[PATCH 08/10] s4: Store domainsid in names.domainsid (and not it's string reprensentation), adapt script for this change
Matthieu Patou
mat at matws.net
Fri Nov 27 06:50:42 MST 2009
---
source4/scripting/bin/upgradeprovision | 19 +++++++++----------
1 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 2c648dd..56ff91c 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -225,7 +225,7 @@ def guess_names_from_current_provision(credentials,session_info,paths):
attrs6 = ["objectGUID", "objectSid", ]
res6 = samdb.search(expression="(objectClass=*)",base=basedn, scope=SCOPE_BASE, attrs=attrs6)
names.domainguid = str(ndr_unpack( misc.GUID,res6[0]["objectGUID"][0]))
- names.domainsid = str(ndr_unpack( security.dom_sid,res6[0]["objectSid"][0]))
+ names.domainsid = ndr_unpack( security.dom_sid,res6[0]["objectSid"][0])
# policy guid
attrs7 = ["cn","displayName"]
@@ -259,7 +259,7 @@ def print_names(names):
message(GUESS, "invocationid:"+names.invocation)
message(GUESS, "policyguid :"+names.policyid)
message(GUESS, "policyguiddc:"+str(names.policyid_dc))
- message(GUESS, "domainsid :"+names.domainsid)
+ message(GUESS, "domainsid :"+str(names.domainsid))
message(GUESS, "domainguid :"+names.domainguid)
message(GUESS, "ntdsguid :"+names.ntdsguid)
@@ -282,7 +282,7 @@ def newprovision(names,setup_dir,creds,session,smbconf):
provision(setup_dir, messageprovision,
session, creds, smbconf=smbconf, targetdir=provdir,
samdb_fill=FILL_FULL, realm=names.realm, domain=names.domain,
- domainguid=names.domainguid, domainsid=names.domainsid,ntdsguid=names.ntdsguid,
+ domainguid=names.domainguid, domainsid=str(names.domainsid),ntdsguid=names.ntdsguid,
policyguid=names.policyid,policyguid_dc=names.policyid_dc,hostname=names.netbiosname,
hostip=None, hostip6=None,
invocationid=names.invocation, adminpass=None,
@@ -504,7 +504,7 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
# The double ldb open and schema validation is taken from the initial provision script
# it's not certain that it is really needed ....
sam_ldb = Ldb(session_info=session, credentials=creds, lp=lp)
- schema = Schema(setup_path, security.dom_sid(names.domainsid), schemadn=basedn, serverdn=str(names.serverdn))
+ schema = Schema(setup_path, names.domainsid, schemadn=basedn, serverdn=str(names.serverdn))
# Load the schema from the one we computed earlier
sam_ldb.set_schema_from_ldb(schema.ldb)
# And now we can connect to the DB - the schema won't be loaded from the DB
@@ -571,17 +571,16 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
def check_updated_sd(newpaths,paths,creds,session,names):
newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
- domSID = security.dom_sid(names.domainsid)
res = newsam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
res2 = sam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_SUBTREE,attrs=["dn","nTSecurityDescriptor"],controls=["search_options:1:2"])
hash_new = {}
for i in range(0,len(res)):
- hash_new[str(res[i]["dn"]).lower()] = ndr_unpack(security.descriptor,str(res[i]["nTSecurityDescriptor"])).as_sddl(domSID)
+ hash_new[str(res[i]["dn"]).lower()] = ndr_unpack(security.descriptor,str(res[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
for i in range(0,len(res2)):
key = str(res2[i]["dn"]).lower()
if hash_new.has_key(key):
- sddl = ndr_unpack(security.descriptor,str(res2[i]["nTSecurityDescriptor"])).as_sddl(domSID)
+ sddl = ndr_unpack(security.descriptor,str(res2[i]["nTSecurityDescriptor"])).as_sddl(names.domainsid)
if sddl != hash_new[key]:
print key
print "%s\n%s"%(sddl,hash_new[key])
@@ -598,21 +597,21 @@ def update_sd(newpaths,paths,creds,session,names):
res = sam_ldb.search(expression="objectClass=*",base=str(names.rootdn), scope=SCOPE_BASE,attrs=["dn","whenCreated"],controls=["search_options:1:2"])
delta = ldb.Message()
delta.dn = ldb.Dn(sam_ldb,str(res[0]["dn"]))
- descr = get_domain_descriptor(domSID)
+ descr = get_domain_descriptor(names.domainsid)
delta["nTSecurityDescriptor"] = ldb.MessageElement( descr,ldb.FLAG_MOD_REPLACE,"nTSecurityDescriptor" )
sam_ldb.modify(delta,["recalculate_sd:0"])
# Then the config dn
res = sam_ldb.search(expression="objectClass=*",base=str(names.configdn), scope=SCOPE_BASE,attrs=["dn","whenCreated"],controls=["search_options:1:2"])
delta = ldb.Message()
delta.dn = ldb.Dn(sam_ldb,str(res[0]["dn"]))
- descr = get_config_descriptor(domSID)
+ descr = get_config_descriptor(names.domainsid)
delta["nTSecurityDescriptor"] = ldb.MessageElement( descr,ldb.FLAG_MOD_REPLACE,"nTSecurityDescriptor" )
sam_ldb.modify(delta,["recalculate_sd:0"])
# Then the schema dn
res = sam_ldb.search(expression="objectClass=*",base=str(names.schemadn), scope=SCOPE_BASE,attrs=["dn","whenCreated"],controls=["search_options:1:2"])
delta = ldb.Message()
delta.dn = ldb.Dn(sam_ldb,str(res[0]["dn"]))
- descr = get_schema_descriptor(domSID)
+ descr = get_schema_descriptor(names.domainsid)
delta["nTSecurityDescriptor"] = ldb.MessageElement( descr,ldb.FLAG_MOD_REPLACE,"nTSecurityDescriptor" )
sam_ldb.modify(delta,["recalculate_sd:0"])
--
1.6.3.3
--------------000902080109040405080503
Content-Type: text/x-patch;
name="0009-s4-Run-twice-update_sd-one-with-the-system-one-with-.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="0009-s4-Run-twice-update_sd-one-with-the-system-one-with-.pa";
filename*1="tch"
More information about the samba-technical
mailing list