summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/provision.py180
1 files changed, 92 insertions, 88 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 68b43eff40..fe9b582d56 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -106,7 +106,7 @@ def check_install(lp, session_info, credentials):
:param credentials: Credentials
"""
if lp.get("realm") == "":
- raise Error("Realm empty")
+ raise Exception("Realm empty")
ldb = Ldb(lp.get("sam database"), session_info=session_info,
credentials=credentials, lp=lp)
if len(ldb.search("(cn=Administrator)")) != 1:
@@ -128,6 +128,10 @@ def findnss(nssfn, names):
raise KeyError("Unable to find user/group %r" % names)
+findnss_uid = lambda names: findnss(pwd.getpwnam, names)[2]
+findnss_gid = lambda names: findnss(grp.getgrnam, names)[2]
+
+
def open_ldb(session_info, credentials, lp, dbname):
"""Open a LDB, thrashing it if it is corrupt.
@@ -301,13 +305,13 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
dnsdomain = dnsdomain.lower()
- if (serverrole == "domain controller"):
+ if serverrole == "domain controller":
if domain is None:
domain = lp.get("workgroup")
if domaindn is None:
domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
if lp.get("workgroup").upper() != domain.upper():
- raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'",
+ raise Exception("workgroup '%s' in smb.conf must match chosen domain '%s'",
lp.get("workgroup"), domain)
else:
domain = netbiosname
@@ -347,67 +351,53 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
return names
-def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir):
- if targetdir is not None:
- if not os.path.exists(targetdir):
- os.mkdir(targetdir)
- if not os.path.exists(os.path.join(targetdir, "etc")):
- os.mkdir(os.path.join(targetdir, "etc"))
+def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
+ targetdir):
+ if hostname is None:
+ hostname = socket.gethostname().split(".")[0].lower()
- smbconf = os.path.join(targetdir, "etc", "smb.conf")
+ if serverrole is None:
+ serverrole = "standalone"
- # only install a new smb.conf if there isn't one there already
+ assert serverrole in ("domain controller", "member server", "standalone")
+ if serverrole == "domain controller":
+ smbconfsuffix = "dc"
+ elif serverrole == "member server":
+ smbconfsuffix = "member"
+ elif serverrole == "standalone":
+ smbconfsuffix = "standalone"
- if not os.path.exists(smbconf):
- if hostname is None:
- hostname = socket.gethostname().split(".")[0].lower()
+ assert domain is not None
+ assert realm is not None
- if serverrole is None:
- serverrole = "standalone"
+ default_lp = param.LoadParm()
+ #Load non-existant file
+ default_lp.load(smbconf)
+
+ if targetdir is not None:
+ privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private"))
+ lockdir_line = "lock dir = " + os.path.abspath(targetdir)
- assert serverrole in ("domain controller", "member server", "standalone")
- if serverrole == "domain controller":
- smbconfsuffix = "dc"
- elif serverrole == "member server":
- smbconfsuffix = "member"
- elif serverrole == "standalone":
- smbconfsuffix = "standalone"
-
- assert domain is not None
- assert realm is not None
-
- default_lp = param.LoadParm()
- #Load non-existant file
- default_lp.load(smbconf)
-
- if targetdir is not None:
- privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private"))
- lockdir_line = "lock dir = " + os.path.abspath(targetdir)
+ default_lp.set("lock dir", os.path.abspath(targetdir))
+ else:
+ privatedir_line = ""
+ lockdir_line = ""
- default_lp.set("lock dir", os.path.abspath(targetdir))
- else:
- privatedir_line = ""
- lockdir_line = ""
-
- sysvol = os.path.join(default_lp.get("lock dir"), "sysvol")
- netlogon = os.path.join(sysvol, realm.lower(), "scripts")
-
- setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix),
- smbconf, {
- "HOSTNAME": hostname,
- "DOMAIN": domain,
- "REALM": realm,
- "SERVERROLE": serverrole,
- "NETLOGONPATH": netlogon,
- "SYSVOLPATH": sysvol,
- "PRIVATEDIR_LINE": privatedir_line,
- "LOCKDIR_LINE": lockdir_line
- })
+ sysvol = os.path.join(default_lp.get("lock dir"), "sysvol")
+ netlogon = os.path.join(sysvol, realm.lower(), "scripts")
- lp = param.LoadParm()
- lp.load(smbconf)
+ setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix),
+ smbconf, {
+ "HOSTNAME": hostname,
+ "DOMAIN": domain,
+ "REALM": realm,
+ "SERVERROLE": serverrole,
+ "NETLOGONPATH": netlogon,
+ "SYSVOLPATH": sysvol,
+ "PRIVATEDIR_LINE": privatedir_line,
+ "LOCKDIR_LINE": lockdir_line
+ })
- return lp
def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid,
@@ -502,8 +492,8 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
schemadn_ldb = "schema.ldb"
if ldap_backend is not None:
schema_ldb = ldap_backend
- schemadn_ldb = ldap_backend
-
+ schemadn_ldb = ldap_backend
+
if ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
@@ -750,7 +740,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
if serverrole == "domain controller":
samdb.set_invocation_id(invocationid)
- load_schema(setup_path, samdb, names.schemadn, names.netbiosname, names.configdn, names.sitename)
+ load_schema(setup_path, samdb, names.schemadn, names.netbiosname,
+ names.configdn, names.sitename)
samdb.transaction_start()
@@ -924,26 +915,27 @@ def provision(setup_dir, message, session_info,
machinepass = misc.random_password(12)
if dnspass is None:
dnspass = misc.random_password(12)
- if root is None:
- root_uid = findnss(pwd.getpwnam, ["root"])[2]
- else:
- root_uid = findnss(pwd.getpwnam, [root])[2]
- if nobody is None:
- nobody_uid = findnss(pwd.getpwnam, ["nobody"])[2]
- else:
- nobody_uid = findnss(pwd.getpwnam, [nobody])[2]
- if users is None:
- users_gid = findnss(grp.getgrnam, ["users"])[2]
- else:
- users_gid = findnss(grp.getgrnam, [users])[2]
+ root_uid = findnss_uid([root or "root"])
+ nobody_uid = findnss_uid([nobody or "nobody"])
+ users_gid = findnss_gid([users or "users"])
if wheel is None:
- wheel_gid = findnss(grp.getgrnam, ["wheel", "adm"])[2]
+ wheel_gid = findnss_gid(["wheel", "adm"])
else:
- wheel_gid = findnss(grp.getgrnam, [wheel])[2]
+ wheel_gid = findnss_gid([wheel])
if aci is None:
aci = "# no aci for local ldb"
- lp = load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir)
+ if smbconf is None:
+ os.makedirs(os.path.join(targetdir, "etc"))
+ smbconf = os.path.join(targetdir, "etc", "smb.conf")
+
+ # only install a new smb.conf if there isn't one there already
+ if not os.path.exists(smbconf):
+ make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
+ targetdir)
+
+ lp = param.LoadParm()
+ lp.load(smbconf)
names = guess_names(lp=lp, hostname=hostname, domain=domain,
dnsdomain=realm, serverrole=serverrole, sitename=sitename,
@@ -958,7 +950,8 @@ def provision(setup_dir, message, session_info,
if hostip6 is None:
try:
hostip6 = socket.getaddrinfo(names.hostname, None, socket.AF_INET6, socket.AI_CANONNAME, socket.IPPROTO_IP)[0][-1][0]
- except socket.gaierror: pass
+ except socket.gaierror:
+ pass
if serverrole is None:
serverrole = lp.get("server role")
@@ -1112,7 +1105,7 @@ def provision_become_dc(setup_dir=None,
ldap_backend=None, ldap_backend_type=None, sitename=None):
def message(text):
- """print a message if quiet is not set."""
+ """print a message if quiet is not set."""
print text
return provision(setup_dir, message, system_session(), None,
@@ -1151,11 +1144,22 @@ def provision_backend(setup_dir=None, message=None,
if root is None:
root = findnss(pwd.getpwnam, ["root"])[0]
- lp = load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir)
+ if smbconf is None:
+ os.makedirs(os.path.join(targetdir, "etc"))
+ smbconf = os.path.join(targetdir, "etc", "smb.conf")
+
+ # only install a new smb.conf if there isn't one there already
+ if not os.path.exists(smbconf):
+ make_smbconf(smbconf, setup_path, hostname, domain, realm,
+ serverrole, targetdir)
+
+ lp = param.LoadParm()
+ lp.load(smbconf)
names = guess_names(lp=lp, hostname=hostname, domain=domain,
dnsdomain=realm, serverrole=serverrole,
- rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn)
+ rootdn=rootdn, domaindn=domaindn, configdn=configdn,
+ schemadn=schemadn)
paths = provision_paths_from_lp(lp, names.dnsdomain)
@@ -1216,11 +1220,11 @@ def provision_backend(setup_dir=None, message=None,
elif ldap_backend_type == "openldap":
attrs = ["linkID", "lDAPDisplayName"]
- res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs);
+ res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs);
- memberof_config = "# Generated from schema in " + schemadb_path + "\n";
- refint_attributes = "";
- for i in range (0, len(res)):
+ memberof_config = "# Generated from schema in " + schemadb_path + "\n";
+ refint_attributes = "";
+ for i in range (0, len(res)):
linkid = res[i]["linkID"][0]
linkid = str(int(linkid) + 1)
expression = "(&(objectclass=attributeSchema)(linkID=" + (linkid) + "))"
@@ -1240,11 +1244,11 @@ memberof-dangling-error 32
""";
- memberof_config = memberof_config + """
+ memberof_config = memberof_config + """
overlay refint
refint_attributes""" + refint_attributes + "\n";
-
- setup_file(setup_path("slapd.conf"), paths.slapdconf,
+
+ setup_file(setup_path("slapd.conf"), paths.slapdconf,
{"DNSDOMAIN": names.dnsdomain,
"LDAPDIR": paths.ldapdir,
"DOMAINDN": names.domaindn,
@@ -1253,7 +1257,7 @@ refint_attributes""" + refint_attributes + "\n";
"LDAPMANAGERDN": names.ldapmanagerdn,
"LDAPMANAGERPASS": adminpass,
"MEMBEROF_CONFIG": memberof_config})
- setup_file(setup_path("modules.conf"), paths.modulesconf,
+ setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
setup_db_config(setup_path, os.path.join(paths.ldapdir, os.path.join("db", "user")))
@@ -1316,8 +1320,8 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
hostip6_host_line = ""
if hostip6 is not None:
- hostip6_base_line = " IN AAAA " + hostip6
- hostip6_host_line = hostname + " IN AAAA " + hostip6
+ hostip6_base_line = " IN AAAA " + hostip6
+ hostip6_host_line = hostname + " IN AAAA " + hostip6
setup_file(setup_path("provision.zone"), path, {
"DNSPASS_B64": b64encode(dnspass),