diff options
author | Andreas Schneider <asn@samba.org> | 2017-08-10 15:37:54 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2017-09-05 23:58:20 +0200 |
commit | 8f2dee256e281c438105689b073f09685f161b16 (patch) | |
tree | 8cc6ea1e2b9f8dd1ca345a9d91d7143b165fc0db /python | |
parent | 3fa7c43ef73b6582e8985bf6d82465ffded9e5db (diff) | |
download | samba-8f2dee256e281c438105689b073f09685f161b16.tar.gz |
python:samba: Use 'binddns dir' in samba-tool and samba_upgradedns
This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/provision/__init__.py | 72 | ||||
-rw-r--r-- | python/samba/provision/sambadns.py | 19 | ||||
-rw-r--r-- | python/samba/tests/provision.py | 2 |
3 files changed, 67 insertions, 26 deletions
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 91d2105929c..f820f6ab675 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -27,6 +27,7 @@ __docformat__ = "restructuredText" from base64 import b64encode +import errno import os import re import pwd @@ -145,6 +146,7 @@ class ProvisionPaths(object): self.dns = None self.winsdb = None self.private_dir = None + self.binddns_dir = None self.state_dir = None @@ -531,6 +533,7 @@ def provision_paths_from_lp(lp, dnsdomain): """ paths = ProvisionPaths() paths.private_dir = lp.get("private dir") + paths.binddns_dir = lp.get("binddns dir") paths.state_dir = lp.get("state directory") # This is stored without path prefix for the "privateKeytab" attribute in @@ -543,16 +546,18 @@ def provision_paths_from_lp(lp, dnsdomain): paths.idmapdb = os.path.join(paths.private_dir, "idmap.ldb") paths.secrets = os.path.join(paths.private_dir, "secrets.ldb") paths.privilege = os.path.join(paths.private_dir, "privilege.ldb") - paths.dns = os.path.join(paths.private_dir, "dns", dnsdomain + ".zone") paths.dns_update_list = os.path.join(paths.private_dir, "dns_update_list") paths.spn_update_list = os.path.join(paths.private_dir, "spn_update_list") - paths.namedconf = os.path.join(paths.private_dir, "named.conf") - paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update") - paths.namedtxt = os.path.join(paths.private_dir, "named.txt") paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf") paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") + + paths.dns = os.path.join(paths.binddns_dir, "dns", dnsdomain + ".zone") + paths.namedconf = os.path.join(paths.binddns_dir, "named.conf") + paths.namedconf_update = os.path.join(paths.binddns_dir, "named.conf.update") + paths.namedtxt = os.path.join(paths.binddns_dir, "named.txt") + paths.hklm = "hklm.ldb" paths.hkcr = "hkcr.ldb" paths.hkcu = "hkcu.ldb" @@ -945,6 +950,10 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp): if os.path.exists(keytab_path): os.unlink(keytab_path) + bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab) + if os.path.exists(bind_dns_keytab_path): + os.unlink(bind_dns_keytab_path) + dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab) if os.path.exists(dns_keytab_path): os.unlink(dns_keytab_path) @@ -1928,6 +1937,15 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain, else: samdb.transaction_commit() +def directory_create_or_exists(path, mode=0o755): + if not os.path.exists(path): + try: + os.mkdir(path, mode) + except OSError as e: + if e.errno in [errno.EEXIST]: + pass + else: + raise ProvisioningError("Failed to create directory %s: %s" % (path, e.strerror)) def provision(logger, session_info, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, @@ -2064,12 +2082,10 @@ def provision(logger, session_info, smbconf=None, if serverrole is None: serverrole = lp.get("server role") - if not os.path.exists(paths.private_dir): - os.mkdir(paths.private_dir, 0o700) - if not os.path.exists(os.path.join(paths.private_dir, "tls")): - os.makedirs(os.path.join(paths.private_dir, "tls"), 0700) - if not os.path.exists(paths.state_dir): - os.mkdir(paths.state_dir) + directory_create_or_exists(paths.private_dir, 0o700) + directory_create_or_exists(paths.binddns_dir, 0o770) + directory_create_or_exists(os.path.join(paths.private_dir, "tls")) + directory_create_or_exists(paths.state_dir) if paths.sysvol and not os.path.exists(paths.sysvol): os.makedirs(paths.sysvol, 0775) @@ -2198,16 +2214,34 @@ def provision(logger, session_info, smbconf=None, # Now commit the secrets.ldb to disk secrets_ldb.transaction_commit() - # the commit creates the dns.keytab, now chown it - dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab) - if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None: + # the commit creates the dns.keytab in the private directory + private_dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab) + bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab) + + if