[PATCH 10/10] s4: fix update_machine_account_password

Matthieu Patou mat at matws.net
Fri Nov 27 06:58:03 MST 2009 

  * make this function update the provision and not the reference
  * do transmit the objectSID for secret_rejoin otherwise the SID is removed
  * fix wrong typing (str/int/messageElement)
---
 source4/scripting/bin/upgradeprovision |   13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index a463b8b..81b496b 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -684,9 +684,9 @@ def update_samdb(newpaths,paths,creds,session,names):
 	hashSD = check_diff_name(newpaths,paths,creds,session,str(names.rootdn),names,0)
 	message(SIMPLE,"Done with scanning")
 
-def update_machine_account_password(newpaths,paths,creds,session,names):
+def update_machine_account_password(paths,creds,session,names):
 
-	secrets_ldb = Ldb(newpaths.secrets, session_info=session, credentials=creds,lp=lp)
+	secrets_ldb = Ldb(paths.secrets, session_info=session, credentials=creds,lp=lp)
 	secrets_ldb.transaction_start()
 	secrets_msg = secrets_ldb.search(expression=("samAccountName=%s$" % names.netbiosname), attrs=["secureChannelType"])
 	sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
@@ -697,21 +697,22 @@ def update_machine_account_password(newpaths,paths,creds,session,names):
 
 		msg = ldb.Message(res[0].dn)
 		machinepass = glue.generate_random_str(12)
-		msg["userPassword"] = ldb.MessageElement("userPassword", ldb.FLAG_MOD_REPLACE, "userPassword")
+		msg["userPassword"] = ldb.MessageElement(machinepass, ldb.FLAG_MOD_REPLACE, "userPassword")
 		sam_ldb.modify(msg)
 
 		res = sam_ldb.search(expression=("samAccountName=%s$" % names.netbiosname),
 				     attrs=["msDs-keyVersionNumber"])
 		assert(len(res) == 1)
-		kvno = res[0]["msDs-keyVersionNumber"]
+		kvno = int(str(res[0]["msDs-keyVersionNumber"]))
 
 		secretsdb_self_join(secrets_ldb, domain=names.domain,
 				    realm=names.realm,
+					domainsid=names.domainsid,
 				    dnsdomain=names.dnsdomain,
 				    netbiosname=names.netbiosname,
 				    machinepass=machinepass,
 				    key_version_number=kvno,
-				    secure_channel_type=secrets_msg[0]["secureChannelType"])
+				    secure_channel_type=int(secrets_msg[0]["secureChannelType"][0]))
 		sam_ldb.transaction_prepare_commit()
 		secrets_ldb.transaction_prepare_commit()
 		sam_ldb.transaction_commit()
@@ -739,7 +740,7 @@ populate_backlink(newpaths,creds,session,names.schemadn)
 update_basesamdb(newpaths,paths,names)
 update_secrets(newpaths,paths,creds,session)
 update_privilege(newpaths,paths)
-update_machine_account_password(newpaths,paths,creds,session,names)
+update_machine_account_password(paths,creds,session,names)
 
 if opts.full:
 	update_samdb(newpaths,paths,creds,session,names)
-- 
1.6.3.3


--------------000902080109040405080503--

More information about the samba-technical mailing list