From d5d8589f353974fb63caf71ba1d1fdc6f5b453ab Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 May 2018 11:23:24 +1200 Subject: [PATCH] samba-tool domain: Extend --backend-store to join and dcpromo by moving to common options This allows the choice of ldb backend for a domain join as well as a new provision. Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer --- python/samba/join.py | 23 +++++++++++++++-------- python/samba/netcmd/domain.py | 30 +++++++++++++++++++----------- 2 files changed, 34 insertions(+), 19 deletions(-) diff --git a/python/samba/join.py b/python/samba/join.py index e164d9b5cf2c..dc6d234d0ed6 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -57,7 +57,7 @@ class dc_join(object): netbios_name=None, targetdir=None, domain=None, machinepass=None, use_ntvfs=False, dns_backend=None, promote_existing=False, clone_only=False, - plaintext_secrets=False): + plaintext_secrets=False, backend_store=None): if site is None: site = "Default-First-Site-Name" @@ -70,6 +70,7 @@ class dc_join(object): ctx.targetdir = targetdir ctx.use_ntvfs = use_ntvfs ctx.plaintext_secrets = plaintext_secrets + ctx.backend_store = backend_store ctx.promote_existing = promote_existing ctx.promote_from_dn = None @@ -849,7 +850,9 @@ class dc_join(object): machinepass=ctx.acct_pass, serverrole="active directory domain controller", sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid, use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend, - plaintext_secrets=ctx.plaintext_secrets) + plaintext_secrets=ctx.plaintext_secrets, + backend_store=ctx.backend_store + ) print("Provision OK for domain DN %s" % presult.domaindn) ctx.local_samdb = presult.samdb ctx.lp = presult.lp @@ -1411,12 +1414,13 @@ class dc_join(object): def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None, targetdir=None, domain=None, domain_critical_only=False, machinepass=None, use_ntvfs=False, dns_backend=None, - promote_existing=False, plaintext_secrets=False): + promote_existing=False, plaintext_secrets=False, + backend_store=None): """Join as a RODC.""" ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain, machinepass, use_ntvfs, dns_backend, promote_existing, - plaintext_secrets) + plaintext_secrets, backend_store=backend_store) lp.set("workgroup", ctx.domain_name) logger.info("workgroup is %s" % ctx.domain_name) @@ -1463,11 +1467,12 @@ def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_ def join_DC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None, targetdir=None, domain=None, domain_critical_only=False, machinepass=None, use_ntvfs=False, dns_backend=None, - promote_existing=False, plaintext_secrets=False): + promote_existing=False, plaintext_secrets=False, + backend_store=None): """Join as a DC.""" ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain, machinepass, use_ntvfs, dns_backend, promote_existing, - plaintext_secrets) + plaintext_secrets, backend_store=backend_store) lp.set("workgroup", ctx.domain_name) logger.info("workgroup is %s" % ctx.domain_name) @@ -1513,10 +1518,12 @@ def join_clone(logger=None, server=None, creds=None, lp=None, def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None, machinepass=None, adminpass=None, use_ntvfs=False, - dns_backend=None, plaintext_secrets=False): + dns_backend=None, plaintext_secrets=False, + backend_store=None): """Join as a DC.""" ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, parent_domain, - machinepass, use_ntvfs, dns_backend, plaintext_secrets) + machinepass, use_ntvfs, dns_backend, plaintext_secrets, + backend_store=backend_store) ctx.subdomain = True if adminpass is None: ctx.adminpass = samba.generate_random_password(12, 32) diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index c346430dbec8..a1a936d98d94 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -111,6 +111,10 @@ common_provision_join_options = [ Option("--plaintext-secrets", action="store_true", help="Store secret/sensitive values as plain text on disk" + "(default is to encrypt secret/ensitive values)"), + Option("--backend-store", type="choice", metavar="BACKENDSTORE", + choices=["tdb", "mdb"], + help="Specify the database backend to be used " + "(default is %s)" % get_default_backend_store()), Option("--targetdir", metavar="DIR", help="Set target directory (where to store provision)", type=str), Option("--quiet", help="Be quiet", action="store_true"), @@ -255,10 +259,6 @@ class cmd_domain_provision(Command): Option("--partitions-only", help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"), Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"), - Option("--backend-store", type="choice", metavar="BACKENDSTORE", - choices=["tdb", "mdb"], - help="Specify the database backend to be used " - "(default is %s)" % get_default_backend_store()), ] openldap_options = [ @@ -599,7 +599,8 @@ class cmd_domain_dcpromo(Command): versionopts=None, server=None, site=None, targetdir=None, domain_critical_only=False, parent_domain=None, machinepass=None, use_ntvfs=False, dns_backend=None, - quiet=False, verbose=False, plaintext_secrets=False): + quiet=False, verbose=False, plaintext_secrets=False, + backend_store=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) net = Net(creds, lp, server=credopts.ipaddress) @@ -623,13 +624,15 @@ class cmd_domain_dcpromo(Command): domain_critical_only=domain_critical_only, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, - promote_existing=True, plaintext_secrets=plaintext_secrets) + promote_existing=True, plaintext_secrets=plaintext_secrets, + backend_store=backend_store) elif role == "RODC": join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, domain_critical_only=domain_critical_only, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, - promote_existing=True, plaintext_secrets=plaintext_secrets) + promote_existing=True, plaintext_secrets=plaintext_secrets, + backend_store=backend_store) else: raise CommandError("Invalid role '%s' (possible values: DC, RODC)" % role) @@ -678,7 +681,9 @@ class cmd_domain_join(Command): versionopts=None, server=None, site=None, targetdir=None, domain_critical_only=False, parent_domain=None, machinepass=None, use_ntvfs=False, dns_backend=None, adminpass=None, - quiet=False, verbose=False, plaintext_secrets=False): + quiet=False, verbose=False, + plaintext_secrets=False, + backend_store=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) net = Net(creds, lp, server=credopts.ipaddress) @@ -711,14 +716,16 @@ class cmd_domain_join(Command): domain_critical_only=domain_critical_only, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, - plaintext_secrets=plaintext_secrets) + plaintext_secrets=plaintext_secrets, + backend_store=backend_store) elif role == "RODC": join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, domain_critical_only=domain_critical_only, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, - plaintext_secrets=plaintext_secrets) + plaintext_secrets=plaintext_secrets, + backend_store=backend_store) elif role == "SUBDOMAIN": if not adminpass: logger.info("Administrator password will be set randomly!") @@ -732,7 +739,8 @@ class cmd_domain_join(Command): targetdir=targetdir, machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, adminpass=adminpass, - plaintext_secrets=plaintext_secrets) + plaintext_secrets=plaintext_secrets, + backend_store=backend_store) else: raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role) -- 2.34.1