import pwd
import grp
import time
-import uuid, misc
+import uuid, glue
import socket
import param
import registry
from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted
from samba.samdb import SamDB
from samba.idmap import IDmapDB
-import security
+from samba.dcerpc import security
import urllib
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \
- LDB_ERR_NO_SUCH_OBJECT, timestring, CHANGETYPE_MODIFY, CHANGETYPE_NONE
+ timestring, CHANGETYPE_MODIFY, CHANGETYPE_NONE
__docformat__ = "restructuredText"
self.olmmrserveridsconf = None
self.olmmrsyncreplconf = None
+
class ProvisionNames(object):
def __init__(self):
self.rootdn = None
paths.netlogon = lp.get("path", "netlogon")
- paths.smbconf = lp.configfile()
+ paths.smbconf = lp.configfile
return paths
if lp.get("realm").upper() != realm:
raise Exception("realm '%s' in %s must match chosen realm '%s'" %
- (lp.get("realm"), lp.configfile(), realm))
+ (lp.get("realm"), lp.configfile, realm))
dnsdomain = dnsdomain.lower()
def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
targetdir):
+ """Create a new smb.conf file based on a couple of basic settings.
+ """
+ assert smbconf is not None
if hostname is None:
hostname = socket.gethostname().split(".")[0].lower()
default_lp = param.LoadParm()
#Load non-existant file
- default_lp.load(smbconf)
+ if os.path.exists(smbconf):
+ default_lp.load(smbconf)
if targetdir is not None:
privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private"))
})
-
def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid,
users_gid, wheel_gid):
"""setup reasonable name mappings for sam names to unix names.
:param users_gid: gid of the UNIX users group.
:param wheel_gid: gid of the UNIX wheel group."""
# add some foreign sids if they are not present already
- samdb.add_foreign(domaindn, "S-1-5-7", "Anonymous")
- samdb.add_foreign(domaindn, "S-1-1-0", "World")
- samdb.add_foreign(domaindn, "S-1-5-2", "Network")
- samdb.add_foreign(domaindn, "S-1-5-18", "System")
- samdb.add_foreign(domaindn, "S-1-5-11", "Authenticated Users")
+ samdb.add_stock_foreign_sids()
idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid)
idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid)
"""
assert session_info is not None
- samdb = SamDB(samdb_path, session_info=session_info,
- credentials=credentials, lp=lp)
-
- # Wipes the database
try:
+ samdb = SamDB(samdb_path, session_info=session_info,
+ credentials=credentials, lp=lp)
+ # Wipes the database
samdb.erase()
except:
os.unlink(samdb_path)
-
- samdb = SamDB(samdb_path, session_info=session_info,
- credentials=credentials, lp=lp)
+ samdb = SamDB(samdb_path, session_info=session_info,
+ credentials=credentials, lp=lp)
+ # Wipes the database
+ samdb.erase()
+
#Add modules to the list to activate them by default
#beware often order is important
"ranged_results",
"anr",
"server_sort",
- "extended_dn",
"asq",
+ "extended_dn_store",
+ "extended_dn_in",
"rdn_name",
"objectclass",
"samldb",
tdb_modules_list = [
"subtree_rename",
"subtree_delete",
- "linked_attributes"]
+ "linked_attributes",
+ "extended_dn_out_ldb"]
modules_list2 = ["show_deleted",
"partition"]
if ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
- tdb_modules_list = ["linked_attributes"]
+ tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
elif ldap_backend_type == "openldap":
- backend_modules = ["normalise", "entryuuid", "paged_searches"]
+ backend_modules = ["entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
- tdb_modules_list = None
+ tdb_modules_list = ["extended_dn_out_dereference"]
elif ldap_backend is not None:
raise "LDAP Backend specified, but LDAP Backend Type not specified"
elif serverrole == "domain controller":
reg = registry.Registry()
hive = registry.open_ldb(path, session_info=session_info,
credentials=credentials, lp_ctx=lp)
- reg.mount_hive(hive, "HKEY_LOCAL_MACHINE")
+ reg.mount_hive(hive, registry.HKEY_LOCAL_MACHINE)
provision_reg = setup_path("provision.reg")
assert os.path.exists(provision_reg)
reg.diff_apply(provision_reg)
return samdb
message("Pre-loading the Samba 4 and AD schema")
- samdb.set_domain_sid(domainsid)
+ samdb.set_domain_sid(str(domainsid))
if serverrole == "domain controller":
samdb.set_invocation_id(invocationid)
message("Setting up sam.ldb AD schema")
setup_add_ldif(samdb, setup_path("schema.ldif"),
{"SCHEMADN": names.schemadn})
+ setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
+ {"SCHEMADN": names.schemadn})
message("Setting up sam.ldb configuration data")
setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
if domainsid is None:
domainsid = security.random_sid()
- else:
- domainsid = security.Sid(domainsid)
if policyguid is None:
policyguid = str(uuid.uuid4())
if adminpass is None:
- adminpass = misc.random_password(12)
+ adminpass = glue.generate_random_str(12)
if krbtgtpass is None:
- krbtgtpass = misc.random_password(12)
+ krbtgtpass = glue.generate_random_str(12)
if machinepass is None:
- machinepass = misc.random_password(12)
+ machinepass = glue.generate_random_str(12)
if dnspass is None:
- dnspass = misc.random_password(12)
+ dnspass = glue.generate_random_str(12)
root_uid = findnss_uid([root or "root"])
nobody_uid = findnss_uid([nobody or "nobody"])
users_gid = findnss_gid([users or "users"])
if (not os.path.exists(os.path.join(targetdir, "etc"))):
os.makedirs(os.path.join(targetdir, "etc"))
smbconf = os.path.join(targetdir, "etc", "smb.conf")
+ elif smbconf is None:
+ smbconf = param.default_path()
# only install a new smb.conf if there isn't one there already
if not os.path.exists(smbconf):
paths = provision_paths_from_lp(lp, names.dnsdomain)
if hostip is None:
- hostip = socket.getaddrinfo(names.hostname, None, socket.AF_INET, socket.AI_CANONNAME, socket.IPPROTO_IP)[0][-1][0]
+ try:
+ hostip = socket.getaddrinfo(names.hostname, None, socket.AF_INET, socket.AI_CANONNAME, socket.IPPROTO_IP)[0][-1][0]
+ except socket.gaierror, (socket.EAI_NODATA, msg):
+ hostip = None
if hostip6 is None:
try:
hostip6 = socket.getaddrinfo(names.hostname, None, socket.AF_INET6, socket.AI_CANONNAME, socket.IPPROTO_IP)[0][-1][0]
- except socket.gaierror:
- pass
+ except socket.gaierror, (socket.EAI_NODATA, msg):
+ hostip6 = None
if serverrole is None:
serverrole = lp.get("server role")
root = findnss(pwd.getpwnam, ["root"])[0]
if adminpass is None:
- adminpass = misc.random_password(12)
+ adminpass = glue.generate_random_str(12)
if targetdir is not None:
if (not os.path.exists(os.path.join(targetdir, "etc"))):
os.makedirs(os.path.join(targetdir, "etc"))
smbconf = os.path.join(targetdir, "etc", "smb.conf")
+ elif smbconf is None:
+ smbconf = param.default_path()
+ assert smbconf is not None
# only install a new smb.conf if there isn't one there already
if not os.path.exists(smbconf):
lp = param.LoadParm()
lp.load(smbconf)
+ if serverrole is None:
+ serverrole = lp.get("server role")
+
names = guess_names(lp=lp, hostname=hostname, domain=domain,
dnsdomain=realm, serverrole=serverrole,
rootdn=rootdn, domaindn=domaindn, configdn=configdn,
mapping = "schema-map-fedora-ds-1.0"
backend_schema = "99_ad.ldif"
- slapdcommand="Initailise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf
+ slapdcommand="Initialise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf
ldapuser = "--simple-bind-dn=" + names.ldapmanagerdn
elif ldap_backend_type == "openldap":
attrs = ["linkID", "lDAPDisplayName"]
- res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs)
+ res = schemadb.search(expression="(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1))(objectclass=attributeSchema)(attributeSyntax=2.5.5.1))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs)
memberof_config = "# Generated from schema in %s\n" % schemadb_path
refint_attributes = ""
for i in range (0, len(res)):
- expression = "(&(objectclass=attributeSchema)(linkID=%d))" % (int(res[i]["linkID"][0])+1)
+ expression = "(&(objectclass=attributeSchema)(linkID=%d)(attributeSyntax=2.5.5.1))" % (int(res[i]["linkID"][0])+1)
target = schemadb.searchone(basedn=names.schemadn,
expression=expression,
attribute="lDAPDisplayName",
message("LDAP admin password: %s" % adminpass)
message(slapdcommand)
- message("Run provision with: --ldap-backend=ldapi --ldap-backend-type=" + ldap_backend_type + " --password=" + adminpass + " " + ldapuser)
+ assert isinstance(ldap_backend_type, str)
+ assert isinstance(ldapuser, str)
+ assert isinstance(adminpass, str)
+ assert isinstance(names.dnsdomain, str)
+ assert isinstance(names.domain, str)
+ assert isinstance(serverrole, str)
+ args = ["--ldap-backend=ldapi",
+ "--ldap-backend-type=" + ldap_backend_type,
+ "--password=" + adminpass,
+ ldapuser,
+ "--realm=" + names.dnsdomain,
+ "--domain=" + names.domain,
+ "--server-role='" + serverrole + "'"]
+ message("Run provision with: " + " ".join(args))
+
def create_phpldapadmin_config(path, setup_path, ldapi_uri):
"""Create a PHP LDAP admin configuration file.
hostip6_base_line = ""
hostip6_host_line = ""
+ if hostip is not None:
+ hostip_base_line = " IN A " + hostip
+ hostip_host_line = hostname + " IN A " + hostip
+ else:
+ hostip_base_line = ""
+ hostip_host_line = ""
+
setup_file(setup_path("provision.zone"), path, {
"DNSPASS_B64": b64encode(dnspass),
"HOSTNAME": hostname,
"DNSDOMAIN": dnsdomain,
"REALM": realm,
- "HOSTIP": hostip,
+ "HOSTIP_BASE_LINE": hostip_base_line,
+ "HOSTIP_HOST_LINE": hostip_host_line,
"DOMAINGUID": domainguid,
"DATESTRING": time.strftime("%Y%m%d%H"),
"DEFAULTSITE": DEFAULTSITE,