From 176ecce9a661c9145620c3f7af9d13025ed0616c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Sep 2010 12:45:00 -0700 Subject: s4-provision: wipe the old keytabs when provisioning Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/provision.py | 20 ++++++++++++++++---- source4/scripting/python/samba/tests/provision.py | 16 +++++++++++++--- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 9e22d5829b..1d0abf426a 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -389,6 +389,7 @@ def provision_paths_from_lp(lp, dnsdomain): # This is stored without path prefix for the "privateKeytab" attribute in # "secrets_dns.ldif". paths.dns_keytab = "dns.keytab" + paths.keytab = "secrets.keytab" paths.shareconf = os.path.join(paths.private_dir, "share.ldb") paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb") @@ -781,7 +782,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir, }) -def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp): +def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp): """Setup the secrets database. :note: This function does not handle exceptions and transaction on purpose, @@ -794,8 +795,19 @@ def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp): :param lp: Loadparm context :return: LDB handle for the created secrets database """ - if os.path.exists(path): - os.unlink(path) + if os.path.exists(paths.secrets): + os.unlink(paths.secrets) + + keytab_path = os.path.join(paths.private_dir, paths.keytab) + if os.path.exists(keytab_path): + os.unlink(keytab_path) + + dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab) + if os.path.exists(dns_keytab_path): + os.unlink(dns_keytab_path) + + path = paths.secrets + secrets_ldb = Ldb(path, session_info=session_info, lp=lp) secrets_ldb.erase() @@ -1513,7 +1525,7 @@ def provision(setup_dir, logger, session_info, share_ldb.load_ldif_file_add(setup_path("share.ldif")) logger.info("Setting up secrets.ldb") - secrets_ldb = setup_secretsdb(paths.secrets, setup_path, + secrets_ldb = setup_secretsdb(paths, setup_path, session_info=session_info, backend_credentials=provision_backend.secrets_credentials, lp=lp) diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py index 37b256a925..58bb030568 100644 --- a/source4/scripting/python/samba/tests/provision.py +++ b/source4/scripting/python/samba/tests/provision.py @@ -18,7 +18,7 @@ # import os -from samba.provision import setup_secretsdb, findnss +from samba.provision import setup_secretsdb, findnss, ProvisionPaths import samba.tests from samba.tests import env_loadparm, TestCase @@ -36,7 +36,12 @@ def create_dummy_secretsdb(path, lp=None): """ if lp is None: lp = env_loadparm() - secrets_ldb = setup_secretsdb(path, setup_path, None, None, lp=lp) + paths = ProvisionPaths() + paths.secrets = path + paths.private_dir = os.path.dirname(path) + paths.keytab = "no.keytab" + paths.dns_keytab = "no.dns.keytab" + secrets_ldb = setup_secretsdb(paths, setup_path, None, None, lp=lp) secrets_ldb.transaction_commit() return secrets_ldb @@ -47,7 +52,12 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir): def test_setup_secretsdb(self): path = os.path.join(self.tempdir, "secrets.ldb") - ldb = setup_secretsdb(path, setup_path, None, None, lp=env_loadparm()) + paths = ProvisionPaths() + paths.secrets = path + paths.private_dir = os.path.dirname(path) + paths.keytab = "no.keytab" + paths.dns_keytab = "no.dns.keytab" + ldb = setup_secretsdb(paths, setup_path, None, None, lp=env_loadparm()) try: self.assertEquals("LSA Secrets", ldb.searchone(basedn="CN=LSA Secrets", attribute="CN")) -- cgit