diff options
-rwxr-xr-x | source4/scripting/bin/upgradeprovision | 18 | ||||
-rwxr-xr-x | source4/scripting/python/samba/upgradehelpers.py | 24 |
2 files changed, 38 insertions, 4 deletions
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index f90443318a..a478856165 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -56,7 +56,7 @@ from samba.upgradehelpers import (dn_sort, get_paths, newprovision, update_secrets, CHANGE, ERROR, SIMPLE, CHANGEALL, GUESS, CHANGESD, PROVISION, updateOEMInfo, getOEMInfo, update_gpo, - delta_update_basesamdb) + delta_update_basesamdb, update_policyids) replace=2**FLAG_MOD_REPLACE add=2**FLAG_MOD_ADD @@ -1432,8 +1432,8 @@ if __name__ == '__main__': # 11) B simple_update_basesamdb(newpaths, paths, names) ldbs = get_ldbs(paths, creds, session, lp) - ldbs.startTransactions() removeProvisionUSN(ldbs.sam) + ldbs.startTransactions() # 12) schema = Schema(setup_path, names.domainsid, schemadn=str(names.schemadn), @@ -1497,10 +1497,20 @@ if __name__ == '__main__': # 22) if lastProvisionUSNs != None: updateProvisionUSN(ldbs.sam, minUSN, maxUSN) + if opts.full and (names.policyid == None or names.policyid_dc == None): + update_policyids(names, ldbs.sam) if opts.full or opts.resetfileacl: - update_gpo(paths, ldbs.sam, names, lp, message, 1) + try: + update_gpo(paths, ldbs.sam, names, lp, message, 1) + except ProvisioningError, e: + message(ERROR, "The policy for domain controller is missing," \ + " you should restart upgradeprovision with --full") else: - update_gpo(paths, ldbs.sam, names, lp, message, 0) + try: + update_gpo(paths, ldbs.sam, names, lp, message, 0) + except ProvisioningError, e: + message(ERROR, "The policy for domain controller is missing," \ + " you should restart upgradeprovision with --full") ldbs.groupedCommit() new_ldbs.groupedCommit() message(SIMPLE, "Upgrade finished !") diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py index 78e23a2f87..4cb84ba54f 100755 --- a/source4/scripting/python/samba/upgradehelpers.py +++ b/source4/scripting/python/samba/upgradehelpers.py @@ -187,6 +187,26 @@ def get_paths(param, targetdir=None, smbconf=None): paths = provision_paths_from_lp(lp, lp.get("realm")) return paths +def update_policyids(names, samdb): + """Update policy ids that could have changed after sam update + + :param names: List of key provision parameters + :param samdb: An Ldb object conntected with the sam DB + """ + # policy guid + res = samdb.search(expression="(displayName=Default Domain Policy)", + base="CN=Policies,CN=System," + str(names.rootdn), + scope=SCOPE_ONELEVEL, attrs=["cn","displayName"]) + names.policyid = str(res[0]["cn"]).replace("{","").replace("}","") + # dc policy guid + res2 = samdb.search(expression="(displayName=Default Domain Controllers" \ + " Policy)", + base="CN=Policies,CN=System," + str(names.rootdn), + scope=SCOPE_ONELEVEL, attrs=["cn","displayName"]) + if len(res2) == 1: + names.policyid_dc = str(res2[0]["cn"]).replace("{","").replace("}","") + else: + names.policyid_dc = None def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp): """Get key provision parameters (realm, domain, ...) from a given provision @@ -562,6 +582,8 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc): for att in hashAttrNotCopied.keys(): delta.remove(att) for att in delta: + if att == "msDS-KeyVersionNumber": + delta.remove(att) if att != "dn": messagefunc(CHANGE, "Adding/Changing attribute %s to %s" % \ @@ -632,6 +654,8 @@ def update_gpo(paths, samdb, names, lp, message, force=0): if not os.path.isdir(dir): create_gpo_struct(dir) + if names.policyid_dc == None: + raise ProvisioningError("Policy ID for Domain controller is missing") dir = getpolicypath(paths.sysvol, names.dnsdomain, names.policyid_dc) if not os.path.isdir(dir): create_gpo_struct(dir) |