[PATCH 2/3] s4: allow upgrade provision to fix acl and missing dir on GPO dirs
Matthieu Patou
mat at matws.net
Sun Mar 28 12:48:55 MDT 2010
---
source4/scripting/bin/upgradeprovision | 19 ++++++++++++++++++-
1 files changed, 18 insertions(+), 1 deletions(-)
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 180786a..73fae71 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -41,7 +41,7 @@ from ldb import SCOPE_SUBTREE, SCOPE_BASE, \
from samba import param
from samba import glue
from samba.misc import messageEltFlagToString
-from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join
+from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct
from samba.provisionexceptions import ProvisioningError
from samba.schema import get_linked_attributes, Schema, get_schema_descriptor
from samba.dcerpc import security
@@ -870,6 +870,23 @@ def update_machine_account_password(paths, creds, session, names):
secrets_ldb.transaction_cancel()
+def update_gpo(paths,creds,session,names):
+ """Create missing GPO file object if needed
+
+ Set ACL correctly also.
+ """
+ dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid)
+ if not os.path.isdir(dir):
+ create_gpo_struct(dir)
+
+ dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid_dc)
+ if not os.path.isdir(dir):
+ create_gpo_struct(dir)
+ samdb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
+ set_gpo_acl(path.sysvol,names.dnsdomain,names.domainsid,names.domaindn,samdb,lp)
+
+
+
def setup_path(file):
return os.path.join(setup_dir, file)
--
1.6.3.3
--------------060606040102000308020205
Content-Type: text/x-patch;
name="0003-s4-upgradeprovision-add-information-about-upgrade-in.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="0003-s4-upgradeprovision-add-information-about-upgrade-in.pa";
filename*1="tch"
More information about the samba-technical
mailing list