sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

r13097: move the creation of the default sam name -> unix name mappings into

Browse Source 
the main provision logic, so it can also be used as part of the
vampire process
This commit is contained in:
Andrew Tridgell 2006-01-24 00:11:32 +00:00 committed by Gerald (Jerry) Carter
parent 0cf99b055b
commit 95e90169f4
2 changed files with 75 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
source/scripting/libjs/provision.js
View File

@ -52,24 +52,50 @@ function findnss()
/*
add a foreign security principle
*/
function add_foreign(str, sid, desc, unixname)
function add_foreign(str, sid, desc)
{
var add = "
dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
objectClass: top
objectClass: foreignSecurityPrincipal
description: ${DESC}
unixName: ${UNIXNAME}
uSNCreated: 1
uSNChanged: 1
";
var sub = new Object();
sub.SID = sid;
sub.DESC = desc;
sub.UNIXNAME = unixname;
return str + substitute_var(add, sub);
}
/*
setup a mapping between a sam name and a unix name
*/
function setup_name_mapping(info, ldb, sid, unixname)
{
var attrs = new Array("dn");
var res = ldb.search(sprintf("objectSid=%s", sid),
NULL, ldb.SCOPE_DEFAULT, attrs);
if (res.length != 1) {
return false;
}
var mod = sprintf("
dn: %s
changetype: modify
replace: unixName
unixName: %s
",
res[0].dn, unixname);
var ok = ldb.modify(mod);
if (!ok) {
info.message("name mapping for %s failed - %s\n",
sid, ldb.errstring());
return false;
}
return true;
}
/*
return current time as a nt time string
*/
@ -258,6 +284,42 @@ function provision_default_paths(subobj)
return paths;
}
/*
setup reasonable name mappings for sam names to unix names
*/
function setup_name_mappings(info, subobj, session_info, credentials)
{
var lp = loadparm_init();
var ldb = ldb_init();
ldb.session_info = session_info;
ldb.credentials = credentials;
var ok = ldb.connect(lp.get("sam database"));
if (!ok) {
return false;
}
/* some well known sids */
setup_name_mapping(info, ldb, "S-1-5-7", subobj.NOBODY);
setup_name_mapping(info, ldb, "S-1-1-0", subobj.NOGROUP);
setup_name_mapping(info, ldb, "S-1-5-2", subobj.NOGROUP);
setup_name_mapping(info, ldb, "S-1-5-18", subobj.ROOT);
setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
/* and some well known domain rids */
setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT);
setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL);
setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL);
setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL);
setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS);
setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL);
return true;
}
/*
provision samba4 - caution, this wipes all existing data!
*/
@ -319,10 +381,17 @@ function provision(subobj, message, blank, paths, session_info, credentials)
setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
message("Setting up sam.ldb data\n");
setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
if (blank == false) {
message("Setting up sam.ldb users and groups\n");
setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
if (blank != false) {
return true;
}
message("Setting up sam.ldb users and groups\n");
setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
return false;
}
return true;
}

8
source/setup/provision_users.ldif
View File

@ -16,7 +16,6 @@ accountExpires: -1
sAMAccountName: Administrator
isCriticalSystemObject: TRUE
sambaPassword: ${ADMINPASS}
unixName: ${ROOT}
dn: CN=Guest,CN=Users,${BASEDN}
objectClass: user
@ -49,7 +48,6 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
privilege: SeSecurityPrivilege
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
@ -133,7 +131,6 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${NOGROUP}
dn: CN=Print Operators,CN=Builtin,${BASEDN}
objectClass: top
@ -306,7 +303,6 @@ objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
dn: CN=Enterprise Admins,CN=Users,${BASEDN}
objectClass: top
@ -321,7 +317,6 @@ objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
dn: CN=Cert Publishers,CN=Users,${BASEDN}
objectClass: top
@ -350,7 +345,6 @@ objectSid: ${DOMAINSID}-512
adminCount: 1
sAMAccountName: Domain Admins
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
dn: CN=Domain Users,CN=Users,${BASEDN}
objectClass: top
@ -363,7 +357,6 @@ uSNChanged: 1
objectSid: ${DOMAINSID}-513
sAMAccountName: Domain Users
isCriticalSystemObject: TRUE
unixName: ${USERS}
dn: CN=Domain Guests,CN=Users,${BASEDN}
objectClass: top
@ -389,7 +382,6 @@ objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
objectClass: top