summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2008-01-25 23:16:34 +1100
committerAndrew Tridgell <tridge@samba.org>2008-01-25 23:16:34 +1100
commit98d2b00dbe08b1303858be5f85704fa4bd1e7233 (patch)
tree565407437cc94938e7a8988eaa2d92f6dd9b1261 /source4/scripting/python
parent8ef7ddbf895d0126f578fcc46d2cb292addddf2b (diff)
parent21f5f4d4409e5a7076194639570f11ec32cf3257 (diff)
downloadsamba-98d2b00dbe08b1303858be5f85704fa4bd1e7233.tar.gz
samba-98d2b00dbe08b1303858be5f85704fa4bd1e7233.tar.bz2
samba-98d2b00dbe08b1303858be5f85704fa4bd1e7233.zip
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
(This used to be commit 1e042908992cdf3149ffc24472c7f0b1c3f9edef)
Diffstat (limited to 'source4/scripting/python')
-rw-r--r--source4/scripting/python/misc.i11
-rw-r--r--source4/scripting/python/misc.py1
-rw-r--r--source4/scripting/python/misc_wrap.c51
-rw-r--r--source4/scripting/python/modules.c2
-rw-r--r--source4/scripting/python/samba/__init__.py23
-rw-r--r--source4/scripting/python/samba/getopt.py6
-rw-r--r--source4/scripting/python/samba/provision.py533
-rw-r--r--source4/scripting/python/samba/samdb.py13
-rw-r--r--source4/scripting/python/samba/tests/__init__.py8
-rw-r--r--source4/scripting/python/samba/tests/provision.py29
-rw-r--r--source4/scripting/python/samba/upgrade.py5
11 files changed, 456 insertions, 226 deletions
diff --git a/source4/scripting/python/misc.i b/source4/scripting/python/misc.i
index 2f418406707..a11b2fb825a 100644
--- a/source4/scripting/python/misc.i
+++ b/source4/scripting/python/misc.i
@@ -66,3 +66,14 @@ WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf
const char *samba_version_string(void);
int dsdb_set_global_schema(struct ldb_context *ldb);
int ldb_register_samba_handlers(struct ldb_context *ldb);
+
+%inline %{
+bool dsdb_set_ntds_invocation_id(struct ldb_context *ldb, const char *guid)
+{
+ struct GUID invocation_id_in;
+ if (NT_STATUS_IS_ERR(GUID_from_string(guid, &invocation_id_in))) {
+ return false;
+ }
+ return samdb_set_ntds_invocation_id(ldb, &invocation_id_in);
+}
+%}
diff --git a/source4/scripting/python/misc.py b/source4/scripting/python/misc.py
index ae900a1f627..2fc7fe37e74 100644
--- a/source4/scripting/python/misc.py
+++ b/source4/scripting/python/misc.py
@@ -70,5 +70,6 @@ dsdb_attach_schema_from_ldif_file = _misc.dsdb_attach_schema_from_ldif_file
version = _misc.version
dsdb_set_global_schema = _misc.dsdb_set_global_schema
ldb_register_samba_handlers = _misc.ldb_register_samba_handlers
+dsdb_set_ntds_invocation_id = _misc.dsdb_set_ntds_invocation_id
diff --git a/source4/scripting/python/misc_wrap.c b/source4/scripting/python/misc_wrap.c
index a7493550cc1..f467f851bdd 100644
--- a/source4/scripting/python/misc_wrap.c
+++ b/source4/scripting/python/misc_wrap.c
@@ -2794,6 +2794,16 @@ SWIG_From_int (int value)
return SWIG_From_long (value);
}
+
+bool dsdb_set_ntds_invocation_id(struct ldb_context *ldb, const char *guid)
+{
+ struct GUID invocation_id_in;
+ if (NT_STATUS_IS_ERR(GUID_from_string(guid, &invocation_id_in))) {
+ return false;
+ }
+ return samdb_set_ntds_invocation_id(ldb, &invocation_id_in);
+}
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -3102,6 +3112,46 @@ fail:
}
+SWIGINTERN PyObject *_wrap_dsdb_set_ntds_invocation_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ struct ldb_context *arg1 = (struct ldb_context *) 0 ;
+ char *arg2 = (char *) 0 ;
+ bool result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ char * kwnames[] = {
+ (char *) "ldb",(char *) "guid", NULL
+ };
+
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"OO:dsdb_set_ntds_invocation_id",kwnames,&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_ldb_context, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "dsdb_set_ntds_invocation_id" "', argument " "1"" of type '" "struct ldb_context *""'");
+ }
+ arg1 = (struct ldb_context *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "dsdb_set_ntds_invocation_id" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg1 == NULL)
+ SWIG_exception(SWIG_ValueError,
+ "ldb context must be non-NULL");
+ result = (bool)dsdb_set_ntds_invocation_id(arg1,(char const *)arg2);
+ resultobj = SWIG_From_bool((bool)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
static PyMethodDef SwigMethods[] = {
{ (char *)"random_password", (PyCFunction) _wrap_random_password, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"ldb_set_credentials", (PyCFunction) _wrap_ldb_set_credentials, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3112,6 +3162,7 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"version", (PyCFunction)_wrap_version, METH_NOARGS, NULL},
{ (char *)"dsdb_set_global_schema", (PyCFunction) _wrap_dsdb_set_global_schema, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"ldb_register_samba_handlers", (PyCFunction) _wrap_ldb_register_samba_handlers, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"dsdb_set_ntds_invocation_id", (PyCFunction) _wrap_dsdb_set_ntds_invocation_id, METH_VARARGS | METH_KEYWORDS, NULL},
{ NULL, NULL, 0, NULL }
};
diff --git a/source4/scripting/python/modules.c b/source4/scripting/python/modules.c
index fff981e9417..2ecad20b8ef 100644
--- a/source4/scripting/python/modules.c
+++ b/source4/scripting/python/modules.c
@@ -62,7 +62,7 @@ void py_load_samba_modules(void)
void py_update_path(const char *bindir)
{
char *newpath;
- asprintf(&newpath, "%s:%s/python:%s/../scripting/python", Py_GetPath(), bindir, bindir);
+ asprintf(&newpath, "%s/python:%s/../scripting/python:%s", bindir, bindir, Py_GetPath());
PySys_SetPath(newpath);
free(newpath);
}
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 483929661da..b041165800f 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -1,8 +1,10 @@
#!/usr/bin/python
# Unix SMB/CIFS implementation.
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+#
+# Based on the original in EJS:
# Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
-# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -89,7 +91,7 @@ class Ldb(ldb.Ldb):
set_session_info = misc.ldb_set_session_info
set_loadparm = misc.ldb_set_loadparm
- def searchone(self, basedn, attribute, expression=None,
+ def searchone(self, attribute, basedn=None, expression=None,
scope=ldb.SCOPE_BASE):
"""Search for one attribute as a string.
@@ -104,7 +106,7 @@ class Ldb(ldb.Ldb):
return None
values = set(res[0][attribute])
assert len(values) == 1
- return values.pop()
+ return self.schema_format_value(attribute, values.pop())
def erase(self):
"""Erase this ldb, removing all records."""
@@ -192,6 +194,21 @@ def substitute_var(text, values):
return text
+def check_all_substituted(text):
+ """Make sure that all substitution variables in a string have been replaced.
+ If not, raise an exception.
+
+ :param text: The text to search for substitution variables
+ """
+ if not "${" in text:
+ return
+
+ var_start = text.find("${")
+ var_end = text.find("}", var_start)
+
+ raise Exception("Not all variables substituted: %s" % text[var_start:var_end+1])
+
+
def valid_netbios_name(name):
"""Check whether a name is valid as a NetBIOS name. """
# FIXME: There are probably more constraints here.
diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py
index dfcf2c457e8..088a5acf6fc 100644
--- a/source4/scripting/python/samba/getopt.py
+++ b/source4/scripting/python/samba/getopt.py
@@ -50,6 +50,7 @@ class VersionOptions(optparse.OptionGroup):
class CredentialsOptions(optparse.OptionGroup):
def __init__(self, parser):
+ self.no_pass = False
optparse.OptionGroup.__init__(self, parser, "Credentials Options")
self.add_option("--simple-bind-dn", metavar="DN", action="callback",
callback=self._set_simple_bind_dn, type=str,
@@ -62,6 +63,8 @@ class CredentialsOptions(optparse.OptionGroup):
self.add_option("-W", "--workgroup", metavar="WORKGROUP",
action="callback", type=str,
help="Workgroup", callback=self._parse_workgroup)
+ self.add_option("-N", "--no-pass", action="store_true",
+ help="Don't ask for a password")
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
@@ -77,4 +80,7 @@ class CredentialsOptions(optparse.OptionGroup):
self.creds.set_bind_dn(arg)
def get_credentials(self):
+ self.creds.guess()
+ if not self.no_pass:
+ self.creds.set_cmdline_callbacks()
return self.creds
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d59cea121e8..f244679eb51 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1,10 +1,25 @@
#
-# backend code for provisioning a Samba4 server
-# Released under the GNU GPL v3 or later
-# Copyright Jelmer Vernooij 2007
+# Unix SMB/CIFS implementation.
+# backend code for provisioning a Samba4 server
+
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
#
# Based on the original in EJS:
-# Copyright Andrew Tridgell 2005
+# Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from base64 import b64encode
@@ -17,9 +32,10 @@ from socket import gethostname, gethostbyname
import param
import registry
import samba
-from samba import Ldb, substitute_var, valid_netbios_name
+from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted
from samba.samdb import SamDB
import security
+import urllib
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \
LDB_ERR_NO_SUCH_OBJECT, timestring, CHANGETYPE_MODIFY, CHANGETYPE_NONE
@@ -53,7 +69,7 @@ class ProvisionPaths:
self.ldap_schema_basedn_ldif = None
-def install_ok(lp, session_info, credentials):
+def check_install(lp, session_info, credentials):
"""Check whether the current install seems ok.
:param lp: Loadparm context
@@ -61,12 +77,11 @@ def install_ok(lp, session_info, credentials):
:param credentials: Credentials
"""
if lp.get("realm") == "":
- return False
+ raise Error("Realm empty")
ldb = Ldb(lp.get("sam database"), session_info=session_info,
credentials=credentials, lp=lp)
if len(ldb.search("(cn=Administrator)")) != 1:
- return False
- return True
+ raise "No administrator account found"
def findnss(nssfn, *names):
@@ -112,7 +127,7 @@ def setup_add_ldif(ldb, ldif_path, subst_vars=None):
if subst_vars is not None:
data = substitute_var(data, subst_vars)
- assert "${" not in data
+ check_all_substituted(data)
ldb.add_ldif(data)
@@ -128,7 +143,7 @@ def setup_modify_ldif(ldb, ldif_path, substvars=None):
if substvars is not None:
data = substitute_var(data, substvars)
- assert "${" not in data
+ check_all_substituted(data)
ldb.modify_ldif(data)
@@ -159,25 +174,30 @@ def setup_file(template, fname, substvars):
data = open(template, 'r').read()
if substvars:
data = substitute_var(data, substvars)
- assert not "${" in data
+ check_all_substituted(data)
open(f, 'w').write(data)
-def provision_paths_from_lp(lp, dnsdomain):
+def provision_paths_from_lp(lp, dnsdomain, private_dir=None):
"""Set the default paths for provisioning.
:param lp: Loadparm context.
:param dnsdomain: DNS Domain name
"""
paths = ProvisionPaths()
- private_dir = lp.get("private dir")
+ if private_dir is None:
+ private_dir = lp.get("private dir")
+ paths.keytab = "secrets.keytab"
+ paths.dns_keytab = "dns.keytab"
+ else:
+ paths.keytab = os.path.join(private_dir, "secrets.keytab")
+ paths.dns_keytab = os.path.join(private_dir, "dns.keytab")
+
paths.shareconf = os.path.join(private_dir, "share.ldb")
paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb")
paths.secrets = os.path.join(private_dir, lp.get("secrets database") or "secrets.ldb")
paths.templates = os.path.join(private_dir, "templates.ldb")
- paths.keytab = os.path.join(private_dir, "secrets.keytab")
- paths.dns_keytab = os.path.join(private_dir, "dns.keytab")
paths.dns = os.path.join(private_dir, dnsdomain + ".zone")
paths.winsdb = os.path.join(private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(private_dir, "ldapi")
@@ -235,77 +255,192 @@ def setup_name_mappings(ldb, sid, domaindn, root, nobody, nogroup, users,
ldb.setup_name_mapping(domaindn, sid + "-520", wheel)
-def provision_become_dc(setup_dir, message, paths, lp, session_info,
- credentials):
+def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
+ credentials, configdn, schemadn, domaindn,
+ hostname, netbiosname, dnsdomain, realm,
+ rootdn, serverrole, ldap_backend=None,
+ ldap_backend_type=None, erase=False):
+ """Setup the partitions for the SAM database.
+
+ Alternatively, provision() may call this, and then populate the database.
+
+ :param erase: Remove the existing data present in the database.
+ :param
+
+ :note: This will wipe the Sam Database!
+
+ :note: This function always removes the local SAM LDB file. The erase
+ parameter controls whether to erase the existing data, which
+ may not be stored locally but in LDAP.
+ """
assert session_info is not None
- erase = False
- def setup_path(file):
- return os.path.join(setup_dir, file)
- os.path.unlink(paths.samdb)
-
- message("Setting up templates db")
- setup_templatesdb(paths.templates, setup_path, session_info=session_info,
- credentials=credentials, lp=lp)
+ if os.path.exists(samdb_path):
+ os.unlink(samdb_path)
# Also wipes the database
- message("Setting up sam.ldb")
- samdb = SamDB(paths.samdb, session_info=session_info,
+ samdb = SamDB(samdb_path, session_info=session_info,
credentials=credentials, lp=lp)
- message("Setting up sam.ldb partitions")
- setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn)
+ #Add modules to the list to activate them by default
+ #beware often order is important
+ #
+ # Some Known ordering constraints:
+ # - rootdse must be first, as it makes redirects from "" -> cn=rootdse
+ # - objectclass must be before password_hash, because password_hash checks
+ # that the objectclass is of type person (filled in by objectclass
+ # module when expanding the objectclass list)
+ # - partition must be last
+ # - each partition has its own module list then
+ modules_list = ["rootdse",
+ "paged_results",
+ "ranged_results",
+ "anr",
+ "server_sort",
+ "extended_dn",
+ "asq",
+ "samldb",
+ "rdn_name",
+ "objectclass",
+ "kludge_acl",
+ "operational"]
+ tdb_modules_list = [
+ "subtree_rename",
+ "subtree_delete",
+ "linked_attributes"]
+ modules_list2 = ["show_deleted",
+ "partition"]
+
+ domaindn_ldb = "users.ldb"
+ if ldap_backend is not None:
+ domaindn_ldb = ldap_backend
+ configdn_ldb = "configuration.ldb"
+ if ldap_backend is not None:
+ configdn_ldb = ldap_backend
+ schema_ldb = "schema.ldb"
+ if ldap_backend is not None:
+ schema_ldb = ldap_backend
+
+ if ldap_backend_type == "fedora-ds":
+ backend_modules = ["nsuniqueid","paged_searches"]
+ elif ldap_backend_type == "openldap":
+ backend_modules = ["normalise","entryuuid","paged_searches"]
+ elif serverrole == "domain controller":
+ backend_modules = ["repl_meta_data"]
+ else:
+ backend_modules = ["objectguid"]
+
+ setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), {
+ "SCHEMADN": schemadn,
+ "SCHEMADN_LDB": "schema.ldb",
+ "SCHEMADN_MOD2": ",objectguid",
+ "CONFIGDN": configdn,
+ "CONFIGDN_LDB": "configuration.ldb",
+ "DOMAINDN": domaindn,
+ "DOMAINDN_LDB": "users.ldb",
+ "SCHEMADN_MOD": "schema_fsmo,instancetype",
+ "CONFIGDN_MOD": "naming_fsmo,instancetype",
+ "DOMAINDN_MOD": "pdc_fsmo,password_hash,instancetype",
+ "MODULES_LIST": ",".join(modules_list),
+ "TDB_MODULES_LIST": ","+",".join(tdb_modules_list),
+ "MODULES_LIST2": ",".join(modules_list2),
+ "BACKEND_MOD": ",".join(backend_modules),
+ })
- samdb = SamDB(paths.samdb, session_info=session_info,
+ samdb = SamDB(samdb_path, session_info=session_info,
credentials=credentials, lp=lp)
- ldb.transaction_start()
+ samdb.transaction_start()
try:
message("Setting up sam.ldb attributes")
samdb.load_ldif_file_add(setup_path("provision_init.ldif"))
message("Setting up sam.ldb rootDSE")
- setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn,
- hostname, dnsdomain, realm, rootdn, configdn,
- netbiosname)
+ setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname,
+ dnsdomain, realm, rootdn, configdn, netbiosname)
if erase:
message("Erasing data from partitions")
samdb.erase_partitions()
- message("Setting up sam.ldb indexes")
- samdb.load_ldif_file_add(setup_path("provision_index.ldif"))
except:
samdb.transaction_cancel()
raise
samdb.transaction_commit()
+
+ return samdb
- message("Setting up %s" % paths.secrets)
- secrets_ldb = setup_secretsdb(paths.secrets, setup_path, session_info,
- credentials, lp)
- setup_ldb(secrets_ldb, setup_path("secrets_dc.ldif"),
- { "MACHINEPASS_B64": b64encode(machinepass) })
+
+def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain,
+ netbiosname, domainsid, keytab_path, samdb_url,
+ dns_keytab_path, dnspass, machinepass):
+ """Add DC-specific bits to a secrets database.
+
+ :param secretsdb: Ldb Handle to the secrets database
+ :param setup_path: Setup path function
+ :param machinepass: Machine password
+ """
+ setup_ldb(secretsdb, setup_path("secrets_dc.ldif"), {
+ "MACHINEPASS_B64": b64encode(machinepass),
+ "DOMAIN": domain,
+ "REALM": realm,
+ "DNSDOMAIN": dnsdomain,
+ "DOMAINSID": str(domainsid),
+ "SECRETS_KEYTAB": keytab_path,
+ "NETBIOSNAME": netbiosname,
+ "SAM_LDB": samdb_url,
+ "DNS_KEYTAB": dns_keytab_path,
+ "DNSPASS_B64": b64encode(dnspass),
+ })
def setup_secretsdb(path, setup_path, session_info, credentials, lp):
+ """Setup the secrets database.
+
+ :param path: Path to the secrets database.
+ :param setup_path: Get the path to a setup file.
+ :param session_info: Session info.
+ :param credentials: Credentials
+ :param lp: Loadparm context
+ :return: LDB handle for the created secrets database
+ """
if os.path.exists(path):
os.unlink(path)
- secrets_ldb = Ldb(path, session_info=session_info, credentials=credentials, lp=lp)
+ secrets_ldb = Ldb(path, session_info=session_info, credentials=credentials,
+ lp=lp)
secrets_ldb.erase()
secrets_ldb.load_ldif_file_add(setup_path("secrets_init.ldif"))
+ secrets_ldb = Ldb(path, session_info=session_info, credentials=credentials,
+ lp=lp)
secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
return secrets_ldb
def setup_templatesdb(path, setup_path, session_info, credentials, lp):
+ """Setup the templates database.
+
+ :param path: Path to the database.
+ :param setup_path: Function for obtaining the path to setup files.
+ :param session_info: Session info
+ :param credentials: Credentials
+ :param lp: Loadparm context
+ """
templates_ldb = SamDB(path, session_info=session_info,
- credentials=credentials, lp=lp)
+ credentials=credentials, lp=lp)
templates_ldb.erase()
templates_ldb.load_ldif_file_add(setup_path("provision_templates.ldif"))
def setup_registry(path, setup_path, session_info, credentials, lp):
+ """Setup the registry.
+
+ :param path: Path to the registry database
+ :param setup_path: Function that returns the path to a setup.
+ :param session_info: Session information
+ :param credentials: Credentials
+ :param lp: Loadparm context
+ """
reg = registry.Registry()
hive = registry.open_ldb(path, session_info=session_info,
credentials=credentials, lp_ctx=lp)
@@ -317,6 +452,12 @@ def setup_registry(path, setup_path, session_info, credentials, lp):
def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname,
dnsdomain, realm, rootdn, configdn, netbiosname):
+ """Setup the SamDB rootdse.
+
+ :param samdb: Sam Database handle
+ :param setup_path: Obtain setup path
+ ...
+ """
setup_add_ldif(samdb, setup_path("provision_rootdse_add.ldif"), {
"SCHEMADN": schemadn,
"NETBIOSNAME": netbiosname,
@@ -329,61 +470,13 @@ def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname,
"CONFIGDN": configdn,
"VERSION": samba.version(),
})
-
-
-def setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn):
- #Add modules to the list to activate them by default
- #beware often order is important
- #
- # Some Known ordering constraints:
- # - rootdse must be first, as it makes redirects from "" -> cn=rootdse
- # - objectclass must be before password_hash, because password_hash checks
- # that the objectclass is of type person (filled in by objectclass
- # module when expanding the objectclass list)
- # - partition must be last
- # - each partition has its own module list then
- modules_list = ["rootdse",
- "paged_results",
- "ranged_results",
- "anr",
- "server_sort",
- "extended_dn",
- "asq",
- "samldb",
- "rdn_name",
- "objectclass",
- "kludge_acl",
- "operational"]
- tdb_modules_list = [
- "subtree_rename",
- "subtree_delete",
- "linked_attributes"]
- modules_list2 = ["show_deleted",
- "partition"]
-
- setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), {
- "SCHEMADN": schemadn,
- "SCHEMADN_LDB": "schema.ldb",
- "SCHEMADN_MOD2": ",objectguid",
- "CONFIGDN": configdn,
- "CONFIGDN_LDB": "configuration.ldb",
- "DOMAINDN": domaindn,
- "DOMAINDN_LDB": "users.ldb",
- "SCHEMADN_MOD": "schema_fsmo",
- "CONFIGDN_MOD": "naming_fsmo",
- "CONFIGDN_MOD2": ",objectguid",
- "DOMAINDN_MOD": "pdc_fsmo,password_hash",
- "DOMAINDN_MOD2": ",objectguid",
- "MODULES_LIST": ",".join(modules_list),
- "TDB_MODULES_LIST": ","+",".join(tdb_modules_list),
- "MODULES_LIST2": ",".join(modules_list2),
- })
-
+
def setup_self_join(samdb, configdn, schemadn, domaindn,
netbiosname, hostname, dnsdomain, machinepass, dnspass,
realm, domainname, domainsid, invocationid, setup_path,
policyguid, hostguid=None):
+ """Join a host to its own domain."""
if hostguid is not None:
hostguid_add = "objectGUID: %s" % hostguid
else:
@@ -413,43 +506,39 @@ def setup_self_join(samdb, configdn, schemadn, domaindn,
def setup_samdb(path, setup_path, session_info, credentials, lp,
schemadn, configdn, domaindn, dnsdomain, realm,
netbiosname, message, hostname, rootdn, erase,
- domainsid, aci, rdn_dc, domainguid, policyguid,
- domainname, blank, adminpass, krbtgtpass,
- machinepass, hostguid, invocationid, dnspass):
- # Also wipes the database
- message("Setting up sam.ldb")
- samdb = SamDB(path, session_info=session_info,
- credentials=credentials, lp=lp)
+ domainsid, aci, domainguid, policyguid,
+ domainname, fill, adminpass, krbtgtpass,
+ machinepass, hostguid, invocationid, dnspass,
+ serverrole, ldap_backend=None, ldap_backend_type=None):
+ """Setup a complete SAM Database.
+
+ """
- message("Setting up sam.ldb partitions")
- setup_samdb_partitions(samdb, setup_path, schemadn, configdn, domaindn)
+ # Also wipes the database
+ setup_samdb_partitions(path, setup_path, schemadn=schemadn, configdn=configdn,
+ domaindn=domaindn, message=message, lp=lp,
+ credentials=credentials, session_info=session_info,
+ hostname=hostname, netbiosname=netbiosname,
+ dnsdomain=dnsdomain, realm=realm, rootdn=rootdn,
+ ldap_backend=ldap_backend, serverrole=serverrole,
+ ldap_backend_type=ldap_backend_type, erase=erase)
samdb = SamDB(path, session_info=session_info,
credentials=credentials, lp=lp)
- samdb.transaction_start()
- try:
- message("Setting up sam.ldb attributes")
- samdb.load_ldif_file_add(setup_path("provision_init.ldif"))
-
- message("Setting up sam.ldb rootDSE")
- setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn,
- hostname, dnsdomain, realm, rootdn, configdn,
- netbiosname)
-
- if erase:
- message("Erasing data from partitions")
- samdb.erase_partitions()
- except:
- samdb.transaction_cancel()
- raise
-
- samdb.transaction_commit()
+ if fill == FILL_DRS:
+ # We want to finish here, but setup the index before we do so
+ message("Setting up sam.ldb index")
+ samdb.load_ldif_file_add(setup_path("provision_index.ldif"))
+ return samdb
message("Pre-loading the Samba 4 and AD schema")
samdb = SamDB(path, session_info=session_info,
credentials=credentials, lp=lp)
samdb.set_domain_sid(domainsid)
+ if lp.get("server role") == "domain controller":
+ samdb.set_invocation_id(invocationid)
+
load_schema(setup_path, samdb, schemadn, netbiosname, configdn)
samdb.transaction_start()
@@ -459,7 +548,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": domaindn,
"ACI": aci,
- "RDN_DC": rdn_dc,
})
message("Modifying DomainDN: " + domaindn + "")
@@ -469,7 +557,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainguid_mod = ""
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
- "RDN_DC": rdn_dc,
"LDAPTIME": timestring(int(time.time())),
"DOMAINSID": str(domainsid),
"SCHEMADN": schemadn,
@@ -500,7 +587,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb"
})
message("Modifying schema container")
- setup_modify_ldif(samdb, setup_path("provision_schema_basedn_modify.ldif"), {
+ setup_modify_ldif(samdb,
+ setup_path("provision_schema_basedn_modify.ldif"), {
"SCHEMADN": schemadn,
"NETBIOSNAME": netbiosname,
"DEFAULTSITE": DEFAULTSITE,
@@ -549,7 +637,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"CONFIGDN": configdn,
})
- if not blank:
+ if fill == FILL_FULL:
message("Setting up sam.ldb users and groups")
setup_add_ldif(samdb, setup_path("provision_users.ldif"), {
"DOMAINDN": domaindn,
@@ -561,17 +649,18 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
if lp.get("server role") == "domain controller":
message("Setting up self join")
- setup_self_join(samdb, configdn=configdn, schemadn=schemadn, domaindn=domaindn,
- invocationid=invocationid, dnspass=dnspass, netbiosname=netbiosname,
- dnsdomain=dnsdomain, realm=realm, machinepass=machinepass,
- domainname=domainname, domainsid=domainsid, policyguid=policyguid,
- hostname=hostname, hostguid=hostguid, setup_path=setup_path)
-
+ setup_self_join(samdb, configdn=configdn, schemadn=schemadn,
+ domaindn=domaindn, invocationid=invocationid,
+ dnspass=dnspass, netbiosname=netbiosname,
+ dnsdomain=dnsdomain, realm=realm,
+ machinepass=machinepass, domainname=domainname,
+ domainsid=domainsid, policyguid=policyguid,
+ hostname=hostname, hostguid=hostguid,
+ setup_path=setup_path)
+
+ #We want to setup the index last, as adds are faster unindexed
message("Setting up sam.ldb index")
samdb.load_ldif_file_add(setup_path("provision_index.ldif"))
-
- message("Setting up sam.ldb rootDSE marking as synchronized")
- setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
except:
samdb.transaction_cancel()
raise
@@ -579,14 +668,18 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
samdb.transaction_commit()
return samdb
-
-def provision(lp, setup_dir, message, blank, paths, session_info,
- credentials, ldapbackend, realm=None, domain=None, hostname=None,
- hostip=None, domainsid=None, hostguid=None, adminpass=None,
- krbtgtpass=None, domainguid=None, policyguid=None,
- invocationid=None, machinepass=None, dnspass=None, root=None,
- nobody=None, nogroup=None, users=None, wheel=None, backup=None,
- aci=None, serverrole=None):
+FILL_FULL = "FULL"
+FILL_NT4SYNC = "NT4SYNC"
+FILL_DRS = "DRS"
+
+def provision(lp, setup_dir, message, paths, session_info,
+ credentials, ldapbackend, samdb_fill=FILL_FULL, realm=None, rootdn=None,
+ domain=None, hostname=None, hostip=None, domainsid=None,
+ hostguid=None, adminpass=None, krbtgtpass=None, domainguid=None,
+ policyguid=None, invocationid=None, machinepass=None,
+ dnspass=None, root=None, nobody=None, nogroup=None, users=None,
+ wheel=None, backup=None, aci=None, serverrole=None, erase