diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/ejs/smbcalls_string.c | 15 | ||||
-rw-r--r-- | source4/scripting/libjs/provision.js | 222 | ||||
-rwxr-xr-x | source4/setup/provision | 205 |
3 files changed, 245 insertions, 197 deletions
diff --git a/source4/scripting/ejs/smbcalls_string.c b/source4/scripting/ejs/smbcalls_string.c index ad998701f6..6597f3b27b 100644 --- a/source4/scripting/ejs/smbcalls_string.c +++ b/source4/scripting/ejs/smbcalls_string.c @@ -27,6 +27,20 @@ /* usage: + var len = strlen(str); +*/ +static int ejs_strlen(MprVarHandle eid, int argc, char **argv) +{ + if (argc != 1) { + ejsSetErrorMsg(eid, "strlen invalid arguments"); + return -1; + } + mpr_Return(eid, mprCreateIntegerVar(strlen_m(argv[0]))); + return 0; +} + +/* + usage: var s = strlower("UPPER"); */ static int ejs_strlower(MprVarHandle eid, int argc, char **argv) @@ -311,6 +325,7 @@ static int ejs_vsprintf(MprVarHandle eid, int argc, struct MprVar **argv) */ void smb_setup_ejs_string(void) { + ejsDefineStringCFunction(-1, "strlen", ejs_strlen, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineStringCFunction(-1, "strlower", ejs_strlower, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineStringCFunction(-1, "strupper", ejs_strupper, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineStringCFunction(-1, "split", ejs_split, NULL, MPR_VAR_SCRIPT_HANDLE); diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js new file mode 100644 index 0000000000..ba6807ce44 --- /dev/null +++ b/source4/scripting/libjs/provision.js @@ -0,0 +1,222 @@ +/* + backend code for provisioning a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +/* used to generate sequence numbers for records */ +provision_next_usn = 1; + +/* + find a user or group from a list of possibilities +*/ +function findnss() +{ + var i; + assert(arguments.length >= 2); + var nssfn = arguments[0]; + for (i=1;i<arguments.length;i++) { + if (nssfn(arguments[i]) != undefined) { + return arguments[i]; + } + } + printf("Unable to find user/group for %s\n", arguments[1]); + assert(i<arguments.length); +} + +/* + add a foreign security principle + */ +function add_foreign(str, sid, desc, unixname) +{ + var add = " +dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: ${SID} +description: ${DESC} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: ${SID} +objectGUID: ${NEWGUID} +objectSid: ${SID} +objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +unixName: ${UNIXNAME} +"; + var sub = new Object(); + sub.SID = sid; + sub.DESC = desc; + sub.UNIXNAME = unixname; + return str + substitute_var(add, sub); +} + +/* + return current time as a nt time string +*/ +function nttime() +{ + return "" + sys_nttime(); +} + +/* + return current time as a ldap time string +*/ +function ldaptime() +{ + return sys_ldaptime(sys_nttime()); +} + +/* + return a date string suitable for a dns zone serial number +*/ +function datestring() +{ + var t = sys_gmtime(sys_nttime()); + return sprintf("%04u%02u%02u%02u", + t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour); +} + +/* + return first host IP +*/ +function hostip() +{ + var list = sys_interfaces(); + return list[0]; +} + +/* + return current time as a ldap time string +*/ +function nextusn() +{ + provision_next_usn = provision_next_usn+1; + return provision_next_usn; +} + +/* + return first part of hostname +*/ +function hostname() +{ + var s = split(".", sys_hostname()); + return s[0]; +} + + +/* + setup a ldb in the private dir + */ +function setup_ldb(ldif, dbname, subobj) +{ + var extra = ""; + if (arguments.length == 4) { + extra = arguments[3]; + } + + var db = lpGet("private dir") + "/" + dbname; + var src = lpGet("setup directory") + "/" + ldif; + + sys_unlink(db); + + var data = sys_file_load(src); + data = data + extra; + data = substitute_var(data, subobj); + + ok = ldbAdd(db, data); + assert(ok); +} + +/* + setup a file in the private dir + */ +function setup_file(template, fname, subobj) +{ + var f = lpGet("private dir") + "/" + fname; + var