diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/credentials/credentials.i | 2 | ||||
-rw-r--r-- | source4/auth/credentials/credentials.py | 1 | ||||
-rw-r--r-- | source4/auth/credentials/credentials_files.c | 2 | ||||
-rw-r--r-- | source4/auth/credentials/credentials_wrap.c | 102 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 8 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 84 | ||||
-rw-r--r-- | source4/selftest/target/Samba4.pm | 5 | ||||
-rwxr-xr-x | source4/setup/provision-backend | 15 | ||||
-rw-r--r-- | source4/setup/provision_rootdse_add.ldif | 5 | ||||
-rw-r--r-- | source4/torture/libnet/libnet_BecomeDC.c | 1 | ||||
-rw-r--r-- | source4/torture/local/torture.c | 37 | ||||
-rw-r--r-- | source4/torture/rpc/testjoin.c | 8 | ||||
-rw-r--r-- | source4/torture/util.h | 1 | ||||
-rw-r--r-- | source4/torture/util_provision.c | 4 |
14 files changed, 179 insertions, 96 deletions
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i index 0a604cf002..152d2e673c 100644 --- a/source4/auth/credentials/credentials.i +++ b/source4/auth/credentials/credentials.i @@ -95,6 +95,8 @@ typedef struct cli_credentials { bool set_workstation(const char *workstation, enum credentials_obtained obtained=CRED_SPECIFIED); + NTSTATUS set_machine_account(struct loadparm_context *lp_ctx); + void guess(struct loadparm_context *lp_ctx); bool is_anonymous(void); diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py index 2b40fbeead..ba0000dcda 100644 --- a/source4/auth/credentials/credentials.py +++ b/source4/auth/credentials/credentials.py @@ -82,6 +82,7 @@ Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_d Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials) Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials) Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials) +Credentials.set_machine_account = new_instancemethod(_credentials.Credentials_set_machine_account,None,Credentials) Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials) Credentials.is_anonymous = new_instancemethod(_credentials.Credentials_is_anonymous,None,Credentials) Credentials.get_nt_hash = new_instancemethod(_credentials.Credentials_get_nt_hash,None,Credentials) diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 8bcbc65575..1bbdf8a5ad 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -327,7 +327,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, * @retval NTSTATUS error detailing any failure */ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, - struct loadparm_context *lp_ctx) + struct loadparm_context *lp_ctx) { char *filter; /* Bleh, nasty recursion issues: We are setting a machine diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c index 909233aaff..6c99802b09 100644 --- a/source4/auth/credentials/credentials_wrap.c +++ b/source4/auth/credentials/credentials_wrap.c @@ -2456,24 +2456,25 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) /* -------- TYPES TABLE (BEGIN) -------- */ -#define SWIGTYPE_p_TALLOC_CTX swig_types[0] -#define SWIGTYPE_p_char swig_types[1] -#define SWIGTYPE_p_cli_credentials swig_types[2] -#define SWIGTYPE_p_int swig_types[3] -#define SWIGTYPE_p_loadparm_context swig_types[4] -#define SWIGTYPE_p_loadparm_service swig_types[5] -#define SWIGTYPE_p_long swig_types[6] -#define SWIGTYPE_p_param_context swig_types[7] -#define SWIGTYPE_p_param_opt swig_types[8] -#define SWIGTYPE_p_param_section swig_types[9] -#define SWIGTYPE_p_short swig_types[10] -#define SWIGTYPE_p_signed_char swig_types[11] -#define SWIGTYPE_p_unsigned_char swig_types[12] -#define SWIGTYPE_p_unsigned_int swig_types[13] -#define SWIGTYPE_p_unsigned_long swig_types[14] -#define SWIGTYPE_p_unsigned_short swig_types[15] -static swig_type_info *swig_types[17]; -static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; +#define SWIGTYPE_p_NTSTATUS swig_types[0] +#define SWIGTYPE_p_TALLOC_CTX swig_types[1] +#define SWIGTYPE_p_char swig_types[2] +#define SWIGTYPE_p_cli_credentials swig_types[3] +#define SWIGTYPE_p_int swig_types[4] +#define SWIGTYPE_p_loadparm_context swig_types[5] +#define SWIGTYPE_p_loadparm_service swig_types[6] +#define SWIGTYPE_p_long_long swig_types[7] +#define SWIGTYPE_p_param_context swig_types[8] +#define SWIGTYPE_p_param_opt swig_types[9] +#define SWIGTYPE_p_param_section swig_types[10] +#define SWIGTYPE_p_short swig_types[11] +#define SWIGTYPE_p_signed_char swig_types[12] +#define SWIGTYPE_p_unsigned_char swig_types[13] +#define SWIGTYPE_p_unsigned_int swig_types[14] +#define SWIGTYPE_p_unsigned_long_long swig_types[15] +#define SWIGTYPE_p_unsigned_short swig_types[16] +static swig_type_info *swig_types[18]; +static swig_module_info swig_module = {swig_types, 17, 0, 0, 0, 0}; #define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name) #define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name) @@ -3409,6 +3410,46 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_machine_account(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + struct loadparm_context *arg2 = (struct loadparm_context *) 0 ; + NTSTATUS result; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + char * kwnames[] = { + (char *) "self",(char *) "lp_ctx", NULL + }; + + arg1 = NULL; + arg2 = loadparm_init(NULL); + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_machine_account",kwnames,&obj0,&obj1)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_machine_account" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + if (obj1) { + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_loadparm_context, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Credentials_set_machine_account" "', argument " "2"" of type '" "struct loadparm_context *""'"); + } + arg2 = (struct loadparm_context *)(argp2); + } + result = cli_credentials_set_machine_account(arg1,arg2); + resultobj = SWIG_NewPointerObj((NTSTATUS *)memcpy((NTSTATUS *)malloc(sizeof(NTSTATUS)),&result,sizeof(NTSTATUS)), SWIGTYPE_p_NTSTATUS, SWIG_POINTER_OWN | 0 ); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_guess(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3646,6 +3687,7 @@ static PyMethodDef SwigMethods[] = { { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_machine_account", (PyCFunction) _wrap_Credentials_set_machine_account, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_is_anonymous", (PyCFunction) _wrap_Credentials_is_anonymous, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_nt_hash", (PyCFunction) _wrap_Credentials_get_nt_hash, METH_VARARGS | METH_KEYWORDS, NULL}, @@ -3661,31 +3703,33 @@ static PyMethodDef SwigMethods[] = { /* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */ +static swig_type_info _swigt__p_NTSTATUS = {"_p_NTSTATUS", "NTSTATUS *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { + &_swigt__p_NTSTATUS, &_swigt__p_TALLOC_CTX, &_swigt__p_char, &_swigt__p_cli_credentials, &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long, + &_swigt__p_long_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -3693,17 +3737,18 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long, + &_swigt__p_unsigned_long_long, &_swigt__p_unsigned_short, }; +static swig_cast_info _swigc__p_NTSTATUS[] = { {&_swigt__p_NTSTATUS, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_TALLOC_CTX[] = { {&_swigt__p_TALLOC_CTX, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentials, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -3711,17 +3756,18 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { + _swigc__p_NTSTATUS, _swigc__p_TALLOC_CTX, _swigc__p_char, _swigc__p_cli_credentials, _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long, + _swigc__p_long_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -3729,7 +3775,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long, + _swigc__p_unsigned_long_long, _swigc__p_unsigned_short, }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 3235b24ef9..50f333d095 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -26,6 +26,7 @@ #include "lib/ldb/include/ldb_private.h" #include "system/time.h" #include "dsdb/samdb/samdb.h" +#include "version.h" struct private_data { int num_controls; @@ -202,6 +203,13 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + if (schema && do_attribute_explicit(attrs, "vendorVersion")) { + if (ldb_msg_add_fmt(msg, "vendorVersion", + "%s", SAMBA_VERSION_STRING) != 0) { + goto failed; + } + } + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 6917aa1a54..80dcd522df 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -265,7 +265,8 @@ def provision_paths_from_lp(lp, dnsdomain): return paths def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None, - rootdn=None, domaindn=None, configdn=None, schemadn=None, sitename=None): + rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None, + sitename=None): if hostname is None: hostname = socket.gethostname().split(".")[0].lower() @@ -287,7 +288,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole= if lp.get("realm").upper() != realm: raise Exception("realm '%s' in %s must match chosen realm '%s'" % - (lp.get("realm"), smbconf, realm)) + (lp.get("realm"), lp.configfile(), realm)) dnsdomain = dnsdomain.lower() @@ -332,6 +333,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole= names.netbiosname = netbiosname names.hostname = hostname names.sitename = sitename + names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn) return names @@ -543,9 +545,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, samdb.load_ldif_file_add(setup_path("provision_init.ldif")) message("Setting up sam.ldb rootDSE") - setup_samdb_rootdse(samdb, setup_path, names.schemadn, names.domaindn, names.hostname, - names.dnsdomain, names.realm, names.rootdn, names.configdn, names.netbiosname, - names.sitename) + setup_samdb_rootdse(samdb, setup_path, names) if erase: message("Erasing data from partitions") @@ -656,25 +656,22 @@ def setup_idmapdb(path, setup_path, session_info, credentials, lp): idmap_ldb.load_ldif_file_add(setup_path("idmap_init.ldif")) return idmap_ldb -def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname, - dnsdomain, realm, rootdn, configdn, netbiosname, - sitename): +def setup_samdb_rootdse(samdb, setup_path, names): """Setup the SamDB rootdse. :param samdb: Sam Database handle :param setup_path: Obtain setup path """ setup_add_ldif(samdb, setup_path("provision_rootdse_add.ldif"), { - "SCHEMADN": schemadn, - "NETBIOSNAME": netbiosname, - "DNSDOMAIN": dnsdomain, - "DEFAULTSITE": sitename, - "REALM": realm, - "DNSNAME": "%s.%s" % (hostname, dnsdomain), - "DOMAINDN": domaindn, - "ROOTDN": rootdn, - "CONFIGDN": configdn, - "VERSION": samba.version(), + "SCHEMADN": names.schemadn, + "NETBIOSNAME": names.netbiosname, + "DNSDOMAIN": names.dnsdomain, + "REALM": names.realm, + "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), + "DOMAINDN": names.domaindn, + "ROOTDN": names.rootdn, + "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn, }) @@ -879,7 +876,8 @@ FILL_DRS = "DRS" def provision(setup_dir, message, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, - rootdn=None, domaindn=None, schemadn=None, configdn=None, + rootdn=None, domaindn=None, schemadn=None, configdn=None, + serverdn=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, @@ -932,7 +930,8 @@ def provision(setup_dir, message, session_info, names = guess_names(lp=lp, hostname=hostname, domain=domain, dnsdomain=realm, serverrole=serverrole, sitename=sitename, - rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn) + rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn, + serverdn=serverdn) paths = provision_paths_from_lp(lp, names.dnsdomain) @@ -1046,8 +1045,8 @@ def provision(setup_dir, message, session_info, message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig) - message("Once the above files are installed, your server will be ready to use") - message("Server Type: %s" % serverrole) + message("Once the above files are installed, your Samba4 server will be ready to use") + message("Server Role: %s" % serverrole) message("Hostname: %s" % names.hostname) message("NetBIOS Domain: %s" % names.domain) message("DNS Domain: %s" % names.dnsdomain) @@ -1064,12 +1063,13 @@ def provision(setup_dir, message, session_info, def provision_become_dc(setup_dir=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, + serverdn=None, domain=None, hostname=None, domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, - ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE): + ldap_backend=None, ldap_backend_type=None, sitename=None): def message(text): """print a message if quiet is not set.""" @@ -1077,7 +1077,7 @@ def provision_become_dc(setup_dir=None, provision(setup_dir, message, system_session(), None, smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm, - rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, + rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn, domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename); @@ -1096,7 +1096,7 @@ def provision_backend(setup_dir=None, message=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, adminpass=None, root=None, serverrole=None, - ldap_backend_type=None): + ldap_backend_type=None, ldap_backend_port=None): def setup_path(file): return os.path.join(setup_dir, file) @@ -1144,7 +1144,12 @@ def provision_backend(setup_dir=None, message=None, {"SCHEMADN": names.schemadn}) if ldap_backend_type == "fedora-ds": - setup_file(setup_path("fedora-ds.inf"), paths.fedoradsinf, + if ldap_backend_port is not None: + serverport = "ServerPort=%d" % ldap_backend_port + else: + serverport = "" + + setup_file(setup_path("fedorads.inf"), paths.fedoradsinf, {"ROOT": root, "HOSTNAME": hostname, "DNSDOMAIN": names.dnsdomain, @@ -1152,19 +1157,18 @@ def provision_backend(setup_dir=None, message=None, "DOMAINDN": names.domaindn, "LDAPMANAGERDN": names.ldapmanagerdn, "LDAPMANAGERPASS": adminpass, - "SERVERPORT": ""}) + "SERVERPORT": serverport}) - setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, + setup_file(setup_path("fedorads-partitions.ldif"), paths.fedoradspartitions, {"CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, }) - setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, - {"CONFIGDN": names.configdn, - "SCHEMADN": names.schemadn, - }) mapping = "schema-map-fedora-ds-1.0" backend_schema = "99_ad.ldif" + + slapdcommand="Initailise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf + elif ldap_backend_type == "openldap": attrs = ["linkID", "lDAPDisplayName"] res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs); @@ -1215,14 +1219,26 @@ refint_attributes""" + refint_attributes + "\n"; ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") - message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri) - + if ldap_backend_port is not None: + server_port_string = " -h ldap://0.0.0.0:%d" % ldap_backend_port + else: + server_port_string = "" + slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string schema_command = "bin/ad2oLschema --option=convert:target=" + ldap_backend_type + " -I " + setup_path(mapping) + " -H tdb://" + schemadb_path + " -O " + os.path.join(paths.ldapdir, backend_schema); os.system(schema_command) + message("Your %s Backend for Samba4 is now configured, and is ready to be started" % ( ldap_backend_type) ) + message("Server Role: %s" % serverrole) + message("Hostname: %s" % names.hostname) + message("DNS Domain: %s" % names.dnsdomain) + message("Base DN: %s" % names.domaindn) + message("LDAP admin DN: %s" % names.ldapmanagerdn) + message("LDAP admin password: %s" % adminpass) + message(slapdcommand) + def create_phpldapadmin_config(path, setup_path, ldapi_uri): """Create a PHP LDAP admin configuration file. diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm index 262c8035f6..552f6535af 100644 --- a/source4/selftest/target/Samba4.pm +++ b/source4/selftest/target/Samba4.pm @@ -201,8 +201,6 @@ sub mk_fedora_ds($$$) my $pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid"; - system("$self->{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb --option=convert:target=fedora-ds -I $self->{setupdir}/schema-map-fedora-ds-1.0 -O $ldapdir/99_ad.ldif >&2") == 0 or die("schema conversion for Fedora DS failed"); - my $dir = getcwd(); chdir "$ENV{FEDORA_DS_ROOT}/bin" || die; if (system("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf >&2") != 0) { @@ -222,9 +220,6 @@ sub mk_openldap($$$) my $pidfile = "$ldapdir/slapd.pid"; my $modconf = "$ldapdir/modules.conf"; - #This uses the backend provision we just did, to read out the schema - system("$self->{bindir}/ad2oLschema $configuration --option=convert:target=openldap -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/backend-schema.schema >&2") == 0 or die("schema conversion for OpenLDAP failed"); - my $oldpath = $ENV{PATH}; my $olpath = ""; my $olroot = ""; diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index ada6dcef8d..4f222c467a 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -54,6 +54,8 @@ parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", help="LDB mapping module to use for the LDAP backend", choices=["fedora-ds", "openldap"]) +parser.add_option("--ldap-backend-port", type="int", metavar="PORT", + help="TCP Port LDAP server should listen to (default ldapi only)") parser.add_option("--server-role", type="choice", metavar="ROLE", choices=["domain controller", "dc", "member server", "member", "standalone"], help="Set server role to provision for (default standalone)") @@ -89,10 +91,9 @@ if setup_dir is None: setup_dir = "setup" provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir, - realm=opts.realm, domain=opts.domain, - hostname=opts.host_name, - adminpass=opts.ldap_manager_pass, - root=opts.root, serverrole=server_role, - ldap_backend_type=opts.ldap_backend_type) - -message("All OK") + realm=opts.realm, domain=opts.domain, + hostname=opts.host_name, + adminpass=opts.ldap_manager_pass, + root=opts.root, serverrole=server_role, + ldap_backend_type=opts.ldap_backend_type, + ldap_backend_port=opts.ldap_backend_port) diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif index 9f19796ec6..14e0d71df6 100644 --- a/source4/setup/provision_rootdse_add.ldif +++ b/source4/setup/provision_rootdse_add.ldif @@ -1,7 +1,7 @@ # the rootDSE module looks in this record for its base data dn: @ROOTDSE subschemaSubentry: CN=Aggregate,${SCHEMADN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +dsServiceName: CN=NTDS Settings,${SERVERDN} defaultNamingContext: ${DOMAINDN} rootDomainNamingContext: ${ROOTDN} configurationNamingContext: ${CONFIGDN} @@ -9,10 +9,9 @@ schemaNamingContext: ${SCHEMADN} supportedLDAPVersion: 3 dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +serverName: ${SERVERDN} domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 isSynchronized: FALSE vendorName: Samba Team (http://samba.org) -vendorVersion: ${VERSION} diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c index 3f8edd40e8..f8699fe06a 100644 --- a/source4/torture/libnet/libnet_BecomeDC.c +++ b/source4/torture/libnet/libnet_BecomeDC.c @@ -84,6 +84,7 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data, settings.netbios_name = p->dest_dsa->netbios_name; settings.realm = torture_join_dom_dns_name(s->tj); settings.domain = torture_join_dom_netbios_name(s->tj); + settings.server_dn_str = torture_join_server_dn_str(s->tj); settings.machine_password = cli_credentials_get_password(s->machine_account); settings.targetdir = s->targetdir; diff --git a/source4/torture/local/torture.c b/source4/torture/local/torture.c index bb6e21ed4f..9bd60d9620 100644 --- a/source4/torture/local/torture.c +++ b/source4/torture/local/torture.c @@ -42,27 +42,28 @@ static bool test_tempdir(struct torture_context *tctx) static bool test_provision(struct torture_context *tctx) { NTSTATUS status; - struct provision_settings settings; - char *location = NULL; - torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &location), + struct provision_settings *settings = talloc(tctx, struct provision_settings); + char *targetdir = NULL; + + torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &targetdir), "torture_temp_dir should return NT_STATUS_OK" ); + settings->targetdir = talloc_steal(settings, targetdir); - settings.dns_name = "example.com"; - settings.site_name = "SOME-SITE-NAME"; - settings.root_dn_str = "DC=EXAMPLE,DC=COM"; - settings.domain_dn_str = "DC=EXAMPLE,DC=COM"; - settings.config_dn_str = NULL; - settings.schema_dn_str = NULL; - settings.invocation_id = NULL; - settings.netbios_name = "FOO"; - settings.realm = "EXAMPLE.COM"; - settings.domain = "EXAMPLE"; - settings.ntds_guid = NULL; - settings.ntds_dn_str = NULL; - settings.machine_password = "geheim"; - settings.targetdir = location; + settings->dns_name = "example.com"; + settings->site_name = "SOME-SITE-NAME"; + settings->root_dn_str = "DC=EXAMPLE,DC=COM"; + settings->domain_dn_str = "DC=EXAMPLE,DC=COM"; + settings->config_dn_str = NULL; + settings->schema_dn_str = NULL; + settings->invocation_id = NULL; + settings->netbios_name = "FOO"; + settings->realm = "EXAMPLE.COM"; + settings->domain = "EXAMPLE"; + settings->ntds_guid = NULL; + settings->ntds_dn_str = NULL; + settings->machine_password = "geheim"; - status = provision_bare(tctx, tctx->lp_ctx, &settings); + status = provision_bare(settings, tctx->lp_ctx, settings); torture_assert_ntstatus_ok(tctx, status, "provision"); diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 02f04946d6..892886c08c 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -553,6 +553,14 @@ const char *torture_join_dom_dns_name(struct test_join *join) return join->dom_dns_name; } +const char *torture_join_server_dn_str(struct test_join *join) +{ + if (join->libnet_r) { + return join->libnet_r->out.server_dn_str; + } + return NULL; +} + #if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */ struct test_join_ads_dc { diff --git a/source4/torture/util.h b/source4/torture/util.h index 477a828120..72f97e4766 100644 --- a/source4/torture/util.h +++ b/source4/torture/util.h @@ -27,6 +27,7 @@ struct provision_settings { const char *domain_dn_str; const char *config_dn_str; const char *schema_dn_str; + const char *server_dn_str; const struct GUID *invocation_id; const char *netbios_name; const char *host_ip; diff --git a/source4/torture/util_provision.c b/source4/torture/util_provision.c index cce8e18fdc..3167a37cdf 100644 --- a/source4/torture/util_provision.c +++ b/source4/torture/util_provision.c @@ -105,6 +105,10 @@ NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, PyDict_SetItemString(parameters, "configdn", PyString_FromString(settings->config_dn_str)); + if (settings->server_dn_str) + PyDict_SetItemString(parameters, "serverdn", + PyString_FromString(settings->server_dn_str)); + if (settings->site_name) PyDict_SetItemString(parameters, "sitename", PyString_FromString(settings->site_name)); |