diff options
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 3 | ||||
| -rw-r--r-- | source4/dsdb/schema/schema_init.c | 19 | ||||
| -rw-r--r-- | source4/samba4-knownfail | 1 | ||||
| -rw-r--r-- | source4/scripting/python/samba/provision.py | 214 | ||||
| -rwxr-xr-x | source4/setup/provision | 26 | ||||
| -rw-r--r-- | source4/setup/provision.smb.conf.dc | 2 | ||||
| -rw-r--r-- | source4/setup/provision.smb.conf.member | 2 | ||||
| -rw-r--r-- | source4/setup/provision.smb.conf.standalone | 2 | ||||
| -rw-r--r-- | source4/torture/libnet/libnet_BecomeDC.c | 113 | ||||
| -rw-r--r-- | source4/torture/local/torture.c | 12 | ||||
| -rw-r--r-- | source4/torture/util.h | 10 | ||||
| -rw-r--r-- | source4/torture/util_provision.c | 305 |
12 files changed, 275 insertions, 434 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 729fd15202..8ceeba9804 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -30,6 +30,7 @@ #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "lib/util/dlinklist.h" +#include "param/param.h" static int schema_fsmo_init(struct ldb_module *module) { @@ -78,7 +79,7 @@ static int schema_fsmo_init(struct ldb_module *module) } module->private_data = schema_fsmo; - schema = talloc_zero(mem_ctx, struct dsdb_schema); + schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm"))); if (!schema) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 30d0adeda7..c046cb597f 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -29,6 +29,18 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "param/param.h" +struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience) +{ + struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema); + if (!schema) { + return NULL; + } + + schema->iconv_convenience = iconv_convenience; + return schema; +} + + WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr) { uint32_t i,j; @@ -1150,12 +1162,7 @@ WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf goto nomem; } - schema = talloc_zero(mem_ctx, struct dsdb_schema); - if (!schema) { - goto nomem; - } - - schema->iconv_convenience = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")); + schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm"))); /* * load the prefixMap attribute from pf diff --git a/source4/samba4-knownfail b/source4/samba4-knownfail index 66565ca6fc..496af316ec 100644 --- a/source4/samba4-knownfail +++ b/source4/samba4-knownfail @@ -33,4 +33,3 @@ rpc.netlogon.*.GetTrustPasswords base.charset.*.Testing partial surrogate .*net.api.delshare.* # DelShare isn't implemented yet rap.*netservergetinfo -local.torture.provision diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index ea2feb981b..ab8c51595f 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -32,6 +32,7 @@ from socket import gethostname, gethostbyname import param import registry import samba +from auth import system_session from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted from samba.samdb import SamDB import security @@ -65,6 +66,7 @@ class ProvisionPaths: self.dns_keytab = None self.dns = None self.winsdb = None + self.private_dir = None def check_install(lp, session_info, credentials): @@ -197,20 +199,20 @@ def provision_paths_from_lp(lp, dnsdomain): :param dnsdomain: DNS Domain name """ paths = ProvisionPaths() - private_dir = lp.get("private dir") + paths.private_dir = lp.get("private dir") paths.keytab = "secrets.keytab" paths.dns_keytab = "dns.keytab" - paths.shareconf = os.path.join(private_dir, "share.ldb") - paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb") - paths.idmapdb = os.path.join(private_dir, lp.get("idmap database") or "idmap.ldb") - paths.secrets = os.path.join(private_dir, lp.get("secrets database") or "secrets.ldb") - paths.templates = os.path.join(private_dir, "templates.ldb") - paths.dns = os.path.join(private_dir, dnsdomain + ".zone") - paths.winsdb = os.path.join(private_dir, "wins.ldb") - paths.s4_ldapi_path = os.path.join(private_dir, "ldapi") - paths.smbconf = os.path.join(private_dir, "smb.conf") - paths.phpldapadminconfig = os.path.join(private_dir, + paths.shareconf = os.path.join(paths.private_dir, "share.ldb") + paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb") + paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb") + paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb") + paths.templates = os.path.join(paths.private_dir, "templates.ldb") + paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone") + paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") + paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") + paths.smbconf = os.path.join(paths.private_dir, "smb.conf") + paths.phpldapadminconfig = os.path.join(paths.private_dir, "phpldapadmin-config.php") paths.hklm = "hklm.ldb" paths.hkcr = "hkcr.ldb" @@ -588,7 +590,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, samdb = SamDB(path, session_info=session_info, credentials=credentials, lp=lp) samdb.set_domain_sid(domainsid) - if lp.get("server role") == "domain controller": + if serverrole == "domain controller": samdb.set_invocation_id(invocationid) load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename) @@ -699,7 +701,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "KRBTGTPASS_B64": b64encode(krbtgtpass), }) - if lp.get("server role") == "domain controller": + if serverrole == "domain controller": message("Setting up self join") setup_self_join(samdb, configdn=configdn, schemadn=schemadn, domaindn=domaindn, invocationid=invocationid, @@ -725,13 +727,14 @@ FILL_FULL = "FULL" FILL_NT4SYNC = "NT4SYNC" FILL_DRS = "DRS" -def provision(lp, setup_dir, message, paths, session_info, - credentials, samdb_fill=FILL_FULL, realm=None, rootdn=None, +def provision(setup_dir, message, session_info, + credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, + rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, hostip=None, domainsid=None, hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, - wheel=None, backup=None, aci=None, serverrole=None, + wheel=None, backup=None, aci=None, serverrole=None, ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE): """Provision samba4 @@ -768,6 +771,65 @@ def provision(lp, setup_dir, message, paths, session_info, backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0] if aci is None: aci = "# no aci for local ldb" + if hostname is None: + hostname = gethostname().split(".")[0].lower() + + if hostip is None: + hostip = gethostbyname(hostname) + + netbiosname = hostname.upper() + if not valid_netbios_name(netbiosname): + raise InvalidNetbiosName(netbiosname) + + if targetdir is not None: + if not os.path.exists(targetdir): + os.mkdir(targetdir) + if not os.path.exists(os.path.join(targetdir, "etc")): + os.mkdir(os.path.join(targetdir, "etc")) + + if smbconf is None: + smbconf = os.path.join(targetdir, os.path.join("etc", "smb.conf")) + + # only install a new smb.conf if there isn't one there already + if not os.path.exists(smbconf): + message("Setting up smb.conf") + assert serverrole is not None + if serverrole == "domain controller": + smbconfsuffix = "dc" + elif serverrole == "member server": + smbconfsuffix = "member" + + assert domain is not None + assert realm is not None + + default_lp = param.LoadParm() + #Load non-existant file + default_lp.load(smbconf) + + if targetdir is not None: + privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private")) + lockdir_line = "lock dir = " + os.path.abspath(targetdir) + + default_lp.set("lock dir", os.path.abspath(targetdir)) + + sysvol = os.path.join(default_lp.get("lock dir"), "sysvol") + netlogon = os.path.join(os.path.join(sysvol, "scripts")) + + setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), + smbconf, { + "HOSTNAME": hostname, + "DOMAIN_CONF": domain, + "REALM_CONF": realm, + "SERVERROLE": serverrole, + "NETLOGONPATH": netlogon, + "SYSVOLPATH": sysvol, + "PRIVATEDIR_LINE": privatedir_line, + "LOCKDIR_LINE": lockdir_line + }) + + lp = param.LoadParm() + lp.load(smbconf) + if serverrole is None: serverrole = lp.get("server role") assert serverrole in ("domain controller", "member server") @@ -777,32 +839,26 @@ def provision(lp, setup_dir, message, paths, session_info, if realm is None: realm = lp.get("realm") - if lp.get("realm").upper() != realm.upper(): - raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" % - (lp.get("realm"), realm)) - - ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") - - if ldap_backend == "ldapi": - # provision-backend will set this path suggested slapd command line / fedorads.inf - ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="") - assert realm is not None realm = realm.upper() - if hostname is None: - hostname = gethostname().split(".")[0].lower() + dnsdomain = realm.lower() - if hostip is None: - hostip = gethostbyname(hostname) + paths = provision_paths_from_lp(lp, dnsdomain) - netbiosname = hostname.upper() - if not valid_netbios_name(netbiosname): - raise InvalidNetbiosName(netbiosname) + if targetdir is not None: + if not os.path.exists(paths.private_dir): + os.mkdir(paths.private_dir) + + ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") + + if ldap_backend == "ldapi": + # provision-backend will set this path suggested slapd command line / fedorads.inf + ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") - dnsdomain = realm.lower() if serverrole == "domain controller": - domaindn = "DC=" + dnsdomain.replace(".", ",DC=") + if domaindn is None: + domaindn = "DC=" + dnsdomain.replace(".", ",DC=") if domain is None: domain = lp.get("workgroup") @@ -815,38 +871,25 @@ def provision(lp, setup_dir, message, paths, session_info, if not valid_netbios_name(domain): raise InvalidNetbiosName(domain) else: - domaindn = "CN=" + netbiosname + if domaindn is None: + domaindn = "CN=" + netbiosname domain = netbiosname if rootdn is None: rootdn = domaindn - configdn = "CN=Configuration," + rootdn - schemadn = "CN=Schema," + configdn + if configdn is None: + configdn = "CN=Configuration," + rootdn + if schemadn is None: + schemadn = "CN=Schema," + configdn message("set DOMAIN SID: %s" % str(domainsid)) message("Provisioning for %s in realm %s" % (domain, realm)) message("Using administrator password: %s" % adminpass) - assert paths.smbconf is not None - - # only install a new smb.conf if there isn't one there already - if not os.path.exists(paths.smbconf): - message("Setting up smb.conf") - if serverrole == "domain controller": - smbconfsuffix = "dc" - elif serverrole == "member server": - smbconfsuffix = "member" - setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), - paths.smbconf, { - "HOSTNAME": hostname, - "DOMAIN_CONF": domain, - "REALM_CONF": realm, - "SERVERROLE": serverrole, - "NETLOGONPATH": paths.netlogon, - "SYSVOLPATH": paths.sysvol, - }) - lp.load(paths.smbconf) + if lp.get("realm").upper() != realm.upper(): + raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" % + (lp.get("realm"), realm)) # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): @@ -911,32 +954,52 @@ def provision(lp, setup_dir, message, paths, session_info, message("Setting up sam.ldb rootDSE marking as synchronized") setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif")) + # Only make a zone file on the first DC, it should be replicated with DNS replication + if serverrole == "domain controller": + samdb = SamDB(paths.samdb, session_info=session_info, + credentials=credentials, lp=lp) + + domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID") + assert isinstance(domainguid, str) + hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID", + expression="(&(objectClass=computer)(cn=%s))" % hostname, + scope=SCOPE_SUBTREE) + assert isinstance(hostguid, str) + + message("Setting up DNS zone: %s" % dnsdomain) + create_zone_file(paths.dns, setup_path, samdb, + hostname=hostname, hostip=hostip, dnsdomain=dnsdomain, + domaindn=domaindn, dnspass=dnspass, realm=realm, + domainguid=domainguid, hostguid=hostguid) + message("Please install the zone located in %s into your DNS server" % paths.dns) + message("Setting up phpLDAPadmin configuration") create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig) - if lp.get("server role") == "domain controller": - samdb = SamDB(paths.samdb, session_info=session_info, - credentials=credentials, lp=lp) - - domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID") - assert isinstance(domainguid, str) - hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID", - expression="(&(objectClass=computer)(cn=%s))" % hostname, - scope=SCOPE_SUBTREE) - assert isinstance(hostguid, str) - - message("Setting up DNS zone: %s" % dnsdomain) - create_zone_file(paths.dns, setup_path, samdb, - hostname=hostname, hostip=hostip, dnsdomain=dnsdomain, - domaindn=domaindn, dnspass=dnspass, realm=realm, - domainguid=domainguid, hostguid=hostguid) - message("Please install the zone located in %s into your DNS server" % paths.dns) - return domaindn +def provision_become_dc(setup_dir=None, + smbconf=None, targetdir=None, realm=None, + rootdn=None, domaindn=None, schemadn=None, configdn=None, + domain=None, hostname=None, domainsid=None, + hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, + policyguid=None, invocationid=None, machinepass=None, + dnspass=None, root=None, nobody=None, nogroup=None, users=None, + wheel=None, backup=None, aci=None, serverrole=None, + ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE): + + def message(text): + """print a message if quiet is not set.""" + print text + + provision(setup_dir, message, system_session(), None, + smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm, + rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, + domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename); + def