args) == 2):
-            result = domain_handle.QueryDomainInfo(int(args[1]))
-        else:
-            result = domain_handle.QueryDomainInfo()
+        """Return information about a domain designated by its SID."""
+
+        usage = 'SamrQueryDomInfo DOMAIN_SID [info_level]'
+
+        parser = OptionParser(usage)
+        options, args = parser.parse_args(string.split(line))
+
+        if (len(args) == 0) or (len(args) > 2):
+            print 'usage:', usage
+            return
+
+        pipe = dcerpc.pipe_connect(
+            'ncacn_np:%s' % self.server,
+            dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
+            self.cred)
+
+        connect_handle = samr.Connect(pipe)
+        domain_handle = connect_handle.OpenDomain(args[0])
+
+        if (len(args) == 2):
+            result = domain_handle.QueryDomainInfo(int(args[1]))
+        else:
+            result = domain_handle.QueryDomainInfo()
 
         pprint(swig2dict(result))
 
     def do_SamrQueryDomInfo2(self, line):
-        """Return information about a domain designated by its SID.
+        """Return information about a domain designated by its SID.
         (Windows 2000 and >)"""
 
-        usage = 'SamrQueryDomInfo2 DOMAIN_SID [info_level] (Windows 2000 and >)'
-        parser = OptionParser(usage)
-        options, args = parser.parse_args(string.split(line))
-
-        if len(args) == 0 or len(args) > 2:
-            print 'usage:', usage
-            return
-
-        pipe = dcerpc.pipe_connect(
-            'ncacn_np:%s' % self.server,
-            dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
-            self.cred)
-
-        connect_handle = samr.Connect(pipe)
-        domain_handle = connect_handle.OpenDomain(args[0])
-
-        if (len(args) == 2):
-            result = domain_handle.QueryDomainInfo2(int(args[1]))
-        else:
-            result = domain_handle.QueryDomainInfo2()
+        usage = 'SamrQueryDomInfo2 DOMAIN_SID [info_level] (Windows 2000 and >)'
+        parser = OptionParser(usage)
+        options, args = parser.parse_args(string.split(line))
+
+        if len(args) == 0 or len(args) > 2:
+            print 'usage:', usage
+            return
+
+        pipe = dcerpc.pipe_connect(
+            'ncacn_np:%s' % self.server,
+            dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
+            self.cred)
+
+        connect_handle = samr.Connect(pipe)
+        domain_handle = connect_handle.OpenDomain(args[0])
+
+        if (len(args) == 2):
+            result = domain_handle.QueryDomainInfo2(int(args[1]))
+        else:
+            result = domain_handle.QueryDomainInfo2()
 
         pprint(swig2dict(result))
 
     def do_SamrEnumDomainGroups(self, line):
-        """Return the list of groups of a domain designated by its SID."""
-
-        usage = 'SamrEnumDomainGroups DOMAIN_SID'
+        """Return the list of groups of a domain designated by its SID."""
+
+        usage = 'SamrEnumDomainGroups DOMAIN_SID'
 
         parser = OptionParser(usage)
@@ -187 +187 @@
             self.cred)
 
-        connect_handle = samr.Connect(pipe)     
-        domain_handle = connect_handle.OpenDomain(args[0])
-
-        result = domain_handle.EnumDomainGroups()
+        connect_handle = samr.Connect(pipe)
+        domain_handle = connect_handle.OpenDomain(args[0])
+
+        result = domain_handle.EnumDomainGroups()
 
         pprint(result)
@@ -198 +198 @@
         by its SID."""
 
-        usage = 'SamrEnumDomainAliases DOMAIN_SID'
+        usage = 'SamrEnumDomainAliases DOMAIN_SID'
 
         parser = OptionParser(usage)
@@ -215 +215 @@
         domain_handle = connect_handle.OpenDomain(args[0])
 
-        result = domain_handle.EnumDomainAliases()
+        result = domain_handle.EnumDomainAliases()
 
         pprint(result)
 
     def do_SamrEnumDomainUsers(self, line):
-        """Return the list of users of a domain designated by its SID."""
-
-        usage = 'SamrEnumDomainUsers DOMAIN_SID [user_account_flags]'
-
-        parser = OptionParser(usage)
-        options, args = parser.parse_args(string.split(line))
-
-        if (len(args) == 0) or (len(args) > 2):
-            print 'usage:', usage
-            return
-
-        pipe = dcerpc.pipe_connect(
-            'ncacn_np:%s' % self.server,
-            dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
-            self.cred)
-
-        connect_handle = samr.Connect(pipe)
-        domain_handle = connect_handle.OpenDomain(args[0])
-
-        if (len(args) == 2):
-            result = domain_handle.EnumDomainUsers(int(args[1]))
-        else:
-            result = domain_handle.EnumDomainUsers()
+        """Return the list of users of a domain designated by its SID."""
+
+        usage = 'SamrEnumDomainUsers DOMAIN_SID [user_account_flags]'
+
+        parser = OptionParser(usage)
+        options, args = parser.parse_args(string.split(line))
+
+        if (len(args) == 0) or (len(args) > 2):
+            print 'usage:', usage
+            return
+
+        pipe = dcerpc.pipe_connect(
+            'ncacn_np:%s' % self.server,
+            dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
+            self.cred)
+
+        connect_handle = samr.Connect(pipe)
+        domain_handle = connect_handle.OpenDomain(args[0])
+
+        if (len(args) == 2):
+            result = domain_handle.EnumDomainUsers(int(args[1]))
+        else:
+            result = domain_handle.EnumDomainUsers()
 
         pprint(result)
@@ -289 +289 @@
 
     if username != '':
-        cred = (domain, username, password)
+        cred = (domain, username, password)
 
     # Run command loop

vendor/current/source4/scripting/bin/samba3dump

@@ -14 +14 @@
 import samba
 import samba.samba3
+from samba.samba3 import param as s3param
+from samba.dcerpc import lsa
 
 parser = optparse.OptionParser("samba3dump <libdir> [<smb.conf>]")
@@ -30 +32 @@
 def print_samba3_policy(pol):
     print_header("Account Policies")
-    print "Min password length: %d" % pol.min_password_length
-    print "Password history length: %d" % pol.password_history
-    if pol.user_must_logon_to_change_password:
-        print "User must logon to change password: %d" % pol.user_must_logon_to_change_password
-    if pol.maximum_password_age:
-        print "Maximum password age: %d" % pol.maximum_password_age
-    if pol.minimum_password_age:
-        print "Minimum password age: %d" % pol.minimum_password_age
-    if pol.lockout_duration:
-        print "Lockout duration: %d" % pol.lockout_duration
-    if pol.reset_count_minutes:
-        print "Reset Count Minutes: %d" % pol.reset_count_minutes
-    if pol.bad_lockout_minutes:
-        print "Bad Lockout Minutes: %d" % pol.bad_lockout_minutes
-    if pol.disconnect_time:
-        print "Disconnect Time: %d" % pol.disconnect_time
-    if pol.refuse_machine_password_change:
-        print "Refuse Machine Password Change: %d" % pol.refuse_machine_password_change
+    print "Min password length: %d" % pol['min password length']
+    print "Password history length: %d" % pol['password history']
+    if pol['user must logon to change password']:
+        print "User must logon to change password: %d" % pol['user must logon to change password']
+    if pol['maximum password age']:
+        print "Maximum password age: %d" % pol['maximum password age']
+    if pol['minimum password age']:
+        print "Minimum password age: %d" % pol['minimum password age']
+    if pol['lockout duration']:
+        print "Lockout duration: %d" % pol['lockout duration']
+    if pol['reset count minutes']:
+        print "Reset Count Minutes: %d" % pol['reset count minutes']
+    if pol['bad lockout attempt']:
+        print "Bad Lockout Minutes: %d" % pol['bad lockout attempt']
+    if pol['disconnect time']:
+        print "Disconnect Time: %d" % pol['disconnect time']
+    if pol['refuse machine password change']:
+        print "Refuse Machine Password Change: %d" % pol['refuse machine password change']
 
 def print_samba3_sam(samdb):
     print_header("SAM Database")
-    for user in samdb:
-        print "%s" % user
+    for user in samdb.search_users(0):
+        print "%s (%d): %s" % (user['account_name'], user['rid'], user['fullname'])
 
