From 42f73ea7797ef676e4494b9f83d8c02482c388f9 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata <edewata@redhat.com>
Date: Thu, 22 Apr 2010 11:18:00 -0500
Subject: [PATCH] s4-dns: Use SAMDB Credentials to connect to LDAP backend.

---
 source4/scripting/bin/samba_dnsupdate |   33 ++++++++++++++++++++++++++++++---
 1 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 3fe55e2..0f3e71f 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -32,10 +32,12 @@ sys.path.insert(0, "bin/python")
 
 import samba
 import optparse
+from samba import Ldb
 from samba import getopt as options
 from ldb import SCOPE_BASE
 from samba.auth import system_session
 from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
 
 samba.ensure_external_module("dns", "dnspython")
 import dns.resolver as resolver
@@ -50,7 +52,9 @@ parser.add_option("--verbose", action="store_true")
 parser.add_option("--all-interfaces", action="store_true")
 parser.add_option("--use-file", type="string", help="Use a file, rather than real DNS calls")
 
-creds = None
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
 ccachename = None
 
 opts, args = parser.parse_args()
@@ -60,6 +64,7 @@ if len(args) != 0:
     sys.exit(1)
 
 lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
 
 domain = lp.get("realm")
 host = lp.get("netbios name")
@@ -188,11 +193,33 @@ def check_dns_name(d):
 ###########################################
 # get the list of substitution vars
 def get_subst_vars():
-    global lp
+    global lp, creds
     vars = {}
 
+    private_dir = lp.get("private dir")
+    secrets_path = os.path.join(private_dir, lp.get("secrets database"))
+
+    secrets_db = Ldb(url=secrets_path, session_info=system_session(),
+                     credentials=creds, lp=lp)
+    res = secrets_db.search(base=None,
+                            expression="(&(objectclass=ldapSecret)(cn=SAMDB Credentials))",
+                            attrs=["samAccountName", "secret"])
+
+    if len(res) == 1:
+        credentials = Credentials()
+        credentials.set_kerberos_state(DONT_USE_KERBEROS)
+
+        if "samAccountName" in res[0]:
+            credentials.set_username(res[0]["samAccountName"][0])
+
+        if "secret" in res[0]:
+            credentials.set_password(res[0]["secret"][0])
+
+    else:
+        credentials = None
+
     samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
-                  lp=lp)
+                  credentials=credentials, lp=lp)
 
     vars['DNSDOMAIN'] = lp.get('realm').lower()
     vars['HOSTNAME']  = lp.get('netbios name').lower() + "." + vars['DNSDOMAIN']
-- 
1.6.6.1