svn commit: samba r26298 - in branches/SAMBA_4_0/source: dsdb/samdb rpc_server/netlogon scripting/ejs scripting/libjs setup

abartlet at samba.org abartlet at samba.org
Wed Dec 5 00:40:51 GMT 2007 

Author: abartlet
Date: 2007-12-05 00:40:48 +0000 (Wed, 05 Dec 2007)
New Revision: 26298

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=26298

Log:
Use metze's schema loading code to pre-initialise the schema into the
samdb before we start writing entries into it.

In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).

We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.

When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works.  This required some ejs
glue.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
   branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
   branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c
   branches/SAMBA_4_0/source/scripting/libjs/provision.js
   branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif
   branches/SAMBA_4_0/source/setup/provision_configuration_basedn_modify.ldif
   branches/SAMBA_4_0/source/setup/provision_schema_basedn_modify.ldif
   branches/SAMBA_4_0/source/setup/provision_self_join.ldif
   branches/SAMBA_4_0/source/setup/schema_samba4.ldif


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c	2007-12-05 00:40:48 UTC (rev 26298)
@@ -1136,6 +1136,43 @@
 	return NULL;
 }
 
+bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct dom_sid *dom_sid_new;
+	struct dom_sid *dom_sid_old;
+
+	/* see if we have a cached copy */
+	dom_sid_old = talloc_get_type(ldb_get_opaque(ldb, 
+						     "cache.domain_sid"), struct dom_sid);
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in);
+	if (!dom_sid_new) {
+		goto failed;
+	}
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, "cache.domain_sid", dom_sid_new) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, dom_sid_new);
+	talloc_free(tmp_ctx);
+	talloc_free(dom_sid_old);
+
+	return true;
+
+failed:
+	DEBUG(1,("Failed to set our own cached domain SID in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return false;
+}
+
 /* Obtain the short name of the flexible single master operator
  * (FSMO), such as the PDC Emulator */
 const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg, 

Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c	2007-12-05 00:40:48 UTC (rev 26298)
@@ -985,6 +985,7 @@
 	const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
 	void *sam_ctx;
 	struct ldb_message **res;
+	struct ldb_dn *domain_dn;
 	int ret;
 
 	ZERO_STRUCT(r->out);
@@ -994,9 +995,13 @@
 		return WERR_DS_SERVICE_UNAVAILABLE;
 	}
 
-	ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
-				"(&(objectClass=domainDNS)(dnsDomain=%s))",
-				r->in.domain_name);
+	domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
+					   r->in.domain_name);   
+	if (domain_dn == NULL) {
+		return WERR_DS_SERVICE_UNAVAILABLE;
+	}
+
+	ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
 	if (ret != 1) {
 		return WERR_NO_SUCH_DOMAIN;
 	}

Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c
===================================================================
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c	2007-12-05 00:40:48 UTC (rev 26298)
@@ -28,6 +28,7 @@
 #include "ldb_wrap.h"
 #include "dsdb/samdb/samdb.h"
 #include "librpc/ndr/libndr.h"
+#include "libcli/security/security.h"
 
 /*
   get the connected db
@@ -598,7 +599,7 @@
 }
 
 /*
-  commit a ldb attach a dsdb_schema from ldif files
+  set a particular invocationId against the running LDB
   usage:
    ok = ldb.set_ntds_invocationId("7729aa4b-f990-41ad-b81a-8b6a14090f41");
 */
@@ -640,9 +641,9 @@
 }
 
 /*
-  commit a ldb attach a dsdb_schema from ldif files
+  attach a particular ntds objectGUID against the current ldb
   usage:
-   ok = ldb.get_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
+   ok = ldb.set_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
 */
 static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv)
 {
@@ -682,6 +683,48 @@
 }
 
 /*
+  attach a particular domain SID against the current ldb
+  usage:
+   ok = ldb.set_domain_sid("S-S-1-5-21-3065342217-3567412576-2214182334");
+*/
+static int ejs_ldb_set_domain_sid(MprVarHandle eid, int argc, char **argv)
+{
+	struct ldb_context *ldb;
+	struct dom_sid *dom_sid;
+	char *dom_sid_str;
+	bool ok;
+
+	if (argc != 1) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid invalid arguments");
+		return -1;
+	}
+
+	ldb = ejs_get_ldb_context(eid);
+	if (ldb == NULL) {
+		return -1;
+	}
+
+	dom_sid_str = argv[0];
+
+	dom_sid = dom_sid_parse_talloc(NULL, dom_sid_str);
+	if (!dom_sid) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to parse domain sid '%s'\n",
+				dom_sid_str);
+		return -1;
+	}
+
+	ok = samdb_set_domain_sid(ldb, dom_sid);
+	talloc_free(dom_sid);
+	if (!ok) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to set cached ntds invocationId\n");
+		return -1;
+	}
+
+	mpr_Return(eid, mprCreateBoolVar(ok));
+	return 0;
+}
+
+/*
   initialise ldb ejs subsystem
 */
 static int ejs_ldb_init(MprVarHandle eid, int argc, struct MprVar **argv)
@@ -708,6 +751,8 @@
 			      ejs_ldb_set_ntds_invocationId);
 	mprSetStringCFunction(ldb, "set_ntds_objectGUID",
 			      ejs_ldb_set_ntds_objectGUID);
+	mprSetStringCFunction(ldb, "set_domain_sid",
+			      ejs_ldb_set_domain_sid);
 	mprSetVar(ldb, "SCOPE_BASE", mprCreateNumberVar(LDB_SCOPE_BASE));
 	mprSetVar(ldb, "SCOPE_ONE", mprCreateNumberVar(LDB_SCOPE_ONELEVEL));
 	mprSetVar(ldb, "SCOPE_SUBTREE", mprCreateNumberVar(LDB_SCOPE_SUBTREE));

Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===================================================================
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-12-05 00:40:48 UTC (rev 26298)
@@ -563,6 +563,44 @@
 	return true;
 }
 
+function load_schema(subobj, message, samdb)
+{
+	var lp = loadparm_init();
+	var src = lp.get("setup directory") + "/" + "schema.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var schema_data = sys.file_load(src);
+
+	src = lp.get("setup directory") + "/" + "schema_samba4.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	schema_data = schema_data + sys.file_load(src);
+
+	schema_data = substitute_var(schema_data, subobj);
+
+	src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var head_data = sys.file_load(src);
+	head_data = substitute_var(head_data, subobj);
+
+	var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data);
+	return ok;
+}
+
+
 /*
   provision samba4 - caution, this wipes all existing data!
 */
@@ -648,8 +686,15 @@
 	}
 	samdb.close();
 
+	message("Pre-loading the Samba4 and AD schema\n");
+	
 	samdb = open_ldb(info, paths.samdb, false);
 
+	samdb.set_domain_sid(subobj.DOMAINSID);
+
+	var load_schema_ok = load_schema(subobj, message, samdb);
+	assert(load_schema_ok.is_ok);
+
 	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
@@ -692,16 +737,6 @@
 	message("Setting up sam.ldb AD schema\n");
 	setup_add_ldif("schema.ldif", info, samdb, false);
 
-	// (hack) Reload, now we have the schema loaded.  
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-	samdb.close();
-
-	samdb = open_ldb(info, paths.samdb, false);
-
 	message("Setting up sam.ldb configuration data\n");
 	setup_add_ldif("provision_configuration.ldif", info, samdb, false);
 

Modified: branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif	2007-12-05 00:40:48 UTC (rev 26298)
@@ -3,8 +3,6 @@
 ###############################
 dn: ${DOMAINDN}
 changetype: modify
-replace: dnsDomain
-dnsDomain: ${DNSDOMAIN}
 -
 replace: dc
 dc: ${RDN_DC}
@@ -79,12 +77,6 @@
 subRefs: ${CONFIGDN}
 subRefs: ${SCHEMADN}
 -
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
 replace: gPLink
 gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2]
 -

Modified: branches/SAMBA_4_0/source/setup/provision_configuration_basedn_modify.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_configuration_basedn_modify.ldif	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/setup/provision_configuration_basedn_modify.ldif	2007-12-05 00:40:48 UTC (rev 26298)
@@ -14,9 +14,3 @@
 -
 replace: subRefs
 subRefs: ${SCHEMADN}
--
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}

Modified: branches/SAMBA_4_0/source/setup/provision_schema_basedn_modify.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_schema_basedn_modify.ldif	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/setup/provision_schema_basedn_modify.ldif	2007-12-05 00:40:48 UTC (rev 26298)
@@ -9,15 +9,6 @@
 replace: showInAdvancedViewOnly
 showInAdvancedViewOnly: TRUE
 -
-replace: objectCategory
-objectCategory: CN=DMD,${SCHEMADN}
--
-replace: masteredBy
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
-replace: msDs-masteredBy
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
--
 replace: fSMORoleOwner
 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
 -

Modified: branches/SAMBA_4_0/source/setup/provision_self_join.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_self_join.ldif	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/setup/provision_self_join.ldif	2007-12-05 00:40:48 UTC (rev 26298)
@@ -61,4 +61,9 @@
 dMDLocation: ${SCHEMADN}
 invocationId: ${INVOCATIONID}
 msDS-Behavior-Version: 2
-
+msDS-hasMasterNCs: ${CONFIGDN}
+msDS-hasMasterNCs: ${SCHEMADN}
+msDS-hasMasterNCs: ${DOMAINDN}
+hasMasterNCs: ${CONFIGDN}
+hasMasterNCs: ${SCHEMADN}
+hasMasterNCs: ${DOMAINDN}

Modified: branches/SAMBA_4_0/source/setup/schema_samba4.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/schema_samba4.ldif	2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/setup/schema_samba4.ldif	2007-12-05 00:40:48 UTC (rev 26298)
@@ -96,18 +96,21 @@
 attributeSyntax: 2.5.5.5
 oMSyntax: 22
 
-dn: cn=dnsDomain,${SCHEMADN}
-objectClass: top
-objectClass: attributeSchema
-lDAPDisplayName: dnsDomain
-isSingleValued: FALSE
-systemFlags: 17
-systemOnly: TRUE
-schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
-adminDisplayName: DNS-Domain
-attributeID: 1.3.6.1.4.1.7165.4.1.6
-attributeSyntax: 2.5.5.4
-oMSyntax: 20
+#
+# Not used anymore
+#
+#dn: cn=dnsDomain,${SCHEMADN}
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: dnsDomain
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
+#adminDisplayName: DNS-Domain
+#attributeID: 1.3.6.1.4.1.7165.4.1.6
+#attributeSyntax: 2.5.5.4
+#oMSyntax: 20
 
 dn: cn=privilege,${SCHEMADN}
 objectClass: top

More information about the samba-cvs mailing list