sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).

Browse Source 
To make Samba4, using the python provision system, pass this test
required some major rework.  Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.

Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).

In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.

Andrew Bartlett
(This used to be commit 1169e8d7be)
This commit is contained in:
Andrew Bartlett
2008-03-06 21:55:26 +11:00
parent 3ced8006a6
commit 7e0ef3fd0e
12 changed files with 278 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source4/dsdb/samdb/ldb_modules/schema_fsmo.c
View File

@ -30,6 +30,7 @@
#include "librpc/gen_ndr/ndr_drsuapi.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "lib/util/dlinklist.h"
#include "param/param.h"
static int schema_fsmo_init(struct ldb_module *module)
{
@ -78,7 +79,7 @@ static int schema_fsmo_init(struct ldb_module *module)
}
module->private_data = schema_fsmo;
schema = talloc_zero(mem_ctx, struct dsdb_schema);
schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(module->ldb, "loadparm")));
if (!schema) {
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;

19
source4/dsdb/schema/schema_init.c
View File

@ -29,6 +29,18 @@
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "param/param.h"
struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience)
{
struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema);
if (!schema) {
return NULL;
}
schema->iconv_convenience = iconv_convenience;
return schema;
}
WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
{
uint32_t i,j;
@ -1150,12 +1162,7 @@ WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf
goto nomem;
}
schema = talloc_zero(mem_ctx, struct dsdb_schema);
if (!schema) {
goto nomem;
}
schema->iconv_convenience = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm"));
schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")));
/*
* load the prefixMap attribute from pf

1
source4/samba4-knownfail
View File

@ -33,4 +33,3 @@ rpc.netlogon.*.GetTrustPasswords
base.charset.*.Testing partial surrogate
.*net.api.delshare.* # DelShare isn't implemented yet
rap.*netservergetinfo
local.torture.provision

220
source4/scripting/python/samba/provision.py
View File

@ -32,6 +32,7 @@ from socket import gethostname, gethostbyname
import param
import registry
import samba
from auth import system_session
from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted
from samba.samdb import SamDB
import security
@ -65,6 +66,7 @@ class ProvisionPaths:
self.dns_keytab = None
self.dns = None
self.winsdb = None
self.private_dir = None
def check_install(lp, session_info, credentials):
@ -197,20 +199,20 @@ def provision_paths_from_lp(lp, dnsdomain):
:param dnsdomain: DNS Domain name
"""
paths = ProvisionPaths()
private_dir = lp.get("private dir")
paths.private_dir = lp.get("private dir")
paths.keytab = "secrets.keytab"
paths.dns_keytab = "dns.keytab"
paths.shareconf = os.path.join(private_dir, "share.ldb")
paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb")
paths.idmapdb = os.path.join(private_dir, lp.get("idmap database") or "idmap.ldb")
paths.secrets = os.path.join(private_dir, lp.get("secrets database") or "secrets.ldb")
paths.templates = os.path.join(private_dir, "templates.ldb")
paths.dns = os.path.join(private_dir, dnsdomain + ".zone")
paths.winsdb = os.path.join(private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(private_dir, "ldapi")
paths.smbconf = os.path.join(private_dir, "smb.conf")
paths.phpldapadminconfig = os.path.join(private_dir,
paths.shareconf = os.path.join(paths.private_dir, "share.ldb")
paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb")
paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb")
paths.templates = os.path.join(paths.private_dir, "templates.ldb")
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
paths.smbconf = os.path.join(paths.private_dir, "smb.conf")
paths.phpldapadminconfig = os.path.join(paths.private_dir,
"phpldapadmin-config.php")
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
@ -588,7 +590,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
samdb = SamDB(path, session_info=session_info,
credentials=credentials, lp=lp)
samdb.set_domain_sid(domainsid)
if lp.get("server role") == "domain controller":
if serverrole == "domain controller":
samdb.set_invocation_id(invocationid)
load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename)
@ -699,7 +701,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"KRBTGTPASS_B64": b64encode(krbtgtpass),
})
if lp.get("server role") == "domain controller":
if serverrole == "domain controller":
message("Setting up self join")
setup_self_join(samdb, configdn=configdn, schemadn=schemadn,
domaindn=domaindn, invocationid=invocationid,
@ -725,8 +727,9 @@ FILL_FULL = "FULL"
FILL_NT4SYNC = "NT4SYNC"
FILL_DRS = "DRS"
def provision(lp, setup_dir, message, paths, session_info,
credentials, samdb_fill=FILL_FULL, realm=None, rootdn=None,
def provision(setup_dir, message, session_info,
credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, hostip=None, domainsid=None,
hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, invocationid=None, machinepass=None,
@ -768,28 +771,6 @@ def provision(lp, setup_dir, message, paths, session_info,
backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0]
if aci is None:
aci = "# no aci for local ldb"
if serverrole is None:
serverrole = lp.get("server role")
assert serverrole in ("domain controller", "member server")
if invocationid is None and serverrole == "domain controller":
invocationid = uuid.random()
if realm is None:
realm = lp.get("realm")
if lp.get("realm").upper() != realm.upper():
raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" %
(lp.get("realm"), realm))
ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="")
if ldap_backend == "ldapi":
# provision-backend will set this path suggested slapd command line / fedorads.inf
ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="")
assert realm is not None
realm = realm.upper()
if hostname is None:
hostname = gethostname().split(".")[0].lower()
@ -800,9 +781,84 @@ def provision(lp, setup_dir, message, paths, session_info,
if not valid_netbios_name(netbiosname):
raise InvalidNetbiosName(netbiosname)
if targetdir is not None:
if not os.path.exists(targetdir):
os.mkdir(targetdir)
if not os.path.exists(os.path.join(targetdir, "etc")):
os.mkdir(os.path.join(targetdir, "etc"))
if smbconf is None:
smbconf = os.path.join(targetdir, os.path.join("etc", "smb.conf"))
# only install a new smb.conf if there isn't one there already
if not os.path.exists(smbconf):
message("Setting up smb.conf")
assert serverrole is not None
if serverrole == "domain controller":
smbconfsuffix = "dc"
elif serverrole == "member server":
smbconfsuffix = "member"
assert domain is not None
assert realm is not None
default_lp = param.LoadParm()
#Load non-existant file
default_lp.load(smbconf)
if targetdir is not None:
privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private"))
lockdir_line = "lock dir = " + os.path.abspath(targetdir)
default_lp.set("lock dir", os.path.abspath(targetdir))
sysvol = os.path.join(default_lp.get("lock dir"), "sysvol")
netlogon = os.path.join(os.path.join(sysvol, "scripts"))
setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix),
smbconf, {
"HOSTNAME": hostname,
"DOMAIN_CONF": domain,
"REALM_CONF": realm,
"SERVERROLE": serverrole,
"NETLOGONPATH": netlogon,
"SYSVOLPATH": sysvol,
"PRIVATEDIR_LINE": privatedir_line,
"LOCKDIR_LINE": lockdir_line
})
lp = param.LoadParm()
lp.load(smbconf)
if serverrole is None:
serverrole = lp.get("server role")
assert serverrole in ("domain controller", "member server")
if invocationid is None and serverrole == "domain controller":
invocationid = uuid.random()
if realm is None:
realm = lp.get("realm")
assert realm is not None
realm = realm.upper()
dnsdomain = realm.lower()
paths = provision_paths_from_lp(lp, dnsdomain)
if targetdir is not None:
if not os.path.exists(paths.private_dir):
os.mkdir(paths.private_dir)
ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="")
if ldap_backend == "ldapi":
# provision-backend will set this path suggested slapd command line / fedorads.inf
ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
if serverrole == "domain controller":
domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
if domaindn is None:
domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
if domain is None:
domain = lp.get("workgroup")
@ -815,38 +871,25 @@ def provision(lp, setup_dir, message, paths, session_info,
if not valid_netbios_name(domain):
raise InvalidNetbiosName(domain)
else:
domaindn = "CN=" + netbiosname
if domaindn is None:
domaindn = "CN=" + netbiosname
domain = netbiosname
if rootdn is None:
rootdn = domaindn
configdn = "CN=Configuration," + rootdn
schemadn = "CN=Schema," + configdn
if configdn is None:
configdn = "CN=Configuration," + rootdn
if schemadn is None:
schemadn = "CN=Schema," + configdn
message("set DOMAIN SID: %s" % str(domainsid))
message("Provisioning for %s in realm %s" % (domain, realm))
message("Using administrator password: %s" % adminpass)
assert paths.smbconf is not None
# only install a new smb.conf if there isn't one there already
if not os.path.exists(paths.smbconf):
message("Setting up smb.conf")
if serverrole == "domain controller":
smbconfsuffix = "dc"
elif serverrole == "member server":
smbconfsuffix = "member"
setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix),
paths.smbconf, {
"HOSTNAME": hostname,
"DOMAIN_CONF": domain,
"REALM_CONF": realm,
"SERVERROLE": serverrole,
"NETLOGONPATH": paths.netlogon,
"SYSVOLPATH": paths.sysvol,
})
lp.load(paths.smbconf)
if lp.get("realm").upper() != realm.upper():
raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" %
(lp.get("realm"), realm))
# only install a new shares config db if there is none
if not os.path.exists(paths.shareconf):
@ -911,32 +954,52 @@ def provision(lp, setup_dir, message, paths, session_info,
message("Setting up sam.ldb rootDSE marking as synchronized")
setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
# Only make a zone file on the first DC, it should be replicated with DNS replication
if serverrole == "domain controller":
samdb = SamDB(paths.samdb, session_info=session_info,
credentials=credentials, lp=lp)
domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
assert isinstance(domainguid, str)
hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
expression="(&(objectClass=computer)(cn=%s))" % hostname,
scope=SCOPE_SUBTREE)
assert isinstance(hostguid, str)
message("Setting up DNS zone: %s" % dnsdomain)
create_zone_file(paths.dns, setup_path, samdb,
hostname=hostname, hostip=hostip, dnsdomain=dnsdomain,
domaindn=domaindn, dnspass=dnspass, realm=realm,
domainguid=domainguid, hostguid=hostguid)
message("Please install the zone located in %s into your DNS server" % paths.dns)
message("Setting up phpLDAPadmin configuration")
create_phpldapadmin_config(paths.phpldapadminconfig, setup_path,
ldapi_url)
message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
if lp.get("server role") == "domain controller":
samdb = SamDB(paths.samdb, session_info=session_info,
credentials=credentials, lp=lp)
domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
assert isinstance(domainguid, str)
hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
expression="(&(objectClass=computer)(cn=%s))" % hostname,
scope=SCOPE_SUBTREE)
assert isinstance(hostguid, str)
message("Setting up DNS zone: %s" % dnsdomain)
create_zone_file(paths.dns, setup_path, samdb,
hostname=hostname, hostip=hostip, dnsdomain=dnsdomain,
domaindn=domaindn, dnspass=dnspass, realm=realm,
domainguid=domainguid, hostguid=hostguid)
message("Please install the zone located in %s into your DNS server" % paths.dns)
return domaindn
def provision_become_dc(setup_dir=None,
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, domainsid=None,
hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, invocationid=None, machinepass=None,
dnspass=None, root=None, nobody=None, nogroup=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE):
def message(text):
"""print a message if quiet is not set."""
print text
provision(setup_dir, message, system_session(), None,
smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm,
rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn,
domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename);
def create_phpldapadmin_config(path, setup_path, ldapi_uri):
"""Create a PHP LDAP admin configuration file.
@ -978,7 +1041,6 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn,
"HOSTGUID": hostguid,
})
def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename):
"""Load schema for the SamDB.

26
source4/setup/provision
View File

@ -30,9 +30,7 @@ import samba
from auth import system_session
import samba.getopt as options
import param
from samba.provision import (provision,
provision_paths_from_lp,
FILL_FULL, FILL_NT4SYNC,
FILL_DRS)
@ -113,27 +111,13 @@ if opts.realm is None or opts.domain is None:
sys.exit(1)
# cope with an initially blank smb.conf
private_dir = None
lp = sambaopts.get_loadparm()
if opts.targetdir is not None:
if not os.path.exists(opts.targetdir):
os.mkdir(opts.targetdir)
private_dir = os.path.join(opts.targetdir, "private")
if not os.path.exists(private_dir):
os.mkdir(private_dir)
lp.set("private dir", os.path.abspath(private_dir))
lp.set("lock dir", os.path.abspath(opts.targetdir))
lp.set("realm", opts.realm)
lp.set("workgroup", opts.domain)
lp.set("server role", opts.server_role or "domain controller")
if sambaopts.get_loadparm_path() is not None:
smbconf = sambaopts.get_loadparm_path()
if opts.aci is not None:
print "set ACI: %s" % opts.aci
paths = provision_paths_from_lp(lp, opts.realm.lower())
if sambaopts.get_loadparm_path() is not None:
paths.smbconf = sambaopts.get_loadparm_path()
creds = credopts.get_credentials()
setup_dir = opts.setupdir
@ -146,8 +130,8 @@ if opts.blank:
elif opts.partitions_only:
samdb_fill = FILL_DRS
provision(lp, setup_dir, message, paths,
system_session(), creds,
provision(setup_dir, message,
system_session(), creds, smbconf=smbconf,
samdb_fill=samdb_fill, realm=opts.realm,
domainguid=opts.domain_guid, domainsid=opts.domain_sid,
policyguid=opts.policy_guid, hostname=opts.host_name,

2
source4/setup/provision.smb.conf.dc
View File

@ -3,6 +3,8 @@
workgroup = ${DOMAIN_CONF}
realm = ${REALM_CONF}
server role = ${SERVERROLE}
${PRIVATEDIR_LINE}
${LOCKDIR_LINE}
[netlogon]
path = ${NETLOGONPATH}

2
source4/setup/provision.smb.conf.member
View File

@ -3,3 +3,5 @@
workgroup = ${DOMAIN_CONF}
realm = ${REALM_CONF}
server role = ${SERVERROLE}
${PRIVATEDIR_LINE}
${LOCKDIR_LINE}

2
source4/setup/provision.smb.conf.standalone
View File

@ -3,3 +3,5 @@
workgroup = ${DOMAIN_CONF}
realm = ${REALM_CONF}
server role = ${SERVERROLE}
${PRIVATEDIR_LINE}
${LOCKDIR_LINE}

111
source4/torture/libnet/libnet_BecomeDC.c
View File

@ -56,16 +56,9 @@ struct test_become_dc_state {
struct drsuapi_DsReplicaObjectListItemEx *last_object;
} schema_part;
struct {
const char *samdb_ldb;
const char *domaindn_ldb;
const char *configdn_ldb;
const char *schemadn_ldb;
const char *secrets_ldb;
const char *templates_ldb;
const char *secrets_keytab;
const char *dns_keytab;
} path;
const char *targetdir;
struct loadparm_context *lp_ctx;
};
static NTSTATUS test_become_dc_prepare_db(void *private_data,
@ -73,6 +66,14 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
{
struct test_become_dc_state *s = talloc_get_type(private_data, struct test_become_dc_state);
struct provision_settings settings;
NTSTATUS status;
bool ok;
struct loadparm_context *lp_ctx = loadparm_init(s);
char *smbconf;
if (!lp_ctx) {
return NT_STATUS_NO_MEMORY;
}
settings.dns_name = p->dest_dsa->dns_name;
settings.site_name = p->dest_dsa->site_name;
@ -80,21 +81,46 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
settings.domain_dn_str = p->domain->dn_str;
settings.config_dn_str = p->forest->config_dn_str;
settings.schema_dn_str = p->forest->schema_dn_str;
settings.invocation_id = &p->dest_dsa->invocation_id;
settings.netbios_name = p->dest_dsa->netbios_name;
settings.realm = torture_join_dom_dns_name(s->tj);
settings.domain = torture_join_dom_netbios_name(s->tj);
settings.ntds_guid = &p->dest_dsa->ntds_guid;
settings.ntds_dn_str = p->dest_dsa->ntds_dn_str;
settings.machine_password = cli_credentials_get_password(s->machine_account);
settings.samdb_ldb = s->path.samdb_ldb;
settings.secrets_ldb = s->path.secrets_ldb;
settings.secrets_keytab = s->path.secrets_keytab;
settings.schemadn_ldb = s->path.schemadn_ldb;
settings.configdn_ldb = s->path.configdn_ldb;
settings.domaindn_ldb = s->path.domaindn_ldb;
settings.targetdir = s->targetdir;
status = provision_bare(s, s->lp_ctx, &settings);
smbconf = talloc_asprintf(lp_ctx, "%s/%s", s->targetdir, "/etc/smb.conf");
ok = lp_load(lp_ctx, smbconf);
if (!ok) {
DEBUG(0,("Failed load freshly generated smb.conf '%s'\n", smbconf));
return NT_STATUS_INVALID_PARAMETER;
}
s->ldb = ldb_wrap_connect(s, lp_ctx, lp_sam_url(lp_ctx),
system_session(s, lp_ctx),
NULL, 0, NULL);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n", lp_sam_url(lp_ctx)));
return NT_STATUS_INTERNAL_DB_ERROR;
}
ok = samdb_set_ntds_invocation_id(s->ldb, &p->dest_dsa->invocation_id);
if (!ok) {
DEBUG(0,("Failed to set cached ntds invocationId\n"));
return NT_STATUS_FOOBAR;
}
ok = samdb_set_ntds_objectGUID(s->ldb, &p->dest_dsa->ntds_guid);
if (!ok) {
DEBUG(0,("Failed to set cached ntds objectGUID\n"));
return NT_STATUS_FOOBAR;
}
s->lp_ctx = lp_ctx;
return NT_STATUS_OK;
return provision_bare(s, s->tctx->lp_ctx, &settings);
}
static NTSTATUS test_become_dc_check_options(void *private_data,
@ -140,6 +166,7 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s,
struct ldb_val prefixMap_val;
struct ldb_message_element *prefixMap_el;
struct ldb_val schemaInfo_val;
char *sam_ldb_path;
uint32_t i;
int ret;
bool ok;
@ -325,13 +352,14 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s,
talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
s->schema = NULL;
DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", s->path.samdb_ldb));
s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, s->path.samdb_ldb,
sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", sam_ldb_path));
s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, sam_ldb_path,
system_session(s, s->tctx->lp_ctx),
NULL, 0, NULL);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
s->path.samdb_ldb));
sam_ldb_path));
return NT_STATUS_INTERNAL_DB_ERROR;
}
@ -392,7 +420,8 @@ static NTSTATUS test_become_dc_schema_chunk(void *private_data,
}
if (!s->schema) {
s->self_made_schema = talloc_zero(s, struct dsdb_schema);
s->self_made_schema = dsdb_new_schema(s, lp_iconv_convenience(s->lp_ctx));
NT_STATUS_HAVE_NO_MEMORY(s->self_made_schema);
status = dsdb_load_oid_mappings_drsuapi(s->self_made_schema, mapping_ctr);
@ -564,33 +593,24 @@ bool torture_net_become_dc(struct torture_context *torture)
struct ldb_message *msg;
int ldb_ret;
uint32_t i;
char *sam_ldb_path;
char *location = NULL;
torture_assert_ntstatus_ok(torture, torture_temp_dir(torture, "libnet_BecomeDC", &location),
"torture_temp_dir should return NT_STATUS_OK" );
s = talloc_zero(torture, struct test_become_dc_state);
if (!s) return false;
s->tctx = torture;
s->lp_ctx = torture->lp_ctx;
s->netbios_name = lp_parm_string(torture->lp_ctx, NULL, "become dc", "smbtorture dc");
if (!s->netbios_name || !s->netbios_name[0]) {
s->netbios_name = "smbtorturedc";
}
s->path.samdb_ldb = talloc_asprintf(s, "%s_samdb.ldb", s->netbios_name);
if (!s->path.samdb_ldb) return false;
s->path.domaindn_ldb = talloc_asprintf(s, "%s_domain.ldb", s->netbios_name);
if (!s->path.domaindn_ldb) return false;
s->path.configdn_ldb = talloc_asprintf(s, "%s_config.ldb", s->netbios_name);
if (!s->path.configdn_ldb) return false;
s->path.schemadn_ldb = talloc_asprintf(s, "%s_schema.ldb", s->netbios_name);
if (!s->path.schemadn_ldb) return false;
s->path.secrets_ldb = talloc_asprintf(s, "%s_secrets.ldb", s->netbios_name);
if (!s->path.secrets_ldb) return false;
s->path.templates_ldb = talloc_asprintf(s, "%s_templates.ldb", s->netbios_name);
if (!s->path.templates_ldb) return false;
s->path.secrets_keytab = talloc_asprintf(s, "%s_secrets.keytab", s->netbios_name);
if (!s->path.secrets_keytab) return false;
s->path.dns_keytab = talloc_asprintf(s, "%s_dns.keytab", s->netbios_name);
if (!s->path.dns_keytab) return false;
s->targetdir = location;
/* Join domain as a member server. */
s->tj = torture_join_domain(torture, s->netbios_name,
@ -664,13 +684,14 @@ bool torture_net_become_dc(struct torture_context *torture)
talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
s->schema = NULL;
DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", s->path.samdb_ldb));
s->ldb = ldb_wrap_connect(s, torture->lp_ctx, s->path.samdb_ldb,
system_session(s, torture->lp_ctx),
sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", sam_ldb_path));
s->ldb = ldb_wrap_connect(s, s->lp_ctx, sam_ldb_path,
system_session(s, s->lp_ctx),
NULL, 0, NULL);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
s->path.samdb_ldb));
sam_ldb_path));
ret = false;
goto cleanup;
}
@ -682,7 +703,7 @@ bool torture_net_become_dc(struct torture_context *torture)
goto cleanup;
}
if (lp_parm_bool(torture->lp_ctx, NULL, "become dc", "do not unjoin", false)) {
if (lp_parm_bool(s->lp_ctx, NULL, "become dc", "do not unjoin", false)) {
talloc_free(s);
return ret;
}

12
source4/torture/local/torture.c
View File

@ -43,6 +43,9 @@ static bool test_provision(struct torture_context *tctx)
{
NTSTATUS status;
struct provision_settings settings;
char *location = NULL;
torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &location),
"torture_temp_dir should return NT_STATUS_OK" );
settings.dns_name = "example.com";
settings.site_name = "SOME-SITE-NAME";
@ -57,14 +60,7 @@ static bool test_provision(struct torture_context *tctx)
settings.ntds_guid = NULL;
settings.ntds_dn_str = NULL;
settings.machine_password = "geheim";
settings.samdb_ldb = NULL;
settings.secrets_ldb = NULL;
settings.secrets_keytab = NULL;
settings.schemadn_ldb = NULL;
settings.configdn_ldb = NULL;
settings.domaindn_ldb = NULL;
settings.templates_ldb = NULL;
settings.dns_keytab = NULL;
settings.targetdir = location;
status = provision_bare(tctx, tctx->lp_ctx, &settings);

