r24760: Ensure we base64 encode any password being put into LDIF, to avoid

provision failures when some of the random password values are illigal
LDIF.

Andrew Bartlett
(This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)

4 files changed, 13 insertions, 6 deletions

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 57531a28b91..ca0fedf97b9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -449,6 +449,8 @@ function setup_name_mappings(info, ldb)
 
 function provision_fix_subobj(subobj, paths)
 {
+	var ldb = ldb_init();
+	
 	subobj.REALM       = strupper(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
@@ -465,6 +467,11 @@ function provision_fix_subobj(subobj, paths)
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 
+	subobj.MACHINEPASS_B64 = ldb.encode(subobj.MACHINEPASS);
+	subobj.KRBTGTPASS_B64  = ldb.encode(subobj.KRBTGTPASS);
+	subobj.ADMINPASS_B64   = ldb.encode(subobj.ADMINPASS);
+	subobj.DNSPASS_B64     = ldb.encode(subobj.DNSPASS);
+
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 25f9fab6d3c..ff44a35f6d6 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -13,7 +13,7 @@ operatingSystem: Samba
 operatingSystemVersion: 4.0
 dNSHostName: ${DNSNAME}
 isCriticalSystemObject: TRUE
-sambaPassword: ${MACHINEPASS}
+sambaPassword:: ${MACHINEPASS_B64}
 servicePrincipalName: HOST/${DNSNAME}
 servicePrincipalName: HOST/${NETBIOSNAME}
 servicePrincipalName: HOST/${DNSNAME}/${REALM}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 60a26c1ebf9..f6fbb0bd528 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -13,7 +13,7 @@ adminCount: 1
 accountExpires: -1
 sAMAccountName: Administrator
 isCriticalSystemObject: TRUE
-sambaPassword: ${ADMINPASS}
+sambaPassword:: ${ADMINPASS_B64}
 
 dn: CN=Guest,CN=Users,${DOMAINDN}
 objectClass: user
@@ -203,7 +203,7 @@ sAMAccountName: krbtgt
 sAMAccountType: 805306368
 servicePrincipalName: kadmin/changepw
 isCriticalSystemObject: TRUE
-sambaPassword: ${KRBTGTPASS}
+sambaPassword:: ${KRBTGTPASS_B64}
 
 dn: CN=dns,CN=Users,${DOMAINDN}
 objectClass: top
@@ -219,7 +219,7 @@ sAMAccountName: dns
 sAMAccountType: 805306368
 servicePrincipalName: DNS/${DNSDOMAIN}
 isCriticalSystemObject: TRUE
-sambaPassword: ${DNSPASS}
+sambaPassword:: ${DNSPASS_B64}
 
 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 objectClass: top
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 8c61c06a54f..80015b4b411 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -14,7 +14,7 @@ objectClass: primaryDomain
 objectClass: kerberosSecret
 flatname: ${DOMAIN}
 realm: ${REALM}
-secret: ${MACHINEPASS}
+secret:: ${MACHINEPASS_B64}
 secureChannelType: 6
 sAMAccountName: ${NETBIOSNAME}$
 whenCreated: ${LDAPTIME}
@@ -50,5 +50,5 @@ whenCreated: ${LDAPTIME}
 whenChanged: ${LDAPTIME}
 servicePrincipalName: DNS/${DNSDOMAIN}
 privateKeytab: ${DNS_KEYTAB}
-secret: ${DNSPASS}
+secret:: ${DNSPASS_B64}