diff options
-rw-r--r-- | source4/scripting/python/samba/provision.py | 117 |
1 files changed, 75 insertions, 42 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index a8aeb8c831..c17b74345a 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -54,14 +54,6 @@ class ProvisionSettings(object): self.schemedn_ldb = None self.s4_ldapi_path = None self.policyguid = None - self.serverrole = None - - def subst_vars(self): - return { - "SERVERROLE": self.serverrole, - "DOMAIN_CONF": self.domain, - "REALM_CONF": self.realm, - } def fix(self, paths): self.realm = self.realm.upper() @@ -75,13 +67,6 @@ class ProvisionSettings(object): rdns = self.domaindn.split(",") self.rdn_dc = rdns[0][len("DC="):] - self.sam_ldb = paths.samdb - self.secrets_ldb = paths.secrets - self.secrets_keytab = paths.keytab - - self.s4_ldapi_path = paths.s4_ldapi_path - self.serverrole = "domain controller" - def validate(self, lp): if not valid_netbios_name(self.domain): raise InvalidNetbiosName(self.domain) @@ -111,12 +96,12 @@ class ProvisionPaths: self.samdb = None self.secrets = None self.keytab = None + self.dns_keytab = None self.dns = None self.winsdb = None self.ldap_basedn_ldif = None self.ldap_config_basedn_ldif = None self.ldap_schema_basedn_ldif = None - self.s4_ldapi_path = None def install_ok(lp, session_info, credentials): @@ -184,6 +169,8 @@ def setup_add_ldif(ldb, setup_dir, ldif, subst_vars=None): if subst_vars is not None: data = substitute_var(data, subst_vars) + assert "${" not in data + for msg in ldb.parse_ldif(data): ldb.add(msg[1]) @@ -195,6 +182,8 @@ def setup_modify_ldif(ldb, setup_dir, ldif, substvars=None): if substvars is not None: data = substitute_var(data, substvars) + assert "${" not in data + for (changetype, msg) in ldb.parse_ldif(data): ldb.modify(msg) @@ -231,7 +220,8 @@ def setup_file(setup_dir, template, fname, substvars): os.unlink(f) data = open(src, 'r').read() - data = substitute_var(data, substvars) + if substvars: + data = substitute_var(data, substvars) assert not "${" in data open(f, 'w').write(data) @@ -250,6 +240,7 @@ def provision_default_paths(lp, subobj): paths.secrets = os.path.join(private_dir, lp.get("secrets database") or "secrets.ldb") paths.templates = os.path.join(private_dir, "templates.ldb") paths.keytab = os.path.join(private_dir, "secrets.keytab") + paths.dns_keytab = os.path.join(private_dir, "dns.keytab") paths.dns = os.path.join(private_dir, subobj.dnsdomain + ".zone") paths.winsdb = os.path.join(private_dir, "wins.ldb") paths.ldap_basedn_ldif = os.path.join(private_dir, @@ -262,6 +253,14 @@ def provision_default_paths(lp, subobj): paths.phpldapadminconfig = os.path.join(private_dir, "phpldapadmin-config.php") paths.hklm = os.path.join(private_dir, "hklm.ldb") + paths.sysvol = lp.get("sysvol", "path") + if paths.sysvol is None: + paths.sysvol = os.path.join(lp.get("lock dir"), "sysvol") + + paths.netlogon = lp.get("netlogon", "path") + if paths.netlogon is None: + paths.netlogon = os.path.join(os.path.join(paths.sysvol, "scripts")) + return paths @@ -412,11 +411,6 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info, """ subobj.fix(paths) - if subobj.host_guid is not None: - subobj.hostguid_add = "objectGUID: %s" % subobj.host_guid - else: - subobj.hostguid_add = "" - assert paths.smbconf is not None # only install a new smb.conf if there isn't one there already @@ -440,10 +434,11 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info, setup_ldb(share_ldb, setup_dir, "share.ldif", None) message("Setting up %s" % paths.secrets) - setup_secretsdb(paths.secrets, setup_dir, session_info=session_info, + secrets_ldb = setup_secretsdb(paths.secrets, setup_dir, session_info=session_info, credentials=credentials, lp=lp) message("Setting up registry") + # FIXME: Still fails for some reason #setup_registry(paths.hklm, setup_dir, session_info, # credentials=credentials, lp=lp) @@ -582,15 +577,7 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info, "CONFIGDN": subobj.configdn, }) - if blank: - message("Setting up sam.ldb index") - setup_add_ldif(samdb, setup_dir, "provision_index.ldif") - - message("Setting up sam.ldb rootDSE marking as syncronized") - setup_modify_ldif(samdb, setup_dir, "provision_rootdse_modify.ldif") - - samdb.transaction_commit() - return + if not blank: # message("Activate schema module") # setup_modify_ldif("schema_activation.ldif", info, samdb, False) @@ -605,16 +592,62 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info, # # samdb = open_ldb(info, paths.samdb, False) # - message("Setting up sam.ldb users and groups") - setup_add_ldif(samdb, setup_dir, "provision_users.ldif", { - "DOMAINDN": subobj.domaindn, - "DOMAINSID": str(subobj.domainsid), - "CONFIGDN": subobj.configdn, - "ADMINPASS_B64": b64encode(subobj.adminpass), - "KRBTGTPASS_B64": b64encode(subobj.krbtgtpass), - }) + message("Setting up sam.ldb users and groups") + setup_add_ldif(samdb, setup_dir, "provision_users.ldif", { + "DOMAINDN": subobj.domaindn, + "DOMAINSID": str(subobj.domainsid), + "CONFIGDN": subobj.configdn, + "ADMINPASS_B64": b64encode(subobj.adminpass), + "KRBTGTPASS_B64": b64encode(subobj.krbtgtpass), + }) + + if lp.get("server role") == "domain controller": + message("Setting up self join") + if subobj.host_guid is not None: + hostguid_add = "objectGUID: %s" % subobj.host_guid + else: + hostguid_add = "" + + setup_add_ldif(samdb, setup_dir, "provision_self_join.ldif", { + "CONFIGDN": subobj.configdn, + "SCHEMADN": subobj.schemadn, + "DOMAINDN": subobj.domaindn, + "INVOCATIONID": subobj.invocationid, + "NETBIOSNAME": subobj.netbiosname, + "DEFAULTSITE": subobj.defaultsite, + "DNSNAME": subobj.dnsname, + "MACHINEPASS_B64": b64encode(subobj.machinepass), + "DNSPASS_B64": b64encode(subobj.dnspass), + "REALM": subobj.realm, + "DOMAIN": subobj.domain, + "HOSTGUID_ADD": hostguid_add, + "DNSDOMAIN": subobj.dnsdomain}) + setup_add_ldif(samdb, setup_dir, "provision_group_policy.ldif", { + "POLICYGUID": subobj.policyguid, + "DNSDOMAIN": subobj.dnsdomain, + "DOMAINSID": str(subobj.domainsid), + "DOMAINDN": subobj.domaindn}) + + os.makedirs(os.path.join(paths.sysvol, subobj.dnsdomain, "Policies", "{" + subobj.policyguid + "}"), 0755) + os.makedirs(os.path.join(paths.sysvol, subobj.dnsdomain, "Policies", "{" + subobj.policyguid + "}", "Machine"), 0755) + os.makedirs(os.path.join(paths.sysvol, subobj.dnsdomain, "Policies", "{" + subobj.policyguid + "}", "User"), 0755) + if not os.path.isdir(paths.netlogon): + os.makedirs(paths.netlogon, 0755) + setup_ldb(secrets_ldb, setup_dir, "secrets_dc.ldif", { + "MACHINEPASS_B64": b64encode(subobj.machinepass), + "DOMAIN": subobj.domain, + "REALM": subobj.realm, + "LDAPTIME": timestring(int(time.time())), + "DNSDOMAIN": subobj.dnsdomain, + "DOMAINSID": str(subobj.domainsid), + "SECRETS_KEYTAB": paths.keytab, + "NETBIOSNAME": subobj.netbiosname, + "SAM_LDB": paths.samdb, + "DNS_KEYTAB": paths.dns_keytab, + "DNSPASS_B64": b64encode(subobj.dnspass), + }) - setup_name_mappings(subobj, samdb) + setup_name_mappings(subobj, samdb) message("Setting up sam.ldb index") setup_add_ldif(samdb, setup_dir, "provision_index.ldif") @@ -628,7 +661,7 @@ def provision(lp, setup_dir, subobj, message, blank, paths, session_info, samdb.transaction_commit() message("Setting up phpLDAPadmin configuration") - create_phplpapdadmin_config(paths.phpldapadminconfig, setup_dir, subobj.s4_ldapi_path) + create_phplpapdadmin_config(paths.phpldapadminconfig, setup_dir, paths.s4_ldapi_path) message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig) |