diff options
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/auth/auth_sam_reply.c | 2 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 4 | ||||
| -rw-r--r-- | source4/librpc/idl/netlogon.idl | 21 | ||||
| -rw-r--r-- | source4/pidl/lib/Parse/Pidl/Samba4/Header.pm | 83 | ||||
| -rw-r--r-- | source4/scripting/libjs/provision.js | 39 | ||||
| -rwxr-xr-x | source4/setup/provision | 8 | ||||
| -rw-r--r-- | source4/setup/provision_basedn.ldif | 1 | ||||
| -rw-r--r-- | source4/setup/provision_basedn_modify.ldif | 3 | ||||
| -rw-r--r-- | source4/setup/provision_partitions.ldif | 6 | ||||
| -rw-r--r-- | source4/setup/secrets_dc.ldif | 6 | ||||
| -rw-r--r-- | source4/torture/libnet/libnet_BecomeDC.c | 4 |
11 files changed, 92 insertions, 85 deletions
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 6ab220498d..ea6f0a1f60 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -132,7 +132,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, continue; } sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); - sam3->sids[sam3->sidcount].attribute = + sam3->sids[sam3->sidcount].attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; sam3->sidcount += 1; } diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index a21cf250cb..5100b7cb7c 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -391,6 +391,10 @@ static int replmd_add_originating(struct ldb_module *module, m->originating_usn = seq_num; m->local_usn = seq_num; ni++; + + if (ldb_attr_cmp(e->name, ldb_dn_get_rdn_name(msg->dn))) { + rdn_attr = sa; + } } /* fix meta data count */ diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index dcbb647ba0..3e4d46d7f7 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -19,6 +19,7 @@ import "lsa.idl", "samr.idl", "security.idl", "nbt.idl"; interface netlogon { typedef bitmap samr_AcctFlags samr_AcctFlags; + typedef bitmap samr_GroupAttrs samr_GroupAttrs; /*****************/ /* Function 0x00 */ @@ -86,13 +87,18 @@ interface netlogon [size_is(size/2),length_is(length/2)] uint16 *bindata; } netr_AcctLockStr; - const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002; - const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020; - const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800; + typedef [public,bitmap32bit] bitmap { + MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002, + MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004, + MSV1_0_RETURN_USER_PARAMETERS = 0x00000008, + MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020, + MSV1_0_RETURN_PROFILE_PATH = 0x00000200, + MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800 + } netr_LogonParameterControl; typedef struct { lsa_String domain_name; - uint32 parameter_control; /* see MSV1_0_* */ + netr_LogonParameterControl parameter_control; /* see MSV1_0_* */ uint32 logon_id_low; uint32 logon_id_high; lsa_String account_name; @@ -126,11 +132,6 @@ interface netlogon [case(6)] netr_NetworkInfo *network; } netr_LogonLevel; - typedef [public] struct { - uint32 rid; - uint32 attributes; - } netr_GroupMembership; - typedef [public,flag(NDR_PAHEX)] struct { uint8 key[16]; } netr_UserSessionKey; @@ -187,7 +188,7 @@ interface netlogon typedef struct { dom_sid2 *sid; - uint32 attribute; + samr_GroupAttrs attributes; } netr_SidAttr; typedef [public] struct { diff --git a/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm b/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm index 2b3a9df80f..14f472340c 100644 --- a/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm +++ b/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm @@ -82,9 +82,9 @@ sub HeaderElement($) ##################################################################### # parse a struct -sub HeaderStruct($$) +sub HeaderStruct($$;$) { - my($struct,$name) = @_; + my($struct,$name,$tail) = @_; pidl "struct $name"; return if (not defined($struct->{ELEMENTS})); pidl " {\n"; @@ -103,13 +103,14 @@ sub HeaderStruct($$) if (defined $struct->{PROPERTIES}) { HeaderProperties($struct->{PROPERTIES}, []); } + pidl $tail if defined($tail); } ##################################################################### # parse a enum -sub HeaderEnum($$) +sub HeaderEnum($$;$) { - my($enum,$name) = @_; + my($enum,$name,$tail) = @_; my $first = 1; pidl "enum $name"; @@ -131,30 +132,29 @@ sub HeaderEnum($$) my $count = 0; my $with_val = 0; my $without_val = 0; - if (defined($enum->{ELEMENTS})) { - pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n"; - foreach my $e (@{$enum->{ELEMENTS}}) { - my $t = "$e"; - my $name; - my $value; - if ($t =~ /(.*)=(.*)/) { - $name = $1; - $value = $2; - $with_val = 1; - fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!") - unless ($without_val == 0); - } else { - $name = $t; - $value = $count++; - $without_val = 1; - fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!") - unless ($with_val == 0); - } - pidl "#define $name ( $value )\n"; + pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n"; + foreach my $e (@{$enum->{ELEMENTS}}) { + my $t = "$e"; + my $name; + my $value; + if ($t =~ /(.*)=(.*)/) { + $name = $1; + $value = $2; + $with_val = 1; + fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!") + unless ($without_val == 0); + } else { + $name = $t; + $value = $count++; + $without_val = 1; + fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!") + unless ($with_val == 0); } + pidl "#define $name ( $value )\n"; } pidl "#endif\n"; } + pidl $tail if defined($tail); } ##################################################################### @@ -172,9 +172,9 @@ sub HeaderBitmap($$) ##################################################################### # parse a union -sub HeaderUnion($$) +sub HeaderUnion($$;$) { - my($union,$name) = @_; + my($union,$name,$tail) = @_; my %done = (); pidl "union $name"; @@ -195,18 +195,19 @@ sub HeaderUnion($$) if (defined $union->{PROPERTIES}) { HeaderProperties($union->{PROPERTIES}, []); } + pidl $tail if defined($tail); } ##################################################################### # parse a type -sub HeaderType($$$) +sub HeaderType($$$;$) { - my($e,$data,$name) = @_; + my($e,$data,$name,$tail) = @_; if (ref($data) eq "HASH") { - ($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name); + ($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name, $tail); ($data->{TYPE} eq "BITMAP") && HeaderBitmap($data, $name); - ($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name); - ($data->{TYPE} eq "UNION") && HeaderUnion($data, $name); + ($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name, $tail); + ($data->{TYPE} eq "UNION") && HeaderUnion($data, $name, $tail); return; } @@ -215,14 +216,15 @@ sub HeaderType($$$) } else { pidl mapTypeName($e->{TYPE}); } + pidl $tail if defined($tail); } ##################################################################### # parse a typedef -sub HeaderTypedef($) +sub HeaderTypedef($;$) { - my($typedef) = shift; - HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}) if defined ($typedef->{DATA}); + my($typedef,$tail) = @_; + HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}, $tail) if defined ($typedef->{DATA}); } ##################################################################### @@ -359,16 +361,11 @@ sub HeaderInterface($) } foreach my $t (@{$interface->{TYPES}}) { - HeaderTypedef($t) if ($t->{TYPE} eq "TYPEDEF"); - HeaderStruct($t, $t->{NAME}) if ($t->{TYPE} eq "STRUCT"); - HeaderUnion($t, $t->{NAME}) if ($t->{TYPE} eq "UNION"); - HeaderEnum($t, $t->{NAME}) if ($t->{TYPE} eq "ENUM"); + HeaderTypedef($t, ";\n\n") if ($t->{TYPE} eq "TYPEDEF"); + HeaderStruct($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "STRUCT"); + HeaderUnion($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "UNION"); + HeaderEnum($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "ENUM"); HeaderBitmap($t, $t->{NAME}) if ($t->{TYPE} eq "BITMAP"); - pidl ";\n\n" if ($t->{TYPE} eq "BITMAP" or - $t->{TYPE} eq "STRUCT" or - $t->{TYPE} eq "TYPEDEF" or - $t->{TYPE} eq "UNION" or - $t->{TYPE} eq "ENUM"); } foreach my $fn (@{$interface->{FUNCTIONS}}) { diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 0cca49dec9..e71498010c 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -484,9 +484,6 @@ function provision_fix_subobj(subobj, paths) subobj.ADMINPASS_B64 = ldb.encode(subobj.ADMINPASS); subobj.DNSPASS_B64 = ldb.encode(subobj.DNSPASS); - var rdns = split(",", subobj.DOMAINDN); - subobj.RDN_DC = substr(rdns[0], strlen("DC=")); - subobj.SAM_LDB = "tdb://" + paths.samdb; subobj.SECRETS_KEYTAB = paths.keytab; subobj.DNS_KEYTAB = paths.dns_keytab; @@ -527,6 +524,10 @@ function provision_become_dc(subobj, message, erase, paths, session_info) var ok = provision_fix_subobj(subobj, paths); assert(ok); + if (subobj.BACKEND_MOD == undefined) { + subobj.BACKEND_MOD = "repl_meta_data"; + } + info.subobj = subobj; info.message = message; info.session_info = session_info; @@ -613,10 +614,21 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda var lp = loadparm_init(); var sys = sys_init(); var info = new Object(); + random_init(local); var ok = provision_fix_subobj(subobj, paths); assert(ok); + if (strlower(subobj.SERVERROLE) == strlower("domain controller")) { + if (subobj.BACKEND_MOD == undefined) { + subobj.BACKEND_MOD = "repl_meta_data"; + } + } else { + if (subobj.BACKEND_MOD == undefined) { + subobj.BACKEND_MOD = "objectguid"; + } + } + if (subobj.DOMAINGUID != undefined) { subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID); } else { @@ -696,6 +708,20 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda samdb.set_domain_sid(subobj.DOMAINSID); + if (strlower(subobj.SERVERROLE) == strlower("domain controller")) { + if (subobj.INVOCATIONID == undefined) { + subobj.INVOCATIONID = randguid(); + } + samdb.set_ntds_invocationId(subobj.INVOCATIONID); + if (subobj.BACKEND_MOD == undefined) { + subobj.BACKEND_MOD = "repl_meta_data"; + } + } else { + if (subobj.BACKEND_MOD == undefined) { + subobj.BACKEND_MOD = "objectguid"; + } + } + var load_schema_ok = load_schema(subobj, message, samdb); assert(load_schema_ok.is_ok); @@ -961,7 +987,6 @@ function provision_guess() subobj.VERSION = version(); subobj.HOSTIP = hostip(); subobj.DOMAINSID = randsid(); - subobj.INVOCATIONID = randguid(); subobj.POLICYGUID = randguid(); subobj.KRBTGTPASS = randpass(12); subobj.MACHINEPASS = randpass(12); @@ -969,9 +994,6 @@ function provision_guess() subobj.ADMINPASS = randpass(12); subobj.LDAPMANAGERPASS = randpass(12); subobj.DEFAULTSITE = "Default-First-Site-Name"; - subobj.NEWGUID = randguid; - subobj.NTTIME = nttime; - subobj.LDAPTIME = ldaptime; subobj.DATESTRING = datestring; subobj.ROOT = findnss(nss.getpwnam, "root"); subobj.NOBODY = findnss(nss.getpwnam, "nobody"); @@ -1016,9 +1038,6 @@ function provision_guess() subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype"; subobj.CONFIGDN_MOD = "naming_fsmo,instancetype"; subobj.SCHEMADN_MOD = "schema_fsmo,instancetype"; - subobj.DOMAINDN_MOD2 = ",objectguid"; - subobj.CONFIGDN_MOD2 = ",objectguid"; - subobj.SCHEMADN_MOD2 = ",objectguid"; subobj.ACI = "# no aci for local ldb"; diff --git a/source4/setup/provision b/source4/setup/provision index 8b24c51040..9e135cddbb 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -143,12 +143,10 @@ if (ldapbackend) { subobj.LDAPMODULE = "normalise,entryuuid"; subobj.TDB_MODULES_LIST = ""; } + subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; - subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; - subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; - subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); } @@ -175,7 +173,9 @@ if (partitions_only) { message("--host-guid='%s' \\\n", subobj.HOSTGUID); } message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); - message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + if (subobj.INVOCATIONID != undefined) { + message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + } message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 3c7537f013..11eb0593e8 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,4 @@ objectClass: top objectClass: domain objectClass: domainDNS ${ACI} -dc: ${RDN_DC} diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index fa990599d9..dadfda720e 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -4,9 +4,6 @@ dn: ${DOMAINDN} changetype: modify - -replace: dc -dc: ${RDN_DC} -- replace: forceLogoff forceLogoff: 9223372036854775808 - diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index fb8bc7f595..93fea6bc2d 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST replicateEntries: @OPTIONS -modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} -modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} -modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} +modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD} +modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD} +modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD} dn: @MODULES @LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2} diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index 64469352bb..71c7fc2f5b 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -7,8 +7,6 @@ realm: ${REALM} secret:: ${MACHINEPASS_B64} secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: ${SECRETS_KEYTAB} @@ -22,8 +20,6 @@ objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} sAMAccountName: krbtgt -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw krb5Keytab: HDB:ldb:${SAM_LDB}: @@ -36,8 +32,6 @@ objectClass: top objectClass: secret objectClass: kerberosSecret realm: ${REALM} -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} servicePrincipalName: DNS/${DNSDOMAIN} privateKeytab: ${DNS_KEYTAB} secret:: ${DNSPASS_B64} diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c index 932498a517..d9645356e8 100644 --- a/source4/torture/libnet/libnet_BecomeDC.c +++ b/source4/torture/libnet/libnet_BecomeDC.c @@ -201,10 +201,6 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data, "subobj.DOMAIN = \"%s\";\n" "subobj.DEFAULTSITE = \"%s\";\n" "\n" - "subobj.DOMAINDN_MOD2 = \",repl_meta_data\";\n" - "subobj.CONFIGDN_MOD2 = \",repl_meta_data\";\n" - "subobj.SCHEMADN_MOD2 = \",repl_meta_data\";\n" - "\n" "subobj.KRBTGTPASS = \"_NOT_USED_\";\n" "subobj.MACHINEPASS = \"%s\";\n" "subobj.ADMINPASS = \"_NOT_USED_\";\n" |