Attachment 12451 Details for Bug 10882 – fix for bug 10882

[patch] fix for bug 10882

samba_upgradedns-fix-for-bug-10882.patch (text/plain), 6.93 KB, created by Rowland Penny on 2016-09-07 11:19:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Rowland Penny

Created: 2016-09-07 11:19:32 UTC

Size: 6.93 KB

patch

obsolete

>From 6fced13052445b42a8b7002a9eccb2c1bea18393 Mon Sep 17 00:00:00 2001
>From: Rowland Penny <rpenny@samba.org>
>Date: Wed, 31 Aug 2016 08:27:38 +0100
>Subject: [PATCH 3/3] samba_upgradedns: fix for bug 10882
>
>Signed-off-by: Rowland Penny <rpenny@samba.org>
>---
> source4/scripting/bin/samba_upgradedns | 124 +++++++++++++++------------------
> 1 file changed, 57 insertions(+), 67 deletions(-)
>
>diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
>index 5963712..19bb2c9 100755
>--- a/source4/scripting/bin/samba_upgradedns
>+++ b/source4/scripting/bin/samba_upgradedns
>@@ -286,11 +286,11 @@ if __name__ == '__main__':
>                               attrs=['objectSid'])
>         dnsadmins_sid = ndr_unpack(security.dom_sid, msg[0]['objectSid'][0])
>     except IndexError:
>-        logger.info("Adding DNS accounts")
>+        logger.info("Adding DNS group 'DnsAdmins' account")
>         add_dns_accounts(ldbs.sam, domaindn)
>         dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn)
>     else:
>-        logger.info("DNS accounts already exist")
>+        logger.info("DNS group account 'DnsAdmins' already exists")
> 
>     # Import dns records from zone file
>     if os.path.exists(paths.dns):
>@@ -409,46 +409,64 @@ if __name__ == '__main__':
>     except Exception:
>         raise
> 
>+    # Check if dns-HOSTNAME account exists in sam.ldb and secrets.ldb
>+    # Delete it if found
>+    try:
>+        dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname
>+        secrets_msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str,
>+                                          attrs=[])
>+        dn = secrets_msg[0].dn
>+    except IndexError:
>+        dn = None
>+    
>+    if dn is not None:
>+        logger.info("Deleting %s from secrets.ldb" % dn)
>+        try:
>+            ldbs.secrets.delete(dn)
>+        except Exception:
>+            logger.info("Failed to delete %s from secrets.ldb" % dn)
>+
>+    try:
>+        msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
>+                              expression='(sAMAccountName=dns-%s)' % (hostname),
>+                              attrs=[])
>+        dn = msg[0].dn
>+    except IndexError:
>+        dn = None
>+
>+    if dn is not None:
>+        logger.info("Deleting %s from sam.ldb" % dn)
>+        try:
>+            ldbs.sam.delete(dn)
>+        except Exception:
>+            logger.info("Failed to delete %s from sam.ldb" % dn)
>+
>     # Special stuff for DLZ backend
>     if opts.dns_backend == "BIND9_DLZ":
>-        # Check if dns-HOSTNAME account exists and create it if required
>-        secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
>-        if len(secrets_msgs) == 0:
>-
>-            logger.info("Adding dns-%s account" % hostname)
>-
>-            msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
>-                                  expression='(sAMAccountName=dns-%s)' % (hostname),
>-                                  attrs=[])
>-            if len(msg) == 1:
>-                dn = msg[0].dn
>-                ldbs.sam.delete(dn)
>-
>-            dnspass = samba.generate_random_password(128, 255)
>-            setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
>-                    "DNSDOMAIN": dnsdomain,
>-                    "DOMAINDN": domaindn,
>-                    "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
>-                    "HOSTNAME" : hostname,
>-                    "DNSNAME" : dnsname }
>-                           )
>-
>-            res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
>-                                  expression='(sAMAccountName=dns-%s)' % (hostname),
>-                                  attrs=["msDS-KeyVersionNumber"])
>-            if "msDS-KeyVersionNumber" in res[0]:
>-                dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
>-            else:
>-                dns_key_version_number = None
>-
>-            secretsdb_setup_dns(ldbs.secrets, names,
>-                                paths.private_dir, realm=names.realm,
>-                                dnsdomain=names.dnsdomain,
>-                                dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
>-                                key_version_number=dns_key_version_number)
>-
>+        logger.info("Adding dns-%s account" % hostname)
>+
>+        dnspass = samba.generate_random_password(128, 255)
>+        setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
>+                "DNSDOMAIN": dnsdomain,
>+                "DOMAINDN": domaindn,
>+                "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
>+                "HOSTNAME" : hostname,
>+                "DNSNAME" : dnsname }
>+                       )
>+
>+        res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
>+                              expression='(sAMAccountName=dns-%s)' % (hostname),
>+                              attrs=["msDS-KeyVersionNumber"])
>+        if "msDS-KeyVersionNumber" in res[0]:
>+            dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
>         else:
>-            logger.info("dns-%s account already exists" % hostname)
>+            dns_key_version_number = None
>+
>+        secretsdb_setup_dns(ldbs.secrets, names,
>+                            paths.private_dir, realm=names.realm,
>+                            dnsdomain=names.dnsdomain,
>+                            dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
>+                            key_version_number=dns_key_version_number)
> 
>         dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
>         if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
>@@ -476,34 +494,6 @@ if __name__ == '__main__':
>         logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
>         logger.info("and %s for further documentation required for secure DNS "
>                     "updates", paths.namedtxt)
>-    elif opts.dns_backend == "SAMBA_INTERNAL":
>-        # Check if dns-HOSTNAME account exists and delete it if required
>-        try:
>-            dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname
>-            msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=[])
>-            dn = msg[0].dn
>-        except IndexError:
>-            dn = None
>-
>-        if dn is not None:
>-            try:
>-                ldbs.secrets.delete(dn)
>-            except Exception:
>-                logger.info("Failed to delete %s from secrets.ldb" % dn)
>-
>-        try:
>-            msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
>-                                  expression='(sAMAccountName=dns-%s)' % (hostname),
>-                                  attrs=[])
>-            dn = msg[0].dn
>-        except IndexError:
>-            dn = None
>-
>-        if dn is not None:
>-            try:
>-                ldbs.sam.delete(dn)
>-            except Exception:
>-                logger.info("Failed to delete %s from sam.ldb" % dn)
> 
>     logger.info("Finished upgrading DNS")
> 
>-- 
>2.1.4
>

Actions: View

Attachments on bug 10882: 12290 | 12451 | 12699