diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2010-06-28 11:13:03 -0500 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-28 19:33:47 +0200 |
| commit | 7cb98a0cdcef27f591357ec63633b50fd9dce29f (patch) | |
| tree | 6a7eeed3c181032185570facb9e60d2add3a4947 | |
| parent | 5bee3efacac76fdf8753a7c7cb2845bf6058d088 (diff) | |
| download | samba-7cb98a0cdcef27f591357ec63633b50fd9dce29f.tar.gz samba-7cb98a0cdcef27f591357ec63633b50fd9dce29f.tar.bz2 samba-7cb98a0cdcef27f591357ec63633b50fd9dce29f.zip | |
s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
| -rwxr-xr-x | source4/scripting/bin/samba_spnupdate | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate index 1971ea1e86..c675a54b0f 100755 --- a/source4/scripting/bin/samba_spnupdate +++ b/source4/scripting/bin/samba_spnupdate @@ -29,9 +29,11 @@ sys.path.insert(0, "bin/python") import samba, ldb import optparse +from samba import Ldb from samba import getopt as options from samba.auth import system_session from samba.samdb import SamDB +from samba.credentials import Credentials, DONT_USE_KERBEROS parser = optparse.OptionParser("samba_spnupdate") sambaopts = options.SambaOptions(parser) @@ -39,7 +41,9 @@ parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) parser.add_option("--verbose", action="store_true") -creds = None +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) + ccachename = None opts, args = parser.parse_args() @@ -49,6 +53,7 @@ if len(args) != 0: sys.exit(1) lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) domain = lp.get("realm") host = lp.get("netbios name") @@ -70,9 +75,31 @@ def get_subst_vars(samdb): return vars try: - samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), lp=lp) + private_dir = lp.get("private dir") + secrets_path = os.path.join(private_dir, lp.get("secrets database")) + + secrets_db = Ldb(url=secrets_path, session_info=system_session(), + credentials=creds, lp=lp) + res = secrets_db.search(base=None, + expression="(&(objectclass=ldapSecret)(cn=SAMDB Credentials))", + attrs=["samAccountName", "secret"]) + + if len(res) == 1: + credentials = Credentials() + credentials.set_kerberos_state(DONT_USE_KERBEROS) + + if "samAccountName" in res[0]: + credentials.set_username(res[0]["samAccountName"][0]) + + if "secret" in res[0]: + credentials.set_password(res[0]["secret"][0]) + + else: + credentials = None + + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=credentials, lp=lp) except ldb.LdbError, (num, msg): - print("Unable to open sam database %s : %s" % (lp.get("sam database")), msg) + print("Unable to open sam database %s : %s" % (lp.get("sam database"), msg)) sys.exit(1) # get the substitution dictionary |