Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivial
authorJelmer Vernooij <jelmer@samba.org>
Thu, 24 Jan 2008 21:00:07 +0000 (22:00 +0100)
committerJelmer Vernooij <jelmer@samba.org>
Thu, 24 Jan 2008 21:00:07 +0000 (22:00 +0100)
source/auth/auth_sam_reply.c
source/dsdb/samdb/ldb_modules/repl_meta_data.c
source/librpc/idl/netlogon.idl
source/pidl/lib/Parse/Pidl/Samba4/Header.pm
source/scripting/libjs/provision.js
source/setup/provision
source/setup/provision_basedn.ldif
source/setup/provision_basedn_modify.ldif
source/setup/provision_partitions.ldif
source/setup/secrets_dc.ldif
source/torture/libnet/libnet_BecomeDC.c

index 6ab220498dc8d68f59efd93f1743fbc713d593b9..ea6f0a1f60eb338e9267e5a781c53d2ea1e1609f 100644 (file)
@@ -132,7 +132,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
                        continue;
                }
                sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]);
-               sam3->sids[sam3->sidcount].attribute = 
+               sam3->sids[sam3->sidcount].attributes =
                        SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
                sam3->sidcount += 1;
        }
index a21cf250cbff8112afc168e50b00a0e721227d9d..5100b7cb7c89ea2e6a4bb9521b52980fd2b5c743 100644 (file)
@@ -391,6 +391,10 @@ static int replmd_add_originating(struct ldb_module *module,
                m->originating_usn              = seq_num;
                m->local_usn                    = seq_num;
                ni++;
+
+               if (ldb_attr_cmp(e->name, ldb_dn_get_rdn_name(msg->dn))) {
+                       rdn_attr = sa;
+               }
        }
 
        /* fix meta data count */
index dcbb647ba01ce55aba1ee28f8af3cf7b2525f5f5..3e4d46d7f726c33a921b4e2a7149682c3050f569 100644 (file)
@@ -19,6 +19,7 @@ import "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
 interface netlogon
 {
        typedef bitmap samr_AcctFlags samr_AcctFlags;
+       typedef bitmap samr_GroupAttrs samr_GroupAttrs;
 
        /*****************/
        /* Function 0x00 */
@@ -86,13 +87,18 @@ interface netlogon
                [size_is(size/2),length_is(length/2)] uint16 *bindata;
        } netr_AcctLockStr;
 
-       const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002;
-       const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020;
-       const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800;
+       typedef [public,bitmap32bit] bitmap {
+               MSV1_0_CLEARTEXT_PASSWORD_ALLOWED       = 0x00000002,
+               MSV1_0_UPDATE_LOGON_STATISTICS          = 0x00000004,
+               MSV1_0_RETURN_USER_PARAMETERS           = 0x00000008,
+               MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT       = 0x00000020,
+               MSV1_0_RETURN_PROFILE_PATH              = 0x00000200,
+               MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT  = 0x00000800
+       } netr_LogonParameterControl;
 
        typedef struct {
                lsa_String  domain_name;
-               uint32      parameter_control; /* see MSV1_0_* */
+               netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
                uint32      logon_id_low;
                uint32      logon_id_high;
                lsa_String  account_name;
@@ -126,11 +132,6 @@ interface netlogon
                [case(6)] netr_NetworkInfo  *network;
        } netr_LogonLevel;
 
-       typedef [public] struct {
-               uint32 rid;
-               uint32 attributes;
-       } netr_GroupMembership;
-
        typedef [public,flag(NDR_PAHEX)] struct {
                uint8 key[16];
        } netr_UserSessionKey;
@@ -187,7 +188,7 @@ interface netlogon
 
        typedef struct {
                dom_sid2 *sid;
-               uint32 attribute;
+               samr_GroupAttrs attributes;
        } netr_SidAttr;
 
        typedef [public] struct {
index 2b3a9df80f3b128a4701143a67c3c631aa290022..14f472340c6610569e4d1a90e2d716144b901424 100644 (file)
@@ -82,9 +82,9 @@ sub HeaderElement($)
 
 #####################################################################
 # parse a struct
-sub HeaderStruct($$)
+sub HeaderStruct($$;$)
 {
-       my($struct,$name) = @_;
+       my($struct,$name,$tail) = @_;
        pidl "struct $name";
        return if (not defined($struct->{ELEMENTS}));
        pidl " {\n";
@@ -103,13 +103,14 @@ sub HeaderStruct($$)
        if (defined $struct->{PROPERTIES}) {
                HeaderProperties($struct->{PROPERTIES}, []);
        }
+       pidl $tail if defined($tail);
 }
 
 #####################################################################
 # parse a enum
-sub HeaderEnum($$)
+sub HeaderEnum($$;$)
 {
-       my($enum,$name) = @_;
+       my($enum,$name,$tail) = @_;
        my $first = 1;
 
        pidl "enum $name";
@@ -131,30 +132,29 @@ sub HeaderEnum($$)
                my $count = 0;
                my $with_val = 0;
                my $without_val = 0;
-               if (defined($enum->{ELEMENTS})) {
-                       pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n";
-                       foreach my $e (@{$enum->{ELEMENTS}}) {
-                               my $t = "$e";
-                               my $name;
-                               my $value;
-                               if ($t =~ /(.*)=(.*)/) {
-                                       $name = $1;
-                                       $value = $2;
-                                       $with_val = 1;
-                                       fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
-                                               unless ($without_val == 0);
-                               } else {
-                                       $name = $t;
-                                       $value = $count++;
-                                       $without_val = 1;
-                                       fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
-                                               unless ($with_val == 0);
-                               }
-                               pidl "#define $name ( $value )\n";
+               pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n";
+               foreach my $e (@{$enum->{ELEMENTS}}) {
+                       my $t = "$e";
+                       my $name;
+                       my $value;
+                       if ($t =~ /(.*)=(.*)/) {
+                               $name = $1;
+                               $value = $2;
+                               $with_val = 1;
+                               fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
+                                       unless ($without_val == 0);
+                       } else {
+                               $name = $t;
+                               $value = $count++;
+                               $without_val = 1;
+                               fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
+                                       unless ($with_val == 0);
                        }
+                       pidl "#define $name ( $value )\n";
                }
                pidl "#endif\n";
        }
+       pidl $tail if defined($tail);
 }
 
 #####################################################################
@@ -172,9 +172,9 @@ sub HeaderBitmap($$)
 
 #####################################################################
 # parse a union
-sub HeaderUnion($$)
+sub HeaderUnion($$;$)
 {
-       my($union,$name) = @_;
+       my($union,$name,$tail) = @_;
        my %done = ();
 
        pidl "union $name";
@@ -195,18 +195,19 @@ sub HeaderUnion($$)
        if (defined $union->{PROPERTIES}) {
                HeaderProperties($union->{PROPERTIES}, []);
        }
+       pidl $tail if defined($tail);
 }
 
 #####################################################################
 # parse a type
-sub HeaderType($$$)
+sub HeaderType($$$;$)
 {
-       my($e,$data,$name) = @_;
+       my($e,$data,$name,$tail) = @_;
        if (ref($data) eq "HASH") {
-               ($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name);
+               ($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name, $tail);
                ($data->{TYPE} eq "BITMAP") && HeaderBitmap($data, $name);
-               ($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name);
-               ($data->{TYPE} eq "UNION") && HeaderUnion($data, $name);
+               ($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name, $tail);
+               ($data->{TYPE} eq "UNION") && HeaderUnion($data, $name, $tail);
                return;
        }
 
@@ -215,14 +216,15 @@ sub HeaderType($$$)
        } else {
                pidl mapTypeName($e->{TYPE});
        }
+       pidl $tail if defined($tail);
 }
 
 #####################################################################
 # parse a typedef
-sub HeaderTypedef($)
+sub HeaderTypedef($;$)
 {
-       my($typedef) = shift;
-       HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}) if defined ($typedef->{DATA});
+       my($typedef,$tail) = @_;
+       HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}, $tail) if defined ($typedef->{DATA});
 }
 
 #####################################################################
@@ -359,16 +361,11 @@ sub HeaderInterface($)
        }
 
        foreach my $t (@{$interface->{TYPES}}) {
-               HeaderTypedef($t) if ($t->{TYPE} eq "TYPEDEF");
-               HeaderStruct($t, $t->{NAME}) if ($t->{TYPE} eq "STRUCT");
-               HeaderUnion($t, $t->{NAME}) if ($t->{TYPE} eq "UNION");
-               HeaderEnum($t, $t->{NAME}) if ($t->{TYPE} eq "ENUM");
+               HeaderTypedef($t, ";\n\n") if ($t->{TYPE} eq "TYPEDEF");
+               HeaderStruct($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "STRUCT");
+               HeaderUnion($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "UNION");
+               HeaderEnum($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "ENUM");
                HeaderBitmap($t, $t->{NAME}) if ($t->{TYPE} eq "BITMAP");
-               pidl ";\n\n" if ($t->{TYPE} eq "BITMAP" or 
-                                $t->{TYPE} eq "STRUCT" or 
-                                $t->{TYPE} eq "TYPEDEF" or 
-                                $t->{TYPE} eq "UNION" or 
-                                $t->{TYPE} eq "ENUM");
        }
 
        foreach my $fn (@{$interface->{FUNCTIONS}}) {
index 0cca49dec912488a494c95cd236bd4880fece22d..e71498010cfdb419e753c8e37f8cf154311c1d98 100644 (file)
@@ -484,9 +484,6 @@ function provision_fix_subobj(subobj, paths)
        subobj.ADMINPASS_B64   = ldb.encode(subobj.ADMINPASS);
        subobj.DNSPASS_B64     = ldb.encode(subobj.DNSPASS);
 
-       var rdns = split(",", subobj.DOMAINDN);
-       subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-
        subobj.SAM_LDB          = "tdb://" + paths.samdb;
        subobj.SECRETS_KEYTAB   = paths.keytab;
        subobj.DNS_KEYTAB       = paths.dns_keytab;
@@ -527,6 +524,10 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
        var ok = provision_fix_subobj(subobj, paths);
        assert(ok);
 
+       if (subobj.BACKEND_MOD == undefined) {
+               subobj.BACKEND_MOD = "repl_meta_data";
+       }
+
        info.subobj = subobj;
        info.message = message;
        info.session_info = session_info;
@@ -613,10 +614,21 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
        var lp = loadparm_init();
        var sys = sys_init();
        var info = new Object();
+       random_init(local);
 
        var ok = provision_fix_subobj(subobj, paths);
        assert(ok);
 
+       if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
+               if (subobj.BACKEND_MOD == undefined) {
+                       subobj.BACKEND_MOD = "repl_meta_data";
+               }
+       } else {
+               if (subobj.BACKEND_MOD == undefined) {
+                       subobj.BACKEND_MOD = "objectguid";
+               }
+       }
+
        if (subobj.DOMAINGUID != undefined) {
                subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
        } else {
@@ -696,6 +708,20 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
        samdb.set_domain_sid(subobj.DOMAINSID);
 
+       if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
+               if (subobj.INVOCATIONID == undefined) {
+                       subobj.INVOCATIONID = randguid();
+               }
+               samdb.set_ntds_invocationId(subobj.INVOCATIONID);
+               if (subobj.BACKEND_MOD == undefined) {
+                       subobj.BACKEND_MOD = "repl_meta_data";
+               }
+       } else {
+               if (subobj.BACKEND_MOD == undefined) {
+                       subobj.BACKEND_MOD = "objectguid";
+               }
+       }
+
        var load_schema_ok = load_schema(subobj, message, samdb);
        assert(load_schema_ok.is_ok);
 
@@ -961,7 +987,6 @@ function provision_guess()
        subobj.VERSION      = version();
        subobj.HOSTIP       = hostip();
        subobj.DOMAINSID    = randsid();
-       subobj.INVOCATIONID = randguid();
        subobj.POLICYGUID   = randguid();
        subobj.KRBTGTPASS   = randpass(12);
        subobj.MACHINEPASS  = randpass(12);
@@ -969,9 +994,6 @@ function provision_guess()
        subobj.ADMINPASS    = randpass(12);
        subobj.LDAPMANAGERPASS     = randpass(12);
        subobj.DEFAULTSITE  = "Default-First-Site-Name";
-       subobj.NEWGUID      = randguid;
-       subobj.NTTIME       = nttime;
-       subobj.LDAPTIME     = ldaptime;
        subobj.DATESTRING   = datestring;
        subobj.ROOT         = findnss(nss.getpwnam, "root");
        subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
@@ -1016,9 +1038,6 @@ function provision_guess()
        subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
        subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
        subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
-       subobj.DOMAINDN_MOD2 = ",objectguid";
-       subobj.CONFIGDN_MOD2 = ",objectguid";
-       subobj.SCHEMADN_MOD2 = ",objectguid";
 
