dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
objectClass: top
objectClass: foreignSecurityPrincipal
-cn: ${SID}
description: ${DESC}
-instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
+unixName: ${UNIXNAME}
uSNCreated: 1
uSNChanged: 1
-showInAdvancedViewOnly: TRUE
-name: ${SID}
-objectGUID: ${NEWGUID}
-objectSid: ${SID}
-objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
-unixName: ${UNIXNAME}
";
var sub = new Object();
sub.SID = sid;
erase = arguments[4];
}
- var dbfile = dbname;
var src = lp.get("setup directory") + "/" + ldif;
var data = sys.file_load(src);
data = data + extra;
data = substitute_var(data, subobj);
- var ok = ldb.connect(dbfile);
+ var ok = ldb.connect(dbname);
assert(ok);
if (erase) {
assert(ok);
}
+function provision_default_paths(subobj)
+{
+ var lp = loadparm_init();
+ var paths = new Object();
+ paths.smbconf = lp.get("config file");
+ paths.hklm = "hklm.ldb";
+ paths.hkcu = "hkcu.ldb";
+ paths.hkcr = "hkcr.ldb";
+ paths.hku = "hku.ldb";
+ paths.hkpd = "hkpd.ldb";
+ paths.hkpt = "hkpt.ldb";
+ paths.samdb = "sam.ldb";
+ paths.rootdse = "rootdse.ldb";
+ paths.secrets = "secrets.ldb";
+ paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
+ paths.winsdb = "wins.ldb";
+ return paths;
+}
+
/*
provision samba4 - caution, this wipes all existing data!
*/
-function provision(subobj, message)
+function provision(subobj, message, blank, paths)
{
var data = "";
var lp = loadparm_init();
var sys = sys_init();
- var smbconf = lp.get("config file");
-
+
/*
some options need to be upper/lower case
*/
subobj.HOSTNAME = strlower(subobj.HOSTNAME);
subobj.DOMAIN = strupper(subobj.DOMAIN);
subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+ var rdns = split(",", subobj.BASEDN);
+ subobj.RDN_DC = substr(rdns[0], strlen("DC="));
data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}");
data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}");
provision_next_usn = 1;
/* only install a new smb.conf if there isn't one there already */
- var st = sys.stat(smbconf);
+ var st = sys.stat(paths.smbconf);
if (st == undefined) {
message("Setting up smb.conf\n");
- setup_file("provision.smb.conf", smbconf, subobj);
+ setup_file("provision.smb.conf", paths.smbconf, subobj);
lp.reload();
}
message("Setting up hklm.ldb\n");
- setup_ldb("hklm.ldif", "hklm.ldb", subobj);
+ setup_ldb("hklm.ldif", paths.hklm, subobj);
message("Setting up sam.ldb attributes\n");
- setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+ setup_ldb("provision_init.ldif", paths.samdb, subobj);
+ message("Setting up sam.ldb templates\n");
+ setup_ldb("provision_templates.ldif", paths.samdb, subobj, NULL, false);
message("Setting up sam.ldb data\n");
- setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
+ setup_ldb("provision.ldif", paths.samdb, subobj, NULL, false);
+ if (blank == false) {
+ message("Setting up sam.ldb users and groups\n");
+ setup_ldb("provision_users.ldif", paths.samdb, subobj, data, false);
+ }
message("Setting up rootdse.ldb\n");
- setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
+ setup_ldb("rootdse.ldif", paths.rootdse, subobj);
message("Setting up secrets.ldb\n");
- setup_ldb("secrets.ldif", "secrets.ldb", subobj);
+ setup_ldb("secrets.ldif", paths.secrets, subobj);
message("Setting up DNS zone file\n");
setup_file("provision.zone",
- lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone",
+ paths.dns,
subobj);
}
var subobj = new Object();
var nss = nss_init();
var lp = loadparm_init();
+ var rdn_list;
random_init(local);
subobj.REALM = lp.get("realm");
subobj.ROOT = findnss(nss.getpwnam, "root");
subobj.NOBODY = findnss(nss.getpwnam, "nobody");
subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
- subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
+ subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root", "staff");
subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
subobj.DNSDOMAIN = strlower(subobj.REALM);
subobj.DNSNAME = sprintf("%s.%s",
strlower(subobj.HOSTNAME),
subobj.DNSDOMAIN);
- subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
+ rdn_list = split(".", subobj.REALM);
+ subobj.BASEDN = "DC=" + join(",DC=", rdn_list);
return subobj;
}
return res[0][attribute];
}
+/*
+ modify an account to remove the
+*/
+function enable_account(ldb, user_dn)
+{
+ var attrs = new Array("userAccountControl");
+ var res = ldb.search(NULL, user_dn, ldb.SCOPE_ONELEVEL, attrs);
+ assert(res.length == 1);
+ var userAccountControl = res[0].userAccountControl;
+ userAccountControl = userAccountControl - 2; /* remove disabled bit */
+ var mod = sprintf("
+dn: %s
+changetype: modify
+replace: userAccountControl
+userAccountControl: %u
+",
+ user_dn, userAccountControl);
+ var ok = ldb.modify(mod);
+ return ok;
+}
+
+
/*
add a new user record
*/
return false;
}
- return true;
+ /*
+ modify the userAccountControl to remove the disabled bit
+ */
+ return enable_account(ldb, user_dn);
}