r8158: - use the timestring for the serial number of the bind zone file

- add --krbtgtpass and --machinepass options, with them you can easy set them to default
  values for testing so that you don't need to setup a new keytab file when you rerun provision.pl

metze
(This used to be commit cfb72455970c182aaba67bf9cf9775a854f143ff)

diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 88c157b0520d7968f286b911dbec1f9a3bea6bd2..5a5e792ec5c1ac341d2343e11ec33229ac12c451 100644 (file)
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -615,7 +615,7 @@ operatingSystemVersion: 4.0
 dNSHostName: ${DNSNAME}
 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
-unicodePwd: ${JOINPASS}
+unicodePwd: ${MACHINEPASS}
 servicePrincipalName: HOST/${DNSNAME}
 servicePrincipalName: HOST/${NETBIOSNAME}
 msDS-KeyVersionNumber: 1
@@ -653,7 +653,7 @@ sAMAccountType: 805306368
 servicePrincipalName: kadmin/changepw
 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
-unicodePwd: ${RANDPASS}
+unicodePwd: ${KRBTGTPASS}
 
 dn: CN=Domain Computers,CN=Users,${BASEDN}
 objectClass: top

diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl
index 7c739f4515d8be828f6d9198564e1bf8e566eb20..99830bfc3fe8b34bb4425104ed9c3af8a718f8d0 100755 (executable)
--- a/source4/setup/provision.pl
+++ b/source4/setup/provision.pl
@@ -10,6 +10,8 @@ my $opt_hostip;
 my $opt_realm;
 my $opt_domain;
 my $opt_adminpass;
+my $opt_krbtgtpass;
+my $opt_machinepass;
 my $opt_root;
 my $opt_nobody;
 my $opt_nogroup;
@@ -69,8 +71,6 @@ sub randpass()
        return $pass;
 }
 
-my $joinpass = randpass();
-
 sub ldaptime()
 {
        my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) =  gmtime(time);
@@ -78,6 +78,13 @@ sub ldaptime()
        $year+1900, $mon+1, $mday, $hour, $min, $sec;
 }
 
+sub timestring()
+{
+       my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) =  gmtime(time);
+       return sprintf "%04u%02u%02u%02u%02u%02u",
+       $year+1900, $mon+1, $mday, $hour, $min, $sec;
+}
+
 #######################
 # substitute a single variable
 sub substitute($)
@@ -124,6 +131,10 @@ sub substitute($)
                return ldaptime();
        }
 
+       if ($var eq "TIMESTRING") {
+               return timestring();
+       }
+
        if ($var eq "NEWGUID") {
                return randguid();
        }
@@ -152,12 +163,12 @@ sub substitute($)
                return $opt_adminpass;
        }
 
-       if ($var eq "RANDPASS") {
-           return randpass();
+       if ($var eq "KRBTGTPASS") {
+               return $opt_krbtgtpass;
        }
 
-       if ($var eq "JOINPASS") {
-           return $joinpass;
+       if ($var eq "MACHINEPASS") {
+           return $opt_machinepass;
        }
 
        if ($var eq "NTTIME") {
@@ -283,6 +294,8 @@ provision.pl [options]
  --invocationid        GUID            set invocationid (otherwise random)
  --outputdir   OUTPUTDIR       set output directory
  --adminpass   PASSWORD        choose admin password (otherwise random)
+ --krbtgtpass  PASSWORD        choose krbtgt password (otherwise random)
+ --machinepass PASSWORD        choose machine password (otherwise random)
  --root         USERNAME       choose 'root' unix username
  --nobody      USERNAME        choose 'nobody' user
  --nogroup     GROUPNAME       choose 'nogroup' group
@@ -309,6 +322,8 @@ GetOptions(
            'host-guid=s' => \$opt_hostguid,
            'invocationid=s' => \$opt_invocationid,
            'adminpass=s' => \$opt_adminpass,
+           'krbtgtpass=s' => \$opt_krbtgtpass,
+           'machinepass=s' => \$opt_machinepass,
            'root=s' => \$opt_root,
            'nobody=s' => \$opt_nobody,
            'nogroup=s' => \$opt_nogroup,
@@ -401,6 +416,16 @@ if (!$opt_adminpass) {
        print "chose random Administrator password '$opt_adminpass'\n";
 }
 
+if (!$opt_krbtgtpass) {
+       $opt_krbtgtpass = randpass();
+       print "chose random krbtgt password '$opt_krbtgtpass'\n";
+}
+
+if (!$opt_machinepass) {
+       $opt_machinepass = randpass();
+       print "chose random machine password '$opt_machinepass'\n";
+}
+
 # allow provisioning to be run from the source directory
 $ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"};
 

diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone
index c79660869c524307a09505285a36483f00c86fa3..cde4caf092bf73da0c171a35b7444a30b55cfb7f 100644 (file)
--- a/source4/setup/provision.zone
+++ b/source4/setup/provision.zone
@@ -2,7 +2,7 @@
 $ORIGIN ${DNSDOMAIN}.
 $TTL 1W
 @               IN SOA  @   hostmaster (
-                                42              ; serial (d. adams)
+                                ${TIMESTRING}   ; serial
                                 2D              ; refresh
                                 4H              ; retry
                                 6W              ; expiry

diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 15005163dcec3c707a61aa90959f11ef6cf2b25d..865a151494745375862c17229e538e58a5a4e663 100644 (file)
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -23,7 +23,7 @@ objectClass: top
 objectClass: primaryDomain
 flatname: ${DOMAIN}
 realm: ${REALM}
-secret: ${JOINPASS}
+secret: ${MACHINEPASS}
 secureChannelType: 6
 sAMAccountName: ${NETBIOSNAME}$
 whenCreated: ${LDAPTIME}