r20806: make it possible to configure the secrets.ldb url

via "secrets database = my_secrets.ldb"

metze
(This used to be commit a096a9741597105140845f59e54a76060da0010b)

diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 93d9d79eceb4783dfc54cbed54c6e83d8332cc7c..98724a107dd84bd1971f0dc36ae07ed0e9fefc0c 100644 (file)
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -107,6 +107,7 @@ typedef struct
        char *szConfigFile;
        char *szShareBackend;
        char *szSAM_URL;
+       char *szSECRETS_URL;
        char *szSPOOLSS_URL;
        char *szWINS_CONFIG_URL;
        char *szWINS_URL;
@@ -403,6 +404,7 @@ static struct parm_struct parm_table[] = {
        {"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
        {"password server", P_LIST, P_GLOBAL, &Globals.szPasswordServers, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
        {"sam database", P_STRING, P_GLOBAL, &Globals.szSAM_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+       {"secrets database", P_STRING, P_GLOBAL, &Globals.szSECRETS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
        {"spoolss database", P_STRING, P_GLOBAL, &Globals.szSPOOLSS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
        {"wins config database", P_STRING, P_GLOBAL, &Globals.szWINS_CONFIG_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
        {"wins database", P_STRING, P_GLOBAL, &Globals.szWINS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -610,6 +612,7 @@ static void init_globals(void)
        do_parameter("auth methods", "anonymous sam_ignoredomain", NULL);
        do_parameter("private dir", dyn_PRIVATE_DIR, NULL);
        do_parameter("sam database", "sam.ldb", NULL);
+       do_parameter("secrets database", "secrets.ldb", NULL);
        do_parameter("spoolss database", "spoolss.ldb", NULL);
        do_parameter("wins config database", "wins_config.ldb", NULL);
        do_parameter("wins database", "wins.ldb", NULL);
@@ -833,6 +836,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_display_charset, &Globals.display_charset)
 _PUBLIC_ FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
 _PUBLIC_ FN_GLOBAL_STRING(lp_share_backend, &Globals.szShareBackend)
 _PUBLIC_ FN_GLOBAL_STRING(lp_sam_url, &Globals.szSAM_URL)
+_PUBLIC_ FN_GLOBAL_STRING(lp_secrets_url, &Globals.szSECRETS_URL)
 _PUBLIC_ FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL)
 _PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL)
 _PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL)

diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index a7eb9607de341a4bd0e77a4ce9027b818d41c80a..4189f2182cc7f244fa7def795675e40e6d2dc5e8 100644 (file)
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -96,6 +96,7 @@ BOOL secrets_init(void)
 struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx)
 {
        char *path;
+       const char *url;
        struct ldb_context *ldb;
        BOOL existed;
        const char *init_ldif = 
@@ -103,11 +104,16 @@ struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx)
                "computerName: CASE_INSENSITIVE\n" \
                "flatname: CASE_INSENSITIVE\n";
 
-       path = private_path(mem_ctx, "secrets.ldb");
+       url = lp_secrets_url();
+       if (!url || !url[0]) {
+               return NULL;
+       }
+
+       path = private_path(mem_ctx, url);
        if (!path) {
                return NULL;
        }
-       
+
        existed = file_exist(path);
 
        /* Secrets.ldb *must* always be local.  If we call for a

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e9261888c6f5b09bce2250da34985a7471abc20d..1dbe08427e9c12ede2617ac2716bce8d4c7ea833 100644 (file)
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -381,7 +381,7 @@ function provision_default_paths(subobj)
        paths.hkpd = "hkpd.ldb";
        paths.hkpt = "hkpt.ldb";
        paths.samdb = lp.get("sam database");
-       paths.secrets = "secrets.ldb";
+       paths.secrets = lp.get("secrets database");
        paths.keytab = "secrets.keytab";
        paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
        paths.winsdb = "wins.ldb";
@@ -484,6 +484,20 @@ function provision_become_dc(subobj, message, paths, session_info)
        ok = samdb.transaction_commit();
        assert(ok);
 
+       message("Setting up " + paths.secrets + "\n");
+       setup_ldb("secrets.ldif", info, paths.secrets);
+
+       tmp = lp.get("secrets database");
+       ok = lp.set("secrets database", paths.secrets);
+       assert(ok);
+
+       message("Setting up keytabs\n");
+       var keytab_ok = credentials_update_all_keytabs();
+       assert(keytab_ok);
+
+       ok = lp.set("secrets database", tmp);
+       assert(ok);
+
        return true;
 }
 
@@ -529,11 +543,14 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
                message("Setting up share.ldb\n");
                setup_ldb("share.ldif", info, paths.shareconf);
        }
+
        message("Setting up secrets.ldb\n");
        setup_ldb("secrets.ldif", info, paths.secrets);
+
        message("Setting up keytabs\n");
        var keytab_ok = credentials_update_all_keytabs();
        assert(keytab_ok);
+
        message("Setting up hklm.ldb\n");
        setup_ldb("hklm.ldif", info, paths.hklm);
 

diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
index 7605ad5c6ed29f0c4cfca20ee5b3284f0bbcc453..1faf622be65890da8a9c2501fe1683c7a1608aeb 100644 (file)
--- a/source4/torture/libnet/libnet_BecomeDC.c
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -96,6 +96,8 @@ failed:
 
 #define TORTURE_NETBIOS_NAME "smbtorturedc"
 #define TORTURE_SAMDB_LDB "test_samdb.ldb"
+#define TORTURE_SECRETS_LDB "test_secrets.ldb"
+#define TORTURE_SECRETS_KEYTAB "test_secrets.keytab"
 
 struct test_become_dc_state {
        struct libnet_context *ctx;
@@ -198,6 +200,8 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
                "\n"
                "var paths = provision_default_paths(subobj);\n"
                "paths.samdb = \"%s\";\n"
+               "paths.secrets = \"%s\";\n"
+               "paths.keytab = \"%s\";\n"
                "\n"
                "var system_session = system_session();\n"
                "\n"
@@ -205,14 +209,16 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
                "assert(ok);\n"
                "\n"
                "return 0;\n",
-               p->forest->root_dn_str,
-               p->domain->dn_str,
-               p->forest->config_dn_str,
-               p->forest->schema_dn_str,
-               p->dest_dsa->netbios_name,
-               p->dest_dsa->dns_name,
-               p->dest_dsa->site_name,
-               TORTURE_SAMDB_LDB);
+               p->forest->root_dn_str,         /* subobj.ROOTDN */
+               p->domain->dn_str,              /* subobj.DOMAINDN */
+               p->forest->config_dn_str,       /* subobj.CONFIGDN */
+               p->forest->schema_dn_str,       /* subobj.SCHEMADN */
+               p->dest_dsa->netbios_name,      /* subobj.HOSTNAME */
+               p->dest_dsa->dns_name,          /* subobj.DNSNAME */
+               p->dest_dsa->site_name,         /* subobj.DEFAULTSITE */
+               TORTURE_SAMDB_LDB,              /* paths.samdb */
+               TORTURE_SECRETS_LDB,            /* paths.secrets */
+               TORTURE_SECRETS_KEYTAB);        /* paths.keytab */
        NT_STATUS_HAVE_NO_MEMORY(ejs);
 
        ret = test_run_ejs(ejs);