mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
samba_dnsupdate: Simplify logic and add more verbose debugging
By reducing the intendation this code is a little clearer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
parent
72d5fa79a0
commit
b1ab37ec5b
@ -134,30 +134,35 @@ def get_credentials(lp):
|
|||||||
try:
|
try:
|
||||||
creds.get_named_ccache(lp, ccachename)
|
creds.get_named_ccache(lp, ccachename)
|
||||||
|
|
||||||
if opts.use_file is None:
|
if opts.use_file is not None:
|
||||||
# Now confirm we can get a ticket to a DNS server
|
return
|
||||||
ans = check_one_dns_name(sub_vars['DNSDOMAIN'] + '.', 'NS')
|
|
||||||
for i in range(len(ans)):
|
|
||||||
target_hostname = str(ans[i].target).rstrip('.')
|
|
||||||
settings = {}
|
|
||||||
settings["lp_ctx"] = lp
|
|
||||||
settings["target_hostname"] = target_hostname
|
|
||||||
|
|
||||||
gensec_client = gensec.Security.start_client(settings)
|
# Now confirm we can get a ticket to a DNS server
|
||||||
gensec_client.set_credentials(creds)
|
ans = check_one_dns_name(sub_vars['DNSDOMAIN'] + '.', 'NS')
|
||||||
gensec_client.set_target_service("DNS")
|
for i in range(len(ans)):
|
||||||
gensec_client.set_target_hostname(target_hostname)
|
target_hostname = str(ans[i].target).rstrip('.')
|
||||||
gensec_client.want_feature(gensec.FEATURE_SEAL)
|
settings = {}
|
||||||
gensec_client.start_mech_by_sasl_name("GSSAPI")
|
settings["lp_ctx"] = lp
|
||||||
server_to_client = ""
|
settings["target_hostname"] = target_hostname
|
||||||
try:
|
|
||||||
(client_finished, client_to_server) = gensec_client.update(server_to_client)
|
gensec_client = gensec.Security.start_client(settings)
|
||||||
return
|
gensec_client.set_credentials(creds)
|
||||||
except RuntimeError:
|
gensec_client.set_target_service("DNS")
|
||||||
# Only raise an exception if they all failed
|
gensec_client.set_target_hostname(target_hostname)
|
||||||
if i != len(ans) - 1:
|
gensec_client.want_feature(gensec.FEATURE_SEAL)
|
||||||
pass
|
gensec_client.start_mech_by_sasl_name("GSSAPI")
|
||||||
raise
|
server_to_client = ""
|
||||||
|
try:
|
||||||
|
(client_finished, client_to_server) = gensec_client.update(server_to_client)
|
||||||
|
if opts.verbose:
|
||||||
|
print "Successfully obtained Kerberos ticket to DNS/%s as %s" \
|
||||||
|
% (target_hostname, creds.get_username())
|
||||||
|
return
|
||||||
|
except RuntimeError:
|
||||||
|
# Only raise an exception if they all failed
|
||||||
|
if i != len(ans) - 1:
|
||||||
|
pass
|
||||||
|
raise
|
||||||
|
|
||||||
except RuntimeError as e:
|
except RuntimeError as e:
|
||||||
os.unlink(ccachename)
|
os.unlink(ccachename)
|
||||||
@ -754,21 +759,20 @@ else:
|
|||||||
use_samba_tool = opts.use_samba_tool
|
use_samba_tool = opts.use_samba_tool
|
||||||
use_nsupdate = opts.use_nsupdate
|
use_nsupdate = opts.use_nsupdate
|
||||||
# get our krb5 creds
|
# get our krb5 creds
|
||||||
if len(delete_list) != 0 or len(update_list) != 0:
|
if len(delete_list) != 0 or len(update_list) != 0 and not opts.nocreds:
|
||||||
if not opts.nocreds:
|
try:
|
||||||
try:
|
creds = get_credentials(lp)
|
||||||
get_credentials(lp)
|
except RuntimeError as e:
|
||||||
except RuntimeError as e:
|
ccachename = None
|
||||||
ccachename = None
|
|
||||||
|
|
||||||
if sub_vars['IF_RWDNS_DOMAIN'] == "# ":
|
if sub_vars['IF_RWDNS_DOMAIN'] == "# ":
|
||||||
raise
|
raise
|
||||||
|
|
||||||
if use_nsupdate:
|
if use_nsupdate:
|
||||||
raise
|
raise
|
||||||
|
|
||||||
print "Failed to get Kerberos credentials, falling back to samba-tool: %s" % e
|
print "Failed to get Kerberos credentials, falling back to samba-tool: %s" % e
|
||||||
use_samba_tool = True
|
use_samba_tool = True
|
||||||
|
|
||||||
|
|
||||||
# ask nsupdate to delete entries as needed
|
# ask nsupdate to delete entries as needed
|
||||||
|
Loading…
Reference in New Issue
Block a user