diff options
author | Andrew Bartlett <abartlet@samba.org> | 2015-08-03 11:25:02 +1200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-09-03 09:11:52 +0200 |
commit | 47af9ce98ad852f66c69a054a768429839d8bfdd (patch) | |
tree | 6a05c2fb05b0e00ddf03155e0b087a43a450c0dd | |
parent | 74043c5edc19be602b12d54dcf261ea58290d0f6 (diff) | |
download | samba-47af9ce98ad852f66c69a054a768429839d8bfdd.tar.gz |
selftest: Add in steps to re-create this database
This may assist if this needs to be changed again
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5504502aa68f4901f52dc2e8f7ee8b3a9c74546e)
5 files changed, 334 insertions, 0 deletions
diff --git a/source4/selftest/provisions/release-4-1-0rc3/steps-to-reproduce.txt b/source4/selftest/provisions/release-4-1-0rc3/steps-to-reproduce.txt new file mode 100644 index 00000000000..fee4e577f06 --- /dev/null +++ b/source4/selftest/provisions/release-4-1-0rc3/steps-to-reproduce.txt @@ -0,0 +1,30 @@ +# To reproduce the domain in this snapshot: + +git checkout 6a03c817b3a0ef278d10893eafd327ee20bdca58 +git cherry-pick f80d6500b93537e5513a9042006ae95a093e1484 +patch -p1 < rename-domains.patch + +# MASTER_SRC needs to point at where the schema files can be found, not the 4.1.0rc1 checkout + +SELFTEST_TESTENV=promoted_dc:local ./buildtools/bin/waf test --testenv + +# then in the testenv, run: + +bin/ldbadd -H st/dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.ldif --option='dsdb:schema update allowed=yes' +bin/ldbadd -H st/dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.2.ldif --option='dsdb:schema update allowed=yes' +bin/ldbadd -H st/dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudoers.ldif + +(wait some time, retry until successful) + +bin/samba-tool drs replicate $SERVER.$REALM $DC_SERVER.$REALM DC=release-4-1-0rc3,DC=samba,DC=corp -U$DC_USERNAME%$DC_PASSWORD +bin/samba-tool drs replicate $DC_SERVER.$REALM $SERVER.$REALM DC=release-4-1-0rc3,DC=samba,DC=corp -U$DC_USERNAME%$DC_PASSWORD + +bin/ldbmodify -H st/promoted_dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudoers-mod.ldif + +bin/ldbsearch -H st/promoted_dc/private/sam.ldb cn=ops_run_anything \* replpropertymetadata --show-binary > source4/selftest/provisions/release-4-1-0rc3/expected-replpropertymetadata-before-dbcheck.ldif + +# Then these modified files can be pushed back into master by running + +$MASTER_SRC/source4/selftest/provisions/dump.sh st/promoted_dc $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3 + +# Finally copy in expected-replpropertymetadata-before-dbcheck.ldif diff --git a/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.2.ldif b/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.2.ldif new file mode 100644 index 00000000000..74729670ad4 --- /dev/null +++ b/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.2.ldif @@ -0,0 +1,52 @@ +# Copyright (c) 1994-1996, 1998-2015 +# Todd C. Miller <Todd.Miller@courtesan.com> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# Sponsored in part by the Defense Advanced Research Projects +# Agency (DARPA) and Air Force Research Laboratory, Air Force +# Materiel Command, USAF, under agreement number F39502-99-1-0512. +# + +dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: classSchema +cn: sudoRole +distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +possSuperiors: container +possSuperiors: top +subClassOf: top +governsID: 1.3.6.1.4.1.15953.9.2.1 +mayContain: sudoCommand +mayContain: sudoHost +mayContain: sudoOption +mayContain: sudoRunAs +mayContain: sudoRunAsUser +mayContain: sudoRunAsGroup +mayContain: sudoUser +mayContain: sudoNotBefore +mayContain: sudoNotAfter +mayContain: sudoOrder +rDNAttID: cn +showInAdvancedViewOnly: FALSE +adminDisplayName: sudoRole +adminDescription: Sudoer Entries +objectClassCategory: 1 +lDAPDisplayName: sudoRole +name: sudoRole +schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== +systemOnly: FALSE +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp diff --git a/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.ldif b/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.ldif new file mode 100644 index 00000000000..5ec0695cea8 --- /dev/null +++ b/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.ldif @@ -0,0 +1,235 @@ +# Copyright (c) 1994-1996, 1998-2015 +# Todd C. Miller <Todd.Miller@courtesan.com> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# Sponsored in part by the Defense Advanced Research Projects +# Agency (DARPA) and Air Force Research Laboratory, Air Force +# Materiel Command, USAF, under agreement number F39502-99-1-0512. +# +# +# Active Directory Schema for sudo configuration (sudoers) +# +# To extend your Active Directory schema, run one of the following command +# on your Windows DC (default port - Active Directory): +# +# ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext +# +# or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode) +# Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance +# +# ldifde -i -f schema.ActiveDirectory -t 50000 -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext +# +# or +# +# ldifde -i -f schema.ActiveDirectory -s server:port -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext +# +# Can add username domain and password +# +# -b username domain password +# +# Can create Log file in current or any directory +# +# -j . +# + +dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoUser +distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.1 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoUser +adminDescription: User(s) who may run sudo +oMSyntax: 22 +searchFlags: 1 +lDAPDisplayName: sudoUser +name: sudoUser +schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoHost +distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.2 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoHost +adminDescription: Host(s) who may run sudo +oMSyntax: 22 +lDAPDisplayName: sudoHost +name: sudoHost +schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoCommand +distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.3 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoCommand +adminDescription: Command(s) to be executed by sudo +oMSyntax: 22 +lDAPDisplayName: sudoCommand +name: sudoCommand +schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoRunAs +distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.4 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoRunAs +adminDescription: User(s) impersonated by sudo (deprecated) +oMSyntax: 22 +lDAPDisplayName: sudoRunAs +name: sudoRunAs +schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoOption +distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.5 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoOption +adminDescription: Option(s) followed by sudo +oMSyntax: 22 +lDAPDisplayName: sudoOption +name: sudoOption +schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoRunAsUser +distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.6 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoRunAsUser +adminDescription: User(s) impersonated by sudo +oMSyntax: 22 +lDAPDisplayName: sudoRunAsUser +name: sudoRunAsUser +schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoRunAsGroup +distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.7 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoRunAsGroup +adminDescription: Groups(s) impersonated by sudo +oMSyntax: 22 +lDAPDisplayName: sudoRunAsGroup +name: sudoRunAsGroup +schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoNotBefore +distinguishedName: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.8 +attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoNotBefore +adminDescription: Start of time interval for which the entry is valid +oMSyntax: 24 +lDAPDisplayName: sudoNotBefore +name: sudoNotBefore +schemaIDGUID:: dm1HnRfY4RGf4gopYYhwmw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoNotAfter +distinguishedName: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.9 +attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoNotAfter +adminDescription: End of time interval for which the entry is valid +oMSyntax: 24 +lDAPDisplayName: sudoNotAfter +name: sudoNotAfter +schemaIDGUID:: OAr/pBfY4RG9dBIpYYhwmw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp + +dn: CN=sudoOrder,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoOrder +distinguishedName: CN=sudoOrder,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.10 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoOrder +adminDescription: an integer to order the sudoRole entries +oMSyntax: 2 +lDAPDisplayName: sudoOrder +name: sudoOrder +schemaIDGUID:: 0J8yrRfY4RGIYBUpYYhwmw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp diff --git a/source4/selftest/provisions/release-4-1-0rc3/sudoers-mod.ldif b/source4/selftest/provisions/release-4-1-0rc3/sudoers-mod.ldif new file mode 100644 index 00000000000..d483605c9b1 --- /dev/null +++ b/source4/selftest/provisions/release-4-1-0rc3/sudoers-mod.ldif @@ -0,0 +1,4 @@ +dn: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: modify +delete: sudoUser +- diff --git a/source4/selftest/provisions/release-4-1-0rc3/sudoers.ldif b/source4/selftest/provisions/release-4-1-0rc3/sudoers.ldif new file mode 100644 index 00000000000..51495b9bdd0 --- /dev/null +++ b/source4/selftest/provisions/release-4-1-0rc3/sudoers.ldif @@ -0,0 +1,13 @@ +dn: ou=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp +objectclass: organizationalunit +- + +dn: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp +changetype: add +sudoUser: %ops +sudoHost: ALL +sudoCommand: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +objectClass: top +objectClass: sudoRole |