summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/param/loadparm.c4
-rw-r--r--source4/param/secrets.c10
-rw-r--r--source4/scripting/libjs/provision.js19
-rw-r--r--source4/torture/libnet/libnet_BecomeDC.c22
4 files changed, 44 insertions, 11 deletions
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 93d9d79ece..98724a107d 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -107,6 +107,7 @@ typedef struct
char *szConfigFile;
char *szShareBackend;
char *szSAM_URL;
+ char *szSECRETS_URL;
char *szSPOOLSS_URL;
char *szWINS_CONFIG_URL;
char *szWINS_URL;
@@ -403,6 +404,7 @@ static struct parm_struct parm_table[] = {
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"password server", P_LIST, P_GLOBAL, &Globals.szPasswordServers, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"sam database", P_STRING, P_GLOBAL, &Globals.szSAM_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"secrets database", P_STRING, P_GLOBAL, &Globals.szSECRETS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"spoolss database", P_STRING, P_GLOBAL, &Globals.szSPOOLSS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins config database", P_STRING, P_GLOBAL, &Globals.szWINS_CONFIG_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins database", P_STRING, P_GLOBAL, &Globals.szWINS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -610,6 +612,7 @@ static void init_globals(void)
do_parameter("auth methods", "anonymous sam_ignoredomain", NULL);
do_parameter("private dir", dyn_PRIVATE_DIR, NULL);
do_parameter("sam database", "sam.ldb", NULL);
+ do_parameter("secrets database", "secrets.ldb", NULL);
do_parameter("spoolss database", "spoolss.ldb", NULL);
do_parameter("wins config database", "wins_config.ldb", NULL);
do_parameter("wins database", "wins.ldb", NULL);
@@ -833,6 +836,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_display_charset, &Globals.display_charset)
_PUBLIC_ FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
_PUBLIC_ FN_GLOBAL_STRING(lp_share_backend, &Globals.szShareBackend)
_PUBLIC_ FN_GLOBAL_STRING(lp_sam_url, &Globals.szSAM_URL)
+_PUBLIC_ FN_GLOBAL_STRING(lp_secrets_url, &Globals.szSECRETS_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL)
diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index a7eb9607de..4189f2182c 100644
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -96,6 +96,7 @@ BOOL secrets_init(void)
struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx)
{
char *path;
+ const char *url;
struct ldb_context *ldb;
BOOL existed;
const char *init_ldif =
@@ -103,11 +104,16 @@ struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx)
"computerName: CASE_INSENSITIVE\n" \
"flatname: CASE_INSENSITIVE\n";
- path = private_path(mem_ctx, "secrets.ldb");
+ url = lp_secrets_url();
+ if (!url || !url[0]) {
+ return NULL;
+ }
+
+ path = private_path(mem_ctx, url);
if (!path) {
return NULL;
}
-
+
existed = file_exist(path);
/* Secrets.ldb *must* always be local. If we call for a
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e9261888c6..1dbe08427e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -381,7 +381,7 @@ function provision_default_paths(subobj)
paths.hkpd = "hkpd.ldb";
paths.hkpt = "hkpt.ldb";
paths.samdb = lp.get("sam database");
- paths.secrets = "secrets.ldb";
+ paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab";
paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
paths.winsdb = "wins.ldb";
@@ -484,6 +484,20 @@ function provision_become_dc(subobj, message, paths, session_info)
ok = samdb.transaction_commit();
assert(ok);
+ message("Setting up " + paths.secrets + "\n");
+ setup_ldb("secrets.ldif", info, paths.secrets);
+
+ tmp = lp.get("secrets database");
+ ok = lp.set("secrets database", paths.secrets);
+ assert(ok);
+
+ message("Setting up keytabs\n");
+ var keytab_ok = credentials_update_all_keytabs();
+ assert(keytab_ok);
+
+ ok = lp.set("secrets database", tmp);
+ assert(ok);
+
return true;
}
@@ -529,11 +543,14 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
message("Setting up share.ldb\n");
setup_ldb("share.ldif", info, paths.shareconf);
}
+
message("Setting up secrets.ldb\n");
setup_ldb("secrets.ldif", info, paths.secrets);
+
message("Setting up keytabs\n");
var keytab_ok = credentials_update_all_keytabs();
assert(keytab_ok);
+
message("Setting up hklm.ldb\n");
setup_ldb("hklm.ldif", info, paths.hklm);
diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
index 7605ad5c6e..1faf622be6 100644
--- a/source4/torture/libnet/libnet_BecomeDC.c
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -96,6 +96,8 @@ failed:
#define TORTURE_NETBIOS_NAME "smbtorturedc"
#define TORTURE_SAMDB_LDB "test_samdb.ldb"
+#define TORTURE_SECRETS_LDB "test_secrets.ldb"
+#define TORTURE_SECRETS_KEYTAB "test_secrets.keytab"
struct test_become_dc_state {
struct libnet_context *ctx;
@@ -198,6 +200,8 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
"\n"
"var paths = provision_default_paths(subobj);\n"
"paths.samdb = \"%s\";\n"
+ "paths.secrets = \"%s\";\n"
+ "paths.keytab = \"%s\";\n"
"\n"
"var system_session = system_session();\n"
"\n"
@@ -205,14 +209,16 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
"assert(ok);\n"
"\n"
"return 0;\n",
- p->forest->root_dn_str,
- p->domain->dn_str,
- p->forest->config_dn_str,
- p->forest->schema_dn_str,
- p->dest_dsa->netbios_name,
- p->dest_dsa->dns_name,
- p->dest_dsa->site_name,
- TORTURE_SAMDB_LDB);
+ p->forest->root_dn_str, /* subobj.ROOTDN */
+ p->domain->dn_str, /* subobj.DOMAINDN */
+ p->forest->config_dn_str, /* subobj.CONFIGDN */
+ p->forest->schema_dn_str, /* subobj.SCHEMADN */
+ p->dest_dsa->netbios_name, /* subobj.HOSTNAME */
+ p->dest_dsa->dns_name, /* subobj.DNSNAME */
+ p->dest_dsa->site_name, /* subobj.DEFAULTSITE */
+ TORTURE_SAMDB_LDB, /* paths.samdb */
+ TORTURE_SECRETS_LDB, /* paths.secrets */
+ TORTURE_SECRETS_KEYTAB); /* paths.keytab */
NT_STATUS_HAVE_NO_MEMORY(ejs);
ret = test_run_ejs(ejs);