summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-02-18 15:56:18 +1100
committerStefan Metzmacher <metze@samba.org>2013-03-04 08:33:57 +0100
commitd5d88bd82b1cb51da09cf3b3dec40f180f5ed29f (patch)
treed9ba01aade1269aa98f424939896a4e552bbb6fd
parent0f247dce00fd26230cdb0566ce4f51a2ea8cfc2b (diff)
downloadsamba-d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f.tar.gz
samba-d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f.tar.bz2
samba-d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f.zip
samba_upgradeprovision: Do not reset every DN when changing an SD
SD propogation is handled by an LDB module, we do not need to touch each and every DN to make it happen. Now that we do not need to put this via a hash, the dnToRecalculate list is changed to be a list of Dn objects, not strings so that: if dn in listWellknown is handled using a schema comparison (avoiding different case forms tripping it up). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rwxr-xr-xsource4/scripting/bin/samba_upgradeprovision30
1 files changed, 8 insertions, 22 deletions
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index cc8c633451..8e7d792e35 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -921,7 +921,7 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current,
" cames from the modification or from a previous bug")
dnNotToRecalculateFound = True
else:
- dnToRecalculate.append(str(dn))
+ dnToRecalculate.append(dn)
continue
if attrUSN == -1:
@@ -1282,11 +1282,12 @@ def fix_wellknown_sd(samdb, names):
get_dns_domain_microsoft_dns_descriptor)
subcontainers.append(c)
- for [dn, descriptor_fn] in subcontainers:
+ for [strdn, descriptor_fn] in subcontainers:
+ dn = Dn(samdb, strdn)
list_wellknown_dns.append(dn)
if dn in dnToRecalculate:
delta = Message()
- delta.dn = Dn(samdb, str(dn))
+ delta.dn = dn
descr = descriptor_fn(names.domainsid, name_map=names.name_map)
delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE,
"nTSecurityDescriptor" )
@@ -1311,30 +1312,16 @@ def rebuild_sd(samdb, names):
listWellknown = fix_wellknown_sd(samdb, names)
- hash = {}
- for dn in dnToRecalculate:
- if hash.has_key(dn):
- continue
- # fetch each dn to recalculate and their child within the same partition
- res = samdb.search(expression="objectClass=*", base=dn,
- scope=SCOPE_SUBTREE, attrs=["dn", "whenCreated"])
- for obj in res:
- hash[str(obj["dn"])] = obj["whenCreated"]
-
- listKeys = list(set(hash.keys()))
- listKeys.sort(dn_sort)
-
if len(dnToRecalculate) != 0:
message(CHANGESD, "%d DNs have been marked as needed to be recalculated"
- ", recalculating %d due to inheritance"
- % (len(dnToRecalculate), len(listKeys)))
+ % (len(dnToRecalculate)))
- for key in listKeys:
+ for dn in dnToRecalculate:
# well known SDs have already been reset
- if key in listWellknown:
+ if dn in listWellknown:
continue
delta = Message()
- delta.dn = Dn(samdb, key)
+ delta.dn = dn
sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL
try:
descr = get_empty_descriptor(names.domainsid)
@@ -1840,7 +1827,6 @@ if __name__ == '__main__':
message(SIMPLE, "Update machine account")
update_machine_account_password(ldbs.sam, ldbs.secrets, names)
- dnToRecalculate.sort(dn_sort)
# 16) SD should be created with admin but as some previous acl were so wrong
# that admin can't modify them we have first to recreate them with the good
# form but with system account and then give the ownership to admin ...