1 #!/usr/bin/env smbscript
3 provision a Samba4 server
4 Copyright Andrew Tridgell 2005
5 Released under the GNU GPL v2 or later
8 var options = new Object();
9 ok = GetOptions(ARGV, options,
12 "POPT_COMMON_VERSION",
32 println("Failed to parse options: " + options.ERROR);
36 libinclude("base.js");
38 /* used to generate sequence numbers for records */
42 print a message if quiet is not set
46 if (options["quiet"] == undefined) {
52 find a user or group from a list of possibilities
57 assert(arguments.length >= 2);
58 var nssfn = arguments[0];
59 var name = arguments[1];
60 if (options[name] != undefined) {
63 for (i=2;i<arguments.length;i++) {
64 if (nssfn(arguments[i]) != undefined) {
68 println("Unable to find user/group for " + name);
73 add a foreign security principle
75 function add_foreign(str, sid, desc, unixname)
78 dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
80 objectClass: foreignSecurityPrincipal
84 whenCreated: ${LDAPTIME}
85 whenChanged: ${LDAPTIME}
88 showInAdvancedViewOnly: TRUE
90 objectGUID: ${NEWGUID}
92 objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
95 var sub = new Object();
98 sub.UNIXNAME = unixname;
99 return str + substitute_var(add, sub);
103 return current time as a nt time string
107 return "" + sys_nttime();
111 return current time as a ldap time string
115 return sys_ldaptime(sys_nttime());
119 return current time as a ldap time string
123 next_usn = next_usn+1;
128 return first part of hostname
132 var s = split(".", sys_hostname());
144 provision.pl [options]
145 --realm REALM set realm
146 --domain DOMAIN set domain
147 --domain-guid GUID set domainguid (otherwise random)
148 --domain-sid SID set domainsid (otherwise random)
149 --host-name HOSTNAME set hostname
150 --host-ip IPADDRESS set ipaddress
151 --host-guid GUID set hostguid (otherwise random)
152 --invocationid GUID set invocationid (otherwise random)
153 --outputdir OUTPUTDIR set output directory
154 --adminpass PASSWORD choose admin password (otherwise random)
155 --krbtgtpass PASSWORD choose krbtgt password (otherwise random)
156 --machinepass PASSWORD choose machine password (otherwise random)
157 --root USERNAME choose 'root' unix username
158 --nobody USERNAME choose 'nobody' user
159 --nogroup GROUPNAME choose 'nogroup' group
160 --wheel GROUPNAME choose 'wheel' privileged group
161 --users GROUPNAME choose 'users' group
164 You must provide at least a realm and domain
170 if (options['host-name'] == undefined) {
171 options['host-name'] = hostname();
177 if (options["realm"] == undefined ||
178 options["domain"] == undefined ||
179 options["host-name"] == undefined) {
183 options.realm = strlower(options.realm);
184 options['host-name'] = strlower(options['host-name']);
185 options.domain = strupper(options.domain);
186 options.netbiosname = strupper(options['host-name']);
188 if (options.hostip == undefined) {
189 var list = sys_interfaces();
190 options.hostip = list[0];
193 message("Provisioning for " + options.domain + " in realm " + options.realm);
195 options.root = findnss(getpwnam, "root", "root");
196 options.nobody = findnss(getpwnam, "nobody", "nobody");
197 options.nogroup = findnss(getgrnam, "nogroup", "nogroup", "nobody");
198 options.wheel = findnss(getgrnam, "wheel", "wheel", "root");
199 options.users = findnss(getgrnam, "users", "users", "guest", "other");
202 options.dnsdomain = strlower(options.realm);
203 options.dnsname = strlower(options['host-name']) + "." + options.dnsdomain;
204 options.basedn = "DC=" + join(",DC=", split(".", options.realm));
206 var data = FileLoad("setup/provision.ldif");
207 if (data == undefined) {
208 println("Unable to load provision.ldif");
213 setup the substitution object
215 var subobj = new Object();
216 subobj.DOMAINGUID = randguid();
217 subobj.DOMAINSID = randsid();
218 subobj.HOSTGUID = randguid();
219 subobj.INVOCATIONID = randguid();
220 subobj.KRBTGTPASS = randpass(12);
221 subobj.MACHINEPASS = randpass(12);
222 subobj.ADMINPASS = randpass(12);
223 subobj.DEFAULTSITE = "Default-First-Site-Name";
224 subobj.NEWGUID = randguid;
225 subobj.NTTIME = nttime;
226 subobj.LDAPTIME = ldaptime;
227 subobj.USN = nextusn;
229 var key = strupper(join("", split("-", r)));
230 subobj[key] = options[r];
234 data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}");
235 data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}");
236 data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}");
237 data = add_foreign(data, "S-1-5-18", "System", "${ROOT}");
238 data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
240 newdata = substitute_var(data, subobj);