Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into registry

(This used to be commit e8d96b61db1cddc2d8dca45e6e9b53d5c31ee5d4)
author: Jelmer Vernooij <jelmer@samba.org> 2008-05-23 15:24:40 +0200
committer: Jelmer Vernooij <jelmer@samba.org> 2008-05-23 15:24:40 +0200
commit: 7fb26774021986a08d03db968a7826ee64ea7410 (patch)
tree: 272d8e4f7671b48c95c817724b41d9c27de1e282 /source4/scripting/python/samba/provision.py
parent: fd01b27edd5a83306f4ce567e31d43641dd003b8 (diff)
parent: 1186579f94d81bc633b8f20e8ad8673313c8c39b (diff)
download: samba-7fb26774021986a08d03db968a7826ee64ea7410.tar.gz
samba-7fb26774021986a08d03db968a7826ee64ea7410.tar.xz
samba-7fb26774021986a08d03db968a7826ee64ea7410.zip
1 files changed, 65 insertions, 14 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 0e8840646c..68b43eff40 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -43,6 +43,8 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \
 
 """Functions for setting up a Samba configuration."""
 
+__docformat__ = "restructuredText"
+
 DEFAULTSITE = "Default-First-Site-Name"
 
 class InvalidNetbiosName(Exception):
@@ -236,6 +238,8 @@ def provision_paths_from_lp(lp, dnsdomain):
     paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb")
     paths.templates = os.path.join(paths.private_dir, "templates.ldb")
     paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
+    paths.namedconf = os.path.join(paths.private_dir, "named.conf")
+    paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
     paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
     paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
     paths.phpldapadminconfig = os.path.join(paths.private_dir, 
@@ -689,6 +693,7 @@ def setup_self_join(samdb, names,
                     domainsid, invocationid, setup_path,
                     policyguid):
     """Join a host to its own domain."""
+    assert isinstance(invocationid, str)
     setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { 
               "CONFIGDN": names.configdn, 
               "SCHEMADN": names.schemadn,
@@ -910,7 +915,7 @@ def provision(setup_dir, message, session_info,
         domainsid = security.Sid(domainsid)
 
     if policyguid is None:
-        policyguid = uuid.random()
+        policyguid = str(uuid.uuid4())
     if adminpass is None:
         adminpass = misc.random_password(12)
     if krbtgtpass is None:
@@ -960,7 +965,7 @@ def provision(setup_dir, message, session_info,
 
     assert serverrole in ("domain controller", "member server", "standalone")
     if invocationid is None and serverrole == "domain controller":
-        invocationid = uuid.random()
+        invocationid = str(uuid.uuid4())
 
     if not os.path.exists(paths.private_dir):
         os.mkdir(paths.private_dir)
@@ -1057,14 +1062,23 @@ def provision(setup_dir, message, session_info,
                                        expression="(&(objectClass=computer)(cn=%s))" % names.hostname,
                                        scope=SCOPE_SUBTREE)
             assert isinstance(hostguid, str)
-            
-            create_zone_file(paths.dns, setup_path, samdb, 
-                             hostname=names.hostname, hostip=hostip,
-                             hostip6=hostip6, dnsdomain=names.dnsdomain,
-                             domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, 
+
+            create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
+                             domaindn=names.domaindn, hostip=hostip,
+                             hostip6=hostip6, hostname=names.hostname,
+                             dnspass=dnspass, realm=names.realm,
                              domainguid=domainguid, hostguid=hostguid)
             message("Please install the zone located in %s into your DNS server" % paths.dns)
-            
+
+            create_named_conf(paths.namedconf, setup_path, realm=names.realm,
+                              dnsdomain=names.dnsdomain, private_dir=paths.private_dir,
+                              keytab_name=paths.dns_keytab)
+            message("See %s for example configuration statements for secure GSS-TSIG updates" % paths.namedconf)
+
+            create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain,
+                             hostname=names.hostname, realm=names.realm)
+            message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf)
+
     create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, 
                                ldapi_url)
 
@@ -1280,13 +1294,12 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri):
             {"S4_LDAPI_URI": ldapi_uri})
 
 
-def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, 
-                  hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid):
+def create_zone_file(path, setup_path, dnsdomain, domaindn, 
+                     hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid):
     """Write out a DNS zone file, from the info in the current database.
-    
-    :param path: Path of the new file.
-    :param setup_path": Setup path function.
-    :param samdb: SamDB object
+
+    :param path: Path of the new zone file.
+    :param setup_path: Setup path function.
     :param dnsdomain: DNS Domain name
     :param domaindn: DN of the Domain
     :param hostip: Local IPv4 IP
@@ -1320,6 +1333,44 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn,
             "HOSTIP6_HOST_LINE": hostip6_host_line,
         })
 
+def create_named_conf(path, setup_path, realm, dnsdomain,
+                      private_dir, keytab_name):
+    """Write out a file containing zone statements suitable for inclusion in a
+    named.conf file (including GSS-TSIG configuration).
+    
+    :param path: Path of the new named.conf file.
+    :param setup_path: Setup path function.
+    :param realm: Realm name
+    :param dnsdomain: DNS Domain name
+    :param private_dir: Path to private directory
+    :param keytab_name: File name of DNS keytab file
+    """
+
+    setup_file(setup_path("named.conf"), path, {
+            "DNSDOMAIN": dnsdomain,
+            "REALM": realm,
+            "REALM_WC": "*." + ".".join(realm.split(".")[1:]),
+            "DNS_KEYTAB": keytab_name,
+            "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
+        })
+
+def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm):
+    """Write out a file containing zone statements suitable for inclusion in a
+    named.conf file (including GSS-TSIG configuration).
+    
+    :param path: Path of the new named.conf file.
+    :param setup_path: Setup path function.
+    :param dnsdomain: DNS Domain name
+    :param hostname: Local hostname
+    :param realm: Realm name
+    """
+
+    setup_file(setup_path("krb5.conf"), path, {
+            "DNSDOMAIN": dnsdomain,
+            "HOSTNAME": hostname,
+            "REALM": realm,
+        })
+
 def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename):
     """Load schema for the SamDB.
author	Jelmer Vernooij <jelmer@samba.org>	2008-05-23 15:24:40 +0200
committer	Jelmer Vernooij <jelmer@samba.org>	2008-05-23 15:24:40 +0200
commit	7fb26774021986a08d03db968a7826ee64ea7410 (patch)
tree	272d8e4f7671b48c95c817724b41d9c27de1e282 /source4/scripting/python/samba/provision.py
parent	fd01b27edd5a83306f4ce567e31d43641dd003b8 (diff)
parent	1186579f94d81bc633b8f20e8ad8673313c8c39b (diff)
download	samba-7fb26774021986a08d03db968a7826ee64ea7410.tar.gz samba-7fb26774021986a08d03db968a7826ee64ea7410.tar.xz samba-7fb26774021986a08d03db968a7826ee64ea7410.zip