diff options
author | Andreas Schneider <asn@samba.org> | 2017-05-03 09:19:38 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-26 11:26:17 +0200 |
commit | 330d82c1bc12a6247302ddcdd15c8326753e1436 (patch) | |
tree | 5b3c1c52b30779b22e2e2a923fca2b6706ba8c4d /python | |
parent | acec88dc1fa0f1df04f77c54d175c4d13b919a5f (diff) | |
download | samba-330d82c1bc12a6247302ddcdd15c8326753e1436.tar.gz |
python: Create the kdc.conf in the Samba private directory
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/netcmd/domain.py | 15 | ||||
-rw-r--r-- | python/samba/provision/__init__.py | 24 | ||||
-rw-r--r-- | python/samba/provision/kerberos.py | 11 | ||||
-rw-r--r-- | python/wscript | 8 |
4 files changed, 17 insertions, 41 deletions
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index bfc4772b7b1..4bd99ba6ff5 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -87,9 +87,6 @@ from samba.provision import ( ProvisioningError ) -from samba.provision.kerberos_implementation import ( - kdc_default_config_dir) - from samba.provision.common import ( FILL_FULL, FILL_NT4SYNC, @@ -266,20 +263,12 @@ class cmd_domain_provision(Command): default="auto") ] - kdc_options = [ - Option("--kdc-config-dir", type="string", metavar="KDC-CONFIG-DIR", - help="Set the MIT KDC config directory (default='%s')" % kdc_default_config_dir), - ] - if os.getenv('TEST_LDAP', "no") == "yes": takes_options.extend(openldap_options) if samba.is_ntvfs_fileserver_built(): takes_options.extend(ntvfs_options) - if not samba.is_heimdal_built(): - takes_options.extend(kdc_options) - takes_args = [] def run(self, sambaopts=None, versionopts=None, @@ -315,7 +304,6 @@ class cmd_domain_provision(Command): use_xattrs="auto", slapd_path=None, use_ntvfs=False, - kdc_config_dir=None, use_rfc2307=None, ldap_backend_nosync=None, ldap_backend_extra_port=None, @@ -483,8 +471,7 @@ class cmd_domain_provision(Command): use_rfc2307=use_rfc2307, skip_sysvolacl=False, ldap_backend_extra_port=ldap_backend_extra_port, ldap_backend_forced_uri=ldap_backend_forced_uri, - nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode, - kdcconfdir=kdc_config_dir) + nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) except ProvisioningError, e: raise CommandError("Provision failed", e) diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index e55d807d8a4..2387931987e 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -56,6 +56,7 @@ from samba import ( substitute_var, valid_netbios_name, version, + is_heimdal_built, ) from samba.dcerpc import security, misc from samba.dcerpc.misc import ( @@ -118,7 +119,7 @@ import samba.registry from samba.schema import Schema from samba.samdb import SamDB from samba.dbchecker import dbcheck -from samba.provision.kerberos import make_kdcconf +from samba.provision.kerberos import create_kdc_conf DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9" DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9" @@ -549,6 +550,7 @@ def provision_paths_from_lp(lp, dnsdomain): paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update") paths.namedtxt = os.path.join(paths.private_dir, "named.txt") paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf") + paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") paths.hklm = "hklm.ldb" @@ -670,7 +672,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, def make_smbconf(smbconf, hostname, domain, realm, targetdir, serverrole=None, eadb=False, use_ntvfs=False, lp=None, - global_param=None, kdcconfdir=None): + global_param=None): """Create a new smb.conf file based on a couple of basic settings. """ assert smbconf is not None @@ -731,11 +733,6 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir, statedir = lp.get("state directory") lp.set("xattr_tdb:file", os.path.abspath(os.path.join(statedir, "xattr.tdb"))) - make_kdcconf(realm, domain, kdcconfdir, os.path.dirname(lp.get("log file"))) - if kdcconfdir is not None: - kdcconf = "%s/kdc.conf" % kdcconfdir - lp.set("mit kdc config", kdcconf) - shares = {} if serverrole == "active directory domain controller": shares["sysvol"] = os.path.join(lp.get("state directory"), "sysvol") @@ -1932,7 +1929,7 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain, samdb.transaction_commit() -def provision(logger, session_info, smbconf=None, kdcconfdir=None, +def provision(logger, session_info, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, @@ -2016,13 +2013,11 @@ def provision(logger, session_info, smbconf=None, kdcconfdir=None, make_smbconf(smbconf, hostname, domain, realm, targetdir, serverrole=serverrole, eadb=useeadb, use_ntvfs=use_ntvfs, - lp=lp, global_param=global_param, - kdcconfdir=kdcconfdir) + lp=lp, global_param=global_param) else: make_smbconf(smbconf, hostname, domain, realm, targetdir, serverrole=serverrole, - eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param, - kdcconfdir=kdcconfdir) + eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param) if lp is None: lp = samba.param.LoadParm() @@ -2179,6 +2174,11 @@ def provision(logger, session_info, smbconf=None, kdcconfdir=None, lp=lp, use_ntvfs=use_ntvfs, skip_sysvolacl=skip_sysvolacl) + if not is_heimdal_built(): + create_kdc_conf(paths.kdcconf, realm, domain, os.path.dirname(lp.get("log file"))) + logger.info("The Kerberos KDC configuration for Samba AD is " + "located at %s", paths.kdcconf) + create_krb5_conf(paths.krb5conf, dnsdomain=names.dnsdomain, hostname=names.hostname, realm=names.realm) diff --git a/python/samba/provision/kerberos.py b/python/samba/provision/kerberos.py index e07588c6abb..24ced9c4dc9 100644 --- a/python/samba/provision/kerberos.py +++ b/python/samba/provision/kerberos.py @@ -19,12 +19,11 @@ # from samba.provision.kerberos_implementation import ( - kdb_modules_dir, - kdc_default_config_dir) + kdb_modules_dir) from samba import is_heimdal_built import os -def make_kdcconf(realm, domain, kdcconfdir, logdir): +def create_kdc_conf(kdcconf, realm, domain, logdir): if is_heimdal_built(): return @@ -37,11 +36,7 @@ def make_kdcconf(realm, domain, kdcconfdir, logdir): if 'SAMBA_SELFTEST' in os.environ and 'MITKRB5' in os.environ: return - # If not specified use the default - if kdcconfdir is None: - kdcconfdir = kdc_default_config_dir - - kdcconf = "%s/kdc.conf" % kdcconfdir + assert kdcconf is not None assert domain is not None domain = domain.upper() diff --git a/python/wscript b/python/wscript index 687a268412f..623ca44b005 100644 --- a/python/wscript +++ b/python/wscript @@ -27,20 +27,14 @@ def configure(conf): f.write(header) data = """kdb_modules_dir = "{0}" -kdc_default_config_dir = "{1}" """ if conf.env.HEIMDAL_KRB5_CONFIG: f.write(data.format("", "")) else: modulesdir = "%s/krb5/plugins/kdb" % conf.env.LIBDIR - paths = [ "/var/kerberos/krb5kdc", "/var/lib/kerberos/krb5kdc" ] - kdc_path = None - for p in paths: - if os.path.exists(p): - kdc_path = p - f.write(data.format(modulesdir, kdc_path)) + f.write(data.format(modulesdir)) finally: f.close() |