sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

s4 upgradeprovision: introduce a new function to update the field use for calculating msds-keyversionnumber

Browse Source 
This function change the version field of the unicodePwd in the
replPropertyMetaData so that the version is equal or
superior to the reference value passed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Matthieu Patou
2010-06-15 12:49:19 +04:00
committed by Andrew Bartlett
parent f97c90c9cd
commit 9323901644
1 changed files with 37 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
source4/scripting/python/samba/upgradehelpers.py
View File

@ -704,14 +704,48 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid, set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
names.domaindn, samdb, lp) names.domaindn, samdb, lp)
except TypeError, e: except TypeError, e:
message(ERROR, "Unable to set ACLs on policies related objects, if not using posix:eadb, you must be root to do it") message(ERROR, "Unable to set ACLs on policies related objects,"
" if not using posix:eadb, you must be root to do it")
if resetacls: if resetacls:
try: try:
setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid, setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid,
names.domainsid, names.dnsdomain, names.domaindn, lp) names.domainsid, names.dnsdomain, names.domaindn, lp)
except TypeError, e: except TypeError, e:
message(ERROR, "Unable to set ACLs on sysvol share, if not using posix:eadb, you must be root to do it") message(ERROR, "Unable to set ACLs on sysvol share, if not using"
"posix:eadb, you must be root to do it")
def increment_calculated_keyversion_number(samdb, rootdn, hashDns):
"""For a given hash associating dn and a number, this function will
update the replPropertyMetaData of each dn in the hash, so that the
calculated value of the msDs-KeyVersionNumber is equal or superior to the
one associated to the given dn.
:param samdb: An SamDB object pointing to the sam
:param rootdn: The base DN where we want to start
:param hashDns: A hash with dn as key and number representing the
minimum value of msDs-KeyVersionNumber that we want to
have
"""
entry = samdb.search(expression='(objectClass=user)',
base=ldb.Dn(samdb,str(rootdn)),
scope=SCOPE_SUBTREE, attrs=["msDs-KeyVersionNumber"],
controls=["search_options:1:2"])
done = 0
if len(entry) == 0:
raise ProvisioningError("Unable to find msDs-KeyVersionNumber")
else:
for e in entry:
if hashDns.has_key(str(e.dn).lower()):
done = done + 1
val = e.get("msDs-KeyVersionNumber")
if not val:
continue
version = int(str(hashDns[str(e.dn).lower()]))
if int(str(val)) < version:
samdb.set_attribute_replmetadata_version(str(e.dn),
"unicodePwd",
version)
def delta_update_basesamdb(refsam, sam, creds, session, lp, message): def delta_update_basesamdb(refsam, sam, creds, session, lp, message):
"""Update the provision container db: sam.ldb """Update the provision container db: sam.ldb
@ -829,7 +863,7 @@ def search_constructed_attrs_stored(samdb, rootdn, attrs):
expr = construct_existor_expr(attrs) expr = construct_existor_expr(attrs)
if expr == "": if expr == "":
return hashAtt return hashAtt
entry = samdb.search(expression=expr, base=ldb.Dn(samdb,str(rootdn)), entry = samdb.search(expression=expr, base=ldb.Dn(samdb, str(rootdn)),
scope=SCOPE_SUBTREE, attrs=attrs, scope=SCOPE_SUBTREE, attrs=attrs,
controls=["search_options:1:2","bypassoperational:0"]) controls=["search_options:1:2","bypassoperational:0"])
if len(entry) == 0: if len(entry) == 0: