summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/credentials/credentials.i2
-rw-r--r--source4/auth/credentials/credentials.py1
-rw-r--r--source4/auth/credentials/credentials_files.c2
-rw-r--r--source4/auth/credentials/credentials_wrap.c102
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c8
-rw-r--r--source4/scripting/python/samba/provision.py84
-rw-r--r--source4/selftest/target/Samba4.pm5
-rwxr-xr-xsource4/setup/provision-backend15
-rw-r--r--source4/setup/provision_rootdse_add.ldif5
-rw-r--r--source4/torture/libnet/libnet_BecomeDC.c1
-rw-r--r--source4/torture/local/torture.c37
-rw-r--r--source4/torture/rpc/testjoin.c8
-rw-r--r--source4/torture/util.h1
-rw-r--r--source4/torture/util_provision.c4
14 files changed, 179 insertions, 96 deletions
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 0a604cf002..152d2e673c 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -95,6 +95,8 @@ typedef struct cli_credentials {
bool set_workstation(const char *workstation,
enum credentials_obtained obtained=CRED_SPECIFIED);
+ NTSTATUS set_machine_account(struct loadparm_context *lp_ctx);
+
void guess(struct loadparm_context *lp_ctx);
bool is_anonymous(void);
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index 2b40fbeead..ba0000dcda 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -82,6 +82,7 @@ Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_d
Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
+Credentials.set_machine_account = new_instancemethod(_credentials.Credentials_set_machine_account,None,Credentials)
Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
Credentials.is_anonymous = new_instancemethod(_credentials.Credentials_is_anonymous,None,Credentials)
Credentials.get_nt_hash = new_instancemethod(_credentials.Credentials_get_nt_hash,None,Credentials)
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 8bcbc65575..1bbdf8a5ad 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -327,7 +327,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
- struct loadparm_context *lp_ctx)
+ struct loadparm_context *lp_ctx)
{
char *filter;
/* Bleh, nasty recursion issues: We are setting a machine
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index 909233aaff..6c99802b09 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -2456,24 +2456,25 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
/* -------- TYPES TABLE (BEGIN) -------- */
-#define SWIGTYPE_p_TALLOC_CTX swig_types[0]
-#define SWIGTYPE_p_char swig_types[1]
-#define SWIGTYPE_p_cli_credentials swig_types[2]
-#define SWIGTYPE_p_int swig_types[3]
-#define SWIGTYPE_p_loadparm_context swig_types[4]
-#define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long swig_types[6]
-#define SWIGTYPE_p_param_context swig_types[7]
-#define SWIGTYPE_p_param_opt swig_types[8]
-#define SWIGTYPE_p_param_section swig_types[9]
-#define SWIGTYPE_p_short swig_types[10]
-#define SWIGTYPE_p_signed_char swig_types[11]
-#define SWIGTYPE_p_unsigned_char swig_types[12]
-#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long swig_types[14]
-#define SWIGTYPE_p_unsigned_short swig_types[15]
-static swig_type_info *swig_types[17];
-static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
+#define SWIGTYPE_p_NTSTATUS swig_types[0]
+#define SWIGTYPE_p_TALLOC_CTX swig_types[1]
+#define SWIGTYPE_p_char swig_types[2]
+#define SWIGTYPE_p_cli_credentials swig_types[3]
+#define SWIGTYPE_p_int swig_types[4]
+#define SWIGTYPE_p_loadparm_context swig_types[5]
+#define SWIGTYPE_p_loadparm_service swig_types[6]
+#define SWIGTYPE_p_long_long swig_types[7]
+#define SWIGTYPE_p_param_context swig_types[8]
+#define SWIGTYPE_p_param_opt swig_types[9]
+#define SWIGTYPE_p_param_section swig_types[10]
+#define SWIGTYPE_p_short swig_types[11]
+#define SWIGTYPE_p_signed_char swig_types[12]
+#define SWIGTYPE_p_unsigned_char swig_types[13]
+#define SWIGTYPE_p_unsigned_int swig_types[14]
+#define SWIGTYPE_p_unsigned_long_long swig_types[15]
+#define SWIGTYPE_p_unsigned_short swig_types[16]
+static swig_type_info *swig_types[18];
+static swig_module_info swig_module = {swig_types, 17, 0, 0, 0, 0};
#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
@@ -3409,6 +3410,46 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_machine_account(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ struct loadparm_context *arg2 = (struct loadparm_context *) 0 ;
+ NTSTATUS result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ char * kwnames[] = {
+ (char *) "self",(char *) "lp_ctx", NULL
+ };
+
+ arg1 = NULL;
+ arg2 = loadparm_init(NULL);
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_machine_account",kwnames,&obj0,&obj1)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_machine_account" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ if (obj1) {
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_loadparm_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Credentials_set_machine_account" "', argument " "2"" of type '" "struct loadparm_context *""'");
