From 8d3ff2d41e9ffeb41d55613f645a72fbdda77861 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 28 Mar 2010 22:48:55 +0400 Subject: s4: allow upgrade provision to fix acl and missing dir on GPO dirs Signed-off-by: Jelmer Vernooij --- source4/scripting/bin/upgradeprovision | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 0e3f86db77..a04fd11b82 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -41,7 +41,7 @@ from ldb import SCOPE_SUBTREE, SCOPE_BASE, \ from samba import param from samba import glue from samba.misc import messageEltFlagToString -from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join +from samba.provision import find_setup_dir, get_domain_descriptor, get_config_descriptor, secretsdb_self_join,set_gpo_acl,getpolicypath,create_gpo_struct from samba.provisionexceptions import ProvisioningError from samba.schema import get_linked_attributes, Schema, get_schema_descriptor from samba.dcerpc import security @@ -870,6 +870,23 @@ def update_machine_account_password(paths, creds, session, names): secrets_ldb.transaction_cancel() +def update_gpo(paths,creds,session,names): + """Create missing GPO file object if needed + + Set ACL correctly also. + """ + dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid) + if not os.path.isdir(dir): + create_gpo_struct(dir) + + dir = getpolicypath(paths.sysvol,names.dnsdomain,names.policyid_dc) + if not os.path.isdir(dir): + create_gpo_struct(dir) + samdb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp) + set_gpo_acl(path.sysvol,names.dnsdomain,names.domainsid,names.domaindn,samdb,lp) + + + def setup_path(file): return os.path.join(setup_dir, file) -- cgit