2005-07-12 11:46:34 +00:00
/ *
backend code for provisioning a Samba4 server
Copyright Andrew Tridgell 2005
Released under the GNU GPL v2 or later
* /
/* used to generate sequence numbers for records */
provision _next _usn = 1 ;
2005-07-15 07:45:40 +00:00
sys = sys _init ( ) ;
2005-07-12 11:46:34 +00:00
/ *
find a user or group from a list of possibilities
* /
function findnss ( )
{
var i ;
assert ( arguments . length >= 2 ) ;
var nssfn = arguments [ 0 ] ;
for ( i = 1 ; i < arguments . length ; i ++ ) {
if ( nssfn ( arguments [ i ] ) != undefined ) {
return arguments [ i ] ;
}
}
printf ( "Unable to find user/group for %s\n" , arguments [ 1 ] ) ;
assert ( i < arguments . length ) ;
}
/ *
add a foreign security principle
* /
function add _foreign ( str , sid , desc , unixname )
{
var add = "
dn : CN = $ { SID } , CN = ForeignSecurityPrincipals , $ { BASEDN }
objectClass : top
objectClass : foreignSecurityPrincipal
cn : $ { SID }
description : $ { DESC }
instanceType : 4
whenCreated : $ { LDAPTIME }
whenChanged : $ { LDAPTIME }
uSNCreated : 1
uSNChanged : 1
showInAdvancedViewOnly : TRUE
name : $ { SID }
objectGUID : $ { NEWGUID }
objectSid : $ { SID }
objectCategory : CN = Foreign - Security - Principal , CN = Schema , CN = Configuration , $ { BASEDN }
unixName : $ { UNIXNAME }
" ;
var sub = new Object ( ) ;
sub . SID = sid ;
sub . DESC = desc ;
sub . UNIXNAME = unixname ;
return str + substitute _var ( add , sub ) ;
}
/ *
return current time as a nt time string
* /
function nttime ( )
{
2005-07-15 07:45:40 +00:00
return "" + sys . nttime ( ) ;
2005-07-12 11:46:34 +00:00
}
/ *
return current time as a ldap time string
* /
function ldaptime ( )
{
2005-07-15 07:45:40 +00:00
return sys . ldaptime ( sys . nttime ( ) ) ;
2005-07-12 11:46:34 +00:00
}
/ *
return a date string suitable for a dns zone serial number
* /
function datestring ( )
{
2005-07-15 07:45:40 +00:00
var t = sys . gmtime ( sys . nttime ( ) ) ;
2005-07-12 11:46:34 +00:00
return sprintf ( "%04u%02u%02u%02u" ,
t . tm _year + 1900 , t . tm _mon + 1 , t . tm _mday , t . tm _hour ) ;
}
/ *
return first host IP
* /
function hostip ( )
{
2005-07-15 07:45:40 +00:00
var list = sys . interfaces ( ) ;
2005-07-12 11:46:34 +00:00
return list [ 0 ] ;
}
/ *
return current time as a ldap time string
* /
function nextusn ( )
{
provision _next _usn = provision _next _usn + 1 ;
return provision _next _usn ;
}
/ *
return first part of hostname
* /
function hostname ( )
{
2005-07-15 07:45:40 +00:00
var s = split ( "." , sys . hostname ( ) ) ;
2005-07-12 11:46:34 +00:00
return s [ 0 ] ;
}
/ *
setup a ldb in the private dir
* /
function setup _ldb ( ldif , dbname , subobj )
{
var extra = "" ;
2005-07-15 05:40:34 +00:00
var ldb = ldb _init ( ) ;
2005-07-12 11:46:34 +00:00
if ( arguments . length == 4 ) {
extra = arguments [ 3 ] ;
}
2005-07-15 09:23:23 +00:00
var dbfile = lpGet ( "private dir" ) + "/" + dbname ;
2005-07-12 11:46:34 +00:00
var src = lpGet ( "setup directory" ) + "/" + ldif ;
2005-07-15 09:23:23 +00:00
sys . unlink ( dbfile ) ;
2005-07-12 11:46:34 +00:00
2005-07-15 07:45:40 +00:00
var data = sys . file _load ( src ) ;
2005-07-12 11:46:34 +00:00
data = data + extra ;
data = substitute _var ( data , subobj ) ;
2005-07-15 09:23:23 +00:00
var db = ldb . connect ( dbfile ) ;
assert ( db != undefined ) ;
2005-07-15 05:40:34 +00:00
ok = ldb . add ( db , data ) ;
2005-07-12 11:46:34 +00:00
assert ( ok ) ;
}
/ *
setup a file in the private dir
* /
function setup _file ( template , fname , subobj )
{
var f = lpGet ( "private dir" ) + "/" + fname ;
var src = lpGet ( "setup directory" ) + "/" + template ;
2005-07-15 07:45:40 +00:00
sys . unlink ( f ) ;
2005-07-12 11:46:34 +00:00
2005-07-15 07:45:40 +00:00
var data = sys . file _load ( src ) ;
2005-07-12 11:46:34 +00:00
data = substitute _var ( data , subobj ) ;
2005-07-15 07:45:40 +00:00
ok = sys . file _save ( f , data ) ;
2005-07-12 11:46:34 +00:00
assert ( ok ) ;
}
/ *
provision samba4 - caution , this wipes all existing data !
* /
function provision ( subobj , message )
{
var data = "" ;
/ *
some options need to be upper / lower case
* /
subobj . REALM = strlower ( subobj . REALM ) ;
subobj . HOSTNAME = strlower ( subobj . HOSTNAME ) ;
subobj . DOMAIN = strupper ( subobj . DOMAIN ) ;
subobj . NETBIOSNAME = strupper ( subobj . HOSTNAME ) ;
data = add _foreign ( data , "S-1-5-7" , "Anonymous" , "${NOBODY}" ) ;
data = add _foreign ( data , "S-1-1-0" , "World" , "${NOGROUP}" ) ;
data = add _foreign ( data , "S-1-5-2" , "Network" , "${NOGROUP}" ) ;
data = add _foreign ( data , "S-1-5-18" , "System" , "${ROOT}" ) ;
data = add _foreign ( data , "S-1-5-11" , "Authenticated Users" , "${USERS}" ) ;
provision _next _usn = 1 ;
message ( "Setting up hklm.ldb\n" ) ;
setup _ldb ( "hklm.ldif" , "hklm.ldb" , subobj ) ;
message ( "Setting up sam.ldb\n" ) ;
setup _ldb ( "provision.ldif" , "sam.ldb" , subobj , data ) ;
message ( "Setting up rootdse.ldb\n" ) ;
setup _ldb ( "rootdse.ldif" , "rootdse.ldb" , subobj ) ;
message ( "Setting up secrets.ldb\n" ) ;
setup _ldb ( "secrets.ldif" , "secrets.ldb" , subobj ) ;
message ( "Setting up DNS zone file\n" ) ;
setup _file ( "provision.zone" , subobj . DNSDOMAIN + ".zone" , subobj ) ;
}
/ *
guess reasonably default options for provisioning
* /
function provision _guess ( )
{
var subobj = new Object ( ) ;
subobj . REALM = lpGet ( "realm" ) ;
subobj . DOMAIN = lpGet ( "workgroup" ) ;
subobj . HOSTNAME = hostname ( ) ;
subobj . HOSTIP = hostip ( ) ;
subobj . DOMAINGUID = randguid ( ) ;
subobj . DOMAINSID = randsid ( ) ;
subobj . HOSTGUID = randguid ( ) ;
subobj . INVOCATIONID = randguid ( ) ;
subobj . KRBTGTPASS = randpass ( 12 ) ;
subobj . MACHINEPASS = randpass ( 12 ) ;
subobj . ADMINPASS = randpass ( 12 ) ;
subobj . DEFAULTSITE = "Default-First-Site-Name" ;
subobj . NEWGUID = randguid ;
subobj . NTTIME = nttime ;
subobj . LDAPTIME = ldaptime ;
subobj . DATESTRING = datestring ;
subobj . USN = nextusn ;
subobj . ROOT = findnss ( getpwnam , "root" ) ;
subobj . NOBODY = findnss ( getpwnam , "nobody" ) ;
2005-07-14 03:10:17 +00:00
subobj . NOGROUP = findnss ( getgrnam , "nogroup" , "nobody" ) ;
2005-07-12 11:46:34 +00:00
subobj . WHEEL = findnss ( getgrnam , "wheel" , "root" ) ;
subobj . USERS = findnss ( getgrnam , "users" , "guest" , "other" ) ;
subobj . DNSDOMAIN = strlower ( subobj . REALM ) ;
subobj . DNSNAME = sprintf ( "%s.%s" ,
strlower ( subobj . HOSTNAME ) ,
subobj . DNSDOMAIN ) ;
subobj . BASEDN = "DC=" + join ( ",DC=" , split ( "." , subobj . REALM ) ) ;
return subobj ;
}
return 0 ;