summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2011-10-21 11:04:07 +0200
committerKai Blin <kai@samba.org>2011-11-04 07:38:44 +0100
commiteeb370f77a2cdbafe0b87a2af2299a8c5cdfcf6f (patch)
tree642e2a89081d0f988cb067038ad262c8851cf156
parente30892764e8d8d69ceee8334de536e1dfa3cdcf7 (diff)
downloadsamba-eeb370f77a2cdbafe0b87a2af2299a8c5cdfcf6f.tar.gz
samba-eeb370f77a2cdbafe0b87a2af2299a8c5cdfcf6f.tar.bz2
samba-eeb370f77a2cdbafe0b87a2af2299a8c5cdfcf6f.zip
s4 provision/dns: Move secretsdb_setup_dns to the AD DNS specific setup
-rw-r--r--source4/scripting/python/samba/provision/__init__.py33
-rw-r--r--source4/scripting/python/samba/provision/sambadns.py62
2 files changed, 63 insertions, 32 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index a44bb8ed35..3ee6e767f9 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -922,29 +922,6 @@ def secretsdb_self_join(secretsdb, domain,
secretsdb.add(msg)
-def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
- dnsdomain, dns_keytab_path, dnspass):
- """Add DNS specific bits to a secrets database.
-
- :param secretsdb: Ldb Handle to the secrets database
- :param machinepass: Machine password
- """
- try:
- os.unlink(os.path.join(private_dir, dns_keytab_path))
- except OSError:
- pass
-
- setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
- "REALM": realm,
- "DNSDOMAIN": dnsdomain,
- "DNS_KEYTAB": dns_keytab_path,
- "DNSPASS_B64": b64encode(dnspass),
- "HOSTNAME": names.hostname,
- "DNSNAME" : '%s.%s' % (
- names.netbiosname.lower(), names.dnsdomain.lower())
- })
-
-
def setup_secretsdb(paths, session_info, backend_credentials, lp):
"""Setup the secrets database.
@@ -1616,13 +1593,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
# It might be that this attribute does not exist in this schema
raise
- secretsdb_setup_dns(secrets_ldb, names,
- paths.private_dir, realm=names.realm,
- dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
-
- setup_ad_dns(samdb, names, logger, hostip=hostip, hostip6=hostip6,
- dns_backend=dns_backend, os_level=dom_for_fun_level)
+ setup_ad_dns(samdb, secrets_ldb, names, paths, logger, hostip=hostip,
+ hostip6=hostip6, dns_backend=dns_backend,
+ dnspass=dnspass, os_level=dom_for_fun_level)
domainguid = samdb.searchone(basedn=samdb.get_default_basedn(),
attribute="objectGUID")
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py
index 6e58f07e18..ad8387f9dc 100644
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -33,6 +33,7 @@ from samba.dsdb import (
DS_DOMAIN_FUNCTION_2008,
DS_DOMAIN_FUNCTION_2008_R2
)
+from base64 import b64encode
def add_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
@@ -45,6 +46,30 @@ def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
data = read_and_sub_file(ldif_file_path, subst_vars)
ldb.modify_ldif(data, controls)
+def setup_ldb(ldb, ldif_path, subst_vars):
+ """Import a LDIF a file into a LDB handle, optionally substituting
+ variables.
+
+ :note: Either all LDIF data will be added or none (using transactions).
+
+ :param ldb: LDB file to import into.
+ :param ldif_path: Path to the LDIF file.
+ :param subst_vars: Dictionary with substitution variables.
+ """
+ assert ldb is not None
+ ldb.transaction_start()
+ try:
+ add_ldif(ldb, ldif_path, subst_vars)
+ except Exception:
+ ldb.transaction_cancel()
+ raise
+ else:
+ ldb.transaction_commit()
+
+def setup_path(file):
+ """Return an absolute path to the provision tempate file specified by file"""
+ return os.path.join(samba.param.setup_dir(), file)
+
def get_domainguid(samdb, domaindn):
res = samdb.search(base=domaindn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0]))
@@ -450,6 +475,30 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid, fqdn_hostname)
+def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
+ dnsdomain, dns_keytab_path, dnspass):
+ """Add DNS specific bits to a secrets database.
+
+ :param secretsdb: Ldb Handle to the secrets database
+ :param names: Names shortcut
+ :param machinepass: Machine password
+ """
+ try:
+ os.unlink(os.path.join(private_dir, dns_keytab_path))
+ except OSError:
+ pass
+
+ setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
+ "REALM": realm,
+ "DNSDOMAIN": dnsdomain,
+ "DNS_KEYTAB": dns_keytab_path,
+ "DNSPASS_B64": b64encode(dnspass),
+ "HOSTNAME": names.hostname,
+ "DNSNAME" : '%s.%s' % (
+ names.netbiosname.lower(), names.dnsdomain.lower())
+ })
+
+
def is_valid_dns_backend(dns_backend):
return dns_backend in ("BIND9_FLATFILE", "BIND9_DLZ", "SAMBA_INTERNAL", "NONE")
@@ -458,15 +507,18 @@ def is_valid_os_level(os_level):
return DS_DOMAIN_FUNCTION_2000 <= os_level <= DS_DOMAIN_FUNCTION_2008_R2
-def setup_ad_dns(samdb, names, logger, dns_backend, os_level, hostip=None,
- hostip6=None,):
+def setup_ad_dns(samdb, secretsdb, names, paths, logger, dns_backend, os_level,
+ dnspass=None, hostip=None, hostip6=None):
"""Provision DNS information (assuming GC role)
:param samdb: LDB object connected to sam.ldb file
+ :param secretsdb: LDB object connected to secrets.ldb file
:param names: Names shortcut
+ :param paths: Paths shortcut
:param logger: Logger object
:param dns_backend: Type of DNS backend
:param os_level: Functional level (treated as os level)
+ :param dnspass: Password for bind's DNS account
:param hostip: IPv4 address
:param hostip6: IPv6 address
"""
@@ -565,3 +617,9 @@ def setup_ad_dns(samdb, names, logger, dns_backend, os_level, hostip=None,
# Add DNS records for a DC in forest
add_dc_msdcs_records(samdb, forestdn, "DC=ForestDnsZones", site, dnsforest,
hostname, hostip, hostip6, domainguid, ntdsguid)
+
+ if dns_backend.startswith("BIND9_"):
+ secretsdb_setup_dns(secretsdb, names,
+ paths.private_dir, realm=names.realm,
+ dnsdomain=names.dnsdomain,
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass)