summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
Diffstat (limited to 'source4/scripting')
-rw-r--r--source4/scripting/python/samba/provision.py346
1 files changed, 182 insertions, 164 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index a4a9e7ac46..f516e73893 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -354,150 +354,21 @@ def setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn):
})
-
-def provision(lp, setup_dir, message, blank, paths, session_info,
- credentials, ldapbackend, realm=None, domain=None, hostname=None,
- hostip=None, domainsid=None, hostguid=None, adminpass=None,
- krbtgtpass=None, domainguid=None, policyguid=None,
- invocationid=None, machinepass=None, dnspass=None, root=None,
- nobody=None, nogroup=None, users=None, wheel=None, backup=None,
- aci=None, serverrole=None):
- """Provision samba4
-
- :note: caution, this wipes all existing data!
- """
-
- def setup_path(file):
- return os.path.join(setup_dir, file)
-
- erase = False
-
- if domainsid is None:
- domainsid = security.random_sid()
- if policyguid is None:
- policyguid = uuid.random()
- if invocationid is None:
- invocationid = uuid.random()
- if adminpass is None:
- adminpass = misc.random_password(12)
- if krbtgtpass is None:
- krbtgtpass = misc.random_password(12)
- if machinepass is None:
- machinepass = misc.random_password(12)
- if dnspass is None:
- dnspass = misc.random_password(12)
- if root is None:
- root = findnss(pwd.getpwnam, "root")[4]
- if nobody is None:
- nobody = findnss(pwd.getpwnam, "nobody")[4]
- if nogroup is None:
- nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
- if users is None:
- users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", "usr")[2]
- if wheel is None:
- wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
- if backup is None:
- backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
- if aci is None:
- aci = "# no aci for local ldb"
- if serverrole is None:
- serverrole = lp.get("server role")
-
- if realm is None:
- realm = lp.get("realm")
- else:
- if lp.get("realm").upper() != realm.upper():
- raise Error("realm '%s' in smb.conf must match chosen realm '%s'\n" %
- (lp.get("realm"), realm))
-
- assert realm is not None
- realm = realm.upper()
-
- if domain is None:
- domain = lp.get("workgroup")
- else:
- if lp.get("workgroup").upper() != domain.upper():
- raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
- lp.get("workgroup"), domain)
-
- assert domain is not None
- domain = domain.upper()
- if not valid_netbios_name(domain):
- raise InvalidNetbiosName(domain)
-
- if hostname is None:
- hostname = gethostname().split(".")[0].lower()
-
- if hostip is None:
- hostip = gethostbyname(hostname)
-
- netbiosname = hostname.upper()
- if not valid_netbios_name(netbiosname):
- raise InvalidNetbiosName(netbiosname)
-
- dnsdomain = realm.lower()
- domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
- rootdn = domaindn
- configdn = "CN=Configuration," + rootdn
- schemadn = "CN=Schema," + configdn
-
- rdn_dc = domaindn.split(",")[0][len("DC="):]
-
- message("set DOMAIN SID: %s" % str(domainsid))
- message("Provisioning for %s in realm %s" % (domain, realm))
- message("Using administrator password: %s" % adminpass)
-
- assert paths.smbconf is not None
-
- # only install a new smb.conf if there isn't one there already
- if not os.path.exists(paths.smbconf):
- message("Setting up smb.conf")
- if serverrole == "domain controller":
- smbconfsuffix = "dc"
- elif serverrole == "member":
- smbconfsuffix = "member"
- else:
- assert "Invalid server role setting: %s" % serverrole
- setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), paths.smbconf, {
- "HOSTNAME": hostname,
- "DOMAIN_CONF": domain,
- "REALM_CONF": realm,
- "SERVERROLE": serverrole,
- "NETLOGONPATH": paths.netlogon,
- "SYSVOLPATH": paths.sysvol,
- })
- lp.reload()
-
- # only install a new shares config db if there is none
- if not os.path.exists(paths.shareconf):
- message("Setting up share.ldb")
- share_ldb = Ldb(paths.shareconf, session_info=session_info,
- credentials=credentials, lp=lp)
- share_ldb.load_ldif_file_add(setup_path("share.ldif"))
-
- message("Setting up secrets.ldb")
- secrets_ldb = setup_secretsdb(paths.secrets, setup_path,
- session_info=session_info,
- credentials=credentials, lp=lp)
-
- message("Setting up the registry")
- # FIXME: Still fails for some reason
- #setup_registry(paths.hklm, setup_path, session_info,
- # credentials=credentials, lp=lp)
-
- message("Setting up templates db")
- setup_templatesdb(paths.templates, setup_path, session_info=session_info,
- credentials=credentials, lp=lp)
-
+def setup_samdb(path, setup_path, session_info, credentials, lp,
+ schemadn, configdn, domaindn, dnsdomain, realm,
+ netbiosname, message, hostname, rootdn, erase,
+ domainsid, aci, rdn_dc, domainguid, policyguid,
+ domainname, blank, adminpass, krbtgtpass,
+ machinepass, hostguid, invocationid, dnspass):
# Also wipes the database
message("Setting up sam.ldb")
- samdb = SamDB(paths.samdb, session_info=session_info,
+ samdb = SamDB(path, session_info=session_info,
credentials=credentials, lp=lp)
message("Setting up sam.ldb partitions")
setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn)
- samdb = SamDB(paths.samdb, session_info=session_info,
+ samdb = SamDB(path, session_info=session_info,
credentials=credentials, lp=lp)
samdb.transaction_start()
@@ -520,7 +391,7 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
samdb.transaction_commit()
message("Pre-loading the Samba 4 and AD schema")
- samdb = SamDB(paths.samdb, session_info=session_info,
+ samdb = SamDB(path, session_info=session_info,
credentials=credentials, lp=lp)
samdb.set_domain_sid(domainsid)
load_schema(setup_path, samdb, schemadn, netbiosname, configdn)
@@ -594,7 +465,7 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
"NETBIOSNAME": netbiosname,
"DEFAULTSITE": DEFAULTSITE,
"DNSDOMAIN": dnsdomain,
- "DOMAIN": domain,
+ "DOMAIN": domainname,
"SCHEMADN": schemadn,
"DOMAINDN": domaindn,
})
@@ -651,7 +522,7 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
"MACHINEPASS_B64": b64encode(machinepass),
"DNSPASS_B64": b64encode(dnspass),
"REALM": realm,
- "DOMAIN": domain,
+ "DOMAIN": domainname,
"HOSTGUID_ADD": hostguid_add,
"DNSDOMAIN": dnsdomain})
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
@@ -660,30 +531,6 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
"DOMAINSID": str(domainsid),
"DOMAINDN": domaindn})
- os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}"), 0755)
- os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "Machine"), 0755)
- os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "User"), 0755)
- if not os.path.isdir(paths.netlogon):
- os.makedirs(paths.netlogon, 0755)
- setup_ldb(secrets_ldb, setup_path("secrets_dc.ldif"), {
- "MACHINEPASS_B64": b64encode(machinepass),
- "DOMAIN": domain,
- "REALM": realm,
- "LDAPTIME": timestring(int(time.time())),
- "DNSDOMAIN": dnsdomain,
- "DOMAINSID": str(domainsid),
- "SECRETS_KEYTAB": paths.keytab,
- "NETBIOSNAME": netbiosname,
- "SAM_LDB": paths.samdb,
- "DNS_KEYTAB": paths.dns_keytab,
- "DNSPASS_B64": b64encode(dnspass),
- })
-
- setup_name_mappings(samdb, str(domainsid),
- domaindn, root=root, nobody=nobody,
- nogroup=nogroup, wheel=wheel, users=users,
- backup=backup)
-
message("Setting up sam.ldb index")
samdb.load_ldif_file_add(setup_path("provision_index.ldif"))
@@ -694,6 +541,177 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
raise
samdb.transaction_commit()
+ return samdb
+
+
+def provision(lp, setup_dir, message, blank, paths, session_info,
+ credentials, ldapbackend, realm=None, domain=None, hostname=None,
+ hostip=None, domainsid=None, hostguid=None, adminpass=None,
+ krbtgtpass=None, domainguid=None, policyguid=None,
+ invocationid=None, machinepass=None, dnspass=None, root=None,
+ nobody=None, nogroup=None, users=None, wheel=None, backup=None,
+ aci=None, serverrole=None):
+ """Provision samba4
+
+ :note: caution, this wipes all existing data!
+ """
+
+ def setup_path(file):
+ return os.path.join(setup_dir, file)
+
+ erase = False
+
+ if domainsid is None:
+ domainsid = security.random_sid()
+ if policyguid is None:
+ policyguid = uuid.random()
+ if invocationid is None:
+ invocationid = uuid.random()
+ if adminpass is None:
+ adminpass = misc.random_password(12)
+ if krbtgtpass is None:
+ krbtgtpass = misc.random_password(12)
+ if machinepass is None:
+ machinepass = misc.random_password(12)
+ if dnspass is None:
+ dnspass = misc.random_password(12)
+ if root is None:
+ root = findnss(pwd.getpwnam, "root")[4]
+ if nobody is None:
+ nobody = findnss(pwd.getpwnam, "nobody")[4]
+ if nogroup is None:
+ nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
+ if users is None:
+ users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", "usr")[2]
+ if wheel is None:
+ wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
+ if backup is None:
+ backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
+ if aci is None:
+ aci = "# no aci for local ldb"
+ if serverrole is None:
+ serverrole = lp.get("server role")
+
+ if realm is None:
+ realm = lp.get("realm")
+ else:
+ if lp.get("realm").upper() != realm.upper():
+ raise Error("realm '%s' in smb.conf must match chosen realm '%s'\n" %
+ (lp.get("realm"), realm))
+
+ assert realm is not None
+ realm = realm.upper()
+
+ if domain is None:
+ domain = lp.get("workgroup")
+ else:
+ if lp.get("workgroup").upper() != domain.upper():
+ raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
+ lp.get("workgroup"), domain)
+
+ assert domain is not None
+ domain = domain.upper()
+ if not valid_netbios_name(domain):
+ raise InvalidNetbiosName(domain)
+
+ if hostname is None:
+ hostname = gethostname().split(".")[0].lower()
+
+ if hostip is None:
+ hostip = gethostbyname(hostname)
+
+ netbiosname = hostname.upper()
+ if not valid_netbios_name(netbiosname):
+ raise InvalidNetbiosName(netbiosname)
+
+ dnsdomain = realm.lower()
+ domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
+ rootdn = domaindn
+ configdn = "CN=Configuration," + rootdn
+ schemadn = "CN=Schema," + configdn
+
+ rdn_dc = domaindn.split(",")[0][len("DC="):]
+
+ message("set DOMAIN SID: %s" % str(domainsid))
+ message("Provisioning for %s in realm %s" % (domain, realm))
+ message("Using administrator password: %s" % adminpass)
+
+ assert paths.smbconf is not None
+
+ # only install a new smb.conf if there isn't one there already
+ if not os.path.exists(paths.smbconf):
+ message("Setting up smb.conf")
+ if serverrole == "domain controller":
+ smbconfsuffix = "dc"
+ elif serverrole == "member":
+ smbconfsuffix = "member"
+ else:
+ assert "Invalid server role setting: %s" % serverrole
+ setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), paths.smbconf, {
+ "HOSTNAME": hostname,
+ "DOMAIN_CONF": domain,
+ "REALM_CONF": realm,
+ "SERVERROLE": serverrole,
+ "NETLOGONPATH": paths.netlogon,
+ "SYSVOLPATH": paths.sysvol,
+ })
+ lp.reload()
+
+ # only install a new shares config db if there is none
+ if not os.path.exists(paths.shareconf):
+ message("Setting up share.ldb")
+ share_ldb = Ldb(paths.shareconf, session_info=session_info,
+ credentials=credentials, lp=lp)
+ share_ldb.load_ldif_file_add(setup_path("share.ldif"))
+
+ message("Setting up secrets.ldb")
+ secrets_ldb = setup_secretsdb(paths.secrets, setup_path,
+ session_info=session_info,
+ credentials=credentials, lp=lp)
+
+ message("Setting up the registry")
+ # FIXME: Still fails for some reason
+ #setup_registry(paths.hklm, setup_path, session_info,
+ # credentials=credentials, lp=lp)
+
+ message("Setting up templates db")
+ setup_templatesdb(paths.templates, setup_path, session_info=session_info,
+ credentials=credentials, lp=lp)
+
+ samdb = setup_samdb(paths.samdb, setup_path, session_info=session_info, credentials=credentials,
+ lp=lp, schemadn=schemadn, configdn=configdn, domaindn=domaindn,
+ dnsdomain=dnsdomain, netbiosname=netbiosname, realm=realm, message=message,
+ hostname=hostname, rootdn=rootdn, erase=erase, domainsid=domainsid, aci=aci,
+ rdn_dc=rdn_dc, domainguid=domainguid, policyguid=policyguid,
+ domainname=domain, blank=blank, adminpass=adminpass, krbtgtpass=krbtgtpass,
+ hostguid=hostguid, invocationid=invocationid, machinepass=machinepass,
+ dnspass=dnspass)
+
+ if lp.get("server role") == "domain controller":
+ os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}"), 0755)
+ os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "Machine"), 0755)
+ os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "User"), 0755)
+ if not os.path.isdir(paths.netlogon):
+ os.makedirs(paths.netlogon, 0755)
+ setup_ldb(secrets_ldb, setup_path("secrets_dc.ldif"), {
+ "MACHINEPASS_B64": b64encode(machinepass),
+ "DOMAIN": domain,
+ "REALM": realm,
+ "LDAPTIME": timestring(int(time.time())),
+ "DNSDOMAIN": dnsdomain,
+ "DOMAINSID": str(domainsid),
+ "SECRETS_KEYTAB": paths.keytab,
+ "NETBIOSNAME": netbiosname,
+ "SAM_LDB": paths.samdb,
+ "DNS_KEYTAB": paths.dns_keytab,
+ "DNSPASS_B64": b64encode(dnspass),
+ })
+
+ if not blank:
+ setup_name_mappings(samdb, str(domainsid),
+ domaindn, root=root, nobody=nobody,
+ nogroup=nogroup, wheel=wheel, users=users,
+ backup=backup)
message("Setting up phpLDAPadmin configuration")
create_phplpapdadmin_config(paths.phpldapadminconfig, setup_path, paths.s4_ldapi_path)