Attachment 9008 Details for Bug 43628 – post_read_control.patch

[patch] post_read_control.patch

post_read_control.patch (text/plain), 24.04 KB, created by Arvid Requate on 2017-07-10 19:39:48 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2017-07-10 19:39:48 CEST

Size: 24.04 KB

patch

obsolete

>Index: base/univention-python/debian/changelog
>===================================================================
>--- base/univention-python/debian/changelog	(Revision 81009)
>+++ base/univention-python/debian/changelog	(Arbeitskopie)
>@@ -1,3 +1,10 @@
>+univention-python (10.0.4-1) UNRELEASED; urgency=medium
>+
>+  * Bug 43628: Support lookup of specific attributes via PostReadControl
>+    (RFC 4527)
>+
>+ -- Arvid Requate <requate@univention.de>  Mon, 10 Jul 2017 19:28:18 +0200
>+
> univention-python (10.0.3-4) unstable; urgency=medium
> 
>   * Bug #41234: Revert changes made with Bug #36169 due to fix of Bug #36343
>Index: base/univention-python/debian/control
>===================================================================
>--- base/univention-python/debian/control	(Revision 81009)
>+++ base/univention-python/debian/control	(Arbeitskopie)
>@@ -12,6 +12,7 @@
> Architecture: all
> Depends: ${misc:Depends}, ${python:Depends},
>  python-ldap,
>+ python-pyasn1-modules,
>  python-dns,
>  python-univention-debug,
>  python-cracklib
>Index: base/univention-python/modules/uldap.py
>===================================================================
>--- base/univention-python/modules/uldap.py	(Revision 81009)
>+++ base/univention-python/modules/uldap.py	(Arbeitskopie)
>@@ -34,6 +34,7 @@
> import ldap
> import ldap.schema
> import ldap.sasl
>+from ldap.controls.readentry import PostReadControl
> import univention.debug
> from univention.config_registry import ConfigRegistry
> from ldapurl import LDAPUrl
>@@ -401,7 +402,7 @@
> 			self.__schema = ldap.schema.SubSchema(self.lo.read_subschemasubentry_s(self.lo.search_subschemasubentry_s()), 0)
> 		return self.__schema
> 
>-	def add(self, dn, al):
>+	def add(self, dn, al, postread_attrs=None):
> 		"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values)."""
> 
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'uldap.add dn=%s' % dn)
>@@ -416,15 +417,39 @@
> 			nal[key] |= set(val)
> 
> 		nal = self.__encode_entry([(k, list(v)) for k, v in nal.items()])
>+
>+		if postread_attrs:
>+			serverctrls = [PostReadControl(True, postread_attrs),]
>+			return self.add_ext_s(dn, nal, serverctrls=serverctrls)
>+		else:
>+			return self.add_s(dn, nal)
>+
>+	def add_s(self, dn, al):
>+		"""Redirect add_s directly to lo"""
> 		try:
>-			self.lo.add_ext_s(dn, nal)
>+			self.lo.add_ext_s(dn, al)
> 		except ldap.REFERRAL as exc:
> 			if not self.follow_referral:
> 				raise
> 			lo_ref = self._handle_referral(exc)
>-			lo_ref.add_ext_s(dn, nal)
>+			lo_ref.add_ext_s(dn, al)
> 
>-	def modify(self, dn, changes):
>+	def add_ext_s(self, dn, al, serverctrls=None):
>+		"""Redirect add_ext_s directly to lo"""
>+		try:
>+			msgid = self.lo.add_ext(dn, al, serverctrls=serverctrls)
>+			rtype, rdata, rmsgid, resp_ctrls = self.lo.result3(msgid)
>+		except ldap.REFERRAL as exc:
>+			if not self.follow_referral:
>+				raise
>+			lo_ref = self._handle_referral(exc)
>+			msgid = lo_ref.add_ext(dn, al, serverctrls=serverctrls)
>+			rtype, rdata, rmsgid, resp_ctrls = lo_ref.result3(msgid)
>+		for c in resp_ctrls:
>+			if c.controlType == PostReadControl.controlType:
>+				return c.entry
>+
>+	def modify(self, dn, changes, postread_attrs=None):
> 		"""Modify LDAP entry dn with attributes in changes=(attribute-name, old-values, new-values)."""
