sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

s4 upgradeprovision: Adapt the list of attribute modified

Browse Source 
* isMemberOfPartialAttributeSet is now allowed to be deleted (on schema
 objects)
* attributeDisplayNames is now allowed to be added and modified (used on
  display specifiers)
* spnMapping is now allowed to be altered on Directory Service objects
* minPwdAge is now modified if the previous value was 0

We issue a clear information about the userControl attribute for
administrator to invite the user to modify himself the value.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Matthieu Patou 2010-07-11 17:27:13 +04:00 committed by Andrew Bartlett
parent a748402f61
commit 36b5feceee
1 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
source4/scripting/bin/upgradeprovision
View File

@ -105,7 +105,9 @@ hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,
"wellKnownObjects":replace, "privilege":never,
"defaultSecurityDescriptor": replace,
"rIDAvailablePool": never,
"defaultSecurityDescriptor": replace + add }
"defaultSecurityDescriptor": replace + add,
"isMemberOfPartialAttributeSet": delete,
"attributeDisplayNames": replace + add}
backlinked = []
@ -287,7 +289,7 @@ def print_provision_key_parameters(names):
message(GUESS, "domainlevel :" + str(names.domainlevel))
def handle_special_case(att, delta, new, old, usn):
def handle_special_case(att, delta, new, old, usn, basedn, aldb):
"""Define more complicate update rules for some attributes
:param att: The attribute to be updated
@ -296,6 +298,8 @@ def handle_special_case(att, delta, new, old, usn):
:param new: The reference object
:param old: The Updated object
:param usn: The highest usn modified by a previous (upgrade)provision
:param basedn: The base DN of the provision
:param aldb: An ldb object used to build DN
:return: True to indicate that the attribute should be kept, False for
discarding it"""
@ -304,6 +308,23 @@ def handle_special_case(att, delta, new, old, usn):
# highest usn as otherwise the replPropertyMetaData will guide us more
# correctly
if usn is None:
if (att == "sPNMappings" and flag == FLAG_MOD_REPLACE and
ldb.Dn(aldb, "CN=Directory Service,CN=Windows NT,"
"CN=Services,CN=Configuration,%s" % basedn)
== old[0].dn):
return True
if (att == "userAccountControl" and flag == FLAG_MOD_REPLACE and
ldb.Dn(aldb, "CN=Administrator,CN=Users,%s" % basedn)
== old[0].dn):
message(SIMPLE, "We suggest that you change the userAccountControl"
" for user Administrator from value %d to %d" %
(int(str(old[0][att])), int(str(new[0][att]))))
return False
if (att == "minPwdAge" and flag == FLAG_MOD_REPLACE):
if (long(str(old[0][att])) == 0):
delta[att] = MessageElement(new[0][att], FLAG_MOD_REPLACE, att)
return True
if (att == "member" and flag == FLAG_MOD_REPLACE):
hash = {}
newval = []
@ -825,7 +846,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
# idea to change it
delta.remove(att)
continue
if handle_special_case(att, delta, reference, current, usns):
if handle_special_case(att, delta, reference, current, usns, basedn, samdb):
# This attribute is "complicated" to handle and handling
# was done in handle_special_case
continue
@ -883,7 +904,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
if not hashOverwrittenAtt.has_key(att):
if msgElt.flags() != FLAG_MOD_ADD:
if not handle_special_case(att, delta, reference, current,
usns):
usns, basedn, samdb):
if opts.debugchange or opts.debugall:
try:
dump_denied_change(dn, att,