[PATCH 08/10] s4: Store domainsid in names.domainsid (and not it's string reprensentation), adapt script for this change

Matthieu Patou mat at matws.net
Fri Nov 27 06:50:42 MST 2009


---
 source4/scripting/bin/upgradeprovision |   19 +++++++++----------
 1 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 2c648dd..56ff91c 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -225,7 +225,7 @@ def guess_names_from_current_provision(credentials,session_info,paths):
 	attrs6 = ["objectGUID", "objectSid", ]
 	res6 = samdb.search(expression="(objectClass=*)",base=basedn, scope=SCOPE_BASE, attrs=attrs6)
 	names.domainguid = str(ndr_unpack( misc.GUID,res6[0]["objectGUID"][0]))
-	names.domainsid = str(ndr_unpack( security.dom_sid,res6[0]["objectSid"][0]))
+	names.domainsid = ndr_unpack( security.dom_sid,res6[0]["objectSid"][0])
 
 	# policy guid
 	attrs7 = ["cn","displayName"]
@@ -259,7 +259,7 @@ def print_names(names):
 	message(GUESS, "invocationid:"+names.invocation)
 	message(GUESS, "policyguid  :"+names.policyid)
 	message(GUESS, "policyguiddc:"+str(names.policyid_dc))
-	message(GUESS, "domainsid   :"+names.domainsid)
+	message(GUESS, "domainsid   :"+str(names.domainsid))
 	message(GUESS, "domainguid  :"+names.domainguid)
 	message(GUESS, "ntdsguid    :"+names.ntdsguid)
 
@@ -282,7 +282,7 @@ def newprovision(names,setup_dir,creds,session,smbconf):
 	provision(setup_dir, messageprovision,
 		session, creds, smbconf=smbconf, targetdir=provdir,
 		samdb_fill=FILL_FULL, realm=names.realm, domain=names.domain,
-		domainguid=names.domainguid, domainsid=names.domainsid,ntdsguid=names.ntdsguid,
+		domainguid=names.domainguid, domainsid=str(names.domainsid),ntdsguid=names.ntdsguid,
 		policyguid=names.policyid,policyguid_dc=names.policyid_dc,hostname=names.netbiosname,
 		hostip=None, hostip6=None,
 		invocationid=names.invocation, adminpass=None,
@@ -504,7 +504,7 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
 		# The double ldb open and schema validation is taken from the initial provision script
 		# it's not certain that it is really needed ....
 		sam_ldb = Ldb(session_info=session, credentials=creds, lp=lp)
-		schema = Schema(setup_path, security.dom_sid(names.domainsid), schemadn=basedn, serverdn=str(names.serverdn))
+		schema = Schema(setup_path, names.domainsid, schemadn=basedn, serverdn=str(names.serverdn))
 		# Load the schema from the one we computed earlier
 		sam_ldb.set_schema_from_ldb(schema.ldb)
 		# And now we can connect to the DB - the schema won't be loaded from the DB
@@ -571,17 +571,16 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
 def check_updated_sd(newpaths,paths,creds,session,names):
 	newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
 	sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
-	domSID = security.dom_sid(names.domainsid)
 	res = newsam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
 	res2 = sam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
 	hash_new = {} 
 	for i in range(0,len(res)):
-		hash_new[str(res[i]["dn"]).lower()] = ndr_unpack(security.descriptor,str(res[i]["nTSecurityDescriptor"])).as_sddl(domSID)
+		hash_new[str(res[i]["dn"]).lower()] = ndr_unpack(security.descriptor,str(res[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
 	
 	for i in range(0,len(res2)):
 		key = str(res2[i]["dn"]).lower()
 		if hash_new.has_key(key):
-			sddl = ndr_unpack(security.descriptor,str(res2[i]["nTSecurityDescriptor"])).as_sddl(domSID)
+			sddl = ndr_unpack(security.descriptor,str(res2[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
 			if sddl != hash_new[key]:
 				print key
 				print "%s\n%s"%(sddl,hash_new[key])
@@ -598,21 +597,21 @@ def update_sd(newpaths,paths,creds,session,names):
 	res = sam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_BASE,attrs=["dn","whenCreated"],controls=["search_options:1:2"])
 	delta = ldb.Message()
 	delta.dn = ldb.Dn(sam_ldb,str(res[0]["dn"]))
-	descr = get_domain_descriptor(domSID)
+	descr = get_domain_descriptor(names.domainsid)
 	delta["nTSecurityDescriptor"] = ldb.MessageElement( descr,ldb.FLAG_MOD_REPLACE,"nTSecurityDescriptor" )
 	sam_ldb.modify(delta,["recalculate_sd:0"])
 	# Then the config dn
 	res = sam_ldb.search(expression="objectClass=*",base=str(names.configdn), scope=SCOPE_BASE,attrs=["dn","whenCreated"],controls=["search_options:1:2"])
 	delta = ldb.Message()
 	delta.dn = ldb.Dn(sam_ldb,str(res[0]["dn"]))
-	descr = get_config_descriptor(domSID)
+	descr = get_config_descriptor(names.domainsid)
 	delta["nTSecurityDescriptor"] = ldb.MessageElement( descr,ldb.FLAG_MOD_REPLACE,"nTSecurityDescriptor" )
 	sam_ldb.modify(delta,["recalculate_sd:0"])
 	# Then the schema dn 
 	res = sam_ldb.search(expression="objectClass=*",base=str(names.schemadn), scope=SCOPE_BASE,attrs=["dn","whenCreated"],controls=["search_options:1:2"])
 	delta = ldb.Message()
 	delta.dn = ldb.Dn(sam_ldb,str(res[0]["dn"]))
-	descr = get_schema_descriptor(domSID)
+	descr = get_schema_descriptor(names.domainsid)
 	delta["nTSecurityDescriptor"] = ldb.MessageElement( descr,ldb.FLAG_MOD_REPLACE,"nTSecurityDescriptor" )
 	sam_ldb.modify(delta,["recalculate_sd:0"])
 	
-- 
1.6.3.3


--------------000902080109040405080503
Content-Type: text/x-patch;
 name="0009-s4-Run-twice-update_sd-one-with-the-system-one-with-.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0009-s4-Run-twice-update_sd-one-with-the-system-one-with-.pa";
 filename*1="tch"



More information about the samba-technical mailing list