sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-29 16:23:52 +03:00
Code Activity
Files
5ea7ae70813f615769aff7640cc19005e30ecf12
samba-mirror/source/setup/provision
Andrew Tridgell 1d9632877c r8332: not done yet, but a lot closer
2007-10-10 13:20:07 -05:00

285 lines
6.0 KiB
Plaintext
Executable File
Raw Blame History

#!/usr/bin/env smbscript
/*
provision a Samba4 server
Copyright Andrew Tridgell 2005
Released under the GNU GPL v2 or later
*/
options = new Object();
ok = GetOptions(ARGV, options,
"POPT_AUTOHELP",
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
'realm=s',
'domain=s',
'domain-guid=s',
'domain-sid=s',
'host-name=s',
'host-ip=s',
'host-guid=s',
'invocationid=s',
'adminpass=s',
'krbtgtpass=s',
'machinepass=s',
'root=s',
'nobody=s',
'nogroup=s',
'wheel=s',
'users=s',
'outputdir=s',
'quiet');
if (ok == false) {
println("Failed to parse options: " + options.ERROR);
return -1;
}
libinclude("base.js");
/*
print a message if quiet is not set
*/
function message(s)
{
if (options["quiet"] == undefined) {
println(s);
}
}
/*
find a username from a list of possibilities
*/
function finduser()
{
var i, name = arguments[0];
if (options[name] != undefined) {
return options[name];
}
for (i=1;i<arguments.length;i++) {
if (getpwnam(arguments[i]) != undefined) {
return arguments[i];
}
}
println("Unable to find user for " + name);
exit(1);
}
/*
find a group from a list of possibilities
*/
function findgroup()
{
var i, name = arguments[0];
if (options[name] != undefined) {
return options[name];
}
for (i=1;i<arguments.length;i++) {
if (getgrnam(arguments[i]) != undefined) {
return arguments[i];
}
}
println("Unable to find group for " + name);
exit(1);
}
/*
return a variable substitution
*/
function sub_callback(key)
{
var lkey = strlower(key);
if (options[lkey] != undefined) {
return options[lkey];
}
println(key);
return "NOTFOUND{" + key + "}";
}
/*
add a foreign security principle
*/
function add_foreign(str, sid, desc, unixname)
{
return str + "
dn: CN=$sid,CN=ForeignSecurityPrincipals,${BASEDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: $sid
description: $desc
instanceType: 4
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: $sid
objectGUID: ${NEWGUID}
objectSid: $sid
objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
unixName: $unixname
";
}
/*
generate a random guid
*/
function randguid()
{
return "009876-7656";
}
/*
generate a random sid
*/
function randsid()
{
return "1-2-3";
}
/*
generate a random password
*/
function randpass()
{
return "penguin";
}
/*
return current time as a nt time string
*/
function nttime()
{
return "1st Feb";
}
/*
substitute strings of the form ${NAME} in str, replacing
with substitutions from subobj
*/
function substitute_var(str)
{
var list = split("${", str);
var i;
for (i=1;i<list.length;i++) {
var list2 = split("}", list[i]);
if (list2.length < 2) {
return undefined;
}
var key = list2[0];
if (typeof(subobj[key]) == "string") {
list2[0] = subobj[key];
} else {
println("KEY=" + key);
var fn = subobj[key];
list2[0] = fn();
println("list2fn=" + list2[0]);
}
list[i] = join("", list2);
println("XXX[" + key + "]=" + list[i]);
}
return join("", list);
}
/*
show some help
*/
function ShowHelp()
{
print("
Samba4 provisioning
provision.pl [options]
--realm REALM set realm
--domain DOMAIN set domain
--domain-guid GUID set domainguid (otherwise random)
--domain-sid SID set domainsid (otherwise random)
--host-name HOSTNAME set hostname
--host-ip IPADDRESS set ipaddress
--host-guid GUID set hostguid (otherwise random)
--invocationid GUID set invocationid (otherwise random)
--outputdir OUTPUTDIR set output directory
--adminpass PASSWORD choose admin password (otherwise random)
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
--machinepass PASSWORD choose machine password (otherwise random)
--root USERNAME choose 'root' unix username
--nobody USERNAME choose 'nobody' user
--nogroup GROUPNAME choose 'nogroup' group
--wheel GROUPNAME choose 'wheel' privileged group
--users GROUPNAME choose 'users' group
--quiet Be quiet
You must provide at least a realm and domain
");
exit(1);
}
/*
main program
*/
if (options["realm"] == undefined ||
options["domain"] == undefined ||
options["host-name"] == undefined) {
ShowHelp();
}
options.realm = strlower(options.realm);
options['host-name'] = strlower(options['host-name']);
options.domain = strupper(options.domain);
options.netbiosname = strupper(options.hostname);
if (options.hostip == undefined) {
var list = IfaceList();
options.hostip = list[0];
}
message("Provisioning for " + options.domain + " in realm " + options.realm);
options.root = finduser("root", "root");
options.nobody = finduser("nobody", "nobody");
options.nogroup = findgroup("nogroup", "nogroup", "nobody");
options.wheel = findgroup("wheel", "wheel", "root");
options.users = findgroup("users", "users", "guest", "other");
options.dnsdomain = strlower(options.realm);
options.dnsname = strlower(options['host-name']) + "." + options.dnsdomain;
options.basedn = "DC=" + join(",DC=", split(".", options.realm));
var data = FileLoad("setup/provision.ldif");
if (data == undefined) {
println("Unable to load provision.ldif");
exit(1);
}
/*
setup the substitution object
*/
subobj = new Object();
subobj.DOMAINGUID = randguid();
subobj.DOMAINSID = randsid();
subobj.HOSTGUID = randguid();
subobj.INVOCATIONID = randguid();
subobj.KRBTGTPASS = randpass();
subobj.MACHINEPASS = randpass();
subobj.ADMINPASS = randpass();
subobj.DEFAULTSITE = "Default-First-Site-Name";
subobj.NEWGUID = randguid;
subobj.NTTIME = nttime;
for (r in options) {
subobj[strupper(join("", split("-", r)))] = options[r];
}
printVars(subobj);
data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}");
data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}");
data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}");
data = add_foreign(data, "S-1-5-18", "System", "${ROOT}");
data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
newdata = substitute_var(data);
print(newdata);
return 0;
View Git Blame Copy Permalink