From f9ff72cbda6b4e59448fd79ef9e12f264d48015f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 11 Jul 2005 00:23:57 +0000
Subject: r8298: - started building a library of js routines in
 scripting/libjs/

- switched the existing test programs over to using the library

- added install of js lib
(This used to be commit 2a444dedbe44347268affc6458196f93ca7d372b)
---
 source4/scripting/libjs/base.js |  53 +++++++++++++
 source4/scripting/libjs/samr.js | 170 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 223 insertions(+)
 create mode 100644 source4/scripting/libjs/base.js
 create mode 100644 source4/scripting/libjs/samr.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
new file mode 100644
index 0000000000..504cd82259
--- /dev/null
+++ b/source4/scripting/libjs/base.js
@@ -0,0 +1,53 @@
+/*
+	base js library functions
+	Copyright Andrew Tridgell 2005
+	released under the GNU GPL v2 or later
+*/
+
+if (global["HAVE_BASE_JS"] != undefined) {
+   return;
+}
+HAVE_BASE_JS=1
+
+/*
+  helper function to setup a rpc io object, ready for input
+*/
+function irpcObj()
+{
+	var o = new Object();
+	o.input = new Object();
+	return o;
+}
+
+/*
+  check that a status result is OK
+*/
+function check_status_ok(status)
+{
+	if (status.is_ok != true) {
+		printVars(status);
+	}
+	assert(status.is_ok == true);
+}
+
+/*
+  check that two arrays are equal
+*/
+function check_array_equal(a1, a2)
+{
+	assert(a1.length == a2.length);
+	for (i=0; i<a1.length; i++) {
+		assert(a1[i] == a2[i]);
+	}
+}
+
+/*
+  check that an array is all zeros
+*/
+function check_array_zero(a)
+{
+	for (i=0; i<a.length; i++) {
+		assert(a[i] == 0);
+	}
+}
+
diff --git a/source4/scripting/libjs/samr.js b/source4/scripting/libjs/samr.js
new file mode 100644
index 0000000000..a1f79b541a
--- /dev/null
+++ b/source4/scripting/libjs/samr.js
@@ -0,0 +1,170 @@
+/*
+	samr rpc utility functions 
+	Copyright Andrew Tridgell 2005
+	released under the GNU GPL v2 or later
+*/	
+
+if (global["HAVE_SAMR_JS"] != undefined) {
+   return;
+}
+HAVE_SAMR_JS=1
+
+/*
+  return a list of names and indexes from a samArray
+*/
+function samArray(output)
+{
+	var list = new Array(output.num_entries);
+	if (output.sam == NULL) {
+		return list;
+	}
+	var entries = output.sam.entries;
+	for (i=0;i<output.num_entries;i++) {
+		list[i] = new Object();
+                list[i].name = entries[i].name;
+                list[i].idx  = entries[i].idx;
+	}
+	return list;
+}
+
+/*
+	connect to the sam database
+*/
+function samrConnect(conn)
+{
+	var io = irpcObj();
+	io.input.system_name = NULL;
+	io.input.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	status = dcerpc_samr_Connect(conn, io);
+	check_status_ok(status);
+	return io.output.connect_handle;
+}
+
+/*
+	close a handle
+*/
+function samrClose(conn, handle)
+{
+	var io = irpcObj();
+	io.input.handle = handle;
+	status = dcerpc_samr_Close(conn, io);
+	check_status_ok(status);
+}
+
+/*
+   get the sid for a domain
+*/
+function samrLookupDomain(conn, handle, domain)
+{
+	var io = irpcObj();
+	io.input.connect_handle = handle;
+	io.input.domain_name = domain;
+	status = dcerpc_samr_LookupDomain(conn, io);
+	check_status_ok(status);
+	return io.output.sid;
+}
+
+/*
+  open a domain by sid
+*/
+function samrOpenDomain(conn, handle, sid)
+{
+	var io = irpcObj();
+	io.input.connect_handle = handle;
+	io.input.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.sid = sid;
+	status = dcerpc_samr_OpenDomain(conn, io);
+	check_status_ok(status);
+	return io.output.domain_handle;
+}
+
+/*
+  open a user by rid
+*/
+function samrOpenUser(conn, handle, rid)
+{
+	var io = irpcObj();
+	io.input.domain_handle = handle;
+	io.input.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.rid = rid;
+	status = dcerpc_samr_OpenUser(conn, io);
+	check_status_ok(status);
+	return io.output.user_handle;
+}
+
+/*
+  return a list of all users
+*/
+function samrEnumDomainUsers(conn, dom_handle)
+{
+	var io = irpcObj();
+	io.input.domain_handle = dom_handle;
+	io.input.resume_handle = 0;
+	io.input.acct_flags = 0;
+	io.input.max_size = -1;
+	status = dcerpc_samr_EnumDomainUsers(conn, io);
+	check_status_ok(status);
+	return samArray(io.output);
+}
+
+/*
+  return a list of all groups
+*/
+function samrEnumDomainGroups(conn, dom_handle)
+{
+	var io = irpcObj();
+	io.input.domain_handle = dom_handle;
+	io.input.resume_handle = 0;
+	io.input.acct_flags = 0;
+	io.input.max_size = -1;
+	status = dcerpc_samr_EnumDomainGroups(conn, io);
+	check_status_ok(status);
+	return samArray(io.output);
+}
+
+/*
+  return a list of domains
+*/
+function samrEnumDomains(conn, handle)
+{
+	var io = irpcObj();
+	io.input.connect_handle = handle;
+	io.input.resume_handle = 0;
+	io.input.buf_size = -1;
+	status = dcerpc_samr_EnumDomains(conn, io);
+	check_status_ok(status);
+	return samArray(io.output);
+}
+
+/*
+  return information about a user
+*/
+function samrQueryUserInfo(conn, user_handle, level)
+{
+	var r, io = irpcObj();
+	io.input.user_handle = user_handle;
+	io.input.level = level;
+	status = dcerpc_samr_QueryUserInfo(conn, io);
+	check_status_ok(status);
+	return io.output.info.info3;
+}
+
+
+/*
+  fill a user array with user information from samrQueryUserInfo
+*/
+function samrFillUserInfo(conn, dom_handle, users, level)
+{
+	var i;
+	for (i=0;i<users.length;i++) {
+		var r, user_handle, info;
+		user_handle = samrOpenUser(conn, dom_handle, users[i].idx);
+		info = samrQueryUserInfo(conn, user_handle, level);
+		info.name = users[i].name;
+		info.idx  = users[i].idx;
+		users[i] = info;
+		samrClose(conn, user_handle);
+	}
+}
+
+
-- 
cgit 


From 683432660ea53304d25212c56fd119aaabe2c0e3 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 11 Jul 2005 09:19:50 +0000
Subject: r8318: added a bunch more ejs calls.

  getgr*()
  getpw*()
  strlower()
  strupper()
  IfaceList()
(This used to be commit 1517ad490dd67302f38ab9dcd8a3b24b73b8d550)
---
 source4/scripting/libjs/base.js | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index 504cd82259..f5498789c5 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -50,4 +50,3 @@ function check_array_zero(a)
 		assert(a[i] == 0);
 	}
 }
-
-- 
cgit 


From 2dce83de0c4de67f15e95456d6a63864d2f6ad85 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 12 Jul 2005 02:36:07 +0000
Subject: r8338: - added a substitute_var() js library function for doing hash
 driven   substitution of variables in strings

- the js provision script now correctly processes provision.ldif
(This used to be commit c2946003e06c4898ba0444cd0b69d3203753be94)
---
 source4/scripting/libjs/base.js | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index f5498789c5..c6b05755c4 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -50,3 +50,32 @@ function check_array_zero(a)
 		assert(a[i] == 0);
 	}
 }
+
+/*
+  substitute strings of the form ${NAME} in str, replacing
+  with substitutions from subobj
+*/
+function substitute_var(str, subobj)
+{
+	var list = split("${", str);
+	var i;
+	for (i=1;i<list.length;i++) {
+		var list2 = split("}", list[i]);
+		if (list2.length < 2) {
+			return undefined;
+		}
+		var key = list2[0];
+		var val;
+		if (typeof(subobj[key]) == "undefined") {
+			val = "${" + key + "}";
+		} else if (typeof(subobj[key]) == "string") {
+			val = subobj[key];
+		} else {
+			var fn = subobj[key];
+			val = fn(key);
+		}
+		list2[0] = "" + val;
+		list[i] = join("", list2);
+	}
+	return join("", list);
+}
-- 
cgit 


From 26a55c330a8cd79da290b2ad0e15aaf94be6ebcf Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 12 Jul 2005 06:57:25 +0000
Subject: r8355: - added a vsprintf() function

- removed the --outputdir option from provision, as its not used any
  more (as ejs knows the real paths)
(This used to be commit abbf9c703c17c2edc2d978dade3619a96c38d0d9)
---
 source4/scripting/libjs/base.js | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index c6b05755c4..181b3ca959 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -9,6 +9,14 @@ if (global["HAVE_BASE_JS"] != undefined) {
 }
 HAVE_BASE_JS=1
 
+/*
+  an essential function!
+*/
+function printf()
+{
+	print(vsprintf(arguments));
+}
+
 /*
   helper function to setup a rpc io object, ready for input
 */
-- 
cgit 


From adb7fd18e5e58bc466bdd31d68423e5f958a1d5d Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 12 Jul 2005 11:46:34 +0000
Subject: r8372: - split out provisioning logic into a separate ejs library

- added a provisioning web page
(This used to be commit 7476cb94132cf2849ec19360468904ca6fe8de2c)
---
 source4/scripting/libjs/provision.js | 222 +++++++++++++++++++++++++++++++++++
 1 file changed, 222 insertions(+)
 create mode 100644 source4/scripting/libjs/provision.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
new file mode 100644
index 0000000000..ba6807ce44
--- /dev/null
+++ b/source4/scripting/libjs/provision.js
@@ -0,0 +1,222 @@
+/*
+	backend code for provisioning a Samba4 server
+	Copyright Andrew Tridgell 2005
+	Released under the GNU GPL v2 or later
+*/
+
+/* used to generate sequence numbers for records */
+provision_next_usn = 1;
+
+/*
+  find a user or group from a list of possibilities
+*/
+function findnss()
+{
+	var i;
+	assert(arguments.length >= 2);
+	var nssfn = arguments[0];
+	for (i=1;i<arguments.length;i++) {
+		if (nssfn(arguments[i]) != undefined) {
+			return arguments[i];
+		}
+	}
+	printf("Unable to find user/group for %s\n", arguments[1]);
+	assert(i<arguments.length);
+}
+
+/*
+   add a foreign security principle
+ */
+function add_foreign(str, sid, desc, unixname)
+{
+	var add = "
+dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: ${SID}
+description: ${DESC}
+instanceType: 4
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+uSNCreated: 1
+uSNChanged: 1
+showInAdvancedViewOnly: TRUE
+name: ${SID}
+objectGUID: ${NEWGUID}
+objectSid: ${SID}
+objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
+unixName: ${UNIXNAME}
+";
+	var sub = new Object();
+	sub.SID = sid;
+	sub.DESC = desc;
+	sub.UNIXNAME = unixname;
+	return str + substitute_var(add, sub);
+}
+
+/*
+  return current time as a nt time string
+*/
+function nttime()
+{
+	return "" + sys_nttime();
+}
+
+/*
+  return current time as a ldap time string
+*/
+function ldaptime()
+{
+	return sys_ldaptime(sys_nttime());
+}
+
+/*
+  return a date string suitable for a dns zone serial number
+*/
+function datestring()
+{
+	var t = sys_gmtime(sys_nttime());
+	return sprintf("%04u%02u%02u%02u",
+		       t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
+}
+
+/*
+  return first host IP
+*/
+function hostip()
+{
+	var list = sys_interfaces();
+	return list[0];
+}
+
+/*
+  return current time as a ldap time string
+*/
+function nextusn()
+{
+	provision_next_usn = provision_next_usn+1;
+	return provision_next_usn;
+}
+
+/*
+  return first part of hostname
+*/
+function hostname()
+{
+	var s = split(".", sys_hostname());
+	return s[0];
+}
+
+
+/*
+  setup a ldb in the private dir
+ */
+function setup_ldb(ldif, dbname, subobj)
+{
+	var extra = "";
+	if (arguments.length == 4) {
+		extra = arguments[3];
+	}
+
+	var db = lpGet("private dir") + "/" + dbname;
+	var src = lpGet("setup directory") + "/" + ldif;
+
+	sys_unlink(db);
+
+	var data = sys_file_load(src);
+	data = data + extra;
+	data = substitute_var(data, subobj);
+
+	ok = ldbAdd(db, data);
+	assert(ok);
+}
+
+/*
+  setup a file in the private dir
+ */
+function setup_file(template, fname, subobj)
+{
+	var f = lpGet("private dir") + "/" + fname;
+	var src = lpGet("setup directory") + "/" + template;
+
+	sys_unlink(f);
+
+	var data = sys_file_load(src);
+	data = substitute_var(data, subobj);
+
+	ok = sys_file_save(f, data);
+	assert(ok);
+}
+
+/*
+  provision samba4 - caution, this wipes all existing data!
+*/
+function provision(subobj, message)
+{
+	var data = "";
+
+	/*
+	  some options need to be upper/lower case
+	*/
+	subobj.REALM       = strlower(subobj.REALM);
+	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
+	subobj.DOMAIN      = strupper(subobj.DOMAIN);
+	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+
+	data = add_foreign(data, "S-1-5-7",  "Anonymous",           "${NOBODY}");
+	data = add_foreign(data, "S-1-1-0",  "World",               "${NOGROUP}");
+	data = add_foreign(data, "S-1-5-2",  "Network",             "${NOGROUP}");
+	data = add_foreign(data, "S-1-5-18", "System",              "${ROOT}");
+	data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
+
+	provision_next_usn = 1;
+
+	message("Setting up hklm.ldb\n");
+	setup_ldb("hklm.ldif", "hklm.ldb", subobj);
+	message("Setting up sam.ldb\n");
+	setup_ldb("provision.ldif", "sam.ldb", subobj, data);
+	message("Setting up rootdse.ldb\n");
+	setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
+	message("Setting up secrets.ldb\n");
+	setup_ldb("secrets.ldif", "secrets.ldb", subobj);
+	message("Setting up DNS zone file\n");
+	setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj);
+}
+
+/*
+  guess reasonably default options for provisioning
+*/
+function provision_guess()
+{
+	var subobj = new Object();
+	subobj.REALM        = lpGet("realm");
+	subobj.DOMAIN       = lpGet("workgroup");
+	subobj.HOSTNAME     = hostname();
+	subobj.HOSTIP       = hostip();
+	subobj.DOMAINGUID   = randguid();
+	subobj.DOMAINSID    = randsid();
+	subobj.HOSTGUID     = randguid();
+	subobj.INVOCATIONID = randguid();
+	subobj.KRBTGTPASS   = randpass(12);
+	subobj.MACHINEPASS  = randpass(12);
+	subobj.ADMINPASS    = randpass(12);
+	subobj.DEFAULTSITE  = "Default-First-Site-Name";
+	subobj.NEWGUID      = randguid;
+	subobj.NTTIME       = nttime;
+	subobj.LDAPTIME     = ldaptime;
+	subobj.DATESTRING   = datestring;
+	subobj.USN          = nextusn;
+	subobj.ROOT         = findnss(getpwnam, "root");
+	subobj.NOBODY       = findnss(getpwnam, "nobody");
+	subobj.NOGROUP      = findnss(getgrnam, "nogroup");
+	subobj.WHEEL        = findnss(getgrnam, "wheel", "root");
+	subobj.USERS        = findnss(getgrnam, "users", "guest", "other");
+	subobj.DNSDOMAIN    = strlower(subobj.REALM);
+	subobj.DNSNAME      = sprintf("%s.%s", 
+				      strlower(subobj.HOSTNAME), 
+				      subobj.DNSDOMAIN);
+	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
+	return subobj;
+}
+
+return 0;
-- 
cgit 


From 2d0468ac9a6dc07ac3efee4160bba285d92b890b Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 14 Jul 2005 03:10:17 +0000
Subject: r8445: if a system doesn't have "nogroup" then try "nobody" (This
 used to be commit 433f9d0a619ff34a4b7506950ee091fb8d34870d)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ba6807ce44..03360654c7 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -208,7 +208,7 @@ function provision_guess()
 	subobj.USN          = nextusn;
 	subobj.ROOT         = findnss(getpwnam, "root");
 	subobj.NOBODY       = findnss(getpwnam, "nobody");
-	subobj.NOGROUP      = findnss(getgrnam, "nogroup");
+	subobj.NOGROUP      = findnss(getgrnam, "nogroup", "nobody");
 	subobj.WHEEL        = findnss(getgrnam, "wheel", "root");
 	subobj.USERS        = findnss(getgrnam, "users", "guest", "other");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
-- 
cgit 


From 63535f566e2fbe9244fd3e50b9c8d1281b822fc0 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 Jul 2005 05:40:34 +0000
Subject: r8481: switched ldb ejs called over to an OO interface, so you do:

var ldb = ldb_init();

res = ldb.search(dbfile, "(objectClass=user)");

you can also do:

ldbSearch = ldb.search;
res = ldbSearch(dbfile, "(objectClass=user)");

if you want the old interface (ie. you can use this to import
functions into the global or local namespace).
(This used to be commit 3093057d9735cbb62f57e7159264d5a28b85320f)
---
 source4/scripting/libjs/provision.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 03360654c7..6d4e4a3bc0 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -114,6 +114,8 @@ function hostname()
 function setup_ldb(ldif, dbname, subobj)
 {
 	var extra = "";
+	var ldb = ldb_init();
+
 	if (arguments.length == 4) {
 		extra = arguments[3];
 	}
@@ -127,7 +129,7 @@ function setup_ldb(ldif, dbname, subobj)
 	data = data + extra;
 	data = substitute_var(data, subobj);
 
-	ok = ldbAdd(db, data);
+	ok = ldb.add(db, data);
 	assert(ok);
 }
 
-- 
cgit 


From a0bc4da1a307753e3b28a11863f50d66b0894190 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 Jul 2005 07:18:23 +0000
Subject: r8483: switched our generated ejs rpc code over to the new OO
 interface. This means we don't pollute the name space, and also makes for
 faster startup times as we only create variables for the pipes that we use,
 not all pipes (This used to be commit
 57d7a585e8162d21c7152952aa0cc7471968784f)

---
 source4/scripting/libjs/samr.js | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/samr.js b/source4/scripting/libjs/samr.js
index a1f79b541a..2363dde686 100644
--- a/source4/scripting/libjs/samr.js
+++ b/source4/scripting/libjs/samr.js
@@ -18,7 +18,7 @@ function samArray(output)
 	if (output.sam == NULL) {
 		return list;
 	}
-	var entries = output.sam.entries;
+	var i, entries = output.sam.entries;
 	for (i=0;i<output.num_entries;i++) {
 		list[i] = new Object();
                 list[i].name = entries[i].name;
@@ -32,10 +32,12 @@ function samArray(output)
 */
 function samrConnect(conn)
 {
+	conn.samr = samr_init();
+	conn.sec = security_init();
 	var io = irpcObj();
 	io.input.system_name = NULL;
-	io.input.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
-	status = dcerpc_samr_Connect(conn, io);
+	io.input.access_mask = conn.sec.SEC_FLAG_MAXIMUM_ALLOWED;
+	var status = conn.samr.samr_Connect2(conn, io);
 	check_status_ok(status);
 	return io.output.connect_handle;
 }
@@ -47,7 +49,7 @@ function samrClose(conn, handle)
 {
 	var io = irpcObj();
 	io.input.handle = handle;
-	status = dcerpc_samr_Close(conn, io);
+	var status = conn.samr.samr_Close(conn, io);
 	check_status_ok(status);
 }
 
@@ -59,7 +61,7 @@ function samrLookupDomain(conn, handle, domain)
 	var io = irpcObj();
 	io.input.connect_handle = handle;
 	io.input.domain_name = domain;
-	status = dcerpc_samr_LookupDomain(conn, io);
+	var status = conn.samr.samr_LookupDomain(conn, io);
 	check_status_ok(status);
 	return io.output.sid;
 }
@@ -71,9 +73,9 @@ function samrOpenDomain(conn, handle, sid)
 {
 	var io = irpcObj();
 	io.input.connect_handle = handle;
-	io.input.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_mask = conn.sec.SEC_FLAG_MAXIMUM_ALLOWED;
 	io.input.sid = sid;
-	status = dcerpc_samr_OpenDomain(conn, io);
+	var status = conn.samr.samr_OpenDomain(conn, io);
 	check_status_ok(status);
 	return io.output.domain_handle;
 }
@@ -85,9 +87,9 @@ function samrOpenUser(conn, handle, rid)
 {
 	var io = irpcObj();
 	io.input.domain_handle = handle;
-	io.input.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_mask = conn.sec.SEC_FLAG_MAXIMUM_ALLOWED;
 	io.input.rid = rid;
-	status = dcerpc_samr_OpenUser(conn, io);
+	var status = conn.samr.samr_OpenUser(conn, io);
 	check_status_ok(status);
 	return io.output.user_handle;
 }
@@ -102,7 +104,7 @@ function samrEnumDomainUsers(conn, dom_handle)
 	io.input.resume_handle = 0;
 	io.input.acct_flags = 0;
 	io.input.max_size = -1;
-	status = dcerpc_samr_EnumDomainUsers(conn, io);
+	var status = conn.samr.samr_EnumDomainUsers(conn, io);
 	check_status_ok(status);
 	return samArray(io.output);
 }
@@ -117,7 +119,7 @@ function samrEnumDomainGroups(conn, dom_handle)
 	io.input.resume_handle = 0;
 	io.input.acct_flags = 0;
 	io.input.max_size = -1;
-	status = dcerpc_samr_EnumDomainGroups(conn, io);
+	var status = conn.samr.samr_EnumDomainGroups(conn, io);
 	check_status_ok(status);
 	return samArray(io.output);
 }
@@ -131,7 +133,7 @@ function samrEnumDomains(conn, handle)
 	io.input.connect_handle = handle;
 	io.input.resume_handle = 0;
 	io.input.buf_size = -1;
-	status = dcerpc_samr_EnumDomains(conn, io);
+	var status = conn.samr.samr_EnumDomains(conn, io);
 	check_status_ok(status);
 	return samArray(io.output);
 }
@@ -144,7 +146,7 @@ function samrQueryUserInfo(conn, user_handle, level)
 	var r, io = irpcObj();
 	io.input.user_handle = user_handle;
 	io.input.level = level;
-	status = dcerpc_samr_QueryUserInfo(conn, io);
+	var status = conn.samr.samr_QueryUserInfo(conn, io);
 	check_status_ok(status);
 	return io.output.info.info3;
 }
@@ -167,4 +169,3 @@ function samrFillUserInfo(conn, dom_handle, users, level)
 	}
 }
 
-
-- 
cgit 


From 7913cbbe11075c75770d37cf2e0da8f7af51a7fc Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 Jul 2005 07:45:40 +0000
Subject: r8484: switched the sys_*() calls to the OO interface

tim, do you want to do the cli_*() calls now?
(This used to be commit 9991e924e9dacec663a5d040ccfc878927fc3afa)
---
 source4/scripting/libjs/provision.js | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 6d4e4a3bc0..06b6f03779 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -7,6 +7,8 @@
 /* used to generate sequence numbers for records */
 provision_next_usn = 1;
 
+sys = sys_init();
+
 /*
   find a user or group from a list of possibilities
 */
@@ -59,7 +61,7 @@ unixName: ${UNIXNAME}
 */
 function nttime()
 {
-	return "" + sys_nttime();
+	return "" + sys.nttime();
 }
 
 /*
@@ -67,7 +69,7 @@ function nttime()
 */
 function ldaptime()
 {
-	return sys_ldaptime(sys_nttime());
+	return sys.ldaptime(sys.nttime());
 }
 
 /*
@@ -75,7 +77,7 @@ function ldaptime()
 */
 function datestring()
 {
-	var t = sys_gmtime(sys_nttime());
+	var t = sys.gmtime(sys.nttime());
 	return sprintf("%04u%02u%02u%02u",
 		       t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
 }
@@ -85,7 +87,7 @@ function datestring()
 */
 function hostip()
 {
-	var list = sys_interfaces();
+	var list = sys.interfaces();
 	return list[0];
 }
 
@@ -103,7 +105,7 @@ function nextusn()
 */
 function hostname()
 {
-	var s = split(".", sys_hostname());
+	var s = split(".", sys.hostname());
 	return s[0];
 }
 
@@ -123,9 +125,9 @@ function setup_ldb(ldif, dbname, subobj)
 	var db = lpGet("private dir") + "/" + dbname;
 	var src = lpGet("setup directory") + "/" + ldif;
 
-	sys_unlink(db);
+	sys.unlink(db);
 
-	var data = sys_file_load(src);
+	var data = sys.file_load(src);
 	data = data + extra;
 	data = substitute_var(data, subobj);
 
@@ -141,12 +143,12 @@ function setup_file(template, fname, subobj)
 	var f = lpGet("private dir") + "/" + fname;
 	var src = lpGet("setup directory") + "/" + template;
 
-	sys_unlink(f);
+	sys.unlink(f);
 
-	var data = sys_file_load(src);
+	var data = sys.file_load(src);
 	data = substitute_var(data, subobj);
 
-	ok = sys_file_save(f, data);
+	ok = sys.file_save(f, data);
 	assert(ok);
 }
 
-- 
cgit 


From 4f62205cad46539cc459efe106c0a036f08ed0b9 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 Jul 2005 09:23:23 +0000
Subject: r8486: switched to a separate connection operation in ldb interface
 (a suggestion from simo) (This used to be commit
 98c9c4ecb87e1b140002390067892806464849da)

---
 source4/scripting/libjs/provision.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 06b6f03779..d4551945d1 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -122,15 +122,18 @@ function setup_ldb(ldif, dbname, subobj)
 		extra = arguments[3];
 	}
 
-	var db = lpGet("private dir") + "/" + dbname;
+	var dbfile = lpGet("private dir") + "/" + dbname;
 	var src = lpGet("setup directory") + "/" + ldif;
 
-	sys.unlink(db);
+	sys.unlink(dbfile);
 
 	var data = sys.file_load(src);
 	data = data + extra;
 	data = substitute_var(data, subobj);
 
+	var db = ldb.connect(dbfile);
+	assert(db != undefined);
+
 	ok = ldb.add(db, data);
 	assert(ok);
 }
-- 
cgit 


From 94d99612b9093ca83da3b6b66f875915eeabb389 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 Jul 2005 11:10:38 +0000
Subject: r8488: after discussions with simo, moved to a full OO interface, so
 you don't need to keep a 'db' variable around. The ldb object knows what it
 is connected to.

Added a simple ldb testsuite in testprogs/ldb.js
(This used to be commit cf35818648b5b649d0cd25f115a04b7b5b5311aa)
---
 source4/scripting/libjs/provision.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d4551945d1..bf39bcb992 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -131,10 +131,10 @@ function setup_ldb(ldif, dbname, subobj)
 	data = data + extra;
 	data = substitute_var(data, subobj);
 
-	var db = ldb.connect(dbfile);
-	assert(db != undefined);
+	var ok = ldb.connect(dbfile);
+	assert(ok);
 
-	ok = ldb.add(db, data);
+	ok = ldb.add(data);
 	assert(ok);
 }
 
-- 
cgit 


From 09fb6d2280187527898ae5af9c266c7474901dac Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 18 Jul 2005 23:58:18 +0000
Subject: r8558: move newuser logic into the provision.js lib (This used to be
 commit b6ef32ddd1fdca0d40a12f34fa5f7a484b3c2071)

---
 source4/scripting/libjs/provision.js | 84 ++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index bf39bcb992..c7fb1b5fc5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -226,4 +226,88 @@ function provision_guess()
 	return subobj;
 }
 
+/*
+  search for one attribute as a string
+ */
+function searchone(ldb, expression, attribute)
+{
+	var attrs = new Array(attribute);
+	res = ldb.search(expression, attrs);
+	if (res.length != 1 ||
+	    res[0][attribute] == undefined) {
+		return undefined;
+	}
+	return res[0][attribute];
+}
+
+/*
+  add a new user record
+*/
+function newuser(username, unixname, password, message)
+{
+	var samdb = lpGet("sam database");
+	var ldb = ldb_init();
+
+	/* connect to the sam */
+	var ok = ldb.connect(samdb);
+	assert(ok);
+
+	/* find the DNs for the domain and the domain users group */
+	var domain_dn = searchone(ldb, "objectClass=domainDNS", "dn");
+	assert(domain_dn != undefined);
+	var dom_users = searchone(ldb, "name=Domain Users", "dn");
+	assert(dom_users != undefined);
+
+	var user_dn = sprintf("CN=%s,CN=Users,%s", username, domain_dn);
+
+
+	/*
+	  the new user record. note the reliance on the samdb module to fill
+	  in a sid, guid etc
+	*/
+	var ldif = sprintf("
+dn: %s
+sAMAccountName: %s
+name: %s
+memberOf: %s
+unixName: %s
+objectGUID: %s
+unicodePwd: %s
+objectClass: user
+",
+			   user_dn, username, username, dom_users,
+			   unixname, randguid(), password);
+	/*
+	  add the user to the users group as well
+	*/
+	var modgroup = sprintf("
+dn: %s
+changetype: modify
+add: member
+member: %s
+", 
+			       dom_users, user_dn);
+
+
+	/*
+	  now the real work
+	*/
+	message("Adding user %s\n", user_dn);
+	ok = ldb.add(ldif);
+	if (ok != true) {
+		message("Failed to add %s - %s\n", user_dn, ldb.errstring());
+		return false;
+	}
+
+	message("Modifying group %s\n", dom_users);
+	ok = ldb.modify(modgroup);
+	if (ok != true) {
+		message("Failed to modify %s - %s\n", dom_users, ldb.errstring());
+		return false;
+	}
+
+	return true;
+}
+
+
 return 0;
-- 
cgit 


From f1245d4ac1f06988dc4501c14c0e8161be8028aa Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 00:16:43 +0000
Subject: r8561: as with the other ejs subsystems, make nss into a object (This
 used to be commit a3f3292e6698ce9be6a5036f47dd4fa81a1dfd4e)

---
 source4/scripting/libjs/provision.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c7fb1b5fc5..7133e50b4c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -196,6 +196,8 @@ function provision(subobj, message)
 function provision_guess()
 {
 	var subobj = new Object();
+	var nss = nss_init();
+
 	subobj.REALM        = lpGet("realm");
 	subobj.DOMAIN       = lpGet("workgroup");
 	subobj.HOSTNAME     = hostname();
@@ -213,11 +215,11 @@ function provision_guess()
 	subobj.LDAPTIME     = ldaptime;
 	subobj.DATESTRING   = datestring;
 	subobj.USN          = nextusn;
-	subobj.ROOT         = findnss(getpwnam, "root");
-	subobj.NOBODY       = findnss(getpwnam, "nobody");
-	subobj.NOGROUP      = findnss(getgrnam, "nogroup", "nobody");
-	subobj.WHEEL        = findnss(getgrnam, "wheel", "root");
-	subobj.USERS        = findnss(getgrnam, "users", "guest", "other");
+	subobj.ROOT         = findnss(nss.getpwnam, "root");
+	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
+	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
+	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root");
+	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
-- 
cgit 


From 1bc4bd4c14e01788bdb4ed09b12eaf0abacab2c1 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 02:10:08 +0000
Subject: r8570: delete all records in the old db when provisioning, rather
 than using sys.unlink(). This allows smbd to see the new db without
 restarting. (This used to be commit 71004aa165e88f5f448dc7d90ad11dea7143f0df)

---
 source4/scripting/libjs/provision.js | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 7133e50b4c..5ce9c8886f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -110,6 +110,30 @@ function hostname()
 }
 
 
+/*
+  erase an ldb, removing all records
+*/
+function ldb_erase(ldb)
+{
+	var attrs = new Array("dn");
+
+	/* delete the specials */
+	ldb.del("@INDEXLIST");
+	ldb.del("@ATTRIBUTES");
+	ldb.del("@SUBCLASSES");
+	ldb.del("@MODULES");
+
+	/* and the rest */
+	var res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
+	var i;
+	for (i=0;i<res.length;i++) {
+		ldb.del(res[i].dn);
+	}
+	res = ldb.search("(objectclass=*)", attrs);
+	assert(res.length == 0);
+}
+
+
 /*
   setup a ldb in the private dir
  */
@@ -125,8 +149,6 @@ function setup_ldb(ldif, dbname, subobj)
 	var dbfile = lpGet("private dir") + "/" + dbname;
 	var src = lpGet("setup directory") + "/" + ldif;
 
-	sys.unlink(dbfile);
-
 	var data = sys.file_load(src);
 	data = data + extra;
 	data = substitute_var(data, subobj);
@@ -134,6 +156,8 @@ function setup_ldb(ldif, dbname, subobj)
 	var ok = ldb.connect(dbfile);
 	assert(ok);
 
+	ldb_erase(ldb);
+
 	ok = ldb.add(data);
 	assert(ok);
 }
-- 
cgit 


From 340b3d7301d81ed46af261d8c948f0e77e052243 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 03:59:25 +0000
Subject: r8575: the beginnings of a smbstatus command (This used to be commit
 4ecaf72a31cde2722315a61cbe823d44f0c14586)

---
 source4/scripting/libjs/management.js | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 source4/scripting/libjs/management.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
new file mode 100644
index 0000000000..371ddc026b
--- /dev/null
+++ b/source4/scripting/libjs/management.js
@@ -0,0 +1,33 @@
+/*
+	backend code for Samba4 management
+	Copyright Andrew Tridgell 2005
+	Released under the GNU GPL v2 or later
+*/
+
+/*
+  return a list of current sessions 
+*/
+function smbsrv_sessions()
+{
+	var conn = new Object();
+	var irpc = irpc_init();
+	status = irpc_connect(conn, "smb_server");
+	assert(status.is_ok == true);
+
+	var io = irpcObj();
+	io.input.level = irpc.SMBSRV_INFO_SESSIONS;
+	status = irpc.smbsrv_information(conn, io);
+
+	/* gather the results into a single array */
+	var i, count=0, ret = new Object();
+	for (i=0;i<io.results.length;i++) {
+		var sessions = io.results[i].info.sessions.sessions;
+		var j;
+		for (j=0;j<sessions.length;j++) {
+			ret[count] = sessions[j];
+			count++;
+		}
+	}
+	ret.length = count;
+	return ret;
+}
-- 
cgit 


From a32fe0f293fb86d69f3f7001daac2614adfb6b98 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 04:26:58 +0000
Subject: r8577: added management calls to list current tree connects (This
 used to be commit 658befc1e4df44bee1f365a730951001f0f36640)

---
 source4/scripting/libjs/management.js | 41 ++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index 371ddc026b..d989541661 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -4,6 +4,7 @@
 	Released under the GNU GPL v2 or later
 */
 
+
 /*
   return a list of current sessions 
 */
@@ -12,11 +13,16 @@ function smbsrv_sessions()
 	var conn = new Object();
 	var irpc = irpc_init();
 	status = irpc_connect(conn, "smb_server");
-	assert(status.is_ok == true);
+	if (status.is_ok != true) {
+		return undefined;
+	}
 
 	var io = irpcObj();
 	io.input.level = irpc.SMBSRV_INFO_SESSIONS;
 	status = irpc.smbsrv_information(conn, io);
+	if (status.is_ok != true) {
+		return undefined;
+	}
 
 	/* gather the results into a single array */
 	var i, count=0, ret = new Object();
@@ -31,3 +37,36 @@ function smbsrv_sessions()
 	ret.length = count;
 	return ret;
 }
+
+/*
+  return a list of current tree connects
+*/
+function smbsrv_trees()
+{
+	var conn = new Object();
+	var irpc = irpc_init();
+	status = irpc_connect(conn, "smb_server");
+	if (status.is_ok != true) {
+		return undefined;
+	}
+
+	var io = irpcObj();
+	io.input.level = irpc.SMBSRV_INFO_TREES;
+	status = irpc.smbsrv_information(conn, io);
+	if (status.is_ok != true) {
+		return undefined;
+	}
+
+	/* gather the results into a single array */
+	var i, count=0, ret = new Object();
+	for (i=0;i<io.results.length;i++) {
+		var trees = io.results[i].info.trees.trees;
+		var j;
+		for (j=0;j<trees.length;j++) {
+			ret[count] = trees[j];
+			count++;
+		}
+	}
+	ret.length = count;
+	return ret;
+}
-- 
cgit 


From cb060f8bac4114766a1945c2929a75848d0d7185 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 06:18:48 +0000
Subject: r8584: added --nbt option to smbstatus for nbt server statistics
 (This used to be commit 26a676a4e3596d34aee391bf132f2525972c81df)

---
 source4/scripting/libjs/management.js | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index d989541661..8b04247248 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -70,3 +70,24 @@ function smbsrv_trees()
 	ret.length = count;
 	return ret;
 }
+
+/*
+  return nbtd statistics
+*/
+function nbtd_statistics()
+{
+	var conn = new Object();
+	var irpc = irpc_init();
+	status = irpc_connect(conn, "nbt_server");
+	if (status.is_ok != true) {
+		return undefined;
+	}
+
+	var io = irpcObj();
+	io.input.level = irpc.NBTD_INFO_STATISTICS;
+	status = irpc.nbtd_information(conn, io);
+	if (status.is_ok != true) {
+		return undefined;
+	}
+	return io.results[0].info.stats;
+}
-- 
cgit 


From 82f1a9474d85f75291d0af0e51d55fa904d42055 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 09:30:53 +0000
Subject: r8590: added server status utility functions for checking on the
 status of a task via irpc

- for stream tasks, returns the number of connections

- for non-stream tasks, returns "RUNNING"

For both, return "DISABLED" or "NOT RESPONDING" appropriately
(This used to be commit 78d6303814382f7835212f5045f12180e396b540)
---
 source4/scripting/libjs/base.js       | 11 ++++++
 source4/scripting/libjs/management.js | 69 +++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index 181b3ca959..39b62b133e 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -87,3 +87,14 @@ function substitute_var(str, subobj)
 	}
 	return join("", list);
 }
+
+/*
+  return "s" if a number should be shown as plural
+*/
+function plural(n)
+{
+	if (n == 1) {
+		return "";
+	}
+	return "s";
+}
diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index 8b04247248..7130cdc5dd 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -91,3 +91,72 @@ function nbtd_statistics()
 	}
 	return io.results[0].info.stats;
 }
+
+/*
+  see if a service is enabled
+*/
+function service_enabled(name)
+{
+	var services = lpGet("server services");
+	var i;
+	for (i=0;i<services.length;i++) {
+		if (services[i] == name) {
+			return true;
+		}
+	}
+	return false;
+}
+
+/*
+  show status of a server
+*/
+function server_status(name)
+{
+	var conn = new Object();
+	var i;
+	var io;
+	var irpc = irpc_init();
+
+	if (!service_enabled(name)) {
+		return "DISABLED";
+	}
+	
+	status = irpc_connect(conn, name + "_server");
+	if (status.is_ok != true) {
+		return "DOWN";
+	}
+
+	var io = irpcObj();
+	status = irpc.irpc_uptime(conn, io);
+	if (status.is_ok != true) {
+		return "NOT RESPONDING";
+	}
+
+	return "RUNNING";
+}
+
+/*
+  show status of a stream server
+*/
+function stream_server_status(name)
+{
+	var conn = new Object();
+	var irpc = irpc_init();
+
+	if (!service_enabled(name)) {
+		return "DISABLED";
+	}
+	status = irpc_connect(conn, name + "_server");
+	if (status.is_ok != true) {
+		return "0 connections";
+	}
+
+	var io = irpcObj();
+	status = irpc.irpc_uptime(conn, io);
+	if (status.is_ok != true) {
+		return "NOT RESPONDING";
+	}
+
+	var n = io.results.length;
+	return sprintf("%u connection%s", n, plural(n));
+}
-- 
cgit 


From 8f16aa6c179a6157a4fbece3b30ef6ebfb3f5562 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 19 Jul 2005 11:55:35 +0000
Subject: r8603: we have to use the same db name as the rest of smbd uses so
 the ldb connect works when already open (This used to be commit
 1183f54c8dee28c136b4dc72bc059a6175fe09e4)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 5ce9c8886f..d3b94c1d1c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -146,7 +146,7 @@ function setup_ldb(ldif, dbname, subobj)
 		extra = arguments[3];
 	}
 
-	var dbfile = lpGet("private dir") + "/" + dbname;
+	var dbfile = dbname;
 	var src = lpGet("setup directory") + "/" + ldif;
 
 	var data = sys.file_load(src);
-- 
cgit 


From e9c925f8727a8fa01935129ba8209183d111bd86 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 20 Jul 2005 04:27:09 +0000
Subject: r8629: - moved the getDomainList() call out of smbcalls_auth.c and
 into libjs/auth.js

- tried to make the ejs_userAuth() call work for the sam, not just for
  unix auth. I didn't get this working. Andrew, when you get a chance
  can you see what I'm doing wrong? I suspect its because we aren't
  supplying a challenge, but a challenge doesn't really make sense in a
  'is this username/password' correct call.
(This used to be commit 9e07c08a71908e99c2f44efc40a3249facd6850f)
---
 source4/scripting/libjs/auth.js | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 source4/scripting/libjs/auth.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/auth.js b/source4/scripting/libjs/auth.js
new file mode 100644
index 0000000000..a973cb4753
--- /dev/null
+++ b/source4/scripting/libjs/auth.js
@@ -0,0 +1,17 @@
+/*
+	auth js library functions
+	Copyright Andrew Tridgell 2005
+	released under the GNU GPL v2 or later
+*/
+
+
+/*
+  get a list of domains for SWAT authentication
+*/
+function getDomainList()
+{
+	var ret = new Array(2);
+	ret[0] = "System User";
+	ret[1] = lpGet("workgroup");
+	return ret;
+}
-- 
cgit 


From 620301858a5b747002eebe2b9fcef10712ee8249 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 20 Jul 2005 07:04:07 +0000
Subject: r8638: continue the trend of maknig our C functions true ejs objects
 by making the string functions into an object. To keep existing code working
 I have added:

  string_init(global);

into base.js. That brings the functions into the global scope for our
existing scripts
(This used to be commit a978484738168b82441c4dc4f5f803d349769a4b)
---
 source4/scripting/libjs/base.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index 39b62b133e..8a07f4e383 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -9,6 +9,9 @@ if (global["HAVE_BASE_JS"] != undefined) {
 }
 HAVE_BASE_JS=1
 
+/* bring the string functions into the global frame */
+string_init(global);
+
 /*
   an essential function!
 */
-- 
cgit 


From 86d628a292a22973597e0c06d4a36e20c58ae31c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 20 Jul 2005 07:20:03 +0000
Subject: r8639: moved loadparm calls into an ejs object (This used to be
 commit 2dc493eea6f9d87c40ad0dc755f528ce0b33ca47)

---
 source4/scripting/libjs/auth.js       |  3 ++-
 source4/scripting/libjs/management.js |  3 ++-
 source4/scripting/libjs/provision.js  | 16 ++++++++++------
 3 files changed, 14 insertions(+), 8 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/auth.js b/source4/scripting/libjs/auth.js
index a973cb4753..73d8645218 100644
--- a/source4/scripting/libjs/auth.js
+++ b/source4/scripting/libjs/auth.js
@@ -11,7 +11,8 @@
 function getDomainList()
 {
 	var ret = new Array(2);
+	var lp = loadparm_init();
 	ret[0] = "System User";
-	ret[1] = lpGet("workgroup");
+	ret[1] = lp.get("workgroup");
 	return ret;
 }
diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index 7130cdc5dd..e1c68ca1de 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -97,7 +97,8 @@ function nbtd_statistics()
 */
 function service_enabled(name)
 {
-	var services = lpGet("server services");
+	var lp = loadparm_init();
+	var services = lp.get("server services");
 	var i;
 	for (i=0;i<services.length;i++) {
 		if (services[i] == name) {
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d3b94c1d1c..e9a8aad0cc 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -141,13 +141,14 @@ function setup_ldb(ldif, dbname, subobj)
 {
 	var extra = "";
 	var ldb = ldb_init();
+	var lp = loadparm_init();
 
 	if (arguments.length == 4) {
 		extra = arguments[3];
 	}
 
 	var dbfile = dbname;
-	var src = lpGet("setup directory") + "/" + ldif;
+	var src = lp.get("setup directory") + "/" + ldif;
 
 	var data = sys.file_load(src);
 	data = data + extra;
@@ -167,8 +168,9 @@ function setup_ldb(ldif, dbname, subobj)
  */
 function setup_file(template, fname, subobj)
 {
-	var f = lpGet("private dir") + "/" + fname;
-	var src = lpGet("setup directory") + "/" + template;
+	var lp = loadparm_init();
+	var f = lp.get("private dir") + "/" + fname;
+	var src = lp.get("setup directory") + "/" + template;
 
 	sys.unlink(f);
 
@@ -221,9 +223,10 @@ function provision_guess()
 {
 	var subobj = new Object();
 	var nss = nss_init();
+	var lp = loadparm_init();
 
-	subobj.REALM        = lpGet("realm");
-	subobj.DOMAIN       = lpGet("workgroup");
+	subobj.REALM        = lp.get("realm");
+	subobj.DOMAIN       = lp.get("workgroup");
 	subobj.HOSTNAME     = hostname();
 	subobj.HOSTIP       = hostip();
 	subobj.DOMAINGUID   = randguid();
@@ -271,7 +274,8 @@ function searchone(ldb, expression, attribute)
 */
 function newuser(username, unixname, password, message)
 {
-	var samdb = lpGet("sam database");
+	var lp = loadparm_init();
+	var samdb = lp.get("sam database");
 	var ldb = ldb_init();
 
 	/* connect to the sam */
-- 
cgit 


From d5ac1f9bf4062139054fa2b4677f6bde952bec13 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 20 Jul 2005 07:29:23 +0000
Subject: r8640: continue the trend by moving the ejs random calls into an
 object (This used to be commit ed4fb68ef7c28e415408e923bd9eefcd2d60f355)

---
 source4/scripting/libjs/provision.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e9a8aad0cc..58f0e18240 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -224,6 +224,7 @@ function provision_guess()
 	var subobj = new Object();
 	var nss = nss_init();
 	var lp = loadparm_init();
+	random_init(local);
 
 	subobj.REALM        = lp.get("realm");
 	subobj.DOMAIN       = lp.get("workgroup");
@@ -277,6 +278,7 @@ function newuser(username, unixname, password, message)
 	var lp = loadparm_init();
 	var samdb = lp.get("sam database");
 	var ldb = ldb_init();
+	random_init(local);
 
 	/* connect to the sam */
 	var ok = ldb.connect(samdb);
-- 
cgit 


From 2f5f01567b4c30cd764843a1ca0c7ab6d9bc0882 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 20 Jul 2005 10:07:48 +0000
Subject: r8643: - make lp_configfile() work again

- get rid of redundeny dyn_CONFIGFILE argument to lp_load()

- fixed provisioning to work with completely pristine install,
  creating an initial smb.conf is none is present

- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7)
---
 source4/scripting/libjs/provision.js | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 58f0e18240..f5aaeafe89 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -169,7 +169,7 @@ function setup_ldb(ldif, dbname, subobj)
 function setup_file(template, fname, subobj)
 {
 	var lp = loadparm_init();
-	var f = lp.get("private dir") + "/" + fname;
+	var f = fname;
 	var src = lp.get("setup directory") + "/" + template;
 
 	sys.unlink(f);
@@ -187,6 +187,9 @@ function setup_file(template, fname, subobj)
 function provision(subobj, message)
 {
 	var data = "";
+	var lp = loadparm_init();
+	var sys = sys_init();
+	var smbconf = lp.get("config file");
 
 	/*
 	  some options need to be upper/lower case
@@ -204,6 +207,13 @@ function provision(subobj, message)
 
 	provision_next_usn = 1;
 
+	/* only install a new smb.conf if there isn't one there already */
+	var st = sys.stat(smbconf);
+	if (st == undefined) {
+		message("Setting up smb.conf\n");
+		setup_file("provision.smb.conf", smbconf, subobj);
+		lp.reload();
+	}
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", "hklm.ldb", subobj);
 	message("Setting up sam.ldb\n");
@@ -213,7 +223,9 @@ function provision(subobj, message)
 	message("Setting up secrets.ldb\n");
 	setup_ldb("secrets.ldif", "secrets.ldb", subobj);
 	message("Setting up DNS zone file\n");
-	setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj);
+	setup_file("provision.zone", 
+		   lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone", 
+		   subobj);
 }
 
 /*
@@ -229,6 +241,11 @@ function provision_guess()
 	subobj.REALM        = lp.get("realm");
 	subobj.DOMAIN       = lp.get("workgroup");
 	subobj.HOSTNAME     = hostname();
+
+	assert(subobj.REALM);
+	assert(subobj.DOMAIN);
+	assert(subobj.HOSTNAME);
+
 	subobj.HOSTIP       = hostip();
 	subobj.DOMAINGUID   = randguid();
 	subobj.DOMAINSID    = randsid();
-- 
cgit 


From 2fd92cb1b4986909aff79ee88e48d1bb513e9062 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 20 Jul 2005 11:26:17 +0000
Subject: r8648: automatically redirect to provisioning if not yet provisioned
 when the home page in swat is accessed (This used to be commit
 78fb559c08d55c01f5ede81d43cdd857cce8d338)

---
 source4/scripting/libjs/provision.js | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f5aaeafe89..894b42ceb7 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -9,6 +9,27 @@ provision_next_usn = 1;
 
 sys = sys_init();
 
+/*
+  return true if the current install seems to be OK
+*/
+function install_ok()
+{
+	var lp = loadparm_init();
+	var ldb = ldb_init();
+	if (lp.get("realm") == "") {
+		return false;
+	}
+	var ok = ldb.connect(lp.get("sam database"));
+	if (!ok) {
+		return false;
+	}
+	var res = ldb.search("(name=Administrator)");
+	if (res.length != 1) {
+		return false;
+	}
+	return true;
+}
+
 /*
   find a user or group from a list of possibilities
 */
-- 
cgit 


From 24d2107324982d8ad69fb89d13037ba591f49534 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 20 Jul 2005 11:43:23 +0000
Subject: r8650: Use the timestamps and a new objectguid module rather than
 placing boilerplate attributes in every entry in provision.ldif.

The next step will be to use templates.

Andrew Bartlett
(This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
---
 source4/scripting/libjs/provision.js | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 894b42ceb7..db71392d8c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -113,7 +113,7 @@ function hostip()
 }
 
 /*
-  return current time as a ldap time string
+  return next USN in the sequence
 */
 function nextusn()
 {
@@ -160,14 +160,19 @@ function ldb_erase(ldb)
  */
 function setup_ldb(ldif, dbname, subobj)
 {
+	var erase = true;
 	var extra = "";
 	var ldb = ldb_init();
 	var lp = loadparm_init();
 
-	if (arguments.length == 4) {
+	if (arguments.length >= 4) {
 		extra = arguments[3];
 	}
 
+	if (arguments.length == 5) {
+	        erase = arguments[4];
+        }
+
 	var dbfile = dbname;
 	var src = lp.get("setup directory") + "/" + ldif;
 
@@ -178,7 +183,9 @@ function setup_ldb(ldif, dbname, subobj)
 	var ok = ldb.connect(dbfile);
 	assert(ok);
 
-	ldb_erase(ldb);
+	if (erase) {
+		ldb_erase(ldb);	
+	}
 
 	ok = ldb.add(data);
 	assert(ok);
@@ -237,8 +244,10 @@ function provision(subobj, message)
 	}
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", "hklm.ldb", subobj);
-	message("Setting up sam.ldb\n");
-	setup_ldb("provision.ldif", "sam.ldb", subobj, data);
+	message("Setting up sam.ldb attributes\n");
+	setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+	message("Setting up sam.ldb data\n");
+	setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
 	message("Setting up rootdse.ldb\n");
 	setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
 	message("Setting up secrets.ldb\n");
-- 
cgit 


From 6173fad23171add5b1d143f6c15fb36842811135 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 21 Jul 2005 02:12:20 +0000
Subject: r8660: Use templates for the initial provision of user and computer
 accounts.

This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.

Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).

Andrew Bartlett
(This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
---
 source4/scripting/libjs/provision.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index db71392d8c..38f3fc066e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -246,6 +246,8 @@ function provision(subobj, message)
 	setup_ldb("hklm.ldif", "hklm.ldb", subobj);
 	message("Setting up sam.ldb attributes\n");
 	setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+	message("Setting up sam.ldb templates\n");
+	setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
 	setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
 	message("Setting up rootdse.ldb\n");
-- 
cgit 


From f8c1258d01fa631b719579e186b28027a34887cf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 21 Jul 2005 11:28:24 +0000
Subject: r8677: The first part of the domain name may not be equal to the
 netbios domain name.

Remove the use of flatname from the main domain object, we no longer
reference it.

Andrew Bartlett
(This used to be commit 2303e24be74570187b23c3d31d0433263c83ba7e)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 38f3fc066e..b6a7c5978b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -268,6 +268,7 @@ function provision_guess()
 	var subobj = new Object();
 	var nss = nss_init();
 	var lp = loadparm_init();
+	var rdn_list;
 	random_init(local);
 
 	subobj.REALM        = lp.get("realm");
@@ -302,6 +303,8 @@ function provision_guess()
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
+	rdn_list = split(".", subobj.REALM);
+	subobj.RDN_DC       = rdn_list[0];
 	return subobj;
 }
 
-- 
cgit 


From 66b2a04346a568e6564b9cb21a89cf887cad3d03 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 27 Jul 2005 00:23:09 +0000
Subject: r8790: Finish the migration of aliases and privilages with SamSync,
 by adding templating support for foreignSecurityPrincipals to the samdb
 module. This is an extension beyond what microsoft does, and has been very
 useful :-)

The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.

Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.

Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong.  Many of these should perhaps be hooked
into an error string.

Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
---
 source4/scripting/libjs/provision.js | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b6a7c5978b..0bcb2fa761 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -56,19 +56,10 @@ function add_foreign(str, sid, desc, unixname)
 dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
 objectClass: top
 objectClass: foreignSecurityPrincipal
-cn: ${SID}
 description: ${DESC}
-instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
+unixName: ${UNIXNAME}
 uSNCreated: 1
 uSNChanged: 1
-showInAdvancedViewOnly: TRUE
-name: ${SID}
-objectGUID: ${NEWGUID}
-objectSid: ${SID}
-objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
-unixName: ${UNIXNAME}
 ";
 	var sub = new Object();
 	sub.SID = sid;
@@ -212,7 +203,7 @@ function setup_file(template, fname, subobj)
 /*
   provision samba4 - caution, this wipes all existing data!
 */
-function provision(subobj, message)
+function provision(subobj, message, blank)
 {
 	var data = "";
 	var lp = loadparm_init();
@@ -249,7 +240,11 @@ function provision(subobj, message)
 	message("Setting up sam.ldb templates\n");
 	setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
-	setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
+	setup_ldb("provision.ldif", "sam.ldb", subobj, NULL, false);
+	if (blank == false) {
+		message("Setting up sam.ldb users and groups\n");
+		setup_ldb("provision_users.ldif", "sam.ldb", subobj, data, false);
+	}
 	message("Setting up rootdse.ldb\n");
 	setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
 	message("Setting up secrets.ldb\n");
-- 
cgit 


From f6d2892faab30e6f205a81a008168b07e521ab85 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 28 Jul 2005 06:46:03 +0000
Subject: r8821: continue the trend to move to a more OO style of interface for
 our js calls. This changes the generated RPC and IRPC calls to use the 'this'
 object pointer instead of requiring the passing of the object on each call.
 So typical usage is now:

var echo = echo_init();
var io = irpcObj();

status = echo.connect("ncacn_np:server");
assert(status.is_ok);

io.input.in_data = 7;
status = echo.AddOne(io);
assert(status.is_ok);
(This used to be commit f7b49ecd0868c1f0fec75b371f132bbf357ad8c6)
---
 source4/scripting/libjs/management.js | 25 ++++++++++---------------
 source4/scripting/libjs/samr.js       | 31 +++++++++++++++----------------
 2 files changed, 25 insertions(+), 31 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index e1c68ca1de..26c1c0a34a 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -10,16 +10,15 @@
 */
 function smbsrv_sessions()
 {
-	var conn = new Object();
 	var irpc = irpc_init();
-	status = irpc_connect(conn, "smb_server");
+	status = irpc.connect("smb_server");
 	if (status.is_ok != true) {
 		return undefined;
 	}
 
 	var io = irpcObj();
 	io.input.level = irpc.SMBSRV_INFO_SESSIONS;
-	status = irpc.smbsrv_information(conn, io);
+	status = irpc.smbsrv_information(io);
 	if (status.is_ok != true) {
 		return undefined;
 	}
@@ -43,16 +42,15 @@ function smbsrv_sessions()
 */
 function smbsrv_trees()
 {
-	var conn = new Object();
 	var irpc = irpc_init();
-	status = irpc_connect(conn, "smb_server");
+	status = irpc.connect("smb_server");
 	if (status.is_ok != true) {
 		return undefined;
 	}
 
 	var io = irpcObj();
 	io.input.level = irpc.SMBSRV_INFO_TREES;
-	status = irpc.smbsrv_information(conn, io);
+	status = irpc.smbsrv_information(io);
 	if (status.is_ok != true) {
 		return undefined;
 	}
@@ -76,16 +74,15 @@ function smbsrv_trees()
 */
 function nbtd_statistics()
 {
-	var conn = new Object();
 	var irpc = irpc_init();
-	status = irpc_connect(conn, "nbt_server");
+	status = irpc.connect("nbt_server");
 	if (status.is_ok != true) {
 		return undefined;
 	}
 
 	var io = irpcObj();
 	io.input.level = irpc.NBTD_INFO_STATISTICS;
-	status = irpc.nbtd_information(conn, io);
+	status = irpc.nbtd_information(io);
 	if (status.is_ok != true) {
 		return undefined;
 	}
@@ -113,7 +110,6 @@ function service_enabled(name)
 */
 function server_status(name)
 {
-	var conn = new Object();
 	var i;
 	var io;
 	var irpc = irpc_init();
@@ -122,13 +118,13 @@ function server_status(name)
 		return "DISABLED";
 	}
 	
-	status = irpc_connect(conn, name + "_server");
+	status = irpc.connect(name + "_server");
 	if (status.is_ok != true) {
 		return "DOWN";
 	}
 
 	var io = irpcObj();
-	status = irpc.irpc_uptime(conn, io);
+	status = irpc.irpc_uptime(io);
 	if (status.is_ok != true) {
 		return "NOT RESPONDING";
 	}
@@ -141,19 +137,18 @@ function server_status(name)
 */
 function stream_server_status(name)
 {
-	var conn = new Object();
 	var irpc = irpc_init();
 
 	if (!service_enabled(name)) {
 		return "DISABLED";
 	}
-	status = irpc_connect(conn, name + "_server");
+	status = irpc.connect(name + "_server");
 	if (status.is_ok != true) {
 		return "0 connections";
 	}
 
 	var io = irpcObj();
-	status = irpc.irpc_uptime(conn, io);
+	status = irpc.irpc_uptime(io);
 	if (status.is_ok != true) {
 		return "NOT RESPONDING";
 	}
diff --git a/source4/scripting/libjs/samr.js b/source4/scripting/libjs/samr.js
index 2363dde686..d0c2b89822 100644
--- a/source4/scripting/libjs/samr.js
+++ b/source4/scripting/libjs/samr.js
@@ -32,12 +32,11 @@ function samArray(output)
 */
 function samrConnect(conn)
 {
-	conn.samr = samr_init();
-	conn.sec = security_init();
+	security_init(conn);
 	var io = irpcObj();
 	io.input.system_name = NULL;
-	io.input.access_mask = conn.sec.SEC_FLAG_MAXIMUM_ALLOWED;
-	var status = conn.samr.samr_Connect2(conn, io);
+	io.input.access_mask = conn.SEC_FLAG_MAXIMUM_ALLOWED;
+	var status = conn.samr_Connect2(io);
 	check_status_ok(status);
 	return io.output.connect_handle;
 }
@@ -49,7 +48,7 @@ function samrClose(conn, handle)
 {
 	var io = irpcObj();
 	io.input.handle = handle;
-	var status = conn.samr.samr_Close(conn, io);
+	var status = conn.samr_Close(io);
 	check_status_ok(status);
 }
 
@@ -61,7 +60,7 @@ function samrLookupDomain(conn, handle, domain)
 	var io = irpcObj();
 	io.input.connect_handle = handle;
 	io.input.domain_name = domain;
-	var status = conn.samr.samr_LookupDomain(conn, io);
+	var status = conn.samr_LookupDomain(io);
 	check_status_ok(status);
 	return io.output.sid;
 }
@@ -73,9 +72,9 @@ function samrOpenDomain(conn, handle, sid)
 {
 	var io = irpcObj();
 	io.input.connect_handle = handle;
-	io.input.access_mask = conn.sec.SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_mask = conn.SEC_FLAG_MAXIMUM_ALLOWED;
 	io.input.sid = sid;
-	var status = conn.samr.samr_OpenDomain(conn, io);
+	var status = conn.samr_OpenDomain(io);
 	check_status_ok(status);
 	return io.output.domain_handle;
 }
@@ -87,9 +86,9 @@ function samrOpenUser(conn, handle, rid)
 {
 	var io = irpcObj();
 	io.input.domain_handle = handle;
-	io.input.access_mask = conn.sec.SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_mask = conn.SEC_FLAG_MAXIMUM_ALLOWED;
 	io.input.rid = rid;
-	var status = conn.samr.samr_OpenUser(conn, io);
+	var status = conn.samr_OpenUser(io);
 	check_status_ok(status);
 	return io.output.user_handle;
 }
@@ -104,7 +103,7 @@ function samrEnumDomainUsers(conn, dom_handle)
 	io.input.resume_handle = 0;
 	io.input.acct_flags = 0;
 	io.input.max_size = -1;
-	var status = conn.samr.samr_EnumDomainUsers(conn, io);
+	var status = conn.samr_EnumDomainUsers(io);
 	check_status_ok(status);
 	return samArray(io.output);
 }
@@ -119,7 +118,7 @@ function samrEnumDomainGroups(conn, dom_handle)
 	io.input.resume_handle = 0;
 	io.input.acct_flags = 0;
 	io.input.max_size = -1;
-	var status = conn.samr.samr_EnumDomainGroups(conn, io);
+	var status = conn.samr_EnumDomainGroups(io);
 	check_status_ok(status);
 	return samArray(io.output);
 }
@@ -133,7 +132,7 @@ function samrEnumDomains(conn, handle)
 	io.input.connect_handle = handle;
 	io.input.resume_handle = 0;
 	io.input.buf_size = -1;
-	var status = conn.samr.samr_EnumDomains(conn, io);
+	var status = conn.samr_EnumDomains(io);
 	check_status_ok(status);
 	return samArray(io.output);
 }
@@ -146,7 +145,7 @@ function samrQueryUserInfo(conn, user_handle, level)
 	var r, io = irpcObj();
 	io.input.user_handle = user_handle;
 	io.input.level = level;
-	var status = conn.samr.samr_QueryUserInfo(conn, io);
+	var status = conn.samr_QueryUserInfo(io);
 	check_status_ok(status);
 	return io.output.info.info3;
 }
@@ -160,8 +159,8 @@ function samrFillUserInfo(conn, dom_handle, users, level)
 	var i;
 	for (i=0;i<users.length;i++) {
 		var r, user_handle, info;
-		user_handle = samrOpenUser(conn, dom_handle, users[i].idx);
-		info = samrQueryUserInfo(conn, user_handle, level);
+		user_handle = samrOpenUser(dom_handle, users[i].idx);
+		info = samrQueryUserInfo(user_handle, level);
 		info.name = users[i].name;
 		info.idx  = users[i].idx;
 		users[i] = info;
-- 
cgit 


From bab1eb1e3432f5cc5b0d42eebed4079d23264105 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 28 Jul 2005 07:14:49 +0000
Subject: r8822: fixed number of arguments in samr lib (This used to be commit
 8eee26bb85472aa45bd42fd28f968a38730e286c)

---
 source4/scripting/libjs/samr.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/samr.js b/source4/scripting/libjs/samr.js
index d0c2b89822..a7d7d964fb 100644
--- a/source4/scripting/libjs/samr.js
+++ b/source4/scripting/libjs/samr.js
@@ -159,8 +159,8 @@ function samrFillUserInfo(conn, dom_handle, users, level)
 	var i;
 	for (i=0;i<users.length;i++) {
 		var r, user_handle, info;
-		user_handle = samrOpenUser(dom_handle, users[i].idx);
-		info = samrQueryUserInfo(user_handle, level);
+		user_handle = samrOpenUser(conn, dom_handle, users[i].idx);
+		info = samrQueryUserInfo(conn, user_handle, level);
 		info.name = users[i].name;
 		info.idx  = users[i].idx;
 		users[i] = info;
-- 
cgit 


From 67180c4ccdab56fe1f41b293f6bbea1f955e3d91 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 5 Aug 2005 19:02:01 +0000
Subject: r9131: started adding the server side code for "AJAJ" (asynchronous
 javascript and javascript)

This is rather like AJAX, but passes around javascript objects between
the client and server, taking advantage of the fact that we have the
same language on both client and server.
(This used to be commit 5f9e00fb7f36f3351f40da93acfe47c911f6f65f)
---
 source4/scripting/libjs/encoder.js     | 100 +++++++++++++++++++++++++++++++++
 source4/scripting/libjs/server_call.js |  95 +++++++++++++++++++++++++++++++
 2 files changed, 195 insertions(+)
 create mode 100644 source4/scripting/libjs/encoder.js
 create mode 100644 source4/scripting/libjs/server_call.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/encoder.js b/source4/scripting/libjs/encoder.js
new file mode 100644
index 0000000000..65b2854d30
--- /dev/null
+++ b/source4/scripting/libjs/encoder.js
@@ -0,0 +1,100 @@
+/*
+	server side js functions for encoding/decoding objects into linear strings
+
+	Copyright Andrew Tridgell 2005
+	released under the GNU GPL Version 2 or later
+*/
+/*
+	usage:
+
+	  enc = encodeObject(obj);
+	  obj = decodeObject(enc);
+
+       The encoded format of the object is a string that is safe to
+       use in URLs
+
+       Note that only data elements are encoded, not functions
+*/
+
+function __count_members(o) {
+	var i, count = 0;
+	for (i in o) { 
+		count++;  
+	}
+	return count;
+}
+
+function __replace(str, old, rep) {
+	var s = string_init();
+	var a = s.split(old, str);
+	var j = s.join(rep, a);
+	return s.join(rep, a);
+}
+
+function encodeObject(o) {
+	var s = string_init();
+	var i, r = s.sprintf("%u:", __count_members(o));
+	for (i in o) {
+		var t = typeof(o[i]);
+		if (t == 'object' && o[i] == null) {
+			t = 'null';
+		}
+		if (t == 'object') {
+			r = s.sprintf("%s%s:%s:%s", r, i, t, encodeObject(o[i]));
+		} else if (t == "string") {
+			var enc = s.encodeURIComponent(o[i]);
+			var rep = __replace(enc, '%', '#');
+			r = s.sprintf("%s%s:%s:%s:", 
+				      r, i, t, __replace(s.encodeURIComponent(o[i]),'%','#'));
+		} else if (t == "boolean" || t == "number") {
+			r = s.sprintf("%s%s:%s:%s:", r, i, t, "" + o[i]);
+		} else if (t == "undefined" || t == "null") {
+			r = s.sprintf("%s%s:%s:", r, i, t);
+		} else {
+			println("Unable to linearise type " + t);
+		}
+	}
+	return r;
+}
+
+function decodeObjectArray(a) {
+	var s = string_init();
+	var o = new Object();
+	var i, count = a[a.i]; a.i++;
+	for (i=0;i<count;i++) {
+		var name  = a[a.i]; a.i++;
+		var type  = a[a.i]; a.i++;
+		var value;
+		if (type == 'object') {
+			o[name] = decodeObjectArray(a);
+		} else if (type == "string") {
+			value = s.decodeURIComponent(__replace(a[a.i],'#','%')); a.i++;
+			o[name] = value;
+		} else if (type == "boolean") {
+			value = a[a.i]; a.i++;
+			if (value == 'true') {
+				o[name] = true;
+			} else {
+				o[name] = false;
+			}
+		} else if (type == "undefined") {
+			o[name] = undefined;
+		} else if (type == "null") {
+			o[name] = null;
+		} else if (type == "number") {
+			value = a[a.i]; a.i++;
+			o[name] = value + 0;
+		} else {
+			println("Unable to delinearise type " + t);
+			assert(t == "supported type");
+		}
+	}
+	return o;
+}
+
+function decodeObject(str) {
+	var s = string_init();
+	var a = s.split(':', str);
+	a.i = 0;
+	return decodeObjectArray(a);
+}
diff --git a/source4/scripting/libjs/server_call.js b/source4/scripting/libjs/server_call.js
new file mode 100644
index 0000000000..1ed3053206
--- /dev/null
+++ b/source4/scripting/libjs/server_call.js
@@ -0,0 +1,95 @@
+/*
+	server side js functions for handling async calls from js clients
+
+	Copyright Andrew Tridgell 2005
+	released under the GNU GPL Version 2 or later
+*/
+
+libinclude("encoder.js");
+
+/*
+  a remote printf, for displaying stuff on smbd stdout
+*/
+function __server_printf()
+{
+	print(vsprintf(arguments));
+	return undefined;
+}
+
+/*
+  register a new call
+*/
+function __register_call(name, func)
+{
+	var c = this;
+	c.calls[name] = func;
+}
+
+/*
+  run a call sent from the client, and output the returned object (if any)
+*/
+function __run_call() {
+	var c = this;
+	var name = form['func'];
+	if (name == undefined) {
+		println("no function name given in run_call");
+		return;
+	}
+	var args = form['args'];
+	if (args == undefined) {
+		println("no function arguments given in run_call");
+		return;
+	}
+	args = decodeObject(args);
+	if (c.calls[name] == undefined) {
+		println("undefined remote call " + name);
+		return;
+	}
+	var f = c.calls[name];
+	var res;
+	/* oh what a hack - should write a varargs ejs helper */
+	if (args.length == 0) {
+		res = f();
+	} else if (args.length == 1) {
+		res = f(args[0]);
+	} else if (args.length == 2) {
+		res = f(args[0], args[1]);
+	} else if (args.length == 3) {
+		res = f(args[0], args[1], args[2]);
+	} else if (args.length == 4) {
+		res = f(args[0], args[1], args[2], args[3]);
+	} else if (args.length == 5) {
+		res = f(args[0], args[1], args[2], args[3], args[4]);
+	} else if (args.length == 6) {
+		res = f(args[0], args[1], args[2], args[3], args[4], args[5]);
+	} else if (args.length == 7) {
+		res = f(args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
+	} else if (args.length == 8) {
+		res = f(args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7]);
+	} else {
+		println("too many arguments for remote call: " + name);
+		return;
+	}
+	var repobj = new Object();
+	repobj.res = res;
+	write(encodeObject(repobj));
+}
+
+
+
+/*
+  initialise a server call object
+*/
+function servCallObj()
+{
+	var c = new Object();
+	c.add = __register_call;
+	c.run = __run_call;
+	c.calls = new Object();
+
+	/* add some basic calls */
+	c.add('printf', __server_printf);
+
+	return c;
+}
+
-- 
cgit 


From 772d58066dd074b961b39fcdfc01bc956b193cb5 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 6 Aug 2005 01:09:27 +0000
Subject: r9159: abstract the winreg js functions into a nice library interface
 (This used to be commit 5e398700627fb2c16bf39b9c851f640f5412c7d4)

---
 source4/scripting/libjs/winreg.js | 115 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 source4/scripting/libjs/winreg.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
new file mode 100644
index 0000000000..129cfe0898
--- /dev/null
+++ b/source4/scripting/libjs/winreg.js
@@ -0,0 +1,115 @@
+/*
+	winreg rpc utility functions 
+	Copyright Andrew Tridgell 2005
+	released under the GNU GPL v2 or later
+*/	
+
+
+/*
+  open a hive
+*/
+function winreg_open_hive(reg, hive)
+{
+	var io = irpcObj();
+	io.input.system_name = NULL;
+	io.input.access_required = reg.SEC_FLAG_MAXIMUM_ALLOWED;
+	var status;
+	if (hive == "HKLM") {
+		status = reg.winreg_OpenHKLM(io);
+	} else if (hive == "HKCR") {
+		status = reg.winreg_OpenHKCR(io);
+	} else if (hive == "HKPD") {
+		status = reg.winreg_OpenHKPD(io);
+	} else if (hive == "HKU") {
+		status = reg.winreg_OpenHKU(io);
+	} else {
+		println("Unknown hive " + hive);
+		return undefined;
+	}
+	if (!status.is_ok) {
+		return undefined;
+	}
+	return io.output.handle;
+}
+
+/*
+  open a handle to a path
+*/
+function winreg_open_path(reg, path)
+{
+	var s = string_init();
+	var i, components = s.split('\\', path);
+	var list = new Object();
+
+	list.length = 0;
+	
+	var handle = winreg_open_hive(reg, components[0]);
+	if (handle == undefined) {
+		return undefined;
+	}
+
+	for (i=1;i<components.length;i++) {
+		io = irpcObj();
+		io.input.handle  = handle;
+		io.input.keyname = components[i];
+		io.input.unknown = 0;
+		io.input.access_mask = reg.SEC_FLAG_MAXIMUM_ALLOWED;
+		var status = reg.winreg_OpenKey(io);
+		if (!status.is_ok) {
+			return undefined;
+		}
+		if (io.output.result != "WERR_OK") {
+			return undefined;
+		}
+
+		handle = io.output.handle;
+	}
+	return handle;
+}
+
+/*
+	return a list of keys for a winreg server given a path
+	usage:
+	   list = winreg_enum_path(reg, path);
+*/
+function winreg_enum_path(reg, path)
+{
+	var list = new Object();
+	list.length = 0;
+	
+	handle = winreg_open_path(reg, path);
+	if (handle == undefined) {
+		return undefined;
+	}
+
+	var io = irpcObj();
+	var wtime = new Object();
+	wtime.low  = 2147483647;
+	wtime.high = 2147483647;
+	var keyname = new Object();
+	keyname.unknown  = 522;
+	keyname.key_name = NULL;
+
+	io.input.handle            = handle;
+	io.input.key_name_len      = 0;
+	io.input.unknown           = 1044;
+	io.input.in_name           = keyname;
+	io.input.class             = "";
+	io.input.last_changed_time = wtime;
+	
+	var idx = 0;
+	for (idx=0;idx >= 0;idx++) {
+		io.input.enum_index        = idx;
+		var status = reg.winreg_EnumKey(io);
+		if (!status.is_ok) return;
+		var out = io.output;
+		if (out.result != "WERR_OK") {
+			return list;
+		}
+
+		list[list.length] = out.out_name.name;
+		list.length++;
+	}
+
+	return list;
+}
-- 
cgit 


From 0c15c024118debc4e87908ed8d23c314f38f28ed Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 7 Aug 2005 06:19:17 +0000
Subject: r9174: ejs does not include the special variable 'length' in for
 loops over objects, so we need to check for it separately in the object
 lineariser (This used to be commit ea3c3d0a0f79c49c2e93da4956cc509614f92f37)

---
 source4/scripting/libjs/encoder.js | 50 ++++++++++++++++++++++++--------------
 1 file changed, 32 insertions(+), 18 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/encoder.js b/source4/scripting/libjs/encoder.js
index 65b2854d30..24508f3f6b 100644
--- a/source4/scripting/libjs/encoder.js
+++ b/source4/scripting/libjs/encoder.js
@@ -21,6 +21,9 @@ function __count_members(o) {
 	for (i in o) { 
 		count++;  
 	}
+	if (o.length != undefined) {
+		count++;
+	}
 	return count;
 }
 
@@ -31,28 +34,39 @@ function __replace(str, old, rep) {
 	return s.join(rep, a);
 }
 
+function encodeElement(e, name) {
+	var t = typeof(e);
+	var r;
+	var s = string_init();
+	if (t == 'object' && e == null) {
+		t = 'null';
+	}
+	if (t == 'object') {
+		r = s.sprintf("%s:%s:%s", name, t, encodeObject(e));
+	} else if (t == "string") {
+		var enc = s.encodeURIComponent(e);
+		var rep = __replace(enc, '%', '#');
+		r = s.sprintf("%s:%s:%s:", 
+			      name, t, __replace(s.encodeURIComponent(e),'%','#'));
+	} else if (t == "boolean" || t == "number") {
+		r = s.sprintf("%s:%s:%s:", name, t, "" + e);
+	} else if (t == "undefined" || t == "null") {
+		r = s.sprintf("%s:%s:", name, t);
+	} else {
+		println("Unable to linearise type " + t);
+		r = "";
+	}
+	return r;
+}
+
 function encodeObject(o) {
 	var s = string_init();
 	var i, r = s.sprintf("%u:", __count_members(o));
 	for (i in o) {
-		var t = typeof(o[i]);
-		if (t == 'object' && o[i] == null) {
-			t = 'null';
-		}
-		if (t == 'object') {
-			r = s.sprintf("%s%s:%s:%s", r, i, t, encodeObject(o[i]));
-		} else if (t == "string") {
-			var enc = s.encodeURIComponent(o[i]);
-			var rep = __replace(enc, '%', '#');
-			r = s.sprintf("%s%s:%s:%s:", 
-				      r, i, t, __replace(s.encodeURIComponent(o[i]),'%','#'));
-		} else if (t == "boolean" || t == "number") {
-			r = s.sprintf("%s%s:%s:%s:", r, i, t, "" + o[i]);
-		} else if (t == "undefined" || t == "null") {
-			r = s.sprintf("%s%s:%s:", r, i, t);
-		} else {
-			println("Unable to linearise type " + t);
-		}
+		r = r + encodeElement(o[i], i);
+	}
+	if (o.length != undefined) {
+		r = r + encodeElement(o.length, 'length');
 	}
 	return r;
 }
-- 
cgit 


From e49aeef2323b8432133e502152796b97119890d5 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 7 Aug 2005 07:01:03 +0000
Subject: r9178: remove the old server printf code (This used to be commit
 0b96b3bfe370f5f4e44cc1a2a249f766a04c5b07)

---
 source4/scripting/libjs/server_call.js | 13 -------------
 1 file changed, 13 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/server_call.js b/source4/scripting/libjs/server_call.js
index 1ed3053206..316e764a53 100644
--- a/source4/scripting/libjs/server_call.js
+++ b/source4/scripting/libjs/server_call.js
@@ -7,15 +7,6 @@
 
 libinclude("encoder.js");
 
-/*
-  a remote printf, for displaying stuff on smbd stdout
-*/
-function __server_printf()
-{
-	print(vsprintf(arguments));
-	return undefined;
-}
-
 /*
   register a new call
 */
@@ -86,10 +77,6 @@ function servCallObj()
 	c.add = __register_call;
 	c.run = __run_call;
 	c.calls = new Object();
-
-	/* add some basic calls */
-	c.add('printf', __server_printf);
-
 	return c;
 }
 
-- 
cgit 


From 924b3cc953182c4f72d6356b7209c4ccb5647fb1 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 8 Aug 2005 22:29:44 +0000
Subject: r9218: make the winreg library code handle arbitrary paths more
 efficiently and more conveniently (caller doesn't need to know the hive names
 now) (This used to be commit dadd7e22fb439f7b18c429a95c75902e4741ba8d)

---
 source4/scripting/libjs/winreg.js | 54 +++++++++++++++++++++++++++------------
 1 file changed, 38 insertions(+), 16 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 129cfe0898..703b8da2a7 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -42,29 +42,48 @@ function winreg_open_path(reg, path)
 	var list = new Object();
 
 	list.length = 0;
+
+	/* cope with a leading slash */
+	if (components[0] == '') {
+		for (i=0;i<(components.length-1);i++) {
+			components[i] = components[i+1];
+		}
+		components.length--;
+	}
 	
+	if (components.length == 0) {
+		return undefined;
+	}
+
 	var handle = winreg_open_hive(reg, components[0]);
 	if (handle == undefined) {
 		return undefined;
 	}
 
-	for (i=1;i<components.length;i++) {
-		io = irpcObj();
-		io.input.handle  = handle;
-		io.input.keyname = components[i];
-		io.input.unknown = 0;
-		io.input.access_mask = reg.SEC_FLAG_MAXIMUM_ALLOWED;
-		var status = reg.winreg_OpenKey(io);
-		if (!status.is_ok) {
-			return undefined;
-		}
-		if (io.output.result != "WERR_OK") {
-			return undefined;
-		}
+	if (components.length == 1) {
+		return handle;
+	}
 
-		handle = io.output.handle;
+	var hpath = components[1];
+
+	for (i=2;i<components.length;i++) {
+		hpath = hpath + "\\" + components[i];
 	}
-	return handle;
+
+	io = irpcObj();
+	io.input.handle  = handle;
+	io.input.keyname = hpath;
+	io.input.unknown = 0;
+	io.input.access_mask = reg.SEC_FLAG_MAXIMUM_ALLOWED;
+	var status = reg.winreg_OpenKey(io);
+	if (!status.is_ok) {
+		return undefined;
+	}
+	if (io.output.result != "WERR_OK") {
+		return undefined;
+	}
+	
+	return io.output.handle;
 }
 
 /*
@@ -76,6 +95,10 @@ function winreg_enum_path(reg, path)
 {
 	var list = new Object();
 	list.length = 0;
+
+	if (path == null || path == "\\" || path == "") {
+		return new Array("HKLM", "HKU");
+	}
 	
 	handle = winreg_open_path(reg, path);
 	if (handle == undefined) {
@@ -106,7 +129,6 @@ function winreg_enum_path(reg, path)
 		if (out.result != "WERR_OK") {
 			return list;
 		}
-
 		list[list.length] = out.out_name.name;
 		list.length++;
 	}
-- 
cgit 


From 8942ac69f01acc2e09a56e6accef6034622d40d4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 10 Aug 2005 06:58:05 +0000
Subject: r9227: cleanup and simplify the AJAJ code (This used to be commit
 ceb7669e5991e9dda759d60a09a0a65e6caba991)

---
 source4/scripting/libjs/server_call.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/server_call.js b/source4/scripting/libjs/server_call.js
index 316e764a53..a8c08780f9 100644
--- a/source4/scripting/libjs/server_call.js
+++ b/source4/scripting/libjs/server_call.js
@@ -21,20 +21,20 @@ function __register_call(name, func)
 */
 function __run_call() {
 	var c = this;
-	var name = form['func'];
+	var name = form['ajaj_func'];
 	if (name == undefined) {
-		println("no function name given in run_call");
+		/* no function to run */
 		return;
 	}
-	var args = form['args'];
+	var args = form['ajaj_args'];
 	if (args == undefined) {
 		println("no function arguments given in run_call");
-		return;
+		exit(0);
 	}
 	args = decodeObject(args);
 	if (c.calls[name] == undefined) {
 		println("undefined remote call " + name);
-		return;
+		exit(0);
 	}
 	var f = c.calls[name];
 	var res;
@@ -59,11 +59,12 @@ function __run_call() {
 		res = f(args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7]);
 	} else {
 		println("too many arguments for remote call: " + name);
-		return;
+		exit(0);
 	}
 	var repobj = new Object();
 	repobj.res = res;
 	write(encodeObject(repobj));
+	exit(0);
 }
 
 
-- 
cgit 


From 9fffd12799239219a276b1ca83319d1340d97232 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 17 Aug 2005 01:25:58 +0000
Subject: r9338: fixed the winreg IDL to be correct for the EnumKey and
 EnumValue calls. The previous IDL was just a workaround for the limitations
 of our older rpc infrastructure. Now that Jelmer has added much improved
 string support using the charset keyword we can correctly implemenent the
 unusual winreg string buffers.

Jelmer, note the little comment I put on winreg_StringBuf() about why
I couldn't use [value()] for the length field.

This also fixes EnumKey() and EnumValue() to use NTTIME fields for the
last_changed_time. I don't know why we were using a pair of uint32's,
as it is just a NTTIME.
(This used to be commit 8354b016122cc4f3cff042b3ada1de07e1614eb7)
---
 source4/scripting/libjs/winreg.js | 127 +++++++++++++++++++++++++++++++++-----
 1 file changed, 110 insertions(+), 17 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 703b8da2a7..5323e91ae5 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -4,6 +4,18 @@
 	released under the GNU GPL v2 or later
 */	
 
+libinclude("base.js");
+
+/*
+  close a handle
+*/
+function winreg_close(reg, handle)
+{
+	var io = irpcObj();
+	io.input.handle = handle;
+	reg.winreg_CloseKey(io);
+}
+
 
 /*
   open a hive
@@ -76,6 +88,9 @@ function winreg_open_path(reg, path)
 	io.input.unknown = 0;
 	io.input.access_mask = reg.SEC_FLAG_MAXIMUM_ALLOWED;
 	var status = reg.winreg_OpenKey(io);
+
+	winreg_close(reg, handle);
+
 	if (!status.is_ok) {
 		return undefined;
 	}
@@ -100,38 +115,116 @@ function winreg_enum_path(reg, path)
 		return new Array("HKLM", "HKU");
 	}
 	
-	handle = winreg_open_path(reg, path);
+	var handle = winreg_open_path(reg, path);
 	if (handle == undefined) {
 		return undefined;
 	}
 
 	var io = irpcObj();
-	var wtime = new Object();
-	wtime.low  = 2147483647;
-	wtime.high = 2147483647;
-	var keyname = new Object();
-	keyname.unknown  = 522;
-	keyname.key_name = NULL;
-
 	io.input.handle            = handle;
-	io.input.key_name_len      = 0;
-	io.input.unknown           = 1044;
-	io.input.in_name           = keyname;
-	io.input.class             = "";
-	io.input.last_changed_time = wtime;
-	
+	io.input.name = new Object();
+	io.input.name.length = 0;
+	io.input.name.size   = 32;
+	io.input.name.name   = NULL;
+	io.input.class = new Object();
+	io.input.class.length = 0;
+	io.input.class.size   = 1024;
+	io.input.class.name   = NULL;
+	io.input.last_changed_time = 0;
+
 	var idx = 0;
 	for (idx=0;idx >= 0;idx++) {
-		io.input.enum_index        = idx;
+		io.input.enum_index = idx;
 		var status = reg.winreg_EnumKey(io);
-		if (!status.is_ok) return;
+		if (!status.is_ok) {
+			winreg_close(reg, handle);
+			return;
+		}
+		var out = io.output;
+		if (out.result == "WERR_MORE_DATA") {
+			io.input.name.size = io.input.name.size * 2;
+			idx--;
+			if (io.input.name.size > 32000) {
+				winreg_close(reg, handle);
+				return undefined;
+			}
+			continue;
+		}
+		if (out.result != "WERR_OK") {
+			winreg_close(reg, handle);
+			return list;
+		}
+		list[list.length] = out.name.name;
+		list.length++;
+	}
+
+	winreg_close(reg, handle);
+	return list;
+}
+
+
+/*
+	return a list of values for a winreg server given a path
+	usage:
+	   list = winreg_enum_values(reg, path);
+
+	each returned list element is an object containing a name, a
+	type and a value
+*/
+function winreg_enum_values(reg, path)
+{
+	var list = new Object();
+	list.length = 0;
+
+	var handle = winreg_open_path(reg, path);
+	if (handle == undefined) {
+		return undefined;
+	}
+
+	var io = irpcObj();
+	io.input.handle      = handle;
+	io.input.name        = new Object();
+	io.input.name.length = 0;
+	io.input.name.size   = 128;
+	io.input.name.name   = "";
+	io.input.type        = 0;
+	io.input.value       = new Array(0);
+	io.input.size        = 1024;
+	io.input.length      = 0;
+
+	var idx;
+	for (idx=0;idx >= 0;idx++) {
+		io.input.enum_index = idx;
+		var status = reg.winreg_EnumValue(io);
+		if (!status.is_ok) {
+			winreg_close(reg, handle);
+			return;
+		}
 		var out = io.output;
+		if (out.result == "WERR_MORE_DATA") {
+			io.input.size = io.input.size * 2;
+			io.input.name.size = io.input.name.size * 2;
+			idx--;
+			/* limit blobs to 1M */
+			if (io.input.size > 1000000) {
+				winreg_close(reg, handle);
+				return undefined;
+			}
+			continue;
+		}
 		if (out.result != "WERR_OK") {
+			winreg_close(reg, handle);
 			return list;
 		}
-		list[list.length] = out.out_name.name;
+		var el   = new Object();
+		el.name  = out.name.name;
+		el.type  = out.type;
+		el.value = out.value;
+		el.size  = out.size;
+		list[list.length] = el;
 		list.length++;
 	}
 
+	winreg_close(reg, handle);
 	return list;
 }
-- 
cgit 


From 4e3cacdaa83638b705c4fa6e79e8f17456c3e233 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 17 Aug 2005 12:27:28 +0000
Subject: r9355: return the EnumKey and EnumValue list we have so far when we
 get a rpc fault (This used to be commit
 3a9c63923fbb21dfb8e5fc549dde8fad8cb8f354)

---
 source4/scripting/libjs/winreg.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 5323e91ae5..8befd36045 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -138,7 +138,7 @@ function winreg_enum_path(reg, path)
 		var status = reg.winreg_EnumKey(io);
 		if (!status.is_ok) {
 			winreg_close(reg, handle);
-			return;
+			return list;
 		}
 		var out = io.output;
 		if (out.result == "WERR_MORE_DATA") {
@@ -146,7 +146,7 @@ function winreg_enum_path(reg, path)
 			idx--;
 			if (io.input.name.size > 32000) {
 				winreg_close(reg, handle);
-				return undefined;
+				return list;
 			}
 			continue;
 		}
@@ -198,7 +198,7 @@ function winreg_enum_values(reg, path)
 		var status = reg.winreg_EnumValue(io);
 		if (!status.is_ok) {
 			winreg_close(reg, handle);
-			return;
+			return list;
 		}
 		var out = io.output;
 		if (out.result == "WERR_MORE_DATA") {
@@ -208,7 +208,7 @@ function winreg_enum_values(reg, path)
 			/* limit blobs to 1M */
 			if (io.input.size > 1000000) {
 				winreg_close(reg, handle);
-				return undefined;
+				return list;
 			}
 			continue;
 		}
-- 
cgit 


From f4aa80d88f768d4edbfca2bf0907de0e1c319ec5 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 22 Aug 2005 01:52:22 +0000
Subject: r9465: handle encoding and decoding of pointers, representing them as
 a string containing "(POINTER)" (This used to be commit
 6f69eeb8f258063f1ac911ab38e667e7743ccba3)

---
 source4/scripting/libjs/encoder.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/encoder.js b/source4/scripting/libjs/encoder.js
index 24508f3f6b..d96b859547 100644
--- a/source4/scripting/libjs/encoder.js
+++ b/source4/scripting/libjs/encoder.js
@@ -52,6 +52,8 @@ function encodeElement(e, name) {
 		r = s.sprintf("%s:%s:%s:", name, t, "" + e);
 	} else if (t == "undefined" || t == "null") {
 		r = s.sprintf("%s:%s:", name, t);
+	} else if (t == "pointer") {
+		r = s.sprintf("%s:string:(POINTER):", name);
 	} else {
 		println("Unable to linearise type " + t);
 		r = "";
-- 
cgit 


From 60eb9f87a0a0c96cf67a33516b34ea8cd14dd5e9 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 23 Aug 2005 02:00:09 +0000
Subject: r9497: - converted the winreg library to a more OO style of interface

- added a reg.typestring() method that returns a string representation of a type
(This used to be commit 47cf409cdf501fc3e2b0c65688a9ef1d702278a5)
---
 source4/scripting/libjs/winreg.js | 93 ++++++++++++++++++++++++++-------------
 1 file changed, 63 insertions(+), 30 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 8befd36045..1e9dbcbb52 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -9,31 +9,31 @@ libinclude("base.js");
 /*
   close a handle
 */
-function winreg_close(reg, handle)
+function __winreg_close(handle)
 {
 	var io = irpcObj();
 	io.input.handle = handle;
-	reg.winreg_CloseKey(io);
+	this.winreg_CloseKey(io);
 }
 
 
 /*
   open a hive
 */
-function winreg_open_hive(reg, hive)
+function __winreg_open_hive(hive)
 {
 	var io = irpcObj();
 	io.input.system_name = NULL;
-	io.input.access_required = reg.SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_required = this.SEC_FLAG_MAXIMUM_ALLOWED;
 	var status;
 	if (hive == "HKLM") {
-		status = reg.winreg_OpenHKLM(io);
+		status = this.winreg_OpenHKLM(io);
 	} else if (hive == "HKCR") {
-		status = reg.winreg_OpenHKCR(io);
+		status = this.winreg_OpenHKCR(io);
 	} else if (hive == "HKPD") {
-		status = reg.winreg_OpenHKPD(io);
+		status = this.winreg_OpenHKPD(io);
 	} else if (hive == "HKU") {
-		status = reg.winreg_OpenHKU(io);
+		status = this.winreg_OpenHKU(io);
 	} else {
 		println("Unknown hive " + hive);
 		return undefined;
@@ -47,7 +47,7 @@ function winreg_open_hive(reg, hive)
 /*
   open a handle to a path
 */
-function winreg_open_path(reg, path)
+function __winreg_open_path(path)
 {
 	var s = string_init();
 	var i, components = s.split('\\', path);
@@ -67,7 +67,7 @@ function winreg_open_path(reg, path)
 		return undefined;
 	}
 
-	var handle = winreg_open_hive(reg, components[0]);
+	var handle = this.open_hive(components[0]);
 	if (handle == undefined) {
 		return undefined;
 	}
@@ -86,10 +86,10 @@ function winreg_open_path(reg, path)
 	io.input.handle  = handle;
 	io.input.keyname = hpath;
 	io.input.unknown = 0;
-	io.input.access_mask = reg.SEC_FLAG_MAXIMUM_ALLOWED;
-	var status = reg.winreg_OpenKey(io);
+	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
+	var status = this.winreg_OpenKey(io);
 
-	winreg_close(reg, handle);
+	this.close(handle);
 
 	if (!status.is_ok) {
 		return undefined;
@@ -104,9 +104,9 @@ function winreg_open_path(reg, path)
 /*
 	return a list of keys for a winreg server given a path
 	usage:
-	   list = winreg_enum_path(reg, path);
+	   list = reg.enum_path(path);
 */
-function winreg_enum_path(reg, path)
+function __winreg_enum_path(path)
 {
 	var list = new Object();
 	list.length = 0;
@@ -115,7 +115,7 @@ function winreg_enum_path(reg, path)
 		return new Array("HKLM", "HKU");
 	}
 	
-	var handle = winreg_open_path(reg, path);
+	var handle = this.open_path(path);
 	if (handle == undefined) {
 		return undefined;
 	}
@@ -135,9 +135,9 @@ function winreg_enum_path(reg, path)
 	var idx = 0;
 	for (idx=0;idx >= 0;idx++) {
 		io.input.enum_index = idx;
-		var status = reg.winreg_EnumKey(io);
+		var status = this.winreg_EnumKey(io);
 		if (!status.is_ok) {
-			winreg_close(reg, handle);
+			this.close(handle);
 			return list;
 		}
 		var out = io.output;
@@ -145,20 +145,20 @@ function winreg_enum_path(reg, path)
 			io.input.name.size = io.input.name.size * 2;
 			idx--;
 			if (io.input.name.size > 32000) {
-				winreg_close(reg, handle);
+				this.close(handle);
 				return list;
 			}
 			continue;
 		}
 		if (out.result != "WERR_OK") {
-			winreg_close(reg, handle);
+			this.close(handle);
 			return list;
 		}
 		list[list.length] = out.name.name;
 		list.length++;
 	}
 
-	winreg_close(reg, handle);
+	this.close(handle);
 	return list;
 }
 
@@ -166,17 +166,18 @@ function winreg_enum_path(reg, path)
 /*
 	return a list of values for a winreg server given a path
 	usage:
-	   list = winreg_enum_values(reg, path);
+	   list = reg.enum_values(path);
 
 	each returned list element is an object containing a name, a
 	type and a value
 */
-function winreg_enum_values(reg, path)
+function __winreg_enum_values(path)
 {
+	var data = datablob_init();
 	var list = new Object();
 	list.length = 0;
 
-	var handle = winreg_open_path(reg, path);
+	var handle = this.open_path(path);
 	if (handle == undefined) {
 		return undefined;
 	}
@@ -195,9 +196,9 @@ function winreg_enum_values(reg, path)
 	var idx;
 	for (idx=0;idx >= 0;idx++) {
 		io.input.enum_index = idx;
-		var status = reg.winreg_EnumValue(io);
+		var status = this.winreg_EnumValue(io);
 		if (!status.is_ok) {
-			winreg_close(reg, handle);
+			this.close(handle);
 			return list;
 		}
 		var out = io.output;
@@ -207,24 +208,56 @@ function winreg_enum_values(reg, path)
 			idx--;
 			/* limit blobs to 1M */
 			if (io.input.size > 1000000) {
-				winreg_close(reg, handle);
+				this.close(handle);
 				return list;
 			}
 			continue;
 		}
 		if (out.result != "WERR_OK") {
-			winreg_close(reg, handle);
+			this.close(handle);
 			return list;
 		}
 		var el   = new Object();
 		el.name  = out.name.name;
 		el.type  = out.type;
-		el.value = out.value;
+		el.rawvalue = out.value;
+		el.value = data.regToVar(el.rawvalue, el.type);
 		el.size  = out.size;
 		list[list.length] = el;
 		list.length++;
 	}
 
-	winreg_close(reg, handle);
+	this.close(handle);
 	return list;
 }
+
+/*
+  return a string for a winreg type
+*/
+function __winreg_typestring(type)
+{
+	return this.typenames[type];
+}
+
+/*
+  initialise the winreg lib, returning an object
+*/
+function winregObj()
+{
+	var reg = winreg_init();
+	security_init(reg);
+
+	reg.typenames = new Array("REG_NONE", "REG_SZ", "REG_EXPAND_SZ", "REG_BINARY", 
+				  "REG_DWORD", "REG_DWORD_BIG_ENDIAN", "REG_LINK", "REG_MULTI_SZ",
+				  "REG_RESOURCE_LIST", "REG_FULL_RESOURCE_DESCRIPTOR", 
+				  "REG_RESOURCE_REQUIREMENTS_LIST", "REG_QWORD");
+
+	reg.close = __winreg_close;
+	reg.open_hive = __winreg_open_hive;
+	reg.open_path = __winreg_open_path;
+	reg.enum_path = __winreg_enum_path;
+	reg.enum_values = __winreg_enum_values;
+	reg.typestring = __winreg_typestring;
+
+	return reg;
+}
-- 
cgit 


From 4a37c7ebbe0beec064f11ea075e1a5285290d7e1 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 24 Aug 2005 08:32:51 +0000
Subject: r9568: updated the winreg js library for CreateKey, and add a
 --createkey option to the winreg tool (This used to be commit
 881452c7b7cc00222328f743c2c0c4ece39f4c96)

---
 source4/scripting/libjs/winreg.js | 47 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 41 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 1e9dbcbb52..adcefcae85 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -35,7 +35,7 @@ function __winreg_open_hive(hive)
 	} else if (hive == "HKU") {
 		status = this.winreg_OpenHKU(io);
 	} else {
-		println("Unknown hive " + hive);
+		this._last_error = "Unknown hive " + hive;
 		return undefined;
 	}
 	if (!status.is_ok) {
@@ -231,6 +231,40 @@ function __winreg_enum_values(path)
 	return list;
 }
 
+
+/*
+  create a new key
+    ok = reg.create_key(path, key);
+*/
+function __winreg_create_key(path, key)
+{
+	var handle = this.open_path(path);
+	if (handle == undefined) {
+		return undefined;
+	}
+
+	var io = irpcObj();
+	io.input.handle = handle;
+	io.input.name = key;
+	io.input.class = NULL;
+	io.input.options = 0;
+	io.input.access_required = this.SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.secdesc = NULL;
+	io.input.action_taken = 0;	
+
+	var status = this.winreg_CreateKey(io);
+	this.close(handle);
+	if (!status.is_ok) {
+		return false;
+	}
+	if (io.output.result != "WERR_OK") {
+		return false;
+	}
+	this.close(io.output.new_handle);
+	return true;
+}
+
+
 /*
   return a string for a winreg type
 */
@@ -252,12 +286,13 @@ function winregObj()
 				  "REG_RESOURCE_LIST", "REG_FULL_RESOURCE_DESCRIPTOR", 
 				  "REG_RESOURCE_REQUIREMENTS_LIST", "REG_QWORD");
 
-	reg.close = __winreg_close;
-	reg.open_hive = __winreg_open_hive;
-	reg.open_path = __winreg_open_path;
-	reg.enum_path = __winreg_enum_path;
+	reg.close       = __winreg_close;
+	reg.open_hive   = __winreg_open_hive;
+	reg.open_path   = __winreg_open_path;
+	reg.enum_path   = __winreg_enum_path;
 	reg.enum_values = __winreg_enum_values;
-	reg.typestring = __winreg_typestring;
+	reg.create_key  = __winreg_create_key;
+	reg.typestring  = __winreg_typestring;
 
 	return reg;
 }
-- 
cgit 


From 9b0662bb4478ba6b8c75de1e7e5e272a0d14c2d6 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 28 Aug 2005 02:38:11 +0000
Subject: r9707:  r11080@blu:  tridge | 2005-08-28 12:41:12 +1000  make sure we
 leave the account enabled after creating a new user (This used to be commit
 a22d0d02eed8b960f5fde4211b0d2967c500f4a4)

---
 source4/scripting/libjs/provision.js | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 0bcb2fa761..afa5adaa9f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -317,6 +317,28 @@ function searchone(ldb, expression, attribute)
 	return res[0][attribute];
 }
 
+/*
+  modify an account to remove the 
+*/
+function enable_account(ldb, user_dn)
+{
+	var attrs = new Array("userAccountControl");
+	var res = ldb.search(NULL, user_dn, ldb.SCOPE_ONELEVEL, attrs);
+	assert(res.length == 1);
+	var userAccountControl = res[0].userAccountControl;
+	userAccountControl = userAccountControl - 2; /* remove disabled bit */
+	var mod = sprintf("
+dn: %s
+changetype: modify
+replace: userAccountControl
+userAccountControl: %u
+", 
+			  user_dn, userAccountControl);
+	var ok = ldb.modify(mod);
+	return ok;	
+}
+
+
 /*
   add a new user record
 */
@@ -385,7 +407,10 @@ member: %s
 		return false;
 	}
 
-	return true;
+	/*
+	  modify the userAccountControl to remove the disabled bit
+	*/
+	return enable_account(ldb, user_dn);
 }
 
 
-- 
cgit 


From d6cd54fb0a1c3ac51479d1fdcff91893c27ef9d7 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 28 Aug 2005 22:17:07 +0000
Subject: r9718: Work a bit on the SWAT interface (This used to be commit
 b1844905d2c1ca26aef0ccba799ff16383348fc1)

---
 source4/scripting/libjs/samba3.js | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 source4/scripting/libjs/samba3.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/samba3.js b/source4/scripting/libjs/samba3.js
new file mode 100644
index 0000000000..7f50c8c4b2
--- /dev/null
+++ b/source4/scripting/libjs/samba3.js
@@ -0,0 +1,8 @@
+/*
+	backend code for upgrading from Samba3
+	Copyright Jelmer Vernooij 2005
+	Released under the GNU GPL v2 or later
+*/
+
+
+return 0;
-- 
cgit 


From d152839e299e7e406bb938c5b413ad975a895d6f Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 28 Aug 2005 23:03:49 +0000
Subject: r9722: Initial attempt at converting samba3dump to EJS.. (This used
 to be commit 7e3b94dfb9c421793dab7813b96ca63da4b33960)

---
 source4/scripting/libjs/samba3.js  |  8 --------
 source4/scripting/libjs/upgrade.js | 13 +++++++++++++
 2 files changed, 13 insertions(+), 8 deletions(-)
 delete mode 100644 source4/scripting/libjs/samba3.js
 create mode 100644 source4/scripting/libjs/upgrade.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/samba3.js b/source4/scripting/libjs/samba3.js
deleted file mode 100644
index 7f50c8c4b2..0000000000
--- a/source4/scripting/libjs/samba3.js
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-	backend code for upgrading from Samba3
-	Copyright Jelmer Vernooij 2005
-	Released under the GNU GPL v2 or later
-*/
-
-
-return 0;
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
new file mode 100644
index 0000000000..604bbac2c0
--- /dev/null
+++ b/source4/scripting/libjs/upgrade.js
@@ -0,0 +1,13 @@
+/*
+	backend code for upgrading from Samba3
+	Copyright Jelmer Vernooij 2005
+	Released under the GNU GPL v2 or later
+*/
+
+libinclude("base.js");
+
+function foo() 
+{
+
+	return 0;
+}
-- 
cgit 


From 0549763600b26fadac443555e1cbec5680f91340 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 29 Aug 2005 12:31:32 +0000
Subject: r9735: More work on generating a valid Samba4 configuration using the
 Samba3 data (both console and SWAT) (This used to be commit
 d569465dc4def55c27878028f2fc762960f453d8)

---
 source4/scripting/libjs/upgrade.js | 271 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 269 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 604bbac2c0..60570935f6 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -6,8 +6,275 @@
 
 libinclude("base.js");
 
-function foo() 
+function regkey_to_dn(name)
 {
+	var dn = "hive=NONE";
+	var i = 0;
 
-	return 0;
+	var as = split("/", name);
+
+	for (i in as) {
+		if (i > 0) {
+			dn = sprintf("key=%s,", as[i]) + dn;
+		}
+	}
+
+	return dn;
+}
+
+/* Where prefix is any of:
+ * - HKLM
+ *   HKU
+ *   HKCR
+ *   HKPD
+ *   HKPT
+ */
+
+function upgrade_registry(regdb,prefix)
+{
+	var prefix_up = strupper(prefix);
+
+	var ldif = "";
+
+	for (var i in regdb.keys) {
+		var rk = regdb.keys[i];
+		/* Only handle selected hive */
+		if (strncmp(prefix_up, rk.name, strlen(prefix_up)) != 0) {
+			continue;
+		}
+
+		var keydn = regkey_to_dn(rk.name);
+
+		var pts = split("/", rk.name);
+
+		/* Convert key name to dn */
+		ldif = ldif + sprintf("
+dn: %s
+name: %s
+
+", keydn, pts[0]);
+		
+		for (var j in rk.values) {
+			var rv = rk.values[j];
+
+			ldif = ldif + sprintf("
+dn: %s,value=%s
+value: %s
+type: %d
+data:: %s", keydn, rv.value, rv.type, base64(rv.data));
+		}
+	}
+
+	return ldif;
+}
+
+function upgrade_sam_domain(samba3)
+{
+	var ldif = sprintf("
+dn: %s
+dc: FIXME
+objectClass: top
+objectClass: domain
+objectSid: %s
+objectGUID: %s
+name: %s
+oEMInformation: Provisioned by Samba4 (upgraded from Samba3)
+minPwdLength: %d
+pwdHistoryLength: %d
+minPwdAge: %d
+maxPwdAge: %d
+lockoutDuration: %d
+samba3ResetCountMinutes: %d
+samba3UserMustLogonToChangePassword: %d
+samba3BadLockoutMinutes: %d
+samba3DisconnectTime: %d
+samba3RefuseMachinePwdChange: %d
+
+", domaindn, domsec.sid, domsec.guid, domainname, samba3.policy.min_password_length, 
+	samba3.policy.password_history, samba3.policy.minimum_password_age,
+	samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
+	samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
+	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time, 
+	samba3.policy.refuse_machine_password_change
+);
+
+	return ldif;
+}
+
+function upgrade_sam_account(acc,domaindn)
+{
+	var ldif = sprintf(
+"dn: cn=%s,%s
+objectClass: top
+objectClass: person
+objectClass: user
+lastLogon: %d
+lastLogoff: %d
+unixName: %s
+name: %s
+cn: %s
+description: %s
+primaryGroupID: %d
+badPwdcount: %d
+logonCount: %d
+samba3Domain: %s
+samba3DirDrive: %s
+samba3MungedDial: %s
+samba3Homedir: %s
+samba3LogonScript: %s
+samba3ProfilePath: %s
+samba3Workstations: %s
+samba3KickOffTime: %d
+samba3BadPwdTime: %d
+samba3PassLastSetTime: %d
+samba3PassCanChangeTime: %d
+samba3PassMustChangeTime: %d
+samba3Rid: %d
+
+", acc.fullname, domaindn, sam.logon_time, acc.logoff_time, acc.username, acc.nt_username, 
+acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
+acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
+acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
+acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid); 
+
+		/* FIXME: Passwords */
+
+	return ldif;
+}
+
+function upgrade_sam_group(grp,domaindn)
+{
+	var ldif = sprintf(
+"dn: cn=%s,%s
+objectClass: top
+objectClass: group
+description: %s
+cn: %s
+objectSid: %s
+unixName: FIXME
+samba3SidNameUse: %d", grp.nt_name, domaindn, 
+grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
+
+	return ldif;
+}
+
+function upgrade_sam(samba3,domaindn)
+{
+	domainname = samba3.get_param("global", "workgroup");
+
+	if (domainname == undefined) {
+		DEBUG(0, ("No domain name specified in smb.conf!\n"));
+		return -1;
+	}
+
+	domsec = samba3.find_domainsecrets(domainname);
+
+	var ldif = upgrade_sam_domain(samba3,domaindn);
+
+	/* Users */
+	for (var i in samba3.samaccounts) {
+		ldif = ldif + upgrade_sam_account(samba3.samaccounts[i],domaindn);
+	}
+
+	/* Groups */
+	for (var i in samba3.group.groupmappings) {
+		ldif = ldif + upgrade_sam_group(samba3.group.groupmappings[i],domaindn);
+
+	}
+
+	return count;
+}
+
+function upgrade_winbind(samba3,domaindn)
+{
+	var ldif = sprintf("
+		
+dn: dc=none
+userHwm: %d
+groupHwm: %d
+
+", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
+
+	for (var i in samba3.idmap.mappings) {
+		var m = samba3.idmap.mappings[i];
+		ldif = ldif + sprintf("
+dn: SID=%s,%s
+SID: %s
+type: %d
+unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
+	}
+	
+	return ldif;
+}
+*/
+
+function upgrade_wins(samba3)
+{
+	var ldif = "";
+	for (i in samba3.winsentries) {
+		var e = samba3.winsentries[i];
+		
+		ldif = ldif + sprintf("
+dn: type=%d,name=%s
+name: %s
+objectClass: wins
+nbFlags: %x
+expires: %s", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldap_time(e.ttl));
+
+		for (var i in e.ips) {
+			ldif = ldif + sprintf("address: %s\n", e.ips[i]);
+		}
+	}
+
+	return ldif;
+}
+
+function upgrade_provision(samba3)
+{
+	var subobj = new Object();
+	var nss = nss_init();
+	var lp = loadparm_init();
+	var rdn_list;
+
+	var domainname = samba3.get_param("global", "workgroup");
+	var domsec = samba3.find_domainsecrets(domainname);
+	var hostsec = samba3.find_domainsecrets(hostname());
+	var realm = samba3.get_param("global", "realm");
+	random_init(local);
+
+	subobj.REALM        = realm;
+	subobj.DOMAIN       = domainname;
+	subobj.HOSTNAME     = hostname();
+
+	assert(subobj.REALM);
+	assert(subobj.DOMAIN);
+	assert(subobj.HOSTNAME);
+
+	subobj.HOSTIP       = hostip();
+	subobj.DOMAINGUID   = domsec.guid;
+	subobj.DOMAINSID    = domsec.sid;
+	subobj.HOSTGUID     = hostsec.guid;
+	subobj.INVOCATIONID = randguid();
+	subobj.KRBTGTPASS   = randpass(12);
+	subobj.MACHINEPASS  = randpass(12);
+	subobj.ADMINPASS    = randpass(12);
+	subobj.DEFAULTSITE  = "Default-First-Site-Name";
+	subobj.NEWGUID      = randguid;
+	subobj.NTTIME       = nttime;
+	subobj.LDAPTIME     = ldaptime;
+	subobj.DATESTRING   = datestring;
+	subobj.USN          = nextusn;
+	subobj.ROOT         = findnss(nss.getpwnam, split(samba3.get_param("global", "admin users")));
+	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
+	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
+	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root");
+	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
+	subobj.DNSDOMAIN    = strlower(subobj.REALM);
+	subobj.DNSNAME      = sprintf("%s.%s", 
+				      strlower(subobj.HOSTNAME), 
+				      subobj.DNSDOMAIN);
+	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
+	rdn_list = split(".", subobj.REALM);
+	subobj.RDN_DC       = rdn_list[0];
+	return subobj;
 }
-- 
cgit 


From 0a72d9a5f7c8705a68b03e2f391603252d896342 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 29 Aug 2005 15:54:10 +0000
Subject: r9744: - [upgrade.js] Start working on smb.conf conversion. -
 [ldb_map] Support storing non-mappable data in a fallback LDB (This used to
 be commit 435e4c6389b9d9b545beec8036289620ee5883db)

---
 source4/scripting/libjs/upgrade.js | 159 ++++++++++++++++++++++++++++---------
 1 file changed, 123 insertions(+), 36 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 60570935f6..3a6d2eec0a 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -68,17 +68,10 @@ data:: %s", keydn, rv.value, rv.type, base64(rv.data));
 	return ldif;
 }
 
-function upgrade_sam_domain(samba3)
+function upgrade_sam_policy(samba3,dn)
 {
 	var ldif = sprintf("
 dn: %s
-dc: FIXME
-objectClass: top
-objectClass: domain
-objectSid: %s
-objectGUID: %s
-name: %s
-oEMInformation: Provisioned by Samba4 (upgraded from Samba3)
 minPwdLength: %d
 pwdHistoryLength: %d
 minPwdAge: %d
@@ -90,7 +83,7 @@ samba3BadLockoutMinutes: %d
 samba3DisconnectTime: %d
 samba3RefuseMachinePwdChange: %d
 
-", domaindn, domsec.sid, domsec.guid, domainname, samba3.policy.min_password_length, 
+", dn, samba3.policy.min_password_length, 
 	samba3.policy.password_history, samba3.policy.minimum_password_age,
 	samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
 	samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
@@ -158,33 +151,6 @@ grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
 	return ldif;
 }
 
-function upgrade_sam(samba3,domaindn)
-{
-	domainname = samba3.get_param("global", "workgroup");
-
-	if (domainname == undefined) {
-		DEBUG(0, ("No domain name specified in smb.conf!\n"));
-		return -1;
-	}
-
-	domsec = samba3.find_domainsecrets(domainname);
-
-	var ldif = upgrade_sam_domain(samba3,domaindn);
-
-	/* Users */
-	for (var i in samba3.samaccounts) {
-		ldif = ldif + upgrade_sam_account(samba3.samaccounts[i],domaindn);
-	}
-
-	/* Groups */
-	for (var i in samba3.group.groupmappings) {
-		ldif = ldif + upgrade_sam_group(samba3.group.groupmappings[i],domaindn);
-
-	}
-
-	return count;
-}
-
 function upgrade_winbind(samba3,domaindn)
 {
 	var ldif = sprintf("
@@ -278,3 +244,124 @@ function upgrade_provision(samba3)
 	subobj.RDN_DC       = rdn_list[0];
 	return subobj;
 }
+
+var keep = new Array(
+	"dos charset", 
+	"unix charset",
+	"display charset",
+	"comment",
+	"path",
+	"directory",
+	"workgroup",
+	"realm",
+	"netbios name",
+	"netbios aliases",
+	"netbios scope",
+	"server string",
+	"interfaces",
+	"bind interfaces only",
+	"security",
+	"auth methods",
+	"encrypt passwords",
+	"null passwords",
+	"obey pam restrictions",
+	"password server",
+	"smb passwd file",
+	"sam database",
+	"spoolss database",
+	"wins database",
+	"private dir",
+	"passwd chat",
+	"password level",
+	"lanman auth",
+	"ntlm auth",
+	"client NTLMv2 auth",
+	"client lanman auth",
+	"client plaintext auth",
+	"read only",
+	"hosts allow",
+	"hosts deny",
+	"log level",
+	"debuglevel",
+	"log file",
+	"smb ports",
+	"nbt port",
+	"dgram port",
+	"cldap port",
+	"krb5 port",
+	"web port",
+	"tls enabled",
+	"tls keyfile",
+	"tls certfile",
+	"tls cafile",
+	"tls crlfile",
+	"swat directory",
+	"large readwrite",
+	"max protocol",
+	"min protocol",
+	"unicode",
+	"read raw",
+	"write raw",
+	"disable netbios",
+	"nt status support",
+	"announce version",
+	"announce as",
+	"max mux",
+	"max xmit",
+	"name resolve order",
+	"max wins ttl",
+	"min wins ttl",
+	"time server",
+	"unix extensions",
+	"use spnego",
+	"server signing",
+	"client signing",
+	"rpc big endian",
+	"max connections",
+	"paranoid server security",
+	"socket options",
+	"strict sync",
+	"case insensitive filesystem",
+	"max print jobs",
+	"printable",
+	"print ok",
+	"printer name",
+	"printer",
+	"map system",
+	"map hidden",
+	"map archive",
+	"domain logons",
+	"preferred master",
+	"prefered master",
+	"local master",
+	"domain master",
+	"browseable",
+	"browsable",
+	"wins server",
+	"wins support",
+	"csc policy",
+	"strict locking",
+	"config file",
+	"preload",
+	"auto services",
+	"lock dir",
+	"lock directory",
+	"pid directory",
+	"js include",
+	"setup directory",
+	"socket address",
+	"-valid",
+	"copy",
+	"include",
+	"available",
+	"volume",
+	"fstype",
+	"panic action",
+	"msdfs root",
+	"host msdfs",
+	"winbind separator");
+
+function upgrade_smbconf(samba3)
+{
+	//FIXME
+}
-- 
cgit 


From 442d147f6d39a9ac9545a096c7f62386cbe8b480 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 29 Aug 2005 15:55:35 +0000
Subject: r9746: Add "staff" as possible alternative to wheel (should fix
 standard provisioning on AIX) (This used to be commit
 b1d9ef899821376d7883fa126a14c06ed1b16601)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index afa5adaa9f..e166f3101f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -291,7 +291,7 @@ function provision_guess()
 	subobj.ROOT         = findnss(nss.getpwnam, "root");
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
-	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root");
+	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff");
 	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
-- 
cgit 


From 11f3f0fa6cfb0486bdc526465dc4c0e19467a30f Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 29 Aug 2005 18:52:24 +0000
Subject: r9754: Upgrading with the command line utility now works, at least
 partially (-: Upgrading using SWAT should work as well now. (This used to be
 commit 8baa2ac377315ae8b365f58c2bda0bf3d0c5aec3)

---
 source4/scripting/libjs/upgrade.js | 103 ++++++++++++++++++++++++++++++++++---
 1 file changed, 95 insertions(+), 8 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 3a6d2eec0a..c8539c9fcb 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -32,14 +32,17 @@ function regkey_to_dn(name)
 
 function upgrade_registry(regdb,prefix)
 {
+	assert(regdb != undefined);
 	var prefix_up = strupper(prefix);
 
 	var ldif = "";
 
 	for (var i in regdb.keys) {
 		var rk = regdb.keys[i];
+		var pts = split("/", rk.name);
+
 		/* Only handle selected hive */
-		if (strncmp(prefix_up, rk.name, strlen(prefix_up)) != 0) {
+		if (strupper(pts[0]) != prefix_up) {
 			continue;
 		}
 
@@ -72,6 +75,8 @@ function upgrade_sam_policy(samba3,dn)
 {
 	var ldif = sprintf("
 dn: %s
+changetype: modify
+replace: minPwdLength
 minPwdLength: %d
 pwdHistoryLength: %d
 minPwdAge: %d
@@ -124,7 +129,7 @@ samba3PassCanChangeTime: %d
 samba3PassMustChangeTime: %d
 samba3Rid: %d
 
-", acc.fullname, domaindn, sam.logon_time, acc.logoff_time, acc.username, acc.nt_username, 
+", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, 
 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
@@ -145,7 +150,8 @@ description: %s
 cn: %s
 objectSid: %s
 unixName: FIXME
-samba3SidNameUse: %d", grp.nt_name, domaindn, 
+samba3SidNameUse: %d
+", grp.nt_name, domaindn, 
 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
 
 	return ldif;
@@ -185,7 +191,8 @@ dn: type=%d,name=%s
 name: %s
 objectClass: wins
 nbFlags: %x
-expires: %s", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldap_time(e.ttl));
+expires: %s
+", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
 
 		for (var i in e.ips) {
 			ldif = ldif + sprintf("address: %s\n", e.ips[i]);
@@ -203,9 +210,20 @@ function upgrade_provision(samba3)
 	var rdn_list;
 
 	var domainname = samba3.get_param("global", "workgroup");
+
+	if (domainname == undefined) {
+		domainname = samba3.secrets.domains[0].name;
+		println("No domain specified in smb.conf file, assuming '" + domainname + "'");
+	}
+	
 	var domsec = samba3.find_domainsecrets(domainname);
 	var hostsec = samba3.find_domainsecrets(hostname());
 	var realm = samba3.get_param("global", "realm");
+
+	if (realm == undefined) {
+		realm = domainname;
+		println("No realm specified in smb.conf file, assuming '" + realm + "'");
+	}
 	random_init(local);
 
 	subobj.REALM        = realm;
@@ -217,9 +235,20 @@ function upgrade_provision(samba3)
 	assert(subobj.HOSTNAME);
 
 	subobj.HOSTIP       = hostip();
-	subobj.DOMAINGUID   = domsec.guid;
-	subobj.DOMAINSID    = domsec.sid;
-	subobj.HOSTGUID     = hostsec.guid;
+	if (domsec != undefined) {
+		subobj.DOMAINGUID   = domsec.guid;
+		subobj.DOMAINSID    = domsec.sid;
+	} else {
+		println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
+		subobj.DOMAINGUID = randguid();
+		subobj.DOMAINSID = randguid();
+	}
+	
+	if (hostsec) {
+		subobj.HOSTGUID     = hostsec.guid;
+	} else {
+		subobj.HOSTGUID = randguid();
+	}
 	subobj.INVOCATIONID = randguid();
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
@@ -230,7 +259,7 @@ function upgrade_provision(samba3)
 	subobj.LDAPTIME     = ldaptime;
 	subobj.DATESTRING   = datestring;
 	subobj.USN          = nextusn;
-	subobj.ROOT         = findnss(nss.getpwnam, split(samba3.get_param("global", "admin users")));
+	subobj.ROOT         = findnss(nss.getpwnam, "root");
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
 	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root");
@@ -365,3 +394,61 @@ function upgrade_smbconf(samba3)
 {
 	//FIXME
 }
+
+function upgrade(subobj, samba3, message)
+{
+	var samdb = ldb_init();
+	var ok = samdb.connect("sam.ldb");
+	assert(ok);
+
+	message("Importing account policies\n");
+	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
+	ldifprint(ldif);
+	ok = samdb.modify(ldif);
+	assert(ok);
+
+	// FIXME: Enable samba3sam module if original passdb backend was ldap
+
+	message("Importing users\n");
+	for (var i in samba3.samaccounts) {
+		message("Importing user '" + samba3.samaccounts[i].username + "'\n");
+		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
+		ldifprint(ldif);
+		ok = samdb.add(ldif);
+		assert(ok);
+	}
+
+	message("Importing groups\n");
+	for (var i in samba3.groupmappings) {
+		message("Importing group '" + samba3.groupmappings[i].username + "'\n");
+		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
+		ldifprint(ldif);
+		ok = samdb.add(ldif);
+		assert(ok);
+	}
+
+	message("Importing registry data\n");
+	var hives = new Array("hkcr","hkcu","hklm","hkpd"); 
+	for (var i in hives) {
+		println("... " + hives[i]);
+		var regdb = ldb_init();
+		ok = regdb.connect(hives[i] + ".ldb");
+		assert(ok);
+		var ldif = upgrade_registry(samba3.registry, hives[i]);
+		ldifprint(ldif);
+		ok = regdb.add(ldif);
+		assert(ok);
+	}
+
+	message("Importing WINS data\n");
+	var winsdb = ldb_init();
+	ok = winsdb.connect("wins.ldb");
+	assert(ok);
+
+	var ldif = upgrade_wins(samba3);
+	ldifprint(ldif);
+	ok = winsdb.add(ldif);
+	assert(ok);
+
+	return ok;
+}
-- 
cgit 


From c9ace93ce22fed9e1b4e44a853e23bf66cf99184 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 29 Aug 2005 20:18:51 +0000
Subject: r9756: One-way upgrade from Samba3->Samba4 basically works now Still
 need to polish some rough edges (This used to be commit
 a8f309aa812533f57a90410722dfb342c8cf3b48)

---
 source4/scripting/libjs/provision.js |  5 +++--
 source4/scripting/libjs/upgrade.js   | 16 +++++-----------
 2 files changed, 8 insertions(+), 13 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e166f3101f..b43d435ca9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -217,6 +217,8 @@ function provision(subobj, message, blank)
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+	var rdns = split(",", subobj.BASEDN);
+	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
 	data = add_foreign(data, "S-1-5-7",  "Anonymous",           "${NOBODY}");
 	data = add_foreign(data, "S-1-1-0",  "World",               "${NOGROUP}");
@@ -297,9 +299,8 @@ function provision_guess()
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
-	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
 	rdn_list = split(".", subobj.REALM);
-	subobj.RDN_DC       = rdn_list[0];
+	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
 	return subobj;
 }
 
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index c8539c9fcb..682721e931 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -241,7 +241,7 @@ function upgrade_provision(samba3)
 	} else {
 		println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
 		subobj.DOMAINGUID = randguid();
-		subobj.DOMAINSID = randguid();
+		subobj.DOMAINSID = randsid();
 	}
 	
 	if (hostsec) {
@@ -270,7 +270,6 @@ function upgrade_provision(samba3)
 				      subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
 	rdn_list = split(".", subobj.REALM);
-	subobj.RDN_DC       = rdn_list[0];
 	return subobj;
 }
 
@@ -403,7 +402,6 @@ function upgrade(subobj, samba3, message)
 
 	message("Importing account policies\n");
 	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
-	ldifprint(ldif);
 	ok = samdb.modify(ldif);
 	assert(ok);
 
@@ -411,31 +409,28 @@ function upgrade(subobj, samba3, message)
 
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
-		message("Importing user '" + samba3.samaccounts[i].username + "'\n");
+		message("... " + samba3.samaccounts[i].username + "\n");
 		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
-		ldifprint(ldif);
 		ok = samdb.add(ldif);
 		assert(ok);
 	}
 
 	message("Importing groups\n");
 	for (var i in samba3.groupmappings) {
-		message("Importing group '" + samba3.groupmappings[i].username + "'\n");
+		message("... " + samba3.groupmappings[i].nt_name + "\n");
 		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
-		ldifprint(ldif);
 		ok = samdb.add(ldif);
 		assert(ok);
 	}
 
 	message("Importing registry data\n");
-	var hives = new Array("hkcr","hkcu","hklm","hkpd"); 
+	var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt"); 
 	for (var i in hives) {
-		println("... " + hives[i]);
+		message("... " + hives[i] + "\n");
 		var regdb = ldb_init();
 		ok = regdb.connect(hives[i] + ".ldb");
 		assert(ok);
 		var ldif = upgrade_registry(samba3.registry, hives[i]);
-		ldifprint(ldif);
 		ok = regdb.add(ldif);
 		assert(ok);
 	}
@@ -446,7 +441,6 @@ function upgrade(subobj, samba3, message)
 	assert(ok);
 
 	var ldif = upgrade_wins(samba3);
-	ldifprint(ldif);
 	ok = winsdb.add(ldif);
 	assert(ok);
 
-- 
cgit 


From ec934124db8a5234d8c83799a23c7bdced5dd95a Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 29 Aug 2005 22:01:18 +0000
Subject: r9762: Add support for reading good old smbpasswd files Fix password
 support Make base64 decode/encode functions available to EJS (This used to be
 commit 1376a1fe44cd6b01709819095a711c14626b1d3e)

---
 source4/scripting/libjs/upgrade.js | 59 +++++++++++++++++++++++---------------
 1 file changed, 36 insertions(+), 23 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 682721e931..dbf1c0f2c3 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -101,6 +101,7 @@ samba3RefuseMachinePwdChange: %d
 
 function upgrade_sam_account(acc,domaindn)
 {
+	var ldb = ldb_init();
 	var ldif = sprintf(
 "dn: cn=%s,%s
 objectClass: top
@@ -115,6 +116,8 @@ description: %s
 primaryGroupID: %d
 badPwdcount: %d
 logonCount: %d
+ntPwdHash:: %s
+lmPwdHash:: %s
 samba3Domain: %s
 samba3DirDrive: %s
 samba3MungedDial: %s
@@ -133,9 +136,8 @@ samba3Rid: %d
 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
-acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid); 
-
-		/* FIXME: Passwords */
+acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
+	ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); 
 
 	return ldif;
 }
@@ -295,9 +297,6 @@ var keep = new Array(
 	"obey pam restrictions",
 	"password server",
 	"smb passwd file",
-	"sam database",
-	"spoolss database",
-	"wins database",
 	"private dir",
 	"passwd chat",
 	"password level",
@@ -313,17 +312,6 @@ var keep = new Array(
 	"debuglevel",
 	"log file",
 	"smb ports",
-	"nbt port",
-	"dgram port",
-	"cldap port",
-	"krb5 port",
-	"web port",
-	"tls enabled",
-	"tls keyfile",
-	"tls certfile",
-	"tls cafile",
-	"tls crlfile",
-	"swat directory",
 	"large readwrite",
 	"max protocol",
 	"min protocol",
@@ -344,12 +332,10 @@ var keep = new Array(
 	"use spnego",
 	"server signing",
 	"client signing",
-	"rpc big endian",
 	"max connections",
 	"paranoid server security",
 	"socket options",
 	"strict sync",
-	"case insensitive filesystem",
 	"max print jobs",
 	"printable",
 	"print ok",
@@ -375,10 +361,7 @@ var keep = new Array(
 	"lock dir",
 	"lock directory",
 	"pid directory",
-	"js include",
-	"setup directory",
 	"socket address",
-	"-valid",
 	"copy",
 	"include",
 	"available",
@@ -394,6 +377,23 @@ function upgrade_smbconf(samba3)
 	//FIXME
 }
 
+function save_smbconf(path,smbconf)
+{
+	var data = "
+# Generated by upgrade.js";
+
+	for (var i in smbconf.shares) {
+		var s = smbconf.shares[i];
+		data = data + "\n[" + s.name + "]\n";
+		for (var j in s.parameters) {
+			var p = s.parameters[j];
+			data = data + "\t" + p.name + " = " + p + "\n";
+		}
+	}
+	
+	sys.file_save(path,data);
+}
+
 function upgrade(subobj, samba3, message)
 {
 	var samdb = ldb_init();
@@ -405,7 +405,20 @@ function upgrade(subobj, samba3, message)
 	ok = samdb.modify(ldif);
 	assert(ok);
 
-	// FIXME: Enable samba3sam module if original passdb backend was ldap
+	var ldapurl = undefined;
+
+	// FIXME: figure out ldapurl
+
+	// Enable samba3sam module if original passdb backend was ldap
+	if (ldapurl != undefined) {
+		var ldif = sprintf("
+dn: @MAP=samba3sam
+@MAP_URL: %s", ldapurl);
+		samdb.add(ldif);
+
+		samdb.modify("dn: @MODULES
+@LIST: samldb,timestamps,objectguid,rdn_name");
+	}
 
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
-- 
cgit 


From 7be4cf8c1ded42daf7e86ecd2c0dbfeeed312b22 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 30 Aug 2005 00:41:02 +0000
Subject: r9770: Couple other bugfixes Update TODO-list (This used to be commit
 d9541535e3f9e1c058410eeb0a54d60181572f2b)

---
 source4/scripting/libjs/provision.js |  3 +--
 source4/scripting/libjs/upgrade.js   | 14 ++++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b43d435ca9..9607d6f274 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -164,14 +164,13 @@ function setup_ldb(ldif, dbname, subobj)
 	        erase = arguments[4];
         }
 
-	var dbfile = dbname;
 	var src = lp.get("setup directory") + "/" + ldif;
 
 	var data = sys.file_load(src);
 	data = data + extra;
 	data = substitute_var(data, subobj);
 
-	var ok = ldb.connect(dbfile);
+	var ok = ldb.connect(dbname);
 	assert(ok);
 
 	if (erase) {
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index dbf1c0f2c3..c78afd6a91 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -116,8 +116,6 @@ description: %s
 primaryGroupID: %d
 badPwdcount: %d
 logonCount: %d
-ntPwdHash:: %s
-lmPwdHash:: %s
 samba3Domain: %s
 samba3DirDrive: %s
 samba3MungedDial: %s
@@ -131,6 +129,8 @@ samba3PassLastSetTime: %d
 samba3PassCanChangeTime: %d
 samba3PassMustChangeTime: %d
 samba3Rid: %d
+ntPwdHash:: %s
+lmPwdHash:: %s
 
 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, 
 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
@@ -422,18 +422,20 @@ dn: @MAP=samba3sam
 
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
-		message("... " + samba3.samaccounts[i].username + "\n");
+		message("... " + samba3.samaccounts[i].username);
 		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
 		ok = samdb.add(ldif);
-		assert(ok);
+		if (!ok) { message("... error!"); }
+		message("\n");
 	}
 
 	message("Importing groups\n");
 	for (var i in samba3.groupmappings) {
-		message("... " + samba3.groupmappings[i].nt_name + "\n");
+		message("... " + samba3.groupmappings[i].nt_name);
 		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
 		ok = samdb.add(ldif);
-		assert(ok);
+		if (!ok) { message("... error!"); }
+		message("\n");
 	}
 
 	message("Importing registry data\n");
-- 
cgit 


From 6cf1b0c07c819e9e2afdcb87b2e4fd31ed680b72 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 30 Aug 2005 12:27:53 +0000
Subject: r9793: Be more verbose, check for errors in upgrade script. (This
 used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18)

---
 source4/scripting/libjs/upgrade.js | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index c78afd6a91..c6a65e01c0 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -34,8 +34,7 @@ function upgrade_registry(regdb,prefix)
 {
 	assert(regdb != undefined);
 	var prefix_up = strupper(prefix);
-
-	var ldif = "";
+	var ldif = new Array();
 
 	for (var i in regdb.keys) {
 		var rk = regdb.keys[i];
@@ -51,7 +50,7 @@ function upgrade_registry(regdb,prefix)
 		var pts = split("/", rk.name);
 
 		/* Convert key name to dn */
-		ldif = ldif + sprintf("
+		ldif[rk.name] = sprintf("
 dn: %s
 name: %s
 
@@ -60,7 +59,7 @@ name: %s
 		for (var j in rk.values) {
 			var rv = rk.values[j];
 
-			ldif = ldif + sprintf("
+			ldif[rk.name + " (" + rv.name + ")"] = sprintf("
 dn: %s,value=%s
 value: %s
 type: %d
@@ -396,6 +395,7 @@ function save_smbconf(path,smbconf)
 
 function upgrade(subobj, samba3, message)
 {
+	var ret = 0;
 	var samdb = ldb_init();
 	var ok = samdb.connect("sam.ldb");
 	assert(ok);
@@ -425,7 +425,10 @@ dn: @MAP=samba3sam
 		message("... " + samba3.samaccounts[i].username);
 		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
 		ok = samdb.add(ldif);
-		if (!ok) { message("... error!"); }
+		if (!ok) { 
+			message("... error: " + samdb.errstring()); 
+			ret = ret + 1; 
+		}
 		message("\n");
 	}
 
@@ -434,7 +437,10 @@ dn: @MAP=samba3sam
 		message("... " + samba3.groupmappings[i].nt_name);
 		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
 		ok = samdb.add(ldif);
-		if (!ok) { message("... error!"); }
+		if (!ok) { 
+			message("... error: " + samdb.errstring()); 
+			ret = ret + 1; 
+		}
 		message("\n");
 	}
 
@@ -446,18 +452,26 @@ dn: @MAP=samba3sam
 		ok = regdb.connect(hives[i] + ".ldb");
 		assert(ok);
 		var ldif = upgrade_registry(samba3.registry, hives[i]);
-		ok = regdb.add(ldif);
-		assert(ok);
+		for (var j in ldif) {
+			message("... ... " + j);
+			ok = regdb.add(ldif[j]);
+			if (!ok) { 
+				message("... error: " + regdb.errstring()); 
+				ret = ret + 1; 
+			}
+			message("\n");
+		}
 	}
 
 	message("Importing WINS data\n");
 	var winsdb = ldb_init();
 	ok = winsdb.connect("wins.ldb");
 	assert(ok);
+	ldb_erase(winsdb);
 
 	var ldif = upgrade_wins(samba3);
 	ok = winsdb.add(ldif);
 	assert(ok);
 
-	return ok;
+	return ret;
 }
-- 
cgit 


From 9f4b32996c1c97122b198a13216c35ad40f6ea2d Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 30 Aug 2005 14:44:33 +0000
Subject: r9800: Add EJS interface to param. tridge, sorry this overlaps a bit
 with your loadparm interface. :-/ (This used to be commit
 bb0cef581a09a86113f3212c776c011ae73def14)

---
 source4/scripting/libjs/upgrade.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index c6a65e01c0..aa94dbbbc4 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -210,8 +210,8 @@ function upgrade_provision(samba3)
 	var lp = loadparm_init();
 	var rdn_list;
 
-	var domainname = samba3.get_param("global", "workgroup");
-
+	var domainname = samba3.configuration.get("workgroup");
+	
 	if (domainname == undefined) {
 		domainname = samba3.secrets.domains[0].name;
 		println("No domain specified in smb.conf file, assuming '" + domainname + "'");
@@ -219,7 +219,7 @@ function upgrade_provision(samba3)
 	
 	var domsec = samba3.find_domainsecrets(domainname);
 	var hostsec = samba3.find_domainsecrets(hostname());
-	var realm = samba3.get_param("global", "realm");
+	var realm = samba3.configuration.get("realm");
 
 	if (realm == undefined) {
 		realm = domainname;
-- 
cgit 


From cf016f972b931b54c155ca8e6df485e05c37b034 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 30 Aug 2005 16:09:38 +0000
Subject: r9805: Add 'data' property to param EJS object Write out new smb.conf
 file. Parameters that have disappeared between Samba 3 and 4 will optionally
 be prefixed with 'samba3:' (This used to be commit
 27eefbd9059fe0a3daca15a71da7b4cb88ed22ec)

---
 source4/scripting/libjs/upgrade.js | 68 +++++++++++++++++++++++++++-----------
 1 file changed, 49 insertions(+), 19 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index aa94dbbbc4..0e12d7c345 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -274,7 +274,7 @@ function upgrade_provision(samba3)
 	return subobj;
 }
 
-var keep = new Array(
+smbconf_keep = new Array(
 	"dos charset", 
 	"unix charset",
 	"display charset",
@@ -371,43 +371,70 @@ var keep = new Array(
 	"host msdfs",
 	"winbind separator");
 
-function upgrade_smbconf(samba3)
+/*
+   Remove configuration variables not present in Samba4
+	oldconf: Old configuration structure
+	mark: Whether removed configuration variables should be 
+		kept in the new configuration as "samba3:<name>"
+ */
+function upgrade_smbconf(oldconf,mark)
 {
-	//FIXME
-}
+	var data = oldconf.data();
+	var newconf = param_init();
+
+	for (var s in data) {
+		for (var p in data[s]) {
+			var keep = false;
+			for (var k in smbconf_keep) { 
+				if (smbconf_keep[k] == p) {
+					keep = true;
+					break;
+				}
+			}
 
-function save_smbconf(path,smbconf)
-{
-	var data = "
-# Generated by upgrade.js";
-
-	for (var i in smbconf.shares) {
-		var s = smbconf.shares[i];
-		data = data + "\n[" + s.name + "]\n";
-		for (var j in s.parameters) {
-			var p = s.parameters[j];
-			data = data + "\t" + p.name + " = " + p + "\n";
+			if (keep) {
+				newconf.set(s, p, oldconf.get(s, p));
+			} else if (mark) {
+				newconf.set(s, "samba3:"+p, oldconf.get(s,p));
+			}
 		}
 	}
-	
-	sys.file_save(path,data);
+
+	return newconf;
 }
 
 function upgrade(subobj, samba3, message)
 {
 	var ret = 0;
+	var lp = loadparm_init();
 	var samdb = ldb_init();
 	var ok = samdb.connect("sam.ldb");
 	assert(ok);
 
+	message("Writing configuration\n");
+	var newconf = upgrade_smbconf(samba3.configuration,true);
+	newconf.save(lp.get("config file"));
+
 	message("Importing account policies\n");
 	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
 	ok = samdb.modify(ldif);
 	assert(ok);
 
+	// figure out ldapurl, if applicable
 	var ldapurl = undefined;
+	var pdb = samba3.configuration.get_list("passdb backends");
+	if (pdb != undefined) {
+		for (var b in pdb) {
+			if (substr(pdb[b], 0, 7) == "ldapsam") {
+				ldapurl = substr(pdb[b], 8);
+			}
+		}
+	}
 
-	// FIXME: figure out ldapurl
+	// URL was not specified in passdb backend but ldap /is/ used
+	if (ldapurl == "") {
+		ldapurl = "ldap://" + samba3.configuration.get("ldap server");
+	}
 
 	// Enable samba3sam module if original passdb backend was ldap
 	if (ldapurl != undefined) {
@@ -417,7 +444,7 @@ dn: @MAP=samba3sam
 		samdb.add(ldif);
 
 		samdb.modify("dn: @MODULES
-@LIST: samldb,timestamps,objectguid,rdn_name");
+@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
 	}
 
 	message("Importing users\n");
@@ -473,5 +500,8 @@ dn: @MAP=samba3sam
 	ok = winsdb.add(ldif);
 	assert(ok);
 
+	message("Reloading smb.conf\n");
+	lp.reload();
+
 	return ret;
 }
-- 
cgit 


From f58a74aabab3d5c0d1185ac2f77a5f54feb781e9 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 31 Aug 2005 02:39:57 +0000
Subject: r9816: Work on testsuite for upgrade Add 'paths' object to provision
 code. (This used to be commit 488d737fb0ebbc2535d0ec17c14f0dc1eaf2a578)

---
 source4/scripting/libjs/provision.js | 44 +++++++++++++++++++++++++-----------
 source4/scripting/libjs/upgrade.js   | 18 +++++++--------
 2 files changed, 39 insertions(+), 23 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 9607d6f274..ef99dc43c5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -199,16 +199,34 @@ function setup_file(template, fname, subobj)
 	assert(ok);
 }
 
+function provision_default_paths(subobj)
+{
+	var lp = loadparm_init();
+	var paths = new Object();
+	paths.smbconf = lp.get("config file");
+	paths.hklm = "hklm.ldb";
+	paths.hkcu = "hkcu.ldb";
+	paths.hkcr = "hkcr.ldb";
+	paths.hku = "hku.ldb";
+	paths.hkpd = "hkpd.ldb";
+	paths.hkpt = "hkpt.ldb";
+	paths.samdb = "sam.ldb";
+	paths.rootdse = "rootdse.ldb";
+	paths.secrets = "secrets.ldb";
+	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
+	paths.winsdb = "wins.ldb";
+	return paths;
+}
+
 /*
   provision samba4 - caution, this wipes all existing data!
 */
-function provision(subobj, message, blank)
+function provision(subobj, message, blank, paths)
 {
 	var data = "";
 	var lp = loadparm_init();
 	var sys = sys_init();
-	var smbconf = lp.get("config file");
-
+	
 	/*
 	  some options need to be upper/lower case
 	*/
@@ -228,31 +246,31 @@ function provision(subobj, message, blank)
 	provision_next_usn = 1;
 
 	/* only install a new smb.conf if there isn't one there already */
-	var st = sys.stat(smbconf);
+	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
 		message("Setting up smb.conf\n");
-		setup_file("provision.smb.conf", smbconf, subobj);
+		setup_file("provision.smb.conf", paths.smbconf, subobj);
 		lp.reload();
 	}
 	message("Setting up hklm.ldb\n");
-	setup_ldb("hklm.ldif", "hklm.ldb", subobj);
+	setup_ldb("hklm.ldif", paths.hklm, subobj);
 	message("Setting up sam.ldb attributes\n");
-	setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+	setup_ldb("provision_init.ldif", paths.samdb, subobj);
 	message("Setting up sam.ldb templates\n");
-	setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
+	setup_ldb("provision_templates.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
-	setup_ldb("provision.ldif", "sam.ldb", subobj, NULL, false);
+	setup_ldb("provision.ldif", paths.samdb, subobj, NULL, false);
 	if (blank == false) {
 		message("Setting up sam.ldb users and groups\n");
-		setup_ldb("provision_users.ldif", "sam.ldb", subobj, data, false);
+		setup_ldb("provision_users.ldif", paths.samdb, subobj, data, false);
 	}
 	message("Setting up rootdse.ldb\n");
-	setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
+	setup_ldb("rootdse.ldif", paths.rootdse, subobj);
 	message("Setting up secrets.ldb\n");
-	setup_ldb("secrets.ldif", "secrets.ldb", subobj);
+	setup_ldb("secrets.ldif", paths.secrets, subobj);
 	message("Setting up DNS zone file\n");
 	setup_file("provision.zone", 
-		   lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone", 
+		   paths.dns, 
 		   subobj);
 }
 
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 0e12d7c345..4fe6b8cc1e 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -403,17 +403,17 @@ function upgrade_smbconf(oldconf,mark)
 	return newconf;
 }
 
-function upgrade(subobj, samba3, message)
+function upgrade(subobj, samba3, message, paths)
 {
 	var ret = 0;
 	var lp = loadparm_init();
 	var samdb = ldb_init();
-	var ok = samdb.connect("sam.ldb");
+	var ok = samdb.connect(paths.samdb);
 	assert(ok);
 
 	message("Writing configuration\n");
 	var newconf = upgrade_smbconf(samba3.configuration,true);
-	newconf.save(lp.get("config file"));
+	newconf.save(paths.smbconf);
 
 	message("Importing account policies\n");
 	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
@@ -474,11 +474,12 @@ dn: @MAP=samba3sam
 	message("Importing registry data\n");
 	var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt"); 
 	for (var i in hives) {
-		message("... " + hives[i] + "\n");
+		var hn = hives[i];
+		message("... " + hn + "\n");
 		var regdb = ldb_init();
-		ok = regdb.connect(hives[i] + ".ldb");
+		ok = regdb.connect(paths[hn]);
 		assert(ok);
-		var ldif = upgrade_registry(samba3.registry, hives[i]);
+		var ldif = upgrade_registry(samba3.registry, hn);
 		for (var j in ldif) {
 			message("... ... " + j);
 			ok = regdb.add(ldif[j]);
@@ -492,7 +493,7 @@ dn: @MAP=samba3sam
 
 	message("Importing WINS data\n");
 	var winsdb = ldb_init();
-	ok = winsdb.connect("wins.ldb");
+	ok = winsdb.connect(paths.winsdb);
 	assert(ok);
 	ldb_erase(winsdb);
 
@@ -500,8 +501,5 @@ dn: @MAP=samba3sam
 	ok = winsdb.add(ldif);
 	assert(ok);
 
-	message("Reloading smb.conf\n");
-	lp.reload();
-
 	return ret;
 }
-- 
cgit 


From d991196655a5102275736a32bf4861ae193a3761 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 31 Aug 2005 14:27:17 +0000
Subject: r9827: Convert 'passdb backend' rather then 'passdb backends' Be a
 bit more verbose (This used to be commit
 fb2fd8da10b281b2064d4cae5d5a0630e8a207da)

---
 source4/scripting/libjs/upgrade.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 4fe6b8cc1e..0b5a71e50c 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -422,7 +422,7 @@ function upgrade(subobj, samba3, message, paths)
 
 	// figure out ldapurl, if applicable
 	var ldapurl = undefined;
-	var pdb = samba3.configuration.get_list("passdb backends");
+	var pdb = samba3.configuration.get_list("passdb backend");
 	if (pdb != undefined) {
 		for (var b in pdb) {
 			if (substr(pdb[b], 0, 7) == "ldapsam") {
@@ -438,6 +438,7 @@ function upgrade(subobj, samba3, message, paths)
 
 	// Enable samba3sam module if original passdb backend was ldap
 	if (ldapurl != undefined) {
+		message("Enabling Samba3 LDAP mappings for SAM database\n");
 		var ldif = sprintf("
 dn: @MAP=samba3sam
 @MAP_URL: %s", ldapurl);
-- 
cgit 


From 2f23a8cec1537439fef3456389d55d95c5e78493 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 31 Aug 2005 15:46:41 +0000
Subject: r9830: Fix support for importing registry values. Extended the
 examplre registry tdb. (This used to be commit
 11e2a1938966f3aa9e9c25433181c20843951a6b)

---
 source4/scripting/libjs/upgrade.js | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 0b5a71e50c..e78865f196 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -30,7 +30,7 @@ function regkey_to_dn(name)
  *   HKPT
  */
 
-function upgrade_registry(regdb,prefix)
+function upgrade_registry(regdb,prefix,ldb)
 {
 	assert(regdb != undefined);
 	var prefix_up = strupper(prefix);
@@ -63,7 +63,7 @@ name: %s
 dn: %s,value=%s
 value: %s
 type: %d
-data:: %s", keydn, rv.value, rv.type, base64(rv.data));
+data:: %s", keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data));
 		}
 	}
 
@@ -103,8 +103,6 @@ function upgrade_sam_account(acc,domaindn)
 	var ldb = ldb_init();
 	var ldif = sprintf(
 "dn: cn=%s,%s
-objectClass: top
-objectClass: person
 objectClass: user
 lastLogon: %d
 lastLogoff: %d
@@ -480,7 +478,7 @@ dn: @MAP=samba3sam
 		var regdb = ldb_init();
 		ok = regdb.connect(paths[hn]);
 		assert(ok);
-		var ldif = upgrade_registry(samba3.registry, hn);
+		var ldif = upgrade_registry(samba3.registry, hn, regdb);
 		for (var j in ldif) {
 			message("... ... " + j);
 			ok = regdb.add(ldif[j]);
-- 
cgit 


From 0712cbdab4c397b9f74fcd681f40df9c9c2c59a8 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 31 Aug 2005 16:51:09 +0000
Subject: r9834: More tests for the upgrade from Samba3 (This used to be commit
 d2db164d6f674cada470e871c558c75f98244141)

---
 source4/scripting/libjs/upgrade.js | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index e78865f196..59e433b0f2 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -448,26 +448,26 @@ dn: @MAP=samba3sam
 
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
-		message("... " + samba3.samaccounts[i].username);
+		var msg = "... " + samba3.samaccounts[i].username;
 		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
 		ok = samdb.add(ldif);
 		if (!ok) { 
-			message("... error: " + samdb.errstring()); 
+			msg = msg + "... error: " + samdb.errstring();
 			ret = ret + 1; 
 		}
-		message("\n");
+		message(msg + "\n");
 	}
 
 	message("Importing groups\n");
 	for (var i in samba3.groupmappings) {
-		message("... " + samba3.groupmappings[i].nt_name);
+		var msg = "... " + samba3.groupmappings[i].nt_name;
 		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
 		ok = samdb.add(ldif);
 		if (!ok) { 
-			message("... error: " + samdb.errstring()); 
+			msg = msg + "... error: " + samdb.errstring();
 			ret = ret + 1; 
 		}
-		message("\n");
+		message(msg + "\n");
 	}
 
 	message("Importing registry data\n");
@@ -480,13 +480,13 @@ dn: @MAP=samba3sam
 		assert(ok);
 		var ldif = upgrade_registry(samba3.registry, hn, regdb);
 		for (var j in ldif) {
-			message("... ... " + j);
+			var msg = "... ... " + j;
 			ok = regdb.add(ldif[j]);
 			if (!ok) { 
-				message("... error: " + regdb.errstring()); 
+				msg = msg + "... error: " + regdb.errstring();
 				ret = ret + 1; 
 			}
-			message("\n");
+			message(msg + "\n");
 		}
 	}
 
@@ -502,3 +502,15 @@ dn: @MAP=samba3sam
 
 	return ret;
 }
+
+function upgrade_verify(subobj, samba3,paths,message)
+{
+	message("Verifying account policies\n");
+	var samldb = ldb_init();
+	var ne = 0;
+
+	var ok = samldb.connect(paths.samdb);
+	assert(ok);
+	
+	// FIXME
+}
-- 
cgit 


From 222fdd5237c1fd8551c39ce544171df3a5a41831 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 31 Aug 2005 21:04:17 +0000
Subject: r9842: More error checks in the ldb_map modules, extend testsuite
 (This used to be commit b7992de4b7d42a55e00509c887a269a07c19627d)

---
 source4/scripting/libjs/upgrade.js | 59 ++++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 28 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 59e433b0f2..ac7e445330 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -418,34 +418,6 @@ function upgrade(subobj, samba3, message, paths)
 	ok = samdb.modify(ldif);
 	assert(ok);
 
-	// figure out ldapurl, if applicable
-	var ldapurl = undefined;
-	var pdb = samba3.configuration.get_list("passdb backend");
-	if (pdb != undefined) {
-		for (var b in pdb) {
-			if (substr(pdb[b], 0, 7) == "ldapsam") {
-				ldapurl = substr(pdb[b], 8);
-			}
-		}
-	}
-
-	// URL was not specified in passdb backend but ldap /is/ used
-	if (ldapurl == "") {
-		ldapurl = "ldap://" + samba3.configuration.get("ldap server");
-	}
-
-	// Enable samba3sam module if original passdb backend was ldap
-	if (ldapurl != undefined) {
-		message("Enabling Samba3 LDAP mappings for SAM database\n");
-		var ldif = sprintf("
-dn: @MAP=samba3sam
-@MAP_URL: %s", ldapurl);
-		samdb.add(ldif);
-
-		samdb.modify("dn: @MODULES
-@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
-	}
-
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
 		var msg = "... " + samba3.samaccounts[i].username;
@@ -500,6 +472,37 @@ dn: @MAP=samba3sam
 	ok = winsdb.add(ldif);
 	assert(ok);
 
+	// figure out ldapurl, if applicable
+	var ldapurl = undefined;
+	var pdb = samba3.configuration.get_list("passdb backend");
+	if (pdb != undefined) {
+		for (var b in pdb) {
+			if (substr(pdb[b], 0, 7) == "ldapsam") {
+				ldapurl = substr(pdb[b], 8);
+			}
+		}
+	}
+
+	// URL was not specified in passdb backend but ldap /is/ used
+	if (ldapurl == "") {
+		ldapurl = "ldap://" + samba3.configuration.get("ldap server");
+	}
+
+	// Enable samba3sam module if original passdb backend was ldap
+	if (ldapurl != undefined) {
+		message("Enabling Samba3 LDAP mappings for SAM database\n");
+		var ldif = sprintf("
+dn: @MAP=samba3sam
+@MAP_URL: %s", ldapurl);
+		ok = samdb.add(ldif);
+		assert(ok);
+
+		ok = samdb.modify("dn: @MODULES
+replace: @LIST
+@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
+		assert(ok);
+	}
+
 	return ret;
 }
 
-- 
cgit 


From 05db3024ba6a8cd0b3182595f4f6f2f1f0987e44 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 1 Sep 2005 00:37:52 +0000
Subject: r9854: Finish ldb_map testsuite Update PLAN Some more small other
 fixes (This used to be commit de2bde2526ffaf521253e3b9e58fc11417986321)

---
 source4/scripting/libjs/upgrade.js | 97 +++++++++++++++++++++++++++++++-------
 1 file changed, 79 insertions(+), 18 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index ac7e445330..45e6884e9f 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -94,20 +94,40 @@ samba3RefuseMachinePwdChange: %d
 	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time, 
 	samba3.policy.refuse_machine_password_change
 );
-
+	
 	return ldif;
 }
 
-function upgrade_sam_account(acc,domaindn)
+function upgrade_sam_account(ldb,acc,domaindn,domainsid)
 {
-	var ldb = ldb_init();
+	if (acc.nt_username == undefined) {
+		acc.nt_username = acc.username;
+	}	
+
+	if (acc.nt_username == "") {
+		acc.nt_username = acc.username;
+	}	
+
+	if (acc.fullname == undefined) {
+		var pw = nss.getpwnam(acc.fullname);
+		acc.fullname = pw.pw_gecos;
+	}
+
+	var pts = split(',', acc.fullname);
+	acc.fullname = pts[0];
+	
+	assert(acc.fullname != undefined);
+	assert(acc.nt_username != undefined);
+
 	var ldif = sprintf(
 "dn: cn=%s,%s
+objectClass: top
 objectClass: user
 lastLogon: %d
 lastLogoff: %d
 unixName: %s
 name: %s
+sAMAccountName: %s
 cn: %s
 description: %s
 primaryGroupID: %d
@@ -125,15 +145,16 @@ samba3BadPwdTime: %d
 samba3PassLastSetTime: %d
 samba3PassCanChangeTime: %d
 samba3PassMustChangeTime: %d
-samba3Rid: %d
+objectSid: %s-%d
 ntPwdHash:: %s
 lmPwdHash:: %s
 
-", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, 
+", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
+
 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
-acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
+acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
 	ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); 
 
 	return ldif;
@@ -141,6 +162,33 @@ acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc
 
 function upgrade_sam_group(grp,domaindn)
 {
+	var nss = nss_init();
+
+	var gr;
+	if (grp.sid_name_use == 5) { // Well-known group
+		return undefined;
+	}
+
+	if (grp.nt_name == "Domain Guests" ||
+	    grp.nt_name == "Domain Users" ||
+	    grp.nt_name == "Domain Admins") {
+		return undefined;
+	}
+	
+	if (grp.gid == -1) {
+		gr = nss.getgrnam(grp.nt_name);
+	} else {
+		gr = nss.getgrgid(grp.gid);
+	}
+
+	if (gr == undefined) {
+		grp.unixname = "UNKNOWN";
+	} else {
+		grp.unixname = gr.gr_name;
+	}
+
+	assert(grp.unixname != undefined);
+	
 	var ldif = sprintf(
 "dn: cn=%s,%s
 objectClass: top
@@ -148,10 +196,10 @@ objectClass: group
 description: %s
 cn: %s
 objectSid: %s
-unixName: FIXME
+unixName: %s
 samba3SidNameUse: %d
 ", grp.nt_name, domaindn, 
-grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
+grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use);
 
 	return ldif;
 }
@@ -421,9 +469,9 @@ function upgrade(subobj, samba3, message, paths)
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
 		var msg = "... " + samba3.samaccounts[i].username;
-		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
+		var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID);
 		ok = samdb.add(ldif);
-		if (!ok) { 
+		if (!ok && samdb.errstring() != "Record exists") { 
 			msg = msg + "... error: " + samdb.errstring();
 			ret = ret + 1; 
 		}
@@ -434,10 +482,12 @@ function upgrade(subobj, samba3, message, paths)
 	for (var i in samba3.groupmappings) {
 		var msg = "... " + samba3.groupmappings[i].nt_name;
 		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
-		ok = samdb.add(ldif);
-		if (!ok) { 
-			msg = msg + "... error: " + samdb.errstring();
-			ret = ret + 1; 
+		if (ldif != undefined) {
+			ok = samdb.add(ldif);
+			if (!ok && samdb.errstring() != "Record exists") { 
+				msg = msg + "... error: " + samdb.errstring();
+				ret = ret + 1; 
+			}
 		}
 		message(msg + "\n");
 	}
@@ -454,7 +504,7 @@ function upgrade(subobj, samba3, message, paths)
 		for (var j in ldif) {
 			var msg = "... ... " + j;
 			ok = regdb.add(ldif[j]);
-			if (!ok) { 
+			if (!ok && regdb.errstring() != "Record exists") { 
 				msg = msg + "... error: " + regdb.errstring();
 				ret = ret + 1; 
 			}
@@ -497,10 +547,16 @@ dn: @MAP=samba3sam
 		ok = samdb.add(ldif);
 		assert(ok);
 
-		ok = samdb.modify("dn: @MODULES
+		ok = samdb.modify("
+dn: @MODULES
+changetype: modify
 replace: @LIST
-@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
-		assert(ok);
+@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam
+");
+		if (!ok) {
+			message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
+			ret = ret + 1;
+		}
 	}
 
 	return ret;
@@ -514,6 +570,11 @@ function upgrade_verify(subobj, samba3,paths,message)
 
 	var ok = samldb.connect(paths.samdb);
 	assert(ok);
+
+	for (var i in samba3.samaccounts) {
+		var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))");
+		assert(msg.length >= 1);
+	}
 	
 	// FIXME
 }
-- 
cgit 


From e2e2508b586a112e612bf3660f80d25c9bf8bc90 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 1 Sep 2005 15:33:31 +0000
Subject: r9899: Be more conservative about what is sent to the remote server
 in ldb_map. (This used to be commit 76e943d4416e38ce4cce27d5403bc3e133d0025b)

---
 source4/scripting/libjs/upgrade.js | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 45e6884e9f..07fa8f34cc 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -541,11 +541,6 @@ function upgrade(subobj, samba3, message, paths)
 	// Enable samba3sam module if original passdb backend was ldap
 	if (ldapurl != undefined) {
 		message("Enabling Samba3 LDAP mappings for SAM database\n");
-		var ldif = sprintf("
-dn: @MAP=samba3sam
-@MAP_URL: %s", ldapurl);
-		ok = samdb.add(ldif);
-		assert(ok);
 
 		ok = samdb.modify("
 dn: @MODULES
@@ -557,6 +552,12 @@ replace: @LIST
 			message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
 			ret = ret + 1;
 		}
+
+		ok = samdb.add(sprintf("
+dn: @MAP=samba3sam
+@MAP_URL: %s", ldapurl));
+		assert(ok);
+
 	}
 
 	return ret;
-- 
cgit 


From 1170f02e23b3c3597b6871cdf64e7d4fbee5ee08 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 1 Sep 2005 23:06:20 +0000
Subject: r9925: Fix swapped nt/lm password hashes - caught by Andrew Bartlett
 (This used to be commit 4f0ee80f6cc1639f612a50ddb8d99ee36d8ce8d6)

---
 source4/scripting/libjs/upgrade.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 07fa8f34cc..e11af26aa7 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -146,8 +146,8 @@ samba3PassLastSetTime: %d
 samba3PassCanChangeTime: %d
 samba3PassMustChangeTime: %d
 objectSid: %s-%d
-ntPwdHash:: %s
 lmPwdHash:: %s
+ntPwdHash:: %s
 
 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
 
-- 
cgit 


From aae4b1a95193796ef0368cd3f2b65d59f9805b7f Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Fri, 2 Sep 2005 12:06:25 +0000
Subject: r9951: Add another value to the default HKLM. Convert Samba3 policy
 "refuse machine pw change" to registry value. (This used to be commit
 a143234ac7622ef3ef87c80224927551a1452e4b)

---
 source4/scripting/libjs/upgrade.js | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index e11af26aa7..62556ed8d9 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -85,14 +85,12 @@ samba3ResetCountMinutes: %d
 samba3UserMustLogonToChangePassword: %d
 samba3BadLockoutMinutes: %d
 samba3DisconnectTime: %d
-samba3RefuseMachinePwdChange: %d
 
 ", dn, samba3.policy.min_password_length, 
 	samba3.policy.password_history, samba3.policy.minimum_password_age,
 	samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
 	samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
-	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time, 
-	samba3.policy.refuse_machine_password_change
+	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time
 );
 	
 	return ldif;
@@ -466,6 +464,18 @@ function upgrade(subobj, samba3, message, paths)
 	ok = samdb.modify(ldif);
 	assert(ok);
 
+	var regdb = ldb_init();
+	ok = regdb.connect(paths.hklm);
+	assert(ok);
+	ok = regdb.modify(sprintf("
+dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE
+replace: type
+type: 4
+replace: data
+data: %d
+", samba3.policy.refuse_machine_password_change));
+	assert(ok);
+
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
 		var msg = "... " + samba3.samaccounts[i].username;
@@ -497,7 +507,7 @@ function upgrade(subobj, samba3, message, paths)
 	for (var i in hives) {
 		var hn = hives[i];
 		message("... " + hn + "\n");
-		var regdb = ldb_init();
+		regdb = ldb_init();
 		ok = regdb.connect(paths[hn]);
 		assert(ok);
 		var ldif = upgrade_registry(samba3.registry, hn, regdb);
@@ -512,6 +522,7 @@ function upgrade(subobj, samba3, message, paths)
 		}
 	}
 
+
 	message("Importing WINS data\n");
 	var winsdb = ldb_init();
 	ok = winsdb.connect(paths.winsdb);
-- 
cgit 


From 342d229b4082004d30fa7018c04bba66da48a91b Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 12 Sep 2005 23:52:25 +0000
Subject: r10190: Do some very basic input checking when provisioning. (This
 used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)

---
 source4/scripting/libjs/provision.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef99dc43c5..33bfafac13 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -233,7 +233,9 @@ function provision(subobj, message, blank, paths)
 	subobj.REALM       = strlower(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
+	assert(valid_netbios_name(subobj.DOMAIN));
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+	assert(valid_netbios_name(subobj.NETBIOSNAME));
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
@@ -431,5 +433,29 @@ member: %s
 	return enable_account(ldb, user_dn);
 }
 
+// Check whether a name is valid as a NetBIOS name. 
+// FIXME: There are probably more constraints here
+function valid_netbios_name(name)
+{
+	if (strlen(name) > 13) return false;
+	if (strstr(name, ".")) return false;
+	return true;
+}
+
+function provision_validate(subobj, message)
+{
+	if (!valid_netbios_name(subobj.DOMAIN)) {
+		message("Invalid NetBIOS name for domain\n");
+		return false;
+	}
+
+	if (!valid_netbios_name(subobj.NETBIOSNAME)) {
+		message("Invalid NetBIOS name for host\n");
+		return false;
+	}
+
+	return true;
+}
+
 
 return 0;
-- 
cgit 


From bcc3ce695e9290013ab7fab230a5b0ab27b65ac4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 13 Sep 2005 01:02:06 +0000
Subject: r10193:  r11632@blu:  tridge | 2005-08-30 23:08:27 +1000  if we fail
 to erase a ldb during provision by traversing  and deleting records (an
 in-place erase) then just unlink it  and start it again. This makes
 provisioning much more robust  to changes in ldb that make it not backward
 compatible with  old DBs. (This used to be commit
 173655aec25c462b8b90b850df65ae6f95f44efb)

---
 source4/scripting/libjs/provision.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 33bfafac13..d700ecd539 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -122,6 +122,18 @@ function hostname()
 }
 
 
+/* the ldb is in bad shape, possibly due to being built from an
+   incompatible previous version of the code, so delete it
+   completely */
+function ldb_delete(ldb)
+{
+	println("Deleting " + ldb.filename);
+	sys.unlink(ldb.filename);
+	ldb.close();
+	var ok = ldb.connect(ldb.filename);
+	assert(ok);
+}
+
 /*
   erase an ldb, removing all records
 */
@@ -138,10 +150,18 @@ function ldb_erase(ldb)
 	/* and the rest */
 	var res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
 	var i;
+	if (typeof(res) == "undefined") {
+		ldb_delete(ldb);
+		return;
+	}
 	for (i=0;i<res.length;i++) {
 		ldb.del(res[i].dn);
 	}
 	res = ldb.search("(objectclass=*)", attrs);
+	if (res.length != 0) {
+		ldb_delete(ldb);
+		return;
+	}
 	assert(res.length == 0);
 }
 
@@ -170,6 +190,8 @@ function setup_ldb(ldif, dbname, subobj)
 	data = data + extra;
 	data = substitute_var(data, subobj);
 
+	ldb.filename = dbname;
+
 	var ok = ldb.connect(dbname);
 	assert(ok);
 
-- 
cgit 


From bb9c9ec69c58c9707381e37a7d984e1fab32548f Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 26 Sep 2005 18:15:24 +0000
Subject: r10515: Handle replacement of "domain logons" and "domain master" by
 "server role" (This used to be commit
 c5e3a1c55d9e21f9ee618169dc05c69ee9c9c5b1)

---
 source4/scripting/libjs/upgrade.js | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 62556ed8d9..6109371338 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -387,11 +387,9 @@ smbconf_keep = new Array(
 	"map system",
 	"map hidden",
 	"map archive",
-	"domain logons",
 	"preferred master",
 	"prefered master",
 	"local master",
-	"domain master",
 	"browseable",
 	"browsable",
 	"wins server",
@@ -444,6 +442,20 @@ function upgrade_smbconf(oldconf,mark)
 		}
 	}
 
+	if (oldconf.get("domain logons") == "True") {
+		if (oldconf.get("domain master") == "True") {
+			newconf.set("role", "pdc");
+		} else {
+			newconf.set("role", "bdc");
+		}
+	} else {
+		if (oldconf.get("domain master") == "True") {
+			newconf.set("role", "standalone");
+		} else {
+			newconf.set("role", "member server");
+		}
+	}
+
 	return newconf;
 }
 
-- 
cgit 


From c3c26c90088141272affb591702f3c2124eec89f Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 15 Oct 2005 10:15:42 +0000
Subject: r11087: - add type,name,scope as attributes to winsRecords,   so you
 can use them in search filters,   only for administration not used inside the
 winserver code - fix the samba3 ugrade scripts to create a correct samba4
 wins.ldb

metze
(This used to be commit 9f3b6746d86583c48097da48c28f50f075bbd3e3)
---
 source4/scripting/libjs/upgrade.js | 65 ++++++++++++++++++++++++++++++++++----
 1 file changed, 58 insertions(+), 7 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 6109371338..60a9725b43 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -228,22 +228,73 @@ unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
 function upgrade_wins(samba3)
 {
 	var ldif = "";
+	var version_id = 0;
+
 	for (i in samba3.winsentries) {
+		var rType;
+		var rState;
+		var nType;
+		var numIPs = 0;
 		var e = samba3.winsentries[i];
-		
+		var now = sys.nttime();
+		var ttl = sys.unix2nttime(e.ttl);
+
+		version_id++;
+
+		for (var i in e.ips) {
+			numIPs++;
+		}
+
+		if (e.type == 0x1C) {
+			rType = 0x2;
+		} else if (sys.bitAND(e.type, 0x80)) {
+			if (numIPs > 1) {
+				rType = 0x2;
+			} else {
+				rType = 0x1;
+			}
+		} else {
+			if (numIPs > 1) {
+				rType = 0x3;
+			} else {
+				rType = 0x0;
+			}
+		}
+
+		if (ttl > now) {
+			rState = 0x0;/* active */
+		} else {
+			rState = 0x1;/* released */		
+		}
+
+		nType = (sys.bitAND(e.nb_flags,0x60)>>5);
+
 		ldif = ldif + sprintf("
-dn: type=%d,name=%s
+dn: name:%s,type=0x%02X
+type: 0x%02X
 name: %s
-objectClass: wins
-nbFlags: %x
-expires: %s
-", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
+objectClass: winsRecord
+recordType: %u
+recordState: %u
+nodeType: %u
+isStatic: 0
+expireTime: %s
+versionID: %llu
+", e.name, e.type, e.type, e.name, 
+   rType, rState, nType, 
+   sys.ldaptime(ttl), version_id);
 
 		for (var i in e.ips) {
 			ldif = ldif + sprintf("address: %s\n", e.ips[i]);
 		}
 	}
 
+	ldif = ldif + sprintf("
+dn: CN=VERSION
+objectClass: winsMaxVersion
+maxVersion: %llu
+", version_id);
+
 	return ldif;
 }
 
@@ -569,7 +620,7 @@ data: %d
 dn: @MODULES
 changetype: modify
 replace: @LIST
-@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam
+@LIST: samldb,operational,objectguid,rdn_name,samba3sam
 ");
 		if (!ok) {
 			message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
-- 
cgit 


From 642b42424a75102c83cd8d1fbd67186db0623e76 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Oct 2005 04:35:30 +0000
Subject: r11203: Use different variable names to make it easier to tell which
 assert fired.

Andrew Bartlett
(This used to be commit df6a40c2d261804f1cd4feb24572135a4c62a802)
---
 source4/scripting/libjs/provision.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d700ecd539..56f8251015 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -192,15 +192,15 @@ function setup_ldb(ldif, dbname, subobj)
 
 	ldb.filename = dbname;
 
-	var ok = ldb.connect(dbname);
-	assert(ok);
+	var connect_ok = ldb.connect(dbname);
+	assert(connect_ok);
 
 	if (erase) {
 		ldb_erase(ldb);	
 	}
 
-	ok = ldb.add(data);
-	assert(ok);
+	var add_ok = ldb.add(data);
+	assert(add_ok);
 }
 
 /*
-- 
cgit 


From 8103ef397409dc4b780ea9bcd98da090a3b01d1e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Oct 2005 10:18:45 +0000
Subject: r11217: Ensure the realm is substituted in UPPER case.

Andrew Bartlett
(This used to be commit 0c29f0e30d64be09baad792eb2850aa0b8fa9981)
---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 56f8251015..3090626d04 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -252,7 +252,7 @@ function provision(subobj, message, blank, paths)
 	/*
 	  some options need to be upper/lower case
 	*/
-	subobj.REALM       = strlower(subobj.REALM);
+	subobj.REALM       = strupper(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
 	assert(valid_netbios_name(subobj.DOMAIN));
@@ -309,7 +309,7 @@ function provision_guess()
 	var rdn_list;
 	random_init(local);
 
-	subobj.REALM        = lp.get("realm");
+	subobj.REALM        = strupper(lp.get("realm"));
 	subobj.DOMAIN       = lp.get("workgroup");
 	subobj.HOSTNAME     = hostname();
 
-- 
cgit 


From 17be61b7b9cff8bfc668ec1d08dc442a8ad30088 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Oct 2005 11:19:03 +0000
Subject: r11222: Small provision fixes: canonicalName is now generated, and
 the DC= list should be from the dnsdomain (ie lowercae).

Andrew Bartlett
(This used to be commit 10d692a1c216134b301b5851ce1e71ed93cc6164)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 3090626d04..101110ea3e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -340,7 +340,7 @@ function provision_guess()
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
-	rdn_list = split(".", subobj.REALM);
+	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
 	return subobj;
 }
-- 
cgit 


From 75d3a8f6dc74601e30f667a1dbd09a4dad0ebe1c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 25 Oct 2005 09:30:48 +0000
Subject: r11285: fixed winreg.js for the recent change to winreg.idl (This
 used to be commit 27f46b4f18346ea03d8626a380e417b00f7a88d1)

---
 source4/scripting/libjs/winreg.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index adcefcae85..63435ac22b 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -24,7 +24,7 @@ function __winreg_open_hive(hive)
 {
 	var io = irpcObj();
 	io.input.system_name = NULL;
-	io.input.access_required = this.SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
 	var status;
 	if (hive == "HKLM") {
 		status = this.winreg_OpenHKLM(io);
@@ -248,7 +248,7 @@ function __winreg_create_key(path, key)
 	io.input.name = key;
 	io.input.class = NULL;
 	io.input.options = 0;
-	io.input.access_required = this.SEC_FLAG_MAXIMUM_ALLOWED;
+	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
 	io.input.secdesc = NULL;
 	io.input.action_taken = 0;	
 
-- 
cgit 


From c5b99e3c696939f432b865e938caf31439385edf Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 28 Oct 2005 07:00:52 +0000
Subject: r11363: fixed a problem with provisioning when hklm already exists
 (the problem is really caused by hklm not having objectclass attributes on
 its records, but this is a workaround) (This used to be commit
 62d5253a033f47335ceefade9ad7d98ddfc19584)

---
 source4/scripting/libjs/provision.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 101110ea3e..6b76d2bc1f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -157,7 +157,7 @@ function ldb_erase(ldb)
 	for (i=0;i<res.length;i++) {
 		ldb.del(res[i].dn);
 	}
-	res = ldb.search("(objectclass=*)", attrs);
+	res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
 	if (res.length != 0) {
 		ldb_delete(ldb);
 		return;
@@ -165,7 +165,6 @@ function ldb_erase(ldb)
 	assert(res.length == 0);
 }
 
-
 /*
   setup a ldb in the private dir
  */
-- 
cgit 


From 783851099b43236666b2fc0cc866834773d6e7b7 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 2 Nov 2005 01:04:00 +0000
Subject: r11458: fixed our ejs smbscript interfaces to use arrays where
 appropriate. In js arrays are a special type of object where the length
 property is automatic, and cannot be modified manually. Our code was manually
 setting length, which made it abort when someone passed in a real ejs array.
 To fix this we need to create real arrays instead of objects, and remove the
 code that manually sets the length (This used to be commit
 ebdd1393fde44a0a35446d1a922d29a7c1769ba7)

---
 source4/scripting/libjs/management.js |  3 +--
 source4/scripting/libjs/winreg.js     | 13 +++----------
 2 files changed, 4 insertions(+), 12 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index 26c1c0a34a..1258368e90 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -24,7 +24,7 @@ function smbsrv_sessions()
 	}
 
 	/* gather the results into a single array */
-	var i, count=0, ret = new Object();
+	var i, count=0, ret = new Array(0);
 	for (i=0;i<io.results.length;i++) {
 		var sessions = io.results[i].info.sessions.sessions;
 		var j;
@@ -33,7 +33,6 @@ function smbsrv_sessions()
 			count++;
 		}
 	}
-	ret.length = count;
 	return ret;
 }
 
diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 63435ac22b..3b05f89c93 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -51,16 +51,13 @@ function __winreg_open_path(path)
 {
 	var s = string_init();
 	var i, components = s.split('\\', path);
-	var list = new Object();
-
-	list.length = 0;
 
 	/* cope with a leading slash */
 	if (components[0] == '') {
 		for (i=0;i<(components.length-1);i++) {
 			components[i] = components[i+1];
 		}
-		components.length--;
+		delete(components[i]);
 	}
 	
 	if (components.length == 0) {
@@ -108,8 +105,7 @@ function __winreg_open_path(path)
 */
 function __winreg_enum_path(path)
 {
-	var list = new Object();
-	list.length = 0;
+	var list = new Array(0);
 
 	if (path == null || path == "\\" || path == "") {
 		return new Array("HKLM", "HKU");
@@ -155,7 +151,6 @@ function __winreg_enum_path(path)
 			return list;
 		}
 		list[list.length] = out.name.name;
-		list.length++;
 	}
 
 	this.close(handle);
@@ -174,8 +169,7 @@ function __winreg_enum_path(path)
 function __winreg_enum_values(path)
 {
 	var data = datablob_init();
-	var list = new Object();
-	list.length = 0;
+	var list = new Array(0);
 
 	var handle = this.open_path(path);
 	if (handle == undefined) {
@@ -224,7 +218,6 @@ function __winreg_enum_values(path)
 		el.value = data.regToVar(el.rawvalue, el.type);
 		el.size  = out.size;
 		list[list.length] = el;
-		list.length++;
 	}
 
 	this.close(handle);
-- 
cgit 


From c845ab1e60f2c97410fa4d530aa594f1f3d5fe55 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 2 Nov 2005 06:41:11 +0000
Subject: r11474: - enable ldb transactions from ejs

- speed up provisioning a bit using a ldb transaction (also means you
  can't end up with a ldb being half done)
(This used to be commit 91dfe304cf688bb81b69ff3192ac84b78b34b311)
---
 source4/scripting/libjs/provision.js | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 6b76d2bc1f..8c2398e74e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -128,9 +128,12 @@ function hostname()
 function ldb_delete(ldb)
 {
 	println("Deleting " + ldb.filename);
-	sys.unlink(ldb.filename);
+	var lp = loadparm_init();
+	sys.unlink(sprintf("%s/%s", lp.get("private dir"), ldb.filename));
+	ldb.transaction_cancel();
 	ldb.close();
 	var ok = ldb.connect(ldb.filename);
+	ldb.transaction_start();
 	assert(ok);
 }
 
@@ -148,7 +151,7 @@ function ldb_erase(ldb)
 	ldb.del("@MODULES");
 
 	/* and the rest */
-	var res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
+	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
 	var i;
 	if (typeof(res) == "undefined") {
 		ldb_delete(ldb);
@@ -157,12 +160,13 @@ function ldb_erase(ldb)
 	for (i=0;i<res.length;i++) {
 		ldb.del(res[i].dn);
 	}
-	res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
+	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
 	if (res.length != 0) {
 		ldb_delete(ldb);
 		return;
 	}
 	assert(res.length == 0);
+	ldb_delete(ldb);
 }
 
 /*
@@ -194,12 +198,15 @@ function setup_ldb(ldif, dbname, subobj)
 	var connect_ok = ldb.connect(dbname);
 	assert(connect_ok);
 
+	ldb.transaction_start();
+
 	if (erase) {
 		ldb_erase(ldb);	
 	}
 
 	var add_ok = ldb.add(data);
 	assert(add_ok);
+	ldb.transaction_commit();
 }
 
 /*
@@ -279,6 +286,8 @@ function provision(subobj, message, blank, paths)
 	setup_ldb("hklm.ldif", paths.hklm, subobj);
 	message("Setting up sam.ldb attributes\n");
 	setup_ldb("provision_init.ldif", paths.samdb, subobj);
+//	message("Setting up sam.ldb objectclasses\n");
+//	setup_ldb("schema_classes.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb templates\n");
 	setup_ldb("provision_templates.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
@@ -394,6 +403,8 @@ function newuser(username, unixname, password, message)
 	var ok = ldb.connect(samdb);
 	assert(ok);
 
+	ldb.transaction_start();
+
 	/* find the DNs for the domain and the domain users group */
 	var domain_dn = searchone(ldb, "objectClass=domainDNS", "dn");
 	assert(domain_dn != undefined);
@@ -451,7 +462,11 @@ member: %s
 	/*
 	  modify the userAccountControl to remove the disabled bit
 	*/
-	return enable_account(ldb, user_dn);
+	ok = enable_account(ldb, user_dn);
+	if (ok) {
+		ldb.transaction_commit();
+	}
+	return ok;
 }
 
 // Check whether a name is valid as a NetBIOS name. 
-- 
cgit 


From 917ca215bb72dd9b7a93a8d883c286b140c4300c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 2 Nov 2005 06:49:08 +0000
Subject: r11475: removed a extraneous ldb_delete() call (i had it there for
 debugging) (This used to be commit daa9dcd8f4b1dde801091ec64faa8158481d171c)

---
 source4/scripting/libjs/provision.js | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 8c2398e74e..959b71b6b3 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -166,7 +166,6 @@ function ldb_erase(ldb)
 		return;
 	}
 	assert(res.length == 0);
-	ldb_delete(ldb);
 }
 
 /*
-- 
cgit 


From 4764eb7a937ebd7ae5fc300dc384434c616a0662 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 4 Nov 2005 02:23:50 +0000
Subject: r11496: add a minimal ads-compatible schema into our sam.ldb setup.
 This is needed for mmc management of Samba4. (This used to be commit
 cbbce4fe403efc0b9e63052c2aa1fbb5972f2abe)

---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 959b71b6b3..1584cb18ec 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -285,8 +285,8 @@ function provision(subobj, message, blank, paths)
 	setup_ldb("hklm.ldif", paths.hklm, subobj);
 	message("Setting up sam.ldb attributes\n");
 	setup_ldb("provision_init.ldif", paths.samdb, subobj);
-//	message("Setting up sam.ldb objectclasses\n");
-//	setup_ldb("schema_classes.ldif", paths.samdb, subobj, NULL, false);
+	message("Setting up sam.ldb schema\n");
+	setup_ldb("schema.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb templates\n");
 	setup_ldb("provision_templates.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
-- 
cgit 


From 318ac84440754b467cdfb363a47e3fafce1b0fec Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 4 Nov 2005 04:07:24 +0000
Subject: r11500: fixed a bug in the variable substition code using the new
 limit argument to split() (This used to be commit
 25131efea8c1a2b0bfa7f999766ebcbab8fa8006)

---
 source4/scripting/libjs/base.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index 8a07f4e383..fbceabf993 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -71,7 +71,7 @@ function substitute_var(str, subobj)
 	var list = split("${", str);
 	var i;
 	for (i=1;i<list.length;i++) {
-		var list2 = split("}", list[i]);
+		var list2 = split("}", list[i], 1);
 		if (list2.length < 2) {
 			return undefined;
 		}
-- 
cgit 


From b00252c5b8235a1c962db86b67d45417457a4337 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 4 Nov 2005 04:07:45 +0000
Subject: r11501: change provision code to use the new display specifiers (This
 used to be commit 696fa87a212e65d6337c39a84f682b64b52593a5)

---
 source4/scripting/libjs/provision.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 1584cb18ec..a304076d22 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -287,6 +287,8 @@ function provision(subobj, message, blank, paths)
 	setup_ldb("provision_init.ldif", paths.samdb, subobj);
 	message("Setting up sam.ldb schema\n");
 	setup_ldb("schema.ldif", paths.samdb, subobj, NULL, false);
+	message("Setting up display specifiers\n");
+	setup_ldb("display_specifiers.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb templates\n");
 	setup_ldb("provision_templates.ldif", paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
-- 
cgit 


From 509be8d902038ec2a75ece5fd28d43d73218f0b2 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 18 Nov 2005 12:20:16 +0000
Subject: r11781: rename tree to tcons to match the sessions substructure of
 smbsrv_connection

metze
(This used to be commit acd3e644e030a3544ddc6cdcd4e0ec9617732cba)
---
 source4/scripting/libjs/management.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index 1258368e90..e54b5e283b 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -39,7 +39,7 @@ function smbsrv_sessions()
 /*
   return a list of current tree connects
 */
-function smbsrv_trees()
+function smbsrv_tcons()
 {
 	var irpc = irpc_init();
 	status = irpc.connect("smb_server");
@@ -48,7 +48,7 @@ function smbsrv_trees()
 	}
 
 	var io = irpcObj();
-	io.input.level = irpc.SMBSRV_INFO_TREES;
+	io.input.level = irpc.SMBSRV_INFO_TCONS;
 	status = irpc.smbsrv_information(io);
 	if (status.is_ok != true) {
 		return undefined;
@@ -57,10 +57,10 @@ function smbsrv_trees()
 	/* gather the results into a single array */
 	var i, count=0, ret = new Object();
 	for (i=0;i<io.results.length;i++) {
-		var trees = io.results[i].info.trees.trees;
+		var tcons = io.results[i].info.tcons.tcons;
 		var j;
-		for (j=0;j<trees.length;j++) {
-			ret[count] = trees[j];
+		for (j=0;j<tcons.length;j++) {
+			ret[count] = tcons[j];
 			count++;
 		}
 	}
-- 
cgit 


From 09932e03837e7c41fdc3a2985f005a6b255fd26c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 29 Nov 2005 08:58:39 +0000
Subject: r11956: removed the old rootdse.ldif, and the provision.js code that
 uses it (This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d)

---
 source4/scripting/libjs/provision.js | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index a304076d22..513fb23cd9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -238,7 +238,6 @@ function provision_default_paths(subobj)
 	paths.hkpd = "hkpd.ldb";
 	paths.hkpt = "hkpt.ldb";
 	paths.samdb = "sam.ldb";
-	paths.rootdse = "rootdse.ldb";
 	paths.secrets = "secrets.ldb";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
@@ -297,8 +296,6 @@ function provision(subobj, message, blank, paths)
 		message("Setting up sam.ldb users and groups\n");
 		setup_ldb("provision_users.ldif", paths.samdb, subobj, data, false);
 	}
-	message("Setting up rootdse.ldb\n");
-	setup_ldb("rootdse.ldif", paths.rootdse, subobj);
 	message("Setting up secrets.ldb\n");
 	setup_ldb("secrets.ldif", paths.secrets, subobj);
 	message("Setting up DNS zone file\n");
-- 
cgit 


From 9c6b7f2d62e134a4bc15efc04e05be25e4a53dc7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 1 Dec 2005 05:20:39 +0000
Subject: r11995: A big kerberos-related update.

This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.

In particular, the credentials system now supplies GSS client and
server credentials.  These are imported into GSS with
gss_krb5_import_creds().  Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.

Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls.  Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.

To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass.  The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.

This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().

We can now (in theory) use a system-provided /etc/krb5.keytab, if

krb5Keytab: FILE:/etc/krb5.keytab

is added to the secrets.ldb record.  By default the attribute

privateKeytab: secrets.keytab

is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 513fb23cd9..0b6a31ae4f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -302,6 +302,9 @@ function provision(subobj, message, blank, paths)
 	setup_file("provision.zone", 
 		   paths.dns, 
 		   subobj);
+	message("Setting up keytabs\n");
+	var keytab_ok = credentials_update_all_keytabs();
+	assert(keytab_ok);
 }
 
 /*
-- 
cgit 


From a1827a1deba04e0b4b2a508dc4e4e66603a46d16 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 14 Dec 2005 07:22:25 +0000
Subject: r12227: I realised that I wasn't yet seeing authenticated LDAP for
 the ldb backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
---
 source4/scripting/libjs/provision.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 0b6a31ae4f..aa4ea5bff8 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -280,6 +280,15 @@ function provision(subobj, message, blank, paths)
 		setup_file("provision.smb.conf", paths.smbconf, subobj);
 		lp.reload();
 	}
+	message("Setting up secrets.ldb\n");
+	setup_ldb("secrets.ldif", paths.secrets, subobj);
+	message("Setting up DNS zone file\n");
+	setup_file("provision.zone", 
+		   paths.dns, 
+		   subobj);
+	message("Setting up keytabs\n");
+	var keytab_ok = credentials_update_all_keytabs();
+	assert(keytab_ok);
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", paths.hklm, subobj);
 	message("Setting up sam.ldb attributes\n");
@@ -296,15 +305,6 @@ function provision(subobj, message, blank, paths)
 		message("Setting up sam.ldb users and groups\n");
 		setup_ldb("provision_users.ldif", paths.samdb, subobj, data, false);
 	}
-	message("Setting up secrets.ldb\n");
-	setup_ldb("secrets.ldif", paths.secrets, subobj);
-	message("Setting up DNS zone file\n");
-	setup_file("provision.zone", 
-		   paths.dns, 
-		   subobj);
-	message("Setting up keytabs\n");
-	var keytab_ok = credentials_update_all_keytabs();
-	assert(keytab_ok);
 }
 
 /*
-- 
cgit 


From 6589e93b1b8a61860931a171a0306b270597e1f2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 15 Dec 2005 02:39:29 +0000
Subject: r12252: With this change (hack) we can now do an provision onto
 Samba4's LDAP server.  Now to try another one...

Andrew Bartlett
(This used to be commit 175f616d74ac3567a35713343be0c63c96c5aede)
---
 source4/scripting/libjs/provision.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index aa4ea5bff8..4cd9e5fa8d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -160,6 +160,9 @@ function ldb_erase(ldb)
 	for (i=0;i<res.length;i++) {
 		ldb.del(res[i].dn);
 	}
+	/* extra hack to ensure it's gone on remote ldap */
+	ldb.del("cn=ROOTDSE");
+
 	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
 	if (res.length != 0) {
 		ldb_delete(ldb);
@@ -237,7 +240,7 @@ function provision_default_paths(subobj)
 	paths.hku = "hku.ldb";
 	paths.hkpd = "hkpd.ldb";
 	paths.hkpt = "hkpt.ldb";
-	paths.samdb = "sam.ldb";
+	paths.samdb = lp.get("sam database");
 	paths.secrets = "secrets.ldb";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
-- 
cgit 


From 5811b6dac51edb2b8fdb217c41a56c5122763157 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 28 Dec 2005 03:57:26 +0000
Subject: r12533: Get the ldb.errstring() out to the user on failure.  It helps
 a lot with debugging!

Andrew Bartlett
(This used to be commit fe36cb6767ce99432e2778037aad334170dca173)
---
 source4/scripting/libjs/provision.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 4cd9e5fa8d..f26c69d15e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -207,8 +207,15 @@ function setup_ldb(ldif, dbname, subobj)
 	}
 
 	var add_ok = ldb.add(data);
-	assert(add_ok);
-	ldb.transaction_commit();
+	if (!add_ok) {
+		message("ldb load failed: " + ldb.errstring() + "\n");
+		assert(add_ok);
+	}
+	var commit_ok = ldb.transaction_commit();
+	if (!commit_ok) {
+		message("ldb commit failed: " + ldb.errstring() + "\n");
+		assert(add_ok);
+	}
 }
 
 /*
-- 
cgit 


From 92461359f79803d97f942912d347c692fa596dc4 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 3 Jan 2006 17:22:19 +0000
Subject: r12695: A dot is allowed in NetBIOS names. (This used to be commit
 f4ac7d6359b5a6de04a6ea518dec99f4c9b49b3d)

---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f26c69d15e..b5f8527bd0 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -481,11 +481,11 @@ member: %s
 }
 
 // Check whether a name is valid as a NetBIOS name. 
-// FIXME: There are probably more constraints here
+// FIXME: There are probably more constraints here. 
+// crh has a paragraph on this in his book (1.4.1.1)
 function valid_netbios_name(name)
 {
 	if (strlen(name) > 13) return false;
-	if (strstr(name, ".")) return false;
 	return true;
 }
 
-- 
cgit 


From 6c81984ddbe79ace8348c08b4a7eb7dcba75fb98 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 3 Jan 2006 18:11:17 +0000
Subject: r12697: Support empty fullname fields in unix accounts (This used to
 be commit 3d70ebca0b706ae22bc7a3f48c2247c450c42026)

---
 source4/scripting/libjs/upgrade.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 60a9725b43..4ac6b6db34 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -113,6 +113,10 @@ function upgrade_sam_account(ldb,acc,domaindn,domainsid)
 
 	var pts = split(',', acc.fullname);
 	acc.fullname = pts[0];
+
+	if (acc.fullname == undefined) {
+		acc.fullname = acc.username;
+	}
 	
 	assert(acc.fullname != undefined);
 	assert(acc.nt_username != undefined);
-- 
cgit 


From 34be0772d2a24c3836cfe7a335184ba2d8902e81 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 3 Jan 2006 19:39:53 +0000
Subject: r12699: correctly escape invalid DN characters (reported by Steinar
 H. Gunderson). this still doesn't work as a bug in ldb causes it to not
 understand escaped characters in DNs when parsing DNs (This used to be commit
 10da56fb6cc57b6c0650a8dc81ded5faa643a96e)

---
 source4/scripting/libjs/upgrade.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 4ac6b6db34..0ffb790d5f 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -151,7 +151,7 @@ objectSid: %s-%d
 lmPwdHash:: %s
 ntPwdHash:: %s
 
-", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
+", ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
 
 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
-- 
cgit 


From 65bf7621d9cb40650478bb126332c5d5cf2301f1 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 3 Jan 2006 20:26:57 +0000
Subject: r12703: Fix handling of short passdb backends (also reported by
 Steinar Gunderson) (This used to be commit
 4c562c42b43d98f4c6bdbacc5cb1dd5e65bc3418)

---
 source4/scripting/libjs/upgrade.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 0ffb790d5f..51818487eb 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -605,8 +605,10 @@ data: %d
 	var pdb = samba3.configuration.get_list("passdb backend");
 	if (pdb != undefined) {
 		for (var b in pdb) {
-			if (substr(pdb[b], 0, 7) == "ldapsam") {
-				ldapurl = substr(pdb[b], 8);
+			if (strlen(pdb[b]) >= 7) {
+				if (substr(pdb[b], 0, 7) == "ldapsam") {
+					ldapurl = substr(pdb[b], 8);
+				}
 			}
 		}
 	}
-- 
cgit 


From a7d517d6daf8a55dbfbcde80fa7e61e31dfc49be Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 3 Jan 2006 21:20:48 +0000
Subject: r12704: role => server role (This used to be commit
 5884a7effff0b11e82c9d273dbd0407b0f2eb02d)

---
 source4/scripting/libjs/upgrade.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 51818487eb..158e22eadd 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -499,15 +499,15 @@ function upgrade_smbconf(oldconf,mark)
 
 	if (oldconf.get("domain logons") == "True") {
 		if (oldconf.get("domain master") == "True") {
-			newconf.set("role", "pdc");
+			newconf.set("server role", "pdc");
 		} else {
-			newconf.set("role", "bdc");
+			newconf.set("server role", "bdc");
 		}
 	} else {
 		if (oldconf.get("domain master") == "True") {
-			newconf.set("role", "standalone");
+			newconf.set("server role", "standalone");
 		} else {
-			newconf.set("role", "member server");
+			newconf.set("server role", "member server");
 		}
 	}
 
-- 
cgit 


From 8f4dc51345dc48f5a6bfb1a49297f205ba53ef0a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 6 Jan 2006 12:29:06 +0000
Subject: r12739: Add support for using credentials in the provision process.

This should allow us to provision to a 'normal' LDAP server.

Also add in 'session info' hooks (unused).  Both of these need to be
hooked in on the webserver.

Andrew Bartlett
(This used to be commit b349d2fbfefd0e0d4620b9e8e0c4136f900be1ae)
---
 source4/scripting/libjs/provision.js | 37 ++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b5f8527bd0..17382cc014 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -16,6 +16,7 @@ function install_ok()
 {
 	var lp = loadparm_init();
 	var ldb = ldb_init();
+	ldb.credentials = credentials_cmdline();
 	if (lp.get("realm") == "") {
 		return false;
 	}
@@ -174,19 +175,21 @@ function ldb_erase(ldb)
 /*
   setup a ldb in the private dir
  */
-function setup_ldb(ldif, dbname, subobj)
+function setup_ldb(ldif, session_info, credentials, dbname, subobj)
 {
 	var erase = true;
 	var extra = "";
 	var ldb = ldb_init();
 	var lp = loadparm_init();
+	ldb.session_info = session_info;
+	ldb.credentials = credentials;
 
-	if (arguments.length >= 4) {
-		extra = arguments[3];
+	if (arguments.length >= 6) {
+		extra = arguments[5];
 	}
 
-	if (arguments.length == 5) {
-	        erase = arguments[4];
+	if (arguments.length == 7) {
+	        erase = arguments[6];
         }
 
 	var src = lp.get("setup directory") + "/" + ldif;
@@ -257,12 +260,12 @@ function provision_default_paths(subobj)
 /*
   provision samba4 - caution, this wipes all existing data!
 */
-function provision(subobj, message, blank, paths)
+function provision(subobj, message, blank, paths, session_info, credentials)
 {
 	var data = "";
 	var lp = loadparm_init();
 	var sys = sys_init();
-	
+
 	/*
 	  some options need to be upper/lower case
 	*/
@@ -291,7 +294,7 @@ function provision(subobj, message, blank, paths)
 		lp.reload();
 	}
 	message("Setting up secrets.ldb\n");
-	setup_ldb("secrets.ldif", paths.secrets, subobj);
+	setup_ldb("secrets.ldif", session_info, credentials, paths.secrets, subobj);
 	message("Setting up DNS zone file\n");
 	setup_file("provision.zone", 
 		   paths.dns, 
@@ -300,20 +303,20 @@ function provision(subobj, message, blank, paths)
 	var keytab_ok = credentials_update_all_keytabs();
 	assert(keytab_ok);
 	message("Setting up hklm.ldb\n");
-	setup_ldb("hklm.ldif", paths.hklm, subobj);
+	setup_ldb("hklm.ldif", session_info, credentials, paths.hklm, subobj);
 	message("Setting up sam.ldb attributes\n");
-	setup_ldb("provision_init.ldif", paths.samdb, subobj);
+	setup_ldb("provision_init.ldif", session_info, credentials, paths.samdb, subobj);
 	message("Setting up sam.ldb schema\n");
-	setup_ldb("schema.ldif", paths.samdb, subobj, NULL, false);
+	setup_ldb("schema.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
 	message("Setting up display specifiers\n");
-	setup_ldb("display_specifiers.ldif", paths.samdb, subobj, NULL, false);
+	setup_ldb("display_specifiers.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb templates\n");
-	setup_ldb("provision_templates.ldif", paths.samdb, subobj, NULL, false);
+	setup_ldb("provision_templates.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
 	message("Setting up sam.ldb data\n");
-	setup_ldb("provision.ldif", paths.samdb, subobj, NULL, false);
+	setup_ldb("provision.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
 	if (blank == false) {
 		message("Setting up sam.ldb users and groups\n");
-		setup_ldb("provision_users.ldif", paths.samdb, subobj, data, false);
+		setup_ldb("provision_users.ldif", session_info, credentials, paths.samdb, subobj, data, false);
 	}
 }
 
@@ -403,12 +406,14 @@ userAccountControl: %u
 /*
   add a new user record
 */
-function newuser(username, unixname, password, message)
+function newuser(username, unixname, password, message, subobj, session_info, credentials)
 {
 	var lp = loadparm_init();
 	var samdb = lp.get("sam database");
 	var ldb = ldb_init();
 	random_init(local);
+	ldb.session_info = session_info;
+	ldb.credentials = credentials;
 
 	/* connect to the sam */
 	var ok = ldb.connect(samdb);
-- 
cgit 


From 27f997e6825827ec99e1580370218c294d455e79 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 6 Jan 2006 21:45:36 +0000
Subject: r12749: Fix the newuser script.

Andrew Bartlett
(This used to be commit 42cdad5e3f06c307baf80396fd8449b803ef84c3)
---
 source4/scripting/libjs/provision.js | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 17382cc014..e71ea83523 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -406,7 +406,7 @@ userAccountControl: %u
 /*
   add a new user record
 */
-function newuser(username, unixname, password, message, subobj, session_info, credentials)
+function newuser(username, unixname, password, message, session_info, credentials)
 {
 	var lp = loadparm_init();
 	var samdb = lp.get("sam database");
@@ -437,15 +437,13 @@ function newuser(username, unixname, password, message, subobj, session_info, cr
 	var ldif = sprintf("
 dn: %s
 sAMAccountName: %s
-name: %s
 memberOf: %s
 unixName: %s
-objectGUID: %s
-unicodePwd: %s
+sambaPassword: %s
 objectClass: user
 ",
-			   user_dn, username, username, dom_users,
-			   unixname, randguid(), password);
+			   user_dn, username, dom_users,
+			   unixname, password);
 	/*
 	  add the user to the users group as well
 	*/
-- 
cgit 


From 75ef0ba513489a85557cb486135d80286d620809 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 10 Jan 2006 10:35:47 +0000
Subject: r12823: Fix up the provison and newuser code in SWAT.  This also
 cleans up the main provision script a bit, as the argument list was getting
 out of control.  (It has been replaced in part with an object).

This also returns the session_info from the auth code into ejs.

We still need access control allowing only root to re-provision.

Andrew Bartlett
(This used to be commit 002cdcf3cab6563909d31edc5d825e857dc0a732)
---
 source4/scripting/libjs/provision.js | 51 +++++++++++++++++++++---------------
 1 file changed, 30 insertions(+), 21 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e71ea83523..8b1d93c056 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -12,11 +12,12 @@ sys = sys_init();
 /*
   return true if the current install seems to be OK
 */
-function install_ok()
+function install_ok(session_info, credentials)
 {
 	var lp = loadparm_init();
 	var ldb = ldb_init();
-	ldb.credentials = credentials_cmdline();
+	ldb.session_info = session_info;
+	ldb.credentials = credentials;
 	if (lp.get("realm") == "") {
 		return false;
 	}
@@ -24,7 +25,7 @@ function install_ok()
 	if (!ok) {
 		return false;
 	}
-	var res = ldb.search("(name=Administrator)");
+	var res = ldb.search("(cn=Administrator)");
 	if (res.length != 1) {
 		return false;
 	}
@@ -175,28 +176,28 @@ function ldb_erase(ldb)
 /*
   setup a ldb in the private dir
  */
-function setup_ldb(ldif, session_info, credentials, dbname, subobj)
+function setup_ldb(ldif, info, dbname)
 {
 	var erase = true;
 	var extra = "";
 	var ldb = ldb_init();
 	var lp = loadparm_init();
-	ldb.session_info = session_info;
-	ldb.credentials = credentials;
+	ldb.session_info = info.session_info;
+	ldb.credentials = info.credentials;
 
-	if (arguments.length >= 6) {
-		extra = arguments[5];
+	if (arguments.length >= 4) {
+		extra = arguments[3];
 	}
 
-	if (arguments.length == 7) {
-	        erase = arguments[6];
+	if (arguments.length == 5) {
+	        erase = arguments[4];
         }
 
 	var src = lp.get("setup directory") + "/" + ldif;
 
 	var data = sys.file_load(src);
 	data = data + extra;
-	data = substitute_var(data, subobj);
+	data = substitute_var(data, info.subobj);
 
 	ldb.filename = dbname;
 
@@ -211,12 +212,12 @@ function setup_ldb(ldif, session_info, credentials, dbname, subobj)
 
 	var add_ok = ldb.add(data);
 	if (!add_ok) {
-		message("ldb load failed: " + ldb.errstring() + "\n");
+		info.message("ldb load failed: " + ldb.errstring() + "\n");
 		assert(add_ok);
 	}
 	var commit_ok = ldb.transaction_commit();
 	if (!commit_ok) {
-		message("ldb commit failed: " + ldb.errstring() + "\n");
+		info.message("ldb commit failed: " + ldb.errstring() + "\n");
 		assert(add_ok);
 	}
 }
@@ -265,6 +266,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	var data = "";
 	var lp = loadparm_init();
 	var sys = sys_init();
+	var info = new Object();
 
 	/*
 	  some options need to be upper/lower case
@@ -286,6 +288,11 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 
 	provision_next_usn = 1;
 
+	info.subobj = subobj;
+	info.message = message;
+	info.credentials = credentials;
+	info.session_info = session_info;
+
 	/* only install a new smb.conf if there isn't one there already */
 	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
@@ -294,7 +301,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 		lp.reload();
 	}
 	message("Setting up secrets.ldb\n");
-	setup_ldb("secrets.ldif", session_info, credentials, paths.secrets, subobj);
+	setup_ldb("secrets.ldif", info, paths.secrets);
 	message("Setting up DNS zone file\n");
 	setup_file("provision.zone", 
 		   paths.dns, 
@@ -303,20 +310,22 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	var keytab_ok = credentials_update_all_keytabs();
 	assert(keytab_ok);
 	message("Setting up hklm.ldb\n");
-	setup_ldb("hklm.ldif", session_info, credentials, paths.hklm, subobj);
+	setup_ldb("hklm.ldif", info, paths.hklm);
+
+
 	message("Setting up sam.ldb attributes\n");
-	setup_ldb("provision_init.ldif", session_info, credentials, paths.samdb, subobj);
+	setup_ldb("provision_init.ldif", info, paths.samdb);
 	message("Setting up sam.ldb schema\n");
-	setup_ldb("schema.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
+	setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
 	message("Setting up display specifiers\n");
-	setup_ldb("display_specifiers.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
+	setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false);
 	message("Setting up sam.ldb templates\n");
-	setup_ldb("provision_templates.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
+	setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
 	message("Setting up sam.ldb data\n");
-	setup_ldb("provision.ldif", session_info, credentials, paths.samdb, subobj, NULL, false);
+	setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
 	if (blank == false) {
 		message("Setting up sam.ldb users and groups\n");
-		setup_ldb("provision_users.ldif", session_info, credentials, paths.samdb, subobj, data, false);
+		setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
 	}
 }
 
-- 
cgit 


From 792951a36535c9345e6027e0940d97d511282302 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 13 Jan 2006 03:34:00 +0000
Subject: r12891: We no longer manually set the 'name' attribute.

Andrew Bartlett
(This used to be commit 7b169aad3f94f1695b1f99cc91ff928cb2ca0389)
---
 source4/scripting/libjs/upgrade.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 158e22eadd..a8f717badc 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -128,7 +128,6 @@ objectClass: user
 lastLogon: %d
 lastLogoff: %d
 unixName: %s
-name: %s
 sAMAccountName: %s
 cn: %s
 description: %s
@@ -153,7 +152,7 @@ ntPwdHash:: %s
 
 ", ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
 
-acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
+acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
-- 
cgit 


From 58f78fa182c4b4a046b957c89988d34ea2125696 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 13 Jan 2006 03:39:49 +0000
Subject: r12892: Add a 'Migrate from Windows' page to our installation section
 in SWAT.

Doing this required reworking ejsnet, particularly so it could take a
set of credentials, not just a username and password argument.

This required fixing the ejsnet.js test script, which now adds and
deletes a user, and is run from 'make test'.  This should prevent it
being broken again.

Deleting a user from ejsnet required that the matching backend be
added to libnet, hooking fortunetly onto already existing code for the
actual deletion.

The js credentials interface now handles the 'set machine account' flag.

New functions have been added to provision.js to wrap the basic
operations (so we can write a command line version, as well as the web
based version).

Andrew Bartlett
(This used to be commit a5e7c17c348c45e61699cc1626a0d5eae2df4636)
---
 source4/scripting/libjs/provision.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 8b1d93c056..60f267f8d5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -327,6 +327,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 		message("Setting up sam.ldb users and groups\n");
 		setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
 	}
+	return true;
 }
 
 /*
@@ -516,5 +517,30 @@ function provision_validate(subobj, message)
 	return true;
 }
 
+function join_domain(domain, netbios_name, join_type, creds, writefln) 
+{
+	ctx = NetContext(creds);
+	join = new Object();
+	join.domain = domain;
+	join.join_type = join_type;
+	join.netbios_name = netbios_name;
+	if (!ctx.JoinDomain(join)) {
+		writefln("Domain Join failed: " + join.error_string);
+		return false;
+	}
+	return true;
+}
+
+function vampire(machine_creds, writefln) 
+{
+	var ctx = NetContext();
+	vampire = new Object();
+	vampire.machine_creds = machine_creds;
+	if (!ctx.SamSyncLdb(vampire)) {
+		writefln("Migration of remote domain to Samba failed: " + vampire.error_string);
+		return false;
+	}
+	return true;
+}
 
 return 0;
-- 
cgit 


From f3db23ac75578198ee411b21a7ba2ec49dedafab Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 14 Jan 2006 06:17:24 +0000
Subject: r12928: This patch improves the interaction between the vampire and
 provsion code.

Previously, we had to know (or guess) the host and domain guid at the
provision stage.  Now we query the database post-provision, to extract
the values and fill in the zone file.

This allows us to generate a correct zone file in the Windows migration case.

In an effort to make SWAT easier to use, I have removed and renamed
some of the provision options.

I have also fixed a nasty issue in my js code.  I had implictly
declared a global variable of the name 'join', with disasterious
results for any subsequent user of the string utility function:

esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0

Backtrace:
        [ 0]       substitute_var:20   ->               list[i] = join("", list2)
        [ 1]           setup_file:9    ->       data = substitute_var(data, subobj)

Andrew Bartlett
(This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
---
 source4/scripting/libjs/provision.js | 64 +++++++++++++++++++++++++++---------
 1 file changed, 48 insertions(+), 16 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 60f267f8d5..2b04aa6791 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -302,10 +302,6 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	}
 	message("Setting up secrets.ldb\n");
 	setup_ldb("secrets.ldif", info, paths.secrets);
-	message("Setting up DNS zone file\n");
-	setup_file("provision.zone", 
-		   paths.dns, 
-		   subobj);
 	message("Setting up keytabs\n");
 	var keytab_ok = credentials_update_all_keytabs();
 	assert(keytab_ok);
@@ -330,6 +326,32 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	return true;
 }
 
+/* Write out a DNS zone file, from the info in the current database */
+function provision_dns(subobj, message, paths, session_info, credentials)
+{
+	message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
+	var ldb = ldb_init();
+	ldb.session_info = session_info;
+	ldb.credentials = credentials;
+
+	/* connect to the sam */
+	var ok = ldb.connect(paths.samdb);
+	assert(ok);
+
+	/* These values may have changed, due to an incoming SamSync, so fetch them from the database */
+	subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID");
+	assert(subobj.DOMAINGUID != undefined);
+
+	subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+	assert(subobj.HOSTGUID != undefined);
+
+	setup_file("provision.zone", 
+		   paths.dns, 
+		   subobj);
+
+	message("Please install the zone located in " + paths.dns + " into your DNS server\n");
+}
+
 /*
   guess reasonably default options for provisioning
 */
@@ -517,27 +539,37 @@ function provision_validate(subobj, message)
 	return true;
 }
 
-function join_domain(domain, netbios_name, join_type, creds, writefln) 
+function join_domain(domain, netbios_name, join_type, creds, message) 
 {
-	ctx = NetContext(creds);
-	join = new Object();
-	join.domain = domain;
-	join.join_type = join_type;
-	join.netbios_name = netbios_name;
-	if (!ctx.JoinDomain(join)) {
-		writefln("Domain Join failed: " + join.error_string);
+	var ctx = NetContext(creds);
+	var joindom = new Object();
+	joindom.domain = domain;
+	joindom.join_type = join_type;
+	joindom.netbios_name = netbios_name;
+	if (!ctx.JoinDomain(joindom)) {
+		message("Domain Join failed: " + join.error_string);
 		return false;
 	}
 	return true;
 }
 
-function vampire(machine_creds, writefln) 
-{
-	var ctx = NetContext();
+/* Vampire a remote domain.  Session info and credentials are required for for
+ * access to our local database (might be remote ldap)
+ */ 
+
+function vampire(domain, session_info, credentials, message) {
+	var ctx = NetContext(credentials);
 	vampire = new Object();
+	var machine_creds = credentials_init();
+	machine_creds.set_domain(form.DOMAIN);
+	if (!machine_creds.set_machine_account()) {
+		message("Failed to access domain join information!");
+		return false;
+	}
 	vampire.machine_creds = machine_creds;
+	vampire.session_info = session_info;
 	if (!ctx.SamSyncLdb(vampire)) {
-		writefln("Migration of remote domain to Samba failed: " + vampire.error_string);
+		message("Migration of remote domain to Samba failed: " + vampire.error_string);
 		return false;
 	}
 	return true;
-- 
cgit 


From 747b5cce535c51d78000bdf86d0ef8f35860624d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 14 Jan 2006 07:24:15 +0000
Subject: r12929: Fix more implict global and shadowing variables.

Andrew Bartlett
(This used to be commit def31956181833db4c8e5079b745ca60fdf35136)
---
 source4/scripting/libjs/provision.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2b04aa6791..59bc9cac30 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -559,17 +559,17 @@ function join_domain(domain, netbios_name, join_type, creds, message)
 
 function vampire(domain, session_info, credentials, message) {
 	var ctx = NetContext(credentials);
-	vampire = new Object();
+	var vampire_ctx = new Object();
 	var machine_creds = credentials_init();
 	machine_creds.set_domain(form.DOMAIN);
 	if (!machine_creds.set_machine_account()) {
 		message("Failed to access domain join information!");
 		return false;
 	}
-	vampire.machine_creds = machine_creds;
-	vampire.session_info = session_info;
-	if (!ctx.SamSyncLdb(vampire)) {
-		message("Migration of remote domain to Samba failed: " + vampire.error_string);
+	vampire_ctx.machine_creds = machine_creds;
+	vampire_ctx.session_info = session_info;
+	if (!ctx.SamSyncLdb(vampire_ctx)) {
+		message("Migration of remote domain to Samba failed: " + vampire_ctx.error_string);
 		return false;
 	}
 	return true;
-- 
cgit 


From ba07f94438560830f9b4470ecd9577b8333475bf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 15 Jan 2006 09:03:28 +0000
Subject: r12945: Try to move closer to getting Samba3 import working again.

There still a few things to work out

Andrew Bartlett
(This used to be commit 701558b5fe917555416eb0d100ef756f8ef7cf65)
---
 source4/scripting/libjs/upgrade.js | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index a8f717badc..161195a60d 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -513,13 +513,18 @@ function upgrade_smbconf(oldconf,mark)
 	return newconf;
 }
 
-function upgrade(subobj, samba3, message, paths)
+function upgrade(subobj, samba3, message, paths, session_info, credentials)
 {
 	var ret = 0;
 	var lp = loadparm_init();
 	var samdb = ldb_init();
+	samdb.session_info = session_info;
+	samdb.credentials = credentials;
 	var ok = samdb.connect(paths.samdb);
-	assert(ok);
+	if (!ok) {
+		info.message("samdb connect failed: " + samdb.errstring() + "\n");
+		assert(ok);
+	}
 
 	message("Writing configuration\n");
 	var newconf = upgrade_smbconf(samba3.configuration,true);
@@ -528,11 +533,17 @@ function upgrade(subobj, samba3, message, paths)
 	message("Importing account policies\n");
 	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
 	ok = samdb.modify(ldif);
-	assert(ok);
-
+	if (!ok) {
+		message("samdb load failed: " + samdb.errstring() + "\n");
+		assert(ok);
+	}
 	var regdb = ldb_init();
 	ok = regdb.connect(paths.hklm);
-	assert(ok);
+	if (!ok) {
+		message("registry connect: " + regdb.errstring() + "\n");
+		assert(ok);
+	}
+
 	ok = regdb.modify(sprintf("
 dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE
 replace: type
@@ -540,7 +551,10 @@ type: 4
 replace: data
 data: %d
 ", samba3.policy.refuse_machine_password_change));
-	assert(ok);
+	if (!ok) {
+		message("registry load failed: " + regdb.errstring() + "\n");
+		assert(ok);
+	}
 
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
-- 
cgit 


From 5d91a37002ce4e656100f63368807796c84cdc24 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 15 Jan 2006 16:24:55 +0000
Subject: r12947: added some error checking that I stumbled across while
 testing domain migration (This used to be commit
 c7951d17b1c4f53dd710d6a0fcf87ce678be3ff1)

---
 source4/scripting/libjs/provision.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 59bc9cac30..ef6fe31285 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -526,6 +526,8 @@ function valid_netbios_name(name)
 
 function provision_validate(subobj, message)
 {
+	var lp = loadparm_init();
+
 	if (!valid_netbios_name(subobj.DOMAIN)) {
 		message("Invalid NetBIOS name for domain\n");
 		return false;
@@ -536,6 +538,19 @@ function provision_validate(subobj, message)
 		return false;
 	}
 
+
+	if (lp.get("workgroup") != subobj.DOMAIN) {
+		message("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
+			lp.get("workgroup"), subobj.DOMAIN);
+		return false;
+	}
+
+	if (lp.get("realm") != subobj.REALM) {
+		message("realm '%s' in smb.conf must match chosen realm '%s'\n",
+			lp.get("realm"), subobj.REALM);
+		return false;
+	}
+
 	return true;
 }
 
@@ -547,7 +562,7 @@ function join_domain(domain, netbios_name, join_type, creds, message)
 	joindom.join_type = join_type;
 	joindom.netbios_name = netbios_name;
 	if (!ctx.JoinDomain(joindom)) {
-		message("Domain Join failed: " + join.error_string);
+		message("Domain Join failed: " + joindom.error_string);
 		return false;
 	}
 	return true;
-- 
cgit 


From a54a66ddf1504ef1caccc54c1f16c7461916e3b5 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 22 Jan 2006 08:31:04 +0000
Subject: r13062: Fix upgrade of WINS entries (This used to be commit
 cc4cab341e51d26c90534777eae65b7683ed93ce)

---
 source4/scripting/libjs/upgrade.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 161195a60d..9a5818c81f 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -273,7 +273,7 @@ function upgrade_wins(samba3)
 		nType = (sys.bitAND(e.nb_flags,0x60)>>5);
 
 		ldif = ldif + sprintf("
-dn: name:%s,type=0x%02X
+dn: name=%s,type=0x%02X
 type: 0x%02X
 name: %s
 objectClass: winsRecord
-- 
cgit 


From 82b6a5c9fcae38353bf24b0d9372f24c3c387924 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 23 Jan 2006 04:40:57 +0000
Subject: r13076: catch a easy to make error during vampire install (This used
 to be commit 1c49ce8df0fd2150c68d0bf4162f1ef69ff3392a)

---
 source4/scripting/libjs/provision.js | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef6fe31285..d05796001e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -551,6 +551,11 @@ function provision_validate(subobj, message)
 		return false;
 	}
 
+	if (lp.get("server role") == "pdc") {
+		message("server role must not be set to 'pdc' during the install\n");
+		return false;
+	}
+
 	return true;
 }
 
-- 
cgit 


From 627983ced0d38b1a0734918af4d3759a28a25ef4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 23 Jan 2006 14:29:10 +0000
Subject: r13084: fix 'make test'!

I would sugguest to run 'make test && make valgrind' before each commit
at this stage...

metze
(This used to be commit b7a0a778cc77f294aac589416b05dc676696d11e)
---
 source4/scripting/libjs/provision.js | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d05796001e..ef6fe31285 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -551,11 +551,6 @@ function provision_validate(subobj, message)
 		return false;
 	}
 
-	if (lp.get("server role") == "pdc") {
-		message("server role must not be set to 'pdc' during the install\n");
-		return false;
-	}
-
 	return true;
 }
 
-- 
cgit 


From 0fb2e148d1e65ed5e55adb5b733d08ffded180e4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 24 Jan 2006 00:11:32 +0000
Subject: r13097: move the creation of the default sam name -> unix name
 mappings into the main provision logic, so it can also be used as part of the
 vampire process (This used to be commit
 95e90169f4e5887ee88116179d96f28f9e06796e)

---
 source4/scripting/libjs/provision.js | 81 +++++++++++++++++++++++++++++++++---
 1 file changed, 75 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef6fe31285..90bc082341 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -52,24 +52,50 @@ function findnss()
 /*
    add a foreign security principle
  */
-function add_foreign(str, sid, desc, unixname)
+function add_foreign(str, sid, desc)
 {
 	var add = "
 dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
 objectClass: top
 objectClass: foreignSecurityPrincipal
 description: ${DESC}
-unixName: ${UNIXNAME}
 uSNCreated: 1
 uSNChanged: 1
 ";
 	var sub = new Object();
 	sub.SID = sid;
 	sub.DESC = desc;
-	sub.UNIXNAME = unixname;
 	return str + substitute_var(add, sub);
 }
 
+
+/*
+  setup a mapping between a sam name and a unix name
+ */
+function setup_name_mapping(info, ldb, sid, unixname)
+{
+	var attrs = new Array("dn");
+	var res = ldb.search(sprintf("objectSid=%s", sid), 
+			     NULL, ldb.SCOPE_DEFAULT, attrs);
+	if (res.length != 1) {
+		return false;
+	}
+	var mod = sprintf("
+dn: %s
+changetype: modify
+replace: unixName
+unixName: %s
+",
+			  res[0].dn, unixname);
+	var ok = ldb.modify(mod);
+	if (!ok) {
+		info.message("name mapping for %s failed - %s\n",
+			     sid, ldb.errstring());
+		return false;
+	}
+	return true;
+}
+
 /*
   return current time as a nt time string
 */
@@ -258,6 +284,42 @@ function provision_default_paths(subobj)
 	return paths;
 }
 
+
+/*
+  setup reasonable name mappings for sam names to unix names
+*/
+function setup_name_mappings(info, subobj, session_info, credentials)
+{
+	var lp = loadparm_init();
+	var ldb = ldb_init();
+	ldb.session_info = session_info;
+	ldb.credentials = credentials;
+	var ok = ldb.connect(lp.get("sam database"));
+	if (!ok) {
+		return false;
+	}
+
+	/* some well known sids */
+	setup_name_mapping(info, ldb, "S-1-5-7",  subobj.NOBODY);
+	setup_name_mapping(info, ldb, "S-1-1-0",  subobj.NOGROUP);
+	setup_name_mapping(info, ldb, "S-1-5-2",  subobj.NOGROUP);
+	setup_name_mapping(info, ldb, "S-1-5-18", subobj.ROOT);
+	setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
+	setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
+	setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
+
+	/* and some well known domain rids */
+	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT);
+	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL);
+	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL);
+	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL);
+	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS);
+	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL);
+
+	return true;
+}
+
+
 /*
   provision samba4 - caution, this wipes all existing data!
 */
@@ -319,10 +381,17 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
 	message("Setting up sam.ldb data\n");
 	setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
-	if (blank == false) {
-		message("Setting up sam.ldb users and groups\n");
-		setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
+	if (blank != false) {
+		return true;
 	}
+
+	message("Setting up sam.ldb users and groups\n");
+	setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
+
+	if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
+		return false;
+	}
+
 	return true;
 }
 
-- 
cgit 


From 29478d3c23d21067784f85b3c128de62837d186a Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 24 Jan 2006 00:16:54 +0000
Subject: r13098: make check for workgroup and realm case insensitive (This
 used to be commit 0cacd69dd57254cb1b51ad7969993bc24bae86c7)

---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 90bc082341..14a81e898d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -608,13 +608,13 @@ function provision_validate(subobj, message)
 	}
 
 
-	if (lp.get("workgroup") != subobj.DOMAIN) {
+	if (strupper(lp.get("workgroup")) != strupper(subobj.DOMAIN)) {
 		message("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
 			lp.get("workgroup"), subobj.DOMAIN);
 		return false;
 	}
 
-	if (lp.get("realm") != subobj.REALM) {
+	if (strupper(lp.get("realm")) != strupper(subobj.REALM)) {
 		message("realm '%s' in smb.conf must match chosen realm '%s'\n",
 			lp.get("realm"), subobj.REALM);
 		return false;
-- 
cgit 


From f705108a8a14427f6ef114ad76d4f5e48759136e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 24 Jan 2006 01:52:56 +0000
Subject: r13102: fixed the vampire code to correctly setup foreign sids and
 default unix name mappings (This used to be commit
 dc74d8ccf15b9324cd8b90ef9d41cf293b9de8e3)

---
 source4/scripting/libjs/provision.js | 56 ++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 21 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 14a81e898d..fe112eeb24 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -52,20 +52,20 @@ function findnss()
 /*
    add a foreign security principle
  */
-function add_foreign(str, sid, desc)
+function add_foreign(ldb, subobj, sid, desc)
 {
-	var add = "
-dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
+	var add = sprintf("
+dn: CN=%s,CN=ForeignSecurityPrincipals,%s
 objectClass: top
 objectClass: foreignSecurityPrincipal
-description: ${DESC}
+description: %s
 uSNCreated: 1
 uSNChanged: 1
-";
-	var sub = new Object();
-	sub.SID = sid;
-	sub.DESC = desc;
-	return str + substitute_var(add, sub);
+",
+			  sid, subobj.BASEDN, desc);
+	/* deliberately ignore errors from this, as the records may
+	   already exist */
+	ldb.add(add);
 }
 
 
@@ -78,6 +78,7 @@ function setup_name_mapping(info, ldb, sid, unixname)
 	var res = ldb.search(sprintf("objectSid=%s", sid), 
 			     NULL, ldb.SCOPE_DEFAULT, attrs);
 	if (res.length != 1) {
+		info.message("Failed to find record for objectSid %s\n", sid);
 		return false;
 	}
 	var mod = sprintf("
@@ -298,6 +299,21 @@ function setup_name_mappings(info, subobj, session_info, credentials)
 	if (!ok) {
 		return false;
 	}
+	var attrs = new Array("objectSid");
+	var res = ldb.search("dnsDomain=" + subobj.REALM,
+			     NULL, ldb.SCOPE_DEFAULT, attrs);
+	if (res.length != 1) {
+		info.message("Failed to find dnsDomain %s\n", subobj.REALM);
+		return false;
+	}
+	var sid = res[0].objectSid;
+
+	/* add some foreign sids if they are not present already */
+	add_foreign(ldb, subobj, "S-1-5-7",  "Anonymous");
+	add_foreign(ldb, subobj, "S-1-1-0",  "World");
+	add_foreign(ldb, subobj, "S-1-5-2",  "Network");
+	add_foreign(ldb, subobj, "S-1-5-18", "System");
+	add_foreign(ldb, subobj, "S-1-5-11", "Authenticated Users");
 
 	/* some well known sids */
 	setup_name_mapping(info, ldb, "S-1-5-7",  subobj.NOBODY);
@@ -307,14 +323,15 @@ function setup_name_mappings(info, subobj, session_info, credentials)
 	setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
 	setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
 	setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
+	setup_name_mapping(info, ldb, "S-1-5-32-551", subobj.BACKUP);
 
 	/* and some well known domain rids */
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS);
-	setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-500", subobj.ROOT);
+	setup_name_mapping(info, ldb, sid + "-518", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-519", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-512", subobj.WHEEL);
+	setup_name_mapping(info, ldb, sid + "-513", subobj.USERS);
+	setup_name_mapping(info, ldb, sid + "-520", subobj.WHEEL);
 
 	return true;
 }
@@ -342,12 +359,6 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
-	data = add_foreign(data, "S-1-5-7",  "Anonymous",           "${NOBODY}");
-	data = add_foreign(data, "S-1-1-0",  "World",               "${NOGROUP}");
-	data = add_foreign(data, "S-1-5-2",  "Network",             "${NOGROUP}");
-	data = add_foreign(data, "S-1-5-18", "System",              "${ROOT}");
-	data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
-
 	provision_next_usn = 1;
 
 	info.subobj = subobj;
@@ -381,6 +392,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
 	message("Setting up sam.ldb data\n");
 	setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
+
 	if (blank != false) {
 		return true;
 	}
@@ -458,6 +470,7 @@ function provision_guess()
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
 	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff");
+	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
 	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
@@ -656,6 +669,7 @@ function vampire(domain, session_info, credentials, message) {
 		message("Migration of remote domain to Samba failed: " + vampire_ctx.error_string);
 		return false;
 	}
+
 	return true;
 }
 
-- 
cgit 


From b56282dec786683055f65f25ec419113bd7aa297 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Mon, 6 Feb 2006 18:29:57 +0000
Subject: r13369: let's have a way to show the samba4 version through ejs and
 use it in provisioning to fullfill rfc 3045 requirements (This used to be
 commit 3fb9571a76481560304a826fc945983d52123299)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index fe112eeb24..84ed69231b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -150,7 +150,6 @@ function hostname()
 	return s[0];
 }
 
-
 /* the ldb is in bad shape, possibly due to being built from an
    incompatible previous version of the code, so delete it
    completely */
@@ -452,6 +451,7 @@ function provision_guess()
 	assert(subobj.DOMAIN);
 	assert(subobj.HOSTNAME);
 
+	subobj.VERSION      = version();
 	subobj.HOSTIP       = hostip();
 	subobj.DOMAINGUID   = randguid();
 	subobj.DOMAINSID    = randsid();
-- 
cgit 


From acd190d8f69ea270cd0a746faab2d1590cca7ae9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 11 Mar 2006 07:07:28 +0000
Subject: r14200: Now we have real USN support, don't force the values in the
 provision scripts.

This tests the real module, and avoids duplication.

Andrew Bartlett
(This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973)
---
 source4/scripting/libjs/provision.js | 16 ----------------
 1 file changed, 16 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 84ed69231b..b01fec82c7 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -4,9 +4,6 @@
 	Released under the GNU GPL v2 or later
 */
 
-/* used to generate sequence numbers for records */
-provision_next_usn = 1;
-
 sys = sys_init();
 
 /*
@@ -59,8 +56,6 @@ dn: CN=%s,CN=ForeignSecurityPrincipals,%s
 objectClass: top
 objectClass: foreignSecurityPrincipal
 description: %s
-uSNCreated: 1
-uSNChanged: 1
 ",
 			  sid, subobj.BASEDN, desc);
 	/* deliberately ignore errors from this, as the records may
@@ -132,14 +127,6 @@ function hostip()
 	return list[0];
 }
 
-/*
-  return next USN in the sequence
-*/
-function nextusn()
-{
-	provision_next_usn = provision_next_usn+1;
-	return provision_next_usn;
-}
 
 /*
   return first part of hostname
@@ -358,8 +345,6 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
-	provision_next_usn = 1;
-
 	info.subobj = subobj;
 	info.message = message;
 	info.credentials = credentials;
@@ -465,7 +450,6 @@ function provision_guess()
 	subobj.NTTIME       = nttime;
 	subobj.LDAPTIME     = ldaptime;
 	subobj.DATESTRING   = datestring;
-	subobj.USN          = nextusn;
 	subobj.ROOT         = findnss(nss.getpwnam, "root");
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
-- 
cgit 


From 683ca3c9ade394d782673dba80b56c84fd70b7d9 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 13 Apr 2006 12:17:12 +0000
Subject: r15077: map SID_BUILTIN_USERS

metze
(This used to be commit e896c32614fd4fd80a124ccfe49332e319f717f9)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b01fec82c7..73e3b6f4e4 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -308,6 +308,7 @@ function setup_name_mappings(info, subobj, session_info, credentials)
 	setup_name_mapping(info, ldb, "S-1-5-18", subobj.ROOT);
 	setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
 	setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
+	setup_name_mapping(info, ldb, "S-1-5-32-545", subobj.USERS);
 	setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
 	setup_name_mapping(info, ldb, "S-1-5-32-551", subobj.BACKUP);
 
-- 
cgit 


From 4f422081a79704827b13571540143b8b57e6b74c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 6 Jun 2006 17:55:41 +0000
Subject: r16063: Make is clearer when we can't write to the smb.conf

Find more possible posix group names for the 'domain users' group, as
the existing options don't exist in OSX.

Andrew Bartlett
(This used to be commit 4e8d7b7fb310a668ae8653bc06036c94249b2b2a)
---
 source4/scripting/libjs/provision.js | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 73e3b6f4e4..64485efa03 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -238,7 +238,7 @@ function setup_ldb(ldif, info, dbname)
 /*
   setup a file in the private dir
  */
-function setup_file(template, fname, subobj)
+function setup_file(template, message, fname, subobj)
 {
 	var lp = loadparm_init();
 	var f = fname;
@@ -250,7 +250,10 @@ function setup_file(template, fname, subobj)
 	data = substitute_var(data, subobj);
 
 	ok = sys.file_save(f, data);
-	assert(ok);
+	if (!ok) {
+		message("failed to create file: " + f + "\n");
+		assert(ok);
+	}
 }
 
 function provision_default_paths(subobj)
@@ -355,7 +358,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
 		message("Setting up smb.conf\n");
-		setup_file("provision.smb.conf", paths.smbconf, subobj);
+		setup_file("provision.smb.conf", info.message, paths.smbconf, subobj);
 		lp.reload();
 	}
 	message("Setting up secrets.ldb\n");
@@ -412,7 +415,7 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 	assert(subobj.HOSTGUID != undefined);
 
 	setup_file("provision.zone", 
-		   paths.dns, 
+		   message, paths.dns, 
 		   subobj);
 
 	message("Please install the zone located in " + paths.dns + " into your DNS server\n");
@@ -456,7 +459,7 @@ function provision_guess()
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
 	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff");
 	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
-	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
+	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
-- 
cgit 


From f77c4100842f8c5357fa90822e04319810a04b8d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 15 Jun 2006 18:04:24 +0000
Subject: r16264: Add, but do not yet enable, the partitions module.

This required changes to the rootDSE module, to allow registration of
partitions.  In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.

Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server.  Then we perform a modify to add the
remaining attributes.

To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.

In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.

To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.

Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
---
 source4/scripting/libjs/provision.js | 169 +++++++++++++++++++++++++++++++----
 1 file changed, 150 insertions(+), 19 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 64485efa03..877d8530e5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -71,7 +71,7 @@ function setup_name_mapping(info, ldb, sid, unixname)
 {
 	var attrs = new Array("dn");
 	var res = ldb.search(sprintf("objectSid=%s", sid), 
-			     NULL, ldb.SCOPE_DEFAULT, attrs);
+			     info.subobj.BASEDN, ldb.SCOPE_SUBTREE, attrs);
 	if (res.length != 1) {
 		info.message("Failed to find record for objectSid %s\n", sid);
 		return false;
@@ -186,6 +186,65 @@ function ldb_erase(ldb)
 	assert(res.length == 0);
 }
 
+/*
+  erase an ldb, removing all records
+*/
+function ldb_erase_partitions(info, dbname)
+{
+	var rootDSE_attrs = new Array("namingContexts");
+	var ldb = ldb_init();
+	var lp = loadparm_init();
+	var j;
+
+	ldb.session_info = info.session_info;
+	ldb.credentials = info.credentials;
+
+
+	ldb.filename = dbname;
+
+	var connect_ok = ldb.connect(dbname);
+	assert(connect_ok);
+
+	ldb.transaction_start();
+
+	var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
+	assert(typeof(res) != "undefined");
+	assert(res.length == 1);
+	for (j=0; j<res[0].namingContexts.length; j++) {
+		var attrs = new Array("dn");
+		var basedn = res[0].namingContexts[j];
+		var k;
+		var previous_remaining = 1;
+		var current_remaining = 0;
+
+			for (k=0; k < 10 && (previous_remaining != current_remaining); k++) {
+			/* and the rest */
+			var res2 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+			var i;
+			if (typeof(res2) == "undefined") {
+				info.message("ldb search failed: " + ldb.errstring() + "\n");
+				continue;
+			}
+			previous_remaining = current_remaining;
+			current_remaining = res2.length;
+			for (i=0;i<res2.length;i++) {
+				ldb.del(res2[i].dn);
+			}
+			
+			var res3 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+			if (res3.length != 0) {
+				info.message("Failed to delete all records under " + basedn + ", " + res3.length + " records remaining\n");
+			}
+		}
+	}
+
+	var commit_ok = ldb.transaction_commit();
+	if (!commit_ok) {
+		info.message("ldb commit failed: " + ldb.errstring() + "\n");
+		assert(add_ok);
+	}
+}
+
 /*
   setup a ldb in the private dir
  */
@@ -193,6 +252,7 @@ function setup_ldb(ldif, info, dbname)
 {
 	var erase = true;
 	var extra = "";
+	var failok = false;
 	var ldb = ldb_init();
 	var lp = loadparm_init();
 	ldb.session_info = info.session_info;
@@ -202,10 +262,14 @@ function setup_ldb(ldif, info, dbname)
 		extra = arguments[3];
 	}
 
-	if (arguments.length == 5) {
+	if (arguments.length >= 5) {
 	        erase = arguments[4];
         }
 
+	if (arguments.length == 6) {
+	        failok = arguments[5];
+        }
+
 	var src = lp.get("setup directory") + "/" + ldif;
 
 	var data = sys.file_load(src);
@@ -215,7 +279,11 @@ function setup_ldb(ldif, info, dbname)
 	ldb.filename = dbname;
 
 	var connect_ok = ldb.connect(dbname);
-	assert(connect_ok);
+	if (!connect_ok) {
+		sys.unlink(sprintf("%s/%s", lp.get("private dir"), dbname));
+		connect_ok = ldb.connect(dbname);
+		assert(connect_ok);
+	}
 
 	ldb.transaction_start();
 
@@ -226,12 +294,50 @@ function setup_ldb(ldif, info, dbname)
 	var add_ok = ldb.add(data);
 	if (!add_ok) {
 		info.message("ldb load failed: " + ldb.errstring() + "\n");
-		assert(add_ok);
+		if (!failok) {
+			assert(add_ok);
+	        }
+	}
+	if (add_ok) {
+		var commit_ok = ldb.transaction_commit();
+		if (!commit_ok) {
+			info.message("ldb commit failed: " + ldb.errstring() + "\n");
+			assert(commit_ok);
+		}
+	}
+}
+
+/*
+  setup a ldb in the private dir
+ */
+function setup_ldb_modify(ldif, info, dbname)
+{
+	var ldb = ldb_init();
+	var lp = loadparm_init();
+	ldb.session_info = info.session_info;
+	ldb.credentials = info.credentials;
+
+	var src = lp.get("setup directory") + "/" + ldif;
+
+	var data = sys.file_load(src);
+	data = substitute_var(data, info.subobj);
+
+	ldb.filename = dbname;
+
+	var connect_ok = ldb.connect(dbname);
+	assert(connect_ok);
+
+	ldb.transaction_start();
+
+	var mod_ok = ldb.modify(data);
+	if (!mod_ok) {
+		info.message("ldb load failed: " + ldb.errstring() + "\n");
+		assert(mod_ok);
 	}
 	var commit_ok = ldb.transaction_commit();
 	if (!commit_ok) {
 		info.message("ldb commit failed: " + ldb.errstring() + "\n");
-		assert(add_ok);
+		assert(commit_ok);
 	}
 }
 
@@ -271,6 +377,7 @@ function provision_default_paths(subobj)
 	paths.secrets = "secrets.ldb";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
+	paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
 	return paths;
 }
 
@@ -289,12 +396,8 @@ function setup_name_mappings(info, subobj, session_info, credentials)
 		return false;
 	}
 	var attrs = new Array("objectSid");
-	var res = ldb.search("dnsDomain=" + subobj.REALM,
-			     NULL, ldb.SCOPE_DEFAULT, attrs);
-	if (res.length != 1) {
-		info.message("Failed to find dnsDomain %s\n", subobj.REALM);
-		return false;
-	}
+	res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
+	assert(res.length == 1 && res[0].objectSid != undefined);
 	var sid = res[0].objectSid;
 
 	/* add some foreign sids if they are not present already */
@@ -369,9 +472,16 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", info, paths.hklm);
 
-
 	message("Setting up sam.ldb attributes\n");
 	setup_ldb("provision_init.ldif", info, paths.samdb);
+	message("Erasing data from partitions\n");
+	ldb_erase_partitions(info, paths.samdb);
+	
+	message("Adding baseDN: " + subobj.BASEDN + "\n");
+	setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true);
+	message("Modifying baseDN: " + subobj.BASEDN + "\n");
+	setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb)
+
 	message("Setting up sam.ldb schema\n");
 	setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
 	message("Setting up display specifiers\n");
@@ -408,10 +518,12 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 	assert(ok);
 
 	/* These values may have changed, due to an incoming SamSync, so fetch them from the database */
-	subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID");
-	assert(subobj.DOMAINGUID != undefined);
+	var attrs = new Array("objectGUID");
+	res = ldb.search("objectGUID=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
+	assert(res.length == 1 && res[0].objectGUID != undefined)
+	subobj.DOMAINGUID = res[0].objectGUID;
 
-	subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+	subobj.HOSTGUID = searchone(ldb, subobj.BASEDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
 	assert(subobj.HOSTGUID != undefined);
 
 	setup_file("provision.zone", 
@@ -421,6 +533,21 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 	message("Please install the zone located in " + paths.dns + " into your DNS server\n");
 }
 
+/* Write out a DNS zone file, from the info in the current database */
+function provision_ldapbase(subobj, message, paths)
+{
+	message("Setting up LDAP base entry: " + subobj.BASEDN + " \n");
+	var rdns = split(",", subobj.BASEDN);
+	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+
+	setup_file("provision_basedn.ldif", 
+		   message, paths.ldap_basedn_ldif, 
+		   subobj);
+
+	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
+}
+
+
 /*
   guess reasonably default options for provisioning
 */
@@ -466,16 +593,17 @@ function provision_guess()
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
+	subobj.LDAPBACKEND  = "users.ldb";
 	return subobj;
 }
 
 /*
   search for one attribute as a string
  */
-function searchone(ldb, expression, attribute)
+function searchone(ldb, basedn, expression, attribute)
 {
 	var attrs = new Array(attribute);
-	res = ldb.search(expression, attrs);
+	res = ldb.search(expression, basedn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.length != 1 ||
 	    res[0][attribute] == undefined) {
 		return undefined;
@@ -524,9 +652,12 @@ function newuser(username, unixname, password, message, session_info, credential
 	ldb.transaction_start();
 
 	/* find the DNs for the domain and the domain users group */
-	var domain_dn = searchone(ldb, "objectClass=domainDNS", "dn");
+	var attrs = new Array("defaultNamingContext");
+	res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
+	assert(res.length == 1 && res[0].defaultNamingContext != undefined)
+	var domain_dn = res[0].defaultNamingContext;
 	assert(domain_dn != undefined);
-	var dom_users = searchone(ldb, "name=Domain Users", "dn");
+	var dom_users = searchone(ldb, domain_dn, "name=Domain Users", "dn");
 	assert(dom_users != undefined);
 
 	var user_dn = sprintf("CN=%s,CN=Users,%s", username, domain_dn);
-- 
cgit 


From cc9d70bbba4e326ba89dec8cdc58b64b89f33091 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 15 Jun 2006 18:25:41 +0000
Subject: r16265: Fix 'newuser' command.

Andrew Bartlett
(This used to be commit 82f5f6c03d005741613c5b00705613c4078c844e)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 877d8530e5..9ad2257ff3 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -654,7 +654,7 @@ function newuser(username, unixname, password, message, session_info, credential
 	/* find the DNs for the domain and the domain users group */
 	var attrs = new Array("defaultNamingContext");
 	res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
-	assert(res.length == 1 && res[0].defaultNamingContext != undefined)
+	assert(res.length == 1 && res[0].defaultNamingContext != undefined);
 	var domain_dn = res[0].defaultNamingContext;
 	assert(domain_dn != undefined);
 	var dom_users = searchone(ldb, domain_dn, "name=Domain Users", "dn");
-- 
cgit 


From 9c66f601f1520a99b9236c32bc9f03a33bd4b2aa Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sun, 23 Jul 2006 18:43:07 +0000
Subject: r17206: Add a modular API for share configuration. Commit the classic
 backwards compatible module which is the default one (This used to be commit
 a89cc346b9296cb49929898d257a064a6c2bae86)

---
 source4/scripting/libjs/provision.js | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 9ad2257ff3..c4ffab6a30 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -367,6 +367,7 @@ function provision_default_paths(subobj)
 	var lp = loadparm_init();
 	var paths = new Object();
 	paths.smbconf = lp.get("config file");
+	paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
 	paths.hklm = "hklm.ldb";
 	paths.hkcu = "hkcu.ldb";
 	paths.hkcr = "hkcr.ldb";
@@ -464,6 +465,12 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 		setup_file("provision.smb.conf", info.message, paths.smbconf, subobj);
 		lp.reload();
 	}
+	/* only install a new shares config db if there is none */
+	st = sys.stat(paths.shareconf);
+	if (st == undefined) {
+		message("Setting up sconf.ldb\n");
+		setup_ldb("share.ldif", info, paths.shareconf);
+	}
 	message("Setting up secrets.ldb\n");
 	setup_ldb("secrets.ldif", info, paths.secrets);
 	message("Setting up keytabs\n");
-- 
cgit 


From 7b99b2048ef1cd5603d93ac94543838a049d0adc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 31 Jul 2006 01:00:18 +0000
Subject: r17330: Enable the partitions module.

This module redirects various samdb requests into different modules,
depending on the prefix.  It also makes moving to an LDAP backend
easier, as it is just a different partition backend.

This adds yet another stage to the provision process, as we must setup
the partitions before we setup the magic attributes.

Andrew Bartlett
(This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128)
---
 source4/scripting/libjs/provision.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c4ffab6a30..232d15d66f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -479,8 +479,11 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", info, paths.hklm);
 
+	message("Setting up sam.ldb partitions\n");
+	setup_ldb("provision_partitions.ldif", info, paths.samdb);
+
 	message("Setting up sam.ldb attributes\n");
-	setup_ldb("provision_init.ldif", info, paths.samdb);
+	setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false);
 	message("Erasing data from partitions\n");
 	ldb_erase_partitions(info, paths.samdb);
 	
-- 
cgit 


From 6e4940cf791c1a8009216a92b398e49250e71a53 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 11 Aug 2006 22:11:29 +0000
Subject: r17499: Open the main database only the minimum times during a
 provision.

This causes things to operate as just one transaction (locally), and
to make a minimum of TCP connections when connecting to a remote LDAP
server.

Taking advantage of this, create another file to handle loading the
Samba4 specific schema extensions.  Also comment out 'middleName' and
reassign the OID to one in the Samba4 range, as it is 'stolen' from a
netscape range that is used in OpenLDAP and interenet standards for
'ref'.

Andrew Bartlett
(This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)
---
 source4/scripting/libjs/provision.js | 146 +++++++++++++++--------------------
 1 file changed, 62 insertions(+), 84 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 232d15d66f..8830c273f5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -189,24 +189,12 @@ function ldb_erase(ldb)
 /*
   erase an ldb, removing all records
 */
-function ldb_erase_partitions(info, dbname)
+function ldb_erase_partitions(info, ldb)
 {
 	var rootDSE_attrs = new Array("namingContexts");
-	var ldb = ldb_init();
 	var lp = loadparm_init();
 	var j;
 
-	ldb.session_info = info.session_info;
-	ldb.credentials = info.credentials;
-
-
-	ldb.filename = dbname;
-
-	var connect_ok = ldb.connect(dbname);
-	assert(connect_ok);
-
-	ldb.transaction_start();
-
 	var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
 	assert(typeof(res) != "undefined");
 	assert(res.length == 1);
@@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname)
 			}
 		}
 	}
-
-	var commit_ok = ldb.transaction_commit();
-	if (!commit_ok) {
-		info.message("ldb commit failed: " + ldb.errstring() + "\n");
-		assert(add_ok);
-	}
 }
 
-/*
-  setup a ldb in the private dir
- */
-function setup_ldb(ldif, info, dbname)
+function open_ldb(info, dbname, erase)
 {
-	var erase = true;
-	var extra = "";
-	var failok = false;
 	var ldb = ldb_init();
-	var lp = loadparm_init();
 	ldb.session_info = info.session_info;
 	ldb.credentials = info.credentials;
-
-	if (arguments.length >= 4) {
-		extra = arguments[3];
-	}
-
-	if (arguments.length >= 5) {
-	        erase = arguments[4];
-        }
-
-	if (arguments.length == 6) {
-	        failok = arguments[5];
-        }
-
-	var src = lp.get("setup directory") + "/" + ldif;
-
-	var data = sys.file_load(src);
-	data = data + extra;
-	data = substitute_var(data, info.subobj);
-
 	ldb.filename = dbname;
 
 	var connect_ok = ldb.connect(dbname);
@@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname)
 	if (erase) {
 		ldb_erase(ldb);	
 	}
+	return ldb;
+}
+
+
+/*
+  setup a ldb in the private dir
+ */
+function setup_add_ldif(ldif, info, ldb, failok)
+{
+	var lp = loadparm_init();
+	var src = lp.get("setup directory") + "/" + ldif;
+
+	var data = sys.file_load(src);
+	data = substitute_var(data, info.subobj);
 
 	var add_ok = ldb.add(data);
 	if (!add_ok) {
@@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname)
 			assert(add_ok);
 	        }
 	}
-	if (add_ok) {
+	return add_ok;
+}
+
+function setup_ldb(ldif, info, dbname) 
+{
+	var erase = true;
+	var failok = false;
+
+	if (arguments.length >= 4) {
+	        erase = arguments[3];
+        }
+	if (arguments.length == 5) {
+	        failok = arguments[4];
+        }
+	var ldb = open_ldb(info, dbname, erase);
+	if (setup_add_ldif(ldif, info, ldb, erase, failok)) {
 		var commit_ok = ldb.transaction_commit();
 		if (!commit_ok) {
 			info.message("ldb commit failed: " + ldb.errstring() + "\n");
@@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname)
 /*
   setup a ldb in the private dir
  */
-function setup_ldb_modify(ldif, info, dbname)
+function setup_ldb_modify(ldif, info, ldb)
 {
-	var ldb = ldb_init();
 	var lp = loadparm_init();
-	ldb.session_info = info.session_info;
-	ldb.credentials = info.credentials;
 
 	var src = lp.get("setup directory") + "/" + ldif;
 
 	var data = sys.file_load(src);
 	data = substitute_var(data, info.subobj);
 
-	ldb.filename = dbname;
-
-	var connect_ok = ldb.connect(dbname);
-	assert(connect_ok);
-
-	ldb.transaction_start();
-
 	var mod_ok = ldb.modify(data);
 	if (!mod_ok) {
 		info.message("ldb load failed: " + ldb.errstring() + "\n");
 		assert(mod_ok);
 	}
-	var commit_ok = ldb.transaction_commit();
-	if (!commit_ok) {
-		info.message("ldb commit failed: " + ldb.errstring() + "\n");
-		assert(commit_ok);
-	}
 }
 
 /*
@@ -386,16 +356,9 @@ function provision_default_paths(subobj)
 /*
   setup reasonable name mappings for sam names to unix names
 */
-function setup_name_mappings(info, subobj, session_info, credentials)
+function setup_name_mappings(info, subobj, ldb)
 {
 	var lp = loadparm_init();
-	var ldb = ldb_init();
-	ldb.session_info = session_info;
-	ldb.credentials = credentials;
-	var ok = ldb.connect(lp.get("sam database"));
-	if (!ok) {
-		return false;
-	}
 	var attrs = new Array("objectSid");
 	res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
 	assert(res.length == 1 && res[0].objectSid != undefined);
@@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials)
 */
 function provision(subobj, message, blank, paths, session_info, credentials)
 {
-	var data = "";
 	var lp = loadparm_init();
 	var sys = sys_init();
 	var info = new Object();
@@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	setup_ldb("hklm.ldif", info, paths.hklm);
 
 	message("Setting up sam.ldb partitions\n");
+	/* Also wipes the database */
 	setup_ldb("provision_partitions.ldif", info, paths.samdb);
 
+	var samdb = open_ldb(info, paths.samdb, false);
+
 	message("Setting up sam.ldb attributes\n");
-	setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false);
+	setup_add_ldif("provision_init.ldif", info, samdb, false);
 	message("Erasing data from partitions\n");
-	ldb_erase_partitions(info, paths.samdb);
+	ldb_erase_partitions(info, samdb);
 	
-	message("Adding baseDN: " + subobj.BASEDN + "\n");
-	setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true);
+	message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
+	setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying baseDN: " + subobj.BASEDN + "\n");
-	setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb)
+	setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
 
-	message("Setting up sam.ldb schema\n");
-	setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
+	message("Setting up sam.ldb Samba4 schema\n");
+	setup_add_ldif("schema_samba4.ldif", info, samdb, false);
+	message("Setting up sam.ldb AD schema\n");
+	setup_add_ldif("schema.ldif", info, samdb, false);
 	message("Setting up display specifiers\n");
-	setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false);
+	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
 	message("Setting up sam.ldb templates\n");
-	setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
+	setup_add_ldif("provision_templates.ldif", info, samdb, false);
 	message("Setting up sam.ldb data\n");
-	setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
+	setup_add_ldif("provision.ldif", info, samdb, false);
 
 	if (blank != false) {
+		var commit_ok = samdb.transaction_commit();
+		if (!commit_ok) {
+			info.message("ldb commit failed: " + samdb.errstring() + "\n");
+			assert(commit_ok);
+		}
 		return true;
 	}
 
 	message("Setting up sam.ldb users and groups\n");
-	setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
+	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
-	if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
+	if (setup_name_mappings(info, subobj, samdb) == false) {
 		return false;
 	}
 
+	var commit_ok = samdb.transaction_commit();
+	if (!commit_ok) {
+		info.message("samdb commit failed: " + samdb.errstring() + "\n");
+		assert(commit_ok);
+	}
+
 	return true;
 }
 
-- 
cgit 


From 1686d107f49102b95b782cc7ff15727f41512d94 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 14 Aug 2006 11:38:29 +0000
Subject: r17534: Try another group for 'wheel' on True64. (This used to be
 commit 177b713288be9c5d559a27d65e16521cbeefc958)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 8830c273f5..7663f055f6 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -572,7 +572,7 @@ function provision_guess()
 	subobj.ROOT         = findnss(nss.getpwnam, "root");
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
-	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff");
+	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff", "adm");
 	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
 	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
-- 
cgit 


From c642680e5ba8cf8b58f89f9cad7140b4d1df96e1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 15 Aug 2006 02:39:38 +0000
Subject: r17548: It is a good idea to commit the fix (from mkhl) before the
 test that shows the need for...

Martin Kuhl writes:

The ejs function `substitute_var' returns `undefined' when the first
argument ends in a pattern that should be substituted.

For that reason, the second assertion fails in the following test-case:

,----
| libinclude("base.js");
|
| var obj = new Object();
| obj.FOO = "foo";
| obj.BAR = "bar";
| var str1 = "${FOO}:${BAR}";
| var str2 = "${FOO}:${BAR} "; // note the space after the brace
| var sub1 = substitute_var(str1, obj);
| var sub2 = substitute_var(str2, obj);
|
| assert(str1 + " " == str2);
| assert(sub1 + " " == sub2);
`----

The problem is that the function `split' returns a single-element
array in both cases:
a) the string to split doesn't contain the split pattern
b) the string ends with the split pattern

To work around this, the following patch tests this condition and
returns `undefined' only if the string to split (`list[i]') really
didn't contain a closing brace.
(This used to be commit 8a6908200b1e459bc9067a9d1f9635185a7eee16)
---
 source4/scripting/libjs/base.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index fbceabf993..df0bfe0ce9 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -72,7 +72,7 @@ function substitute_var(str, subobj)
 	var i;
 	for (i=1;i<list.length;i++) {
 		var list2 = split("}", list[i], 1);
-		if (list2.length < 2) {
+		if ((list2.length < 2) && (list2[0] + "}" != list[i])) {
 			return undefined;
 		}
 		var key = list2[0];
-- 
cgit 


From 4c69b46944b9ddc765b5a48deb2e3edea5e240d8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 22 Aug 2006 10:19:46 +0000
Subject: r17704: Add comments suggesting how to get the LDAP backend working.

Shutdown and reload the LDB, so the entryUUID module knows to read the
schema (will be changed once we have a central schema store and
notifications).

Andrew Bartlett
(This used to be commit d5814b689eedfc4c4701beb18a516db716a466f1)
---
 source4/scripting/libjs/provision.js | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 7663f055f6..f8d321e8cb 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -236,6 +236,7 @@ function open_ldb(info, dbname, erase)
 
 	var connect_ok = ldb.connect(dbname);
 	if (!connect_ok) {
+		var lp = loadparm_init();
 		sys.unlink(sprintf("%s/%s", lp.get("private dir"), dbname));
 		connect_ok = ldb.connect(dbname);
 		assert(connect_ok);
@@ -307,8 +308,9 @@ function setup_ldb_modify(ldif, info, ldb)
 	var mod_ok = ldb.modify(data);
 	if (!mod_ok) {
 		info.message("ldb load failed: " + ldb.errstring() + "\n");
-		assert(mod_ok);
+		return mod_ok;
 	}
+	return mod_ok;
 }
 
 /*
@@ -453,14 +455,32 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	ldb_erase_partitions(info, samdb);
 	
 	message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
-	setup_add_ldif("provision_basedn.ldif", info, samdb, true);
+	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying baseDN: " + subobj.BASEDN + "\n");
-	setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
+	var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
+	if (!modify_ok) {
+		if (!add_ok) {
+			message("Failed to both add and modify " + subobj.BASEDN + " in target " + subobj.LDAPBACKEND + "\n");
+			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
+		};
+		assert(modify_ok);
+	};
 
 	message("Setting up sam.ldb Samba4 schema\n");
 	setup_add_ldif("schema_samba4.ldif", info, samdb, false);
 	message("Setting up sam.ldb AD schema\n");
 	setup_add_ldif("schema.ldif", info, samdb, false);
+
+	// (hack) Reload, now we have the schema loaded.  
+	var commit_ok = samdb.transaction_commit();
+	if (!commit_ok) {
+		info.message("samdb commit failed: " + samdb.errstring() + "\n");
+		assert(commit_ok);
+	}
+	samdb.close();
+
+	samdb = open_ldb(info, paths.samdb, false);
+
 	message("Setting up display specifiers\n");
 	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
 	message("Setting up sam.ldb templates\n");
-- 
cgit 


From 2b99336a56a47838510f9b8a01aab05363c424b6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 28 Aug 2006 05:26:42 +0000
Subject: r17876: Require one less patch for the LDAP backend to work.

This lets the modules or backend generate the host and domain GUID,
rather than the randguid() function.  These can still be specified
from the command line.

Andrew Bartlett
(This used to be commit 32996ca9d62568006f8bee85a1f2f37c64c04fb5)
---
 source4/scripting/libjs/provision.js | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f8d321e8cb..d8abcc352f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -164,6 +164,8 @@ function ldb_erase(ldb)
 	ldb.del("@ATTRIBUTES");
 	ldb.del("@SUBCLASSES");
 	ldb.del("@MODULES");
+	ldb.del("@PARTITION");
+	ldb.del("@KLUDGEACL");
 
 	/* and the rest */
 	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
@@ -198,6 +200,9 @@ function ldb_erase_partitions(info, ldb)
 	var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
 	assert(typeof(res) != "undefined");
 	assert(res.length == 1);
+	if (typeof(res[0].namingContexts) == "undefined") {
+		return;
+	}	
 	for (j=0; j<res[0].namingContexts.length; j++) {
 		var attrs = new Array("dn");
 		var basedn = res[0].namingContexts[j];
@@ -416,6 +421,18 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	assert(valid_netbios_name(subobj.NETBIOSNAME));
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+	
+	if (subobj.DOMAINGUID != undefined) {
+		subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
+	} else {
+		subobj.DOMAINGUID_MOD = "";
+	}
+
+	if (subobj.HOSTGUID != undefined) {
+		subobj.HOSTGUID_ADD = sprintf("objectGUID: %s", subobj.HOSTGUID);
+	} else {
+		subobj.HOSTGUID_ADD = "";
+	}
 
 	info.subobj = subobj;
 	info.message = message;
@@ -525,7 +542,9 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 	var ok = ldb.connect(paths.samdb);
 	assert(ok);
 
-	/* These values may have changed, due to an incoming SamSync, so fetch them from the database */
+	/* These values may have changed, due to an incoming SamSync,
+           or may not have been specified, so fetch them from the database */
+
 	var attrs = new Array("objectGUID");
 	res = ldb.search("objectGUID=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
 	assert(res.length == 1 && res[0].objectGUID != undefined)
@@ -574,12 +593,10 @@ function provision_guess()
 	assert(subobj.REALM);
 	assert(subobj.DOMAIN);
 	assert(subobj.HOSTNAME);
-
+	
 	subobj.VERSION      = version();
 	subobj.HOSTIP       = hostip();
-	subobj.DOMAINGUID   = randguid();
 	subobj.DOMAINSID    = randsid();
-	subobj.HOSTGUID     = randguid();
 	subobj.INVOCATIONID = randguid();
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
-- 
cgit 


From ba1c80524ae34662b11b4c5acbaa90d831a5213a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 1 Sep 2006 04:34:21 +0000
Subject: r17982: One final hack...

When against a real, schema-checking LDAP backend, we need
extensibleObject on the baseDN entry (as entryUUID isn't run for
creating this basic ldif) output.
(This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d8abcc352f..cd09962931 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -565,6 +565,8 @@ function provision_ldapbase(subobj, message, paths)
 {
 	message("Setting up LDAP base entry: " + subobj.BASEDN + " \n");
 	var rdns = split(",", subobj.BASEDN);
+	subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
+
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
 	setup_file("provision_basedn.ldif", 
@@ -619,6 +621,7 @@ function provision_guess()
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
 	subobj.LDAPBACKEND  = "users.ldb";
+	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	return subobj;
 }
 
-- 
cgit 


From 3a70ec899a2d408bfc11cc21a3f470d22c080c15 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 5 Sep 2006 10:45:05 +0000
Subject: r18072: Really delete things in the base partition, after we changed
 where the default search scope points to.

Andrew Bartlett
(This used to be commit 1a111817a361faab04e73b666624ce554f000034)
---
 source4/scripting/libjs/provision.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index cd09962931..ea0f138260 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -168,7 +168,8 @@ function ldb_erase(ldb)
 	ldb.del("@KLUDGEACL");
 
 	/* and the rest */
-	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
+     	var basedn = "";
+     	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	var i;
 	if (typeof(res) == "undefined") {
 		ldb_delete(ldb);
@@ -177,10 +178,8 @@ function ldb_erase(ldb)
 	for (i=0;i<res.length;i++) {
 		ldb.del(res[i].dn);
 	}
-	/* extra hack to ensure it's gone on remote ldap */
-	ldb.del("cn=ROOTDSE");
 
-	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
+     	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.length != 0) {
 		ldb_delete(ldb);
 		return;
-- 
cgit 


From 932265660e95cb2b4f0134bfec79e119fb89df8a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 8 Sep 2006 04:36:00 +0000
Subject: r18248: Bail out with a error message if this search fails for some
 reason.

Andrew Bartlett
(This used to be commit 77b810f548fffc1298978cc92c842f5e4fc13786)
---
 source4/scripting/libjs/provision.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ea0f138260..952112b3ae 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -224,6 +224,10 @@ function ldb_erase_partitions(info, ldb)
 			}
 			
 			var res3 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+			if (typeof(res3) == "undefined") {
+				info.message("ldb search failed: " + ldb.errstring() + "\n");
+				continue;
+			}
 			if (res3.length != 0) {
 				info.message("Failed to delete all records under " + basedn + ", " + res3.length + " records remaining\n");
 			}
-- 
cgit 


From ee66b69a8bd6ec5291cdbc3071fdd01f3784c5a8 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 10 Sep 2006 12:12:24 +0000
Subject: r18334: AIX 5.1 doesn't have any of 'users', 'guest', 'other' or
 'unknown'

it does have 'usr'
(This used to be commit 96db975024a744f42a0418e379df1da6c4079fe6)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 952112b3ae..1328cfe8fe 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -616,7 +616,7 @@ function provision_guess()
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
 	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff", "adm");
 	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
-	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown");
+	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown", "usr");
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
-- 
cgit 


From 48f34499695c379d483da473b888aaa02bb5646d Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 Sep 2006 20:55:43 +0000
Subject: r18567: fixed the winreg js code for the new names of the fields in
 winreg.idl

When changing a field name in idl, please remember to check for use of
those functions in any js code as well.
(This used to be commit 7005806aa6842ffc3d5ed98682f2aefc59759580)
---
 source4/scripting/libjs/winreg.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 3b05f89c93..29338abc5a 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -80,7 +80,7 @@ function __winreg_open_path(path)
 	}
 
 	io = irpcObj();
-	io.input.handle  = handle;
+	io.input.parent_handle  = handle;
 	io.input.keyname = hpath;
 	io.input.unknown = 0;
 	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
@@ -122,10 +122,10 @@ function __winreg_enum_path(path)
 	io.input.name.length = 0;
 	io.input.name.size   = 32;
 	io.input.name.name   = NULL;
-	io.input.class = new Object();
-	io.input.class.length = 0;
-	io.input.class.size   = 1024;
-	io.input.class.name   = NULL;
+	io.input.keyclass = new Object();
+	io.input.keyclass.length = 0;
+	io.input.keyclass.size   = 1024;
+	io.input.keyclass.name   = NULL;
 	io.input.last_changed_time = 0;
 
 	var idx = 0;
@@ -239,7 +239,7 @@ function __winreg_create_key(path, key)
 	var io = irpcObj();
 	io.input.handle = handle;
 	io.input.name = key;
-	io.input.class = NULL;
+	io.input.keyclass = NULL;
 	io.input.options = 0;
 	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
 	io.input.secdesc = NULL;
-- 
cgit 


From c5718959e6a6d0454a870cbd311e707e69c98e85 Mon Sep 17 00:00:00 2001
From: Derrell Lipman <derrell@samba.org>
Date: Mon, 25 Sep 2006 02:49:56 +0000
Subject: r18880: JSON-RPC work in progress (This used to be commit
 34bffbaebf50c2a75c91285d5ec82e8f377981cc)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 1328cfe8fe..bba3d124ff 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -113,7 +113,7 @@ function ldaptime()
 */
 function datestring()
 {
-	var t = sys.gmtime(sys.nttime());
+	var t = sys.ntgmtime(sys.nttime());
 	return sprintf("%04u%02u%02u%02u",
 		       t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
 }
-- 
cgit 


From eaa427801a3aadd92a467ca6df4d41e37fb74810 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 28 Sep 2006 16:58:28 +0000
Subject: r18977: Seperate these asserts, so we know which fired.

Andrew Bartlett
(This used to be commit 9b2003618b28cb045e74937803e9aad773781803)
---
 source4/scripting/libjs/provision.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index bba3d124ff..fdc86b1cf7 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -550,7 +550,8 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 
 	var attrs = new Array("objectGUID");
 	res = ldb.search("objectGUID=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
-	assert(res.length == 1 && res[0].objectGUID != undefined)
+	assert(res.length == 1);
+	assert(res[0].objectGUID != undefined);
 	subobj.DOMAINGUID = res[0].objectGUID;
 
 	subobj.HOSTGUID = searchone(ldb, subobj.BASEDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
-- 
cgit 


From 7135bb9e6372b5514dcbd27c64b140bb4025edec Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 10 Oct 2006 04:20:50 +0000
Subject: r19216: Merge from SAMBA_4_0_RELEASE:

Move default for subobj.LDAPMODULES into scripting/libjs/provision.js
so that SWAT can provision again.

Andrew Bartlett
(This used to be commit a4aafe307d6d1396fa79b0c48b0a36cbf682f0ce)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index fdc86b1cf7..c20453a74d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -625,6 +625,7 @@ function provision_guess()
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
 	subobj.LDAPBACKEND  = "users.ldb";
+	subobj.LDAPMODULES = "objectguid";
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	return subobj;
 }
-- 
cgit 


From 151e30e18aea131291bc53f167378192165bb89c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 12 Oct 2006 08:32:58 +0000
Subject: r19252: - fixed 'erase' argument to setup_ldb()

- when wiping a ldb, wipe within each naming context first. By not
  wiping the naming contexts we didn't wipe the partitions, which
  caused a massive slowdown in re-provisioning due to re-indexing of
  the schema.
(This used to be commit b62437214cf7c98c81598c4f37c91ab284928dbb)
---
 source4/scripting/libjs/provision.js | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c20453a74d..e020cc41bd 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -157,7 +157,24 @@ function ldb_delete(ldb)
 */
 function ldb_erase(ldb)
 {
-	var attrs = new Array("dn");
+	var attrs = new Array("namingContexts");
+	var res;
+
+	/* delete within each naming context - this copes with existing partitions */
+     	res = ldb.search("objectClass=*", "", ldb.SCOPE_BASE, attrs);
+	if (typeof(res) != "undefined") {
+		if (res.length > 0) {
+			var names = res[0].namingContexts;
+			for (i=0;i<names.length;i++) {
+				attrs = new Array("dn");
+				res = ldb.search("(objectclass=*)", names[i], ldb.SCOPE_SUBTREE, attrs);
+				var j;
+				for (j=0;j<res.length;j++) {
+					ldb.del(res[j].dn);
+				}
+			}
+		}
+	}
 
 	/* delete the specials */
 	ldb.del("@INDEXLIST");
@@ -168,6 +185,7 @@ function ldb_erase(ldb)
 	ldb.del("@KLUDGEACL");
 
 	/* and the rest */
+	attrs = new Array("dn");
      	var basedn = "";
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	var i;
@@ -179,6 +197,7 @@ function ldb_erase(ldb)
 		ldb.del(res[i].dn);
 	}
 
+
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.length != 0) {
 		ldb_delete(ldb);
@@ -292,7 +311,7 @@ function setup_ldb(ldif, info, dbname)
 	        failok = arguments[4];
         }
 	var ldb = open_ldb(info, dbname, erase);
-	if (setup_add_ldif(ldif, info, ldb, erase, failok)) {
+	if (setup_add_ldif(ldif, info, ldb, failok)) {
 		var commit_ok = ldb.transaction_commit();
 		if (!commit_ok) {
 			info.message("ldb commit failed: " + ldb.errstring() + "\n");
-- 
cgit 


From d70fbdbefa321825998b5bf558c23733fb46425a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 13 Oct 2006 01:35:52 +0000
Subject: r19258: Don't delete the contents of the partitions twice, and in
 particular don't delete their contents until we have specified the new
 partition locations.

However, preserve the important part of tridge's change, that is to
ensure that no database index is present when the mass delete occours.
In my testing, it is best to leave the index until the provision is
compleated.

Andrew Bartlett
(This used to be commit 962219df7dc53ce6f6889f4b71ee19850c7ff7b5)
---
 source4/scripting/libjs/provision.js | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e020cc41bd..2dc6bb522b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -157,25 +157,8 @@ function ldb_delete(ldb)
 */
 function ldb_erase(ldb)
 {
-	var attrs = new Array("namingContexts");
 	var res;
 
-	/* delete within each naming context - this copes with existing partitions */
-     	res = ldb.search("objectClass=*", "", ldb.SCOPE_BASE, attrs);
-	if (typeof(res) != "undefined") {
-		if (res.length > 0) {
-			var names = res[0].namingContexts;
-			for (i=0;i<names.length;i++) {
-				attrs = new Array("dn");
-				res = ldb.search("(objectclass=*)", names[i], ldb.SCOPE_SUBTREE, attrs);
-				var j;
-				for (j=0;j<res.length;j++) {
-					ldb.del(res[j].dn);
-				}
-			}
-		}
-	}
-
 	/* delete the specials */
 	ldb.del("@INDEXLIST");
 	ldb.del("@ATTRIBUTES");
@@ -528,6 +511,9 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	setup_add_ldif("provision.ldif", info, samdb, false);
 
 	if (blank != false) {
+		message("Setting up sam.ldb index\n");
+		setup_add_ldif("provision_index.ldif", info, samdb, false);
+
 		var commit_ok = samdb.transaction_commit();
 		if (!commit_ok) {
 			info.message("ldb commit failed: " + samdb.errstring() + "\n");
@@ -543,6 +529,9 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 		return false;
 	}
 
+	message("Setting up sam.ldb index\n");
+	setup_add_ldif("provision_index.ldif", info, samdb, false);
+
 	var commit_ok = samdb.transaction_commit();
 	if (!commit_ok) {
 		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-- 
cgit 


From 8afbf3a0ef63dfc5553e7de8dc498685d8fd2bc7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 16 Oct 2006 03:53:12 +0000
Subject: r19318: Because we don't test the vampire code in SWAT very
 regularly, it bit-rotted.

Fix up interfaces and interaction between the two..

Andrew Bartlett
(This used to be commit 9b77d285d8cd8999547c0d17e97681d236acbdb0)
---
 source4/scripting/libjs/provision.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2dc6bb522b..05e6726244 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -368,10 +368,12 @@ function provision_default_paths(subobj)
 /*
   setup reasonable name mappings for sam names to unix names
 */
-function setup_name_mappings(info, subobj, ldb)
+function setup_name_mappings(info, ldb)
 {
 	var lp = loadparm_init();
 	var attrs = new Array("objectSid");
+	var subobj = info.subobj;
+
 	res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
 	assert(res.length == 1 && res[0].objectSid != undefined);
 	var sid = res[0].objectSid;
@@ -525,7 +527,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	message("Setting up sam.ldb users and groups\n");
 	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
-	if (setup_name_mappings(info, subobj, samdb) == false) {
+	if (setup_name_mappings(info, samdb) == false) {
 		return false;
 	}
 
-- 
cgit 


From 794a7f52235bbd7aa87629f47d2bf6a65835a615 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Mon, 16 Oct 2006 12:05:44 +0000
Subject: r19334: Commit commented provisioning code to activate the schema
 (This used to be commit 57ee79c15579d1bbe7c0d3202b84a06b75320e40)

---
 source4/scripting/libjs/provision.js | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 05e6726244..2eac2b731c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -282,6 +282,25 @@ function setup_add_ldif(ldif, info, ldb, failok)
 	return add_ok;
 }
 
+function setup_modify_ldif(ldif, info, ldb, failok)
+{
+	var lp = loadparm_init();
+	var src = lp.get("setup directory") + "/" + ldif;
+
+	var data = sys.file_load(src);
+	data = substitute_var(data, info.subobj);
+
+	var mod_ok = ldb.modify(data);
+	if (!mod_ok) {
+		info.message("ldb load failed: " + ldb.errstring() + "\n");
+		if (!failok) {
+			assert(mod_ok);
+	        }
+	}
+	return mod_ok;
+}
+
+
 function setup_ldb(ldif, info, dbname) 
 {
 	var erase = true;
@@ -524,6 +543,19 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 		return true;
 	}
 
+//	message("Activate schema module");
+//	setup_modify_ldif("schema_activation.ldif", info, samdb, false);
+//
+//	// (hack) Reload, now we have the schema loaded.  
+//	var commit_ok = samdb.transaction_commit();
+//	if (!commit_ok) {
+//		info.message("samdb commit failed: " + samdb.errstring() + "\n");
+//		assert(commit_ok);
+//	}
+//	samdb.close();
+//
+//	samdb = open_ldb(info, paths.samdb, false);
+//
 	message("Setting up sam.ldb users and groups\n");
 	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
-- 
cgit 


From b316b78cd5d2c511f59ef325c5e8fec68e02ddfe Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 20 Oct 2006 15:20:48 +0000
Subject: r19427: print out the currect name

metze
(This used to be commit 0fcdc8c243f50da5a1203370740ac8d022a5cfdc)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2eac2b731c..b267cde575 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -475,7 +475,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	/* only install a new shares config db if there is none */
 	st = sys.stat(paths.shareconf);
 	if (st == undefined) {
-		message("Setting up sconf.ldb\n");
+		message("Setting up share.ldb\n");
 		setup_ldb("share.ldif", info, paths.shareconf);
 	}
 	message("Setting up secrets.ldb\n");
-- 
cgit 


From 9fc3e164df198f92134acb2b16c1a3236f680583 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 2 Jan 2007 11:50:04 +0000
Subject: r20468: Patch from Martin Kuehl <kuehl@univention.de> to make it
 easier to load into an exsting LDAP server.  (Allow some parts to pre-exist,
 and try to blow away less data).

Andrew Bartlett
(This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134)
---
 source4/scripting/libjs/provision.js | 45 ++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 7 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b267cde575..c14a9da55f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -180,7 +180,6 @@ function ldb_erase(ldb)
 		ldb.del(res[i].dn);
 	}
 
-
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.length != 0) {
 		ldb_delete(ldb);
@@ -192,7 +191,7 @@ function ldb_erase(ldb)
 /*
   erase an ldb, removing all records
 */
-function ldb_erase_partitions(info, ldb)
+function ldb_erase_partitions(info, ldb, ldapbackend)
 {
 	var rootDSE_attrs = new Array("namingContexts");
 	var lp = loadparm_init();
@@ -205,15 +204,21 @@ function ldb_erase_partitions(info, ldb)
 		return;
 	}	
 	for (j=0; j<res[0].namingContexts.length; j++) {
+		var anything = "(|(objectclass=*)(dn=*))";
 		var attrs = new Array("dn");
 		var basedn = res[0].namingContexts[j];
 		var k;
 		var previous_remaining = 1;
 		var current_remaining = 0;
 
-			for (k=0; k < 10 && (previous_remaining != current_remaining); k++) {
+		if (ldapbackend && (basedn == info.subobj.BASEDN)) {
+			/* Only delete objects that were created by provision */
+			anything = "(objectcategory=*)";
+		}
+
+		for (k=0; k < 10 && (previous_remaining != current_remaining); k++) {
 			/* and the rest */
-			var res2 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+			var res2 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
 			var i;
 			if (typeof(res2) == "undefined") {
 				info.message("ldb search failed: " + ldb.errstring() + "\n");
@@ -225,7 +230,7 @@ function ldb_erase_partitions(info, ldb)
 				ldb.del(res2[i].dn);
 			}
 			
-			var res3 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+			var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
 			if (typeof(res3) == "undefined") {
 				info.message("ldb search failed: " + ldb.errstring() + "\n");
 				continue;
@@ -430,7 +435,7 @@ function setup_name_mappings(info, ldb)
 /*
   provision samba4 - caution, this wipes all existing data!
 */
-function provision(subobj, message, blank, paths, session_info, credentials)
+function provision(subobj, message, blank, paths, session_info, credentials, ldapbackend)
 {
 	var lp = loadparm_init();
 	var sys = sys_init();
@@ -495,7 +500,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	message("Setting up sam.ldb attributes\n");
 	setup_add_ldif("provision_init.ldif", info, samdb, false);
 	message("Erasing data from partitions\n");
-	ldb_erase_partitions(info, samdb);
+	ldb_erase_partitions(info, samdb, ldapbackend);
 	
 	message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
@@ -528,8 +533,34 @@ function provision(subobj, message, blank, paths, session_info, credentials)
 	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
 	message("Setting up sam.ldb templates\n");
 	setup_add_ldif("provision_templates.ldif", info, samdb, false);
+
+	message("Adding users container (permitted to fail)\n");
+	var add_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
+	message("Modifying users container\n");
+	var modify_ok = setup_ldb_modify("provision_help_users_mod.ldif", info, samdb);
+	if (!modify_ok) {
+		if (!add_ok) {
+			message("Failed to both add and modify the users container\n");
+			assert(modify_ok);
+		}
+		assert(modify_ok);
+	}
+	message("Adding computers container (permitted to fail)\n");
+	var add_ok = setup_add_ldif("provision_computers_add.ldif", info, samdb, true);
+	message("Modifying computers container\n");
+	var modify_ok = setup_ldb_modify("provision_computers_modify.ldif", info, samdb);
+	if (!modify_ok) {
+		if (!add_ok) {
+			message("Failed to both add and modify the computers container\n");
+			assert(modify_ok);
+		}
+		assert(modify_ok);
+	}
+
 	message("Setting up sam.ldb data\n");
 	setup_add_ldif("provision.ldif", info, samdb, false);
+	message("Setting up sam.ldb configuration data\n");
+	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
 
 	if (blank != false) {
 		message("Setting up sam.ldb index\n");
-- 
cgit 


From bf4c652af7824478ca3f029cc653aace3da1022f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 3 Jan 2007 03:19:02 +0000
Subject: r20492: Add in instructions/sample LDIF to setup Fedora DS as a
 backend.

Add a new module entrypoint to handle the new, interesting and
different mappings required for Fedora DS.

Andrew Bartlett
(This used to be commit 600c7f1a68c175b835ce45d13794a6f66bcc8493)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c14a9da55f..96e55bc4ae 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -698,6 +698,7 @@ function provision_guess()
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
 	subobj.LDAPBACKEND  = "users.ldb";
+	subobj.LDAPMODULE = "entryUUID";
 	subobj.LDAPMODULES = "objectguid";
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	return subobj;
-- 
cgit 


From e8dfa06d45b4aaa784b9f8795f4197451aed4188 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 3 Jan 2007 05:31:50 +0000
Subject: r20495: Further notes on joining with fedora DS.

Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.

Andrew Bartlett
(This used to be commit f45504e2714680978f101b4a98516686a17531df)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 96e55bc4ae..954335d335 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -701,6 +701,7 @@ function provision_guess()
 	subobj.LDAPMODULE = "entryUUID";
 	subobj.LDAPMODULES = "objectguid";
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
+	subobj.ACI = "# no aci for local ldb";
 	return subobj;
 }
 
-- 
cgit 


From 2008bbcdea8dfdf39182824cbe4f4f8fbfed3c0e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 3 Jan 2007 11:23:56 +0000
Subject: r20505: I had the wrong ldif name here.

Andrew Bartlett
(This used to be commit 5781d0f41ac1847c38ebda290f5e85423dd20186)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 954335d335..286255491b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -537,7 +537,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Adding users container (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
 	message("Modifying users container\n");
-	var modify_ok = setup_ldb_modify("provision_help_users_mod.ldif", info, samdb);
+	var modify_ok = setup_ldb_modify("provision_users_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
 			message("Failed to both add and modify the users container\n");
-- 
cgit 


From 8b70764038cd08020ab1c22b7f54cbec10acc6a0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 16:12:30 +0000
Subject: r20553: add ${CONFIGDN} and ${SCHEMADN} instead of using hardcoded
 paths under ${BASEDN}

metze
(This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
---
 source4/scripting/libjs/provision.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 286255491b..80362ce7f2 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -697,6 +697,8 @@ function provision_guess()
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
+	subobj.CONFIGDN     = "CN=Configuration," + subobj.BASEDN;
+	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 	subobj.LDAPBACKEND  = "users.ldb";
 	subobj.LDAPMODULE = "entryUUID";
 	subobj.LDAPMODULES = "objectguid";
-- 
cgit 


From 2c266fb217f7eccb45cebc95857ed968445c5742 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 16:19:00 +0000
Subject: r20554: - use ${ROOTDN} for the rootDomainNamingContext - the
 ${CONFIGDN} is a child of the ${ROOTDN}

metze
(This used to be commit ebbd8a83c982efdc58e53798d1fd191f08731005)
---
 source4/scripting/libjs/provision.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 80362ce7f2..60ab6f7093 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -697,7 +697,8 @@ function provision_guess()
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
-	subobj.CONFIGDN     = "CN=Configuration," + subobj.BASEDN;
+	subobj.ROOTDN       = subobj.ROOTDN;
+	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 	subobj.LDAPBACKEND  = "users.ldb";
 	subobj.LDAPMODULE = "entryUUID";
-- 
cgit 


From bc511a646359df17ee21a021a734c149e1e5fc01 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 16:26:16 +0000
Subject: r20555: fix typo...

metze
(This used to be commit 09622f01227093b4b351fcc79fe29d5b2f388376)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 60ab6f7093..c3204587d0 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -697,7 +697,7 @@ function provision_guess()
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
-	subobj.ROOTDN       = subobj.ROOTDN;
+	subobj.ROOTDN       = subobj.BASEDN;
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 	subobj.LDAPBACKEND  = "users.ldb";
-- 
cgit 


From 8f0a0ebcb380acf57d418a6598c75e42b0bf24dc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 17:40:43 +0000
Subject: r20557: use ${DOMAINDN} instead of ${BASEDN}

metze
(This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
---
 source4/scripting/libjs/provision.js | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c3204587d0..39810e1f94 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -57,7 +57,7 @@ objectClass: top
 objectClass: foreignSecurityPrincipal
 description: %s
 ",
-			  sid, subobj.BASEDN, desc);
+			  sid, subobj.DOMAINDN, desc);
 	/* deliberately ignore errors from this, as the records may
 	   already exist */
 	ldb.add(add);
@@ -71,7 +71,7 @@ function setup_name_mapping(info, ldb, sid, unixname)
 {
 	var attrs = new Array("dn");
 	var res = ldb.search(sprintf("objectSid=%s", sid), 
-			     info.subobj.BASEDN, ldb.SCOPE_SUBTREE, attrs);
+			     info.subobj.DOMAINDN, ldb.SCOPE_SUBTREE, attrs);
 	if (res.length != 1) {
 		info.message("Failed to find record for objectSid %s\n", sid);
 		return false;
@@ -211,7 +211,7 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 		var previous_remaining = 1;
 		var current_remaining = 0;
 
-		if (ldapbackend && (basedn == info.subobj.BASEDN)) {
+		if (ldapbackend && (basedn == info.subobj.DOMAINDN)) {
 			/* Only delete objects that were created by provision */
 			anything = "(objectcategory=*)";
 		}
@@ -398,7 +398,7 @@ function setup_name_mappings(info, ldb)
 	var attrs = new Array("objectSid");
 	var subobj = info.subobj;
 
-	res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
+	res = ldb.search("objectSid=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
 	assert(res.length == 1 && res[0].objectSid != undefined);
 	var sid = res[0].objectSid;
 
@@ -450,7 +450,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	assert(valid_netbios_name(subobj.DOMAIN));
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
 	assert(valid_netbios_name(subobj.NETBIOSNAME));
-	var rdns = split(",", subobj.BASEDN);
+	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 	
 	if (subobj.DOMAINGUID != undefined) {
@@ -502,13 +502,13 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Erasing data from partitions\n");
 	ldb_erase_partitions(info, samdb, ldapbackend);
 	
-	message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
+	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
-	message("Modifying baseDN: " + subobj.BASEDN + "\n");
+	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
 	var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify " + subobj.BASEDN + " in target " + subobj.LDAPBACKEND + "\n");
+			message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.LDAPBACKEND + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 		};
 		assert(modify_ok);
@@ -622,12 +622,12 @@ function provision_dns(subobj, message, paths, session_info, credentials)
            or may not have been specified, so fetch them from the database */
 
 	var attrs = new Array("objectGUID");
-	res = ldb.search("objectGUID=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
+	res = ldb.search("objectGUID=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
 	assert(res.length == 1);
 	assert(res[0].objectGUID != undefined);
 	subobj.DOMAINGUID = res[0].objectGUID;
 
-	subobj.HOSTGUID = searchone(ldb, subobj.BASEDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+	subobj.HOSTGUID = searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
 	assert(subobj.HOSTGUID != undefined);
 
 	setup_file("provision.zone", 
@@ -640,8 +640,8 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 /* Write out a DNS zone file, from the info in the current database */
 function provision_ldapbase(subobj, message, paths)
 {
-	message("Setting up LDAP base entry: " + subobj.BASEDN + " \n");
-	var rdns = split(",", subobj.BASEDN);
+	message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
+	var rdns = split(",", subobj.DOMAINDN);
 	subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
 
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
@@ -696,8 +696,8 @@ function provision_guess()
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
-	subobj.BASEDN       = "DC=" + join(",DC=", rdn_list);
-	subobj.ROOTDN       = subobj.BASEDN;
+	subobj.DOMAINDN       = "DC=" + join(",DC=", rdn_list);
+	subobj.ROOTDN       = subobj.DOMAINDN;
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 	subobj.LDAPBACKEND  = "users.ldb";
-- 
cgit 


From 8a2636af4ac675ca427d5e1999672141a560e3c2 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 20:10:38 +0000
Subject: r20560: make it possible to configure the backend and modules for all
 partitions and make it not use LDAP in the variable names because it isn't
 specific to the ldap backend case.

metze
(This used to be commit 3e337ec2764038e4ff05c3e926220abaa5583702)
---
 source4/scripting/libjs/provision.js | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 39810e1f94..461550d5b5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -508,7 +508,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.LDAPBACKEND + "\n");
+			message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 		};
 		assert(modify_ok);
@@ -691,20 +691,25 @@ function provision_guess()
 	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff", "adm");
 	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
 	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown", "usr");
+
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
-	subobj.DOMAINDN       = "DC=" + join(",DC=", rdn_list);
+	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
+	subobj.DOMAINDN_LDB = "users.ldb";
+	subobj.DOMAINDN_MOD = "objectguid";
 	subobj.ROOTDN       = subobj.DOMAINDN;
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
+	subobj.CONFIGDN_LDB = "configuration.ldb";
+	subobj.CONFIGDN_MOD = "objectguid";
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
-	subobj.LDAPBACKEND  = "users.ldb";
-	subobj.LDAPMODULE = "entryUUID";
-	subobj.LDAPMODULES = "objectguid";
+	subobj.SCHEMADN_LDB = "schema.ldb";
+	subobj.SCHEMADN_MOD = "objectguid";
+
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
-	subobj.ACI = "# no aci for local ldb";
+	subobj.ACI		= "# no aci for local ldb";
 	return subobj;
 }
 
-- 
cgit 


From 7d461ed48197af138e3959a17757936df9c9ce56 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 20:31:24 +0000
Subject: r20565: configure the list of global ldb modules also in js code

metze
(This used to be commit cbebe559a2563a3ab9dd2e002c79676a803b71a4)
---
 source4/scripting/libjs/provision.js | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 461550d5b5..731f95c6de 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -699,13 +699,36 @@ function provision_guess()
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
 	subobj.DOMAINDN_LDB = "users.ldb";
-	subobj.DOMAINDN_MOD = "objectguid";
 	subobj.ROOTDN       = subobj.DOMAINDN;
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
 	subobj.CONFIGDN_LDB = "configuration.ldb";
-	subobj.CONFIGDN_MOD = "objectguid";
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 	subobj.SCHEMADN_LDB = "schema.ldb";
+
+	//Add modules to the list to activate them by default
+	//beware often order is important
+	//
+	// Some Known ordering constraints:
+	// - rootdse must be first, as it makes redirects from "" -> cn=rootdse
+	// - samldb must be before password_hash, because password_hash checks
+	//   that the objectclass is of type person (filled in by samldb)
+	// - partition must be last
+	// - each partition has its own module list then
+	modules_list        = new Array("rootdse",
+					"kludge_acl",
+					"paged_results",
+					"server_sort",
+					"extended_dn",
+					"asq",
+					"samldb",
+					"password_hash",
+					"operational",
+					"objectclass",
+					"rdn_name",
+					"partition");
+	subobj.MODULES_LIST = join(",", modules_list);
+	subobj.DOMAINDN_MOD = "objectguid";
+	subobj.CONFIGDN_MOD = "objectguid";
 	subobj.SCHEMADN_MOD = "objectguid";
 
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
-- 
cgit 


From d0e221c4e097b53184ad4a877a1d062eaa10390c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 20:58:21 +0000
Subject: r20568: split out the rootdse ldif

and set the isSyncronized = TRUE when we done

metze
(This used to be commit 5875ce1ac6ff694d07787ff0cf81b3429580311b)
---
 source4/scripting/libjs/provision.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 731f95c6de..772505f569 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -499,6 +499,10 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
 	message("Setting up sam.ldb attributes\n");
 	setup_add_ldif("provision_init.ldif", info, samdb, false);
+
+	message("Setting up sam.ldb rootDSE\n");
+	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
+
 	message("Erasing data from partitions\n");
 	ldb_erase_partitions(info, samdb, ldapbackend);
 	
@@ -566,6 +570,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 		message("Setting up sam.ldb index\n");
 		setup_add_ldif("provision_index.ldif", info, samdb, false);
 
+		message("Setting up sam.ldb rootDSE marking as syncronized\n");
+		setup_modify_ldif("provision_rootdse_modify.ldif", info, samdb, false);
+
 		var commit_ok = samdb.transaction_commit();
 		if (!commit_ok) {
 			info.message("ldb commit failed: " + samdb.errstring() + "\n");
@@ -597,6 +604,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb index\n");
 	setup_add_ldif("provision_index.ldif", info, samdb, false);
 
+	message("Setting up sam.ldb rootDSE marking as syncronized\n");
+	setup_modify_ldif("provision_rootdse_modify.ldif", info, samdb, false);
+
 	var commit_ok = samdb.transaction_commit();
 	if (!commit_ok) {
 		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-- 
cgit 


From 46908530bc39e0ba3742650639b35a6d0c32852b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 21:27:24 +0000
Subject: r20572: - prepare a test_samdb.ldb in the NET-API-BECOME-DC torture
 test - we call a ejs script from the torture test for this task   so that we
 can use the provision template ldif's.

metze
(This used to be commit e84b0c7d4004df312ae58ed76dd708a2c3c37986)
---
 source4/scripting/libjs/provision.js | 59 ++++++++++++++++++++++++++++--------
 1 file changed, 47 insertions(+), 12 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 772505f569..1ef569c908 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -431,6 +431,50 @@ function setup_name_mappings(info, ldb)
 	return true;
 }
 
+function provision_fix_subobj(subobj, message)
+{
+	subobj.REALM       = strupper(subobj.REALM);
+	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
+	subobj.DOMAIN      = strupper(subobj.DOMAIN);
+	assert(valid_netbios_name(subobj.DOMAIN));
+	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+	assert(valid_netbios_name(subobj.NETBIOSNAME));
+	var rdns = split(",", subobj.DOMAINDN);
+	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+
+	return true;
+}
+
+function provision_become_dc(subobj, message, paths, session_info)
+{
+	var lp = loadparm_init();
+	var sys = sys_init();
+	var info = new Object();
+
+	var ok = provision_fix_subobj(subobj, message);
+	assert(ok);
+
+	info.subobj = subobj;
+	info.message = message;
+	info.session_info = session_info;
+
+	/* Also wipes the database */
+	message("Setting up " + paths.samdb + " partitions\n");
+	setup_ldb("provision_partitions.ldif", info, paths.samdb);
+
+	var samdb = open_ldb(info, paths.samdb, false);
+
+	message("Setting up " + paths.samdb + " attributes\n");
+	setup_add_ldif("provision_init.ldif", info, samdb, false);
+
+	message("Setting up " + paths.samdb + " rootDSE\n");
+	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
+
+	ok = samdb.transaction_commit();
+	assert(ok);
+
+	return true;
+}
 
 /*
   provision samba4 - caution, this wipes all existing data!
@@ -441,18 +485,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var sys = sys_init();
 	var info = new Object();
 
-	/*
-	  some options need to be upper/lower case
-	*/
-	subobj.REALM       = strupper(subobj.REALM);
-	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
-	subobj.DOMAIN      = strupper(subobj.DOMAIN);
-	assert(valid_netbios_name(subobj.DOMAIN));
-	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
-	assert(valid_netbios_name(subobj.NETBIOSNAME));
-	var rdns = split(",", subobj.DOMAINDN);
-	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-	
+	var ok = provision_fix_subobj(subobj, message);
+	assert(ok);
+
 	if (subobj.DOMAINGUID != undefined) {
 		subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
 	} else {
-- 
cgit 


From b31875ba75057e94fff9df67ed025570245a282b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 5 Jan 2007 23:00:46 +0000
Subject: r20575: apply records to the test_samdb.ldb (my birthday present to
 myself...:-)

we need to modify some modules to only handle originating changes...

metze
(This used to be commit 0f387d58e69a6ee806fea02229ef8fa030f2918d)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 1ef569c908..6d5e9d4f70 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -470,6 +470,9 @@ function provision_become_dc(subobj, message, paths, session_info)
 	message("Setting up " + paths.samdb + " rootDSE\n");
 	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
 
+	message("Erasing data from partitions\n");
+	ldb_erase_partitions(info, samdb, undefined);
+
 	ok = samdb.transaction_commit();
 	assert(ok);
 
-- 
cgit 


From bd96c74e144262643d3edb899c68583765ee0865 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 11 Jan 2007 11:11:34 +0000
Subject: r20683: load indexes before applying replicated objects, as for every
 object the repl_meta_data module needs to look up the object by objectGUID

metze
(This used to be commit 55f845377ce3a7aeb028805754dc9c05d429548e)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 6d5e9d4f70..d77b2b6c04 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -473,6 +473,9 @@ function provision_become_dc(subobj, message, paths, session_info)
 	message("Erasing data from partitions\n");
 	ldb_erase_partitions(info, samdb, undefined);
 
+	message("Setting up " + paths.samdb + " indexes\n");
+	setup_add_ldif("provision_index.ldif", info, samdb, false);
+
 	ok = samdb.transaction_commit();
 	assert(ok);
 
-- 
cgit 


From f1c81fdecd658031e8b95eb943839159434c0846 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Thu, 11 Jan 2007 23:09:57 +0000
Subject: r20689: "pdc" and "bdc" have been replaced by "domain controller"
 (This used to be commit 6976f283fc30a401bcc1d2c5089135c3fe8f1728)

---
 source4/scripting/libjs/upgrade.js | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 9a5818c81f..adb958a236 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -497,13 +497,9 @@ function upgrade_smbconf(oldconf,mark)
 	}
 
 	if (oldconf.get("domain logons") == "True") {
-		if (oldconf.get("domain master") == "True") {
-			newconf.set("server role", "pdc");
-		} else {
-			newconf.set("server role", "bdc");
-		}
+		newconf.set("server role", "domain controller");
 	} else {
-		if (oldconf.get("domain master") == "True") {
+		if (oldconf.get("security") == "user") {
 			newconf.set("server role", "standalone");
 		} else {
 			newconf.set("server role", "member server");
-- 
cgit 


From 03d2647bd002aff10e463ad45e26bce8148e1b49 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 15 Jan 2007 13:54:21 +0000
Subject: r20805: don't use hardcoded values for secrects.keytab and sam.ldb

metze
(This used to be commit c78e345feaef607b9297372aacb00ec068127785)
---
 source4/scripting/libjs/provision.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d77b2b6c04..e9261888c6 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -382,6 +382,7 @@ function provision_default_paths(subobj)
 	paths.hkpt = "hkpt.ldb";
 	paths.samdb = lp.get("sam database");
 	paths.secrets = "secrets.ldb";
+	paths.keytab = "secrets.keytab";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
 	paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
@@ -431,7 +432,7 @@ function setup_name_mappings(info, ldb)
 	return true;
 }
 
-function provision_fix_subobj(subobj, message)
+function provision_fix_subobj(subobj, message, paths)
 {
 	subobj.REALM       = strupper(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
@@ -442,6 +443,10 @@ function provision_fix_subobj(subobj, message)
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
+	subobj.SAM_LDB		= paths.samdb;
+	subobj.SECRETS_LDB	= paths.secrets;
+	subobj.SECRETS_KEYTAB	= paths.keytab;
+
 	return true;
 }
 
@@ -451,7 +456,7 @@ function provision_become_dc(subobj, message, paths, session_info)
 	var sys = sys_init();
 	var info = new Object();
 
-	var ok = provision_fix_subobj(subobj, message);
+	var ok = provision_fix_subobj(subobj, message, paths);
 	assert(ok);
 
 	info.subobj = subobj;
@@ -491,7 +496,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var sys = sys_init();
 	var info = new Object();
 
-	var ok = provision_fix_subobj(subobj, message);
+	var ok = provision_fix_subobj(subobj, message, paths);
 	assert(ok);
 
 	if (subobj.DOMAINGUID != undefined) {
-- 
cgit 


From 9f802707d8623955c3ef173125e0837f6daa89cd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 15 Jan 2007 14:17:26 +0000
Subject: r20806: make it possible to configure the secrets.ldb url via
 "secrets database = my_secrets.ldb"

metze
(This used to be commit a096a9741597105140845f59e54a76060da0010b)
---
 source4/scripting/libjs/provision.js | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e9261888c6..1dbe08427e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -381,7 +381,7 @@ function provision_default_paths(subobj)
 	paths.hkpd = "hkpd.ldb";
 	paths.hkpt = "hkpt.ldb";
 	paths.samdb = lp.get("sam database");
-	paths.secrets = "secrets.ldb";
+	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
@@ -484,6 +484,20 @@ function provision_become_dc(subobj, message, paths, session_info)
 	ok = samdb.transaction_commit();
 	assert(ok);
 
+	message("Setting up " + paths.secrets + "\n");
+	setup_ldb("secrets.ldif", info, paths.secrets);
+
+	tmp = lp.get("secrets database");
+	ok = lp.set("secrets database", paths.secrets);
+	assert(ok);
+
+	message("Setting up keytabs\n");
+	var keytab_ok = credentials_update_all_keytabs();
+	assert(keytab_ok);
+
+	ok = lp.set("secrets database", tmp);
+	assert(ok);
+
 	return true;
 }
 
@@ -529,11 +543,14 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 		message("Setting up share.ldb\n");
 		setup_ldb("share.ldif", info, paths.shareconf);
 	}
+
 	message("Setting up secrets.ldb\n");
 	setup_ldb("secrets.ldif", info, paths.secrets);
+
 	message("Setting up keytabs\n");
 	var keytab_ok = credentials_update_all_keytabs();
 	assert(keytab_ok);
+
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", info, paths.hklm);
 
-- 
cgit 


From 5d8700c53c0aa8d1b7c6a7b209b4d740b1036583 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 20 Jan 2007 10:27:22 +0000
Subject: r20922: use the show_deleted module by default

metze
(This used to be commit edc37501d6ecdaf7b13006b732914e21ae0be657)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 1dbe08427e..d3fa216383 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -798,6 +798,7 @@ function provision_guess()
 					"operational",
 					"objectclass",
 					"rdn_name",
+					"show_deleted",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
 	subobj.DOMAINDN_MOD = "objectguid";
-- 
cgit 


From 91ee0709b2a41268bc5d148130e2d3d2a1813b6e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 22 Jan 2007 18:15:54 +0000
Subject: r20953: add templates in provision_become_dc()

metze
(This used to be commit 306ea74f85c8cd0df767a25c45304cb33410e03c)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d3fa216383..3e409c0dfb 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -481,6 +481,9 @@ function provision_become_dc(subobj, message, paths, session_info)
 	message("Setting up " + paths.samdb + " indexes\n");
 	setup_add_ldif("provision_index.ldif", info, samdb, false);
 
+	message("Setting up " + paths.samdb + " templates\n");
+	setup_add_ldif("provision_templates.ldif", info, samdb, false);
+
 	ok = samdb.transaction_commit();
 	assert(ok);
 
-- 
cgit 


From 744dddd75be73e4e883241b808b37a12a7a39ac1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 4 Feb 2007 07:17:03 +0000
Subject: r21135: Instead of having hooks to update keytabs as an explicit
 thing, update them as a hook on ldb modify, via a module.

This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.

This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.

Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
---
 source4/scripting/libjs/provision.js | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 3e409c0dfb..23f26a6b86 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -488,16 +488,14 @@ function provision_become_dc(subobj, message, paths, session_info)
 	assert(ok);
 
 	message("Setting up " + paths.secrets + "\n");
-	setup_ldb("secrets.ldif", info, paths.secrets);
+	setup_ldb("secrets_init.ldif", info, paths.secrets);
+
+	setup_ldb("secrets.ldif", info, paths.secrets, false);
 
 	tmp = lp.get("secrets database");
 	ok = lp.set("secrets database", paths.secrets);
 	assert(ok);
 
-	message("Setting up keytabs\n");
-	var keytab_ok = credentials_update_all_keytabs();
-	assert(keytab_ok);
-
 	ok = lp.set("secrets database", tmp);
 	assert(ok);
 
@@ -547,12 +545,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 		setup_ldb("share.ldif", info, paths.shareconf);
 	}
 
-	message("Setting up secrets.ldb\n");
-	setup_ldb("secrets.ldif", info, paths.secrets);
-
-	message("Setting up keytabs\n");
-	var keytab_ok = credentials_update_all_keytabs();
-	assert(keytab_ok);
+	message("Setting up " + paths.secrets + "\n");
+	setup_ldb("secrets_init.ldif", info, paths.secrets);
+	setup_ldb("secrets.ldif", info, paths.secrets, false);
 
 	message("Setting up hklm.ldb\n");
 	setup_ldb("hklm.ldif", info, paths.hklm);
-- 
cgit 


From 9e4a5cbe292865fe3067eb7e20a0875e5ff8d207 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Feb 2007 11:16:06 +0000
Subject: r21294: this is useless, now that there's no operation in between...

metze
(This used to be commit 838d307e6ca0740bc330a5ebc46b95f3181a5c14)
---
 source4/scripting/libjs/provision.js | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 23f26a6b86..9f24b5e48b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -492,13 +492,6 @@ function provision_become_dc(subobj, message, paths, session_info)
 
 	setup_ldb("secrets.ldif", info, paths.secrets, false);
 
-	tmp = lp.get("secrets database");
-	ok = lp.set("secrets database", paths.secrets);
-	assert(ok);
-
-	ok = lp.set("secrets database", tmp);
-	assert(ok);
-
 	return true;
 }
 
-- 
cgit 


From 7ca399c0755e186508a4ed9796cbbbe6f50181e9 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 14 Feb 2007 21:55:29 +0000
Subject: r21351: Change ldb ejs bindings return codes. We were returning just
 true/false and discarding error number and string.

This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.

Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
---
 source4/scripting/libjs/provision.js | 113 ++++++++++++++++++-----------------
 1 file changed, 59 insertions(+), 54 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 9f24b5e48b..b50e9b5bcf 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -23,7 +23,7 @@ function install_ok(session_info, credentials)
 		return false;
 	}
 	var res = ldb.search("(cn=Administrator)");
-	if (res.length != 1) {
+	if (res.error != 0 || res.msgs.length != 1) {
 		return false;
 	}
 	return true;
@@ -72,7 +72,7 @@ function setup_name_mapping(info, ldb, sid, unixname)
 	var attrs = new Array("dn");
 	var res = ldb.search(sprintf("objectSid=%s", sid), 
 			     info.subobj.DOMAINDN, ldb.SCOPE_SUBTREE, attrs);
-	if (res.length != 1) {
+	if (res.error != 0 || res.msgs.length != 1) {
 		info.message("Failed to find record for objectSid %s\n", sid);
 		return false;
 	}
@@ -82,9 +82,9 @@ changetype: modify
 replace: unixName
 unixName: %s
 ",
-			  res[0].dn, unixname);
+			  res.msgs[0].dn, unixname);
 	var ok = ldb.modify(mod);
-	if (!ok) {
+	if (ok.error != 0) {
 		info.message("name mapping for %s failed - %s\n",
 			     sid, ldb.errstring());
 		return false;
@@ -172,20 +172,20 @@ function ldb_erase(ldb)
      	var basedn = "";
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	var i;
-	if (typeof(res) == "undefined") {
+	if (res.error != 0) {
 		ldb_delete(ldb);
 		return;
 	}
-	for (i=0;i<res.length;i++) {
+	for (i=0;i<res.msgs.length;i++) {
 		ldb.del(res[i].dn);
 	}
 
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
-	if (res.length != 0) {
+	if (res.error != 0 || res.msgs.length != 0) {
 		ldb_delete(ldb);
 		return;
 	}
-	assert(res.length == 0);
+	assert(res.msgs.length == 0);
 }
 
 /*
@@ -198,15 +198,15 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 	var j;
 
 	var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
-	assert(typeof(res) != "undefined");
-	assert(res.length == 1);
-	if (typeof(res[0].namingContexts) == "undefined") {
+	assert(res.error == 0);
+	assert(res.msgs.length == 1);
+	if (typeof(res.msgs[0].namingContexts) == "undefined") {
 		return;
 	}	
-	for (j=0; j<res[0].namingContexts.length; j++) {
+	for (j=0; j<res.msgs[0].namingContexts.length; j++) {
 		var anything = "(|(objectclass=*)(dn=*))";
 		var attrs = new Array("dn");
-		var basedn = res[0].namingContexts[j];
+		var basedn = res.msgs[0].namingContexts[j];
 		var k;
 		var previous_remaining = 1;
 		var current_remaining = 0;
@@ -220,23 +220,23 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 			/* and the rest */
 			var res2 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
 			var i;
-			if (typeof(res2) == "undefined") {
-				info.message("ldb search failed: " + ldb.errstring() + "\n");
+			if (res2.error != 0) {
+				info.message("ldb search failed: " + res.errstr + "\n");
 				continue;
 			}
 			previous_remaining = current_remaining;
-			current_remaining = res2.length;
-			for (i=0;i<res2.length;i++) {
-				ldb.del(res2[i].dn);
+			current_remaining = res2.msgs.length;
+			for (i=0;i<res2.msgs.length;i++) {
+				ldb.del(res2.msgs[i].dn);
 			}
 			
 			var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
-			if (typeof(res3) == "undefined") {
-				info.message("ldb search failed: " + ldb.errstring() + "\n");
+			if (res3.error != 0) {
+				info.message("ldb search failed: " + res.errstr + "\n");
 				continue;
 			}
-			if (res3.length != 0) {
-				info.message("Failed to delete all records under " + basedn + ", " + res3.length + " records remaining\n");
+			if (res3.msgs.length != 0) {
+				info.message("Failed to delete all records under " + basedn + ", " + res3.msgs.length + " records remaining\n");
 			}
 		}
 	}
@@ -277,14 +277,14 @@ function setup_add_ldif(ldif, info, ldb, failok)
 	var data = sys.file_load(src);
 	data = substitute_var(data, info.subobj);
 
-	var add_ok = ldb.add(data);
-	if (!add_ok) {
-		info.message("ldb load failed: " + ldb.errstring() + "\n");
+	var add_res = ldb.add(data);
+	if (add_res.error != 0) {
+		info.message("ldb load failed: " + add_res.errstr + "\n");
 		if (!failok) {
-			assert(add_ok);
+			assert(add_res.error == 0);
 	        }
 	}
-	return add_ok;
+	return (add_res.error == 0);
 }
 
 function setup_modify_ldif(ldif, info, ldb, failok)
@@ -295,14 +295,14 @@ function setup_modify_ldif(ldif, info, ldb, failok)
 	var data = sys.file_load(src);
 	data = substitute_var(data, info.subobj);
 
-	var mod_ok = ldb.modify(data);
-	if (!mod_ok) {
-		info.message("ldb load failed: " + ldb.errstring() + "\n");
+	var mod_res = ldb.modify(data);
+	if (mod_res.error != 0) {
+		info.message("ldb load failed: " + mod_res.errstr + "\n");
 		if (!failok) {
-			assert(mod_ok);
+			assert(mod_res.error == 0);
 	        }
 	}
-	return mod_ok;
+	return (mod_res.error == 0);
 }
 
 
@@ -339,12 +339,12 @@ function setup_ldb_modify(ldif, info, ldb)
 	var data = sys.file_load(src);
 	data = substitute_var(data, info.subobj);
 
-	var mod_ok = ldb.modify(data);
-	if (!mod_ok) {
-		info.message("ldb load failed: " + ldb.errstring() + "\n");
-		return mod_ok;
+	var mod_res = ldb.modify(data);
+	if (mod_res.error != 0) {
+		info.message("ldb load failed: " + mod_res.errstr + "\n");
+		return (mod_res.error == 0);
 	}
-	return mod_ok;
+	return (mod_res.error == 0);
 }
 
 /*
@@ -400,8 +400,9 @@ function setup_name_mappings(info, ldb)
 	var subobj = info.subobj;
 
 	res = ldb.search("objectSid=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
-	assert(res.length == 1 && res[0].objectSid != undefined);
-	var sid = res[0].objectSid;
+	assert(res.error == 0);
+	assert(res.msgs.length == 1 && res.msgs[0].objectSid != undefined);
+	var sid = res.msgs[0].objectSid;
 
 	/* add some foreign sids if they are not present already */
 	add_foreign(ldb, subobj, "S-1-5-7",  "Anonymous");
@@ -687,9 +688,10 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 
 	var attrs = new Array("objectGUID");
 	res = ldb.search("objectGUID=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
-	assert(res.length == 1);
-	assert(res[0].objectGUID != undefined);
-	subobj.DOMAINGUID = res[0].objectGUID;
+	assert(res.error == 0);
+	assert(res.msgs.length == 1);
+	assert(res.msgs[0].objectGUID != undefined);
+	subobj.DOMAINGUID = res.msgs[0].objectGUID;
 
 	subobj.HOSTGUID = searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
 	assert(subobj.HOSTGUID != undefined);
@@ -808,11 +810,12 @@ function searchone(ldb, basedn, expression, attribute)
 {
 	var attrs = new Array(attribute);
 	res = ldb.search(expression, basedn, ldb.SCOPE_SUBTREE, attrs);
-	if (res.length != 1 ||
-	    res[0][attribute] == undefined) {
+	if (res.error != 0 ||
+	    res.msgs.length != 1 ||
+	    res.msgs[0][attribute] == undefined) {
 		return undefined;
 	}
-	return res[0][attribute];
+	return res.msgs[0][attribute];
 }
 
 /*
@@ -822,8 +825,9 @@ function enable_account(ldb, user_dn)
 {
 	var attrs = new Array("userAccountControl");
 	var res = ldb.search(NULL, user_dn, ldb.SCOPE_ONELEVEL, attrs);
-	assert(res.length == 1);
-	var userAccountControl = res[0].userAccountControl;
+	assert(res.error == 0);
+	assert(res.msgs.length == 1);
+	var userAccountControl = res.msgs[0].userAccountControl;
 	userAccountControl = userAccountControl - 2; /* remove disabled bit */
 	var mod = sprintf("
 dn: %s
@@ -833,7 +837,7 @@ userAccountControl: %u
 ", 
 			  user_dn, userAccountControl);
 	var ok = ldb.modify(mod);
-	return ok;	
+	return (ok.error == 0);	
 }
 
 
@@ -858,8 +862,9 @@ function newuser(username, unixname, password, message, session_info, credential
 	/* find the DNs for the domain and the domain users group */
 	var attrs = new Array("defaultNamingContext");
 	res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
-	assert(res.length == 1 && res[0].defaultNamingContext != undefined);
-	var domain_dn = res[0].defaultNamingContext;
+	assert(res.error == 0);
+	assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
+	var domain_dn = res.msgs[0].defaultNamingContext;
 	assert(domain_dn != undefined);
 	var dom_users = searchone(ldb, domain_dn, "name=Domain Users", "dn");
 	assert(dom_users != undefined);
@@ -898,15 +903,15 @@ member: %s
 	*/
 	message("Adding user %s\n", user_dn);
 	ok = ldb.add(ldif);
-	if (ok != true) {
-		message("Failed to add %s - %s\n", user_dn, ldb.errstring());
+	if (ok.error != 0) {
+		message("Failed to add %s - %s\n", user_dn, ok.errstr);
 		return false;
 	}
 
 	message("Modifying group %s\n", dom_users);
 	ok = ldb.modify(modgroup);
-	if (ok != true) {
-		message("Failed to modify %s - %s\n", dom_users, ldb.errstring());
+	if (ok.error != 0) {
+		message("Failed to modify %s - %s\n", dom_users, ok.errstr);
 		return false;
 	}
 
-- 
cgit 


From 28884a1cab5da9be8af9721badf65f1a236fd1e9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 23 Feb 2007 10:04:20 +0000
Subject: r21513: I don't know how long this has been wrong, but fix this up so
 we can re-provision (as is required for the TEST_LDAP=yes version of make
 test).

Andrew Bartlett
(This used to be commit ea4c2ea22fb3975d80130f52edecaf6d1790adde)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b50e9b5bcf..9340d43ed9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -177,7 +177,7 @@ function ldb_erase(ldb)
 		return;
 	}
 	for (i=0;i<res.msgs.length;i++) {
-		ldb.del(res[i].dn);
+		ldb.del(res.msgs[i].dn);
 	}
 
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
-- 
cgit 


From 99fb785ea1dcf8ccc7bcbceed350178884e824b1 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 3 Mar 2007 02:06:54 +0000
Subject: r21673: Fix Samba 3 data read tests. I can't figure out why the
 upgrade one is broken, so that one is still disabled. (This used to be commit
 ef794f03d50022a77303c77045a04d9407d07cbc)

---
 source4/scripting/libjs/upgrade.js | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index adb958a236..3504d850f2 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -357,7 +357,6 @@ function upgrade_provision(samba3)
 	subobj.NTTIME       = nttime;
 	subobj.LDAPTIME     = ldaptime;
 	subobj.DATESTRING   = datestring;
-	subobj.USN          = nextusn;
 	subobj.ROOT         = findnss(nss.getpwnam, "root");
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
 	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
@@ -368,7 +367,26 @@ function upgrade_provision(samba3)
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
 	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
-	rdn_list = split(".", subobj.REALM);
+	rdn_list = split(".", subobj.DNSDOMAIN);
+	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
+	subobj.DOMAINDN_LDB = "users.ldb";
+	subobj.ROOTDN       = subobj.DOMAINDN;
+
+	modules_list        = new Array("rootdse",
+					"kludge_acl",
+					"paged_results",
+					"server_sort",
+					"extended_dn",
+					"asq",
+					"samldb",
+					"password_hash",
+					"operational",
+					"objectclass",
+					"rdn_name",
+					"show_deleted",
+					"partition");
+	subobj.MODULES_LIST = join(",", modules_list);
+
 	return subobj;
 }
 
-- 
cgit 


From 3d4c4c5fa3596646e98fa50f8f735ffc1cbe8240 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 23 Apr 2007 07:33:15 +0000
Subject: r22478: Update the LDAP backend code to handle initialisation of
 multiple partitions onto the target LDAP server.

Make the LDAP provision run before smbd starts, then stop the LDAP
server.  This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).

This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.

Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
---
 source4/scripting/libjs/provision.js | 42 +++++++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 9340d43ed9..6af753e7eb 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -386,6 +386,8 @@ function provision_default_paths(subobj)
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
 	paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
+	paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
+	paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
 	return paths;
 }
 
@@ -573,6 +575,31 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 		assert(modify_ok);
 	};
 
+	message("Adding configuration container (permitted to fail)\n");
+	var add_ok = setup_add_ldif("provision_configuration_basedn.ldif", info, samdb, true);
+	message("Modifying configuration container\n");
+	var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
+	if (!modify_ok) {
+		if (!add_ok) {
+			message("Failed to both add and modify the configuration container\n");
+			assert(modify_ok);
+		}
+		assert(modify_ok);
+	}
+
+	message("Adding schema container (permitted to fail)\n");
+	var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
+	message("Modifying schema container\n");
+	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
+	if (!modify_ok) {
+		if (!add_ok) {
+			message("Failed to both add and modify the schema container: " + samdb.errstring() + "\n");
+			assert(modify_ok);
+		}
+		message("Failed to modify the schema container: " + samdb.errstring() + "\n");
+		assert(modify_ok);
+	}
+
 	message("Setting up sam.ldb Samba4 schema\n");
 	setup_add_ldif("schema_samba4.ldif", info, samdb, false);
 	message("Setting up sam.ldb AD schema\n");
@@ -588,6 +615,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
 	samdb = open_ldb(info, paths.samdb, false);
 
+	message("Setting up sam.ldb configuration data\n");
+	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
+
 	message("Setting up display specifiers\n");
 	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
 	message("Setting up sam.ldb templates\n");
@@ -618,8 +648,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
 	message("Setting up sam.ldb data\n");
 	setup_add_ldif("provision.ldif", info, samdb, false);
-	message("Setting up sam.ldb configuration data\n");
-	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
 
 	if (blank != false) {
 		message("Setting up sam.ldb index\n");
@@ -716,7 +744,15 @@ function provision_ldapbase(subobj, message, paths)
 		   message, paths.ldap_basedn_ldif, 
 		   subobj);
 
-	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
+	setup_file("provision_configuration_basedn.ldif", 
+		   message, paths.ldap_config_basedn_ldif, 
+		   subobj);
+
+	setup_file("provision_schema_basedn.ldif", 
+		   message, paths.ldap_schema_basedn_ldif, 
+		   subobj);
+
+	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
 }
 
 
-- 
cgit 


From 112728c65101948204fe9a7c1373ff21f1724cdb Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 8 May 2007 04:38:16 +0000
Subject: r22756: Make it easier to setup an LDAP replica.  Provision with
 --partitions-only (suggestions for a better name welcome) will setup the
 partitions records, but no any data in those partitions.  This can then point
 at the already configured remote LDAP server.

Andrew Bartlett
(This used to be commit ee7b06fc832ca7c572205c7c268c3c7c552effa0)
---
 source4/scripting/libjs/provision.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 6af753e7eb..948c02470d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -453,7 +453,7 @@ function provision_fix_subobj(subobj, message, paths)
 	return true;
 }
 
-function provision_become_dc(subobj, message, paths, session_info)
+function provision_become_dc(subobj, message, erase, paths, session_info)
 {
 	var lp = loadparm_init();
 	var sys = sys_init();
@@ -478,8 +478,10 @@ function provision_become_dc(subobj, message, paths, session_info)
 	message("Setting up " + paths.samdb + " rootDSE\n");
 	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
 
-	message("Erasing data from partitions\n");
-	ldb_erase_partitions(info, samdb, undefined);
+	if (erase) {
+		message("Erasing data from partitions\n");
+		ldb_erase_partitions(info, samdb, undefined);
+	}
 
 	message("Setting up " + paths.samdb + " indexes\n");
 	setup_add_ldif("provision_index.ldif", info, samdb, false);
-- 
cgit 


From 7bdc1a8ec9ead892b0b25e8f3b8c30f3fdde8e13 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 19 May 2007 06:51:34 +0000
Subject: r23012: we need a POLICYGUID in provision (This used to be commit
 b9f8650b20e5132410153f5b61a68dca5df548ff)

---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 948c02470d..3bbba6a9a6 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -781,6 +781,7 @@ function provision_guess()
 	subobj.HOSTIP       = hostip();
 	subobj.DOMAINSID    = randsid();
 	subobj.INVOCATIONID = randguid();
+	subobj.POLICYGUID   = randguid();
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
 	subobj.ADMINPASS    = randpass(12);
-- 
cgit 


From d21bfc05ef1643039c7a5f602dd15f22408af4af Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 21 May 2007 08:33:22 +0000
Subject: r23032: Remove calls to println(), and ensure we print the ldb
 errstring().

Andrew Bartlett
(This used to be commit 5b6f704b24f7da40ce917fe8ed1a500684d1f3cd)
---
 source4/scripting/libjs/provision.js | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 3bbba6a9a6..d9bdb3b16b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -140,9 +140,9 @@ function hostname()
 /* the ldb is in bad shape, possibly due to being built from an
    incompatible previous version of the code, so delete it
    completely */
-function ldb_delete(ldb)
+function ldb_delete(info, ldb)
 {
-	println("Deleting " + ldb.filename);
+	info.message("Deleting " + ldb.filename + "\n");
 	var lp = loadparm_init();
 	sys.unlink(sprintf("%s/%s", lp.get("private dir"), ldb.filename));
 	ldb.transaction_cancel();
@@ -155,7 +155,7 @@ function ldb_delete(ldb)
 /*
   erase an ldb, removing all records
 */
-function ldb_erase(ldb)
+function ldb_erase(info, ldb)
 {
 	var res;
 
@@ -173,7 +173,7 @@ function ldb_erase(ldb)
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	var i;
 	if (res.error != 0) {
-		ldb_delete(ldb);
+		ldb_delete(info, ldb);
 		return;
 	}
 	for (i=0;i<res.msgs.length;i++) {
@@ -182,7 +182,7 @@ function ldb_erase(ldb)
 
      	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.error != 0 || res.msgs.length != 0) {
-		ldb_delete(ldb);
+		ldb_delete(info, ldb);
 		return;
 	}
 	assert(res.msgs.length == 0);
@@ -260,7 +260,7 @@ function open_ldb(info, dbname, erase)
 	ldb.transaction_start();
 
 	if (erase) {
-		ldb_erase(ldb);	
+		ldb_erase(info, ldb);	
 	}
 	return ldb;
 }
@@ -571,7 +571,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + "\n");
+			message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 		};
 		assert(modify_ok);
@@ -583,7 +583,8 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify the configuration container\n");
+			message("Failed to both add and modify configuration dn: " + samdb.errstring() + "\n");
+			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 			assert(modify_ok);
 		}
 		assert(modify_ok);
@@ -595,7 +596,8 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify the schema container: " + samdb.errstring() + "\n");
+			message("Failed to both add and modify schema dn: + samdb.errstring() + "\n");
+			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 			assert(modify_ok);
 		}
 		message("Failed to modify the schema container: " + samdb.errstring() + "\n");
-- 
cgit 


From 5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 29 May 2007 01:20:47 +0000
Subject: r23177: Add in a new provision-backend script.  This helps set up the
 OpenLDAP or Fedora DS backend.

This required a new mkdir() call in ejs.

We can now provision just the schema for ad2oLschema to operate on
(with provision_schema(), without performing the whole provision, just
to wipe it again (adjustments to 'make test' to come soon).

Andrew Bartlett
(This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)
---
 source4/scripting/libjs/provision.js | 54 ++++++++++++++++++++++++++++++++++--
 1 file changed, 52 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d9bdb3b16b..d25c0f38eb 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -388,6 +388,7 @@ function provision_default_paths(subobj)
 	paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
 	paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
 	paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
+	paths.ldapdir = lp.get("private dir") + "/ldap";
 	return paths;
 }
 
@@ -446,10 +447,11 @@ function provision_fix_subobj(subobj, message, paths)
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
-	subobj.SAM_LDB		= paths.samdb;
-	subobj.SECRETS_LDB	= paths.secrets;
+	subobj.SAM_LDB		= "tdb://" + paths.samdb;
 	subobj.SECRETS_KEYTAB	= paths.keytab;
 
+	subobj.LDAPDIR = paths.ldapdir;
+
 	return true;
 }
 
@@ -703,6 +705,53 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	return true;
 }
 
+/*
+  provision just the schema into a temporary ldb, so we can run ad2oLschema on it
+*/
+function provision_schema(subobj, message, tmp_schema_path, paths)
+{
+	var lp = loadparm_init();
+	var sys = sys_init();
+	var info = new Object();
+
+	var ok = provision_fix_subobj(subobj, message, paths);
+	assert(ok);
+
+	info.subobj = subobj;
+	info.message = message;
+
+	message("Setting up sam.ldb partitions\n");
+
+	/* This will erase anything in the tmp db */
+	var samdb = open_ldb(info, tmp_schema_path, true);
+
+	message("Adding schema container (permitted to fail)\n");
+	var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
+	message("Modifying schema container\n");
+	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
+	if (!modify_ok) {
+		if (!add_ok) {
+			message("Failed to both add and modify schema dn: + samdb.errstring() + "\n");
+			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
+			assert(modify_ok);
+		}
+		message("Failed to modify the schema container: " + samdb.errstring() + "\n");
+		assert(modify_ok);
+	}
+
+	message("Setting up sam.ldb Samba4 schema\n");
+	setup_add_ldif("schema_samba4.ldif", info, samdb, false);
+	message("Setting up sam.ldb AD schema\n");
+	setup_add_ldif("schema.ldif", info, samdb, false);
+
+	var commit_ok = samdb.transaction_commit();
+	if (!commit_ok) {
+		info.message("samdb commit failed: " + samdb.errstring() + "\n");
+		assert(commit_ok);
+	}
+	samdb.close();
+}
+
 /* Write out a DNS zone file, from the info in the current database */
 function provision_dns(subobj, message, paths, session_info, credentials)
 {
@@ -787,6 +836,7 @@ function provision_guess()
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
 	subobj.ADMINPASS    = randpass(12);
+	subobj.LDAPMANAGERPASS     = randpass(12);
 	subobj.DEFAULTSITE  = "Default-First-Site-Name";
 	subobj.NEWGUID      = randguid;
 	subobj.NTTIME       = nttime;
-- 
cgit 


From 86a4886e393189b7679ec6220d4d59bb6ef1b50e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 29 May 2007 12:18:41 +0000
Subject: r23189: Work towards a totally scripted setup of LDAP backends, so
 others can easily try this out.

I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.

Andrew Bartlett
(This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
---
 source4/scripting/libjs/provision.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d25c0f38eb..7e55930a1a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -385,10 +385,10 @@ function provision_default_paths(subobj)
 	paths.keytab = "secrets.keytab";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
-	paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
-	paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
-	paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
 	paths.ldapdir = lp.get("private dir") + "/ldap";
+	paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
+	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
+	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
 	return paths;
 }
 
@@ -793,6 +793,8 @@ function provision_ldapbase(subobj, message, paths)
 
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
+	sys.mkdir(paths.ldapdir, 0700);
+
 	setup_file("provision_basedn.ldif", 
 		   message, paths.ldap_basedn_ldif, 
 		   subobj);
@@ -805,7 +807,6 @@ function provision_ldapbase(subobj, message, paths)
 		   message, paths.ldap_schema_basedn_ldif, 
 		   subobj);
 
-	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
 }
 
 
-- 
cgit 


From 6e68fe69ea016041ea042c9cfa62a47693faa33e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 31 May 2007 12:08:03 +0000
Subject: r23264: Make it more clear what this is actually setting up (This
 used to be commit f687bc92aea00aa489d310ac31e08a5718a36ec4)

---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 7e55930a1a..2832e28571 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -720,7 +720,7 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 	info.subobj = subobj;
 	info.message = message;
 
-	message("Setting up sam.ldb partitions\n");
+	message("Setting up " + tmp_schema_path + " as a temporary database to store the schema\n");
 
 	/* This will erase anything in the tmp db */
 	var samdb = open_ldb(info, tmp_schema_path, true);
-- 
cgit 


From 815cf409eb47de2f24b91a3eff31fc2d946d5d03 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 5 Jun 2007 05:35:39 +0000
Subject: r23351: Merge from SAMBA_4_0_RELEASE:

Fix a nasty issue we had with SWAT.  We could not provision into a
different domain, as we didn't re-calcuate the DOMAINDN after the user
changed it in the form.

Andrew Bartlett
(This used to be commit 430c998dc9ea41ea29cf184d03404b50ef14f78d)
---
 source4/scripting/libjs/provision.js | 40 ++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 18 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2832e28571..cccbebc51a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -436,7 +436,7 @@ function setup_name_mappings(info, ldb)
 	return true;
 }
 
-function provision_fix_subobj(subobj, message, paths)
+function provision_fix_subobj(subobj, paths)
 {
 	subobj.REALM       = strupper(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
@@ -444,6 +444,19 @@ function provision_fix_subobj(subobj, message, paths)
 	assert(valid_netbios_name(subobj.DOMAIN));
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
 	assert(valid_netbios_name(subobj.NETBIOSNAME));
+	subobj.DNSDOMAIN    = strlower(subobj.REALM);
+	subobj.DNSNAME      = sprintf("%s.%s", 
+				      strlower(subobj.HOSTNAME), 
+				      subobj.DNSDOMAIN);
+	rdn_list = split(".", subobj.DNSDOMAIN);
+	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
+	subobj.DOMAINDN_LDB = "users.ldb";
+	subobj.ROOTDN       = subobj.DOMAINDN;
+	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
+	subobj.CONFIGDN_LDB = "configuration.ldb";
+	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
+	subobj.SCHEMADN_LDB = "schema.ldb";
+
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
@@ -461,7 +474,7 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	var sys = sys_init();
 	var info = new Object();
 
-	var ok = provision_fix_subobj(subobj, message, paths);
+	var ok = provision_fix_subobj(subobj, paths);
 	assert(ok);
 
 	info.subobj = subobj;
@@ -511,7 +524,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var sys = sys_init();
 	var info = new Object();
 
-	var ok = provision_fix_subobj(subobj, message, paths);
+	var ok = provision_fix_subobj(subobj, paths);
 	assert(ok);
 
 	if (subobj.DOMAINGUID != undefined) {
@@ -714,13 +727,13 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 	var sys = sys_init();
 	var info = new Object();
 
-	var ok = provision_fix_subobj(subobj, message, paths);
+	var ok = provision_fix_subobj(subobj, paths);
 	assert(ok);
 
 	info.subobj = subobj;
 	info.message = message;
 
-	message("Setting up " + tmp_schema_path + " as a temporary database to store the schema\n");
+	message("Setting up sam.ldb partitions\n");
 
 	/* This will erase anything in the tmp db */
 	var samdb = open_ldb(info, tmp_schema_path, true);
@@ -787,6 +800,9 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 /* Write out a DNS zone file, from the info in the current database */
 function provision_ldapbase(subobj, message, paths)
 {
+	var ok = provision_fix_subobj(subobj, paths);
+	assert(ok);
+
 	message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
@@ -850,19 +866,6 @@ function provision_guess()
 	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
 	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown", "usr");
 
-	subobj.DNSDOMAIN    = strlower(subobj.REALM);
-	subobj.DNSNAME      = sprintf("%s.%s", 
-				      strlower(subobj.HOSTNAME), 
-				      subobj.DNSDOMAIN);
-	rdn_list = split(".", subobj.DNSDOMAIN);
-	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
-	subobj.DOMAINDN_LDB = "users.ldb";
-	subobj.ROOTDN       = subobj.DOMAINDN;
-	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
-	subobj.CONFIGDN_LDB = "configuration.ldb";
-	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
-	subobj.SCHEMADN_LDB = "schema.ldb";
-
 	//Add modules to the list to activate them by default
 	//beware often order is important
 	//
@@ -892,6 +895,7 @@ function provision_guess()
 
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	subobj.ACI		= "# no aci for local ldb";
+
 	return subobj;
 }
 
-- 
cgit 


From 7f2709b3979864cf948e94e18cf268b6f8ffc483 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 6 Jun 2007 01:36:15 +0000
Subject: r23361: Merge from SAMBA_4_0_RELEASE:

Print the smb.conf path being created in provision.

Andrew Bartlett
(This used to be commit bb583463bf483e1b355647f9fc93afbfcb9d41d3)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index cccbebc51a..9adcab2679 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -547,7 +547,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	/* only install a new smb.conf if there isn't one there already */
 	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
-		message("Setting up smb.conf\n");
+		message("Setting up " + paths.smbconf +"\n");
 		setup_file("provision.smb.conf", info.message, paths.smbconf, subobj);
 		lp.reload();
 	}
-- 
cgit 


From e9d19477e43b65f91bd152f5249b684dbefa5cc6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 21 Jun 2007 10:18:20 +0000
Subject: r23560: - Activate metze's schema modules (from metze's
 schema-loading-13 patch). - samba3sam.js: rework the samba3sam test to not
 use objectCategory,   as it's has special rules (dnsName a simple match) -
 ldap.js: Test the ordering of the objectClass attributes for the baseDN -
 schema_init.c: Load the mayContain and mustContain (and system...) attributes
 when   reading the schema from ldb - To make the schema load not suck in
 terms of performance, write the   schema into a static global variable -
 ldif_handlers.c: Match objectCategory for equality and canonicolisation  
 based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't
 duplicate attributes when adding attributes to a list - kludge_acl.c: return
 allowedAttributesEffective based on schema results   and privilages

Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
---
 source4/scripting/libjs/provision.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 9adcab2679..f94c34e932 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -611,7 +611,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify schema dn: + samdb.errstring() + "\n");
+			message("Failed to both add and modify schema dn:" + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 			assert(modify_ok);
 		}
@@ -744,7 +744,7 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify schema dn: + samdb.errstring() + "\n");
+			message("Failed to both add and modify schema dn: " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 			assert(modify_ok);
 		}
@@ -882,16 +882,18 @@ function provision_guess()
 					"extended_dn",
 					"asq",
 					"samldb",
-					"password_hash",
 					"operational",
 					"objectclass",
 					"rdn_name",
 					"show_deleted",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
-	subobj.DOMAINDN_MOD = "objectguid";
-	subobj.CONFIGDN_MOD = "objectguid";
-	subobj.SCHEMADN_MOD = "objectguid";
+	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
+	subobj.CONFIGDN_MOD = "naming_fsmo";
+	subobj.SCHEMADN_MOD = "schema_fsmo";
+	subobj.DOMAINDN_MOD2 = ",objectguid";
+	subobj.CONFIGDN_MOD2 = ",objectguid";
+	subobj.SCHEMADN_MOD2 = ",objectguid";
 
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	subobj.ACI		= "# no aci for local ldb";
-- 
cgit 


From 3a78f7323a986703c9b7100f551b1c907a9e104b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 4 Jul 2007 11:06:32 +0000
Subject: r23703: Start to get Samba4 to again work with LDAP backends, after I
 turned on metze's schema work.

Andrew Bartlett
(This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
---
 source4/scripting/libjs/provision.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f94c34e932..2f3f738821 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -450,12 +450,9 @@ function provision_fix_subobj(subobj, paths)
 				      subobj.DNSDOMAIN);
 	rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
-	subobj.DOMAINDN_LDB = "users.ldb";
 	subobj.ROOTDN       = subobj.DOMAINDN;
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
-	subobj.CONFIGDN_LDB = "configuration.ldb";
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
-	subobj.SCHEMADN_LDB = "schema.ldb";
 
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
@@ -888,6 +885,9 @@ function provision_guess()
 					"show_deleted",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
+	subobj.DOMAINDN_LDB = "users.ldb";
+	subobj.CONFIGDN_LDB = "configuration.ldb";
+	subobj.SCHEMADN_LDB = "schema.ldb";
 	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
 	subobj.CONFIGDN_MOD = "naming_fsmo";
 	subobj.SCHEMADN_MOD = "schema_fsmo";
-- 
cgit 


From c37cfae81e6f87feecb0737cb7e646c9a7da1114 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 5 Jul 2007 00:34:11 +0000
Subject: r23715: Make the provision-backend script print out the exact
 commands to run, to set up the LDAP backend.

Andrew Bartlett
(This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
---
 source4/scripting/libjs/provision.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2f3f738821..2ef0747f0d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -448,7 +448,7 @@ function provision_fix_subobj(subobj, paths)
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
 				      subobj.DNSDOMAIN);
-	rdn_list = split(".", subobj.DNSDOMAIN);
+	var rdn_list = split(".", subobj.DNSDOMAIN);
 	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
 	subobj.ROOTDN       = subobj.DOMAINDN;
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
@@ -461,6 +461,8 @@ function provision_fix_subobj(subobj, paths)
 	subobj.SECRETS_KEYTAB	= paths.keytab;
 
 	subobj.LDAPDIR = paths.ldapdir;
+	var ldap_path_list = split("/", paths.ldapdir);
+	subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
 
 	return true;
 }
@@ -583,7 +585,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
+			message("%s", "Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 		};
 		assert(modify_ok);
@@ -595,7 +597,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify configuration dn: " + samdb.errstring() + "\n");
+			message("%s", "Failed to both add and modify " + subobj.CONFIGDN + " in target " + subobj.CONFIGDN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 			assert(modify_ok);
 		}
@@ -608,7 +610,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
 	if (!modify_ok) {
 		if (!add_ok) {
-			message("Failed to both add and modify schema dn:" + samdb.errstring() + "\n");
+			message("%s", "Failed to both add and modify " + subobj.SCHEMADN + " in target " + subobj.SCHEMADN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 			assert(modify_ok);
 		}
-- 
cgit 


From 97172e11204b2863ab1e4021aea3c40668d33aef Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 5 Jul 2007 01:45:37 +0000
Subject: r23716: Clarify LDAP Manager DN and fix slapd startup syntax.

Andrew Bartlett
(This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40)
---
 source4/scripting/libjs/provision.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2ef0747f0d..4317a37a54 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -464,6 +464,8 @@ function provision_fix_subobj(subobj, paths)
 	var ldap_path_list = split("/", paths.ldapdir);
 	subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
 
+	subobj.LDAP_MANAGERDN = "cn=Manager," + subobj.DOMAINDN;
+
 	return true;
 }
 
@@ -852,7 +854,7 @@ function provision_guess()
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
 	subobj.ADMINPASS    = randpass(12);
-	subobj.LDAPMANAGERPASS     = randpass(12);
+	subobj.LDAP_MANAGERPASS     = randpass(12);
 	subobj.DEFAULTSITE  = "Default-First-Site-Name";
 	subobj.NEWGUID      = randguid;
 	subobj.NTTIME       = nttime;
-- 
cgit 


From 90b49dc5208a083922c75595749d9abd4ef5b652 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 5 Jul 2007 02:52:58 +0000
Subject: r23717: We need to remove the _ in LDAP_MANAGERPASS for the
 --ldap-manager-pass= option to work.

Andrew Bartlett
(This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954)
---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 4317a37a54..323c7cdacb 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -464,7 +464,7 @@ function provision_fix_subobj(subobj, paths)
 	var ldap_path_list = split("/", paths.ldapdir);
 	subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
 
-	subobj.LDAP_MANAGERDN = "cn=Manager," + subobj.DOMAINDN;
+	subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
 
 	return true;
 }
@@ -854,7 +854,7 @@ function provision_guess()
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
 	subobj.ADMINPASS    = randpass(12);
-	subobj.LDAP_MANAGERPASS     = randpass(12);
+	subobj.LDAPMANAGERPASS     = randpass(12);
 	subobj.DEFAULTSITE  = "Default-First-Site-Name";
 	subobj.NEWGUID      = randguid;
 	subobj.NTTIME       = nttime;
-- 
cgit 


From 967866f17084df7a78ed6ecfcb9d2b31deaa28a1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 5 Jul 2007 06:15:40 +0000
Subject: r23720: Allow the member server to work against an LDAP Backend. 
 Another case where LDB isn't as strict as OpenLDAP, the self join record
 contains duplicate servicePrincipalNames once the DNS name and domain name
 are made equal.  (Easier to just skip the useless self-join).

Andrew Bartlett
(This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)
---
 source4/scripting/libjs/provision.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 323c7cdacb..deaa97114a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -700,6 +700,11 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb users and groups\n");
 	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
+	if (lp.get("server role") == "domain controller") {
+		message("Setting up self join\n");
+		setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+	}
+
 	if (setup_name_mappings(info, samdb) == false) {
 		return false;
 	}
@@ -769,6 +774,11 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 /* Write out a DNS zone file, from the info in the current database */
 function provision_dns(subobj, message, paths, session_info, credentials)
 {
+	var lp = loadparm_init();
+	if (lp.get("server role") != "domain controller") {
+		message("No DNS zone required for role %s\n", lp.get("server role"));
+		return;
+	}
 	message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
 	var ldb = ldb_init();
 	ldb.session_info = session_info;
-- 
cgit 


From 10f6e1657303dabcf7dbbaed8547f0cb6e845a5d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 13 Jul 2007 08:01:36 +0000
Subject: r23859: Work to have Group Policy work 'out of the box' in Samba4.

This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.

This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).

Andrew Bartlett
(This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
---
 source4/scripting/libjs/provision.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index deaa97114a..c417d7b64b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -389,6 +389,19 @@ function provision_default_paths(subobj)
 	paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
 	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
 	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
+
+	paths.netlogon = lp.get("netlogon", "path");
+	
+	if (paths.netlogon == undefined) {
+		paths.netlogon = lp.get("lock dir") + "/netlogon";
+	}
+
+	paths.sysvol = lp.get("sysvol", "path");
+
+	if (paths.sysvol == undefined) {
+		paths.sysvol = lp.get("lock dir") + "/sysvol";
+	}
+	
 	return paths;
 }
 
@@ -466,6 +479,9 @@ function provision_fix_subobj(subobj, paths)
 
 	subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
 
+	subobj.NETLOGONPATH = paths.netlogon;
+	subobj.SYSVOLPATH = paths.sysvol;
+
 	return true;
 }
 
@@ -703,6 +719,16 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	if (lp.get("server role") == "domain controller") {
 		message("Setting up self join\n");
 		setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+		setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
+
+		sys.mkdir(paths.sysvol, 0755);
+		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN, 0755);
+		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies", 0755);
+		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}", 0755);
+		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/Machine", 0755);
+		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755);
+
+		sys.mkdir(paths.netlogon, 0755);
 	}
 
 	if (setup_name_mappings(info, samdb) == false) {
-- 
cgit 


From d9a5e18ce0480bf99191c20a75216abfef10eab3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 14 Jul 2007 00:12:25 +0000
Subject: r23875: As pointed out by mwallnoefer@yahoo.de: On default Active
 Directory installations, the NETLOGON share isn't an indipendent directory.
 In fact it's mapped to the subdirectory "scripts" from the share SYSVOL under
 <Domain name>.

Andrew Bartlett
(This used to be commit 923d67ea9d78da46235221375b49b6f1d0d6a862)
---
 source4/scripting/libjs/provision.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c417d7b64b..c0816cc2a5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -390,18 +390,18 @@ function provision_default_paths(subobj)
 	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
 	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
 
-	paths.netlogon = lp.get("netlogon", "path");
-	
-	if (paths.netlogon == undefined) {
-		paths.netlogon = lp.get("lock dir") + "/netlogon";
-	}
-
 	paths.sysvol = lp.get("sysvol", "path");
 
 	if (paths.sysvol == undefined) {
 		paths.sysvol = lp.get("lock dir") + "/sysvol";
 	}
 	
+	paths.netlogon = lp.get("netlogon", "path");
+	
+	if (paths.netlogon == undefined) {
+		paths.netlogon = paths.sysvol + "/" + subobj.DNSDOMAIN + "/scripts";
+	}
+
 	return paths;
 }
 
-- 
cgit 


From d1bfe56048e6dca7057b8687262714156e230af0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 17 Jul 2007 00:10:53 +0000
Subject: r23907: Fix bug 4790 reported by mwallnoefer@yahoo.de:

Before the provisioning enters to the function provision_default_paths (in
scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set
(for example for the filename of the DNS zonefile).

Andrew Bartlett
(This used to be commit 07a9db1438df93442c5b50b1b97ca69662749608)
---
 source4/scripting/libjs/provision.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index c0816cc2a5..02b39068fc 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -370,6 +370,8 @@ function setup_file(template, message, fname, subobj)
 
 function provision_default_paths(subobj)
 {
+	/* subobj.DNSDOMAIN isn't available at this point */
+	var dnsdomain = strlower(subobj.REALM);
 	var lp = loadparm_init();
 	var paths = new Object();
 	paths.smbconf = lp.get("config file");
@@ -383,12 +385,12 @@ function provision_default_paths(subobj)
 	paths.samdb = lp.get("sam database");
 	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
-	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
+	paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
 	paths.winsdb = "wins.ldb";
 	paths.ldapdir = lp.get("private dir") + "/ldap";
-	paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
-	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
-	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
+	paths.ldap_basedn_ldif = paths.ldapdir + "/" + dnsdomain + ".ldif";
+	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-config.ldif";
+	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-schema.ldif";
 
 	paths.sysvol = lp.get("sysvol", "path");
 
@@ -399,7 +401,7 @@ function provision_default_paths(subobj)
 	paths.netlogon = lp.get("netlogon", "path");
 	
 	if (paths.netlogon == undefined) {
-		paths.netlogon = paths.sysvol + "/" + subobj.DNSDOMAIN + "/scripts";
+		paths.netlogon = paths.sysvol + "/" + dnsdomain + "/scripts";
 	}
 
 	return paths;
-- 
cgit 


From 2da0be9d5e3e7bd91c145031a0bc238a010a9e97 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 24 Aug 2007 01:57:54 +0000
Subject: r24640: Add a suggested BIND configuration snippit, to help with DNS
 configuration.

When we sort out GSS-TSIG on the server, we can expand this to have
the 'right stuff'.

Andrew Bartlett
(This used to be commit 8f02ade1b2cc164f64f4ea8a371c107ccf6a81b3)
---
 source4/scripting/libjs/provision.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 02b39068fc..1054a9a508 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -386,6 +386,7 @@ function provision_default_paths(subobj)
 	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
 	paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
+	paths.named_conf = lp.get("private dir") + "/named.conf";
 	paths.winsdb = "wins.ldb";
 	paths.ldapdir = lp.get("private dir") + "/ldap";
 	paths.ldap_basedn_ldif = paths.ldapdir + "/" + dnsdomain + ".ldif";
@@ -833,7 +834,11 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 		   message, paths.dns, 
 		   subobj);
 
-	message("Please install the zone located in " + paths.dns + " into your DNS server\n");
+	setup_file("named.conf", 
+		   message, paths.named_conf, 
+		   subobj);
+
+	message("Please install the zone located in " + paths.dns + " into your DNS server.  A sample BIND configuration snippit is at " + paths.named_conf + "\n");
 }
 
 /* Write out a DNS zone file, from the info in the current database */
-- 
cgit 


From 2edf63b6d647eba131e213bd9dbc543100396930 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 27 Aug 2007 13:13:08 +0000
Subject: r24703: Use standard registry diff files when provisioning rather
 than LDIF files for the registry files. (This used to be commit
 67ad556b7388e5d82756e0a3cfc596e44136329c)

---
 source4/scripting/libjs/provision.js | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 1054a9a508..6ec29748f6 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -376,12 +376,6 @@ function provision_default_paths(subobj)
 	var paths = new Object();
 	paths.smbconf = lp.get("config file");
 	paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
-	paths.hklm = "hklm.ldb";
-	paths.hkcu = "hkcu.ldb";
-	paths.hkcr = "hkcr.ldb";
-	paths.hku = "hku.ldb";
-	paths.hkpd = "hkpd.ldb";
-	paths.hkpt = "hkpt.ldb";
 	paths.samdb = lp.get("sam database");
 	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
@@ -582,8 +576,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	setup_ldb("secrets_init.ldif", info, paths.secrets);
 	setup_ldb("secrets.ldif", info, paths.secrets, false);
 
-	message("Setting up hklm.ldb\n");
-	setup_ldb("hklm.ldif", info, paths.hklm);
+	message("Setting up the registry\n");
+	var reg = reg_open();
+	reg.apply_patchfile(lp.get("setup directory") + "/provision.reg")
 
 	message("Setting up sam.ldb partitions\n");
 	/* Also wipes the database */
-- 
cgit 


From 73388ce54c5910ee407af6b70e25597d0b696a58 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 28 Aug 2007 04:28:02 +0000
Subject: r24729: First try and publishing a DNS service account, for folks to
 play with.

The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett
(This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
---
 source4/scripting/libjs/provision.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 6ec29748f6..57531a28b9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -379,6 +379,7 @@ function provision_default_paths(subobj)
 	paths.samdb = lp.get("sam database");
 	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
+	paths.dns_keytab = "dns.keytab";
 	paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
 	paths.named_conf = lp.get("private dir") + "/named.conf";
 	paths.winsdb = "wins.ldb";
@@ -469,6 +470,7 @@ function provision_fix_subobj(subobj, paths)
 
 	subobj.SAM_LDB		= "tdb://" + paths.samdb;
 	subobj.SECRETS_KEYTAB	= paths.keytab;
+	subobj.DNS_KEYTAB	= paths.dns_keytab;
 
 	subobj.LDAPDIR = paths.ldapdir;
 	var ldap_path_list = split("/", paths.ldapdir);
@@ -891,6 +893,7 @@ function provision_guess()
 	subobj.POLICYGUID   = randguid();
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
+	subobj.DNSPASS  = randpass(12);
 	subobj.ADMINPASS    = randpass(12);
 	subobj.LDAPMANAGERPASS     = randpass(12);
 	subobj.DEFAULTSITE  = "Default-First-Site-Name";
-- 
cgit 


From f681306335eaf6b33d6fcaa70ac29a8cf1f5889f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 29 Aug 2007 01:37:26 +0000
Subject: r24760: Ensure we base64 encode any password being put into LDIF, to
 avoid provision failures when some of the random password values are illigal
 LDIF.

Andrew Bartlett
(This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)
---
 source4/scripting/libjs/provision.js | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 57531a28b9..ca0fedf97b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -449,6 +449,8 @@ function setup_name_mappings(info, ldb)
 
 function provision_fix_subobj(subobj, paths)
 {
+	var ldb = ldb_init();
+	
 	subobj.REALM       = strupper(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
@@ -465,6 +467,11 @@ function provision_fix_subobj(subobj, paths)
 	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
 	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
 
+	subobj.MACHINEPASS_B64 = ldb.encode(subobj.MACHINEPASS);
+	subobj.KRBTGTPASS_B64  = ldb.encode(subobj.KRBTGTPASS);
+	subobj.ADMINPASS_B64   = ldb.encode(subobj.ADMINPASS);
+	subobj.DNSPASS_B64     = ldb.encode(subobj.DNSPASS);
+
 	var rdns = split(",", subobj.DOMAINDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
-- 
cgit 


From 4e1d0cc8e3b7bfb51845fbe836812f7558c30c10 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 29 Aug 2007 01:40:58 +0000
Subject: r24761: Permit subtree renames in Samba4.

The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result.  This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.

Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ca0fedf97b..f20eb547ac 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -935,6 +935,7 @@ function provision_guess()
 					"objectclass",
 					"rdn_name",
 					"show_deleted",
+					"subtree_rename",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
 	subobj.DOMAINDN_LDB = "users.ldb";
-- 
cgit 


From 50017a00757b00a572fc42405f761cf42119b4a4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 30 Aug 2007 00:25:47 +0000
Subject: r24793: The subtree_rename module is a work of fiction.  An
 resemblance to a working module, live or dead, is purely co-incidental.

Andrew Bartlett
(This used to be commit 64cc31642fd2ded149631d07bc022213f19595b8)
---
 source4/scripting/libjs/provision.js | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f20eb547ac..ca0fedf97b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -935,7 +935,6 @@ function provision_guess()
 					"objectclass",
 					"rdn_name",
 					"show_deleted",
-					"subtree_rename",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
 	subobj.DOMAINDN_LDB = "users.ldb";
-- 
cgit 


From ced6fc995f3bc9b00770ff1002a57f20d6b3e109 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 2 Sep 2007 23:42:40 +0000
Subject: r24911: Make better use of substituted variables in example
 named.conf

Andrew Bartlett
(This used to be commit 9f18a9711771a88be7c38bc26ae6e59fb98f93dd)
---
 source4/scripting/libjs/provision.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ca0fedf97b..fd6de2695f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -380,6 +380,7 @@ function provision_default_paths(subobj)
 	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
 	paths.dns_keytab = "dns.keytab";
+	paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab;
 	paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
 	paths.named_conf = lp.get("private dir") + "/named.conf";
 	paths.winsdb = "wins.ldb";
@@ -478,6 +479,7 @@ function provision_fix_subobj(subobj, paths)
 	subobj.SAM_LDB		= "tdb://" + paths.samdb;
 	subobj.SECRETS_KEYTAB	= paths.keytab;
 	subobj.DNS_KEYTAB	= paths.dns_keytab;
+	subobj.DNS_KEYTAB_ABS	= paths.dns_keytab_abs;
 
 	subobj.LDAPDIR = paths.ldapdir;
 	var ldap_path_list = split("/", paths.ldapdir);
-- 
cgit 


From 15c1801a5c13479f1bf67e0e3c1ad7c0af8e3af7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 10 Sep 2007 03:44:47 +0000
Subject: r25051: Move SWAT back to the old-style form-submit modal.

The Web 2.0, async client tools were really interesting, but without
developer backing they remain impossible to support into a release.

The most interesting app was the LDB browser, and I intend to replace
this with phpLdapAdmin, preconfigured for Apache during provision.

This also removes the need to 'compile' SWAT on SVN checkouts.

Andrew Bartlett
(This used to be commit cda965e908055d45b1c05bc29cc791f7238d2fae)
---
 source4/scripting/libjs/provision.js | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index fd6de2695f..d6d4909499 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -162,7 +162,6 @@ function ldb_erase(info, ldb)
 	/* delete the specials */
 	ldb.del("@INDEXLIST");
 	ldb.del("@ATTRIBUTES");
-	ldb.del("@SUBCLASSES");
 	ldb.del("@MODULES");
 	ldb.del("@PARTITION");
 	ldb.del("@KLUDGEACL");
-- 
cgit 


From ee257e902ade941f734d5b647511d14e051ac0d1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Sep 2007 12:57:17 +0000
Subject: r25299: Modify the provision script to take an additional argument: 
 --server-role

This must be set to either 'domain controller', 'domain member' or 'standalone'.

The default for the provision now changes to 'standalone'.

This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.

We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.

Andrew Bartlett
(This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
---
 source4/scripting/libjs/provision.js | 47 ++++++++++++++++++++++++++++++------
 1 file changed, 39 insertions(+), 8 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d6d4909499..502583507b 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -489,6 +489,17 @@ function provision_fix_subobj(subobj, paths)
 	subobj.NETLOGONPATH = paths.netlogon;
 	subobj.SYSVOLPATH = paths.sysvol;
 
+	if (subobj.DOMAIN_CONF == undefined) {
+		subobj.DOMAIN_CONF = subobj.DOMAIN;
+	}
+	if (subobj.REALM_CONF == undefined) {
+		subobj.REALM_CONF = subobj.REALM;
+	}
+	if (subobj.SERVERROLE != "domain controller") {
+		subobj.REALM = subobj.HOSTNAME;
+		subobj.DOMAIN = subobj.HOSTNAME;
+	}
+
 	return true;
 }
 
@@ -536,6 +547,8 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 
 	setup_ldb("secrets.ldif", info, paths.secrets, false);
 
+	setup_ldb("secrets_dc.ldif", info, paths.secrets, false);
+
 	return true;
 }
 
@@ -571,8 +584,16 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	/* only install a new smb.conf if there isn't one there already */
 	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
+		var smbconfsuffix;
+		if (subobj.ROLE == "domain controller") {
+			smbconfsuffix = "dc";
+		} else if (subobj.ROLE == "member server") {
+			smbconfsuffix = "member";
+		} else {
+			smbconfsuffix = subobj.ROLE;
+		}
 		message("Setting up " + paths.smbconf +"\n");
-		setup_file("provision.smb.conf", info.message, paths.smbconf, subobj);
+		setup_file("provision.smb.conf." + smbconfsuffix, info.message, paths.smbconf, subobj);
 		lp.reload();
 	}
 	/* only install a new shares config db if there is none */
@@ -724,7 +745,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb users and groups\n");
 	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
-	if (lp.get("server role") == "domain controller") {
+	if (subobj.SERVERROLE == "domain controller") {
 		message("Setting up self join\n");
 		setup_add_ldif("provision_self_join.ldif", info, samdb, false);
 		setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
@@ -737,6 +758,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755);
 
 		sys.mkdir(paths.netlogon, 0755);
+
+		setup_ldb("secrets_dc.ldif", info, paths.secrets, false);
+
 	}
 
 	if (setup_name_mappings(info, samdb) == false) {
@@ -809,8 +833,8 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 function provision_dns(subobj, message, paths, session_info, credentials)
 {
 	var lp = loadparm_init();
-	if (lp.get("server role") != "domain controller") {
-		message("No DNS zone required for role %s\n", lp.get("server role"));
+	if (subobj.SERVERROLE != "domain controller") {
+		message("No DNS zone required for role %s\n", subobj.SERVERROLE);
 		return;
 	}
 	message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
@@ -886,6 +910,7 @@ function provision_guess()
 	var rdn_list;
 	random_init(local);
 
+	subobj.SERVERROLE   = strlower(lp.get("server role"));
 	subobj.REALM        = strupper(lp.get("realm"));
 	subobj.DOMAIN       = lp.get("workgroup");
 	subobj.HOSTNAME     = hostname();
@@ -1100,15 +1125,21 @@ function provision_validate(subobj, message)
 	}
 
 
-	if (strupper(lp.get("workgroup")) != strupper(subobj.DOMAIN)) {
+	if (strupper(lp.get("workgroup")) != strupper(subobj.DOMAIN_CONF)) {
 		message("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
-			lp.get("workgroup"), subobj.DOMAIN);
+			lp.get("workgroup"), subobj.DOMAIN_CONF);
 		return false;
 	}
 
-	if (strupper(lp.get("realm")) != strupper(subobj.REALM)) {
+	if (strupper(lp.get("realm")) != strupper(subobj.REALM_CONF)) {
 		message("realm '%s' in smb.conf must match chosen realm '%s'\n",
-			lp.get("realm"), subobj.REALM);
+			lp.get("realm"), subobj.REALM_CONF);
+		return false;
+	}
+
+	if (strupper(lp.get("server role")) != strupper(subobj.SERVERROLE)) {
+		message("server role '%s' in smb.conf must match chosen role '%s'\n",
+			lp.get("server role"), subobj.SERVERROLE);
 		return false;
 	}
 
-- 
cgit 


From bd4dc88e7ba84e53b507f01f7a9f73a0d1b959fd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Sep 2007 11:34:26 +0000
Subject: r25304: Thankyou to Amin Azez <azez@ufomechanic.net> for pointing out
 that I used subobj.ROLE and not subobj.SERVERROLE as the rest of the code
 does.

Andrew Bartlett
(This used to be commit dd1cb33591819c3d4263e594c7a80de899def223)
---
 source4/scripting/libjs/provision.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 502583507b..f204bcc9cc 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -585,12 +585,12 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
 		var smbconfsuffix;
-		if (subobj.ROLE == "domain controller") {
+		if (subobj.SERVERROLE == "domain controller") {
 			smbconfsuffix = "dc";
-		} else if (subobj.ROLE == "member server") {
+		} else if (subobj.SERVERROLE == "member server") {
 			smbconfsuffix = "member";
 		} else {
-			smbconfsuffix = subobj.ROLE;
+			smbconfsuffix = subobj.SERVERROLE;
 		}
 		message("Setting up " + paths.smbconf +"\n");
 		setup_file("provision.smb.conf." + smbconfsuffix, info.message, paths.smbconf, subobj);
-- 
cgit 


From db6c6cfdec4d00b034d5dfed7cc5b533f2d53db4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 27 Sep 2007 20:45:42 +0000
Subject: r25383: Patch from Amin Azez <azez@ufomechanic.net> to give better
 message when a template file is missing.

Andrew Bartlett
(This used to be commit 5093ea1cef910fe01a249b2d7ef602e2374e2b35)
---
 source4/scripting/libjs/provision.js | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f204bcc9cc..870e33f84a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -355,6 +355,11 @@ function setup_file(template, message, fname, subobj)
 	var f = fname;
 	var src = lp.get("setup directory") + "/" + template;
 
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
 	sys.unlink(f);
 
 	var data = sys.file_load(src);
-- 
cgit 


From 62078f17bad197780c8cc4e501dd1655bd809edc Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 18 Oct 2007 03:14:10 +0200
Subject: r25691: make "server role" case insensitive (This used to be commit
 f61a9b706894de4fa8916b55a24f330eed9f5b0c)

---
 source4/scripting/libjs/provision.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 870e33f84a..b9c7dda8e6 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -500,7 +500,7 @@ function provision_fix_subobj(subobj, paths)
 	if (subobj.REALM_CONF == undefined) {
 		subobj.REALM_CONF = subobj.REALM;
 	}
-	if (subobj.SERVERROLE != "domain controller") {
+	if (strlower(subobj.SERVERROLE) != strlower("domain controller")) {
 		subobj.REALM = subobj.HOSTNAME;
 		subobj.DOMAIN = subobj.HOSTNAME;
 	}
@@ -590,9 +590,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var st = sys.stat(paths.smbconf);
 	if (st == undefined) {
 		var smbconfsuffix;
-		if (subobj.SERVERROLE == "domain controller") {
+		if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
 			smbconfsuffix = "dc";
-		} else if (subobj.SERVERROLE == "member server") {
+		} else if (strlower(subobj.SERVERROLE) == strlower("member server")) {
 			smbconfsuffix = "member";
 		} else {
 			smbconfsuffix = subobj.SERVERROLE;
@@ -750,7 +750,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb users and groups\n");
 	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
-	if (subobj.SERVERROLE == "domain controller") {
+	if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
 		message("Setting up self join\n");
 		setup_add_ldif("provision_self_join.ldif", info, samdb, false);
 		setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
@@ -838,7 +838,7 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 function provision_dns(subobj, message, paths, session_info, credentials)
 {
 	var lp = loadparm_init();
-	if (subobj.SERVERROLE != "domain controller") {
+	if (strlower(subobj.SERVERROLE) != strlower("domain controller")) {
 		message("No DNS zone required for role %s\n", subobj.SERVERROLE);
 		return;
 	}
@@ -971,7 +971,7 @@ function provision_guess()
 	subobj.DOMAINDN_LDB = "users.ldb";
 	subobj.CONFIGDN_LDB = "configuration.ldb";
 	subobj.SCHEMADN_LDB = "schema.ldb";
-	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
+	subobj.DOMAINDN_MOD = "subtree_rename,pdc_fsmo,password_hash";
 	subobj.CONFIGDN_MOD = "naming_fsmo";
 	subobj.SCHEMADN_MOD = "schema_fsmo";
 	subobj.DOMAINDN_MOD2 = ",objectguid";
@@ -1142,7 +1142,7 @@ function provision_validate(subobj, message)
 		return false;
 	}
 
-	if (strupper(lp.get("server role")) != strupper(subobj.SERVERROLE)) {
+	if (strlower(lp.get("server role")) != strlower(subobj.SERVERROLE)) {
 		message("server role '%s' in smb.conf must match chosen role '%s'\n",
 			lp.get("server role"), subobj.SERVERROLE);
 		return false;
-- 
cgit 


From 21c65d93eba74d615fa7727e684097f51cf568bc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 18 Oct 2007 05:39:55 +0200
Subject: r25693: Implement the rest of subtree renames, now that tridge waved
 his magic

over the ldb_tdb part of the problem.

Andrew Bartlett
(This used to be commit daca0cfd2fc2ec3344415d2d31f399ee3bf16151)
---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b9c7dda8e6..d4b2d63565 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -972,8 +972,8 @@ function provision_guess()
 	subobj.CONFIGDN_LDB = "configuration.ldb";
 	subobj.SCHEMADN_LDB = "schema.ldb";
 	subobj.DOMAINDN_MOD = "subtree_rename,pdc_fsmo,password_hash";
-	subobj.CONFIGDN_MOD = "naming_fsmo";
-	subobj.SCHEMADN_MOD = "schema_fsmo";
+	subobj.CONFIGDN_MOD = "subtree_rename,naming_fsmo";
+	subobj.SCHEMADN_MOD = "subtree_rename,schema_fsmo";
 	subobj.DOMAINDN_MOD2 = ",objectguid";
 	subobj.CONFIGDN_MOD2 = ",objectguid";
 	subobj.SCHEMADN_MOD2 = ",objectguid";
-- 
cgit 


From 4bb52bfcb7997f0b8c0491126edfd136260b2f9f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 18 Oct 2007 05:47:11 +0200
Subject: r25694: Move subtree_rename above the partitions module. The next
 step is to

built a linked_attributes module under this.

Andrew Bartlett
(This used to be commit 4f47e687e579feeb10bb866d62f0c757e5389709)
---
 source4/scripting/libjs/provision.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d4b2d63565..e5a91b40b5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -965,15 +965,16 @@ function provision_guess()
 					"operational",
 					"objectclass",
 					"rdn_name",
+					"subtree_rename",
 					"show_deleted",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
 	subobj.DOMAINDN_LDB = "users.ldb";
 	subobj.CONFIGDN_LDB = "configuration.ldb";
 	subobj.SCHEMADN_LDB = "schema.ldb";
-	subobj.DOMAINDN_MOD = "subtree_rename,pdc_fsmo,password_hash";
-	subobj.CONFIGDN_MOD = "subtree_rename,naming_fsmo";
-	subobj.SCHEMADN_MOD = "subtree_rename,schema_fsmo";
+	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
+	subobj.CONFIGDN_MOD = "naming_fsmo";
+	subobj.SCHEMADN_MOD = "schema_fsmo";
 	subobj.DOMAINDN_MOD2 = ",objectguid";
 	subobj.CONFIGDN_MOD2 = ",objectguid";
 	subobj.SCHEMADN_MOD2 = ",objectguid";
-- 
cgit 


From 7c721a1f49d576e0a47c35e465206ade1c05d5a9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 29 Oct 2007 10:54:06 +0100
Subject: r25747: Implement linked attributes, for add operations.

Much more work is still required here, particularly to handle this
better during the provision, and to handle modifies and deletes, but
this is a start.

Andrew Bartlett
(This used to be commit 2ba99d58e9fe1f8e4b15a58a2fdfce6e876f99b4)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e5a91b40b5..ef43ed721d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -966,6 +966,7 @@ function provision_guess()
 					"objectclass",
 					"rdn_name",
 					"subtree_rename",
+					"linked_attributes",
 					"show_deleted",
 					"partition");
 	subobj.MODULES_LIST = join(",", modules_list);
-- 
cgit 


From 16d039504763139f1221c3ff4643d1a5cb2bdc87 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 29 Oct 2007 21:25:26 +0100
Subject: r25750: Update the objectclass module to improve consistency in
 Samba4.

The aim here is to ensure that if we have

CN=Users,DC=samba,DC=example,DC=com

that we cannot have a DN of the form

cn=admin ,cn=useRS,DC=samba,DC=example,DC=com

This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.

I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.

In the future, I'll also force the attribute names to be consistant
(using the case from the schema).

