diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 | ||||
-rw-r--r-- | source4/lib/ldb/Makefile.in | 5 | ||||
-rw-r--r-- | source4/lib/ldb/common/ldb_modules.c | 1 | ||||
-rw-r--r-- | source4/lib/ldb/include/ldb_private.h | 1 | ||||
-rw-r--r-- | source4/lib/ldb/ldb.mk | 4 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 36 | ||||
-rwxr-xr-x | source4/setup/provision | 7 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 1 | ||||
-rw-r--r-- | source4/setup/provision_group_policy.ldif | 27 |
9 files changed, 66 insertions, 18 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index e7ca074779..5000c56d4e 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -48,7 +48,7 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "param/param.h" #include "libcli/security/dom_sid.h" -#include "dlinklist.h" +#include "lib/util/dlinklist.h" struct replmd_private { struct la_entry *la_list; diff --git a/source4/lib/ldb/Makefile.in b/source4/lib/ldb/Makefile.in index 663dea9f80..c1f403d550 100644 --- a/source4/lib/ldb/Makefile.in +++ b/source4/lib/ldb/Makefile.in @@ -23,6 +23,7 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PYTHON = @PYTHON@ PYTHON_CONFIG = @PYTHON_CONFIG@ ldbdir = $(srcdir) +LIB_PATH_VAR = @LIB_PATH_VAR@ LDB_MODULESDIR = @LDB_MODULESDIR@ @@ -146,10 +147,10 @@ realdistclean:: distclean check:: test @PYTHON_CHECK_TARGET@ check-soloading: sample.$(SHLIBEXT) - LDB_MODULES_PATH=$(builddir) $(srcdir)/tests/test-soloading.sh + $(LIB_PATH_VAR)=lib LDB_MODULES_PATH=$(builddir) $(srcdir)/tests/test-soloading.sh test:: all check-soloading - for t in $(TESTS); do echo STARTING $${t}; $(srcdir)/tests/$${t} || exit 1; done + for t in $(TESTS); do echo STARTING $${t}; $(LIB_PATH_VAR)=lib $(srcdir)/tests/$${t} || exit 1; done valgrindtest:: all for t in $(TESTS); do echo STARTING $${t}; VALGRIND="valgrind -q --db-attach=yes --num-callers=30" $(srcdir)/tests/$${t} || exit 1; done diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 79a97cabed..206b225ca8 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -785,7 +785,6 @@ int ldb_mod_register_control(struct ldb_module *module, const char *oid) LDB_BACKEND(tdb), \ LDAP_BACKEND \ SQLITE3_BACKEND \ - LDB_MODULE(operational), \ LDB_MODULE(rdn_name), \ LDB_MODULE(paged_results), \ LDB_MODULE(server_sort), \ diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index a70d9c704d..c12f33495b 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -123,7 +123,6 @@ int ldb_connect_backend(struct ldb_context *ldb, const char *url, const char *op extern const struct ldb_module_ops ldb_objectclass_module_ops; -extern const struct ldb_module_ops ldb_operational_module_ops; extern const struct ldb_module_ops ldb_paged_results_module_ops; extern const struct ldb_module_ops ldb_rdn_name_module_ops; extern const struct ldb_module_ops ldb_schema_module_ops; diff --git a/source4/lib/ldb/ldb.mk b/source4/lib/ldb/ldb.mk index 4b73a455c9..e87db64574 100644 --- a/source4/lib/ldb/ldb.mk +++ b/source4/lib/ldb/ldb.mk @@ -74,8 +74,8 @@ install-python:: build-python mkdir -p $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1, prefix='$(prefix)')"` cp ldb.$(SHLIBEXT) $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1, prefix='$(prefix)')"` -check-python:: build-python - LD_LIBRARY_PATH=lib PYTHONPATH=.:$(ldbdir) $(PYTHON) $(ldbdir)/tests/python/api.py +check-python:: build-python lib/$(SONAME) + $(LIB_PATH_VAR)=lib PYTHONPATH=.:$(ldbdir) $(PYTHON) $(ldbdir)/tests/python/api.py clean:: rm -f ldb.$(SHLIBEXT) diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 07dfc62e00..19149e92e2 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -766,7 +766,7 @@ def setup_samdb_rootdse(samdb, setup_path, names): def setup_self_join(samdb, names, machinepass, dnspass, domainsid, invocationid, setup_path, - policyguid, domainControllerFunctionality): + policyguid, policyguid_dc, domainControllerFunctionality): """Join a host to its own domain.""" assert isinstance(invocationid, str) setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { @@ -788,6 +788,7 @@ def setup_self_join(samdb, names, setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { "POLICYGUID": policyguid, + "POLICYGUID_DC": policyguid_dc, "DNSDOMAIN": names.dnsdomain, "DOMAINSID": str(domainsid), "DOMAINDN": names.domaindn}) @@ -814,7 +815,7 @@ def setup_self_join(samdb, names, def setup_samdb(path, setup_path, session_info, credentials, lp, names, message, - domainsid, domainguid, policyguid, + domainsid, domainguid, policyguid, policyguid_dc, fill, adminpass, krbtgtpass, machinepass, invocationid, dnspass, serverrole, schema=None, ldap_backend=None): @@ -969,7 +970,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": names.sitename, "CONFIGDN": names.configdn, - "SERVERDN": names.serverdn + "SERVERDN": names.serverdn, + "POLICYGUID_DC": policyguid_dc }) if fill == FILL_FULL: @@ -988,6 +990,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, dnspass=dnspass, machinepass=machinepass, domainsid=domainsid, policyguid=policyguid, + policyguid_dc=policyguid_dc, setup_path=setup_path, domainControllerFunctionality=domainControllerFunctionality) # add the NTDSGUID based SPNs @@ -1017,7 +1020,8 @@ def provision(setup_dir, message, session_info, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None, domainguid=None, - policyguid=None, invocationid=None, machinepass=None, + policyguid=None, policyguid_dc=None, invocationid=None, + machinepass=None, dnspass=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, ldap_backend_extra_port=None, ldap_backend_type=None, @@ -1038,6 +1042,8 @@ def provision(setup_dir, message, session_info, if policyguid is None: policyguid = str(uuid.uuid4()) + if policyguid_dc is None: + policyguid_dc = str(uuid.uuid4()) if adminpass is None: adminpass = glue.generate_random_str(12) if krbtgtpass is None: @@ -1157,7 +1163,8 @@ def provision(setup_dir, message, session_info, credentials=credentials, lp=lp, names=names, message=message, domainsid=domainsid, - schema=schema, domainguid=domainguid, policyguid=policyguid, + schema=schema, domainguid=domainguid, + policyguid=policyguid, policyguid_dc=policyguid_dc, fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, invocationid=invocationid, @@ -1177,12 +1184,24 @@ def provision(setup_dir, message, session_info, (paths.smbconf, setup_path("provision.smb.conf.dc"))) assert(paths.sysvol is not None) - policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies", + # Set up group policies (domain policy and domain controller policy) + + policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies", "{" + policyguid + "}") os.makedirs(policy_path, 0755) - open(os.path.join(policy_path, "GPT.INI"), 'w').write("") + open(os.path.join(policy_path, "GPT.INI"), 'w').write( + "[General]\r\nVersion=65544") os.makedirs(os.path.join(policy_path, "Machine"), 0755) os.makedirs(os.path.join(policy_path, "User"), 0755) + + policy_path_dc = os.path.join(paths.sysvol, names.dnsdomain, "Policies", + "{" + policyguid_dc + "}") + os.makedirs(policy_path_dc, 0755) + open(os.path.join(policy_path_dc, "GPT.INI"), 'w').write( + "[General]\r\nVersion=2") + os.makedirs(os.path.join(policy_path_dc, "Machine"), 0755) + os.makedirs(os.path.join(policy_path_dc, "User"), 0755) + if not os.path.isdir(paths.netlogon): os.makedirs(paths.netlogon, 0755) @@ -1316,7 +1335,8 @@ def provision_become_dc(setup_dir=None, configdn=None, serverdn=None, domain=None, hostname=None, domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, - policyguid=None, invocationid=None, machinepass=None, + policyguid=None, policyguid_dc=None, invocationid=None, + machinepass=None, dnspass=None, root=None, nobody=None, users=None, wheel=None, backup=None, serverrole=None, ldap_backend=None, ldap_backend_type=None, diff --git a/source4/setup/provision b/source4/setup/provision index 27a33122be..8bf08b9e39 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -53,7 +53,9 @@ parser.add_option("--domain-guid", type="string", metavar="GUID", parser.add_option("--domain-sid", type="string", metavar="SID", help="set domainsid (otherwise random)") parser.add_option("--policy-guid", type="string", metavar="GUID", - help="set policy guid") + help="set guid for domain policy") +parser.add_option("--policy-guid-dc", type="string", metavar="GUID", + help="set guid for domain controller policy") parser.add_option("--invocationid", type="string", metavar="GUID", help="set invocationid (otherwise random)") parser.add_option("--host-name", type="string", metavar="HOSTNAME", @@ -181,7 +183,8 @@ provision(setup_dir, message, session, creds, smbconf=smbconf, targetdir=opts.targetdir, samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, domainguid=opts.domain_guid, domainsid=opts.domain_sid, - policyguid=opts.policy_guid, hostname=opts.host_name, + policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc, + hostname=opts.host_name, hostip=opts.host_ip, hostip6=opts.host_ip6, invocationid=opts.invocationid, adminpass=opts.adminpass, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index bd224ee60d..b6ad528205 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -34,6 +34,7 @@ description: Default container for domain controllers systemFlags: -1946157056 isCriticalSystemObject: TRUE showInAdvancedViewOnly: FALSE +gPLink: [LDAP://CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN};0] # Joined DC located in "provision_self_join.ldif" diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif index 65ab1eaf5f..00f0bee4cc 100644 --- a/source4/setup/provision_group_policy.ldif +++ b/source4/setup/provision_group_policy.ldif @@ -5,7 +5,7 @@ objectClass: groupPolicyContainer displayName: Default Domain Policy gPCFunctionalityVersion: 2 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} -versionNumber: 65543 +versionNumber: 65544 flags: 0 gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 @@ -26,3 +26,28 @@ dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container systemFlags: -1946157056 + +dn: CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectClass: groupPolicyContainer +displayName: Default Domain Controllers Policy +gPCFunctionalityVersion: 2 +gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID_DC}} +versionNumber: 2 +flags: 0 +gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 + FB-11D0-A0D0-00A0C90F574B}] +nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +systemFlags: -1946157056 + +dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +systemFlags: -1946157056 + +dn: CN=Machine,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +systemFlags: -1946157056 + |