/*
return true if the current install seems to be OK
*/
-function install_ok()
+function install_ok(session_info, credentials)
{
var lp = loadparm_init();
var ldb = ldb_init();
+ ldb.session_info = session_info;
+ ldb.credentials = credentials;
if (lp.get("realm") == "") {
return false;
}
if (!ok) {
return false;
}
- var res = ldb.search("(name=Administrator)");
+ var res = ldb.search("(cn=Administrator)");
if (res.length != 1) {
return false;
}
}
+/* the ldb is in bad shape, possibly due to being built from an
+ incompatible previous version of the code, so delete it
+ completely */
+function ldb_delete(ldb)
+{
+ println("Deleting " + ldb.filename);
+ var lp = loadparm_init();
+ sys.unlink(sprintf("%s/%s", lp.get("private dir"), ldb.filename));
+ ldb.transaction_cancel();
+ ldb.close();
+ var ok = ldb.connect(ldb.filename);
+ ldb.transaction_start();
+ assert(ok);
+}
+
/*
erase an ldb, removing all records
*/
ldb.del("@MODULES");
/* and the rest */
- var res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
+ var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
var i;
+ if (typeof(res) == "undefined") {
+ ldb_delete(ldb);
+ return;
+ }
for (i=0;i<res.length;i++) {
ldb.del(res[i].dn);
}
- res = ldb.search("(objectclass=*)", attrs);
+ /* extra hack to ensure it's gone on remote ldap */
+ ldb.del("cn=ROOTDSE");
+
+ var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", attrs);
+ if (res.length != 0) {
+ ldb_delete(ldb);
+ return;
+ }
assert(res.length == 0);
}
-
/*
setup a ldb in the private dir
*/
-function setup_ldb(ldif, dbname, subobj)
+function setup_ldb(ldif, info, dbname)
{
var erase = true;
var extra = "";
var ldb = ldb_init();
var lp = loadparm_init();
+ ldb.session_info = info.session_info;
+ ldb.credentials = info.credentials;
if (arguments.length >= 4) {
extra = arguments[3];
var data = sys.file_load(src);
data = data + extra;
- data = substitute_var(data, subobj);
+ data = substitute_var(data, info.subobj);
- var ok = ldb.connect(dbname);
- assert(ok);
+ ldb.filename = dbname;
+
+ var connect_ok = ldb.connect(dbname);
+ assert(connect_ok);
+
+ ldb.transaction_start();
if (erase) {
ldb_erase(ldb);
}
- ok = ldb.add(data);
- assert(ok);
+ var add_ok = ldb.add(data);
+ if (!add_ok) {
+ info.message("ldb load failed: " + ldb.errstring() + "\n");
+ assert(add_ok);
+ }
+ var commit_ok = ldb.transaction_commit();
+ if (!commit_ok) {
+ info.message("ldb commit failed: " + ldb.errstring() + "\n");
+ assert(add_ok);
+ }
}
/*
assert(ok);
}
+function provision_default_paths(subobj)
+{
+ var lp = loadparm_init();
+ var paths = new Object();
+ paths.smbconf = lp.get("config file");
+ paths.hklm = "hklm.ldb";
+ paths.hkcu = "hkcu.ldb";
+ paths.hkcr = "hkcr.ldb";
+ paths.hku = "hku.ldb";
+ paths.hkpd = "hkpd.ldb";
+ paths.hkpt = "hkpt.ldb";
+ paths.samdb = lp.get("sam database");
+ paths.secrets = "secrets.ldb";
+ paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
+ paths.winsdb = "wins.ldb";
+ return paths;
+}
+
/*
provision samba4 - caution, this wipes all existing data!
*/
-function provision(subobj, message, blank)
+function provision(subobj, message, blank, paths, session_info, credentials)
{
var data = "";
var lp = loadparm_init();
var sys = sys_init();
- var smbconf = lp.get("config file");
+ var info = new Object();
/*
some options need to be upper/lower case
*/
- subobj.REALM = strlower(subobj.REALM);
+ subobj.REALM = strupper(subobj.REALM);
subobj.HOSTNAME = strlower(subobj.HOSTNAME);
subobj.DOMAIN = strupper(subobj.DOMAIN);
+ assert(valid_netbios_name(subobj.DOMAIN));
subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+ assert(valid_netbios_name(subobj.NETBIOSNAME));
var rdns = split(",", subobj.BASEDN);
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
provision_next_usn = 1;
+ info.subobj = subobj;
+ info.message = message;
+ info.credentials = credentials;
+ info.session_info = session_info;
+
/* only install a new smb.conf if there isn't one there already */
- var st = sys.stat(smbconf);
+ var st = sys.stat(paths.smbconf);
if (st == undefined) {
message("Setting up smb.conf\n");
- setup_file("provision.smb.conf", smbconf, subobj);
+ setup_file("provision.smb.conf", paths.smbconf, subobj);
lp.reload();
}
+ message("Setting up secrets.ldb\n");
+ setup_ldb("secrets.ldif", info, paths.secrets);
+ message("Setting up DNS zone file\n");
+ setup_file("provision.zone",
+ paths.dns,
+ subobj);
+ message("Setting up keytabs\n");
+ var keytab_ok = credentials_update_all_keytabs();
+ assert(keytab_ok);
message("Setting up hklm.ldb\n");
- setup_ldb("hklm.ldif", "hklm.ldb", subobj);
+ setup_ldb("hklm.ldif", info, paths.hklm);
+
+
message("Setting up sam.ldb attributes\n");
- setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+ setup_ldb("provision_init.ldif", info, paths.samdb);
+ message("Setting up sam.ldb schema\n");
+ setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
+ message("Setting up display specifiers\n");
+ setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false);
message("Setting up sam.ldb templates\n");
- setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
+ setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
message("Setting up sam.ldb data\n");
- setup_ldb("provision.ldif", "sam.ldb", subobj, NULL, false);
+ setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
if (blank == false) {
message("Setting up sam.ldb users and groups\n");
- setup_ldb("provision_users.ldif", "sam.ldb", subobj, data, false);
+ setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
}
- message("Setting up rootdse.ldb\n");
- setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
- message("Setting up secrets.ldb\n");
- setup_ldb("secrets.ldif", "secrets.ldb", subobj);
- message("Setting up DNS zone file\n");
- setup_file("provision.zone",
- lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone",
- subobj);
}
/*
var rdn_list;
random_init(local);
- subobj.REALM = lp.get("realm");
+ subobj.REALM = strupper(lp.get("realm"));
subobj.DOMAIN = lp.get("workgroup");
subobj.HOSTNAME = hostname();
subobj.DNSNAME = sprintf("%s.%s",
strlower(subobj.HOSTNAME),
subobj.DNSDOMAIN);
- rdn_list = split(".", subobj.REALM);
+ rdn_list = split(".", subobj.DNSDOMAIN);
subobj.BASEDN = "DC=" + join(",DC=", rdn_list);
return subobj;
}
/*
add a new user record
*/
-function newuser(username, unixname, password, message)
+function newuser(username, unixname, password, message, session_info, credentials)
{
var lp = loadparm_init();
var samdb = lp.get("sam database");
var ldb = ldb_init();
random_init(local);
+ ldb.session_info = session_info;
+ ldb.credentials = credentials;
/* connect to the sam */
var ok = ldb.connect(samdb);
assert(ok);
+ ldb.transaction_start();
+
/* find the DNs for the domain and the domain users group */
var domain_dn = searchone(ldb, "objectClass=domainDNS", "dn");
assert(domain_dn != undefined);
var ldif = sprintf("
dn: %s
sAMAccountName: %s
-name: %s
memberOf: %s
unixName: %s
-objectGUID: %s
-unicodePwd: %s
+sambaPassword: %s
objectClass: user
",
- user_dn, username, username, dom_users,
- unixname, randguid(), password);
+ user_dn, username, dom_users,
+ unixname, password);
/*
add the user to the users group as well
*/
/*
modify the userAccountControl to remove the disabled bit
*/
- return enable_account(ldb, user_dn);
+ ok = enable_account(ldb, user_dn);
+ if (ok) {
+ ldb.transaction_commit();
+ }
+ return ok;
+}
+
+// Check whether a name is valid as a NetBIOS name.
+// FIXME: There are probably more constraints here.
+// crh has a paragraph on this in his book (1.4.1.1)
+function valid_netbios_name(name)
+{
+ if (strlen(name) > 13) return false;
+ return true;
+}
+
+function provision_validate(subobj, message)
+{
+ if (!valid_netbios_name(subobj.DOMAIN)) {
+ message("Invalid NetBIOS name for domain\n");
+ return false;
+ }
+
+ if (!valid_netbios_name(subobj.NETBIOSNAME)) {
+ message("Invalid NetBIOS name for host\n");
+ return false;
+ }
+
+ return true;
}