From c39959ff559be83f7ac08c2f3f7acb8a46a9c1e5 Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Sat, 6 Dec 2014 00:23:08 +0100 Subject: [PATCH] provision/sambadns: set correct owner of keytab file otherwise samba_dnsupdate will not work Bug: https://bugzilla.samba.org/show_bug.cgi?id=10881 Signed-off-by: Christian Ambach --- python/samba/provision/sambadns.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py index b563932..ab95411 100644 --- a/python/samba/provision/sambadns.py +++ b/python/samba/provision/sambadns.py @@ -640,7 +640,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname, fqdn_hostname) -def secretsdb_setup_dns(secretsdb, names, private_dir, realm, +def secretsdb_setup_dns(secretsdb, names, private_dir, bind_gid, realm, dnsdomain, dns_keytab_path, dnspass, key_version_number): """Add DNS specific bits to a secrets database. @@ -667,6 +667,18 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm, names.netbiosname.lower(), names.dnsdomain.lower()) }) + # the commit creates the dns.keytab, now chown it + dns_keytab = os.path.join(private_dir, dns_keytab_path) + if os.path.isfile(dns_keytab) and bind_gid is not None: + try: + os.chmod(dns_keytab, 0640) + os.chown(dns_keytab, -1, bind_gid) + except OSError: + if not os.environ.has_key('SAMBA_SELFTEST'): + logger.info("Failed to chown %s to bind gid %u", + dns_keytab, bind_gid) + + def create_dns_dir(logger, paths): """Write out a DNS zone file, from the info in the current database. @@ -1173,7 +1185,8 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger, domainguid = get_domainguid(samdb, domaindn) secretsdb_setup_dns(secretsdb, names, - paths.private_dir, realm=names.realm, + paths.private_dir, paths.bind_gid, + realm=names.realm, dnsdomain=names.dnsdomain, dns_keytab_path=paths.dns_keytab, dnspass=dnspass, key_version_number=key_version_number) -- 1.9.1