-def print_samba3_shares(shares):
+def print_samba3_shares(lp):
     print_header("Configured shares")
-    for s in shares:
-        print "--- %s ---" % s.name
-        for p in s:
-            print "\t%s = %s" % (p.key, p.value)
+    for s in lp.services():
+        print "--- %s ---" % s
+        for p in ['path']:
+            print "\t%s = %s" % (p, lp.get(p, s))
         print ""
 
@@ -114 +116 @@
     print_header("Group Mappings")
     
-    for sid in groupdb.groupsids():
-        print "\t--- Group: %s ---" % sid
+    for g in groupdb.enum_group_mapping(samba.samba3.passdb.get_global_sam_sid(),
+                                        lsa.SID_NAME_DOM_GRP):
+        print "\t--- Group: %s ---" % g.sid
 
 def print_samba3_aliases(groupdb):
-    for sid in groupdb.aliases():
-        print "\t--- Alias: %s ---" % sid
+    for g in groupdb.enum_group_mapping(samba.samba3.passdb.get_global_sam_sid(),
+                                        lsa.SID_NAME_ALIAS):
+        print "\t--- Alias: %s ---" % g.sid
 
 def print_samba3_idmapdb(idmapdb):
@@ -134 +138 @@
 
 def print_samba3(samba3):
-    print_samba3_policy(samba3.get_policy_db())
+    passdb = samba3.get_sam_db()
+    print_samba3_policy(passdb.get_account_policy())
     print_samba3_winsdb(samba3.get_wins_db())
     print_samba3_regdb(samba3.get_registry())
     print_samba3_secrets(samba3.get_secrets_db())
     print_samba3_idmapdb(samba3.get_idmap_db())
-    print_samba3_sam(samba3.get_sam_db())
-    groupdb = samba3.get_groupmapping_db()
-    print_samba3_groupmappings(groupdb)
-    print_samba3_aliases(groupdb)
-    print_samba3_shares(samba3.get_shares())
+    print_samba3_sam(passdb)
+    print_samba3_groupmappings(passdb)
+    print_samba3_aliases(passdb)
+    print_samba3_shares(samba3.lp)
 
 def print_samba3_summary(samba3):
     print "WINS db entries: %d" % len(samba3.get_wins_db())
     print "Registry key count: %d" % len(samba3.get_registry())
-    groupdb = samba3.get_groupmapping_db()
-    print "Groupmap count: %d" % len(list(groupdb.groupsids()))
-    print "Alias count: %d" % len(list(groupdb.aliases()))
+    passdb = samba3.get_sam_db()
+    print "Groupmap count: %d" % len(passdb.enum_group_mapping())
+    print "Alias count: %d" % len(passdb.search_aliases())
     idmapdb = samba3.get_idmap_db()
     print "Idmap count: %d" % (len(list(idmapdb.uids())) + len(list(idmapdb.gids())))
 
+if len(args) < 1:
+    parser.print_help()
+    sys.exit(1)
+
 libdir = args[0]
-if len(args) > 1:
+if len(args) < 1:
     smbconf = args[1]
 else:
     smbconf = os.path.join(libdir, "smb.conf")
 
-samba3 = samba.samba3.Samba3(libdir, smbconf)
+s3_lp = s3param.get_context()
+s3_lp.set("private dir", libdir)
+s3_lp.set("state directory", libdir)
+s3_lp.set("lock directory", libdir)
+s3_lp.load(smbconf)
+samba3 = samba.samba3.Samba3(smbconf, s3_lp)
 
 if opts.format == "summary":

vendor/current/source4/scripting/bin/samba_backup

@@ -1 +1 @@
 #!/bin/sh
 #
-# Copyright (C) Matthieu Patou <mat@matws.net> 2010
+# Copyright (C) Matthieu Patou <mat@matws.net> 2010-2011
 #
 # This program is free software; you can redistribute it and/or modify
@@ -16 +16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
+# Revised 2013-09-25, Brian Martin, as follows:
+#    - Allow retention period ("DAYS") to be specified as a parameter.
+#    - Allow individual positional parameters to be left at the default
+#      by specifying "-"
+#    - Use IS0 8601 standard dates (yyyy-mm-dd instead of mmddyyyy).
+#    - Display tar exit codes when reporting errors.
+#    - Don't send error messages to /dev/null, so we know what failed.
+#    - Suppress useless tar "socket ignored" message.
+#    - Fix retention period bug when deleting old backups ($DAYS variable
+#      could be set, but was ignored).
+
+
 
 FROMWHERE=/usr/local/samba
 WHERE=/usr/local/backups
+DAYS=90                         # Set default retention period.
 if [ -n "$1" ] && [ "$1" = "-h" -o "$1" = "--usage" ]; then
-        echo "samba_backup [provisiondir] [destinationdir]"
-        echo "Will backup your provision located in provisiondir to archive stored in destinationdir"
+        echo "samba_backup [provisiondir] [destinationdir] [retpd]"
+        echo "Will backup your provision located in provisiondir to archive stored"
+        echo "in destinationdir for retpd days. Use - to leave an option unchanged."
         echo "Default provisiondir: $FROMWHERE"
         echo "Default destinationdir: $WHERE"
+        echo "Default destinationdir: $DAYS"
         exit 0
 fi
 
-[ -n "$1" -a -d "$1" ]&&FROMWHERE=$1
-[ -n "$2" -a -d "$2" ]&&WHERE=$2
+[ -n "$1" -a "$1" != "-" ]&&FROMWHERE=$1        # Use parm or default if "-".  Validate later.
+[ -n "$2" -a "$2" != "-" ]&&WHERE=$2            # Use parm or default if "-".  Validate later.
+[ -n "$3" -a "$3" -eq "$3" 2> /dev/null ]&&DAYS=$3      # Use parm or default if non-numeric (incl "-").
 
 DIRS="private etc sysvol"
 #Number of days to keep the backup
-DAYS=90
-WHEN=`date +%d%m%y`
+WHEN=`date +%Y-%m-%d`   # ISO 8601 standard date.
+
+if [ ! -d $WHERE ]; then
+        echo "Missing backup directory $WHERE"
+        exit 1
+fi
+
+if [ ! -d $FROMWHERE ]; then
+        echo "Missing or wrong provision directory $FROMWHERE"
+        exit 1
+fi
 
 cd $FROMWHERE
@@ -43 +68 @@
                 for ldb in `find $relativedirname -name "*.ldb"`; do
                         tdbbackup $ldb
-                        if [ $? -ne 0 ]; then
-                                echo "Error while backuping $ldb"
+                        Status=$?       # Preserve $? for message, since [ alters it.
+                        if [ $Status -ne 0 ]; then
+                                echo "Error while backing up $ldb - status $Status"
                                 exit 1
                         fi
                 done
-                tar cjf ${WHERE}/samba4_${n}.${WHEN}.tar.bz2  $relativedirname --exclude=*.ldb >/dev/null 2>&1
-                if [ $? -ne 0 ]; then
-                        echo "Error while archiving ${WHERE}/samba4_${n}.${WHEN}.tar.bz2"
+                # Run the backup.
+                #    --warning=no-file-ignored set to suppress "socket ignored" messages.
+                tar cjf ${WHERE}/samba4_${n}.${WHEN}.tar.bz2  $relativedirname --exclude=\*.ldb --warning=no-file-ignored --transform 's/.ldb.bak$/.ldb/'
+                Status=$?       # Preserve $? for message, since [ alters it.
+                if [ $Status -ne 0 -a $Status -ne 1 ]; then     # Ignore 1 - private dir is always changing.
+                        echo "Error while archiving ${WHERE}/samba4_${n}.${WHEN}.tar.bz2 - status = $Status"
                         exit 1
                 fi
                 find $relativedirname -name "*.ldb.bak" -exec rm {} \;
         else
-                tar cjf ${WHERE}/${n}.${WHEN}.tar.bz2  $relativedirname >/dev/null 2>&1
-                if [ $? -ne 0 ]; then
-                        echo "Error while archiving ${WHERE}/${n}.${WHEN}.tar.bz2"
+                # Run the backup.
+                #    --warning=no-file-ignored set to suppress "socket ignored" messages.
+                tar cjf ${WHERE}/${n}.${WHEN}.tar.bz2  $relativedirname --warning=no-file-ignored
+                Status=$?       # Preserve $? for message, since [ alters it.
+                if [ $Status -ne 0 ]; then
+                        echo "Error while archiving ${WHERE}/${n}.${WHEN}.tar.bz2 - status = $Status"
                         exit 1
                 fi
@@ -63 +95 @@
 done
 
-find $WHERE -name "samba4_*bz2" -mtime +90 -exec rm  {} \; >/dev/null 2>&1
+find $WHERE -name "samba4_*bz2" -mtime +$DAYS -exec rm  {} \;

vendor/current/source4/scripting/bin/samba_dnsupdate

@@ -1 +1 @@
 #!/usr/bin/env python
+# vim: expandtab
 #
 # update our DNS names using TSIG-GSS
@@ -42 +43 @@
 from samba import getopt as options
 from ldb import SCOPE_BASE
+from samba import dsdb
 from samba.auth import system_session
 from samba.samdb import SamDB
 from samba.dcerpc import netlogon, winbind
 
-samba.ensure_external_module("dns", "dnspython")
+samba.ensure_third_party_module("dns", "dnspython")
 import dns.resolver
 import dns.exception
@@ -63 +65 @@
 parser.add_option("--use-file", type="string", help="Use a file, rather than real DNS calls")
 parser.add_option("--update-list", type="string", help="Add DNS names from the given file")
+parser.add_option("--update-cache", type="string", help="Cache database of already registered records")
 parser.add_option("--fail-immediately", action='store_true', help="Exit on first failure")
+parser.add_option("--no-credentials", dest='nocreds', action='store_true', help="don't try and get credentials")
+parser.add_option("--no-substiutions", dest='nosubs', action='store_true', help="don't try and expands variables in file specified by --update-list")
 
 creds = None
@@ -90 +95 @@
     sys.exit(0)
 
+IP6s = []
+IP4s = []
+for i in IPs:
+    if i.find(':') != -1:
+        IP6s.append(i)
+    else:
+        IP4s.append(i)
+
+
 if opts.verbose:
     print "IPs: %s" % IPs
 
-########################################################
-# get credentials if we haven't got them already
+
 def get_credentials(lp):
+    """# get credentials if we haven't got them already."""
     from samba import credentials
-    global ccachename, creds
-    if creds is not None:
-        return
+    global ccachename
     creds = credentials.Credentials()
     creds.guess(lp)
@@ -105 +117 @@
     creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE)
     (tmp_fd, ccachename) = tempfile.mkstemp()
-    creds.get_named_ccache(lp, ccachename)
-
-
-#############################################
-# an object to hold a parsed DNS line
+    try:
+        creds.get_named_ccache(lp, ccachename)
+    except RuntimeError as e:
+        os.unlink(ccachename)
+        raise e
+
+
 class dnsobj(object):
+    """an object to hold a parsed DNS line"""
+
     def __init__(self, string_form):
         list = string_form.split()
+        if len(list) < 3:
+            raise Exception("Invalid DNS entry %r" % string_form)
         self.dest = None
         self.port = None
@@ -119 +137 @@
         self.existing_weight = None
         self.type = list[0]
-        self.name = list[1].lower()
+        self.name = list[1]
+        self.nameservers = []
         if self.type == 'SRV':
-            self.dest = list[2].lower()
+            if len(list) < 4:
+                raise Exception("Invalid DNS entry %r" % string_form)
+            self.dest = list[2]
             self.port = list[3]
-        elif self.type == 'A':
+        elif self.type in ['A', 'AAAA']:
             self.ip   = list[2] # usually $IP, which gets replaced
         elif self.type == 'CNAME':
-            self.dest = list[2].lower()
+            self.dest = list[2]
+        elif self.type == 'NS':
+            self.dest = list[2]
         else:
-            print "Received unexpected DNS reply of type %s" % self.type
-            raise
+            raise Exception("Received unexpected DNS reply of type %s: %s" % (self.type, string_form))
 
     def __str__(self):
-        if d.type == "A":     return "%s %s %s" % (self.type, self.name, self.ip)
-        if d.type == "SRV":   return "%s %s %s %s" % (self.type, self.name, self.dest, self.port)
-        if d.type == "CNAME": return "%s %s %s" % (self.type, self.name, self.dest)
-
-
-################################################
-# parse a DNS line from
+        if self.type == "A":
+            return "%s %s %s" % (self.type, self.name, self.ip)
+        if self.type == "AAAA":
+            return "%s %s %s" % (self.type, self.name, self.ip)
+        if self.type == "SRV":
+            return "%s %s %s %s" % (self.type, self.name, self.dest, self.port)
+        if self.type == "CNAME":
+            return "%s %s %s" % (self.type, self.name, self.dest)
+        if self.type == "NS":
+            return "%s %s %s" % (self.type, self.name, self.dest)
+
+
 def parse_dns_line(line, sub_vars):
+    """parse a DNS line from."""
+    if line.startswith("SRV _ldap._tcp.pdc._msdcs.") and not samdb.am_pdc():
+        # We keep this as compat to the dns_update_list of 4.0/4.1
+        if opts.verbose:
+            print "Skipping PDC entry (%s) as we are not a PDC" % line
+        return None
     subline = samba.substitute_var(line, sub_vars)
-    d = dnsobj(subline)
-    return d
-
-############################################
-# see if two hostnames match
+    if subline == '' or subline[0] == "#":
+        return None
+    return dnsobj(subline)
+
+
 def hostname_match(h1, h2):
+    """see if two hostnames match."""
     h1 = str(h1)
     h2 = str(h2)
@@ -152 +186 @@
 
 
-############################################
-# check that a DNS entry exists
 def check_dns_name(d):
+    """check that a DNS entry exists."""
     normalised_name = d.name.rstrip('.') + '.'
     if opts.verbose:
         print "Looking for DNS entry %s as %s" % (d, normalised_name)
- 
+
     if opts.use_file is not None:
         try:
@@ -164 +197 @@
         except IOError:
             return False
-        
+
         for line in dns_file:
             line = line.strip()
@@ -173 +206 @@
         return False
 
+    resolv_conf = os.getenv('RESOLV_WRAPPER_CONF')
+    if not resolv_conf:
+        resolv_conf = '/etc/resolv.conf'
+    resolver = dns.resolver.Resolver(filename=resolv_conf, configure=True)
+
+    if d.nameservers != []:
+        resolver.nameservers = d.nameservers
+    else:
+        d.nameservers = resolver.nameservers
+
     try:
-        ans = dns.resolver.query(normalised_name, d.type)
+        ans = resolver.query(normalised_name, d.type)
     except dns.exception.DNSException:
         if opts.verbose:
             print "Failed to find DNS entry %s" % d
         return False
-    if d.type == 'A':
+    if d.type in ['A', 'AAAA']:
         # we need to be sure that our IP is there
         for rdata in ans:
             if str(rdata) == str(d.ip):
                 return True
-    if d.type == 'CNAME':
+    elif d.type == 'CNAME':
         for i in range(len(ans)):
             if hostname_match(ans[i].target, d.dest):
                 return True
-    if d.type == 'SRV':
+    elif d.type == 'NS':
+        for i in range(len(ans)):
+            if hostname_match(ans[i].target, d.dest):
+                return True
+    elif d.type == 'SRV':
         for rdata in ans:
             if opts.verbose:
@@ -205 +252 @@
 
 
-###########################################
-# get the list of substitution vars
-def get_subst_vars():
+def get_subst_vars(samdb):
+    """get the list of substitution vars."""
     global lp, am_rodc
     vars = {}
 
-    samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
-                  lp=lp)
-
-    vars['DNSDOMAIN'] = lp.get('realm').lower()
-    vars['DNSFOREST'] = lp.get('realm').lower()
-    vars['HOSTNAME']  = lp.get('netbios name').lower() + "." + vars['DNSDOMAIN']
+    vars['DNSDOMAIN'] = samdb.domain_dns_name()
+    vars['DNSFOREST'] = samdb.forest_dns_name()
+    vars['HOSTNAME']  = samdb.host_dns_name()
     vars['NTDSGUID']  = samdb.get_ntds_GUID()
     vars['SITE']      = samdb.server_site_name()
-    res = samdb.search(base=None, scope=SCOPE_BASE, attrs=["objectGUID"])
+    res = samdb.search(base=samdb.get_default_basedn(), scope=SCOPE_BASE, attrs=["objectGUID"])
     guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0])
     vars['DOMAINGUID'] = guid
+
+    vars['IF_DC'] = ""
+    vars['IF_RWDC'] = "# "
+    vars['IF_RODC'] = "# "
+    vars['IF_PDC'] = "# "
+    vars['IF_GC'] = "# "
+    vars['IF_RWGC'] = "# "
+    vars['IF_ROGC'] = "# "
+    vars['IF_DNS_DOMAIN'] = "# "
+    vars['IF_RWDNS_DOMAIN'] = "# "
+    vars['IF_RODNS_DOMAIN'] = "# "
+    vars['IF_DNS_FOREST'] = "# "
+    vars['IF_RWDNS_FOREST'] = "# "
+    vars['IF_R0DNS_FOREST'] = "# "
+
     am_rodc = samdb.am_rodc()
+    if am_rodc:
+        vars['IF_RODC'] = ""
+    else:
+        vars['IF_RWDC'] = ""
+
+    if samdb.am_pdc():
+        vars['IF_PDC'] = ""
+
+    # check if we "are DNS server"
+    res = samdb.search(base=samdb.get_config_basedn(),
+                   expression='(objectguid=%s)' % vars['NTDSGUID'],
+                   attrs=["options", "msDS-hasMasterNCs"])
+
+    if len(res) == 1:
+        if "options" in res[0]:
+            options = int(res[0]["options"][0])
+            if (options & dsdb.DS_NTDSDSA_OPT_IS_GC) != 0:
+                vars['IF_GC'] = ""
+                if am_rodc:
+                    vars['IF_ROGC'] = ""
+                else:
+                    vars['IF_RWGC'] = ""
+
+        basedn = str(samdb.get_default_basedn())
+        forestdn = str(samdb.get_root_basedn())
+
+        if "msDS-hasMasterNCs" in res[0]:
+            for e in res[0]["msDS-hasMasterNCs"]:
+                if str(e) == "DC=DomainDnsZones,%s" % basedn:
+                    vars['IF_DNS_DOMAIN'] = ""
+                    if am_rodc:
+                        vars['IF_RODNS_DOMAIN'] = ""
+                    else:
+                        vars['IF_RWDNS_DOMAIN'] = ""
+                if str(e) == "DC=ForestDnsZones,%s" % forestdn:
+                    vars['IF_DNS_FOREST'] = ""
+                    if am_rodc:
+                        vars['IF_RODNS_FOREST'] = ""
+                    else:
+                        vars['IF_RWDNS_FOREST'] = ""
 
     return vars
 
 
-############################################
-# call nsupdate for an entry
-def call_nsupdate(d):
-    global ccachename, nsupdate_cmd
-
-    if opts.verbose:
-        print "Calling nsupdate for %s" % d
+def call_nsupdate(d, op="add"):
+    """call nsupdate for an entry."""
+    global ccachename, nsupdate_cmd, krb5conf
+
+    assert(op in ["add", "delete"])
+
+    if opts.verbose:
+        print "Calling nsupdate for %s (%s)" % (d, op)
 
     if opts.use_file is not None:
-        wfile = open(opts.use_file, 'a')
-        fcntl.lockf(wfile, fcntl.LOCK_EX)
-        wfile.write(str(d)+"\n")
-        fcntl.lockf(wfile, fcntl.LOCK_UN)
+        try:
+            rfile = open(opts.use_file, 'r+')
+        except IOError:
+            # Perhaps create it
+            rfile = open(opts.use_file, 'w+')
+            # Open it for reading again, in case someone else got to it first
+            rfile = open(opts.use_file, 'r+')
+        fcntl.lockf(rfile, fcntl.LOCK_EX)
+        (file_dir, file_name) = os.path.split(opts.use_file)
+        (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX")
+        wfile = os.fdopen(tmp_fd, 'a')
+        rfile.seek(0)
+        for line in rfile:
+            if op == "delete":
+                l = parse_dns_line(line, {})
+                if str(l).lower() == str(d).lower():
+                    continue
+            wfile.write(line)
+        if op == "add":
+            wfile.write(str(d)+"\n")
+        os.rename(tmpfile, opts.use_file)
+        fcntl.lockf(rfile, fcntl.LOCK_UN)
         return
 
@@ -246 +363 @@
     (tmp_fd, tmpfile) = tempfile.mkstemp()
     f = os.fdopen(tmp_fd, 'w')
+    if d.nameservers != []:
+        f.write('server %s\n' % d.nameservers[0])
     if d.type == "A":
-        f.write("update add %s %u A %s\n" % (normalised_name, default_ttl, d.ip))
+        f.write("update %s %s %u A %s\n" % (op, normalised_name, default_ttl, d.ip))
+    if d.type == "AAAA":
+        f.write("update %s %s %u AAAA %s\n" % (op, normalised_name, default_ttl, d.ip))
     if d.type == "SRV":
-        if d.existing_port is not None:
+        if op == "add" and d.existing_port is not None:
             f.write("update delete %s SRV 0 %s %s %s\n" % (normalised_name, d.existing_weight,
                                                            d.existing_port, d.dest))
-        f.write("update add %s %u SRV 0 100 %s %s\n" % (normalised_name, default_ttl, d.port, d.dest))
+        f.write("update %s %s %u SRV 0 100 %s %s\n" % (op, normalised_name, default_ttl, d.port, d.dest))
     if d.type == "CNAME":
-        f.write("update add %s %u CNAME %s\n" % (normalised_name, default_ttl, d.dest))
+        f.write("update %s %s %u CNAME %s\n" % (op, normalised_name, default_ttl, d.dest))
+    if d.type == "NS":
+        f.write("update %s %s %u NS %s\n" % (op, normalised_name, default_ttl, d.dest))
     if opts.verbose:
         f.write("show\n")
@@ -260 +383 @@
     f.close()
 
-    os.environ["KRB5CCNAME"] = ccachename
+    global error_count
+    if ccachename:
+        os.environ["KRB5CCNAME"] = ccachename
     try:
         cmd = nsupdate_cmd[:]
         cmd.append(tmpfile)
-        subprocess.check_call(cmd, shell=False)
+        env = os.environ
+        if krb5conf:
+            env["KRB5_CONFIG"] = krb5conf
+        if ccachename:
+            env["KRB5CCNAME"] = ccachename
+        ret = subprocess.call(cmd, shell=False, env=env)
+        if ret != 0:
+            if opts.fail_immediately:
+                if opts.verbose:
+                    print("Failed update with %s" % tmpfile)
+                sys.exit(1)
+            error_count = error_count + 1
+            if opts.verbose:
+                print("Failed nsupdate: %d" % ret)
     except Exception, estr:
-        global error_count
         if opts.fail_immediately:
             sys.exit(1)
@@ -276 +413 @@
 
