summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2007-12-19 23:27:24 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:51:56 +0100
commit595ec370da471116b35464dc65d2962f28380d74 (patch)
treed4f7ef420e70d817a827fe20167f27af561ef222
parent5ed08ebac3545e60ac8c553ffe8b019d7ba3f853 (diff)
downloadsamba-595ec370da471116b35464dc65d2962f28380d74.tar.gz
samba-595ec370da471116b35464dc65d2962f28380d74.tar.bz2
samba-595ec370da471116b35464dc65d2962f28380d74.zip
r26535: Get rid of all-knowing ProvisionSettings object.
(This used to be commit 40bf88c8a70e8379a6081cb6050034bcd7ae56eb)
-rw-r--r--source4/scripting/python/samba/provision.py522
-rwxr-xr-xsource4/setup/provision.py36
2 files changed, 274 insertions, 284 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 04f50e8359..c9cb457b4a 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1,8 +1,10 @@
#
# backend code for provisioning a Samba4 server
-# Copyright Andrew Tridgell 2005
-# Copyright Jelmer Vernooij 2007
# Released under the GNU GPL v2 or later
+# Copyright Jelmer Vernooij 2007
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
#
from base64 import b64encode
@@ -22,67 +24,13 @@ from ldb import Dn, SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \
LDB_ERR_NO_SUCH_OBJECT, timestring
+DEFAULTSITE = "Default-First-Site-Name"
+
class InvalidNetbiosName(Exception):
def __init__(self, name):
super(InvalidNetbiosName, self).__init__("The name '%r' is not a valid NetBIOS name" % name)
-class ProvisionSettings(object):
- def __init__(self, realm=None, domain=None, hostname=None, hostip=None):
- self.realm = realm
- self.domain = domain
- self.hostname = hostname
- self.hostip = hostip
- self.domainsid = None
- self.invocationid = None
- self.krbtgtpass = None
- self.machinepass = None
- self.adminpass = None
- self.defaultsite = "Default-First-Site-Name"
- self.root = None
- self.nobody = None
- self.nogroup = None
- self.wheel = None
- self.backup = None
- self.users = None
- self.dnsdomain = None
- self.dnsname = None
- self.domaindn = None
- self.rootdn = None
- self.configdn = None
- self.schemedn = None
- self.schemedn_ldb = None
- self.s4_ldapi_path = None
- self.policyguid = None
-
- def fix(self, paths):
- self.realm = self.realm.upper()
- self.hostname = self.hostname.lower()
- self.domain = self.domain.upper()
- if not valid_netbios_name(self.domain):
- raise InvalidNetbiosName(self.domain)
- self.netbiosname = self.hostname.upper()
- if not valid_netbios_name(self.netbiosname):
- raise InvalidNetbiosName(self.netbiosname)
- rdns = self.domaindn.split(",")
- self.rdn_dc = rdns[0][len("DC="):]
-
- def validate(self, lp):
- if not valid_netbios_name(self.domain):
- raise InvalidNetbiosName(self.domain)
-
- if not valid_netbios_name(self.netbiosname):
- raise InvalidNetbiosName(self.netbiosname)
-
- if lp.get("workgroup").upper() != self.domain.upper():
- raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
- lp.get("workgroup"), self.domain)
-
- if lp.get("realm").upper() != self.realm.upper():
- raise Error("realm '%s' in smb.conf must match chosen realm '%s'\n" %
- (lp.get("realm"), self.realm))
-
-
class ProvisionPaths:
def __init__(self):
self.smbconf = None
@@ -125,11 +73,6 @@ def findnss(nssfn, *names):
raise Exception("Unable to find user/group for %s" % arguments[1])
-def hostip():
- """return first host IP."""
- return gethostbyname(hostname())
-
-
def hostname():
"""return first part of hostname."""
return gethostname().split(".")[0]
@@ -210,11 +153,11 @@ def setup_file(setup_dir, template, fname, substvars):
open(f, 'w').write(data)
-def provision_default_paths(lp, subobj):
+def provision_default_paths(lp, dnsdomain):
"""Set the default paths for provisioning.
:param lp: Loadparm context.
- :param subobj: Object
+ :param dnsdomain: DNS Domain name
"""
paths = ProvisionPaths()
private_dir = lp.get("private dir")
@@ -224,14 +167,14 @@ def provision_default_paths(lp, subobj):
paths.templates = os.path.join(private_dir, "templates.ldb")
paths.keytab = os.path.join(private_dir, "secrets.keytab")
paths.dns_keytab = os.path.join(private_dir, "dns.keytab")
- paths.dns = os.path.join(private_dir, subobj.dnsdomain + ".zone")
+ paths.dns = os.path.join(private_dir, dnsdomain + ".zone")
paths.winsdb = os.path.join(private_dir, "wins.ldb")
paths.ldap_basedn_ldif = os.path.join(private_dir,
- subobj.dnsdomain + ".ldif")
+ dnsdomain + ".ldif")
paths.ldap_config_basedn_ldif = os.path.join(private_dir,
- subobj.dnsdomain + "-config.ldif")
+ dnsdomain + "-config.ldif")
paths.ldap_schema_basedn_ldif = os.path.join(private_dir,
- subobj.dnsdomain + "-schema.ldif")
+ dnsdomain + "-schema.ldif")
paths.s4_ldapi_path = os.path.join(private_dir, "ldapi")
paths.phpldapadminconfig = os.path.join(private_dir,
"phpldapadmin-config.php")
@@ -247,41 +190,39 @@ def provision_default_paths(lp, subobj):
return paths
-def setup_name_mappings(subobj, ldb):
+def setup_name_mappings(ldb, sid, domaindn, root, nobody, nogroup, users,
+ wheel, backup):
"""setup reasonable name mappings for sam names to unix names."""
- sid = str(subobj.domainsid)
-
# add some foreign sids if they are not present already
- ldb.add_foreign(subobj.domaindn, "S-1-5-7", "Anonymous")
- ldb.add_foreign(subobj.domaindn, "S-1-1-0", "World")
- ldb.add_foreign(subobj.domaindn, "S-1-5-2", "Network")
- ldb.add_foreign(subobj.domaindn, "S-1-5-18", "System")
- ldb.add_foreign(subobj.domaindn, "S-1-5-11", "Authenticated Users")
+ ldb.add_foreign(domaindn, "S-1-5-7", "Anonymous")
+ ldb.add_foreign(domaindn, "S-1-1-0", "World")
+ ldb.add_foreign(domaindn, "S-1-5-2", "Network")
+ ldb.add_foreign(domaindn, "S-1-5-18", "System")
+ ldb.add_foreign(domaindn, "S-1-5-11", "Authenticated Users")
# some well known sids
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-7", subobj.nobody)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-1-0", subobj.nogroup)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-2", subobj.nogroup)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-18", subobj.root)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-11", subobj.users)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-32-544", subobj.wheel)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-32-545", subobj.users)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-32-546", subobj.nogroup)
- ldb.setup_name_mapping(subobj.domaindn, "S-1-5-32-551", subobj.backup)
+ ldb.setup_name_mapping(domaindn, "S-1-5-7", nobody)
+ ldb.setup_name_mapping(domaindn, "S-1-1-0", nogroup)
+ ldb.setup_name_mapping(domaindn, "S-1-5-2", nogroup)
+ ldb.setup_name_mapping(domaindn, "S-1-5-18", root)
+ ldb.setup_name_mapping(domaindn, "S-1-5-11", users)
+ ldb.setup_name_mapping(domaindn, "S-1-5-32-544", wheel)
+ ldb.setup_name_mapping(domaindn, "S-1-5-32-545", users)
+ ldb.setup_name_mapping(domaindn, "S-1-5-32-546", nogroup)
+ ldb.setup_name_mapping(domaindn, "S-1-5-32-551", backup)
# and some well known domain rids
- ldb.setup_name_mapping(subobj.domaindn, sid + "-500", subobj.root)
- ldb.setup_name_mapping(subobj.domaindn, sid + "-518", subobj.wheel)
- ldb.setup_name_mapping(subobj.domaindn, sid + "-519", subobj.wheel)
- ldb.setup_name_mapping(subobj.domaindn, sid + "-512", subobj.wheel)
- ldb.setup_name_mapping(subobj.domaindn, sid + "-513", subobj.users)
- ldb.setup_name_mapping(subobj.domaindn, sid + "-520", subobj.wheel)
+ ldb.setup_name_mapping(domaindn, sid + "-500", root)
+ ldb.setup_name_mapping(domaindn, sid + "-518", wheel)
+ ldb.setup_name_mapping(domaindn, sid + "-519", wheel)
+ ldb.setup_name_mapping(domaindn, sid + "-512", wheel)
+ ldb.setup_name_mapping(domaindn, sid + "-513", users)
+ ldb.setup_name_mapping(domaindn, sid + "-520", wheel)
-def provision_become_dc(setup_dir, subobj, message, paths, lp, session_info,
+def provision_become_dc(setup_dir, message, paths, lp, session_info,
credentials):
assert session_info is not None
- subobj.fix(paths)
message("Setting up templates into %s" % paths.templates)
setup_templatesdb(paths.templates, setup_dir, session_info,
@@ -295,8 +236,8 @@ def provision_become_dc(setup_dir, subobj, message, paths, lp, session_info,
samdb.erase()
message("Setting up %s partitions" % paths.samdb)
- setup_samdb_partitions(samdb, setup_dir, subobj.schemadn,
- subobj.configdn, subobj.domaindn)
+ setup_samdb_partitions(samdb, setup_dir, schemadn,
+ configdn, domaindn)
samdb = SamDB(paths.samdb, credentials=credentials,
session_info=session_info, lp=lp)
@@ -307,10 +248,12 @@ def provision_become_dc(setup_dir, subobj, message, paths, lp, session_info,
setup_add_ldif(samdb, setup_dir, "provision_init.ldif")
message("Setting up %s rootDSE" % paths.samdb)
- setup_samdb_rootdse(samdb, setup_dir, subobj)
+ setup_samdb_rootdse(samdb, setup_dir, schemadn, domaindn,
+ hostname, dnsdomain, realm, rootdn, configdn,
+ netbiosname)
message("Erasing data from partitions")
- ldb_erase_partitions(subobj.domaindn, message, samdb, None)
+ ldb_erase_partitions(domaindn, message, samdb, None)
message("Setting up %s indexes" % paths.samdb)
setup_add_ldif(samdb, setup_dir, "provision_index.ldif")
@@ -323,7 +266,7 @@ def provision_become_dc(setup_dir, subobj, message, paths, lp, session_info,
message("Setting up %s" % paths.secrets)
secrets_ldb = setup_secretsdb(paths.secrets, setup_dir, session_info, credentials, lp)
setup_ldb(secrets_ldb, setup_dir, "secrets_dc.ldif",
- { "MACHINEPASS_B64": b64encode(self.machinepass) })
+ { "MACHINEPASS_B64": b64encode(machinepass) })
def setup_secretsdb(path, setup_dir, session_info, credentials, lp):
@@ -351,17 +294,18 @@ def setup_registry(path, setup_dir, session_info, credentials, lp):
reg.apply_patchfile(provision_reg)
-def setup_samdb_rootdse(samdb, setup_dir, subobj):
+def setup_samdb_rootdse(samdb, setup_dir, schemadn, domaindn, hostname,
+ dnsdomain, realm, rootdn, configdn, netbiosname):
setup_add_ldif(samdb, setup_dir, "provision_rootdse_add.ldif", {
- "SCHEMADN": subobj.schemadn,
- "NETBIOSNAME": subobj.netbiosname,
- "DNSDOMAIN": subobj.dnsdomain,
- "DEFAULTSITE": subobj.defaultsite,
- "REALM": subobj.realm,
- "DNSNAME": subobj.dnsname,
- "DOMAINDN": subobj.domaindn,
- "ROOTDN": subobj.rootdn,
- "CONFIGDN": subobj.configdn,
+ "SCHEMADN": schemadn,
+ "NETBIOSNAME": netbiosname,
+ "DNSDOMAIN": dnsdomain,
+ "DEFAULTSITE": DEFAULTSITE,
+ "REALM": realm,
+ "DNSNAME": "%s.%s" % (hostname, dnsdomain),
+ "DOMAINDN": domaindn,
+ "ROOTDN": rootdn,
+ "CONFIGDN": configdn,
"VERSION": samba.version(),
})
@@ -416,25 +360,103 @@ def setup_samdb_partitions(samdb, setup_dir, schemadn, configdn, domaindn):
-def provision(lp, setup_dir, subobj, message, blank, paths, session_info,
- credentials, ldapbackend):
+def provision(lp, setup_dir, message, blank, paths, session_info,
+ credentials, ldapbackend, realm=None, domain=None, hostname=None,
+ hostip=None, domainsid=None, hostguid=None, adminpass=None,
+ krbtgtpass=None, domainguid=None, policyguid=None,
+ invocationid=None, machinepass=None, dnspass=None, root=None,
+ nobody=None, nogroup=None, users=None, wheel=None, backup=None,
+ aci=None, serverrole=None):
"""Provision samba4
:note: caution, this wipes all existing data!
"""
- subobj.fix(paths)
+
+ if domainsid is None:
+ domainsid = security.random_sid()
+ if policyguid is None:
+ policyguid = uuid.random()
+ if invocationid is None:
+ invocationid = uuid.random()
+ if adminpass is None:
+ adminpass = misc.random_password(12)
+ if krbtgtpass is None:
+ krbtgtpass = misc.random_password(12)
+ if machinepass is None:
+ machinepass = misc.random_password(12)
+ if dnspass is None:
+ dnspass = misc.random_password(12)
+ if root is None:
+ root = findnss(pwd.getpwnam, "root")[4]
+ if nobody is None:
+ nobody = findnss(pwd.getpwnam, "nobody")[4]
+ if nogroup is None:
+ nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
+ if users is None:
+ users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", "usr")[2]
+ if wheel is None:
+ wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
+ if backup is None:
+ backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
+ if aci is None:
+ aci = "# no aci for local ldb"
+ if serverrole is None:
+ serverrole = lp.get("server role")
+
+ if realm is None:
+ realm = lp.get("realm")
+ else:
+ if lp.get("realm").upper() != realm.upper():
+ raise Error("realm '%s' in smb.conf must match chosen realm '%s'\n" %
+ (lp.get("realm"), realm))
+
+ assert realm is not None
+ realm = realm.upper()
+
+ if domain is None:
+ domain = lp.get("workgroup")
+ else:
+ if lp.get("workgroup").upper() != domain.upper():
+ raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
+ lp.get("workgroup"), domain)
+
+ assert domain is not None
+ domain = domain.upper()
+ if not valid_netbios_name(domain):
+ raise InvalidNetbiosName(domain)
+
+ if hostname is None:
+ hostname = gethostname().split(".")[0].lower()
+
+ if hostip is None:
+ hostip = gethostbyname(hostname)
+
+ netbiosname = hostname.upper()
+ if not valid_netbios_name(netbiosname):
+ raise InvalidNetbiosName(netbiosname)
+
+ dnsdomain = realm.lower()
+ domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
+ rootdn = domaindn
+ configdn = "CN=Configuration," + rootdn
+ schemadn = "CN=Schema," + configdn
+
+ rdn_dc = domaindn.split(",")[0][len("DC="):]
+
+ message("Provisioning for %s in realm %s" % (domain, realm))
+ message("Using administrator password: %s" % adminpass)
assert paths.smbconf is not None
# only install a new smb.conf if there isn't one there already
if not os.path.exists(paths.smbconf):
message("Setting up smb.conf")
- if lp.get("server role") == "domain controller":
+ if serverrole == "domain controller":
smbconfsuffix = "dc"
- elif lp.get("server role") == "member":
+ elif serverrole == "member":
smbconfsuffix = "member"
else:
- assert "Invalid server role setting: %s" % lp.get("server role")
+ assert "Invalid server role setting: %s" % serverrole
setup_file(setup_dir, "provision.smb.conf.%s" % smbconfsuffix, paths.smbconf)
lp.reload()
@@ -463,8 +485,7 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info,
samdb.erase()
message("Setting up sam.ldb partitions")
- setup_samdb_partitions(samdb, setup_dir, subobj.schemadn,
- subobj.configdn, subobj.domaindn)
+ setup_samdb_partitions(samdb, setup_dir, schemadn, configdn, domaindn)
samdb = SamDB(paths.samdb, session_info=session_info,
credentials=credentials, lp=lp)
@@ -475,10 +496,12 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info,
setup_add_ldif(samdb, setup_dir, "provision_init.ldif")
message("Setting up sam.ldb rootDSE")
- setup_samdb_rootdse(samdb, setup_dir, subobj)
+ setup_samdb_rootdse(samdb, setup_dir, schemadn, domaindn,
+ hostname, dnsdomain, realm, rootdn, configdn,
+ netbiosname)
message("Erasing data from partitions")
- ldb_erase_partitions(subobj.domaindn, message, samdb, ldapbackend)
+ ldb_erase_partitions(domaindn, message, samdb, ldapbackend)
except:
samdb.transaction_cancel()
raise
@@ -488,106 +511,104 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info,
message("Pre-loading the Samba 4 and AD schema")
samdb = SamDB(paths.samdb, session_info=session_info,
credentials=credentials, lp=lp)
- samdb.set_domain_sid(subobj.domainsid)
- load_schema(setup_dir, samdb, subobj)
+ samdb.set_domain_sid(domainsid)
+ load_schema(setup_dir, samdb, schemadn, netbiosname, configdn)
samdb.transaction_start()
try:
- message("Adding DomainDN: %s (permitted to fail)" % subobj.domaindn)
+ message("Adding DomainDN: %s (permitted to fail)" % domaindn)
setup_add_ldif(samdb, setup_dir, "provision_basedn.ldif", {
- "DOMAINDN": subobj.domaindn,
- "ACI": "# no aci for local ldb",
+ "DOMAINDN": domaindn,
+ "ACI": aci,
"EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb",
- "RDN_DC": subobj.rdn_dc,
+ "RDN_DC": rdn_dc,
})
- message("Modifying DomainDN: " + subobj.domaindn + "")
- if subobj.domain_guid is not None:
- domainguid_mod = "replace: objectGUID\nobjectGUID: %s\n-" % subobj.domain_guid
+ message("Modifying DomainDN: " + domaindn + "")
+ if domainguid is not None:
+ domainguid_mod = "replace: objectGUID\nobjectGUID: %s\n-" % domainguid
else:
domainguid_mod = ""
setup_modify_ldif(samdb, setup_dir, "provision_basedn_modify.ldif", {
- "RDN_DC": subobj.rdn_dc,
+ "RDN_DC": rdn_dc,
"LDAPTIME": timestring(int(time.time())),
- "DOMAINSID": str(subobj.domainsid),
- "SCHEMADN": subobj.schemadn,
- "NETBIOSNAME": subobj.netbiosname,
- "DEFAULTSITE": subobj.defaultsite,
- "CONFIGDN": subobj.configdn,
- "POLICYGUID": subobj.policyguid,
- "DOMAINDN": subobj.domaindn,
+ "DOMAINSID": str(domainsid),
+ "SCHEMADN": schemadn,
+ "NETBIOSNAME": netbiosname,
+ "DEFAULTSITE": DEFAULTSITE,
+ "CONFIGDN": configdn,
+ "POLICYGUID": policyguid,
+ "DOMAINDN": domaindn,
"DOMAINGUID_MOD": domainguid_mod,
})
message("Adding configuration container (permitted to fail)")
setup_add_ldif(samdb, setup_dir, "provision_configuration_basedn.ldif", {
- "CONFIGDN": subobj.configdn,
- "ACI": "# no aci for local ldb",
+ "CONFIGDN": configdn,
+ "ACI": aci,
"EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb",
})
message("Modifying configuration container")
setup_modify_ldif(samdb, setup_dir, "provision_configuration_basedn_modify.ldif", {
- "CONFIGDN": subobj.configdn,
- "SCHEMADN": subobj.schemadn,
+ "CONFIGDN": configdn,
+ "SCHEMADN": schemadn,
})
message("Adding schema container (permitted to fail)")
setup_add_ldif(samdb, setup_dir, "provision_schema_basedn.ldif", {
- "SCHEMADN": subobj.schemadn,
- "ACI": "# no aci for local ldb",
+ "SCHEMADN": schemadn,
+ "ACI": aci,
"EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb"
})
message("Modifying schema container")
setup_modify_ldif(samdb, setup_dir, "provision_schema_basedn_modify.ldif", {
- "SCHEMADN": subobj.schemadn,
- "NETBIOSNAME": subobj.netbiosname,
- "DEFAULTSITE": subobj.defaultsite,
- "CONFIGDN": subobj.configdn,
+ "SCHEMADN": schemadn,
+ "NETBIOSNAME": netbiosname,
+ "DEFAULTSITE": DEFAULTSITE,
+ "CONFIGDN": configdn,
})
message("Setting up sam.ldb Samba4 schema")
- setup_add_ldif(samdb, setup_dir, "schema_samba4.ldif", {
- "SCHEMADN": subobj.schemadn,
- })
+ setup_add_ldif(samdb, setup_dir, "schema_samba4.ldif",
+ {"SCHEMADN": schemadn })
message("Setting up sam.ldb AD schema")
- setup_add_ldif(samdb, setup_dir, "schema.ldif", {
- "SCHEMADN": subobj.schemadn,
- })
+ setup_add_ldif(samdb, setup_dir, "schema.ldif",
+ {"SCHEMADN": schemadn})
message("Setting up sam.ldb configuration data")
setup_add_ldif(samdb, setup_dir, "provision_configuration.ldif", {
- "CONFIGDN": subobj.configdn,
- "NETBIOSNAME": subobj.netbiosname,
- "DEFAULTSITE": subobj.defaultsite,
- "DNSDOMAIN": subobj.dnsdomain,
- "DOMAIN": subobj.domain,
- "SCHEMADN": subobj.schemadn,
- "DOMAINDN": subobj.domaindn,
+ "CONFIGDN": configdn,
+ "NETBIOSNAME": netbiosname,
+ "DEFAULTSITE": DEFAULTSITE,
+ "DNSDOMAIN": dnsdomain,
+ "DOMAIN": domain,
+ "SCHEMADN": schemadn,
+ "DOMAINDN": domaindn,
})
message("Setting up display specifiers")
- setup_add_ldif(samdb, setup_dir, "display_specifiers.ldif", {"CONFIGDN": subobj.configdn})
+ setup_add_ldif(samdb, setup_dir, "display_specifiers.ldif", {"CONFIGDN": configdn})
message("Adding users container (permitted to fail)")
setup_add_ldif(samdb, setup_dir, "provision_users_add.ldif", {
- "DOMAINDN": subobj.domaindn})
+ "DOMAINDN": domaindn})
message("Modifying users container")
setup_modify_ldif(samdb, setup_dir, "provision_users_modify.ldif", {
- "DOMAINDN": subobj.domaindn})
+ "DOMAINDN": domaindn})
message("Adding computers container (permitted to fail)")
setup_add_ldif(samdb, setup_dir, "provision_computers_add.ldif", {
- "DOMAINDN": subobj.domaindn})
+ "DOMAINDN": domaindn})
message("Modifying computers container")
setup_modify_ldif(samdb, setup_dir, "provision_computers_modify.ldif", {
- "DOMAINDN": subobj.domaindn})
+ "DOMAINDN": domaindn})
message("Setting up sam.ldb data")
setup_add_ldif(samdb, setup_dir, "provision.ldif", {
- "DOMAINDN": subobj.domaindn,
- "NETBIOSNAME": subobj.netbiosname,
- "DEFAULTSITE": subobj.defaultsite,
- "CONFIGDN": subobj.configdn,
+ "DOMAINDN": domaindn,
+ "NETBIOSNAME": netbiosname,
+ "DEFAULTSITE": DEFAULTSITE,
+ "CONFIGDN": configdn,
})
if not blank:
@@ -607,60 +628,63 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info,
#
message("Setting up sam.ldb users and groups")
setup_add_ldif(samdb, setup_dir, "provision_users.ldif", {
- "DOMAINDN": subobj.domaindn,
- "DOMAINSID": str(subobj.domainsid),
- "CONFIGDN": subobj.configdn,
- "ADMINPASS_B64": b64encode(subobj.adminpass),
- "KRBTGTPASS_B64": b64encode(subobj.krbtgtpass),
+ "DOMAINDN": domaindn,
+ "DOMAINSID": str(domainsid),
+ "CONFIGDN": configdn,
+ "ADMINPASS_B64": b64encode(adminpass),
+ "KRBTGTPASS_B64": b64encode(krbtgtpass),
})
if lp.get("server role") == "domain controller":
message("Setting up self join")
- if subobj.host_guid is not None:
- hostguid_add = "objectGUID: %s" % subobj.host_guid
+ if hostguid is not None:
+ hostguid_add = "objectGUID: %s" % hostguid
else:
hostguid_add = ""
setup_add_ldif(samdb, setup_dir, "provision_self_join.ldif", {
- "CONFIGDN": subobj.configdn,
- "SCHEMADN": subobj.schemadn,
- "DOMAINDN": subobj.domaindn,
- "INVOCATIONID": subobj.invocationid,
- "NETBIOSNAME": subobj.netbiosname,
- "DEFAULTSITE": subobj.defaultsite,
- "DNSNAME": subobj.dnsname,
- "MACHINEPASS_B64": b64encode(subobj.machinepass),
- "DNSPASS_B64": b64encode(subobj.dnspass),
- "REALM": subobj.realm,
- "DOMAIN": subobj.domain,
+ "CONFIGDN": configdn,
+ "SCHEMADN": schemadn,
+ "DOMAINDN": domaindn,
+ "INVOCATIONID": invocationid,
+ "NETBIOSNAME": netbiosname,
+ "DEFAULTSITE": DEFAULTSITE,
+ "DNSNAME": "%s.%s" % (hostname, dnsdomain),
+ "MACHINEPASS_B64": b64encode(machinepass),
+ "DNSPASS_B64": b64encode(dnspass),
+ "REALM": realm,
+ "DOMAIN": domain,
"HOSTGUID_ADD": hostguid_add,
- "DNSDOMAIN": subobj.dnsdomain})
+ "DNSDOMAIN": dnsdomain})
setup_add_ldif(samdb, setup_dir, "provision_group_policy.ldif", {
- "POLICYGUID": subobj.policyguid,
- "DNSDOMAIN": subobj.dnsdomain,
- "DOMAINSID": str(subobj.domainsid),
- "DOMAINDN": subobj.domaindn})
-
- os.makedirs(os.path.join(paths.sysvol, subobj.dnsdomain, "Policies", "{" + subobj.policyguid + "}"), 0755)
- os.makedirs(os.path.join(paths.sysvol, subobj.dnsdomain, "Policies", "{" + subobj.policyguid + "}", "Machine"), 0755)
- os.makedirs(os.path.join(paths.sysvol, subobj.dnsdomain, "Policies", "{" + subobj.policyguid + "}", "User"), 0755)
+ "POLICYGUID": policyguid,
+ "DNSDOMAIN": dnsdomain,
+ "DOMAINSID": str(domainsid),
+ "DOMAINDN": domaindn})
+
+ os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}"), 0755)
+ os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "Machine"), 0755)
+ os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "User"), 0755)
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0755)
setup_ldb(secrets_ldb, setup_dir, "secrets_dc.ldif", {
- "MACHINEPASS_B64": b64encode(subobj.machinepass),
- "DOMAIN": subobj.domain,
- "REALM": subobj.realm,
+ "MACHINEPASS_B64": b64encode(machinepass),
+ "DOMAIN": domain,
+ "REALM": realm,
"LDAPTIME": timestring(int(time.time())),
- "DNSDOMAIN": subobj.dnsdomain,
- "DOMAINSID": str(subobj.domainsid),
+ "DNSDOMAIN": dnsdomain,
+ "DOMAINSID": str(domainsid),
"SECRETS_KEYTAB": paths.keytab,
- "NETBIOSNAME": subobj.netbiosname,
+ "NETBIOSNAME": netbiosname,
"SAM_LDB": paths.samdb,
"DNS_KEYTAB": paths.dns_keytab,
- "DNSPASS_B64": b64encode(subobj.dnspass),
+ "DNSPASS_B64": b64encode(dnspass),
})
- setup_name_mappings(subobj, samdb)
+ setup_name_mappings(samdb, str(domainsid),
+ domaindn, root=root, nobody=nobody,
+ nogroup=nogroup, wheel=wheel, users=users,
+ backup=backup)
message("Setting up sam.ldb index")
setup_add_ldif(samdb, setup_dir, "provision_index.ldif")
@@ -678,113 +702,83 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info,
message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
+ message("Setting up DNS zone: %s" % dnsdomain)
+ provision_dns(setup_dir, paths, session_info, credentials, lp,
+ hostname=hostname, hostip=hostip, dnsdomain=dnsdomain,
+ domaindn=domaindn, dnspass=dnspass, realm=realm)
+ message("Please install the zone located in %s into your DNS server" % paths.dns)
def create_phplpapdadmin_config(path, setup_dir, s4_ldapi_path):
setup_file(setup_dir, "phpldapadmin-config.php",
path, {"S4_LDAPI_URI": "ldapi://%s" % s4_ldapi_path.replace("/", "%2F")})
-def provision_dns(setup_dir, subobj, message, paths, session_info, credentials, lp):
+def provision_dns(setup_dir, paths, session_info,
+ credentials, lp, dnsdomain, domaindn,
+ hostip, hostname, dnspass, realm):
"""Write out a DNS zone file, from the info in the current database."""
- message("Setting up DNS zone: %s" % subobj.dnsdomain)
+
# connect to the sam
ldb = SamDB(paths.samdb, session_info=session_info, credentials=credentials,
lp=lp)
# These values may have changed, due to an incoming SamSync,
# or may not have been specified, so fetch them from the database
- domainguid = str(ldb.searchone(Dn(ldb, subobj.domaindn), "objectGUID"))
+ domainguid = str(ldb.searchone(Dn(ldb, domaindn), "objectGUID"))
- hostguid = str(ldb.searchone(Dn(ldb, subobj.domaindn), "objectGUID" ,
- expression="(&(objectClass=computer)(cn=%s))" % subobj.netbiosname))
+ hostguid = str(ldb.searchone(Dn(ldb, domaindn), "objectGUID" ,
+ expression="(&(objectClass=computer)(cn=%s))" % hostname))
setup_file(setup_dir, "provision.zone", paths.dns, {
- "DNSPASS_B64": b64encode(subobj.dnspass),
- "HOSTNAME": hostname(),
- "DNSDOMAIN": subobj.dnsdomain,
- "REALM": subobj.realm,
- "HOSTIP": hostip(),
+ "DNSPASS_B64": b64encode(dnspass),
+ "HOSTNAME": hostname,
+ "DNSDOMAIN": dnsdomain,
+ "REALM": realm,
+ "HOSTIP": hostip,
"DOMAINGUID": domainguid,
"DATESTRING": time.strftime("%Y%m%d%H"),
- "DEFAULTSITE": subobj.defaultsite,
+ "DEFAULTSITE": DEFAULTSITE,
"HOSTGUID": hostguid,
})
- message("Please install the zone located in %s into your DNS server" % paths.dns)
-def provision_ldapbase(setup_dir, subobj, message, paths):
+def provision_ldapbase(setup_dir, message, paths):
"""Write out a DNS zone file, from the info in the current database."""
- message("Setting up LDAP base entry: %s" % subobj.domaindn)
- rdns = subobj.domaindn.split(",")
+ message("Setting up LDAP base entry: %s" % domaindn)
+ rdns = domaindn.split(",")
- subobj.rdn_dc = rdns[0][len("DC="):]
+ rdn_dc = rdns[0][len("DC="):]
setup_file(setup_dir, "provision_basedn.ldif",
- paths.ldap_basedn_ldif,
- None)
+ paths.ldap_basedn_ldif)
setup_file(setup_dir, "provision_configuration_basedn.ldif",
- paths.ldap_config_basedn_ldif, None)
+ paths.ldap_config_basedn_ldif)
setup_file(setup_dir, "provision_schema_basedn.ldif",
paths.ldap_schema_basedn_ldif, {
- "SCHEMADN": subobj.schemadn,
+ "SCHEMADN": schemadn,
"ACI": "# no aci for local ldb",
"EXTENSIBLEOBJECT": "objectClass: extensibleObject"})
message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server")
-def provision_guess(lp):
- """guess reasonably default options for provisioning."""
- subobj = ProvisionSettings(realm=lp.get("realm").upper(),
- domain=lp.get("workgroup"),
- hostname=hostname(),
- hostip=hostip())
-
- assert subobj.realm is not None
- assert subobj.domain is not None
- assert subobj.hostname is not None
-
- subobj.domainsid = security.random_sid()
- subobj.invocationid = uuid.random()
- subobj.policyguid = uuid.random()
- subobj.krbtgtpass = misc.random_password(12)
- subobj.machinepass = misc.random_password(12)
- subobj.adminpass = misc.random_password(12)
- subobj.dnspass = misc.random_password(12)
- subobj.root = findnss(pwd.getpwnam, "root")[4]
- subobj.nobody = findnss(pwd.getpwnam, "nobody")[4]
- subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
- subobj.wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
- subobj.backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
- subobj.users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", "usr")[2]
-
- subobj.dnsdomain = subobj.realm.lower()
- subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain)
- subobj.domaindn = "DC=" + subobj.dnsdomain.replace(".", ",DC=")
- subobj.rootdn = subobj.domaindn
- subobj.configdn = "CN=Configuration," + subobj.rootdn
- subobj.schemadn = "CN=Schema," + subobj.configdn
-
- return subobj
-
-
-def load_schema(setup_dir, samdb, subobj):
+def load_schema(setup_dir, samdb, schemadn, netbiosname, configdn):
"""Load schema."""
src = os.path.join(setup_dir, "schema.ldif")
schema_data = open(src, 'r').read()
src = os.path.join(setup_dir, "schema_samba4.ldif")
schema_data += open(src, 'r').read()
- schema_data = substitute_var(schema_data, {"SCHEMADN": subobj.schemadn})
+ schema_data = substitute_var(schema_data, {"SCHEMADN": schemadn})
src = os.path.join(setup_dir, "provision_schema_basedn_modify.ldif")
head_data = open(src, 'r').read()
head_data = substitute_var(head_data, {
- "SCHEMADN": subobj.schemadn,
- "NETBIOSNAME": subobj.netbiosname,
- "CONFIGDN": subobj.configdn,
- "DEFAULTSITE": subobj.defaultsite})
+ "SCHEMADN": schemadn,
+ "NETBIOSNAME": netbiosname,
+ "CONFIGDN": configdn,
+ "DEFAULTSITE": DEFAULTSITE})
samdb.attach_schema_from_ldif(head_data, schema_data)
diff --git a/source4/setup/provision.py b/source4/setup/provision.py
index 0cc0a75d92..898dfc7405 100755
--- a/source4/setup/provision.py
+++ b/source4/setup/provision.py
@@ -31,9 +31,8 @@ import samba
from auth import system_session
import samba.getopt as options
import param
-from samba.provision import (provision, provision_guess,
- provision_default_paths, provision_ldapbase,
- provision_dns)
+from samba.provision import (provision,
+ provision_default_paths, provision_ldapbase)
parser = optparse.OptionParser("provision [options]")
parser.add_option_group(options.SambaOptions(parser))
@@ -121,17 +120,11 @@ lp.set("realm", opts.realm)
lp.set("workgroup", opts.domain)
lp.set("server role", opts.server_role)
-subobj = provision_guess(lp)
-subobj.domain_guid = opts.domain_guid
-subobj.host_guid = opts.host_guid
-
if opts.aci is not None:
- print "set ACI: %s" % subobj.aci
+ print "set ACI: %s" % opts.aci
-print "set domain sid: %s" % subobj.domainsid
-paths = provision_default_paths(lp, subobj)
+paths = provision_default_paths(lp, opts.realm.lower())
paths.smbconf = opts.configfile
-subobj.fix(paths);
if opts.ldap_backend:
if opts.ldap_backend == "ldapi":
@@ -148,25 +141,28 @@ if opts.ldap_backend:
subobj.schemadn_mod2 = ",%s,paged_searches" % subobj.ldapmodule
message("LDAP module: %s on backend: %s" % (subobj.ldapmodule, subobj.ldap_backend))
-subobj.validate(lp)
-
creds = credopts.get_credentials()
-message("Provisioning for %s in realm %s" % (subobj.domain, subobj.realm))
-message("Using administrator password: %s" % subobj.adminpass)
setup_dir = opts.setupdir
if setup_dir is None:
setup_dir = "setup"
if opts.ldap_base:
- provision_ldapbase(setup_dir, subobj, message, paths)
+ provision_ldapbase(setup_dir, message, paths)
message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif))
elif opts.partitions_only:
- provision_become_dc(setup_dir, subobj, message, False,
+ provision_become_dc(setup_dir, message, False,
paths, lp, system_session(), creds)
else:
- provision(lp, setup_dir, subobj, message, opts.blank, paths,
- system_session(), creds, opts.ldap_backend)
- provision_dns(setup_dir, subobj, message, paths, system_session(), creds, lp)
+ provision(lp, setup_dir, message, opts.blank, paths,
+ system_session(), creds, opts.ldap_backend, realm=opts.realm,
+ domainguid=opts.domain_guid, domainsid=opts.domain_sid,
+ policyguid=opts.policy_guid, hostname=opts.host_name,
+ hostip=opts.host_ip, hostguid=opts.host_guid,
+ invocationid=opts.invocationid, adminpass=opts.adminpass,
+ krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
+ dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
+ nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users,
+ aci=opts.aci, serverrole=opts.server_role)
message("To reproduce this provision, run with:")
def shell_escape(arg):
if " " in arg: