[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sat May 12 10:06:02 UTC 2018
The branch, master has been updated
via 77ea31b devel: removing unused code from chgkrbtgtpass
via 8b72d4c samdb rid: clear cache to prevent old ntds_guid
via 6a09162 ldb: removing prior secret from logs
from b9d01fd ctdb-scripts: Drop CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES options
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 77ea31bccfc63980cd112c87b2aaf7eb7b5cf549
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date: Tue May 1 15:54:07 2018 +1200
devel: removing unused code from chgkrbtgtpass
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat May 12 12:05:31 CEST 2018 on sn-devel-144
commit 8b72d4c7bbb8462232d685e17612b06b4cca57f2
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date: Tue May 1 15:51:10 2018 +1200
samdb rid: clear cache to prevent old ntds_guid
During the new samba-tool domain backup restore the NTDS GUID changes
as the server is taken over by the new DC record.
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 6a09162df6bd38098253b50a7ac32bfdc8dbf9d4
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date: Tue May 1 11:10:40 2018 +1200
ldb: removing prior secret from logs
priorSecret, like secret, can contain a machine account password
(for secrets.ldb) and so should not be printed in a debug
trace.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13353
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb-samba/ldif_handlers.c | 3 ++-
python/samba/upgradehelpers.py | 5 ++---
source4/dsdb/samdb/ldb_modules/ridalloc.c | 6 ++++++
source4/scripting/devel/chgkrbtgtpass | 5 +----
4 files changed, 11 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index 591bd1e..ecc02e5 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -1706,7 +1706,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
return s;
}
-static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret", NULL};
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret",
+ "priorSecret", NULL};
/*
register the samba ldif handlers
diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py
index d4f6944..14fe3e0 100644
--- a/python/samba/upgradehelpers.py
+++ b/python/samba/upgradehelpers.py
@@ -645,11 +645,10 @@ def update_dns_account_password(samdb, secrets_ldb, names):
secrets_ldb.modify(msg)
-def update_krbtgt_account_password(samdb, names):
+def update_krbtgt_account_password(samdb):
"""Update (change) the password of the krbtgt account
- :param samdb: An LDB object related to the sam.ldb file of a given provision
- :param names: List of key provision parameters"""
+ :param samdb: An LDB object related to the sam.ldb file of a given provision"""
expression = "samAccountName=krbtgt"
res = samdb.search(expression=expression, attrs=[])
diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c
index abfe14a..b436b9b 100644
--- a/source4/dsdb/samdb/ldb_modules/ridalloc.c
+++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c
@@ -443,6 +443,12 @@ int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *mem_ctx,
return ldb_operr(ldb_module_get_ctx(module));
}
+ /* clear the cache so we don't get an old ntds_guid */
+ if (ldb_set_opaque(ldb, "cache.ntds_guid", NULL) != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ldb_operr(ldb_module_get_ctx(module));
+ }
+
our_ntds_guid = samdb_ntds_objectGUID(ldb_module_get_ctx(module));
if (!our_ntds_guid) {
talloc_free(tmp_ctx);
diff --git a/source4/scripting/devel/chgkrbtgtpass b/source4/scripting/devel/chgkrbtgtpass
index 7e4f9fb..12be1bc 100644
--- a/source4/scripting/devel/chgkrbtgtpass
+++ b/source4/scripting/devel/chgkrbtgtpass
@@ -56,8 +56,5 @@ session = system_session()
ldbs = get_ldbs(paths, creds, session, lp)
ldbs.startTransactions()
-names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
- paths, smbconf, lp)
-
-update_krbtgt_account_password(ldbs.sam, names)
+update_krbtgt_account_password(ldbs.sam)
ldbs.groupedCommit()
--
Samba Shared Repository
More information about the samba-cvs
mailing list