mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry(). Andrew Bartlett Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
This commit is contained in:
parent
05375cde83
commit
c11a89a2c1
@ -66,6 +66,7 @@ class dc_join(object):
|
|||||||
ctx.promote_from_dn = None
|
ctx.promote_from_dn = None
|
||||||
|
|
||||||
ctx.nc_list = []
|
ctx.nc_list = []
|
||||||
|
ctx.full_nc_list = []
|
||||||
|
|
||||||
ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
|
ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
|
||||||
ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
|
ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
|
||||||
@ -447,8 +448,8 @@ class dc_join(object):
|
|||||||
|
|
||||||
return ctr.objects
|
return ctr.objects
|
||||||
|
|
||||||
def join_add_ntdsdsa(ctx):
|
def join_ntdsdsa_obj(ctx):
|
||||||
'''add the ntdsdsa object'''
|
'''return the ntdsdsa object to add'''
|
||||||
|
|
||||||
print "Adding %s" % ctx.ntds_dn
|
print "Adding %s" % ctx.ntds_dn
|
||||||
rec = {
|
rec = {
|
||||||
@ -467,16 +468,28 @@ class dc_join(object):
|
|||||||
|
|
||||||
if ctx.RODC:
|
if ctx.RODC:
|
||||||
rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn
|
rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn
|
||||||
rec["msDS-HasFullReplicaNCs"] = ctx.nc_list
|
rec["msDS-HasFullReplicaNCs"] = ctx.full_nc_list
|
||||||
rec["options"] = "37"
|
rec["options"] = "37"
|
||||||
ctx.samdb.add(rec, ["rodc_join:1:1"])
|
|
||||||
else:
|
else:
|
||||||
rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
|
rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
|
||||||
rec["HasMasterNCs"] = nc_list
|
rec["HasMasterNCs"] = []
|
||||||
|
for nc in nc_list:
|
||||||
|
if nc in ctx.full_nc_list:
|
||||||
|
rec["HasMasterNCs"].append(nc)
|
||||||
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
||||||
rec["msDS-HasMasterNCs"] = ctx.nc_list
|
rec["msDS-HasMasterNCs"] = ctx.full_nc_list
|
||||||
rec["options"] = "1"
|
rec["options"] = "1"
|
||||||
rec["invocationId"] = ndr_pack(ctx.invocation_id)
|
rec["invocationId"] = ndr_pack(ctx.invocation_id)
|
||||||
|
|
||||||
|
return rec
|
||||||
|
|
||||||
|
def join_add_ntdsdsa(ctx):
|
||||||
|
'''add the ntdsdsa object'''
|
||||||
|
|
||||||
|
rec = ctx.join_ntdsdsa_obj()
|
||||||
|
if ctx.RODC:
|
||||||
|
ctx.samdb.add(rec, ["rodc_join:1:1"])
|
||||||
|
else:
|
||||||
ctx.DsAddEntry([rec])
|
ctx.DsAddEntry([rec])
|
||||||
|
|
||||||
# find the GUID of our NTDS DN
|
# find the GUID of our NTDS DN
|
||||||
@ -672,26 +685,7 @@ class dc_join(object):
|
|||||||
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
||||||
rec["msDS-Behavior-Version"] = str(ctx.behavior_version)
|
rec["msDS-Behavior-Version"] = str(ctx.behavior_version)
|
||||||
|
|
||||||
rec2 = {
|
rec2 = ctx.join_ntdsdsa_obj()
|
||||||
"dn" : ctx.ntds_dn,
|
|
||||||
"objectclass" : "nTDSDSA",
|
|
||||||
"systemFlags" : str(samba.dsdb.SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE),
|
|
||||||
"dMDLocation" : ctx.schema_dn}
|
|
||||||
|
|
||||||
nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
|
||||||
|
|
||||||
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
|
||||||
rec2["msDS-Behavior-Version"] = str(ctx.behavior_version)
|
|
||||||
|
|
||||||
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
|
||||||
rec2["msDS-HasDomainNCs"] = ctx.base_dn
|
|
||||||
|
|
||||||
rec2["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
|
|
||||||
rec2["HasMasterNCs"] = nc_list
|
|
||||||
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
|
|
||||||
rec2["msDS-HasMasterNCs"] = ctx.nc_list
|
|
||||||
rec2["options"] = "1"
|
|
||||||
rec2["invocationId"] = ndr_pack(ctx.invocation_id)
|
|
||||||
|
|
||||||
objects = ctx.DsAddEntry([rec, rec2])
|
objects = ctx.DsAddEntry([rec, rec2])
|
||||||
if len(objects) != 2:
|
if len(objects) != 2:
|
||||||
@ -1054,17 +1048,25 @@ class dc_join(object):
|
|||||||
|
|
||||||
|
|
||||||
def do_join(ctx):
|
def do_join(ctx):
|
||||||
# full_nc_list is the list of naming context (NC) for which we will
|
# nc_list is the list of naming context (NC) for which we will
|
||||||
# send a updateRef command to the partner DC
|
# replicate in and send a updateRef command to the partner DC
|
||||||
ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
|
|
||||||
|
|
||||||
if not ctx.subdomain:
|
# full_nc_list is the list of naming context (NC) we hold
|
||||||
|
# read/write copies of. These are not subsets of each other.
|
||||||
|
ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
|
||||||
|
ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
||||||
|
|
||||||
|
if ctx.subdomain and ctx.dns_backend != "NONE":
|
||||||
|
ctx.full_nc_list += [ctx.domaindns_zone]
|
||||||
|
|
||||||
|
elif not ctx.subdomain:
|
||||||
ctx.nc_list += [ctx.base_dn]
|
ctx.nc_list += [ctx.base_dn]
|
||||||
|
|
||||||
if ctx.dns_backend != "NONE":
|
if ctx.dns_backend != "NONE":
|
||||||
ctx.nc_list += [ctx.domaindns_zone]
|
ctx.nc_list += [ctx.domaindns_zone]
|
||||||
|
ctx.nc_list += [ctx.forestdns_zone]
|
||||||
if ctx.dns_backend != "NONE":
|
ctx.full_nc_list += [ctx.domaindns_zone]
|
||||||
ctx.nc_list += [ctx.forestdns_zone]
|
ctx.full_nc_list += [ctx.forestdns_zone]
|
||||||
|
|
||||||
if ctx.promote_existing:
|
if ctx.promote_existing:
|
||||||
ctx.promote_possible()
|
ctx.promote_possible()
|
||||||
|
@ -1669,6 +1669,7 @@ class AclSPNTests(AclTests):
|
|||||||
# same as for join_RODC, but do not set any SPNs
|
# same as for join_RODC, but do not set any SPNs
|
||||||
def create_rodc(self, ctx):
|
def create_rodc(self, ctx):
|
||||||
ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
||||||
|
ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
||||||
ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
|
ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
|
||||||
|
|
||||||
ctx.never_reveal_sid = [ "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
|
ctx.never_reveal_sid = [ "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
|
||||||
@ -1699,6 +1700,7 @@ class AclSPNTests(AclTests):
|
|||||||
|
|
||||||
def create_dc(self, ctx):
|
def create_dc(self, ctx):
|
||||||
ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
||||||
|
ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
|
||||||
ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
|
ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
|
||||||
ctx.secure_channel_type = misc.SEC_CHAN_BDC
|
ctx.secure_channel_type = misc.SEC_CHAN_BDC
|
||||||
ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
|
ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
|
||||||
|
Loading…
Reference in New Issue
Block a user