summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-07-13 08:01:36 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:01:05 -0500
commit10f6e1657303dabcf7dbbaed8547f0cb6e845a5d (patch)
tree71e7780b02d67cf16a11f1ac33a497a7ef35ba7a
parent5c98bbe2f0a3ee60f5e9bdeb0588eebc7acc8ba2 (diff)
downloadsamba-10f6e1657303dabcf7dbbaed8547f0cb6e845a5d.tar.gz
samba-10f6e1657303dabcf7dbbaed8547f0cb6e845a5d.tar.bz2
samba-10f6e1657303dabcf7dbbaed8547f0cb6e845a5d.zip
r23859: Work to have Group Policy work 'out of the box' in Samba4.
This involves creating the SYSVOL and NETLOGON shares at provision time, and creating the right subdirectories. This also changes the behaviour of lp.get("foo") in ejs - we now return undefined, rather than syntax error, if the parameter doesn't exist (perhaps because the share isn't defined). Andrew Bartlett (This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
-rw-r--r--source4/scripting/ejs/smbcalls_config.c41
-rw-r--r--source4/scripting/libjs/provision.js26
-rwxr-xr-xsource4/setup/provision3
-rw-r--r--source4/setup/provision.ldif28
-rw-r--r--source4/setup/provision.smb.conf6
-rw-r--r--source4/setup/provision_group_policy.ldif28
6 files changed, 94 insertions, 38 deletions
diff --git a/source4/scripting/ejs/smbcalls_config.c b/source4/scripting/ejs/smbcalls_config.c
index 64310c08fd..6f15ee5a4a 100644
--- a/source4/scripting/ejs/smbcalls_config.c
+++ b/source4/scripting/ejs/smbcalls_config.c
@@ -89,7 +89,8 @@ static int ejs_lpGet(MprVarHandle eid, int argc, char **argv)
/* its a share parameter */
int snum = lp_servicenumber(argv[0]);
if (snum == -1) {
- return -1;
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
}
if (strchr(argv[1], ':')) {
/* its a parametric option on a share */
@@ -98,16 +99,23 @@ static int ejs_lpGet(MprVarHandle eid, int argc, char **argv)
strcspn(argv[1], ":"));
const char *option = strchr(argv[1], ':') + 1;
const char *value;
- if (type == NULL || option == NULL) return -1;
+ if (type == NULL || option == NULL) {
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
+ }
value = lp_get_parametric(snum, type, option);
- if (value == NULL) return -1;
+ if (value == NULL) {
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
+ }
mpr_ReturnString(eid, value);
return 0;
}
parm = lp_parm_struct(argv[1]);
if (parm == NULL || parm->class == P_GLOBAL) {
- return -1;
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
}
parm_ptr = lp_parm_ptr(snum, parm);
} else if (strchr(argv[0], ':')) {
@@ -116,20 +124,30 @@ static int ejs_lpGet(MprVarHandle eid, int argc, char **argv)
argv[0], strcspn(argv[0], ":"));
const char *option = strchr(argv[0], ':') + 1;
const char *value;
- if (type == NULL || option == NULL) return -1;
+ if (type == NULL || option == NULL) {
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
+ }
value = lp_get_parametric(-1, type, option);
- if (value == NULL) return -1;
+ if (value == NULL) {
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
+ }
mpr_ReturnString(eid, value);
return 0;
} else {
/* its a global parameter */
parm = lp_parm_struct(argv[0]);
- if (parm == NULL) return -1;
+ if (parm == NULL) {
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
+ }
parm_ptr = lp_parm_ptr(-1, parm);
}
if (parm == NULL || parm_ptr == NULL) {
- return -1;
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
}
/* construct and return the right type of ejs object */
@@ -142,6 +160,7 @@ static int ejs_lpGet(MprVarHandle eid, int argc, char **argv)
mpr_Return(eid, mprCreateBoolVar(*(BOOL *)parm_ptr));
break;
case P_INTEGER:
+ case P_OCTAL:
case P_BYTES:
mpr_Return(eid, mprCreateIntegerVar(*(int *)parm_ptr));
break;
@@ -152,12 +171,14 @@ static int ejs_lpGet(MprVarHandle eid, int argc, char **argv)
return 0;
}
}
- return -1;
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
case P_LIST:
mpr_Return(eid, mprList(parm->label, *(const char ***)parm_ptr));
break;
case P_SEP:
- return -1;
+ mpr_Return(eid, mprCreateUndefinedVar());
+ return 0;
}
return 0;
}
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index deaa97114a..c417d7b64b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -389,6 +389,19 @@ function provision_default_paths(subobj)
paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
