mirror of
https://github.com/samba-team/samba.git
synced 2025-08-02 00:22:11 +03:00
s4 upgradeprovision: Check that the policy for DC is present if not warn the user
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
This commit is contained in:
Matthieu Patou
committed by
Jelmer Vernooij
Jelmer Vernooij
parent
aea0003d08
commit
c4f7b0e5f6
@ -56,7 +56,7 @@ from samba.upgradehelpers import (dn_sort, get_paths, newprovision,
|
|||||||
update_secrets, CHANGE, ERROR, SIMPLE,
|
update_secrets, CHANGE, ERROR, SIMPLE,
|
||||||
CHANGEALL, GUESS, CHANGESD, PROVISION,
|
CHANGEALL, GUESS, CHANGESD, PROVISION,
|
||||||
updateOEMInfo, getOEMInfo, update_gpo,
|
updateOEMInfo, getOEMInfo, update_gpo,
|
||||||
delta_update_basesamdb)
|
delta_update_basesamdb, update_policyids)
|
||||||
|
|
||||||
replace=2**FLAG_MOD_REPLACE
|
replace=2**FLAG_MOD_REPLACE
|
||||||
add=2**FLAG_MOD_ADD
|
add=2**FLAG_MOD_ADD
|
||||||
@ -1432,8 +1432,8 @@ if __name__ == '__main__':
|
|||||||
# 11) B
|
# 11) B
|
||||||
simple_update_basesamdb(newpaths, paths, names)
|
simple_update_basesamdb(newpaths, paths, names)
|
||||||
ldbs = get_ldbs(paths, creds, session, lp)
|
ldbs = get_ldbs(paths, creds, session, lp)
|
||||||
ldbs.startTransactions()
|
|
||||||
removeProvisionUSN(ldbs.sam)
|
removeProvisionUSN(ldbs.sam)
|
||||||
|
ldbs.startTransactions()
|
||||||
|
|
||||||
# 12)
|
# 12)
|
||||||
schema = Schema(setup_path, names.domainsid, schemadn=str(names.schemadn),
|
schema = Schema(setup_path, names.domainsid, schemadn=str(names.schemadn),
|
||||||
@ -1497,10 +1497,20 @@ if __name__ == '__main__':
|
|||||||
# 22)
|
# 22)
|
||||||
if lastProvisionUSNs != None:
|
if lastProvisionUSNs != None:
|
||||||
updateProvisionUSN(ldbs.sam, minUSN, maxUSN)
|
updateProvisionUSN(ldbs.sam, minUSN, maxUSN)
|
||||||
|
if opts.full and (names.policyid == None or names.policyid_dc == None):
|
||||||
|
update_policyids(names, ldbs.sam)
|
||||||
if opts.full or opts.resetfileacl:
|
if opts.full or opts.resetfileacl:
|
||||||
|
try:
|
||||||
update_gpo(paths, ldbs.sam, names, lp, message, 1)
|
update_gpo(paths, ldbs.sam, names, lp, message, 1)
|
||||||
|
except ProvisioningError, e:
|
||||||
|
message(ERROR, "The policy for domain controller is missing," \
|
||||||
|
" you should restart upgradeprovision with --full")
|
||||||
else:
|
else:
|
||||||
|
try:
|
||||||
update_gpo(paths, ldbs.sam, names, lp, message, 0)
|
update_gpo(paths, ldbs.sam, names, lp, message, 0)
|
||||||
|
except ProvisioningError, e:
|
||||||
|
message(ERROR, "The policy for domain controller is missing," \
|
||||||
|
" you should restart upgradeprovision with --full")
|
||||||
ldbs.groupedCommit()
|
ldbs.groupedCommit()
|
||||||
new_ldbs.groupedCommit()
|
new_ldbs.groupedCommit()
|
||||||
message(SIMPLE, "Upgrade finished !")
|
message(SIMPLE, "Upgrade finished !")
|
||||||
|
|||||||
@ -187,6 +187,26 @@ def get_paths(param, targetdir=None, smbconf=None):
|
|||||||
paths = provision_paths_from_lp(lp, lp.get("realm"))
|
paths = provision_paths_from_lp(lp, lp.get("realm"))
|
||||||
return paths
|
return paths
|
||||||
|
|
||||||
|
def update_policyids(names, samdb):
|
||||||
|
"""Update policy ids that could have changed after sam update
|
||||||
|
|
||||||
|
:param names: List of key provision parameters
|
||||||
|
:param samdb: An Ldb object conntected with the sam DB
|
||||||
|
"""
|
||||||
|
# policy guid
|
||||||
|
res = samdb.search(expression="(displayName=Default Domain Policy)",
|
||||||
|
base="CN=Policies,CN=System," + str(names.rootdn),
|
||||||
|
scope=SCOPE_ONELEVEL, attrs=["cn","displayName"])
|
||||||
|
names.policyid = str(res[0]["cn"]).replace("{","").replace("}","")
|
||||||
|
# dc policy guid
|
||||||
|
res2 = samdb.search(expression="(displayName=Default Domain Controllers" \
|
||||||
|
" Policy)",
|
||||||
|
base="CN=Policies,CN=System," + str(names.rootdn),
|
||||||
|
scope=SCOPE_ONELEVEL, attrs=["cn","displayName"])
|
||||||
|
if len(res2) == 1:
|
||||||
|
names.policyid_dc = str(res2[0]["cn"]).replace("{","").replace("}","")
|
||||||
|
else:
|
||||||
|
names.policyid_dc = None
|
||||||
|
|
||||||
def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp):
|
def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp):
|
||||||
"""Get key provision parameters (realm, domain, ...) from a given provision
|
"""Get key provision parameters (realm, domain, ...) from a given provision
|
||||||
@ -562,6 +582,8 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc):
|
|||||||
for att in hashAttrNotCopied.keys():
|
for att in hashAttrNotCopied.keys():
|
||||||
delta.remove(att)
|
delta.remove(att)
|
||||||
for att in delta:
|
for att in delta:
|
||||||
|
if att == "msDS-KeyVersionNumber":
|
||||||
|
delta.remove(att)
|
||||||
if att != "dn":
|
if att != "dn":
|
||||||
messagefunc(CHANGE,
|
messagefunc(CHANGE,
|
||||||
"Adding/Changing attribute %s to %s" % \
|
"Adding/Changing attribute %s to %s" % \
|
||||||
@ -632,6 +654,8 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
|
|||||||
if not os.path.isdir(dir):
|
if not os.path.isdir(dir):
|
||||||
create_gpo_struct(dir)
|
create_gpo_struct(dir)
|
||||||
|
|
||||||
|
if names.policyid_dc == None:
|
||||||
|
raise ProvisioningError("Policy ID for Domain controller is missing")
|
||||||
dir = getpolicypath(paths.sysvol, names.dnsdomain, names.policyid_dc)
|
dir = getpolicypath(paths.sysvol, names.dnsdomain, names.policyid_dc)
|
||||||
if not os.path.isdir(dir):
|
if not os.path.isdir(dir):
|
||||||
create_gpo_struct(dir)
|
create_gpo_struct(dir)
|
||||||
|
|||||||
Reference in New Issue
Block a user