9 files changed, 159 insertions, 52 deletions

diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index b3ed41a752..939de4b048 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -1136,6 +1136,43 @@ failed:
 	return NULL;
 }
 
+bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct dom_sid *dom_sid_new;
+	struct dom_sid *dom_sid_old;
+
+	/* see if we have a cached copy */
+	dom_sid_old = talloc_get_type(ldb_get_opaque(ldb, 
+						     "cache.domain_sid"), struct dom_sid);
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in);
+	if (!dom_sid_new) {
+		goto failed;
+	}
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, "cache.domain_sid", dom_sid_new) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, dom_sid_new);
+	talloc_free(tmp_ctx);
+	talloc_free(dom_sid_old);
+
+	return true;
+
+failed:
+	DEBUG(1,("Failed to set our own cached domain SID in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return false;
+}
+
 /* Obtain the short name of the flexible single master operator
  * (FSMO), such as the PDC Emulator */
 const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg, 
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d51f9e218d..d7f9fdde3d 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -985,6 +985,7 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA
 	const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
 	void *sam_ctx;
 	struct ldb_message **res;
+	struct ldb_dn *domain_dn;
 	int ret;
 
 	ZERO_STRUCT(r->out);
@@ -994,9 +995,13 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA
 		return WERR_DS_SERVICE_UNAVAILABLE;
 	}
 
-	ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
-				"(&(objectClass=domainDNS)(dnsDomain=%s))",
-				r->in.domain_name);
+	domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
+					   r->in.domain_name);   
+	if (domain_dn == NULL) {
+		return WERR_DS_SERVICE_UNAVAILABLE;
+	}
+
+	ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
 	if (ret != 1) {
 		return WERR_NO_SUCH_DOMAIN;
 	}
diff --git a/source4/scripting/ejs/smbcalls_ldb.c b/source4/scripting/ejs/smbcalls_ldb.c
index b8c35d267e..7599cbf443 100644
--- a/source4/scripting/ejs/smbcalls_ldb.c
+++ b/source4/scripting/ejs/smbcalls_ldb.c
@@ -28,6 +28,7 @@
 #include "ldb_wrap.h"
 #include "dsdb/samdb/samdb.h"
 #include "librpc/ndr/libndr.h"
+#include "libcli/security/security.h"
 
 /*
   get the connected db
@@ -598,7 +599,7 @@ static int ejs_ldb_attach_dsdb_schema_from_ldif(MprVarHandle eid, int argc, char
 }
 
 /*
-  commit a ldb attach a dsdb_schema from ldif files
+  set a particular invocationId against the running LDB
   usage:
    ok = ldb.set_ntds_invocationId("7729aa4b-f990-41ad-b81a-8b6a14090f41");
 */
@@ -640,9 +641,9 @@ static int ejs_ldb_set_ntds_invocationId(MprVarHandle eid, int argc, char **argv
 }
 
 /*
-  commit a ldb attach a dsdb_schema from ldif files
+  attach a particular ntds objectGUID against the current ldb
   usage:
-   ok = ldb.get_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
+   ok = ldb.set_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
 */
 static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv)
 {
@@ -682,6 +683,48 @@ static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv)
 }
 
 /*
+  attach a particular domain SID against the current ldb
+  usage:
+   ok = ldb.set_domain_sid("S-S-1-5-21-3065342217-3567412576-2214182334");
+*/
+static int ejs_ldb_set_domain_sid(MprVarHandle eid, int argc, char **argv)
+{
+	struct ldb_context *ldb;
+	struct dom_sid *dom_sid;
+	char *dom_sid_str;
+	bool ok;
+
+	if (argc != 1) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid invalid arguments");
+		return -1;
+	}
+
+	ldb = ejs_get_ldb_context(eid);
+	if (ldb == NULL) {
+		return -1;
+	}
+
+	dom_sid_str = argv[0];
+
+	dom_sid = dom_sid_parse_talloc(NULL, dom_sid_str);
+	if (!dom_sid) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to parse domain sid '%s'\n",
+				dom_sid_str);
+		return -1;
+	}
+
+	ok = samdb_set_domain_sid(ldb, dom_sid);
+	talloc_free(dom_sid);
+	if (!ok) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to set cached ntds invocationId\n");
+		return -1;
+	}
+
+	mpr_Return(eid, mprCreateBoolVar(ok));
+	return 0;
+}
+
+/*
   initialise ldb ejs subsystem
 */
 static int ejs_ldb_init(MprVarHandle eid, int argc, struct MprVar **argv)
@@ -708,6 +751,8 @@ static int ejs_ldb_init(MprVarHandle eid, int argc, struct MprVar **argv)
 			      ejs_ldb_set_ntds_invocationId);
 	mprSetStringCFunction(ldb, "set_ntds_objectGUID",
 			      ejs_ldb_set_ntds_objectGUID);
+	mprSetStringCFunction(ldb, "set_domain_sid",
+			      ejs_ldb_set_domain_sid);
 	mprSetVar(ldb, "SCOPE_BASE", mprCreateNumberVar(LDB_SCOPE_BASE));
 	mprSetVar(ldb, "SCOPE_ONE", mprCreateNumberVar(LDB_SCOPE_ONELEVEL));
 	mprSetVar(ldb, "SCOPE_SUBTREE", mprCreateNumberVar(LDB_SCOPE_SUBTREE));
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2dfc941a66..b42f3b2580 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -563,6 +563,44 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	return true;
 }
 
+function load_schema(subobj, message, samdb)
+{
+	var lp = loadparm_init();
+	var src = lp.get("setup directory") + "/" + "schema.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var schema_data = sys.file_load(src);
+
+	src = lp.get("setup directory") + "/" + "schema_samba4.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	schema_data = schema_data + sys.file_load(src);
+
+	schema_data = substitute_var(schema_data, subobj);
+
+	src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var head_data = sys.file_load(src);
+	head_data = substitute_var(head_data, subobj);
+
+	var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data);
+	return ok;
+}
+
+
 /*
   provision samba4 - caution, this wipes all existing data!
 */
@@ -648,8 +686,15 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	}
 	samdb.close();
 
+	message("Pre-loading the Samba4 and AD schema\n");
+	
 	samdb = open_ldb(info, paths.samdb, false);
 
+	samdb.set_domain_sid(subobj.DOMAINSID);
+
+	var load_schema_ok = load_schema(subobj, message, samdb);
+	assert(load_schema_ok.is_ok);
+
 	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
@@ -692,16 +737,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb AD schema\n");
 	setup_add_ldif("schema.ldif", info, samdb, false);
 
-	// (hack) Reload, now we have the schema loaded.  
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-	samdb.close();
-
-	samdb = open_ldb(info, paths.samdb, false);
-
 	message("Setting up sam.ldb configuration data\n");
 	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
 
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 286ecdd49c..fa990599d9 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -3,8 +3,6 @@
 ###############################
 dn: ${DOMAINDN}
 changetype: modify
-replace: dnsDomain
-dnsDomain: ${DNSDOMAIN}
 -
 replace: dc
 dc: ${RDN_DC}
@@ -79,12 +77,6 @@ replace: subRefs
 subRefs: ${CONFIGDN}
 subRefs: ${SCHEMADN}
 -
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
 replace: gPLink
 gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2]
 -
diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif
index 897499b163..46ba4e9649 100644
--- a/source4/setup/provision_configuration_basedn_modify.ldif
+++ b/source4/setup/provision_configuration_basedn_modify.ldif
@@ -14,9 +14,3 @@ objectCategory: CN=Configuration,${SCHEMADN}
 -
 replace: subRefs
 subRefs: ${SCHEMADN}
--
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif
index a222a654f7..92c5cf1ace 100644
--- a/source4/setup/provision_schema_basedn_modify.ldif
+++ b/source4/setup/provision_schema_basedn_modify.ldif
@@ -9,15 +9,6 @@ instanceType: 13
 replace: showInAdvancedViewOnly
 showInAdvancedViewOnly: TRUE
 -
-replace: objectCategory
-objectCategory: CN=DMD,${SCHEMADN}
--
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
 replace: fSMORoleOwner
 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
 -
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 8c6959dbaa..06230e8d00 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -61,4 +61,9 @@ systemFlags: 33554432
 dMDLocation: ${SCHEMADN}
 invocationId: ${INVOCATIONID}
 msDS-Behavior-Version: 2
-
+msDS-hasMasterNCs: ${CONFIGDN}
+msDS-hasMasterNCs: ${SCHEMADN}
+msDS-hasMasterNCs: ${DOMAINDN}
+hasMasterNCs: ${CONFIGDN}
+hasMasterNCs: ${SCHEMADN}
+hasMasterNCs: ${DOMAINDN}
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 2967261758..a9f79f1635 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -96,18 +96,21 @@ attributeID: 1.3.6.1.4.1.7165.4.1.5
 attributeSyntax: 2.5.5.5
 oMSyntax: 22
 
-dn: cn=dnsDomain,${SCHEMADN}
-objectClass: top
-objectClass: attributeSchema
-lDAPDisplayName: dnsDomain
-isSingleValued: FALSE
-systemFlags: 17
-systemOnly: TRUE
-schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
-adminDisplayName: DNS-Domain
-attributeID: 1.3.6.1.4.1.7165.4.1.6
-attributeSyntax: 2.5.5.4
-oMSyntax: 20
+#
+# Not used anymore
+#
+#dn: cn=dnsDomain,${SCHEMADN}
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: dnsDomain
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
+#adminDisplayName: DNS-Domain
+#attributeID: 1.3.6.1.4.1.7165.4.1.6
+#attributeSyntax: 2.5.5.4
+#oMSyntax: 20
 
 dn: cn=privilege,${SCHEMADN}
 objectClass: top