+
+ paths.netlogon = lp.get("netlogon", "path");
+
+ if (paths.netlogon == undefined) {
+ paths.netlogon = lp.get("lock dir") + "/netlogon";
+ }
+
+ paths.sysvol = lp.get("sysvol", "path");
+
+ if (paths.sysvol == undefined) {
+ paths.sysvol = lp.get("lock dir") + "/sysvol";
+ }
+
return paths;
}
@@ -466,6 +479,9 @@ function provision_fix_subobj(subobj, paths)
subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
+ subobj.NETLOGONPATH = paths.netlogon;
+ subobj.SYSVOLPATH = paths.sysvol;
+
return true;
}
@@ -703,6 +719,16 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
if (lp.get("server role") == "domain controller") {
message("Setting up self join\n");
setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+ setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
+
+ sys.mkdir(paths.sysvol, 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN, 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/Machine", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755);
+
+ sys.mkdir(paths.netlogon, 0755);
}
if (setup_name_mappings(info, samdb) == false) {
diff --git a/source4/setup/provision b/source4/setup/provision
index 175ed8f161..ddb424477b 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -14,7 +14,9 @@ options = GetOptions(ARGV,
'realm=s',
'domain=s',
'domain-guid=s',
+ 'domain-guid=s',
'domain-sid=s',
+ 'policy-guid=s',
'host-name=s',
'host-ip=s',
'host-guid=s',
@@ -69,6 +71,7 @@ provision [options]
--host-name HOSTNAME set hostname
--host-ip IPADDRESS set ipaddress
--host-guid GUID set hostguid (otherwise random)
+ --policy-guid GUID set group policy guid (otherwise random)
--invocationid GUID set invocationid (otherwise random)
--adminpass PASSWORD choose admin password (otherwise random)
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index e44a4642b2..d531f831d6 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -99,31 +99,3 @@ dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
-dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-objectClass: groupPolicyContainer
-displayName: Default Domain Policy
-objectCategory: CN=Group-Policy-Container,${SCHEMADN}
-gPCFunctionalityVersion: 2
-gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 1
-flags: 0
-gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
- 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
- FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2
- 488-11D1-A28C-00C04FB94F17}]
-gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
- 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
- 11D1-A7CC-0000F87571E3}]
-nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
-
-dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-objectCategory: CN=Container,${SCHEMADN}
-
-dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-objectCategory: CN=Container,${SCHEMADN}
diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf
index 9d922c49c9..fe08d7e3be 100644
--- a/source4/setup/provision.smb.conf
+++ b/source4/setup/provision.smb.conf
@@ -4,4 +4,10 @@
realm = ${REALM}
server role = domain controller
+[netlogon]
+ path = ${NETLOGONPATH}
+ read only = no
+[sysvol]
+ path = ${SYSVOLPATH}
+ read only = no
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
new file mode 100644
index 0000000000..b5a2ef17e2
--- /dev/null
+++ b/source4/setup/provision_group_policy.ldif
@@ -0,0 +1,28 @@
+dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: groupPolicyContainer
+displayName: Default Domain Policy
+objectCategory: CN=Group-Policy-Container,${SCHEMADN}
+gPCFunctionalityVersion: 2
+gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
+versionNumber: 1
+flags: 0
+gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
+ 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
+ FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2
+ 488-11D1-A28C-00C04FB94F17}]
+gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
+ 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
+ 11D1-A7CC-0000F87571E3}]
+nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+
+dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectCategory: CN=Container,${SCHEMADN}
+
+dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectCategory: CN=Container,${SCHEMADN}