summaryrefslogtreecommitdiff
path: root/source4/setup/provision
blob: 0c3aea5f72096bf76774577c3ee62ba61b5dbc9d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
	provision a Samba4 server
	Copyright Andrew Tridgell 2005
	Released under the GNU GPL v2 or later
*/

options = GetOptions(ARGV,
		"POPT_AUTOHELP",
		"POPT_COMMON_SAMBA",
		"POPT_COMMON_VERSION",
		"POPT_COMMON_CREDENTIALS",
		'realm=s',
		'domain=s',
		'domain-guid=s',
		'domain-sid=s',
		'host-name=s',
		'host-ip=s',
		'host-guid=s',
		'invocationid=s',
		'adminpass=s',
		'krbtgtpass=s',
		'machinepass=s',
		'root=s',
		'nobody=s',
		'nogroup=s',
		'wheel=s',
		'users=s',
		'quiet',
		'blank',
		'ldap-base',
		'ldap-backend=s',
                'ldap-module=s',
                'aci=s');

if (options == undefined) {
   println("Failed to parse options");
   return -1;
}

libinclude("base.js");
libinclude("provision.js");

/*
  print a message if quiet is not set
*/
function message()
{
	if (options["quiet"] == undefined) {
		print(vsprintf(arguments));
	}
}

/*
 show some help
*/
function ShowHelp()
{
	print("
Samba4 provisioning

provision [options]
 --realm	REALM		set realm
 --domain	DOMAIN		set domain
 --domain-guid	GUID		set domainguid (otherwise random)
 --domain-sid	SID		set domainsid (otherwise random)
 --host-name	HOSTNAME	set hostname
 --host-ip	IPADDRESS	set ipaddress
 --host-guid	GUID		set hostguid (otherwise random)
 --invocationid	GUID		set invocationid (otherwise random)
 --adminpass	PASSWORD	choose admin password (otherwise random)
 --krbtgtpass	PASSWORD	choose krbtgt password (otherwise random)
 --machinepass	PASSWORD	choose machine password (otherwise random)
 --root         USERNAME	choose 'root' unix username
 --nobody	USERNAME	choose 'nobody' user
 --nogroup	GROUPNAME	choose 'nogroup' group
 --wheel	GROUPNAME	choose 'wheel' privileged group
 --users	GROUPNAME	choose 'users' group
 --quiet			Be quiet
 --blank			do not add users or groups, just the structure
 --ldap-base			output only an LDIF file, suitable for creating an LDAP baseDN
 --ldap-backend LDAPSERVER      LDAP server to use for this provision
 --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
 --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain

");
	exit(1);
}

if (options['host-name'] == undefined) {
	options['host-name'] = hostname();
}

/*
   main program
*/
if (options["realm"] == undefined ||
    options["domain"] == undefined ||
    options["host-name"] == undefined) {
	ShowHelp();
}

/* cope with an initially blank smb.conf */
var lp = loadparm_init();
lp.set("realm", options.realm);
lp.set("workgroup", options.domain);
lp.reload();

var subobj = provision_guess();
for (r in options) {
	var key = strupper(join("", split("-", r)));
	subobj[key] = options[r];
}

var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);

if (options["aci"] != undefined) {
	println("set ACI: " + subobj["ACI"]);
}

if (ldapbackend) {
	if (!ldapmodule) {
		subobj["LDAPMODULE"] = "entryUUID";
	}
	subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"];
	subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
}

if (!provision_validate(subobj, message)) {
	return -1;
}

var system_session = system_session();
var creds = options.get_credentials();
var paths = provision_default_paths(subobj);
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
	provision_ldapbase(subobj, message, paths);
} else {
	provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
	provision_dns(subobj, message, paths, system_session, creds);
}
message("All OK\n");
return 0;