From eeb370f77a2cdbafe0b87a2af2299a8c5cdfcf6f Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 21 Oct 2011 11:04:07 +0200 Subject: [PATCH] s4 provision/dns: Move secretsdb_setup_dns to the AD DNS specific setup --- .../scripting/python/samba/provision/__init__.py | 33 ++---------- .../scripting/python/samba/provision/sambadns.py | 62 +++++++++++++++++++++- 2 files changed, 63 insertions(+), 32 deletions(-) diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index a44bb8ed355..3ee6e767f91 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -922,29 +922,6 @@ def secretsdb_self_join(secretsdb, domain, secretsdb.add(msg) -def secretsdb_setup_dns(secretsdb, names, private_dir, realm, - dnsdomain, dns_keytab_path, dnspass): - """Add DNS specific bits to a secrets database. - - :param secretsdb: Ldb Handle to the secrets database - :param machinepass: Machine password - """ - try: - os.unlink(os.path.join(private_dir, dns_keytab_path)) - except OSError: - pass - - setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { - "REALM": realm, - "DNSDOMAIN": dnsdomain, - "DNS_KEYTAB": dns_keytab_path, - "DNSPASS_B64": b64encode(dnspass), - "HOSTNAME": names.hostname, - "DNSNAME" : '%s.%s' % ( - names.netbiosname.lower(), names.dnsdomain.lower()) - }) - - def setup_secretsdb(paths, session_info, backend_credentials, lp): """Setup the secrets database. @@ -1616,13 +1593,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, # It might be that this attribute does not exist in this schema raise - secretsdb_setup_dns(secrets_ldb, names, - paths.private_dir, realm=names.realm, - dnsdomain=names.dnsdomain, - dns_keytab_path=paths.dns_keytab, dnspass=dnspass) - - setup_ad_dns(samdb, names, logger, hostip=hostip, hostip6=hostip6, - dns_backend=dns_backend, os_level=dom_for_fun_level) + setup_ad_dns(samdb, secrets_ldb, names, paths, logger, hostip=hostip, + hostip6=hostip6, dns_backend=dns_backend, + dnspass=dnspass, os_level=dom_for_fun_level) domainguid = samdb.searchone(basedn=samdb.get_default_basedn(), attribute="objectGUID") diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py index 6e58f07e18d..ad8387f9dcc 100644 --- a/source4/scripting/python/samba/provision/sambadns.py +++ b/source4/scripting/python/samba/provision/sambadns.py @@ -33,6 +33,7 @@ from samba.dsdb import ( DS_DOMAIN_FUNCTION_2008, DS_DOMAIN_FUNCTION_2008_R2 ) +from base64 import b64encode def add_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]): @@ -45,6 +46,30 @@ def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]): data = read_and_sub_file(ldif_file_path, subst_vars) ldb.modify_ldif(data, controls) +def setup_ldb(ldb, ldif_path, subst_vars): + """Import a LDIF a file into a LDB handle, optionally substituting + variables. + + :note: Either all LDIF data will be added or none (using transactions). + + :param ldb: LDB file to import into. + :param ldif_path: Path to the LDIF file. + :param subst_vars: Dictionary with substitution variables. + """ + assert ldb is not None + ldb.transaction_start() + try: + add_ldif(ldb, ldif_path, subst_vars) + except Exception: + ldb.transaction_cancel() + raise + else: + ldb.transaction_commit() + +def setup_path(file): + """Return an absolute path to the provision tempate file specified by file""" + return os.path.join(samba.param.setup_dir(), file) + def get_domainguid(samdb, domaindn): res = samdb.search(base=domaindn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"]) domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0])) @@ -450,6 +475,30 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname, add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid, fqdn_hostname) +def secretsdb_setup_dns(secretsdb, names, private_dir, realm, + dnsdomain, dns_keytab_path, dnspass): + """Add DNS specific bits to a secrets database. + + :param secretsdb: Ldb Handle to the secrets database + :param names: Names shortcut + :param machinepass: Machine password + """ + try: + os.unlink(os.path.join(private_dir, dns_keytab_path)) + except OSError: + pass + + setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { + "REALM": realm, + "DNSDOMAIN": dnsdomain, + "DNS_KEYTAB": dns_keytab_path, + "DNSPASS_B64": b64encode(dnspass), + "HOSTNAME": names.hostname, + "DNSNAME" : '%s.%s' % ( + names.netbiosname.lower(), names.dnsdomain.lower()) + }) + + def is_valid_dns_backend(dns_backend): return dns_backend in ("BIND9_FLATFILE", "BIND9_DLZ", "SAMBA_INTERNAL", "NONE") @@ -458,15 +507,18 @@ def is_valid_os_level(os_level): return DS_DOMAIN_FUNCTION_2000 <= os_level <= DS_DOMAIN_FUNCTION_2008_R2 -def setup_ad_dns(samdb, names, logger, dns_backend, os_level, hostip=None, - hostip6=None,): +def setup_ad_dns(samdb, secretsdb, names, paths, logger, dns_backend, os_level, + dnspass=None, hostip=None, hostip6=None): """Provision DNS information (assuming GC role) :param samdb: LDB object connected to sam.ldb file + :param secretsdb: LDB object connected to secrets.ldb file :param names: Names shortcut + :param paths: Paths shortcut :param logger: Logger object :param dns_backend: Type of DNS backend :param os_level: Functional level (treated as os level) + :param dnspass: Password for bind's DNS account :param hostip: IPv4 address :param hostip6: IPv6 address """ @@ -565,3 +617,9 @@ def setup_ad_dns(samdb, names, logger, dns_backend, os_level, hostip=None, # Add DNS records for a DC in forest add_dc_msdcs_records(samdb, forestdn, "DC=ForestDnsZones", site, dnsforest, hostname, hostip, hostip6, domainguid, ntdsguid) + + if dns_backend.startswith("BIND9_"): + secretsdb_setup_dns(secretsdb, names, + paths.private_dir, realm=names.realm, + dnsdomain=names.dnsdomain, + dns_keytab_path=paths.dns_keytab, dnspass=dnspass) -- 2.11.4.GIT