From 23f79c5c9a7877a04ab3a169142dea7cb5742ff7 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 12 Jul 2005 06:02:20 +0000
Subject: r8347: replace the perl provision script with a ejs script

I don't mind depending on perl at compile time, but I want to avoid
depending on it at runtime. This also will make it easy to add web
install wizard
(This used to be commit f27a68176984c6856fad2e3a028458eb96943f80)
---
 source4/setup/provision    |  79 +++++--
 source4/setup/provision.pl | 514 ---------------------------------------------
 2 files changed, 66 insertions(+), 527 deletions(-)
 delete mode 100755 source4/setup/provision.pl

(limited to 'source4/setup')

diff --git a/source4/setup/provision b/source4/setup/provision
index 86bc49e537..8766688de9 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -115,6 +115,13 @@ function ldaptime()
 	return sys_ldaptime(sys_nttime());
 }
 
+function datestring()
+{
+	var t = sys_gmtime(sys_nttime());
+	return sprintf("%04u%02u%02u%02u",
+		       t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
+}
+
 /*
   return current time as a ldap time string
 */
@@ -133,6 +140,50 @@ function hostname()
 	return s[0];
 }
 
+
+/*
+  setup a ldb in the private dir
+ */
+function setup_ldb(ldif, dbname, subobj)
+{
+	var extra = "";
+	if (arguments.length == 4) {
+		extra = arguments[3];
+	}
+	printVars(lpGet("setup directory"));
+
+	var db = lpGet("private dir") + "/" + dbname;
+	var src = lpGet("setup directory") + "/" + ldif;
+
+	sys_unlink(db);
+
+	var data = sys_file_load(src);
+	data = data + extra;
+	data = substitute_var(data, subobj);
+
+	message("Creating " + db + "\n from " + src);
+	ok = ldbAdd(db, data);
+	assert(ok);
+}
+
+/*
+  setup a file in the private dir
+ */
+function setup_file(template, fname, subobj)
+{
+	var f = lpGet("private dir") + "/" + fname;
+	var src = lpGet("setup directory") + "/" + template;
+
+	sys_unlink(f);
+
+	var data = sys_file_load(src);
+	data = substitute_var(data, subobj);
+
+	message("Creating " + f + "\n from " + src);
+	ok = sys_file_save(f, data);
+	assert(ok);
+}
+
 /*
  show some help
 */
@@ -203,12 +254,6 @@ options.dnsdomain = strlower(options.realm);
 options.dnsname   = strlower(options['host-name']) + "." + options.dnsdomain;
 options.basedn    = "DC=" + join(",DC=", split(".", options.realm));
 
-var data = FileLoad("setup/provision.ldif");
-if (data == undefined) {
-	println("Unable to load provision.ldif");
-	exit(1);
-}
-
 /*
   setup the substitution object
 */
@@ -224,6 +269,7 @@ subobj.DEFAULTSITE  = "Default-First-Site-Name";
 subobj.NEWGUID      = randguid;
 subobj.NTTIME       = nttime;
 subobj.LDAPTIME     = ldaptime;
+subobj.DATESTRING   = datestring;
 subobj.USN          = nextusn;
 for (r in options) {
 	var key = strupper(join("", split("-", r)));
@@ -231,13 +277,20 @@ for (r in options) {
 }
 
 
-data = add_foreign(data, "S-1-5-7",  "Anonymous",           "${NOBODY}");
-data = add_foreign(data, "S-1-1-0",  "World",               "${NOGROUP}");
-data = add_foreign(data, "S-1-5-2",  "Network",             "${NOGROUP}");
-data = add_foreign(data, "S-1-5-18", "System",              "${ROOT}");
-data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
+var extradata = "";
+extradata = add_foreign(extradata, "S-1-5-7",  "Anonymous",           "${NOBODY}");
+extradata = add_foreign(extradata, "S-1-1-0",  "World",               "${NOGROUP}");
+extradata = add_foreign(extradata, "S-1-5-2",  "Network",             "${NOGROUP}");
+extradata = add_foreign(extradata, "S-1-5-18", "System",              "${ROOT}");
+extradata = add_foreign(extradata, "S-1-5-11", "Authenticated Users", "${USERS}");
+
+message("Using administrator password: " + subobj.ADMINPASS);
 
-newdata = substitute_var(data, subobj);
+setup_ldb("hklm.ldif", "hklm.ldb", subobj);
+setup_ldb("provision.ldif", "sam.ldb", subobj, extradata);
+setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
+setup_ldb("secrets.ldif", "secrets.ldb", subobj);
+setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj);
 
-println(newdata);
+message("All OK");
 return 0;
diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl
deleted file mode 100755
index 51c1d29631..0000000000
--- a/source4/setup/provision.pl
+++ /dev/null
@@ -1,514 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use Socket;
-use Getopt::Long;
-
-my $opt_hostname = `hostname | cut -d. -f1`;
-chomp $opt_hostname;
-my $opt_hostip;
-my $opt_realm;
-my $opt_domain;
-my $opt_adminpass;
-my $opt_krbtgtpass;
-my $opt_machinepass;
-my $opt_root;
-my $opt_nobody;
-my $opt_nogroup;
-my $opt_wheel;
-my $opt_users;
-my $opt_outputdir;
-my $opt_quiet;
-my $dnsdomain;
-my $netbiosname;
-my $dnsname;
-my $basedn;
-my $defaultsite = "Default-First-Site-Name";
-my $usn = 1;
-
-# return the current NTTIME as an integer
-sub nttime()
-{
-	my $t = time();
-	$t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60));
-	$t *= 1.0e7;
-	return sprintf("%.0f", $t);
-}
-
-# generate a random guid. Not a good algorithm.
-sub randguid()
-{
-	my $r1 = int(rand(2**32));
-	my $r2 = int(rand(2**16));
-	my $r3 = int(rand(2**16));
-	my $r4 = int(rand(2**16));
-	my $r5 = int(rand(2**32));
-	my $r6 = int(rand(2**16));
-	return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
-}
-
-my $opt_domainguid = randguid();
-my $opt_hostguid = randguid();
-my $opt_invocationid = randguid();
-
-sub randsid()
-{
-	return sprintf("S-1-5-21-%d-%d-%d", 
-		       int(rand(10**8)), int(rand(10**8)), int(rand(10**8)));
-}
-
-my $opt_domainsid = randsid();
-
-# generate a random password. Poor algorithm :(
-sub randpass()
-{
-	my $pass = "";
-	my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~";
-	for (my $i=0;$i<8;$i++) {
-		my $c = int(rand(length($chars)));
-		$pass .= substr($chars, $c, 1);
-	}
-	return $pass;
-}
-
-sub ldaptime()
-{
-	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) =  gmtime(time);
-	return sprintf "%04u%02u%02u%02u%02u%02u.0Z",
-	$year+1900, $mon+1, $mday, $hour, $min, $sec;
-}
-
-sub timestring()
-{
-	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) =  gmtime(time);
-	return sprintf "%04u%02u%02u%02u%02u%02u",
-	$year+1900, $mon+1, $mday, $hour, $min, $sec;
-}
-
-sub datestring()
-{
-	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) =  gmtime(time);
-	return sprintf "%04u%02u%02u%02u",
-	$year+1900, $mon+1, $mday, $hour;
-}
-
-#######################
-# substitute a single variable
-sub substitute($)
-{
-	my $var = shift;
-
-	if ($var eq "BASEDN") {
-		return $basedn;
-	}
-
-	if ($var eq "DOMAINSID") {
-		return $opt_domainsid;
-	}
-
-	if ($var eq "DOMAIN") {
-		return $opt_domain;
-	}
-
-	if ($var eq "REALM") {
-		return $opt_realm;
-	}
-
-	if ($var eq "DNSDOMAIN") {
-		return $dnsdomain;
-	}
-
-	if ($var eq "HOSTNAME") {
-		return $opt_hostname;
-	}
-
-	if ($var eq "NETBIOSNAME") {
