r26559: Make the provision function a bit smaller.
authorJelmer Vernooij <jelmer@samba.org>
Sat, 22 Dec 2007 06:47:36 +0000 (00:47 -0600)
committerStefan Metzmacher <metze@samba.org>
Mon, 24 Dec 2007 07:51:00 +0000 (01:51 -0600)
source/scripting/python/samba/provision.py

index a4a9e7ac46cc68f6f94c3e0964561bee0ab050b9..f516e73893612c26d263adc16431ad9a73b40a1a 100644 (file)
@@ -354,150 +354,21 @@ def setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn):
         })
 
 
-
-def provision(lp, setup_dir, message, blank, paths, session_info, 
-              credentials, ldapbackend, realm=None, domain=None, hostname=None, 
-              hostip=None, domainsid=None, hostguid=None, adminpass=None, 
-              krbtgtpass=None, domainguid=None, policyguid=None, 
-              invocationid=None, machinepass=None, dnspass=None, root=None,
-              nobody=None, nogroup=None, users=None, wheel=None, backup=None, 
-              aci=None, serverrole=None):
-    """Provision samba4
-    
-    :note: caution, this wipes all existing data!
-    """
-
-    def setup_path(file):
-        return os.path.join(setup_dir, file)
-
-    erase = False
-
-    if domainsid is None:
-        domainsid = security.random_sid()
-    if policyguid is None:
-        policyguid = uuid.random()
-    if invocationid is None:
-        invocationid = uuid.random()
-    if adminpass is None:
-        adminpass = misc.random_password(12)
-    if krbtgtpass is None:
-        krbtgtpass = misc.random_password(12)
-    if machinepass is None:
-        machinepass  = misc.random_password(12)
-    if dnspass is None:
-        dnspass = misc.random_password(12)
-    if root is None:
-        root = findnss(pwd.getpwnam, "root")[4]
-    if nobody is None:
-        nobody = findnss(pwd.getpwnam, "nobody")[4]
-    if nogroup is None:
-        nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
-    if users is None:
-        users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", "usr")[2]
-    if wheel is None:
-        wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
-    if backup is None:
-        backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
-    if aci is None:
-        aci = "# no aci for local ldb"
-    if serverrole is None:
-        serverrole = lp.get("server role")
-
-    if realm is None:
-        realm = lp.get("realm")
-    else:
-        if lp.get("realm").upper() != realm.upper():
-            raise Error("realm '%s' in smb.conf must match chosen realm '%s'\n" %
-                (lp.get("realm"), realm))
-
-    assert realm is not None
-    realm = realm.upper()
-
-    if domain is None:
-        domain = lp.get("workgroup")
-    else:
-        if lp.get("workgroup").upper() != domain.upper():
-            raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
-                lp.get("workgroup"), domain)
-
-    assert domain is not None
-    domain = domain.upper()
-    if not valid_netbios_name(domain):
-        raise InvalidNetbiosName(domain)
-
-    if hostname is None:
-        hostname = gethostname().split(".")[0].lower()
-
-    if hostip is None:
-        hostip = gethostbyname(hostname)
-
-    netbiosname = hostname.upper()
-    if not valid_netbios_name(netbiosname):
-        raise InvalidNetbiosName(netbiosname)
-
-    dnsdomain    = realm.lower()
-    domaindn     = "DC=" + dnsdomain.replace(".", ",DC=")
-    rootdn       = domaindn
-    configdn     = "CN=Configuration," + rootdn
-    schemadn     = "CN=Schema," + configdn
-
-    rdn_dc = domaindn.split(",")[0][len("DC="):]
-
-    message("set DOMAIN SID: %s" % str(domainsid))
-    message("Provisioning for %s in realm %s" % (domain, realm))
-    message("Using administrator password: %s" % adminpass)
-
-    assert paths.smbconf is not None
-
-    # only install a new smb.conf if there isn't one there already
-    if not os.path.exists(paths.smbconf):
-        message("Setting up smb.conf")
-        if serverrole == "domain controller":
-            smbconfsuffix = "dc"
-        elif serverrole == "member":
-            smbconfsuffix = "member"
-        else:
-            assert "Invalid server role setting: %s" % serverrole
-        setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), paths.smbconf, {
-            "HOSTNAME": hostname,
-            "DOMAIN_CONF": domain,
-            "REALM_CONF": realm,
-            "SERVERROLE": serverrole,
-            "NETLOGONPATH": paths.netlogon,
-            "SYSVOLPATH": paths.sysvol,
-            })
-        lp.reload()
-
-    # only install a new shares config db if there is none
-    if not os.path.exists(paths.shareconf):
-        message("Setting up share.ldb")
-        share_ldb = Ldb(paths.shareconf, session_info=session_info, 
-                        credentials=credentials, lp=lp)
-        share_ldb.load_ldif_file_add(setup_path("share.ldif"))
-
-    message("Setting up secrets.ldb")
-    secrets_ldb = setup_secretsdb(paths.secrets, setup_path, 
-                                  session_info=session_info, 
-                                  credentials=credentials, lp=lp)
-
-    message("Setting up the registry")
-    # FIXME: Still fails for some reason
-    #setup_registry(paths.hklm, setup_path, session_info, 
-    #               credentials=credentials, lp=lp)
-
-    message("Setting up templates db")
-    setup_templatesdb(paths.templates, setup_path, session_info=session_info, 
-                      credentials=credentials, lp=lp)
-
+def setup_samdb(path, setup_path, session_info, credentials, lp, 
+                schemadn, configdn, domaindn, dnsdomain, realm, 
+                netbiosname, message, hostname, rootdn, erase, 
+                domainsid, aci, rdn_dc, domainguid, policyguid, 
+                domainname, blank, adminpass, krbtgtpass, 
+                machinepass, hostguid, invocationid, dnspass):
     # Also wipes the database
     message("Setting up sam.ldb")
-    samdb = SamDB(paths.samdb, session_info=session_info, 
+    samdb = SamDB(path, session_info=session_info, 
                   credentials=credentials, lp=lp)
 
     message("Setting up sam.ldb partitions")
     setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn)
 
-    samdb = SamDB(paths.samdb, session_info=session_info, 
+    samdb = SamDB(path, session_info=session_info, 
                   credentials=credentials, lp=lp)
 
     samdb.transaction_start()
@@ -520,7 +391,7 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
     samdb.transaction_commit()
 
     message("Pre-loading the Samba 4 and AD schema")
-    samdb = SamDB(paths.samdb, session_info=session_info, 
+    samdb = SamDB(path, session_info=session_info, 
                   credentials=credentials, lp=lp)
     samdb.set_domain_sid(domainsid)
     load_schema(setup_path, samdb, schemadn, netbiosname, configdn)
@@ -594,7 +465,7 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
             "NETBIOSNAME": netbiosname,
             "DEFAULTSITE": DEFAULTSITE,
             "DNSDOMAIN": dnsdomain,
-            "DOMAIN": domain,
+            "DOMAIN": domainname,
             "SCHEMADN": schemadn,
             "DOMAINDN": domaindn,
             })
@@ -651,7 +522,7 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
                           "MACHINEPASS_B64": b64encode(machinepass),
                           "DNSPASS_B64": b64encode(dnspass),
                           "REALM": realm,
-                          "DOMAIN": domain,
+                          "DOMAIN": domainname,
                           "HOSTGUID_ADD": hostguid_add,
                           "DNSDOMAIN": dnsdomain})
                 setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { 
@@ -660,30 +531,6 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
                           "DOMAINSID": str(domainsid),
                           "DOMAINDN": domaindn})
 
-                os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}"), 0755)
-                os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "Machine"), 0755)
-                os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "User"), 0755)
-                if not os.path.isdir(paths.netlogon):
-                    os.makedirs(paths.netlogon, 0755)
-                setup_ldb(secrets_ldb, setup_path("secrets_dc.ldif"), { 
-                    "MACHINEPASS_B64": b64encode(machinepass),
-                    "DOMAIN": domain,
-                    "REALM": realm,
-                    "LDAPTIME": timestring(int(time.time())),
-                    "DNSDOMAIN": dnsdomain,
-                    "DOMAINSID": str(domainsid),
-                    "SECRETS_KEYTAB": paths.keytab,
-                    "NETBIOSNAME": netbiosname,
-                    "SAM_LDB": paths.samdb,
-                    "DNS_KEYTAB": paths.dns_keytab,
-                    "DNSPASS_B64": b64encode(dnspass),
-                    })
-
-            setup_name_mappings(samdb, str(domainsid), 
-                                domaindn, root=root, nobody=nobody, 
-                                nogroup=nogroup, wheel=wheel, users=users,
-                                backup=backup)
-
         message("Setting up sam.ldb index")
         samdb.load_ldif_file_add(setup_path("provision_index.ldif"))
 
@@ -694,6 +541,177 @@ def provision(lp, setup_dir, message, blank, paths, session_info,
         raise
 
     samdb.transaction_commit()
+    return samdb
+
+
+def provision(lp, setup_dir, message, blank, paths, session_info, 
+              credentials, ldapbackend, realm=None, domain=None, hostname=None, 
+              hostip=None, domainsid=None, hostguid=None, adminpass=None, 
+              krbtgtpass=None, domainguid=None, policyguid=None, 
+              invocationid=None, machinepass=None, dnspass=None, root=None,
+              nobody=None, nogroup=None, users=None, wheel=None, backup=None, 
+              aci=None, serverrole=None):
+    """Provision samba4
+    
+    :note: caution, this wipes all existing data!
+    """
+
+    def setup_path(file):
+        return os.path.join(setup_dir, file)
+
+    erase = False
+
+    if domainsid is None:
+        domainsid = security.random_sid()
+    if policyguid is None:
+        policyguid = uuid.random()
+    if invocationid is None:
+        invocationid = uuid.random()
+    if adminpass is None:
+        adminpass = misc.random_password(12)
+    if krbtgtpass is None:
+        krbtgtpass = misc.random_password(12)
+    if machinepass is None:
+        machinepass  = misc.random_password(12)
+    if dnspass is None:
+        dnspass = misc.random_password(12)
+    if root is None:
+        root = findnss(pwd.getpwnam, "root")[4]
+    if nobody is None:
+        nobody = findnss(pwd.getpwnam, "nobody")[4]
+    if nogroup is None:
+        nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
+    if users is None:
+        users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", "usr")[2]
+    if wheel is None:
+        wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[2]
+    if backup is None:
+        backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[2]
+    if aci is None:
+        aci = "# no aci for local ldb"
+    if serverrole is None:
+        serverrole = lp.get("server role")
+
+    if realm is None:
+        realm = lp.get("realm")
+    else:
+        if lp.get("realm").upper() != realm.upper():
+            raise Error("realm '%s' in smb.conf must match chosen realm '%s'\n" %
+                (lp.get("realm"), realm))
+
+    assert realm is not None
+    realm = realm.upper()
+
+    if domain is None:
+        domain = lp.get("workgroup")
+    else:
+        if lp.get("workgroup").upper() != domain.upper():
+            raise Error("workgroup '%s' in smb.conf must match chosen domain '%s'\n",
+                lp.get("workgroup"), domain)
+
+    assert domain is not None
+    domain = domain.upper()
+    if not valid_netbios_name(domain):
+        raise InvalidNetbiosName(domain)
+
+    if hostname is None:
+        hostname = gethostname().split(".")[0].lower()
+
+    if hostip is None:
+        hostip = gethostbyname(hostname)
+
+    netbiosname = hostname.upper()
+    if not valid_netbios_name(netbiosname):
+        raise InvalidNetbiosName(netbiosname)
+
+    dnsdomain    = realm.lower()
+    domaindn     = "DC=" + dnsdomain.replace(".", ",DC=")
+    rootdn       = domaindn
+    configdn     = "CN=Configuration," + rootdn
+    schemadn     = "CN=Schema," + configdn
+
+    rdn_dc = domaindn.split(",")[0][len("DC="):]
+
+    message("set DOMAIN SID: %s" % str(domainsid))
+    message("Provisioning for %s in realm %s" % (domain, realm))
+    message("Using administrator password: %s" % adminpass)
+
+    assert paths.smbconf is not None
+
+    # only install a new smb.conf if there isn't one there already
+    if not os.path.exists(paths.smbconf):
+        message("Setting up smb.conf")
+        if serverrole == "domain controller":
+            smbconfsuffix = "dc"
+        elif serverrole == "member":
+            smbconfsuffix = "member"
+        else:
+            assert "Invalid server role setting: %s" % serverrole
+        setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), paths.smbconf, {
+            "HOSTNAME": hostname,
+            "DOMAIN_CONF": domain,
+            "REALM_CONF": realm,
+            "SERVERROLE": serverrole,
+            "NETLOGONPATH": paths.netlogon,
+            "SYSVOLPATH": paths.sysvol,
+            })
+        lp.reload()
+
+    # only install a new shares config db if there is none
+    if not os.path.exists(paths.shareconf):
+        message("Setting up share.ldb")
+        share_ldb = Ldb(paths.shareconf, session_info=session_info, 
+                        credentials=credentials, lp=lp)
+        share_ldb.load_ldif_file_add(setup_path("share.ldif"))
+
+    message("Setting up secrets.ldb")
+    secrets_ldb = setup_secretsdb(paths.secrets, setup_path, 
+                                  session_info=session_info, 
+                                  credentials=credentials, lp=lp)
+
+    message("Setting up the registry")
+    # FIXME: Still fails for some reason
+    #setup_registry(paths.hklm, setup_path, session_info, 
+    #               credentials=credentials, lp=lp)
+
+    message("Setting up templates db")
+    setup_templatesdb(paths.templates, setup_path, session_info=session_info, 
+                      credentials=credentials, lp=lp)
+
+    samdb = setup_samdb(paths.samdb, setup_path, session_info=session_info, credentials=credentials,
+                        lp=lp, schemadn=schemadn, configdn=configdn, domaindn=domaindn,
+                        dnsdomain=dnsdomain, netbiosname=netbiosname, realm=realm, message=message,
+                        hostname=hostname, rootdn=rootdn, erase=erase, domainsid=domainsid, aci=aci,
+                        rdn_dc=rdn_dc, domainguid=domainguid, policyguid=policyguid, 
+                        domainname=domain, blank=blank, adminpass=adminpass, krbtgtpass=krbtgtpass,
+                        hostguid=hostguid, invocationid=invocationid, machinepass=machinepass,
+                        dnspass=dnspass)
+
+    if lp.get("server role") == "domain controller":
+        os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}"), 0755)
+        os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "Machine"), 0755)
+        os.makedirs(os.path.join(paths.sysvol, dnsdomain, "Policies", "{" + policyguid + "}", "User"), 0755)
+        if not os.path.isdir(paths.netlogon):
+            os.makedirs(paths.netlogon, 0755)
+        setup_ldb(secrets_ldb, setup_path("secrets_dc.ldif"), { 
+            "MACHINEPASS_B64": b64encode(machinepass),
+            "DOMAIN": domain,
+            "REALM": realm,
+            "LDAPTIME": timestring(int(time.time())),
+            "DNSDOMAIN": dnsdomain,
+            "DOMAINSID": str(domainsid),
+            "SECRETS_KEYTAB": paths.keytab,
+            "NETBIOSNAME": netbiosname,
+            "SAM_LDB": paths.samdb,
+            "DNS_KEYTAB": paths.dns_keytab,
+            "DNSPASS_B64": b64encode(dnspass),
+            })
+
+    if not blank:
+        setup_name_mappings(samdb, str(domainsid), 
+                        domaindn, root=root, nobody=nobody, 
+                        nogroup=nogroup, wheel=wheel, users=users,
+                        backup=backup)
 
     message("Setting up phpLDAPadmin configuration")
     create_phplpapdadmin_config(paths.phpldapadminconfig, setup_path, paths.s4_ldapi_path)