s4 upgradeprovision: introduce a new function to update the field use for calculating...

This function change the version field of the unicodePwd in the
replPropertyMetaData so that the version is equal or
superior to the reference value passed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py
index 9dbefba6251ae10c63ce2d3e7a2f6ef06824f783..58106e0a708389d2c7ac50dd3e3df7ba513dd77a 100755 (executable)
--- a/source4/scripting/python/samba/upgradehelpers.py
+++ b/source4/scripting/python/samba/upgradehelpers.py
@@ -704,14 +704,48 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
         set_gpo_acl(paths.sysvol, names.dnsdomain, names.domainsid,
             names.domaindn, samdb, lp)
     except TypeError, e:
-        message(ERROR, "Unable to set ACLs on policies related objects, if not using posix:eadb, you must be root to do it")
+        message(ERROR, "Unable to set ACLs on policies related objects,"
+                       " if not using posix:eadb, you must be root to do it")
 
     if resetacls:
        try:
             setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid,
                         names.domainsid, names.dnsdomain, names.domaindn, lp)
        except TypeError, e:
-            message(ERROR, "Unable to set ACLs on sysvol share, if not using posix:eadb, you must be root to do it")
+            message(ERROR, "Unable to set ACLs on sysvol share, if not using"
+                           "posix:eadb, you must be root to do it")
+
+def increment_calculated_keyversion_number(samdb, rootdn, hashDns):
+    """For a given hash associating dn and a number, this function will
+    update the replPropertyMetaData of each dn in the hash, so that the
+    calculated value of the msDs-KeyVersionNumber is equal or superior to the
+    one associated to the given dn.
+
+    :param samdb: An SamDB object pointing to the sam
+    :param rootdn: The base DN where we want to start
+    :param hashDns: A hash with dn as key and number representing the
+                 minimum value of msDs-KeyVersionNumber that we want to
+                 have
+    """
+    entry = samdb.search(expression='(objectClass=user)',
+                         base=ldb.Dn(samdb,str(rootdn)),
+                         scope=SCOPE_SUBTREE, attrs=["msDs-KeyVersionNumber"],
+                         controls=["search_options:1:2"])
+    done = 0
+    if len(entry) == 0:
+        raise ProvisioningError("Unable to find msDs-KeyVersionNumber")
+    else:
+        for e in entry:
+            if hashDns.has_key(str(e.dn).lower()):
+                done = done + 1
+                val = e.get("msDs-KeyVersionNumber")
+                if not val:
+                    continue
+                version = int(str(hashDns[str(e.dn).lower()]))
+                if int(str(val)) < version:
+                    samdb.set_attribute_replmetadata_version(str(e.dn),
+                                                              "unicodePwd",
+                                                              version)
 
 def delta_update_basesamdb(refsam, sam, creds, session, lp, message):
     """Update the provision container db: sam.ldb
@@ -829,7 +863,7 @@ def search_constructed_attrs_stored(samdb, rootdn, attrs):
     expr = construct_existor_expr(attrs)
     if expr == "":
         return hashAtt
-    entry = samdb.search(expression=expr, base=ldb.Dn(samdb,str(rootdn)),
+    entry = samdb.search(expression=expr, base=ldb.Dn(samdb, str(rootdn)),
                          scope=SCOPE_SUBTREE, attrs=attrs,
                          controls=["search_options:1:2","bypassoperational:0"])
     if len(entry) == 0: