def _cache_keys_ActiveDirectory(**kwargs):
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
domains = ad.get_domains()
for d in domains:
workgroup = d['nETBIOSName']
print "w: %s" % workgroup
ucache = FreeNAS_UserCache(dir=workgroup)
if ucache:
for key in ucache.keys():
print "u key: %s" % key
gcache = FreeNAS_GroupCache(dir=workgroup)
if gcache:
for key in gcache.keys():
print "g key: %s" % key
ducache = FreeNAS_Directory_UserCache(dir=workgroup)
if ducache:
for key in ducache.keys():
print "du key: %s" % key
dgcache = FreeNAS_Directory_GroupCache(dir=workgroup)
if dgcache:
for key in dgcache.keys():
print "dg key: %s" % key
def _cache_rawdump_ActiveDirectory(**kwargs):
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
domains = ad.get_domains()
for d in domains:
workgroup = d['nETBIOSName']
print "w: %s" % workgroup
ucache = FreeNAS_UserCache(dir=workgroup)
if ucache:
for key in ucache.keys():
print "u: %s=%s" % (key, ucache[key])
gcache = FreeNAS_GroupCache(dir=workgroup)
if gcache:
for key in gcache.keys():
print "g: %s=%s" % (key, gcache[key])
ducache = FreeNAS_Directory_UserCache(dir=workgroup)
if ducache:
for key in ducache.keys():
print "du: %s=%s" % (key, ducache[key])
dgcache = FreeNAS_Directory_GroupCache(dir=workgroup)
if dgcache:
for key in dgcache.keys():
print "dg: %s=%s" % (key, dgcache[key])
def Test(self):
try:
self.freenas_ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
if self.freenas_ad.connected():
return self._handler.Pass("ActiveDirectory")
else:
return self._handler.Fail(
"ActiveDirectory",
"Unable to login to the Domain Controller.")
except LDAPError as e:
# LDAPError is dumb, it returns a list with one element for goodness knows what reason
e = e[0]
error = []
desc = e.get('desc')
info = e.get('info')
if desc:
error.append(desc)
if info:
error.append(info)
if error:
error = ', '.join(error)
else:
error = str(e)
return self._handler.Fail("ActiveDirectory", error)
except Exception as e:
return self._handler.Fail("ActiveDirectory", str(e))
def set_idmap_rfc2307_secret():
try:
ad = ActiveDirectory.objects.all()[0]
except:
return False
domain = None
idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend)
try:
fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
domain = fad.netbiosname.upper()
except:
return False
args = ["/usr/local/bin/net", "-d 0", "idmap", "secret"]
net_cmd = "%s '%s' '%s'" % (string.join(
args, ' '), domain, idmap.idmap_rfc2307_ldap_user_dn_password)
p = pipeopen(net_cmd, quiet=True)
net_out = p.communicate()
if net_out and net_out[0]:
for line in net_out[0].split('\n'):
if not line:
continue
print line
ret = True
if p.returncode != 0:
print >> sys.stderr, "Failed to set idmap secret!"
ret = False
return ret
def directoryservice(self, name):
"""Temporary wrapper to serialize DS connectors"""
if name == 'AD':
ds = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
workgroups = []
domains = ds.get_domains()
for d in domains:
if 'nETBIOSName' in d:
netbiosname = d['nETBIOSName']
workgroups.append(netbiosname)
ds.workgroups = workgroups
elif name == 'LDAP':
ds = FreeNAS_LDAP(flags=FLAGS_DBINIT)
else:
raise ValueError('Unknown ds name {0}'.format(name))
data = {}
for i in ('netbiosname', 'keytab_file', 'keytab_principal',
'domainname', 'use_default_domain', 'dchost', 'basedn',
'binddn', 'bindpw', 'userdn', 'groupdn', 'ssl', 'certfile',
'id', 'ad_idmap_backend', 'ds_type', 'krb_realm', 'krbname',
'kpwdname', 'krb_kdc', 'krb_admin_server',
'krb_kpasswd_server', 'workgroups'):
if hasattr(ds, i):
data[i] = getattr(ds, i)
return data
def save(self, **kwargs):
if self.ad_bindpw and not self._ad_bindpw_encrypted:
self.ad_bindpw = notifier().pwenc_encrypt(self.ad_bindpw)
self._ad_bindpw_encrypted = True
super(ActiveDirectory, self).save(**kwargs)
if not self.ad_kerberos_realm:
from freenasUI.common.freenasldap import (FreeNAS_ActiveDirectory,
FLAGS_DBINIT)
try:
fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
