[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Dec 15 13:41:56 UTC 2015
The branch, master has been updated
via 4807577 Fix bug 10881 Wrong keytab permissions when joining additional DC with BIND backend
via dc20c30 samba_upgradedns: Set correct permissions on secrets.keytab for BIND9
via 308d645 samba_upgradedns: Improve search for existing accounts in secrets.ldb
via d38e221 samba_dnsupdate: Simplify logic and add more verbose debugging
via 9bbb468 samba_dnsupdate: Expand output when --verbose is set
via 67b6346 python: Give a more helpful error message when we do not have an smb.conf
from ab1ebb1 password_lockout: test creds.get_kerberos_state()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4807577d30133bcd5150f3c9c1c7a576acbd93ce
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 13:59:33 2015 +1300
Fix bug 10881 Wrong keytab permissions when joining additional DC with BIND backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10881
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 15 11:47:21 CET 2015 on sn-devel-104
commit dc20c307cc1f0a5f245ff47757e8f0afe3ab8353
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 13:57:36 2015 +1300
samba_upgradedns: Set correct permissions on secrets.keytab for BIND9
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 308d645f3428660b0466dbe273b995a887af68da
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 26 13:50:21 2015 +1300
samba_upgradedns: Improve search for existing accounts in secrets.ldb
We should actually check for the combination of both an account in secrets.ldb
and sam.ldb, but this is at least an improvement.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit d38e22184ea036dfcbe851352729c469a494cb29
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 10 12:15:04 2015 +1200
samba_dnsupdate: Simplify logic and add more verbose debugging
By reducing the intendation this code is a little clearer
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 9bbb468dcb2dfec965076eadfac905e5e65a5d30
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 10 12:05:19 2015 +1200
samba_dnsupdate: Expand output when --verbose is set
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 67b6346e736fc04f66affa3025afe34ff1e4cd71
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 4 17:49:36 2015 +1300
python: Give a more helpful error message when we do not have an smb.conf
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
python/samba/provision/sambadns.py | 10 ++++++++++
python/samba/upgradehelpers.py | 2 +-
source4/scripting/bin/samba_dnsupdate | 34 ++++++++++++++++++++++++++++++----
source4/scripting/bin/samba_upgradedns | 27 +++++++++++++++++----------
4 files changed, 58 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index f3cdb32..a393181 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -1179,6 +1179,16 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
key_version_number=key_version_number)
+ dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+ try:
+ os.chmod(dns_keytab_path, 0640)
+ os.chown(dns_keytab_path, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ dns_keytab_path, paths.bind_gid)
+
create_dns_dir(logger, paths)
if dns_backend == "BIND9_FLATFILE":
diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py
index 3b664fe..9b2c1c2 100644
--- a/python/samba/upgradehelpers.py
+++ b/python/samba/upgradehelpers.py
@@ -197,7 +197,7 @@ def get_paths(param, targetdir=None, smbconf=None):
smbconf = param.default_path()
if not os.path.exists(smbconf):
- raise ProvisioningError("Unable to find smb.conf")
+ raise ProvisioningError("Unable to find smb.conf at %s" % smbconf)
lp = param.LoadParm()
lp.load(smbconf)
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 7f94067..e34d148 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -110,9 +110,7 @@ if opts.verbose:
def get_credentials(lp):
"""# get credentials if we haven't got them already."""
from samba import credentials
- global ccachename, creds
- if creds is not None:
- return
+ global ccachename
creds = credentials.Credentials()
creds.guess(lp)
creds.set_machine_account(lp)
@@ -594,8 +592,15 @@ for d in dns_list:
break
if not found:
rebuild_cache = True
- if opts.all_names or not check_dns_name(d):
+ if opts.all_names:
+ update_list.append(d)
+ if opts.verbose:
+ print "force update: %s" % d
+ elif not check_dns_name(d):
update_list.append(d)
+ if opts.verbose:
+ print "need update: %s" % d
+
for c in cache_list:
found = False
@@ -609,11 +614,16 @@ for c in cache_list:
if not opts.all_names and not check_dns_name(c):
continue
delete_list.append(c)
+ if opts.verbose:
+ print "need delete: %s" % c
if len(delete_list) == 0 and len(update_list) == 0 and not rebuild_cache:
if opts.verbose:
print "No DNS updates needed"
sys.exit(0)
+else:
+ if opts.verbose:
+ print "%d DNS updates and %d DNS deletes needed" % (len(update_list), len(delete_list))
# get our krb5 creds
if len(delete_list) != 0 or len(update_list) != 0:
@@ -624,24 +634,40 @@ if len(delete_list) != 0 or len(update_list) != 0:
for d in delete_list:
if am_rodc:
if d.name.lower() == domain.lower():
+ if opts.verbose:
+ print "skip delete (rodc): %s" % d
continue
if not d.type in [ 'A', 'AAAA' ]:
+ if opts.verbose:
+ print "delete (rodc): %s" % d
call_rodc_update(d, op="delete")
else:
+ if opts.verbose:
+ print "delete (nsupdate): %s" % d
call_nsupdate(d, op="delete")
else:
+ if opts.verbose:
+ print "delete (nsupdate): %s" % d
call_nsupdate(d, op="delete")
# ask nsupdate to add entries as needed
for d in update_list:
if am_rodc:
if d.name.lower() == domain.lower():
+ if opts.verbose:
+ print "skip (rodc): %s" % d
continue
if not d.type in [ 'A', 'AAAA' ]:
+ if opts.verbose:
+ print "update (rodc): %s" % d
call_rodc_update(d)
else:
+ if opts.verbose:
+ print "update (nsupdate): %s" % d
call_nsupdate(d)
else:
+ if opts.verbose:
+ print "update(nsupdate): %s" % d
call_nsupdate(d)
if rebuild_cache:
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 53e05a6..5963712 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -412,21 +412,17 @@ if __name__ == '__main__':
# Special stuff for DLZ backend
if opts.dns_backend == "BIND9_DLZ":
# Check if dns-HOSTNAME account exists and create it if required
- try:
- dn = 'samAccountName=dns-%s,CN=Principals' % hostname
- msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
- except IndexError:
+ secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
+ if len(secrets_msgs) == 0:
logger.info("Adding dns-%s account" % hostname)
- try:
- msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
- expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=[])
+ msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+ expression='(sAMAccountName=dns-%s)' % (hostname),
+ attrs=[])
+ if len(msg) == 1:
dn = msg[0].dn
ldbs.sam.delete(dn)
- except IndexError:
- pass
dnspass = samba.generate_random_password(128, 255)
setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
@@ -450,9 +446,20 @@ if __name__ == '__main__':
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
key_version_number=dns_key_version_number)
+
else:
logger.info("dns-%s account already exists" % hostname)
+ dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+ try:
+ os.chmod(dns_keytab_path, 0640)
+ os.chown(dns_keytab_path, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ dns_keytab_path, paths.bind_gid)
+
# This forces a re-creation of dns directory and all the files within
# It's an overkill, but it's easier to re-create a samdb copy, rather
# than trying to fix a broken copy.
--
Samba Shared Repository
More information about the samba-cvs
mailing list