summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-09-30 12:45:00 -0700
committerAndrew Tridgell <tridge@samba.org>2010-09-30 14:36:12 -0700
commit176ecce9a661c9145620c3f7af9d13025ed0616c (patch)
treec1dbce6f1114964dd2394ec5c755a9a75d6394de /source4/scripting/python
parent67a04613e9106f9ab6c014c57a971d75854908f7 (diff)
downloadsamba-176ecce9a661c9145620c3f7af9d13025ed0616c.tar.gz
samba-176ecce9a661c9145620c3f7af9d13025ed0616c.tar.bz2
samba-176ecce9a661c9145620c3f7af9d13025ed0616c.zip
s4-provision: wipe the old keytabs when provisioning
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting/python')
-rw-r--r--source4/scripting/python/samba/provision.py20
-rw-r--r--source4/scripting/python/samba/tests/provision.py16
2 files changed, 29 insertions, 7 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 9e22d5829b..1d0abf426a 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -389,6 +389,7 @@ def provision_paths_from_lp(lp, dnsdomain):
# This is stored without path prefix for the "privateKeytab" attribute in
# "secrets_dns.ldif".
paths.dns_keytab = "dns.keytab"
+ paths.keytab = "secrets.keytab"
paths.shareconf = os.path.join(paths.private_dir, "share.ldb")
paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
@@ -781,7 +782,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
})
-def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp):
+def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp):
"""Setup the secrets database.
:note: This function does not handle exceptions and transaction on purpose,
@@ -794,8 +795,19 @@ def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp):
:param lp: Loadparm context
:return: LDB handle for the created secrets database
"""
- if os.path.exists(path):
- os.unlink(path)
+ if os.path.exists(paths.secrets):
+ os.unlink(paths.secrets)
+
+ keytab_path = os.path.join(paths.private_dir, paths.keytab)
+ if os.path.exists(keytab_path):
+ os.unlink(keytab_path)
+
+ dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ if os.path.exists(dns_keytab_path):
+ os.unlink(dns_keytab_path)
+
+ path = paths.secrets
+
secrets_ldb = Ldb(path, session_info=session_info,
lp=lp)
secrets_ldb.erase()
@@ -1513,7 +1525,7 @@ def provision(setup_dir, logger, session_info,
share_ldb.load_ldif_file_add(setup_path("share.ldif"))
logger.info("Setting up secrets.ldb")
- secrets_ldb = setup_secretsdb(paths.secrets, setup_path,
+ secrets_ldb = setup_secretsdb(paths, setup_path,
session_info=session_info,
backend_credentials=provision_backend.secrets_credentials, lp=lp)
diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py
index 37b256a925..58bb030568 100644
--- a/source4/scripting/python/samba/tests/provision.py
+++ b/source4/scripting/python/samba/tests/provision.py
@@ -18,7 +18,7 @@
#
import os
-from samba.provision import setup_secretsdb, findnss
+from samba.provision import setup_secretsdb, findnss, ProvisionPaths
import samba.tests
from samba.tests import env_loadparm, TestCase
@@ -36,7 +36,12 @@ def create_dummy_secretsdb(path, lp=None):
"""
if lp is None:
lp = env_loadparm()
- secrets_ldb = setup_secretsdb(path, setup_path, None, None, lp=lp)
+ paths = ProvisionPaths()
+ paths.secrets = path
+ paths.private_dir = os.path.dirname(path)
+ paths.keytab = "no.keytab"
+ paths.dns_keytab = "no.dns.keytab"
+ secrets_ldb = setup_secretsdb(paths, setup_path, None, None, lp=lp)
secrets_ldb.transaction_commit()
return secrets_ldb
@@ -47,7 +52,12 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
def test_setup_secretsdb(self):
path = os.path.join(self.tempdir, "secrets.ldb")
- ldb = setup_secretsdb(path, setup_path, None, None, lp=env_loadparm())
+ paths = ProvisionPaths()
+ paths.secrets = path
+ paths.private_dir = os.path.dirname(path)
+ paths.keytab = "no.keytab"
+ paths.dns_keytab = "no.dns.keytab"
+ ldb = setup_secretsdb(paths, setup_path, None, None, lp=env_loadparm())
try:
self.assertEquals("LSA Secrets",
ldb.searchone(basedn="CN=LSA Secrets", attribute="CN"))