[SCM] Samba Shared Repository - branch master updated
Amitay Isaacs
amitay at samba.org
Tue Mar 20 20:17:02 MDT 2012
The branch, master has been updated
via b114043 s4-upgradedns: Add DNS partitions in msDS-hasMasterNCs in NTDS settings
via ffce812 s4-rpc: dnsserver: Fix IPv6 reverse zone handling
via 8a39c5c s4-upgradedns: Allow fixing of dns provision after domain join
from 7639ebe librpc/wscript_build: Fix formatting.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b114043c4641f4559e3b02a0b094153d83bb328e
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Mar 14 19:34:54 2012 +1100
s4-upgradedns: Add DNS partitions in msDS-hasMasterNCs in NTDS settings
Autobuild-User: Amitay Isaacs <amitay at samba.org>
Autobuild-Date: Wed Mar 21 03:16:22 CET 2012 on sn-devel-104
commit ffce812c22932704618bee212f07f43907e78083
Author: Amitay Isaacs <amitay at gmail.com>
Date: Tue Mar 13 12:05:10 2012 +1100
s4-rpc: dnsserver: Fix IPv6 reverse zone handling
Thanks to Marcel Ritter <marcel.ritter at rrze.fau.de> for the patch.
commit 8a39c5c3a1cd3868a5829da21bf87e2b370dd4cc
Author: Amitay Isaacs <amitay at gmail.com>
Date: Tue Mar 13 11:51:02 2012 +1100
s4-upgradedns: Allow fixing of dns provision after domain join
This change allows samba_upgradedns script to be run even on existing
dns provision (DLZ_BIND9 or SAMBA_INTERNAL) without any side effects.
This allows to "fix" dns provision after samba-tool domain join for
running BIND with DLZ plugin.
-----------------------------------------------------------------------
Summary of changes:
source4/rpc_server/dnsserver/dnsutils.c | 7 ++
source4/scripting/bin/samba_upgradedns | 135 ++++++++++++++++++++++---------
2 files changed, 103 insertions(+), 39 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c
index 52a8bdd..8140296 100644
--- a/source4/rpc_server/dnsserver/dnsutils.c
+++ b/source4/rpc_server/dnsserver/dnsutils.c
@@ -159,6 +159,7 @@ struct dnsserver_zoneinfo *dnsserver_init_zoneinfo(struct dnsserver_zone *zone,
struct dnsserver_zoneinfo *zoneinfo;
uint32_t fReverse;
const char *revzone = "in-addr.arpa";
+ const char *revzone6 = "ip6.arpa";
int len1, len2;
zoneinfo = talloc_zero(zone, struct dnsserver_zoneinfo);
@@ -167,11 +168,17 @@ struct dnsserver_zoneinfo *dnsserver_init_zoneinfo(struct dnsserver_zone *zone,
}
/* If the zone name ends with in-addr.arpa, it's reverse zone */
+ /* If the zone name ends with ip6.arpa, it's reverse zone (IPv6) */
fReverse = 0;
len1 = strlen(zone->name);
len2 = strlen(revzone);
if (len1 > len2 && strcasecmp(&zone->name[len1-len2], revzone) == 0) {
fReverse = 1;
+ } else {
+ len2 = strlen(revzone6);
+ if (len1 > len2 && strcasecmp(&zone->name[len1-len2], revzone6) == 0) {
+ fReverse = 1;
+ }
}
zoneinfo->Version = 0x32;
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 3a6c0b7..1a42e0c 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -323,6 +323,8 @@ if __name__ == '__main__':
logger.info("Adding DNS accounts")
add_dns_accounts(ldbs.sam, domaindn)
dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn)
+ else:
+ logger.info("DNS accounts already exist")
# Import dns records from zone file
if os.path.exists(paths.dns):
@@ -340,55 +342,110 @@ if __name__ == '__main__':
logger.warn("DNS records will be automatically created")
autofill = True
- # Fill DNS information
- logger.info("Creating DNS partitions")
- create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn,
+ # Create DNS partitions if missing and fill DNS information
+ try:
+ expression = '(|(dnsRoot=DomainDnsZones.%s)(dnsRoot=ForestDnsZones.%s))' % \
+ (dnsdomain, dnsdomain)
+ msg = ldbs.sam.search(base=names.configdn, scope=ldb.SCOPE_DEFAULT,
+ expression=expression, attrs=['nCName'])
+ ncname = msg[0]['nCName'][0]
+ except Exception, e:
+ logger.info("Creating DNS partitions")
+ create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn,
dnsadmins_sid)
- logger.info("Populating DNS partitions")
- fill_dns_data_partitions(ldbs.sam, domainsid, site, domaindn, forestdn,
+ logger.info("Populating DNS partitions")