create_phpldapadmin_config(path, setup_path, ldapi_uri): """Create a PHP LDAP admin configuration file. @@ -978,7 +1041,6 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, "HOSTGUID": hostguid, }) - def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): """Load schema for the SamDB. diff --git a/source4/setup/provision b/source4/setup/provision index 033d2491f2..606443a6ed 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -30,9 +30,7 @@ import samba from auth import system_session import samba.getopt as options -import param from samba.provision import (provision, - provision_paths_from_lp, FILL_FULL, FILL_NT4SYNC, FILL_DRS) @@ -113,27 +111,13 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf -private_dir = None -lp = sambaopts.get_loadparm() -if opts.targetdir is not None: - if not os.path.exists(opts.targetdir): - os.mkdir(opts.targetdir) - private_dir = os.path.join(opts.targetdir, "private") - if not os.path.exists(private_dir): - os.mkdir(private_dir) - lp.set("private dir", os.path.abspath(private_dir)) - lp.set("lock dir", os.path.abspath(opts.targetdir)) -lp.set("realm", opts.realm) -lp.set("workgroup", opts.domain) -lp.set("server role", opts.server_role or "domain controller") + +if sambaopts.get_loadparm_path() is not None: + smbconf = sambaopts.get_loadparm_path() if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_paths_from_lp(lp, opts.realm.lower()) -if sambaopts.get_loadparm_path() is not None: - paths.smbconf = sambaopts.get_loadparm_path() - creds = credopts.get_credentials() setup_dir = opts.setupdir @@ -146,8 +130,8 @@ if opts.blank: elif opts.partitions_only: samdb_fill = FILL_DRS -provision(lp, setup_dir, message, paths, - system_session(), creds, +provision(setup_dir, message, + system_session(), creds, smbconf=smbconf, samdb_fill=samdb_fill, realm=opts.realm, domainguid=opts.domain_guid, domainsid=opts.domain_sid, policyguid=opts.policy_guid, hostname=opts.host_name, diff --git a/source4/setup/provision.smb.conf.dc b/source4/setup/provision.smb.conf.dc index 5b8e141cbf..e77e699028 100644 --- a/source4/setup/provision.smb.conf.dc +++ b/source4/setup/provision.smb.conf.dc @@ -3,6 +3,8 @@ workgroup = ${DOMAIN_CONF} realm = ${REALM_CONF} server role = ${SERVERROLE} + ${PRIVATEDIR_LINE} + ${LOCKDIR_LINE} [netlogon] path = ${NETLOGONPATH} diff --git a/source4/setup/provision.smb.conf.member b/source4/setup/provision.smb.conf.member index bc37d4f3d3..1d9191d8c2 100644 --- a/source4/setup/provision.smb.conf.member +++ b/source4/setup/provision.smb.conf.member @@ -3,3 +3,5 @@ workgroup = ${DOMAIN_CONF} realm = ${REALM_CONF} server role = ${SERVERROLE} + ${PRIVATEDIR_LINE} + ${LOCKDIR_LINE} diff --git a/source4/setup/provision.smb.conf.standalone b/source4/setup/provision.smb.conf.standalone index bc37d4f3d3..1d9191d8c2 100644 --- a/source4/setup/provision.smb.conf.standalone +++ b/source4/setup/provision.smb.conf.standalone @@ -3,3 +3,5 @@ workgroup = ${DOMAIN_CONF} realm = ${REALM_CONF} server role = ${SERVERROLE} + ${PRIVATEDIR_LINE} + ${LOCKDIR_LINE} diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c index 9566f5ee29..6e882d5626 100644 --- a/source4/torture/libnet/libnet_BecomeDC.c +++ b/source4/torture/libnet/libnet_BecomeDC.c @@ -56,16 +56,9 @@ struct test_become_dc_state { struct drsuapi_DsReplicaObjectListItemEx *last_object; } schema_part; - struct { - const char *samdb_ldb; - const char *domaindn_ldb; - const char *configdn_ldb; - const char *schemadn_ldb; - const char *secrets_ldb; - const char *templates_ldb; - const char *secrets_keytab; - const char *dns_keytab; - } path; + const char *targetdir; + + struct loadparm_context *lp_ctx; }; static NTSTATUS test_become_dc_prepare_db(void *private_data, @@ -73,6 +66,14 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data, { struct test_become_dc_state *s = talloc_get_type(private_data, struct test_become_dc_state); struct provision_settings settings; + NTSTATUS status; + bool ok; + struct loadparm_context *lp_ctx = loadparm_init(s); + char *smbconf; + + if (!lp_ctx) { + return NT_STATUS_NO_MEMORY; + } settings.dns_name = p->dest_dsa->dns_name; settings.site_name = p->dest_dsa->site_name; @@ -80,21 +81,46 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data, settings.domain_dn_str = p->domain->dn_str; settings.config_dn_str = p->forest->config_dn_str; settings.schema_dn_str = p->forest->schema_dn_str; - settings.invocation_id = &p->dest_dsa->invocation_id; settings.netbios_name = p->dest_dsa->netbios_name; settings.realm = torture_join_dom_dns_name(s->tj); settings.domain = torture_join_dom_netbios_name(s->tj); - settings.ntds_guid = &p->dest_dsa->ntds_guid; - settings.ntds_dn_str = p->dest_dsa->ntds_dn_str; settings.machine_password = cli_credentials_get_password(s->machine_account); - settings.samdb_ldb = s->path.samdb_ldb; - settings.secrets_ldb = s->path.secrets_ldb; - settings.secrets_keytab = s->path.secrets_keytab; - settings.schemadn_ldb = s->path.schemadn_ldb; - settings.configdn_ldb = s->path.configdn_ldb; - settings.domaindn_ldb = s->path.domaindn_ldb; - - return provision_bare(s, s->tctx->lp_ctx, &settings); + settings.targetdir = s->targetdir; + + status = provision_bare(s, s->lp_ctx, &settings); + + smbconf = talloc_asprintf(lp_ctx, "%s/%s", s->targetdir, "/etc/smb.conf"); + + ok = lp_load(lp_ctx, smbconf); + if (!ok) { + DEBUG(0,("Failed load freshly generated smb.conf '%s'\n", smbconf)); + return NT_STATUS_INVALID_PARAMETER; + } + + s->ldb = ldb_wrap_connect(s, lp_ctx, lp_sam_url(lp_ctx), + system_session(s, lp_ctx), + NULL, 0, NULL); + if (!s->ldb) { + DEBUG(0,("Failed to open '%s'\n", lp_sam_url(lp_ctx))); + return NT_STATUS_INTERNAL_DB_ERROR; + } + + ok = samdb_set_ntds_invocation_id(s->ldb, &p->dest_dsa->invocation_id); + if (!ok) { + DEBUG(0,("Failed to set cached ntds invocationId\n")); + return NT_STATUS_FOOBAR; + } + ok = samdb_set_ntds_objectGUID(s->ldb, &p->dest_dsa->ntds_guid); + if (!ok) { + DEBUG(0,("Failed to set cached ntds objectGUID\n")); + return NT_STATUS_FOOBAR; + } + + s->lp_ctx = lp_ctx; + + return NT_STATUS_OK; + + } static NTSTATUS test_become_dc_check_options(void *private_data, @@ -140,6 +166,7 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s, struct ldb_val prefixMap_val; struct ldb_message_element *prefixMap_el; struct ldb_val schemaInfo_val; + char *sam_ldb_path; uint32_t i; int ret; bool ok; @@ -325,13 +352,14 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s, talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */ s->schema = NULL; - DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", s->path.samdb_ldb)); - s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, s->path.samdb_ldb, + sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb"); + DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", sam_ldb_path)); + s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, sam_ldb_path, system_session(s, s->tctx->lp_ctx), NULL, 0, NULL); if (!s->ldb) { DEBUG(0,("Failed to open '%s'\n", - s->path.samdb_ldb)); + sam_ldb_path)); return NT_STATUS_INTERNAL_DB_ERROR; } @@ -392,7 +420,8 @@ static NTSTATUS test_become_dc_schema_chunk(void *private_data, } if (!s->schema) { - s->self_made_schema = talloc_zero(s, struct dsdb_schema); + s->self_made_schema = dsdb_new_schema(s, lp_iconv_convenience(s->lp_ctx)); + NT_STATUS_HAVE_NO_MEMORY(s->self_made_schema); status = dsdb_load_oid_mappings_drsuapi(s->self_made_schema, mapping_ctr); @@ -564,33 +593,24 @@ bool torture_net_become_dc(struct torture_context *torture) struct ldb_message *msg; int ldb_ret; uint32_t i; + char *sam_ldb_path; + + char *location = NULL; + torture_assert_ntstatus_ok(torture, torture_temp_dir(torture, "libnet_BecomeDC", &location), + "torture_temp_dir should return NT_STATUS_OK" ); s = talloc_zero(torture, struct test_become_dc_state); if (!s) return false; s->tctx = torture; + s->lp_ctx = torture->lp_ctx; s->netbios_name = lp_parm_string(torture->lp_ctx, NULL, "become dc", "smbtorture dc"); if (!s->netbios_name || !s->netbios_name[0]) { s->netbios_name = "smbtorturedc"; } - s->path.samdb_ldb = talloc_asprintf(s, "%s_samdb.ldb", s->netbios_name); - if (!s->path.samdb_ldb) return false; - s->path.domaindn_ldb = talloc_asprintf(s, "%s_domain.ldb", s->netbios_name); - if (!s->path.domaindn_ldb) return false; - s->path.configdn_ldb = talloc_asprintf(s, "%s_config.ldb", s->netbios_name); - if (!s->path.configdn_ldb) return false; - s->path.schemadn_ldb = talloc_asprintf(s, "%s_schema.ldb", s->netbios_name); - if (!s->path.schemadn_ldb) return false; - s->path.secrets_ldb = talloc_asprintf(s, "%s_secrets.ldb", s->netbios_name); - if (!s->path.secrets_ldb) return false; - s->path.templates_ldb = talloc_asprintf(s, "%s_templates.ldb", s->netbios_name); - if (!s->path.templates_ldb) return false; - s->path.secrets_keytab = talloc_asprintf(s, "%s_secrets.keytab", s->netbios_name); - if (!s->path.secrets_keytab) return false; - s->path.dns_keytab = talloc_asprintf(s, "%s_dns.keytab", s->netbios_name); - if (!s->path.dns_keytab) return false; + s->targetdir = location; /* Join domain as a member server. */ s->tj = torture_join_domain(torture, s->netbios_name, @@ -664,13 +684,14 @@ bool torture_net_become_dc(struct torture_context *torture) talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */ s->schema = NULL; - DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", s->path.samdb_ldb)); - s->ldb = ldb_wrap_connect(s, torture->lp_ctx, s->path.samdb_ldb, - system_session(s, torture->lp_ctx), + sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb"); + DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", sam_ldb_path)); + s->ldb = ldb_wrap_connect(s, s->lp_ctx, sam_ldb_path, + system_session(s, s->lp_ctx), NULL, 0, NULL); if (!s->ldb) { DEBUG(0,("Failed to open '%s'\n", - s->path.samdb_ldb)); + sam_ldb_path)); ret = false; goto cleanup; } @@ -682,7 +703,7 @@ bool torture_net_become_dc(struct torture_context *torture) goto cleanup; } - if (lp_parm_bool(torture->lp_ctx, NULL, "become dc", "do not unjoin", false)) { + if (lp_parm_bool(s->lp_ctx, NULL, "become dc", "do not unjoin", false)) { talloc_free(s); return ret; } diff --git a/source4/torture/local/torture.c b/source4/torture/local/torture.c index 3273015347..bb6e21ed4f 100644 --- a/source4/torture/local/torture.c +++ b/source4/torture/local/torture.c @@ -43,6 +43,9 @@ static bool test_provision(struct torture_context *tctx) { NTSTATUS status; struct provision_settings settings; + char *location = NULL; + torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &location), + "torture_temp_dir should return NT_STATUS_OK" ); settings.dns_name = "example.com"; settings.site_name = "SOME-SITE-NAME"; @@ -57,14 +60,7 @@ static bool test_provision(struct torture_context *tctx) settings.ntds_guid = NULL; settings.ntds_dn_str = NULL; settings.machine_password = "geheim"; - settings.samdb_ldb = NULL; - settings.secrets_ldb = NULL; - settings.secrets_keytab = NULL; - settings.schemadn_ldb = NULL; - settings.configdn_ldb = NULL; - settings.domaindn_ldb = NULL; - settings.templates_ldb = NULL; - settings.dns_keytab = NULL; + settings.targetdir = location; status = provision_bare(tctx, tctx->lp_ctx, &settings); diff --git a/source4/torture/util.h b/source4/torture/util.h index c5219a5aaa..477a828120 100644 --- a/source4/torture/util.h +++ b/source4/torture/util.h @@ -29,19 +29,13 @@ struct provision_settings { const char *schema_dn_str; const struct GUID *invocation_id; const char *netbios_name; + const char *host_ip; const char *realm; const char *domain; const struct GUID *ntds_guid; const char *ntds_dn_str; const char *machine_password; - const char *samdb_ldb; - const char *secrets_ldb; - const char *secrets_keytab; - const char *schemadn_ldb; - const char *configdn_ldb; - const char *domaindn_ldb; - const char *templates_ldb; - const char *dns_keytab; + const char *targetdir; }; NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, diff --git a/source4/torture/util_provision.c b/source4/torture/util_provision.c index 2a1e9256f5..d7c8f479e6 100644 --- a/source4/torture/util_provision.c +++ b/source4/torture/util_provision.c @@ -18,206 +18,22 @@ */ #include "includes.h" -#include "dsdb/samdb/samdb.h" -#include "lib/appweb/ejs/ejs.h" -#include "lib/appweb/ejs/ejsInternal.h" -#include "scripting/ejs/smbcalls.h" #include "auth/auth.h" #include "lib/ldb_wrap.h" #include "torture/util.h" -static EjsId eid; -static int ejs_error; - -static void test_ejs_exception(const char *reason) -{ - Ejs *ep = ejsPtr(eid); - ejsSetErrorMsg(eid, "%s", reason); - fprintf(stderr, "%s", ep->error); - ejs_error = 127; -} - -static int test_run_ejs(char *script) -{ - EjsHandle handle = 0; - MprVar result; - char *emsg; - TALLOC_CTX *mem_ctx = talloc_new(NULL); - struct MprVar *return_var; - - mprSetCtx(mem_ctx); - - if (ejsOpen(NULL, NULL, NULL) != 0) { - d_printf("ejsOpen(): unable to initialise EJS subsystem\n"); - ejs_error = 127; - goto failed; - } - - smb_setup_ejs_functions(test_ejs_exception); - - if ((eid = ejsOpenEngine(handle, 0)) == (EjsId)-1) { - d_printf("smbscript: ejsOpenEngine(): unable to initialise an EJS engine\n"); - ejs_error = 127; - goto failed; - } - - mprSetVar(ejsGetGlobalObject(eid), "ARGV", mprList("ARGV", NULL)); - - /* run the script */ - if (ejsEvalScript(eid, script, &result, &emsg) == -1) { - d_printf("smbscript: ejsEvalScript(): %s\n", emsg); - if (ejs_error == 0) ejs_error = 127; - goto failed; - } - - return_var = ejsGetReturnValue(eid); - ejs_error = mprVarToNumber(return_var); - -failed: - ejsClose(); - talloc_free(mem_ctx); - return ejs_error; -} - -static NTSTATUS provision_bare_ejs(TALLOC_CTX *mem_ctx, - struct loadparm_context *lp_ctx, - struct provision_settings *settings) -{ - char *ejs; - int ret; - bool ok; - struct ldb_context *ldb; - - DEBUG(0,("Provision for Become-DC test using EJS\n")); - - DEBUG(0,("New Server[%s] in Site[%s]\n", settings->dns_name, - settings->site_name)); - - DEBUG(0,("DSA Instance [%s]\n" - "\tobjectGUID[%s]\n" - "\tinvocationId[%s]\n", - settings->ntds_dn_str, - GUID_string(mem_ctx, settings->ntds_guid), - GUID_string(mem_ctx, settings->invocation_id))); - - DEBUG(0,("Pathes under PRIVATEDIR[%s]\n" - "SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n", - lp_private_dir(lp_ctx), - settings->samdb_ldb, - settings->secrets_ldb, - settings->secrets_keytab)); - - DEBUG(0,("Schema Partition[%s => %s]\n", - settings->schema_dn_str, settings->schemadn_ldb)); - - DEBUG(0,("Config Partition[%s => %s]\n", - settings->config_dn_str, settings->configdn_ldb)); - - DEBUG(0,("Domain Partition[%s => %s]\n", - settings->domain_dn_str, settings->domaindn_ldb)); - - ejs = talloc_asprintf(mem_ctx, - "libinclude(\"base.js\");\n" - "libinclude(\"provision.js\");\n" - "\n" - "function message() { print(vsprintf(arguments)); }\n" - "\n" - "var subobj = provision_guess();\n" - "subobj.ROOTDN = \"%s\";\n" - "subobj.DOMAINDN = \"%s\";\n" - "subobj.DOMAINDN_LDB = \"%s\";\n" - "subobj.CONFIGDN = \"%s\";\n" - "subobj.CONFIGDN_LDB = \"%s\";\n" - "subobj.SCHEMADN = \"%s\";\n" - "subobj.SCHEMADN_LDB = \"%s\";\n" - "subobj.HOSTNAME = \"%s\";\n" - "subobj.REALM = \"%s\";\n" - "subobj.DOMAIN = \"%s\";\n" - "subobj.DEFAULTSITE = \"%s\";\n" - "\n" - "subobj.KRBTGTPASS = \"_NOT_USED_\";\n" - "subobj.MACHINEPASS = \"%s\";\n" - "subobj.ADMINPASS = \"_NOT_USED_\";\n" - "\n" - "var paths = provision_default_paths(subobj);\n" - "paths.samdb = \"%s\";\n" - "paths.secrets = \"%s\";\n" - "paths.templates = \"%s\";\n" - "paths.keytab = \"%s\";\n" - "paths.dns_keytab = \"%s\";\n" - "\n" - "var system_session = system_session();\n" - "\n" - "var ok = provision_become_dc(subobj, message, true, paths, system_session);\n" - "assert(ok);\n" - "\n" - "return 0;\n", - settings->root_dn_str, /* subobj.ROOTDN */ - settings->domain_dn_str, /* subobj.DOMAINDN */ - settings->domaindn_ldb, /* subobj.DOMAINDN_LDB */ - settings->config_dn_str, /* subobj.CONFIGDN */ - settings->configdn_ldb, /* subobj.CONFIGDN_LDB */ - settings->schema_dn_str, /* subobj.SCHEMADN */ - settings->schemadn_ldb, /* subobj.SCHEMADN_LDB */ - settings->netbios_name, /* subobj.HOSTNAME */ - settings->realm,/* subobj.REALM */ - settings->domain,/* subobj.DOMAIN */ - settings->site_name, /* subobj.DEFAULTSITE */ - settings->machine_password,/* subobj.MACHINEPASS */ - settings->samdb_ldb, /* paths.samdb */ - settings->templates_ldb, /* paths.templates */ - settings->secrets_ldb, /* paths.secrets */ - settings->secrets_keytab, /* paths.keytab */ - settings->dns_keytab); /* paths.dns_keytab */ - NT_STATUS_HAVE_NO_MEMORY(ejs); - - ret = test_run_ejs(ejs); - if (ret != 0) { - DEBUG(0,("Failed to run ejs script: %d:\n%s", - ret, ejs)); - talloc_free(ejs); - return NT_STATUS_FOOBAR; - } - talloc_free(ejs); - - DEBUG(0,("Open the SAM LDB with system credentials: %s\n", - settings->samdb_ldb)); - - ldb = ldb_wrap_connect(mem_ctx, lp_ctx, settings->samdb_ldb, - system_session(mem_ctx, lp_ctx), - NULL, 0, NULL); - if (!ldb) { - DEBUG(0,("Failed to open '%s'\n", - settings->samdb_ldb)); - return NT_STATUS_INTERNAL_DB_ERROR; - } - - ok = samdb_set_ntds_invocation_id(ldb, settings->invocation_id); - if (!ok) { - DEBUG(0,("Failed to set cached ntds invocationId\n")); - return NT_STATUS_FOOBAR; - } - ok = samdb_set_ntds_objectGUID(ldb, settings->ntds_guid); - if (!ok) { - DEBUG(0,("Failed to set cached ntds objectGUID\n")); - return NT_STATUS_FOOBAR; - } - - return NT_STATUS_OK; -} - #include "param/param.h" #include <Python.h> #include "scripting/python/modules.h" -static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx, - struct loadparm_context *lp_ctx, - struct provision_settings *settings) +NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, + struct provision_settings *settings) { bool ok; PyObject *provision_mod, *provision_dict, *provision_fn, *result, *parameters; struct ldb_context *ldb; - + char *sam_ldb_path; + DEBUG(0,("Provision for Become-DC test using python\n")); py_load_samba_modules(); @@ -239,10 +55,10 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx, return NT_STATUS_UNSUCCESSFUL; } - provision_fn = PyDict_GetItemString(provision_dict, "provision"); + provision_fn = PyDict_GetItemString(provision_dict, "provision_become_dc"); if (provision_fn == NULL) { PyErr_Print(); - DEBUG(0, ("Unable to get provision function\n")); + DEBUG(0, ("Unable to get provision_become_dc function\n")); return NT_STATUS_UNSUCCESSFUL; } @@ -256,56 +72,45 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx, settings->ntds_guid == NULL?"None":GUID_string(mem_ctx, settings->ntds_guid), settings->invocation_id == NULL?"None":GUID_string(mem_ctx, settings->invocation_id))); - DEBUG(0,("Pathes under PRIVATEDIR[%s]\n" - "SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n", - lp_private_dir(lp_ctx), - settings->samdb_ldb, - settings->secrets_ldb, - settings->secrets_keytab)); - - DEBUG(0,("Schema Partition[%s => %s]\n", - settings->schema_dn_str, settings->schemadn_ldb)); - - DEBUG(0,("Config Partition[%s => %s]\n", - settings->config_dn_str, settings->configdn_ldb)); - - DEBUG(0,("Domain Partition[%s => %s]\n", - settings->domain_dn_str, settings->domaindn_ldb)); - + DEBUG(0,("Pathes under targetdir[%s]\n", + settings->targetdir)); parameters = PyDict_New(); PyDict_SetItemString(parameters, "rootdn", PyString_FromString(settings->root_dn_str)); - if (settings->domaindn_ldb != NULL) - PyDict_SetItemString(parameters, "domaindn_ldb", - PyString_FromString(settings->domaindn_ldb)); - if (settings->config_dn_str != NULL) - PyDict_SetItemString(parameters, "configdn", - PyString_FromString(settings->config_dn_str)); - if (settings->configdn_ldb != NULL) - PyDict_SetItemString(parameters, "configdn_ldb", - PyString_FromString(settings->configdn_ldb)); - if (settings->schema_dn_str != NULL) - PyDict_SetItemString(parameters, "schema_dn_str", - PyString_FromString(settings->schema_dn_str)); - if (settings->schemadn_ldb != NULL) - PyDict_SetItemString(parameters, "schemadn_ldb", - PyString_FromString(settings->schemadn_ldb)); + if (settings->targetdir != NULL) + PyDict_SetItemString(parameters, "targetdir", + PyString_FromString(settings->targetdir)); + PyDict_SetItemString(parameters, "setup_dir", + PyString_FromString("setup")); PyDict_SetItemString(parameters, "hostname", PyString_FromString(settings->netbios_name)); - PyDict_SetItemString(parameters, "sitename", - PyString_FromString(settings->site_name)); + PyDict_SetItemString(parameters, "domain", + PyString_FromString(settings->domain)); + PyDict_SetItemString(parameters, "realm", + PyString_FromString(settings->realm)); + if (settings->root_dn_str) + PyDict_SetItemString(parameters, "rootdn", + PyString_FromString(settings->root_dn_str)); + + if (settings->domain_dn_str) + PyDict_SetItemString(parameters, "domaindn", + PyString_FromString(settings->domain_dn_str)); + + if (settings->schema_dn_str) + PyDict_SetItemString(parameters, "schemadn", + PyString_FromString(settings->schema_dn_str)); + + if (settings->config_dn_str) + PyDict_SetItemString(parameters, "configdn", + PyString_FromString(settings->config_dn_str)); + + if (settings->site_name) + PyDict_SetItemString(parameters, "sitename", + PyString_FromString(settings->site_name)); + PyDict_SetItemString(parameters, "machinepass", - PyString_FromString(settings->machine_password)); - if (settings->samdb_ldb != NULL) - PyDict_SetItemString(parameters, "samdb", - PyString_FromString(settings->samdb_ldb)); - if (settings->secrets_ldb != NULL) - PyDict_SetItemString(parameters, "secrets_ldb", - PyString_FromString(settings->secrets_ldb)); - if (settings->secrets_keytab != NULL) - PyDict_SetItemString(parameters, "secrets_keytab", - PyString_FromString(settings->secrets_keytab)); + PyString_FromString(settings->machine_password)); result = PyEval_CallObjectWithKeywords(provision_fn, NULL, parameters); @@ -317,39 +122,5 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx, return NT_STATUS_UNSUCCESSFUL; } - DEBUG(0,("Open the SAM LDB with system credentials: %s\n", - settings->samdb_ldb)); - - ldb = ldb_wrap_connect(mem_ctx, lp_ctx, settings->samdb_ldb, - system_session(mem_ctx, lp_ctx), - NULL, 0, NULL); - if (!ldb) { - DEBUG(0,("Failed to open '%s'\n", settings->samdb_ldb)); - return NT_STATUS_INTERNAL_DB_ERROR; - } - - ok = samdb_set_ntds_invocation_id(ldb, settings->invocation_id); - if (!ok) { - DEBUG(0,("Failed to set cached ntds invocationId\n")); - return NT_STATUS_FOOBAR; - } - ok = samdb_set_ntds_objectGUID(ldb, settings->ntds_guid); - if (!ok) { - DEBUG(0,("Failed to set cached ntds objectGUID\n")); - return NT_STATUS_FOOBAR; - } - return NT_STATUS_OK; } - -NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, - struct provision_settings *settings) -{ - if (getenv("PROVISION_EJS")) { - return provision_bare_ejs(mem_ctx, lp_ctx, settings); - } else { - return provision_bare_py(mem_ctx, lp_ctx, settings); - } -} - - |