summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--python/samba/join.py2
-rw-r--r--python/samba/netcmd/domain.py9
-rw-r--r--python/samba/provision/__init__.py14
-rw-r--r--python/samba/provision/backend.py52
-rw-r--r--python/samba/upgrade.py2
-rw-r--r--python/samba/upgradehelpers.py4
-rwxr-xr-xsource4/scripting/bin/samba_upgradeprovision2
-rwxr-xr-xsource4/setup/tests/blackbox_provision-backend.sh2
8 files changed, 28 insertions, 59 deletions
diff --git a/python/samba/join.py b/python/samba/join.py
index 2379d5f214..637ade2b3c 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -717,7 +717,7 @@ class dc_join(object):
smbconf = ctx.lp.configfile
- presult = provision(ctx.logger, system_session(), None, smbconf=smbconf,
+ presult = provision(ctx.logger, system_session(), smbconf=smbconf,
targetdir=ctx.targetdir, samdb_fill=FILL_DRS, realm=ctx.realm,
rootdn=ctx.root_dn, domaindn=ctx.base_dn,
schemadn=ctx.schema_dn, configdn=ctx.config_dn,
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 0698928de0..217b5369b7 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -144,7 +144,6 @@ class cmd_domain_provision(Command):
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
- "credopts": options.CredentialsOptions,
}
takes_options = [
@@ -231,7 +230,7 @@ class cmd_domain_provision(Command):
takes_args = []
- def run(self, sambaopts=None, credopts=None, versionopts=None,
+ def run(self, sambaopts=None, versionopts=None,
interactive=None,
domain=None,
domain_guid=None,
@@ -278,10 +277,6 @@ class cmd_domain_provision(Command):
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
- creds = credopts.get_credentials(lp)
-
- creds.set_kerberos_state(DONT_USE_KERBEROS)
-
if dns_forwarder is not None:
suggested_forwarder = dns_forwarder
else:
@@ -408,7 +403,7 @@ class cmd_domain_provision(Command):
session = system_session()
try:
result = provision(self.logger,
- session, creds, smbconf=smbconf, targetdir=targetdir,
+ session, smbconf=smbconf, targetdir=targetdir,
samdb_fill=samdb_fill, realm=realm, domain=domain,
domainguid=domain_guid, domainsid=domain_sid,
hostname=host_name,
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 7f6d96d760..698df94f34 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1888,7 +1888,7 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
samdb.transaction_commit()
-def provision(logger, session_info, credentials, smbconf=None,
+def provision(logger, session_info, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
@@ -2065,25 +2065,25 @@ def provision(logger, session_info, credentials, smbconf=None,
if backend_type == "ldb":
provision_backend = LDBBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger)
elif backend_type == "existing":
# If support for this is ever added back, then the URI will need to be
# specified again
provision_backend = ExistingBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger,
ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path,
root=root)
elif backend_type == "openldap":
provision_backend = OpenLDAPBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
@@ -2105,7 +2105,7 @@ def provision(logger, session_info, credentials, smbconf=None,
logger.info("Setting up secrets.ldb")
secrets_ldb = setup_secretsdb(paths,
session_info=session_info,
- backend_credentials=provision_backend.secrets_credentials, lp=lp)
+ backend_credentials=provision_backend.credentials, lp=lp)
try:
logger.info("Setting up the registry")
@@ -2227,7 +2227,7 @@ def provision_become_dc(smbconf=None, targetdir=None,
logger = logging.getLogger("provision")
samba.set_debug_level(debuglevel)
- res = provision(logger, system_session(), None,
+ res = provision(logger, system_session(),
smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
configdn=configdn, serverdn=serverdn, domain=domain,
diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py
index 93c38f78bb..1180642c4a 100644
--- a/python/samba/provision/backend.py
+++ b/python/samba/provision/backend.py
@@ -63,19 +63,11 @@ class BackendResult(object):
class LDAPBackendResult(BackendResult):
- def __init__(self, credentials, slapd_command_escaped, ldapdir):
- self.credentials = credentials
+ def __init__(self, slapd_command_escaped, ldapdir):
self.slapd_command_escaped = slapd_command_escaped
self.ldapdir = ldapdir
def report_logger(self, logger):
- if self.credentials.get_bind_dn() is not None:
- logger.info("LDAP Backend Admin DN: %s" %
- self.credentials.get_bind_dn())
- else:
- logger.info("LDAP Admin User: %s" %
- self.credentials.get_username())
-
if self.slapd_command_escaped is not None:
# now display slapd_command_file.txt to show how slapd must be
# started next time
@@ -90,11 +82,11 @@ class LDAPBackendResult(BackendResult):
class ProvisionBackend(object):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None):
+ names=None, logger=None):
"""Provision a backend for samba4"""
self.paths = paths
self.lp = lp
- self.credentials = credentials
+ self.credentials = None
self.names = names
self.logger = logger
@@ -127,7 +119,6 @@ class LDBBackend(ProvisionBackend):
def init(self):
self.credentials = None
- self.secrets_credentials = None
# Wipe the old sam.ldb databases away
shutil.rmtree(self.paths.samdb + ".d", True)
@@ -145,11 +136,11 @@ class LDBBackend(ProvisionBackend):
class ExistingBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, ldapi_uri=None):
+ names=None, logger=None, ldapi_uri=None):
super(ExistingBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
ldap_backend_forced_uri=ldapi_uri)
def init(self):
@@ -158,27 +149,21 @@ class ExistingBackend(ProvisionBackend):
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
- # If we have got here, then we must have a valid connection to the LDAP
- # server, with valid credentials supplied This caused them to be set
- # into the long-term database later in the script.
