[PATCH] s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one

Matthieu Patou mat at matws.net
Mon Jul 5 13:41:13 MDT 2010


This should avoid colliion with newly added objects that use the same
SID as existing users in the upgraded provision.
---
 source4/scripting/bin/upgradeprovision |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index b131672..3d17429 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -516,6 +516,11 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
     empty = Message()
     delta = samdb.msg_diff(empty, reference[0])
     delta.dn
+    if delta.get("objectSid"):
+        sid = str(ndr_unpack(security.dom_sid, str(reference[0]["objectSid"])))
+        m = re.match(r".*-(\d+)$", sid)
+        if m and int(m.group(1))>999:
+            delta.remove("objectSid")
     for att in hashAttrNotCopied.keys():
         delta.remove(att)
     for att in backlinked:
@@ -533,6 +538,7 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
     delta.dn = dn
     message(CHANGE,"Object %s will be added" % dn)
     samdb.add(delta, ["relax:0"])
+
     return True
 
 def gen_dn_index_hash(listMissing):
-- 
1.7.0.4


--------------040601010201000709050702--


More information about the samba-technical mailing list