os.path.isfile(private_dns_keytab_path): + if os.path.isfile(bind_dns_keytab_path): + try: + os.unlink(bind_dns_keytab_path) + except OSError as e: + logger.error("Failed to remove %s: %s" % + (bind_dns_keytab_path, e.strerror)) + + # link the dns.keytab to the bind-dns directory try: - os.chmod(dns_keytab_path, 0640) - os.chown(dns_keytab_path, -1, paths.bind_gid) - except OSError: - if not os.environ.has_key('SAMBA_SELFTEST'): - logger.info("Failed to chown %s to bind gid %u", - dns_keytab_path, paths.bind_gid) + os.link(private_dns_keytab_path, bind_dns_keytab_path) + except OSError as e: + logger.error("Failed to create link %s -> %s: %s" % + (private_dns_keytab_path, bind_dns_keytab_path, e.strerror)) + + # chown the dns.keytab in the bind-dns directory + if paths.bind_gid is not None: + try: + os.chmod(bind_dns_keytab_path, 0640) + os.chown(bind_dns_keytab_path, -1, paths.bind_gid) + except OSError: + if not os.environ.has_key('SAMBA_SELFTEST'): + logger.info("Failed to chown %s to bind gid %u", + bind_dns_keytab_path, paths.bind_gid) result = ProvisionResult() result.server_role = serverrole diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py index dcb19c7053c..d4cb93a89ea 100644 --- a/python/samba/provision/sambadns.py +++ b/python/samba/provision/sambadns.py @@ -649,7 +649,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname, fqdn_hostname) -def secretsdb_setup_dns(secretsdb, names, private_dir, realm, +def secretsdb_setup_dns(secretsdb, names, private_dir, binddns_dir, realm, dnsdomain, dns_keytab_path, dnspass, key_version_number): """Add DNS specific bits to a secrets database. @@ -659,12 +659,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm, """ try: os.unlink(os.path.join(private_dir, dns_keytab_path)) + os.unlink(os.path.join(binddns_dir, dns_keytab_path)) except OSError: pass if key_version_number is None: key_version_number = 1 + # This will create the dns.keytab file in the private_dir when it is + # commited! setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { "REALM": realm, "DNSDOMAIN": dnsdomain, @@ -954,7 +957,7 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): }) -def create_named_txt(path, realm, dnsdomain, dnsname, private_dir, +def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir, keytab_name): """Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). @@ -962,7 +965,7 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir, :param path: Path of the new named.conf file. :param realm: Realm name :param dnsdomain: DNS Domain name - :param private_dir: Path to private directory + :param binddns_dir: Path to bind dns directory :param keytab_name: File name of DNS keytab file """ setup_file(setup_path("named.txt"), path, { @@ -970,8 +973,8 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir, "DNSNAME" : dnsname, "REALM": realm, "DNS_KEYTAB": keytab_name, - "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name), - "PRIVATE_DIR": private_dir + "DNS_KEYTAB_ABS": os.path.join(binddns_dir, keytab_name), + "PRIVATE_DIR": binddns_dir }) @@ -1194,7 +1197,9 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger, domainguid = get_domainguid(samdb, domaindn) secretsdb_setup_dns(secretsdb, names, - paths.private_dir, realm=names.realm, + paths.private_dir, + paths.binddns_dir, + realm=names.realm, dnsdomain=names.dnsdomain, dns_keytab_path=paths.dns_keytab, dnspass=dnspass, key_version_number=key_version_number) @@ -1218,7 +1223,7 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger, create_named_txt(paths.namedtxt, realm=names.realm, dnsdomain=names.dnsdomain, dnsname = "%s.%s" % (names.hostname, names.dnsdomain), - private_dir=paths.private_dir, + binddns_dir=paths.binddns_dir, keytab_name=paths.dns_keytab) logger.info("See %s for an example configuration include file for BIND", paths.namedconf) diff --git a/python/samba/tests/provision.py b/python/samba/tests/provision.py index 11b0135f473..bada14f5936 100644 --- a/python/samba/tests/provision.py +++ b/python/samba/tests/provision.py @@ -42,6 +42,7 @@ def create_dummy_secretsdb(path, lp=None): paths = ProvisionPaths() paths.secrets = path paths.private_dir = os.path.dirname(path) + paths.binddns_dir = os.path.dirname(path) paths.keytab = "no.keytab" paths.dns_keytab = "no.dns.keytab" secrets_ldb = setup_secretsdb(paths, None, None, lp=lp) @@ -59,6 +60,7 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir): secrets_tdb_path = os.path.join(self.tempdir, "secrets.tdb") paths.secrets = path paths.private_dir = os.path.dirname(path) + paths.binddns_dir = os.path.dirname(path) paths.keytab = "no.keytab" paths.dns_keytab = "no.dns.keytab" ldb = setup_secretsdb(paths, None, None, lp=env_loadparm()) |