diff options
| author | Andrew Tridgell <tridge@samba.org> | 2010-08-25 12:34:15 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-08-25 23:05:05 +1000 |
| commit | 956341965cee91632aa1a93dd6f9bde453ae1720 (patch) | |
| tree | 3443280710d4eee2c34e379321d4913960472bb4 /source4 | |
| parent | 5a367f641ef44a4b58eaea751146a139c70f4afd (diff) | |
| download | samba-956341965cee91632aa1a93dd6f9bde453ae1720.tar.gz samba-956341965cee91632aa1a93dd6f9bde453ae1720.tar.bz2 samba-956341965cee91632aa1a93dd6f9bde453ae1720.zip | |
s4-rodc: setup secrets database at end of RODC join
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/scripting/python/samba/join.py | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 12a944daa8..e6cda135ef 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -21,7 +21,7 @@ import samba.getopt as options from samba.auth import system_session from samba.samdb import SamDB -from samba import gensec +from samba import gensec, Ldb import ldb, samba, sys from samba.ndr import ndr_pack, ndr_unpack, ndr_print from samba.dcerpc import security @@ -31,6 +31,9 @@ from samba.provision import secretsdb_self_join, provision, FILL_DRS, find_setup from samba.net import Net import logging +# this makes debugging easier +samba.talloc_enable_null_tracking() + class join_ctx: '''hold join context variables''' pass @@ -187,10 +190,11 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None, req8.mapping_ctr.num_mappings = 0 req8.mapping_ctr.mappings = None - while True: - if not schema: - req8.partial_attribute_set = get_rodc_partial_attribute_set(ctx) + if not schema: + pas = get_rodc_partial_attribute_set(ctx) + req8.partial_attribute_set = pas + while True: (level, ctr) = ctx.drs.DsGetNCChanges(ctx.drs_handle, 8, req8) ctx.net.replicate_chunk(ctx.replication_state, level, ctr, schema=schema) if ctr.more_data == 0: @@ -349,6 +353,7 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None, print "Provision OK for domain DN %s" % presult.domaindn ctx.local_samdb = presult.samdb ctx.lp = presult.lp + ctx.paths = presult.paths def join_replicate(ctx): @@ -369,6 +374,28 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None, ctx.local_samdb.transaction_commit() + def join_finalise(ctx): + '''finalise the join, mark us synchronised and setup secrets db''' + + print "Setting isSynchronized" + m = ldb.Message() + m.dn = ldb.Dn(ctx.samdb, '@ROOTDSE') + m["isSynchronized"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_REPLACE, "isSynchronized") + ctx.samdb.modify(m) + + secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp) + + print "Setting up secrets database" + secretsdb_self_join(secrets_ldb, domain=ctx.domain_name, + realm=ctx.realm, + dnsdomain=ctx.dnsdomain, + netbiosname=ctx.myname, + domainsid=security.dom_sid(ctx.domsid), + machinepass=ctx.acct_pass, + secure_channel_type=misc.SEC_CHAN_RODC) + + + # main join code ctx = join_ctx() ctx.creds = creds @@ -413,7 +440,7 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None, "<SID=%s>" % security.SID_BUILTIN_SERVER_OPERATORS, "<SID=%s>" % security.SID_BUILTIN_BACKUP_OPERATORS, "<SID=%s>" % security.SID_BUILTIN_ACCOUNT_OPERATORS ] - ctx.reveal_sid = "<SID=%s-571>" % ctx.domsid; + ctx.reveal_sid = "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_ALLOW) ctx.dnsdomain = ldb.Dn(ctx.samdb, ctx.base_dn).canonical_str().split('/')[0] ctx.realm = ctx.dnsdomain @@ -427,6 +454,7 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None, join_drs_connect(ctx) join_provision(ctx) join_replicate(ctx) + join_finalise(ctx) except: print "Join failed - cleaning up" cleanup_old_join(ctx) |