mirror of
https://github.com/samba-team/samba.git
synced 2025-02-11 17:58:16 +03:00
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivial
This commit is contained in:
Jelmer Vernooij
commit
d4d4120b71
@ -132,7 +132,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
|
||||
continue;
|
||||
}
|
||||
sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]);
|
||||
sam3->sids[sam3->sidcount].attribute =
|
||||
sam3->sids[sam3->sidcount].attributes =
|
||||
SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
|
||||
sam3->sidcount += 1;
|
||||
}
|
||||
|
||||
@ -391,6 +391,10 @@ static int replmd_add_originating(struct ldb_module *module,
|
||||
m->originating_usn = seq_num;
|
||||
m->local_usn = seq_num;
|
||||
ni++;
|
||||
|
||||
if (ldb_attr_cmp(e->name, ldb_dn_get_rdn_name(msg->dn))) {
|
||||
rdn_attr = sa;
|
||||
}
|
||||
}
|
||||
|
||||
/* fix meta data count */
|
||||
|
||||
@ -19,6 +19,7 @@ import "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
|
||||
interface netlogon
|
||||
{
|
||||
typedef bitmap samr_AcctFlags samr_AcctFlags;
|
||||
typedef bitmap samr_GroupAttrs samr_GroupAttrs;
|
||||
|
||||
/*****************/
|
||||
/* Function 0x00 */
|
||||
@ -86,13 +87,18 @@ interface netlogon
|
||||
[size_is(size/2),length_is(length/2)] uint16 *bindata;
|
||||
} netr_AcctLockStr;
|
||||
|
||||
const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002;
|
||||
const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020;
|
||||
const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800;
|
||||
typedef [public,bitmap32bit] bitmap {
|
||||
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
|
||||
MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
|
||||
MSV1_0_RETURN_USER_PARAMETERS = 0x00000008,
|
||||
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020,
|
||||
MSV1_0_RETURN_PROFILE_PATH = 0x00000200,
|
||||
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800
|
||||
} netr_LogonParameterControl;
|
||||
|
||||
typedef struct {
|
||||
lsa_String domain_name;
|
||||
uint32 parameter_control; /* see MSV1_0_* */
|
||||
netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
|
||||
uint32 logon_id_low;
|
||||
uint32 logon_id_high;
|
||||
lsa_String account_name;
|
||||
@ -126,11 +132,6 @@ interface netlogon
|
||||
[case(6)] netr_NetworkInfo *network;
|
||||
} netr_LogonLevel;
|
||||
|
||||
typedef [public] struct {
|
||||
uint32 rid;
|
||||
uint32 attributes;
|
||||
} netr_GroupMembership;
|
||||
|
||||
typedef [public,flag(NDR_PAHEX)] struct {
|
||||
uint8 key[16];
|
||||
} netr_UserSessionKey;
|
||||
@ -187,7 +188,7 @@ interface netlogon
|
||||
|
||||
typedef struct {
|
||||
dom_sid2 *sid;
|
||||
uint32 attribute;
|
||||
samr_GroupAttrs attributes;
|
||||
} netr_SidAttr;
|
||||
|
||||
typedef [public] struct {
|
||||
|
||||
@ -82,9 +82,9 @@ sub HeaderElement($)
|
||||
|
||||
#####################################################################
|
||||
# parse a struct
|
||||
sub HeaderStruct($$)
|
||||
sub HeaderStruct($$;$)
|
||||
{
|
||||
my($struct,$name) = @_;
|
||||
my($struct,$name,$tail) = @_;
|
||||
pidl "struct $name";
|
||||
return if (not defined($struct->{ELEMENTS}));
|
||||
pidl " {\n";
|
||||
@ -103,13 +103,14 @@ sub HeaderStruct($$)
|
||||
if (defined $struct->{PROPERTIES}) {
|
||||
HeaderProperties($struct->{PROPERTIES}, []);
|
||||
}
|
||||
pidl $tail if defined($tail);
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# parse a enum
|
||||
sub HeaderEnum($$)
|
||||
sub HeaderEnum($$;$)
|
||||
{
|
||||
my($enum,$name) = @_;
|
||||
my($enum,$name,$tail) = @_;
|
||||
my $first = 1;
|
||||
|
||||
pidl "enum $name";
|
||||
@ -131,30 +132,29 @@ sub HeaderEnum($$)
|
||||
my $count = 0;
|
||||
my $with_val = 0;
|
||||
my $without_val = 0;
|
||||
if (defined($enum->{ELEMENTS})) {
|
||||
pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n";
|
||||
foreach my $e (@{$enum->{ELEMENTS}}) {
|
||||
my $t = "$e";
|
||||
my $name;
|
||||
my $value;
|
||||
if ($t =~ /(.*)=(.*)/) {
|
||||
$name = $1;
|
||||
$value = $2;
|
||||
$with_val = 1;
|
||||
fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
|
||||
unless ($without_val == 0);
|
||||
} else {
|
||||
$name = $t;
|
||||
$value = $count++;
|
||||
$without_val = 1;
|
||||
fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
|
||||
unless ($with_val == 0);
|
||||
}
|
||||
pidl "#define $name ( $value )\n";
|
||||
pidl " { __donnot_use_enum_$name=0x7FFFFFFF}\n";
|
||||
foreach my $e (@{$enum->{ELEMENTS}}) {
|
||||
my $t = "$e";
|
||||
my $name;
|
||||
my $value;
|
||||
if ($t =~ /(.*)=(.*)/) {
|
||||
$name = $1;
|
||||
$value = $2;
|
||||
$with_val = 1;
|
||||
fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
|
||||
unless ($without_val == 0);
|
||||
} else {
|
||||
$name = $t;
|
||||
$value = $count++;
|
||||
$without_val = 1;
|
||||
fatal($e->{ORIGINAL}, "you can't mix enum member with values and without values!")
|
||||
unless ($with_val == 0);
|
||||
}
|
||||
pidl "#define $name ( $value )\n";
|
||||
}
|
||||
pidl "#endif\n";
|
||||
}
|
||||
pidl $tail if defined($tail);
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
@ -172,9 +172,9 @@ sub HeaderBitmap($$)
|
||||
|
||||
#####################################################################
|
||||
# parse a union
|
||||
sub HeaderUnion($$)
|
||||
sub HeaderUnion($$;$)
|
||||
{
|
||||
my($union,$name) = @_;
|
||||
my($union,$name,$tail) = @_;
|
||||
my %done = ();
|
||||
|
||||
pidl "union $name";
|
||||
@ -195,18 +195,19 @@ sub HeaderUnion($$)
|
||||
if (defined $union->{PROPERTIES}) {
|
||||
HeaderProperties($union->{PROPERTIES}, []);
|
||||
}
|
||||
pidl $tail if defined($tail);
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# parse a type
|
||||
sub HeaderType($$$)
|
||||
sub HeaderType($$$;$)
|
||||
{
|
||||
my($e,$data,$name) = @_;
|
||||
my($e,$data,$name,$tail) = @_;
|
||||
if (ref($data) eq "HASH") {
|
||||
($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name);
|
||||
($data->{TYPE} eq "ENUM") && HeaderEnum($data, $name, $tail);
|
||||
($data->{TYPE} eq "BITMAP") && HeaderBitmap($data, $name);
|
||||
($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name);
|
||||
($data->{TYPE} eq "UNION") && HeaderUnion($data, $name);
|
||||
($data->{TYPE} eq "STRUCT") && HeaderStruct($data, $name, $tail);
|
||||
($data->{TYPE} eq "UNION") && HeaderUnion($data, $name, $tail);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -215,14 +216,15 @@ sub HeaderType($$$)
|
||||
} else {
|
||||
pidl mapTypeName($e->{TYPE});
|
||||
}
|
||||
pidl $tail if defined($tail);
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# parse a typedef
|
||||
sub HeaderTypedef($)
|
||||
sub HeaderTypedef($;$)
|
||||
{
|
||||
my($typedef) = shift;
|
||||
HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}) if defined ($typedef->{DATA});
|
||||
my($typedef,$tail) = @_;
|
||||
HeaderType($typedef, $typedef->{DATA}, $typedef->{NAME}, $tail) if defined ($typedef->{DATA});
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
@ -359,16 +361,11 @@ sub HeaderInterface($)
|
||||
}
|
||||
|
||||
foreach my $t (@{$interface->{TYPES}}) {
|
||||
HeaderTypedef($t) if ($t->{TYPE} eq "TYPEDEF");
|
||||
HeaderStruct($t, $t->{NAME}) if ($t->{TYPE} eq "STRUCT");
|
||||
HeaderUnion($t, $t->{NAME}) if ($t->{TYPE} eq "UNION");
|
||||
HeaderEnum($t, $t->{NAME}) if ($t->{TYPE} eq "ENUM");
|
||||
HeaderTypedef($t, ";\n\n") if ($t->{TYPE} eq "TYPEDEF");
|
||||
HeaderStruct($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "STRUCT");
|
||||
HeaderUnion($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "UNION");
|
||||
HeaderEnum($t, $t->{NAME}, ";\n\n") if ($t->{TYPE} eq "ENUM");
|
||||
HeaderBitmap($t, $t->{NAME}) if ($t->{TYPE} eq "BITMAP");
|
||||
pidl ";\n\n" if ($t->{TYPE} eq "BITMAP" or
|
||||
$t->{TYPE} eq "STRUCT" or
|
||||
$t->{TYPE} eq "TYPEDEF" or
|
||||
$t->{TYPE} eq "UNION" or
|
||||
$t->{TYPE} eq "ENUM");
|
||||
}
|
||||
|
||||
foreach my $fn (@{$interface->{FUNCTIONS}}) {
|
||||
|
||||
@ -484,9 +484,6 @@ function provision_fix_subobj(subobj, paths)
|
||||
subobj.ADMINPASS_B64 = ldb.encode(subobj.ADMINPASS);
|
||||
subobj.DNSPASS_B64 = ldb.encode(subobj.DNSPASS);
|
||||
|
||||
var rdns = split(",", subobj.DOMAINDN);
|
||||
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
|
||||
|
||||
subobj.SAM_LDB = "tdb://" + paths.samdb;
|
||||
subobj.SECRETS_KEYTAB = paths.keytab;
|
||||
subobj.DNS_KEYTAB = paths.dns_keytab;
|
||||
@ -527,6 +524,10 @@ function provision_become_dc(subobj, message, erase, paths, session_info)
|
||||
var ok = provision_fix_subobj(subobj, paths);
|
||||
assert(ok);
|
||||
|
||||
if (subobj.BACKEND_MOD == undefined) {
|
||||
subobj.BACKEND_MOD = "repl_meta_data";
|
||||
}
|
||||
|
||||
info.subobj = subobj;
|
||||
info.message = message;
|
||||
info.session_info = session_info;
|
||||
@ -613,10 +614,21 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
|
||||
var lp = loadparm_init();
|
||||
var sys = sys_init();
|
||||
var info = new Object();
|
||||
random_init(local);
|
||||
|
||||
var ok = provision_fix_subobj(subobj, paths);
|
||||
assert(ok);
|
||||
|
||||
if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
|
||||
if (subobj.BACKEND_MOD == undefined) {
|
||||
subobj.BACKEND_MOD = "repl_meta_data";
|
||||
}
|
||||
} else {
|
||||
if (subobj.BACKEND_MOD == undefined) {
|
||||
subobj.BACKEND_MOD = "objectguid";
|
||||
}
|
||||
}
|
||||
|
||||
if (subobj.DOMAINGUID != undefined) {
|
||||
subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
|
||||
} else {
|
||||
@ -696,6 +708,20 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
|
||||
|
||||
samdb.set_domain_sid(subobj.DOMAINSID);
|
||||
|
||||
if (strlower(subobj.SERVERROLE) == strlower("domain controller")) {
|
||||
if (subobj.INVOCATIONID == undefined) {
|
||||
subobj.INVOCATIONID = randguid();
|
||||
}
|
||||
samdb.set_ntds_invocationId(subobj.INVOCATIONID);
|
||||
if (subobj.BACKEND_MOD == undefined) {
|
||||
subobj.BACKEND_MOD = "repl_meta_data";
|
||||
}
|
||||
} else {
|
||||
if (subobj.BACKEND_MOD == undefined) {
|
||||
subobj.BACKEND_MOD = "objectguid";
|
||||
}
|
||||
}
|
||||
|
||||
var load_schema_ok = load_schema(subobj, message, samdb);
|
||||
assert(load_schema_ok.is_ok);
|
||||
|
||||
@ -961,7 +987,6 @@ function provision_guess()
|
||||
subobj.VERSION = version();
|
||||
subobj.HOSTIP = hostip();
|
||||
subobj.DOMAINSID = randsid();
|
||||
subobj.INVOCATIONID = randguid();
|
||||
subobj.POLICYGUID = randguid();
|
||||
subobj.KRBTGTPASS = randpass(12);
|
||||
subobj.MACHINEPASS = randpass(12);
|
||||
@ -969,9 +994,6 @@ function provision_guess()
|
||||
subobj.ADMINPASS = randpass(12);
|
||||
subobj.LDAPMANAGERPASS = randpass(12);
|
||||
subobj.DEFAULTSITE = "Default-First-Site-Name";
|
||||
subobj.NEWGUID = randguid;
|
||||
subobj.NTTIME = nttime;
|
||||
subobj.LDAPTIME = ldaptime;
|
||||
subobj.DATESTRING = datestring;
|
||||
subobj.ROOT = findnss(nss.getpwnam, "root");
|
||||
subobj.NOBODY = findnss(nss.getpwnam, "nobody");
|
||||
@ -1016,9 +1038,6 @@ function provision_guess()
|
||||
subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash,instancetype";
|
||||
subobj.CONFIGDN_MOD = "naming_fsmo,instancetype";
|
||||
subobj.SCHEMADN_MOD = "schema_fsmo,instancetype";
|
||||
subobj.DOMAINDN_MOD2 = ",objectguid";
|
||||
subobj.CONFIGDN_MOD2 = ",objectguid";
|
||||
subobj.SCHEMADN_MOD2 = ",objectguid";
|
||||
|
||||
subobj.ACI = "# no aci for local ldb";
|
||||
|
||||
|
||||
@ -143,12 +143,10 @@ if (ldapbackend) {
|
||||
subobj.LDAPMODULE = "normalise,entryuuid";
|
||||
subobj.TDB_MODULES_LIST = "";
|
||||
}
|
||||
subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches";
|
||||
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
|
||||
subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
|
||||
subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
|
||||
subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
|
||||
subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
|
||||
subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
|
||||
message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
|
||||
}
|
||||
|
||||
@ -175,7 +173,9 @@ if (partitions_only) {
|
||||
message("--host-guid='%s' \\\n", subobj.HOSTGUID);
|
||||
}
|
||||
message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
|
||||
message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
|
||||
if (subobj.INVOCATIONID != undefined) {
|
||||
message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
|
||||
}
|
||||
message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
|
||||
message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
|
||||
message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
|
||||
|
||||
@ -6,5 +6,4 @@ objectClass: top
|
||||
objectClass: domain
|
||||
objectClass: domainDNS
|
||||
${ACI}
|
||||
dc: ${RDN_DC}
|
||||
|
||||
|
||||
@ -4,9 +4,6 @@
|
||||
dn: ${DOMAINDN}
|
||||
changetype: modify
|
||||
-
|
||||
replace: dc
|
||||
dc: ${RDN_DC}
|
||||
-
|
||||
replace: forceLogoff
|
||||
forceLogoff: 9223372036854775808
|
||||
-
|
||||
|
||||
@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB}
|
||||
replicateEntries: @ATTRIBUTES
|
||||
replicateEntries: @INDEXLIST
|
||||
replicateEntries: @OPTIONS
|
||||
modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2}
|
||||
modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2}
|
||||
modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
|
||||
modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD}
|
||||
modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD}
|
||||
modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD}
|
||||
|
||||
dn: @MODULES
|
||||
@LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2}
|
||||
|
||||
@ -7,8 +7,6 @@ realm: ${REALM}
|
||||
secret:: ${MACHINEPASS_B64}
|
||||
secureChannelType: 6
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
whenCreated: ${LDAPTIME}
|
||||
whenChanged: ${LDAPTIME}
|
||||
msDS-KeyVersionNumber: 1
|
||||
objectSid: ${DOMAINSID}
|
||||
privateKeytab: ${SECRETS_KEYTAB}
|
||||
@ -22,8 +20,6 @@ objectClass: kerberosSecret
|
||||
flatname: ${DOMAIN}
|
||||
realm: ${REALM}
|
||||
sAMAccountName: krbtgt
|
||||
whenCreated: ${LDAPTIME}
|
||||
whenChanged: ${LDAPTIME}
|
||||
objectSid: ${DOMAINSID}
|
||||
servicePrincipalName: kadmin/changepw
|
||||
krb5Keytab: HDB:ldb:${SAM_LDB}:
|
||||
@ -36,8 +32,6 @@ objectClass: top
|
||||
objectClass: secret
|
||||
objectClass: kerberosSecret
|
||||
realm: ${REALM}
|
||||
whenCreated: ${LDAPTIME}
|
||||
whenChanged: ${LDAPTIME}
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
privateKeytab: ${DNS_KEYTAB}
|
||||
secret:: ${DNSPASS_B64}
|
||||
|
||||
@ -201,10 +201,6 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
|
||||
"subobj.DOMAIN = \"%s\";\n"
|
||||
"subobj.DEFAULTSITE = \"%s\";\n"
|
||||
"\n"
|
||||
"subobj.DOMAINDN_MOD2 = \",repl_meta_data\";\n"
|
||||
"subobj.CONFIGDN_MOD2 = \",repl_meta_data\";\n"
|
||||
"subobj.SCHEMADN_MOD2 = \",repl_meta_data\";\n"
|
||||
"\n"
|
||||
"subobj.KRBTGTPASS = \"_NOT_USED_\";\n"
|
||||
"subobj.MACHINEPASS = \"%s\";\n"
|
||||
"subobj.ADMINPASS = \"_NOT_USED_\";\n"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user