summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth_sam_reply.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c4
-rw-r--r--source4/librpc/idl/netlogon.idl21
-rw-r--r--source4/pidl/lib/Parse/Pidl/Samba4/Header.pm83
-rw-r--r--source4/scripting/libjs/provision.js39
-rwxr-xr-xsource4/setup/provision8
-rw-r--r--source4/setup/provision_basedn.ldif1
-rw-r--r--source4/setup/provision_basedn_modify.ldif3
-rw-r--r--source4/setup/provision_partitions.ldif6
-rw-r--r--source4/setup/secrets_dc.ldif6
-rw-r--r--source4/torture/libnet/libnet_BecomeDC.c4
11 files changed, 92 insertions, 85 deletions
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c
index 6ab220498d..ea6f0a1f60 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/source4/auth/auth_sam_reply.c
@@ -132,7 +132,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
continue;
}
sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]);
- sam3->sids[sam3->sidcount].attribute =
+ sam3->sids[sam3->sidcount].attributes =
SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
sam3->sidcount += 1;
}
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index a21cf250cb..5100b7cb7c 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -391,6 +391,10 @@ static int replmd_add_originating(struct ldb_module *module,
m->originating_usn = seq_num;
m->local_usn = seq_num;
ni++;
+
+ if (ldb_attr_cmp(e->name, ldb_dn_get_rdn_name(msg->dn))) {
+ rdn_attr = sa;
+ }
}
/* fix meta data count */
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index dcbb647ba0..3e4d46d7f7 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -19,6 +19,7 @@ import "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
interface netlogon
{
typedef bitmap samr_AcctFlags samr_AcctFlags;
+ typedef bitmap samr_GroupAttrs samr_GroupAttrs;
/*****************/
/* Function 0x00 */
@@ -86,13 +87,18 @@ interface netlogon
[size_is(size/2),length_is(length/2)] uint16 *bindata;
} netr_AcctLockStr;
- const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002;
- const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020;
- const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800;
+ typedef [public,bitmap32bit] bitmap {
+ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
+ MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
+ MSV1_0_RETURN_USER_PARAMETERS = 0x00000008,
+ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020,
+ MSV1_0_RETURN_PROFILE_PATH = 0x00000200,
+ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800
+ } netr_LogonParameterControl;
typedef struct {
lsa_String domain_name;
- uint32 parameter_control; /* see MSV1_0_* */
+ netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
uint32 logon_id_low;
uint32 logon_id_high;
lsa_String account_name;
@@ -126,11 +132,6 @@ interface netlogon
[case(6)] netr_NetworkInfo *network;
} netr_LogonLevel;
- typedef [public] struct {
- uint32 rid;
- uint32 attributes;
- } netr_GroupMembership;
-
typedef [public,flag(NDR_PAHEX)] struct {
uint8 key[16];
} netr_UserSessionKey;
@@ -187,7 +188,7 @@ interface netlogon
typedef struct {
dom_sid2 *sid;
- uint32 attribute;
+ samr_GroupAttrs attributes;
} netr_SidAttr;
typedef [public] struct {
diff --git a/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm b/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm
index 2b3a9df80f..14f472340c 100644
--- a/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm
+++ b/source4/pidl/lib/Parse/Pidl/Samba4/Header.pm
@@ -82,9 +82,9 @@ sub HeaderElement($)
#####################################################################
# parse a struct
-sub HeaderStruct($$)
+sub HeaderStruct($$;$)
{
- my($struct,$name) = @_;
+ my($struct,$name,$tail) = @_;
pidl "struct $name";
return if (not defined($struct->{ELEMENTS}));
pidl " {\n";
@@ -103,13 +103,14 @@ sub HeaderStruct($$)
if (defined $struct->{PROPERTIES}) {
HeaderProperties($struct->{PROPERTIES}, []);
}
+ pidl $tail if defined($tail);
}
#####################################################################
# parse a enum
-sub HeaderEnum($$)
+sub HeaderEnum($$;$)
{
- my($enum,$name) = @_;
+ my($enum,$name,$tail) = @_;
my $first = 1;
pidl "enum $name";
@@ -131,30 +132,29 @@ sub HeaderEnum($$)
my $count = 0;
my $with_val = 0;
my $without_val = 0;
- if (defined($enum->{ELEMENTS})) {
- pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n";
- foreach my $e (@{$enum->{ELEMENTS}}) {
- my $t = "$e";
- my $name;
- my $value;
- if ($t =~ /(.*)=(.*)/) {
- $name = $1;
- $value = $2;
- $with_val = 1;
- fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
- unless ($without_val == 0);
- } else {
- $name = $t;
- $value = $count++;
- $without_val = 1;
- fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
- unless ($with_val == 0);
- }
- pidl "#define $name ( $value )\n";
+ pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n";
+ foreach my $e (@{$enum->{ELEMENTS}}) {
+ my $t = "$e";
+ my $name;
+ my $value;
+ if ($t =~ /(.*)=(.*)/) {
+ $name = $1;
+ $value = $2;
+ $with_val = 1;
+ fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
+ unless ($without_val == 0);
+ } else {
+ $name = $t;
+ $value = $count++;
+ $without_val = 1;
+ fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
+ unless ($with_val == 0);
}
+ pidl "#define $name ( $value )\n";
}
pidl "#endif\n";
}
+ pidl $tail if defined($tail);
}
#####################################################################
@@ -172,9 +172,9 @@ sub HeaderBitmap($$)
#####################################################################
# parse a union
-sub HeaderUnion($$)
+sub HeaderUnion($$;$)
{
- my($union,$name) = @_;
+ my($union,$name,$tail) = @_;
my %done = ();
pidl "union $name";
@@ -195,18 +195,19 @@ sub HeaderUnion($$)
if (defined $union->{PROPERTIES}) {
HeaderProperties($union->{PROPERTIES}, []);
}
+ pidl $tail if defined($tail);
}
#####################################################################
# parse a type
-sub HeaderType($$$)
+sub HeaderType($$$;$)
{
- my($e,$data,$name) = @_;
+ my($e,$data,$name,$tail) = @_;
if (ref($data) eq "HASH") {
- ($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name);
+ ($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name, $tail);
($data->{TYPE} eq "BITMAP") && HeaderBitmap($data, $name);
- ($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name);
- ($data->{TYPE} eq "UNION") && HeaderUnion($data, $name);
+ ($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name, $tail);
+ ($data->{TYPE} eq "UNION") && HeaderUnion($data, $name, $tail);
return;
}
@@ -215,14 +216,15 @@ sub HeaderType($$$)
} else {
pidl mapTypeName($e->{TYPE});
}
+ pidl $tail if defined($tail);
}
#####################################################################
# parse a typedef
-sub HeaderTypedef($)
+sub HeaderTypedef($;$)
{
- my($typedef) = shift;
- HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}) if defined ($typedef->{DATA});
+ my($typedef,$tail) = @_;
+ HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}, $tail) if defined ($typedef->{DATA});
}
#####################################################################
@@ -359,16 +361,11 @@ sub HeaderInterface($)
}
foreach my $t (@{$interface->{TYPES}}) {
- HeaderTypedef($t) if ($t->{TYPE} eq "TYPEDEF");
- HeaderStruct($t, $t->{NAME}) if ($t->{TYPE} eq "STRUCT");
- HeaderUnion($t, $t->{NAME}) if ($t->{TYPE} eq "UNION");
- HeaderEnum($t, $t->{NAME}) if ($t->{TYPE} eq "ENUM");
+ HeaderTypedef($t, ";\n\n") if ($t->{TYPE} eq "TYPEDEF");
+ HeaderStruct($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "STRUCT");
+ HeaderUnion($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "UNION");
+ HeaderEnum($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "ENUM");
HeaderBitmap($t, $t->{NAME}) if ($t->{TYPE} eq "BITMAP");
- pidl ";\n\n" if ($t->{TYPE} eq "BITMAP" or
- $t->{TYPE} eq "STRUCT" or
- $t->{TYPE} eq "TYPEDEF" or
- $t->{TYPE} eq "UNION" or
- $t->{TYPE} eq "ENUM");
}
foreach my $fn (@{$interface->{FUNCTIONS}}) {
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 0cca49dec9..e71498010c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -484,9 +484,6 @@ function provision_fix_subobj(subobj, paths)
subobj.ADMINPASS_B64 = ldb.encode(subobj.ADMINPASS);
subobj.DNSPASS_B64 = ldb.encode(subobj.DNSPASS);
- var rdns = split(",", subobj.DOMAINDN);
- subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-
subobj.SAM_LDB = "tdb://" + paths.samdb;
subobj.SECRETS_KEYTAB = paths.keytab;
subobj.DNS_KEYTAB = paths.dns_keytab;
@@ -527,6 +524,10 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
var ok = provision_fix_subobj(subobj, paths);
assert(ok);
+ if (subobj.BACKEND_MOD == undefined) {
+ subobj.BACKEND_MOD = "repl_meta_data";
+ }
+
info.subobj = subobj;
info.message = message;
info.session_info = session_info;
@@ -613,10 +614,21 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
var lp = loadparm_init();
var sys = sys_init();
var info = new Object();
+ random_init(local);
var ok = provision_fix_subobj(subobj, paths);
assert(ok);
+ if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
+ if (subobj.BACKEND_MOD == undefined) {
+ subobj.BACKEND_MOD = "repl_meta_data";
+ }
+ } else {
+ if (subobj.BACKEND_MOD == undefined) {
+ subobj.BACKEND_MOD = "objectguid";
+ }
+ }
+
if (subobj.DOMAINGUID != undefined) {
subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
} else {
@@ -696,6 +708,20 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
samdb.set_domain_sid(subobj.DOMAINSID);
+ if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
+ if (subobj.INVOCATIONID == undefined) {
+ subobj.INVOCATIONID = randguid();
+ }
+ samdb.set_ntds_invocationId(subobj.INVOCATIONID);
+ if (subobj.BACKEND_MOD == undefined) {
+ subobj.BACKEND_MOD = "repl_meta_data";
+ }
+ } else {
+ if (subobj.BACKEND_MOD == undefined) {
+ subobj.BACKEND_MOD = "objectguid";
+ }
+ }
+
var load_schema_ok = load_schema(subobj, message, samdb);
assert(load_schema_ok.is_ok);
@@ -961,7 +987,6 @@ function provision_guess()
subobj.VERSION = version();
subobj.HOSTIP = hostip();
subobj.DOMAINSID = randsid();
- subobj.INVOCATIONID = randguid();
subobj.POLICYGUID = randguid();
subobj.KRBTGTPASS = randpass(12);
subobj.MACHINEPASS = randpass(12);
@@ -969,9 +994,6 @@ function provision_guess()
subobj.ADMINPASS = randpass(12);
subobj.LDAPMANAGERPASS = randpass(12);
subobj.DEFAULTSITE = "Default-First-Site-Name";
- subobj.NEWGUID = randguid;
- subobj.NTTIME = nttime;
- subobj.LDAPTIME = ldaptime;
subobj.DATESTRING = datestring;
subobj.ROOT = findnss(nss.getpwnam, "root");
subobj.NOBODY = findnss(nss.getpwnam, "nobody");
@@ -1016,9 +1038,6 @@ function provision_guess()
subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
- subobj.DOMAINDN_MOD2 = ",objectguid";
- subobj.CONFIGDN_MOD2 = ",objectguid";
- subobj.SCHEMADN_MOD2 = ",objectguid";
subobj.ACI = "# no aci for local ldb";
diff --git a/source4/setup/provision b/source4/setup/provision
index 8b24c51040..9e135cddbb 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -143,12 +143,10 @@ if (ldapbackend) {
subobj.LDAPMODULE = "normalise,entryuuid";
subobj.TDB_MODULES_LIST = "";
}
+ subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches";
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
- subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
- subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
- subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
}
@@ -175,7 +173,9 @@ if (partitions_only) {
message("--host-guid='%s' \\\n", subobj.HOSTGUID);
}
message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
- message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+ if (subobj.INVOCATIONID != undefined) {
+ message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+ }
message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index 3c7537f013..11eb0593e8 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -6,5 +6,4 @@ objectClass: top
objectClass: domain
objectClass: domainDNS
${ACI}
-dc: ${RDN_DC}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index fa990599d9..dadfda720e 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -4,9 +4,6 @@
dn: ${DOMAINDN}
changetype: modify
-
-replace: dc
-dc: ${RDN_DC}
--
replace: forceLogoff
forceLogoff: 9223372036854775808
-
diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif
index fb8bc7f595..93fea6bc2d 100644
--- a/source4/setup/provision_partitions.ldif
+++ b/source4/setup/provision_partitions.ldif
@@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB}
replicateEntries: @ATTRIBUTES
replicateEntries: @INDEXLIST
replicateEntries: @OPTIONS
-modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2}
-modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2}
-modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
+modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD}
+modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD}
+modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD}
dn: @MODULES
@LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2}
diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index 64469352bb..71c7fc2f5b 100644
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -7,8 +7,6 @@ realm: ${REALM}
secret:: ${MACHINEPASS_B64}
secureChannelType: 6
sAMAccountName: ${NETBIOSNAME}$
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
privateKeytab: ${SECRETS_KEYTAB}
@@ -22,8 +20,6 @@ objectClass: kerberosSecret
flatname: ${DOMAIN}
realm: ${REALM}
sAMAccountName: krbtgt
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
krb5Keytab: HDB:ldb:${SAM_LDB}:
@@ -36,8 +32,6 @@ objectClass: top
objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
servicePrincipalName: DNS/${DNSDOMAIN}
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}
diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
index 932498a517..d9645356e8 100644
--- a/source4/torture/libnet/libnet_BecomeDC.c
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -201,10 +201,6 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
"subobj.DOMAIN = \"%s\";\n"
"subobj.DEFAULTSITE = \"%s\";\n"
"\n"
- "subobj.DOMAINDN_MOD2 = \",repl_meta_data\";\n"
- "subobj.CONFIGDN_MOD2 = \",repl_meta_data\";\n"
- "subobj.SCHEMADN_MOD2 = \",repl_meta_data\";\n"
- "\n"
"subobj.KRBTGTPASS = \"_NOT_USED_\";\n"
"subobj.MACHINEPASS = \"%s\";\n"
"subobj.ADMINPASS = \"_NOT_USED_\";\n"