r26298: Use metze's schema loading code to pre-initialise the schema into the

samdb before we start writing entries into it.

In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).

We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.

When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works.  This required some ejs
glue.

Andrew Bartlett

source/scripting/ejs/smbcalls_ldb.c

@@ -28,6 +28,7 @@
 #include "ldb_wrap.h"
 #include "dsdb/samdb/samdb.h"
 #include "librpc/ndr/libndr.h"
+#include "libcli/security/security.h"
 
 /*
   get the connected db
@@ -598,7 +599,7 @@ static int ejs_ldb_attach_dsdb_schema_from_ldif(MprVarHandle eid, int argc, char
 }
 
 /*
-  commit a ldb attach a dsdb_schema from ldif files
+  set a particular invocationId against the running LDB
   usage:
    ok = ldb.set_ntds_invocationId("7729aa4b-f990-41ad-b81a-8b6a14090f41");
 */
@@ -640,9 +641,9 @@ static int ejs_ldb_set_ntds_invocationId(MprVarHandle eid, int argc, char **argv
 }
 
 /*
-  commit a ldb attach a dsdb_schema from ldif files
+  attach a particular ntds objectGUID against the current ldb
   usage:
-   ok = ldb.get_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
+   ok = ldb.set_ntds_objectGUID("7729aa4b-f990-41ad-b81a-8b6a14090f41");
 */
 static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv)
 {
@@ -681,6 +682,48 @@ static int ejs_ldb_set_ntds_objectGUID(MprVarHandle eid, int argc, char **argv)
 	return 0;
 }
 
+/*
+  attach a particular domain SID against the current ldb
+  usage:
+   ok = ldb.set_domain_sid("S-S-1-5-21-3065342217-3567412576-2214182334");
+*/
+static int ejs_ldb_set_domain_sid(MprVarHandle eid, int argc, char **argv)
+{
+	struct ldb_context *ldb;
+	struct dom_sid *dom_sid;
+	char *dom_sid_str;
+	bool ok;
+
+	if (argc != 1) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid invalid arguments");
+		return -1;
+	}
+
+	ldb = ejs_get_ldb_context(eid);
+	if (ldb == NULL) {
+		return -1;
+	}
+
+	dom_sid_str = argv[0];
+
+	dom_sid = dom_sid_parse_talloc(NULL, dom_sid_str);
+	if (!dom_sid) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to parse domain sid '%s'\n",
+				dom_sid_str);
+		return -1;
+	}
+
+	ok = samdb_set_domain_sid(ldb, dom_sid);
+	talloc_free(dom_sid);
+	if (!ok) {
+		ejsSetErrorMsg(eid, "ldb.set_domain_sid - failed to set cached ntds invocationId\n");
+		return -1;
+	}
+
+	mpr_Return(eid, mprCreateBoolVar(ok));
+	return 0;
+}
+
 /*
   initialise ldb ejs subsystem
 */
@@ -708,6 +751,8 @@ static int ejs_ldb_init(MprVarHandle eid, int argc, struct MprVar **argv)
 			      ejs_ldb_set_ntds_invocationId);
 	mprSetStringCFunction(ldb, "set_ntds_objectGUID",
 			      ejs_ldb_set_ntds_objectGUID);
+	mprSetStringCFunction(ldb, "set_domain_sid",
+			      ejs_ldb_set_domain_sid);
 	mprSetVar(ldb, "SCOPE_BASE", mprCreateNumberVar(LDB_SCOPE_BASE));
 	mprSetVar(ldb, "SCOPE_ONE", mprCreateNumberVar(LDB_SCOPE_ONELEVEL));
 	mprSetVar(ldb, "SCOPE_SUBTREE", mprCreateNumberVar(LDB_SCOPE_SUBTREE));

source/scripting/libjs/provision.js

@@ -563,6 +563,44 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
 	return true;
 }
 
+function load_schema(subobj, message, samdb)
+{
+	var lp = loadparm_init();
+	var src = lp.get("setup directory") + "/" + "schema.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var schema_data = sys.file_load(src);
+
+	src = lp.get("setup directory") + "/" + "schema_samba4.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	schema_data = schema_data + sys.file_load(src);
+
+	schema_data = substitute_var(schema_data, subobj);
+
+	src = lp.get("setup directory") + "/" + "provision_schema_basedn_modify.ldif";
+
+	if (! sys.stat(src)) {
+		message("Template file not found: %s\n",src);
+		assert(0);
+	}
+
+	var head_data = sys.file_load(src);
+	head_data = substitute_var(head_data, subobj);
+
+	var ok = samdb.attach_dsdb_schema_from_ldif(head_data, schema_data);
+	return ok;
+}
+
+
 /*
   provision samba4 - caution, this wipes all existing data!
 */
@@ -648,8 +686,15 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	}
 	samdb.close();
 
+	message("Pre-loading the Samba4 and AD schema\n");
+	
 	samdb = open_ldb(info, paths.samdb, false);
 
+	samdb.set_domain_sid(subobj.DOMAINSID);
+
+	var load_schema_ok = load_schema(subobj, message, samdb);
+	assert(load_schema_ok.is_ok);
+
 	message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
 	message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
@@ -692,16 +737,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
 	message("Setting up sam.ldb AD schema\n");
 	setup_add_ldif("schema.ldif", info, samdb, false);
 
-	// (hack) Reload, now we have the schema loaded.  
-	var commit_ok = samdb.transaction_commit();
-	if (!commit_ok) {
-		info.message("samdb commit failed: " + samdb.errstring() + "\n");
-		assert(commit_ok);
-	}
-	samdb.close();
-
-	samdb = open_ldb(info, paths.samdb, false);
-
 	message("Setting up sam.ldb configuration data\n");
 	setup_add_ldif("provision_configuration.ldif", info, samdb, false);