> 
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'uldap.modify %s' % dn)
>@@ -454,16 +479,32 @@
> 			ml.append((op, key, val))
> 		ml = self.__encode_entry(ml)
> 
>+		if postread_attrs:
>+			serverctrls = [PostReadControl(True, postread_attrs),]
>+		else:
>+			serverctrls = []
>+
>+		resp_entry = {}
> 		# check if we need to rename the object
> 		new_dn, new_rdn = self.__get_new_dn(dn, ml)
> 		if not self.compare_dn(dn, new_dn):
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.WARN, 'rename %s' % (new_rdn,))
>-			self.lo.rename_s(dn, new_rdn, None, delold=1)
>+			if postread_attrs:
>+				resp_entry = self.rename_ext_s(dn, new_rdn, None, delold=1, serverctrls=serverctrls)
>+			else:
>+				self.lo.rename_s(dn, new_rdn, None, delold=1)
> 			dn = new_dn
> 		if ml:
>-			self.modify_s(dn, ml)
>-		return dn
>+			if postread_attrs:
>+				resp_entry = self.modify_ext_s(dn, ml, serverctrls=serverctrls)
>+			else:
>+				self.modify_s(dn, ml)
> 
>+		if postread_attrs:
>+			return (dn, resp_entry)
>+		else:
>+			return dn
>+
> 	@classmethod
> 	def __get_new_dn(self, dn, ml):
> 		"""
>@@ -494,31 +535,74 @@
> 			lo_ref = self._handle_referral(exc)
> 			lo_ref.modify_ext_s(dn, ml)
> 
>-	def rename(self, dn, newdn):
>+	def modify_ext_s(self, dn, ml, serverctrls=None):
>+		"""Redirect modify_ext_s directly to lo"""
>+		try:
>+			msgid = self.lo.modify_ext(dn, ml, serverctrls=serverctrls)
>+			rtype, rdata, rmsgid, resp_ctrls = self.lo.result3(msgid)
>+		except ldap.REFERRAL as exc:
>+			if not self.follow_referral:
>+				raise
>+			lo_ref = self._handle_referral(exc)
>+			msgid = lo_ref.modify_ext(dn, ml, serverctrls=serverctrls)
>+			rtype, rdata, rmsgid, resp_ctrls = lo_ref.result3(msgid)
>+		for c in resp_ctrls:
>+			if c.controlType == PostReadControl.controlType:
>+				return c.entry
>+
>+	def rename(self, dn, newdn, postread_attrs=None):
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'uldap.rename %s -> %s' % (dn, newdn))
> 		oldsdn = self.parentDn(dn)
> 		newrdn = ldap.dn.dn2str([ldap.dn.str2dn(newdn)[0]])
> 		newsdn = ldap.dn.dn2str(ldap.dn.str2dn(newdn)[1:])
> 
>+		if postread_attrs:
>+			serverctrls = [PostReadControl(True, postread_attrs),]
>+		else:
>+			serverctrls = []
>+
>+		resp_entry = {}
> 		if not newsdn.lower() == oldsdn.lower():
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'uldap.rename: move %s to %s in %s' % (dn, newrdn, newsdn))
>-			try:
>-				self.lo.rename_s(dn, newrdn, newsdn)
>-			except ldap.REFERRAL as exc:
>-				if not self.follow_referral:
>-					raise
>-				lo_ref = self._handle_referral(exc)
>-				lo_ref.rename_s(dn, newrdn, newsdn)
>+			if postread_attrs:
>+				resp_entry = self.rename_ext_s(dn, newrdn, newsdn, serverctrls=serverctrls)
>+			else:
>+				self.rename_s(dn, newrdn, newsdn)
> 		else:
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'uldap.rename: modrdn %s to %s' % (dn, newrdn))
>-			try:
>-				self.lo.rename_s(dn, newrdn)
>-			except ldap.REFERRAL as exc:
>-				if not self.follow_referral:
>-					raise
>-				lo_ref = self._handle_referral(exc)
>-				lo_ref.rename_s(dn, newrdn)
>+			if postread_attrs:
>+				resp_entry = self.rename_ext_s(dn, newrdn, serverctrls=serverctrls)
>+			else:
>+				self.rename_s(dn, newrdn)
> 
>+		if postread_attrs:
>+			return resp_entry
>+
>+	def rename_s(self, dn, newrdn, newsuperior=None):
>+		"""Redirect rename_s directly to lo"""
>+		try:
>+			self.lo.rename_s(dn, newrdn, newsuperior)
>+		except ldap.REFERRAL as exc:
>+			if not self.follow_referral:
>+				raise
>+			lo_ref = self._handle_referral(exc)
>+			lo_ref.rename_s(dn, newrdn, newsuperior)
>+
>+	def rename_ext_s(self, dn, newrdn, newsuperior=None, serverctrls=None):
>+		"""Redirect rename_ext_s directly to lo"""
>+		try:
>+			msgid = self.lo.rename(dn, newrdn, newsuperior, serverctrls=serverctrls)
>+			rtype, rdata, rmsgid, resp_ctrls = self.lo.result3(msgid)
>+		except ldap.REFERRAL as exc:
>+			if not self.follow_referral:
>+				raise
>+			lo_ref = self._handle_referral(exc)
>+			lo_ref.rename(dn, newrdn, newsuperior, serverctrls=serverctrls)
>+			rtype, rdata, rmsgid, resp_ctrls = lo_ref.result3(msgid)
>+		for c in resp_ctrls:
>+			if c.controlType == PostReadControl.controlType:
>+				return c.entry
>+
> 	def delete(self, dn):
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'uldap.delete %s' % dn)
> 		if dn:
>Index: management/univention-directory-manager-modules/debian/changelog
>===================================================================
>--- management/univention-directory-manager-modules/debian/changelog	(Revision 81009)
>+++ management/univention-directory-manager-modules/debian/changelog	(Arbeitskopie)
>@@ -1,3 +1,10 @@
>+univention-directory-manager-modules (12.0.18-1) UNRELEASED; urgency=medium
>+
>+  * Bug 43628: Support lookup of specific attributes via PostReadControl
>+    (RFC 4527)
>+
>+ -- Arvid Requate <requate@univention.de>  Mon, 10 Jul 2017 19:32:17 +0200
>+
> univention-directory-manager-modules (12.0.17-74) unstable; urgency=medium
> 
>   * Bug #42015: Applied patch from Florian Best - Fix LDAP error when
>Index: management/univention-directory-manager-modules/debian/control
>===================================================================
>--- management/univention-directory-manager-modules/debian/control	(Revision 81009)
>+++ management/univention-directory-manager-modules/debian/control	(Arbeitskopie)
>@@ -14,7 +14,7 @@
> Architecture: all
> Depends: ${misc:Depends}, ${python:Depends},
>  python (>= 2.7),
>- python-univention (>> 6.0.21),
>+ python-univention (>= 10.0.4-1),
>  python-univention-heimdal (>= 4.0.1-1),
>  makepasswd,
>  python-m2crypto,
>Index: management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py
>===================================================================
>--- management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py	(Revision 81009)
>+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py	(Arbeitskopie)
>@@ -108,6 +108,8 @@
> 		self.options = []
> 		self.old_options = []
> 		self.alloc = []
>+		self.postread_attrs = None
>+		self.resp_entry = {}
> 
> 		if not isinstance(self.lo, univention.admin.uldap.access):
> 			if not isinstance(self.lo, univention.uldap.access):
>@@ -672,6 +674,22 @@
> 		self.call_udm_property_hook('hook_open', self)
> 		self.save()
> 
>+	def create(self, postread_attrs=None):
>+		if postread_attrs:
>+			self.postread_attrs = postread_attrs
>+		res = base.create(self)
>+		if self.postread_attrs:
>+			self.oldattr.update(self.resp_entry)
>+		return res
>+
>+	def modify(self, modify_childs=1, ignore_license=0, postread_attrs=None):
>+		if postread_attrs:
>+			self.postread_attrs = postread_attrs
>+		res = base.modify(self, modify_childs=1, ignore_license=0)
>+		if self.postread_attrs:
>+			self.oldattr.update(self.resp_entry)
>+		return res
>+
> 	def _remove_option(self, name):
> 		if name in self.options:
> 			self.options.remove(name)
>@@ -781,7 +799,10 @@
> 
> 		# if anything goes wrong we need to remove the already created object, otherwise we run into 'already exists' errors
> 		try:
>-			self.lo.add(self.dn, al)
>+			if self.postread_attrs:
>+				self.resp_entry = self.lo.add(self.dn, al, postread_attrs=self.postread_attrs)
>+			else:
>+				self.lo.add(self.dn, al)
> 			self._exists = True
> 			self._ldap_post_create()
> 		except:
>@@ -826,13 +847,19 @@
> 
> 		# FIXME: timeout without exception if objectClass of Object is not exsistant !!
> 		univention.debug.debug(univention.debug.ADMIN, 99, 'Modify dn=%r;\nmodlist=%r;\noldattr=%r;' % (self.dn, ml, self.oldattr))
>-		self.lo.modify(self.dn, ml, ignore_license=ignore_license)
>+		if self.postread_attrs:
>+			dn, self.resp_entry = self.lo.modify(self.dn, ml, ignore_license=ignore_license, postread_attrs=self.postread_attrs)
>+		else:
>+			self.lo.modify(self.dn, ml, ignore_license=ignore_license)
> 
> 		self._ldap_post_modify()
> 		self.call_udm_property_hook('hook_ldap_post_modify', self)
> 
> 		self.save()
>-		return self.dn
>+		if self.postread_attrs:
>+			return (dn, self.resp_entry)
>+		else:
>+			return self.dn
> 
> 	def set_default_values(self):
> 		# Make sure all default values are set...
>Index: management/univention-directory-manager-modules/modules/univention/admin/uldap.py
>===================================================================
>--- management/univention-directory-manager-modules/modules/univention/admin/uldap.py	(Revision 81009)
>+++ management/univention-directory-manager-modules/modules/univention/admin/uldap.py	(Arbeitskopie)
>@@ -458,7 +458,7 @@
> 		univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'getPolicies modules dn %s result' % dn)
> 		return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs)
> 
>-	def add(self, dn, al, exceptions=False):
>+	def add(self, dn, al, exceptions=False, postread_attrs=None):
> 		self._validateLicense()
> 		if not self.allow_modify:
> 			univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'add dn: %s' % dn)
>@@ -466,9 +466,9 @@
> 			return []
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'add dn=%s al=%s' % (dn, al))
> 		if exceptions:
>-			return self.lo.add(dn, al)
>+			return self.lo.add(dn, al, postread_attrs=postread_attrs)
> 		try:
>-			return self.lo.add(dn, al)
>+			return self.lo.add(dn, al, postread_attrs=postread_attrs)
> 		except ldap.ALREADY_EXISTS as msg:
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'add dn=%s err=%s' % (dn, msg))
> 			raise univention.admin.uexceptions.objectExists(dn)
>@@ -481,7 +481,7 @@
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'add dn=%s err=%s' % (dn, msg))
> 			raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
> 
>-	def modify(self, dn, changes, exceptions=False, ignore_license=0):
>+	def modify(self, dn, changes, exceptions=False, ignore_license=0, postread_attrs=None):
> 		self._validateLicense()
> 		if not self.allow_modify and not ignore_license:
> 			univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'modify dn: %s' % dn)
>@@ -489,9 +489,9 @@
> 			return []
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'mod dn=%s ml=%s' % (dn, changes))
> 		if exceptions:
>-			return self.lo.modify(dn, changes)
>+			return self.lo.modify(dn, changes, postread_attrs=postread_attrs)
> 		try:
>-			return self.lo.modify(dn, changes)
>+			return self.lo.modify(dn, changes, postread_attrs=postread_attrs)
> 		except ldap.NO_SUCH_OBJECT as msg:
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'mod dn=%s err=%s' % (dn, msg))
> 			raise univention.admin.uexceptions.noObject(dn)
>@@ -504,7 +504,7 @@
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'mod dn=%s err=%s' % (dn, msg))
> 			raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
> 
>-	def rename(self, dn, newdn, move_childs=0, ignore_license=False):
>+	def rename(self, dn, newdn, move_childs=0, ignore_license=False, postread_attrs=None):
> 		if not move_childs == 0:
> 			raise univention.admin.uexceptions.noObject(_("Moving children is not supported."))
