2 backend code for provisioning a Samba4 server
3 Copyright Andrew Tridgell 2005
4 Released under the GNU GPL v2 or later
7 /* used to generate sequence numbers for records */
8 provision_next_usn = 1;
11 find a user or group from a list of possibilities
16 assert(arguments.length >= 2);
17 var nssfn = arguments[0];
18 for (i=1;i<arguments.length;i++) {
19 if (nssfn(arguments[i]) != undefined) {
23 printf("Unable to find user/group for %s\n", arguments[1]);
24 assert(i<arguments.length);
28 add a foreign security principle
30 function add_foreign(str, sid, desc, unixname)
33 dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
35 objectClass: foreignSecurityPrincipal
39 whenCreated: ${LDAPTIME}
40 whenChanged: ${LDAPTIME}
43 showInAdvancedViewOnly: TRUE
45 objectGUID: ${NEWGUID}
47 objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
50 var sub = new Object();
53 sub.UNIXNAME = unixname;
54 return str + substitute_var(add, sub);
58 return current time as a nt time string
62 return "" + sys_nttime();
66 return current time as a ldap time string
70 return sys_ldaptime(sys_nttime());
74 return a date string suitable for a dns zone serial number
78 var t = sys_gmtime(sys_nttime());
79 return sprintf("%04u%02u%02u%02u",
80 t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
88 var list = sys_interfaces();
93 return current time as a ldap time string
97 provision_next_usn = provision_next_usn+1;
98 return provision_next_usn;
102 return first part of hostname
106 var s = split(".", sys_hostname());
112 setup a ldb in the private dir
114 function setup_ldb(ldif, dbname, subobj)
117 if (arguments.length == 4) {
118 extra = arguments[3];
121 var db = lpGet("private dir") + "/" + dbname;
122 var src = lpGet("setup directory") + "/" + ldif;
126 var data = sys_file_load(src);
128 data = substitute_var(data, subobj);
130 ok = ldbAdd(db, data);
135 setup a file in the private dir
137 function setup_file(template, fname, subobj)
139 var f = lpGet("private dir") + "/" + fname;
140 var src = lpGet("setup directory") + "/" + template;
144 var data = sys_file_load(src);
145 data = substitute_var(data, subobj);
147 ok = sys_file_save(f, data);
152 provision samba4 - caution, this wipes all existing data!
154 function provision(subobj, message)
159 some options need to be upper/lower case
161 subobj.REALM = strlower(subobj.REALM);
162 subobj.HOSTNAME = strlower(subobj.HOSTNAME);
163 subobj.DOMAIN = strupper(subobj.DOMAIN);
164 subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
166 data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}");
167 data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}");
168 data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}");
169 data = add_foreign(data, "S-1-5-18", "System", "${ROOT}");
170 data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
172 provision_next_usn = 1;
174 message("Setting up hklm.ldb\n");
175 setup_ldb("hklm.ldif", "hklm.ldb", subobj);
176 message("Setting up sam.ldb\n");
177 setup_ldb("provision.ldif", "sam.ldb", subobj, data);
178 message("Setting up rootdse.ldb\n");
179 setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
180 message("Setting up secrets.ldb\n");
181 setup_ldb("secrets.ldif", "secrets.ldb", subobj);
182 message("Setting up DNS zone file\n");
183 setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj);
187 guess reasonably default options for provisioning
189 function provision_guess()
191 var subobj = new Object();
192 subobj.REALM = lpGet("realm");
193 subobj.DOMAIN = lpGet("workgroup");
194 subobj.HOSTNAME = hostname();
195 subobj.HOSTIP = hostip();
196 subobj.DOMAINGUID = randguid();
197 subobj.DOMAINSID = randsid();
198 subobj.HOSTGUID = randguid();
199 subobj.INVOCATIONID = randguid();
200 subobj.KRBTGTPASS = randpass(12);
201 subobj.MACHINEPASS = randpass(12);
202 subobj.ADMINPASS = randpass(12);
203 subobj.DEFAULTSITE = "Default-First-Site-Name";
204 subobj.NEWGUID = randguid;
205 subobj.NTTIME = nttime;
206 subobj.LDAPTIME = ldaptime;
207 subobj.DATESTRING = datestring;
208 subobj.USN = nextusn;
209 subobj.ROOT = findnss(getpwnam, "root");
210 subobj.NOBODY = findnss(getpwnam, "nobody");
211 subobj.NOGROUP = findnss(getgrnam, "nogroup");
212 subobj.WHEEL = findnss(getgrnam, "wheel", "root");
213 subobj.USERS = findnss(getgrnam, "users", "guest", "other");
214 subobj.DNSDOMAIN = strlower(subobj.REALM);
215 subobj.DNSNAME = sprintf("%s.%s",
216 strlower(subobj.HOSTNAME),
218 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));