diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2017-06-06 15:22:35 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-10 21:48:21 +0200 |
| commit | d0c211691e64af1b569529c5b8523676eaf454ef (patch) | |
| tree | c2b36b284388562353ddda3b840551c3315a4883 /python | |
| parent | db475ed6b4cdf59252a072d4af6fefeb32a50b87 (diff) | |
| download | samba-d0c211691e64af1b569529c5b8523676eaf454ef.tar.gz | |
provision: Allow removing an existing account when force=True is set
This allows a practical override for use in test scripts
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/join.py | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/python/samba/join.py b/python/samba/join.py index 681275cd72d..a76772a5b0f 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -201,32 +201,33 @@ class dc_join(object): except Exception: pass - def cleanup_old_accounts(ctx): + def cleanup_old_accounts(ctx, force=False): res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), expression='sAMAccountName=%s' % ldb.binary_encode(ctx.samname), attrs=["msDS-krbTgtLink", "objectSID"]) if len(res) == 0: return - creds = Credentials() - creds.guess(ctx.lp) - try: - creds.set_machine_account(ctx.lp) - creds.set_kerberos_state(ctx.creds.get_kerberos_state()) - machine_samdb = SamDB(url="ldap://%s" % ctx.server, - session_info=system_session(), - credentials=creds, lp=ctx.lp) - except: - pass - else: - token_res = machine_samdb.search(scope=ldb.SCOPE_BASE, base="", attrs=["tokenGroups"]) - if token_res[0]["tokenGroups"][0] \ - == res[0]["objectSID"][0]: - raise DCJoinException("Not removing account %s which " - "looks like a Samba DC account " - "maching the password we already have. " - "To override, remove secrets.ldb and secrets.tdb" - % ctx.samname) + if not force: + creds = Credentials() + creds.guess(ctx.lp) + try: + creds.set_machine_account(ctx.lp) + creds.set_kerberos_state(ctx.creds.get_kerberos_state()) + machine_samdb = SamDB(url="ldap://%s" % ctx.server, + session_info=system_session(), + credentials=creds, lp=ctx.lp) + except: + pass + else: + token_res = machine_samdb.search(scope=ldb.SCOPE_BASE, base="", attrs=["tokenGroups"]) + if token_res[0]["tokenGroups"][0] \ + == res[0]["objectSID"][0]: + raise DCJoinException("Not removing account %s which " + "looks like a Samba DC account " + "maching the password we already have. " + "To override, remove secrets.ldb and secrets.tdb" + % ctx.samname) ctx.del_noerror(res[0].dn, recursive=True) @@ -253,11 +254,11 @@ class dc_join(object): ldb.binary_encode("dns/%s" % ctx.dnshostname))) - def cleanup_old_join(ctx): + def cleanup_old_join(ctx, force=False): """Remove any DNs from a previous join.""" # find the krbtgt link if not ctx.subdomain: - ctx.cleanup_old_accounts() + ctx.cleanup_old_accounts(force=force) if ctx.connection_dn is not None: ctx.del_noerror(ctx.connection_dn) |