From c983ea8e5dc30111f6b8407307c3212635593949 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 24 Jun 2012 21:10:34 +1000 Subject: [PATCH] s4-join: Setup correct DNS configuration This means we do not need to run samba_upgradedns any more. Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Jun 24 18:10:10 CEST 2012 on sn-devel-104 --- source4/scripting/python/samba/join.py | 15 +++- .../python/samba/provision/sambadns.py | 79 +++++++++++++------ 2 files changed, 71 insertions(+), 23 deletions(-) diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index b1901e0421c..9ef7d3dd173 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -28,6 +28,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN from samba.schema import Schema from samba.net import Net +from samba.provision.sambadns import setup_bind9_dns import logging import talloc import random @@ -642,7 +643,7 @@ class dc_join(object): targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN, machinepass=ctx.acct_pass, serverrole="domain controller", lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6, - dns_backend="BIND9_DLZ") + dns_backend=ctx.dns_backend) print("Provision OK for domain %s" % ctx.names.dnsdomain) def join_replicate(ctx): @@ -741,6 +742,9 @@ class dc_join(object): def join_finalise(ctx): '''finalise the join, mark us synchronised and setup secrets db''' + logger = logging.getLogger("provision") + logger.addHandler(logging.StreamHandler(sys.stdout)) + print "Sending DsReplicateUpdateRefs for all the partitions" for nc in ctx.full_nc_list: ctx.send_DsReplicaUpdateRefs(nc) @@ -768,6 +772,15 @@ class dc_join(object): secure_channel_type=ctx.secure_channel_type, key_version_number=ctx.key_version_number) + if ctx.dns_backend.startswith("BIND9_"): + dnspass = samba.generate_random_password(128, 255) + + setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid), + ctx.names, ctx.paths, ctx.lp, logger, + dns_backend=ctx.dns_backend, + dnspass=dnspass, os_level=ctx.behavior_version, + targetdir=ctx.targetdir) + def join_setup_trusts(ctx): '''provision the local SAM''' diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py index 5c3e6ba879b..257efd6239a 100644 --- a/source4/scripting/python/samba/provision/sambadns.py +++ b/source4/scripting/python/samba/provision/sambadns.py @@ -1011,30 +1011,65 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_back domainguid, names.ntdsguid, dnsadmins_sid) if dns_backend.startswith("BIND9_"): - secretsdb_setup_dns(secretsdb, names, - paths.private_dir, realm=names.realm, - dnsdomain=names.dnsdomain, - dns_keytab_path=paths.dns_keytab, dnspass=dnspass) + setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend, + os_level, site=site, dnspass=dnspass, hostip=hostip, hostip6=hostip6, + targetdir=targetdir) - create_dns_dir(logger, paths) +def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend, + os_level, site=None, dnspass=None, hostip=None, hostip6=None, + targetdir=None): + """Provision DNS information (assuming BIND9 backend in DC role) - if dns_backend == "BIND9_FLATFILE": - create_zone_file(lp, logger, paths, targetdir, site=site, - dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6, - hostname=names.hostname, realm=names.realm, - domainguid=domainguid, ntdsguid=names.ntdsguid) + :param samdb: LDB object connected to sam.ldb file + :param secretsdb: LDB object connected to secrets.ldb file + :param domainsid: Domain SID (as dom_sid object) + :param names: Names shortcut + :param paths: Paths shortcut + :param lp: Loadparm object + :param logger: Logger object + :param dns_backend: Type of DNS backend + :param os_level: Functional level (treated as os level) + :param site: Site to create hostnames in + :param dnspass: Password for bind's DNS account + :param hostip: IPv4 address + :param hostip6: IPv6 address + :param targetdir: Target directory for creating DNS-related files for BIND9 + """ - if dns_backend == "BIND9_DLZ" and os_level >= DS_DOMAIN_FUNCTION_2003: - create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid) + if not is_valid_dns_backend(dns_backend) or not dns_backend.startswith("BIND9_"): + raise Exception("Invalid dns backend: %r" % dns_backend) - create_named_conf(paths, realm=names.realm, - dnsdomain=names.dnsdomain, dns_backend=dns_backend) + if not is_valid_os_level(os_level): + raise Exception("Invalid os level: %r" % os_level) - create_named_txt(paths.namedtxt, - realm=names.realm, dnsdomain=names.dnsdomain, - dnsname = "%s.%s" % (names.hostname, names.dnsdomain), - private_dir=paths.private_dir, - keytab_name=paths.dns_keytab) - logger.info("See %s for an example configuration include file for BIND", paths.namedconf) - logger.info("and %s for further documentation required for secure DNS " - "updates", paths.namedtxt) + domaindn = names.domaindn + + domainguid = get_domainguid(samdb, domaindn) + + secretsdb_setup_dns(secretsdb, names, + paths.private_dir, realm=names.realm, + dnsdomain=names.dnsdomain, + dns_keytab_path=paths.dns_keytab, dnspass=dnspass) + + create_dns_dir(logger, paths) + + if dns_backend == "BIND9_FLATFILE": + create_zone_file(lp, logger, paths, targetdir, site=site, + dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6, + hostname=names.hostname, realm=names.realm, + domainguid=domainguid, ntdsguid=names.ntdsguid) + + if dns_backend == "BIND9_DLZ" and os_level >= DS_DOMAIN_FUNCTION_2003: + create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid) + + create_named_conf(paths, realm=names.realm, + dnsdomain=names.dnsdomain, dns_backend=dns_backend) + + create_named_txt(paths.namedtxt, + realm=names.realm, dnsdomain=names.dnsdomain, + dnsname = "%s.%s" % (names.hostname, names.dnsdomain), + private_dir=paths.private_dir, + keytab_name=paths.dns_keytab) + logger.info("See %s for an example configuration include file for BIND", paths.namedconf) + logger.info("and %s for further documentation required for secure DNS " + "updates", paths.namedtxt)