+ fill_dns_data_partitions(ldbs.sam, domainsid, site, domaindn, forestdn,
dnsdomain, dnsforest, hostname, hostip, hostip6,
domainguid, ntdsguid, dnsadmins_sid,
autofill=autofill)
- if not autofill:
- logger.info("Importing records from zone file")
- import_zone_data(ldbs.sam, logger, zone, serial, domaindn, forestdn,
- dnsdomain, dnsforest)
+ if not autofill:
+ logger.info("Importing records from zone file")
+ import_zone_data(ldbs.sam, logger, zone, serial, domaindn, forestdn,
+ dnsdomain, dnsforest)
+ else:
+ logger.info("DNS partitions already exist")
- if opts.dns_backend == "BIND9_DLZ":
- create_dns_dir(logger, paths)
+ # Mark that we are hosting DNS partitions
+ try:
+ dns_nclist = [ 'DC=DomainDnsZones,%s' % domaindn,
+ 'DC=ForestDnsZones,%s' % forestdn ]
+
+ msgs = ldbs.sam.search(base=names.serverdn, scope=ldb.SCOPE_DEFAULT,
+ expression='(objectclass=nTDSDSa)',
+ attrs=['hasPartialReplicaNCs',
+ 'msDS-hasMasterNCs'])
+ msg = msgs[0]
+
+ master_nclist = []
+ for nc in msg["msDS-hasMasterNCs"]:
+ master_nclist.append(nc)
+
+ partial_nclist = []
+ for nc in msg["hasPartialReplicaNCs"]:
+ partial_nclist.append(nc)
+
+ modified = False
+ for nc in dns_nclist:
+ if nc not in master_nclist:
+ master_nclist.append(nc)
+ modified = True
+ if nc in partial_nclist:
+ partial_nclist.remove(nc)
+ modified = True
+
+ if modified:
+ logger.debug("Updating msDS-hasMasterNCs and hasPartialReplicaNCs attributes")
+ msg["msDS-hasMasterNCs"] = ldb.MessageElement(master_nclist,
+ ldb.FLAG_MOD_REPLACE,
+ "msDS-hasMasterNCs")
+ msg["hasPartialReplicaNCs"] = ldb.MessageElement(partial_nclist,
+ ldb.FLAG_MOD_REPLACE,
+ "hasPartialReplicaNCs")
+ ldbs.sam.modify(msg)
+ except Exception:
+ raise
+
+ # Check if dns-HOSTNAME account exists and create it if required
+ try:
+ dn = 'samAccountName=dns-%s,CN=Principals' % hostname
+ msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
+ dnssecret = msg[0]['secret'][0]
+ except Exception:
+ logger.info("Adding dns-%s account" % hostname)
- # Check if dns-HOSTNAME account exists and create it if required
try:
- dn = 'samAccountName=dns-%s,CN=Principals' % hostname
- msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
- dnssecret = msg[0]['secret'][0]
+ msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+ expression='(sAMAccountName=dns-%s)' % (hostname),
+ attrs=['clearTextPassword'])
+ dn = msg[0].dn
+ ldbs.sam.delete(dn)
except Exception:
- logger.info("Creating DNS account for BIND9")
-
- try:
- msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
- expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=['clearTextPassword'])
- dn = msg[0].dn
- ldbs.sam.delete(dn)
- except Exception:
- pass
-
- dnspass = samba.generate_random_password(128, 255)
- setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
- "DNSDOMAIN": dnsdomain,
- "DOMAINDN": domaindn,
- "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
- "HOSTNAME" : hostname,
- "DNSNAME" : dnsname }
- )
-
- secretsdb_setup_dns(ldbs.secrets, names,
- paths.private_dir, realm=names.realm,
- dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ pass
+
+ dnspass = samba.generate_random_password(128, 255)
+ setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
+ "DNSDOMAIN": dnsdomain,
+ "DOMAINDN": domaindn,
+ "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
+ "HOSTNAME" : hostname,
+ "DNSNAME" : dnsname }
+ )
+
+ secretsdb_setup_dns(ldbs.secrets, names,
+ paths.private_dir, realm=names.realm,
+ dnsdomain=names.dnsdomain,
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ else:
+ logger.info("dns-%s account already exists" % hostname)
+
+ # Special stuff for DLZ backend
+ if opts.dns_backend == "BIND9_DLZ":
+ # This forces a re-creation of dns directory and all the files within
+ # It's an overkill, but it's easier to re-create a samdb copy, rather
+ # than trying to fix a broken copy.
+ create_dns_dir(logger, paths)
# Setup a copy of SAM for BIND9
create_samdb_copy(ldbs.sam, logger, paths, names, domainsid,
--
Samba Shared Repository
More information about the samba-cvs
mailing list