 
-def rodc_dns_update(d, t):
+def rodc_dns_update(d, t, op):
     '''a single DNS update via the RODC netlogon call'''
     global sub_vars
+
+    assert(op in ["add", "delete"])
 
     if opts.verbose:
@@ -303 +442 @@
     if d.port is not None:
         name.port = int(d.port)
-    name.dns_register = True
+    if op == "add":
+        name.dns_register = True
+    else:
+        name.dns_register = False
     dns_names.names = [ name ]
     site_name = sub_vars['SITE'].decode('utf-8')
@@ -322 +464 @@
 
 
-def call_rodc_update(d):
+def call_rodc_update(d, op="add"):
     '''RODCs need to use the netlogon API for nsupdate'''
     global lp, sub_vars
+
+    assert(op in ["add", "delete"])
 
     # we expect failure for 3268 if we aren't a GC
@@ -345 +489 @@
         if subname.lower() == d.name.lower():
             # found a match - do the update
-            rodc_dns_update(d, t)
+            rodc_dns_update(d, t, op)
             return
     if opts.verbose:
@@ -357 +501 @@
     dns_update_list = lp.private_path('dns_update_list')
 
+if opts.update_cache:
+    dns_update_cache = opts.update_cache
+else:
+    dns_update_cache = lp.private_path('dns_update_cache')
+
 # use our private krb5.conf to avoid problems with the wrong domain
 # bind9 nsupdate wants the default domain set
@@ -364 +513 @@
 file = open(dns_update_list, "r")
 
-# get the substitution dictionary
-sub_vars = get_subst_vars()
+if opts.nosubs:
+    sub_vars = {}
+else:
+    samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), lp=lp)
+
+    # get the substitution dictionary
+    sub_vars = get_subst_vars(samdb)
 
 # build up a list of update commands to pass to nsupdate
 update_list = []
 dns_list = []
+cache_list = []
+delete_list = []
+
+dup_set = set()
+cache_set = set()
+
+rebuild_cache = False
+try:
+    cfile = open(dns_update_cache, 'r+')
+except IOError:
+    # Perhaps create it
+    cfile = open(dns_update_cache, 'w+')
+    # Open it for reading again, in case someone else got to it first
+    cfile = open(dns_update_cache, 'r+')
+fcntl.lockf(cfile, fcntl.LOCK_EX)
+for line in cfile:
+    line = line.strip()
+    if line == '' or line[0] == "#":
+        continue
+    c = parse_dns_line(line, {})
+    if c is None:
+        continue
+    if str(c) not in cache_set:
+        cache_list.append(c)
+        cache_set.add(str(c))
 
 # read each line, and check that the DNS name exists
@@ -377 +556 @@
         continue
     d = parse_dns_line(line, sub_vars)
-    dns_list.append(d)
+    if d is None:
+        continue
+    if d.type == 'A' and len(IP4s) == 0:
+        continue
+    if d.type == 'AAAA' and len(IP6s) == 0:
+        continue
+    if str(d) not in dup_set:
+        dns_list.append(d)
+        dup_set.add(str(d))
 
 # now expand the entries, if any are A record with ip set to $IP
 # then replace with multiple entries, one for each interface IP
 for d in dns_list:
-    if d.type == 'A' and d.ip == "$IP":
-        d.ip = IPs[0]
-        for i in range(len(IPs)-1):
+    if d.ip != "$IP":
+        continue
+    if d.type == 'A':
+        d.ip = IP4s[0]
+        for i in range(len(IP4s)-1):
             d2 = dnsobj(str(d))
-            d2.ip = IPs[i+1]
+            d2.ip = IP4s[i+1]
+            dns_list.append(d2)
+    if d.type == 'AAAA':
+        d.ip = IP6s[0]
+        for i in range(len(IP6s)-1):
+            d2 = dnsobj(str(d))
+            d2.ip = IP6s[i+1]
             dns_list.append(d2)
 
 # now check if the entries already exist on the DNS server
 for d in dns_list:
-    if opts.all_names or not check_dns_name(d):
+    found = False
+    for c in cache_list:
+        if str(c).lower() == str(d).lower():
+            found = True
+            break
+    if not found:
+        rebuild_cache = True
+    if opts.all_names:
         update_list.append(d)
-
-if len(update_list) == 0:
+        if opts.verbose:
+            print "force update: %s" % d
+    elif not check_dns_name(d):
+        update_list.append(d)
+        if opts.verbose:
+            print "need update: %s" % d
+
+
+for c in cache_list:
+    found = False
+    for d in dns_list:
+        if str(c).lower() == str(d).lower():
+            found = True
+            break
+    if found:
+        continue
+    rebuild_cache = True
+    if not opts.all_names and not check_dns_name(c):
+        continue
+    delete_list.append(c)
+    if opts.verbose:
+        print "need delete: %s" % c
+
+if len(delete_list) == 0 and len(update_list) == 0 and not rebuild_cache:
     if opts.verbose:
         print "No DNS updates needed"
     sys.exit(0)
+else:
+    if opts.verbose:
+        print "%d DNS updates and %d DNS deletes needed" % (len(update_list), len(delete_list))
 
 # get our krb5 creds
-get_credentials(lp)
+if len(delete_list) != 0 or len(update_list) != 0:
+    if not opts.nocreds:
+        get_credentials(lp)
+
+# ask nsupdate to delete entries as needed
+for d in delete_list:
+    if am_rodc:
+        if d.name.lower() == domain.lower():
+            if opts.verbose:
+                print "skip delete (rodc): %s" % d
+            continue
+        if not d.type in [ 'A', 'AAAA' ]:
+            if opts.verbose:
+                print "delete (rodc): %s" % d
+            call_rodc_update(d, op="delete")
+        else:
+            if opts.verbose:
+                print "delete (nsupdate): %s" % d
+            call_nsupdate(d, op="delete")
+    else:
+        if opts.verbose:
+            print "delete (nsupdate): %s" % d
+        call_nsupdate(d, op="delete")
 
 # ask nsupdate to add entries as needed
@@ -406 +655 @@
     if am_rodc:
         if d.name.lower() == domain.lower():
+            if opts.verbose:
+                print "skip (rodc): %s" % d
             continue
-        if d.type != 'A':
+        if not d.type in [ 'A', 'AAAA' ]:
+            if opts.verbose:
+                print "update (rodc): %s" % d
             call_rodc_update(d)
         else:
+            if opts.verbose:
+                print "update (nsupdate): %s" % d
             call_nsupdate(d)
     else:
+        if opts.verbose:
+            print "update(nsupdate): %s" % d
         call_nsupdate(d)
+
+if rebuild_cache:
+    (file_dir, file_name) = os.path.split(dns_update_cache)
+    (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX")
+    wfile = os.fdopen(tmp_fd, 'a')
+    for d in dns_list:
+        wfile.write(str(d)+"\n")
+    os.rename(tmpfile, dns_update_cache)
+fcntl.lockf(cfile, fcntl.LOCK_UN)
 
 # delete the ccache if we created it

vendor/current/source4/scripting/bin/samba_spnupdate

@@ -4 +4 @@
 #
 # Copyright (C) Andrew Tridgell 2010
+# Copyright (C) Matthieu Patou <mat@matws.net> 2012
 #
 # This program is free software; you can redistribute it and/or modify
@@ -19 +20 @@
 
