1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

upgradeprovision: fix pb with dns-hostname, regenerate a correct keytab

This commit is contained in:
Matthieu Patou 2010-10-26 16:37:50 +04:00 committed by Matthieu Patou
parent 8227d1f68e
commit a9c430bdd2
2 changed files with 75 additions and 1 deletions

View File

@ -60,7 +60,7 @@ from samba.upgradehelpers import (dn_sort, get_paths, newprovision,
delta_update_basesamdb, update_policyids, delta_update_basesamdb, update_policyids,
update_machine_account_password, update_machine_account_password,
search_constructed_attrs_stored, search_constructed_attrs_stored,
int64range2str, int64range2str, update_dns_account_password,
increment_calculated_keyversion_number) increment_calculated_keyversion_number)
replace=2**FLAG_MOD_REPLACE replace=2**FLAG_MOD_REPLACE
@ -1723,8 +1723,34 @@ if __name__ == '__main__':
# as the delta_upgrade # as the delta_upgrade
schemareloadclosure() schemareloadclosure()
sync_calculated_attributes(ldbs.sam, names) sync_calculated_attributes(ldbs.sam, names)
res = ldbs.sam.search(expression="(samaccountname=dns)",
scope=SCOPE_SUBTREE, attrs=["dn"],
controls=["search_options:1:2"])
if len(res) > 0:
message(SIMPLE, "You still have the old dns object for managing"
"dynamic DNS, but you didn't supply --full so "
"correct update can't be done")
ldbs.groupedRollback()
new_ldbs.groupedRollback()
shutil.rmtree(provisiondir)
sys.exit(1)
# 14) # 14)
update_secrets(new_ldbs.secrets, ldbs.secrets, message) update_secrets(new_ldbs.secrets, ldbs.secrets, message)
# 14bis)
res = ldbs.sam.search(expression="(samaccountname=dns)",
scope=SCOPE_SUBTREE, attrs=["dn"],
controls=["search_options:1:2"])
if (len(res) == 1):
ldbs.sam.delete(res[0]["dn"])
res2 = ldbs.secrets.search(expression="(samaccountname=dns)",
scope=SCOPE_SUBTREE, attrs=["dn"])
update_dns_account_password(ldbs.sam, ldbs.secrets, names)
message(SIMPLE, "IMPORTANT !!! "
"If you were using Dynmaic DNS before you need"
" to update your configuration, so that the "
"tkey-gssapi-credential has the following value:"
"DNS/%s.%s" % (names.netbiosname.lower(), names.realm.lower()))
# 15) # 15)
message(SIMPLE, "Update machine account") message(SIMPLE, "Update machine account")
update_machine_account_password(ldbs.sam, ldbs.secrets, names) update_machine_account_password(ldbs.sam, ldbs.secrets, names)

View File

@ -632,6 +632,13 @@ def update_secrets(newsecrets_ldb, secrets_ldb, messagefunc):
delta.dn = current[0].dn delta.dn = current[0].dn
secrets_ldb.modify(delta) secrets_ldb.modify(delta)
res2 = secrets_ldb.search(expression="(samaccountname=dns)",
scope=SCOPE_SUBTREE, attrs=["dn"])
if (len(res2) == 1):
messagefunc(SIMPLE, "Remove old dns account")
secrets_ldb.delete(res2[0]["dn"])
def getOEMInfo(samdb, rootdn): def getOEMInfo(samdb, rootdn):
"""Return OEM Information on the top level """Return OEM Information on the top level
Samba4 use to store version info in this field Samba4 use to store version info in this field
@ -855,6 +862,47 @@ clearTextPassword:: """ + base64.b64encode(machinepass.encode('utf-16-le')) + ""
raise ProvisioningError("Unable to find a Secure Channel" raise ProvisioningError("Unable to find a Secure Channel"
"of type SEC_CHAN_BDC") "of type SEC_CHAN_BDC")
def update_dns_account_password(samdb, secrets_ldb, names):
"""Update (change) the password of the dns both in the SAM db and in
secret one
:param samdb: An LDB object related to the sam.ldb file of a given provision
:param secrets_ldb: An LDB object related to the secrets.ldb file of a given
provision
:param names: List of key provision parameters"""
expression = "samAccountName=dns-%s" % names.netbiosname
secrets_msg = secrets_ldb.search(expression=expression)
if len(secrets_msg) == 1:
res = samdb.search(expression=expression, attrs=[])
assert(len(res) == 1)
msg = ldb.Message(res[0].dn)
machinepass = samba.generate_random_password(128, 255)
mputf16 = machinepass.encode('utf-16-le')
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
ldb.FLAG_MOD_REPLACE,
"clearTextPassword")
samdb.modify(msg)
res = samdb.search(expression=expression,
attrs=["msDs-keyVersionNumber"])
assert(len(res) == 1)
kvno = str(res[0]["msDs-keyVersionNumber"])
msg = ldb.Message(secrets_msg[0].dn)
msg["secret"] = ldb.MessageElement(machinepass,
ldb.FLAG_MOD_REPLACE,
"secret")
msg["msDS-KeyVersionNumber"] = ldb.MessageElement(kvno,
ldb.FLAG_MOD_REPLACE,
"msDS-KeyVersionNumber")
secrets_ldb.modify(msg)
else:
raise ProvisioningError("Unable to find an object"
" with %s" % expression )
def search_constructed_attrs_stored(samdb, rootdn, attrs): def search_constructed_attrs_stored(samdb, rootdn, attrs):
"""Search a given sam DB for calculated attributes that are """Search a given sam DB for calculated attributes that are