Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).

To make Samba4, using the python provision system, pass this test
required some major rework.  Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.

Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).

In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.

Andrew Bartlett
(This used to be commit 1169e8d7be)

source4/dsdb/samdb/ldb_modules/schema_fsmo.c

@@ -30,6 +30,7 @@
 #include "librpc/gen_ndr/ndr_drsuapi.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "lib/util/dlinklist.h"
+#include "param/param.h"
 
 static int schema_fsmo_init(struct ldb_module *module)
 {
@@ -78,7 +79,7 @@ static int schema_fsmo_init(struct ldb_module *module)
 	}
 	module->private_data = schema_fsmo;
 
-	schema = talloc_zero(mem_ctx, struct dsdb_schema);
+	schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")));
 	if (!schema) {
 		ldb_oom(module->ldb);
 		return LDB_ERR_OPERATIONS_ERROR;

source4/dsdb/schema/schema_init.c

@@ -29,6 +29,18 @@
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "param/param.h"
 
+struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience)
+{
+	struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema);
+	if (!schema) {
+		return NULL;
+	}
+
+	schema->iconv_convenience = iconv_convenience;
+	return schema;
+}
+
+
 WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
 {
 	uint32_t i,j;
@@ -1150,12 +1162,7 @@ WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf
 		goto nomem;
 	}
 
-	schema = talloc_zero(mem_ctx, struct dsdb_schema);
+	schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")));
-	if (!schema) {
-		goto nomem;
-	}
-
-	schema->iconv_convenience = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm"));
 
 	/*
 	 * load the prefixMap attribute from pf

source4/samba4-knownfail

@@ -33,4 +33,3 @@ rpc.netlogon.*.GetTrustPasswords
 base.charset.*.Testing partial surrogate
 .*net.api.delshare.*				# DelShare isn't implemented yet
 rap.*netservergetinfo
-local.torture.provision

source4/scripting/python/samba/provision.py

@@ -32,6 +32,7 @@ from socket import gethostname, gethostbyname
 import param
 import registry
 import samba
+from auth import system_session
 from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted
 from samba.samdb import SamDB
 import security
@@ -65,6 +66,7 @@ class ProvisionPaths:
         self.dns_keytab = None
         self.dns = None
         self.winsdb = None
+        self.private_dir = None
 
 
 def check_install(lp, session_info, credentials):
@@ -197,20 +199,20 @@ def provision_paths_from_lp(lp, dnsdomain):
     :param dnsdomain: DNS Domain name
     """
     paths = ProvisionPaths()
-    private_dir = lp.get("private dir")
+    paths.private_dir = lp.get("private dir")
     paths.keytab = "secrets.keytab"
     paths.dns_keytab = "dns.keytab"
 
-    paths.shareconf = os.path.join(private_dir, "share.ldb")
+    paths.shareconf = os.path.join(paths.private_dir, "share.ldb")
-    paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb")
+    paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
-    paths.idmapdb = os.path.join(private_dir, lp.get("idmap database") or "idmap.ldb")
+    paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb")
-    paths.secrets = os.path.join(private_dir, lp.get("secrets database") or "secrets.ldb")
+    paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb")
-    paths.templates = os.path.join(private_dir, "templates.ldb")
+    paths.templates = os.path.join(paths.private_dir, "templates.ldb")
-    paths.dns = os.path.join(private_dir, dnsdomain + ".zone")
+    paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
-    paths.winsdb = os.path.join(private_dir, "wins.ldb")
+    paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
-    paths.s4_ldapi_path = os.path.join(private_dir, "ldapi")
+    paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
-    paths.smbconf = os.path.join(private_dir, "smb.conf")
+    paths.smbconf = os.path.join(paths.private_dir, "smb.conf")
-    paths.phpldapadminconfig = os.path.join(private_dir, 
+    paths.phpldapadminconfig = os.path.join(paths.private_dir, 
                                             "phpldapadmin-config.php")
     paths.hklm = "hklm.ldb"
     paths.hkcr = "hkcr.ldb"
@@ -588,7 +590,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
     samdb = SamDB(path, session_info=session_info, 
                   credentials=credentials, lp=lp)
     samdb.set_domain_sid(domainsid)
-    if lp.get("server role") == "domain controller":
+    if serverrole == "domain controller":
         samdb.set_invocation_id(invocationid)
 
     load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename)
@@ -699,7 +701,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
                 "KRBTGTPASS_B64": b64encode(krbtgtpass),
                 })
 
-            if lp.get("server role") == "domain controller":
+            if serverrole == "domain controller":
                 message("Setting up self join")
                 setup_self_join(samdb, configdn=configdn, schemadn=schemadn, 
                                 domaindn=domaindn, invocationid=invocationid, 
@@ -725,8 +727,9 @@ FILL_FULL = "FULL"
 FILL_NT4SYNC = "NT4SYNC"
 FILL_DRS = "DRS"
 
-def provision(lp, setup_dir, message, paths, session_info, 
+def provision(setup_dir, message, session_info, 
-              credentials, samdb_fill=FILL_FULL, realm=None, rootdn=None,
+              credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, 
+              rootdn=None, domaindn=None, schemadn=None, configdn=None,
               domain=None, hostname=None, hostip=None, domainsid=None, 
               hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, 
               policyguid=None, invocationid=None, machinepass=None, 
@@ -768,28 +771,6 @@ def provision(lp, setup_dir, message, paths, session_info,
         backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0]
     if aci is None:
         aci = "# no aci for local ldb"
-    if serverrole is None:
-        serverrole = lp.get("server role")
-    assert serverrole in ("domain controller", "member server")
-    if invocationid is None and serverrole == "domain controller":
-        invocationid = uuid.random()
-
-    if realm is None:
-        realm = lp.get("realm")
-
-    if lp.get("realm").upper() != realm.upper():
-        raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" %
-                (lp.get("realm"), realm))
-
-    ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="")
-    
-    if ldap_backend == "ldapi":
-        # provision-backend will set this path suggested slapd command line / fedorads.inf
-        ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="")
-
-    assert realm is not None
-    realm = realm.upper()
-
     if hostname is None:
         hostname = gethostname().split(".")[0].lower()
 
@@ -800,9 +781,84 @@ def provision(lp, setup_dir, message, paths, session_info,
     if not valid_netbios_name(netbiosname):
         raise InvalidNetbiosName(netbiosname)
 
+    if targetdir is not None:
+        if not os.path.exists(targetdir):
+            os.mkdir(targetdir)
+        if not os.path.exists(os.path.join(targetdir, "etc")):
+           os.mkdir(os.path.join(targetdir, "etc"))
+
+        if smbconf is None:
+            smbconf = os.path.join(targetdir, os.path.join("etc", "smb.conf"))
+
+    # only install a new smb.conf if there isn't one there already
+    if not os.path.exists(smbconf):
+        message("Setting up smb.conf")
+        assert serverrole is not None
+        if serverrole == "domain controller":
+            smbconfsuffix = "dc"
+        elif serverrole == "member server":
+            smbconfsuffix = "member"
+
+        assert domain is not None
+        assert realm is not None
+
+        default_lp = param.LoadParm()
+        #Load non-existant file
+        default_lp.load(smbconf)
+        
+        if targetdir is not None:
+            privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private"))
+            lockdir_line = "lock dir = " + os.path.abspath(targetdir)
+
+            default_lp.set("lock dir", os.path.abspath(targetdir))
+            
+        sysvol = os.path.join(default_lp.get("lock dir"), "sysvol")
+        netlogon = os.path.join(os.path.join(sysvol, "scripts"))
+
+        setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), 
+                   smbconf, {
+                "HOSTNAME": hostname,
+                "DOMAIN_CONF": domain,
+                "REALM_CONF": realm,
+                "SERVERROLE": serverrole,
+                "NETLOGONPATH": netlogon,
+                "SYSVOLPATH": sysvol,
+                "PRIVATEDIR_LINE": privatedir_line,
+                "LOCKDIR_LINE": lockdir_line
+                })
+
+    lp = param.LoadParm()
+    lp.load(smbconf)
+
+    if serverrole is None:
+        serverrole = lp.get("server role")
+    assert serverrole in ("domain controller", "member server")
+    if invocationid is None and serverrole == "domain controller":
+        invocationid = uuid.random()
+
+    if realm is None:
+        realm = lp.get("realm")
+
+    assert realm is not None
+    realm = realm.upper()
+
     dnsdomain = realm.lower()
+
+    paths = provision_paths_from_lp(lp, dnsdomain)
+
+    if targetdir is not None:
+        if not os.path.exists(paths.private_dir):
+            os.mkdir(paths.private_dir)
+
+    ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="")
+    
+    if ldap_backend == "ldapi":
+        # provision-backend will set this path suggested slapd command line / fedorads.inf
+        ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
+
     if serverrole == "domain controller":
-        domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
+        if domaindn is None:
+            domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
         if domain is None:
             domain = lp.get("workgroup")
     
@@ -815,38 +871,25 @@ def provision(lp, setup_dir, message, paths, session_info,
         if not valid_netbios_name(domain):
             raise InvalidNetbiosName(domain)
     else:
-        domaindn = "CN=" + netbiosname
+        if domaindn is None:
+            domaindn = "CN=" + netbiosname
         domain = netbiosname
     
     if rootdn is None:
        rootdn = domaindn
        
-    configdn = "CN=Configuration," + rootdn
+    if configdn is None:
-    schemadn = "CN=Schema," + configdn
+        configdn = "CN=Configuration," + rootdn
+    if schemadn is None:
+        schemadn = "CN=Schema," + configdn
 
     message("set DOMAIN SID: %s" % str(domainsid))
     message("Provisioning for %s in realm %s" % (domain, realm))
     message("Using administrator password: %s" % adminpass)
 
-    assert paths.smbconf is not None
+    if lp.get("realm").upper() != realm.upper():
-
+        raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" %
-    # only install a new smb.conf if there isn't one there already
+                        (lp.get("realm"), realm))
-    if not os.path.exists(paths.smbconf):
-        message("Setting up smb.conf")
-        if serverrole == "domain controller":
-            smbconfsuffix = "dc"
-        elif serverrole == "member server":
-            smbconfsuffix = "member"
-        setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), 
-                   paths.smbconf, {
-            "HOSTNAME": hostname,
-            "DOMAIN_CONF": domain,
-            "REALM_CONF": realm,
-            "SERVERROLE": serverrole,
-            "NETLOGONPATH": paths.netlogon,
-            "SYSVOLPATH": paths.sysvol,
-            })
-        lp.load(paths.smbconf)
 
     # only install a new shares config db if there is none
     if not os.path.exists(paths.shareconf):
@@ -911,32 +954,52 @@ def provision(lp, setup_dir, message, paths, session_info,
         message("Setting up sam.ldb rootDSE marking as synchronized")
         setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
 
+        # Only make a zone file on the first DC, it should be replicated with DNS replication
+        if serverrole == "domain controller":
+            samdb = SamDB(paths.samdb, session_info=session_info, 
+                      credentials=credentials, lp=lp)
+
+            domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
+            assert isinstance(domainguid, str)
+            hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
+                                       expression="(&(objectClass=computer)(cn=%s))" % hostname,
+                                       scope=SCOPE_SUBTREE)
+            assert isinstance(hostguid, str)
+            
+            message("Setting up DNS zone: %s" % dnsdomain)
+            create_zone_file(paths.dns, setup_path, samdb, 
+                             hostname=hostname, hostip=hostip, dnsdomain=dnsdomain,
+                             domaindn=domaindn, dnspass=dnspass, realm=realm, 
+                             domainguid=domainguid, hostguid=hostguid)
+            message("Please install the zone located in %s into your DNS server" % paths.dns)
+            
     message("Setting up phpLDAPadmin configuration")
     create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, 
                                ldapi_url)
 
     message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
 
-    if lp.get("server role") == "domain controller":
-        samdb = SamDB(paths.samdb, session_info=session_info, 
-                      credentials=credentials, lp=lp)
-
-        domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
-        assert isinstance(domainguid, str)
-        hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
-                expression="(&(objectClass=computer)(cn=%s))" % hostname,
-                scope=SCOPE_SUBTREE)
-        assert isinstance(hostguid, str)
-
-        message("Setting up DNS zone: %s" % dnsdomain)
-        create_zone_file(paths.dns, setup_path, samdb, 
-                      hostname=hostname, hostip=hostip, dnsdomain=dnsdomain,
-                      domaindn=domaindn, dnspass=dnspass, realm=realm, 
-                      domainguid=domainguid, hostguid=hostguid)
-        message("Please install the zone located in %s into your DNS server" % paths.dns)
-
     return domaindn
 
+def provision_become_dc(setup_dir=None,
+                        smbconf=None, targetdir=None, realm=None, 
+                        rootdn=None, domaindn=None, schemadn=None, configdn=None,
+                        domain=None, hostname=None, domainsid=None, 
+                        hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None, 
+                        policyguid=None, invocationid=None, machinepass=None, 
+                        dnspass=None, root=None, nobody=None, nogroup=None, users=None, 
+                        wheel=None, backup=None, aci=None, serverrole=None, 
+                        ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE):
+
+    def message(text):
+	"""print a message if quiet is not set."""
+        print text
+
+    provision(setup_dir, message, system_session(), None,
+              smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm, 
+              rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, 
+              domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename);
+    
 
 def create_phpldapadmin_config(path, setup_path, ldapi_uri):
     """Create a PHP LDAP admin configuration file.
@@ -978,7 +1041,6 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn,
             "HOSTGUID": hostguid,
         })
 
-
 def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename):
     """Load schema for the SamDB.
     

source4/setup/provision

@@ -30,9 +30,7 @@ import samba
 
 from auth import system_session
 import samba.getopt as options
-import param
 from samba.provision import (provision, 
-                             provision_paths_from_lp,
                              FILL_FULL, FILL_NT4SYNC,
                              FILL_DRS)
 
@@ -113,27 +111,13 @@ if opts.realm is None or opts.domain is None:
 	sys.exit(1)
 
 # cope with an initially blank smb.conf 
-private_dir = None
+
-lp = sambaopts.get_loadparm()
+if sambaopts.get_loadparm_path() is not None:
-if opts.targetdir is not None:
+    smbconf = sambaopts.get_loadparm_path()
-    if not os.path.exists(opts.targetdir):
-        os.mkdir(opts.targetdir)
-    private_dir = os.path.join(opts.targetdir, "private")
-    if not os.path.exists(private_dir):
-        os.mkdir(private_dir)
-    lp.set("private dir", os.path.abspath(private_dir))
-    lp.set("lock dir", os.path.abspath(opts.targetdir))
-lp.set("realm", opts.realm)
-lp.set("workgroup", opts.domain)
-lp.set("server role", opts.server_role or "domain controller")
 
 if opts.aci is not None:
 	print "set ACI: %s" % opts.aci
 
-paths = provision_paths_from_lp(lp, opts.realm.lower())
-if sambaopts.get_loadparm_path() is not None:
-    paths.smbconf = sambaopts.get_loadparm_path()
-
 creds = credopts.get_credentials()
 
 setup_dir = opts.setupdir
@@ -146,8 +130,8 @@ if opts.blank:
 elif opts.partitions_only:
     samdb_fill = FILL_DRS
 
-provision(lp, setup_dir, message, paths, 
+provision(setup_dir, message, 
-          system_session(), creds, 
+          system_session(), creds, smbconf=smbconf, 
           samdb_fill=samdb_fill, realm=opts.realm,
           domainguid=opts.domain_guid, domainsid=opts.domain_sid,
           policyguid=opts.policy_guid, hostname=opts.host_name,

source4/setup/provision.smb.conf.dc

@@ -3,6 +3,8 @@
 	workgroup	= ${DOMAIN_CONF}
 	realm		= ${REALM_CONF}
 	server role     = ${SERVERROLE}
+	${PRIVATEDIR_LINE}
+	${LOCKDIR_LINE}
 
 [netlogon]
 	path = ${NETLOGONPATH}

source4/setup/provision.smb.conf.member

@@ -3,3 +3,5 @@
 	workgroup	= ${DOMAIN_CONF}
 	realm		= ${REALM_CONF}
 	server role     = ${SERVERROLE}
+	${PRIVATEDIR_LINE}
+	${LOCKDIR_LINE}

source4/setup/provision.smb.conf.standalone

@@ -3,3 +3,5 @@
 	workgroup	= ${DOMAIN_CONF}
 	realm		= ${REALM_CONF}
 	server role     = ${SERVERROLE}
+	${PRIVATEDIR_LINE}
+	${LOCKDIR_LINE}

source4/torture/libnet/libnet_BecomeDC.c

@@ -56,16 +56,9 @@ struct test_become_dc_state {
 		struct drsuapi_DsReplicaObjectListItemEx *last_object;
 	} schema_part;
 
-	struct {
+	const char *targetdir;
-		const char *samdb_ldb;
+
-		const char *domaindn_ldb;
+	struct loadparm_context *lp_ctx;
-		const char *configdn_ldb;
-		const char *schemadn_ldb;
-		const char *secrets_ldb;
-		const char *templates_ldb;
-		const char *secrets_keytab;
-		const char *dns_keytab;
-	} path;
 };
 
 static NTSTATUS test_become_dc_prepare_db(void *private_data,
@@ -73,6 +66,14 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
 {
 	struct test_become_dc_state *s = talloc_get_type(private_data, struct test_become_dc_state);
 	struct provision_settings settings;
+	NTSTATUS status;
+	bool ok;
+	struct loadparm_context *lp_ctx = loadparm_init(s);
+	char *smbconf;
+
+	if (!lp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	settings.dns_name = p->dest_dsa->dns_name;
 	settings.site_name = p->dest_dsa->site_name;
@@ -80,21 +81,46 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
 	settings.domain_dn_str = p->domain->dn_str;
 	settings.config_dn_str = p->forest->config_dn_str;
 	settings.schema_dn_str = p->forest->schema_dn_str;
-	settings.invocation_id = &p->dest_dsa->invocation_id;
 	settings.netbios_name = p->dest_dsa->netbios_name;
 	settings.realm = torture_join_dom_dns_name(s->tj);
 	settings.domain = torture_join_dom_netbios_name(s->tj);
-	settings.ntds_guid = &p->dest_dsa->ntds_guid;
-	settings.ntds_dn_str = p->dest_dsa->ntds_dn_str;
 	settings.machine_password = cli_credentials_get_password(s->machine_account);
-	settings.samdb_ldb = s->path.samdb_ldb;
+	settings.targetdir = s->targetdir;
-	settings.secrets_ldb = s->path.secrets_ldb;
+
-	settings.secrets_keytab = s->path.secrets_keytab;
+	status = provision_bare(s, s->lp_ctx, &settings);
-	settings.schemadn_ldb = s->path.schemadn_ldb;
+	
-	settings.configdn_ldb = s->path.configdn_ldb;
+	smbconf = talloc_asprintf(lp_ctx, "%s/%s", s->targetdir, "/etc/smb.conf");
-	settings.domaindn_ldb = s->path.domaindn_ldb;
+
+	ok = lp_load(lp_ctx, smbconf);
+	if (!ok) {
+		DEBUG(0,("Failed load freshly generated smb.conf '%s'\n", smbconf));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	s->ldb = ldb_wrap_connect(s, lp_ctx, lp_sam_url(lp_ctx),
+				  system_session(s, lp_ctx),
+				  NULL, 0, NULL);
+	if (!s->ldb) {
+		DEBUG(0,("Failed to open '%s'\n", lp_sam_url(lp_ctx)));
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+	
+	ok = samdb_set_ntds_invocation_id(s->ldb, &p->dest_dsa->invocation_id);
+	if (!ok) {
+		DEBUG(0,("Failed to set cached ntds invocationId\n"));
+		return NT_STATUS_FOOBAR;
+	}
+	ok = samdb_set_ntds_objectGUID(s->ldb, &p->dest_dsa->ntds_guid);
+	if (!ok) {
+		DEBUG(0,("Failed to set cached ntds objectGUID\n"));
+		return NT_STATUS_FOOBAR;
+	}
+	
+	s->lp_ctx = lp_ctx;
+
+        return NT_STATUS_OK;
+
 
-	return provision_bare(s, s->tctx->lp_ctx, &settings);
 }
 
 static NTSTATUS test_become_dc_check_options(void *private_data,
@@ -140,6 +166,7 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s,
 	struct ldb_val prefixMap_val;
 	struct ldb_message_element *prefixMap_el;
 	struct ldb_val schemaInfo_val;
+	char *sam_ldb_path;
 	uint32_t i;
 	int ret;
 	bool ok;
@@ -325,13 +352,14 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s,
 	talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
 	s->schema = NULL;
 
