Univention Bugzilla – Attachment 9110 Details for
Bug 40055
adtakeover: Unable to parse search expression
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
40055.patch (text/plain), 25.71 KB, created by
Florian Best
on 2017-08-09 17:16:59 CEST
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2017-08-09 17:16:59 CEST
Size:
25.71 KB
patch
obsolete
>commit 3774ed85cdcac70d14ea1ceb8b59948d31e629c1 >Author: Florian Best <best@univention.de> >Date: Wed Aug 9 15:48:35 2017 +0200 > > Bug #40055: fix escaping of LDAP filter and DN's > >diff --git a/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py b/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py >index 4481605..8b70cb1 100755 >--- a/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py >+++ b/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py >@@ -37,7 +37,6 @@ > import time > import locale > import shutil >-import string > import logging > import traceback > import subprocess >@@ -62,7 +61,7 @@ > import sqlite3 > import ipaddr > from ldap.filter import filter_format >-from ldap.dn import escape_dn_chars >+from ldap.dn import escape_dn_chars, str2dn, dn2str > > import univention.admin.uldap > import univention.admin.uexceptions as uexceptions >@@ -78,6 +77,7 @@ > from univention.config_registry.interfaces import Interfaces > from univention.management.console.log import MODULE > from univention.management.console import Translation >+from univention.uldap import parentDn > > > ucr = univention.config_registry.ConfigRegistry() >@@ -706,7 +706,7 @@ def reconnect(self): > > def operatingSystem(self, netbios_name): > msg = self.samdb.search(base=self.samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, >- expression="(sAMAccountName=%s$)" % netbios_name, >+ expression=filter_format("(sAMAccountName=%s$)", [netbios_name]), > attrs=["operatingSystem", "operatingSystemVersion", "operatingSystemServicePack"]) > if msg: > obj = msg[0] >@@ -1041,7 +1041,7 @@ def post_join_tasks_and_start_samba_without_drsuapi(self): > > self.old_domainsid = None > self.lo = _connect_ucs(self.ucr) >- ldap_result = self.lo.search(filter="(&(objectClass=sambaDomain)(sambaDomainName=%s))" % self.ucr["windows/domain"], attr=["sambaSID"]) >+ ldap_result = self.lo.search(filter=filter_format("(&(objectClass=sambaDomain)(sambaDomainName=%s))", [self.ucr["windows/domain"]]), attr=["sambaSID"]) > if len(ldap_result) == 1: > sambadomain_object_dn = ldap_result[0][0] > >@@ -1064,7 +1064,7 @@ def post_join_tasks_and_start_samba_without_drsuapi(self): > # FIXME: probably sys.exit()? > > if self.ucr["windows/domain"] != self.ad_netbios_domain or not sambadomain_object_dn: >- ldap_result = self.lo.search(filter="(&(objectClass=sambaDomain)(sambaDomainName=%s))" % self.ad_netbios_domain, attr=["sambaSID"]) >+ ldap_result = self.lo.search(filter=filter_format("(&(objectClass=sambaDomain)(sambaDomainName=%s))", [self.ad_netbios_domain]), attr=["sambaSID"]) > if len(ldap_result) == 1: > sambadomain_object_dn = ldap_result[0][0] > elif len(ldap_result) > 0: >@@ -1089,10 +1089,9 @@ def post_join_tasks_and_start_samba_without_drsuapi(self): > except uexceptions.ldapError as exc: > log.debug("Renaming of '%s' failed: %s." % (sambadomain_object_dn, exc,)) > else: >- dnparts = ldap.explode_dn(sambadomain_object_dn) >- rdn = dnparts[0].split('=', 1) >- dnparts[0] = '='.join((rdn[0], self.ad_netbios_domain)) >- sambadomain_object_dn = ",".join(dnparts) >+ x = str2dn(sambadomain_object_dn) >+ x[0] = [(x[0][0][0], self.ad_netbios_domain, ldap.AVA_STRING)] >+ sambadomain_object_dn = dn2str(x) > else: > # FIXME: in this peculiar case we should create one. > pass >@@ -1154,7 +1153,7 @@ def remove_conflicting_msgpo_objects(self): > > for obj in msgs: > name = obj["cn"][0] >- run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", "name=%s" % name], log.debug) >+ run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", filter_format("name=%s", [name])], log.debug) > gpo_path = '%s/Policies/%s' % (sam_sysvol_dom_dir, name,) > if os.path.exists(gpo_path): > log.info("Removing associated conflicting GPO directory %s." % (gpo_path,)) >@@ -1163,7 +1162,7 @@ def remove_conflicting_msgpo_objects(self): > if name.upper() == name: > continue > >- run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", "name=%s" % name.upper()], log.debug) >+ run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", filter_format("name=%s", [name.upper()])], log.debug) > gpo_path = '%s/Policies/%s' % (sam_sysvol_dom_dir, name.upper(),) > if os.path.exists(gpo_path): > log.info("Removing associated conflicting GPO directory %s." % (gpo_path,)) >@@ -1185,14 +1184,13 @@ def rewrite_sambaSIDs_in_OpenLDAP(self): > container_list.sort(key=len) > > for container_dn in container_list: >- rdn_list = ldap.explode_dn(container_dn) >- (ou_type, ou_name) = rdn_list.pop(0).split('=', 1) >- position = string.replace(','.join(rdn_list).lower(), self.ucr['samba4/ldap/base'].lower(), self.ucr['ldap/base'].lower()) >+ (ou_type, ou_name) = ldap.dn.str2dn(container_dn)[0][0][:2] >+ position = parentDn(container_dn).lower().replace(self.ucr['samba4/ldap/base'].lower(), self.ucr['ldap/base'].lower()) > > udm_type = None >- if ou_type == "OU": >+ if ou_type.upper() == "OU": > udm_type = "container/ou" >- elif ou_type == "CN": >+ elif ou_type.upper() == "CN": > udm_type = "container/cn" > else: > log.warn("Warning: Unmapped container type %s" % container_dn) >@@ -1212,7 +1210,7 @@ def rewrite_sambaSIDs_in_OpenLDAP(self): > for (sid, canonical_name) in AD_well_known_sids.items(): > > msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >- expression="(&(objectSid=%s)(sAMAccountName=*))" % (sid,), >+ expression=filter_format("(&(objectSid=%s)(sAMAccountName=*))", (sid,)), > attrs=["sAMAccountName", "objectClass"]) > if not msgs: > log.debug("Name of Well known SID %s not found in Samba" % (sid,)) >@@ -1233,7 +1231,7 @@ def rewrite_sambaSIDs_in_OpenLDAP(self): > ucsldap_object_name = canonical_name # default > # lookup canonical_name in UCSLDAP, for cases like "Replicator/Replicators" and "Server Operators"/"System Operators" that changed in UCS 3.2, see Bug #32461#c2 > ucssid = sid.replace(self.ad_domainsid, self.old_domainsid, 1) >- ldap_result = self.lo.search(filter="(sambaSID=%s)" % (ucssid,), attr=["sambaSID", "uid", "cn"]) >+ ldap_result = self.lo.search(filter=filter_format("(sambaSID=%s)", (ucssid,)), attr=["sambaSID", "uid", "cn"]) > if len(ldap_result) == 1: > if "group" in oc or "foreignSecurityPrincipal" in oc: > ucsldap_object_name = ldap_result[0][1].get("cn", [None])[0] >@@ -1266,7 +1264,7 @@ def rewrite_sambaSIDs_in_OpenLDAP(self): > old_sambaSID_dict[old_sid] = ucs_name > > msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % ucs_name, >+ expression=filter_format("(sAMAccountName=%s)", (ucs_name,)), > attrs=["dn", "objectSid"]) > if not msgs: > continue >@@ -1289,7 +1287,7 @@ def rewrite_sambaSIDs_in_OpenLDAP(self): > old_sambaSID_dict[old_sid] = ucs_name > > msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % ucs_name, >+ expression=filter_format("(sAMAccountName=%s)", (ucs_name,)), > attrs=["objectSid"]) > if not msgs: > continue >@@ -1340,12 +1338,12 @@ def rewrite_sambaSIDs_in_OpenLDAP(self): > > # re-create DNS SPN account > log.debug("Attempting removal of DNS SPN account in UCS-LDAP, will be recreated later with new password.") >- run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=dns-%s,cn=users,%s" % (self.ucr["hostname"], self.ucr["ldap/base"])], log.debug) >+ run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=dns-%s,cn=users,%s" % (escape_dn_chars(self.ucr["hostname"]), self.ucr["ldap/base"])], log.debug) > > # remove zarafa and univention-squid-kerberos SPN accounts, recreated later in phaseIII by running the respective joinscripts again > log.debug("Attempting removal of Zarafa and Squid SPN accounts in UCS-LDAP, will be recreated later with new password.") > for service in ("zarafa", "http", "http-proxy"): >- run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=%s-%s,cn=users,%s" % (service, self.ucr["hostname"], self.ucr["ldap/base"])], log.debug) >+ run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=%s-%s,cn=users,%s" % (escape_dn_chars(service), escape_dn_chars(self.ucr["hostname"]), self.ucr["ldap/base"])], log.debug) > > # Remove logonHours restrictions from Administrator account, was set in one test environment.. > msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >@@ -1487,12 +1485,12 @@ def __init__(self, ucr): > log.error("\n".join(msg)) > raise TakeoverError(_("The Active Directory domain join was not completed successfully yet.")) > >- self.ad_server_fqdn, self.ad_server_name = self.ucr["hosts/static/%s" % self.ad_server_ip].split() >+ self.ad_server_fqdn, self.ad_server_name = self.ucr["hosts/static/%s" % self.ad_server_ip].split(None, 1) > > # Check if the AD server is already in the local SAM db > samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(self.lp), lp=self.lp) > msgs = samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >- expression="(sAMAccountName=%s$)" % self.ad_server_name, >+ expression=filter_format("(sAMAccountName=%s$)", [self.ad_server_name]), > attrs=["objectSid"]) > if msgs: > log.info("OK, Found the AD DC %s account in the local Samba 4 SAM database." % self.ad_server_name) >@@ -1542,7 +1540,7 @@ def post_join_fix_samDB(self): > self.sitename = None > self.samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(self.lp), lp=self.lp) > msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >- expression="(sAMAccountName=%s$)" % self.ucr["hostname"], >+ expression=filter_format("(sAMAccountName=%s$)", (self.ucr["hostname"],)), > attrs=["serverReferenceBL"]) > if msgs: > obj = msgs[0] >@@ -1602,9 +1600,9 @@ def create_DNS_alias_for_AD_hostname(self): > run_and_output_to_log(["univention-config-registry", "unset", "hosts/static/%s" % self.ad_server_ip], log.debug) > > # Replace DNS host record for AD Server name by DNS Alias >- run_and_output_to_log(["univention-directory-manager", "dns/host_record", "delete", "--superordinate", "zoneName=%s,cn=dns,%s" % (self.ucr["domainname"], self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (self.ad_server_name, self.ucr["domainname"], self.ucr["ldap/base"])], log.debug) >+ run_and_output_to_log(["univention-directory-manager", "dns/host_record", "delete", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(self.ucr["domainname"]), self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (escape_dn_chars(self.ad_server_name), escape_dn_chars(self.ucr["domainname"]), self.ucr["ldap/base"])], log.debug) > >- returncode = run_and_output_to_log(["univention-directory-manager", "dns/alias", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (self.ucr["domainname"], self.ucr["ldap/base"]), "--set", "name=%s" % self.ad_server_name, "--set", "cname=%s" % self.local_fqdn], log.debug) >+ returncode = run_and_output_to_log(["univention-directory-manager", "dns/alias", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(self.ucr["domainname"]), self.ucr["ldap/base"]), "--set", "name=%s" % self.ad_server_name, "--set", "cname=%s" % self.local_fqdn], log.debug) > if returncode != 0: > log.error("Creation of dns/alias %s for %s failed. See %s for details." % (self.ad_server_name, self.local_fqdn, LOGFILE_NAME,)) > >@@ -1612,7 +1610,7 @@ def remove_AD_server_account_from_samdb(self): > # Cleanup necessary to use NETBIOS Alias > backlink_attribute_list = ["serverReferenceBL", "frsComputerReferenceBL", "msDFSR-ComputerReferenceBL"] > msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, >- expression="(sAMAccountName=%s$)" % self.ad_server_name, >+ expression=filter_format("(sAMAccountName=%s$)", [self.ad_server_name]), > attrs=backlink_attribute_list) > if msgs: > obj = msgs[0] >@@ -1644,7 +1642,7 @@ def remove_AD_server_account_from_samdb(self): > def remove_AD_server_account_from_UDM(self): > # Finally, for consistency remove AD DC object from UDM > log.debug("Removing AD DC account from local Univention Directory Manager") >- returncode = run_and_output_to_log(["univention-directory-manager", "computers/windows_domaincontroller", "delete", "--dn", "cn=%s,cn=dc,cn=computers,%s" % (self.ad_server_name, self.ucr["ldap/base"])], log.debug) >+ returncode = run_and_output_to_log(["univention-directory-manager", "computers/windows_domaincontroller", "delete", "--dn", "cn=%s,cn=dc,cn=computers,%s" % (escape_dn_chars(self.ad_server_name), self.ucr["ldap/base"])], log.debug) > if returncode != 0: > log.error("Removal of DC account %s via UDM failed. See %s for details." % (self.ad_server_name, LOGFILE_NAME,)) > >@@ -1739,16 +1737,16 @@ def create_reverse_DNS_records(self): > > if ptr_zone and ptr_address: > # check for an existing record. >- p = subprocess.Popen(["univention-directory-manager", "dns/ptr_record", "list", "--superordinate", "zoneName=%s,cn=dns,%s" % (ptr_zone, self.ucr["ldap/base"]), "--filter", "address=%s" % ptr_address], stdout=subprocess.PIPE, stderr=subprocess.PIPE) >+ p = subprocess.Popen(["univention-directory-manager", "dns/ptr_record", "list", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--filter", filter_format("address=%s", [ptr_address])], stdout=subprocess.PIPE, stderr=subprocess.PIPE) > (stdout, stderr) = p.communicate() > if len(stdout.rstrip().split('\n')) > 1: > # modify existing record. >- returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "modify", "--superordinate", "zoneName=%s,cn=dns,%s" % (ptr_zone, self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (ptr_address, ptr_zone, self.ucr["ldap/base"]), "--set", "ptr_record=%s." % self.local_fqdn], log.debug) >+ returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "modify", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_address), escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--set", "ptr_record=%s." % self.local_fqdn], log.debug) > if returncode != 0: > log.warn("Warning: Update of reverse DNS record %s for %s failed. See %s for details." % (self.ad_server_ip, self.local_fqdn, LOGFILE_NAME,)) > else: > # add new record. >- returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (ptr_zone, self.ucr["ldap/base"]), "--set", "address=%s" % ptr_address, "--set", "ptr_record=%s." % self.local_fqdn], log.debug) >+ returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--set", "address=%s" % ptr_address, "--set", "ptr_record=%s." % self.local_fqdn], log.debug) > if returncode != 0: > log.warn("Warning: Creation of reverse DNS record %s for %s failed. See %s for details." % (self.ad_server_ip, self.local_fqdn, LOGFILE_NAME,)) > else: >@@ -2200,21 +2198,14 @@ def udm_rename_ucs_user(self, userdn, new_name): > try: > log.debug("Renaming '%s' to '%s' in UCS LDAP." % (user.dn, new_name)) > user['username'] = new_name >- user.modify() >+ return user.modify() > except uexceptions.ldapError as exc: > log.debug("Renaming of user '%s' failed: %s." % (userdn, exc,)) > return > >- dnparts = ldap.explode_dn(userdn) >- rdn = dnparts[0].split('=', 1) >- dnparts[0] = '='.join((rdn[0], new_name)) >- new_userdn = ",".join(dnparts) >- >- return new_userdn >- > def rename_ucs_user(self, ucsldap_object_name, ad_object_name): > userdns = self.lo.searchDn( >- filter="(&(objectClass=sambaSamAccount)(uid=%s))" % (ucsldap_object_name, ), >+ filter=filter_format("(&(objectClass=sambaSamAccount)(uid=%s))", (ucsldap_object_name, )), > base=self.lo.base) > > if len(userdns) > 1: >@@ -2259,18 +2250,11 @@ def udm_rename_ucs_group(self, groupdn, new_name): > try: > log.debug("Renaming '%s' to '%s' in UCS LDAP." % (group.dn, new_name)) > group['name'] = new_name >- group.modify() >+ return group.modify() > except uexceptions.ldapError as exc: > log.debug("Renaming of group '%s' failed: %s." % (groupdn, exc,)) > return > >- dnparts = ldap.explode_dn(groupdn) >- rdn = dnparts[0].split('=', 1) >- dnparts[0] = '='.join((rdn[0], new_name)) >- new_groupdn = ",".join(dnparts) >- >- return new_groupdn >- > def udm_rename_ucs_defaultGroup(self, groupdn, new_groupdn): > if not new_groupdn: > return >@@ -2297,7 +2281,7 @@ def udm_rename_ucs_defaultGroup(self, groupdn, new_groupdn): > > def rename_ucs_group(self, ucsldap_object_name, ad_object_name): > groupdns = self.lo.searchDn( >- filter="(&(objectClass=sambaGroupMapping)(cn=%s))" % (ucsldap_object_name, ), >+ filter=filter_format("(&(objectClass=sambaGroupMapping)(cn=%s))", (ucsldap_object_name, )), > base=self.lo.base) > > if len(groupdns) > 1: >@@ -2334,7 +2318,7 @@ def _connect_ucs(ucr, binddn=None, bindpwd=None): > > > def operatingSystem_attribute(ucr, samdb): >- msg = samdb.search(base=samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, expression="(sAMAccountName=%s$)" % ucr["hostname"], attrs=["operatingSystem", "operatingSystemVersion"]) >+ msg = samdb.search(base=samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, expression=filter_format("(sAMAccountName=%s$)", (ucr["hostname"],)), attrs=["operatingSystem", "operatingSystemVersion"]) > if msg: > obj = msg[0] > if "operatingSystem" not in obj: >@@ -2352,7 +2336,7 @@ def operatingSystem_attribute(ucr, samdb): > def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, sitename): > # DC Behaviour Version > msg = remote_samdb.search( >- base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ad_server_name, sitename, samdb.domain_dn()), >+ base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ad_server_name), escape_dn_chars(sitename), samdb.domain_dn()), > scope=samba.ldb.SCOPE_BASE, > attrs=["msDS-HasMasterNCs", "msDS-HasInstantiatedNCs", "msDS-Behavior-Version"] > ) >@@ -2360,7 +2344,7 @@ def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, siten > obj = msg[0] > if "msDS-Behavior-Version" in obj: > delta = ldb.Message() >- delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ucr["hostname"], sitename, samdb.domain_dn())) >+ delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ucr["hostname"]), escape_dn_chars(sitename), samdb.domain_dn())) > delta["msDS-Behavior-Version"] = ldb.MessageElement(obj["msDS-Behavior-Version"], ldb.FLAG_MOD_REPLACE, "msDS-Behavior-Version") > samdb.modify(delta) > >@@ -2368,7 +2352,7 @@ def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, siten > def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename): > partitions = [] > try: >- msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ad_server_name, sitename, samdb.domain_dn()), >+ msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ad_server_name), escape_dn_chars(sitename), samdb.domain_dn()), > scope=samba.ldb.SCOPE_BASE, > attrs=["msDS-hasMasterNCs", "msDS-HasInstantiatedNCs"]) > except ldb.LdbError as ex: >@@ -2378,7 +2362,7 @@ def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename): > if msg: > obj = msg[0] > delta = ldb.Message() >- delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ucr["hostname"], sitename, samdb.domain_dn())) >+ delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ucr["hostname"]), escape_dn_chars(sitename), samdb.domain_dn())) > if "msDS-HasInstantiatedNCs" in obj: > for partitionDN in obj["msDS-HasInstantiatedNCs"]: > delta[partitionDN] = ldb.MessageElement(obj["msDS-HasInstantiatedNCs"], ldb.FLAG_MOD_REPLACE, "msDS-HasInstantiatedNCs") >@@ -2393,7 +2377,7 @@ def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename): > > > def takeover_hasMasterNCs(ucr, samdb, sitename, partitions): >- msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ucr["hostname"], sitename, samdb.domain_dn()), scope=samba.ldb.SCOPE_BASE, attrs=["hasPartialReplicaNCs", "msDS-hasMasterNCs"]) >+ msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ucr["hostname"]), escape_dn_chars(sitename), samdb.domain_dn()), scope=samba.ldb.SCOPE_BASE, attrs=["hasPartialReplicaNCs", "msDS-hasMasterNCs"]) > if msg: > obj = msg[0] > for partition in partitions: >@@ -2426,7 +2410,7 @@ def let_samba4_manage_etc_krb5_keytab(ucr, secretsdb): > msg = secretsdb.search( > base="cn=Primary Domains", > scope=samba.ldb.SCOPE_SUBTREE, >- expression="(flatName=%s)" % ucr["windows/domain"], >+ expression=filter_format("(flatName=%s)", (ucr["windows/domain"],)), > attrs=["krb5Keytab"] > ) > if msg: >@@ -2442,7 +2426,7 @@ def add_servicePrincipals(ucr, secretsdb, spn_list): > msg = secretsdb.search( > base="cn=Primary Domains", > scope=samba.ldb.SCOPE_SUBTREE, >- expression="(flatName=%s)" % ucr["windows/domain"], >+ expression=filter_format("(flatName=%s)", (ucr["windows/domain"],)), > attrs=["servicePrincipalName"] > ) > if msg: >@@ -2456,13 +2440,8 @@ def add_servicePrincipals(ucr, secretsdb, spn_list): > > > def sync_position_s4_to_ucs(ucr, udm_type, ucs_object_dn, s4_object_dn): >- rdn_list = ldap.explode_dn(s4_object_dn) >- rdn_list.pop(0) >- new_position = string.replace(','.join(rdn_list).lower(), ucr['connector/s4/ldap/base'].lower(), ucr['ldap/base'].lower()) >- >- rdn_list = ldap.explode_dn(ucs_object_dn) >- rdn_list.pop(0) >- old_position = ','.join(rdn_list) >+ new_position = parentDn(s4_object_dn).lower().replace(ucr['connector/s4/ldap/base'].lower(), ucr['ldap/base'].lower()) >+ old_position = parentDn(ucs_object_dn) > > if new_position.lower() != old_position.lower(): > run_and_output_to_log(["/usr/sbin/univention-directory-manager", udm_type, "move", "--dn", ucs_object_dn, "--position", new_position], log.debug) > >commit 46e80f6e43d0ff6ea99c33c5493d078cc9674303 >Author: Florian Best <best@univention.de> >Date: Wed Aug 9 15:45:11 2017 +0200 > > Bug #40055: sort imports by stdlib, third party, univention > >diff --git a/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py b/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py >index 182ff7f..4481605 100755 >--- a/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py >+++ b/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py >@@ -31,49 +31,54 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-import samba.getopt >-import sys > import os > import re >-import subprocess >+import sys >+import time >+import locale > import shutil >+import string >+import logging >+import traceback >+import subprocess >+import ConfigParser >+from datetime import datetime, timedelta >+ > import ldb > import samba >+import samba.getopt >+from samba import Ldb > from samba.samdb import SamDB > from samba.auth import system_session > from samba.param import LoadParm >-import time >-import ldap > from samba.ndr import ndr_unpack > from samba.dcerpc import security >+# from samba.netcmd.common import netcmd_get_domain_infos_via_cldap >+from samba.dcerpc import nbt >+from samba.net import Net >+from samba.credentials import Credentials, DONT_USE_KERBEROS >+ >+import ldap >+import sqlite3 >+import ipaddr >+from ldap.filter import filter_format >+from ldap.dn import escape_dn_chars >+ > import univention.admin.uldap > import univention.admin.uexceptions as uexceptions >-import string >-import sqlite3 > import univention.admin.modules as udm_modules > import univention.admin.filter as udm_filter > import univention.admin.objects > import univention.admin.config > from univention.admincli import license_check >-import ipaddr >-import logging >-import traceback >-from univention.admin.handlers.dns.reverse_zone import mapSubnet > import univention.lib > import univention.lib.s4 >-from datetime import datetime, timedelta >-import locale > import univention.config_registry >-# from samba.netcmd.common import netcmd_get_domain_infos_via_cldap >-from samba.dcerpc import nbt >-from samba.net import Net >-from samba.credentials import Credentials, DONT_USE_KERBEROS >-from univention.management.console.log import MODULE >-import univention.management.console as umc >-import ConfigParser > import univention.lib.admember > from univention.config_registry.interfaces import Interfaces >-from samba import Ldb >+from univention.management.console.log import MODULE >+from univention.management.console import Translation >+ > > ucr = univention.config_registry.ConfigRegistry() > ucr.load() >@@ -98,7 +103,7 @@ > > DEVNULL = open(os.devnull, 'w') > >-_ = umc.Translation('univention-management-console-module-adtakeover').translate >+_ = Translation('univention-management-console-module-adtakeover').translate > > > class Progress(object): >@@ -411,8 +416,6 @@ def set_status_done(): > state = AD_Takeover_State() > return state.set_done() > >-# >- > > class AD_Takeover_State(): >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9110">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 40055
: 9110 |
9966
|
9984
|
9998