sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

s4-python: Fix some formatting issues.

Browse Source 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104
This commit is contained in:
Jelmer Vernooij 2011-09-13 01:27:50 +02:00
parent df1d3dc777
commit 0ee22a2dec
6 changed files with 219 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
source4/scripting/python/samba/__init__.py
View File

@ -29,7 +29,7 @@ import sys
import samba.param
def source_tree_topdir():
'''return the top level directory (the one containing the source4 directory)'''
"""Return the top level source directory."""
paths = [ "../../..", "../../../.." ]
for p in paths:
topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p))
@ -38,7 +38,7 @@ def source_tree_topdir():
raise RuntimeError("unable to find top level source directory")
def in_source_tree():
'''return True if we are running from within the samba source tree'''
"""Return True if we are running from within the samba source tree"""
try:
topdir = source_tree_topdir()
except RuntimeError:
@ -46,7 +46,6 @@ def in_source_tree():
return True
import ldb
from samba._ldb import Ldb as _Ldb

23
source4/scripting/python/samba/getopt.py
View File

@ -21,7 +21,8 @@
__docformat__ = "restructuredText"
import optparse, os
import optparse
import os
from samba.credentials import (
Credentials,
DONT_USE_KERBEROS,
@ -44,7 +45,8 @@ class SambaOptions(optparse.OptionGroup):
type=int, metavar="DEBUGLEVEL", help="debug level",
callback=self._set_debuglevel)
self.add_option("--option", action="callback",
type=str, metavar="OPTION", help="set smb.conf option from command line",
type=str, metavar="OPTION",
help="set smb.conf option from command line",
callback=self._set_option)
self.add_option("--realm", action="callback",
type=str, metavar="REALM", help="set the realm name",
@ -53,7 +55,7 @@ class SambaOptions(optparse.OptionGroup):
self._lp = LoadParm()
def get_loadparm_path(self):
"""Return the path to the smb.conf file specified on the command line. """
"""Return path to the smb.conf file specified on the command line."""
return self._configfile
def _load_configfile(self, option, opt_str, arg, parser):
@ -73,7 +75,7 @@ class SambaOptions(optparse.OptionGroup):
self._lp.set(a[0], a[1])
def get_loadparm(self):
"""Return a loadparm object with data specified on the command line. """
"""Return loadparm object with data specified on the command line."""
if self._configfile is not None:
self._lp.load(self._configfile)
elif os.getenv("SMB_CONF_PATH") is not None:
@ -124,7 +126,8 @@ class CredentialsOptions(optparse.OptionGroup):
help="Use Kerberos", callback=self._set_kerberos)
self.add_option("", "--ipaddress", metavar="IPADDRESS",
action="callback", type=str,
help="IP address of server", callback=self._set_ipaddress)
help="IP address of server",
callback=self._set_ipaddress)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
@ -171,6 +174,7 @@ class CredentialsOptions(optparse.OptionGroup):
return self.creds
class CredentialsOptionsDouble(CredentialsOptions):
"""Command line options for specifying credentials of two servers."""
def __init__(self, parser):
@ -180,13 +184,16 @@ class CredentialsOptionsDouble(CredentialsOptions):
callback=self._set_simple_bind_dn2, type=str,
help="DN to use for a simple bind")
self.add_option("--password2", metavar="PASSWORD2", action="callback",
help="Password", type=str, callback=self._set_password2)
help="Password", type=str,
callback=self._set_password2)
self.add_option("--username2", metavar="USERNAME2",
action="callback", type=str,
help="Username for second server", callback=self._parse_username2)
help="Username for second server",
callback=self._parse_username2)
self.add_option("--workgroup2", metavar="WORKGROUP2",
action="callback", type=str,
help="Workgroup for second server", callback=self._parse_workgroup2)
help="Workgroup for second server",
callback=self._parse_workgroup2)
self.add_option("--no-pass2", action="store_true",
help="Don't ask for a password for the second server")
self.add_option("--kerberos2", metavar="KERBEROS2",

4
source4/scripting/python/samba/sd_utils.py
View File

@ -26,6 +26,7 @@ from ldb import FLAG_MOD_REPLACE, SCOPE_BASE
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security
class SDUtils(object):
"""Some utilities for manipulation of security descriptors
on objects"""
@ -69,7 +70,8 @@ class SDUtils(object):
if ace in desc_sddl:
return
if desc_sddl.find("(") >= 0:
desc_sddl = desc_sddl[:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):]
desc_sddl = (desc_sddl[:desc_sddl.index("(")] + ace +
desc_sddl[desc_sddl.index("("):])
else:
desc_sddl = desc_sddl + ace
self.modify_sd_on_dn(object_dn, desc_sddl)

57
source4/scripting/python/samba/upgrade.py
View File

@ -35,6 +35,7 @@ from samba import dsdb
from samba.ndr import ndr_pack
from samba import unix2nttime
def import_sam_policy(samdb, policy, logger):
"""Import a Samba 3 policy.
@ -53,14 +54,15 @@ def import_sam_policy(samdb, policy, logger):
m = ldb.Message()
m.dn = samdb.get_default_basedn()
m['a01'] = ldb.MessageElement(str(policy['min password length']), ldb.FLAG_MOD_REPLACE,
'minPwdLength')
m['a02'] = ldb.MessageElement(str(policy['password history']), ldb.FLAG_MOD_REPLACE,
'pwdHistoryLength')
m['a01'] = ldb.MessageElement(str(policy['min password length']),
ldb.FLAG_MOD_REPLACE, 'minPwdLength')
m['a02'] = ldb.MessageElement(str(policy['password history']),
ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength')
min_pw_age_unix = policy['minimum password age']
min_pw_age_nt = 0 - unix2nttime(min_pw_age_unix)
m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'minPwdAge')
m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE,
'minPwdAge')
max_pw_age_unix = policy['maximum password age']
if (max_pw_age_unix == 0xFFFFFFFF):
@ -74,8 +76,8 @@ def import_sam_policy(samdb, policy, logger):
lockout_duration_mins = policy['lockout duration']
lockout_duration_nt = unix2nttime(lockout_duration_mins * 60)
m['a05'] = ldb.MessageElement(str(lockout_duration_nt), ldb.FLAG_MOD_REPLACE,
'lockoutDuration')
m['a05'] = ldb.MessageElement(str(lockout_duration_nt),
ldb.FLAG_MOD_REPLACE, 'lockoutDuration')
try:
samdb.modify(m)
@ -103,12 +105,15 @@ def add_idmap_entry(idmapdb, sid, xid, xid_type, logger):
try:
m = ldb.Message()
m.dn = msg[0]['dn']
m['xidNumber'] = ldb.MessageElement(str(xid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
m['type'] = ldb.MessageElement(xid_type, ldb.FLAG_MOD_REPLACE, 'type')
m['xidNumber'] = ldb.MessageElement(
str(xid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
m['type'] = ldb.MessageElement(
xid_type, ldb.FLAG_MOD_REPLACE, 'type')
idmapdb.modify(m)
except ldb.LdbError, e:
logger.warn('Could not modify idmap entry for sid=%s, id=%s, type=%s (%s)',
str(sid), str(xid), xid_type, str(e))
logger.warn(
'Could not modify idmap entry for sid=%s, id=%s, type=%s (%s)',
str(sid), str(xid), xid_type, str(e))
else:
try:
idmapdb.add({"dn": "CN=%s" % str(sid),
@ -118,8 +123,9 @@ def add_idmap_entry(idmapdb, sid, xid, xid_type, logger):
"type": xid_type,
"xidNumber": str(xid)})
except ldb.LdbError, e:
logger.warn('Could not add idmap entry for sid=%s, id=%s, type=%s (%s)',
str(sid), str(xid), xid_type, str(e))
logger.warn(
'Could not add idmap entry for sid=%s, id=%s, type=%s (%s)',
str(sid), str(xid), xid_type, str(e))
def import_idmap(idmapdb, samba3, logger):
@ -142,8 +148,10 @@ def import_idmap(idmapdb, samba3, logger):
m = ldb.Message()
m.dn = ldb.Dn(idmapdb, 'CN=CONFIG')
m['lowerbound'] = ldb.MessageElement(str(lowerbound), ldb.FLAG_MOD_REPLACE, 'lowerBound')
m['xidNumber'] = ldb.MessageElement(str(currentxid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
m['lowerbound'] = ldb.MessageElement(
str(lowerbound), ldb.FLAG_MOD_REPLACE, 'lowerBound')
m['xidNumber'] = ldb.MessageElement(
str(currentxid), ldb.FLAG_MOD_REPLACE, 'xidNumber')
idmapdb.modify(m)
for id_type, xid in samba3_idmap.ids():
@ -169,7 +177,8 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
# First try to see if we already have this entry
try:
msg = samdb.search(base='<SID=%s>' % str(groupmap.sid), scope=ldb.SCOPE_BASE)
msg = samdb.search(
base='<SID=%s>' % str(groupmap.sid), scope=ldb.SCOPE_BASE)
found = True
except ldb.LdbError, (ecode, emsg):
if ecode == ldb.ERR_NO_SUCH_OBJECT:
@ -183,7 +192,7 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
else:
if groupmap.sid_name_use == lsa.SID_NAME_WKN_GRP:
# In a lot of Samba3 databases, aliases are marked as well known groups
(group_dom_sid, rid) = group.sid.split()
(group_dom_sid, rid) = groupmap.sid.split()
if (group_dom_sid != security.dom_sid(security.SID_BUILTIN)):
return
@ -238,7 +247,7 @@ def import_wins(samba4_winsdb, samba3_winsdb):
version_id = 0
for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items():
version_id+=1
version_id += 1
type = int(name.split("#", 1)[1], 16)
@ -260,7 +269,7 @@ def import_wins(samba4_winsdb, samba3_winsdb):
else:
rState = 0x1 # released
nType = ((nb_flags & 0x60)>>5)
nType = ((nb_flags & 0x60) >> 5)
samba4_winsdb.add({"dn": "name=%s,type=0x%s" % tuple(name.split("#")),
"type": name.split("#")[1],
@ -279,6 +288,7 @@ def import_wins(samba4_winsdb, samba3_winsdb):
"objectClass": "winsMaxVersion",
"maxVersion": str(version_id)})
def enable_samba3sam(samdb, ldapurl):
"""Enable Samba 3 LDAP URL database.
@ -387,7 +397,8 @@ smbconf_keep = [
"host msdfs",
"winbind separator"]
def upgrade_smbconf(oldconf,mark):
def upgrade_smbconf(oldconf, mark):
"""Remove configuration variables not present in Samba4
:param oldconf: Old configuration structure
@ -408,7 +419,7 @@ def upgrade_smbconf(oldconf,mark):
if keep:
newconf.set(s, p, oldconf.get(s, p))
elif mark:
newconf.set(s, "samba3:"+p, oldconf.get(s,p))
newconf.set(s, "samba3:" + p, oldconf.get(s, p))
return newconf
@ -416,6 +427,7 @@ SAMBA3_PREDEF_NAMES = {
'HKLM': registry.HKEY_LOCAL_MACHINE,
}
def import_registry(samba4_registry, samba3_regdb):
"""Import a Samba 3 registry database into the Samba 4 registry.
@ -516,7 +528,7 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa
sid, rid = group.sid.split()
if sid == domainsid:
if rid >= next_rid:
next_rid = rid + 1
next_rid = rid + 1
# Get members for each group/alias
if group.sid_name_use == lsa.SID_NAME_ALIAS:
@ -540,7 +552,6 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa
group.nt_name, group.sid_name_use)
continue
# Export users from old passdb backend
logger.info("Exporting users")
userlist = s3db.search_users(0)

265
source4/setup/provision
View File

@ -35,13 +35,19 @@ import samba.ntacls
from samba.credentials import DONT_USE_KERBEROS
from samba.auth import system_session
import samba.getopt as options
from samba.provision import provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS, ProvisioningError
from samba.provision import (
provision,
FILL_FULL,
FILL_NT4SYNC,
FILL_DRS,
ProvisioningError,
)
from samba.dsdb import (
DS_DOMAIN_FUNCTION_2000,
DS_DOMAIN_FUNCTION_2003,
DS_DOMAIN_FUNCTION_2008,
DS_DOMAIN_FUNCTION_2008_R2,
)
DS_DOMAIN_FUNCTION_2000,
DS_DOMAIN_FUNCTION_2003,
DS_DOMAIN_FUNCTION_2008,
DS_DOMAIN_FUNCTION_2008_R2,
)
# how do we make this case insensitive??
@ -53,72 +59,72 @@ credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
parser.add_option("--interactive", help="Ask for names", action="store_true")
parser.add_option("--domain", type="string", metavar="DOMAIN",
help="set domain")
help="set domain")
parser.add_option("--domain-guid", type="string", metavar="GUID",
help="set domainguid (otherwise random)")
help="set domainguid (otherwise random)")
parser.add_option("--domain-sid", type="string", metavar="SID",
help="set domainsid (otherwise random)")
help="set domainsid (otherwise random)")
parser.add_option("--ntds-guid", type="string", metavar="GUID",
help="set NTDS object GUID (otherwise random)")
help="set NTDS object GUID (otherwise random)")
parser.add_option("--invocationid", type="string", metavar="GUID",
help="set invocationid (otherwise random)")
help="set invocationid (otherwise random)")
parser.add_option("--host-name", type="string", metavar="HOSTNAME",
help="set hostname")
help="set hostname")
parser.add_option("--host-ip", type="string", metavar="IPADDRESS",
help="set IPv4 ipaddress")
help="set IPv4 ipaddress")
parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS",
help="set IPv6 ipaddress")
help="set IPv6 ipaddress")
parser.add_option("--adminpass", type="string", metavar="PASSWORD",
help="choose admin password (otherwise random)")
help="choose admin password (otherwise random)")
parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD",
help="choose krbtgt password (otherwise random)")
help="choose krbtgt password (otherwise random)")
parser.add_option("--machinepass", type="string", metavar="PASSWORD",
help="choose machine password (otherwise random)")
help="choose machine password (otherwise random)")
parser.add_option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA", "BIND9", "BIND9_DLZ"],
choices=["SAMBA", "BIND9", "BIND9_DLZ"],
help="The DNS server backend. SAMBA is the builtin name server (experimental), BIND9 uses bind9 text database to store zone information (default), BIND9_DLZ uses samba4 AD to store zone information (recommended)")
parser.add_option("--dnspass", type="string", metavar="PASSWORD",
help="choose dns password (otherwise random)")
help="choose dns password (otherwise random)")
parser.add_option("--ldapadminpass", type="string", metavar="PASSWORD",
help="choose password to set between Samba and it's LDAP backend (otherwise random)")
help="choose password to set between Samba and it's LDAP backend (otherwise random)")
parser.add_option("--root", type="string", metavar="USERNAME",
help="choose 'root' unix username")
help="choose 'root' unix username")
parser.add_option("--nobody", type="string", metavar="USERNAME",
help="choose 'nobody' user")
help="choose 'nobody' user")
parser.add_option("--wheel", type="string", metavar="GROUPNAME",
help="choose 'wheel' privileged group")
help="choose 'wheel' privileged group")
parser.add_option("--users", type="string", metavar="GROUPNAME",
help="choose 'users' group")
help="choose 'users' group")
parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--blank", action="store_true",
help="do not add users or groups, just the structure")
help="do not add users or groups, just the structure")
parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
help="Additional TCP port for LDAP backend server (to use for replication)")
help="Additional TCP port for LDAP backend server (to use for replication)")
parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
help="LDAP backend type (fedora-ds or openldap)",
choices=["fedora-ds", "openldap"])
help="LDAP backend type (fedora-ds or openldap)",
choices=["fedora-ds", "openldap"])
parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
parser.add_option("--server-role", type="choice", metavar="ROLE",
choices=["domain controller", "dc", "member server", "member", "standalone"],
help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
choices=["domain controller", "dc", "member server", "member", "standalone"],
help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
choices=["2000", "2003", "2008", "2008_R2"],
help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.")
choices=["2000", "2003", "2008", "2008_R2"],
help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.")
parser.add_option("--next-rid", type="int", metavar="NEXTRID", default=1000,
help="The initial nextRid value (only needed for upgrades). Default is 1000.")
help="The initial nextRid value (only needed for upgrades). Default is 1000.")
parser.add_option("--partitions-only",
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
parser.add_option("--targetdir", type="string", metavar="DIR",
help="Set target directory")
help="Set target directory")
parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"")
parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH",
help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.")
help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.")
parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH",
help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.")
parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.")
parser.add_option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true")
opts = parser.parse_args()[0]
@ -126,81 +132,82 @@ opts = parser.parse_args()[0]
logger = logging.getLogger("provision")
logger.addHandler(logging.StreamHandler(sys.stdout))
if opts.quiet:
logger.setLevel(logging.WARNING)
logger.setLevel(logging.WARNING)
else:
logger.setLevel(logging.INFO)
logger.setLevel(logging.INFO)
if len(sys.argv) == 1:
opts.interactive = True
opts.interactive = True
if opts.interactive:
from getpass import getpass
import socket
def ask(prompt, default=None):
if default is not None:
print "%s [%s]: " % (prompt,default),
else:
print "%s: " % (prompt,),
return sys.stdin.readline().rstrip("\n") or default
try:
default = socket.getfqdn().split(".", 1)[1].upper()
except IndexError:
default = None
opts.realm = ask("Realm", default)
if opts.realm in (None, ""):
print >>sys.stderr, "No realm set!"
sys.exit(1)
from getpass import getpass
import socket
try:
default = opts.realm.split(".")[0]
except IndexError:
default = None
opts.domain = ask("Domain", default)
if opts.domain is None:
print >> sys.stderr, "No domain set!"
sys.exit(1)
def ask(prompt, default=None):
if default is not None:
print "%s [%s]: " % (prompt, default),
else:
print "%s: " % (prompt,),
return sys.stdin.readline().rstrip("\n") or default
try:
default = socket.getfqdn().split(".", 1)[1].upper()
except IndexError:
default = None
opts.realm = ask("Realm", default)
if opts.realm in (None, ""):
print >>sys.stderr, "No realm set!"
sys.exit(1)
opts.server_role = ask("Server Role (dc, member, standalone)", "dc")
for i in range(3):
opts.adminpass = getpass("Administrator password: ")
if not opts.adminpass:
print >>sys.stderr, "Invalid administrator password."
else:
break
try:
default = opts.realm.split(".")[0]
except IndexError:
default = None
opts.domain = ask("Domain", default)
if opts.domain is None:
print >> sys.stderr, "No domain set!"
sys.exit(1)
opts.server_role = ask("Server Role (dc, member, standalone)", "dc")
for i in range(3):
opts.adminpass = getpass("Administrator password: ")
if not opts.adminpass:
print >>sys.stderr, "Invalid administrator password."
else:
break
else:
if opts.realm in (None, ""):
opts.realm = sambaopts._lp.get('realm')
if opts.realm is None or opts.domain is None:
if opts.realm is None:
print >>sys.stderr, "No realm set!"
if opts.domain is None:
print >> sys.stderr, "No domain set!"
parser.print_usage()
sys.exit(1)
if opts.realm in (None, ""):
opts.realm = sambaopts._lp.get('realm')
if opts.realm is None or opts.domain is None:
if opts.realm is None:
print >>sys.stderr, "No realm set!"
if opts.domain is None:
print >> sys.stderr, "No domain set!"
parser.print_usage()
sys.exit(1)
if not opts.adminpass:
logger.info("Administrator password will be set randomly!")
logger.info("Administrator password will be set randomly!")
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
if opts.server_role == "dc":
server_role = "domain controller"
server_role = "domain controller"
elif opts.server_role == "member":
server_role = "member server"
server_role = "member server"
else:
server_role = opts.server_role
server_role = opts.server_role
if opts.function_level is None:
dom_for_fun_level = None
dom_for_fun_level = None
elif opts.function_level == "2000":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2000
dom_for_fun_level = DS_DOMAIN_FUNCTION_2000
elif opts.function_level == "2003":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
elif opts.function_level == "2008":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
elif opts.function_level == "2008_R2":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
creds = credopts.get_credentials(lp)
@ -214,50 +221,50 @@ elif opts.partitions_only:
eadb = True
if opts.use_xattrs == "yes":
eadb = False
eadb = False
elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"):
file = tempfile.NamedTemporaryFile()
try:
samba.ntacls.setntacl(lp, file.name,
"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
eadb = False
except:
logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
"If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
file.close()
file = tempfile.NamedTemporaryFile()
try:
samba.ntacls.setntacl(lp, file.name,
"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
eadb = False
except:
logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
"If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
file.close()
if opts.ldap_backend_type == "existing":
if opts.ldap_backend_forced_uri is not None:
logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
else:
logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
if opts.ldap_backend_forced_uri is not None:
logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
else:
logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
else:
if opts.ldap_backend_forced_uri is not None:
logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
if opts.ldap_backend_forced_uri is not None:
logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
session = system_session()
try:
provision(logger,
session, creds, smbconf=smbconf, targetdir=opts.targetdir,
samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
domainguid=opts.domain_guid, domainsid=opts.domain_sid,
hostname=opts.host_name,
hostip=opts.host_ip, hostip6=opts.host_ip6,
ntdsguid=opts.ntds_guid,
invocationid=opts.invocationid, adminpass=opts.adminpass,
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
dns_backend=opts.dns_backend,
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
wheel=opts.wheel, users=opts.users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
ldap_backend_extra_port=opts.ldap_backend_extra_port,
ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
backend_type=opts.ldap_backend_type,
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode,
useeadb=eadb, next_rid=opts.next_rid, lp=lp)
provision(logger,
session, creds, smbconf=smbconf, targetdir=opts.targetdir,
samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
domainguid=opts.domain_guid, domainsid=opts.domain_sid,
hostname=opts.host_name,
hostip=opts.host_ip, hostip6=opts.host_ip6,
ntdsguid=opts.ntds_guid,
invocationid=opts.invocationid, adminpass=opts.adminpass,
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
dns_backend=opts.dns_backend,
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
wheel=opts.wheel, users=opts.users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
ldap_backend_extra_port=opts.ldap_backend_extra_port,
ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
backend_type=opts.ldap_backend_type,
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode,
useeadb=eadb, next_rid=opts.next_rid, lp=lp)
except ProvisioningError, e:
print str(e)
sys.exit(1)
print str(e)
sys.exit(1)