1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common

The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().

Andrew Bartlett

Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
This commit is contained in:
Andrew Bartlett 2013-10-16 14:34:43 +13:00
parent 05375cde83
commit c11a89a2c1
2 changed files with 37 additions and 33 deletions

View File

@ -66,6 +66,7 @@ class dc_join(object):
ctx.promote_from_dn = None ctx.promote_from_dn = None
ctx.nc_list = [] ctx.nc_list = []
ctx.full_nc_list = []
ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL) ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
ctx.net = Net(creds=ctx.creds, lp=ctx.lp) ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
@ -447,8 +448,8 @@ class dc_join(object):
return ctr.objects return ctr.objects
def join_add_ntdsdsa(ctx): def join_ntdsdsa_obj(ctx):
'''add the ntdsdsa object''' '''return the ntdsdsa object to add'''
print "Adding %s" % ctx.ntds_dn print "Adding %s" % ctx.ntds_dn
rec = { rec = {
@ -467,16 +468,28 @@ class dc_join(object):
if ctx.RODC: if ctx.RODC:
rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn
rec["msDS-HasFullReplicaNCs"] = ctx.nc_list rec["msDS-HasFullReplicaNCs"] = ctx.full_nc_list
rec["options"] = "37" rec["options"] = "37"
ctx.samdb.add(rec, ["rodc_join:1:1"])
else: else:
rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
rec["HasMasterNCs"] = nc_list rec["HasMasterNCs"] = []
for nc in nc_list:
if nc in ctx.full_nc_list:
rec["HasMasterNCs"].append(nc)
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003: if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
rec["msDS-HasMasterNCs"] = ctx.nc_list rec["msDS-HasMasterNCs"] = ctx.full_nc_list
rec["options"] = "1" rec["options"] = "1"
rec["invocationId"] = ndr_pack(ctx.invocation_id) rec["invocationId"] = ndr_pack(ctx.invocation_id)
return rec
def join_add_ntdsdsa(ctx):
'''add the ntdsdsa object'''
rec = ctx.join_ntdsdsa_obj()
if ctx.RODC:
ctx.samdb.add(rec, ["rodc_join:1:1"])
else:
ctx.DsAddEntry([rec]) ctx.DsAddEntry([rec])
# find the GUID of our NTDS DN # find the GUID of our NTDS DN
@ -672,26 +685,7 @@ class dc_join(object):
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003: if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
rec["msDS-Behavior-Version"] = str(ctx.behavior_version) rec["msDS-Behavior-Version"] = str(ctx.behavior_version)
rec2 = { rec2 = ctx.join_ntdsdsa_obj()
"dn" : ctx.ntds_dn,
"objectclass" : "nTDSDSA",
"systemFlags" : str(samba.dsdb.SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE),
"dMDLocation" : ctx.schema_dn}
nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
rec2["msDS-Behavior-Version"] = str(ctx.behavior_version)
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
rec2["msDS-HasDomainNCs"] = ctx.base_dn
rec2["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
rec2["HasMasterNCs"] = nc_list
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
rec2["msDS-HasMasterNCs"] = ctx.nc_list
rec2["options"] = "1"
rec2["invocationId"] = ndr_pack(ctx.invocation_id)
objects = ctx.DsAddEntry([rec, rec2]) objects = ctx.DsAddEntry([rec, rec2])
if len(objects) != 2: if len(objects) != 2:
@ -1054,17 +1048,25 @@ class dc_join(object):
def do_join(ctx): def do_join(ctx):
# full_nc_list is the list of naming context (NC) for which we will # nc_list is the list of naming context (NC) for which we will
# send a updateRef command to the partner DC # replicate in and send a updateRef command to the partner DC
ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
if not ctx.subdomain: # full_nc_list is the list of naming context (NC) we hold
# read/write copies of. These are not subsets of each other.
ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
if ctx.subdomain and ctx.dns_backend != "NONE":
ctx.full_nc_list += [ctx.domaindns_zone]
elif not ctx.subdomain:
ctx.nc_list += [ctx.base_dn] ctx.nc_list += [ctx.base_dn]
if ctx.dns_backend != "NONE": if ctx.dns_backend != "NONE":
ctx.nc_list += [ctx.domaindns_zone] ctx.nc_list += [ctx.domaindns_zone]
ctx.nc_list += [ctx.forestdns_zone]
if ctx.dns_backend != "NONE": ctx.full_nc_list += [ctx.domaindns_zone]
ctx.nc_list += [ctx.forestdns_zone] ctx.full_nc_list += [ctx.forestdns_zone]
if ctx.promote_existing: if ctx.promote_existing:
ctx.promote_possible() ctx.promote_possible()

View File

@ -1669,6 +1669,7 @@ class AclSPNTests(AclTests):
# same as for join_RODC, but do not set any SPNs # same as for join_RODC, but do not set any SPNs
def create_rodc(self, ctx): def create_rodc(self, ctx):
ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ] ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn) ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
ctx.never_reveal_sid = [ "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY), ctx.never_reveal_sid = [ "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
@ -1699,6 +1700,7 @@ class AclSPNTests(AclTests):
def create_dc(self, ctx): def create_dc(self, ctx):
ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ] ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
ctx.secure_channel_type = misc.SEC_CHAN_BDC ctx.secure_channel_type = misc.SEC_CHAN_BDC
ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP | ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |