The Samba-Bugzilla – Attachment 12451 Details for
Bug 10882
samba_upgradedns with BIND9_DLZ doesn't recreate dns-hostname account
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix for bug 10882
samba_upgradedns-fix-for-bug-10882.patch (text/plain), 6.93 KB, created by
Rowland Penny
on 2016-09-07 11:19:32 UTC
(
hide
)
Description:
fix for bug 10882
Filename:
MIME Type:
Creator:
Rowland Penny
Created:
2016-09-07 11:19:32 UTC
Size:
6.93 KB
patch
obsolete
>From 6fced13052445b42a8b7002a9eccb2c1bea18393 Mon Sep 17 00:00:00 2001 >From: Rowland Penny <rpenny@samba.org> >Date: Wed, 31 Aug 2016 08:27:38 +0100 >Subject: [PATCH 3/3] samba_upgradedns: fix for bug 10882 > >Signed-off-by: Rowland Penny <rpenny@samba.org> >--- > source4/scripting/bin/samba_upgradedns | 124 +++++++++++++++------------------ > 1 file changed, 57 insertions(+), 67 deletions(-) > >diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns >index 5963712..19bb2c9 100755 >--- a/source4/scripting/bin/samba_upgradedns >+++ b/source4/scripting/bin/samba_upgradedns >@@ -286,11 +286,11 @@ if __name__ == '__main__': > attrs=['objectSid']) > dnsadmins_sid = ndr_unpack(security.dom_sid, msg[0]['objectSid'][0]) > except IndexError: >- logger.info("Adding DNS accounts") >+ logger.info("Adding DNS group 'DnsAdmins' account") > add_dns_accounts(ldbs.sam, domaindn) > dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn) > else: >- logger.info("DNS accounts already exist") >+ logger.info("DNS group account 'DnsAdmins' already exists") > > # Import dns records from zone file > if os.path.exists(paths.dns): >@@ -409,46 +409,64 @@ if __name__ == '__main__': > except Exception: > raise > >+ # Check if dns-HOSTNAME account exists in sam.ldb and secrets.ldb >+ # Delete it if found >+ try: >+ dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname >+ secrets_msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, >+ attrs=[]) >+ dn = secrets_msg[0].dn >+ except IndexError: >+ dn = None >+ >+ if dn is not None: >+ logger.info("Deleting %s from secrets.ldb" % dn) >+ try: >+ ldbs.secrets.delete(dn) >+ except Exception: >+ logger.info("Failed to delete %s from secrets.ldb" % dn) >+ >+ try: >+ msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, >+ expression='(sAMAccountName=dns-%s)' % (hostname), >+ attrs=[]) >+ dn = msg[0].dn >+ except IndexError: >+ dn = None >+ >+ if dn is not None: >+ logger.info("Deleting %s from sam.ldb" % dn) >+ try: >+ ldbs.sam.delete(dn) >+ except Exception: >+ logger.info("Failed to delete %s from sam.ldb" % dn) >+ > # Special stuff for DLZ backend > if opts.dns_backend == "BIND9_DLZ": >- # Check if dns-HOSTNAME account exists and create it if required >- secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret']) >- if len(secrets_msgs) == 0: >- >- logger.info("Adding dns-%s account" % hostname) >- >- msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, >- expression='(sAMAccountName=dns-%s)' % (hostname), >- attrs=[]) >- if len(msg) == 1: >- dn = msg[0].dn >- ldbs.sam.delete(dn) >- >- dnspass = samba.generate_random_password(128, 255) >- setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), { >- "DNSDOMAIN": dnsdomain, >- "DOMAINDN": domaindn, >- "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')), >- "HOSTNAME" : hostname, >- "DNSNAME" : dnsname } >- ) >- >- res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, >- expression='(sAMAccountName=dns-%s)' % (hostname), >- attrs=["msDS-KeyVersionNumber"]) >- if "msDS-KeyVersionNumber" in res[0]: >- dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0]) >- else: >- dns_key_version_number = None >- >- secretsdb_setup_dns(ldbs.secrets, names, >- paths.private_dir, realm=names.realm, >- dnsdomain=names.dnsdomain, >- dns_keytab_path=paths.dns_keytab, dnspass=dnspass, >- key_version_number=dns_key_version_number) >- >+ logger.info("Adding dns-%s account" % hostname) >+ >+ dnspass = samba.generate_random_password(128, 255) >+ setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), { >+ "DNSDOMAIN": dnsdomain, >+ "DOMAINDN": domaindn, >+ "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')), >+ "HOSTNAME" : hostname, >+ "DNSNAME" : dnsname } >+ ) >+ >+ res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, >+ expression='(sAMAccountName=dns-%s)' % (hostname), >+ attrs=["msDS-KeyVersionNumber"]) >+ if "msDS-KeyVersionNumber" in res[0]: >+ dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0]) > else: >- logger.info("dns-%s account already exists" % hostname) >+ dns_key_version_number = None >+ >+ secretsdb_setup_dns(ldbs.secrets, names, >+ paths.private_dir, realm=names.realm, >+ dnsdomain=names.dnsdomain, >+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass, >+ key_version_number=dns_key_version_number) > > dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab) > if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None: >@@ -476,34 +494,6 @@ if __name__ == '__main__': > logger.info("See %s for an example configuration include file for BIND", paths.namedconf) > logger.info("and %s for further documentation required for secure DNS " > "updates", paths.namedtxt) >- elif opts.dns_backend == "SAMBA_INTERNAL": >- # Check if dns-HOSTNAME account exists and delete it if required >- try: >- dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname >- msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=[]) >- dn = msg[0].dn >- except IndexError: >- dn = None >- >- if dn is not None: >- try: >- ldbs.secrets.delete(dn) >- except Exception: >- logger.info("Failed to delete %s from secrets.ldb" % dn) >- >- try: >- msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, >- expression='(sAMAccountName=dns-%s)' % (hostname), >- attrs=[]) >- dn = msg[0].dn >- except IndexError: >- dn = None >- >- if dn is not None: >- try: >- ldbs.sam.delete(dn) >- except Exception: >- logger.info("Failed to delete %s from sam.ldb" % dn) > > logger.info("Finished upgrading DNS") > >-- >2.1.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 10882
:
12290
| 12451 |
12699