10
source4/torture/util.h
View File

@ -29,19 +29,13 @@ struct provision_settings {
const char *schema_dn_str;
const struct GUID *invocation_id;
const char *netbios_name;
const char *host_ip;
const char *realm;
const char *domain;
const struct GUID *ntds_guid;
const char *ntds_dn_str;
const char *machine_password;
const char *samdb_ldb;
const char *secrets_ldb;
const char *secrets_keytab;
const char *schemadn_ldb;
const char *configdn_ldb;
const char *domaindn_ldb;
const char *templates_ldb;
const char *dns_keytab;
const char *targetdir;
};
NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,

303
source4/torture/util_provision.c
View File

@ -18,205 +18,21 @@
*/
#include "includes.h"
#include "dsdb/samdb/samdb.h"
#include "lib/appweb/ejs/ejs.h"
#include "lib/appweb/ejs/ejsInternal.h"
#include "scripting/ejs/smbcalls.h"
#include "auth/auth.h"
#include "lib/ldb_wrap.h"
#include "torture/util.h"
static EjsId eid;
static int ejs_error;
static void test_ejs_exception(const char *reason)
{
Ejs *ep = ejsPtr(eid);
ejsSetErrorMsg(eid, "%s", reason);
fprintf(stderr, "%s", ep->error);
ejs_error = 127;
}
static int test_run_ejs(char *script)
{
EjsHandle handle = 0;
MprVar result;
char *emsg;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
struct MprVar *return_var;
mprSetCtx(mem_ctx);
if (ejsOpen(NULL, NULL, NULL) != 0) {
d_printf("ejsOpen(): unable to initialise EJS subsystem\n");
ejs_error = 127;
goto failed;
}
smb_setup_ejs_functions(test_ejs_exception);
if ((eid = ejsOpenEngine(handle, 0)) == (EjsId)-1) {
d_printf("smbscript: ejsOpenEngine(): unable to initialise an EJS engine\n");
ejs_error = 127;
goto failed;
}
mprSetVar(ejsGetGlobalObject(eid), "ARGV", mprList("ARGV", NULL));
/* run the script */
if (ejsEvalScript(eid, script, &result, &emsg) == -1) {
d_printf("smbscript: ejsEvalScript(): %s\n", emsg);
if (ejs_error == 0) ejs_error = 127;
goto failed;
}
return_var = ejsGetReturnValue(eid);
ejs_error = mprVarToNumber(return_var);
failed:
ejsClose();
talloc_free(mem_ctx);
return ejs_error;
}
static NTSTATUS provision_bare_ejs(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct provision_settings *settings)
{
char *ejs;
int ret;
bool ok;
struct ldb_context *ldb;
DEBUG(0,("Provision for Become-DC test using EJS\n"));
DEBUG(0,("New Server[%s] in Site[%s]\n", settings->dns_name,
settings->site_name));
DEBUG(0,("DSA Instance [%s]\n"
"\tobjectGUID[%s]\n"
"\tinvocationId[%s]\n",
settings->ntds_dn_str,
GUID_string(mem_ctx, settings->ntds_guid),
GUID_string(mem_ctx, settings->invocation_id)));
DEBUG(0,("Pathes under PRIVATEDIR[%s]\n"
"SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n",
lp_private_dir(lp_ctx),
settings->samdb_ldb,
settings->secrets_ldb,
settings->secrets_keytab));
DEBUG(0,("Schema Partition[%s => %s]\n",
settings->schema_dn_str, settings->schemadn_ldb));
DEBUG(0,("Config Partition[%s => %s]\n",
settings->config_dn_str, settings->configdn_ldb));
DEBUG(0,("Domain Partition[%s => %s]\n",
settings->domain_dn_str, settings->domaindn_ldb));
ejs = talloc_asprintf(mem_ctx,
"libinclude(\"base.js\");\n"
"libinclude(\"provision.js\");\n"
"\n"
"function message() { print(vsprintf(arguments)); }\n"
"\n"
"var subobj = provision_guess();\n"
"subobj.ROOTDN = \"%s\";\n"
"subobj.DOMAINDN = \"%s\";\n"
"subobj.DOMAINDN_LDB = \"%s\";\n"
"subobj.CONFIGDN = \"%s\";\n"
"subobj.CONFIGDN_LDB = \"%s\";\n"
"subobj.SCHEMADN = \"%s\";\n"
"subobj.SCHEMADN_LDB = \"%s\";\n"
"subobj.HOSTNAME = \"%s\";\n"
"subobj.REALM = \"%s\";\n"
"subobj.DOMAIN = \"%s\";\n"
"subobj.DEFAULTSITE = \"%s\";\n"
"\n"
"subobj.KRBTGTPASS = \"_NOT_USED_\";\n"
"subobj.MACHINEPASS = \"%s\";\n"
"subobj.ADMINPASS = \"_NOT_USED_\";\n"
"\n"
"var paths = provision_default_paths(subobj);\n"
"paths.samdb = \"%s\";\n"
"paths.secrets = \"%s\";\n"
"paths.templates = \"%s\";\n"
"paths.keytab = \"%s\";\n"
"paths.dns_keytab = \"%s\";\n"
"\n"
"var system_session = system_session();\n"
"\n"
"var ok = provision_become_dc(subobj, message, true, paths, system_session);\n"
"assert(ok);\n"
"\n"
"return 0;\n",
settings->root_dn_str, /* subobj.ROOTDN */
settings->domain_dn_str, /* subobj.DOMAINDN */
settings->domaindn_ldb, /* subobj.DOMAINDN_LDB */
settings->config_dn_str, /* subobj.CONFIGDN */
settings->configdn_ldb, /* subobj.CONFIGDN_LDB */
settings->schema_dn_str, /* subobj.SCHEMADN */
settings->schemadn_ldb, /* subobj.SCHEMADN_LDB */
settings->netbios_name, /* subobj.HOSTNAME */
settings->realm,/* subobj.REALM */
settings->domain,/* subobj.DOMAIN */
settings->site_name, /* subobj.DEFAULTSITE */
settings->machine_password,/* subobj.MACHINEPASS */
settings->samdb_ldb, /* paths.samdb */
settings->templates_ldb, /* paths.templates */
settings->secrets_ldb, /* paths.secrets */
settings->secrets_keytab, /* paths.keytab */
settings->dns_keytab); /* paths.dns_keytab */
NT_STATUS_HAVE_NO_MEMORY(ejs);
ret = test_run_ejs(ejs);
if (ret != 0) {
DEBUG(0,("Failed to run ejs script: %d:\n%s",
ret, ejs));
talloc_free(ejs);
return NT_STATUS_FOOBAR;
}
talloc_free(ejs);
DEBUG(0,("Open the SAM LDB with system credentials: %s\n",
settings->samdb_ldb));
ldb = ldb_wrap_connect(mem_ctx, lp_ctx, settings->samdb_ldb,
system_session(mem_ctx, lp_ctx),
NULL, 0, NULL);
if (!ldb) {
DEBUG(0,("Failed to open '%s'\n",
settings->samdb_ldb));
return NT_STATUS_INTERNAL_DB_ERROR;
}
ok = samdb_set_ntds_invocation_id(ldb, settings->invocation_id);
if (!ok) {
DEBUG(0,("Failed to set cached ntds invocationId\n"));