src = lpGet("setup directory") + "/" + template; + + sys_unlink(f); + + var data = sys_file_load(src); + data = substitute_var(data, subobj); + + ok = sys_file_save(f, data); + assert(ok); +} + +/* + provision samba4 - caution, this wipes all existing data! +*/ +function provision(subobj, message) +{ + var data = ""; + + /* + some options need to be upper/lower case + */ + subobj.REALM = strlower(subobj.REALM); + subobj.HOSTNAME = strlower(subobj.HOSTNAME); + subobj.DOMAIN = strupper(subobj.DOMAIN); + subobj.NETBIOSNAME = strupper(subobj.HOSTNAME); + + data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}"); + data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}"); + data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}"); + data = add_foreign(data, "S-1-5-18", "System", "${ROOT}"); + data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}"); + + provision_next_usn = 1; + + message("Setting up hklm.ldb\n"); + setup_ldb("hklm.ldif", "hklm.ldb", subobj); + message("Setting up sam.ldb\n"); + setup_ldb("provision.ldif", "sam.ldb", subobj, data); + message("Setting up rootdse.ldb\n"); + setup_ldb("rootdse.ldif", "rootdse.ldb", subobj); + message("Setting up secrets.ldb\n"); + setup_ldb("secrets.ldif", "secrets.ldb", subobj); + message("Setting up DNS zone file\n"); + setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj); +} + +/* + guess reasonably default options for provisioning +*/ +function provision_guess() +{ + var subobj = new Object(); + subobj.REALM = lpGet("realm"); + subobj.DOMAIN = lpGet("workgroup"); + subobj.HOSTNAME = hostname(); + subobj.HOSTIP = hostip(); + subobj.DOMAINGUID = randguid(); + subobj.DOMAINSID = randsid(); + subobj.HOSTGUID = randguid(); + subobj.INVOCATIONID = randguid(); + subobj.KRBTGTPASS = randpass(12); + subobj.MACHINEPASS = randpass(12); + subobj.ADMINPASS = randpass(12); + subobj.DEFAULTSITE = "Default-First-Site-Name"; + subobj.NEWGUID = randguid; + subobj.NTTIME = nttime; + subobj.LDAPTIME = ldaptime; + subobj.DATESTRING = datestring; + subobj.USN = nextusn; + subobj.ROOT = findnss(getpwnam, "root"); + subobj.NOBODY = findnss(getpwnam, "nobody"); + subobj.NOGROUP = findnss(getgrnam, "nogroup"); + subobj.WHEEL = findnss(getgrnam, "wheel", "root"); + subobj.USERS = findnss(getgrnam, "users", "guest", "other"); + subobj.DNSDOMAIN = strlower(subobj.REALM); + subobj.DNSNAME = sprintf("%s.%s", + strlower(subobj.HOSTNAME), + subobj.DNSDOMAIN); + subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM)); + return subobj; +} + +return 0; diff --git a/source4/setup/provision b/source4/setup/provision index f37907241e..56c526541d 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -33,153 +33,16 @@ if (ok == false) { } libinclude("base.js"); - -/* used to generate sequence numbers for records */ -next_usn = 1; +libinclude("provision.js"); /* print a message if quiet is not set */ -function message(s) +function message() { if (options["quiet"] == undefined) { - println(s); - } -} - -/* - find a user or group from a list of possibilities -*/ -function findnss() -{ - var i; - assert(arguments.length >= 2); - var nssfn = arguments[0]; - var name = arguments[1]; - if (options[name] != undefined) { - return options[name]; - } - for (i=2;i<arguments.length;i++) { - if (nssfn(arguments[i]) != undefined) { - return arguments[i]; - } - } - println("Unable to find user/group for " + name); - exit(1); -} - -/* - add a foreign security principle - */ -function add_foreign(str, sid, desc, unixname) -{ - var add = " -dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN} -objectClass: top -objectClass: foreignSecurityPrincipal -cn: ${SID} -description: ${DESC} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: ${SID} -objectGUID: ${NEWGUID} -objectSid: ${SID} -objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} -unixName: ${UNIXNAME} -"; - var sub = new Object(); - sub.SID = sid; - sub.DESC = desc; - sub.UNIXNAME = unixname; - return str + substitute_var(add, sub); -} - -/* - return current time as a nt time string -*/ -function nttime() -{ - return "" + sys_nttime(); -} - -/* - return current time as a ldap time string -*/ -function ldaptime() -{ - return sys_ldaptime(sys_nttime()); -} - -function datestring() -{ - var t = sys_gmtime(sys_nttime()); - return sprintf("%04u%02u%02u%02u", - t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour); -} - -/* - return current time as a ldap time string -*/ -function nextusn() -{ - next_usn = next_usn+1; - return next_usn; -} - -/* - return first part of hostname -*/ -function hostname() -{ - var s = split(".", sys_hostname()); - return s[0]; -} - - -/* - setup a ldb in the private dir - */ -function setup_ldb(ldif, dbname, subobj) -{ - var extra = ""; - if (arguments.length == 4) { - extra = arguments[3]; + print(vsprintf(arguments)); } - - var db = lpGet("private dir") + "/" + dbname; - var src = lpGet("setup directory") + "/" + ldif; - - sys_unlink(db); - - var data = sys_file_load(src); - data = data + extra; - data = substitute_var(data, subobj); - - message("Creating " + db + "\n from " + src); - ok = ldbAdd(db, data); - assert(ok); -} - -/* - setup a file in the private dir - */ -function setup_file(template, fname, subobj) -{ - var f = lpGet("private dir") + "/" + fname; - var src = lpGet("setup directory") + "/" + template; - - sys_unlink(f); - - var data = sys_file_load(src); - data = substitute_var(data, subobj); - - message("Creating " + f + "\n from " + src); - ok = sys_file_save(f, data); - assert(ok); } /* @@ -228,66 +91,14 @@ if (options["realm"] == undefined || ShowHelp(); } -options.realm = strlower(options.realm); -options['host-name'] = strlower(options['host-name']); -options.domain = strupper(options.domain); -options.netbiosname = strupper(options['host-name']); - -if (options.hostip == undefined) { - var list = sys_interfaces(); - options.hostip = list[0]; -} - -message("Provisioning for " + options.domain + " in realm " + options.realm); - -options.root = findnss(getpwnam, "root", "root"); -options.nobody = findnss(getpwnam, "nobody", "nobody"); -options.nogroup = findnss(getgrnam, "nogroup", "nogroup", "nobody"); -options.wheel = findnss(getgrnam, "wheel", "wheel", "root"); -options.users = findnss(getgrnam, "users", "users", "guest", "other"); - - -options.dnsdomain = strlower(options.realm); -options.dnsname = strlower(options['host-name']) + "." + options.dnsdomain; -options.basedn = "DC=" + join(",DC=", split(".", options.realm)); - -/* - setup the substitution object -*/ -var subobj = new Object(); -subobj.DOMAINGUID = randguid(); -subobj.DOMAINSID = randsid(); -subobj.HOSTGUID = randguid(); -subobj.INVOCATIONID = randguid(); -subobj.KRBTGTPASS = randpass(12); -subobj.MACHINEPASS = randpass(12); -subobj.ADMINPASS = randpass(12); -subobj.DEFAULTSITE = "Default-First-Site-Name"; -subobj.NEWGUID = randguid; -subobj.NTTIME = nttime; -subobj.LDAPTIME = ldaptime; -subobj.DATESTRING = datestring; -subobj.USN = nextusn; +var subobj = provision_guess(); for (r in options) { var key = strupper(join("", split("-", r))); subobj[key] = options[r]; } - -var extradata = ""; -extradata = add_foreign(extradata, "S-1-5-7", "Anonymous", "${NOBODY}"); -extradata = add_foreign(extradata, "S-1-1-0", "World", "${NOGROUP}"); -extradata = add_foreign(extradata, "S-1-5-2", "Network", "${NOGROUP}"); -extradata = add_foreign(extradata, "S-1-5-18", "System", "${ROOT}"); -extradata = add_foreign(extradata, "S-1-5-11", "Authenticated Users", "${USERS}"); - -message("Using administrator password: " + subobj.ADMINPASS); - -setup_ldb("hklm.ldif", "hklm.ldb", subobj); -setup_ldb("provision.ldif", "sam.ldb", subobj, extradata); -setup_ldb("rootdse.ldif", "rootdse.ldb", subobj); -setup_ldb("secrets.ldif", "secrets.ldb", subobj); -setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj); - -message("All OK"); +message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); +message("Using administrator password: %s\n", subobj.ADMINPASS); +provision(subobj, message); +message("All OK\n"); return 0; |