7 my $opt_hostname = `hostname`;
21 my $defaultsite = "Default-First-Site-Name";
23 # return the current NTTIME as an integer
27 $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60));
29 return sprintf("%lld", $t);
32 # generate a random guid. Not a good algorithm.
35 my $r1 = int(rand(2**32));
36 my $r2 = int(rand(2**16));
37 my $r3 = int(rand(2**16));
38 my $r4 = int(rand(2**16));
39 my $r5 = int(rand(2**32));
40 my $r6 = int(rand(2**16));
41 return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
44 my $opt_domainguid = randguid();
45 my $hostguid = randguid();
49 return sprintf("S-1-5-21-%d-%d-%d",
50 int(rand(10**8)), int(rand(10**8)), int(rand(10**8)));
53 my $opt_domainsid = randsid();
55 # generate a random password. Poor algorithm :(
59 my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~";
60 for (my $i=0;$i<8;$i++) {
61 my $c = int(rand(length($chars)));
62 $pass .= substr($chars, $c, 1);
69 my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time);
70 return sprintf "%04u%02u%02u%02u%02u%02u.0Z",
71 $year+1900, $mon+1, $mday, $hour, $min, $sec;
74 #######################
75 # substitute a single variable
80 if ($var eq "BASEDN") {
84 if ($var eq "DOMAINSID") {
85 return $opt_domainsid;
88 if ($var eq "DOMAIN") {
92 if ($var eq "REALM") {
96 if ($var eq "DNSDOMAIN") {
100 if ($var eq "HOSTNAME") {
101 return $opt_hostname;
104 if ($var eq "NETBIOSNAME") {
108 if ($var eq "DNSNAME") {
112 if ($var eq "HOSTIP") {
116 if ($var eq "LDAPTIME") {
120 if ($var eq "NEWGUID") {
124 if ($var eq "DOMAINGUID") {
125 return $opt_domainguid;
128 if ($var eq "HOSTGUID") {
132 if ($var eq "DEFAULTSITE") {
136 if ($var eq "ADMINPASS") {
137 return $opt_adminpass;
140 if ($var eq "RANDPASS") {
144 if ($var eq "NTTIME") {
145 return "" . nttime();
148 if ($var eq "WHEEL") {
152 if ($var eq "NOBODY") {
156 if ($var eq "NOGROUP") {
160 if ($var eq "USERS") {
164 die "ERROR: Uknown substitution variable $var\n";
167 #####################################################################
168 # write a string into a file
171 my($filename) = shift;
174 open(FILE, ">$filename") || die "can't open $filename";
179 #####################################################################
180 # read a file into a string
183 my($filename) = shift;
185 open(INPUTFILE, $filename) || return undef;
186 my($saved_delim) = $/;
188 my($data) = <INPUTFILE>;
194 #######################################################################
195 # add a foreign security principle
200 my $unixname = shift;
202 dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN}
204 objectClass: foreignSecurityPrincipal
208 whenCreated: \${LDAPTIME}
209 whenChanged: \${LDAPTIME}
212 showInAdvancedViewOnly: TRUE
214 objectGUID: \${NEWGUID}
216 objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN}
222 ############################################
229 provision.pl [options]
230 --realm REALM set realm
231 --domain DOMAIN set domain
232 --hostname HOSTNAME set hostname
233 --hostip IPADDRESS set ipaddress
234 --adminpass PASSWORD choose admin password (otherwise random)
235 --nobody USERNAME choose 'nobody' user
236 --nogroup GROUPNAME choose 'nogroup' group
237 --wheel GROUPNAME choose 'wheel' privileged group
238 --users GROUPNAME choose 'users' group
240 You must provide at least a realm and domain
249 'help|h|?' => \$opt_help,
250 'realm=s' => \$opt_realm,
251 'domain=s' => \$opt_domain,
252 'domain-guid=s' => \$opt_domainguid,
253 'domain-sid=s' => \$opt_domainsid,
254 'hostname=s' => \$opt_hostname,
255 'hostip=s' => \$opt_hostip,
256 'adminpass=s' => \$opt_adminpass,
257 'nobody=s' => \$opt_nobody,
258 'nogroup=s' => \$opt_nogroup,
259 'wheel=s' => \$opt_wheel,
260 'users=s' => \$opt_users,
270 $opt_realm=uc($opt_realm);
271 $opt_domain=uc($opt_domain);
272 $opt_hostname=lc($opt_hostname);
273 $netbiosname=uc($opt_hostname);
276 my $hip = gethostbyname($opt_hostname);
278 $opt_hostip = inet_ntoa($hip);
280 $opt_hostip = "<0.0.0.0>";
284 print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n";
287 if (defined getpwnam("nobody")) {
288 $opt_nobody = "nobody";
293 if (defined getgrnam("nogroup")) {
294 $opt_nogroup = "nogroup";
295 } elsif (defined getgrnam("nobody")) {
296 $opt_nogroup = "nobody";
301 if (defined getgrnam("wheel")) {
302 $opt_wheel = "wheel";
303 } elsif (defined getgrnam("root")) {
309 if (defined getgrnam("users")) {
310 $opt_users = "users";
314 $opt_nobody || die "Unable to determine a user for 'nobody'\n";
315 $opt_nogroup || die "Unable to determine a group for 'nogroup'\n";
316 $opt_users || die "Unable to determine a group for 'user'\n";
317 $opt_wheel || die "Unable to determine a group for 'wheel'\n";
319 print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n";
321 print "generating ldif ...\n";
323 $dnsdomain = lc($opt_realm);
324 $dnsname = lc($opt_hostname).".".$dnsdomain;
325 $basedn = "DC=" . join(",DC=", split(/\./, $opt_realm));
327 my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n";
329 $data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}");
330 $data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}");
331 $data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}");
332 $data .= add_foreign("S-1-5-18", "System", "root");
333 $data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}");
335 if (!$opt_adminpass) {
336 $opt_adminpass = randpass();
337 print "chose random Administrator password '$opt_adminpass'\n";
342 print "applying substitutions ...\n";
344 while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
345 my $sub = substitute($2);
351 print "saving ldif to newsam.ldif ...\n";
353 FileSave("newsam.ldif", $res);
355 unlink("newsam.ldb");
357 print "creating newsam.ldb ...\n";
359 # allow provisioning to be run from the source directory
360 $ENV{"PATH"} .= ":bin";
362 system("ldbadd -H newsam.ldb newsam.ldif");
366 $data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n";
370 print "applying substitutions ...\n";
372 while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
373 my $sub = substitute($2);
379 print "saving ldif to newrootdse.ldif ...\n";
381 FileSave("newrootdse.ldif", $res);
383 unlink("newrootdse.ldb");
385 print "creating newrootdse.ldb ...\n";
387 system("ldbadd -H newrootdse.ldb newrootdse.ldif");
391 $data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n";
395 print "applying substitutions ...\n";
397 while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
398 my $sub = substitute($2);
404 print "saving ldif to newsecrets.ldif ...\n";
406 FileSave("newsecrets.ldif", $res);
408 unlink("newsecrets.ldb");
410 print "creating newsecrets.ldb ...\n";
412 system("ldbadd -H newsecrets.ldb newsecrets.ldif");
416 print "generating dns zone file ...\n";
418 $data = FileLoad("provision.zone") || die "Unable to load provision.zone\n";
422 print "applying substitutions ...\n";
424 while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
425 my $sub = substitute($2);
431 print "saving dns zone to newdns.zone ...\n";
433 FileSave("$dnsdomain.zone", $res);
437 unlink("newhklm.ldb");
439 print "creating newhklm.ldb ... \n";
441 system("ldbadd -H newhklm.ldb hklm.ldif");
448 - Please move newsam.ldb to sam.ldb in the private/ directory of your
450 - Please move newrootdse.ldb to rootdse.ldb in the private/ directory
451 of your Samba4 installation
452 - Please move newsecrets.ldb to secrets.ldb in the private/ directory
453 of your Samba4 installation
454 - Please move newhklm.ldb to hklm.ldb in the private/ directory
455 of your Samba4 installation
456 - Please use $dnsdomain.zone to in BIND dns server