Andrew Bartlett
(This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
---
 source4/scripting/libjs/provision.js | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef43ed721d..5ca7be99e5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -631,6 +631,16 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Erasing data from partitions\n");
 	ldb_erase_partitions(info, samdb, ldapbackend);
 	
+	// (hack) Reload, now we have the partitions and rootdse loaded.  
+	var commit_ok = samdb.transaction_commit();
+	if (!commit_ok) {
+		info.message("samdb commit failed: " + samdb.errstring() + "\n");
+		assert(commit_ok);
+	}
+	samdb.close();
+
+	samdb = open_ldb(info, paths.samdb, false);
+
 	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
@@ -951,20 +961,21 @@ function provision_guess()
 	//
 	// Some Known ordering constraints:
 	// - rootdse must be first, as it makes redirects from "" -> cn=rootdse
-	// - samldb must be before password_hash, because password_hash checks
-	//   that the objectclass is of type person (filled in by samldb)
+	// - objectclass must be before password_hash, because password_hash checks
+	//   that the objectclass is of type person (filled in by the objectclass 
+	//   module when expanding the objectclass list)
 	// - partition must be last
 	// - each partition has its own module list then
 	modules_list        = new Array("rootdse",
-					"kludge_acl",
 					"paged_results",
 					"server_sort",
 					"extended_dn",
 					"asq",
 					"samldb",
-					"operational",
-					"objectclass",
 					"rdn_name",
+					"objectclass",
+					"kludge_acl",
+					"operational",
 					"subtree_rename",
 					"linked_attributes",
 					"show_deleted",
-- 
cgit 


From 716391f10679e82835f42490e1d8a69af2acad82 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 10 Nov 2007 05:31:26 +0100
Subject: r25921: Now also listen on ldapi by default in the LDAP server

Create a phpLDAPadmin configuration file example to use ldapi to talk
to Samba4

Andrew Bartlett
(This used to be commit 54f4c8ba6127757fd272bd97e301188eb69977ed)
---
 source4/scripting/libjs/provision.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 5ca7be99e5..f12c4406ff 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -162,6 +162,7 @@ function ldb_erase(info, ldb)
 	/* delete the specials */
 	ldb.del("@INDEXLIST");
 	ldb.del("@ATTRIBUTES");
+	ldb.del("@OPTIONS");
 	ldb.del("@MODULES");
 	ldb.del("@PARTITION");
 	ldb.del("@KLUDGEACL");
@@ -393,6 +394,9 @@ function provision_default_paths(subobj)
 	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-config.ldif";
 	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-schema.ldif";
 
+	paths.s4_ldapi_socket = lp.get("private dir") + "/ldapi";
+	paths.phpldapadminconfig = lp.get("private dir") + "/phpldapadmin-config.php";
+
 	paths.sysvol = lp.get("sysvol", "path");
 
 	if (paths.sysvol == undefined) {
@@ -489,6 +493,9 @@ function provision_fix_subobj(subobj, paths)
 	var ldap_path_list = split("/", paths.ldapdir);
 	subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
 
+	var s4ldap_path_list = split("/", paths.s4_ldapi_socket);
+	subobj.S4_LDAPI_URI = "ldapi://" + join("%2F", s4ldap_path_list);
+
 	subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
 
 	subobj.NETLOGONPATH = paths.netlogon;
@@ -794,6 +801,10 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 		assert(commit_ok);
 	}
 
+	message("Setting up phpLDAPadmin configuration\n");
+	setup_file("phpldapadmin-config.php", info.message, paths.phpldapadminconfig, subobj);
+	message("Please install the phpLDAPadmin configuration located at " + paths.phpldapadminconfig + " into /etc/phpldapadmin/config.php\n");
+
 	return true;
 }
 
-- 
cgit 


From 6c411949612f60ed970aca5f697cd5c37d2d203c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 13 Nov 2007 08:48:29 +0100
Subject: r25936: provision/newuser: don't try to set the 'memberOf' attribute

metze
(This used to be commit c6d959e52cf4b86a52e46402392f32450d3c3635)
---
 source4/scripting/libjs/provision.js | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f12c4406ff..3f3b179688 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -1084,7 +1084,6 @@ function newuser(username, unixname, password, message, session_info, credential
 	var ldif = sprintf("
 dn: %s
 sAMAccountName: %s
-memberOf: %s
 unixName: %s
 sambaPassword: %s
 objectClass: user
-- 
cgit 


From 3f2ca10d2d86f0cd64822f9e5f95633f41263237 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 13 Nov 2007 22:38:55 +0100
Subject: r25940: Rework the samldb and templates handling.

Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules.  This moves them to a seperate templates.ldb.

In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search.  This
returns far more useful errors, which we now handle and report better.

The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain.  This function also returns better errors.

dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()

Andrew Bartlett
(This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
---
 source4/scripting/libjs/provision.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 3f3b179688..73c7608814 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -383,6 +383,7 @@ function provision_default_paths(subobj)
 	paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
 	paths.samdb = lp.get("sam database");
 	paths.secrets = lp.get("secrets database");
+	paths.templates = lp.get("private dir") + "/" + "templates.ldb";
 	paths.keytab = "secrets.keytab";
 	paths.dns_keytab = "dns.keytab";
 	paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab;
@@ -528,6 +529,9 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	info.message = message;
 	info.session_info = session_info;
 
+	message("Setting up teplates into " + paths.templates + "\n");
+	setup_ldb("provision_templates.ldif", info, paths.templates);
+
 	/* Also wipes the database */
 	message("Setting up " + paths.samdb + " partitions\n");
 	setup_ldb("provision_partitions.ldif", info, paths.samdb);
@@ -548,9 +552,6 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	message("Setting up " + paths.samdb + " indexes\n");
 	setup_add_ldif("provision_index.ldif", info, samdb, false);
 
-	message("Setting up " + paths.samdb + " templates\n");
-	setup_add_ldif("provision_templates.ldif", info, samdb, false);
-
 	ok = samdb.transaction_commit();
 	assert(ok);
 
@@ -623,6 +624,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var reg = reg_open();
 	reg.apply_patchfile(lp.get("setup directory") + "/provision.reg")
 
+	message("Setting up teplates into " + paths.templates + "\n");
+	setup_ldb("provision_templates.ldif", info, paths.templates);
+
 	message("Setting up sam.ldb partitions\n");
 	/* Also wipes the database */
 	setup_ldb("provision_partitions.ldif", info, paths.samdb);
@@ -707,8 +711,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
 	message("Setting up display specifiers\n");
 	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
-	message("Setting up sam.ldb templates\n");
-	setup_add_ldif("provision_templates.ldif", info, samdb, false);
 
 	message("Adding users container (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
-- 
cgit 


From 8959af0a6fa493d4bdfcb609e7d5931a44a4567d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 14 Nov 2007 03:55:05 +0100
Subject: r25950: Enable seperate module to prevent subtree deletes.

Andrew Bartlett
(This used to be commit a71414ec3efd3e52a898b58bd2ea7d986518f531)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 73c7608814..ecd21975ae 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -990,6 +990,7 @@ function provision_guess()
 					"kludge_acl",
 					"operational",
 					"subtree_rename",
+					"subtree_delete",
 					"linked_attributes",
 					"show_deleted",
 					"partition");
-- 
cgit 


From c4d7646f294df54d6b5e7a3ac236dfa4e861c501 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 27 Nov 2007 02:49:37 +0100
Subject: r26139: Based on a report by Theodor Chirana, don't assert() on
 invalid

netbios names at this point, the calling order has changed, and we
have a more informative place to do it.

Andrew Bartlett
(This used to be commit 3136dccd542a72ecda0c73a91674383736571bb5)
---
 source4/scripting/libjs/provision.js | 2 --
 1 file changed, 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ecd21975ae..f78d994237 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -464,9 +464,7 @@ function provision_fix_subobj(subobj, paths)
 	subobj.REALM       = strupper(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
-	assert(valid_netbios_name(subobj.DOMAIN));
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
-	assert(valid_netbios_name(subobj.NETBIOSNAME));
 	subobj.DNSDOMAIN    = strlower(subobj.REALM);
 	subobj.DNSNAME      = sprintf("%s.%s", 
 				      strlower(subobj.HOSTNAME), 
-- 
cgit 


From cd1f19d7d306e59df2d7b5db16d317206408babc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Dec 2007 05:49:06 +0100
Subject: r26244: Add a module (sans tests for the moment) that implements
 ranged

results, as used particularly by MMC's Active Directory Users and
Computers to list group members.

This may be used on any attribute, but is useful to obtain attributes
that may be lengthy in 'pages'.  The implementation presumes that
attributes will always be returned by the DB in the same order.

Andrew Bartlett
(This used to be commit c789a91e00b47b2f02513e97101b9606d00c6aaa)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f78d994237..08407418d3 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -979,6 +979,7 @@ function provision_guess()
 	// - each partition has its own module list then
 	modules_list        = new Array("rootdse",
 					"paged_results",
+					"ranged_results",
 					"server_sort",
 					"extended_dn",
 					"asq",
-- 
cgit 


From a2a4aba5fd7a2ec0a7131f32c8bccd5dbe04e1f1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Dec 2007 05:51:04 +0100
Subject: r26245: Make it easier to handle the LDAP backend, with it's
 differing needs,

by seperating the modules list into parts.  That way, we can remove
the modules that the backend will provide.

Andrew Bartlett
(This used to be commit d67e5c7896f6d3064298897ae4d3204498824b06)
---
 source4/scripting/libjs/provision.js | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 08407418d3..0a064de68d 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -977,23 +977,25 @@ function provision_guess()
 	//   module when expanding the objectclass list)
 	// - partition must be last
 	// - each partition has its own module list then
-	modules_list        = new Array("rootdse",
-					"paged_results",
-					"ranged_results",
-					"server_sort",
-					"extended_dn",
-					"asq",
-					"samldb",
-					"rdn_name",
-					"objectclass",
-					"kludge_acl",
-					"operational",
-					"subtree_rename",
-					"subtree_delete",
-					"linked_attributes",
-					"show_deleted",
-					"partition");
+	var modules_list     = new Array("rootdse",
+					 "paged_results",
+					 "ranged_results",
+					 "server_sort",
+					 "extended_dn",
+					 "asq",
+					 "samldb",
+					 "rdn_name",
+					 "objectclass",
+					 "kludge_acl",
+					 "operational");
+	var tdb_modules_list = new Array("subtree_rename",
+					 "subtree_delete",
+					 "linked_attributes");
+	var modules_list2    = new Array("show_deleted",
+					 "partition");
 	subobj.MODULES_LIST = join(",", modules_list);
+	subobj.TDB_MODULES_LIST = "," + join(",", tdb_modules_list);
+	subobj.MODULES_LIST2 = join(",", modules_list2);
 	subobj.DOMAINDN_LDB = "users.ldb";
 	subobj.CONFIGDN_LDB = "configuration.ldb";
 	subobj.SCHEMADN_LDB = "schema.ldb";
-- 
cgit 


From bb07e5853149b7d3c1fee3c93cbcefb333038dbc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Dec 2007 07:03:52 +0100
Subject: r26246: Make it easier to debug assert()s in the provision, if
 messages are

suppressed with --quiet.  Hopefully this will be easier with python.

Andrew Bartlett
(This used to be commit f6e0e15fa5e2b0b7368ff945cc988579aaba0a6c)
---
 source4/scripting/libjs/provision.js | 50 +++++++++++++++++-------------------
 1 file changed, 23 insertions(+), 27 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 0a064de68d..2dfc941a66 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -653,40 +653,38 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
-	var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
-	if (!modify_ok) {
+	var modify_basedn_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
+	if (!modify_basedn_ok) {
 		if (!add_ok) {
 			message("%s", "Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
 		};
-		assert(modify_ok);
+		assert(modify_basedn_ok);
 	};
 
 	message("Adding configuration container (permitted to fail)\n");
-	var add_ok = setup_add_ldif("provision_configuration_basedn.ldif", info, samdb, true);
+	var add_config_ok = setup_add_ldif("provision_configuration_basedn.ldif", info, samdb, true);
 	message("Modifying configuration container\n");
-	var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
-	if (!modify_ok) {
-		if (!add_ok) {
+	var modify_config_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
+	if (!modify_config_ok) {
+		if (!add_config_ok) {
 			message("%s", "Failed to both add and modify " + subobj.CONFIGDN + " in target " + subobj.CONFIGDN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
-			assert(modify_ok);
 		}
-		assert(modify_ok);
+		assert(modify_config_ok);
 	}
 
 	message("Adding schema container (permitted to fail)\n");
-	var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
+	var add_schema_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
 	message("Modifying schema container\n");
-	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
-	if (!modify_ok) {
-		if (!add_ok) {
+	var modify_schema_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
+	if (!modify_schema_ok) {
+		if (!add_schema_ok) {
 			message("%s", "Failed to both add and modify " + subobj.SCHEMADN + " in target " + subobj.SCHEMADN_LDB + ": " + samdb.errstring() + "\n");
 			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
-			assert(modify_ok);
 		}
 		message("Failed to modify the schema container: " + samdb.errstring() + "\n");
-		assert(modify_ok);
+		assert(modify_schema_ok);
 	}
 
 	message("Setting up sam.ldb Samba4 schema\n");
@@ -711,26 +709,24 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
 
 	message("Adding users container (permitted to fail)\n");
-	var add_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
+	var add_users_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
 	message("Modifying users container\n");
-	var modify_ok = setup_ldb_modify("provision_users_modify.ldif", info, samdb);
-	if (!modify_ok) {
-		if (!add_ok) {
+	var modify_users_ok = setup_ldb_modify("provision_users_modify.ldif", info, samdb);
+	if (!modify_users_ok) {
+		if (!add_users_ok) {
 			message("Failed to both add and modify the users container\n");
-			assert(modify_ok);
 		}
-		assert(modify_ok);
+		assert(modify_users_ok);
 	}
 	message("Adding computers container (permitted to fail)\n");
-	var add_ok = setup_add_ldif("provision_computers_add.ldif", info, samdb, true);
+	var add_computers_ok = setup_add_ldif("provision_computers_add.ldif", info, samdb, true);
 	message("Modifying computers container\n");
-	var modify_ok = setup_ldb_modify("provision_computers_modify.ldif", info, samdb);
-	if (!modify_ok) {
-		if (!add_ok) {
+	var modify_computers_ok = setup_ldb_modify("provision_computers_modify.ldif", info, samdb);
+	if (!modify_computers_ok) {
+		if (!add_computers_ok) {
 			message("Failed to both add and modify the computers container\n");
-			assert(modify_ok);
 		}
-		assert(modify_ok);
+		assert(modify_computers_ok);
 	}
 
 	message("Setting up sam.ldb data\n");
-- 
cgit 


From f5860b5a853c40c9e48f5bb0a87c086d268c53bd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Dec 2007 00:40:48 +0100
Subject: r26298: Use metze's schema loading code to pre-initialise the schema
 into the

samdb before we start writing entries into it.

In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).

We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.

When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works.  This required some ejs
glue.

Andrew Bartlett
(This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
---
 source4/scripting/libjs/provision.js | 55 +++++++++++++++++++++++++++++-------
 1 file changed, 45 insertions(+), 10 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 2dfc941a66..b42f3b2580 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -563,6 +563,44 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	return true;
 }
 
+function load_schema(subobj, message, samdb)
+{
+	var lp = loadparm_init();
+	var src = lp.get("setup directory") + "/" + "schema.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var schema_data = sys.file_load(src);
+
+	src = lp.get("setup directory") + "/" + "schema_samba4.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	schema_data = schema_data + sys.file_load(src);
+
+	schema_data = substitute_var(schema_data, subobj);
+
+	src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var head_data = sys.file_load(src);
+	head_data = substitute_var(head_data, subobj);
+
+	var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data);
+	return ok;
+}
+
+
 /*
   provision samba4 - caution, this wipes all existing data!
 */
@@ -648,8 +686,15 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	}
 	samdb.close();
 
+	message("Pre-loading the Samba4 and AD schema\n");
+	
 	samdb = open_ldb(info, paths.samdb, false);
 
+	samdb.set_domain_sid(subobj.DOMAINSID);
+
+	var load_schema_ok = load_schema(subobj, message, samdb);
+	assert(load_schema_ok.is_ok);
+
 	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
@@ -692,16 +737,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb AD schema\n");
 	setup_add_ldif("schema.ldif", info, samdb, false);
 
-	// (hack) Reload, now we have the schema loaded.  
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-	samdb.close();
-
-	samdb = open_ldb(info, paths.samdb, false);
-
 	message("Setting up sam.ldb configuration data\n");
 	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
 
-- 
cgit 


From d8b91031116b81ae10e2a0fc568ccbf88052e0f3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Dec 2007 01:25:39 +0100
Subject: r26302: Print the error string for failed rootdse searches.

Andrew Bartlett
(This used to be commit a7595d009a89fecd7723a1e356d5a58d687bdbb0)
---
 source4/scripting/libjs/provision.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b42f3b2580..e7e844bb89 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -198,7 +198,10 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 	var j;
 
 	var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
-	assert(res.error == 0);
+	if (res.error != 0) {
+		info.message("rootdse search failed: " + res.errstr + "\n");
+		assert(res.error == 0);
+	}
 	assert(res.msgs.length == 1);
 	if (typeof(res.msgs[0].namingContexts) == "undefined") {
 		return;
-- 
cgit 


From c3c27fadc0a53f8d3de57bae1158a8b244742d72 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Dec 2007 03:00:48 +0100
Subject: r26303: Fix up error reporting during the delete of previous entries
 in the

provision, and ignore 'no such entry' as an error (it is normal, and
just means the partition is compleatly empty).

Andrew Bartlett
(This used to be commit 1fb8c31a3da6fc07f55027f05dba5e03dcf8a4f7)
---
 source4/scripting/libjs/provision.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e7e844bb89..5e9e43a858 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -224,7 +224,10 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 			var res2 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
 			var i;
 			if (res2.error != 0) {
-				info.message("ldb search failed: " + res.errstr + "\n");
+				if (res2.error == 32) {
+					break;
+				}
+				info.message("ldb search failed: " + res2.errstr + "\n");
 				continue;
 			}
 			previous_remaining = current_remaining;
@@ -235,7 +238,7 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 			
 			var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
 			if (res3.error != 0) {
-				info.message("ldb search failed: " + res.errstr + "\n");
+				info.message("ldb search failed: " + res3.errstr + "\n");
 				continue;
 			}
 			if (res3.msgs.length != 0) {
-- 
cgit 


From 439f85c60976cd1fd725b78b8b0a061cba219424 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Dec 2007 03:03:33 +0100
Subject: r26304: More work to remove silly error printouts.

Andrew Bartlett
(This used to be commit ba23dac0319f7c5ad89e5d79174520892027afdd)
---
 source4/scripting/libjs/provision.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 5e9e43a858..a64fdb8977 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -226,9 +226,10 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 			if (res2.error != 0) {
 				if (res2.error == 32) {
 					break;
+				} else {
+					info.message("ldb search(2) failed: " + res2.errstr + "\n");
+					continue;
 				}
-				info.message("ldb search failed: " + res2.errstr + "\n");
-				continue;
 			}
 			previous_remaining = current_remaining;
 			current_remaining = res2.msgs.length;
@@ -238,7 +239,7 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 			
 			var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
 			if (res3.error != 0) {
-				info.message("ldb search failed: " + res3.errstr + "\n");
+				info.message("ldb search(3) failed: " + res3.errstr + "\n");
 				continue;
 			}
 			if (res3.msgs.length != 0) {
-- 
cgit 


From cc35894fb5b86373677a89f33297e763f9813ef1 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 6 Dec 2007 21:10:24 +0100
Subject: r26317: Fix typos. (This used to be commit
 4c7e3843a0e1a914b259526dcd3e50bd238816af)

---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index a64fdb8977..7d77bf7885 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -534,7 +534,7 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	info.message = message;
 	info.session_info = session_info;
 
-	message("Setting up teplates into " + paths.templates + "\n");
+	message("Setting up templates into " + paths.templates + "\n");
 	setup_ldb("provision_templates.ldif", info, paths.templates);
 
 	/* Also wipes the database */
@@ -667,7 +667,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var reg = reg_open();
 	reg.apply_patchfile(lp.get("setup directory") + "/provision.reg")
 
-	message("Setting up teplates into " + paths.templates + "\n");
+	message("Setting up templates into " + paths.templates + "\n");
 	setup_ldb("provision_templates.ldif", info, paths.templates);
 
 	message("Setting up sam.ldb partitions\n");
-- 
cgit 


From dd7e5ed88c48f4ee39e53be07c8839791e914e45 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 8 Dec 2007 23:32:37 +0100
Subject: r26352: Don't make lp_load create a new context. (This used to be
 commit d0d5c1a823a6601292c061dba2b6f4bde2b9e3dd)

---
 source4/scripting/libjs/provision.js | 2 +-
 source4/scripting/libjs/upgrade.js   | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 7d77bf7885..f9814884f3 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -386,7 +386,7 @@ function provision_default_paths(subobj)
 	var dnsdomain = strlower(subobj.REALM);
 	var lp = loadparm_init();
 	var paths = new Object();
-	paths.smbconf = lp.get("config file");
+	paths.smbconf = lp.filename()
 	paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
 	paths.samdb = lp.get("sam database");
 	paths.secrets = lp.get("secrets database");
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index 3504d850f2..3a548fe34b 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -468,7 +468,6 @@ smbconf_keep = new Array(
 	"wins support",
 	"csc policy",
 	"strict locking",
-	"config file",
 	"preload",
 	"auto services",
 	"lock dir",
-- 
cgit 


From 9d4d41f65dc8380d3c3ce19fceefbe3d00bd4e07 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 13 Dec 2007 03:07:38 +0100
Subject: r26419: Add a module to implement 'ambigious name resolution' by
 munging the

incoming LDAP filter.

Warning: Any anr search will perform a full index search.  Untill ldb
gets substring indexes, this is unavoidable.

Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').

This will also be useful to OpenChange, as their server needs to
implement this.

Andrew Bartlett
(This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
---
 source4/scripting/libjs/provision.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index f9814884f3..0da02ae276 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -1018,6 +1018,7 @@ function provision_guess()
 	var modules_list     = new Array("rootdse",
 					 "paged_results",
 					 "ranged_results",
+					 "anr",
 					 "server_sort",
 					 "extended_dn",
 					 "asq",
-- 
cgit 


From 7c146c42d2cf51e891b9f29d3b61a40f173a3b23 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 25 Dec 2007 16:36:31 -0600
Subject: r26593: - More work on the python versions of samba3dump and the
 samba3sam tests.

- Initial work converting the upgrade code to Python.
- Removed the old EJS upgrade code because it has been broken for a long time.
(This used to be commit 150cf39fbd4fe088546870fb0d8f20c0d9eb4aca)
---
 source4/scripting/libjs/upgrade.js | 687 -------------------------------------
 1 file changed, 687 deletions(-)
 delete mode 100644 source4/scripting/libjs/upgrade.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
deleted file mode 100644
index 3a548fe34b..0000000000
--- a/source4/scripting/libjs/upgrade.js
+++ /dev/null
@@ -1,687 +0,0 @@
-/*
-	backend code for upgrading from Samba3
-	Copyright Jelmer Vernooij 2005
-	Released under the GNU GPL v2 or later
-*/
-
-libinclude("base.js");
-
-function regkey_to_dn(name)
-{
-	var dn = "hive=NONE";
-	var i = 0;
-
-	var as = split("/", name);
-
-	for (i in as) {
-		if (i > 0) {
-			dn = sprintf("key=%s,", as[i]) + dn;
-		}
-	}
-
-	return dn;
-}
-
-/* Where prefix is any of:
- * - HKLM
- *   HKU
- *   HKCR
- *   HKPD
- *   HKPT
- */
-
-function upgrade_registry(regdb,prefix,ldb)
-{
-	assert(regdb != undefined);
-	var prefix_up = strupper(prefix);
-	var ldif = new Array();
-
-	for (var i in regdb.keys) {
-		var rk = regdb.keys[i];
-		var pts = split("/", rk.name);
-
-		/* Only handle selected hive */
-		if (strupper(pts[0]) != prefix_up) {
-			continue;
-		}
-
-		var keydn = regkey_to_dn(rk.name);
-
-		var pts = split("/", rk.name);
-
-		/* Convert key name to dn */
-		ldif[rk.name] = sprintf("
-dn: %s
-name: %s
-
-", keydn, pts[0]);
-		
-		for (var j in rk.values) {
-			var rv = rk.values[j];
-
-			ldif[rk.name + " (" + rv.name + ")"] = sprintf("
-dn: %s,value=%s
-value: %s
-type: %d
-data:: %s", keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data));
-		}
-	}
-
-	return ldif;
-}
-
-function upgrade_sam_policy(samba3,dn)
-{
-	var ldif = sprintf("
-dn: %s
-changetype: modify
-replace: minPwdLength
-minPwdLength: %d
-pwdHistoryLength: %d
-minPwdAge: %d
-maxPwdAge: %d
-lockoutDuration: %d
-samba3ResetCountMinutes: %d
-samba3UserMustLogonToChangePassword: %d
-samba3BadLockoutMinutes: %d
-samba3DisconnectTime: %d
-
-", dn, samba3.policy.min_password_length, 
-	samba3.policy.password_history, samba3.policy.minimum_password_age,
-	samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
-	samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
-	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time
-);
-	
-	return ldif;
-}
-
-function upgrade_sam_account(ldb,acc,domaindn,domainsid)
-{
-	if (acc.nt_username == undefined) {
-		acc.nt_username = acc.username;
-	}	
-
-	if (acc.nt_username == "") {
-		acc.nt_username = acc.username;
-	}	
-
-	if (acc.fullname == undefined) {
-		var pw = nss.getpwnam(acc.fullname);
-		acc.fullname = pw.pw_gecos;
-	}
-
-	var pts = split(',', acc.fullname);
-	acc.fullname = pts[0];
-
-	if (acc.fullname == undefined) {
-		acc.fullname = acc.username;
-	}
-	
-	assert(acc.fullname != undefined);
-	assert(acc.nt_username != undefined);
-
-	var ldif = sprintf(
-"dn: cn=%s,%s
-objectClass: top
-objectClass: user
-lastLogon: %d
-lastLogoff: %d
-unixName: %s
-sAMAccountName: %s
-cn: %s
-description: %s
-primaryGroupID: %d
-badPwdcount: %d
-logonCount: %d
-samba3Domain: %s
-samba3DirDrive: %s
-samba3MungedDial: %s
-samba3Homedir: %s
-samba3LogonScript: %s
-samba3ProfilePath: %s
-samba3Workstations: %s
-samba3KickOffTime: %d
-samba3BadPwdTime: %d
-samba3PassLastSetTime: %d
-samba3PassCanChangeTime: %d
-samba3PassMustChangeTime: %d
-objectSid: %s-%d
-lmPwdHash:: %s
-ntPwdHash:: %s
-
-", ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
-
-acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
-acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
-acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
-acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
-	ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); 
-
-	return ldif;
-}
-
-function upgrade_sam_group(grp,domaindn)
-{
-	var nss = nss_init();
-
-	var gr;
-	if (grp.sid_name_use == 5) { // Well-known group
-		return undefined;
-	}
-
-	if (grp.nt_name == "Domain Guests" ||
-	    grp.nt_name == "Domain Users" ||
-	    grp.nt_name == "Domain Admins") {
-		return undefined;
-	}
-	
-	if (grp.gid == -1) {
-		gr = nss.getgrnam(grp.nt_name);
-	} else {
-		gr = nss.getgrgid(grp.gid);
-	}
-
-	if (gr == undefined) {
-		grp.unixname = "UNKNOWN";
-	} else {
-		grp.unixname = gr.gr_name;
-	}
-
-	assert(grp.unixname != undefined);
-	
-	var ldif = sprintf(
-"dn: cn=%s,%s
-objectClass: top
-objectClass: group
-description: %s
-cn: %s
-objectSid: %s
-unixName: %s
-samba3SidNameUse: %d
-", grp.nt_name, domaindn, 
-grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use);
-
-	return ldif;
-}
-
-function upgrade_winbind(samba3,domaindn)
-{
-	var ldif = sprintf("
-		
-dn: dc=none
-userHwm: %d
-groupHwm: %d
-
-", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
-
-	for (var i in samba3.idmap.mappings) {
-		var m = samba3.idmap.mappings[i];
-		ldif = ldif + sprintf("
-dn: SID=%s,%s
-SID: %s
-type: %d
-unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
-	}
-	
-	return ldif;
-}
-*/
-
-function upgrade_wins(samba3)
-{
-	var ldif = "";
-	var version_id = 0;
-
-	for (i in samba3.winsentries) {
-		var rType;
-		var rState;
-		var nType;
-		var numIPs = 0;
-		var e = samba3.winsentries[i];
-		var now = sys.nttime();
-		var ttl = sys.unix2nttime(e.ttl);
-
-		version_id++;
-
-		for (var i in e.ips) {
-			numIPs++;
-		}
-
-		if (e.type == 0x1C) {
-			rType = 0x2;
-		} else if (sys.bitAND(e.type, 0x80)) {
-			if (numIPs > 1) {
-				rType = 0x2;
-			} else {
-				rType = 0x1;
-			}
-		} else {
-			if (numIPs > 1) {
-				rType = 0x3;
-			} else {
-				rType = 0x0;
-			}
-		}
-
-		if (ttl > now) {
-			rState = 0x0;/* active */
-		} else {
-			rState = 0x1;/* released */		
-		}
-
-		nType = (sys.bitAND(e.nb_flags,0x60)>>5);
-
-		ldif = ldif + sprintf("
-dn: name=%s,type=0x%02X
-type: 0x%02X
-name: %s
-objectClass: winsRecord
-recordType: %u
-recordState: %u
-nodeType: %u
-isStatic: 0
-expireTime: %s
-versionID: %llu
-", e.name, e.type, e.type, e.name, 
-   rType, rState, nType, 
-   sys.ldaptime(ttl), version_id);
-
-		for (var i in e.ips) {
-			ldif = ldif + sprintf("address: %s\n", e.ips[i]);
-		}
-	}
-
-	ldif = ldif + sprintf("
-dn: CN=VERSION
-objectClass: winsMaxVersion
-maxVersion: %llu
-", version_id);
-
-	return ldif;
-}
-
-function upgrade_provision(samba3)
-{
-	var subobj = new Object();
-	var nss = nss_init();
-	var lp = loadparm_init();
-	var rdn_list;
-
-	var domainname = samba3.configuration.get("workgroup");
-	
-	if (domainname == undefined) {
-		domainname = samba3.secrets.domains[0].name;
-		println("No domain specified in smb.conf file, assuming '" + domainname + "'");
-	}
-	
-	var domsec = samba3.find_domainsecrets(domainname);
-	var hostsec = samba3.find_domainsecrets(hostname());
-	var realm = samba3.configuration.get("realm");
-
-	if (realm == undefined) {
-		realm = domainname;
-		println("No realm specified in smb.conf file, assuming '" + realm + "'");
-	}
-	random_init(local);
-
-	subobj.REALM        = realm;
-	subobj.DOMAIN       = domainname;
-	subobj.HOSTNAME     = hostname();
-
-	assert(subobj.REALM);
-	assert(subobj.DOMAIN);
-	assert(subobj.HOSTNAME);
-
-	subobj.HOSTIP       = hostip();
-	if (domsec != undefined) {
-		subobj.DOMAINGUID   = domsec.guid;
-		subobj.DOMAINSID    = domsec.sid;
-	} else {
-		println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
-		subobj.DOMAINGUID = randguid();
-		subobj.DOMAINSID = randsid();
-	}
-	
-	if (hostsec) {
-		subobj.HOSTGUID     = hostsec.guid;
-	} else {
-		subobj.HOSTGUID = randguid();
-	}
-	subobj.INVOCATIONID = randguid();
-	subobj.KRBTGTPASS   = randpass(12);
-	subobj.MACHINEPASS  = randpass(12);
-	subobj.ADMINPASS    = randpass(12);
-	subobj.DEFAULTSITE  = "Default-First-Site-Name";
-	subobj.NEWGUID      = randguid;
-	subobj.NTTIME       = nttime;
-	subobj.LDAPTIME     = ldaptime;
-	subobj.DATESTRING   = datestring;
-	subobj.ROOT         = findnss(nss.getpwnam, "root");
-	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
-	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
-	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root");
-	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
-	subobj.DNSDOMAIN    = strlower(subobj.REALM);
-	subobj.DNSNAME      = sprintf("%s.%s", 
-				      strlower(subobj.HOSTNAME), 
-				      subobj.DNSDOMAIN);
-	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
-	rdn_list = split(".", subobj.DNSDOMAIN);
-	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
-	subobj.DOMAINDN_LDB = "users.ldb";
-	subobj.ROOTDN       = subobj.DOMAINDN;
-
-	modules_list        = new Array("rootdse",
-					"kludge_acl",
-					"paged_results",
-					"server_sort",
-					"extended_dn",
-					"asq",
-					"samldb",
-					"password_hash",
-					"operational",
-					"objectclass",
-					"rdn_name",
-					"show_deleted",
-					"partition");
-	subobj.MODULES_LIST = join(",", modules_list);
-
-	return subobj;
-}
-
-smbconf_keep = new Array(
-	"dos charset", 
-	"unix charset",
-	"display charset",
-	"comment",
-	"path",
-	"directory",
-	"workgroup",
-	"realm",
-	"netbios name",
-	"netbios aliases",
-	"netbios scope",
-	"server string",
-	"interfaces",
-	"bind interfaces only",
-	"security",
-	"auth methods",
-	"encrypt passwords",
-	"null passwords",
-	"obey pam restrictions",
-	"password server",
-	"smb passwd file",
-	"private dir",
-	"passwd chat",
-	"password level",
-	"lanman auth",
-	"ntlm auth",
-	"client NTLMv2 auth",
-	"client lanman auth",
-	"client plaintext auth",
-	"read only",
-	"hosts allow",
-	"hosts deny",
-	"log level",
-	"debuglevel",
-	"log file",
-	"smb ports",
-	"large readwrite",
-	"max protocol",
-	"min protocol",
-	"unicode",
-	"read raw",
-	"write raw",
-	"disable netbios",
-	"nt status support",
-	"announce version",
-	"announce as",
-	"max mux",
-	"max xmit",
-	"name resolve order",
-	"max wins ttl",
-	"min wins ttl",
-	"time server",
-	"unix extensions",
-	"use spnego",
-	"server signing",
-	"client signing",
-	"max connections",
-	"paranoid server security",
-	"socket options",
-	"strict sync",
-	"max print jobs",
-	"printable",
-	"print ok",
-	"printer name",
-	"printer",
-	"map system",
-	"map hidden",
-	"map archive",
-	"preferred master",
-	"prefered master",
-	"local master",
-	"browseable",
-	"browsable",
-	"wins server",
-	"wins support",
-	"csc policy",
-	"strict locking",
-	"preload",
-	"auto services",
-	"lock dir",
-	"lock directory",
-	"pid directory",
-	"socket address",
-	"copy",
-	"include",
-	"available",
-	"volume",
-	"fstype",
-	"panic action",
-	"msdfs root",
-	"host msdfs",
-	"winbind separator");
-
-/*
-   Remove configuration variables not present in Samba4
-	oldconf: Old configuration structure
-	mark: Whether removed configuration variables should be 
-		kept in the new configuration as "samba3:<name>"
- */
-function upgrade_smbconf(oldconf,mark)
-{
-	var data = oldconf.data();
-	var newconf = param_init();
-
-	for (var s in data) {
-		for (var p in data[s]) {
-			var keep = false;
-			for (var k in smbconf_keep) { 
-				if (smbconf_keep[k] == p) {
-					keep = true;
-					break;
-				}
-			}
-
-			if (keep) {
-				newconf.set(s, p, oldconf.get(s, p));
-			} else if (mark) {
-				newconf.set(s, "samba3:"+p, oldconf.get(s,p));
-			}
-		}
-	}
-
-	if (oldconf.get("domain logons") == "True") {
-		newconf.set("server role", "domain controller");
-	} else {
-		if (oldconf.get("security") == "user") {
-			newconf.set("server role", "standalone");
-		} else {
-			newconf.set("server role", "member server");
-		}
-	}
-
-	return newconf;
-}
-
-function upgrade(subobj, samba3, message, paths, session_info, credentials)
-{
-	var ret = 0;
-	var lp = loadparm_init();
-	var samdb = ldb_init();
-	samdb.session_info = session_info;
-	samdb.credentials = credentials;
-	var ok = samdb.connect(paths.samdb);
-	if (!ok) {
-		info.message("samdb connect failed: " + samdb.errstring() + "\n");
-		assert(ok);
-	}
-
-	message("Writing configuration\n");
-	var newconf = upgrade_smbconf(samba3.configuration,true);
-	newconf.save(paths.smbconf);
-
-	message("Importing account policies\n");
-	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
-	ok = samdb.modify(ldif);
-	if (!ok) {
-		message("samdb load failed: " + samdb.errstring() + "\n");
-		assert(ok);
-	}
-	var regdb = ldb_init();
-	ok = regdb.connect(paths.hklm);
-	if (!ok) {
-		message("registry connect: " + regdb.errstring() + "\n");
-		assert(ok);
-	}
-
-	ok = regdb.modify(sprintf("
-dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE
-replace: type
-type: 4
-replace: data
-data: %d
-", samba3.policy.refuse_machine_password_change));
-	if (!ok) {
-		message("registry load failed: " + regdb.errstring() + "\n");
-		assert(ok);
-	}
-
-	message("Importing users\n");
-	for (var i in samba3.samaccounts) {
-		var msg = "... " + samba3.samaccounts[i].username;
-		var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID);
-		ok = samdb.add(ldif);
-		if (!ok && samdb.errstring() != "Record exists") { 
-			msg = msg + "... error: " + samdb.errstring();
-			ret = ret + 1; 
-		}
-		message(msg + "\n");
-	}
-
-	message("Importing groups\n");
-	for (var i in samba3.groupmappings) {
-		var msg = "... " + samba3.groupmappings[i].nt_name;
-		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
-		if (ldif != undefined) {
-			ok = samdb.add(ldif);
-			if (!ok && samdb.errstring() != "Record exists") { 
-				msg = msg + "... error: " + samdb.errstring();
-				ret = ret + 1; 
-			}
-		}
-		message(msg + "\n");
-	}
-
-	message("Importing registry data\n");
-	var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt"); 
-	for (var i in hives) {
-		var hn = hives[i];
-		message("... " + hn + "\n");
-		regdb = ldb_init();
-		ok = regdb.connect(paths[hn]);
-		assert(ok);
-		var ldif = upgrade_registry(samba3.registry, hn, regdb);
-		for (var j in ldif) {
-			var msg = "... ... " + j;
-			ok = regdb.add(ldif[j]);
-			if (!ok && regdb.errstring() != "Record exists") { 
-				msg = msg + "... error: " + regdb.errstring();
-				ret = ret + 1; 
-			}
-			message(msg + "\n");
-		}
-	}
-
-
-	message("Importing WINS data\n");
-	var winsdb = ldb_init();
-	ok = winsdb.connect(paths.winsdb);
-	assert(ok);
-	ldb_erase(winsdb);
-
-	var ldif = upgrade_wins(samba3);
-	ok = winsdb.add(ldif);
-	assert(ok);
-
-	// figure out ldapurl, if applicable
-	var ldapurl = undefined;
-	var pdb = samba3.configuration.get_list("passdb backend");
-	if (pdb != undefined) {
-		for (var b in pdb) {
-			if (strlen(pdb[b]) >= 7) {
-				if (substr(pdb[b], 0, 7) == "ldapsam") {
-					ldapurl = substr(pdb[b], 8);
-				}
-			}
-		}
-	}
-
-	// URL was not specified in passdb backend but ldap /is/ used
-	if (ldapurl == "") {
-		ldapurl = "ldap://" + samba3.configuration.get("ldap server");
-	}
-
-	// Enable samba3sam module if original passdb backend was ldap
-	if (ldapurl != undefined) {
-		message("Enabling Samba3 LDAP mappings for SAM database\n");
-
-		ok = samdb.modify("
-dn: @MODULES
-changetype: modify
-replace: @LIST
-@LIST: samldb,operational,objectguid,rdn_name,samba3sam
-");
-		if (!ok) {
-			message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
-			ret = ret + 1;
-		}
-
-		ok = samdb.add(sprintf("
-dn: @MAP=samba3sam
-@MAP_URL: %s", ldapurl));
-		assert(ok);
-
-	}
-
-	return ret;
-}
-
-function upgrade_verify(subobj, samba3,paths,message)
-{
-	message("Verifying account policies\n");
-	var samldb = ldb_init();
-	var ne = 0;
-
-	var ok = samldb.connect(paths.samdb);
-	assert(ok);
-
-	for (var i in samba3.samaccounts) {
-		var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))");
-		assert(msg.length >= 1);
-	}
-	
-	// FIXME
-}
-- 
cgit 


From 48c2d871ea4864fcce47fc5e1fab926ce81de854 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 11 Jan 2008 15:21:23 +1100
Subject: Use 'dn' less, as this is not a valid attribute in AD, and I want to
 remove it from ldb.  It is not longer mapped against OpenLDAP.

Andrew Bartlett
(This used to be commit f917ccec85f854423f423bbffc41459d92960a1b)
---
 source4/scripting/libjs/provision.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 0da02ae276..266bac1a75 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -170,7 +170,7 @@ function ldb_erase(info, ldb)
 	/* and the rest */
 	attrs = new Array("dn");
      	var basedn = "";
-     	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
+     	var res = ldb.search("(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	var i;
 	if (res.error != 0) {
 		ldb_delete(info, ldb);
@@ -180,7 +180,7 @@ function ldb_erase(info, ldb)
 		ldb.del(res.msgs[i].dn);
 	}
 
-     	var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
+     	var res = ldb.search("(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.error != 0 || res.msgs.length != 0) {
 		ldb_delete(info, ldb);
 		return;
@@ -207,8 +207,8 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
 		return;
 	}	
 	for (j=0; j<res.msgs[0].namingContexts.length; j++) {
-		var anything = "(|(objectclass=*)(dn=*))";
-		var attrs = new Array("dn");
+		var anything = "(|(objectclass=*)(distinguishedName=*))";
+		var attrs = new Array("distinguishedName");
 		var basedn = res.msgs[0].namingContexts[j];
 		var k;
 		var previous_remaining = 1;
-- 
cgit 


From f1e177a7b8e660b245d5fb9b11a66b43c9b69784 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 17 Jan 2008 12:00:27 +1100
Subject: provision: simplfy by removing old code to manually create baseDNs.

Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.

We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.

Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.

Andrew Bartlett
(This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f)
---
 source4/scripting/libjs/provision.js | 38 ++++++------------------------------
 1 file changed, 6 insertions(+), 32 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 266bac1a75..381288417a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -398,9 +398,6 @@ function provision_default_paths(subobj)
 	paths.named_conf = lp.get("private dir") + "/named.conf";
 	paths.winsdb = "wins.ldb";
 	paths.ldapdir = lp.get("private dir") + "/ldap";
-	paths.ldap_basedn_ldif = paths.ldapdir + "/" + dnsdomain + ".ldif";
-	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-config.ldif";
-	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-schema.ldif";
 
 	paths.s4_ldapi_socket = lp.get("private dir") + "/ldapi";
 	paths.phpldapadminconfig = lp.get("private dir") + "/phpldapadmin-config.php";
@@ -866,6 +863,12 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 	/* This will erase anything in the tmp db */
 	var samdb = open_ldb(info, tmp_schema_path, true);
 
+	message("Setting up sam.ldb attributes\n");
+	setup_add_ldif("provision_init.ldif", info, samdb, false);
+
+	message("Setting up sam.ldb rootDSE\n");
+	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
+
 	message("Adding schema container (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
 	message("Modifying schema container\n");
@@ -934,34 +937,6 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 	message("Please install the zone located in " + paths.dns + " into your DNS server.  A sample BIND configuration snippit is at " + paths.named_conf + "\n");
 }
 
-/* Write out a DNS zone file, from the info in the current database */
-function provision_ldapbase(subobj, message, paths)
-{
-	var ok = provision_fix_subobj(subobj, paths);
-	assert(ok);
-
-	message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
-	var rdns = split(",", subobj.DOMAINDN);
-	subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
-
-	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-
-	sys.mkdir(paths.ldapdir, 0700);
-
-	setup_file("provision_basedn.ldif", 
-		   message, paths.ldap_basedn_ldif, 
-		   subobj);
-
-	setup_file("provision_configuration_basedn.ldif", 
-		   message, paths.ldap_config_basedn_ldif, 
-		   subobj);
-
-	setup_file("provision_schema_basedn.ldif", 
-		   message, paths.ldap_schema_basedn_ldif, 
-		   subobj);
-
-}
-
 
 /*
   guess reasonably default options for provisioning
@@ -1045,7 +1020,6 @@ function provision_guess()
 	subobj.CONFIGDN_MOD2 = ",objectguid";
 	subobj.SCHEMADN_MOD2 = ",objectguid";
 
-	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	subobj.ACI		= "# no aci for local ldb";
 
 	return subobj;
-- 
cgit 


From 8d36d43e5258aa80855a9baa707a9fcad77a0d03 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 18 Jan 2008 10:13:43 +1100
Subject: Add in a new module to handle instanceType

This code raided from the repl_meta_data module, which probably needs
to be downsized to just handling the replication data.

Andrew Bartlett
(This used to be commit 2a418f33705a792d9d16cf1d4aa3dcda467e6e04)
---
 source4/scripting/libjs/provision.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 381288417a..0cca49dec9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -1013,9 +1013,9 @@ function provision_guess()
 	subobj.DOMAINDN_LDB = "users.ldb";
 	subobj.CONFIGDN_LDB = "configuration.ldb";
 	subobj.SCHEMADN_LDB = "schema.ldb";
-	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
-	subobj.CONFIGDN_MOD = "naming_fsmo";
-	subobj.SCHEMADN_MOD = "schema_fsmo";
+	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
+	subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
+	subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
 	subobj.DOMAINDN_MOD2 = ",objectguid";
 	subobj.CONFIGDN_MOD2 = ",objectguid";
 	subobj.SCHEMADN_MOD2 = ",objectguid";
-- 
cgit 


From 08f94e2754a95b50fc421c18a07401d4fd141941 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 24 Jan 2008 11:26:21 +1100
Subject: Remove useless subs from the ejs provision

The less things we manually place into the templates, the easier the
conversion to python will be.

Andrew Bartlett
(This used to be commit f65e5c164476b80468aa19452b108db17c642f8b)
---
 source4/scripting/libjs/provision.js | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 0cca49dec9..175a1782ba 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -969,9 +969,6 @@ function provision_guess()
 	subobj.ADMINPASS    = randpass(12);
 	subobj.LDAPMANAGERPASS     = randpass(12);
 	subobj.DEFAULTSITE  = "Default-First-Site-Name";
-	subobj.NEWGUID      = randguid;
-	subobj.NTTIME       = nttime;
-	subobj.LDAPTIME     = ldaptime;
 	subobj.DATESTRING   = datestring;
 	subobj.ROOT         = findnss(nss.getpwnam, "root");
 	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
-- 
cgit 


From 1557e7b930b95fa5309390c46f72e14628447703 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 24 Jan 2008 11:33:37 +1100
Subject: Kill another sub that the modules will handle for us. (This used to
 be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8)

---
 source4/scripting/libjs/provision.js | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 175a1782ba..5c4ff6877f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -484,9 +484,6 @@ function provision_fix_subobj(subobj, paths)
 	subobj.ADMINPASS_B64   = ldb.encode(subobj.ADMINPASS);
 	subobj.DNSPASS_B64     = ldb.encode(subobj.DNSPASS);
 
-	var rdns = split(",", subobj.DOMAINDN);
-	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-
 	subobj.SAM_LDB		= "tdb://" + paths.samdb;
 	subobj.SECRETS_KEYTAB	= paths.keytab;
 	subobj.DNS_KEYTAB	= paths.dns_keytab;
-- 
cgit 


From a2d7a3b627842b70cfe2aa8318ce5b7353989261 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 24 Jan 2008 14:28:25 +1100
Subject: Use the repl_meta_data module by default.

This means that, except when we back onto LDAP, when it will be
replaced with the mapping backend, we will keep this codepath tested.

Andrew Bartlett
(This used to be commit e8fb5da5a18c1c3bd788b1ab3f814ffb847b00fd)
---
 source4/scripting/libjs/provision.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 5c4ff6877f..b782d948be 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -693,6 +693,8 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
 	samdb.set_domain_sid(subobj.DOMAINSID);
 
+	samdb.set_ntds_invocationId(subobj.INVOCATIONID);
+
 	var load_schema_ok = load_schema(subobj, message, samdb);
 	assert(load_schema_ok.is_ok);
 
@@ -1010,9 +1012,9 @@ function provision_guess()
 	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
 	subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
 	subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
-	subobj.DOMAINDN_MOD2 = ",objectguid";
-	subobj.CONFIGDN_MOD2 = ",objectguid";
-	subobj.SCHEMADN_MOD2 = ",objectguid";
+	subobj.DOMAINDN_MOD2 = ",repl_meta_data";
+	subobj.CONFIGDN_MOD2 = ",repl_meta_data";
+	subobj.SCHEMADN_MOD2 = ",repl_meta_data";
 
 	subobj.ACI		= "# no aci for local ldb";
 
-- 
cgit 


From 48e79659d1a81bb5a5dd3932f9e8f7c0b1a99947 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 24 Jan 2008 16:17:45 +1100
Subject: Make the repl_meta_data module the default for domain controllers.

Andrew Bartlett
(This used to be commit ae2ea1bd0cd2b326b09b372428969f2cf52ce519)
---
 source4/scripting/libjs/provision.js | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b782d948be..4cb717bde8 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -610,10 +610,21 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	var lp = loadparm_init();
 	var sys = sys_init();
 	var info = new Object();
+	random_init(local);
 
 	var ok = provision_fix_subobj(subobj, paths);
 	assert(ok);
 
+	if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
+		if (subobj.BACKEND_MOD == undefined) {
+			subobj.BACKEND_MOD = "repl_meta_data";
+		}
+	} else {
+		if (subobj.BACKEND_MOD == undefined) {
+			subobj.BACKEND_MOD = "objectguid";
+		}
+	}
+
 	if (subobj.DOMAINGUID != undefined) {
 		subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
 	} else {
@@ -693,7 +704,19 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 
 	samdb.set_domain_sid(subobj.DOMAINSID);
 
-	samdb.set_ntds_invocationId(subobj.INVOCATIONID);
+	if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
+		if (subobj.INVOCATIONID == undefined) {
+			subobj.INVOCATIONID = randguid();
+		}
+		samdb.set_ntds_invocationId(subobj.INVOCATIONID);
+		if (subobj.BACKEND_MOD == undefined) {
+			subobj.BACKEND_MOD = "repl_meta_data";
+		}
+	} else {
+		if (subobj.BACKEND_MOD == undefined) {
+			subobj.BACKEND_MOD = "objectguid";
+		}
+	}
 
 	var load_schema_ok = load_schema(subobj, message, samdb);
 	assert(load_schema_ok.is_ok);
@@ -960,7 +983,6 @@ function provision_guess()
 	subobj.VERSION      = version();
 	subobj.HOSTIP       = hostip();
 	subobj.DOMAINSID    = randsid();
-	subobj.INVOCATIONID = randguid();
 	subobj.POLICYGUID   = randguid();
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
@@ -1012,9 +1034,6 @@ function provision_guess()
 	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
 	subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
 	subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
-	subobj.DOMAINDN_MOD2 = ",repl_meta_data";
-	subobj.CONFIGDN_MOD2 = ",repl_meta_data";
-	subobj.SCHEMADN_MOD2 = ",repl_meta_data";
 
 	subobj.ACI		= "# no aci for local ldb";
 
-- 
cgit 


From 6e5c528f87dee7ec0b1fe1ab9c6f48cea32164bc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 24 Jan 2008 16:25:35 +1100
Subject: Ensure we set subobj.BACKEND_MOD for the 'partitions only' case.

Andrew Bartlett
(This used to be commit be5eb2da241452ccc0526f4f115aa44c0793c351)
---
 source4/scripting/libjs/provision.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 4cb717bde8..e71498010c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -524,6 +524,10 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	var ok = provision_fix_subobj(subobj, paths);
 	assert(ok);
 
+	if (subobj.BACKEND_MOD == undefined) {
+		subobj.BACKEND_MOD = "repl_meta_data";
+	}
+
 	info.subobj = subobj;
 	info.message = message;
 	info.session_info = session_info;
-- 
cgit 


From 176f32cc9755bfec73371a25955fe00ce8817041 Mon Sep 17 00:00:00 2001
From: Kai Blin <kai@samba.org>
Date: Mon, 11 Feb 2008 10:37:26 +0100
Subject: provision: Fix new user creation.

Spotted by nobody88 in IRC.
(This used to be commit 38d4e2407afb942de21379dc886f9e4c5532a2b9)
---
 source4/scripting/libjs/provision.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index e71498010c..dc9eae8e72 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -1124,7 +1124,7 @@ unixName: %s
 sambaPassword: %s
 objectClass: user
 ",
-			   user_dn, username, dom_users,
+			   user_dn, username,
 			   unixname, password);
 	/*
 	  add the user to the users group as well
@@ -1134,7 +1134,7 @@ dn: %s
 changetype: modify
 add: member
 member: %s
-", 
+",
 			       dom_users, user_dn);
 
 
-- 
cgit 


From 895874d9663ccb95883579d145018ec8a8add9c8 Mon Sep 17 00:00:00 2001
From: Kai Blin <kai@samba.org>
Date: Mon, 18 Feb 2008 14:33:58 +0100
Subject: idmap: Handle uid->SID mapping (This used to be commit
 6ac6de8476ba036eb041e054bc37e4503dc2fde8)

---
 source4/scripting/libjs/provision.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index dc9eae8e72..3ba93debf9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -389,6 +389,7 @@ function provision_default_paths(subobj)
 	paths.smbconf = lp.filename()
 	paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
 	paths.samdb = lp.get("sam database");
+	paths.idmapdb = lp.get("idmap database");
 	paths.secrets = lp.get("secrets database");
 	paths.templates = lp.get("private dir") + "/" + "templates.ldb";
 	paths.keytab = "secrets.keytab";
@@ -679,6 +680,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up templates into " + paths.templates + "\n");
 	setup_ldb("provision_templates.ldif", info, paths.templates);
 
+	message("Setting up " + paths.idmapdb +"\n");
+	setup_ldb("idmap_init.ldif", info, paths.idmapdb);
+
 	message("Setting up sam.ldb partitions\n");
 	/* Also wipes the database */
 	setup_ldb("provision_partitions.ldif", info, paths.samdb);
-- 
cgit 


From b2c6ba69a453aaa7cbabb7be7b8c2a05b48a76c4 Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew@sprocks.gotdns.com>
Date: Thu, 27 Mar 2008 16:30:18 -0500
Subject: provision: Increase max NetBIOS name length from 13 to 15.

Issue originally reported by user Julsa-FR on IRC.
(This used to be commit ee9ad77009ef5e36655a49c41730a4a963ba9d43)
---
 source4/scripting/libjs/provision.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 3ba93debf9..86baa0c003 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -1174,7 +1174,7 @@ member: %s
 // crh has a paragraph on this in his book (1.4.1.1)
 function valid_netbios_name(name)
 {
-	if (strlen(name) > 13) return false;
+	if (strlen(name) > 15) return false;
 	return true;
 }
 
-- 
cgit 


From 8f8c56bfbcbfe8f80afb09eb1d481a108b252bee Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew@sprocks.gotdns.com>
Date: Fri, 28 Mar 2008 01:08:49 -0500
Subject: Convert some more files to GPLv3. (This used to be commit
 ebe5e8399422eb7e2ff4deb546338823e2718907)

---
 source4/scripting/libjs/auth.js        | 2 +-
 source4/scripting/libjs/base.js        | 2 +-
 source4/scripting/libjs/encoder.js     | 2 +-
 source4/scripting/libjs/management.js  | 2 +-
 source4/scripting/libjs/provision.js   | 2 +-
 source4/scripting/libjs/samr.js        | 2 +-
 source4/scripting/libjs/server_call.js | 2 +-
 source4/scripting/libjs/winreg.js      | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/auth.js b/source4/scripting/libjs/auth.js
index 73d8645218..3fe81d0ea7 100644
--- a/source4/scripting/libjs/auth.js
+++ b/source4/scripting/libjs/auth.js
@@ -1,7 +1,7 @@
 /*
 	auth js library functions
 	Copyright Andrew Tridgell 2005
-	released under the GNU GPL v2 or later
+	released under the GNU GPL version 3 or later
 */
 
 
diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index df0bfe0ce9..d861073a07 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -1,7 +1,7 @@
 /*
 	base js library functions
 	Copyright Andrew Tridgell 2005
-	released under the GNU GPL v2 or later
+	released under the GNU GPL version 3 or later
 */
 
 if (global["HAVE_BASE_JS"] != undefined) {
diff --git a/source4/scripting/libjs/encoder.js b/source4/scripting/libjs/encoder.js
index d96b859547..6cb780c00d 100644
--- a/source4/scripting/libjs/encoder.js
+++ b/source4/scripting/libjs/encoder.js
@@ -2,7 +2,7 @@
 	server side js functions for encoding/decoding objects into linear strings
 
 	Copyright Andrew Tridgell 2005
-	released under the GNU GPL Version 2 or later
+	released under the GNU GPL Version 3 or later
 */
 /*
 	usage:
diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
index e54b5e283b..4a43275156 100644
--- a/source4/scripting/libjs/management.js
+++ b/source4/scripting/libjs/management.js
@@ -1,7 +1,7 @@
 /*
 	backend code for Samba4 management
 	Copyright Andrew Tridgell 2005
-	Released under the GNU GPL v2 or later
+	Released under the GNU GPL version 3 or later
 */
 
 
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 86baa0c003..51e2785762 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -1,7 +1,7 @@
 /*
 	backend code for provisioning a Samba4 server
 	Copyright Andrew Tridgell 2005
-	Released under the GNU GPL v2 or later
+	Released under the GNU GPL version 3 or later
 */
 
 sys = sys_init();
diff --git a/source4/scripting/libjs/samr.js b/source4/scripting/libjs/samr.js
index a7d7d964fb..6e8c70af3c 100644
--- a/source4/scripting/libjs/samr.js
+++ b/source4/scripting/libjs/samr.js
@@ -1,7 +1,7 @@
 /*
 	samr rpc utility functions 
 	Copyright Andrew Tridgell 2005
-	released under the GNU GPL v2 or later
+	released under the GNU GPL version 3 or later
 */	
 
 if (global["HAVE_SAMR_JS"] != undefined) {
diff --git a/source4/scripting/libjs/server_call.js b/source4/scripting/libjs/server_call.js
index a8c08780f9..46414a90dd 100644
--- a/source4/scripting/libjs/server_call.js
+++ b/source4/scripting/libjs/server_call.js
@@ -2,7 +2,7 @@
 	server side js functions for handling async calls from js clients
 
 	Copyright Andrew Tridgell 2005
-	released under the GNU GPL Version 2 or later
+	released under the GNU GPL Version 3 or later
 */
 
 libinclude("encoder.js");
diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
index 29338abc5a..9db415694d 100644
--- a/source4/scripting/libjs/winreg.js
+++ b/source4/scripting/libjs/winreg.js
@@ -1,7 +1,7 @@
 /*
 	winreg rpc utility functions 
 	Copyright Andrew Tridgell 2005
-	released under the GNU GPL v2 or later
+	released under the GNU GPL version 3 or later
 */	
 
 libinclude("base.js");
-- 
cgit 


From af683666d6d46169aadef4ea3bf7b430de3021f8 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 11 May 2008 15:15:27 +0200
Subject: Remove obsolete provisioning library. (This used to be commit
 f123190fb49302968a231639848023a72dfdf2bc)

---
 source4/scripting/libjs/provision.js | 1254 ----------------------------------
 1 file changed, 1254 deletions(-)
 delete mode 100644 source4/scripting/libjs/provision.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
deleted file mode 100644
index 51e2785762..0000000000
--- a/source4/scripting/libjs/provision.js
+++ /dev/null
@@ -1,1254 +0,0 @@
-/*
-	backend code for provisioning a Samba4 server
-	Copyright Andrew Tridgell 2005
-	Released under the GNU GPL version 3 or later
-*/
-
-sys = sys_init();
-
-/*
-  return true if the current install seems to be OK
-*/
-function install_ok(session_info, credentials)
-{
-	var lp = loadparm_init();
-	var ldb = ldb_init();
-	ldb.session_info = session_info;
-	ldb.credentials = credentials;
-	if (lp.get("realm") == "") {
-		return false;
-	}
-	var ok = ldb.connect(lp.get("sam database"));
-	if (!ok) {
-		return false;
-	}
-	var res = ldb.search("(cn=Administrator)");
-	if (res.error != 0 || res.msgs.length != 1) {
-		return false;
-	}
-	return true;
-}
-
-/*
-  find a user or group from a list of possibilities
-*/
-function findnss()
-{
-	var i;
-	assert(arguments.length >= 2);
-	var nssfn = arguments[0];
-	for (i=1;i<arguments.length;i++) {
-		if (nssfn(arguments[i]) != undefined) {
-			return arguments[i];
-		}
-	}
-	printf("Unable to find user/group for %s\n", arguments[1]);
-	assert(i<arguments.length);
-}
-
-/*
-   add a foreign security principle
- */
-function add_foreign(ldb, subobj, sid, desc)
-{
-	var add = sprintf("
-dn: CN=%s,CN=ForeignSecurityPrincipals,%s
-objectClass: top
-objectClass: foreignSecurityPrincipal
-description: %s
-",
-			  sid, subobj.DOMAINDN, desc);
-	/* deliberately ignore errors from this, as the records may
-	   already exist */
-	ldb.add(add);
-}
-
-
-/*
-  setup a mapping between a sam name and a unix name
- */
-function setup_name_mapping(info, ldb, sid, unixname)
-{
-	var attrs = new Array("dn");
-	var res = ldb.search(sprintf("objectSid=%s", sid), 
-			     info.subobj.DOMAINDN, ldb.SCOPE_SUBTREE, attrs);
-	if (res.error != 0 || res.msgs.length != 1) {
-		info.message("Failed to find record for objectSid %s\n", sid);
-		return false;
-	}
-	var mod = sprintf("
-dn: %s
-changetype: modify
-replace: unixName
-unixName: %s
-",
-			  res.msgs[0].dn, unixname);
-	var ok = ldb.modify(mod);
-	if (ok.error != 0) {
-		info.message("name mapping for %s failed - %s\n",
-			     sid, ldb.errstring());
-		return false;
-	}
-	return true;
-}
-
-/*
-  return current time as a nt time string
-*/
-function nttime()
-{
-	return "" + sys.nttime();
-}
-
-/*
-  return current time as a ldap time string
-*/
-function ldaptime()
-{
-	return sys.ldaptime(sys.nttime());
-}
-
-/*
-  return a date string suitable for a dns zone serial number
-*/
-function datestring()
-{
-	var t = sys.ntgmtime(sys.nttime());
-	return sprintf("%04u%02u%02u%02u",
-		       t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
-}
-
-/*
-  return first host IP
-*/
-function hostip()
-{
-	var list = sys.interfaces();
-	return list[0];
-}
-
-
-/*
-  return first part of hostname
-*/
-function hostname()
-{
-	var s = split(".", sys.hostname());
-	return s[0];
-}
-
-/* the ldb is in bad shape, possibly due to being built from an
-   incompatible previous version of the code, so delete it
-   completely */
-function ldb_delete(info, ldb)
-{
-	info.message("Deleting " + ldb.filename + "\n");
-	var lp = loadparm_init();
-	sys.unlink(sprintf("%s/%s", lp.get("private dir"), ldb.filename));
-	ldb.transaction_cancel();
-	ldb.close();
-	var ok = ldb.connect(ldb.filename);
-	ldb.transaction_start();
-	assert(ok);
-}
-
-/*
-  erase an ldb, removing all records
-*/
-function ldb_erase(info, ldb)
-{
-	var res;
-
-	/* delete the specials */
-	ldb.del("@INDEXLIST");
-	ldb.del("@ATTRIBUTES");
-	ldb.del("@OPTIONS");
-	ldb.del("@MODULES");
-	ldb.del("@PARTITION");
-	ldb.del("@KLUDGEACL");
-
-	/* and the rest */
-	attrs = new Array("dn");
-     	var basedn = "";
-     	var res = ldb.search("(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
-	var i;
-	if (res.error != 0) {
-		ldb_delete(info, ldb);
-		return;
-	}
-	for (i=0;i<res.msgs.length;i++) {
-		ldb.del(res.msgs[i].dn);
-	}
-
-     	var res = ldb.search("(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
-	if (res.error != 0 || res.msgs.length != 0) {
-		ldb_delete(info, ldb);
-		return;
-	}
-	assert(res.msgs.length == 0);
-}
-
-/*
-  erase an ldb, removing all records
-*/
-function ldb_erase_partitions(info, ldb, ldapbackend)
-{
-	var rootDSE_attrs = new Array("namingContexts");
-	var lp = loadparm_init();
-	var j;
-
-	var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
-	if (res.error != 0) {
-		info.message("rootdse search failed: " + res.errstr + "\n");
-		assert(res.error == 0);
-	}
-	assert(res.msgs.length == 1);
-	if (typeof(res.msgs[0].namingContexts) == "undefined") {
-		return;
-	}	
-	for (j=0; j<res.msgs[0].namingContexts.length; j++) {
-		var anything = "(|(objectclass=*)(distinguishedName=*))";
-		var attrs = new Array("distinguishedName");
-		var basedn = res.msgs[0].namingContexts[j];
-		var k;
-		var previous_remaining = 1;
-		var current_remaining = 0;
-
-		if (ldapbackend && (basedn == info.subobj.DOMAINDN)) {
-			/* Only delete objects that were created by provision */
-			anything = "(objectcategory=*)";
-		}
-
-		for (k=0; k < 10 && (previous_remaining != current_remaining); k++) {
-			/* and the rest */
-			var res2 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
-			var i;
-			if (res2.error != 0) {
-				if (res2.error == 32) {
-					break;
-				} else {
-					info.message("ldb search(2) failed: " + res2.errstr + "\n");
-					continue;
-				}
-			}
-			previous_remaining = current_remaining;
-			current_remaining = res2.msgs.length;
-			for (i=0;i<res2.msgs.length;i++) {
-				ldb.del(res2.msgs[i].dn);
-			}
-			
-			var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
-			if (res3.error != 0) {
-				info.message("ldb search(3) failed: " + res3.errstr + "\n");
-				continue;
-			}
-			if (res3.msgs.length != 0) {
-				info.message("Failed to delete all records under " + basedn + ", " + res3.msgs.length + " records remaining\n");
-			}
-		}
-	}
-}
-
-function open_ldb(info, dbname, erase)
-{
-	var ldb = ldb_init();
-	ldb.session_info = info.session_info;
-	ldb.credentials = info.credentials;
-	ldb.filename = dbname;
-
-	var connect_ok = ldb.connect(dbname);
-	if (!connect_ok) {
-		var lp = loadparm_init();
-		sys.unlink(sprintf("%s/%s", lp.get("private dir"), dbname));
-		connect_ok = ldb.connect(dbname);
-		assert(connect_ok);
-	}
-
-	ldb.transaction_start();
-
-	if (erase) {
-		ldb_erase(info, ldb);	
-	}
-	return ldb;
-}
-
-
-/*
-  setup a ldb in the private dir
- */
-function setup_add_ldif(ldif, info, ldb, failok)
-{
-	var lp = loadparm_init();
-	var src = lp.get("setup directory") + "/" + ldif;
-
-	var data = sys.file_load(src);
-	data = substitute_var(data, info.subobj);
-
-	var add_res = ldb.add(data);
-	if (add_res.error != 0) {
-		info.message("ldb load failed: " + add_res.errstr + "\n");
-		if (!failok) {
-			assert(add_res.error == 0);
-	        }
-	}
-	return (add_res.error == 0);
-}
-
-function setup_modify_ldif(ldif, info, ldb, failok)
-{
-	var lp = loadparm_init();
-	var src = lp.get("setup directory") + "/" + ldif;
-
-	var data = sys.file_load(src);
-	data = substitute_var(data, info.subobj);
-
-	var mod_res = ldb.modify(data);
-	if (mod_res.error != 0) {
-		info.message("ldb load failed: " + mod_res.errstr + "\n");
-		if (!failok) {
-			assert(mod_res.error == 0);
-	        }
-	}
-	return (mod_res.error == 0);
-}
-
-
-function setup_ldb(ldif, info, dbname) 
-{
-	var erase = true;
-	var failok = false;
-
-	if (arguments.length >= 4) {
-	        erase = arguments[3];
-        }
-	if (arguments.length == 5) {
-	        failok = arguments[4];
-        }
-	var ldb = open_ldb(info, dbname, erase);
-	if (setup_add_ldif(ldif, info, ldb, failok)) {
-		var commit_ok = ldb.transaction_commit();
-		if (!commit_ok) {
-			info.message("ldb commit failed: " + ldb.errstring() + "\n");
-			assert(commit_ok);
-		}
-	}
-}
-
-/*
-  setup a ldb in the private dir
- */
-function setup_ldb_modify(ldif, info, ldb)
-{
-	var lp = loadparm_init();
-
-	var src = lp.get("setup directory") + "/" + ldif;
-
-	var data = sys.file_load(src);
-	data = substitute_var(data, info.subobj);
-
-	var mod_res = ldb.modify(data);
-	if (mod_res.error != 0) {
-		info.message("ldb load failed: " + mod_res.errstr + "\n");
-		return (mod_res.error == 0);
-	}
-	return (mod_res.error == 0);
-}
-
-/*
-  setup a file in the private dir
- */
-function setup_file(template, message, fname, subobj)
-{
-	var lp = loadparm_init();
-	var f = fname;
-	var src = lp.get("setup directory") + "/" + template;
-
-	if (! sys.stat(src)) {
-		message("Template file not found: %s\n",src);
-		assert(0);
-	}
-
-	sys.unlink(f);
-
-	var data = sys.file_load(src);
-	data = substitute_var(data, subobj);
-
-	ok = sys.file_save(f, data);
-	if (!ok) {
-		message("failed to create file: " + f + "\n");
-		assert(ok);
-	}
-}
-
-function provision_default_paths(subobj)
-{
-	/* subobj.DNSDOMAIN isn't available at this point */
-	var dnsdomain = strlower(subobj.REALM);
-	var lp = loadparm_init();
-	var paths = new Object();
-	paths.smbconf = lp.filename()
-	paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
-	paths.samdb = lp.get("sam database");
-	paths.idmapdb = lp.get("idmap database");
-	paths.secrets = lp.get("secrets database");
-	paths.templates = lp.get("private dir") + "/" + "templates.ldb";
-	paths.keytab = "secrets.keytab";
-	paths.dns_keytab = "dns.keytab";
-	paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab;
-	paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
-	paths.named_conf = lp.get("private dir") + "/named.conf";
-	paths.winsdb = "wins.ldb";
-	paths.ldapdir = lp.get("private dir") + "/ldap";
-
-	paths.s4_ldapi_socket = lp.get("private dir") + "/ldapi";
-	paths.phpldapadminconfig = lp.get("private dir") + "/phpldapadmin-config.php";
-
-	paths.sysvol = lp.get("sysvol", "path");
-
-	if (paths.sysvol == undefined) {
-		paths.sysvol = lp.get("lock dir") + "/sysvol";
-	}
-	
-	paths.netlogon = lp.get("netlogon", "path");
-	
-	if (paths.netlogon == undefined) {
-		paths.netlogon = paths.sysvol + "/" + dnsdomain + "/scripts";
-	}
-
-	return paths;
-}
-
-
-/*
-  setup reasonable name mappings for sam names to unix names
-*/
-function setup_name_mappings(info, ldb)
-{
-	var lp = loadparm_init();
-	var attrs = new Array("objectSid");
-	var subobj = info.subobj;
-
-	res = ldb.search("objectSid=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
-	assert(res.error == 0);
-	assert(res.msgs.length == 1 && res.msgs[0].objectSid != undefined);
-	var sid = res.msgs[0].objectSid;
-
-	/* add some foreign sids if they are not present already */
-	add_foreign(ldb, subobj, "S-1-5-7",  "Anonymous");
-	add_foreign(ldb, subobj, "S-1-1-0",  "World");
-	add_foreign(ldb, subobj, "S-1-5-2",  "Network");
-	add_foreign(ldb, subobj, "S-1-5-18", "System");
-	add_foreign(ldb, subobj, "S-1-5-11", "Authenticated Users");
-
-	/* some well known sids */
-	setup_name_mapping(info, ldb, "S-1-5-7",  subobj.NOBODY);
-	setup_name_mapping(info, ldb, "S-1-1-0",  subobj.NOGROUP);
-	setup_name_mapping(info, ldb, "S-1-5-2",  subobj.NOGROUP);
-	setup_name_mapping(info, ldb, "S-1-5-18", subobj.ROOT);
-	setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
-	setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
-	setup_name_mapping(info, ldb, "S-1-5-32-545", subobj.USERS);
-	setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
-	setup_name_mapping(info, ldb, "S-1-5-32-551", subobj.BACKUP);
-
-	/* and some well known domain rids */
-	setup_name_mapping(info, ldb, sid + "-500", subobj.ROOT);
-	setup_name_mapping(info, ldb, sid + "-518", subobj.WHEEL);
-	setup_name_mapping(info, ldb, sid + "-519", subobj.WHEEL);
-	setup_name_mapping(info, ldb, sid + "-512", subobj.WHEEL);
-	setup_name_mapping(info, ldb, sid + "-513", subobj.USERS);
-	setup_name_mapping(info, ldb, sid + "-520", subobj.WHEEL);
-
-	return true;
-}
-
-function provision_fix_subobj(subobj, paths)
-{
-	var ldb = ldb_init();
-	
-	subobj.REALM       = strupper(subobj.REALM);
-	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
-	subobj.DOMAIN      = strupper(subobj.DOMAIN);
-	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
-	subobj.DNSDOMAIN    = strlower(subobj.REALM);
-	subobj.DNSNAME      = sprintf("%s.%s", 
-				      strlower(subobj.HOSTNAME), 
-				      subobj.DNSDOMAIN);
-	var rdn_list = split(".", subobj.DNSDOMAIN);
-	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
-	subobj.ROOTDN       = subobj.DOMAINDN;
-	subobj.CONFIGDN     = "CN=Configuration," + subobj.ROOTDN;
-	subobj.SCHEMADN     = "CN=Schema," + subobj.CONFIGDN;
-
-	subobj.MACHINEPASS_B64 = ldb.encode(subobj.MACHINEPASS);
-	subobj.KRBTGTPASS_B64  = ldb.encode(subobj.KRBTGTPASS);
-	subobj.ADMINPASS_B64   = ldb.encode(subobj.ADMINPASS);
-	subobj.DNSPASS_B64     = ldb.encode(subobj.DNSPASS);
-
-	subobj.SAM_LDB		= "tdb://" + paths.samdb;
-	subobj.SECRETS_KEYTAB	= paths.keytab;
-	subobj.DNS_KEYTAB	= paths.dns_keytab;
-	subobj.DNS_KEYTAB_ABS	= paths.dns_keytab_abs;
-
-	subobj.LDAPDIR = paths.ldapdir;
-	var ldap_path_list = split("/", paths.ldapdir);
-	subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
-
-	var s4ldap_path_list = split("/", paths.s4_ldapi_socket);
-	subobj.S4_LDAPI_URI = "ldapi://" + join("%2F", s4ldap_path_list);
-
-	subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
-
-	subobj.NETLOGONPATH = paths.netlogon;
-	subobj.SYSVOLPATH = paths.sysvol;
-
-	if (subobj.DOMAIN_CONF == undefined) {
-		subobj.DOMAIN_CONF = subobj.DOMAIN;
-	}
-	if (subobj.REALM_CONF == undefined) {
-		subobj.REALM_CONF = subobj.REALM;
-	}
-	if (strlower(subobj.SERVERROLE) != strlower("domain controller")) {
-		subobj.REALM = subobj.HOSTNAME;
-		subobj.DOMAIN = subobj.HOSTNAME;
-	}
-
-	return true;
-}
-
-function provision_become_dc(subobj, message, erase, paths, session_info)
-{
-	var lp = loadparm_init();
-	var sys = sys_init();
-	var info = new Object();
-
-	var ok = provision_fix_subobj(subobj, paths);
-	assert(ok);
-
-	if (subobj.BACKEND_MOD == undefined) {
-		subobj.BACKEND_MOD = "repl_meta_data";
-	}
-
-	info.subobj = subobj;
-	info.message = message;
-	info.session_info = session_info;
-
-	message("Setting up templates into " + paths.templates + "\n");
-	setup_ldb("provision_templates.ldif", info, paths.templates);
-
-	/* Also wipes the database */
-	message("Setting up " + paths.samdb + " partitions\n");
-	setup_ldb("provision_partitions.ldif", info, paths.samdb);
-
-	var samdb = open_ldb(info, paths.samdb, false);
-
-	message("Setting up " + paths.samdb + " attributes\n");
-	setup_add_ldif("provision_init.ldif", info, samdb, false);
-
-	message("Setting up " + paths.samdb + " rootDSE\n");
-	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
-
-	if (erase) {
-		message("Erasing data from partitions\n");
-		ldb_erase_partitions(info, samdb, undefined);
-	}
-
-	message("Setting up " + paths.samdb + " indexes\n");
-	setup_add_ldif("provision_index.ldif", info, samdb, false);
-
-	ok = samdb.transaction_commit();
-	assert(ok);
-
-	message("Setting up " + paths.secrets + "\n");
-	setup_ldb("secrets_init.ldif", info, paths.secrets);
-
-	setup_ldb("secrets.ldif", info, paths.secrets, false);
-
-	setup_ldb("secrets_dc.ldif", info, paths.secrets, false);
-
-	return true;
-}
-
-function load_schema(subobj, message, samdb)
-{
-	var lp = loadparm_init();
-	var src = lp.get("setup directory") + "/" + "schema.ldif";
-
-	if (! sys.stat(src)) {
-		message("Template file not found: %s\n",src);
-		assert(0);
-	}
-
-	var schema_data = sys.file_load(src);
-
-	src = lp.get("setup directory") + "/" + "schema_samba4.ldif";
-
-	if (! sys.stat(src)) {
-		message("Template file not found: %s\n",src);
-		assert(0);
-	}
-
-	schema_data = schema_data + sys.file_load(src);
-
-	schema_data = substitute_var(schema_data, subobj);
-
-	src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif";
-
-	if (! sys.stat(src)) {
-		message("Template file not found: %s\n",src);
-		assert(0);
-	}
-
-	var head_data = sys.file_load(src);
-	head_data = substitute_var(head_data, subobj);
-
-	var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data);
-	return ok;
-}
-
-
-/*
-  provision samba4 - caution, this wipes all existing data!
-*/
-function provision(subobj, message, blank, paths, session_info, credentials, ldapbackend)
-{
-	var lp = loadparm_init();
-	var sys = sys_init();
-	var info = new Object();
-	random_init(local);
-
-	var ok = provision_fix_subobj(subobj, paths);
-	assert(ok);
-
-	if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
-		if (subobj.BACKEND_MOD == undefined) {
-			subobj.BACKEND_MOD = "repl_meta_data";
-		}
-	} else {
-		if (subobj.BACKEND_MOD == undefined) {
-			subobj.BACKEND_MOD = "objectguid";
-		}
-	}
-
-	if (subobj.DOMAINGUID != undefined) {
-		subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
-	} else {
-		subobj.DOMAINGUID_MOD = "";
-	}
-
-	if (subobj.HOSTGUID != undefined) {
-		subobj.HOSTGUID_ADD = sprintf("objectGUID: %s", subobj.HOSTGUID);
-	} else {
-		subobj.HOSTGUID_ADD = "";
-	}
-
-	info.subobj = subobj;
-	info.message = message;
-	info.credentials = credentials;
-	info.session_info = session_info;
-
-	/* only install a new smb.conf if there isn't one there already */
-	var st = sys.stat(paths.smbconf);
-	if (st == undefined) {
-		var smbconfsuffix;
-		if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
-			smbconfsuffix = "dc";
-		} else if (strlower(subobj.SERVERROLE) == strlower("member server")) {
-			smbconfsuffix = "member";
-		} else {
-			smbconfsuffix = subobj.SERVERROLE;
-		}
-		message("Setting up " + paths.smbconf +"\n");
-		setup_file("provision.smb.conf." + smbconfsuffix, info.message, paths.smbconf, subobj);
-		lp.reload();
-	}
-	/* only install a new shares config db if there is none */
-	st = sys.stat(paths.shareconf);
-	if (st == undefined) {
-		message("Setting up share.ldb\n");
-		setup_ldb("share.ldif", info, paths.shareconf);
-	}
-
-	message("Setting up " + paths.secrets + "\n");
-	setup_ldb("secrets_init.ldif", info, paths.secrets);
-	setup_ldb("secrets.ldif", info, paths.secrets, false);
-
-	message("Setting up the registry\n");
-	var reg = reg_open();
-	reg.apply_patchfile(lp.get("setup directory") + "/provision.reg")
-
-	message("Setting up templates into " + paths.templates + "\n");
-	setup_ldb("provision_templates.ldif", info, paths.templates);
-
-	message("Setting up " + paths.idmapdb +"\n");
-	setup_ldb("idmap_init.ldif", info, paths.idmapdb);
-
-	message("Setting up sam.ldb partitions\n");
-	/* Also wipes the database */
-	setup_ldb("provision_partitions.ldif", info, paths.samdb);
-
-	var samdb = open_ldb(info, paths.samdb, false);
-
-	message("Setting up sam.ldb attributes\n");
-	setup_add_ldif("provision_init.ldif", info, samdb, false);
-
-	message("Setting up sam.ldb rootDSE\n");
-	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
-
-	message("Erasing data from partitions\n");
-	ldb_erase_partitions(info, samdb, ldapbackend);
-	
-	// (hack) Reload, now we have the partitions and rootdse loaded.  
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-	samdb.close();
-
-	message("Pre-loading the Samba4 and AD schema\n");
-	
-	samdb = open_ldb(info, paths.samdb, false);
-
-	samdb.set_domain_sid(subobj.DOMAINSID);
-
-	if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
-		if (subobj.INVOCATIONID == undefined) {
-			subobj.INVOCATIONID = randguid();
-		}
-		samdb.set_ntds_invocationId(subobj.INVOCATIONID);
-		if (subobj.BACKEND_MOD == undefined) {
-			subobj.BACKEND_MOD = "repl_meta_data";
-		}
-	} else {
-		if (subobj.BACKEND_MOD == undefined) {
-			subobj.BACKEND_MOD = "objectguid";
-		}
-	}
-
-	var load_schema_ok = load_schema(subobj, message, samdb);
-	assert(load_schema_ok.is_ok);
-
-	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
-	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
-	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
-	var modify_basedn_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
-	if (!modify_basedn_ok) {
-		if (!add_ok) {
-			message("%s", "Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
-			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
-		};
-		assert(modify_basedn_ok);
-	};
-
-	message("Adding configuration container (permitted to fail)\n");
-	var add_config_ok = setup_add_ldif("provision_configuration_basedn.ldif", info, samdb, true);
-	message("Modifying configuration container\n");
-	var modify_config_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
-	if (!modify_config_ok) {
-		if (!add_config_ok) {
-			message("%s", "Failed to both add and modify " + subobj.CONFIGDN + " in target " + subobj.CONFIGDN_LDB + ": " + samdb.errstring() + "\n");
-			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
-		}
-		assert(modify_config_ok);
-	}
-
-	message("Adding schema container (permitted to fail)\n");
-	var add_schema_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
-	message("Modifying schema container\n");
-	var modify_schema_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
-	if (!modify_schema_ok) {
-		if (!add_schema_ok) {
-			message("%s", "Failed to both add and modify " + subobj.SCHEMADN + " in target " + subobj.SCHEMADN_LDB + ": " + samdb.errstring() + "\n");
-			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
-		}
-		message("Failed to modify the schema container: " + samdb.errstring() + "\n");
-		assert(modify_schema_ok);
-	}
-
-	message("Setting up sam.ldb Samba4 schema\n");
-	setup_add_ldif("schema_samba4.ldif", info, samdb, false);
-	message("Setting up sam.ldb AD schema\n");
-	setup_add_ldif("schema.ldif", info, samdb, false);
-
-	message("Setting up sam.ldb configuration data\n");
-	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
-
-	message("Setting up display specifiers\n");
-	setup_add_ldif("display_specifiers.ldif", info, samdb, false);
-
-	message("Adding users container (permitted to fail)\n");
-	var add_users_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
-	message("Modifying users container\n");
-	var modify_users_ok = setup_ldb_modify("provision_users_modify.ldif", info, samdb);
-	if (!modify_users_ok) {
-		if (!add_users_ok) {
-			message("Failed to both add and modify the users container\n");
-		}
-		assert(modify_users_ok);
-	}
-	message("Adding computers container (permitted to fail)\n");
-	var add_computers_ok = setup_add_ldif("provision_computers_add.ldif", info, samdb, true);
-	message("Modifying computers container\n");
-	var modify_computers_ok = setup_ldb_modify("provision_computers_modify.ldif", info, samdb);
-	if (!modify_computers_ok) {
-		if (!add_computers_ok) {
-			message("Failed to both add and modify the computers container\n");
-		}
-		assert(modify_computers_ok);
-	}
-
-	message("Setting up sam.ldb data\n");
-	setup_add_ldif("provision.ldif", info, samdb, false);
-
-	if (blank != false) {
-		message("Setting up sam.ldb index\n");
-		setup_add_ldif("provision_index.ldif", info, samdb, false);
-
-		message("Setting up sam.ldb rootDSE marking as syncronized\n");
-		setup_modify_ldif("provision_rootdse_modify.ldif", info, samdb, false);
-
-		var commit_ok = samdb.transaction_commit();
-		if (!commit_ok) {
-			info.message("ldb commit failed: " + samdb.errstring() + "\n");
-			assert(commit_ok);
-		}
-		return true;
-	}
-
-//	message("Activate schema module");
-//	setup_modify_ldif("schema_activation.ldif", info, samdb, false);
-//
-//	// (hack) Reload, now we have the schema loaded.  
-//	var commit_ok = samdb.transaction_commit();
-//	if (!commit_ok) {
-//		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-//		assert(commit_ok);
-//	}
-//	samdb.close();
-//
-//	samdb = open_ldb(info, paths.samdb, false);
-//
-	message("Setting up sam.ldb users and groups\n");
-	setup_add_ldif("provision_users.ldif", info, samdb, false);
-
-	if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
-		message("Setting up self join\n");
-		setup_add_ldif("provision_self_join.ldif", info, samdb, false);
-		setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
-
-		sys.mkdir(paths.sysvol, 0755);
-		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN, 0755);
-		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies", 0755);
-		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}", 0755);
-		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/Machine", 0755);
-		sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755);
-
-		sys.mkdir(paths.netlogon, 0755);
-
-		setup_ldb("secrets_dc.ldif", info, paths.secrets, false);
-
-	}
-
-	if (setup_name_mappings(info, samdb) == false) {
-		return false;
-	}
-
-	message("Setting up sam.ldb index\n");
-	setup_add_ldif("provision_index.ldif", info, samdb, false);
-
-	message("Setting up sam.ldb rootDSE marking as syncronized\n");
-	setup_modify_ldif("provision_rootdse_modify.ldif", info, samdb, false);
-
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-
-	message("Setting up phpLDAPadmin configuration\n");
-	setup_file("phpldapadmin-config.php", info.message, paths.phpldapadminconfig, subobj);
-	message("Please install the phpLDAPadmin configuration located at " + paths.phpldapadminconfig + " into /etc/phpldapadmin/config.php\n");
-
-	return true;
-}
-
-/*
-  provision just the schema into a temporary ldb, so we can run ad2oLschema on it
-*/
-function provision_schema(subobj, message, tmp_schema_path, paths)
-{
-	var lp = loadparm_init();
-	var sys = sys_init();
-	var info = new Object();
-
-	var ok = provision_fix_subobj(subobj, paths);
-	assert(ok);
-
-	info.subobj = subobj;
-	info.message = message;
-
-	message("Setting up sam.ldb partitions\n");
-
-	/* This will erase anything in the tmp db */
-	var samdb = open_ldb(info, tmp_schema_path, true);
-
-	message("Setting up sam.ldb attributes\n");
-	setup_add_ldif("provision_init.ldif", info, samdb, false);
-
-	message("Setting up sam.ldb rootDSE\n");
-	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
-
-	message("Adding schema container (permitted to fail)\n");
-	var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
-	message("Modifying schema container\n");
-	var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
-	if (!modify_ok) {
-		if (!add_ok) {
-			message("Failed to both add and modify schema dn: " + samdb.errstring() + "\n");
-			message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n"); 
-			assert(modify_ok);
-		}
-		message("Failed to modify the schema container: " + samdb.errstring() + "\n");
-		assert(modify_ok);
-	}
-
-	message("Setting up sam.ldb Samba4 schema\n");
-	setup_add_ldif("schema_samba4.ldif", info, samdb, false);
-	message("Setting up sam.ldb AD schema\n");
-	setup_add_ldif("schema.ldif", info, samdb, false);
-
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-	samdb.close();
-}
-
-/* Write out a DNS zone file, from the info in the current database */
-function provision_dns(subobj, message, paths, session_info, credentials)
-{
-	var lp = loadparm_init();
-	if (strlower(subobj.SERVERROLE) != strlower("domain controller")) {
-		message("No DNS zone required for role %s\n", subobj.SERVERROLE);
-		return;
-	}
-	message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
-	var ldb = ldb_init();
-	ldb.session_info = session_info;
-	ldb.credentials = credentials;
-
-	/* connect to the sam */
-	var ok = ldb.connect(paths.samdb);
-	assert(ok);
-
-	/* These values may have changed, due to an incoming SamSync,
-           or may not have been specified, so fetch them from the database */
-
-	var attrs = new Array("objectGUID");
-	res = ldb.search("objectGUID=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
-	assert(res.error == 0);
-	assert(res.msgs.length == 1);
-	assert(res.msgs[0].objectGUID != undefined);
-	subobj.DOMAINGUID = res.msgs[0].objectGUID;
-
-	subobj.HOSTGUID = searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
-	assert(subobj.HOSTGUID != undefined);
-
-	setup_file("provision.zone", 
-		   message, paths.dns, 
-		   subobj);
-
-	setup_file("named.conf", 
-		   message, paths.named_conf, 
-		   subobj);
-
-	message("Please install the zone located in " + paths.dns + " into your DNS server.  A sample BIND configuration snippit is at " + paths.named_conf + "\n");
-}
-
-
-/*
-  guess reasonably default options for provisioning
-*/
-function provision_guess()
-{
-	var subobj = new Object();
-	var nss = nss_init();
-	var lp = loadparm_init();
-	var rdn_list;
-	random_init(local);
-
-	subobj.SERVERROLE   = strlower(lp.get("server role"));
-	subobj.REALM        = strupper(lp.get("realm"));
-	subobj.DOMAIN       = lp.get("workgroup");
-	subobj.HOSTNAME     = hostname();
-
-	assert(subobj.REALM);
-	assert(subobj.DOMAIN);
-	assert(subobj.HOSTNAME);
-	
-	subobj.VERSION      = version();
-	subobj.HOSTIP       = hostip();
-	subobj.DOMAINSID    = randsid();
-	subobj.POLICYGUID   = randguid();
-	subobj.KRBTGTPASS   = randpass(12);
-	subobj.MACHINEPASS  = randpass(12);
-	subobj.DNSPASS  = randpass(12);
-	subobj.ADMINPASS    = randpass(12);
-	subobj.LDAPMANAGERPASS     = randpass(12);
-	subobj.DEFAULTSITE  = "Default-First-Site-Name";
-	subobj.DATESTRING   = datestring;
-	subobj.ROOT         = findnss(nss.getpwnam, "root");
-	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
-	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
-	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root", "staff", "adm");
-	subobj.BACKUP       = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
-	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other", "unknown", "usr");
-
-	//Add modules to the list to activate them by default
-	//beware often order is important
-	//
-	// Some Known ordering constraints:
-	// - rootdse must be first, as it makes redirects from "" -> cn=rootdse
-	// - objectclass must be before password_hash, because password_hash checks
-	//   that the objectclass is of type person (filled in by the objectclass 
-	//   module when expanding the objectclass list)
-	// - partition must be last
-	// - each partition has its own module list then
-	var modules_list     = new Array("rootdse",
-					 "paged_results",
-					 "ranged_results",
-					 "anr",
-					 "server_sort",
-					 "extended_dn",
-					 "asq",
-					 "samldb",
-					 "rdn_name",
-					 "objectclass",
-					 "kludge_acl",
-					 "operational");
-	var tdb_modules_list = new Array("subtree_rename",
-					 "subtree_delete",
-					 "linked_attributes");
-	var modules_list2    = new Array("show_deleted",
-					 "partition");
-	subobj.MODULES_LIST = join(",", modules_list);
-	subobj.TDB_MODULES_LIST = "," + join(",", tdb_modules_list);
-	subobj.MODULES_LIST2 = join(",", modules_list2);
-	subobj.DOMAINDN_LDB = "users.ldb";
-	subobj.CONFIGDN_LDB = "configuration.ldb";
-	subobj.SCHEMADN_LDB = "schema.ldb";
-	subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
-	subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
-	subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
-
-	subobj.ACI		= "# no aci for local ldb";
-
-	return subobj;
-}
-
-/*
-  search for one attribute as a string
- */
-function searchone(ldb, basedn, expression, attribute)
-{
-	var attrs = new Array(attribute);
-	res = ldb.search(expression, basedn, ldb.SCOPE_SUBTREE, attrs);
-	if (res.error != 0 ||
-	    res.msgs.length != 1 ||
-	    res.msgs[0][attribute] == undefined) {
-		return undefined;
-	}
-	return res.msgs[0][attribute];
-}
-
-/*
-  modify an account to remove the 
-*/
-function enable_account(ldb, user_dn)
-{
-	var attrs = new Array("userAccountControl");
-	var res = ldb.search(NULL, user_dn, ldb.SCOPE_ONELEVEL, attrs);
-	assert(res.error == 0);
-	assert(res.msgs.length == 1);
-	var userAccountControl = res.msgs[0].userAccountControl;
-	userAccountControl = userAccountControl - 2; /* remove disabled bit */
-	var mod = sprintf("
-dn: %s
-changetype: modify
-replace: userAccountControl
-userAccountControl: %u
-", 
-			  user_dn, userAccountControl);
-	var ok = ldb.modify(mod);
-	return (ok.error == 0);	
-}
-
-
-/*
-  add a new user record
-*/
-function newuser(username, unixname, password, message, session_info, credentials)
-{
-	var lp = loadparm_init();
-	var samdb = lp.get("sam database");
-	var ldb = ldb_init();
-	random_init(local);
-	ldb.session_info = session_info;
-	ldb.credentials = credentials;
-
-	/* connect to the sam */
-	var ok = ldb.connect(samdb);
-	assert(ok);
-
-	ldb.transaction_start();
-
-	/* find the DNs for the domain and the domain users group */
-	var attrs = new Array("defaultNamingContext");
-	res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
-	assert(res.error == 0);
-	assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
-	var domain_dn = res.msgs[0].defaultNamingContext;
-	assert(domain_dn != undefined);
-	var dom_users = searchone(ldb, domain_dn, "name=Domain Users", "dn");
-	assert(dom_users != undefined);
-
-	var user_dn = sprintf("CN=%s,CN=Users,%s", username, domain_dn);
-
-
-	/*
-	  the new user record. note the reliance on the samdb module to fill
-	  in a sid, guid etc
-	*/
-	var ldif = sprintf("
-dn: %s
-sAMAccountName: %s
-unixName: %s
-sambaPassword: %s
-objectClass: user
-",
-			   user_dn, username,
-			   unixname, password);
-	/*
-	  add the user to the users group as well
-	*/
-	var modgroup = sprintf("
-dn: %s
-changetype: modify
-add: member
-member: %s
-",
-			       dom_users, user_dn);
-
-
-	/*
-	  now the real work
-	*/
-	message("Adding user %s\n", user_dn);
-	ok = ldb.add(ldif);
-	if (ok.error != 0) {
-		message("Failed to add %s - %s\n", user_dn, ok.errstr);
-		return false;
-	}
-
-	message("Modifying group %s\n", dom_users);
-	ok = ldb.modify(modgroup);
-	if (ok.error != 0) {
-		message("Failed to modify %s - %s\n", dom_users, ok.errstr);
-		return false;
-	}
-
-	/*
-	  modify the userAccountControl to remove the disabled bit
-	*/
-	ok = enable_account(ldb, user_dn);
-	if (ok) {
-		ldb.transaction_commit();
-	}
-	return ok;
-}
-
-// Check whether a name is valid as a NetBIOS name. 
-// FIXME: There are probably more constraints here. 
-// crh has a paragraph on this in his book (1.4.1.1)
-function valid_netbios_name(name)
-{
-	if (strlen(name) > 15) return false;
-	return true;
-}
-
-function provision_validate(subobj, message)
-{
-	var lp = loadparm_init();
-
-	if (!valid_netbios_name(subobj.DOMAIN)) {
-		message("Invalid NetBIOS name for domain\n");
-		return false;
-	}
-
-	if (!valid_netbios_name(subobj.NETBIOSNAME)) {
-		message("Invalid NetBIOS name for host\n");
-		return false;
-	}
-
-
-	if (strupper(lp.get("workgroup")) != strupper(subobj.DOMAIN_CONF)) {
-		message("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
-			lp.get("workgroup"), subobj.DOMAIN_CONF);
-		return false;
-	}
-
-	if (strupper(lp.get("realm")) != strupper(subobj.REALM_CONF)) {
-		message("realm '%s' in smb.conf must match chosen realm '%s'\n",
-			lp.get("realm"), subobj.REALM_CONF);
-		return false;
-	}
-
-	if (strlower(lp.get("server role")) != strlower(subobj.SERVERROLE)) {
-		message("server role '%s' in smb.conf must match chosen role '%s'\n",
-			lp.get("server role"), subobj.SERVERROLE);
-		return false;
-	}
-
-	return true;
-}
-
-function join_domain(domain, netbios_name, join_type, creds, message) 
-{
-	var ctx = NetContext(creds);
-	var joindom = new Object();
-	joindom.domain = domain;
-	joindom.join_type = join_type;
-	joindom.netbios_name = netbios_name;
-	if (!ctx.JoinDomain(joindom)) {
-		message("Domain Join failed: " + joindom.error_string);
-		return false;
-	}
-	return true;
-}
-
-/* Vampire a remote domain.  Session info and credentials are required for for
- * access to our local database (might be remote ldap)
- */ 
-
-function vampire(domain, session_info, credentials, message) {
-	var ctx = NetContext(credentials);
-	var vampire_ctx = new Object();
-	var machine_creds = credentials_init();
-	machine_creds.set_domain(form.DOMAIN);
-	if (!machine_creds.set_machine_account()) {
-		message("Failed to access domain join information!");
-		return false;
-	}
-	vampire_ctx.machine_creds = machine_creds;
-	vampire_ctx.session_info = session_info;
-	if (!ctx.SamSyncLdb(vampire_ctx)) {
-		message("Migration of remote domain to Samba failed: " + vampire_ctx.error_string);
-		return false;
-	}
-
-	return true;
-}
-
-return 0;
-- 
cgit 


From 5a5605afcdf94975d9acb9435034e91162a7d23e Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 22 May 2008 05:24:59 +0200
Subject: Remove unused ejs library functions. (This used to be commit
 57eec87b19428fd763033988d0ba671524d90c69)

---
 source4/scripting/libjs/samr.js   | 170 ----------------------
 source4/scripting/libjs/winreg.js | 291 --------------------------------------
 2 files changed, 461 deletions(-)
 delete mode 100644 source4/scripting/libjs/samr.js
 delete mode 100644 source4/scripting/libjs/winreg.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/samr.js b/source4/scripting/libjs/samr.js
deleted file mode 100644
index 6e8c70af3c..0000000000
--- a/source4/scripting/libjs/samr.js
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
-	samr rpc utility functions 
-	Copyright Andrew Tridgell 2005
-	released under the GNU GPL version 3 or later
-*/	
-
-if (global["HAVE_SAMR_JS"] != undefined) {
-   return;
-}
-HAVE_SAMR_JS=1
-
-/*
-  return a list of names and indexes from a samArray
-*/
-function samArray(output)
-{
-	var list = new Array(output.num_entries);
-	if (output.sam == NULL) {
-		return list;
-	}
-	var i, entries = output.sam.entries;
-	for (i=0;i<output.num_entries;i++) {
-		list[i] = new Object();
-                list[i].name = entries[i].name;
-                list[i].idx  = entries[i].idx;
-	}
-	return list;
-}
-
-/*
-	connect to the sam database
-*/
-function samrConnect(conn)
-{
-	security_init(conn);
-	var io = irpcObj();
-	io.input.system_name = NULL;
-	io.input.access_mask = conn.SEC_FLAG_MAXIMUM_ALLOWED;
-	var status = conn.samr_Connect2(io);
-	check_status_ok(status);
-	return io.output.connect_handle;
-}
-
-/*
-	close a handle
-*/
-function samrClose(conn, handle)
-{
-	var io = irpcObj();
-	io.input.handle = handle;
-	var status = conn.samr_Close(io);
-	check_status_ok(status);
-}
-
-/*
-   get the sid for a domain
-*/
-function samrLookupDomain(conn, handle, domain)
-{
-	var io = irpcObj();
-	io.input.connect_handle = handle;
-	io.input.domain_name = domain;
-	var status = conn.samr_LookupDomain(io);
-	check_status_ok(status);
-	return io.output.sid;
-}
-
-/*
-  open a domain by sid
-*/
-function samrOpenDomain(conn, handle, sid)
-{
-	var io = irpcObj();
-	io.input.connect_handle = handle;
-	io.input.access_mask = conn.SEC_FLAG_MAXIMUM_ALLOWED;
-	io.input.sid = sid;
-	var status = conn.samr_OpenDomain(io);
-	check_status_ok(status);
-	return io.output.domain_handle;
-}
-
-/*
-  open a user by rid
-*/
-function samrOpenUser(conn, handle, rid)
-{
-	var io = irpcObj();
-	io.input.domain_handle = handle;
-	io.input.access_mask = conn.SEC_FLAG_MAXIMUM_ALLOWED;
-	io.input.rid = rid;
-	var status = conn.samr_OpenUser(io);
-	check_status_ok(status);
-	return io.output.user_handle;
-}
-
-/*
-  return a list of all users
-*/
-function samrEnumDomainUsers(conn, dom_handle)
-{
-	var io = irpcObj();
-	io.input.domain_handle = dom_handle;
-	io.input.resume_handle = 0;
-	io.input.acct_flags = 0;
-	io.input.max_size = -1;
-	var status = conn.samr_EnumDomainUsers(io);
-	check_status_ok(status);
-	return samArray(io.output);
-}
-
-/*
-  return a list of all groups
-*/
-function samrEnumDomainGroups(conn, dom_handle)
-{
-	var io = irpcObj();
-	io.input.domain_handle = dom_handle;
-	io.input.resume_handle = 0;
-	io.input.acct_flags = 0;
-	io.input.max_size = -1;
-	var status = conn.samr_EnumDomainGroups(io);
-	check_status_ok(status);
-	return samArray(io.output);
-}
-
-/*
-  return a list of domains
-*/
-function samrEnumDomains(conn, handle)
-{
-	var io = irpcObj();
-	io.input.connect_handle = handle;
-	io.input.resume_handle = 0;
-	io.input.buf_size = -1;
-	var status = conn.samr_EnumDomains(io);
-	check_status_ok(status);
-	return samArray(io.output);
-}
-
-/*
-  return information about a user
-*/
-function samrQueryUserInfo(conn, user_handle, level)
-{
-	var r, io = irpcObj();
-	io.input.user_handle = user_handle;
-	io.input.level = level;
-	var status = conn.samr_QueryUserInfo(io);
-	check_status_ok(status);
-	return io.output.info.info3;
-}
-
-
-/*
-  fill a user array with user information from samrQueryUserInfo
-*/
-function samrFillUserInfo(conn, dom_handle, users, level)
-{
-	var i;
-	for (i=0;i<users.length;i++) {
-		var r, user_handle, info;
-		user_handle = samrOpenUser(conn, dom_handle, users[i].idx);
-		info = samrQueryUserInfo(conn, user_handle, level);
-		info.name = users[i].name;
-		info.idx  = users[i].idx;
-		users[i] = info;
-		samrClose(conn, user_handle);
-	}
-}
-
diff --git a/source4/scripting/libjs/winreg.js b/source4/scripting/libjs/winreg.js
deleted file mode 100644
index 9db415694d..0000000000
--- a/source4/scripting/libjs/winreg.js
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
-	winreg rpc utility functions 
-	Copyright Andrew Tridgell 2005
-	released under the GNU GPL version 3 or later
-*/	
-
-libinclude("base.js");
-
-/*
-  close a handle
-*/
-function __winreg_close(handle)
-{
-	var io = irpcObj();
-	io.input.handle = handle;
-	this.winreg_CloseKey(io);
-}
-
-
-/*
-  open a hive
-*/
-function __winreg_open_hive(hive)
-{
-	var io = irpcObj();
-	io.input.system_name = NULL;
-	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
-	var status;
-	if (hive == "HKLM") {
-		status = this.winreg_OpenHKLM(io);
-	} else if (hive == "HKCR") {
-		status = this.winreg_OpenHKCR(io);
-	} else if (hive == "HKPD") {
-		status = this.winreg_OpenHKPD(io);
-	} else if (hive == "HKU") {
-		status = this.winreg_OpenHKU(io);
-	} else {
-		this._last_error = "Unknown hive " + hive;
-		return undefined;
-	}
-	if (!status.is_ok) {
-		return undefined;
-	}
-	return io.output.handle;
-}
-
-/*
-  open a handle to a path
-*/
-function __winreg_open_path(path)
-{
-	var s = string_init();
-	var i, components = s.split('\\', path);
-
-	/* cope with a leading slash */
-	if (components[0] == '') {
-		for (i=0;i<(components.length-1);i++) {
-			components[i] = components[i+1];
-		}
-		delete(components[i]);
-	}
-	
-	if (components.length == 0) {
-		return undefined;
-	}
-
-	var handle = this.open_hive(components[0]);
-	if (handle == undefined) {
-		return undefined;
-	}
-
-	if (components.length == 1) {
-		return handle;
-	}
-
-	var hpath = components[1];
-
-	for (i=2;i<components.length;i++) {
-		hpath = hpath + "\\" + components[i];
-	}
-
-	io = irpcObj();
-	io.input.parent_handle  = handle;
-	io.input.keyname = hpath;
-	io.input.unknown = 0;
-	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
-	var status = this.winreg_OpenKey(io);
-
-	this.close(handle);
-
-	if (!status.is_ok) {
-		return undefined;
-	}
-	if (io.output.result != "WERR_OK") {
-		return undefined;
-	}
-	
-	return io.output.handle;
-}
-
-/*
-	return a list of keys for a winreg server given a path
-	usage:
-	   list = reg.enum_path(path);
-*/
-function __winreg_enum_path(path)
-{
-	var list = new Array(0);
-
-	if (path == null || path == "\\" || path == "") {
-		return new Array("HKLM", "HKU");
-	}
-	
-	var handle = this.open_path(path);
-	if (handle == undefined) {
-		return undefined;
-	}
-
-	var io = irpcObj();
-	io.input.handle            = handle;
-	io.input.name = new Object();
-	io.input.name.length = 0;
-	io.input.name.size   = 32;
-	io.input.name.name   = NULL;
-	io.input.keyclass = new Object();
-	io.input.keyclass.length = 0;
-	io.input.keyclass.size   = 1024;
-	io.input.keyclass.name   = NULL;
-	io.input.last_changed_time = 0;
-
-	var idx = 0;
-	for (idx=0;idx >= 0;idx++) {
-		io.input.enum_index = idx;
-		var status = this.winreg_EnumKey(io);
-		if (!status.is_ok) {
-			this.close(handle);
-			return list;
-		}
-		var out = io.output;
-		if (out.result == "WERR_MORE_DATA") {
-			io.input.name.size = io.input.name.size * 2;
-			idx--;
-			if (io.input.name.size > 32000) {
-				this.close(handle);
-				return list;
-			}
-			continue;
-		}
-		if (out.result != "WERR_OK") {
-			this.close(handle);
-			return list;
-		}
-		list[list.length] = out.name.name;
-	}
-
-	this.close(handle);
-	return list;
-}
-
-
-/*
-	return a list of values for a winreg server given a path
-	usage:
-	   list = reg.enum_values(path);
-
-	each returned list element is an object containing a name, a
-	type and a value
-*/
-function __winreg_enum_values(path)
-{
-	var data = datablob_init();
-	var list = new Array(0);
-
-	var handle = this.open_path(path);
-	if (handle == undefined) {
-		return undefined;
-	}
-
-	var io = irpcObj();
-	io.input.handle      = handle;
-	io.input.name        = new Object();
-	io.input.name.length = 0;
-	io.input.name.size   = 128;
-	io.input.name.name   = "";
-	io.input.type        = 0;
-	io.input.value       = new Array(0);
-	io.input.size        = 1024;
-	io.input.length      = 0;
-
-	var idx;
-	for (idx=0;idx >= 0;idx++) {
-		io.input.enum_index = idx;
-		var status = this.winreg_EnumValue(io);
-		if (!status.is_ok) {
-			this.close(handle);
-			return list;
-		}
-		var out = io.output;
-		if (out.result == "WERR_MORE_DATA") {
-			io.input.size = io.input.size * 2;
-			io.input.name.size = io.input.name.size * 2;
-			idx--;
-			/* limit blobs to 1M */
-			if (io.input.size > 1000000) {
-				this.close(handle);
-				return list;
-			}
-			continue;
-		}
-		if (out.result != "WERR_OK") {
-			this.close(handle);
-			return list;
-		}
-		var el   = new Object();
-		el.name  = out.name.name;
-		el.type  = out.type;
-		el.rawvalue = out.value;
-		el.value = data.regToVar(el.rawvalue, el.type);
-		el.size  = out.size;
-		list[list.length] = el;
-	}
-
-	this.close(handle);
-	return list;
-}
-
-
-/*
-  create a new key
-    ok = reg.create_key(path, key);
-*/
-function __winreg_create_key(path, key)
-{
-	var handle = this.open_path(path);
-	if (handle == undefined) {
-		return undefined;
-	}
-
-	var io = irpcObj();
-	io.input.handle = handle;
-	io.input.name = key;
-	io.input.keyclass = NULL;
-	io.input.options = 0;
-	io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED;
-	io.input.secdesc = NULL;
-	io.input.action_taken = 0;	
-
-	var status = this.winreg_CreateKey(io);
-	this.close(handle);
-	if (!status.is_ok) {
-		return false;
-	}
-	if (io.output.result != "WERR_OK") {
-		return false;
-	}
-	this.close(io.output.new_handle);
-	return true;
-}
-
-
-/*
-  return a string for a winreg type
-*/
-function __winreg_typestring(type)
-{
-	return this.typenames[type];
-}
-
-/*
-  initialise the winreg lib, returning an object
-*/
-function winregObj()
-{
-	var reg = winreg_init();
-	security_init(reg);
-
-	reg.typenames = new Array("REG_NONE", "REG_SZ", "REG_EXPAND_SZ", "REG_BINARY", 
-				  "REG_DWORD", "REG_DWORD_BIG_ENDIAN", "REG_LINK", "REG_MULTI_SZ",
-				  "REG_RESOURCE_LIST", "REG_FULL_RESOURCE_DESCRIPTOR", 
-				  "REG_RESOURCE_REQUIREMENTS_LIST", "REG_QWORD");
-
-	reg.close       = __winreg_close;
-	reg.open_hive   = __winreg_open_hive;
-	reg.open_path   = __winreg_open_path;
-	reg.enum_path   = __winreg_enum_path;
-	reg.enum_values = __winreg_enum_values;
-	reg.create_key  = __winreg_create_key;
-	reg.typestring  = __winreg_typestring;
-
-	return reg;
-}
-- 
cgit 


From 6f6234c79f062edf05f82aec5bdca6bc35aa1cf4 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 24 May 2008 18:19:41 +0200
Subject: Remove remaining EJS RPC code, was unused. (This used to be commit
 c994fa427fdd1e9682a5ad506aafc77f942122d1)

---
 source4/scripting/libjs/management.js | 157 ----------------------------------
 1 file changed, 157 deletions(-)
 delete mode 100644 source4/scripting/libjs/management.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/management.js b/source4/scripting/libjs/management.js
deleted file mode 100644
index 4a43275156..0000000000
--- a/source4/scripting/libjs/management.js
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
-	backend code for Samba4 management
-	Copyright Andrew Tridgell 2005
-	Released under the GNU GPL version 3 or later
-*/
-
-
-/*
-  return a list of current sessions 
-*/
-function smbsrv_sessions()
-{
-	var irpc = irpc_init();
-	status = irpc.connect("smb_server");
-	if (status.is_ok != true) {
-		return undefined;
-	}
-
-	var io = irpcObj();
-	io.input.level = irpc.SMBSRV_INFO_SESSIONS;
-	status = irpc.smbsrv_information(io);
-	if (status.is_ok != true) {
-		return undefined;
-	}
-
-	/* gather the results into a single array */
-	var i, count=0, ret = new Array(0);
-	for (i=0;i<io.results.length;i++) {
-		var sessions = io.results[i].info.sessions.sessions;
-		var j;
-		for (j=0;j<sessions.length;j++) {
-			ret[count] = sessions[j];
-			count++;
-		}
-	}
-	return ret;
-}
-
-/*
-  return a list of current tree connects
-*/
-function smbsrv_tcons()
-{
-	var irpc = irpc_init();
-	status = irpc.connect("smb_server");
-	if (status.is_ok != true) {
-		return undefined;
-	}
-
-	var io = irpcObj();
-	io.input.level = irpc.SMBSRV_INFO_TCONS;
-	status = irpc.smbsrv_information(io);
-	if (status.is_ok != true) {
-		return undefined;
-	}
-
-	/* gather the results into a single array */
-	var i, count=0, ret = new Object();
-	for (i=0;i<io.results.length;i++) {
-		var tcons = io.results[i].info.tcons.tcons;
-		var j;
-		for (j=0;j<tcons.length;j++) {
-			ret[count] = tcons[j];
-			count++;
-		}
-	}
-	ret.length = count;
-	return ret;
-}
-
-/*
-  return nbtd statistics
-*/
-function nbtd_statistics()
-{
-	var irpc = irpc_init();
-	status = irpc.connect("nbt_server");
-	if (status.is_ok != true) {
-		return undefined;
-	}
-
-	var io = irpcObj();
-	io.input.level = irpc.NBTD_INFO_STATISTICS;
-	status = irpc.nbtd_information(io);
-	if (status.is_ok != true) {
-		return undefined;
-	}
-	return io.results[0].info.stats;
-}
-
-/*
-  see if a service is enabled
-*/
-function service_enabled(name)
-{
-	var lp = loadparm_init();
-	var services = lp.get("server services");
-	var i;
-	for (i=0;i<services.length;i++) {
-		if (services[i] == name) {
-			return true;
-		}
-	}
-	return false;
-}
-
-/*
-  show status of a server
-*/
-function server_status(name)
-{
-	var i;
-	var io;
-	var irpc = irpc_init();
-
-	if (!service_enabled(name)) {
-		return "DISABLED";
-	}
-	
-	status = irpc.connect(name + "_server");
-	if (status.is_ok != true) {
-		return "DOWN";
-	}
-
-	var io = irpcObj();
-	status = irpc.irpc_uptime(io);
-	if (status.is_ok != true) {
-		return "NOT RESPONDING";
-	}
-
-	return "RUNNING";
-}
-
-/*
-  show status of a stream server
-*/
-function stream_server_status(name)
-{
-	var irpc = irpc_init();
-
-	if (!service_enabled(name)) {
-		return "DISABLED";
-	}
-	status = irpc.connect(name + "_server");
-	if (status.is_ok != true) {
-		return "0 connections";
-	}
-
-	var io = irpcObj();
-	status = irpc.irpc_uptime(io);
-	if (status.is_ok != true) {
-		return "NOT RESPONDING";
-	}
-
-	var n = io.results.length;
-	return sprintf("%u connection%s", n, plural(n));
-}
-- 
cgit 


From 1aeb4cc04f9dae45b2029739c5f855ae4e1ffbab Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 26 May 2008 02:05:11 +0200
Subject: Remove unused EJS code. (This used to be commit
 3b70a3de4aa63bd6c325fd620c71bd6111d3d2b8)

---
 source4/scripting/libjs/auth.js | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 source4/scripting/libjs/auth.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/auth.js b/source4/scripting/libjs/auth.js
deleted file mode 100644
index 3fe81d0ea7..0000000000
--- a/source4/scripting/libjs/auth.js
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-	auth js library functions
-	Copyright Andrew Tridgell 2005
-	released under the GNU GPL version 3 or later
-*/
-
-
-/*
-  get a list of domains for SWAT authentication
-*/
-function getDomainList()
-{
-	var ret = new Array(2);
-	var lp = loadparm_init();
-	ret[0] = "System User";
-	ret[1] = lp.get("workgroup");
-	return ret;
-}
-- 
cgit 


From 3a76da248d2c3b8cf90ade4a441dd99c4583183f Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 26 May 2008 14:08:17 +0200
Subject: Remove unused libjs functions. (This used to be commit
 657a87fecc2e79e3c3f66c551e392cc341bca8cf)

---
 source4/scripting/libjs/base.js        |  53 ---------------
 source4/scripting/libjs/encoder.js     | 116 ---------------------------------
 source4/scripting/libjs/server_call.js |  83 -----------------------
 3 files changed, 252 deletions(-)
 delete mode 100644 source4/scripting/libjs/encoder.js
 delete mode 100644 source4/scripting/libjs/server_call.js

(limited to 'source4/scripting/libjs')

diff --git a/source4/scripting/libjs/base.js b/source4/scripting/libjs/base.js
index d861073a07..790dfeb3e0 100644
--- a/source4/scripting/libjs/base.js
+++ b/source4/scripting/libjs/base.js
@@ -20,48 +20,6 @@ function printf()
 	print(vsprintf(arguments));
 }
 
-/*
-  helper function to setup a rpc io object, ready for input
-*/
-function irpcObj()
-{
-	var o = new Object();
-	o.input = new Object();
-	return o;
-}
-
-/*
-  check that a status result is OK
-*/
-function check_status_ok(status)
-{
-	if (status.is_ok != true) {
-		printVars(status);
-	}
-	assert(status.is_ok == true);
-}
-
-/*
-  check that two arrays are equal
-*/
-function check_array_equal(a1, a2)
-{
-	assert(a1.length == a2.length);
-	for (i=0; i<a1.length; i++) {
-		assert(a1[i] == a2[i]);
-	}
-}
-
-/*
-  check that an array is all zeros
-*/
-function check_array_zero(a)
-{
-	for (i=0; i<a.length; i++) {
-		assert(a[i] == 0);
-	}
-}
-
 /*
   substitute strings of the form ${NAME} in str, replacing
   with substitutions from subobj
@@ -90,14 +48,3 @@ function substitute_var(str, subobj)
 	}
 	return join("", list);
 }
-
-/*
-  return "s" if a number should be shown as plural
-*/
-function plural(n)
-{
-	if (n == 1) {
-		return "";
-	}
-	return "s";
-}
diff --git a/source4/scripting/libjs/encoder.js b/source4/scripting/libjs/encoder.js
deleted file mode 100644
index 6cb780c00d..0000000000
--- a/source4/scripting/libjs/encoder.js
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
-	server side js functions for encoding/decoding objects into linear strings
-
-	Copyright Andrew Tridgell 2005
-	released under the GNU GPL Version 3 or later
-*/
-/*
-	usage:
-
-	  enc = encodeObject(obj);
-	  obj = decodeObject(enc);
-
-       The encoded format of the object is a string that is safe to
-       use in URLs
-
-       Note that only data elements are encoded, not functions
-*/
-
-function __count_members(o) {
-	var i, count = 0;
-	for (i in o) { 
-		count++;  
-	}
-	if (o.length != undefined) {
-		count++;
-	}
-	return count;
-}
-
-function __replace(str, old, rep) {
-	var s = string_init();
-	var a = s.split(old, str);
-	var j = s.join(rep, a);
-	return s.join(rep, a);
-}
-
-function encodeElement(e, name) {
-	var t = typeof(e);
-	var r;
-	var s = string_init();
-	if (t == 'object' && e == null) {
-		t = 'null';
-	}
-	if (t == 'object') {
-		r = s.sprintf("%s:%s:%s", name, t, encodeObject(e));
-	} else if (t == "string") {
-		var enc = s.encodeURIComponent(e);
-		var rep = __replace(enc, '%', '#');
-		r = s.sprintf("%s:%s:%s:", 
-			      name, t, __replace(s.encodeURIComponent(e),'%','#'));
-	} else if (t == "boolean" || t == "number") {
-		r = s.sprintf("%s:%s:%s:", name, t, "" + e);
-	} else if (t == "undefined" || t == "null") {
-		r = s.sprintf("%s:%s:", name, t);
-	} else if (t == "pointer") {
-		r = s.sprintf("%s:string:(POINTER):", name);
-	} else {
-		println("Unable to linearise type " + t);
-		r = "";
-	}
-	return r;
-}
-
-function encodeObject(o) {
-	var s = string_init();
-	var i, r = s.sprintf("%u:", __count_members(o));
-	for (i in o) {
-		r = r + encodeElement(o[i], i);
-	}
-	if (o.length != undefined) {
-		r = r + encodeElement(o.length, 'length');
-	}
-	return r;
-}
-
-function decodeObjectArray(a) {
-	var s = string_init();
-	var o = new Object();
-	var i, count = a[a.i]; a.i++;
-	for (i=0;i<count;i++) {
-		var name  = a[a.i]; a.i++;
-		var type  = a[a.i]; a.i++;
-		var value;
-		if (type == 'object') {
-			o[name] = decodeObjectArray(a);
-		} else if (type == "string") {
-			value = s.decodeURIComponent(__replace(a[a.i],'#','%')); a.i++;
-			o[name] = value;
-		} else if (type == "boolean") {
-			value = a[a.i]; a.i++;
-			if (value == 'true') {
-				o[name] = true;
-			} else {
-				o[name] = false;
-			}
-		} else if (type == "undefined") {
-			o[name] = undefined;
-		} else if (type == "null") {
-			o[name] = null;
-		} else if (type == "number") {
-			value = a[a.i]; a.i++;
-			o[name] = value + 0;
-		} else {
-			println("Unable to delinearise type " + t);
-			assert(t == "supported type");
-		}
-	}
-	return o;
-}
-
-function decodeObject(str) {
-	var s = string_init();
-	var a = s.split(':', str);
-	a.i = 0;
-	return decodeObjectArray(a);
-}
diff --git a/source4/scripting/libjs/server_call.js b/source4/scripting/libjs/server_call.js
deleted file mode 100644
index 46414a90dd..0000000000
--- a/source4/scripting/libjs/server_call.js
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
-	server side js functions for handling async calls from js clients
-
-	Copyright Andrew Tridgell 2005
-	released under the GNU GPL Version 3 or later
-*/
-
-libinclude("encoder.js");
-
-/*
-  register a new call
-*/
-function __register_call(name, func)
-{
-	var c = this;
-	c.calls[name] = func;
-}
-
-/*
-  run a call sent from the client, and output the returned object (if any)
-*/
-function __run_call() {
-	var c = this;
-	var name = form['ajaj_func'];
-	if (name == undefined) {
-		/* no function to run */
-		return;
-	}
-	var args = form['ajaj_args'];
-	if (args == undefined) {
-		println("no function arguments given in run_call");
-		exit(0);
-	}
-	args = decodeObject(args);
-	if (c.calls[name] == undefined) {
-		println("undefined remote call " + name);
-		exit(0);
-	}
-	var f = c.calls[name];
-	var res;
-	/* oh what a hack - should write a varargs ejs helper */
-	if (args.length == 0) {
-		res = f();
-	} else if (args.length == 1) {
-		res = f(args[0]);
-	} else if (args.length == 2) {
-		res = f(args[0], args[1]);
-	} else if (args.length == 3) {
-		res = f(args[0], args[1], args[2]);
-	} else if (args.length == 4) {
-		res = f(args[0], args[1], args[2], args[3]);
-	} else if (args.length == 5) {
-		res = f(args[0], args[1], args[2], args[3], args[4]);
-	} else if (args.length == 6) {
-		res = f(args[0], args[1], args[2], args[3], args[4], args[5]);
-	} else if (args.length == 7) {
-		res = f(args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
-	} else if (args.length == 8) {
-		res = f(args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7]);
-	} else {
-		println("too many arguments for remote call: " + name);
-		exit(0);
-	}
-	var repobj = new Object();
-	repobj.res = res;
-	write(encodeObject(repobj));
-	exit(0);
-}
-
-
-
-/*
-  initialise a server call object
-*/
-function servCallObj()
-{
-	var c = new Object();
-	c.add = __register_call;
-	c.run = __run_call;
-	c.calls = new Object();
-	return c;
-}
-
-- 
cgit