>From d7f50276487297f19a76de954e5ce286d45feaa6 Mon Sep 17 00:00:00 2001 From: Rowland Penny Date: Tue, 19 May 2015 14:38:30 +0100 Subject: [PATCH] Use msSFU30MaxUidNumber when creating NIS user Signed-off-by: Rowland Penny --- python/samba/netcmd/user.py | 87 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 80 insertions(+), 7 deletions(-) diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 2bc5522..f970896 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -73,10 +73,16 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f Example5: samba-tool user add User5 passw5rd --nis-domain=samdom --unix-home=/home/User5 \ - --uid-number=10005 --login-shell=/bin/false --gid-number=10000 + --login-shell=/bin/false [--gid-number=10000] -Example5 shows how to create an RFC2307/NIS domain enabled user account. If ---nis-domain is set, then the other four parameters are mandatory. +Example5 shows how to create an RFC2307/NIS domain enabled user account. +If --nis-domain is set, then the next two parameters are mandatory. +If the last parameter, '--gid-number' is omitted, the users gidNumber will be set to the gidNumber found in Domain Users, this means that Domain Users MUST have a gidNumber. +The users uidNumber will be set automatically from either: +The 'msSFU30MaxUidNumber' attribute (if set) +The last 'uidNumber' attribute found in AD +Or '10000' (as ADUC). +When a NIS user is created with samba-tool, the 'msSFU30MaxUidNumber' attribute is created/updated with the next 'uidNumber'. """ synopsis = "%prog [] [options]" @@ -118,7 +124,6 @@ Example5 shows how to create an RFC2307/NIS domain enabled user account. If Option("--unix-home", help="User's Unix/RFC2307 home directory", type=str), Option("--uid", help="User's Unix/RFC2307 username", type=str), - Option("--uid-number", help="User's Unix/RFC2307 numeric UID", type=int), Option("--gid-number", help="User's Unix/RFC2307 primary GID number", type=int), Option("--gecos", help="User's Unix/RFC2307 GECOS field", type=str), Option("--login-shell", help="User's Unix/RFC2307 login shell", type=str), @@ -171,11 +176,58 @@ Example5 shows how to create an RFC2307/NIS domain enabled user account. If lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) - if uid_number or gid_number: - if not lp.get("idmap_ldb:use rfc2307"): - self.outf.write("You are setting a Unix/RFC2307 UID or GID. You may want to set 'idmap_ldb:use rfc2307 = Yes' to use those attributes for XID/SID-mapping.\n") + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) if nis_domain is not None: + if uid_number is None: + domain_dn = samdb.domain_dn() + nis_dn = "CN=%s,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s" % (nis_domain, domain_dn) + try: + res = samdb.search(nis_dn, + scope=ldb.SCOPE_BASE, attrs=["msSFU30MaxUidNumber"]) + assert len(res) == 1 + uid_number = res[0]["msSFU30MaxUidNumber"][0] + except: + pass + # No MAXuidNumber, will try to see if there are uidNumber's in AD" + + if uid_number is None: + domain_dn = samdb.domain_dn() + try: + uidmax=0 + results = samdb.search(domain_dn, + scope=ldb.SCOPE_SUBTREE, attrs=["uidNumber"]) + + for result in results: + if "uidNumber" in result: + un = str(result.get('uidNumber')) + uidn = int(un) + if uidn > uidmax: + uidmax = uidn + + if uidmax != 0: + uid_number = uidmax + 1 + except: + pass + # There are no uidNumber attributes in AD. + + if uid_number is None: + # set first uidNumber to the same as ADUC + uid_number = "10000" + + if gid_number is None: + # get users primary GID to the one from Domain Users + domain_dn = samdb.domain_dn() + du_dn = "CN=Domain Users,CN=Users," + domain_dn + results = samdb.search(du_dn, + scope=ldb.SCOPE_SUBTREE, attrs=["gidNumber"]) + + for result in results: + if "gidNumber" in result: + gn = str(result.get('gidNumber')) + gid_number = int(gn) + if None in (uid_number, login_shell, unix_home, gid_number): raise CommandError('Missing parameters. To enable NIS features, ' 'the following options have to be given: ' @@ -183,6 +235,10 @@ Example5 shows how to create an RFC2307/NIS domain enabled user account. If ', --unix-home=, --gid-number= Operation ' 'cancelled.') + if uid_number or gid_number: + if not lp.get("idmap_ldb:use rfc2307"): + self.outf.write("You are setting a Unix/RFC2307 UID or GID. You may want to set 'idmap_ldb:use rfc2307 = Yes' to use those attributes for XID/SID-mapping.\n") + try: samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) @@ -195,8 +251,25 @@ Example5 shows how to create an RFC2307/NIS domain enabled user account. If nisdomain=nis_domain, unixhome=unix_home, uid=uid, uidnumber=uid_number, gidnumber=gid_number, gecos=gecos, loginshell=login_shell) + except Exception, e: raise CommandError("Failed to add user '%s': " % username, e) + else: + if nis_domain is not None: + try: + domain_dn = samdb.domain_dn() + nis_dn = "CN=%s,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s" % (nis_domain, domain_dn) + nextmax = int(uid_number) +1 + update_max = """ +dn: %s +changetype: modify +replace: msSFU30MaxUidNumber +msSFU30MaxUidNumber: %s +""" % (nis_dn, nextmax) + + samdb.modify_ldif(update_max) + except: + raise CommandError("Failed to update msSFU30MaxUidNumber : " , e) self.outf.write("User '%s' created successfully\n" % username) -- 1.7.10.4