update_secrets, CHANGE, ERROR, SIMPLE,
CHANGEALL, GUESS, CHANGESD, PROVISION,
updateOEMInfo, getOEMInfo, update_gpo,
- delta_update_basesamdb)
+ delta_update_basesamdb, update_policyids)
replace=2**FLAG_MOD_REPLACE
add=2**FLAG_MOD_ADD
# 11) B
simple_update_basesamdb(newpaths, paths, names)
ldbs = get_ldbs(paths, creds, session, lp)
- ldbs.startTransactions()
removeProvisionUSN(ldbs.sam)
+ ldbs.startTransactions()
# 12)
schema = Schema(setup_path, names.domainsid, schemadn=str(names.schemadn),
# 22)
if lastProvisionUSNs != None:
updateProvisionUSN(ldbs.sam, minUSN, maxUSN)
+ if opts.full and (names.policyid == None or names.policyid_dc == None):
+ update_policyids(names, ldbs.sam)
if opts.full or opts.resetfileacl:
- update_gpo(paths, ldbs.sam, names, lp, message, 1)
+ try:
+ update_gpo(paths, ldbs.sam, names, lp, message, 1)
+ except ProvisioningError, e:
+ message(ERROR, "The policy for domain controller is missing," \
+ " you should restart upgradeprovision with --full")
else:
- update_gpo(paths, ldbs.sam, names, lp, message, 0)
+ try:
+ update_gpo(paths, ldbs.sam, names, lp, message, 0)
+ except ProvisioningError, e:
+ message(ERROR, "The policy for domain controller is missing," \
+ " you should restart upgradeprovision with --full")
ldbs.groupedCommit()
new_ldbs.groupedCommit()
message(SIMPLE, "Upgrade finished !")
paths = provision_paths_from_lp(lp, lp.get("realm"))
return paths
+def update_policyids(names, samdb):
+ """Update policy ids that could have changed after sam update
+
+ :param names: List of key provision parameters
+ :param samdb: An Ldb object conntected with the sam DB
+ """
+ # policy guid
+ res = samdb.search(expression="(displayName=Default Domain Policy)",
+ base="CN=Policies,CN=System," + str(names.rootdn),
+ scope=SCOPE_ONELEVEL, attrs=["cn","displayName"])
+ names.policyid = str(res[0]["cn"]).replace("{","").replace("}","")
+ # dc policy guid
+ res2 = samdb.search(expression="(displayName=Default Domain Controllers" \
+ " Policy)",
+ base="CN=Policies,CN=System," + str(names.rootdn),
+ scope=SCOPE_ONELEVEL, attrs=["cn","displayName"])
+ if len(res2) == 1:
+ names.policyid_dc = str(res2[0]["cn"]).replace("{","").replace("}","")
+ else:
+ names.policyid_dc = None
def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp):
"""Get key provision parameters (realm, domain, ...) from a given provision
for att in hashAttrNotCopied.keys():
delta.remove(att)
for att in delta:
+ if att == "msDS-KeyVersionNumber":
+ delta.remove(att)
if att != "dn":
messagefunc(CHANGE,
"Adding/Changing attribute %s to %s" % \
if not os.path.isdir(dir):
create_gpo_struct(dir)
+ if names.policyid_dc == None:
+ raise ProvisioningError("Policy ID for Domain controller is missing")
dir = getpolicypath(paths.sysvol, names.dnsdomain, names.policyid_dc)
if not os.path.isdir(dir):
create_gpo_struct(dir)
git.samba.org / sfrench / samba-autobuild / .git / commitdiff