diff options
Diffstat (limited to 'source4/scripting')
-rw-r--r-- | source4/scripting/python/config.m4 | 2 | ||||
-rw-r--r-- | source4/scripting/python/misc_wrap.c | 2 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 634 | ||||
-rw-r--r-- | source4/scripting/python/uuidmodule.c | 5 |
4 files changed, 428 insertions, 215 deletions
diff --git a/source4/scripting/python/config.m4 b/source4/scripting/python/config.m4 index 2142cd9abd..3790071ba8 100644 --- a/source4/scripting/python/config.m4 +++ b/source4/scripting/python/config.m4 @@ -22,8 +22,8 @@ AC_DEFUN([TRY_LINK_PYTHON], CFLAGS="$CFLAGS $2" AC_TRY_LINK([ + /* we have our own configure tests */ #include <Python.h> - #include <stdlib.h> ],[ Py_InitModule(NULL, NULL); ],[ diff --git a/source4/scripting/python/misc_wrap.c b/source4/scripting/python/misc_wrap.c index f467f851bd..cf85e91e1e 100644 --- a/source4/scripting/python/misc_wrap.c +++ b/source4/scripting/python/misc_wrap.c @@ -3027,7 +3027,7 @@ SWIGINTERN PyObject *_wrap_dsdb_attach_schema_from_ldif_file(PyObject *SWIGUNUSE "ldb context must be non-NULL"); result = dsdb_attach_schema_from_ldif_file(arg1,(char const *)arg2,(char const *)arg3); if (!W_ERROR_IS_OK(result)) { - PyObject *obj = Py_BuildValue((char *)"(i,s)", (&result)->v, win_errstr(result)); + PyObject *obj = Py_BuildValue((char *)"(i,s)", W_ERROR_V(result), win_errstr(result)); PyErr_SetObject(PyExc_RuntimeError, obj); SWIG_fail; } else if (resultobj == NULL) { diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index ebca1f8e40..e97ce694b4 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -51,7 +51,6 @@ class InvalidNetbiosName(Exception): class ProvisionPaths: def __init__(self): - self.smbconf = None self.shareconf = None self.hklm = None self.hkcu = None @@ -67,7 +66,27 @@ class ProvisionPaths: self.dns = None self.winsdb = None self.private_dir = None - + self.ldapdir = None + self.slapdconf = None + self.modulesconf = None + self.memberofconf = None + self.fedoradsinf = None + self.fedoradspartitions = None + +class ProvisionNames: + def __init__(self): + self.rootdn = None + self.domaindn = None + self.configdn = None + self.schemadn = None + self.ldapmanagerdn = None + self.dnsdomain = None + self.realm = None + self.netbiosname = None + self.domain = None + self.hostname = None + self.sitename = None + class ProvisionResult: def __init__(self): self.paths = None @@ -217,9 +236,20 @@ def provision_paths_from_lp(lp, dnsdomain): paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") - paths.smbconf = os.path.join(paths.private_dir, "smb.conf") paths.phpldapadminconfig = os.path.join(paths.private_dir, "phpldapadmin-config.php") + paths.ldapdir = os.path.join(paths.private_dir, + "ldap") + paths.slapdconf = os.path.join(paths.ldapdir, + "slapd.conf") + paths.modulesconf = os.path.join(paths.ldapdir, + "modules.conf") + paths.memberofconf = os.path.join(paths.ldapdir, + "memberof.conf") + paths.fedoradsinf = os.path.join(paths.ldapdir, + "fedorads.inf") + paths.fedoradspartitions = os.path.join(paths.ldapdir, + "fedorads-partitions.ldif") paths.hklm = "hklm.ldb" paths.hkcr = "hkcr.ldb" paths.hkcu = "hkcu.ldb" @@ -227,16 +257,145 @@ def provision_paths_from_lp(lp, dnsdomain): paths.hkpd = "hkpd.ldb" paths.hkpt = "hkpt.ldb" - paths.sysvol = lp.get("sysvol", "path") - if paths.sysvol is None: - paths.sysvol = os.path.join(lp.get("lock dir"), "sysvol") + paths.sysvol = lp.get("path", "sysvol") - paths.netlogon = lp.get("netlogon", "path") - if paths.netlogon is None: - paths.netlogon = os.path.join(os.path.join(paths.sysvol, "scripts")) + paths.netlogon = lp.get("path", "netlogon") return paths +def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None, + rootdn=None, domaindn=None, configdn=None, schemadn=None, sitename=None): + + if hostname is None: + hostname = gethostname().split(".")[0].lower() + + netbiosname = hostname.upper() + if not valid_netbios_name(netbiosname): + raise InvalidNetbiosName(netbiosname) + + hostname = hostname.lower() + + if dnsdomain is None: + dnsdomain = lp.get("realm") + + if serverrole is None: + serverrole = lp.get("server role") + + assert dnsdomain is not None + realm = dnsdomain.upper() + + if lp.get("realm").upper() != realm: + raise Exception("realm '%s' in %s must match chosen realm '%s'" % + (lp.get("realm"), smbconf, realm)) + + dnsdomain = dnsdomain.lower() + + if (serverrole == "domain controller"): + if domain is None: + domain = lp.get("workgroup") + if domaindn is None: + domaindn = "DC=" + dnsdomain.replace(".", ",DC=") + if lp.get("workgroup").upper() != domain.upper(): + raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'", + lp.get("workgroup"), domain) + else: + domain = netbiosname + if domaindn is None: + domaindn = "CN=" + netbiosname + + assert domain is not None + domain = domain.upper() + if not valid_netbios_name(domain): + raise InvalidNetbiosName(domain) + + if rootdn is None: + rootdn = domaindn + + if configdn is None: + configdn = "CN=Configuration," + rootdn + if schemadn is None: + schemadn = "CN=Schema," + configdn + + if sitename is None: + sitename=DEFAULTSITE + + names = ProvisionNames() + names.rootdn = rootdn + names.domaindn = domaindn + names.configdn = configdn + names.schemadn = schemadn + names.ldapmanagerdn = "CN=Manager," + rootdn + names.dnsdomain = dnsdomain + names.domain = domain + names.realm = realm + names.netbiosname = netbiosname + names.hostname = hostname + names.sitename = sitename + + return names + + +def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir): + if targetdir is not None: + if not os.path.exists(targetdir): + os.mkdir(targetdir) + if not os.path.exists(os.path.join(targetdir, "etc")): + os.mkdir(os.path.join(targetdir, "etc")) + + smbconf = os.path.join(targetdir, "etc", "smb.conf") + + # only install a new smb.conf if there isn't one there already + + if not os.path.exists(smbconf): + if hostname is None: + hostname = gethostname().split(".")[0].lower() + + if serverrole is None: + serverrole = "standalone" + + assert serverrole in ("domain controller", "member server", "standalone") + if serverrole == "domain controller": + smbconfsuffix = "dc" + elif serverrole == "member server": + smbconfsuffix = "member" + elif serverrole == "standalone": + smbconfsuffix = "standalone" + + assert domain is not None + assert realm is not None + + default_lp = param.LoadParm() + #Load non-existant file + default_lp.load(smbconf) + + if targetdir is not None: + privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private")) + lockdir_line = "lock dir = " + os.path.abspath(targetdir) + + default_lp.set("lock dir", os.path.abspath(targetdir)) + else: + privatedir_line = "private_dir = " + default_lp.get("private dir") + lockdir_line = "lock dir = " + default_lp.get("lock dir") + + sysvol = os.path.join(default_lp.get("lock dir"), "sysvol") + netlogon = os.path.join(sysvol, realm.lower(), "scripts") + + setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), + smbconf, { + "HOSTNAME": hostname, + "DOMAIN": domain, + "REALM": realm, + "SERVERROLE": serverrole, + "NETLOGONPATH": netlogon, + "SYSVOLPATH": sysvol, + "PRIVATEDIR_LINE": privatedir_line, + "LOCKDIR_LINE": lockdir_line + }) + + lp = param.LoadParm() + lp.load(smbconf) + + return lp def setup_name_mappings(ldb, sid, domaindn, root, nobody, nogroup, users, wheel, backup): @@ -279,9 +438,8 @@ def setup_name_mappings(ldb, sid, domaindn, root, nobody, nogroup, users, def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, - credentials, configdn, schemadn, domaindn, - hostname, netbiosname, dnsdomain, realm, - rootdn, serverrole, sitename, ldap_backend=None, + credentials, names, + serverrole, ldap_backend=None, ldap_backend_type=None, erase=False): """Setup the partitions for the SAM database. @@ -368,12 +526,12 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, samdb.transaction_start() try: setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), { - "SCHEMADN": schemadn, + "SCHEMADN": names.schemadn, "SCHEMADN_LDB": schemadn_ldb, "SCHEMADN_MOD2": ",objectguid", - "CONFIGDN": configdn, + "CONFIGDN": names.configdn, "CONFIGDN_LDB": configdn_ldb, - "DOMAINDN": domaindn, + "DOMAINDN": names.domaindn, "DOMAINDN_LDB": domaindn_ldb, "SCHEMADN_MOD": "schema_fsmo,instancetype", "CONFIGDN_MOD": "naming_fsmo,instancetype", @@ -399,9 +557,9 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, samdb.load_ldif_file_add(setup_path("provision_init.ldif")) message("Setting up sam.ldb rootDSE") - setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname, - dnsdomain, realm, rootdn, configdn, netbiosname, - sitename) + setup_samdb_rootdse(samdb, setup_path, names.schemadn, names.domaindn, names.hostname, + names.dnsdomain, names.realm, names.rootdn, names.configdn, names.netbiosname, + names.sitename) if erase: message("Erasing data from partitions") @@ -534,10 +692,10 @@ def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname, }) -def setup_self_join(samdb, configdn, schemadn, domaindn, - netbiosname, hostname, dnsdomain, machinepass, dnspass, - realm, domainname, domainsid, invocationid, setup_path, - policyguid, sitename, hostguid=None): +def setup_self_join(samdb, names, + machinepass, dnspass, + domainsid, invocationid, setup_path, + policyguid, hostguid=None): """Join a host to its own domain.""" if hostguid is not None: hostguid_add = "objectGUID: %s" % hostguid @@ -545,33 +703,32 @@ def setup_self_join(samdb, configdn, schemadn, domaindn, hostguid_add = "" setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { - "CONFIGDN": configdn, - "SCHEMADN": schemadn, - "DOMAINDN": domaindn, + "CONFIGDN": names.configdn, + "SCHEMADN": names.schemadn, + "DOMAINDN": names.domaindn, "INVOCATIONID": invocationid, - "NETBIOSNAME": netbiosname, - "DEFAULTSITE": sitename, - "DNSNAME": "%s.%s" % (hostname, dnsdomain), + "NETBIOSNAME": names.netbiosname, + "DEFAULTSITE": names.sitename, + "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), "MACHINEPASS_B64": b64encode(machinepass), "DNSPASS_B64": b64encode(dnspass), - "REALM": realm, - "DOMAIN": domainname, + "REALM": names.realm, + "DOMAIN": names.domain, "HOSTGUID_ADD": hostguid_add, - "DNSDOMAIN": dnsdomain}) + "DNSDOMAIN": names.dnsdomain}) setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { "POLICYGUID": policyguid, - "DNSDOMAIN": dnsdomain, + "DNSDOMAIN": names.dnsdomain, "DOMAINSID": str(domainsid), - "DOMAINDN": domaindn}) + "DOMAINDN": names.domaindn}) def setup_samdb(path, setup_path, session_info, credentials, lp, - schemadn, configdn, domaindn, dnsdomain, realm, - netbiosname, message, hostname, rootdn, + names, message, domainsid, aci, domainguid, policyguid, - domainname, fill, adminpass, krbtgtpass, + fill, adminpass, krbtgtpass, machinepass, hostguid, invocationid, dnspass, - serverrole, sitename, ldap_backend=None, + serverrole, ldap_backend=None, ldap_backend_type=None): """Setup a complete SAM Database. @@ -581,14 +738,11 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, erase = (fill != FILL_DRS) # Also wipes the database - setup_samdb_partitions(path, setup_path, schemadn=schemadn, configdn=configdn, - domaindn=domaindn, message=message, lp=lp, + setup_samdb_partitions(path, setup_path, message=message, lp=lp, credentials=credentials, session_info=session_info, - hostname=hostname, netbiosname=netbiosname, - dnsdomain=dnsdomain, realm=realm, rootdn=rootdn, + names=names, ldap_backend=ldap_backend, serverrole=serverrole, - ldap_backend_type=ldap_backend_type, erase=erase, - sitename=sitename) + ldap_backend_type=ldap_backend_type, erase=erase) samdb = SamDB(path, session_info=session_info, credentials=credentials, lp=lp) @@ -606,18 +760,24 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, if serverrole == "domain controller": samdb.set_invocation_id(invocationid) - load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename) + load_schema(setup_path, samdb, names.schemadn, names.netbiosname, names.configdn, names.sitename) samdb.transaction_start() try: - message("Adding DomainDN: %s (permitted to fail)" % domaindn) + message("Adding DomainDN: %s (permitted to fail)" % names.domaindn) + if serverrole == "domain controller": + domain_oc = "domainDNS" + else: + domain_oc = "samba4LocalDomain" + setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), { - "DOMAINDN": domaindn, + "DOMAINDN": names.domaindn, "ACI": aci, + "DOMAIN_OC": domain_oc }) - message("Modifying DomainDN: " + domaindn + "") + message("Modifying DomainDN: " + names.domaindn + "") if domainguid is not None: domainguid_mod = "replace: objectGUID\nobjectGUID: %s\n-" % domainguid else: @@ -626,104 +786,102 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), { "LDAPTIME": timestring(int(time.time())), "DOMAINSID": str(domainsid), - "SCHEMADN": schemadn, - "NETBIOSNAME": netbiosname, - "DEFAULTSITE": sitename, - "CONFIGDN": configdn, + "SCHEMADN": names.schemadn, + "NETBIOSNAME": names.netbiosname, + "DEFAULTSITE": names.sitename, + "CONFIGDN": names.configdn, "POLICYGUID": policyguid, - "DOMAINDN": domaindn, + "DOMAINDN": names.domaindn, "DOMAINGUID_MOD": domainguid_mod, }) message("Adding configuration container (permitted to fail)") setup_add_ldif(samdb, setup_path("provision_configuration_basedn.ldif"), { - "CONFIGDN": configdn, + "CONFIGDN": names.configdn, "ACI": aci, "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb", }) message("Modifying configuration container") setup_modify_ldif(samdb, setup_path("provision_configuration_basedn_modify.ldif"), { - "CONFIGDN": configdn, - "SCHEMADN": schemadn, + "CONFIGDN": names.configdn, + "SCHEMADN": names.schemadn, }) message("Adding schema container (permitted to fail)") setup_add_ldif(samdb, setup_path("provision_schema_basedn.ldif"), { - "SCHEMADN": schemadn, + "SCHEMADN": names.schemadn, "ACI": aci, "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb" }) message("Modifying schema container") setup_modify_ldif(samdb, setup_path("provision_schema_basedn_modify.ldif"), { - "SCHEMADN": schemadn, - "NETBIOSNAME": netbiosname, - "DEFAULTSITE": sitename, - "CONFIGDN": configdn, + "SCHEMADN": names.schemadn, + "NETBIOSNAME": names.netbiosname, + "DEFAULTSITE": names.sitename, + "CONFIGDN": names.configdn, }) message("Setting up sam.ldb Samba4 schema") setup_add_ldif(samdb, setup_path("schema_samba4.ldif"), - {"SCHEMADN": schemadn }) + {"SCHEMADN": names.schemadn }) message("Setting up sam.ldb AD schema") setup_add_ldif(samdb, setup_path("schema.ldif"), - {"SCHEMADN": schemadn}) + {"SCHEMADN": names.schemadn}) message("Setting up sam.ldb configuration data") setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { - "CONFIGDN": configdn, - "NETBIOSNAME": netbiosname, - "DEFAULTSITE": sitename, - "DNSDOMAIN": dnsdomain, - "DOMAIN": domainname, - "SCHEMADN": schemadn, - "DOMAINDN": domaindn, + "CONFIGDN": names.configdn, + "NETBIOSNAME": names.netbiosname, + "DEFAULTSITE": names.sitename, + "DNSDOMAIN": names.dnsdomain, + "DOMAIN": names.domain, + "SCHEMADN": names.schemadn, + "DOMAINDN": names.domaindn, }) message("Setting up display specifiers") setup_add_ldif(samdb, setup_path("display_specifiers.ldif"), - {"CONFIGDN": configdn}) + {"CONFIGDN": names.configdn}) message("Adding users container (permitted to fail)") setup_add_ldif(samdb, setup_path("provision_users_add.ldif"), { - "DOMAINDN": domaindn}) + "DOMAINDN": names.domaindn}) message("Modifying users container") setup_modify_ldif(samdb, setup_path("provision_users_modify.ldif"), { - "DOMAINDN": domaindn}) + "DOMAINDN": names.domaindn}) message("Adding computers container (permitted to fail)") setup_add_ldif(samdb, setup_path("provision_computers_add.ldif"), { - "DOMAINDN": domaindn}) + "DOMAINDN": names.domaindn}) message("Modifying computers container") setup_modify_ldif(samdb, setup_path("provision_computers_modify.ldif"), { - "DOMAINDN": domaindn}) + "DOMAINDN": names.domaindn}) message("Setting up sam.ldb data") setup_add_ldif(samdb, setup_path("provision.ldif"), { - "DOMAINDN": domaindn, - "NETBIOSNAME": netbiosname, - "DEFAULTSITE": sitename, - "CONFIGDN": configdn, + "DOMAINDN": names.domaindn, + "NETBIOSNAME": names.netbiosname, + "DEFAULTSITE": names.sitename, + "CONFIGDN": names.configdn, }) if fill == FILL_FULL: message("Setting up sam.ldb users and groups") setup_add_ldif(samdb, setup_path("provision_users.ldif"), { - "DOMAINDN": domaindn, + "DOMAINDN": names.domaindn, "DOMAINSID": str(domainsid), - "CONFIGDN": configdn, + "CONFIGDN": names.configdn, "ADMINPASS_B64": b64encode(adminpass), "KRBTGTPASS_B64": b64encode(krbtgtpass), }) if serverrole == "domain controller": message("Setting up self join") - setup_self_join(samdb, configdn=configdn, schemadn=schemadn, - domaindn=domaindn, invocationid=invocationid, - dnspass=dnspass, netbiosname=netbiosname, - dnsdomain=dnsdomain, realm=realm, - machinepass=machinepass, domainname=domainname, + setup_self_join(samdb, names=names, invocationid=invocationid, + dnspass=dnspass, + machinepass=machinepass, domainsid=domainsid, policyguid=policyguid, - hostname=hostname, hostguid=hostguid, - setup_path=setup_path, sitename=sitename) + hostguid=hostguid, + setup_path=setup_path) #We want to setup the index last, as adds are faster unindexed message("Setting up sam.ldb index") @@ -748,7 +906,7 @@ def provision(setup_dir, message, session_info, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, - ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE): + ldap_backend=None, ldap_backend_type=None, sitename=None): """Provision samba4 :note: caution, this wipes all existing data! @@ -759,6 +917,9 @@ def provision(setup_dir, message, session_info, if domainsid is None: domainsid = security.random_sid() + else: + domainsid = security.Sid(domainsid) + if policyguid is None: policyguid = uuid.random() if adminpass is None: @@ -784,129 +945,37 @@ def provision(setup_dir, message, session_info, backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0] if aci is None: aci = "# no aci for local ldb" - if hostname is None: - hostname = gethostname().split(".")[0].lower() - - if hostip is None: - hostip = gethostbyname(hostname) - - netbiosname = hostname.upper() - if not valid_netbios_name(netbiosname): - raise InvalidNetbiosName(netbiosname) - if targetdir is not None: - if not os.path.exists(targetdir): - os.mkdir(targetdir) - if not os.path.exists(os.path.join(targetdir, "etc")): - os.mkdir(os.path.join(targetdir, "etc")) - - smbconf = os.path.join(targetdir, os.path.join("etc", "smb.conf")) - - # only install a new smb.conf if there isn't one there already - - if not os.path.exists(smbconf): - message("Setting up smb.conf") - if serverrole is None: - serverrole = "standalone" - - assert serverrole in ("domain controller", "member server", "standalone") - if serverrole == "domain controller": - smbconfsuffix = "dc" - elif serverrole == "member server": - smbconfsuffix = "member" - elif serverrole == "standalone": - smbconfsuffix = "standalone" + lp = load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir) - assert domain is not None - assert realm is not None + names = guess_names(lp=lp, hostname=hostname, domain=domain, + dnsdomain=realm, serverrole=serverrole, sitename=sitename, + rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn) - default_lp = param.LoadParm() - #Load non-existant file - default_lp.load(smbconf) - - if targetdir is not None: - privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private")) - lockdir_line = "lock dir = " + os.path.abspath(targetdir) + paths = provision_paths_from_lp(lp, names.dnsdomain) - default_lp.set("lock dir", os.path.abspath(targetdir)) - - sysvol = os.path.join(default_lp.get("lock dir"), "sysvol") - netlogon = os.path.join(os.path.join(sysvol, "scripts")) - - setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), - smbconf, { - "HOSTNAME": hostname, - "DOMAIN": domain, - "REALM": realm, - "SERVERROLE": serverrole, - "NETLOGONPATH": netlogon, - "SYSVOLPATH": sysvol, - "PRIVATEDIR_LINE": privatedir_line, - "LOCKDIR_LINE": lockdir_line - }) - - lp = param.LoadParm() - lp.load(smbconf) + if hostip is None: + hostip = gethostbyname(names.hostname) if serverrole is None: serverrole = lp.get("server role") + assert serverrole in ("domain controller", "member server", "standalone") if invocationid is None and serverrole == "domain controller": invocationid = uuid.random() - if realm is None: - realm = lp.get("realm") - - assert realm is not None - realm = realm.upper() - - if lp.get("realm").upper() != realm.upper(): - raise Exception("realm '%s' in %s must match chosen realm '%s'" % - (lp.get("realm"), smbconf, realm)) - - dnsdomain = realm.lower() - - paths = provision_paths_from_lp(lp, dnsdomain) - - if targetdir is not None: - if not os.path.exists(paths.private_dir): - os.mkdir(paths.private_dir) + if not os.path.exists(paths.private_dir): + os.mkdir(paths.private_dir) ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") - if ldap_backend == "ldapi": - # provision-backend will set this path suggested slapd command line / fedorads.inf - ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") - - if serverrole == "domain controller": - if domaindn is None: - domaindn = "DC=" + dnsdomain.replace(".", ",DC=") - if domain is None: - domain = lp.get("workgroup") - - if lp.get("workgroup").upper() != domain.upper(): - raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'", - lp.get("workgroup"), domain) - - assert domain is not None - domain = domain.upper() - if not valid_netbios_name(domain): - raise InvalidNetbiosName(domain) - else: - if domaindn is None: - domaindn = "CN=" + netbiosname - domain = netbiosname - - if rootdn is None: - rootdn = domaindn - - if configdn is None: - configdn = "CN=Configuration," + rootdn - if schemadn is None: - schemadn = "CN=Schema," + configdn - + if ldap_backend is not None: + if ldap_backend == "ldapi": + # provision-backend will set this path suggested slapd command line / fedorads.inf + ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") + message("set DOMAIN SID: %s" % str(domainsid)) - message("Provisioning for %s in realm %s" % (domain, realm)) + message("Provisioning for %s in realm %s" % (names.domain, realm)) message("Using administrator password: %s" % adminpass) # only install a new shares config db if there is none @@ -935,21 +1004,19 @@ def provision(setup_dir, message, session_info, credentials=credentials, lp=lp) samdb = setup_samdb(paths.samdb, setup_path, session_info=session_info, - credentials=credentials, lp=lp, schemadn=schemadn, - configdn=configdn, domaindn=domaindn, - dnsdomain=dnsdomain, netbiosname=netbiosname, - realm=realm, message=message, hostname=hostname, - rootdn=rootdn, domainsid=domainsid, + credentials=credentials, lp=lp, names=names, + message=message, + domainsid=domainsid, aci=aci, domainguid=domainguid, policyguid=policyguid, - domainname=domain, fill=samdb_fill, + fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, hostguid=hostguid, invocationid=invocationid, machinepass=machinepass, dnspass=dnspass, serverrole=serverrole, ldap_backend=ldap_backend, - ldap_backend_type=ldap_backend_type, sitename=sitename) + ldap_backend_type=ldap_backend_type) if lp.get("server role") == "domain controller": - policy_path = os.path.join(paths.sysvol, dnsdomain, "Policies", + policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies", "{" + policyguid + "}") os.makedirs(policy_path, 0755) os.makedirs(os.path.join(policy_path, "Machine"), 0755) @@ -958,14 +1025,14 @@ def provision(setup_dir, message, session_info, os.makedirs(paths.netlogon, 0755) secrets_ldb = Ldb(paths.secrets, session_info=session_info, credentials=credentials, lp=lp) - secretsdb_become_dc(secrets_ldb, setup_path, domain=domain, realm=realm, - netbiosname=netbiosname, domainsid=domainsid, + secretsdb_become_dc(secrets_ldb, setup_path, domain=domain, realm=names.realm, + netbiosname=names.netbiosname, domainsid=domainsid, keytab_path=paths.keytab, samdb_url=paths.samdb, dns_keytab_path=paths.dns_keytab, dnspass=dnspass, - machinepass=machinepass, dnsdomain=dnsdomain) + machinepass=machinepass, dnsdomain=names.dnsdomain) if samdb_fill == FILL_FULL: - setup_name_mappings(samdb, str(domainsid), domaindn, root=root, + setup_name_mappings(samdb, str(domainsid), names.domaindn, root=root, nobody=nobody, nogroup=nogroup, wheel=wheel, users=users, backup=backup) @@ -980,14 +1047,14 @@ def provision(setup_dir, message, session_info, domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID") assert isinstance(domainguid, str) hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID", - expression="(&(objectClass=computer)(cn=%s))" % hostname, + expression="(&(objectClass=computer)(cn=%s))" % names.hostname, scope=SCOPE_SUBTREE) assert isinstance(hostguid, str) - message("Setting up DNS zone: %s" % dnsdomain) + message("Setting up DNS zone: %s" % names.dnsdomain) create_zone_file(paths.dns, setup_path, samdb, - hostname=hostname, hostip=hostip, dnsdomain=dnsdomain, - domaindn=domaindn, dnspass=dnspass, realm=realm, + hostname=names.hostname, hostip=hostip, dnsdomain=names.dnsdomain, + domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, domainguid=domainguid, hostguid=hostguid) message("Please install the zone located in %s into your DNS server" % paths.dns) @@ -1024,6 +1091,149 @@ def provision_become_dc(setup_dir=None, domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename); +def setup_db_config(setup_path, file, dbdir): + if not os.path.isdir(os.path.join(dbdir, "bdb-logs")): + os.makedirs(os.path.join(dbdir, "bdb-logs"), 0700); + if not os.path.isdir(os.path.join(dbdir, "tmp")): + os.makedirs(os.path.join(dbdir, "tmp"), 0700); + + setup_file(setup_path("DB_CONFIG"), os.path.join(dbdir, "DB_CONFIG"), + {"LDAPDBDIR": dbdir}) + + + +def provision_backend(setup_dir=None, message=None, + smbconf=None, targetdir=None, realm=None, + rootdn=None, domaindn=None, schemadn=None, configdn=None, + domain=None, hostname=None, adminpass=None, root=None, serverrole=None, + ldap_backend_type=None): + + def setup_path(file): + return os.path.join(setup_dir, file) + + if hostname is None: + hostname = gethostname().split(".")[0].lower() + + if root is None: + root = findnss(pwd.getpwnam, ["root"])[0] + + lp = load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir) + + names = guess_names(lp=lp, hostname=hostname, domain=domain, + dnsdomain=realm, serverrole=serverrole, + rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn) + + paths = provision_paths_from_lp(lp, names.dnsdomain) + + if not os.path.isdir(paths.ldapdir): + os.makedirs(paths.ldapdir) + schemadb_path = os.path.join(paths.ldapdir, "schema-tmp.ldb") + try: + os.unlink(schemadb_path) + except: + pass + + schemadb = Ldb(schemadb_path, lp=lp) + + setup_add_ldif(schemadb, setup_path("provision_schema_basedn.ldif"), + {"SCHEMADN": names.schemadn, + "ACI": "#", + "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb" + }) + setup_modify_ldif(schemadb, + setup_path("provision_schema_basedn_modify.ldif"), \ + {"SCHEMADN": names.schemadn, + "NETBIOSNAME": names.netbiosname, + "DEFAULTSITE": DEFAULTSITE, + "CONFIGDN": names.configdn, + }) + + setup_add_ldif(schemadb, setup_path("schema_samba4.ldif"), + {"SCHEMADN": names.schemadn }) + setup_add_ldif(schemadb, setup_path("schema.ldif"), + {"SCHEMADN": names.schemadn}) + + if ldap_backend_type == "fedora-ds": + setup_file(setup_path("fedora-ds.inf"), paths.fedoradsinf, + {"ROOT": root, + "HOSTNAME": hostname, + "DNSDOMAIN": names.dnsdomain, + "LDAPDIR": paths.ldapdir, + "DOMAINDN": names.domaindn, + "LDAPMANAGERDN": names.ldapmanagerdn, + "LDAPMANAGERPASS": adminpass, + "SERVERPORT": ""}) + + setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, + {"CONFIGDN": names.configdn, + "SCHEMADN": names.schemadn, + }) + + setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, + {"CONFIGDN": names.configdn, + "SCHEMADN": names.schemadn, + }) + mapping = "schema-map-fedora-ds-1.0" + backend_schema = "99_ad.ldif" + elif ldap_backend_type == "openldap": + attrs = ["linkID", "lDAPDisplayName"] + res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs); + + memberof_config = "# Generated from schema in " + schemadb_path + "\n"; + refint_attributes = ""; + for i in range (0, len(res)): + linkid = res[i]["linkID"][0] + linkid = str(int(linkid) + 1) + expression = "(&(objectclass=attributeSchema)(linkID=" + (linkid) + "))" + target = schemadb.searchone(basedn=names.schemadn, + expression=expression, + attribute="lDAPDisplayName", + scope=SCOPE_SUBTREE); + if target is not None: + refint_attributes = refint_attributes + " " + target + " " + res[i]["lDAPDisplayName"][0]; + memberof_config = memberof_config + """overlay memberof +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad """ + res[i]["lDAPDisplayName"][0] + """ +memberof-memberof-ad """ + target + """ +memberof-dangling-error 32 + +"""; + + memberof_config = memberof_config + """ +overlay refint +refint_attributes""" + refint_attributes + "\n"; + + setup_file(setup_path("slapd.conf"), paths.slapdconf, + {"DNSDOMAIN": names.dnsdomain, + "LDAPDIR": paths.ldapdir, + "DOMAINDN": names.domaindn, + "CONFIGDN": names.configdn, + "SCHEMADN": names.schemadn, + "LDAPMANAGERDN": names.ldapmanagerdn, + "LDAPMANAGERPASS": adminpass, + "MEMBEROF_CONFIG": memberof_config}) + setup_file(setup_path("modules.conf"), paths.modulesconf, + {"REALM": names.realm}) + + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "user")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "config")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "schema")) + mapping = "schema-map-openldap-2.3" + backend_schema = "backend-schema.schema" + + + ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") + message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri) + + + schema_command = "bin/ad2oLschema --option=convert:target=" + ldap_backend_type + " -I " + setup_path(mapping) + " -H tdb://" + schemadb_path + " -O " + os.path.join(paths.ldapdir, backend_schema); + + os.system(schema_command) + + + def create_phpldapadmin_config(path, setup_path, ldapi_uri): """Create a PHP LDAP admin configuration file. diff --git a/source4/scripting/python/uuidmodule.c b/source4/scripting/python/uuidmodule.c index e05b286dd0..cd9a1cb4d5 100644 --- a/source4/scripting/python/uuidmodule.c +++ b/source4/scripting/python/uuidmodule.c @@ -24,6 +24,7 @@ static PyObject *uuid_random(PyObject *self, PyObject *args) { struct GUID guid; + PyObject *pyobj; char *str; if (!PyArg_ParseTuple(args, (char *)"")) @@ -37,9 +38,11 @@ static PyObject *uuid_random(PyObject *self, PyObject *args) return NULL; } + pyobj = PyString_FromString(str); + talloc_free(str); - return PyString_FromString(str); + return pyobj; } static PyMethodDef methods[] = { |