svn commit: samba r2802 - in branches/SAMBA_4_0/source/script: .

tridge at samba.org tridge at samba.org
Sun Oct 3 10:02:41 GMT 2004 

Author: tridge
Date: 2004-10-03 10:02:41 +0000 (Sun, 03 Oct 2004)
New Revision: 2802

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source/script&rev=2802&nolog=1

Log:
a better provisioning script




Modified:
   branches/SAMBA_4_0/source/script/provision.pl


Changeset:
Modified: branches/SAMBA_4_0/source/script/provision.pl
===================================================================
--- branches/SAMBA_4_0/source/script/provision.pl	2004-10-03 08:50:31 UTC (rev 2801)
+++ branches/SAMBA_4_0/source/script/provision.pl	2004-10-03 10:02:41 UTC (rev 2802)
@@ -1,15 +1,16 @@
 #!/usr/bin/perl -w
 
 use strict;
+use Getopt::Long;
 
-my $hostname = `hostname`;
-chomp $hostname;
-my $realm = "bludom.tridgell.net";
-my $domain = "BLUDOM";
-my $dnsname = "$hostname.$realm";
+my $opt_hostname = `hostname`;
+chomp $opt_hostname;
+my $opt_realm;
+my $opt_domain;
+my $opt_adminpass;
+my $dnsname;
+my $basedn;
 
-my $basedn = "DC=" . join(",DC=", split(/\./, $realm));
-
 # return the current NTTIME as an integer
 sub nttime()
 {
@@ -41,6 +42,18 @@
 
 my $domainsid = randsid();
 
+# generate a random password. Poor algorithm :(
+sub randpass()
+{
+	my $pass = "";
+	my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~";
+	for (my $i=0;$i<8;$i++) {
+		my $c = int(rand(length($chars)));
+		$pass .= substr($chars, $c, 1);
+	}
+	return $pass;
+}
+
 sub ldaptime()
 {
 	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) =  gmtime(time);
@@ -63,15 +76,15 @@
 	}
 
 	if ($var eq "DOMAIN") {
-		return $domain;
+		return $opt_domain;
 	}
 
 	if ($var eq "REALM") {
-		return $realm;
+		return $opt_realm;
 	}
 
 	if ($var eq "HOSTNAME") {
-		return $hostname;
+		return $opt_hostname;
 	}
 
 	if ($var eq "DNSNAME") {
@@ -86,6 +99,10 @@
 		return randguid();
 	}
 
+	if ($var eq "ADMINPASS") {
+		return $opt_adminpass;
+	}
+
 	if ($var eq "NTTIME") {
 		return "" . nttime();
 	}
@@ -94,6 +111,18 @@
 }
 
 #####################################################################
+# write a string into a file
+sub FileSave($$)
+{
+    my($filename) = shift;
+    my($v) = shift;
+    local(*FILE);
+    open(FILE, ">$filename") || die "can't open $filename";    
+    print FILE $v;
+    close(FILE);
+}
+
+#####################################################################
 # read a file into a string
 sub FileLoad($)
 {
@@ -108,15 +137,114 @@
     return $data;
 }
 
+#######################################################################
+# add a foreign security principle
+sub add_foreign($$)
+{
+	my $sid = shift;
+	my $desc = shift;
+	return "
+dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: $sid
+description: $desc
+distinguishedName: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN}
+instanceType: 4
+whenCreated: \${LDAPTIME}
+whenChanged: \${LDAPTIME}
+uSNCreated: 1
+uSNChanged: 1
+showInAdvancedViewOnly: TRUE
+name: $sid
+objectGUID: \${NEWGUID}
+objectSid: $sid
+objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN}
 
+";
+}
+
+############################################
+# show some help
+sub ShowHelp()
+{
+	print "
+Samba4 provisioning
+
+provision.pl [options]
+  --realm     REALM       set realm
+  --domain    DOMAIN      set domain
+  --hostname  HOSTNAME    set hostname
+  --adminpass PASSWORD    choose admin password (otherwise random)
+
+You must provide at least a realm and domain
+
+";
+	exit(1);
+}
+
+my $opt_help;
+
+GetOptions(
+	    'help|h|?' => \$opt_help, 
+	    'realm=s' => \$opt_realm,
+	    'domain=s' => \$opt_domain,
+	    'hostname=s' => \$opt_hostname,
+	    'adminpass=s' => \$opt_adminpass,
+	    );
+
+if ($opt_help || 
+    !$opt_realm ||
+    !$opt_domain ||
+    !$opt_hostname) {
+	ShowHelp();
+}
+
+print "Provisioning host '$opt_hostname' for domain '$opt_domain' in realm '$opt_realm'\n";
+
+print "generating ldif ...\n";
+
+$dnsname = "$opt_hostname.$opt_realm";
+$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm));
+
 my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n";
 
+$data .= add_foreign("S-1-5-7", "Anonymous");
+$data .= add_foreign("S-1-5-18", "System");
+$data .= add_foreign("S-1-5-11", "Authenticated Users");
+
+if (!$opt_adminpass) {
+	$opt_adminpass = randpass();
+	print "chose random Administrator password '$opt_adminpass'\n";
+}
+
 my $res = "";
 
+print "applying substitutions ...\n";
+
 while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
 	my $sub = substitute($2);
 	$res .= "$1$sub";
 	$data = $3;
 }
+$res .= $data;
 
-print $res . $data;
+print "saving ldif to newsam.ldif ...\n";
+
+FileSave("newsam.ldif", $res);
+
+unlink("newsam.ldb");
+
+print "creating newsam.ldb ...\n";
+
+# allow provisioning to be run from the source directory
+$ENV{"PATH"} .= ":bin";
+
+system("ldbadd -H newsam.ldb newsam.ldif");
+
+print "done
+
+Please move newsam.ldb to sam.ldb in the lib/private/ directory of your
+Samba4 installation
+";
+

More information about the samba-cvs mailing list