summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/__init__.py5
-rw-r--r--source4/scripting/python/samba/getopt.py23
-rw-r--r--source4/scripting/python/samba/ndr.py2
-rw-r--r--source4/scripting/python/samba/sd_utils.py4
-rw-r--r--source4/scripting/python/samba/upgrade.py59
-rwxr-xr-xsource4/setup/provision319
6 files changed, 219 insertions, 193 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 03ee6faa59..d81a25cbcf 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -29,7 +29,7 @@ import sys
import samba.param
def source_tree_topdir():
- '''return the top level directory (the one containing the source4 directory)'''
+ """Return the top level source directory."""
paths = [ "../../..", "../../../.." ]
for p in paths:
topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p))
@@ -38,7 +38,7 @@ def source_tree_topdir():
raise RuntimeError("unable to find top level source directory")
def in_source_tree():
- '''return True if we are running from within the samba source tree'''
+ """Return True if we are running from within the samba source tree"""
try:
topdir = source_tree_topdir()
except RuntimeError:
@@ -46,7 +46,6 @@ def in_source_tree():
return True
-
import ldb
from samba._ldb import Ldb as _Ldb
diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py
index 671142b552..0ab1e9e46f 100644
--- a/source4/scripting/python/samba/getopt.py
+++ b/source4/scripting/python/samba/getopt.py
@@ -21,7 +21,8 @@
__docformat__ = "restructuredText"
-import optparse, os
+import optparse
+import os
from samba.credentials import (
Credentials,
DONT_USE_KERBEROS,
@@ -44,7 +45,8 @@ class SambaOptions(optparse.OptionGroup):
type=int, metavar="DEBUGLEVEL", help="debug level",
callback=self._set_debuglevel)
self.add_option("--option", action="callback",
- type=str, metavar="OPTION", help="set smb.conf option from command line",
+ type=str, metavar="OPTION",
+ help="set smb.conf option from command line",
callback=self._set_option)
self.add_option("--realm", action="callback",
type=str, metavar="REALM", help="set the realm name",
@@ -53,7 +55,7 @@ class SambaOptions(optparse.OptionGroup):
self._lp = LoadParm()
def get_loadparm_path(self):
- """Return the path to the smb.conf file specified on the command line. """
+ """Return path to the smb.conf file specified on the command line."""
return self._configfile
def _load_configfile(self, option, opt_str, arg, parser):
@@ -73,7 +75,7 @@ class SambaOptions(optparse.OptionGroup):
self._lp.set(a[0], a[1])
def get_loadparm(self):
- """Return a loadparm object with data specified on the command line. """
+ """Return loadparm object with data specified on the command line."""
if self._configfile is not None:
self._lp.load(self._configfile)
elif os.getenv("SMB_CONF_PATH") is not None:
@@ -124,7 +126,8 @@ class CredentialsOptions(optparse.OptionGroup):
help="Use Kerberos", callback=self._set_kerberos)
self.add_option("", "--ipaddress", metavar="IPADDRESS",
action="callback", type=str,
- help="IP address of server", callback=self._set_ipaddress)
+ help="IP address of server",
+ callback=self._set_ipaddress)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
@@ -171,6 +174,7 @@ class CredentialsOptions(optparse.OptionGroup):
return self.creds
+
class CredentialsOptionsDouble(CredentialsOptions):
"""Command line options for specifying credentials of two servers."""
def __init__(self, parser):
@@ -180,13 +184,16 @@ class CredentialsOptionsDouble(CredentialsOptions):
callback=self._set_simple_bind_dn2, type=str,
help="DN to use for a simple bind")
self.add_option("--password2", metavar="PASSWORD2", action="callback",
- help="Password", type=str, callback=self._set_password2)
+ help="Password", type=str,
+ callback=self._set_password2)
self.add_option("--username2", metavar="USERNAME2",
action="callback", type=str,
- help="Username for second server", callback=self._parse_username2)
+ help="Username for second server",
+ callback=self._parse_username2)
self.add_option("--workgroup2", metavar="WORKGROUP2",
action="callback", type=str,
- help="Workgroup for second server", callback=self._parse_workgroup2)
+ help="Workgroup for second server",
+ callback=self._parse_workgroup2)
self.add_option("--no-pass2", action="store_true",
help="Don't ask for a password for the second server")
self.add_option("--kerberos2", metavar="KERBEROS2",
diff --git a/source4/scripting/python/samba/ndr.py b/source4/scripting/python/samba/ndr.py
index 112668523f..ccab1123d9 100644
--- a/source4/scripting/python/samba/ndr.py
+++ b/source4/scripting/python/samba/ndr.py
@@ -23,7 +23,7 @@
def ndr_pack(object):
"""Pack a NDR object.
-
+
:param object: Object to pack
:return: String object with marshalled object.
"""
diff --git a/source4/scripting/python/samba/sd_utils.py b/source4/scripting/python/samba/sd_utils.py
index ea8f2e7d0b..66ff6cc559 100644
--- a/source4/scripting/python/samba/sd_utils.py
+++ b/source4/scripting/python/samba/sd_utils.py
@@ -26,6 +26,7 @@ from ldb import FLAG_MOD_REPLACE, SCOPE_BASE
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security
+
class SDUtils(object):
"""Some utilities for manipulation of security descriptors
on objects"""
@@ -69,7 +70,8 @@ class SDUtils(object):
if ace in desc_sddl:
return
if desc_sddl.find("(") >= 0:
- desc_sddl = desc_sddl[:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):]
+ desc_sddl = (desc_sddl[:desc_sddl.index("(")] + ace +
+ desc_sddl[desc_sddl.index("("):])
else:
desc_sddl = desc_sddl + ace
self.modify_sd_on_dn(object_dn, desc_sddl)
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 98800196d9..4c293ed308 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -35,6 +35,7 @@ from samba import dsdb
from samba.ndr import ndr_pack
from samba import unix2nttime
+
def import_sam_policy(samdb, policy, logger):
"""Import a Samba 3 policy.
@@ -53,14 +54,15 @@ def import_sam_policy(samdb, policy, logger):
m = ldb.Message()
m.dn = samdb.get_default_basedn()
- m['a01'] = ldb.MessageElement(str(policy['min password length']), ldb.FLAG_MOD_REPLACE,
- 'minPwdLength')
- m['a02'] = ldb.MessageElement(str(policy['password history']), ldb.FLAG_MOD_REPLACE,
- 'pwdHistoryLength')
+ m['a01'] = ldb.MessageElement(str(policy['min password length']),
+ ldb.FLAG_MOD_REPLACE, 'minPwdLength')
+ m['a02'] = ldb.MessageElement(str(policy['password history']),
+ ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength')
min_pw_age_unix = policy['minimum password age']
min_pw_age_nt = 0 - unix2nttime(min_pw_age_unix)
- m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'minPwdAge')
+ m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE,
+ 'minPwdAge')
max_pw_age_unix = policy['maximum password age']
if (max_pw_age_unix == 0xFFFFFFFF):
@@ -74,8 +76,8 @@ def import_sam_policy(samdb, policy, logger):
lockout_duration_mins = policy['lockout duration']
lockout_duration_nt = unix2nttime(lockout_duration_mins * 60)
- m['a05'] = ldb.MessageElement(str(lockout_duration_nt), ldb.FLAG_MOD_REPLACE,
- 'lockoutDuration')
+ m['a05'] = ldb.MessageElement(str(lockout_duration_nt),
+ ldb.FLAG_MOD_REPLACE, 'lockoutDuration')
try:
samdb.modify(m)
@@ -103,12 +105,15 @@ def add_idmap_entry(idmapdb, sid, xid, xid_type, logger):
try:
m = ldb.Message()
m.dn = msg[0]['dn']
- m['xidNumber'] = ldb.MessageElement(str(xid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
- m['type'] = ldb.MessageElement(xid_type, ldb.FLAG_MOD_REPLACE, 'type')
+ m['xidNumber'] = ldb.MessageElement(
+ str(xid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
+ m['type'] = ldb.MessageElement(
+ xid_type, ldb.FLAG_MOD_REPLACE, 'type')
idmapdb.modify(m)
except ldb.LdbError, e:
- logger.warn('Could not modify idmap entry for sid=%s, id=%s, type=%s (%s)',
- str(sid), str(xid), xid_type, str(e))
+ logger.warn(
+ 'Could not modify idmap entry for sid=%s, id=%s, type=%s (%s)',
+ str(sid), str(xid), xid_type, str(e))
else:
try:
idmapdb.add({"dn": "CN=%s" % str(sid),
@@ -118,8 +123,9 @@ def add_idmap_entry(idmapdb, sid, xid, xid_type, logger):
"type": xid_type,
"xidNumber": str(xid)})
except ldb.LdbError, e:
- logger.warn('Could not add idmap entry for sid=%s, id=%s, type=%s (%s)',
- str(sid), str(xid), xid_type, str(e))
+ logger.warn(
+ 'Could not add idmap entry for sid=%s, id=%s, type=%s (%s)',
+ str(sid), str(xid), xid_type, str(e))
def import_idmap(idmapdb, samba3, logger):
@@ -142,8 +148,10 @@ def import_idmap(idmapdb, samba3, logger):
m = ldb.Message()
m.dn = ldb.Dn(idmapdb, 'CN=CONFIG')
- m['lowerbound'] = ldb.MessageElement(str(lowerbound), ldb.FLAG_MOD_REPLACE, 'lowerBound')
- m['xidNumber'] = ldb.MessageElement(str(currentxid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
+ m['lowerbound'] = ldb.MessageElement(
+ str(lowerbound), ldb.FLAG_MOD_REPLACE, 'lowerBound')
+ m['xidNumber'] = ldb.MessageElement(
+ str(currentxid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
idmapdb.modify(m)
for id_type, xid in samba3_idmap.ids():
@@ -169,7 +177,8 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
# First try to see if we already have this entry
try:
- msg = samdb.search(base='<SID=%s>' % str(groupmap.sid), scope=ldb.SCOPE_BASE)
+ msg = samdb.search(
+ base='<SID=%s>' % str(groupmap.sid), scope=ldb.SCOPE_BASE)
found = True
except ldb.LdbError, (ecode, emsg):
if ecode == ldb.ERR_NO_SUCH_OBJECT:
@@ -183,7 +192,7 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
else:
if groupmap.sid_name_use == lsa.SID_NAME_WKN_GRP:
# In a lot of Samba3 databases, aliases are marked as well known groups
- (group_dom_sid, rid) = group.sid.split()
+ (group_dom_sid, rid) = groupmap.sid.split()
if (group_dom_sid != security.dom_sid(security.SID_BUILTIN)):
return
@@ -238,7 +247,7 @@ def import_wins(samba4_winsdb, samba3_winsdb):
version_id = 0
for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items():
- version_id+=1
+ version_id += 1
type = int(name.split("#", 1)[1], 16)
@@ -260,7 +269,7 @@ def import_wins(samba4_winsdb, samba3_winsdb):
else:
rState = 0x1 # released
- nType = ((nb_flags & 0x60)>>5)
+ nType = ((nb_flags & 0x60) >> 5)
samba4_winsdb.add({"dn": "name=%s,type=0x%s" % tuple(name.split("#")),
"type": name.split("#")[1],
@@ -279,6 +288,7 @@ def import_wins(samba4_winsdb, samba3_winsdb):
"objectClass": "winsMaxVersion",
"maxVersion": str(version_id)})
+
def enable_samba3sam(samdb, ldapurl):
"""Enable Samba 3 LDAP URL database.
@@ -387,7 +397,8 @@ smbconf_keep = [
"host msdfs",
"winbind separator"]
-def upgrade_smbconf(oldconf,mark):
+
+def upgrade_smbconf(oldconf, mark):
"""Remove configuration variables not present in Samba4
:param oldconf: Old configuration structure
@@ -408,7 +419,7 @@ def upgrade_smbconf(oldconf,mark):
if keep:
newconf.set(s, p, oldconf.get(s, p))
elif mark:
- newconf.set(s, "samba3:"+p, oldconf.get(s,p))
+ newconf.set(s, "samba3:" + p, oldconf.get(s, p))
return newconf
@@ -416,6 +427,7 @@ SAMBA3_PREDEF_NAMES = {
'HKLM': registry.HKEY_LOCAL_MACHINE,
}
+
def import_registry(samba4_registry, samba3_regdb):
"""Import a Samba 3 registry database into the Samba 4 registry.
@@ -516,7 +528,7 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa
sid, rid = group.sid.split()
if sid == domainsid:
if rid >= next_rid:
- next_rid = rid + 1
+ next_rid = rid + 1
# Get members for each group/alias
if group.sid_name_use == lsa.SID_NAME_ALIAS:
@@ -540,7 +552,6 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa
group.nt_name, group.sid_name_use)
continue
-
# Export users from old passdb backend
logger.info("Exporting users")
userlist = s3db.search_users(0)
@@ -575,7 +586,7 @@ Please fix this account before attempting to upgrade again
"""
% (user.acct_flags, username,
samr.ACB_NORMAL, samr.ACB_WSTRUST, samr.ACB_SVRTRUST, samr.ACB_DOMTRUST))
-
+
userdata[username] = user
try:
uids[username] = s3db.sid_to_id(user.user_sid)[0]
diff --git a/source4/setup/provision b/source4/setup/provision
index 39ef62d4b3..315de78821 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -7,17 +7,17 @@
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell 2005
-#
+#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
@@ -35,13 +35,19 @@ import samba.ntacls
from samba.credentials import DONT_USE_KERBEROS
from samba.auth import system_session
import samba.getopt as options
-from samba.provision import provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS, ProvisioningError
+from samba.provision import (
+ provision,
+ FILL_FULL,
+ FILL_NT4SYNC,
+ FILL_DRS,
+ ProvisioningError,
+ )
from samba.dsdb import (
- DS_DOMAIN_FUNCTION_2000,
- DS_DOMAIN_FUNCTION_2003,
- DS_DOMAIN_FUNCTION_2008,
- DS_DOMAIN_FUNCTION_2008_R2,
- )
+ DS_DOMAIN_FUNCTION_2000,
+ DS_DOMAIN_FUNCTION_2003,
+ DS_DOMAIN_FUNCTION_2008,
+ DS_DOMAIN_FUNCTION_2008_R2,
+ )
# how do we make this case insensitive??
@@ -53,72 +59,72 @@ credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
parser.add_option("--interactive", help="Ask for names", action="store_true")
parser.add_option("--domain", type="string", metavar="DOMAIN",
- help="set domain")
-parser.add_option("--domain-guid", type="string", metavar="GUID",
- help="set domainguid (otherwise random)")
-parser.add_option("--domain-sid", type="string", metavar="SID",
- help="set domainsid (otherwise random)")
-parser.add_option("--ntds-guid", type="string", metavar="GUID",
- help="set NTDS object GUID (otherwise random)")
-parser.add_option("--invocationid", type="string", metavar="GUID",
- help="set invocationid (otherwise random)")
-parser.add_option("--host-name", type="string", metavar="HOSTNAME",
- help="set hostname")
-parser.add_option("--host-ip", type="string", metavar="IPADDRESS",
- help="set IPv4 ipaddress")
-parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS",
- help="set IPv6 ipaddress")
-parser.add_option("--adminpass", type="string", metavar="PASSWORD",
- help="choose admin password (otherwise random)")
-parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD",
- help="choose krbtgt password (otherwise random)")
-parser.add_option("--machinepass", type="string", metavar="PASSWORD",
- help="choose machine password (otherwise random)")
+ help="set domain")
+parser.add_option("--domain-guid", type="string", metavar="GUID",
+ help="set domainguid (otherwise random)")
+parser.add_option("--domain-sid", type="string", metavar="SID",
+ help="set domainsid (otherwise random)")
+parser.add_option("--ntds-guid", type="string", metavar="GUID",
+ help="set NTDS object GUID (otherwise random)")
+parser.add_option("--invocationid", type="string", metavar="GUID",
+ help="set invocationid (otherwise random)")
+parser.add_option("--host-name", type="string", metavar="HOSTNAME",
+ help="set hostname")
+parser.add_option("--host-ip", type="string", metavar="IPADDRESS",
+ help="set IPv4 ipaddress")
+parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS",
+ help="set IPv6 ipaddress")
+parser.add_option("--adminpass", type="string", metavar="PASSWORD",
+ help="choose admin password (otherwise random)")
+parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD",
+ help="choose krbtgt password (otherwise random)")
+parser.add_option("--machinepass", type="string", metavar="PASSWORD",
+ help="choose machine password (otherwise random)")
parser.add_option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
- choices=["SAMBA", "BIND9", "BIND9_DLZ"],
+ choices=["SAMBA", "BIND9", "BIND9_DLZ"],
help="The DNS server backend. SAMBA is the builtin name server (experimental), BIND9 uses bind9 text database to store zone information (default), BIND9_DLZ uses samba4 AD to store zone information (recommended)")
-parser.add_option("--dnspass", type="string", metavar="PASSWORD",
- help="choose dns password (otherwise random)")
-parser.add_option("--ldapadminpass", type="string", metavar="PASSWORD",
- help="choose password to set between Samba and it's LDAP backend (otherwise random)")
-parser.add_option("--root", type="string", metavar="USERNAME",
- help="choose 'root' unix username")
-parser.add_option("--nobody", type="string", metavar="USERNAME",
- help="choose 'nobody' user")
-parser.add_option("--wheel", type="string", metavar="GROUPNAME",
- help="choose 'wheel' privileged group")
-parser.add_option("--users", type="string", metavar="GROUPNAME",
- help="choose 'users' group")
+parser.add_option("--dnspass", type="string", metavar="PASSWORD",
+ help="choose dns password (otherwise random)")
+parser.add_option("--ldapadminpass", type="string", metavar="PASSWORD",
+ help="choose password to set between Samba and it's LDAP backend (otherwise random)")
+parser.add_option("--root", type="string", metavar="USERNAME",
+ help="choose 'root' unix username")
+parser.add_option("--nobody", type="string", metavar="USERNAME",
+ help="choose 'nobody' user")
+parser.add_option("--wheel", type="string", metavar="GROUPNAME",
+ help="choose 'wheel' privileged group")
+parser.add_option("--users", type="string", metavar="GROUPNAME",
+ help="choose 'users' group")
parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--blank", action="store_true",
- help="do not add users or groups, just the structure")
-parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
- help="Additional TCP port for LDAP backend server (to use for replication)")
-parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
- help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
-parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
- help="LDAP backend type (fedora-ds or openldap)",
- choices=["fedora-ds", "openldap"])
+ help="do not add users or groups, just the structure")
+parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
+ help="Additional TCP port for LDAP backend server (to use for replication)")
+parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
+ help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
+parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
+ help="LDAP backend type (fedora-ds or openldap)",
+ choices=["fedora-ds", "openldap"])
parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
parser.add_option("--server-role", type="choice", metavar="ROLE",
- choices=["domain controller", "dc", "member server", "member", "standalone"],
- help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
+ choices=["domain controller", "dc", "member server", "member", "standalone"],
+ help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
- choices=["2000", "2003", "2008", "2008_R2"],
- help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.")
