svn commit: samba r13097 - in branches/SAMBA_4_0/source:
scripting/libjs setup
tridge at samba.org
tridge at samba.org
Tue Jan 24 00:11:35 GMT 2006
Author: tridge
Date: 2006-01-24 00:11:32 +0000 (Tue, 24 Jan 2006)
New Revision: 13097
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13097
Log:
move the creation of the default sam name -> unix name mappings into
the main provision logic, so it can also be used as part of the
vampire process
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/provision_users.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===================================================================
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 00:09:41 UTC (rev 13096)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 00:11:32 UTC (rev 13097)
@@ -52,25 +52,51 @@
/*
add a foreign security principle
*/
-function add_foreign(str, sid, desc, unixname)
+function add_foreign(str, sid, desc)
{
var add = "
dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
objectClass: top
objectClass: foreignSecurityPrincipal
description: ${DESC}
-unixName: ${UNIXNAME}
uSNCreated: 1
uSNChanged: 1
";
var sub = new Object();
sub.SID = sid;
sub.DESC = desc;
- sub.UNIXNAME = unixname;
return str + substitute_var(add, sub);
}
+
/*
+ setup a mapping between a sam name and a unix name
+ */
+function setup_name_mapping(info, ldb, sid, unixname)
+{
+ var attrs = new Array("dn");
+ var res = ldb.search(sprintf("objectSid=%s", sid),
+ NULL, ldb.SCOPE_DEFAULT, attrs);
+ if (res.length != 1) {
+ return false;
+ }
+ var mod = sprintf("
+dn: %s
+changetype: modify
+replace: unixName
+unixName: %s
+",
+ res[0].dn, unixname);
+ var ok = ldb.modify(mod);
+ if (!ok) {
+ info.message("name mapping for %s failed - %s\n",
+ sid, ldb.errstring());
+ return false;
+ }
+ return true;
+}
+
+/*
return current time as a nt time string
*/
function nttime()
@@ -258,7 +284,43 @@
return paths;
}
+
/*
+ setup reasonable name mappings for sam names to unix names
+*/
+function setup_name_mappings(info, subobj, session_info, credentials)
+{
+ var lp = loadparm_init();
+ var ldb = ldb_init();
+ ldb.session_info = session_info;
+ ldb.credentials = credentials;
+ var ok = ldb.connect(lp.get("sam database"));
+ if (!ok) {
+ return false;
+ }
+
+ /* some well known sids */
+ setup_name_mapping(info, ldb, "S-1-5-7", subobj.NOBODY);
+ setup_name_mapping(info, ldb, "S-1-1-0", subobj.NOGROUP);
+ setup_name_mapping(info, ldb, "S-1-5-2", subobj.NOGROUP);
+ setup_name_mapping(info, ldb, "S-1-5-18", subobj.ROOT);
+ setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
+ setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
+ setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
+
+ /* and some well known domain rids */
+ setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT);
+ setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL);
+ setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL);
+ setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL);
+ setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS);
+ setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL);
+
+ return true;
+}
+
+
+/*
provision samba4 - caution, this wipes all existing data!
*/
function provision(subobj, message, blank, paths, session_info, credentials)
@@ -319,10 +381,17 @@
setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
message("Setting up sam.ldb data\n");
setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
- if (blank == false) {
- message("Setting up sam.ldb users and groups\n");
- setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
+ if (blank != false) {
+ return true;
}
+
+ message("Setting up sam.ldb users and groups\n");
+ setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
+
+ if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
+ return false;
+ }
+
return true;
}
Modified: branches/SAMBA_4_0/source/setup/provision_users.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_users.ldif 2006-01-24 00:09:41 UTC (rev 13096)
+++ branches/SAMBA_4_0/source/setup/provision_users.ldif 2006-01-24 00:11:32 UTC (rev 13097)
@@ -16,7 +16,6 @@
sAMAccountName: Administrator
isCriticalSystemObject: TRUE
sambaPassword: ${ADMINPASS}
-unixName: ${ROOT}
dn: CN=Guest,CN=Users,${BASEDN}
objectClass: user
@@ -49,7 +48,6 @@
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: ${WHEEL}
privilege: SeSecurityPrivilege
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
@@ -133,7 +131,6 @@
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: ${NOGROUP}
dn: CN=Print Operators,CN=Builtin,${BASEDN}
objectClass: top
@@ -306,7 +303,6 @@
adminCount: 1
sAMAccountName: Schema Admins
isCriticalSystemObject: TRUE
-unixName: ${WHEEL}
dn: CN=Enterprise Admins,CN=Users,${BASEDN}
objectClass: top
@@ -321,7 +317,6 @@
adminCount: 1
sAMAccountName: Enterprise Admins
isCriticalSystemObject: TRUE
-unixName: ${WHEEL}
dn: CN=Cert Publishers,CN=Users,${BASEDN}
objectClass: top
@@ -350,7 +345,6 @@
adminCount: 1
sAMAccountName: Domain Admins
isCriticalSystemObject: TRUE
-unixName: ${WHEEL}
dn: CN=Domain Users,CN=Users,${BASEDN}
objectClass: top
@@ -363,7 +357,6 @@
objectSid: ${DOMAINSID}-513
sAMAccountName: Domain Users
isCriticalSystemObject: TRUE
-unixName: ${USERS}
dn: CN=Domain Guests,CN=Users,${BASEDN}
objectClass: top
@@ -389,7 +382,6 @@
sAMAccountName: Group Policy Creator Owners
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: ${WHEEL}
dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
objectClass: top
More information about the samba-cvs
mailing list