summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
Diffstat (limited to 'source4/scripting/python')
-rw-r--r--source4/scripting/python/samba/netcmd/domain.py5
-rw-r--r--source4/scripting/python/samba/provision/__init__.py39
-rw-r--r--source4/scripting/python/samba/tests/posixacl.py8
-rw-r--r--source4/scripting/python/samba/upgrade.py2
-rw-r--r--source4/scripting/python/samba/upgradehelpers.py4
5 files changed, 28 insertions, 30 deletions
diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py
index 6e3f35a0af..4ba305c271 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -186,8 +186,6 @@ class cmd_domain_provision(Command):
help="choose 'root' unix username"),
Option("--nobody", type="string", metavar="USERNAME",
help="choose 'nobody' user"),
- Option("--wheel", type="string", metavar="GROUPNAME",
- help="choose 'wheel' privileged group"),
Option("--users", type="string", metavar="GROUPNAME",
help="choose 'users' group"),
Option("--quiet", help="Be quiet", action="store_true"),
@@ -237,7 +235,6 @@ class cmd_domain_provision(Command):
ldapadminpass=None,
root=None,
nobody=None,
- wheel=None,
users=None,
quiet=None,
blank=None,
@@ -393,7 +390,7 @@ class cmd_domain_provision(Command):
krbtgtpass=krbtgtpass, machinepass=machinepass,
dns_backend=dns_backend, dns_forwarder=dns_forwarder,
dnspass=dnspass, root=root, nobody=nobody,
- wheel=wheel, users=users,
+ users=users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
backend_type=ldap_backend_type,
ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls,
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index d440b9f9c7..f6c11b5159 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -240,12 +240,16 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf,
names.policyid_dc = str(res8[0]["cn"]).replace("{","").replace("}","")
else:
names.policyid_dc = None
- res9 = idmapdb.search(expression="(cn=%s)" %
- (security.SID_BUILTIN_ADMINISTRATORS),
- attrs=["xidNumber"])
+
+ res9 = idmapdb.search(expression="(cn=%s-%s)" %
+ (str(names.domainsid), security.DOMAIN_RID_ADMINISTRATOR),
+ attrs=["xidNumber", "type"])
if len(res9) != 1:
- raise ProvisioningError("Unable to find uid/gid for Domain Admins rid")
- names.wheel_gid = res9[0]["xidNumber"]
+ raise ProvisioningError("Unable to find uid/gid for Domain Admins rid (%s-%s" % (str(names.domainsid), security.DOMAIN_RID_ADMINISTRATOR))
+ if res9[0]["type"][0] == "ID_TYPE_BOTH":
+ names.root_gid = res9[0]["xidNumber"][0]
+ else:
+ names.root_gid = pwd.getpwuid(int(res9[0]["xidNumber"][0])).pw_gid
return names
@@ -683,7 +687,7 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir,
def setup_name_mappings(idmap, sid, root_uid, nobody_uid,
- users_gid, wheel_gid):
+ users_gid, root_gid):
"""setup reasonable name mappings for sam names to unix names.
:param samdb: SamDB object.
@@ -693,10 +697,9 @@ def setup_name_mappings(idmap, sid, root_uid, nobody_uid,
:param root_uid: uid of the UNIX root user.
:param nobody_uid: uid of the UNIX nobody user.
:param users_gid: gid of the UNIX users group.
- :param wheel_gid: gid of the UNIX wheel group.
+ :param root_gid: gid of the UNIX root group.
"""
idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid)
- idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid)
idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid)
idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid)
@@ -1640,7 +1643,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
policyguid_dc)
if not skip_sysvolacl:
setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid,
- paths.wheel_gid, domainsid, names.dnsdomain,
+ paths.root_gid, domainsid, names.dnsdomain,
names.domaindn, lp, use_ntvfs)
else:
logger.info("Setting acl on sysvol skipped")
@@ -1772,7 +1775,7 @@ def provision(logger, session_info, credentials, smbconf=None,
krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None,
dns_backend=None, dns_forwarder=None, dnspass=None,
invocationid=None, machinepass=None, ntdsguid=None,
- root=None, nobody=None, users=None, wheel=None, backup=None, aci=None,
+ root=None, nobody=None, users=None, backup=None, aci=None,
serverrole=None, dom_for_fun_level=None, backend_type=None,
sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false",
useeadb=False, am_rodc=False, lp=None, use_ntvfs=False,
@@ -1802,10 +1805,8 @@ def provision(logger, session_info, credentials, smbconf=None,
root_uid = findnss_uid([root or "root"])
nobody_uid = findnss_uid([nobody or "nobody"])
users_gid = findnss_gid([users or "users", 'users', 'other', 'staff'])
- if wheel is None:
- wheel_gid = findnss_gid(["wheel", "adm"])
- else:
- wheel_gid = findnss_gid([wheel])
+ root_gid = pwd.getpwuid(root_uid).pw_gid
+
try:
bind_gid = findnss_gid(["bind", "named"])
except KeyError:
@@ -1868,7 +1869,7 @@ def provision(logger, session_info, credentials, smbconf=None,
paths.bind_gid = bind_gid
paths.root_uid = root_uid;
- paths.wheel_gid = wheel_gid
+ paths.root_gid = root_gid
if hostip is None:
logger.info("Looking up IPv4 addresses")
@@ -1919,7 +1920,7 @@ def provision(logger, session_info, credentials, smbconf=None,
file = tempfile.NamedTemporaryFile(dir=os.path.abspath(paths.sysvol))
try:
try:
- smbd.set_simple_acl(file.name, 0755, wheel_gid)
+ smbd.set_simple_acl(file.name, 0755, root_gid)
except Exception:
if not smbd.have_posix_acls():
# This clue is only strictly correct for RPM and
@@ -1929,7 +1930,7 @@ def provision(logger, session_info, credentials, smbconf=None,
raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.")
try:
- smbd.chown(file.name, root_uid, wheel_gid)
+ smbd.chown(file.name, root_uid, root_gid)
except Exception:
raise ProvisioningError("Unable to chown a file on your filesystem. You may not be running provision as root.")
finally:
@@ -1993,7 +1994,7 @@ def provision(logger, session_info, credentials, smbconf=None,
setup_name_mappings(idmap, sid=str(domainsid),
root_uid=root_uid, nobody_uid=nobody_uid,
- users_gid=users_gid, wheel_gid=wheel_gid)
+ users_gid=users_gid, root_gid=root_gid)
logger.info("Setting up SAM db")
samdb = setup_samdb(paths.samdb, session_info,
@@ -2093,7 +2094,7 @@ def provision_become_dc(smbconf=None, targetdir=None,
serverdn=None, domain=None, hostname=None, domainsid=None,
adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None,
policyguid_dc=None, invocationid=None, machinepass=None, dnspass=None,
- dns_backend=None, root=None, nobody=None, users=None, wheel=None,
+ dns_backend=None, root=None, nobody=None, users=None,
backup=None, serverrole=None, ldap_backend=None,
ldap_backend_type=None, sitename=None, debuglevel=1, use_ntvfs=False):
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
index 066cc97373..78a07f7c94 100644
--- a/source4/scripting/python/samba/tests/posixacl.py
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -147,7 +147,7 @@ class PosixAclMappingTests(TestCase):
(LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
self.assertEquals(LA_type, idmap.ID_TYPE_UID)
(BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
- self.assertEquals(BA_type, idmap.ID_TYPE_GID)
+ self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
(SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
(SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
@@ -194,7 +194,7 @@ class PosixAclMappingTests(TestCase):
# user::rwx
# user:root:rwx (selftest user actually)
# group::rwx
-# group:wheel:rwx
+# group:Local Admins:rwx
# group:3000000:r-x
# group:3000001:rwx
# group:3000002:r-x
@@ -274,7 +274,7 @@ class PosixAclMappingTests(TestCase):
(LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
self.assertEquals(LA_type, idmap.ID_TYPE_UID)
(BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
- self.assertEquals(BA_type, idmap.ID_TYPE_GID)
+ self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
(SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
(SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
@@ -327,7 +327,7 @@ class PosixAclMappingTests(TestCase):
# user::rwx
# user:root:rwx (selftest user actually)
# group::rwx
-# group:wheel:rwx
+# group:Local Admins:rwx
# group:3000000:r-x
# group:3000001:rwx
# group:3000002:r-x
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 194983c02a..786bb6518e 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -908,7 +908,7 @@ Please fix this account before attempting to upgrade again
if result.server_role == "active directory domain controller":
setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol,
- result.paths.root_uid, result.paths.wheel_gid,
+ result.paths.root_uid, result.paths.root_gid,
security.dom_sid(result.domainsid), result.names.dnsdomain,
result.names.domaindn, result.lp, use_ntvfs)
diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py
index 55de4be9e4..81fb8dc0f4 100644
--- a/source4/scripting/python/samba/upgradehelpers.py
+++ b/source4/scripting/python/samba/upgradehelpers.py
@@ -251,7 +251,7 @@ def newprovision(names, creds, session, smbconf, provdir, logger):
hostname=names.netbiosname.lower(), hostip=None, hostip6=None,
invocationid=names.invocation, adminpass=names.adminpass,
krbtgtpass=None, machinepass=None, dnspass=None, root=None,
- nobody=None, wheel=None, users=None,
+ nobody=None, users=None,
serverrole="domain controller",
backend_type=None, ldapadminpass=None, ol_mmr_urls=None,
slapd_path=None,
@@ -615,7 +615,7 @@ def update_gpo(paths, samdb, names, lp, message, force=0):
if resetacls:
try:
- setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.wheel_gid,
+ setsysvolacl(samdb, paths.netlogon, paths.sysvol, names.root_gid,
names.domainsid, names.dnsdomain, names.domaindn, lp)
except TypeError, e:
acl_error(e)
generated by cgit (git 2.34.1) at 2025-11-04 07:32:05 +0000