-	DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", s->path.samdb_ldb));
+	sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
-	s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, s->path.samdb_ldb,
+	DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", sam_ldb_path));
+	s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, sam_ldb_path,
 				  system_session(s, s->tctx->lp_ctx),
 				  NULL, 0, NULL);
 	if (!s->ldb) {
 		DEBUG(0,("Failed to open '%s'\n",
-			s->path.samdb_ldb));
+			sam_ldb_path));
 		return NT_STATUS_INTERNAL_DB_ERROR;
 	}
 
@@ -392,7 +420,8 @@ static NTSTATUS test_become_dc_schema_chunk(void *private_data,
 	}
 
 	if (!s->schema) {
-		s->self_made_schema = talloc_zero(s, struct dsdb_schema);
+		s->self_made_schema = dsdb_new_schema(s, lp_iconv_convenience(s->lp_ctx));
+
 		NT_STATUS_HAVE_NO_MEMORY(s->self_made_schema);
 
 		status = dsdb_load_oid_mappings_drsuapi(s->self_made_schema, mapping_ctr);
@@ -564,33 +593,24 @@ bool torture_net_become_dc(struct torture_context *torture)
 	struct ldb_message *msg;
 	int ldb_ret;
 	uint32_t i;
+	char *sam_ldb_path;
+
+	char *location = NULL;
+	torture_assert_ntstatus_ok(torture, torture_temp_dir(torture, "libnet_BecomeDC", &location), 
+				   "torture_temp_dir should return NT_STATUS_OK" );
 
 	s = talloc_zero(torture, struct test_become_dc_state);
 	if (!s) return false;
 
 	s->tctx = torture;
+	s->lp_ctx = torture->lp_ctx;
 
 	s->netbios_name = lp_parm_string(torture->lp_ctx, NULL, "become dc", "smbtorture dc");
 	if (!s->netbios_name || !s->netbios_name[0]) {
 		s->netbios_name = "smbtorturedc";
 	}
 
-	s->path.samdb_ldb	= talloc_asprintf(s, "%s_samdb.ldb", s->netbios_name);
+	s->targetdir = location;
-	if (!s->path.samdb_ldb) return false;
-	s->path.domaindn_ldb	= talloc_asprintf(s, "%s_domain.ldb", s->netbios_name);
-	if (!s->path.domaindn_ldb) return false;
-	s->path.configdn_ldb	= talloc_asprintf(s, "%s_config.ldb", s->netbios_name);
-	if (!s->path.configdn_ldb) return false;
-	s->path.schemadn_ldb	= talloc_asprintf(s, "%s_schema.ldb", s->netbios_name);
-	if (!s->path.schemadn_ldb) return false;
-	s->path.secrets_ldb	= talloc_asprintf(s, "%s_secrets.ldb", s->netbios_name);
-	if (!s->path.secrets_ldb) return false;
-	s->path.templates_ldb	= talloc_asprintf(s, "%s_templates.ldb", s->netbios_name);
-	if (!s->path.templates_ldb) return false;
-	s->path.secrets_keytab	= talloc_asprintf(s, "%s_secrets.keytab", s->netbios_name);
-	if (!s->path.secrets_keytab) return false;
-	s->path.dns_keytab	= talloc_asprintf(s, "%s_dns.keytab", s->netbios_name);
-	if (!s->path.dns_keytab) return false;
 
 	/* Join domain as a member server. */
 	s->tj = torture_join_domain(torture, s->netbios_name,
@@ -664,13 +684,14 @@ bool torture_net_become_dc(struct torture_context *torture)
 	talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
 	s->schema = NULL;
 
-	DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", s->path.samdb_ldb));
+	sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
-	s->ldb = ldb_wrap_connect(s, torture->lp_ctx, s->path.samdb_ldb,
+	DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", sam_ldb_path));
-				  system_session(s, torture->lp_ctx),
+	s->ldb = ldb_wrap_connect(s, s->lp_ctx, sam_ldb_path,
+				  system_session(s, s->lp_ctx),
 				  NULL, 0, NULL);
 	if (!s->ldb) {
 		DEBUG(0,("Failed to open '%s'\n",
-			s->path.samdb_ldb));
+			sam_ldb_path));
 		ret = false;
 		goto cleanup;
 	}
@@ -682,7 +703,7 @@ bool torture_net_become_dc(struct torture_context *torture)
 		goto cleanup;
 	}
 
-	if (lp_parm_bool(torture->lp_ctx, NULL, "become dc", "do not unjoin", false)) {
+	if (lp_parm_bool(s->lp_ctx, NULL, "become dc", "do not unjoin", false)) {
 		talloc_free(s);
 		return ret;
 	}

source4/torture/local/torture.c

@@ -43,6 +43,9 @@ static bool test_provision(struct torture_context *tctx)
 {
 	NTSTATUS status;
 	struct provision_settings settings;
+	char *location = NULL;
+	torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &location), 
+				   "torture_temp_dir should return NT_STATUS_OK" );
 
 	settings.dns_name = "example.com";
 	settings.site_name = "SOME-SITE-NAME";
@@ -57,14 +60,7 @@ static bool test_provision(struct torture_context *tctx)
 	settings.ntds_guid = NULL;
 	settings.ntds_dn_str = NULL;
 	settings.machine_password = "geheim";
-	settings.samdb_ldb = NULL;
+	settings.targetdir = location;
-	settings.secrets_ldb = NULL;
-	settings.secrets_keytab = NULL;
-	settings.schemadn_ldb = NULL;
-	settings.configdn_ldb = NULL;
-	settings.domaindn_ldb = NULL;
-	settings.templates_ldb = NULL;
-	settings.dns_keytab = NULL;
 
 	status = provision_bare(tctx, tctx->lp_ctx, &settings);
 			

source4/torture/util.h

@@ -29,19 +29,13 @@ struct provision_settings {
 	const char *schema_dn_str;
 	const struct GUID *invocation_id;
 	const char *netbios_name;
+	const char *host_ip;
 	const char *realm;
 	const char *domain;
 	const struct GUID *ntds_guid;
 	const char *ntds_dn_str;
 	const char *machine_password;
-	const char *samdb_ldb;
+	const char *targetdir;
-	const char *secrets_ldb;
-	const char *secrets_keytab;
-	const char *schemadn_ldb;
-	const char *configdn_ldb;
-	const char *domaindn_ldb;
-	const char *templates_ldb;
-	const char *dns_keytab;
 };
 
 NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,

source4/torture/util_provision.c

@@ -18,205 +18,21 @@
 */
 
 #include "includes.h"
-#include "dsdb/samdb/samdb.h"
-#include "lib/appweb/ejs/ejs.h"
-#include "lib/appweb/ejs/ejsInternal.h"
-#include "scripting/ejs/smbcalls.h"
 #include "auth/auth.h"
 #include "lib/ldb_wrap.h"
 #include "torture/util.h"
 
-static EjsId eid;
-static int ejs_error;
-
-static void test_ejs_exception(const char *reason)
-{
-	Ejs *ep = ejsPtr(eid);
-	ejsSetErrorMsg(eid, "%s", reason);
-	fprintf(stderr, "%s", ep->error);
-	ejs_error = 127;
-}
-
-static int test_run_ejs(char *script)
-{
-	EjsHandle handle = 0;
-	MprVar result;
-	char *emsg;
-	TALLOC_CTX *mem_ctx = talloc_new(NULL);
-	struct MprVar *return_var;
-
-	mprSetCtx(mem_ctx);
-
-	if (ejsOpen(NULL, NULL, NULL) != 0) {
-		d_printf("ejsOpen(): unable to initialise EJS subsystem\n");
-		ejs_error = 127;
-		goto failed;
-	}
-
-	smb_setup_ejs_functions(test_ejs_exception);
-
-	if ((eid = ejsOpenEngine(handle, 0)) == (EjsId)-1) {
-		d_printf("smbscript: ejsOpenEngine(): unable to initialise an EJS engine\n");
-		ejs_error = 127;
-		goto failed;
-	}
-
-	mprSetVar(ejsGetGlobalObject(eid), "ARGV", mprList("ARGV", NULL));
-
-	/* run the script */
-	if (ejsEvalScript(eid, script, &result, &emsg) == -1) {
-		d_printf("smbscript: ejsEvalScript(): %s\n", emsg);
-		if (ejs_error == 0) ejs_error = 127;
-		goto failed;
-	}
-
-	return_var = ejsGetReturnValue(eid);
-	ejs_error = mprVarToNumber(return_var);
-
-failed:
-	ejsClose();
-	talloc_free(mem_ctx);
-	return ejs_error;
-}
-
-static NTSTATUS provision_bare_ejs(TALLOC_CTX *mem_ctx, 
-								   struct loadparm_context *lp_ctx,
-								   struct provision_settings *settings)
-{
-	char *ejs;
-	int ret;
-	bool ok;
-	struct ldb_context *ldb;
-
-	DEBUG(0,("Provision for Become-DC test using EJS\n"));
-
-	DEBUG(0,("New Server[%s] in Site[%s]\n", settings->dns_name, 
-			 settings->site_name));
-
-	DEBUG(0,("DSA Instance [%s]\n"
-		"\tobjectGUID[%s]\n"
-		"\tinvocationId[%s]\n",
-		settings->ntds_dn_str,
-		GUID_string(mem_ctx, settings->ntds_guid),
-		GUID_string(mem_ctx, settings->invocation_id)));
-
-	DEBUG(0,("Pathes under PRIVATEDIR[%s]\n"
-		 "SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n",
-		lp_private_dir(lp_ctx),
-		settings->samdb_ldb,
-		settings->secrets_ldb,
-		settings->secrets_keytab));
-
-	DEBUG(0,("Schema Partition[%s => %s]\n",
-		settings->schema_dn_str, settings->schemadn_ldb));
-
-	DEBUG(0,("Config Partition[%s => %s]\n",
-		settings->config_dn_str, settings->configdn_ldb));
-
-	DEBUG(0,("Domain Partition[%s => %s]\n",
-		settings->domain_dn_str, settings->domaindn_ldb));
-
-	ejs = talloc_asprintf(mem_ctx,
-		"libinclude(\"base.js\");\n"
-		"libinclude(\"provision.js\");\n"
-		"\n"
-		"function message() { print(vsprintf(arguments)); }\n"
-		"\n"
-		"var subobj = provision_guess();\n"
-		"subobj.ROOTDN       = \"%s\";\n"
-		"subobj.DOMAINDN     = \"%s\";\n"
-		"subobj.DOMAINDN_LDB = \"%s\";\n"
-		"subobj.CONFIGDN     = \"%s\";\n"
-		"subobj.CONFIGDN_LDB = \"%s\";\n"
-		"subobj.SCHEMADN     = \"%s\";\n"
-		"subobj.SCHEMADN_LDB = \"%s\";\n"
-		"subobj.HOSTNAME     = \"%s\";\n"
-		"subobj.REALM        = \"%s\";\n"
-		"subobj.DOMAIN       = \"%s\";\n"
-		"subobj.DEFAULTSITE  = \"%s\";\n"
-		"\n"
-		"subobj.KRBTGTPASS   = \"_NOT_USED_\";\n"
-		"subobj.MACHINEPASS  = \"%s\";\n"
-		"subobj.ADMINPASS    = \"_NOT_USED_\";\n"
-		"\n"
-		"var paths = provision_default_paths(subobj);\n"
-		"paths.samdb = \"%s\";\n"
-		"paths.secrets = \"%s\";\n"
-		"paths.templates = \"%s\";\n"
-		"paths.keytab = \"%s\";\n"
-		"paths.dns_keytab = \"%s\";\n"
-		"\n"
-		"var system_session = system_session();\n"
-		"\n"
-		"var ok = provision_become_dc(subobj, message, true, paths, system_session);\n"
-		"assert(ok);\n"
-		"\n"
-		"return 0;\n",
-		settings->root_dn_str,		/* subobj.ROOTDN */
-		settings->domain_dn_str,		/* subobj.DOMAINDN */
-		settings->domaindn_ldb,		/* subobj.DOMAINDN_LDB */
-		settings->config_dn_str,	/* subobj.CONFIGDN */
-		settings->configdn_ldb,		/* subobj.CONFIGDN_LDB */
-		settings->schema_dn_str,	/* subobj.SCHEMADN */
-		settings->schemadn_ldb,		/* subobj.SCHEMADN_LDB */
-		settings->netbios_name,	/* subobj.HOSTNAME */
-		settings->realm,/* subobj.REALM */
-		settings->domain,/* subobj.DOMAIN */
-		settings->site_name,		/* subobj.DEFAULTSITE */
-		settings->machine_password,/* subobj.MACHINEPASS */
-		settings->samdb_ldb,		/* paths.samdb */
-		settings->templates_ldb,		/* paths.templates */
-		settings->secrets_ldb,		/* paths.secrets */
-		settings->secrets_keytab,	        /* paths.keytab */
-		settings->dns_keytab);	        /* paths.dns_keytab */
-	NT_STATUS_HAVE_NO_MEMORY(ejs);
-
-	ret = test_run_ejs(ejs);
-	if (ret != 0) {
-		DEBUG(0,("Failed to run ejs script: %d:\n%s",
-			ret, ejs));
-		talloc_free(ejs);
-		return NT_STATUS_FOOBAR;
-	}
-	talloc_free(ejs);
-
-	DEBUG(0,("Open the SAM LDB with system credentials: %s\n", 
-		 settings->samdb_ldb));
-
-	ldb = ldb_wrap_connect(mem_ctx, lp_ctx, settings->samdb_ldb,
-				  system_session(mem_ctx, lp_ctx),
-				  NULL, 0, NULL);
-	if (!ldb) {
-		DEBUG(0,("Failed to open '%s'\n",
-			settings->samdb_ldb));
-		return NT_STATUS_INTERNAL_DB_ERROR;
-	}
-
-	ok = samdb_set_ntds_invocation_id(ldb, settings->invocation_id);
-	if (!ok) {
-		DEBUG(0,("Failed to set cached ntds invocationId\n"));
-		return NT_STATUS_FOOBAR;
-	}
-	ok = samdb_set_ntds_objectGUID(ldb, settings->ntds_guid);
-	if (!ok) {
-		DEBUG(0,("Failed to set cached ntds objectGUID\n"));
-		return NT_STATUS_FOOBAR;
-	}
-
-	return NT_STATUS_OK;
-}
-
 #include "param/param.h"
 #include <Python.h>
 #include "scripting/python/modules.h"
 
-static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx, 
+NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
-								  struct loadparm_context *lp_ctx,
+						struct provision_settings *settings)
-								  struct provision_settings *settings)
 {
 	bool ok;
 	PyObject *provision_mod, *provision_dict, *provision_fn, *result, *parameters;
 	struct ldb_context *ldb;
+	char *sam_ldb_path;
 	
 	DEBUG(0,("Provision for Become-DC test using python\n"));
 
@@ -239,10 +55,10 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	provision_fn = PyDict_GetItemString(provision_dict, "provision");
+	provision_fn = PyDict_GetItemString(provision_dict, "provision_become_dc");
 	if (provision_fn == NULL) {
 		PyErr_Print();
-		DEBUG(0, ("Unable to get provision function\n"));
+		DEBUG(0, ("Unable to get provision_become_dc function\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 	
@@ -256,56 +72,45 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
 		settings->ntds_guid == NULL?"None":GUID_string(mem_ctx, settings->ntds_guid),
 		settings->invocation_id == NULL?"None":GUID_string(mem_ctx, settings->invocation_id)));
 
