summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2010-06-28 11:13:03 -0500
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-28 19:33:47 +0200
commit7cb98a0cdcef27f591357ec63633b50fd9dce29f (patch)
tree6a7eeed3c181032185570facb9e60d2add3a4947
parent5bee3efacac76fdf8753a7c7cb2845bf6058d088 (diff)
downloadsamba-7cb98a0cdcef27f591357ec63633b50fd9dce29f.tar.gz
samba-7cb98a0cdcef27f591357ec63633b50fd9dce29f.tar.bz2
samba-7cb98a0cdcef27f591357ec63633b50fd9dce29f.zip
s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
-rwxr-xr-xsource4/scripting/bin/samba_spnupdate33
1 files changed, 30 insertions, 3 deletions
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate
index 1971ea1e86..c675a54b0f 100755
--- a/source4/scripting/bin/samba_spnupdate
+++ b/source4/scripting/bin/samba_spnupdate
@@ -29,9 +29,11 @@ sys.path.insert(0, "bin/python")
import samba, ldb
import optparse
+from samba import Ldb
from samba import getopt as options
from samba.auth import system_session
from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
parser = optparse.OptionParser("samba_spnupdate")
sambaopts = options.SambaOptions(parser)
@@ -39,7 +41,9 @@ parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
parser.add_option("--verbose", action="store_true")
-creds = None
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
ccachename = None
opts, args = parser.parse_args()
@@ -49,6 +53,7 @@ if len(args) != 0:
sys.exit(1)
lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
domain = lp.get("realm")
host = lp.get("netbios name")
@@ -70,9 +75,31 @@ def get_subst_vars(samdb):
return vars
try:
- samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), lp=lp)
+ private_dir = lp.get("private dir")
+ secrets_path = os.path.join(private_dir, lp.get("secrets database"))
+
+ secrets_db = Ldb(url=secrets_path, session_info=system_session(),
+ credentials=creds, lp=lp)
+ res = secrets_db.search(base=None,
+ expression="(&(objectclass=ldapSecret)(cn=SAMDB Credentials))",
+ attrs=["samAccountName", "secret"])
+
+ if len(res) == 1:
+ credentials = Credentials()
+ credentials.set_kerberos_state(DONT_USE_KERBEROS)
+
+ if "samAccountName" in res[0]:
+ credentials.set_username(res[0]["samAccountName"][0])
+
+ if "secret" in res[0]:
+ credentials.set_password(res[0]["secret"][0])
+
+ else:
+ credentials = None
+
+ samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=credentials, lp=lp)
except ldb.LdbError, (num, msg):
- print("Unable to open sam database %s : %s" % (lp.get("sam database")), msg)
+ print("Unable to open sam database %s : %s" % (lp.get("sam database"), msg))
sys.exit(1)
# get the substitution dictionary