diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-02-18 15:56:18 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-03-04 08:33:57 +0100 |
| commit | d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f (patch) | |
| tree | d9ba01aade1269aa98f424939896a4e552bbb6fd /source4/scripting | |
| parent | 0f247dce00fd26230cdb0566ce4f51a2ea8cfc2b (diff) | |
| download | samba-d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f.tar.gz samba-d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f.tar.bz2 samba-d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f.zip | |
samba_upgradeprovision: Do not reset every DN when changing an SD
SD propogation is handled by an LDB module, we do not need to touch each
and every DN to make it happen.
Now that we do not need to put this via a hash, the dnToRecalculate
list is changed to be a list of Dn objects, not strings so that:
if dn in listWellknown
is handled using a schema comparison (avoiding different case forms
tripping it up).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/scripting')
| -rwxr-xr-x | source4/scripting/bin/samba_upgradeprovision | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index cc8c633451..8e7d792e35 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -921,7 +921,7 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current, " cames from the modification or from a previous bug") dnNotToRecalculateFound = True else: - dnToRecalculate.append(str(dn)) + dnToRecalculate.append(dn) continue if attrUSN == -1: @@ -1282,11 +1282,12 @@ def fix_wellknown_sd(samdb, names): get_dns_domain_microsoft_dns_descriptor) subcontainers.append(c) - for [dn, descriptor_fn] in subcontainers: + for [strdn, descriptor_fn] in subcontainers: + dn = Dn(samdb, strdn) list_wellknown_dns.append(dn) if dn in dnToRecalculate: delta = Message() - delta.dn = Dn(samdb, str(dn)) + delta.dn = dn descr = descriptor_fn(names.domainsid, name_map=names.name_map) delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE, "nTSecurityDescriptor" ) @@ -1311,30 +1312,16 @@ def rebuild_sd(samdb, names): listWellknown = fix_wellknown_sd(samdb, names) - hash = {} - for dn in dnToRecalculate: - if hash.has_key(dn): - continue - # fetch each dn to recalculate and their child within the same partition - res = samdb.search(expression="objectClass=*", base=dn, - scope=SCOPE_SUBTREE, attrs=["dn", "whenCreated"]) - for obj in res: - hash[str(obj["dn"])] = obj["whenCreated"] - - listKeys = list(set(hash.keys())) - listKeys.sort(dn_sort) - if len(dnToRecalculate) != 0: message(CHANGESD, "%d DNs have been marked as needed to be recalculated" - ", recalculating %d due to inheritance" - % (len(dnToRecalculate), len(listKeys))) + % (len(dnToRecalculate))) - for key in listKeys: + for dn in dnToRecalculate: # well known SDs have already been reset - if key in listWellknown: + if dn in listWellknown: continue delta = Message() - delta.dn = Dn(samdb, key) + delta.dn = dn sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL try: descr = get_empty_descriptor(names.domainsid) @@ -1840,7 +1827,6 @@ if __name__ == '__main__': message(SIMPLE, "Update machine account") update_machine_account_password(ldbs.sam, ldbs.secrets, names) - dnToRecalculate.sort(dn_sort) # 16) SD should be created with admin but as some previous acl were so wrong # that admin can't modify them we have first to recreate them with the good # form but with system account and then give the ownership to admin ... |