-		return $netbiosname;
-	}
-
-	if ($var eq "DNSNAME") {
-		return $dnsname;
-	}
-
-	if ($var eq "HOSTIP") {
-		return $opt_hostip;
-	}
-
-	if ($var eq "LDAPTIME") {
-		return ldaptime();
-	}
-
-	if ($var eq "TIMESTRING") {
-		return timestring();
-	}
-
-	if ($var eq "DATESTRING") {
-		return datestring();
-	}
-
-	if ($var eq "NEWGUID") {
-		return randguid();
-	}
-
-	if ($var eq "NEWSCHEMAGUID") {
-		return randguid();
-	}
-
-	if ($var eq "DOMAINGUID") {
-		return $opt_domainguid;
-	}
-
-	if ($var eq "HOSTGUID") {
-		return $opt_hostguid;
-	}
-
-	if ($var eq "INVOCATIONID") {
-		return $opt_invocationid;
-	}
-
-	if ($var eq "DEFAULTSITE") {
-		return $defaultsite;
-	}
-
-	if ($var eq "ADMINPASS") {
-		return $opt_adminpass;
-	}
-
-	if ($var eq "KRBTGTPASS") {
-		return $opt_krbtgtpass;
-	}
-
-	if ($var eq "MACHINEPASS") {
-	    return $opt_machinepass;
-	}
-
-	if ($var eq "NTTIME") {
-		return "" . nttime();
-	}
-
-	if ($var eq "WHEEL") {
-		return $opt_wheel;
-	}
-
-	if ($var eq "NOBODY") {
-		return $opt_nobody;
-	}
-
-	if ($var eq "ROOT") {
-		return $opt_root;
-	}
-
-	if ($var eq "NOGROUP") {
-		return $opt_nogroup;
-	}
-
-	if ($var eq "USERS") {
-		return $opt_users;
-	}
-
-	if ($var eq "USN") {
-		my $ret = $usn;
-		$usn = $ret + 1;
-		return $ret;
-	}
-
-	die "ERROR: Uknown substitution variable $var\n";
-}
-
-
-####################################################################
-# substitute all variables in a string
-sub apply_substitutions($)
-{
-	my $data = shift;
-	my $res = "";
-	while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
-		my $sub = substitute($2);
-		$res .= "$1$sub";
-		$data = $3;
-	}
-	$res .= $data;
-	return $res;
-}
-
-
-#####################################################################
-# write a string into a file
-sub FileSave($$)
-{
-    my($filename) = shift;
-    my($v) = shift;
-    local(*FILE);
-    open(FILE, ">$filename") || die "can't open $filename";    
-    print FILE $v;
-    close(FILE);
-}
-
-#####################################################################
-# read a file into a string
-sub FileLoad($)
-{
-    my($filename) = shift;
-    local(*INPUTFILE);
-    open(INPUTFILE, $filename) || return undef;
-    my($saved_delim) = $/;
-    undef $/;
-    my($data) = <INPUTFILE>;
-    close(INPUTFILE);
-    $/ = $saved_delim;
-    return $data;
-}
-
-#######################################################################
-# add a foreign security principle
-sub add_foreign($$$)
-{
-	my $sid = shift;
-	my $desc = shift;
-	my $unixname = shift;
-	return "
-dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-cn: $sid
-description: $desc
-instanceType: 4
-whenCreated: \${LDAPTIME}
-whenChanged: \${LDAPTIME}
-uSNCreated: 1
-uSNChanged: 1
-showInAdvancedViewOnly: TRUE
-name: $sid
-objectGUID: \${NEWGUID}
-objectSid: $sid
-objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN}
-unixName: $unixname
-
-";
-}
-
-############################################
-# show some help
-sub ShowHelp()
-{
-	print "
-Samba4 provisioning
-
-provision.pl [options]
- --realm	REALM		set realm
- --domain	DOMAIN		set domain
- --domain-guid	GUID		set domainguid (otherwise random)
- --domain-sid	SID		set domainsid (otherwise random)
- --host-name	HOSTNAME	set hostname
- --host-ip	IPADDRESS	set ipaddress
- --host-guid	GUID		set hostguid (otherwise random)
- --invocationid	GUID		set invocationid (otherwise random)
- --outputdir	OUTPUTDIR	set output directory
- --adminpass	PASSWORD	choose admin password (otherwise random)
- --krbtgtpass	PASSWORD	choose krbtgt password (otherwise random)
- --machinepass	PASSWORD	choose machine password (otherwise random)
- --root         USERNAME	choose 'root' unix username
- --nobody	USERNAME	choose 'nobody' user
- --nogroup	GROUPNAME	choose 'nogroup' group
- --wheel	GROUPNAME	choose 'wheel' privileged group
- --users	GROUPNAME	choose 'users' group
- --quiet			Be quiet
-
-You must provide at least a realm and domain
-
-";
-	exit(1);
-}
-
-my $opt_help;
-
-GetOptions(
-	    'help|h|?' => \$opt_help, 
-	    'realm=s' => \$opt_realm,
-	    'domain=s' => \$opt_domain,
-	    'domain-guid=s' => \$opt_domainguid,
-	    'domain-sid=s' => \$opt_domainsid,
-	    'host-name=s' => \$opt_hostname,
-	    'host-ip=s' => \$opt_hostip,
-	    'host-guid=s' => \$opt_hostguid,
-	    'invocationid=s' => \$opt_invocationid,
-	    'adminpass=s' => \$opt_adminpass,
-	    'krbtgtpass=s' => \$opt_krbtgtpass,
-	    'machinepass=s' => \$opt_machinepass,
-	    'root=s' => \$opt_root,
-	    'nobody=s' => \$opt_nobody,
-	    'nogroup=s' => \$opt_nogroup,
-	    'wheel=s' => \$opt_wheel,
-	    'users=s' => \$opt_users,
-	    'outputdir=s' => \$opt_outputdir,
-	    'quiet' => \$opt_quiet
-	    );
-
-if ($opt_help || 
-    !$opt_realm ||
-    !$opt_domain ||
-    !$opt_hostname) {
-	ShowHelp();
-}
-
-$opt_realm=lc($opt_realm);
-$opt_domain=uc($opt_domain);
-$opt_hostname=lc($opt_hostname);
-$netbiosname=uc($opt_hostname);
-
-if (!$opt_hostip) {
-	my $hip = gethostbyname($opt_hostname);
-	if (defined $hip) {
-		$opt_hostip = inet_ntoa($hip);
-	} else {
-		$opt_hostip = "<0.0.0.0>";
-	}
-}
-
-$opt_quiet or print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; 
-
-if (!$opt_root) {
-	$opt_root = "root";
-}
-
-if (!$opt_nobody) {
-	if (defined getpwnam("nobody")) {
-		$opt_nobody = "nobody";
-	}
-}
-
-if (!$opt_nogroup) {
-	if (defined getgrnam("nogroup")) {
-		$opt_nogroup = "nogroup";
-	} elsif (defined getgrnam("nobody")) {
-		$opt_nogroup = "nobody";
-	}
-}
-
-if (!$opt_wheel) {
-	if (defined getgrnam("wheel")) {
-		$opt_wheel = "wheel";
-	} elsif (defined getgrnam("root")) {
-		$opt_wheel = "root";
-	}
-}
-
-if (!$opt_users) {
-	if (defined getgrnam("users")) {
-		$opt_users = "users";
-	} elsif (defined getgrnam("guest")) {
-		$opt_users = "guest";
-	} elsif (defined getgrnam("other")) {
-		$opt_users = "other";
-	}
-}
-
-$opt_nobody || die "Unable to determine a user for 'nobody'\n";
-$opt_nogroup || die "Unable to determine a group for 'nogroup'\n";
-$opt_users || die "Unable to determine a group for 'users'\n";
-$opt_wheel || die "Unable to determine a group for 'wheel'\n";
-
-$opt_quiet or print "Using nobody='$opt_nobody'  nogroup='$opt_nogroup'  wheel='$opt_wheel'  users='$opt_users'\n";
-
-$opt_quiet or print "generating ldif ...\n";
-
-$dnsdomain = lc($opt_realm);
-$dnsname = lc($opt_hostname).".".$dnsdomain;
-$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm));
-
-my $data = FileLoad("setup/provision.ldif") || die "Unable to load provision.ldif\n";
-
-$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}");
-$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}");
-$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}");
-$data .= add_foreign("S-1-5-18", "System", "\${ROOT}");
-$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}");
-
-if (!$opt_adminpass) {
-	$opt_adminpass = randpass();
-	print "chose random Administrator password '$opt_adminpass'\n";
-}
-
-if (!$opt_krbtgtpass) {
-	$opt_krbtgtpass = randpass();
-	print "chose random krbtgt password '$opt_krbtgtpass'\n";
-}
-
-if (!$opt_machinepass) {
-	$opt_machinepass = randpass();
-	print "chose random machine password '$opt_machinepass'\n";
-}
-
-# allow provisioning to be run from the source directory
-$ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"};
-
-
-my $res = apply_substitutions($data);
-
-my $newdb = $opt_outputdir;
-
-unless ($newdb) {
-	$newdb = "newdb." . int(rand(1000));
-}
-
-$opt_quiet or print "Putting new database files in $newdb\n";
-
-unless ($opt_outputdir) {
-	mkdir($newdb, 0755) || die "Unable to create temporary directory $newdb\n";
-}
-
-FileSave("$newdb/sam.ldif", $res);
-
-$opt_quiet or print "creating $newdb/sam.ldb ...\n";
-
-system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n";
-
-$data = FileLoad("setup/rootdse.ldif") || die "Unable to load rootdse.ldif\n";
-
-$res = apply_substitutions($data);
-
-FileSave("$newdb/rootdse.ldif", $res);
-
-$opt_quiet or print "creating $newdb/rootdse.ldb ...\n";
-
-system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n";
-
-$data = FileLoad("setup/secrets.ldif") || die "Unable to load secrets.ldif\n";
-
-$res = apply_substitutions($data);
-
-FileSave("$newdb/secrets.ldif", $res);
-
-$opt_quiet or print "creating $newdb/secrets.ldb ...\n";
-
-system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n";
-
-$data = FileLoad("setup/provision.zone") || die "Unable to load provision.zone\n";
-
-$res = apply_substitutions($data);
-
-$opt_quiet or print "saving dns zone to $newdb/$dnsdomain.zone ...\n";
-
-FileSave("$newdb/$dnsdomain.zone", $res);
-
-$data = FileLoad("setup/provision.smb.conf") || die "Unable to load provision.smb.conf\n";
-
-$res = apply_substitutions($data);
-
-$opt_quiet or print "saving smb.conf to $newdb/smb.conf ...\n";
-
-FileSave("$newdb/smb.conf", $res);
-
-$opt_quiet or print "creating $newdb/hklm.ldb ... \n";
-
-system("ldbadd -H $newdb/hklm.ldb setup/hklm.ldif") == 0 || die "Failed to create hklm.ldb\n";
-
-$opt_quiet or print "
-
-Installation:
-- Please move $newdb/*.ldb to the private/ directory of your
-  Samba4 installation
-- Please move $newdb/smb.conf to the lib/ directory of your
-  Samba4 installation
-- Please use $newdb/$dnsdomain.zone in BIND on your dns server
-";
-- 
cgit