[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-244-g10833f6
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Sep 11 14:54:46 MDT 2009
The branch, master has been updated
via 10833f641a33d340c03d01bf25551cd1d0d1ef63 (commit)
via 5ad756fad3f10863c5257726b119a7082cb84968 (commit)
from c6dd2c9552b79c0cf68b91cfa6aed3c399323850 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 10833f641a33d340c03d01bf25551cd1d0d1ef63
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Sep 11 22:41:58 2009 +0200
s4:group policies - add the domain controller group policy
This patches fixes the last difference between s4 and Windows Server regarding
group policy objects: we hadn't the domain controller policy.
- Adds the domain controller policy as it is found in the "original" AD
- Adds also the right version number in the GPT.INI file for the domain group
policy (was missing)
commit 5ad756fad3f10863c5257726b119a7082cb84968
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Sep 11 22:03:45 2009 +0200
netlogon.idl - rerun "make idl"
-----------------------------------------------------------------------
Summary of changes:
librpc/gen_ndr/ndr_netlogon.c | 24 ++++++++++++++++-
librpc/gen_ndr/netlogon.h | 2 +-
source4/scripting/python/samba/provision.py | 36 +++++++++++++++++++++------
source4/setup/provision | 7 +++-
source4/setup/provision.ldif | 1 +
source4/setup/provision_group_policy.ldif | 27 +++++++++++++++++++-
6 files changed, 83 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c
index daba526..823c174 100644
--- a/librpc/gen_ndr/ndr_netlogon.c
+++ b/librpc/gen_ndr/ndr_netlogon.c
@@ -7393,7 +7393,17 @@ static enum ndr_err_code ndr_push_netr_OsVersionInfoEx(struct ndr_push *ndr, int
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->MinorVersion));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->BuildNumber));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->PlatformId));
- NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->CSDVersion, 128, sizeof(uint16_t), CH_UTF16));
+ {
+ uint32_t _flags_save_string = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM);
+ {
+ struct ndr_push *_ndr_CSDVersion;
+ NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_CSDVersion, 0, 256));
+ NDR_CHECK(ndr_push_string(_ndr_CSDVersion, NDR_SCALARS, r->CSDVersion));
+ NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_CSDVersion, 0, 256));
+ }
+ ndr->flags = _flags_save_string;
+ }
NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->ServicePackMajor));
NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->ServicePackMinor));
NDR_CHECK(ndr_push_netr_SuiteMask(ndr, NDR_SCALARS, r->SuiteMask));
@@ -7414,7 +7424,17 @@ static enum ndr_err_code ndr_pull_netr_OsVersionInfoEx(struct ndr_pull *ndr, int
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->MinorVersion));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->BuildNumber));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->PlatformId));
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->CSDVersion, 128, sizeof(uint16_t), CH_UTF16));
+ {
+ uint32_t _flags_save_string = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM);
+ {
+ struct ndr_pull *_ndr_CSDVersion;
+ NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_CSDVersion, 0, 256));
+ NDR_CHECK(ndr_pull_string(_ndr_CSDVersion, NDR_SCALARS, &r->CSDVersion));
+ NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_CSDVersion, 0, 256));
+ }
+ ndr->flags = _flags_save_string;
+ }
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ServicePackMajor));
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ServicePackMinor));
NDR_CHECK(ndr_pull_netr_SuiteMask(ndr, NDR_SCALARS, &r->SuiteMask));
diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h
index 0a314e1..234ea10 100644
--- a/librpc/gen_ndr/netlogon.h
+++ b/librpc/gen_ndr/netlogon.h
@@ -930,7 +930,7 @@ struct netr_OsVersionInfoEx {
uint32_t MinorVersion;
uint32_t BuildNumber;
uint32_t PlatformId;
- const char *CSDVersion;/* [charset(UTF16)] */
+ const char * CSDVersion;/* [subcontext_size(256),subcontext(0),flag(LIBNDR_FLAG_STR_NULLTERM)] */
uint16_t ServicePackMajor;
uint16_t ServicePackMinor;
uint16_t SuiteMask;
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 07dfc62..19149e9 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -766,7 +766,7 @@ def setup_samdb_rootdse(samdb, setup_path, names):
def setup_self_join(samdb, names,
machinepass, dnspass,
domainsid, invocationid, setup_path,
- policyguid, domainControllerFunctionality):
+ policyguid, policyguid_dc, domainControllerFunctionality):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
@@ -788,6 +788,7 @@ def setup_self_join(samdb, names,
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
"POLICYGUID": policyguid,
+ "POLICYGUID_DC": policyguid_dc,
"DNSDOMAIN": names.dnsdomain,
"DOMAINSID": str(domainsid),
"DOMAINDN": names.domaindn})
@@ -814,7 +815,7 @@ def setup_self_join(samdb, names,
def setup_samdb(path, setup_path, session_info, credentials, lp,
names, message,
- domainsid, domainguid, policyguid,
+ domainsid, domainguid, policyguid, policyguid_dc,
fill, adminpass, krbtgtpass,
machinepass, invocationid, dnspass,
serverrole, schema=None, ldap_backend=None):
@@ -969,7 +970,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"NETBIOSNAME": names.netbiosname,
"DEFAULTSITE": names.sitename,
"CONFIGDN": names.configdn,
- "SERVERDN": names.serverdn
+ "SERVERDN": names.serverdn,
+ "POLICYGUID_DC": policyguid_dc
})
if fill == FILL_FULL:
@@ -988,6 +990,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
dnspass=dnspass,
machinepass=machinepass,
domainsid=domainsid, policyguid=policyguid,
+ policyguid_dc=policyguid_dc,
setup_path=setup_path,
domainControllerFunctionality=domainControllerFunctionality)
# add the NTDSGUID based SPNs
@@ -1017,7 +1020,8 @@ def provision(setup_dir, message, session_info,
domain=None, hostname=None, hostip=None, hostip6=None,
domainsid=None, adminpass=None, ldapadminpass=None,
krbtgtpass=None, domainguid=None,
- policyguid=None, invocationid=None, machinepass=None,
+ policyguid=None, policyguid_dc=None, invocationid=None,
+ machinepass=None,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
ldap_backend_extra_port=None, ldap_backend_type=None,
@@ -1038,6 +1042,8 @@ def provision(setup_dir, message, session_info,
if policyguid is None:
policyguid = str(uuid.uuid4())
+ if policyguid_dc is None:
+ policyguid_dc = str(uuid.uuid4())
if adminpass is None:
adminpass = glue.generate_random_str(12)
if krbtgtpass is None:
@@ -1157,7 +1163,8 @@ def provision(setup_dir, message, session_info,
credentials=credentials, lp=lp, names=names,
message=message,
domainsid=domainsid,
- schema=schema, domainguid=domainguid, policyguid=policyguid,
+ schema=schema, domainguid=domainguid,
+ policyguid=policyguid, policyguid_dc=policyguid_dc,
fill=samdb_fill,
adminpass=adminpass, krbtgtpass=krbtgtpass,
invocationid=invocationid,
@@ -1177,12 +1184,24 @@ def provision(setup_dir, message, session_info,
(paths.smbconf, setup_path("provision.smb.conf.dc")))
assert(paths.sysvol is not None)
- policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
+ # Set up group policies (domain policy and domain controller policy)
+
+ policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
"{" + policyguid + "}")
os.makedirs(policy_path, 0755)
- open(os.path.join(policy_path, "GPT.INI"), 'w').write("")
+ open(os.path.join(policy_path, "GPT.INI"), 'w').write(
+ "[General]\r\nVersion=65544")
os.makedirs(os.path.join(policy_path, "Machine"), 0755)
os.makedirs(os.path.join(policy_path, "User"), 0755)
+
+ policy_path_dc = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
+ "{" + policyguid_dc + "}")
+ os.makedirs(policy_path_dc, 0755)
+ open(os.path.join(policy_path_dc, "GPT.INI"), 'w').write(
+ "[General]\r\nVersion=2")
+ os.makedirs(os.path.join(policy_path_dc, "Machine"), 0755)
+ os.makedirs(os.path.join(policy_path_dc, "User"), 0755)
+
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0755)
@@ -1316,7 +1335,8 @@ def provision_become_dc(setup_dir=None,
configdn=None, serverdn=None,
domain=None, hostname=None, domainsid=None,
adminpass=None, krbtgtpass=None, domainguid=None,
- policyguid=None, invocationid=None, machinepass=None,
+ policyguid=None, policyguid_dc=None, invocationid=None,
+ machinepass=None,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, serverrole=None,
ldap_backend=None, ldap_backend_type=None,
diff --git a/source4/setup/provision b/source4/setup/provision
index 27a3312..8bf08b9 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -53,7 +53,9 @@ parser.add_option("--domain-guid", type="string", metavar="GUID",
parser.add_option("--domain-sid", type="string", metavar="SID",
help="set domainsid (otherwise random)")
parser.add_option("--policy-guid", type="string", metavar="GUID",
- help="set policy guid")
+ help="set guid for domain policy")
+parser.add_option("--policy-guid-dc", type="string", metavar="GUID",
+ help="set guid for domain controller policy")
parser.add_option("--invocationid", type="string", metavar="GUID",
help="set invocationid (otherwise random)")
parser.add_option("--host-name", type="string", metavar="HOSTNAME",
@@ -181,7 +183,8 @@ provision(setup_dir, message,
session, creds, smbconf=smbconf, targetdir=opts.targetdir,
samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
domainguid=opts.domain_guid, domainsid=opts.domain_sid,
- policyguid=opts.policy_guid, hostname=opts.host_name,
+ policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc,
+ hostname=opts.host_name,
hostip=opts.host_ip, hostip6=opts.host_ip6,
invocationid=opts.invocationid, adminpass=opts.adminpass,
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index bd224ee..b6ad528 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -34,6 +34,7 @@ description: Default container for domain controllers
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
+gPLink: [LDAP://CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN};0]
# Joined DC located in "provision_self_join.ldif"
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 65ab1ea..00f0bee 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -5,7 +5,7 @@ objectClass: groupPolicyContainer
displayName: Default Domain Policy
gPCFunctionalityVersion: 2
gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 65543
+versionNumber: 65544
flags: 0
gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
@@ -26,3 +26,28 @@ dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
+
+dn: CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: groupPolicyContainer
+displayName: Default Domain Controllers Policy
+gPCFunctionalityVersion: 2
+gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID_DC}}
+versionNumber: 2
+flags: 0
+gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
+ FB-11D0-A0D0-00A0C90F574B}]
+nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: -1946157056
+
+dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+
+dn: CN=Machine,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list