Merge branch 'master' of git://git.samba.org/samba

4 files changed, 49 insertions, 35 deletions

diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 5d61c1bd8c..d7df6b979b 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -255,7 +255,10 @@ class Ldb(ldb.Ldb):
         :param ldif: LDIF text.
         """
         for changetype, msg in self.parse_ldif(ldif):
-            self.modify(msg, controls)
+            if (changetype == ldb.CHANGETYPE_ADD):
+                self.add(msg, controls)
+            else:
+                self.modify(msg, controls)
 
     def set_domain_sid(self, sid):
         """Change the domain SID used by this LDB.
diff --git a/source4/scripting/python/samba/ms_schema.py b/source4/scripting/python/samba/ms_schema.py
index a4eed581c6..9f5ebcf8cc 100644
--- a/source4/scripting/python/samba/ms_schema.py
+++ b/source4/scripting/python/samba/ms_schema.py
@@ -229,6 +229,8 @@ def __transform_entry(entry, objectClass):
     entry.insert(1, ["objectClass", ["top", objectClass]])
     entry.insert(2, ["cn", cn])
     entry.insert(2, ["objectGUID", str(uuid.uuid4())])
+    entry.insert(2, ["adminDescription", cn])
+    entry.insert(2, ["adminDisplayName", cn])
     
     for l in entry:
         key = l[0].lower()
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d7d0a790ca..a71b561a86 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -793,9 +793,9 @@ def setup_self_join(samdb, names,
               "DEFAULTSITE": names.sitename,
               "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
               "MACHINEPASS_B64": b64encode(machinepass),
-              "DNSPASS_B64": b64encode(dnspass),
               "REALM": names.realm,
               "DOMAIN": names.domain,
+              "DOMAINSID": str(domainsid),
               "DNSDOMAIN": names.dnsdomain,
               "SAMBA_VERSION_STRING": version,
               "NTDSGUID": ntdsguid_line,
@@ -824,7 +824,8 @@ def setup_self_join(samdb, names,
               "DEFAULTSITE": names.sitename,
               "SERVERDN": names.serverdn,
               "NETBIOSNAME": names.netbiosname,
-              "NTDSGUID": names.ntdsguid
+              "NTDSGUID": names.ntdsguid,
+              "DNSPASS_B64": b64encode(dnspass),
               })
 
 
@@ -892,10 +893,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
         samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality)
 
         samdb.set_domain_sid(str(domainsid))
-        if serverrole == "domain controller":
-            samdb.set_invocation_id(invocationid)
-        # NOTE: the invocationid for standalone and member server
-        # cases is setup in the sambd_dsdb module init function
+        samdb.set_invocation_id(invocationid)
 
         message("Adding DomainDN: %s" % names.domaindn)
 
@@ -945,6 +943,14 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
         setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), 
                        {"SCHEMADN": names.schemadn})
 
+        message("Reopening sam.ldb with new schema");
+        samdb.transaction_commit()
+        samdb = Ldb(session_info=session_info,
+                    credentials=provision_backend.credentials, lp=lp)
+        samdb.connect(path)
+        samdb.transaction_start()
+        samdb.set_invocation_id(invocationid)
+
         message("Setting up sam.ldb configuration data")
         setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
             "CONFIGDN": names.configdn,
@@ -1003,21 +1009,20 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
                 "KRBTGTPASS_B64": b64encode(krbtgtpass),
                 })
 
-            if serverrole == "domain controller":
-                message("Setting up self join")
-                setup_self_join(samdb, names=names, invocationid=invocationid, 
-                                dnspass=dnspass,  
-                                machinepass=machinepass, 
-                                domainsid=domainsid, policyguid=policyguid,
-                                policyguid_dc=policyguid_dc,
-                                setup_path=setup_path,
-                                domainControllerFunctionality=domainControllerFunctionality,
-                                ntdsguid=ntdsguid)
-
-                ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
-                names.ntdsguid = samdb.searchone(basedn=ntds_dn,
-                  attribute="objectGUID", expression="", scope=SCOPE_BASE)
-                assert isinstance(names.ntdsguid, str)
+            message("Setting up self join")
+            setup_self_join(samdb, names=names, invocationid=invocationid,
+                            dnspass=dnspass,
+                            machinepass=machinepass,
+                            domainsid=domainsid, policyguid=policyguid,
+                            policyguid_dc=policyguid_dc,
+                            setup_path=setup_path,
+                            domainControllerFunctionality=domainControllerFunctionality,
+                            ntdsguid=ntdsguid)
+
+            ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+            names.ntdsguid = samdb.searchone(basedn=ntds_dn,
+                                             attribute="objectGUID", expression="", scope=SCOPE_BASE)
+            assert isinstance(names.ntdsguid, str)
 
     except:
         samdb.transaction_cancel()
@@ -1136,7 +1141,7 @@ def provision(setup_dir, message, session_info,
         serverrole = lp.get("server role")
 
     assert serverrole in ("domain controller", "member server", "standalone")
-    if invocationid is None and serverrole == "domain controller":
+    if invocationid is None:
         invocationid = str(uuid.uuid4())
 
     if not os.path.exists(paths.private_dir):
diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py
index 8913e53b00..f702e9829f 100644
--- a/source4/scripting/python/samba/schema.py
+++ b/source4/scripting/python/samba/schema.py
@@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
 import os
 
 def get_schema_descriptor(domain_sid):
-    sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
-           "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
-           "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
-           "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
-           "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
-           "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
-           "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
-           "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \
-           "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
-           "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
+    sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \
+           ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \
+           "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \
+           "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \
+           "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \
+           "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \
+           "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \
+           "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \
+           ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \
+           "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \
+           "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \
+           "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \
+           "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \
+           ";;WD)(AU;CISA;WP;;;WD)"
     sec = security.descriptor.from_sddl(sddl, domain_sid)
     return ndr_pack(sec)
 
@@ -64,8 +68,8 @@ class Schema(object):
 
         self.schemadn = schemadn
         self.ldb = Ldb()
-        self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'),
-                                          setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt'))
+        self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'),
+                                          setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt'))
 
         if files is not None:
             for file in files: