[SCM] Samba Shared Repository - branch master updated
Matthieu Patou
mat at samba.org
Thu Aug 19 06:07:07 MDT 2010
The branch, master has been updated
via 4fec72d... s4 provision: POLICY_ACL is already an FS acl no need to translate it
via 6e7d684... s4 provision: Add some documentation to GPO related functions
via 2cadfe8... unit tests: debug to ease locating pb, remove dir if exists to avoid error
via ed51bf5... s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests
via a5653bc... s4 upgradeprovision: add more attrbutes the ignore list
via e378d7f... s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing
via d79a5cc... s4 upgradeprovision: Add a function for schema reloading
via eaf1d05... s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTES
via 3e49b20... s4 upgradeprovision: Fixes for increment_keyversion
via 503824b... s4 upgradeprovision: fix a typo and pass correct parameter to increment_calculated_keyversion
from f6ac919... s3-libsmb: fix some uninitialized variables.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4fec72db1c73c03e6a666723dcc8eb8a2667d598
Author: Matthieu Patou <mat at matws.net>
Date: Thu Aug 19 12:37:00 2010 +0400
s4 provision: POLICY_ACL is already an FS acl no need to translate it
commit 6e7d6844620936cf5394c3d35ac1c8c8c5d042fc
Author: Matthieu Patou <mat at matws.net>
Date: Thu Aug 19 12:33:57 2010 +0400
s4 provision: Add some documentation to GPO related functions
commit 2cadfe8f2a3c0a4cf200288f0b6123eca866c510
Author: Matthieu Patou <mat at matws.net>
Date: Sat Aug 14 18:51:55 2010 +0400
unit tests: debug to ease locating pb, remove dir if exists to avoid error
commit ed51bf5f68b77f97b00b30e1a6be3773841299b6
Author: Matthieu Patou <mat at matws.net>
Date: Sat Aug 14 16:57:49 2010 +0400
s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests
commit a5653bcf837f6941fd26d233fbba15976fb0897e
Author: Matthieu Patou <mat at matws.net>
Date: Thu Aug 12 17:28:28 2010 +0400
s4 upgradeprovision: add more attrbutes the ignore list
Also format in a pretty way the int64 ranges
commit e378d7fd89beeffc20bafa04e0fcfb895eaccbf5
Author: Matthieu Patou <mat at matws.net>
Date: Thu Aug 12 12:22:08 2010 +0400
s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing
commit d79a5cc3584fe5763ddf0d8e22fb8140c376ba41
Author: Matthieu Patou <mat at matws.net>
Date: Sun Jul 11 15:36:32 2010 +0400
s4 upgradeprovision: Add a function for schema reloading
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
commit eaf1d050febc4d9ebf6cde9fd671ac5362d10e29
Author: Matthieu Patou <mat at matws.net>
Date: Thu Aug 12 01:25:27 2010 +0400
s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTES
This is used by upgradeprovision to readd this delta just before loading
a merged schema
commit 3e49b20cf0b0cadccc4e5b5ff3d20cbf60eeb3c4
Author: Matthieu Patou <mat at matws.net>
Date: Tue Aug 10 18:19:40 2010 +0400
s4 upgradeprovision: Fixes for increment_keyversion
fix
commit 503824b75723f62bbe7ee578d0ed6ad4a1203665
Author: Matthieu Patou <mat at matws.net>
Date: Tue Aug 10 17:39:29 2010 +0400
s4 upgradeprovision: fix a typo and pass correct parameter to increment_calculated_keyversion
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/bin/upgradeprovision | 131 ++++++++++++++++++----
source4/scripting/python/samba/provision.py | 70 +++++++++---
source4/scripting/python/samba/samdb.py | 19 +++-
source4/scripting/python/samba/upgradehelpers.py | 43 +++++--
source4/setup/tests/blackbox_upgradeprovision.sh | 10 ++-
5 files changed, 222 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 23c511f..90586de 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -36,12 +36,14 @@ sys.path.insert(0, "bin/python")
import ldb
import samba
import samba.getopt as options
+
+from base64 import b64encode
from samba.credentials import DONT_USE_KERBEROS
from samba.auth import system_session, admin_session
from ldb import (SCOPE_SUBTREE, SCOPE_BASE,
FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE,
MessageElement, Message, Dn)
-from samba import param
+from samba import param, dsdb, Ldb
from samba.provision import (find_setup_dir, get_domain_descriptor,
get_config_descriptor,
ProvisioningError, get_last_provision_usn,
@@ -58,6 +60,7 @@ from samba.upgradehelpers import (dn_sort, get_paths, newprovision,
delta_update_basesamdb, update_policyids,
update_machine_account_password,
search_constructed_attrs_stored,
+ int64range2str,
increment_calculated_keyversion_number)
replace=2**FLAG_MOD_REPLACE
@@ -105,6 +108,7 @@ hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,
"wellKnownObjects":replace, "privilege":never,
"defaultSecurityDescriptor": replace,
"rIDAvailablePool": never,
+ "rIDNextRID": add, "rIDUsedPool": never,
"defaultSecurityDescriptor": replace + add,
"isMemberOfPartialAttributeSet": delete,
"attributeDisplayNames": replace + add}
@@ -409,7 +413,13 @@ def dump_denied_change(dn, att, flagtxt, current, reference):
message(CHANGE, "dn= " + str(dn)+" " + att+" with flag " + flagtxt
+" is not allowed to be changed/removed, I discard this change")
- if att != "objectSid" :
+ if att == "objectSid" :
+ message(CHANGE, "old : %s" % ndr_unpack(security.dom_sid, current[0]))
+ message(CHANGE, "new : %s" % ndr_unpack(security.dom_sid, reference[0]))
+ elif att == "rIDPreviousAllocationPool" or att == "rIDAllocationPool":
+ message(CHANGE, "old : %s" % int64range2str(current[0]))
+ message(CHANGE, "new : %s" % int64range2str(reference[0]))
+ else:
i = 0
for e in range(0, len(current)):
message(CHANGE, "old %d : %s" % (i, str(current[e])))
@@ -419,10 +429,6 @@ def dump_denied_change(dn, att, flagtxt, current, reference):
for e in range(0, len(reference)):
message(CHANGE, "new %d : %s" % (i, str(reference[e])))
i+=1
- else:
- message(CHANGE, "old : %s" % ndr_unpack(security.dom_sid, current[0]))
- message(CHANGE, "new : %s" % ndr_unpack(security.dom_sid, reference[0]))
-
def handle_special_add(samdb, dn, names):
"""Handle special operation (like remove) on some object needed during
@@ -932,8 +938,33 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
samdb.modify(delta)
return changed
+def reload_full_schema(samdb, names):
+ """Load the updated schema with all the new and existing classes
+ and attributes.
+
+ :param samdb: An LDB object connected to the sam.ldb of the update
+ provision
+ :param names: List of key provision parameters
+ """
+
+ current = samdb.search(expression="objectClass=*", base=str(names.schemadn),
+ scope=SCOPE_SUBTREE)
+ schema_ldif = ""
+ prefixmap_data = ""
+
+ for ent in current:
+ schema_ldif += samdb.write_ldif(ent, ldb.CHANGETYPE_NONE)
-def update_partition(ref_samdb, samdb, basedn, names, schema, provisionUSNs):
+ prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
+ prefixmap_data = b64encode(prefixmap_data)
+
+ # We don't actually add this ldif, just parse it
+ prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % prefixmap_data
+
+ dsdb._dsdb_set_schema_from_ldif(samdb, prefixmap_ldif, schema_ldif)
+
+
+def update_partition(ref_samdb, samdb, basedn, names, schema, provisionUSNs, prereloadfunc):
"""Check differences between the reference provision and the upgraded one.
It looks for all objects which base DN is name.
@@ -949,7 +980,10 @@ def update_partition(ref_samdb, samdb, basedn, names, schema, provisionUSNs):
:param names: List of key provision parameters
:param schema: A Schema object
:param provisionUSNs: The USNs modified by provision/upgradeprovision
- last time"""
+ last time
+ :param prereloadfunc: A function that must be executed just before the reload
+ of the schema
+ """
hash_new = {}
hash = {}
@@ -1000,6 +1034,13 @@ def update_partition(ref_samdb, samdb, basedn, names, schema, provisionUSNs):
add_deletedobj_containers(ref_samdb, samdb, names)
add_missing_entries(ref_samdb, samdb, names, basedn, listMissing)
+
+ prereloadfunc()
+ message(SIMPLE, "Reloading a merged schema, it might trigger"\
+ " reindexing so please be patient")
+ reload_full_schema(samdb, names)
+ message(SIMPLE, "Schema reloaded !")
+
changed = update_present(ref_samdb, samdb, basedn, listPresent,
provisionUSNs, names.invocation)
message(SIMPLE, "There are %d changed objects" % (changed))
@@ -1208,7 +1249,7 @@ def update_privilege(ref_private_path, cur_private_path):
os.path.join(cur_private_path, "privilege.ldb"))
-def update_samdb(ref_samdb, samdb, names, highestUSN, schema):
+def update_samdb(ref_samdb, samdb, names, highestUSN, schema, prereloadfunc):
"""Upgrade the SAM DB contents for all the provision partitions
:param ref_sambdb: An LDB object conntected to the sam.ldb of the reference
@@ -1218,11 +1259,14 @@ def update_samdb(ref_samdb, samdb, names, highestUSN, schema):
:param names: List of key provision parameters
:param highestUSN: The highest USN modified by provision/upgradeprovision
last time
- :param schema: A Schema object that represent the schema of the provision"""
+ :param schema: A Schema object that represent the schema of the provision
+ :param prereloadfunc: A function that must be executed just before the reload
+ of the schema
+ """
message(SIMPLE, "Starting update of samdb")
ret = update_partition(ref_samdb, samdb, str(names.rootdn), names,
- schema, highestUSN)
+ schema, highestUSN, prereloadfunc)
if ret:
message(SIMPLE, "Update of samdb finished")
return 1
@@ -1335,9 +1379,11 @@ def sync_calculated_attributes(samdb, names):
:param samdb: An LDB object attached to the currently upgraded samdb
:param names: Various key parameter about current provision.
"""
- listAttrs = ["msDs-KeyVersionAttribute"]
+ listAttrs = ["msDs-KeyVersionNumber"]
hash = search_constructed_attrs_stored(samdb, names.rootdn, listAttrs)
- increment_calculated_keyversion_number(samdb, names.rootdn, hash)
+ if hash.has_key("msDs-KeyVersionNumber"):
+ increment_calculated_keyversion_number(samdb, names.rootdn,
+ hash["msDs-KeyVersionNumber"])
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -1553,13 +1599,18 @@ if __name__ == '__main__':
# Do some modification on sam.ldb
ldbs.groupedCommit()
new_ldbs.groupedCommit()
-
- # 11)
+ deltaattr = None
+# 11)
if re.match(".*alpha((9)|(\d\d+)).*", str(oem)):
# 11) A
# Starting from alpha9 we can consider that the structure is quite ok
# and that we should do only dela
- delta_update_basesamdb(newpaths.samdb, paths.samdb, creds, session, lp, message)
+ deltaattr = delta_update_basesamdb(newpaths.samdb,
+ paths.samdb,
+ creds,
+ session,
+ lp,
+ message)
else:
# 11) B
simple_update_basesamdb(newpaths, paths, names)
@@ -1573,11 +1624,33 @@ if __name__ == '__main__':
# 12)
schema = Schema(setup_path, names.domainsid, schemadn=str(names.schemadn),
serverdn=str(names.serverdn))
-
+ # We create a closure that will be invoked just before schema reload
+ def schemareloadclosure():
+ basesam = Ldb(paths.samdb, session_info=session, credentials=creds, lp=lp,
+ options=["modules:"])
+ doit = False
+ if deltaattr is not None and len(deltaattr) > 1:
+ doit = True
+ deltaattr.remove("dn")
+ for att in deltaattr:
+ if att.lower() == "dn":
+ continue
+ if deltaattr.get(att) is not None \
+ and deltaattr.get(att).flags() != FLAG_MOD_ADD:
+ doit = False
+ elif deltaattr.get(att) is None:
+ doit = False
+ if doit:
+ message(CHANGE, "Applying delta to @ATTRIBUTES")
+ deltaattr.dn = ldb.Dn(basesam, "@ATTRIBUTES")
+ basesam.modify(deltaattr)
+ else:
+ message(CHANGE, "Not applying delta to @ATTRIBUTES because "\
+ "there is not only add")
# 13)
if opts.full:
if not update_samdb(new_ldbs.sam, ldbs.sam, names, lastProvisionUSNs,
- schema):
+ schema, schemareloadclosure):
message(SIMPLE, "Rollbacking every changes. Check the reason"
" of the problem")
message(SIMPLE, "In any case your system as it was before"
@@ -1586,8 +1659,11 @@ if __name__ == '__main__':
new_ldbs.groupedRollback()
shutil.rmtree(provisiondir)
sys.exit(1)
- else:
- sync_calculated_attributes(ldbs.sam, names)
+ else:
+ # Try to reapply the change also when we do not change the sam
+ # as the delta_upgrade
+ schemareloadclosure()
+ sync_calculated_attributes(ldbs.sam, names)
# 14)
update_secrets(new_ldbs.secrets, ldbs.secrets, message)
# 15)
@@ -1644,6 +1720,8 @@ if __name__ == '__main__':
except ProvisioningError, e:
message(ERROR, "The policy for domain controller is missing,"
" you should restart upgradeprovision with --full")
+ except IOError, e:
+ message(ERROR, "Setting ACL not supported on your filesystem")
else:
try:
update_gpo(paths, ldbs.sam, names, lp, message, 0)
@@ -1654,10 +1732,21 @@ if __name__ == '__main__':
new_ldbs.groupedCommit()
message(SIMPLE, "Upgrade finished !")
# remove reference provision now that everything is done !
+ # So we have reindexed first if need when the merged schema was reloaded
+ # (as new attributes could have quick in)
+ # But the second part of the update (when we update existing objects
+ # can also have an influence on indexing as some attribute might have their
+ # searchflag modificated
+ message(SIMPLE, "Reopenning samdb to trigger reindexing if needed after"\
+ " modification")
+ samdb = Ldb(paths.samdb, session_info=session, credentials=creds, lp=lp)
+ message(SIMPLE, "Reindexing finished")
+
shutil.rmtree(provisiondir)
except StandardError, err:
message(ERROR,"A problem has occured when trying to upgrade your provision,"
" a full backup is located at %s" % backupdir)
- if opts.changeall:
+ if opts.debugall or opts.debugchange:
(typ, val, tb) = sys.exc_info()
traceback.print_exception(typ, val, tb)
+ sys.exit(1)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 9014e49..92cb6f4 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -943,6 +943,14 @@ def setup_self_join(samdb, names,
})
def getpolicypath(sysvolpath, dnsdomain, guid):
+ """Return the physical path of policy given its guid.
+
+ :param sysvolpath: Path to the sysvol folder
+ :param dnsdomain: DNS name of the AD domain
+ :param guid: The GUID of the policy
+ :return: A string with the complete path to the policy folder
+ """
+
if guid[0] != "{":
guid = "{%s}" % guid
policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
@@ -961,7 +969,15 @@ def create_gpo_struct(policy_path):
os.makedirs(p, 0755)
-def setup_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):
+def create_default_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):
+ """Create the default GPO for a domain
+
+ :param sysvolpath: Physical path for the sysvol folder
+ :param dnsdomain: DNS domain name of the AD domain
+ :param policyguid: GUID of the default domain policy
+ :param policyguid_dc: GUID of the default domain controler policy
+ """
+
policy_path = getpolicypath(sysvolpath,dnsdomain,policyguid)
create_gpo_struct(policy_path)
@@ -1204,23 +1220,46 @@ def set_dir_acl(path, acl, lp, domsid):
setntacl(lp, os.path.join(root, name), acl, domsid)
-def set_gpo_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp):
- # Set ACL for GPO
- policy_path = os.path.join(sysvol, dnsdomain, "Policies")
- set_dir_acl(policy_path,dsacl2fsacl(POLICIES_ACL, str(domainsid)),
- lp, str(domainsid))
+def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp):
+ """Set ACL on the sysvol/<dnsname>/Policies folder and the policy
+ folders beneath.
+
+ :param sysvol: Physical path for the sysvol folder
+ :param dnsdomain: The DNS name of the domain
+ :param domainsid: The SID of the domain
+ :param domaindn: The DN of the domain (ie. DC=...)
+ :param samdb: An LDB object on the SAM db
+ :param lp: an LP object
+ """
+
+ # Set ACL for GPO root folder
+ root_policy_path = os.path.join(sysvol, dnsdomain, "Policies")
+ setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid))
+
res = samdb.search(base="CN=Policies,CN=System,%s"%(domaindn),
attrs=["cn", "nTSecurityDescriptor"],
expression="", scope=ldb.SCOPE_ONELEVEL)
+
for policy in res:
acl = ndr_unpack(security.descriptor,
str(policy["nTSecurityDescriptor"])).as_sddl()
- policy_path = getpolicypath(sysvol,dnsdomain,str(policy["cn"]))
+ policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
set_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp,
str(domainsid))
def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn,
lp):
+ """Set the ACL for the sysvol share and the subfolders
+
+ :param samdb: An LDB object on the SAM db
+ :param netlogon: Physical path for the netlogon folder
+ :param sysvol: Physical path for the sysvol folder
+ :param gid: The GID of the "Domain adminstrators" group
+ :param domainsid: The SID of the domain
+ :param dnsdomain: The DNS name of the domain
+ :param domaindn: The DN of the domain (ie. DC=...)
+ """
+
try:
os.chown(sysvol,-1,gid)
except:
@@ -1228,17 +1267,20 @@ def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn,
else:
canchown = True
- setntacl(lp,sysvol,SYSVOL_ACL,str(domainsid))
+ # Set the SYSVOL_ACL on the sysvol folder and subfolder (first level)
+ setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid))
for root, dirs, files in os.walk(sysvol, topdown=False):
for name in files:
if canchown:
- os.chown(os.path.join(root, name),-1,gid)
- setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
+ os.chown(os.path.join(root, name), -1, gid)
+ setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid))
for name in dirs:
if canchown:
- os.chown(os.path.join(root, name),-1,gid)
- setntacl(lp,os.path.join(root, name),SYSVOL_ACL,str(domainsid))
- set_gpo_acl(sysvol,dnsdomain,domainsid,domaindn,samdb,lp)
+ os.chown(os.path.join(root, name), -1, gid)
+ setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid))
+
+ # Set acls on Policy folder and policies folders
+ set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp)
def provision(setup_dir, logger, session_info,
@@ -1498,7 +1540,7 @@ def provision(setup_dir, logger, session_info,
if serverrole == "domain controller":
# Set up group policies (domain policy and domain controller policy)
- setup_gpo(paths.sysvol, names.dnsdomain, policyguid, policyguid_dc)
+ create_default_gpo(paths.sysvol, names.dnsdomain, policyguid, policyguid_dc)
setsysvolacl(samdb, paths.netlogon, paths.sysvol, wheel_gid,
domainsid, names.dnsdomain, names.domaindn, lp)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index f358747..1765a07 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -536,7 +536,7 @@ accountExpires: %u
return None
- def set_attribute_replmetadata_version(self, dn, att, value):
+ def set_attribute_replmetadata_version(self, dn, att, value, addifnotexist=False):
res = self.search(expression="dn=%s" % dn,
scope=ldb.SCOPE_SUBTREE,
controls=["search_options:1:2"],
@@ -563,6 +563,23 @@ accountExpires: %u
o.originating_invocation_id = misc.GUID(self.get_invocation_id())
o.originating_usn = seq
o.local_usn = seq
+
+ if not found and addifnotexist and len(ctr.array) >0:
+ o2 = drsblobs.replPropertyMetaData1()
+ o2.attid = 589914
+ att_oid = self.get_oid_from_attid(o2.attid)
+ seq = self.sequence_number(ldb.SEQ_NEXT)
+ o2.version = value
+ o2.originating_change_time = now
+ o2.originating_invocation_id = misc.GUID(self.get_invocation_id())
+ o2.originating_usn = seq
+ o2.local_usn = seq
+ found = True
+ tab = ctr.array
+ tab.append(o2)
+ ctr.count = ctr.count + 1
+ ctr.array = tab
+
if found :
replBlob = ndr_pack(repl)
msg = ldb.Message()
diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py
index 58106e0..0a896d8 100755
--- a/source4/scripting/python/samba/upgradehelpers.py
+++ b/source4/scripting/python/samba/upgradehelpers.py
@@ -33,7 +33,7 @@ from samba.dsdb import DS_DOMAIN_FUNCTION_2000
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import ldb
from samba.provision import (ProvisionNames, provision_paths_from_lp,
- getpolicypath, set_gpo_acl, create_gpo_struct,
+ getpolicypath, set_gpos_acl, create_gpo_struct,
FILL_FULL, provision, ProvisioningError,
setsysvolacl, secretsdb_self_join)
from samba.dcerpc import misc, security, xattr
@@ -701,7 +701,7 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
# We always reinforce acls on GPO folder because they have to be in sync
# with the one in DS
try:
- set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
+ set_gpos_acl(paths.sysvol, names.dnsdomain, names.domainsid,
names.domaindn, samdb, lp)
except TypeError, e:
message(ERROR, "Unable to set ACLs on policies related objects,"
@@ -732,40 +732,43 @@ def increment_calculated_keyversion_number(samdb, rootdn, hashDns):
scope=SCOPE_SUBTREE, attrs=["msDs-KeyVersionNumber"],
controls=["search_options:1:2"])
done = 0
+ hashDone = {}
if len(entry) == 0:
raise ProvisioningError("Unable to find msDs-KeyVersionNumber")
else:
for e in entry:
if hashDns.has_key(str(e.dn).lower()):
- done = done + 1
val = e.get("msDs-KeyVersionNumber")
if not val:
- continue
+ val = "0"
version = int(str(hashDns[str(e.dn).lower()]))
if int(str(val)) < version:
+ done = done + 1
samdb.set_attribute_replmetadata_version(str(e.dn),
"unicodePwd",
- version)
-
-def delta_update_basesamdb(refsam, sam, creds, session, lp, message):
+ version, True)
+def delta_update_basesamdb(refsampath, sampath, creds, session, lp, message):
"""Update the provision container db: sam.ldb
This function is aimed for alpha9 and newer;
- :param refsam: Path to the samdb in the reference provision
- :param sam: Path to the samdb in the upgraded provision
+ :param refsampath: Path to the samdb in the reference provision
+ :param sampath: Path to the samdb in the upgraded provision
:param creds: Credential used for openning LDB files
:param session: Session to use for openning LDB files
- :param lp: A loadparam object"""
+ :param lp: A loadparam object
+ :return: A msg_diff object with the difference between the @ATTRIBUTES
+ of the current provision and the reference provision
+ """
message(SIMPLE,
"Update base samdb by searching difference with reference one")
- refsam = Ldb(refsam, session_info=session, credentials=creds,
+ refsam = Ldb(refsampath, session_info=session, credentials=creds,
lp=lp, options=["modules:"])
- sam = Ldb(sam, session_info=session, credentials=creds, lp=lp,
+ sam = Ldb(sampath, session_info=session, credentials=creds, lp=lp,
options=["modules:"])
--
Samba Shared Repository
More information about the samba-cvs
mailing list