> 		self._validateLicense()
>@@ -514,7 +514,7 @@
> 			return []
> 		univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'ren dn=%s newdn=%s' % (dn, newdn))
> 		try:
>-			return self.lo.rename(dn, newdn)
>+			return self.lo.rename(dn, newdn, postread_attrs=postread_attrs)
> 		except ldap.NO_SUCH_OBJECT as msg:
> 			univention.debug.debug(univention.debug.LDAP, univention.debug.ALL, 'ren dn=%s err=%s' % (dn, msg))
> 			raise univention.admin.uexceptions.noObject(dn)
>Index: services/univention-s4-connector/debian/changelog
>===================================================================
>--- services/univention-s4-connector/debian/changelog	(Revision 81009)
>+++ services/univention-s4-connector/debian/changelog	(Arbeitskopie)
>@@ -1,3 +1,10 @@
>+univention-s4-connector (11.0.8-1) UNRELEASED; urgency=medium
>+
>+  * Bug 43628: during sync_to_ucs remember entryCSN of msGPO changes
>+    to be able to identify and skip them later in sync_from_ucs.
>+
>+ -- Arvid Requate <requate@univention.de>  Mon, 10 Jul 2017 19:33:24 +0200
>+
> univention-s4-connector (11.0.7-12) unstable; urgency=medium
> 
>   * Bug #43072: s4connector/dns: fix ptr_record deletion.
>Index: services/univention-s4-connector/debian/control
>===================================================================
>--- services/univention-s4-connector/debian/control	(Revision 81009)
>+++ services/univention-s4-connector/debian/control	(Arbeitskopie)
>@@ -16,7 +16,7 @@
>  python-univention (>=8.0.3-1),
>  python-univention-license,
>  python-univention-heimdal (>= 4.0.2-2),
>- python-univention-directory-manager (>= 7.0.232-2),
>+ python-univention-directory-manager (>= 12.0.18-1),
>  python-pysqlite2
> Provides: ${python:Provides}
> Description: UCS - Modules for connector sychronisation
>Index: services/univention-s4-connector/modules/univention/s4connector/__init__.py
>===================================================================
>--- services/univention-s4-connector/modules/univention/s4connector/__init__.py	(Revision 81009)
>+++ services/univention-s4-connector/modules/univention/s4connector/__init__.py	(Arbeitskopie)
>@@ -482,7 +482,7 @@
> 
> 		self.open_ucs()
> 
>-		for section in ['DN Mapping UCS', 'DN Mapping CON', 'UCS rejected', 'UCS deleted']:
>+		for section in ['DN Mapping UCS', 'DN Mapping CON', 'UCS rejected', 'UCS deleted', 'UCS entryCSN']:
> 			if not self.config.has_section(section):
> 				self.config.add_section(section)
> 
>@@ -623,6 +623,41 @@
> 			if ucs:
> 				self._remove_config_option('DN Mapping UCS', self._encode_dn_as_config_option(ucs.lower()))
> 
>+	def _remember_entryCSN_commited_by_connector(self, entryUUID, entryCSN):
>+		"""Remember the entryCSN of a change committed by the S4-Connector itself"""
>+		_d = ud.function('ldap._remember_entryCSN_commited_by_connector')
>+		value = self._get_config_option('UCS entryCSN', entryUUID)
>+		if value:
>+			entryCSN_set = set(value.split(','))
>+			entryCSN_set.add(entryCSN)
>+			value = ','.join(entryCSN_set)
>+		else:
>+			value = entryCSN
>+		self._set_config_option('UCS entryCSN', entryUUID, value)
>+
>+	def _get_last_entryCSN_commited_by_connector(self, entryUUID):
>+		"""Remember the entryCSN of a change committed by the S4-Connector itself"""
>+		_d = ud.function('ldap._get_last_entryCSN_commited_by_connector')
>+		return self._get_config_option('UCS entryCSN', entryUUID)
>+
>+	def _forget_entryCSN(self, entryUUID, entryCSN):
>+		_d = ud.function('ldap._forget_entryCSN')
>+		value = self._get_config_option('UCS entryCSN', entryUUID)
>+		if value:
>+			entryCSN_set = set(value.split(','))
>+			if entryCSN in entryCSN_set:
>+				entryCSN_set.remove(entryCSN)
>+				if entryCSN_set:
>+					value = ','.join(entryCSN_set)
>+					self._set_config_option('UCS entryCSN', entryUUID, value)
>+				else:
>+					self._remove_config_option('UCS entryCSN', entryUUID)
>+				return True
>+			else:
>+				return False
>+		else:
>+			return False
>+
> 	def _get_dn_by_ucs(self, dn_ucs):
> 		_d = ud.function('ldap._get_dn_by_ucs')
> 		return self._decode_dn_from_config_option(self._get_config_option('DN Mapping UCS', self._encode_dn_as_config_option(dn_ucs.lower())))
>@@ -766,6 +801,12 @@
> 					break
> 
> 			entryUUID = new.get('entryUUID', [None])[0]
>+			if key == 'msGPO':
>+				entryCSN = new.get('entryCSN', [None])[0]
>+				if self._forget_entryCSN(entryUUID, entryCSN):
>+					ud.debug(ud.LDAP, ud.PROCESS, "__sync_file_from_ucs: Object with entryUUID %s: Ignoring own change %s" % (entryUUID, entryCSN))
>+					return True
>+
> 			if entryUUID:
> 				if self.was_entryUUID_deleted(entryUUID):
> 					if self._get_entryUUID(dn) == entryUUID:
>@@ -1222,7 +1263,7 @@
> 					else:
> 						ud.debug(ud.LDAP, ud.INFO, '__set_values: Skip: %s' % con_attribute)
> 
>-	def __modify_custom_attributes(self, property_type, object, ucs_object, module, position, modtype="modify"):
>+	def __modify_custom_attributes(self, property_type, object, ucs_object, module, position, modtype="modify", postread_attrs=None):
> 		if 'custom_attributes' in object:
> 			ud.debug(ud.LDAP, ud.INFO, '__modify_custom_attributes: custom attributes found: %s' % object['custom_attributes'])
> 			modlist = object['custom_attributes']['modlist']
>@@ -1245,7 +1286,17 @@
> 					modlist.append(('objectClass', oc[0][1]['objectClass'], noc))
> 
> 			ud.debug(ud.LDAP, ud.INFO, '__modify_custom_attributes: modlist: %s' % modlist)
>-			self.lo.modify(ucs_object.dn, modlist)
>+			if postread_attrs:
>+				resp = self.lo.modify(ucs_object.dn, modlist, postread_attrs=postread_attrs)
>+				try:
>+					resp_entry = resp[1]
>+					entryUUID = resp_entry['entryUUID'][0]
>+					entryCSN = resp_entry['entryCSN'][0]
>+					self._remember_entryCSN_commited_by_connector(entryUUID, entryCSN)
>+				except (IndexError, KeyError):
>+					pass
>+			else:
>+				self.lo.modify(ucs_object.dn, modlist)
> 
> 			return True
> 		else:
>@@ -1264,7 +1315,16 @@
> 		self.__set_values(property_type, object, ucs_object, modtype='add')
> 		for function in self.property[property_type].ucs_create_functions:
> 			function(self, property_type, ucs_object)
>-		return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
>+		if property_type == 'msGPO':
>+			res = ucs_object.create(postread_attrs=['entryCSN', 'entryUUID'])
>+			if res:
>+				entryUUID = ucs_object.oldattr['entryUUID'][0]
>+				entryCSN = ucs_object.oldattr['entryCSN'][0]
>+				self._remember_entryCSN_commited_by_connector(entryUUID, entryCSN)
>+				res = self.__modify_custom_attributes(property_type, object, ucs_object, module, position, postread_attrs=['entryCSN', 'entryUUID'])
>+		else:
>+			res = ucs_object.create()
>+		return res
> 
> 	def modify_in_ucs(self, property_type, object, module, position):
> 		_d = ud.function('ldap.modify_in_ucs')
>@@ -1278,7 +1338,19 @@
> 		ucs_object_dn = object[dntype]
> 		ucs_object = univention.admin.objects.get(module, None, self.lo, dn=ucs_object_dn, position='')
