diff options
-rw-r--r-- | source4/param/loadparm.c | 4 | ||||
-rw-r--r-- | source4/param/secrets.c | 10 | ||||
-rw-r--r-- | source4/scripting/libjs/provision.js | 19 | ||||
-rw-r--r-- | source4/torture/libnet/libnet_BecomeDC.c | 22 |
4 files changed, 44 insertions, 11 deletions
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 93d9d79ece..98724a107d 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -107,6 +107,7 @@ typedef struct char *szConfigFile; char *szShareBackend; char *szSAM_URL; + char *szSECRETS_URL; char *szSPOOLSS_URL; char *szWINS_CONFIG_URL; char *szWINS_URL; @@ -403,6 +404,7 @@ static struct parm_struct parm_table[] = { {"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"password server", P_LIST, P_GLOBAL, &Globals.szPasswordServers, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER}, {"sam database", P_STRING, P_GLOBAL, &Globals.szSAM_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"secrets database", P_STRING, P_GLOBAL, &Globals.szSECRETS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"spoolss database", P_STRING, P_GLOBAL, &Globals.szSPOOLSS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"wins config database", P_STRING, P_GLOBAL, &Globals.szWINS_CONFIG_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"wins database", P_STRING, P_GLOBAL, &Globals.szWINS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, @@ -610,6 +612,7 @@ static void init_globals(void) do_parameter("auth methods", "anonymous sam_ignoredomain", NULL); do_parameter("private dir", dyn_PRIVATE_DIR, NULL); do_parameter("sam database", "sam.ldb", NULL); + do_parameter("secrets database", "secrets.ldb", NULL); do_parameter("spoolss database", "spoolss.ldb", NULL); do_parameter("wins config database", "wins_config.ldb", NULL); do_parameter("wins database", "wins.ldb", NULL); @@ -833,6 +836,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_display_charset, &Globals.display_charset) _PUBLIC_ FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile) _PUBLIC_ FN_GLOBAL_STRING(lp_share_backend, &Globals.szShareBackend) _PUBLIC_ FN_GLOBAL_STRING(lp_sam_url, &Globals.szSAM_URL) +_PUBLIC_ FN_GLOBAL_STRING(lp_secrets_url, &Globals.szSECRETS_URL) _PUBLIC_ FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL) _PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL) _PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL) diff --git a/source4/param/secrets.c b/source4/param/secrets.c index a7eb9607de..4189f2182c 100644 --- a/source4/param/secrets.c +++ b/source4/param/secrets.c @@ -96,6 +96,7 @@ BOOL secrets_init(void) struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx) { char *path; + const char *url; struct ldb_context *ldb; BOOL existed; const char *init_ldif = @@ -103,11 +104,16 @@ struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx) "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = private_path(mem_ctx, "secrets.ldb"); + url = lp_secrets_url(); + if (!url || !url[0]) { + return NULL; + } + + path = private_path(mem_ctx, url); if (!path) { return NULL; } - + existed = file_exist(path); /* Secrets.ldb *must* always be local. If we call for a diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index e9261888c6..1dbe08427e 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -381,7 +381,7 @@ function provision_default_paths(subobj) paths.hkpd = "hkpd.ldb"; paths.hkpt = "hkpt.ldb"; paths.samdb = lp.get("sam database"); - paths.secrets = "secrets.ldb"; + paths.secrets = lp.get("secrets database"); paths.keytab = "secrets.keytab"; paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone"; paths.winsdb = "wins.ldb"; @@ -484,6 +484,20 @@ function provision_become_dc(subobj, message, paths, session_info) ok = samdb.transaction_commit(); assert(ok); + message("Setting up " + paths.secrets + "\n"); + setup_ldb("secrets.ldif", info, paths.secrets); + + tmp = lp.get("secrets database"); + ok = lp.set("secrets database", paths.secrets); + assert(ok); + + message("Setting up keytabs\n"); + var keytab_ok = credentials_update_all_keytabs(); + assert(keytab_ok); + + ok = lp.set("secrets database", tmp); + assert(ok); + return true; } @@ -529,11 +543,14 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda message("Setting up share.ldb\n"); setup_ldb("share.ldif", info, paths.shareconf); } + message("Setting up secrets.ldb\n"); setup_ldb("secrets.ldif", info, paths.secrets); + message("Setting up keytabs\n"); var keytab_ok = credentials_update_all_keytabs(); assert(keytab_ok); + message("Setting up hklm.ldb\n"); setup_ldb("hklm.ldif", info, paths.hklm); diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c index 7605ad5c6e..1faf622be6 100644 --- a/source4/torture/libnet/libnet_BecomeDC.c +++ b/source4/torture/libnet/libnet_BecomeDC.c @@ -96,6 +96,8 @@ failed: #define TORTURE_NETBIOS_NAME "smbtorturedc" #define TORTURE_SAMDB_LDB "test_samdb.ldb" +#define TORTURE_SECRETS_LDB "test_secrets.ldb" +#define TORTURE_SECRETS_KEYTAB "test_secrets.keytab" struct test_become_dc_state { struct libnet_context *ctx; @@ -198,6 +200,8 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data, "\n" "var paths = provision_default_paths(subobj);\n" "paths.samdb = \"%s\";\n" + "paths.secrets = \"%s\";\n" + "paths.keytab = \"%s\";\n" "\n" "var system_session = system_session();\n" "\n" @@ -205,14 +209,16 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data, "assert(ok);\n" "\n" "return 0;\n", - p->forest->root_dn_str, - p->domain->dn_str, - p->forest->config_dn_str, - p->forest->schema_dn_str, - p->dest_dsa->netbios_name, - p->dest_dsa->dns_name, - p->dest_dsa->site_name, - TORTURE_SAMDB_LDB); + p->forest->root_dn_str, /* subobj.ROOTDN */ + p->domain->dn_str, /* subobj.DOMAINDN */ + p->forest->config_dn_str, /* subobj.CONFIGDN */ + p->forest->schema_dn_str, /* subobj.SCHEMADN */ + p->dest_dsa->netbios_name, /* subobj.HOSTNAME */ + p->dest_dsa->dns_name, /* subobj.DNSNAME */ + p->dest_dsa->site_name, /* subobj.DEFAULTSITE */ + TORTURE_SAMDB_LDB, /* paths.samdb */ + TORTURE_SECRETS_LDB, /* paths.secrets */ + TORTURE_SECRETS_KEYTAB); /* paths.keytab */ NT_STATUS_HAVE_NO_MEMORY(ejs); ret = test_run_ejs(ejs); |