From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Aug 2011 09:15:13 +0000 (+1000)
Subject: s4-provision Perform 'modify' operations as system
X-Git-Tag: talloc-2.0.7~208
X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=c271b7142062f833869bb13aed4a873edcd1e445;p=nivanova%2Fsamba-autobuild%2F.git

s4-provision Perform 'modify' operations as system

We need this so that we can modify the cn=configuration partition when
we are setting up a new subdomain.

The serverReference on our ${SERVERDN} is in that partition, and
without this change creating a new subdomain fails due to ACLs.

Andrew Bartlett
---

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 761caa2dce0..827d72b5e47 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1065,7 +1065,7 @@ def setup_samdb_rootdse(samdb, names):
         })
 
 
-def setup_self_join(samdb, names, fill, machinepass, dnspass,
+def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
                     domainsid, next_rid, invocationid,
                     policyguid, policyguid_dc, domainControllerFunctionality,
                     ntdsguid, dc_rid=None):
@@ -1093,7 +1093,9 @@ def setup_self_join(samdb, names, fill, machinepass, dnspass,
               "SAMBA_VERSION_STRING": version,
               "NTDSGUID": ntdsguid_line,
               "DOMAIN_CONTROLLER_FUNCTIONALITY": str(
-                  domainControllerFunctionality)})
+                  domainControllerFunctionality),
+              "RIDALLOCATIONSTART": str(next_rid + 100),
+              "RIDALLOCATIONEND": str(next_rid + 100 + 499)})
 
     setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
               "POLICYGUID": policyguid,
@@ -1124,18 +1126,24 @@ def setup_self_join(samdb, names, fill, machinepass, dnspass,
                 "CONFIGDN": names.configdn,
                 "SCHEMADN": names.schemadn,
                 "DEFAULTSITE": names.sitename,
+                "NETBIOSNAME": names.netbiosname,
                 "SERVERDN": names.serverdn,
                 })
 
+    system_session_info = system_session()
+    samdb.set_session_info(system_session_info)
     # Setup fSMORoleOwner entries to point at the newly created DC entry
+
+    # to modify a serverReference under cn=config when we are a subdomain, we must
+    # be system due to ACLs
     setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
               "DOMAINDN": names.domaindn,
               "SERVERDN": names.serverdn,
               "NETBIOSNAME": names.netbiosname,
-              "RIDALLOCATIONSTART": str(next_rid + 100),
-              "RIDALLOCATIONEND": str(next_rid + 100 + 499),
               })
 
+    samdb.set_session_info(admin_session_info)
+
     # This is Samba4 specific and should be replaced by the correct
     # DNS AD-style setup
     setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
@@ -1425,7 +1433,7 @@ def fill_samdb(samdb, lp, names,
                 })
 
             logger.info("Setting up self join")
-            setup_self_join(samdb, names=names, fill=fill, invocationid=invocationid,
+            setup_self_join(samdb, admin_session_info, names=names, fill=fill, invocationid=invocationid,
                             dnspass=dnspass,
                             machinepass=machinepass,
                             domainsid=domainsid,
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index b19db78b72e..f77ac5710ec 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -20,3 +20,10 @@ sAMAccountName: ${NETBIOSNAME}$
 userAccountControl: 532480
 clearTextPassword:: ${MACHINEPASS_B64}
 objectSid: ${DOMAINSID}-${DCRID}
+
+dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+objectClass: rIDSet
+rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDUsedPool: 0
+rIDNextRID: ${RIDALLOCATIONSTART}
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index 7b5c562ed08..dcdeee39d4d 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -15,14 +15,6 @@ changetype: modify
 replace: fSMORoleOwner
 fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
 
-dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
-changetype: add
-objectClass: rIDSet
-rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
-rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
-rIDUsedPool: 0
-rIDNextRID: ${RIDALLOCATIONSTART}
-
 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
 changetype: modify
 add: rIDSetReferences