self.dns_keytab = None
self.dns = None
self.winsdb = None
- self.ldap_basedn_ldif = None
- self.ldap_config_basedn_ldif = None
- self.ldap_schema_basedn_ldif = None
def check_install(lp, session_info, credentials):
raise "No administrator account found"
-def findnss(nssfn, *names):
- """Find a user or group from a list of possibilities."""
+def findnss(nssfn, names):
+ """Find a user or group from a list of possibilities.
+
+ :param nssfn: NSS Function to try (should raise KeyError if not found)
+ :param names: Names to check.
+ :return: Value return by first names list.
+ """
for name in names:
try:
return nssfn(name)
except KeyError:
pass
- raise Exception("Unable to find user/group for %s" % arguments[1])
+ raise KeyError("Unable to find user/group %r" % names)
def open_ldb(session_info, credentials, lp, dbname):
def setup_ldb(ldb, ldif_path, subst_vars):
+ """Import a LDIF a file into a LDB handle, optionally substituting variables.
+
+ :note: Either all LDIF data will be added or none (using transactions).
+
+ :param ldb: LDB file to import into.
+ :param ldif_path: Path to the LDIF file.
+ :param subst_vars: Dictionary with substitution variables.
+ """
assert ldb is not None
ldb.transaction_start()
try:
paths = ProvisionPaths()
if private_dir is None:
private_dir = lp.get("private dir")
+ paths.keytab = "secrets.keytab"
+ paths.dns_keytab = "dns.keytab"
+ else:
+ paths.keytab = os.path.join(private_dir, "secrets.keytab")
+ paths.dns_keytab = os.path.join(private_dir, "dns.keytab")
+
paths.shareconf = os.path.join(private_dir, "share.ldb")
paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb")
paths.secrets = os.path.join(private_dir, lp.get("secrets database") or "secrets.ldb")
paths.templates = os.path.join(private_dir, "templates.ldb")
- paths.keytab = os.path.join(private_dir, "secrets.keytab")
- paths.dns_keytab = os.path.join(private_dir, "dns.keytab")
paths.dns = os.path.join(private_dir, dnsdomain + ".zone")
paths.winsdb = os.path.join(private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(private_dir, "ldapi")
+ paths.smbconf = os.path.join(private_dir, "smb.conf")
paths.phpldapadminconfig = os.path.join(private_dir,
"phpldapadmin-config.php")
- paths.hklm = os.path.join(private_dir, "hklm.ldb")
+ paths.hklm = "hklm.ldb"
+ paths.hkcr = "hkcr.ldb"
+ paths.hkcu = "hkcu.ldb"
+ paths.hku = "hku.ldb"
+ paths.hkpd = "hkpd.ldb"
+ paths.hkpt = "hkpt.ldb"
+
paths.sysvol = lp.get("sysvol", "path")
if paths.sysvol is None:
paths.sysvol = os.path.join(lp.get("lock dir"), "sysvol")
domaindn_ldb = "users.ldb"
if ldap_backend is not None:
- domaindn_ldb = ldap_backend
+ domaindn_ldb = ldap_backend
configdn_ldb = "configuration.ldb"
if ldap_backend is not None:
- configdn_ldb = ldap_backend
- schema_ldb = "schema.ldb"
+ configdn_ldb = ldap_backend
+ schemadn_ldb = "schema.ldb"
if ldap_backend is not None:
- schema_ldb = ldap_backend
+ schema_ldb = ldap_backend
+
+ schemadn_ldb = ldap_backend
if ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid","paged_searches"]
else:
backend_modules = ["objectguid"]
- setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), {
- "SCHEMADN": schemadn,
- "SCHEMADN_LDB": "schema.ldb",
- "SCHEMADN_MOD2": ",objectguid",
- "CONFIGDN": configdn,
- "CONFIGDN_LDB": "configuration.ldb",
- "DOMAINDN": domaindn,
- "DOMAINDN_LDB": "users.ldb",
- "SCHEMADN_MOD": "schema_fsmo,instancetype",
- "CONFIGDN_MOD": "naming_fsmo,instancetype",
- "DOMAINDN_MOD": "pdc_fsmo,password_hash,instancetype",
- "MODULES_LIST": ",".join(modules_list),
- "TDB_MODULES_LIST": ","+",".join(tdb_modules_list),
- "MODULES_LIST2": ",".join(modules_list2),
- "BACKEND_MOD": ",".join(backend_modules),
+ samdb.transaction_start()
+ try:
+ setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), {
+ "SCHEMADN": schemadn,
+ "SCHEMADN_LDB": schemadn_ldb,
+ "SCHEMADN_MOD2": ",objectguid",
+ "CONFIGDN": configdn,
+ "CONFIGDN_LDB": configdn_ldb,
+ "DOMAINDN": domaindn,
+ "DOMAINDN_LDB": domaindn_ldb,
+ "SCHEMADN_MOD": "schema_fsmo,instancetype",
+ "CONFIGDN_MOD": "naming_fsmo,instancetype",
+ "DOMAINDN_MOD": "pdc_fsmo,password_hash,instancetype",
+ "MODULES_LIST": ",".join(modules_list),
+ "TDB_MODULES_LIST": ","+",".join(tdb_modules_list),
+ "MODULES_LIST2": ",".join(modules_list2),
+ "BACKEND_MOD": ",".join(backend_modules),
})
+ except:
+ samdb.transaction_cancel()
+ raise
+
+ samdb.transaction_commit()
+
samdb = SamDB(samdb_path, session_info=session_info,
credentials=credentials, lp=lp)
lp=lp)
secrets_ldb.erase()
secrets_ldb.load_ldif_file_add(setup_path("secrets_init.ldif"))
+ secrets_ldb = Ldb(path, session_info=session_info, credentials=credentials,
+ lp=lp)
secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
return secrets_ldb
:param lp: Loadparm context
"""
reg = registry.Registry()
+ print path
hive = registry.open_ldb(path, session_info=session_info,
credentials=credentials, lp_ctx=lp)
reg.mount_hive(hive, "HKEY_LOCAL_MACHINE")
FILL_DRS = "DRS"
def provision(lp, setup_dir, message, paths, session_info,
- credentials, ldapbackend, samdb_fill=FILL_FULL, realm=None, rootdn=None,
+ credentials, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domain=None, hostname=None, hostip=None, domainsid=None,
hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, invocationid=None, machinepass=None,
if dnspass is None:
dnspass = misc.random_password(12)
if root is None:
- root = findnss(pwd.getpwnam, "root")[4]
+ root = findnss(pwd.getpwnam, ["root"])[0]
if nobody is None:
- nobody = findnss(pwd.getpwnam, "nobody")[4]
+ nobody = findnss(pwd.getpwnam, ["nobody"])[0]
if nogroup is None:
- nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
+ nogroup = findnss(grp.getgrnam, ["nogroup", "nobody"])[0]
if users is None:
- users = findnss(grp.getgrnam, "users", "guest", "other", "unknown",
- "usr")[2]
+ users = findnss(grp.getgrnam, ["users", "guest", "other", "unknown",
+ "usr"])[0]
if wheel is None:
- wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
+ wheel = findnss(grp.getgrnam, ["wheel", "root", "staff", "adm"])[0]
if backup is None:
- backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
+ backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0]
if aci is None:
aci = "# no aci for local ldb"
if serverrole is None:
raise Exception("realm '%s' in smb.conf must match chosen realm '%s'" %
(lp.get("realm"), realm))
- ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path)
+ ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="")
if ldap_backend == "ldapi":
- # provision-backend will set this path suggested slapd command line / fedorads.inf
- ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"))
+ # provision-backend will set this path suggested slapd command line / fedorads.inf
+ ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="")
assert realm is not None
realm = realm.upper()
dnsdomain = realm.lower()
if serverrole == "domain controller":
- domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
+ domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
if domain is None:
domain = lp.get("workgroup")
raise InvalidNetbiosName(domain)
else:
- domaindn = "CN=" + netbiosname
- domain = netbiosname
-
+ domaindn = "CN=" + netbiosname
+ domain = netbiosname
+
if rootdn is None:
- rootdn = domaindn
+ rootdn = domaindn
- configdn = "CN=Configuration," + rootdn
- schemadn = "CN=Schema," + configdn
+ configdn = "CN=Configuration," + rootdn
+ schemadn = "CN=Schema," + configdn
message("set DOMAIN SID: %s" % str(domainsid))
message("Provisioning for %s in realm %s" % (domain, realm))
"NETLOGONPATH": paths.netlogon,
"SYSVOLPATH": paths.sysvol,
})
- lp.reload()
+ lp.load(paths.smbconf)
# only install a new shares config db if there is none
if not os.path.exists(paths.shareconf):
samdb = SamDB(paths.samdb, session_info=session_info,
credentials=credentials, lp=lp)
- domainguid = samdb.searchone(domaindn, "objectGUID")
+ domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
assert isinstance(domainguid, str)
- hostguid = samdb.searchone(domaindn, "objectGUID",
+ hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
expression="(&(objectClass=computer)(cn=%s))" % hostname,
scope=SCOPE_SUBTREE)
assert isinstance(hostguid, str)
return domaindn
-def create_phpldapadmin_config(path, setup_path, ldap_backend):
+def create_phpldapadmin_config(path, setup_path, ldapi_uri):
"""Create a PHP LDAP admin configuration file.
:param path: Path to write the configuration to.
:param setup_path: Function to generate setup paths.
"""
setup_file(setup_path("phpldapadmin-config.php"), path,
- {"S4_LDAPI_URI": ldap_backend})
+ {"S4_LDAPI_URI": ldapi_uri})
def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn,
:param domainguid: GUID of the domain.
:param hostguid: GUID of the host.
"""
+ assert isinstance(domainguid, str)
setup_file(setup_path("provision.zone"), path, {
"DNSPASS_B64": b64encode(dnspass),