testprogs/blackbox/schemaupgrade.sh

   1 #!/bin/sh
   2
   3 if [ $# -lt 1 ]; then
   4         cat <<EOF
   5 Usage: $0 PREFIX
   6 EOF
   7         exit 1
   8 fi
   9
  10 PREFIX_ABS="$1"
  11 shift 1
  12
  13 . $(dirname $0)/subunit.sh
  14
  15 cleanup_output_directories()
  16 {
  17         if [ -d $PREFIX_ABS/2012R2_schema ]; then
  18                 rm -fr $PREFIX_ABS/2012R2_schema
  19         fi
  20
  21         if [ -d $PREFIX_ABS/2008R2_schema ]; then
  22                 rm -fr $PREFIX_ABS/2008R2_schema
  23         fi
  24 }
  25
  26 PROVISION_OPTS="--use-ntvfs --host-ip6=::1 --host-ip=127.0.0.1"
  27
  28 provision_2012r2()
  29 {
  30         $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2012r2.samba.corp --targetdir=$PREFIX_ABS/2012R2_schema --base-schema=2012_R2 --adprep-level=SKIP
  31 }
  32
  33 provision_2008r2()
  34 {
  35         $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2008r2.samba.corp --targetdir=$PREFIX_ABS/2008R2_schema --base-schema=2008_R2
  36 }
  37
  38 provision_2008r2_old()
  39 {
  40         $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2008r2.samba.corp --targetdir=$PREFIX_ABS/2008R2_old_schema --base-schema=2008_R2_old
  41 }
  42
  43 ldapcmp_ignore()
  44 {
  45
  46         IGNORE_ATTRS=$1
  47
  48         # there's discrepancies between the SDDL strings in the adprep LDIF files
  49         # vs the 2012 schema, where one source will have ACE rights repeated, e.g.
  50         # "LOLO" in adprep vs "LO" in the schema
  51         IGNORE_ATTRS="$IGNORE_ATTRS,defaultSecurityDescriptor"
  52
  53         # the adprep LDIF files updates these attributes for the DisplaySpecifiers
  54         # objects, but we don't have the 2012 DisplaySpecifiers documentation...
  55         IGNORE_ATTRS="$IGNORE_ATTRS,adminContextMenu,adminPropertyPages"
  56
  57         $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2_schema/private/sam.ldb tdb://$PREFIX_ABS/$3_schema/private/sam.ldb --two --filter=$IGNORE_ATTRS --skip-missing-dn
  58 }
  59
  60 ldapcmp_old()
  61 {
  62         # the original 2008 schema we received from Microsoft was missing
  63         # descriptions and display names. This has been fixed up in the current
  64         # Microsoft schemas
  65         IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
  66
  67         # we didn't get showInAdvancedViewOnly right on Samba
  68         IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
  69
  70         ldapcmp_ignore "$IGNORE_ATTRS" "2008R2_old" "2012R2"
  71 }
  72
  73 ldapcmp()
  74 {
  75         # The adminDescription and adminDisplayName have been editorially
  76         # corrected in the 2012R2 schema but not in the adprep files.
  77         ldapcmp_ignore "adminDescription,adminDisplayName" "2008R2" "2012R2"
  78 }
  79
  80 ldapcmp_2008R2_2008R2_old()
  81 {
  82         # the original 2008 schema we received from Microsoft was missing
  83         # descriptions and display names. This has been fixed up in the current
  84         # Microsoft schemas
  85         IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
  86
  87         # we didn't get showInAdvancedViewOnly right on Samba
  88         IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
  89
  90         ldapcmp_ignore $IGNORE_ATTRS "2008R2" "2008R2_old"
  91 }
  92
  93 schema_upgrade()
  94 {
  95         $PYTHON $BINDIR/samba-tool domain schemaupgrade -H tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb --schema=2012_R2
  96 }
  97
  98 schema_upgrade_old()
  99 {
 100         $PYTHON $BINDIR/samba-tool domain schemaupgrade -H tdb://$PREFIX_ABS/2008R2_old_schema/private/sam.ldb --schema=2012_R2
 101 }
 102
 103 # double-check we cleaned up from the last test run
 104 cleanup_output_directories
 105
 106 # Provision 2 DCs, one based on the 2008R2 schema and one using 2012R2
 107 testit "provision_2008R2_schema" provision_2008r2
 108 testit "provision_2008R2_old_schema" provision_2008r2_old
 109 testit "provision_2012R2_schema" provision_2012r2
 110
 111 # we expect the 2 schemas to be different
 112 testit_expect_failure "expect_schema_differences" ldapcmp
 113
 114 # check that the 2 schemas are now the same, ignoring Samba bugs
 115 testit "check_2008R2_2008R2_schemas_same" ldapcmp_2008R2_2008R2_old
 116
 117 # upgrade the 2008 schema to 2012
 118 testit "schema_upgrade" schema_upgrade
 119
 120 # check that the 2 schemas are now the same
 121 testit "check_schemas_same" ldapcmp
 122
 123 # upgrade the 2008 schema to 2012
 124 testit "schema_upgrade_old" schema_upgrade_old
 125
 126 # check that the 2 schemas are now the same, ignoring Samba bugs
 127 testit "check_schemas_same_old" ldapcmp_old
 128
 129 cleanup_output_directories
 130
 131 exit $failed