diff options
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/scripting/bin/samba_upgradeprovision | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index cc8c633451..8e7d792e35 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -921,7 +921,7 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current, " cames from the modification or from a previous bug") dnNotToRecalculateFound = True else: - dnToRecalculate.append(str(dn)) + dnToRecalculate.append(dn) continue if attrUSN == -1: @@ -1282,11 +1282,12 @@ def fix_wellknown_sd(samdb, names): get_dns_domain_microsoft_dns_descriptor) subcontainers.append(c) - for [dn, descriptor_fn] in subcontainers: + for [strdn, descriptor_fn] in subcontainers: + dn = Dn(samdb, strdn) list_wellknown_dns.append(dn) if dn in dnToRecalculate: delta = Message() - delta.dn = Dn(samdb, str(dn)) + delta.dn = dn descr = descriptor_fn(names.domainsid, name_map=names.name_map) delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE, "nTSecurityDescriptor" ) @@ -1311,30 +1312,16 @@ def rebuild_sd(samdb, names): listWellknown = fix_wellknown_sd(samdb, names) - hash = {} - for dn in dnToRecalculate: - if hash.has_key(dn): - continue - # fetch each dn to recalculate and their child within the same partition - res = samdb.search(expression="objectClass=*", base=dn, - scope=SCOPE_SUBTREE, attrs=["dn", "whenCreated"]) - for obj in res: - hash[str(obj["dn"])] = obj["whenCreated"] - - listKeys = list(set(hash.keys())) - listKeys.sort(dn_sort) - if len(dnToRecalculate) != 0: message(CHANGESD, "%d DNs have been marked as needed to be recalculated" - ", recalculating %d due to inheritance" - % (len(dnToRecalculate), len(listKeys))) + % (len(dnToRecalculate))) - for key in listKeys: + for dn in dnToRecalculate: # well known SDs have already been reset - if key in listWellknown: + if dn in listWellknown: continue delta = Message() - delta.dn = Dn(samdb, key) + delta.dn = dn sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL try: descr = get_empty_descriptor(names.domainsid) @@ -1840,7 +1827,6 @@ if __name__ == '__main__': message(SIMPLE, "Update machine account") update_machine_account_password(ldbs.sam, ldbs.secrets, names) - dnToRecalculate.sort(dn_sort) # 16) SD should be created with admin but as some previous acl were so wrong # that admin can't modify them we have first to recreate them with the good # form but with system account and then give the ownership to admin ... |