char *szConfigFile;
char *szShareBackend;
char *szSAM_URL;
+ char *szSECRETS_URL;
char *szSPOOLSS_URL;
char *szWINS_CONFIG_URL;
char *szWINS_URL;
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"password server", P_LIST, P_GLOBAL, &Globals.szPasswordServers, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"sam database", P_STRING, P_GLOBAL, &Globals.szSAM_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"secrets database", P_STRING, P_GLOBAL, &Globals.szSECRETS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"spoolss database", P_STRING, P_GLOBAL, &Globals.szSPOOLSS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins config database", P_STRING, P_GLOBAL, &Globals.szWINS_CONFIG_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins database", P_STRING, P_GLOBAL, &Globals.szWINS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
do_parameter("auth methods", "anonymous sam_ignoredomain", NULL);
do_parameter("private dir", dyn_PRIVATE_DIR, NULL);
do_parameter("sam database", "sam.ldb", NULL);
+ do_parameter("secrets database", "secrets.ldb", NULL);
do_parameter("spoolss database", "spoolss.ldb", NULL);
do_parameter("wins config database", "wins_config.ldb", NULL);
do_parameter("wins database", "wins.ldb", NULL);
_PUBLIC_ FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
_PUBLIC_ FN_GLOBAL_STRING(lp_share_backend, &Globals.szShareBackend)
_PUBLIC_ FN_GLOBAL_STRING(lp_sam_url, &Globals.szSAM_URL)
+_PUBLIC_ FN_GLOBAL_STRING(lp_secrets_url, &Globals.szSECRETS_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL)
struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx)
{
char *path;
+ const char *url;
struct ldb_context *ldb;
BOOL existed;
const char *init_ldif =
"computerName: CASE_INSENSITIVE\n" \
"flatname: CASE_INSENSITIVE\n";
- path = private_path(mem_ctx, "secrets.ldb");
+ url = lp_secrets_url();
+ if (!url || !url[0]) {
+ return NULL;
+ }
+
+ path = private_path(mem_ctx, url);
if (!path) {
return NULL;
}
-
+
existed = file_exist(path);
/* Secrets.ldb *must* always be local. If we call for a
paths.hkpd = "hkpd.ldb";
paths.hkpt = "hkpt.ldb";
paths.samdb = lp.get("sam database");
- paths.secrets = "secrets.ldb";
+ paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab";
paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
paths.winsdb = "wins.ldb";
ok = samdb.transaction_commit();
assert(ok);
+ message("Setting up " + paths.secrets + "\n");
+ setup_ldb("secrets.ldif", info, paths.secrets);
+
+ tmp = lp.get("secrets database");
+ ok = lp.set("secrets database", paths.secrets);
+ assert(ok);
+
+ message("Setting up keytabs\n");
+ var keytab_ok = credentials_update_all_keytabs();
+ assert(keytab_ok);
+
+ ok = lp.set("secrets database", tmp);
+ assert(ok);
+
return true;
}
message("Setting up share.ldb\n");
setup_ldb("share.ldif", info, paths.shareconf);
}
+
message("Setting up secrets.ldb\n");
setup_ldb("secrets.ldif", info, paths.secrets);
+
message("Setting up keytabs\n");
var keytab_ok = credentials_update_all_keytabs();
assert(keytab_ok);
+
message("Setting up hklm.ldb\n");
setup_ldb("hklm.ldif", info, paths.hklm);
#define TORTURE_NETBIOS_NAME "smbtorturedc"
#define TORTURE_SAMDB_LDB "test_samdb.ldb"
+#define TORTURE_SECRETS_LDB "test_secrets.ldb"
+#define TORTURE_SECRETS_KEYTAB "test_secrets.keytab"
struct test_become_dc_state {
struct libnet_context *ctx;
"\n"
"var paths = provision_default_paths(subobj);\n"
"paths.samdb = \"%s\";\n"
+ "paths.secrets = \"%s\";\n"
+ "paths.keytab = \"%s\";\n"
"\n"
"var system_session = system_session();\n"
"\n"
"assert(ok);\n"
"\n"
"return 0;\n",
- p->forest->root_dn_str,
- p->domain->dn_str,
- p->forest->config_dn_str,
- p->forest->schema_dn_str,
- p->dest_dsa->netbios_name,
- p->dest_dsa->dns_name,
- p->dest_dsa->site_name,
- TORTURE_SAMDB_LDB);
+ p->forest->root_dn_str, /* subobj.ROOTDN */
+ p->domain->dn_str, /* subobj.DOMAINDN */
+ p->forest->config_dn_str, /* subobj.CONFIGDN */
+ p->forest->schema_dn_str, /* subobj.SCHEMADN */
+ p->dest_dsa->netbios_name, /* subobj.HOSTNAME */
+ p->dest_dsa->dns_name, /* subobj.DNSNAME */
+ p->dest_dsa->site_name, /* subobj.DEFAULTSITE */
+ TORTURE_SAMDB_LDB, /* paths.samdb */
+ TORTURE_SECRETS_LDB, /* paths.secrets */
+ TORTURE_SECRETS_KEYTAB); /* paths.keytab */
NT_STATUS_HAVE_NO_MEMORY(ejs);
ret = test_run_ejs(ejs);