#include "includes.h"
+#include "system/passwd.h"
#include "utils/net.h"
#include "../librpc/gen_ndr/samr.h"
#include "smbldap.h"
#include "../libcli/security/security.h"
+#include "lib/winbind_util.h"
+#include "passdb.h"
+#include "lib/privileges.h"
/*
* Set a user's data
const char **names;
int i, count;
- account_policy_names_list(&names, &count);
+ account_policy_names_list(talloc_tos(), &names, &count);
d_fprintf(stderr, _("No account policy \"%s\"!\n\n"), argv[0]);
d_fprintf(stderr, _("Valid account policies are:\n"));
d_fprintf(stderr, "%s\n", names[i]);
}
- SAFE_FREE(names);
+ TALLOC_FREE(names);
+
return -1;
}
const char **names;
int count;
int i;
- account_policy_names_list(&names, &count);
+ account_policy_names_list(talloc_tos(), &names, &count);
d_fprintf(stderr, _("No account policy by that name!\n"));
if (count != 0) {
d_fprintf(stderr, _("Valid account policies "
d_fprintf(stderr, "%s\n", names[i]);
}
}
- SAFE_FREE(names);
+ TALLOC_FREE(names);
return -1;
}
return 0;
}
- account_policy_names_list(&names, &count);
+ account_policy_names_list(talloc_tos(), &names, &count);
if (count != 0) {
d_fprintf(stderr, _("Valid account policies "
"are:\n"));
d_fprintf(stderr, "%s\n", names[i]);
}
}
- SAFE_FREE(names);
+ TALLOC_FREE(names);
return -1;
}
gid_t domadmins_gid = -1;
struct samu *samuser;
struct passwd *pwd;
+ bool is_ipa = false;
if (c->display_usage) {
d_printf( "%s\n"
trim_char(ldap_bk, ' ', ' ');
- if (strcmp(ldap_bk, "ldapsam") != 0) {
+ if (strcmp(ldap_bk, "IPA_ldapsam") == 0 ) {
+ is_ipa = true;
+ }
+
+ if (strcmp(ldap_bk, "ldapsam") != 0 && !is_ipa ) {
d_fprintf(stderr,
_("Provisioning works only with ldapsam backend\n"));
goto failed;
goto failed;
}
- if (!winbind_ping()) {
+ if (!is_ipa && !winbind_ping()) {
d_fprintf(stderr, _("winbind seems not to run. Provisioning "
"LDAP only works when winbind runs.\n"));
goto failed;
d_printf(_("Adding the Domain Users group.\n"));
/* lets allocate a new groupid for this group */
- if (!winbind_allocate_gid(&domusers_gid)) {
- d_fprintf(stderr, _("Unable to allocate a new gid to "
- "create Domain Users group!\n"));
- goto domu_done;
+ if (is_ipa) {
+ domusers_gid = 999;
+ } else {
+ if (!winbind_allocate_gid(&domusers_gid)) {
+ d_fprintf(stderr, _("Unable to allocate a new gid to "
+ "create Domain Users group!\n"));
+ goto domu_done;
+ }
}
uname = talloc_strdup(tc, "domusers");
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+ if (is_ipa) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "groupofnames");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "nestedgroup");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "ipausergroup");
+ }
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
d_fprintf(stderr, _("Failed to add Domain Users group "
"to ldap directory\n"));
}
+
+ if (is_ipa) {
+ if (!pdb_getgrsid(&gmap, gsid)) {
+ d_fprintf(stderr, _("Failed to read just "
+ "created domain group.\n"));
+ goto failed;
+ } else {
+ domusers_gid = gmap.gid;
+ }
+ }
} else {
domusers_gid = gmap.gid;
d_printf(_("found!\n"));
d_printf(_("Adding the Domain Admins group.\n"));
/* lets allocate a new groupid for this group */
- if (!winbind_allocate_gid(&domadmins_gid)) {
- d_fprintf(stderr, _("Unable to allocate a new gid to "
- "create Domain Admins group!\n"));
- goto doma_done;
+ if (is_ipa) {
+ domadmins_gid = 999;
+ } else {
+ if (!winbind_allocate_gid(&domadmins_gid)) {
+ d_fprintf(stderr, _("Unable to allocate a new gid to "
+ "create Domain Admins group!\n"));
+ goto doma_done;
+ }
}
uname = talloc_strdup(tc, "domadmins");
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+ if (is_ipa) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "groupofnames");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "nestedgroup");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "ipausergroup");
+ }
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
d_fprintf(stderr, _("Failed to add Domain Admins group "
"to ldap directory\n"));
}
+
+ if (is_ipa) {
+ if (!pdb_getgrsid(&gmap, gsid)) {
+ d_fprintf(stderr, _("Failed to read just "
+ "created domain group.\n"));
+ goto failed;
+ } else {
+ domadmins_gid = gmap.gid;
+ }
+ }
} else {
domadmins_gid = gmap.gid;
d_printf(_("found!\n"));
char *gidstr;
char *shell;
char *dir;
+ char *princ;
uid_t uid;
int rc;
"Admins group not available!\n"));
goto done;
}
- if (!winbind_allocate_uid(&uid)) {
- d_fprintf(stderr,
- _("Unable to allocate a new uid to create "
- "the Administrator user!\n"));
- goto done;
+
+ if (is_ipa) {
+ uid = 999;
+ } else {
+ if (!winbind_allocate_uid(&uid)) {
+ d_fprintf(stderr,
+ _("Unable to allocate a new uid to create "
+ "the Administrator user!\n"));
+ goto done;
+ }
}
name = talloc_strdup(tc, "Administrator");
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
+ if (is_ipa) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "person");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "organizationalperson");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetorgperson");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetuser");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "krbprincipalaux");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "krbticketpolicyaux");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sn", name);
+ princ = talloc_asprintf(tc, "%s@%s", name, lp_realm());
+ if (!princ) {
+ d_fprintf(stderr, _("Out of Memory!\n"));
+ goto failed;
+ }
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "krbPrincipalName", princ);
+ }
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
d_fprintf(stderr, _("Failed to add Administrator user "
"to ldap directory\n"));
}
+
+ if (is_ipa) {
+ if (!pdb_getsampwnam(samuser, "Administrator")) {
+ d_fprintf(stderr, _("Failed to read just "
+ "created user.\n"));
+ goto failed;
+ }
+ }
} else {
d_printf(_("found!\n"));
}
goto done;
}
pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
- if (!winbind_allocate_uid(&(pwd->pw_uid))) {
- d_fprintf(stderr,
- _("Unable to allocate a new uid to "
- "create the Guest user!\n"));
- goto done;
+
+ if (is_ipa) {
+ pwd->pw_uid = 999;
+ } else {
+ if (!winbind_allocate_uid(&(pwd->pw_uid))) {
+ d_fprintf(stderr,
+ _("Unable to allocate a new uid to "
+ "create the Guest user!\n"));
+ goto done;
+ }
}
pwd->pw_gid = domusers_gid;
pwd->pw_dir = talloc_strdup(tc, "/");
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
+ if (is_ipa) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "person");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "organizationalperson");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetorgperson");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetuser");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "krbprincipalaux");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "krbticketpolicyaux");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sn", pwd->pw_name);
+ }
smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", pwd->pw_name);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", pwd->pw_name);
d_fprintf(stderr, _("Failed to add Guest user to "
"ldap directory\n"));
}
+
+ if (is_ipa) {
+ if (!pdb_getsampwnam(samuser, lp_guestaccount())) {
+ d_fprintf(stderr, _("Failed to read just "
+ "created user.\n"));
+ goto failed;
+ }
+ }
} else {
d_printf(_("found!\n"));
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+ if (is_ipa) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "groupofnames");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "nestedgroup");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "ipausergroup");
+ }
smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
git.samba.org / idra / samba.git / blobdiff