 
-import os, sys
+import os, sys, re
 
 # ensure we get messages out immediately, so they get in the samba logs,
@@ -71 +72 @@
     vars = {}
 
-    vars['DNSDOMAIN'] = lp.get('realm').lower()
-    vars['HOSTNAME']  = lp.get('netbios name').lower() + "." + vars['DNSDOMAIN']
+    vars['DNSDOMAIN'] = samdb.domain_dns_name()
+    vars['DNSFOREST'] = samdb.forest_dns_name()
+    vars['HOSTNAME']  = samdb.host_dns_name()
     vars['NETBIOSNAME'] = lp.get('netbios name').upper()
     vars['WORKGROUP'] = lp.get('workgroup')
     vars['NTDSGUID']  = samdb.get_ntds_GUID()
-    res = samdb.search(base=None, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
+    res = samdb.search(base=samdb.get_default_basedn(), scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
     guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0])
     vars['DOMAINGUID'] = guid
@@ -83 +85 @@
 try:
     private_dir = lp.get("private dir")
-    secrets_path = os.path.join(private_dir, lp.get("secrets database"))
+    secrets_path = os.path.join(private_dir, "secrets.ldb")
 
     secrets_db = Ldb(url=secrets_path, session_info=system_session(),
@@ -104 +106 @@
         credentials = None
 
-    samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=credentials, lp=lp)
+    samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), credentials=credentials, lp=lp)
 except ldb.LdbError, (num, msg):
-    print("Unable to open sam database %s : %s" % (lp.get("sam database"), msg))
+    print("Unable to open sam database %s : %s" % (lp.samdb_url(), msg))
     sys.exit(1)
 
@@ -119 +121 @@
 
 spn_list = []
+
+has_forest_dns = False
+has_domain_dns = False
+# check if we "are DNS server"
+res = samdb.search(base=samdb.get_config_basedn(),
+                   expression='(objectguid=%s)' % sub_vars['NTDSGUID'],
+                   attrs=["msDS-hasMasterNCs"])
+
+basedn = str(samdb.get_default_basedn())
+if len(res) == 1:
+    if "msDS-hasMasterNCs" in res[0]:
+        for e in res[0]["msDS-hasMasterNCs"]:
+            if str(e) == "DC=DomainDnsZones,%s" % basedn:
+                has_domain_dns = True
+            if str(e) == "DC=ForestDnsZones,%s" % basedn:
+                has_forest_dns = True
+
 
 # build the spn list
@@ -125 +144 @@
     if line == '' or line[0] == "#":
         continue
+    if re.match(r".*/DomainDnsZones\..*", line) and not has_domain_dns:
+        continue
+    if re.match(r".*/ForestDnsZones\..*", line) and not has_forest_dns:
+        continue
     line = samba.substitute_var(line, sub_vars)
     spn_list.append(line)
 
 # get the current list of SPNs in our sam
-res = samdb.search(base="",
+res = samdb.search(base=samdb.get_default_basedn(),
                    expression='(&(objectClass=computer)(samaccountname=%s$))' % sub_vars['NETBIOSNAME'],
                    attrs=["servicePrincipalName"])
@@ -190 +213 @@
     net = Net(creds=creds, lp=lp)
     try:
-        cldap_ret = net.finddc(domain, nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
+        cldap_ret = net.finddc(domain=domain, flags=nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
     except Exception, reason:
         print("Unable to find writeable DC for domain '%s' to send DRS writeSPN to : %s" % (domain, reason))
@@ -197 +220 @@
     try:
         binding_options = "seal"
-        if lp.get("log level") >= 5:
+        if int(lp.get("log level")) >= 5:
             binding_options += ",print"
         drs = drsuapi.drsuapi('ncacn_ip_tcp:%s[%s]' % (server, binding_options), lp, creds)
@@ -221 +244 @@
     req1.spn_names = spn_names
     (level, res) = drs.DsWriteAccountSpn(drs_handle, 1, req1)
+    if (res.status != (0, 'WERR_OK')):
+        print "WriteAccountSpn has failed with error %s" % str(res.status)
 
 if samdb.am_rodc():

vendor/current/source4/scripting/bin/setup_dns.sh

@@ -14 +14 @@
 
 [ -z "$PRIVATEDIR" ] && {
-    PRIVATEDIR=$(bin/testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2> /dev/null)
+    PRIVATEDIR=$(bin/samba-tool testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2> /dev/null)
 }
 
 OBJECTGUID=$(bin/ldbsearch -s base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2)
 
+samba4kinit=kinit
+if test -x $BINDIR/samba4kinit; then
+        samba4kinit=bin/samba4kinit
+fi
+
 echo "Found objectGUID $OBJECTGUID"
 
 echo "Running kinit for $HOSTNAME\$@$DOMAIN"
-bin/samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" $HOSTNAME\$@$DOMAIN || exit 1
+$samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" $HOSTNAME\$@$DOMAIN || exit 1
 echo "Adding $HOSTNAME.$DOMAIN"
 scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || {

vendor/current/source4/scripting/bin/smbstatus

@@ -3 +3 @@
 #
 #  provide information on connected users and open files
-#  Copyright ǒ Jelmer Vernooij 2008
+#  Copyright (c) Jelmer Vernooij 2008
 #
 #  Based on the original in EJS:
@@ -12 +12 @@
 import os, sys
 
+# make sure the script dies immediately when hitting control-C,
+# rather than raising KeyboardInterrupt. As we do all database
+# operations using transactions, this is safe.
+import signal
+signal.signal(signal.SIGINT, signal.SIG_DFL)
+
 sys.path.insert(0, "bin/python")
 
@@ -19 +25 @@
 
 def show_sessions(conn):
-        """show open sessions"""
+    """show open sessions"""
 
-        sessions = conn.smbsrv_information(irpc.SMBSRV_INFO_SESSIONS).next()
-        print "User                                  Client      Connected at"
-        print "-" * 79
-        for session in sessions:
-                fulluser = "%s/%s" % (session.account_name, session.domain_name)
-                print "%-30s %16s   %s" % (fulluser, session.client_ip, sys.httptime(session.connect_time))
-        print ""
+    sessions = conn.smbsrv_information(irpc.SMBSRV_INFO_SESSIONS).next()
+    print "User                                  Client      Connected at"
+    print "-" * 79
+    for session in sessions:
+        fulluser = "%s/%s" % (session.account_name, session.domain_name)
+        print "%-30s %16s   %s" % (fulluser, session.client_ip, sys.httptime(session.connect_time))
+    print ""
 
 def show_tcons(open_connection):
-        """show open tree connects"""
-        conn = open_connection("smb_server")
-        tcons = conn.smbsrv_information(irpc.SMBSRV_INFO_TCONS).next()
-        print "Share                                 Client      Connected at"
-        print "-" * 79
-        for tcon in tcons:
-                print "%-30s %16s   %s" % (tcon.share_name, tcon.client_ip, sys.httptime(tcon.connect_time))
+    """show open tree connects"""
+    conn = open_connection("smb_server")
+    tcons = conn.smbsrv_information(irpc.SMBSRV_INFO_TCONS).next()
+    print "Share                                 Client      Connected at"
+    print "-" * 79
+    for tcon in tcons:
+        print "%-30s %16s   %s" % (tcon.share_name, tcon.client_ip, sys.httptime(tcon.connect_time))
 
 
 def show_nbt(open_connection):
-        """show nbtd information"""
-        conn = open_connection("nbt_server")
-        stats = conn.nbtd_information(irpc.NBTD_INFO_STATISTICS).next()
-        print "NBT server statistics:"
-        fields = [("total_received", "Total received"),
-                          ("total_sent", "Total sent"),
-                          ("query_count", "Query count"),
-                          ("register_count", "Register count"),
-                          ("release_count", "Release count")]
-        for (field, description) in fields:
-                print "\t%s:\t%s" % (description, getattr(stats, field))
-        print
+    """show nbtd information"""
+    conn = open_connection("nbt_server")
+    stats = conn.nbtd_information(irpc.NBTD_INFO_STATISTICS).next()
+    print "NBT server statistics:"
+    fields = [("total_received", "Total received"),
+              ("total_sent", "Total sent"),
+              ("query_count", "Query count"),
+              ("register_count", "Register count"),
+              ("release_count", "Release count")]
+    for (field, description) in fields:
+        print "\t%s:\t%s" % (description, getattr(stats, field))
+    print
 
 parser = optparse.OptionParser("%s [options]" % sys.argv[0])
@@ -57 +63 @@
 parser.add_option_group(sambaopts)
 parser.add_option("--messaging-path", type="string", metavar="PATH",
-                          help="messaging path")
+                  help="messaging path")
 parser.add_option("--nbt", help="show NetBIOS status", action="store_true")
 
@@ -69 +75 @@
 
 def open_connection(name):
-        return messaging.ClientConnection(name, messaging_path=messaging_path)
+    return messaging.ClientConnection(name, messaging_path=messaging_path)
 
 if opts.nbt:
-        show_nbt(open_connection)
+    show_nbt(open_connection)
 else:
-        try:
-                conn = open_connection("smb_server")
-        except RuntimeError, (num, msg):
-                if msg == 'NT_STATUS_OBJECT_NAME_NOT_FOUND':
-                        print "No active connections"
-        else:
-                show_sessions(conn)
-                show_tcons(conn)
+    try:
+        conn = open_connection("smb_server")
+    except RuntimeError, (num, msg):
+        if msg == 'NT_STATUS_OBJECT_NAME_NOT_FOUND':
+            print "No active connections"
+    else:
+        show_sessions(conn)
+        show_tcons(conn)

vendor/current/source4/scripting/bin/subunitrun

@@ -2 +2 @@
 
 # Simple subunit testrunner for python
-# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-#   
+
+# NOTE: This is deprecated - Using the standard subunit runner is
+# preferred - e.g. "python -m samba.subunit.run YOURMODULE".
+#
+# This wrapper will be removed once all tests can be run
+# without it. At the moment there are various tests which still
+# get e.g. credentials passed via command-line options to this
+# script.
+
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2014
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-#   
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#   
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
@@ -20 +29 @@
 import sys
 
+# make sure the script dies immediately when hitting control-C,
+# rather than raising KeyboardInterrupt. As we do all database
+# operations using transactions, this is safe.
+import signal
+signal.signal(signal.SIGINT, signal.SIG_DFL)
+
 # Find right directory when running from source tree
 sys.path.insert(0, "bin/python")
@@ -25 +40 @@
 import optparse
 import samba
-samba.ensure_external_module("testtools", "testtools")
-samba.ensure_external_module("subunit", "subunit/python")
-from subunit.run import SubunitTestRunner
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
 import samba.getopt as options
 import samba.tests
 
 
-parser = optparse.OptionParser("subunitrun [options] <tests>")
+usage = 'subunitrun [options] <tests>'
+description = '''
+This runs a Samba python test suite. The tests are typically located in
+python/samba/tests/*.py
+
+To run the tests from one of those modules, specify the test as
+samba.tests.MODULE. For example, to run the tests in common.py:
+
+   subunitrun samba.tests.common
+
+To list the tests in that module, use:
+
+   subunitrun -l samba.tests.common
+
+NOTE: This script is deprecated in favor of "python -m subunit.run". Don't use
+it unless it can be avoided.
+'''
+
+def format_description(formatter):
+    '''hack to prevent textwrap of the description'''
+    return description
+
+parser = optparse.OptionParser(usage=usage, description=description)
+parser.format_description = format_description
 credopts = options.CredentialsOptions(parser)
+sambaopts = options.SambaOptions(parser)
+subunitopts = SubunitOptions(parser)
 parser.add_option_group(credopts)
-try:
-    from subunit.run import TestProgram
-except ImportError:
-    from unittest import TestProgram
-else:
-    parser.add_option('-l', '--list', dest='listtests', default=False,
-                      help='List tests rather than running them.',
-                      action="store_true")
+parser.add_option_group(sambaopts)
+parser.add_option_group(subunitopts)
 
 opts, args = parser.parse_args()
 
-samba.tests.cmdline_credentials = credopts.get_credentials(samba.tests.env_loadparm())
-if getattr(opts, "listtests", False):
-    args.insert(0, "--list")
+if not getattr(opts, "listtests", False):
+    lp = sambaopts.get_loadparm()
+    samba.tests.cmdline_credentials = credopts.get_credentials(lp)
+if getattr(opts, 'load_list', None):
+    args.insert(0, "--load-list=%s" % opts.load_list)
 
-runner = SubunitTestRunner()
-program = TestProgram(module=None, argv=[sys.argv[0]] + args, testRunner=runner)
+TestProgram(module=None, args=args, opts=subunitopts)

vendor/current/source4/scripting/devel/chgtdcpass

@@ -30 +30 @@
 from samba.auth import system_session
 from samba import param
+from samba.provision import find_provision_key_parameters
 from samba.upgradehelpers import (get_paths,
-                                 find_provision_key_parameters, get_ldbs,
+                                  get_ldbs,
                                  update_machine_account_password)
 

vendor/current/source4/scripting/devel/drs/vampire_ad.sh

@@ -24 +24 @@
 REALM="$(echo $DNSDOMAIN | tr '[a-z]' '[A-Z]')"
 
-sudo $GDB bin/samba-tool join $DNSDOMAIN DC -Uadministrator%$pass -s $PREFIX/etc/smb.conf --option=realm=$REALM --option="ads:dc function level=4" --option="ads:min function level=0" -d2 "$@" || exit 1
+sudo $GDB bin/samba-tool domain join $DNSDOMAIN DC -Uadministrator%$pass -s $PREFIX/etc/smb.conf --option=realm=$REALM --option="ads:dc function level=4" --option="ads:min function level=0" -d2 "$@" || exit 1
 # PRIVATEDIR=$PREFIX/private sudo -E scripting/bin/setup_dns.sh $machine $DNSDOMAIN $machine_ip || exit 1
 #sudo rndc flush

vendor/current/source4/scripting/devel/getncchanges

@@ -14 +14 @@
 from samba.samdb import SamDB
 from samba.auth import system_session
+from samba.ndr import ndr_unpack
 
 def do_DsBind(drs):
@@ -101 +102 @@
     parser.add_option("", "--exop", dest="exop", help="extended operation",)
     parser.add_option("", "--pas", dest="use_pas", action='store_true', default=False,
-                      help="send partial attribute set",)
-    parser.add_option("", "--dest-dsa", type='str',
-                      default='"9c637462-5b8c-4467-aef2-bdb1f57bc4ef"', help="destination DSA GUID")
+                      help="send partial attribute set (for RODC)")
+    parser.add_option("", "--nb-iter", type='int', help="Number of getncchange iterations")
+    parser.add_option("", "--dest-dsa", type='str', help="destination DSA GUID")
+    parser.add_option("", "--rodc", action='store_true', default=False,
+                      help='use RODC replica flags')
+    parser.add_option("", "--partial-rw", action='store_true', default=False,
+                      help='use RW partial replica flags, not be confused with --pas')
     parser.add_option("", "--replica-flags", type='int',
                       default=drsuapi.DRSUAPI_DRS_INIT_SYNC |
                       drsuapi.DRSUAPI_DRS_PER_SYNC |
+                      drsuapi.DRSUAPI_DRS_WRIT_REP |
                       drsuapi.DRSUAPI_DRS_GET_ANC |
                       drsuapi.DRSUAPI_DRS_NEVER_SYNCED,
@@ -112 +118 @@
 
     (opts, args) = parser.parse_args()
+    if opts.rodc:
+        opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |\
+                             drsuapi.DRSUAPI_DRS_GET_ANC |\
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED |\
+                             drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |\
+                             drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
+
+    if opts.partial_rw:
+        opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |\
+                             drsuapi.DRSUAPI_DRS_GET_ANC |\
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED
 
     lp = sambaopts.get_loadparm()
@@ -121 +140 @@
     if creds.is_anonymous():
         parser.error("You must supply credentials")
+
+    if opts.partial_rw and opts.rodc:
+        parser.error("Can't specify --partial-rw and --rodc")
 
     server = args[0]
@@ -148 +170 @@
         exop = int(opts.exop)
 
