diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/python/samba/__init__.py | 5 | ||||
-rw-r--r-- | source4/scripting/python/samba/getopt.py | 23 | ||||
-rw-r--r-- | source4/scripting/python/samba/ndr.py | 2 | ||||
-rw-r--r-- | source4/scripting/python/samba/sd_utils.py | 4 | ||||
-rw-r--r-- | source4/scripting/python/samba/upgrade.py | 59 | ||||
-rwxr-xr-x | source4/setup/provision | 319 |
6 files changed, 219 insertions, 193 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 03ee6faa59f..d81a25cbcf7 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -29,7 +29,7 @@ import sys import samba.param def source_tree_topdir(): - '''return the top level directory (the one containing the source4 directory)''' + """Return the top level source directory.""" paths = [ "../../..", "../../../.." ] for p in paths: topdir = os.path.normpath(os.path.join(os.path.dirname(__file__), p)) @@ -38,7 +38,7 @@ def source_tree_topdir(): raise RuntimeError("unable to find top level source directory") def in_source_tree(): - '''return True if we are running from within the samba source tree''' + """Return True if we are running from within the samba source tree""" try: topdir = source_tree_topdir() except RuntimeError: @@ -46,7 +46,6 @@ def in_source_tree(): return True - import ldb from samba._ldb import Ldb as _Ldb diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index 671142b552e..0ab1e9e46f1 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -21,7 +21,8 @@ __docformat__ = "restructuredText" -import optparse, os +import optparse +import os from samba.credentials import ( Credentials, DONT_USE_KERBEROS, @@ -44,7 +45,8 @@ class SambaOptions(optparse.OptionGroup): type=int, metavar="DEBUGLEVEL", help="debug level", callback=self._set_debuglevel) self.add_option("--option", action="callback", - type=str, metavar="OPTION", help="set smb.conf option from command line", + type=str, metavar="OPTION", + help="set smb.conf option from command line", callback=self._set_option) self.add_option("--realm", action="callback", type=str, metavar="REALM", help="set the realm name", @@ -53,7 +55,7 @@ class SambaOptions(optparse.OptionGroup): self._lp = LoadParm() def get_loadparm_path(self): - """Return the path to the smb.conf file specified on the command line. """ + """Return path to the smb.conf file specified on the command line.""" return self._configfile def _load_configfile(self, option, opt_str, arg, parser): @@ -73,7 +75,7 @@ class SambaOptions(optparse.OptionGroup): self._lp.set(a[0], a[1]) def get_loadparm(self): - """Return a loadparm object with data specified on the command line. """ + """Return loadparm object with data specified on the command line.""" if self._configfile is not None: self._lp.load(self._configfile) elif os.getenv("SMB_CONF_PATH") is not None: @@ -124,7 +126,8 @@ class CredentialsOptions(optparse.OptionGroup): help="Use Kerberos", callback=self._set_kerberos) self.add_option("", "--ipaddress", metavar="IPADDRESS", action="callback", type=str, - help="IP address of server", callback=self._set_ipaddress) + help="IP address of server", + callback=self._set_ipaddress) self.creds = Credentials() def _parse_username(self, option, opt_str, arg, parser): @@ -171,6 +174,7 @@ class CredentialsOptions(optparse.OptionGroup): return self.creds + class CredentialsOptionsDouble(CredentialsOptions): """Command line options for specifying credentials of two servers.""" def __init__(self, parser): @@ -180,13 +184,16 @@ class CredentialsOptionsDouble(CredentialsOptions): callback=self._set_simple_bind_dn2, type=str, help="DN to use for a simple bind") self.add_option("--password2", metavar="PASSWORD2", action="callback", - help="Password", type=str, callback=self._set_password2) + help="Password", type=str, + callback=self._set_password2) self.add_option("--username2", metavar="USERNAME2", action="callback", type=str, - help="Username for second server", callback=self._parse_username2) + help="Username for second server", + callback=self._parse_username2) self.add_option("--workgroup2", metavar="WORKGROUP2", action="callback", type=str, - help="Workgroup for second server", callback=self._parse_workgroup2) + help="Workgroup for second server", + callback=self._parse_workgroup2) self.add_option("--no-pass2", action="store_true", help="Don't ask for a password for the second server") self.add_option("--kerberos2", metavar="KERBEROS2", diff --git a/source4/scripting/python/samba/ndr.py b/source4/scripting/python/samba/ndr.py index 112668523f5..ccab1123d96 100644 --- a/source4/scripting/python/samba/ndr.py +++ b/source4/scripting/python/samba/ndr.py @@ -23,7 +23,7 @@ def ndr_pack(object): """Pack a NDR object. - + :param object: Object to pack :return: String object with marshalled object. """ diff --git a/source4/scripting/python/samba/sd_utils.py b/source4/scripting/python/samba/sd_utils.py index ea8f2e7d0b0..66ff6cc559b 100644 --- a/source4/scripting/python/samba/sd_utils.py +++ b/source4/scripting/python/samba/sd_utils.py @@ -26,6 +26,7 @@ from ldb import FLAG_MOD_REPLACE, SCOPE_BASE from samba.ndr import ndr_pack, ndr_unpack from samba.dcerpc import security + class SDUtils(object): """Some utilities for manipulation of security descriptors on objects""" @@ -69,7 +70,8 @@ class SDUtils(object): if ace in desc_sddl: return if desc_sddl.find("(") >= 0: - desc_sddl = desc_sddl[:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):] + desc_sddl = (desc_sddl[:desc_sddl.index("(")] + ace + + desc_sddl[desc_sddl.index("("):]) else: desc_sddl = desc_sddl + ace self.modify_sd_on_dn(object_dn, desc_sddl) diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 98800196d99..4c293ed308b 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -35,6 +35,7 @@ from samba import dsdb from samba.ndr import ndr_pack from samba import unix2nttime + def import_sam_policy(samdb, policy, logger): """Import a Samba 3 policy. @@ -53,14 +54,15 @@ def import_sam_policy(samdb, policy, logger): m = ldb.Message() m.dn = samdb.get_default_basedn() - m['a01'] = ldb.MessageElement(str(policy['min password length']), ldb.FLAG_MOD_REPLACE, - 'minPwdLength') - m['a02'] = ldb.MessageElement(str(policy['password history']), ldb.FLAG_MOD_REPLACE, - 'pwdHistoryLength') + m['a01'] = ldb.MessageElement(str(policy['min password length']), + ldb.FLAG_MOD_REPLACE, 'minPwdLength') + m['a02'] = ldb.MessageElement(str(policy['password history']), + ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength') min_pw_age_unix = policy['minimum password age'] min_pw_age_nt = 0 - unix2nttime(min_pw_age_unix) - m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'minPwdAge') + m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, + 'minPwdAge') max_pw_age_unix = policy['maximum password age'] if (max_pw_age_unix == 0xFFFFFFFF): @@ -74,8 +76,8 @@ def import_sam_policy(samdb, policy, logger): lockout_duration_mins = policy['lockout duration'] lockout_duration_nt = unix2nttime(lockout_duration_mins * 60) - m['a05'] = ldb.MessageElement(str(lockout_duration_nt), ldb.FLAG_MOD_REPLACE, - 'lockoutDuration') + m['a05'] = ldb.MessageElement(str(lockout_duration_nt), + ldb.FLAG_MOD_REPLACE, 'lockoutDuration') try: samdb.modify(m) @@ -103,12 +105,15 @@ def add_idmap_entry(idmapdb, sid, xid, xid_type, logger): try: m = ldb.Message() m.dn = msg[0]['dn'] - m['xidNumber'] = ldb.MessageElement(str(xid), ldb.FLAG_MOD_REPLACE, 'xidNumber') - m['type'] = ldb.MessageElement(xid_type, ldb.FLAG_MOD_REPLACE, 'type') + m['xidNumber'] = ldb.MessageElement( + str(xid), ldb.FLAG_MOD_REPLACE, 'xidNumber') + m['type'] = ldb.MessageElement( + xid_type, ldb.FLAG_MOD_REPLACE, 'type') idmapdb.modify(m) except ldb.LdbError, e: - logger.warn('Could not modify idmap entry for sid=%s, id=%s, type=%s (%s)', - str(sid), str(xid), xid_type, str(e)) + logger.warn( + 'Could not modify idmap entry for sid=%s, id=%s, type=%s (%s)', + str(sid), str(xid), xid_type, str(e)) else: try: idmapdb.add({"dn": "CN=%s" % str(sid), @@ -118,8 +123,9 @@ def add_idmap_entry(idmapdb, sid, xid, xid_type, logger): "type": xid_type, "xidNumber": str(xid)}) except ldb.LdbError, e: - logger.warn('Could not add idmap entry for sid=%s, id=%s, type=%s (%s)', - str(sid), str(xid), xid_type, str(e)) + logger.warn( + 'Could not add idmap entry for sid=%s, id=%s, type=%s (%s)', + str(sid), str(xid), xid_type, str(e)) def import_idmap(idmapdb, samba3, logger): @@ -142,8 +148,10 @@ def import_idmap(idmapdb, samba3, logger): m = ldb.Message() m.dn = ldb.Dn(idmapdb, 'CN=CONFIG') - m['lowerbound'] = ldb.MessageElement(str(lowerbound), ldb.FLAG_MOD_REPLACE, 'lowerBound') - m['xidNumber'] = ldb.MessageElement(str(currentxid), ldb.FLAG_MOD_REPLACE, 'xidNumber') + m['lowerbound'] = ldb.MessageElement( + str(lowerbound), ldb.FLAG_MOD_REPLACE, 'lowerBound') + m['xidNumber'] = ldb.MessageElement( + str(currentxid), ldb.FLAG_MOD_REPLACE, 'xidNumber') idmapdb.modify(m) for id_type, xid in samba3_idmap.ids(): @@ -169,7 +177,8 @@ def add_group_from_mapping_entry(samdb, groupmap, logger): # First try to see if we already have this entry try: - msg = samdb.search(base='<SID=%s>' % str(groupmap.sid), scope=ldb.SCOPE_BASE) + msg = samdb.search( + base='<SID=%s>' % str(groupmap.sid), scope=ldb.SCOPE_BASE) found = True except ldb.LdbError, (ecode, emsg): if ecode == ldb.ERR_NO_SUCH_OBJECT: @@ -183,7 +192,7 @@ def add_group_from_mapping_entry(samdb, groupmap, logger): else: if groupmap.sid_name_use == lsa.SID_NAME_WKN_GRP: # In a lot of Samba3 databases, aliases are marked as well known groups - (group_dom_sid, rid) = group.sid.split() + (group_dom_sid, rid) = groupmap.sid.split() if (group_dom_sid != security.dom_sid(security.SID_BUILTIN)): return @@ -238,7 +247,7 @@ def import_wins(samba4_winsdb, samba3_winsdb): version_id = 0 for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items(): - version_id+=1 + version_id += 1 type = int(name.split("#", 1)[1], 16) @@ -260,7 +269,7 @@ def import_wins(samba4_winsdb, samba3_winsdb): else: rState = 0x1 # released - nType = ((nb_flags & 0x60)>>5) + nType = ((nb_flags & 0x60) >> 5) samba4_winsdb.add({"dn": "name=%s,type=0x%s" % tuple(name.split("#")), "type": name.split("#")[1], @@ -279,6 +288,7 @@ def import_wins(samba4_winsdb, samba3_winsdb): "objectClass": "winsMaxVersion", "maxVersion": str(version_id)}) + def enable_samba3sam(samdb, ldapurl): """Enable Samba 3 LDAP URL database. @@ -387,7 +397,8 @@ smbconf_keep = [ "host msdfs", "winbind separator"] -def upgrade_smbconf(oldconf,mark): + +def upgrade_smbconf(oldconf, mark): """Remove configuration variables not present in Samba4 :param oldconf: Old configuration structure @@ -408,7 +419,7 @@ def upgrade_smbconf(oldconf,mark): if keep: newconf.set(s, p, oldconf.get(s, p)) elif mark: - newconf.set(s, "samba3:"+p, oldconf.get(s,p)) + newconf.set(s, "samba3:" + p, oldconf.get(s, p)) return newconf @@ -416,6 +427,7 @@ SAMBA3_PREDEF_NAMES = { 'HKLM': registry.HKEY_LOCAL_MACHINE, } + def import_registry(samba4_registry, samba3_regdb): """Import a Samba 3 registry database into the Samba 4 registry. @@ -516,7 +528,7 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa sid, rid = group.sid.split() if sid == domainsid: if rid >= next_rid: - next_rid = rid + 1 + next_rid = rid + 1 # Get members for each group/alias if group.sid_name_use == lsa.SID_NAME_ALIAS: @@ -540,7 +552,6 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa group.nt_name, group.sid_name_use) continue - # Export users from old passdb backend logger.info("Exporting users") userlist = s3db.search_users(0) @@ -575,7 +586,7 @@ Please fix this account before attempting to upgrade again """ % (user.acct_flags, username, samr.ACB_NORMAL, samr.ACB_WSTRUST, samr.ACB_SVRTRUST, samr.ACB_DOMTRUST)) - + userdata[username] = user try: uids[username] = s3db.sid_to_id(user.user_sid)[0] diff --git a/source4/setup/provision b/source4/setup/provision index 39ef62d4b3f..315de78821f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -7,17 +7,17 @@ # # Based on the original in EJS: # Copyright (C) Andrew Tridgell 2005 -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # @@ -35,13 +35,19 @@ import samba.ntacls from samba.credentials import DONT_USE_KERBEROS from samba.auth import system_session import samba.getopt as options -from samba.provision import provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS, ProvisioningError +from samba.provision import ( + provision, + FILL_FULL, + FILL_NT4SYNC, + FILL_DRS, + ProvisioningError, + ) from samba.dsdb import ( - DS_DOMAIN_FUNCTION_2000, - DS_DOMAIN_FUNCTION_2003, - DS_DOMAIN_FUNCTION_2008, - DS_DOMAIN_FUNCTION_2008_R2, - ) + DS_DOMAIN_FUNCTION_2000, + DS_DOMAIN_FUNCTION_2003, + DS_DOMAIN_FUNCTION_2008, + DS_DOMAIN_FUNCTION_2008_R2, + ) # how do we make this case insensitive?? @@ -53,72 +59,72 @@ credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) parser.add_option("--interactive", help="Ask for names", action="store_true") parser.add_option("--domain", type="string", metavar="DOMAIN", - help="set domain") -parser.add_option("--domain-guid", type="string", metavar="GUID", - help="set domainguid (otherwise random)") -parser.add_option("--domain-sid", type="string", metavar="SID", - help="set domainsid (otherwise random)") -parser.add_option("--ntds-guid", type="string", metavar="GUID", - help="set NTDS object GUID (otherwise random)") -parser.add_option("--invocationid", type="string", metavar="GUID", - help="set invocationid (otherwise random)") -parser.add_option("--host-name", type="string", metavar="HOSTNAME", - help="set hostname") -parser.add_option("--host-ip", type="string", metavar="IPADDRESS", - help="set IPv4 ipaddress") -parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS", - help="set IPv6 ipaddress") -parser.add_option("--adminpass", type="string", metavar="PASSWORD", - help="choose admin password (otherwise random)") -parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", - help="choose krbtgt password (otherwise random)") -parser.add_option("--machinepass", type="string", metavar="PASSWORD", - help="choose machine password (otherwise random)") + help="set domain") +parser.add_option("--domain-guid", type="string", metavar="GUID", + help="set domainguid (otherwise random)") +parser.add_option("--domain-sid", type="string", metavar="SID", + help="set domainsid (otherwise random)") +parser.add_option("--ntds-guid", type="string", metavar="GUID", + help="set NTDS object GUID (otherwise random)") +parser.add_option("--invocationid", type="string", metavar="GUID", + help="set invocationid (otherwise random)") +parser.add_option("--host-name", type="string", metavar="HOSTNAME", + help="set hostname") +parser.add_option("--host-ip", type="string", metavar="IPADDRESS", + help="set IPv4 ipaddress") +parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS", + help="set IPv6 ipaddress") +parser.add_option("--adminpass", type="string", metavar="PASSWORD", + help="choose admin password (otherwise random)") +parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", + help="choose krbtgt password (otherwise random)") +parser.add_option("--machinepass", type="string", metavar="PASSWORD", + help="choose machine password (otherwise random)") parser.add_option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", - choices=["SAMBA", "BIND9", "BIND9_DLZ"], + choices=["SAMBA", "BIND9", "BIND9_DLZ"], help="The DNS server backend. SAMBA is the builtin name server (experimental), BIND9 uses bind9 text database to store zone information (default), BIND9_DLZ uses samba4 AD to store zone information (recommended)") -parser.add_option("--dnspass", type="string", metavar="PASSWORD", - help="choose dns password (otherwise random)") -parser.add_option("--ldapadminpass", type="string", metavar="PASSWORD", - help="choose password to set between Samba and it's LDAP backend (otherwise random)") -parser.add_option("--root", type="string", metavar="USERNAME", - help="choose 'root' unix username") -parser.add_option("--nobody", type="string", metavar="USERNAME", - help="choose 'nobody' user") -parser.add_option("--wheel", type="string", metavar="GROUPNAME", - help="choose 'wheel' privileged group") -parser.add_option("--users", type="string", metavar="GROUPNAME", - help="choose 'users' group") +parser.add_option("--dnspass", type="string", metavar="PASSWORD", + help="choose dns password (otherwise random)") +parser.add_option("--ldapadminpass", type="string", metavar="PASSWORD", + help="choose password to set between Samba and it's LDAP backend (otherwise random)") +parser.add_option("--root", type="string", metavar="USERNAME", + help="choose 'root' unix username") +parser.add_option("--nobody", type="string", metavar="USERNAME", + help="choose 'nobody' user") +parser.add_option("--wheel", type="string", metavar="GROUPNAME", + help="choose 'wheel' privileged group") +parser.add_option("--users", type="string", metavar="GROUPNAME", + help="choose 'users' group") parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--blank", action="store_true", - help="do not add users or groups, just the structure") -parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", - help="Additional TCP port for LDAP backend server (to use for replication)") -parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI", - help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic") -parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", - help="LDAP backend type (fedora-ds or openldap)", - choices=["fedora-ds", "openldap"]) + help="do not add users or groups, just the structure") +parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", + help="Additional TCP port for LDAP backend server (to use for replication)") +parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI", + help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic") +parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", + help="LDAP backend type (fedora-ds or openldap)", + choices=["fedora-ds", "openldap"]) parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true") parser.add_option("--server-role", type="choice", metavar="ROLE", - choices=["domain controller", "dc", "member server", "member", "standalone"], - help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.") + choices=["domain controller", "dc", "member server", "member", "standalone"], + help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.") parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL", - choices=["2000", "2003", "2008", "2008_R2"], - help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.") + choices=["2000", "2003", "2008", "2008_R2"], + help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.") parser.add_option("--next-rid", type="int", metavar="NEXTRID", default=1000, - help="The initial nextRid value (only needed for upgrades). Default is 1000.") -parser.add_option("--partitions-only", - help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") -parser.add_option("--targetdir", type="string", metavar="DIR", - help="Set target directory") + help="The initial nextRid value (only needed for upgrades). Default is 1000.") +parser.add_option("--partitions-only", + help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") +parser.add_option("--targetdir", type="string", metavar="DIR", + help="Set target directory") parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"") -parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH", - help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.") -parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH", - help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.") -parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto") +parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH", + help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.") +parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH", + help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.") +parser.add_option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto") parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true") opts = parser.parse_args()[0] @@ -126,81 +132,82 @@ opts = parser.parse_args()[0] logger = logging.getLogger("provision") logger.addHandler(logging.StreamHandler(sys.stdout)) if opts.quiet: - logger.setLevel(logging.WARNING) + logger.setLevel(logging.WARNING) else: - logger.setLevel(logging.INFO) + logger.setLevel(logging.INFO) if len(sys.argv) == 1: - opts.interactive = True + opts.interactive = True if opts.interactive: - from getpass import getpass - import socket - def ask(prompt, default=None): - if default is not None: - print "%s [%s]: " % (prompt,default), - else: - print "%s: " % (prompt,), - return sys.stdin.readline().rstrip("\n") or default - try: - default = socket.getfqdn().split(".", 1)[1].upper() - except IndexError: - default = None - opts.realm = ask("Realm", default) - if opts.realm in (None, ""): - print >>sys.stderr, "No realm set!" - sys.exit(1) + from getpass import getpass + import socket - try: - default = opts.realm.split(".")[0] - except IndexError: - default = None - opts.domain = ask("Domain", default) - if opts.domain is None: - print >> sys.stderr, "No domain set!" - sys.exit(1) + def ask(prompt, default=None): + if default is not None: + print "%s [%s]: " % (prompt, default), + else: + print "%s: " % (prompt,), + return sys.stdin.readline().rstrip("\n") or default + try: + default = socket.getfqdn().split(".", 1)[1].upper() + except IndexError: + default = None + opts.realm = ask("Realm", default) + if opts.realm in (None, ""): + print >>sys.stderr, "No realm set!" + sys.exit(1) - opts.server_role = ask("Server Role (dc, member, standalone)", "dc") - for i in range(3): - opts.adminpass = getpass("Administrator password: ") - if not opts.adminpass: - print >>sys.stderr, "Invalid administrator password." - else: - break + try: + default = opts.realm.split(".")[0] + except IndexError: + default = None + opts.domain = ask("Domain", default) + if opts.domain is None: + print >> sys.stderr, "No domain set!" + sys.exit(1) + + opts.server_role = ask("Server Role (dc, member, standalone)", "dc") + for i in range(3): + opts.adminpass = getpass("Administrator password: ") + if not opts.adminpass: + print >>sys.stderr, "Invalid administrator password." + else: + break else: - if opts.realm in (None, ""): - opts.realm = sambaopts._lp.get('realm') - if opts.realm is None or opts.domain is None: - if opts.realm is None: - print >>sys.stderr, "No realm set!" - if opts.domain is None: - print >> sys.stderr, "No domain set!" - parser.print_usage() - sys.exit(1) + if opts.realm in (None, ""): + opts.realm = sambaopts._lp.get('realm') + if opts.realm is None or opts.domain is None: + if opts.realm is None: + print >>sys.stderr, "No realm set!" + if opts.domain is None: + print >> sys.stderr, "No domain set!" + parser.print_usage() + sys.exit(1) if not opts.adminpass: - logger.info("Administrator password will be set randomly!") + logger.info("Administrator password will be set randomly!") lp = sambaopts.get_loadparm() smbconf = lp.configfile if opts.server_role == "dc": - server_role = "domain controller" + server_role = "domain controller" elif opts.server_role == "member": - server_role = "member server" + server_role = "member server" else: - server_role = opts.server_role + server_role = opts.server_role if opts.function_level is None: - dom_for_fun_level = None + dom_for_fun_level = None elif opts.function_level == "2000": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2000 + dom_for_fun_level = DS_DOMAIN_FUNCTION_2000 elif opts.function_level == "2003": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2003 + dom_for_fun_level = DS_DOMAIN_FUNCTION_2003 elif opts.function_level == "2008": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2008 + dom_for_fun_level = DS_DOMAIN_FUNCTION_2008 elif opts.function_level == "2008_R2": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2 + dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2 creds = credopts.get_credentials(lp) @@ -214,50 +221,50 @@ elif opts.partitions_only: eadb = True if opts.use_xattrs == "yes": - eadb = False + eadb = False elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"): - file = tempfile.NamedTemporaryFile() - try: - samba.ntacls.setntacl(lp, file.name, - "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native") - eadb = False - except: - logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. " - "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.") - file.close() + file = tempfile.NamedTemporaryFile() + try: + samba.ntacls.setntacl(lp, file.name, + "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native") + eadb = False + except: + logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. " + "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.") + file.close() if opts.ldap_backend_type == "existing": - if opts.ldap_backend_forced_uri is not None: - logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri) - else: - logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location") + if opts.ldap_backend_forced_uri is not None: + logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri) + else: + logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location") else: - if opts.ldap_backend_forced_uri is not None: - logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri) - + if opts.ldap_backend_forced_uri is not None: + logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri) + session = system_session() try: - provision(logger, - session, creds, smbconf=smbconf, targetdir=opts.targetdir, - samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, - domainguid=opts.domain_guid, domainsid=opts.domain_sid, - hostname=opts.host_name, - hostip=opts.host_ip, hostip6=opts.host_ip6, - ntdsguid=opts.ntds_guid, - invocationid=opts.invocationid, adminpass=opts.adminpass, - krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, - dns_backend=opts.dns_backend, - dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, - wheel=opts.wheel, users=opts.users, - serverrole=server_role, dom_for_fun_level=dom_for_fun_level, - ldap_backend_extra_port=opts.ldap_backend_extra_port, - ldap_backend_forced_uri=opts.ldap_backend_forced_uri, - backend_type=opts.ldap_backend_type, - ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, - slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path, - nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode, - useeadb=eadb, next_rid=opts.next_rid, lp=lp) + provision(logger, + session, creds, smbconf=smbconf, targetdir=opts.targetdir, + samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, + domainguid=opts.domain_guid, domainsid=opts.domain_sid, + hostname=opts.host_name, + hostip=opts.host_ip, hostip6=opts.host_ip6, + ntdsguid=opts.ntds_guid, + invocationid=opts.invocationid, adminpass=opts.adminpass, + krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, + dns_backend=opts.dns_backend, + dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, + wheel=opts.wheel, users=opts.users, + serverrole=server_role, dom_for_fun_level=dom_for_fun_level, + ldap_backend_extra_port=opts.ldap_backend_extra_port, + ldap_backend_forced_uri=opts.ldap_backend_forced_uri, + backend_type=opts.ldap_backend_type, + ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, + slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path, + nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode, + useeadb=eadb, next_rid=opts.next_rid, lp=lp) except ProvisioningError, e: - print str(e) - sys.exit(1) + print str(e) + sys.exit(1) |