return NULL;
}
+bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct dom_sid *dom_sid_new;
+ struct dom_sid *dom_sid_old;
+
+ /* see if we have a cached copy */
+ dom_sid_old = talloc_get_type(ldb_get_opaque(ldb,
+ "cache.domain_sid"), struct dom_sid);
+
+ tmp_ctx = talloc_new(ldb);
+ if (tmp_ctx == NULL) {
+ goto failed;
+ }
+
+ dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in);
+ if (!dom_sid_new) {
+ goto failed;
+ }
+
+ /* cache the domain_sid in the ldb */
+ if (ldb_set_opaque(ldb, "cache.domain_sid", dom_sid_new) != LDB_SUCCESS) {
+ goto failed;
+ }
+
+ talloc_steal(ldb, dom_sid_new);
+ talloc_free(tmp_ctx);
+ talloc_free(dom_sid_old);
+
+ return true;
+
+failed:
+ DEBUG(1,("Failed to set our own cached domain SID in the ldb!\n"));
+ talloc_free(tmp_ctx);
+ return false;
+}
+
/* Obtain the short name of the flexible single master operator
* (FSMO), such as the PDC Emulator */
const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
void *sam_ctx;
struct ldb_message **res;
+ struct ldb_dn *domain_dn;
int ret;
ZERO_STRUCT(r->out);
return WERR_DS_SERVICE_UNAVAILABLE;
}
- ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
- "(&(objectClass=domainDNS)(dnsDomain=%s))",
- r->in.domain_name);
+ domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
+ r->in.domain_name);
+ if (domain_dn == NULL) {
+ return WERR_DS_SERVICE_UNAVAILABLE;
+ }
+
+ ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
if (ret != 1) {
return WERR_NO_SUCH_DOMAIN;
}
#include "ldb_wrap.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/ndr/libndr.h"
+#include "libcli/security/security.h"
/*
get the connected db
}
/*
- commit a ldb attach a dsdb_schema from ldif files
+ set a particular invocationId against the running LDB
usage:
ok = ldb.set_ntds_invocationId("7729aa4b-f990-41ad-b81a-8b6a14090f41");
*/
}
/*
- commit a ldb attach a dsdb_schema from ldif files
+ attach a particular ntds objectGUID against the current ldb
usage:
- ok = ldb.get_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
+ ok = ldb.set_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
*/
static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv)
{
return 0;
}
+/*
+ attach a particular domain SID against the current ldb
+ usage:
+ ok = ldb.set_domain_sid("S-S-1-5-21-3065342217-3567412576-2214182334");
+*/
+static int ejs_ldb_set_domain_sid(MprVarHandle eid, int argc, char **argv)
+{
+ struct ldb_context *ldb;
+ struct dom_sid *dom_sid;
+ char *dom_sid_str;
+ bool ok;
+
+ if (argc != 1) {
+ ejsSetErrorMsg(eid, "ldb.set_domain_sid invalid arguments");
+ return -1;
+ }
+
+ ldb = ejs_get_ldb_context(eid);
+ if (ldb == NULL) {
+ return -1;
+ }
+
+ dom_sid_str = argv[0];
+
+ dom_sid = dom_sid_parse_talloc(NULL, dom_sid_str);
+ if (!dom_sid) {
+ ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to parse domain sid '%s'\n",
+ dom_sid_str);
+ return -1;
+ }
+
+ ok = samdb_set_domain_sid(ldb, dom_sid);
+ talloc_free(dom_sid);
+ if (!ok) {
+ ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to set cached ntds invocationId\n");
+ return -1;
+ }
+
+ mpr_Return(eid, mprCreateBoolVar(ok));
+ return 0;
+}
+
/*
initialise ldb ejs subsystem
*/
ejs_ldb_set_ntds_invocationId);
mprSetStringCFunction(ldb, "set_ntds_objectGUID",
ejs_ldb_set_ntds_objectGUID);
+ mprSetStringCFunction(ldb, "set_domain_sid",
+ ejs_ldb_set_domain_sid);
mprSetVar(ldb, "SCOPE_BASE", mprCreateNumberVar(LDB_SCOPE_BASE));
mprSetVar(ldb, "SCOPE_ONE", mprCreateNumberVar(LDB_SCOPE_ONELEVEL));
mprSetVar(ldb, "SCOPE_SUBTREE", mprCreateNumberVar(LDB_SCOPE_SUBTREE));
return true;
}
+function load_schema(subobj, message, samdb)
+{
+ var lp = loadparm_init();
+ var src = lp.get("setup directory") + "/" + "schema.ldif";
+
+ if (! sys.stat(src)) {
+ message("Template file not found: %s\n",src);
+ assert(0);
+ }
+
+ var schema_data = sys.file_load(src);
+
+ src = lp.get("setup directory") + "/" + "schema_samba4.ldif";
+
+ if (! sys.stat(src)) {
+ message("Template file not found: %s\n",src);
+ assert(0);
+ }
+
+ schema_data = schema_data + sys.file_load(src);
+
+ schema_data = substitute_var(schema_data, subobj);
+
+ src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif";
+
+ if (! sys.stat(src)) {
+ message("Template file not found: %s\n",src);
+ assert(0);
+ }
+
+ var head_data = sys.file_load(src);
+ head_data = substitute_var(head_data, subobj);
+
+ var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data);
+ return ok;
+}
+
+
/*
provision samba4 - caution, this wipes all existing data!
*/
}
samdb.close();
+ message("Pre-loading the Samba4 and AD schema\n");
+
samdb = open_ldb(info, paths.samdb, false);
+ samdb.set_domain_sid(subobj.DOMAINSID);
+
+ var load_schema_ok = load_schema(subobj, message, samdb);
+ assert(load_schema_ok.is_ok);
+
message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
message("Setting up sam.ldb AD schema\n");
setup_add_ldif("schema.ldif", info, samdb, false);
- // (hack) Reload, now we have the schema loaded.
- var commit_ok = samdb.transaction_commit();
- if (!commit_ok) {
- info.message("samdb commit failed: " + samdb.errstring() + "\n");
- assert(commit_ok);
- }
- samdb.close();
-
- samdb = open_ldb(info, paths.samdb, false);
-
message("Setting up sam.ldb configuration data\n");
setup_add_ldif("provision_configuration.ldif", info, samdb, false);
###############################
dn: ${DOMAINDN}
changetype: modify
-replace: dnsDomain
-dnsDomain: ${DNSDOMAIN}
-
replace: dc
dc: ${RDN_DC}
subRefs: ${CONFIGDN}
subRefs: ${SCHEMADN}
-
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
replace: gPLink
gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2]
-
-
replace: subRefs
subRefs: ${SCHEMADN}
--
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: TRUE
-
-replace: objectCategory
-objectCategory: CN=DMD,${SCHEMADN}
--
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
replace: fSMORoleOwner
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-
dMDLocation: ${SCHEMADN}
invocationId: ${INVOCATIONID}
msDS-Behavior-Version: 2
-
+msDS-hasMasterNCs: ${CONFIGDN}
+msDS-hasMasterNCs: ${SCHEMADN}
+msDS-hasMasterNCs: ${DOMAINDN}
+hasMasterNCs: ${CONFIGDN}
+hasMasterNCs: ${SCHEMADN}
+hasMasterNCs: ${DOMAINDN}
attributeSyntax: 2.5.5.5
oMSyntax: 22
-dn: cn=dnsDomain,${SCHEMADN}
-objectClass: top
-objectClass: attributeSchema
-lDAPDisplayName: dnsDomain
-isSingleValued: FALSE
-systemFlags: 17
-systemOnly: TRUE
-schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
-adminDisplayName: DNS-Domain
-attributeID: 1.3.6.1.4.1.7165.4.1.6
-attributeSyntax: 2.5.5.4
-oMSyntax: 20
+#
+# Not used anymore
+#
+#dn: cn=dnsDomain,${SCHEMADN}
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: dnsDomain
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
+#adminDisplayName: DNS-Domain
+#attributeID: 1.3.6.1.4.1.7165.4.1.6
+#attributeSyntax: 2.5.5.4
+#oMSyntax: 20
dn: cn=privilege,${SCHEMADN}
objectClass: top
git.samba.org / amitay / samba.git / commitdiff