source/setup/provision

   1 #!/bin/sh
   2 exec smbscript "$0" ${1+"$@"}
   3 /*
   4         provision a Samba4 server
   5         Copyright Andrew Tridgell 2005
   6         Released under the GNU GPL v2 or later
   7 */
   8
   9 options = GetOptions(ARGV,
  10                 "POPT_AUTOHELP",
  11                 "POPT_COMMON_SAMBA",
  12                 "POPT_COMMON_VERSION",
  13                 "POPT_COMMON_CREDENTIALS",
  14                 'realm=s',
  15                 'domain=s',
  16                 'domain-guid=s',
  17                 'domain-sid=s',
  18                 'host-name=s',
  19                 'host-ip=s',
  20                 'host-guid=s',
  21                 'invocationid=s',
  22                 'adminpass=s',
  23                 'krbtgtpass=s',
  24                 'machinepass=s',
  25                 'root=s',
  26                 'nobody=s',
  27                 'nogroup=s',
  28                 'wheel=s',
  29                 'users=s',
  30                 'quiet',
  31                 'blank',
  32                 'ldap-base',
  33                 'ldap-backend=s',
  34                 'ldap-module=s',
  35                 'aci=s');
  36
  37 if (options == undefined) {
  38    println("Failed to parse options");
  39    return -1;
  40 }
  41
  42 libinclude("base.js");
  43 libinclude("provision.js");
  44
  45 /*
  46   print a message if quiet is not set
  47 */
  48 function message()
  49 {
  50         if (options["quiet"] == undefined) {
  51                 print(vsprintf(arguments));
  52         }
  53 }
  54
  55 /*
  56  show some help
  57 */
  58 function ShowHelp()
  59 {
  60         print("
  61 Samba4 provisioning
  62
  63 provision [options]
  64  --realm        REALM           set realm
  65  --domain       DOMAIN          set domain
  66  --domain-guid  GUID            set domainguid (otherwise random)
  67  --domain-sid   SID             set domainsid (otherwise random)
  68  --host-name    HOSTNAME        set hostname
  69  --host-ip      IPADDRESS       set ipaddress
  70  --host-guid    GUID            set hostguid (otherwise random)
  71  --invocationid GUID            set invocationid (otherwise random)
  72  --adminpass    PASSWORD        choose admin password (otherwise random)
  73  --krbtgtpass   PASSWORD        choose krbtgt password (otherwise random)
  74  --machinepass  PASSWORD        choose machine password (otherwise random)
  75  --root         USERNAME        choose 'root' unix username
  76  --nobody       USERNAME        choose 'nobody' user
  77  --nogroup      GROUPNAME       choose 'nogroup' group
  78  --wheel        GROUPNAME       choose 'wheel' privileged group
  79  --users        GROUPNAME       choose 'users' group
  80  --quiet                        Be quiet
  81  --blank                        do not add users or groups, just the structure
  82  --ldap-base                    output only an LDIF file, suitable for creating an LDAP baseDN
  83  --ldap-backend LDAPSERVER      LDAP server to use for this provision
  84  --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
  85  --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
  86 You must provide at least a realm and domain
  87
  88 ");
  89         exit(1);
  90 }
  91
  92 if (options['host-name'] == undefined) {
  93         options['host-name'] = hostname();
  94 }
  95
  96 /*
  97    main program
  98 */
  99 if (options["realm"] == undefined ||
 100     options["domain"] == undefined ||
 101     options["host-name"] == undefined) {
 102         ShowHelp();
 103 }
 104
 105 /* cope with an initially blank smb.conf */
 106 var lp = loadparm_init();
 107 lp.set("realm", options.realm);
 108 lp.set("workgroup", options.domain);
 109 lp.reload();
 110
 111 var subobj = provision_guess();
 112 for (r in options) {
 113         var key = strupper(join("", split("-", r)));
 114         subobj[key] = options[r];
 115 }
 116
 117 var blank = (options["blank"] != undefined);
 118 var ldapbase = (options["ldap-base"] != undefined);
 119 var ldapbackend = (options["ldap-backend"] != undefined);
 120 var ldapmodule = (options["ldap-module"] != undefined);
 121
 122 if (options["aci"] != undefined) {
 123         message("set ACI: %s\n", subobj["ACI"]);
 124 }
 125
 126 message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);
 127
 128 if (ldapbackend) {
 129         if (!ldapmodule) {
 130                 subobj["LDAPMODULE"] = "entryUUID";
 131         }
 132         subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"];
 133         subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
 134         subobj["CONFIGDN_LDB"] = subobj["LDAPBACKEND"];
 135         subobj["CONFIGDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
 136         subobj["SCHEMADN_LDB"] = subobj["LDAPBACKEND"];
 137         subobj["SCHEMADN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
 138 }
 139
 140 if (!provision_validate(subobj, message)) {
 141         return -1;
 142 }
 143
 144 var system_session = system_session();
 145 var creds = options.get_credentials();
 146 var paths = provision_default_paths(subobj);
 147 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 148 message("Using administrator password: %s\n", subobj.ADMINPASS);
 149 if (ldapbase) {
 150         provision_ldapbase(subobj, message, paths);
 151 } else {
 152         provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
 153         provision_dns(subobj, message, paths, system_session, creds);
 154 }
 155 message("All OK\n");
 156 return 0;