        subobj.ACI              = "# no aci for local ldb";
 
index 8b24c510401c24c81c0bc3211eeb490e7be195b2..9e135cddbb49207356041849b1fa89b681ae7009 100755 (executable)
@@ -143,12 +143,10 @@ if (ldapbackend) {
                subobj.LDAPMODULE = "normalise,entryuuid";
                subobj.TDB_MODULES_LIST = "";
        }
+       subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches";
        subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
-       subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
        subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
-       subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
        subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
-       subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
        message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
 }
 
@@ -175,7 +173,9 @@ if (partitions_only) {
                 message("--host-guid='%s' \\\n", subobj.HOSTGUID);
        }
        message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
-       message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+       if (subobj.INVOCATIONID != undefined) {
+               message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+       }
        message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
        message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
        message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
index 3c7537f013ad942a57f6763bfcc63cafc6cc0c7e..11eb0593e8d4f2b68fde3b873b4c8ceb92783f6c 100644 (file)
@@ -6,5 +6,4 @@ objectClass: top
 objectClass: domain
 objectClass: domainDNS
 ${ACI}
-dc: ${RDN_DC}
 
index fa990599d9a6a283bfc49ad29488b3e44d1a1dd2..dadfda720e39c5343a5275cdd1550cedfaf75fee 100644 (file)
@@ -4,9 +4,6 @@
 dn: ${DOMAINDN}
 changetype: modify
 -
-replace: dc
-dc: ${RDN_DC}
--
 replace: forceLogoff
 forceLogoff: 9223372036854775808
 -
index fb8bc7f595c985877037cbeadd410e6559683401..93fea6bc2d05cfec74cde3d75e239dc7b2e78071 100644 (file)
@@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB}
 replicateEntries: @ATTRIBUTES
 replicateEntries: @INDEXLIST
 replicateEntries: @OPTIONS
-modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2}
-modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2}
-modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
+modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD}
+modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD}
+modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD}
 
 dn: @MODULES
 @LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2}
index 64469352bbfec9701fbc859c3ff1bd0c4b7ad035..71c7fc2f5b97afffbf4557ecda1872eb642ab013 100644 (file)
@@ -7,8 +7,6 @@ realm: ${REALM}
 secret:: ${MACHINEPASS_B64}
 secureChannelType: 6
 sAMAccountName: ${NETBIOSNAME}$
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
 msDS-KeyVersionNumber: 1
 objectSid: ${DOMAINSID}
 privateKeytab: ${SECRETS_KEYTAB}
@@ -22,8 +20,6 @@ objectClass: kerberosSecret
 flatname: ${DOMAIN}
 realm: ${REALM}
 sAMAccountName: krbtgt
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
 objectSid: ${DOMAINSID}
 servicePrincipalName: kadmin/changepw
 krb5Keytab: HDB:ldb:${SAM_LDB}:
@@ -36,8 +32,6 @@ objectClass: top
 objectClass: secret
 objectClass: kerberosSecret
 realm: ${REALM}
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
 servicePrincipalName: DNS/${DNSDOMAIN}
 privateKeytab: ${DNS_KEYTAB}
 secret:: ${DNSPASS_B64}
index 932498a5178ec25978840fe10ce995bf590c9e2f..d9645356e81e0603061ba4d5aa924d3a7c3d5f98 100644 (file)
@@ -201,10 +201,6 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
                "subobj.DOMAIN       = \"%s\";\n"
                "subobj.DEFAULTSITE  = \"%s\";\n"
                "\n"
-               "subobj.DOMAINDN_MOD2 = \",repl_meta_data\";\n"
-               "subobj.CONFIGDN_MOD2 = \",repl_meta_data\";\n"
-               "subobj.SCHEMADN_MOD2 = \",repl_meta_data\";\n"
-               "\n"
                "subobj.KRBTGTPASS   = \"_NOT_USED_\";\n"
                "subobj.MACHINEPASS  = \"%s\";\n"
                "subobj.ADMINPASS    = \"_NOT_USED_\";\n"