From d5d88bd82b1cb51da09cf3b3dec40f180f5ed29f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Feb 2013 15:56:18 +1100 Subject: samba_upgradeprovision: Do not reset every DN when changing an SD SD propogation is handled by an LDB module, we do not need to touch each and every DN to make it happen. Now that we do not need to put this via a hash, the dnToRecalculate list is changed to be a list of Dn objects, not strings so that: if dn in listWellknown is handled using a schema comparison (avoiding different case forms tripping it up). Andrew Bartlett Reviewed-by: Stefan Metzmacher --- source4/scripting/bin/samba_upgradeprovision | 30 ++++++++-------------------- 1 file changed, 8 insertions(+), 22 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index cc8c6334518..8e7d792e35c 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -921,7 +921,7 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current, " cames from the modification or from a previous bug") dnNotToRecalculateFound = True else: - dnToRecalculate.append(str(dn)) + dnToRecalculate.append(dn) continue if attrUSN == -1: @@ -1282,11 +1282,12 @@ def fix_wellknown_sd(samdb, names): get_dns_domain_microsoft_dns_descriptor) subcontainers.append(c) - for [dn, descriptor_fn] in subcontainers: + for [strdn, descriptor_fn] in subcontainers: + dn = Dn(samdb, strdn) list_wellknown_dns.append(dn) if dn in dnToRecalculate: delta = Message() - delta.dn = Dn(samdb, str(dn)) + delta.dn = dn descr = descriptor_fn(names.domainsid, name_map=names.name_map) delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE, "nTSecurityDescriptor" ) @@ -1311,30 +1312,16 @@ def rebuild_sd(samdb, names): listWellknown = fix_wellknown_sd(samdb, names) - hash = {} - for dn in dnToRecalculate: - if hash.has_key(dn): - continue - # fetch each dn to recalculate and their child within the same partition - res = samdb.search(expression="objectClass=*", base=dn, - scope=SCOPE_SUBTREE, attrs=["dn", "whenCreated"]) - for obj in res: - hash[str(obj["dn"])] = obj["whenCreated"] - - listKeys = list(set(hash.keys())) - listKeys.sort(dn_sort) - if len(dnToRecalculate) != 0: message(CHANGESD, "%d DNs have been marked as needed to be recalculated" - ", recalculating %d due to inheritance" - % (len(dnToRecalculate), len(listKeys))) + % (len(dnToRecalculate))) - for key in listKeys: + for dn in dnToRecalculate: # well known SDs have already been reset - if key in listWellknown: + if dn in listWellknown: continue delta = Message() - delta.dn = Dn(samdb, key) + delta.dn = dn sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL try: descr = get_empty_descriptor(names.domainsid) @@ -1840,7 +1827,6 @@ if __name__ == '__main__': message(SIMPLE, "Update machine account") update_machine_account_password(ldbs.sam, ldbs.secrets, names) - dnToRecalculate.sort(dn_sort) # 16) SD should be created with admin but as some previous acl were so wrong # that admin can't modify them we have first to recreate them with the good # form but with system account and then give the ownership to admin ... -- cgit