+ }
+ arg2 = (struct loadparm_context *)(argp2);
+ }
+ result = cli_credentials_set_machine_account(arg1,arg2);
+ resultobj = SWIG_NewPointerObj((NTSTATUS *)memcpy((NTSTATUS *)malloc(sizeof(NTSTATUS)),&result,sizeof(NTSTATUS)), SWIGTYPE_p_NTSTATUS, SWIG_POINTER_OWN | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_guess(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3646,6 +3687,7 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_machine_account", (PyCFunction) _wrap_Credentials_set_machine_account, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_is_anonymous", (PyCFunction) _wrap_Credentials_is_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_nt_hash", (PyCFunction) _wrap_Credentials_get_nt_hash, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3661,31 +3703,33 @@ static PyMethodDef SwigMethods[] = {
/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
+static swig_type_info _swigt__p_NTSTATUS = {"_p_NTSTATUS", "NTSTATUS *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
+ &_swigt__p_NTSTATUS,
&_swigt__p_TALLOC_CTX,
&_swigt__p_char,
&_swigt__p_cli_credentials,
&_swigt__p_int,
&_swigt__p_loadparm_context,
&_swigt__p_loadparm_service,
- &_swigt__p_long,
+ &_swigt__p_long_long,
&_swigt__p_param_context,
&_swigt__p_param_opt,
&_swigt__p_param_section,
@@ -3693,17 +3737,18 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_signed_char,
&_swigt__p_unsigned_char,
&_swigt__p_unsigned_int,
- &_swigt__p_unsigned_long,
+ &_swigt__p_unsigned_long_long,
&_swigt__p_unsigned_short,
};
+static swig_cast_info _swigc__p_NTSTATUS[] = { {&_swigt__p_NTSTATUS, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_TALLOC_CTX[] = { {&_swigt__p_TALLOC_CTX, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentials, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3711,17 +3756,18 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
+ _swigc__p_NTSTATUS,
_swigc__p_TALLOC_CTX,
_swigc__p_char,
_swigc__p_cli_credentials,
_swigc__p_int,
_swigc__p_loadparm_context,
_swigc__p_loadparm_service,
- _swigc__p_long,
+ _swigc__p_long_long,
_swigc__p_param_context,
_swigc__p_param_opt,
_swigc__p_param_section,
@@ -3729,7 +3775,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_signed_char,
_swigc__p_unsigned_char,
_swigc__p_unsigned_int,
- _swigc__p_unsigned_long,
+ _swigc__p_unsigned_long_long,
_swigc__p_unsigned_short,
};
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 3235b24ef9..50f333d095 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -26,6 +26,7 @@
#include "lib/ldb/include/ldb_private.h"
#include "system/time.h"
#include "dsdb/samdb/samdb.h"
+#include "version.h"
struct private_data {
int num_controls;
@@ -202,6 +203,13 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
+ if (schema && do_attribute_explicit(attrs, "vendorVersion")) {
+ if (ldb_msg_add_fmt(msg, "vendorVersion",
+ "%s", SAMBA_VERSION_STRING) != 0) {
+ goto failed;
+ }
+ }
+
/* TODO: lots more dynamic attributes should be added here */
return LDB_SUCCESS;
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 6917aa1a54..80dcd522df 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -265,7 +265,8 @@ def provision_paths_from_lp(lp, dnsdomain):
return paths
def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None,
- rootdn=None, domaindn=None, configdn=None, schemadn=None, sitename=None):
+ rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None,
+ sitename=None):
if hostname is None:
hostname = socket.gethostname().split(".")[0].lower()
@@ -287,7 +288,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
if lp.get("realm").upper() != realm:
raise Exception("realm '%s' in %s must match chosen realm '%s'" %
- (lp.get("realm"), smbconf, realm))
+ (lp.get("realm"), lp.configfile(), realm))
dnsdomain = dnsdomain.lower()
@@ -332,6 +333,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
names.netbiosname = netbiosname
names.hostname = hostname
names.sitename = sitename
+ names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
return names
@@ -543,9 +545,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
samdb.load_ldif_file_add(setup_path("provision_init.ldif"))
message("Setting up sam.ldb rootDSE")
- setup_samdb_rootdse(samdb, setup_path, names.schemadn, names.domaindn, names.hostname,
- names.dnsdomain, names.realm, names.rootdn, names.configdn, names.netbiosname,
- names.sitename)
+ setup_samdb_rootdse(samdb, setup_path, names)
if erase:
message("Erasing data from partitions")
@@ -656,25 +656,22 @@ def setup_idmapdb(path, setup_path, session_info, credentials, lp):
idmap_ldb.load_ldif_file_add(setup_path("idmap_init.ldif"))
return idmap_ldb
-def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname,
- dnsdomain, realm, rootdn, configdn, netbiosname,
- sitename):
+def setup_samdb_rootdse(samdb, setup_path, names):
"""Setup the SamDB rootdse.
:param samdb: Sam Database handle
:param setup_path: Obtain setup path
"""
setup_add_ldif(samdb, setup_path("provision_rootdse_add.ldif"), {
- "SCHEMADN": schemadn,
- "NETBIOSNAME": netbiosname,
- "DNSDOMAIN": dnsdomain,
- "DEFAULTSITE": sitename,
- "REALM": realm,
- "DNSNAME": "%s.%s" % (hostname, dnsdomain),
- "DOMAINDN": domaindn,
- "ROOTDN": rootdn,
- "CONFIGDN": configdn,
- "VERSION": samba.version(),
+ "SCHEMADN": names.schemadn,
+ "NETBIOSNAME": names.netbiosname,
+ "DNSDOMAIN": names.dnsdomain,
+ "REALM": names.realm,
+ "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
+ "DOMAINDN": names.domaindn,
+ "ROOTDN": names.rootdn,
+ "CONFIGDN": names.configdn,
+ "SERVERDN": names.serverdn,
})
@@ -879,7 +876,8 @@ FILL_DRS = "DRS"
def provision(setup_dir, message, session_info,
credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None,
- rootdn=None, domaindn=None, schemadn=None, configdn=None,
+ rootdn=None, domaindn=None, schemadn=None, configdn=None,
+ serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None,
domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, invocationid=None, machinepass=None,
@@ -932,7 +930,8 @@ def provision(setup_dir, message, session_info,
names = guess_names(lp=lp, hostname=hostname, domain=domain,
dnsdomain=realm, serverrole=serverrole, sitename=sitename,
- rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn)
+ rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn,
+ serverdn=serverdn)
paths = provision_paths_from_lp(lp, names.dnsdomain)
@@ -1046,8 +1045,8 @@ def provision(setup_dir, message, session_info,
message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
- message("Once the above files are installed, your server will be ready to use")
- message("Server Type: %s" % serverrole)
+ message("Once the above files are installed, your Samba4 server will be ready to use")
+ message("Server Role: %s" % serverrole)
message("Hostname: %s" % names.hostname)
message("NetBIOS Domain: %s" % names.domain)
message("DNS Domain: %s" % names.dnsdomain)
@@ -1064,12 +1063,13 @@ def provision(setup_dir, message, session_info,
def provision_become_dc(setup_dir=None,
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
+ serverdn=None,
domain=None, hostname=None, domainsid=None,
adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, invocationid=None, machinepass=None,
dnspass=None, root=None, nobody=None, nogroup=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
- ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE):
+ ldap_backend=None, ldap_backend_type=None, sitename=None):
def message(text):
"""print a message if quiet is not set."""
@@ -1077,7 +1077,7 @@ def provision_become_dc(setup_dir=None,
provision(setup_dir, message, system_session(), None,
smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm,
- rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn,
+ rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn,
domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename);
@@ -1096,7 +1096,7 @@ def provision_backend(setup_dir=None, message=None,
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, adminpass=None, root=None, serverrole=None,
- ldap_backend_type=None):
+ ldap_backend_type=None, ldap_backend_port=None):
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -1144,7 +1144,12 @@ def provision_backend(setup_dir=None, message=None,
{"SCHEMADN": names.schemadn})
if ldap_backend_type == "fedora-ds":
- setup_file(setup_path("fedora-ds.inf"), paths.fedoradsinf,
+ if ldap_backend_port is not None:
+ serverport = "ServerPort=%d" % ldap_backend_port
+ else:
+ serverport = ""
+
+ setup_file(setup_path("fedorads.inf"), paths.fedoradsinf,
{"ROOT": root,
"HOSTNAME": hostname,
"DNSDOMAIN": names.dnsdomain,
@@ -1152,19 +1157,18 @@ def provision_backend(setup_dir=None, message=None,
"DOMAINDN": names.domaindn,
"LDAPMANAGERDN": names.ldapmanagerdn,
"LDAPMANAGERPASS": adminpass,
- "SERVERPORT": ""})
+ "SERVERPORT": serverport})
- setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions,
+ setup_file(setup_path("fedorads-partitions.ldif"), paths.fedoradspartitions,
{"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
})
- setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions,
- {"CONFIGDN": names.configdn,
- "SCHEMADN": names.schemadn,
- })
mapping = "schema-map-fedora-ds-1.0"
backend_schema = "99_ad.ldif"
+
+ slapdcommand="Initailise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf
+
elif ldap_backend_type == "openldap":
attrs = ["linkID", "lDAPDisplayName"]
res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs);
@@ -1215,14 +1219,26 @@ refint_attributes""" + refint_attributes + "\n";
ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
- message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri)
-
+ if ldap_backend_port is not None:
+ server_port_string = " -h ldap://0.0.0.0:%d" % ldap_backend_port
+ else:
+ server_port_string = ""
+ slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string
schema_command = "bin/ad2oLschema --option=convert:target=" + ldap_backend_type + " -I " + setup_path(mapping) + " -H tdb://" + schemadb_path + " -O " + os.path.join(paths.ldapdir, backend_schema);
os.system(schema_command)
+ message("Your %s Backend for Samba4 is now configured, and is ready to be started" % ( ldap_backend_type) )
+ message("Server Role: %s" % serverrole)
+ message("Hostname: %s" % names.hostname)
+ message("DNS Domain: %s" % names.dnsdomain)
+ message("Base DN: %s" % names.domaindn)
+ message("LDAP admin DN: %s" % names.ldapmanagerdn)
+ message("LDAP admin password: %s" % adminpass)
+ message(slapdcommand)
+
def create_phpldapadmin_config(path, setup_path, ldapi_uri):
"""Create a PHP LDAP admin configuration file.
diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm
index 262c8035f6..552f6535af 100644
--- a/source4/selftest/target/Samba4.pm
+++ b/source4/selftest/target/Samba4.pm
@@ -201,8 +201,6 @@ sub mk_fedora_ds($$$)
my $pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid";
- system("$self->{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb --option=convert:target=fedora-ds -I $self->{setupdir}/schema-map-fedora-ds-1.0 -O $ldapdir/99_ad.ldif >&2") == 0 or die("schema conversion for Fedora DS failed");
-
my $dir = getcwd();
chdir "$ENV{FEDORA_DS_ROOT}/bin" || die;
if (system("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf >&2") != 0) {
@@ -222,9 +220,6 @@ sub mk_openldap($$$)
my $pidfile = "$ldapdir/slapd.pid";
my $modconf = "$ldapdir/modules.conf";
- #This uses the backend provision we just did, to read out the schema
- system("$self->{bindir}/ad2oLschema $configuration --option=convert:target=openldap -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/backend-schema.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
-
my $oldpath = $ENV{PATH};
my $olpath = "";
my $olroot = "";
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index ada6dcef8d..4f222c467a 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -54,6 +54,8 @@ parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
help="LDB mapping module to use for the LDAP backend",
choices=["fedora-ds", "openldap"])
+parser.add_option("--ldap-backend-port", type="int", metavar="PORT",
+ help="TCP Port LDAP server should listen to (default ldapi only)")
parser.add_option("--server-role", type="choice", metavar="ROLE",
choices=["domain controller", "dc", "member server", "member", "standalone"],
help="Set server role to provision for (default standalone)")
@@ -89,10 +91,9 @@ if setup_dir is None:
setup_dir = "setup"
provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir,
- realm=opts.realm, domain=opts.domain,
- hostname=opts.host_name,
- adminpass=opts.ldap_manager_pass,
- root=opts.root, serverrole=server_role,
- ldap_backend_type=opts.ldap_backend_type)
-
-message("All OK")
+ realm=opts.realm, domain=opts.domain,
+ hostname=opts.host_name,
+ adminpass=opts.ldap_manager_pass,
+ root=opts.root, serverrole=server_role,
+ ldap_backend_type=opts.ldap_backend_type,
+ ldap_backend_port=opts.ldap_backend_port)
diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif
index 9f19796ec6..14e0d71df6 100644
--- a/source4/setup/provision_rootdse_add.ldif
+++ b/source4/setup/provision_rootdse_add.ldif
@@ -1,7 +1,7 @@
# the rootDSE module looks in this record for its base data
dn: @ROOTDSE
subschemaSubentry: CN=Aggregate,${SCHEMADN}
-dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+dsServiceName: CN=NTDS Settings,${SERVERDN}
defaultNamingContext: ${DOMAINDN}
rootDomainNamingContext: ${ROOTDN}
configurationNamingContext: ${CONFIGDN}
@@ -9,10 +9,9 @@ schemaNamingContext: ${SCHEMADN}
supportedLDAPVersion: 3
dnsHostName: ${DNSNAME}
ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
-serverName: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+serverName: ${SERVERDN}
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
isSynchronized: FALSE
vendorName: Samba Team (http://samba.org)
-vendorVersion: ${VERSION}
diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
index 3f8edd40e8..f8699fe06a 100644
--- a/source4/torture/libnet/libnet_BecomeDC.c
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -84,6 +84,7 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
settings.netbios_name = p->dest_dsa->netbios_name;
settings.realm = torture_join_dom_dns_name(s->tj);
settings.domain = torture_join_dom_netbios_name(s->tj);
+ settings.server_dn_str = torture_join_server_dn_str(s->tj);
settings.machine_password = cli_credentials_get_password(s->machine_account);
settings.targetdir = s->targetdir;
diff --git a/source4/torture/local/torture.c b/source4/torture/local/torture.c
index bb6e21ed4f..9bd60d9620 100644
--- a/source4/torture/local/torture.c
+++ b/source4/torture/local/torture.c
@@ -42,27 +42,28 @@ static bool test_tempdir(struct torture_context *tctx)
static bool test_provision(struct torture_context *tctx)
{
NTSTATUS status;
- struct provision_settings settings;
- char *location = NULL;
- torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &location),
+ struct provision_settings *settings = talloc(tctx, struct provision_settings);
+ char *targetdir = NULL;
+
+ torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &targetdir),
"torture_temp_dir should return NT_STATUS_OK" );
+ settings->targetdir = talloc_steal(settings, targetdir);
- settings.dns_name = "example.com";
- settings.site_name = "SOME-SITE-NAME";
- settings.root_dn_str = "DC=EXAMPLE,DC=COM";
- settings.domain_dn_str = "DC=EXAMPLE,DC=COM";
- settings.config_dn_str = NULL;
- settings.schema_dn_str = NULL;
- settings.invocation_id = NULL;
- settings.netbios_name = "FOO";
- settings.realm = "EXAMPLE.COM";
- settings.domain = "EXAMPLE";
- settings.ntds_guid = NULL;
- settings.ntds_dn_str = NULL;
- settings.machine_password = "geheim";
- settings.targetdir = location;
+ settings->dns_name = "example.com";
+ settings->site_name = "SOME-SITE-NAME";
+ settings->root_dn_str = "DC=EXAMPLE,DC=COM";
+ settings->domain_dn_str = "DC=EXAMPLE,DC=COM";
+ settings->config_dn_str = NULL;
+ settings->schema_dn_str = NULL;
+ settings->invocation_id = NULL;
+ settings->netbios_name = "FOO";
+ settings->realm = "EXAMPLE.COM";
+ settings->domain = "EXAMPLE";
+ settings->ntds_guid = NULL;
+ settings->ntds_dn_str = NULL;
+ settings->machine_password = "geheim";
- status = provision_bare(tctx, tctx->lp_ctx, &settings);
+ status = provision_bare(settings, tctx->lp_ctx, settings);
torture_assert_ntstatus_ok(tctx, status, "provision");
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 02f04946d6..892886c08c 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -553,6 +553,14 @@ const char *torture_join_dom_dns_name(struct test_join *join)
return join->dom_dns_name;
}
+const char *torture_join_server_dn_str(struct test_join *join)
+{
+ if (join->libnet_r) {
+ return join->libnet_r->out.server_dn_str;
+ }
+ return NULL;
+}
+
#if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */
struct test_join_ads_dc {
diff --git a/source4/torture/util.h b/source4/torture/util.h
index 477a828120..72f97e4766 100644
--- a/source4/torture/util.h
+++ b/source4/torture/util.h
@@ -27,6 +27,7 @@ struct provision_settings {
const char *domain_dn_str;
const char *config_dn_str;
const char *schema_dn_str;
+ const char *server_dn_str;
const struct GUID *invocation_id;
const char *netbios_name;
const char *host_ip;
diff --git a/source4/torture/util_provision.c b/source4/torture/util_provision.c
index cce8e18fdc..3167a37cdf 100644
--- a/source4/torture/util_provision.c
+++ b/source4/torture/util_provision.c
@@ -105,6 +105,10 @@ NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
PyDict_SetItemString(parameters, "configdn",
PyString_FromString(settings->config_dn_str));
+ if (settings->server_dn_str)
+ PyDict_SetItemString(parameters, "serverdn",
+ PyString_FromString(settings->server_dn_str));
+
if (settings->site_name)
PyDict_SetItemString(parameters, "sitename",
PyString_FromString(settings->site_name));