upgradeprovision: Fix a bug with renamed entries

The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index de0ad5e3e7c79f39b1875139a2b0ec58470dc44f..68d84a970dbd06f8b0d4a5aa5ee9aaec432e0e4d 100755 (executable)
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -813,7 +813,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
             identic_rename(samdb, reference[0].dn)
             current = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
                                     scope=SCOPE_SUBTREE,
-                                    controls=["search_options:1:2"])
+                                    controls=controls)
 
         delta = samdb.msg_diff(current[0], reference[0])
 
@@ -897,7 +897,18 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
                 if  attrUSN is None:
                     delta.remove(att)
                     continue
-
+                if att == "nTSecurityDescriptor":
+                    cursd = ndr_unpack(security.descriptor,
+                        str(current[0]["nTSecurityDescriptor"]))
+                    cursddl = cursd.as_sddl(names.domainsid)
+                    refsd = ndr_unpack(security.descriptor,
+                        str(reference[0]["nTSecurityDescriptor"]))
+                    refsddl = cursd.as_sddl(names.domainsid)
+
+                    if get_diff_sddls(refsddl, cursddl) == "":
+                       message(CHANGE, "sd are identical")
+                    else:
+                       message(CHANGE, "sd are not identical")
                 if attrUSN == -1:
                     # This attribute was last modified by another DC forget
                     # about it