> 		self.__set_values(property_type, object, ucs_object)
>-		return ucs_object.modify() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
>+		if property_type == 'msGPO':
>+			res = ucs_object.modify(postread_attrs=['entryCSN', 'entryUUID'])
>+			if res:
>+				try:
>+					entryUUID = ucs_object.oldattr['entryUUID'][0]
>+					entryCSN = ucs_object.oldattr['entryCSN'][0]
>+					self._remember_entryCSN_commited_by_connector(entryUUID, entryCSN)
>+				except (IndexError, KeyError):
>+					pass
>+				res = self.__modify_custom_attributes(property_type, object, ucs_object, module, position, postread_attrs=['entryCSN', 'entryUUID'])
>+		else:
>+			res = ucs_object.modify()
>+		return res
> 
> 	def move_in_ucs(self, property_type, object, module, position):
> 		_d = ud.function('ldap.move_in_ucs')
>@@ -1363,6 +1435,8 @@
> 			ucs_object.open()
> 			ucs_object.remove()
> 			self.update_deleted_cache_after_removal(entryUUID, objectGUID)
>+			if property_type == 'msGPO':
>+				self._forget_entryCSN(entryUUID)
> 			return True
> 		except Exception, e:
> 			ud.debug(ud.LDAP, ud.INFO, "delete object exception: %s" % e)
>Index: services/univention-s4-connector/modules/univention/s4connector/s4/ntsecurity_descriptor.py
>===================================================================
>--- services/univention-s4-connector/modules/univention/s4connector/s4/ntsecurity_descriptor.py	(Revision 81009)
>+++ services/univention-s4-connector/modules/univention/s4connector/s4/ntsecurity_descriptor.py	(Arbeitskopie)
>@@ -36,7 +36,6 @@
> import univention.debug2 as ud
> from samba.dcerpc import security
> from samba.ndr import ndr_pack, ndr_unpack
>-from samba.dcerpc import misc
> 
> 
> def encode_sddl_to_sd_in_ndr(domain_sid, ntsd_sddl):
>@@ -88,7 +87,7 @@
> 		return
> 
> 	ucs_ntsd_sddl = object['attributes']['msNTSecurityDescriptor'][0]
>-	s4_attributes = s4connector.lo_s4.get(s4_dn, attr=['nTSecurityDescriptor', 'uSNChanged', 'objectGUID'])
>+	s4_attributes = s4connector.lo_s4.get(s4_dn, attr=['nTSecurityDescriptor'])
> 	ntsd_ndr = s4_attributes.get('nTSecurityDescriptor')
> 
> 	if ntsd_ndr:
>@@ -98,14 +97,6 @@
> 			ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: nTSecurityDescriptors are equal')
> 			return
> 
>-		guid_blob = s4_attributes.get('objectGUID')[0]
>-		objectGUID = str(ndr_unpack(misc.GUID, guid_blob))
>-		old_s4_object = s4connector.s4cache.get_entry(objectGUID)
>-		if old_s4_object:
>-			if old_s4_object.get('uSNChanged')[0] != s4_attributes.get('uSNChanged')[0]:
>-				ud.debug(ud.LDAP, ud.PROCESS, "ntsd_to_s4: skipping, S4-Object changed: %s" % object['dn'])
>-				return
>-
> 		ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: changing nTSecurityDescriptor from %s to %s' % (s4_ntsd_sddl, ucs_ntsd_sddl))
> 
> 		ucs_ntsd_ndr = encode_sddl_to_sd_in_ndr(domain_sid, ucs_ntsd_sddl)
>@@ -153,4 +144,11 @@
> 		ml.append(('msNTSecurityDescriptor', ucs_ntsd_sddl, s4_ntsd_sddl))
> 	if ml:
> 		ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_ucs: modlist = %s' % ml)
>-		s4connector.lo.lo.modify(ucs_dn, ml)
>+		resp = s4connector.lo.lo.modify(ucs_dn, ml, postread_attrs=['entryCSN', 'entryUUID'])
>+		try:
>+			resp_entry = resp[1]
>+			entryUUID = resp_entry['entryUUID'][0]
>+			entryCSN = resp_entry['entryCSN'][0]
>+			s4connector._remember_entryCSN_commited_by_connector(entryUUID, entryCSN)
>+		except (IndexError, KeyError):
>+			pass

Actions: View | Diff

Attachments on bug 43628: 8455 | 9006 | 9008