diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2017-12-15 07:24:14 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-12-18 00:10:17 +0100 |
| commit | d120d7fe848aff42b2a01ee33ff9f02faaf3541d (patch) | |
| tree | bbc316f1315990192e712322d497ce36b10401b7 /source4/dsdb | |
| parent | 1d3ae2d92f40567910303205da090fc86c7351b8 (diff) | |
| download | samba-d120d7fe848aff42b2a01ee33ff9f02faaf3541d.tar.gz | |
provision: Changes to support encrypted_secrets module
Changes to provision and join to create a database with
encrypted_secrets enabled and a key file generated.
Also adds the --plaintext-secrets option to join and provision commands
to allow the creation of unencrypted databases.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c index 87d65bd8c2b..e0acb4e371a 100644 --- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c +++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c @@ -228,6 +228,21 @@ static int set_ldap_credentials(struct ldb_context *ldb, bool use_external) return LDB_SUCCESS; } +static bool check_required_features(struct ldb_message_element *el) +{ + if (el != NULL) { + int k; + DATA_BLOB esf = data_blob_string_const( + SAMBA_ENCRYPTED_SECRETS_FEATURE); + for (k = 0; k < el->num_values; k++) { + if (data_blob_cmp(&esf, &el->values[k]) != 0) { + return false; + } + } + } + return true; +} + static int samba_dsdb_init(struct ldb_module *module) { struct ldb_context *ldb = ldb_module_get_ctx(module); @@ -294,6 +309,7 @@ static int samba_dsdb_init(struct ldb_module *module) "rdn_name", "subtree_delete", "repl_meta_data", + "encrypted_secrets", "operational", "unique_object_sids", "subtree_rename", @@ -375,11 +391,14 @@ static int samba_dsdb_init(struct ldb_module *module) backendType = ldb_msg_find_attr_as_string(res->msgs[0], "backendType", "ldb"); requiredFeatures = ldb_msg_find_element(res->msgs[0], SAMBA_REQUIRED_FEATURES_ATTR); - if (requiredFeatures != NULL) { - ldb_set_errstring(ldb, "This Samba database was created with " - "a newer Samba version and is marked with " - "requiredFeatures in @SAMBA_DSDB. " - "This database can not safely be read by this Samba version"); + if (!check_required_features(requiredFeatures)) { + ldb_set_errstring( + ldb, + "This Samba database was created with " + "a newer Samba version and is marked " + "with extra requiredFeatures in " + "@SAMBA_DSDB. This database can not " + "safely be read by this Samba version"); return LDB_ERR_OPERATIONS_ERROR; } |