sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code

python: Create the kdc.conf in the Samba private directory

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2017-05-03 09:19:38 +02:00 committed by Andrew Bartlett
parent acec88dc1f
commit 330d82c1bc
5 changed files with 28 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
python/samba/netcmd/domain.py
View File

@ -87,9 +87,6 @@ from samba.provision import (
ProvisioningError
)
from samba.provision.kerberos_implementation import (
kdc_default_config_dir)
from samba.provision.common import (
FILL_FULL,
FILL_NT4SYNC,
@ -266,20 +263,12 @@ class cmd_domain_provision(Command):
default="auto")
]
kdc_options = [
Option("--kdc-config-dir", type="string", metavar="KDC-CONFIG-DIR",
help="Set the MIT KDC config directory (default='%s')" % kdc_default_config_dir),
]
if os.getenv('TEST_LDAP', "no") == "yes":
takes_options.extend(openldap_options)
if samba.is_ntvfs_fileserver_built():
takes_options.extend(ntvfs_options)
if not samba.is_heimdal_built():
takes_options.extend(kdc_options)
takes_args = []
def run(self, sambaopts=None, versionopts=None,
@ -315,7 +304,6 @@ class cmd_domain_provision(Command):
use_xattrs="auto",
slapd_path=None,
use_ntvfs=False,
kdc_config_dir=None,
use_rfc2307=None,
ldap_backend_nosync=None,
ldap_backend_extra_port=None,
@ -483,8 +471,7 @@ class cmd_domain_provision(Command):
use_rfc2307=use_rfc2307, skip_sysvolacl=False,
ldap_backend_extra_port=ldap_backend_extra_port,
ldap_backend_forced_uri=ldap_backend_forced_uri,
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode,
kdcconfdir=kdc_config_dir)
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
except ProvisioningError, e:
raise CommandError("Provision failed", e)

24
python/samba/provision/__init__.py
View File

@ -56,6 +56,7 @@ from samba import (
substitute_var,
valid_netbios_name,
version,
is_heimdal_built,
)
from samba.dcerpc import security, misc
from samba.dcerpc.misc import (
@ -118,7 +119,7 @@ import samba.registry
from samba.schema import Schema
from samba.samdb import SamDB
from samba.dbchecker import dbcheck
from samba.provision.kerberos import make_kdcconf
from samba.provision.kerberos import create_kdc_conf
DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9"
@ -549,6 +550,7 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update")
paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
paths.hklm = "hklm.ldb"
@ -670,7 +672,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
def make_smbconf(smbconf, hostname, domain, realm, targetdir,
serverrole=None, eadb=False, use_ntvfs=False, lp=None,
global_param=None, kdcconfdir=None):
global_param=None):
"""Create a new smb.conf file based on a couple of basic settings.
"""
assert smbconf is not None
@ -731,11 +733,6 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir,
statedir = lp.get("state directory")
lp.set("xattr_tdb:file", os.path.abspath(os.path.join(statedir, "xattr.tdb")))
make_kdcconf(realm, domain, kdcconfdir, os.path.dirname(lp.get("log file")))
if kdcconfdir is not None:
kdcconf = "%s/kdc.conf" % kdcconfdir
lp.set("mit kdc config", kdcconf)
shares = {}
if serverrole == "active directory domain controller":
shares["sysvol"] = os.path.join(lp.get("state directory"), "sysvol")
@ -1932,7 +1929,7 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
samdb.transaction_commit()
def provision(logger, session_info, smbconf=None, kdcconfdir=None,
def provision(logger, session_info, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
@ -2016,13 +2013,11 @@ def provision(logger, session_info, smbconf=None, kdcconfdir=None,
make_smbconf(smbconf, hostname, domain, realm,
targetdir, serverrole=serverrole,
eadb=useeadb, use_ntvfs=use_ntvfs,
lp=lp, global_param=global_param,
kdcconfdir=kdcconfdir)
lp=lp, global_param=global_param)
else:
make_smbconf(smbconf, hostname, domain, realm, targetdir,
serverrole=serverrole,
eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param,
kdcconfdir=kdcconfdir)
eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param)
if lp is None:
lp = samba.param.LoadParm()
@ -2179,6 +2174,11 @@ def provision(logger, session_info, smbconf=None, kdcconfdir=None,
lp=lp, use_ntvfs=use_ntvfs,
skip_sysvolacl=skip_sysvolacl)
if not is_heimdal_built():
create_kdc_conf(paths.kdcconf, realm, domain, os.path.dirname(lp.get("log file")))
logger.info("The Kerberos KDC configuration for Samba AD is "
"located at %s", paths.kdcconf)
create_krb5_conf(paths.krb5conf,
dnsdomain=names.dnsdomain, hostname=names.hostname,
realm=names.realm)

11
python/samba/provision/kerberos.py
View File

@ -19,12 +19,11 @@
#
from samba.provision.kerberos_implementation import (
kdb_modules_dir,
kdc_default_config_dir)
kdb_modules_dir)
from samba import is_heimdal_built
import os
def make_kdcconf(realm, domain, kdcconfdir, logdir):
def create_kdc_conf(kdcconf, realm, domain, logdir):
if is_heimdal_built():
return
@ -37,11 +36,7 @@ def make_kdcconf(realm, domain, kdcconfdir, logdir):
if 'SAMBA_SELFTEST' in os.environ and 'MITKRB5' in os.environ:
return
# If not specified use the default
if kdcconfdir is None:
kdcconfdir = kdc_default_config_dir
kdcconf = "%s/kdc.conf" % kdcconfdir
assert kdcconf is not None
assert domain is not None
domain = domain.upper()

8
python/wscript
View File

@ -27,20 +27,14 @@ def configure(conf):
f.write(header)
data = """kdb_modules_dir = "{0}"
kdc_default_config_dir = "{1}"
"""
if conf.env.HEIMDAL_KRB5_CONFIG:
f.write(data.format("", ""))
else:
modulesdir = "%s/krb5/plugins/kdb" % conf.env.LIBDIR
paths = [ "/var/kerberos/krb5kdc", "/var/lib/kerberos/krb5kdc" ]
kdc_path = None
for p in paths:
if os.path.exists(p):
kdc_path = p
f.write(data.format(modulesdir, kdc_path))
f.write(data.format(modulesdir))
finally:
f.close()

16
source4/kdc/kdc-service-mit.c
View File

@ -146,7 +146,7 @@ void mitkdc_task_init(struct task_server *task)
struct tevent_req *subreq;
const char * const *kdc_cmd;
struct interface *ifaces;
const char *kdc_config;
char *kdc_config = NULL;
struct kdc_server *kdc;
krb5_error_code code;
NTSTATUS status;
@ -183,11 +183,17 @@ void mitkdc_task_init(struct task_server *task)
return;
}
kdc_config = lpcfg_mit_kdc_config(task->lp_ctx, task);
if (kdc_config != NULL && kdc_config[0] != '\0') {
/* Do not overwrite the variable if already set! */
setenv("KRB5_KDC_PROFILE", kdc_config, 0);
kdc_config = talloc_asprintf(task,
"%s/kdc.conf",
lpcfg_private_dir(task->lp_ctx));
if (kdc_config == NULL) {
task_server_terminate(task,
"KDC: no memory",
false);
return;
}
setenv("KRB5_KDC_PROFILE", kdc_config, 0);
TALLOC_FREE(kdc_config);
/* start it as a child process */
kdc_cmd = lpcfg_mit_kdc_command(task->lp_ctx);