python: Create the kdc.conf in the Samba private directory

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

4 files changed, 17 insertions, 41 deletions

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index bfc4772b7b1..4bd99ba6ff5 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -87,9 +87,6 @@ from samba.provision import (
     ProvisioningError
     )
 
-from samba.provision.kerberos_implementation import (
-    kdc_default_config_dir)
-
 from samba.provision.common import (
     FILL_FULL,
     FILL_NT4SYNC,
@@ -266,20 +263,12 @@ class cmd_domain_provision(Command):
                default="auto")
     ]
 
-    kdc_options = [
-        Option("--kdc-config-dir", type="string", metavar="KDC-CONFIG-DIR",
-               help="Set the MIT KDC config directory (default='%s')" % kdc_default_config_dir),
-    ]
-
     if os.getenv('TEST_LDAP', "no") == "yes":
         takes_options.extend(openldap_options)
 
     if samba.is_ntvfs_fileserver_built():
          takes_options.extend(ntvfs_options)
 
-    if not samba.is_heimdal_built():
-        takes_options.extend(kdc_options)
-
     takes_args = []
 
     def run(self, sambaopts=None, versionopts=None,
@@ -315,7 +304,6 @@ class cmd_domain_provision(Command):
             use_xattrs="auto",
             slapd_path=None,
             use_ntvfs=False,
-            kdc_config_dir=None,
             use_rfc2307=None,
             ldap_backend_nosync=None,
             ldap_backend_extra_port=None,
@@ -483,8 +471,7 @@ class cmd_domain_provision(Command):
                   use_rfc2307=use_rfc2307, skip_sysvolacl=False,
                   ldap_backend_extra_port=ldap_backend_extra_port,
                   ldap_backend_forced_uri=ldap_backend_forced_uri,
-                  nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode,
-                  kdcconfdir=kdc_config_dir)
+                  nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
 
         except ProvisioningError, e:
             raise CommandError("Provision failed", e)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index e55d807d8a4..2387931987e 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -56,6 +56,7 @@ from samba import (
     substitute_var,
     valid_netbios_name,
     version,
+    is_heimdal_built,
     )
 from samba.dcerpc import security, misc
 from samba.dcerpc.misc import (
@@ -118,7 +119,7 @@ import samba.registry
 from samba.schema import Schema
 from samba.samdb import SamDB
 from samba.dbchecker import dbcheck
-from samba.provision.kerberos import make_kdcconf
+from samba.provision.kerberos import create_kdc_conf
 
 DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
 DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9"
@@ -549,6 +550,7 @@ def provision_paths_from_lp(lp, dnsdomain):
     paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update")
     paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
     paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
+    paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf")
     paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
     paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
     paths.hklm = "hklm.ldb"
@@ -670,7 +672,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
 
 def make_smbconf(smbconf, hostname, domain, realm, targetdir,
                  serverrole=None, eadb=False, use_ntvfs=False, lp=None,
-                 global_param=None, kdcconfdir=None):
+                 global_param=None):
     """Create a new smb.conf file based on a couple of basic settings.
     """
     assert smbconf is not None
@@ -731,11 +733,6 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir,
                 statedir = lp.get("state directory")
             lp.set("xattr_tdb:file", os.path.abspath(os.path.join(statedir, "xattr.tdb")))
 
-    make_kdcconf(realm, domain, kdcconfdir, os.path.dirname(lp.get("log file")))
-    if kdcconfdir is not None:
-        kdcconf = "%s/kdc.conf" % kdcconfdir
-        lp.set("mit kdc config", kdcconf)
-
     shares = {}
     if serverrole == "active directory domain controller":
         shares["sysvol"] = os.path.join(lp.get("state directory"), "sysvol")
@@ -1932,7 +1929,7 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
         samdb.transaction_commit()
 
 
-def provision(logger, session_info, smbconf=None, kdcconfdir=None,
+def provision(logger, session_info, smbconf=None,
         targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
         domaindn=None, schemadn=None, configdn=None, serverdn=None,
         domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
@@ -2016,13 +2013,11 @@ def provision(logger, session_info, smbconf=None, kdcconfdir=None,
             make_smbconf(smbconf, hostname, domain, realm,
                          targetdir, serverrole=serverrole,
                          eadb=useeadb, use_ntvfs=use_ntvfs,
-                         lp=lp, global_param=global_param,
-                         kdcconfdir=kdcconfdir)
+                         lp=lp, global_param=global_param)
     else:
         make_smbconf(smbconf, hostname, domain, realm, targetdir,
                      serverrole=serverrole,
-                     eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param,
-                     kdcconfdir=kdcconfdir)
+                     eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param)
 
     if lp is None:
         lp = samba.param.LoadParm()
@@ -2179,6 +2174,11 @@ def provision(logger, session_info, smbconf=None, kdcconfdir=None,
                     lp=lp, use_ntvfs=use_ntvfs,
                            skip_sysvolacl=skip_sysvolacl)
 
+        if not is_heimdal_built():
+            create_kdc_conf(paths.kdcconf, realm, domain, os.path.dirname(lp.get("log file")))
+            logger.info("The Kerberos KDC configuration for Samba AD is "
+                        "located at %s", paths.kdcconf)
+
         create_krb5_conf(paths.krb5conf,
                          dnsdomain=names.dnsdomain, hostname=names.hostname,
                          realm=names.realm)
diff --git a/python/samba/provision/kerberos.py b/python/samba/provision/kerberos.py
index e07588c6abb..24ced9c4dc9 100644
--- a/python/samba/provision/kerberos.py
+++ b/python/samba/provision/kerberos.py
@@ -19,12 +19,11 @@
 #
 
 from samba.provision.kerberos_implementation import (
-    kdb_modules_dir,
-    kdc_default_config_dir)
+    kdb_modules_dir)
 from samba import is_heimdal_built
 import os
 
-def make_kdcconf(realm, domain, kdcconfdir, logdir):
+def create_kdc_conf(kdcconf, realm, domain, logdir):
 
     if is_heimdal_built():
         return
@@ -37,11 +36,7 @@ def make_kdcconf(realm, domain, kdcconfdir, logdir):
     if 'SAMBA_SELFTEST' in os.environ and 'MITKRB5' in os.environ:
         return
 
-    # If not specified use the default
-    if kdcconfdir is None:
-        kdcconfdir = kdc_default_config_dir
-
-    kdcconf = "%s/kdc.conf" % kdcconfdir
+    assert kdcconf is not None
 
     assert domain is not None
     domain = domain.upper()
diff --git a/python/wscript b/python/wscript
index 687a268412f..623ca44b005 100644
--- a/python/wscript
+++ b/python/wscript
@@ -27,20 +27,14 @@ def configure(conf):
         f.write(header)
 
         data = """kdb_modules_dir = "{0}"
-kdc_default_config_dir = "{1}"
 """
 
         if conf.env.HEIMDAL_KRB5_CONFIG:
             f.write(data.format("", ""))
         else:
             modulesdir = "%s/krb5/plugins/kdb" % conf.env.LIBDIR
-            paths = [ "/var/kerberos/krb5kdc", "/var/lib/kerberos/krb5kdc" ]
-            kdc_path = None
-            for p in paths:
-                if os.path.exists(p):
-                    kdc_path = p
 
-            f.write(data.format(modulesdir, kdc_path))
+            f.write(data.format(modulesdir))
     finally:
         f.close()