summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2010-06-15 12:49:19 +0400
committerAndrew Bartlett <abartlet@samba.org>2010-07-15 22:08:21 +1000
commit93239016443c1ba40ec69c025a91d60c09833c20 (patch)
tree319ccdcdffb43cf8df69499ce03605aade0558c9 /source4/scripting/python
parentf97c90c9cd124314b4a0862e702dd021bd2df9a0 (diff)
downloadsamba-93239016443c1ba40ec69c025a91d60c09833c20.tar.gz
samba-93239016443c1ba40ec69c025a91d60c09833c20.tar.bz2
samba-93239016443c1ba40ec69c025a91d60c09833c20.zip
s4 upgradeprovision: introduce a new function to update the field use for calculating msds-keyversionnumber
This function change the version field of the unicodePwd in the replPropertyMetaData so that the version is equal or superior to the reference value passed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting/python')
-rwxr-xr-xsource4/scripting/python/samba/upgradehelpers.py40
1 files changed, 37 insertions, 3 deletions
diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py
index 9dbefba625..58106e0a70 100755
--- a/source4/scripting/python/samba/upgradehelpers.py
+++ b/source4/scripting/python/samba/upgradehelpers.py
@@ -704,14 +704,48 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
names.domaindn, samdb, lp)
except TypeError, e:
- message(ERROR, "Unable to set ACLs on policies related objects, if not using posix:eadb, you must be root to do it")
+ message(ERROR, "Unable to set ACLs on policies related objects,"
+ " if not using posix:eadb, you must be root to do it")
if resetacls:
try:
setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid,
names.domainsid, names.dnsdomain, names.domaindn, lp)
except TypeError, e:
- message(ERROR, "Unable to set ACLs on sysvol share, if not using posix:eadb, you must be root to do it")
+ message(ERROR, "Unable to set ACLs on sysvol share, if not using"
+ "posix:eadb, you must be root to do it")
+
+def increment_calculated_keyversion_number(samdb, rootdn, hashDns):
+ """For a given hash associating dn and a number, this function will
+ update the replPropertyMetaData of each dn in the hash, so that the
+ calculated value of the msDs-KeyVersionNumber is equal or superior to the
+ one associated to the given dn.
+
+ :param samdb: An SamDB object pointing to the sam
+ :param rootdn: The base DN where we want to start
+ :param hashDns: A hash with dn as key and number representing the
+ minimum value of msDs-KeyVersionNumber that we want to
+ have
+ """
+ entry = samdb.search(expression='(objectClass=user)',
+ base=ldb.Dn(samdb,str(rootdn)),
+ scope=SCOPE_SUBTREE, attrs=["msDs-KeyVersionNumber"],
+ controls=["search_options:1:2"])
+ done = 0
+ if len(entry) == 0:
+ raise ProvisioningError("Unable to find msDs-KeyVersionNumber")
+ else:
+ for e in entry:
+ if hashDns.has_key(str(e.dn).lower()):
+ done = done + 1
+ val = e.get("msDs-KeyVersionNumber")
+ if not val:
+ continue
+ version = int(str(hashDns[str(e.dn).lower()]))
+ if int(str(val)) < version:
+ samdb.set_attribute_replmetadata_version(str(e.dn),
+ "unicodePwd",
+ version)
def delta_update_basesamdb(refsam, sam, creds, session, lp, message):
"""Update the provision container db: sam.ldb
@@ -829,7 +863,7 @@ def search_constructed_attrs_stored(samdb, rootdn, attrs):
expr = construct_existor_expr(attrs)
if expr == "":
return hashAtt
- entry = samdb.search(expression=expr, base=ldb.Dn(samdb,str(rootdn)),
+ entry = samdb.search(expression=expr, base=ldb.Dn(samdb, str(rootdn)),
scope=SCOPE_SUBTREE, attrs=attrs,
controls=["search_options:1:2","bypassoperational:0"])
if len(entry) == 0: