diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 232d15d66f6..8830c273f56 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -189,24 +189,12 @@ function ldb_erase(ldb) /* erase an ldb, removing all records */ -function ldb_erase_partitions(info, dbname) +function ldb_erase_partitions(info, ldb) { var rootDSE_attrs = new Array("namingContexts"); - var ldb = ldb_init(); var lp = loadparm_init(); var j; - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; - - - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs); assert(typeof(res) != "undefined"); assert(res.length == 1); @@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname) } } } - - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message("ldb commit failed: " + ldb.errstring() + "\n"); - assert(add_ok); - } } -/* - setup a ldb in the private dir - */ -function setup_ldb(ldif, info, dbname) +function open_ldb(info, dbname, erase) { - var erase = true; - var extra = ""; - var failok = false; var ldb = ldb_init(); - var lp = loadparm_init(); ldb.session_info = info.session_info; ldb.credentials = info.credentials; - - if (arguments.length >= 4) { - extra = arguments[3]; - } - - if (arguments.length >= 5) { - erase = arguments[4]; - } - - if (arguments.length == 6) { - failok = arguments[5]; - } - - var src = lp.get("setup directory") + "/" + ldif; - - var data = sys.file_load(src); - data = data + extra; - data = substitute_var(data, info.subobj); - ldb.filename = dbname; var connect_ok = ldb.connect(dbname); @@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname) if (erase) { ldb_erase(ldb); } + return ldb; +} + + +/* + setup a ldb in the private dir + */ +function setup_add_ldif(ldif, info, ldb, failok) +{ + var lp = loadparm_init(); + var src = lp.get("setup directory") + "/" + ldif; + + var data = sys.file_load(src); + data = substitute_var(data, info.subobj); var add_ok = ldb.add(data); if (!add_ok) { @@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname) assert(add_ok); } } - if (add_ok) { + return add_ok; +} + +function setup_ldb(ldif, info, dbname) +{ + var erase = true; + var failok = false; + + if (arguments.length >= 4) { + erase = arguments[3]; + } + if (arguments.length == 5) { + failok = arguments[4]; + } + var ldb = open_ldb(info, dbname, erase); + if (setup_add_ldif(ldif, info, ldb, erase, failok)) { var commit_ok = ldb.transaction_commit(); if (!commit_ok) { info.message("ldb commit failed: " + ldb.errstring() + "\n"); @@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname) /* setup a ldb in the private dir */ -function setup_ldb_modify(ldif, info, dbname) +function setup_ldb_modify(ldif, info, ldb) { - var ldb = ldb_init(); var lp = loadparm_init(); - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; var src = lp.get("setup directory") + "/" + ldif; var data = sys.file_load(src); data = substitute_var(data, info.subobj); - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var mod_ok = ldb.modify(data); if (!mod_ok) { info.message("ldb load failed: " + ldb.errstring() + "\n"); assert(mod_ok); } - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message("ldb commit failed: " + ldb.errstring() + "\n"); - assert(commit_ok); - } } /* @@ -386,16 +356,9 @@ function provision_default_paths(subobj) /* setup reasonable name mappings for sam names to unix names */ -function setup_name_mappings(info, subobj, session_info, credentials) +function setup_name_mappings(info, subobj, ldb) { var lp = loadparm_init(); - var ldb = ldb_init(); - ldb.session_info = session_info; - ldb.credentials = credentials; - var ok = ldb.connect(lp.get("sam database")); - if (!ok) { - return false; - } var attrs = new Array("objectSid"); res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs); assert(res.length == 1 && res[0].objectSid != undefined); @@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials) */ function provision(subobj, message, blank, paths, session_info, credentials) { - var data = ""; var lp = loadparm_init(); var sys = sys_init(); var info = new Object(); @@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials) setup_ldb("hklm.ldif", info, paths.hklm); message("Setting up sam.ldb partitions\n"); + /* Also wipes the database */ setup_ldb("provision_partitions.ldif", info, paths.samdb); - message("Setting up sam.ldb attributes\n"); - setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false); - message("Erasing data from partitions\n"); - ldb_erase_partitions(info, paths.samdb); - - message("Adding baseDN: " + subobj.BASEDN + "\n"); - setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true); - message("Modifying baseDN: " + subobj.BASEDN + "\n"); - setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb) + var samdb = open_ldb(info, paths.samdb, false); - message("Setting up sam.ldb schema\n"); - setup_ldb("schema.ldif", info, paths.samdb, NULL, false); + message("Setting up sam.ldb attributes\n"); + setup_add_ldif("provision_init.ldif", info, samdb, false); + message("Erasing data from partitions\n"); + ldb_erase_partitions(info, samdb); + + message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n"); + setup_add_ldif("provision_basedn.ldif", info, samdb, true); + message("Modifying baseDN: " + subobj.BASEDN + "\n"); + setup_ldb_modify("provision_basedn_modify.ldif", info, samdb); + + message("Setting up sam.ldb Samba4 schema\n"); + setup_add_ldif("schema_samba4.ldif", info, samdb, false); + message("Setting up sam.ldb AD schema\n"); + setup_add_ldif("schema.ldif", info, samdb, false); message("Setting up display specifiers\n"); - setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("display_specifiers.ldif", info, samdb, false); message("Setting up sam.ldb templates\n"); - setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision_templates.ldif", info, samdb, false); message("Setting up sam.ldb data\n"); - setup_ldb("provision.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision.ldif", info, samdb, false); if (blank != false) { + var commit_ok = samdb.transaction_commit(); + if (!commit_ok) { + info.message("ldb commit failed: " + samdb.errstring() + "\n"); + assert(commit_ok); + } return true; } message("Setting up sam.ldb users and groups\n"); - setup_ldb("provision_users.ldif", info, paths.samdb, data, false); + setup_add_ldif("provision_users.ldif", info, samdb, false); - if (setup_name_mappings(info, subobj, session_info, credentials) == false) { + if (setup_name_mappings(info, subobj, samdb) == false) { return false; } + var commit_ok = samdb.transaction_commit(); + if (!commit_ok) { + info.message("samdb commit failed: " + samdb.errstring() + "\n"); + assert(commit_ok); + } + return true; } diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index e7d7fcec2dc..ca21ee923df 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 -dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -cn: middleName -name: middleName -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: middleName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Name -attributeID: 2.16.840.1.113730.3.1.34 -attributeSyntax: 2.5.5.12 +#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +#cn: middleName +#name: middleName +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: middleName +#isSingleValued: TRUE +#systemFlags: 16 +#systemOnly: FALSE +#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +#adminDisplayName: Other-Name +#attributeID: 2.16.840.1.113730.3.1.34 +#attributeSyntax: 2.5.5.12 dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} cn: replTopologyStayOfExecution diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif new file mode 100644 index 00000000000..94b79bd31ff --- /dev/null +++ b/source4/setup/schema_samba4.ldif @@ -0,0 +1,149 @@ +# +# Schema elements which do not exist in AD, but which we use in Samba4 +# +## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +# +# + + +dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: ntpwdHash +name: NTPWDHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ntpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 +adminDisplayName: NT-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.1 +attributeSyntax: 2.5.5.10 + +dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: lmpwdHash +name: lmpwdHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lmpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 +adminDisplayName: LM-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.2 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaNtPwdHistory +name: sambaNtPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaNtPwdHistory +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B +adminDisplayName: SAMBA-NT-PWD-History +attributeID: 1.3.6.1.4.1.7165.4.1.3 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaLmPwdHistory +name: sambaLmPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaLmPwdHistory +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: SAMBA-LM-PWDHistory +attributeID: 1.3.6.1.4.1.7165.4.1.4 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaPassword +name: sambaPassword +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaPassword +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.5 +attributeSyntax: 2.5.5.5 + +dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: dnsDomain +name: dnsDomain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dnsDomain +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.6 +attributeSyntax: 2.5.5.4 + +dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN} +cn: privilege +name: privilege +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: privilege +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 +adminDisplayName: Privilege +attributeID: 1.3.6.1.4.1.7165.4.1.7 +attributeSyntax: 2.5.5.4 + +dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +cn: middleName +name: middleName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: middleName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Name +attributeID: 1.3.6.1.4.1.7165.4.1.8 +attributeSyntax: 2.5.5.12 + +dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} +cn: unixName +name: unixName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: unixName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Unix-Name +attributeID: 1.3.6.1.4.1.7165.4.1.9 +attributeSyntax: 2.5.5.4 + +dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN} +cn: krb5Key +name: krb5Key +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: krb5Key +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: krb5-Key +attributeID: 1.3.6.1.4.1.5322.10.1.10 +attributeSyntax: 2.5.5.10