From: Andrew Bartlett Date: Tue, 4 Dec 2007 23:40:48 +0000 (+0100) Subject: r26298: Use metze's schema loading code to pre-initialise the schema into the X-Git-Tag: samba-4.0.0alpha6~801^3~1128 X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=f5860b5a853c40c9e48f5bb0a87c086d268c53bd;p=samba.git r26298: Use metze's schema loading code to pre-initialise the schema into the samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1) --- diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index b3ed41a752c..939de4b048f 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -1136,6 +1136,43 @@ failed: return NULL; } +bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in) +{ + TALLOC_CTX *tmp_ctx; + struct dom_sid *dom_sid_new; + struct dom_sid *dom_sid_old; + + /* see if we have a cached copy */ + dom_sid_old = talloc_get_type(ldb_get_opaque(ldb, + "cache.domain_sid"), struct dom_sid); + + tmp_ctx = talloc_new(ldb); + if (tmp_ctx == NULL) { + goto failed; + } + + dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in); + if (!dom_sid_new) { + goto failed; + } + + /* cache the domain_sid in the ldb */ + if (ldb_set_opaque(ldb, "cache.domain_sid", dom_sid_new) != LDB_SUCCESS) { + goto failed; + } + + talloc_steal(ldb, dom_sid_new); + talloc_free(tmp_ctx); + talloc_free(dom_sid_old); + + return true; + +failed: + DEBUG(1,("Failed to set our own cached domain SID in the ldb!\n")); + talloc_free(tmp_ctx); + return false; +} + /* Obtain the short name of the flexible single master operator * (FSMO), such as the PDC Emulator */ const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg, diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d51f9e218d8..d7f9fdde3dd 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -985,6 +985,7 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA const char * const attrs[] = { "dnsDomain", "objectGUID", NULL }; void *sam_ctx; struct ldb_message **res; + struct ldb_dn *domain_dn; int ret; ZERO_STRUCT(r->out); @@ -994,9 +995,13 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA return WERR_DS_SERVICE_UNAVAILABLE; } - ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, - "(&(objectClass=domainDNS)(dnsDomain=%s))", - r->in.domain_name); + domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx, + r->in.domain_name); + if (domain_dn == NULL) { + return WERR_DS_SERVICE_UNAVAILABLE; + } + + ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs); if (ret != 1) { return WERR_NO_SUCH_DOMAIN; } diff --git a/source4/scripting/ejs/smbcalls_ldb.c b/source4/scripting/ejs/smbcalls_ldb.c index b8c35d267ed..7599cbf4433 100644 --- a/source4/scripting/ejs/smbcalls_ldb.c +++ b/source4/scripting/ejs/smbcalls_ldb.c @@ -28,6 +28,7 @@ #include "ldb_wrap.h" #include "dsdb/samdb/samdb.h" #include "librpc/ndr/libndr.h" +#include "libcli/security/security.h" /* get the connected db @@ -598,7 +599,7 @@ static int ejs_ldb_attach_dsdb_schema_from_ldif(MprVarHandle eid, int argc, char } /* - commit a ldb attach a dsdb_schema from ldif files + set a particular invocationId against the running LDB usage: ok = ldb.set_ntds_invocationId("7729aa4b-f990-41ad-b81a-8b6a14090f41"); */ @@ -640,9 +641,9 @@ static int ejs_ldb_set_ntds_invocationId(MprVarHandle eid, int argc, char **argv } /* - commit a ldb attach a dsdb_schema from ldif files + attach a particular ntds objectGUID against the current ldb usage: - ok = ldb.get_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41"); + ok = ldb.set_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41"); */ static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv) { @@ -681,6 +682,48 @@ static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv) return 0; } +/* + attach a particular domain SID against the current ldb + usage: + ok = ldb.set_domain_sid("S-S-1-5-21-3065342217-3567412576-2214182334"); +*/ +static int ejs_ldb_set_domain_sid(MprVarHandle eid, int argc, char **argv) +{ + struct ldb_context *ldb; + struct dom_sid *dom_sid; + char *dom_sid_str; + bool ok; + + if (argc != 1) { + ejsSetErrorMsg(eid, "ldb.set_domain_sid invalid arguments"); + return -1; + } + + ldb = ejs_get_ldb_context(eid); + if (ldb == NULL) { + return -1; + } + + dom_sid_str = argv[0]; + + dom_sid = dom_sid_parse_talloc(NULL, dom_sid_str); + if (!dom_sid) { + ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to parse domain sid '%s'\n", + dom_sid_str); + return -1; + } + + ok = samdb_set_domain_sid(ldb, dom_sid); + talloc_free(dom_sid); + if (!ok) { + ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to set cached ntds invocationId\n"); + return -1; + } + + mpr_Return(eid, mprCreateBoolVar(ok)); + return 0; +} + /* initialise ldb ejs subsystem */ @@ -708,6 +751,8 @@ static int ejs_ldb_init(MprVarHandle eid, int argc, struct MprVar **argv) ejs_ldb_set_ntds_invocationId); mprSetStringCFunction(ldb, "set_ntds_objectGUID", ejs_ldb_set_ntds_objectGUID); + mprSetStringCFunction(ldb, "set_domain_sid", + ejs_ldb_set_domain_sid); mprSetVar(ldb, "SCOPE_BASE", mprCreateNumberVar(LDB_SCOPE_BASE)); mprSetVar(ldb, "SCOPE_ONE", mprCreateNumberVar(LDB_SCOPE_ONELEVEL)); mprSetVar(ldb, "SCOPE_SUBTREE", mprCreateNumberVar(LDB_SCOPE_SUBTREE)); diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 2dfc941a66e..b42f3b2580e 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -563,6 +563,44 @@ function provision_become_dc(subobj, message, erase, paths, session_info) return true; } +function load_schema(subobj, message, samdb) +{ + var lp = loadparm_init(); + var src = lp.get("setup directory") + "/" + "schema.ldif"; + + if (! sys.stat(src)) { + message("Template file not found: %s\n",src); + assert(0); + } + + var schema_data = sys.file_load(src); + + src = lp.get("setup directory") + "/" + "schema_samba4.ldif"; + + if (! sys.stat(src)) { + message("Template file not found: %s\n",src); + assert(0); + } + + schema_data = schema_data + sys.file_load(src); + + schema_data = substitute_var(schema_data, subobj); + + src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif"; + + if (! sys.stat(src)) { + message("Template file not found: %s\n",src); + assert(0); + } + + var head_data = sys.file_load(src); + head_data = substitute_var(head_data, subobj); + + var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data); + return ok; +} + + /* provision samba4 - caution, this wipes all existing data! */ @@ -648,8 +686,15 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda } samdb.close(); + message("Pre-loading the Samba4 and AD schema\n"); + samdb = open_ldb(info, paths.samdb, false); + samdb.set_domain_sid(subobj.DOMAINSID); + + var load_schema_ok = load_schema(subobj, message, samdb); + assert(load_schema_ok.is_ok); + message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n"); var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true); message("Modifying DomainDN: " + subobj.DOMAINDN + "\n"); @@ -692,16 +737,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda message("Setting up sam.ldb AD schema\n"); setup_add_ldif("schema.ldif", info, samdb, false); - // (hack) Reload, now we have the schema loaded. - var commit_ok = samdb.transaction_commit(); - if (!commit_ok) { - info.message("samdb commit failed: " + samdb.errstring() + "\n"); - assert(commit_ok); - } - samdb.close(); - - samdb = open_ldb(info, paths.samdb, false); - message("Setting up sam.ldb configuration data\n"); setup_add_ldif("provision_configuration.ldif", info, samdb, false); diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 286ecdd49cd..fa990599d9a 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -3,8 +3,6 @@ ############################### dn: ${DOMAINDN} changetype: modify -replace: dnsDomain -dnsDomain: ${DNSDOMAIN} - replace: dc dc: ${RDN_DC} @@ -79,12 +77,6 @@ replace: subRefs subRefs: ${CONFIGDN} subRefs: ${SCHEMADN} - -replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- -replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- replace: gPLink gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2] - diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif index 897499b1630..46ba4e9649a 100644 --- a/source4/setup/provision_configuration_basedn_modify.ldif +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -14,9 +14,3 @@ objectCategory: CN=Configuration,${SCHEMADN} - replace: subRefs subRefs: ${SCHEMADN} -- -replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- -replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index a222a654f72..92c5cf1ace4 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -9,15 +9,6 @@ instanceType: 13 replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - -replace: objectCategory -objectCategory: CN=DMD,${SCHEMADN} -- -replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- -replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- replace: fSMORoleOwner fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 8c6959dbaa3..06230e8d005 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -61,4 +61,9 @@ systemFlags: 33554432 dMDLocation: ${SCHEMADN} invocationId: ${INVOCATIONID} msDS-Behavior-Version: 2 - +msDS-hasMasterNCs: ${CONFIGDN} +msDS-hasMasterNCs: ${SCHEMADN} +msDS-hasMasterNCs: ${DOMAINDN} +hasMasterNCs: ${CONFIGDN} +hasMasterNCs: ${SCHEMADN} +hasMasterNCs: ${DOMAINDN} diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 29672617583..a9f79f1635d 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -96,18 +96,21 @@ attributeID: 1.3.6.1.4.1.7165.4.1.5 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: cn=dnsDomain,${SCHEMADN} -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: dnsDomain -isSingleValued: FALSE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 -adminDisplayName: DNS-Domain -attributeID: 1.3.6.1.4.1.7165.4.1.6 -attributeSyntax: 2.5.5.4 -oMSyntax: 20 +# +# Not used anymore +# +#dn: cn=dnsDomain,${SCHEMADN} +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: dnsDomain +#isSingleValued: FALSE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 +#adminDisplayName: DNS-Domain +#attributeID: 1.3.6.1.4.1.7165.4.1.6 +#attributeSyntax: 2.5.5.4 +#oMSyntax: 20 dn: cn=privilege,${SCHEMADN} objectClass: top