sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-20 16:23:51 +03:00
Code Activity

netcmd: Add sanity-check for invalid domain rename args

Browse Source 
We are suggesting to users that it's safe to run a renamed domain in
parallel with the old backed-up domain. However, this would not be the
case if the user (foolishly) "renames" their domain using the exact same
NetBIOS name or DNS realm.

Using the same DNS realm fails later on (updating the dnsRoot values),
but using the same NetBIOS name actually succeeds. While we can't make
samba tools completely idiot-proof, we can protect users from the most
basic of (potentially unintended) errors with some simple sanity-checks.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Tim Beale
2018-07-09 09:44:30 +12:00
committed by Andrew Bartlett
parent 7b70637e9f
commit c8f0b88571
2 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
python/samba/netcmd/domain_backup.py
View File

@@ -691,9 +691,8 @@ class cmd_domain_backup_rename(samba.netcmd.Command):
tmpdir = tempfile.mkdtemp(dir=targetdir)
# Clone and rename the remote server
# setup a join-context for cloning the remote server
lp = sambaopts.get_loadparm()
old_domain = lp.get('workgroup')
creds = credopts.get_credentials(lp)
include_secrets = not no_secrets
ctx = DCCloneAndRenameContext(new_base_dn, new_domain_name,
@@ -702,6 +701,19 @@ class cmd_domain_backup_rename(samba.netcmd.Command):
include_secrets=include_secrets,
dns_backend='SAMBA_INTERNAL',
server=server, targetdir=tmpdir)
# sanity-check we're not "renaming" the domain to the same values
old_domain = ctx.domain_name
if old_domain == new_domain_name:
shutil.rmtree(tmpdir)
raise CommandError("Cannot use the current domain NetBIOS name.")
old_realm = ctx.realm
if old_realm == new_dns_realm:
shutil.rmtree(tmpdir)
raise CommandError("Cannot use the current domain DNS realm.")
# do the clone/rename
ctx.do_join()
# get the paths used for the clone, then drop the old samdb connection
@@ -712,7 +724,6 @@ class cmd_domain_backup_rename(samba.netcmd.Command):
remote_sam = SamDB(url='ldap://' + server, credentials=creds,
session_info=system_session(), lp=lp)
new_sid = get_sid_for_restore(remote_sam)
old_realm = remote_sam.domain_dns_name()
# Grab the remote DC's sysvol files and bundle them into a tar file.
# Note we end up with 2 sysvol dirs - the original domain's files (that