kr = KerberosRealm.objects.filter(
krb_realm=self.ad_domainname.upper())
if kr:
kr = kr[0]
else:
kr = KerberosRealm()
kr.krb_realm = self.ad_domainname.upper()
kr.save()
self.ad_kerberos_realm = kr
super(ActiveDirectory, self).save()
except Exception as e:
log.debug(
"ActiveDirectory: Unable to create kerberos realm: %s", e)
def ad_status(self):
ret = False
try:
ret = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT).connected()
except:
pass
return ret
def add_activedirectory_conf(smb4_conf):
try:
ad = ActiveDirectory.objects.all()[0]
except:
return
cachedir = "/var/tmp/.cache/.samba"
try:
os.makedirs(cachedir)
os.chmod(cachedir, 0755)
except:
pass
ad_workgroup = None
try:
fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
ad_workgroup = fad.netbiosname.upper()
except:
return
set_netbiosname(smb4_conf, ad.ad_netbiosname)
confset2(smb4_conf, "workgroup = %s", ad_workgroup)
confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper())
confset1(smb4_conf, "security = ADS")
confset1(smb4_conf, "client use spnego = yes")
confset2(smb4_conf, "cache directory = %s", cachedir)
confset1(smb4_conf, "local master = no")
confset1(smb4_conf, "domain master = no")
confset1(smb4_conf, "preferred master = no")
confset2(smb4_conf, "ads dns update = %s",
"yes" if ad.ad_allow_dns_updates else "no")
confset1(smb4_conf, "winbind cache time = 7200")
confset1(smb4_conf, "winbind offline logon = yes")
confset1(smb4_conf, "winbind enum users = yes")
confset1(smb4_conf, "winbind enum groups = yes")
confset1(smb4_conf, "winbind nested groups = yes")
confset2(smb4_conf, "winbind use default domain = %s",
"yes" if ad.ad_use_default_domain else "no")
confset1(smb4_conf, "winbind refresh tickets = yes")
if ad.ad_nss_info:
confset2(smb4_conf, "winbind nss info = %s", ad.ad_nss_info)
idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend)
configure_idmap_backend(smb4_conf, idmap, ad_workgroup)
confset2(smb4_conf, "allow trusted domains = %s",
"yes" if ad.ad_allow_trusted_doms else "no")
confset2(smb4_conf, "client ldap sasl wrapping = %s",
ad.ad_ldap_sasl_wrapping)
confset1(smb4_conf, "template shell = /bin/sh")
confset2(smb4_conf, "template homedir = %s",
"/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")
def add_activedirectory(sc):
activedirectory = ActiveDirectory.objects.all()[0]
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
ad_cookie = ad.netbiosname
ad_domain = 'domain/%s' % ad_cookie
ad_section = None
for key in sc.keys():
if key == ad_domain:
ad_section = sc[key]
break
if not ad_section:
ad_section = SSSDSectionDomain(ad_domain)
ad_section.description = ad_cookie
if ad_section.description != ad_cookie:
return
ad_defaults = [
{ 'enumerate': 'true' },
{ 'id_provider': 'ldap'},
{ 'auth_provider': 'ldap' },
{ 'ldap_schema': 'rfc2307bis' },
{ 'ldap_user_object_class': 'person' },
{ 'ldap_user_name': 'msSFU30Name' },
{ 'ldap_user_uid_number': 'uidNumber' },
{ 'ldap_user_gid_number': 'gidNumber' },
{ 'ldap_user_home_directory': 'homeDirectory' },
{ 'ldap_user_shell': 'loginShell' },
{ 'ldap_user_principal': 'userPrincipalName' },
{ 'ldap_group_object_class': 'group' },
{ 'ldap_group_name': 'msSFU30Name' },
{ 'ldap_group_gid_number': 'gidNumber' },
{ 'ldap_force_upper_case_realm': 'true' },
{ 'use_fully_qualified_names': 'true' }
]
for d in ad_defaults:
key = d.keys()[0]
if not key in ad_section:
setattr(ad_section, key, d[key])
if activedirectory.ad_use_default_domain:
ad_section.use_fully_qualified_names = 'false'
#
# XXX re-work this to use ad object
#
ad_section.ldap_uri = "ldap://%s" % ad.dchost
ad_section.ldap_search_base = ad.basedn
ad_section.ldap_default_bind_dn = ad.binddn
ad_section.ldap_default_authtok_type = 'password'
ad_section.ldap_default_authtok = ad.bindpw
sc[ad_domain] = ad_section
sc['sssd'].add_domain(ad_cookie)
sc['sssd'].add_newline()
def _cache_count_ActiveDirectory(**kwargs):
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
domains = ad.get_domains()
