2 backend code for provisioning a Samba4 server
3 Copyright Andrew Tridgell 2005
4 Released under the GNU GPL v2 or later
7 /* used to generate sequence numbers for records */
8 provision_next_usn = 1;
13 find a user or group from a list of possibilities
18 assert(arguments.length >= 2);
19 var nssfn = arguments[0];
20 for (i=1;i<arguments.length;i++) {
21 if (nssfn(arguments[i]) != undefined) {
25 printf("Unable to find user/group for %s\n", arguments[1]);
26 assert(i<arguments.length);
30 add a foreign security principle
32 function add_foreign(str, sid, desc, unixname)
35 dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
37 objectClass: foreignSecurityPrincipal
41 whenCreated: ${LDAPTIME}
42 whenChanged: ${LDAPTIME}
45 showInAdvancedViewOnly: TRUE
47 objectGUID: ${NEWGUID}
49 objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
52 var sub = new Object();
55 sub.UNIXNAME = unixname;
56 return str + substitute_var(add, sub);
60 return current time as a nt time string
64 return "" + sys.nttime();
68 return current time as a ldap time string
72 return sys.ldaptime(sys.nttime());
76 return a date string suitable for a dns zone serial number
80 var t = sys.gmtime(sys.nttime());
81 return sprintf("%04u%02u%02u%02u",
82 t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour);
90 var list = sys.interfaces();
95 return current time as a ldap time string
99 provision_next_usn = provision_next_usn+1;
100 return provision_next_usn;
104 return first part of hostname
108 var s = split(".", sys.hostname());
114 erase an ldb, removing all records
116 function ldb_erase(ldb)
118 var attrs = new Array("dn");
120 /* delete the specials */
121 ldb.del("@INDEXLIST");
122 ldb.del("@ATTRIBUTES");
123 ldb.del("@SUBCLASSES");
127 var res = ldb.search("(|(objectclass=*)(dn=*))", attrs);
129 for (i=0;i<res.length;i++) {
132 res = ldb.search("(objectclass=*)", attrs);
133 assert(res.length == 0);
138 setup a ldb in the private dir
140 function setup_ldb(ldif, dbname, subobj)
143 var ldb = ldb_init();
144 var lp = loadparm_init();
146 if (arguments.length == 4) {
147 extra = arguments[3];
151 var src = lp.get("setup directory") + "/" + ldif;
153 var data = sys.file_load(src);
155 data = substitute_var(data, subobj);
157 var ok = ldb.connect(dbfile);
167 setup a file in the private dir
169 function setup_file(template, fname, subobj)
171 var lp = loadparm_init();
173 var src = lp.get("setup directory") + "/" + template;
177 var data = sys.file_load(src);
178 data = substitute_var(data, subobj);
180 ok = sys.file_save(f, data);
185 provision samba4 - caution, this wipes all existing data!
187 function provision(subobj, message)
190 var lp = loadparm_init();
191 var sys = sys_init();
192 var smbconf = lp.get("config file");
195 some options need to be upper/lower case
197 subobj.REALM = strlower(subobj.REALM);
198 subobj.HOSTNAME = strlower(subobj.HOSTNAME);
199 subobj.DOMAIN = strupper(subobj.DOMAIN);
200 subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
202 data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}");
203 data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}");
204 data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}");
205 data = add_foreign(data, "S-1-5-18", "System", "${ROOT}");
206 data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
208 provision_next_usn = 1;
210 /* only install a new smb.conf if there isn't one there already */
211 var st = sys.stat(smbconf);
212 if (st == undefined) {
213 message("Setting up smb.conf\n");
214 setup_file("provision.smb.conf", smbconf, subobj);
217 message("Setting up hklm.ldb\n");
218 setup_ldb("hklm.ldif", "hklm.ldb", subobj);
219 message("Setting up sam.ldb\n");
220 setup_ldb("provision.ldif", "sam.ldb", subobj, data);
221 message("Setting up rootdse.ldb\n");
222 setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
223 message("Setting up secrets.ldb\n");
224 setup_ldb("secrets.ldif", "secrets.ldb", subobj);
225 message("Setting up DNS zone file\n");
226 setup_file("provision.zone",
227 lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone",
232 guess reasonably default options for provisioning
234 function provision_guess()
236 var subobj = new Object();
237 var nss = nss_init();
238 var lp = loadparm_init();
241 subobj.REALM = lp.get("realm");
242 subobj.DOMAIN = lp.get("workgroup");
243 subobj.HOSTNAME = hostname();
245 assert(subobj.REALM);
246 assert(subobj.DOMAIN);
247 assert(subobj.HOSTNAME);
249 subobj.HOSTIP = hostip();
250 subobj.DOMAINGUID = randguid();
251 subobj.DOMAINSID = randsid();
252 subobj.HOSTGUID = randguid();
253 subobj.INVOCATIONID = randguid();
254 subobj.KRBTGTPASS = randpass(12);
255 subobj.MACHINEPASS = randpass(12);
256 subobj.ADMINPASS = randpass(12);
257 subobj.DEFAULTSITE = "Default-First-Site-Name";
258 subobj.NEWGUID = randguid;
259 subobj.NTTIME = nttime;
260 subobj.LDAPTIME = ldaptime;
261 subobj.DATESTRING = datestring;
262 subobj.USN = nextusn;
263 subobj.ROOT = findnss(nss.getpwnam, "root");
264 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
265 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
266 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
267 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
268 subobj.DNSDOMAIN = strlower(subobj.REALM);
269 subobj.DNSNAME = sprintf("%s.%s",
270 strlower(subobj.HOSTNAME),
272 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
277 search for one attribute as a string
279 function searchone(ldb, expression, attribute)
281 var attrs = new Array(attribute);
282 res = ldb.search(expression, attrs);
283 if (res.length != 1 ||
284 res[0][attribute] == undefined) {
287 return res[0][attribute];
291 add a new user record
293 function newuser(username, unixname, password, message)
295 var lp = loadparm_init();
296 var samdb = lp.get("sam database");
297 var ldb = ldb_init();
300 /* connect to the sam */
301 var ok = ldb.connect(samdb);
304 /* find the DNs for the domain and the domain users group */
305 var domain_dn = searchone(ldb, "objectClass=domainDNS", "dn");
306 assert(domain_dn != undefined);
307 var dom_users = searchone(ldb, "name=Domain Users", "dn");
308 assert(dom_users != undefined);
310 var user_dn = sprintf("CN=%s,CN=Users,%s", username, domain_dn);
314 the new user record. note the reliance on the samdb module to fill
327 user_dn, username, username, dom_users,
328 unixname, randguid(), password);
330 add the user to the users group as well
332 var modgroup = sprintf("
344 message("Adding user %s\n", user_dn);
347 message("Failed to add %s - %s\n", user_dn, ldb.errstring());
351 message("Modifying group %s\n", dom_users);
352 ok = ldb.modify(modgroup);
354 message("Failed to modify %s - %s\n", dom_users, ldb.errstring());