+ choices=["2000", "2003", "2008", "2008_R2"],
+ help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.")
parser.add_option("--next-rid", type="int", metavar="NEXTRID", default=1000,
- help="The initial nextRid value (only needed for upgrades). Default is 1000.")
-parser.add_option("--partitions-only",
- help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
-parser.add_option("--targetdir", type="string", metavar="DIR",
- help="Set target directory")
+ help="The initial nextRid value (only needed for upgrades). Default is 1000.")
+parser.add_option("--partitions-only",
+ help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
+parser.add_option("--targetdir", type="string", metavar="DIR",
+ help="Set target directory")
parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"")
-parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH",
- help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.")
-parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH",
- help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.")
-parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
+parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH",
+ help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.")
+parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH",
+ help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.")
+parser.add_option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true")
opts = parser.parse_args()[0]
@@ -126,81 +132,82 @@ opts = parser.parse_args()[0]
logger = logging.getLogger("provision")
logger.addHandler(logging.StreamHandler(sys.stdout))
if opts.quiet:
- logger.setLevel(logging.WARNING)
+ logger.setLevel(logging.WARNING)
else:
- logger.setLevel(logging.INFO)
+ logger.setLevel(logging.INFO)
if len(sys.argv) == 1:
- opts.interactive = True
+ opts.interactive = True
if opts.interactive:
- from getpass import getpass
- import socket
- def ask(prompt, default=None):
- if default is not None:
- print "%s [%s]: " % (prompt,default),
- else:
- print "%s: " % (prompt,),
- return sys.stdin.readline().rstrip("\n") or default
- try:
- default = socket.getfqdn().split(".", 1)[1].upper()
- except IndexError:
- default = None
- opts.realm = ask("Realm", default)
- if opts.realm in (None, ""):
- print >>sys.stderr, "No realm set!"
- sys.exit(1)
+ from getpass import getpass
+ import socket
- try:
- default = opts.realm.split(".")[0]
- except IndexError:
- default = None
- opts.domain = ask("Domain", default)
- if opts.domain is None:
- print >> sys.stderr, "No domain set!"
- sys.exit(1)
+ def ask(prompt, default=None):
+ if default is not None:
+ print "%s [%s]: " % (prompt, default),
+ else:
+ print "%s: " % (prompt,),
+ return sys.stdin.readline().rstrip("\n") or default
+ try:
+ default = socket.getfqdn().split(".", 1)[1].upper()
+ except IndexError:
+ default = None
+ opts.realm = ask("Realm", default)
+ if opts.realm in (None, ""):
+ print >>sys.stderr, "No realm set!"
+ sys.exit(1)
- opts.server_role = ask("Server Role (dc, member, standalone)", "dc")
- for i in range(3):
- opts.adminpass = getpass("Administrator password: ")
- if not opts.adminpass:
- print >>sys.stderr, "Invalid administrator password."
- else:
- break
+ try:
+ default = opts.realm.split(".")[0]
+ except IndexError:
+ default = None
+ opts.domain = ask("Domain", default)
+ if opts.domain is None:
+ print >> sys.stderr, "No domain set!"
+ sys.exit(1)
+
+ opts.server_role = ask("Server Role (dc, member, standalone)", "dc")
+ for i in range(3):
+ opts.adminpass = getpass("Administrator password: ")
+ if not opts.adminpass:
+ print >>sys.stderr, "Invalid administrator password."
+ else:
+ break
else:
- if opts.realm in (None, ""):
- opts.realm = sambaopts._lp.get('realm')
- if opts.realm is None or opts.domain is None:
- if opts.realm is None:
- print >>sys.stderr, "No realm set!"
- if opts.domain is None:
- print >> sys.stderr, "No domain set!"
- parser.print_usage()
- sys.exit(1)
+ if opts.realm in (None, ""):
+ opts.realm = sambaopts._lp.get('realm')
+ if opts.realm is None or opts.domain is None:
+ if opts.realm is None:
+ print >>sys.stderr, "No realm set!"
+ if opts.domain is None:
+ print >> sys.stderr, "No domain set!"
+ parser.print_usage()
+ sys.exit(1)
if not opts.adminpass:
- logger.info("Administrator password will be set randomly!")
+ logger.info("Administrator password will be set randomly!")
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
if opts.server_role == "dc":
- server_role = "domain controller"
+ server_role = "domain controller"
elif opts.server_role == "member":
- server_role = "member server"
+ server_role = "member server"
else:
- server_role = opts.server_role
+ server_role = opts.server_role
if opts.function_level is None:
- dom_for_fun_level = None
+ dom_for_fun_level = None
elif opts.function_level == "2000":
- dom_for_fun_level = DS_DOMAIN_FUNCTION_2000
+ dom_for_fun_level = DS_DOMAIN_FUNCTION_2000
elif opts.function_level == "2003":
- dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
+ dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
elif opts.function_level == "2008":
- dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
+ dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
elif opts.function_level == "2008_R2":
- dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
+ dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
creds = credopts.get_credentials(lp)
@@ -214,50 +221,50 @@ elif opts.partitions_only:
eadb = True
if opts.use_xattrs == "yes":
- eadb = False
+ eadb = False
elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"):
- file = tempfile.NamedTemporaryFile()
- try:
- samba.ntacls.setntacl(lp, file.name,
- "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
- eadb = False
- except:
- logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
- "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
- file.close()
+ file = tempfile.NamedTemporaryFile()
+ try:
+ samba.ntacls.setntacl(lp, file.name,
+ "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
+ eadb = False
+ except:
+ logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
+ "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
+ file.close()
if opts.ldap_backend_type == "existing":
- if opts.ldap_backend_forced_uri is not None:
- logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
- else:
- logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
+ if opts.ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
+ else:
+ logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
else:
- if opts.ldap_backend_forced_uri is not None:
- logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
-
+ if opts.ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
+
session = system_session()
try:
- provision(logger,
- session, creds, smbconf=smbconf, targetdir=opts.targetdir,
- samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
- domainguid=opts.domain_guid, domainsid=opts.domain_sid,
- hostname=opts.host_name,
- hostip=opts.host_ip, hostip6=opts.host_ip6,
- ntdsguid=opts.ntds_guid,
- invocationid=opts.invocationid, adminpass=opts.adminpass,
- krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
- dns_backend=opts.dns_backend,
- dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
- wheel=opts.wheel, users=opts.users,
- serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
- ldap_backend_extra_port=opts.ldap_backend_extra_port,
- ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
- backend_type=opts.ldap_backend_type,
- ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
- slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
- nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode,
- useeadb=eadb, next_rid=opts.next_rid, lp=lp)
+ provision(logger,
+ session, creds, smbconf=smbconf, targetdir=opts.targetdir,
+ samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
+ domainguid=opts.domain_guid, domainsid=opts.domain_sid,
+ hostname=opts.host_name,
+ hostip=opts.host_ip, hostip6=opts.host_ip6,
+ ntdsguid=opts.ntds_guid,
+ invocationid=opts.invocationid, adminpass=opts.adminpass,
+ krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
+ dns_backend=opts.dns_backend,
+ dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
+ wheel=opts.wheel, users=opts.users,
+ serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
+ ldap_backend_extra_port=opts.ldap_backend_extra_port,
+ ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
+ backend_type=opts.ldap_backend_type,
+ ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
+ slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
+ nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode,
+ useeadb=eadb, next_rid=opts.next_rid, lp=lp)
except ProvisioningError, e:
- print str(e)
- sys.exit(1)
+ print str(e)
+ sys.exit(1)