summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
Diffstat (limited to 'source4/scripting')
-rwxr-xr-xsource4/scripting/bin/mymachinepw61
-rw-r--r--source4/scripting/python/samba/provision.py33
2 files changed, 91 insertions, 3 deletions
diff --git a/source4/scripting/bin/mymachinepw b/source4/scripting/bin/mymachinepw
new file mode 100755
index 0000000000..49a4245a3a
--- /dev/null
+++ b/source4/scripting/bin/mymachinepw
@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Volker Lendecke 2008
+# Copyright (C) Stefan Metzmacher 2008
+#
+# Extract our own machine pw from secrets.ldb
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.param as param, ldb, sys, getopt
+
+optlist, args = getopt.getopt(sys.argv[1:], "s:")
+
+conf = param.LoadParm()
+loaded = False
+
+for o, v in optlist:
+ if o == "-s":
+ if not conf.load(v):
+ print(v + " not found")
+ exit(1)
+ loaded = True
+
+if not loaded:
+ conf.load_default()
+
+path=conf.get("private dir") + "/secrets.ldb"
+netbios=conf.get("netbios name")
+
+secrets = ldb.Ldb()
+secrets.connect(path)
+
+search = "(&(objectclass=primaryDomain)(samaccountname=" + \
+ netbios + "$))"
+
+msg = secrets.search(expression=search, attrs=['secret'])
+
+if not msg:
+ error = "Error:\n"
+ error += "Password for host[" + netbios + "] not found in path[" + path + "].\n"
+ error += "You may want to pass the smb.conf location via the -s option."
+ print error
+ exit(1)
+
+password=msg[0]['secret'][0];
+
+print(password)
+exit(0)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 6eb47c8595..0119f40c7f 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -244,6 +244,7 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.templates = os.path.join(paths.private_dir, "templates.ldb")
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
paths.namedconf = os.path.join(paths.private_dir, "named.conf")
+ paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
@@ -503,6 +504,8 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
backend_modules = ["normalise", "entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
tdb_modules_list = None
+ elif ldap_backend is not None:
+ raise "LDAP Backend specified, but LDAP Backend Type not specified"
elif serverrole == "domain controller":
backend_modules = ["repl_meta_data"]
else:
@@ -1043,6 +1046,7 @@ def provision(setup_dir, message, session_info,
policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
"{" + policyguid + "}")
os.makedirs(policy_path, 0755)
+ open(os.path.join(policy_path, "GPT.INI"), 'w').write("")
os.makedirs(os.path.join(policy_path, "Machine"), 0755)
os.makedirs(os.path.join(policy_path, "User"), 0755)
if not os.path.isdir(paths.netlogon):
@@ -1081,12 +1085,15 @@ def provision(setup_dir, message, session_info,
hostip6=hostip6, hostname=names.hostname,
dnspass=dnspass, realm=names.realm,
domainguid=domainguid, hostguid=hostguid)
- message("Please install the zone located in %s into your DNS server" % paths.dns)
create_named_conf(paths.namedconf, setup_path, realm=names.realm,
+ dnsdomain=names.dnsdomain, private_dir=paths.private_dir)
+
+ create_named_txt(paths.namedtxt, setup_path, realm=names.realm,
dnsdomain=names.dnsdomain, private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
- message("See %s for example configuration statements for secure GSS-TSIG updates" % paths.namedconf)
+ message("See %s for an example configuration include file for BIND" % paths.namedconf)
+ message("and %s for further documentation required for secure DNS updates" % paths.namedtxt)
create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain,
hostname=names.hostname, realm=names.realm)
@@ -1376,7 +1383,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
def create_named_conf(path, setup_path, realm, dnsdomain,
- private_dir, keytab_name):
+ private_dir):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
@@ -1392,8 +1399,28 @@ def create_named_conf(path, setup_path, realm, dnsdomain,
"DNSDOMAIN": dnsdomain,
"REALM": realm,
"REALM_WC": "*." + ".".join(realm.split(".")[1:]),
+ "PRIVATE_DIR": private_dir
+ })
+
+def create_named_txt(path, setup_path, realm, dnsdomain,
+ private_dir, keytab_name):
+ """Write out a file containing zone statements suitable for inclusion in a
+ named.conf file (including GSS-TSIG configuration).
+
+ :param path: Path of the new named.conf file.
+ :param setup_path: Setup path function.
+ :param realm: Realm name
+ :param dnsdomain: DNS Domain name
+ :param private_dir: Path to private directory
+ :param keytab_name: File name of DNS keytab file
+ """
+
+ setup_file(setup_path("named.txt"), path, {
+ "DNSDOMAIN": dnsdomain,
+ "REALM": realm,
"DNS_KEYTAB": keytab_name,
"DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
+ "PRIVATE_DIR": private_dir
})
def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm):