#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
	provision a Samba4 server
	Copyright Andrew Tridgell 2005
	Released under the GNU GPL v2 or later
*/

options = GetOptions(ARGV,
		"POPT_AUTOHELP",
		"POPT_COMMON_SAMBA",
		"POPT_COMMON_VERSION",
		"POPT_COMMON_CREDENTIALS",
		'realm=s',
		'domain=s',
		'domain-guid=s',
		'domain-sid=s',
		'policy-guid=s',
		'host-name=s',
		'host-ip=s',
		'host-guid=s',
		'invocationid=s',
		'adminpass=s',
		'krbtgtpass=s',
		'machinepass=s',
		'dnspass=s',
		'root=s',
		'nobody=s',
		'nogroup=s',
		'wheel=s',
		'users=s',
		'quiet',
		'blank',
		'server-role=s',
		'partitions-only',
		'ldap-base',
		'ldap-backend=s',
                'ldap-module=s',
                'aci=s');

if (options == undefined) {
   println("Failed to parse options");
   return -1;
}

libinclude("base.js");
libinclude("provision.js");

/*
  print a message if quiet is not set
*/
function message()
{
	if (options["quiet"] == undefined) {
		print(vsprintf(arguments));
	}
}

/*
 show some help
*/
function ShowHelp()
{
	print("
Samba4 provisioning

provision [options]
 --realm	REALM		set realm
 --domain	DOMAIN		set domain
 --domain-guid	GUID		set domainguid (otherwise random)
 --domain-sid	SID		set domainsid (otherwise random)
 --host-name	HOSTNAME	set hostname
 --host-ip	IPADDRESS	set ipaddress
 --host-guid	GUID		set hostguid (otherwise random)
 --policy-guid  GUID            set group policy guid (otherwise random)
 --invocationid	GUID		set invocationid (otherwise random)
 --adminpass	PASSWORD	choose admin password (otherwise random)
 --krbtgtpass	PASSWORD	choose krbtgt password (otherwise random)
 --machinepass	PASSWORD	choose machine password (otherwise random)
 --root         USERNAME	choose 'root' unix username
 --nobody	USERNAME	choose 'nobody' user
 --nogroup	GROUPNAME	choose 'nogroup' group
 --wheel	GROUPNAME	choose 'wheel' privileged group
 --users	GROUPNAME	choose 'users' group
 --quiet			Be quiet
 --blank			do not add users or groups, just the structure
 --server-role  ROLE            Set server role to provision for (default standalone)
 --partitions-only              Configure Samba's partitions, but do not modify them (ie, join a BDC)
 --ldap-base			output only an LDIF file, suitable for creating an LDAP baseDN
 --ldap-backend LDAPSERVER      LDAP server to use for this provision
 --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
 --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain

");
	exit(1);
}

if (options['host-name'] == undefined) {
	options['host-name'] = hostname();
}

/*
   main program
*/
if (options["realm"] == undefined ||
    options["domain"] == undefined ||
    options["host-name"] == undefined) {
	ShowHelp();
}

/* cope with an initially blank smb.conf */
var lp = loadparm_init();
lp.set("realm", options.realm);
lp.set("workgroup", options.domain);
lp.set("server role", options["server-role"]);
lp.reload();

var subobj = provision_guess();
for (r in options) {
	var key = strupper(join("", split("-", r)));
	subobj[key] = options[r];
}

var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);
var partitions_only = (options["partitions-only"] != undefined);
var paths = provision_default_paths(subobj);
if (options["aci"] != undefined) {
	message("set ACI: %s\n", subobj["ACI"]);
}

message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);

provision_fix_subobj(subobj, paths);

if (ldapbackend) {
	if (options["ldap-backend"] == "ldapi") {
		subobj.LDAPBACKEND = subobj.LDAPI_URI;
	}
	if (!ldapmodule) {
		subobj.LDAPMODULE = "entryUUID";
	}
	subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
	subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
	subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
	subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
	subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
	subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
	message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
}

if (!provision_validate(subobj, message)) {
	return -1;
}

var system_session = system_session();
var creds = options.get_credentials();
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
	provision_ldapbase(subobj, message, paths);
	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
} else if (partitions_only) {
	provision_become_dc(subobj, message, false, paths, system_session);
} else {
	provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
	provision_dns(subobj, message, paths, system_session, creds);
	message("To reproduce this provision, run with:\n");
	message("--realm='" + subobj.REALM_CONF + "' --domain='" + subobj.DOMAIN_CONF + "' --domain-guid='" + subobj.DOMAINGUID + "' \\\n");
	message("--policy-guid='" + subobj.POLICYGUID + "' --host-name='" + subobj.HOSTNAME + "' --host-ip='" + subobj.HOSTIP + "' \\\n");
	message("--host-guid='" + subobj.HOSTGUID + "' --invocationid='" + subobj.INVOCATIONID + "' \\\n");
	message("--adminpass='" + subobj.ADMINPASS + "' --krbtgtpass='" + subobj.KRBTGTPASS + "' \\\n");
	message("--machinepass='" + subobj.MACHINEPASS + "' --dnspass='" + subobj.DNSPASS + "' \\\n");
	message("--root='" + subobj.ROOT + "' --nobody='" + subobj.NOBODY + "' --nogroup-'" + subobj.NOGROUP + "' \\\n");
	message("--wheel='" + subobj.WHEEL + "' --users='" + subobj.USERS + "' --server-role='" + subobj.SERVERROLE + "' \\\n");
	message("--ldap-backend='" + subobj.LDAPBACKEND + "' --ldap-mdoule='" + subobj.LDAPMODULE + "' \\\n");
	message("--aci='" + subobj.ACI + "' \\\n")
}


message("All OK\n");
return 0;