- self.secrets_credentials = self.credentials
-
-
- # For now, assume existing backends at least emulate OpenLDAP
+ # For now, assume existing backends at least emulate OpenLDAP
self.ldap_backend_type = "openldap"
class LDAPBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
+ names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None,
slapd_path=None, ldap_backend_extra_port=None,
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger)
+ names=names, logger=logger)
self.domainsid = domainsid
self.schema = schema
@@ -253,19 +238,12 @@ class LDAPBackend(ProvisionBackend):
self.credentials = Credentials()
self.credentials.guess(self.lp)
- # Kerberos to an ldapi:// backend makes no sense
+ # Kerberos to an ldapi:// backend makes no sense (we also force EXTERNAL)
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
+ self.credentials.set_username("samba-admin")
self.credentials.set_password(self.ldapadminpass)
self.credentials.set_forced_sasl_mech("EXTERNAL")
- self.secrets_credentials = Credentials()
- self.secrets_credentials.guess(self.lp)
- # Kerberos to an ldapi:// backend makes no sense
- self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
- self.secrets_credentials.set_username("samba-admin")
- self.secrets_credentials.set_password(self.ldapadminpass)
- self.secrets_credentials.set_forced_sasl_mech("EXTERNAL")
-
self.provision()
def provision(self):
@@ -340,7 +318,7 @@ class OpenLDAPBackend(LDAPBackend):
from samba.provision import setup_path
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
@@ -595,10 +573,6 @@ class OpenLDAPBackend(LDAPBackend):
self.slapd_command.append(uris)
- # Set the username - done here because Fedora DS still uses the admin
- # DN and simple bind
- self.credentials.set_username("samba-admin")
-
# Wipe the old sam.ldb databases away
shutil.rmtree(self.olcdir, True)
os.makedirs(self.olcdir, 0770)
@@ -632,7 +606,7 @@ class OpenLDAPBackend(LDAPBackend):
class FDSBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
+ names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None,
setup_ds_path=None):
@@ -641,7 +615,7 @@ class FDSBackend(LDAPBackend):
super(FDSBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index 532e1dee81..6b55ed76a7 100644
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -855,7 +855,7 @@ Please fix this account before attempting to upgrade again
adminpass = None
# Do full provision
- result = provision(logger, session_info, None,
+ result = provision(logger, session_info,
targetdir=targetdir, realm=realm, domain=domainname,
domainsid=str(domainsid), next_rid=next_rid,
dc_rid=machinerid, adminpass = adminpass,
diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py
index 04f1e82e61..b6750eb430 100644
--- a/python/samba/upgradehelpers.py
+++ b/python/samba/upgradehelpers.py
@@ -225,7 +225,7 @@ def update_policyids(names, samdb):
names.policyid_dc = None
-def newprovision(names, creds, session, smbconf, provdir, logger):
+def newprovision(names, session, smbconf, provdir, logger):
"""Create a new provision.
This provision will be the reference for knowing what has changed in the
@@ -242,7 +242,7 @@ def newprovision(names, creds, session, smbconf, provdir, logger):
shutil.rmtree(provdir)
os.mkdir(provdir)
logger.info("Provision stored in %s", provdir)
- return provision(logger, session, creds, smbconf=smbconf,
+ return provision(logger, session, smbconf=smbconf,
targetdir=provdir, samdb_fill=FILL_FULL, realm=names.realm,
domain=names.domain, domainguid=names.domainguid,
domainsid=str(names.domainsid), ntdsguid=names.ntdsguid,
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index 88e0206e59..c4a0f79329 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -1632,7 +1632,7 @@ if __name__ == '__main__':
message(SIMPLE, "Creating a reference provision")
provisiondir = tempfile.mkdtemp(dir=paths.private_dir,
prefix="referenceprovision")
- result = newprovision(names, creds, session, smbconf, provisiondir,
+ result = newprovision(names, session, smbconf, provisiondir,
provision_logger)
result.report_logger(provision_logger)
diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh
index 5dec621e59..fc455d5e12 100755
--- a/source4/setup/tests/blackbox_provision-backend.sh
+++ b/source4/setup/tests/blackbox_provision-backend.sh
@@ -13,7 +13,7 @@ shift 1
. `dirname $0`/../../../testprogs/blackbox/subunit.sh
testit "openldap-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
-testit "openldap-mmr-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
+testit "openldap-mmr-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --adminpass=linux --ldapadminpass=linux --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
testit "fedora-ds-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
reprovision() {
generated by cgit (git 2.34.1) at 2024-11-16 17:05:35 +0000