mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
upgradeprovision: fix pb with dns-hostname, regenerate a correct keytab
This commit is contained in:
parent
8227d1f68e
commit
a9c430bdd2
@ -60,7 +60,7 @@ from samba.upgradehelpers import (dn_sort, get_paths, newprovision,
|
|||||||
delta_update_basesamdb, update_policyids,
|
delta_update_basesamdb, update_policyids,
|
||||||
update_machine_account_password,
|
update_machine_account_password,
|
||||||
search_constructed_attrs_stored,
|
search_constructed_attrs_stored,
|
||||||
int64range2str,
|
int64range2str, update_dns_account_password,
|
||||||
increment_calculated_keyversion_number)
|
increment_calculated_keyversion_number)
|
||||||
|
|
||||||
replace=2**FLAG_MOD_REPLACE
|
replace=2**FLAG_MOD_REPLACE
|
||||||
@ -1723,8 +1723,34 @@ if __name__ == '__main__':
|
|||||||
# as the delta_upgrade
|
# as the delta_upgrade
|
||||||
schemareloadclosure()
|
schemareloadclosure()
|
||||||
sync_calculated_attributes(ldbs.sam, names)
|
sync_calculated_attributes(ldbs.sam, names)
|
||||||
|
res = ldbs.sam.search(expression="(samaccountname=dns)",
|
||||||
|
scope=SCOPE_SUBTREE, attrs=["dn"],
|
||||||
|
controls=["search_options:1:2"])
|
||||||
|
if len(res) > 0:
|
||||||
|
message(SIMPLE, "You still have the old dns object for managing"
|
||||||
|
"dynamic DNS, but you didn't supply --full so "
|
||||||
|
"correct update can't be done")
|
||||||
|
ldbs.groupedRollback()
|
||||||
|
new_ldbs.groupedRollback()
|
||||||
|
shutil.rmtree(provisiondir)
|
||||||
|
sys.exit(1)
|
||||||
# 14)
|
# 14)
|
||||||
update_secrets(new_ldbs.secrets, ldbs.secrets, message)
|
update_secrets(new_ldbs.secrets, ldbs.secrets, message)
|
||||||
|
# 14bis)
|
||||||
|
res = ldbs.sam.search(expression="(samaccountname=dns)",
|
||||||
|
scope=SCOPE_SUBTREE, attrs=["dn"],
|
||||||
|
controls=["search_options:1:2"])
|
||||||
|
|
||||||
|
if (len(res) == 1):
|
||||||
|
ldbs.sam.delete(res[0]["dn"])
|
||||||
|
res2 = ldbs.secrets.search(expression="(samaccountname=dns)",
|
||||||
|
scope=SCOPE_SUBTREE, attrs=["dn"])
|
||||||
|
update_dns_account_password(ldbs.sam, ldbs.secrets, names)
|
||||||
|
message(SIMPLE, "IMPORTANT !!! "
|
||||||
|
"If you were using Dynmaic DNS before you need"
|
||||||
|
" to update your configuration, so that the "
|
||||||
|
"tkey-gssapi-credential has the following value:"
|
||||||
|
"DNS/%s.%s" % (names.netbiosname.lower(), names.realm.lower()))
|
||||||
# 15)
|
# 15)
|
||||||
message(SIMPLE, "Update machine account")
|
message(SIMPLE, "Update machine account")
|
||||||
update_machine_account_password(ldbs.sam, ldbs.secrets, names)
|
update_machine_account_password(ldbs.sam, ldbs.secrets, names)
|
||||||
|
@ -632,6 +632,13 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc):
|
|||||||
delta.dn = current[0].dn
|
delta.dn = current[0].dn
|
||||||
secrets_ldb.modify(delta)
|
secrets_ldb.modify(delta)
|
||||||
|
|
||||||
|
res2 = secrets_ldb.search(expression="(samaccountname=dns)",
|
||||||
|
scope=SCOPE_SUBTREE, attrs=["dn"])
|
||||||
|
|
||||||
|
if (len(res2) == 1):
|
||||||
|
messagefunc(SIMPLE, "Remove old dns account")
|
||||||
|
secrets_ldb.delete(res2[0]["dn"])
|
||||||
|
|
||||||
def getOEMInfo(samdb, rootdn):
|
def getOEMInfo(samdb, rootdn):
|
||||||
"""Return OEM Information on the top level
|
"""Return OEM Information on the top level
|
||||||
Samba4 use to store version info in this field
|
Samba4 use to store version info in this field
|
||||||
@ -855,6 +862,47 @@ clearTextPassword:: """ + base64.b64encode(machinepass.encode('utf-16-le')) + ""
|
|||||||
raise ProvisioningError("Unable to find a Secure Channel"
|
raise ProvisioningError("Unable to find a Secure Channel"
|
||||||
"of type SEC_CHAN_BDC")
|
"of type SEC_CHAN_BDC")
|
||||||
|
|
||||||
|
def update_dns_account_password(samdb, secrets_ldb, names):
|
||||||
|
"""Update (change) the password of the dns both in the SAM db and in
|
||||||
|
secret one
|
||||||
|
|
||||||
|
:param samdb: An LDB object related to the sam.ldb file of a given provision
|
||||||
|
:param secrets_ldb: An LDB object related to the secrets.ldb file of a given
|
||||||
|
provision
|
||||||
|
:param names: List of key provision parameters"""
|
||||||
|
|
||||||
|
expression = "samAccountName=dns-%s" % names.netbiosname
|
||||||
|
secrets_msg = secrets_ldb.search(expression=expression)
|
||||||
|
if len(secrets_msg) == 1:
|
||||||
|
res = samdb.search(expression=expression, attrs=[])
|
||||||
|
assert(len(res) == 1)
|
||||||
|
|
||||||
|
msg = ldb.Message(res[0].dn)
|
||||||
|
machinepass = samba.generate_random_password(128, 255)
|
||||||
|
mputf16 = machinepass.encode('utf-16-le')
|
||||||
|
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
|
||||||
|
ldb.FLAG_MOD_REPLACE,
|
||||||
|
"clearTextPassword")
|
||||||
|
|
||||||
|
samdb.modify(msg)
|
||||||
|
|
||||||
|
res = samdb.search(expression=expression,
|
||||||
|
attrs=["msDs-keyVersionNumber"])
|
||||||
|
assert(len(res) == 1)
|
||||||
|
kvno = str(res[0]["msDs-keyVersionNumber"])
|
||||||
|
|
||||||
|
msg = ldb.Message(secrets_msg[0].dn)
|
||||||
|
msg["secret"] = ldb.MessageElement(machinepass,
|
||||||
|
ldb.FLAG_MOD_REPLACE,
|
||||||
|
"secret")
|
||||||
|
msg["msDS-KeyVersionNumber"] = ldb.MessageElement(kvno,
|
||||||
|
ldb.FLAG_MOD_REPLACE,
|
||||||
|
"msDS-KeyVersionNumber")
|
||||||
|
|
||||||
|
secrets_ldb.modify(msg)
|
||||||
|
else:
|
||||||
|
raise ProvisioningError("Unable to find an object"
|
||||||
|
" with %s" % expression )
|
||||||
|
|
||||||
def search_constructed_attrs_stored(samdb, rootdn, attrs):
|
def search_constructed_attrs_stored(samdb, rootdn, attrs):
|
||||||
"""Search a given sam DB for calculated attributes that are
|
"""Search a given sam DB for calculated attributes that are
|
||||||
|
Loading…
Reference in New Issue
Block a user