-	DEBUG(0,("Pathes under PRIVATEDIR[%s]\n"
+	DEBUG(0,("Pathes under targetdir[%s]\n",
-		 "SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n",
+		 settings->targetdir));
-		lp_private_dir(lp_ctx),
-		settings->samdb_ldb,
-		settings->secrets_ldb,
-		settings->secrets_keytab));
-
-	DEBUG(0,("Schema Partition[%s => %s]\n",
-		settings->schema_dn_str, settings->schemadn_ldb));
-
-	DEBUG(0,("Config Partition[%s => %s]\n",
-		settings->config_dn_str, settings->configdn_ldb));
-
-	DEBUG(0,("Domain Partition[%s => %s]\n",
-		settings->domain_dn_str, settings->domaindn_ldb));
-
 	parameters = PyDict_New();
 
 	PyDict_SetItemString(parameters, "rootdn", 
 						 PyString_FromString(settings->root_dn_str));
-	if (settings->domaindn_ldb != NULL)
+	if (settings->targetdir != NULL)
-		PyDict_SetItemString(parameters, "domaindn_ldb", 
+		PyDict_SetItemString(parameters, "targetdir", 
-							 PyString_FromString(settings->domaindn_ldb));
+							 PyString_FromString(settings->targetdir));
-	if (settings->config_dn_str != NULL)
+	PyDict_SetItemString(parameters, "setup_dir", 
-		PyDict_SetItemString(parameters, "configdn", 
+			     PyString_FromString("setup"));
-							 PyString_FromString(settings->config_dn_str));
-	if (settings->configdn_ldb != NULL)
-		PyDict_SetItemString(parameters, "configdn_ldb", 
-							 PyString_FromString(settings->configdn_ldb));
-	if (settings->schema_dn_str != NULL)
-		PyDict_SetItemString(parameters, "schema_dn_str", 
-							 PyString_FromString(settings->schema_dn_str));
-	if (settings->schemadn_ldb != NULL)
-		PyDict_SetItemString(parameters, "schemadn_ldb", 
-							 PyString_FromString(settings->schemadn_ldb));
 	PyDict_SetItemString(parameters, "hostname", 
 						 PyString_FromString(settings->netbios_name));
-	PyDict_SetItemString(parameters, "sitename", 
+	PyDict_SetItemString(parameters, "domain", 
-						 PyString_FromString(settings->site_name));
+						 PyString_FromString(settings->domain));
+	PyDict_SetItemString(parameters, "realm", 
+						 PyString_FromString(settings->realm));
+	if (settings->root_dn_str)
+		PyDict_SetItemString(parameters, "rootdn", 
+				     PyString_FromString(settings->root_dn_str));
+
+	if (settings->domain_dn_str) 
+		PyDict_SetItemString(parameters, "domaindn", 
+				     PyString_FromString(settings->domain_dn_str));
+
+	if (settings->schema_dn_str) 
+		PyDict_SetItemString(parameters, "schemadn", 
+				     PyString_FromString(settings->schema_dn_str));
+	
+	if (settings->config_dn_str) 
+		PyDict_SetItemString(parameters, "configdn", 
+				     PyString_FromString(settings->config_dn_str));
+	
+	if (settings->site_name) 
+		PyDict_SetItemString(parameters, "sitename", 
+				     PyString_FromString(settings->site_name));
+
 	PyDict_SetItemString(parameters, "machinepass", 
-						 PyString_FromString(settings->machine_password));
+			     PyString_FromString(settings->machine_password));
-	if (settings->samdb_ldb != NULL)
-		PyDict_SetItemString(parameters, "samdb", 
-							 PyString_FromString(settings->samdb_ldb));
-	if (settings->secrets_ldb != NULL)
-		PyDict_SetItemString(parameters, "secrets_ldb", 
-							 PyString_FromString(settings->secrets_ldb));
-	if (settings->secrets_keytab != NULL)
-		PyDict_SetItemString(parameters, "secrets_keytab", 
-							 PyString_FromString(settings->secrets_keytab));
 
 	result = PyEval_CallObjectWithKeywords(provision_fn, NULL, parameters);
 
@@ -317,39 +122,5 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	DEBUG(0,("Open the SAM LDB with system credentials: %s\n", 
-		 settings->samdb_ldb));
-
-	ldb = ldb_wrap_connect(mem_ctx, lp_ctx, settings->samdb_ldb,
-				  system_session(mem_ctx, lp_ctx),
-				  NULL, 0, NULL);
-	if (!ldb) {
-		DEBUG(0,("Failed to open '%s'\n", settings->samdb_ldb));
-		return NT_STATUS_INTERNAL_DB_ERROR;
-	}
-
-	ok = samdb_set_ntds_invocation_id(ldb, settings->invocation_id);
-	if (!ok) {
-		DEBUG(0,("Failed to set cached ntds invocationId\n"));
-		return NT_STATUS_FOOBAR;
-	}
-	ok = samdb_set_ntds_objectGUID(ldb, settings->ntds_guid);
-	if (!ok) {
-		DEBUG(0,("Failed to set cached ntds objectGUID\n"));
-		return NT_STATUS_FOOBAR;
-	}
-
 	return NT_STATUS_OK;
 }
-
-NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
-						struct provision_settings *settings)
-{
-	if (getenv("PROVISION_EJS")) {
-		return provision_bare_ejs(mem_ctx, lp_ctx, settings);
-	} else {
-		return provision_bare_py(mem_ctx, lp_ctx, settings);
-	}
-}
-
-