testprogs/blackbox/schemaupgrade.sh

   1 #!/bin/sh
   2
   3 if [ $# -lt 1 ]; then
   4 cat <<EOF
   5 Usage: $0 PREFIX
   6 EOF
   7 exit 1;
   8 fi
   9
  10 PREFIX_ABS="$1"
  11 shift 1
  12
  13 . `dirname $0`/subunit.sh
  14
  15 cleanup_output_directories()
  16 {
  17     if [ -d $PREFIX_ABS/2012R2_schema ]; then
  18         rm -fr $PREFIX_ABS/2012R2_schema
  19     fi
  20
  21     if [ -d $PREFIX_ABS/2008R2_schema ]; then
  22         rm -fr $PREFIX_ABS/2008R2_schema
  23     fi
  24 }
  25
  26 PROVISION_OPTS="--use-ntvfs --host-ip6=::1 --host-ip=127.0.0.1"
  27
  28 provision_2012r2() {
  29     $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2012r2.samba.corp --targetdir=$PREFIX_ABS/2012R2_schema --base-schema=2012_R2
  30 }
  31
  32 provision_2008r2() {
  33     $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2008r2.samba.corp --targetdir=$PREFIX_ABS/2008R2_schema --base-schema=2008_R2
  34 }
  35
  36 provision_2008r2_old() {
  37     $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2008r2.samba.corp --targetdir=$PREFIX_ABS/2008R2_old_schema --base-schema=2008_R2_old
  38 }
  39
  40 ldapcmp_ignore() {
  41
  42     IGNORE_ATTRS=$1
  43
  44     # there's discrepancies between the SDDL strings in the adprep LDIF files
  45     # vs the 2012 schema, where one source will have ACE rights repeated, e.g.
  46     # "LOLO" in adprep vs "LO" in the schema
  47     IGNORE_ATTRS="$IGNORE_ATTRS,defaultSecurityDescriptor"
  48
  49     # the adprep LDIF files updates these attributes for the DisplaySpecifiers
  50     # objects, but we don't have the 2012 DisplaySpecifiers documentation...
  51     IGNORE_ATTRS="$IGNORE_ATTRS,adminContextMenu,adminPropertyPages"
  52
  53     $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2_schema/private/sam.ldb tdb://$PREFIX_ABS/$3_schema/private/sam.ldb --two --filter=$IGNORE_ATTRS --skip-missing-dn
  54 }
  55
  56 ldapcmp_old() {
  57     # the original 2008 schema we received from Microsoft was missing
  58     # descriptions and display names. This has been fixed up in the current
  59     # Microsoft schemas
  60     IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
  61
  62     # we didn't get showInAdvancedViewOnly right on Samba
  63     IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
  64
  65     ldapcmp_ignore "$IGNORE_ATTRS" "2008R2_old" "2012R2"
  66 }
  67
  68 ldapcmp() {
  69     # The adminDescription and adminDisplayName have been editorially
  70     # corrected in the 2012R2 schema but not in the adprep files.
  71     ldapcmp_ignore "adminDescription,adminDisplayName"  "2008R2"  "2012R2"
  72 }
  73
  74 ldapcmp_2008R2_2008R2_old() {
  75     # the original 2008 schema we received from Microsoft was missing
  76     # descriptions and display names. This has been fixed up in the current
  77     # Microsoft schemas
  78     IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
  79
  80     # we didn't get showInAdvancedViewOnly right on Samba
  81     IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
  82
  83     ldapcmp_ignore $IGNORE_ATTRS  "2008R2"  "2008R2_old"
  84 }
  85
  86 schema_upgrade() {
  87         $PYTHON $BINDIR/samba-tool domain schemaupgrade -H tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb --schema=2012_R2
  88 }
  89
  90 schema_upgrade_old() {
  91         $PYTHON $BINDIR/samba-tool domain schemaupgrade -H tdb://$PREFIX_ABS/2008R2_old_schema/private/sam.ldb --schema=2012_R2
  92 }
  93
  94 # double-check we cleaned up from the last test run
  95 cleanup_output_directories
  96
  97 # Provision 2 DCs, one based on the 2008R2 schema and one using 2012R2
  98 testit "provision_2008R2_schema" provision_2008r2
  99 testit "provision_2008R2_old_schema" provision_2008r2_old
 100 testit "provision_2012R2_schema" provision_2012r2
 101
 102 # we expect the 2 schemas to be different
 103 testit_expect_failure "expect_schema_differences" ldapcmp
 104
 105 # check that the 2 schemas are now the same, ignoring Samba bugs
 106 testit "check_2008R2_2008R2_schemas_same" ldapcmp_2008R2_2008R2_old
 107
 108 # upgrade the 2008 schema to 2012
 109 testit "schema_upgrade" schema_upgrade
 110
 111 # check that the 2 schemas are now the same
 112 testit "check_schemas_same" ldapcmp
 113
 114 # upgrade the 2008 schema to 2012
 115 testit "schema_upgrade_old" schema_upgrade_old
 116
 117 # check that the 2 schemas are now the same, ignoring Samba bugs
 118 testit "check_schemas_same_old" ldapcmp_old
 119
 120 cleanup_output_directories
 121
 122 exit $failed