+def create_samdb_copy(logger, paths, names, domainsid, domainguid):
+ """Create a copy of samdb and give write permissions to named for dns partitions
+ """
+ private_dir = paths.private_dir
+ samldb_dir = os.path.join(private_dir, "sam.ldb.d")
+ dns_dir = os.path.dirname(paths.dns)
+ dns_samldb_dir = os.path.join(dns_dir, "sam.ldb.d")
+ domainpart_file = "%s.ldb" % names.domaindn.upper()
+ configpart_file = "%s.ldb" % names.configdn.upper()
+ schemapart_file = "%s.ldb" % names.schemadn.upper()
+ domainzone_file = "DC=DOMAINDNSZONES,%s.ldb" % names.domaindn.upper()
+ forestzone_file = "DC=FORESTDNSZONES,%s.ldb" % names.rootdn.upper()
+ metadata_file = "metadata.tdb"
+
+ # Copy config, schema partitions, create empty domain partition
+ try:
+ shutil.copyfile(os.path.join(private_dir, "sam.ldb"),
+ os.path.join(dns_dir, "sam.ldb"))
+ os.mkdir(dns_samldb_dir)
+ file(os.path.join(dns_samldb_dir, domainpart_file), 'w').close()
+ shutil.copyfile(os.path.join(samldb_dir, configpart_file),
+ os.path.join(dns_samldb_dir, configpart_file))
+ shutil.copyfile(os.path.join(samldb_dir, schemapart_file),
+ os.path.join(dns_samldb_dir, schemapart_file))
+ except:
+ logger.error("Failed to setup database for BIND, AD based DNS cannot be used")
+ raise
+
+ # Link metadata and dns partitions
+ try:
+ os.link(os.path.join(samldb_dir, metadata_file),
+ os.path.join(dns_samldb_dir, metadata_file))
+ os.link(os.path.join(samldb_dir, domainzone_file),
+ os.path.join(dns_samldb_dir, domainzone_file))
+ os.link(os.path.join(samldb_dir, forestzone_file),
+ os.path.join(dns_samldb_dir, forestzone_file))
+ except OSError, e:
+ try:
+ os.symlink(os.path.join(samldb_dir, metadata_file),
+ os.path.join(dns_samldb_dir, metadata_file))
+ os.symlink(os.path.join(samldb_dir, domainzone_file),
+ os.path.join(dns_samldb_dir, domainzone_file))
+ os.symlink(os.path.join(samldb_dir, forestzone_file),
+ os.path.join(dns_samldb_dir, forestzone_file))
+ except OSError, e:
+ logger.error("Failed to setup database for BIND, AD based DNS cannot be used")
+ raise
+
+ # Fill the basedn and @OPTION records in domain partition
+ try:
+ ldb = samba.Ldb(os.path.join(dns_samldb_dir, domainpart_file))
+ domainguid_line = "objectGUID: %s\n-" % domainguid
+ descr = b64encode(get_domain_descriptor(domainsid))
+ add_ldif(ldb, "provision_basedn.ldif", {
+ "DOMAINDN" : names.domaindn,
+ "DOMAINGUID" : domainguid_line,
+ "DOMAINSID" : str(domainsid),
+ "DESCRIPTOR" : descr})
+ add_ldif(ldb, "provision_basedn_options.ldif", None)
+ except:
+ logger.error("Failed to setup database for BIND, AD based DNS cannot be used")
+ raise
+
+ # Give bind read/write permissions dns partitions
+ if paths.bind_gid is not None:
+ try:
+ os.chown(samldb_dir, -1, paths.bind_gid)
+ os.chmod(samldb_dir, 0750)
+ os.chown(os.path.join(dns_dir, "sam.ldb"), -1, paths.bind_gid)
+ os.chmod(os.path.join(dns_dir, "sam.ldb"), 0660)
+ os.chown(dns_samldb_dir, -1, paths.bind_gid)
+ os.chmod(dns_samldb_dir, 0770)
+ os.chown(os.path.join(dns_samldb_dir, domainpart_file), -1, paths.bind_gid)
+ os.chmod(os.path.join(dns_samldb_dir, domainpart_file), 0660)
+ os.chown(os.path.join(dns_samldb_dir, configpart_file), -1, paths.bind_gid)
+ os.chmod(os.path.join(dns_samldb_dir, configpart_file), 0660)
+ os.chown(os.path.join(dns_samldb_dir, schemapart_file), -1, paths.bind_gid)
+ os.chmod(os.path.join(dns_samldb_dir, schemapart_file), 0660)
+ os.chown(os.path.join(samldb_dir, metadata_file), -1, paths.bind_gid)
+ os.chmod(os.path.join(samldb_dir, metadata_file), 0660)
+ os.chown(os.path.join(samldb_dir, domainzone_file), -1, paths.bind_gid)
+ os.chmod(os.path.join(samldb_dir, domainzone_file), 0660)
+ os.chown(os.path.join(samldb_dir, forestzone_file), -1, paths.bind_gid)
+ os.chmod(os.path.join(samldb_dir, forestzone_file), 0660)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.error("Failed to set permissions to sam.ldb* files, fix manually")
+ else:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.warning("""Unable to find group id for BIND,
+ set permissions to sam.ldb* files manually""")
+
+