+    dest_dsa = opts.dest_dsa
+    if not dest_dsa:
+        print "no dest_dsa specified trying to figure out from ldap"
+        msgs = samdb.search(controls=["search_options:1:2"],
+                           expression='(objectclass=ntdsdsa)')
+        if len(msgs) == 1:
+            dest_dsa = str(ndr_unpack(misc.GUID,  msgs[0]["invocationId"][0]))
+            print "Found this dsa: %s" % dest_dsa
+        else:
+            # TODO fixme
+            pass
+        if not dest_dsa:
+            print "Unable to find the dest_dsa automatically please specify it"
+            import sys
+            sys.exit(1)
+
     null_guid = misc.GUID()
-    req8.destination_dsa_guid               = misc.GUID(opts.dest_dsa)
+    req8.destination_dsa_guid               = misc.GUID(dest_dsa)
     req8.source_dsa_invocation_id           = misc.GUID(samdb.get_invocation_id())
     req8.naming_context                     = drsuapi.DsReplicaObjectIdentifier()
@@ -171 +209 @@
     req8.mapping_ctr.mappings                = None
 
+    nb_iter = 0
     while True:
         (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
-        if ctr.more_data == 0:
+        nb_iter += 1
+        if ctr.more_data == 0 or opts.nb_iter == nb_iter:
             break
-        req8.highwatermark.tmp_highest_usn = ctr.new_highwatermark.tmp_highest_usn
+        req8.highwatermark = ctr.new_highwatermark

vendor/current/source4/scripting/devel/selftest-vars.sh

@@ -3 +3 @@
 
 export UID_WRAPPER=1
-export NSS_WRAPPER_PASSWD=st/dc/passwd
-export NSS_WRAPPER_GROUP=st/dc/group
-export CONFIGURATION="--configfile=$PWD/st/dc/etc/smb.conf"
+export NSS_WRAPPER_PASSWD=$PWD/st/ad_dc_ntvfs/passwd
+export NSS_WRAPPER_GROUP=$PWD/st/ad_dc_ntvfs/group
+export CONFIGURATION="--configfile=$PWD/st/ad_dc_ntvfs/etc/smb.conf"
+export VAMPIRE_DC_SERVER=localvampiredc
+export VAMPIRE_DC_SERVER_IP=127.0.0.22
+export VAMPIRE_DC_NETBIOSNAME=localvampiredc1
+export VAMPIRE_DC_NETBIOSALIAS=localvampiredc
 export MEMBER_SERVER=localmember3
-export MEMBER_SERVER_IP=127.0.0.3
+export MEMBER_SERVER_IP=127.0.0.23
 export MEMBER_NETBIOSNAME=localmember3
 export MEMBER_NETBIOSALIAS=localmember
 export RPC_PROXY_SERVER=localrpcproxy4
-export RPC_PROXY_SERVER_IP=127.0.0.4
+export RPC_PROXY_SERVER_IP=127.0.0.24
 export RPC_PROXY_NETBIOSNAME=localrpcproxy4
 export RPC_PROXY_NETBIOSALIAS=localrpcproxy
-export SELFTEST_TARGET="samba4"
 export SELFTEST_MAXTIME=1200
 export NETBIOSNAME=localdc1
 export REALM=SAMBA.EXAMPLE.COM
-export SOCKET_WRAPPER_DEFAULT_IFACE=1
+export SOCKET_WRAPPER_DEFAULT_IFACE=21
 export SERVER=localdc1
-export WINBINDD_SOCKET_DIR=$PWD/st/dc/winbindd_socket
+export SELFTEST_WINBINDD_SOCKET_DIR=$PWD/st/ad_dc_ntvfs/winbindd_socket
 export SELFTEST_PREFIX=$PWD/st
 export DOMAIN=SAMBADOMAIN
-export BUILDDIR=.
-export DC_SERVER_IP=127.0.0.1
+export BINDIR=./bin
+export DC_SERVER_IP=127.0.0.21
 export SELFTEST_INTERFACES=127.0.0.6/8,127.0.0.7/8,127.0.0.8/8,127.0.0.9/8,127.0.0.10/8,127.0.0.11/8
 export SOCKET_WRAPPER_DIR=$PWD/st/w
 export DC_USERNAME=Administrator
 export USERNAME=Administrator
-export SERVER_IP=127.0.0.1
-export KRB5_CONFIG=$PWD/st/dc/etc/krb5.conf
+export SERVER_IP=127.0.0.21
+export KRB5_CONFIG=$PWD/st/ad_dc_ntvfs/etc/krb5.conf
 export PREFIX_ABS=$PWD/st
 export SRCDIR_ABS=$PWD
-export PREFIX=./st
-export KRB5CCNAME=./st/krb5ticket
-export SRCDIR=.
+export PREFIX=$PWD/st
+export KRB5CCNAME=$PWD/st/krb5ticket
+export SRCDIR=$PWD/
 export TLS_ENABLED=yes
 export DC_NETBIOSALIAS=localdc
@@ -44 +47 @@
 export PASSWORD=locDCpass1
 export NETBIOSALIAS=localdc
-export SMB_CONF_PATH=$PWD/st/dc/etc/smb.conf
+export SMB_CONF_PATH=$PWD/st/ad_dc_ntvfs/etc/smb.conf

vendor/current/source4/scripting/devel/speedtest.py

@@ -31 +31 @@
 sys.path.insert(0, "bin/python")
 import samba
-samba.ensure_external_module("testtools", "testtools")
-samba.ensure_external_module("subunit", "subunit/python")
+from samba.tests.subunitrun import TestProgram, SubunitOptions
 
 import samba.getopt as options
 
-from ldb import (
-            SCOPE_BASE, SCOPE_SUBTREE, LdbError, ERR_NO_SUCH_OBJECT,
-                ERR_UNWILLING_TO_PERFORM, ERR_INSUFFICIENT_ACCESS_RIGHTS)
-from samba.ndr import ndr_pack, ndr_unpack
+from ldb import SCOPE_BASE, SCOPE_SUBTREE
+from samba.ndr import ndr_unpack
 from samba.dcerpc import security
 
@@ -48 +45 @@
 import samba.tests
 from samba.tests import delete_force
-from subunit.run import SubunitTestRunner
-import unittest
 
 parser = optparse.OptionParser("speedtest.py [options] <host>")
@@ -56 +51 @@
 parser.add_option_group(options.VersionOptions(parser))
 
-
 # use command line creds if available
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
 opts, args = parser.parse_args()
 
@@ -233 +229 @@
 ldb = SamDB(host, credentials=creds, session_info=system_session(), lp=lp, options=ldb_options)
 
-runner = SubunitTestRunner()
-rc = 0
-if not runner.run(unittest.makeSuite(SpeedTestAddDel)).wasSuccessful():
-    rc = 1
-if not runner.run(unittest.makeSuite(AclSearchSpeedTest)).wasSuccessful():
-    rc = 1
-sys.exit(rc)
+TestProgram(module=__name__, opts=subunitopts)

vendor/current/source4/scripting/wscript_build

@@ -3 +3 @@
 from samba_utils import MODE_755
 
-bld.INSTALL_FILES('${SBINDIR}','bin/upgradeprovision bin/samba_dnsupdate bin/samba_spnupdate',
+sbin_files = None
+if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
+    sbin_files = 'bin/samba_dnsupdate bin/samba_spnupdate bin/samba_upgradedns bin/samba_kcc'
+
+if sbin_files:
+    bld.INSTALL_FILES('${SBINDIR}',
+                      sbin_files,
+                      chmod=MODE_755, python_fixup=True, flat=True)
+
+if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
+    bld.INSTALL_FILES('${BINDIR}',
+                  'bin/samba-tool',
                   chmod=MODE_755, python_fixup=True, flat=True)
-bld.INSTALL_FILES('${BINDIR}','bin/testparm',
-                  chmod=MODE_755, python_fixup=True, flat=True)
+
+bld.RECURSE('bin')