[SCM] Samba Shared Repository - branch master updated
Kai Blin
kai at samba.org
Wed Jul 6 18:30:02 MDT 2011
The branch, master has been updated
via 749d022 s4 provision: Add some of the AD-specific DNS records to the directory
via a8d3bdb s4 provision: split up DNS provisioning into generic and samba-specific ldifs
from 0b8184d s4:torture/smb2: s/smb2cli_unlock/test_smb2_unlock
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 749d022a0c68dd7d9f62b034e37fbe509dba2c46
Author: Kai Blin <kai at samba.org>
Date: Mon Jun 27 11:25:39 2011 +0200
s4 provision: Add some of the AD-specific DNS records to the directory
Signed-off-by: Kai Blin <kai at samba.org>
Autobuild-User: Kai Blin <kai at samba.org>
Autobuild-Date: Thu Jul 7 02:29:53 CEST 2011 on sn-devel-104
commit a8d3bdb48da71dd65385e4355e46a595ef32dbe0
Author: Kai Blin <kai at samba.org>
Date: Sun Jun 26 00:36:25 2011 +0200
s4 provision: split up DNS provisioning into generic and samba-specific ldifs
Signed-off-by: Kai Blin <kai at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.../scripting/python/samba/provision/__init__.py | 8 +-
.../scripting/python/samba/provision/sambadns.py | 231 ++++++++++++++++++++
source4/setup/provision_dns_add.ldif | 23 +--
source4/setup/provision_dns_add_samba.ldif | 17 ++
4 files changed, 258 insertions(+), 21 deletions(-)
create mode 100644 source4/scripting/python/samba/provision/sambadns.py
create mode 100644 source4/setup/provision_dns_add_samba.ldif
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 5aabd36..f2b8c04 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -74,6 +74,8 @@ from samba.provision.backend import (
LDBBackend,
OpenLDAPBackend,
)
+from samba.provision.sambadns import setup_ad_dns
+
import samba.param
import samba.registry
from samba.schema import Schema
@@ -1101,9 +1103,9 @@ def setup_self_join(samdb, names, machinepass, dnspass,
"RIDALLOCATIONEND": str(next_rid + 100 + 499),
})
- # This is partially Samba4 specific and should be replaced by the correct
+ # This is Samba4 specific and should be replaced by the correct
# DNS AD-style setup
- setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+ setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn,
"DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
@@ -1761,6 +1763,8 @@ def provision(logger, session_info, credentials, smbconf=None,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ setup_ad_dns(samdb, names=names, hostip=hostip, hostip6=hostip6)
+
domainguid = samdb.searchone(basedn=domaindn,
attribute="objectGUID")
assert isinstance(domainguid, str)
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py
new file mode 100644
index 0000000..6b8561e
--- /dev/null
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -0,0 +1,231 @@
+# Unix SMB/CIFS implementation.
+# backend code for provisioning DNS for a Samba4 server
+#
+# Copyright (C) Kai Blin <kai at samba.org> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""DNS-related provisioning"""
+
+import os
+import ldb
+import samba
+from samba.ndr import ndr_pack
+from samba import read_and_sub_file
+from samba.dcerpc import dnsp
+
+class ARecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, ip_addr, serial=1, ttl=3600):
+ super(ARecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_A
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ self.data = ip_addr
+
+class AAAARecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, ip6_addr, serial=1, ttl=3600):
+ super(AAAARecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_AAAA
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ self.data = ip6_addr
+
+class NSRecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, dns_server, serial=1, ttl=3600):
+ super(NSRecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_NS
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ self.data = dns_server
+
+class SOARecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, mname, rname, serial=1, refresh=900, retry=600,
+ expire=86400, minimum=3600, ttl=3600):
+ super(SOARecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_SOA
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ soa = dnsp.soa()
+ soa.serial = serial
+ soa.refresh = refresh
+ soa.retry = retry
+ soa.expire = expire
+ soa.mname = mname
+ soa.rname = rname
+ self.data = soa
+
+class SRVRecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, target, port, priority=0, weight=0, serial=1, ttl=3600):
+ super(SRVRecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_SRV
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ srv = dnsp.srv()
+ srv.nameTarget = target
+ srv.wPort = port
+ srv.wPriority = priority
+ srv.wWeight = weight
+ self.data = srv
+
+def setup_ad_dns(samdb, names, hostip=None, hostip6=None):
+ domaindn = names.domaindn
+ dnsdomain = names.dnsdomain.lower()
+ hostname = names.netbiosname.lower()
+ dnsname = "%s.%s" % (hostname, dnsdomain)
+ site = names.sitename
+
+ dns_ldif = os.path.join(samba.param.setup_dir(), "provision_dns_add.ldif")
+
+ dns_data = read_and_sub_file(dns_ldif, {
+ "DOMAINDN": domaindn,
+ "DNSDOMAIN" : dnsdomain
+ })
+ samdb.add_ldif(dns_data, ["relax:0"])
+
+ soa_subrecords = []
+ dns_records = []
+
+ # @ entry for the domain
+ at_soa_record = SOARecord(dnsname, "hostmaster.%s" % dnsdomain)
+ soa_subrecords.append(ndr_pack(at_soa_record))
+
+ at_ns_record = NSRecord(dnsname)
+ soa_subrecords.append(ndr_pack(at_ns_record))
+
+ if hostip is not None:
+ # A record
+ at_a_record = ARecord(hostip)
+ dns_records.append(ndr_pack(at_a_record))
+
+ if hostip6 is not None:
+ at_aaaa_record = AAAARecord(hostip6)
+ dns_records.append(ndr_pack(at_aaaa_record))
+
+ msg = ldb.Message(ldb.Dn(samdb, "DC=@,DC=%s,CN=MicrosoftDNS,CN=System,%s" %\
+ (dnsdomain, domaindn )))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = ldb.MessageElement(soa_subrecords + dns_records,
+ ldb.FLAG_MOD_ADD, "dnsRecord")
+ samdb.add(msg)
+
+ # _gc._tcp record
+ gc_tcp_record = SRVRecord(dnsname, 3268)
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_gc._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(gc_tcp_record)]
+ samdb.add(msg)
+
+ # _gc._tcp.sitename._site record
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_gc._tcp.%s._sites,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (names.sitename, dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(gc_tcp_record)]
+ samdb.add(msg)
+
+ # _kerberos._tcp record
+ kerberos_record = SRVRecord(dnsname, 88)
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_kerberos._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(kerberos_record)]
+ samdb.add(msg)
+
+ # _kerberos._tcp.sitename._site record
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_kerberos._tcp.%s._sites,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (site, dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(kerberos_record)]
+ samdb.add(msg)
+
+ # _kerberos._udp record
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_kerberos._udp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(kerberos_record)]
+ samdb.add(msg)
+
+ # _kpasswd._tcp record
+ kpasswd_record = SRVRecord(dnsname, 464)
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_kpasswd._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(kpasswd_record)]
+ samdb.add(msg)
+
+ # _kpasswd._udp record
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_kpasswd._udp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(kpasswd_record)]
+ samdb.add(msg)
+
+ # _ldap._tcp record
+ ldap_record = SRVRecord(dnsname, 389)
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_ldap._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(ldap_record)]
+ samdb.add(msg)
+
+ # _ldap._tcp.sitename._site record
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_ldap._tcp.%s._site,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (site, dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(ldap_record)]
+ samdb.add(msg)
+
+ # _msdcs record
+ msdcs_record = NSRecord(dnsname)
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=_msdcs,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = [ndr_pack(msdcs_record)]
+ samdb.add(msg)
+
+ # the host's own record
+ # Only do this if there's IP addresses to set up.
+ # This is a bit weird, but the samba4.blackbox.provision.py test apparently
+ # doesn't set up any IPs
+ if len(dns_records) > 0:
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=%s,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (hostname, dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = ldb.MessageElement(dns_records,
+ ldb.FLAG_MOD_ADD, "dnsRecord")
+ samdb.add(msg)
+
+ # DomainDnsZones record
+ msg = ldb.Message(ldb.Dn(samdb,
+ "DC=DomainDnsZones,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
+ (dnsdomain, domaindn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = ldb.MessageElement(dns_records,
+ ldb.FLAG_MOD_ADD, "dnsRecord")
+
+ samdb.add(msg)
+
+
diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif
index 2263fcb..12ad589 100644
--- a/source4/setup/provision_dns_add.ldif
+++ b/source4/setup/provision_dns_add.ldif
@@ -15,6 +15,10 @@ dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
objectClass: container
displayName: DNS Servers
+
+dn: DC=${DNSDOMAIN},CN=MicrosoftDNS,CN=System,${DOMAINDN}
+objectClass: dnsZone
+
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN}
objectClass: dnsZone
@@ -86,22 +90,3 @@ dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN
objectClass: dnsNode
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwDqAHg==
-
-# NOTE: This account is SAMBA4 specific!
-# we have it to avoid the need for the bind daemon to
-# have access to the whole secrets.keytab for the domain,
-# otherwise bind could impersonate any user
-dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account for ${HOSTNAME}
-userAccountControl: 512
-accountExpires: 9223372036854775807
-sAMAccountName: dns-${HOSTNAME}
-servicePrincipalName: DNS/${DNSNAME}
-servicePrincipalName: DNS/${DNSDOMAIN}
-clearTextPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
-
diff --git a/source4/setup/provision_dns_add_samba.ldif b/source4/setup/provision_dns_add_samba.ldif
new file mode 100644
index 0000000..6c664d9
--- /dev/null
+++ b/source4/setup/provision_dns_add_samba.ldif
@@ -0,0 +1,17 @@
+# NOTE: This account is SAMBA4 specific!
+# we have it to avoid the need for the bind daemon to
+# have access to the whole secrets.keytab for the domain,
+# otherwise bind could impersonate any user
+dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account for ${HOSTNAME}
+userAccountControl: 512
+accountExpires: 9223372036854775807
+sAMAccountName: dns-${HOSTNAME}
+servicePrincipalName: DNS/${DNSNAME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+clearTextPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE
--
Samba Shared Repository
More information about the samba-cvs
mailing list