return NT_STATUS_FOOBAR;
}
ok = samdb_set_ntds_objectGUID(ldb, settings->ntds_guid);
if (!ok) {
DEBUG(0,("Failed to set cached ntds objectGUID\n"));
return NT_STATUS_FOOBAR;
}
return NT_STATUS_OK;
}
#include "param/param.h"
#include <Python.h>
#include "scripting/python/modules.h"
static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct provision_settings *settings)
NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
struct provision_settings *settings)
{
bool ok;
PyObject *provision_mod, *provision_dict, *provision_fn, *result, *parameters;
struct ldb_context *ldb;
char *sam_ldb_path;
DEBUG(0,("Provision for Become-DC test using python\n"));
@ -239,10 +55,10 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
return NT_STATUS_UNSUCCESSFUL;
}
provision_fn = PyDict_GetItemString(provision_dict, "provision");
provision_fn = PyDict_GetItemString(provision_dict, "provision_become_dc");
if (provision_fn == NULL) {
PyErr_Print();
DEBUG(0, ("Unable to get provision function\n"));
DEBUG(0, ("Unable to get provision_become_dc function\n"));
return NT_STATUS_UNSUCCESSFUL;
}
@ -256,56 +72,45 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
settings->ntds_guid == NULL?"None":GUID_string(mem_ctx, settings->ntds_guid),
settings->invocation_id == NULL?"None":GUID_string(mem_ctx, settings->invocation_id)));
DEBUG(0,("Pathes under PRIVATEDIR[%s]\n"
"SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n",
lp_private_dir(lp_ctx),
settings->samdb_ldb,
settings->secrets_ldb,
settings->secrets_keytab));
DEBUG(0,("Schema Partition[%s => %s]\n",
settings->schema_dn_str, settings->schemadn_ldb));
DEBUG(0,("Config Partition[%s => %s]\n",
settings->config_dn_str, settings->configdn_ldb));
DEBUG(0,("Domain Partition[%s => %s]\n",
settings->domain_dn_str, settings->domaindn_ldb));
DEBUG(0,("Pathes under targetdir[%s]\n",
settings->targetdir));
parameters = PyDict_New();
PyDict_SetItemString(parameters, "rootdn",
PyString_FromString(settings->root_dn_str));
if (settings->domaindn_ldb != NULL)
PyDict_SetItemString(parameters, "domaindn_ldb",
PyString_FromString(settings->domaindn_ldb));
if (settings->config_dn_str != NULL)
PyDict_SetItemString(parameters, "configdn",
PyString_FromString(settings->config_dn_str));
if (settings->configdn_ldb != NULL)
PyDict_SetItemString(parameters, "configdn_ldb",
PyString_FromString(settings->configdn_ldb));
if (settings->schema_dn_str != NULL)
PyDict_SetItemString(parameters, "schema_dn_str",
PyString_FromString(settings->schema_dn_str));
if (settings->schemadn_ldb != NULL)
PyDict_SetItemString(parameters, "schemadn_ldb",
PyString_FromString(settings->schemadn_ldb));
if (settings->targetdir != NULL)
PyDict_SetItemString(parameters, "targetdir",
PyString_FromString(settings->targetdir));
PyDict_SetItemString(parameters, "setup_dir",
PyString_FromString("setup"));
PyDict_SetItemString(parameters, "hostname",
PyString_FromString(settings->netbios_name));
PyDict_SetItemString(parameters, "sitename",
PyString_FromString(settings->site_name));
PyDict_SetItemString(parameters, "domain",
PyString_FromString(settings->domain));
PyDict_SetItemString(parameters, "realm",
PyString_FromString(settings->realm));
if (settings->root_dn_str)
PyDict_SetItemString(parameters, "rootdn",
PyString_FromString(settings->root_dn_str));
if (settings->domain_dn_str)
PyDict_SetItemString(parameters, "domaindn",
PyString_FromString(settings->domain_dn_str));
if (settings->schema_dn_str)
PyDict_SetItemString(parameters, "schemadn",
PyString_FromString(settings->schema_dn_str));
if (settings->config_dn_str)
PyDict_SetItemString(parameters, "configdn",
PyString_FromString(settings->config_dn_str));
if (settings->site_name)
PyDict_SetItemString(parameters, "sitename",
PyString_FromString(settings->site_name));
PyDict_SetItemString(parameters, "machinepass",
PyString_FromString(settings->machine_password));
if (settings->samdb_ldb != NULL)
PyDict_SetItemString(parameters, "samdb",
PyString_FromString(settings->samdb_ldb));
if (settings->secrets_ldb != NULL)
PyDict_SetItemString(parameters, "secrets_ldb",
PyString_FromString(settings->secrets_ldb));
if (settings->secrets_keytab != NULL)
PyDict_SetItemString(parameters, "secrets_keytab",
PyString_FromString(settings->secrets_keytab));
PyString_FromString(settings->machine_password));
result = PyEval_CallObjectWithKeywords(provision_fn, NULL, parameters);
@ -317,39 +122,5 @@ static NTSTATUS provision_bare_py(TALLOC_CTX *mem_ctx,
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(0,("Open the SAM LDB with system credentials: %s\n",
settings->samdb_ldb));
ldb = ldb_wrap_connect(mem_ctx, lp_ctx, settings->samdb_ldb,
system_session(mem_ctx, lp_ctx),
NULL, 0, NULL);
if (!ldb) {
DEBUG(0,("Failed to open '%s'\n", settings->samdb_ldb));
return NT_STATUS_INTERNAL_DB_ERROR;
}
ok = samdb_set_ntds_invocation_id(ldb, settings->invocation_id);
if (!ok) {
DEBUG(0,("Failed to set cached ntds invocationId\n"));
return NT_STATUS_FOOBAR;
}
ok = samdb_set_ntds_objectGUID(ldb, settings->ntds_guid);
if (!ok) {
DEBUG(0,("Failed to set cached ntds objectGUID\n"));
return NT_STATUS_FOOBAR;
}
return NT_STATUS_OK;
}
NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
struct provision_settings *settings)
{
if (getenv("PROVISION_EJS")) {
return provision_bare_ejs(mem_ctx, lp_ctx, settings);
} else {
return provision_bare_py(mem_ctx, lp_ctx, settings);
}
}