s4 upgradeprovision: introduce a new function to update the field use for calculating msds-keyversionnumber

This function change the version field of the unicodePwd in the
replPropertyMetaData so that the version is equal or
superior to the reference value passed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

source4/scripting/python/samba/upgradehelpers.py

@@ -704,14 +704,48 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
         set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
             names.domaindn, samdb, lp)
     except TypeError, e:
-        message(ERROR, "Unable to set ACLs on policies related objects, if not using posix:eadb, you must be root to do it")
+        message(ERROR, "Unable to set ACLs on policies related objects,"
+                       " if not using posix:eadb, you must be root to do it")
 
     if resetacls:
        try:
             setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid,
                         names.domainsid, names.dnsdomain, names.domaindn, lp)
        except TypeError, e:
-            message(ERROR, "Unable to set ACLs on sysvol share, if not using posix:eadb, you must be root to do it")
+            message(ERROR, "Unable to set ACLs on sysvol share, if not using"
+                           "posix:eadb, you must be root to do it")
+
+def increment_calculated_keyversion_number(samdb, rootdn, hashDns):
+    """For a given hash associating dn and a number, this function will
+    update the replPropertyMetaData of each dn in the hash, so that the
+    calculated value of the msDs-KeyVersionNumber is equal or superior to the
+    one associated to the given dn.
+
+    :param samdb: An SamDB object pointing to the sam
+    :param rootdn: The base DN where we want to start
+    :param hashDns: A hash with dn as key and number representing the
+                 minimum value of msDs-KeyVersionNumber that we want to
+                 have
+    """
+    entry = samdb.search(expression='(objectClass=user)',
+                         base=ldb.Dn(samdb,str(rootdn)),
+                         scope=SCOPE_SUBTREE, attrs=["msDs-KeyVersionNumber"],
+                         controls=["search_options:1:2"])
+    done = 0
+    if len(entry) == 0:
+        raise ProvisioningError("Unable to find msDs-KeyVersionNumber")
+    else:
+        for e in entry:
+            if hashDns.has_key(str(e.dn).lower()):
+                done = done + 1
+                val = e.get("msDs-KeyVersionNumber")
+                if not val:
+                    continue
+                version = int(str(hashDns[str(e.dn).lower()]))
+                if int(str(val)) < version:
+                    samdb.set_attribute_replmetadata_version(str(e.dn),
+                                                              "unicodePwd",
+                                                              version)
 
 def delta_update_basesamdb(refsam, sam, creds, session, lp, message):
     """Update the provision container db: sam.ldb
@@ -829,7 +863,7 @@ def search_constructed_attrs_stored(samdb, rootdn, attrs):
     expr = construct_existor_expr(attrs)
     if expr == "":
         return hashAtt
-    entry = samdb.search(expression=expr, base=ldb.Dn(samdb,str(rootdn)),
+    entry = samdb.search(expression=expr, base=ldb.Dn(samdb, str(rootdn)),
                          scope=SCOPE_SUBTREE, attrs=attrs,
                          controls=["search_options:1:2","bypassoperational:0"])
     if len(entry) == 0: