[SCM] Samba Shared Repository - branch master updated
Matthieu Patou
mat at samba.org
Sat Sep 25 20:35:41 MDT 2010
The branch, master has been updated
via c680a42 upgradeprovision: fix a typo
via 873bd98 upgradeprovision: Fix a bug with renamed entries
via 43274c9 upgradeprovision: fix a bug with not updated links
via a8f8f27 s4 provision: start with gpo of version 0 and be consistent between different policies
via 76d87b7 s4 upgradeprovision: fix a bug with empty reference objects
via 3c95d4d s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo valid
via dfa468f s4 provision: Make GPO folder group writable
from 8a48ca4 s3: Remove talloc_autofree_context() from change_to_guest()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c680a42504f8a3924a594c0b8363665ab6b1f2f4
Author: Matthieu Patou <mat at matws.net>
Date: Sun Sep 26 04:58:37 2010 +0400
upgradeprovision: fix a typo
commit 873bd989049e4953afb478ca5518984b26870326
Author: Matthieu Patou <mat at matws.net>
Date: Sun Sep 26 04:57:04 2010 +0400
upgradeprovision: Fix a bug with renamed entries
The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.
commit 43274c9071ec357fe629fdfa7966a772d1844188
Author: Matthieu Patou <mat at matws.net>
Date: Sat Sep 25 07:36:12 2010 +0400
upgradeprovision: fix a bug with not updated links
commit a8f8f277ff6c8dc9ea060e53c6debbd30dbd87f7
Author: Matthieu Patou <mat at matws.net>
Date: Tue Sep 7 17:57:52 2010 +0400
s4 provision: start with gpo of version 0 and be consistent between different policies
commit 76d87b7fb51dfab8f85686bde7fed67701bc9092
Author: Matthieu Patou <mat at matws.net>
Date: Sat Sep 18 08:15:36 2010 +0400
s4 upgradeprovision: fix a bug with empty reference objects
Thanks to lukas at eecs.qmul.ac.uk for poiting it to me
commit 3c95d4d31347a2491d2c2f593f2e12f9a389e66c
Author: Matthieu Patou <mat at matws.net>
Date: Tue Sep 7 17:50:39 2010 +0400
s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo valid
commit dfa468fd088b30ed1dfdbaabd6b569c600838706
Author: Matthieu Patou <mat at matws.net>
Date: Tue Sep 7 17:45:55 2010 +0400
s4 provision: Make GPO folder group writable
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/bin/upgradeprovision | 34 +++++++++++++++++++++-----
source4/scripting/python/samba/provision.py | 8 +++---
source4/setup/provision_group_policy.ldif | 4 +-
3 files changed, 33 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 6697c82..c7dd4f8 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -88,7 +88,7 @@ hashAttrNotCopied = { "dn": 1, "whenCreated": 1, "whenChanged": 1,
"distinguishedName": 1, "nTMixedDomain": 1,
"showInAdvancedViewOnly": 1, "instanceType": 1,
"msDS-Behavior-Version":1, "nextRid":1, "cn": 1,
- "versionNumber":1, "lmPwdHistory":1, "pwdLastSet": 1,
+ "lmPwdHistory":1, "pwdLastSet": 1,
"ntPwdHistory":1, "unicodePwd":1,"dBCSPwd":1,
"supplementalCredentials":1, "gPCUserExtensionNames":1,
"gPCMachineExtensionNames":1,"maxPwdAge":1, "secret":1,
@@ -111,8 +111,8 @@ hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,
"rIDNextRID": add, "rIDUsedPool": never,
"defaultSecurityDescriptor": replace + add,
"isMemberOfPartialAttributeSet": delete,
- "attributeDisplayNames": replace + add}
-
+ "attributeDisplayNames": replace + add,
+ "versionNumber": add}
backlinked = []
forwardlinked = set()
@@ -813,7 +813,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
identic_rename(samdb, reference[0].dn)
current = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
scope=SCOPE_SUBTREE,
- controls=["search_options:1:2"])
+ controls=controls)
delta = samdb.msg_diff(current[0], reference[0])
@@ -852,8 +852,17 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
# We have updated by provision usn information so let's exploit
# replMetadataProperties
if att in forwardlinked:
+ if current[0].get():
+ curval = current[0][att]
+ else:
+ curval = ()
+ if reference[0].get():
+ refval = reference[0][att]
+ else:
+ refval = ()
handle_links(samdb, att, basedn, current[0]["dn"],
- current[0][att], reference[0][att], delta)
+ curval, refval, delta)
+ continue
if isFirst == 0 and len(delta.items())>1:
isFirst = 1
@@ -888,7 +897,18 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
if attrUSN is None:
delta.remove(att)
continue
-
+ if att == "nTSecurityDescriptor":
+ cursd = ndr_unpack(security.descriptor,
+ str(current[0]["nTSecurityDescriptor"]))
+ cursddl = cursd.as_sddl(names.domainsid)
+ refsd = ndr_unpack(security.descriptor,
+ str(reference[0]["nTSecurityDescriptor"]))
+ refsddl = cursd.as_sddl(names.domainsid)
+
+ if get_diff_sddls(refsddl, cursddl) == "":
+ message(CHANGE, "sd are identical")
+ else:
+ message(CHANGE, "sd are not identical")
if attrUSN == -1:
# This attribute was last modified by another DC forget
# about it
@@ -912,7 +932,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
if attrUSN:
message(CHANGE, "%sAttribute: %s will be modified"
"/deleted it was last modified"
- "during a provision, current usn:"
+ " during a provision, current usn:"
"%d" % (txt, att, attrUSN))
txt = ""
else:
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index c1a35c9..4b74300 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -978,15 +978,15 @@ def getpolicypath(sysvolpath, dnsdomain, guid):
def create_gpo_struct(policy_path):
if not os.path.exists(policy_path):
- os.makedirs(policy_path, 0755)
+ os.makedirs(policy_path, 0775)
open(os.path.join(policy_path, "GPT.INI"), 'w').write(
- "[General]\r\nVersion=65543")
+ "[General]\r\nVersion=0")
p = os.path.join(policy_path, "MACHINE")
if not os.path.exists(p):
- os.makedirs(p, 0755)
+ os.makedirs(p, 0775)
p = os.path.join(policy_path, "USER")
if not os.path.exists(p):
- os.makedirs(p, 0755)
+ os.makedirs(p, 0775)
def create_default_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 20b162e..02dfe52 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -5,7 +5,7 @@ objectClass: groupPolicyContainer
displayName: Default Domain Policy
gPCFunctionalityVersion: 2
gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 65543
+versionNumber: 0
flags: 0
gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
@@ -36,7 +36,7 @@ objectClass: groupPolicyContainer
displayName: Default Domain Controllers Policy
gPCFunctionalityVersion: 2
gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID_DC}}
-versionNumber: 2
+versionNumber: 0
flags: 0
gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
FB-11D0-A0D0-00A0C90F574B}]
--
Samba Shared Repository
More information about the samba-cvs
mailing list