diff options
Diffstat (limited to 'source4/setup/provision.pl')
| -rwxr-xr-x | source4/setup/provision.pl | 514 |
1 files changed, 0 insertions, 514 deletions
diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl deleted file mode 100755 index 51c1d29631..0000000000 --- a/source4/setup/provision.pl +++ /dev/null @@ -1,514 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Socket; -use Getopt::Long; - -my $opt_hostname = `hostname | cut -d. -f1`; -chomp $opt_hostname; -my $opt_hostip; -my $opt_realm; -my $opt_domain; -my $opt_adminpass; -my $opt_krbtgtpass; -my $opt_machinepass; -my $opt_root; -my $opt_nobody; -my $opt_nogroup; -my $opt_wheel; -my $opt_users; -my $opt_outputdir; -my $opt_quiet; -my $dnsdomain; -my $netbiosname; -my $dnsname; -my $basedn; -my $defaultsite = "Default-First-Site-Name"; -my $usn = 1; - -# return the current NTTIME as an integer -sub nttime() -{ - my $t = time(); - $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); - $t *= 1.0e7; - return sprintf("%.0f", $t); -} - -# generate a random guid. Not a good algorithm. -sub randguid() -{ - my $r1 = int(rand(2**32)); - my $r2 = int(rand(2**16)); - my $r3 = int(rand(2**16)); - my $r4 = int(rand(2**16)); - my $r5 = int(rand(2**32)); - my $r6 = int(rand(2**16)); - return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); -} - -my $opt_domainguid = randguid(); -my $opt_hostguid = randguid(); -my $opt_invocationid = randguid(); - -sub randsid() -{ - return sprintf("S-1-5-21-%d-%d-%d", - int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); -} - -my $opt_domainsid = randsid(); - -# generate a random password. Poor algorithm :( -sub randpass() -{ - my $pass = ""; - my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; - for (my $i=0;$i<8;$i++) { - my $c = int(rand(length($chars))); - $pass .= substr($chars, $c, 1); - } - return $pass; -} - -sub ldaptime() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u.0Z", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -sub timestring() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -sub datestring() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u", - $year+1900, $mon+1, $mday, $hour; -} - -####################### -# substitute a single variable -sub substitute($) -{ - my $var = shift; - - if ($var eq "BASEDN") { - return $basedn; - } - - if ($var eq "DOMAINSID") { - return $opt_domainsid; - } - - if ($var eq "DOMAIN") { - return $opt_domain; - } - - if ($var eq "REALM") { - return $opt_realm; - } - - if ($var eq "DNSDOMAIN") { - return $dnsdomain; - } - - if ($var eq "HOSTNAME") { - return $opt_hostname; - } - - if ($var eq "NETBIOSNAME") { - return $netbiosname; - } - - if ($var eq "DNSNAME") { - return $dnsname; - } - - if ($var eq "HOSTIP") { - return $opt_hostip; - } - - if ($var eq "LDAPTIME") { - return ldaptime(); - } - - if ($var eq "TIMESTRING") { - return timestring(); - } - - if ($var eq "DATESTRING") { - return datestring(); - } - - if ($var eq "NEWGUID") { - return randguid(); - } - - if ($var eq "NEWSCHEMAGUID") { - return randguid(); - } - - if ($var eq "DOMAINGUID") { - return $opt_domainguid; - } - - if ($var eq "HOSTGUID") { - return $opt_hostguid; - } - - if ($var eq "INVOCATIONID") { - return $opt_invocationid; - } - - if ($var eq "DEFAULTSITE") { - return $defaultsite; - } - - if ($var eq "ADMINPASS") { - return $opt_adminpass; - } - - if ($var eq "KRBTGTPASS") { - return $opt_krbtgtpass; - } - - if ($var eq "MACHINEPASS") { - return $opt_machinepass; - } - - if ($var eq "NTTIME") { - return "" . nttime(); - } - - if ($var eq "WHEEL") { - return $opt_wheel; - } - - if ($var eq "NOBODY") { - return $opt_nobody; - } - - if ($var eq "ROOT") { - return $opt_root; - } - - if ($var eq "NOGROUP") { - return $opt_nogroup; - } - - if ($var eq "USERS") { - return $opt_users; - } - - if ($var eq "USN") { - my $ret = $usn; - $usn = $ret + 1; - return $ret; - } - - die "ERROR: Uknown substitution variable $var\n"; -} - - -#################################################################### -# substitute all variables in a string -sub apply_substitutions($) -{ - my $data = shift; - my $res = ""; - while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { - my $sub = substitute($2); - $res .= "$1$sub"; - $data = $3; - } - $res .= $data; - return $res; -} - - -##################################################################### -# write a string into a file -sub FileSave($$) -{ - my($filename) = shift; - my($v) = shift; - local(*FILE); - open(FILE, ">$filename") || die "can't open $filename"; - print FILE $v; - close(FILE); -} - -##################################################################### -# read a file into a string -sub FileLoad($) -{ - my($filename) = shift; - local(*INPUTFILE); - open(INPUTFILE, $filename) || return undef; - my($saved_delim) = $/; - undef $/; - my($data) = <INPUTFILE>; - close(INPUTFILE); - $/ = $saved_delim; - return $data; -} - -####################################################################### -# add a foreign security principle -sub add_foreign($$$) -{ - my $sid = shift; - my $desc = shift; - my $unixname = shift; - return " -dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN} -objectClass: top -objectClass: foreignSecurityPrincipal -cn: $sid -description: $desc -instanceType: 4 -whenCreated: \${LDAPTIME} -whenChanged: \${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: $sid -objectGUID: \${NEWGUID} -objectSid: $sid -objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN} -unixName: $unixname - -"; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 provisioning - -provision.pl [options] - --realm REALM set realm - --domain DOMAIN set domain - --domain-guid GUID set domainguid (otherwise random) - --domain-sid SID set domainsid (otherwise random) - --host-name HOSTNAME set hostname - --host-ip IPADDRESS set ipaddress - --host-guid GUID set hostguid (otherwise random) - --invocationid GUID set invocationid (otherwise random) - --outputdir OUTPUTDIR set output directory - --adminpass PASSWORD choose admin password (otherwise random) - --krbtgtpass PASSWORD choose krbtgt password (otherwise random) - --machinepass PASSWORD choose machine password (otherwise random) - --root USERNAME choose 'root' unix username - --nobody USERNAME choose 'nobody' user - --nogroup GROUPNAME choose 'nogroup' group - --wheel GROUPNAME choose 'wheel' privileged group - --users GROUPNAME choose 'users' group - --quiet Be quiet - -You must provide at least a realm and domain - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'realm=s' => \$opt_realm, - 'domain=s' => \$opt_domain, - 'domain-guid=s' => \$opt_domainguid, - 'domain-sid=s' => \$opt_domainsid, - 'host-name=s' => \$opt_hostname, - 'host-ip=s' => \$opt_hostip, - 'host-guid=s' => \$opt_hostguid, - 'invocationid=s' => \$opt_invocationid, - 'adminpass=s' => \$opt_adminpass, - 'krbtgtpass=s' => \$opt_krbtgtpass, - 'machinepass=s' => \$opt_machinepass, - 'root=s' => \$opt_root, - 'nobody=s' => \$opt_nobody, - 'nogroup=s' => \$opt_nogroup, - 'wheel=s' => \$opt_wheel, - 'users=s' => \$opt_users, - 'outputdir=s' => \$opt_outputdir, - 'quiet' => \$opt_quiet - ); - -if ($opt_help || - !$opt_realm || - !$opt_domain || - !$opt_hostname) { - ShowHelp(); -} - -$opt_realm=lc($opt_realm); -$opt_domain=uc($opt_domain); -$opt_hostname=lc($opt_hostname); -$netbiosname=uc($opt_hostname); - -if (!$opt_hostip) { - my $hip = gethostbyname($opt_hostname); - if (defined $hip) { - $opt_hostip = inet_ntoa($hip); - } else { - $opt_hostip = "<0.0.0.0>"; - } -} - -$opt_quiet or print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; - -if (!$opt_root) { - $opt_root = "root"; -} - -if (!$opt_nobody) { - if (defined getpwnam("nobody")) { - $opt_nobody = "nobody"; - } -} - -if (!$opt_nogroup) { - if (defined getgrnam("nogroup")) { - $opt_nogroup = "nogroup"; - } elsif (defined getgrnam("nobody")) { - $opt_nogroup = "nobody"; - } -} - -if (!$opt_wheel) { - if (defined getgrnam("wheel")) { - $opt_wheel = "wheel"; - } elsif (defined getgrnam("root")) { - $opt_wheel = "root"; - } -} - -if (!$opt_users) { - if (defined getgrnam("users")) { - $opt_users = "users"; - } elsif (defined getgrnam("guest")) { - $opt_users = "guest"; - } elsif (defined getgrnam("other")) { - $opt_users = "other"; - } -} - -$opt_nobody || die "Unable to determine a user for 'nobody'\n"; -$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; -$opt_users || die "Unable to determine a group for 'users'\n"; -$opt_wheel || die "Unable to determine a group for 'wheel'\n"; - -$opt_quiet or print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; - -$opt_quiet or print "generating ldif ...\n"; - -$dnsdomain = lc($opt_realm); -$dnsname = lc($opt_hostname).".".$dnsdomain; -$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); - -my $data = FileLoad("setup/provision.ldif") || die "Unable to load provision.ldif\n"; - -$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); -$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-18", "System", "\${ROOT}"); -$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); - -if (!$opt_adminpass) { - $opt_adminpass = randpass(); - print "chose random Administrator password '$opt_adminpass'\n"; -} - -if (!$opt_krbtgtpass) { - $opt_krbtgtpass = randpass(); - print "chose random krbtgt password '$opt_krbtgtpass'\n"; -} - -if (!$opt_machinepass) { - $opt_machinepass = randpass(); - print "chose random machine password '$opt_machinepass'\n"; -} - -# allow provisioning to be run from the source directory -$ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"}; - - -my $res = apply_substitutions($data); - -my $newdb = $opt_outputdir; - -unless ($newdb) { - $newdb = "newdb." . int(rand(1000)); -} - -$opt_quiet or print "Putting new database files in $newdb\n"; - -unless ($opt_outputdir) { - mkdir($newdb, 0755) || die "Unable to create temporary directory $newdb\n"; -} - -FileSave("$newdb/sam.ldif", $res); - -$opt_quiet or print "creating $newdb/sam.ldb ...\n"; - -system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; - -$data = FileLoad("setup/rootdse.ldif") || die "Unable to load rootdse.ldif\n"; - -$res = apply_substitutions($data); - -FileSave("$newdb/rootdse.ldif", $res); - -$opt_quiet or print "creating $newdb/rootdse.ldb ...\n"; - -system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; - -$data = FileLoad("setup/secrets.ldif") || die "Unable to load secrets.ldif\n"; - -$res = apply_substitutions($data); - -FileSave("$newdb/secrets.ldif", $res); - -$opt_quiet or print "creating $newdb/secrets.ldb ...\n"; - -system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; - -$data = FileLoad("setup/provision.zone") || die "Unable to load provision.zone\n"; - -$res = apply_substitutions($data); - -$opt_quiet or print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; - -FileSave("$newdb/$dnsdomain.zone", $res); - -$data = FileLoad("setup/provision.smb.conf") || die "Unable to load provision.smb.conf\n"; - -$res = apply_substitutions($data); - -$opt_quiet or print "saving smb.conf to $newdb/smb.conf ...\n"; - -FileSave("$newdb/smb.conf", $res); - -$opt_quiet or print "creating $newdb/hklm.ldb ... \n"; - -system("ldbadd -H $newdb/hklm.ldb setup/hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; - -$opt_quiet or print " - -Installation: -- Please move $newdb/*.ldb to the private/ directory of your - Samba4 installation -- Please move $newdb/smb.conf to the lib/ directory of your - Samba4 installation -- Please use $newdb/$dnsdomain.zone in BIND on your dns server -"; |