for d in domains:
workgroup = d['nETBIOSName']
print "w: %s" % workgroup
print "u: %ld" % _cachelen(FreeNAS_UserCache(dir=workgroup))
print "g: %ld" % _cachelen(FreeNAS_GroupCache(dir=workgroup))
print "du: %ld" % _cachelen(FreeNAS_Directory_UserCache(dir=workgroup))
print "dg: %ld" % _cachelen(
FreeNAS_Directory_GroupCache(dir=workgroup))
print "\n"
def forwards(self, orm):
try:
from freenasUI.common.freenasldap import (FreeNAS_ActiveDirectory,
FLAGS_DBINIT)
ad = orm.ActiveDirectory.objects.all()[0]
fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
kr = orm.KerberosRealm()
kr.krb_realm = ad.ad_domainname.upper()
if ad.ad_krbname:
kr.krb_kdc = ad.ad_krbname
else:
kr.krb_kdc = fad.krbname
kr.krb_admin_server = kr.krb_kdc
if ad.ad_kpwdname:
kr.krb_kpasswd_server = ad.ad_kpwdname
else:
kr.krb_kpasswd_server = fad.kpwdname
kr.save()
ad.ad_kerberos_realm = kr
ad.save()
if ad.ad_keytab:
kt = orm.KerberosKeytab()
kt.keytab_principal = "host/%s" % ad.ad_domainname
kt.keytab_file = "/data/%s.keytab" % re.sub(
'[^a-zA-Z0-9]+', '_', kt.keytab_principal)
kt.save()
os.rename(ad.ad_keytab, kt.keytab_file)
os.chmod(kt.keytab_file, 0o400)
ad.ad_kerberos_keytab = kt
ad.save()
except Exception as e:
print("ERROR: %s" % e, file=sys.stderr)
def ldap_conf_activedirectory(ldap_conf):
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
config = {}
config["URI"] = "%s://%s" % ("ldaps" if ad.ssl == "on" else "ldap",
ad.domainname)
config["BASE"] = ad.basedn
if ad.ssl in ("start_tls", "on"):
if ad.certfile:
config["TLS_CACERT"] = ad.certfile
config["TLS_REQCERT"] = "allow"
#
# So what if the AD server is configured to use SSL or TLS,
# and the idmap backend is as well? WTF? whaddoyoudo?
#
ad = models.ActiveDirectory.objects.all()[0]
if ad.ad_idmap_backend in ("rfc2307", "ldap"):
idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend)
idmap_url = idmap.get_url()
idmap_url = re.sub('^(ldaps?://)', '', idmap_url)
config["URI"] = "%s://%s" % ("ldaps" if idmap.get_ssl() == "on" else
"ldap", idmap_url)
if idmap.get_ssl() in ('start_tls', 'on'):
capath = get_certificateauthority_path(idmap.get_certificate())
if capath:
config["TLS_CACERT"] = capath
config["TLS_REQCERT"] = "allow"
keys = ["URI", "BASE", "TLS_CACERT", "TLS_REQCERT"]
with open(ldap_conf, "w") as f:
for key in keys:
if key in config:
f.write("%s %s\n" % (key, config[key]))
f.close()
os.chmod(ldap_conf, 0644)
def save(self, **kwargs):
super(ActiveDirectory, self).save(**kwargs)
if not self.ad_kerberos_realm:
from freenasUI.common.freenasldap import (FreeNAS_ActiveDirectory,
FLAGS_DBINIT)
try:
fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
kr = KerberosRealm()
kr.krb_realm = self.ad_domainname.upper()
kr.krb_kdc = fad.krbname
kr.krb_admin_server = kr.krb_kdc
kr.krb_kpasswd_server = fad.kpwdname
kr.save()
self.ad_kerberos_realm = kr
super(ActiveDirectory, self).save()
except Exception as e:
log.debug(
"ActiveDirectory: Unable to create kerberos realm: %s", e)
def main():
"""Use the django ORM to generate a config file. We'll build the
config file as a series of lines, and once that is done write it
out in one go"""
map_acls_mode = False
afp_config = "/usr/local/etc/afp.conf"
cf_contents = []
afp = AFP.objects.order_by('-id')[0]
cf_contents.append("[Global]\n")
uam_list = ['uams_dhx.so', 'uams_dhx2.so']
if afp.afp_srv_guest:
uam_list.append('uams_guest.so')
cf_contents.append('\tguest account = %s\n' % afp.afp_srv_guest_user)
# uams_gss.so bails out with an error if kerberos isn't configured
if KerberosKeytab.objects.count() > 0:
uam_list.append('uams_gss.so')
cf_contents.append('\tuam list = %s\n' % (" ").join(uam_list))
if afp.afp_srv_bindip:
cf_contents.append("\tafp listen = %s\n" %
' '.join(afp.afp_srv_bindip))
cf_contents.append("\tmax connections = %s\n" %
afp.afp_srv_connections_limit)
cf_contents.append("\tmimic model = RackMac\n")
if afp.afp_srv_dbpath:
cf_contents.append("\tvol dbnest = no\n")
cf_contents.append("\tvol dbpath = %s\n" % afp.afp_srv_dbpath)
else:
cf_contents.append("\tvol dbnest = yes\n")
if afp.afp_srv_global_aux:
cf_contents.append("\t%s" % afp.afp_srv_global_aux.encode('utf8'))
if afp.afp_srv_map_acls:
cf_contents.append("\tmap acls = %s\n" % afp.afp_srv_map_acls)
if afp.afp_srv_map_acls == 'mode' and activedirectory_enabled():
map_acls_mode = True
if map_acls_mode:
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
cf_contents.append("\tldap auth method = %s\n" % "simple")
cf_contents.append("\tldap auth dn = %s\n" % ad.binddn)
cf_contents.append("\tldap auth pw = %s\n" % ad.bindpw)
cf_contents.append("\tldap server = %s\n" % ad.domainname)
cf_contents.append("\tldap userbase = %s\n" % ad.userdn)
cf_contents.append("\tldap userscope = %s\n" % "sub")
cf_contents.append("\tldap groupbase = %s\n" % ad.groupdn)
cf_contents.append("\tldap groupscope = %s\n" % "sub")
cf_contents.append("\tldap user filter = %s\n" % "objectclass=user")
cf_contents.append("\tldap group filter = %s\n" % "objectclass=group")
cf_contents.append("\tldap uuid attr = %s\n" % "objectGUID")
cf_contents.append("\tldap uuid encoding = %s\n" % "ms-guid")
cf_contents.append("\tldap name attr = %s\n" % "sAMAccountName")
cf_contents.append("\tldap group attr = %s\n" % "sAMAccountName")
cf_contents.append("\n")
if afp.afp_srv_homedir_enable:
cf_contents.append("[Homes]\n")
cf_contents.append("\tbasedir regex = %s\n" % afp.afp_srv_homedir)
if afp.afp_srv_homename:
cf_contents.append("\thome name = %s\n" % afp.afp_srv_homename)
cf_contents.append("\n")
for share in AFP_Share.objects.all():
cf_contents.append("[%s]\n" % share.afp_name)
cf_contents.append("\tpath = %s\n" % share.afp_path)
if share.afp_allow:
cf_contents.append("\tvalid users = %s\n" % share.afp_allow)
if share.afp_deny:
cf_contents.append("\tinvalid users = %s\n" % share.afp_deny)
if share.afp_hostsallow:
cf_contents.append("\thosts allow = %s\n" % share.afp_hostsallow)
if share.afp_hostsdeny:
cf_contents.append("\thosts deny = %s\n" % share.afp_hostsdeny)
if share.afp_ro:
cf_contents.append("\trolist = %s\n" % share.afp_ro)
if share.afp_rw:
cf_contents.append("\trwlist = %s\n" % share.afp_rw)
if share.afp_timemachine:
cf_contents.append("\ttime machine = yes\n")
if not share.afp_nodev:
cf_contents.append("\tcnid dev = no\n")
if share.afp_nostat:
cf_contents.append("\tstat vol = no\n")
if not share.afp_upriv:
cf_contents.append("\tunix priv = no\n")
else:
if share.afp_fperm and not map_acls_mode:
cf_contents.append("\tfile perm = %s\n" % share.afp_fperm)
if share.afp_dperm and not map_acls_mode:
cf_contents.append("\tdirectory perm = %s\n" % share.afp_dperm)
if share.afp_umask and not map_acls_mode:
cf_contents.append("\tumask = %s\n" % share.afp_umask)
cf_contents.append("\tveto files = .windows/.mac/\n")
if map_acls_mode:
cf_contents.append("\tacls = yes\n")
with open(afp_config, "w") as fh:
for line in cf_contents:
fh.write(line)
def main():
realms = KerberosRealm.objects.all()
try:
settings = KerberosSettings.objects.all()[0]
except:
settings = None
kc = KerberosConfig(settings=settings)
kc.create_default_config()
ad = ldap = None
ldap_objects = LDAP.objects.all()
if ldap_objects and ldap_objects[0].ldap_enable:
ldap = FreeNAS_LDAP(flags=FLAGS_DBINIT)
ad_objects = ActiveDirectory.objects.all()
if ad_objects and ad_objects[0].ad_enable:
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
for kr in realms:
if not kr.krb_realm:
continue
krb_kdc, krb_admin_server, krb_kpasswd_server = get_kerberos_servers(
kr, ad, ldap)
bc = KerberosConfigBindingCollection(name=kr.krb_realm)
if krb_kdc:
bc.append(KerberosConfigBinding(name="kdc", value=krb_kdc))
if krb_admin_server:
bc.append(
KerberosConfigBinding(name="admin_server",
value=krb_admin_server))
if krb_kpasswd_server:
bc.append(
KerberosConfigBinding(name="kpasswd_server",
value=krb_kpasswd_server))
bc.append(
KerberosConfigBinding(name="default_domain", value=kr.krb_realm))
kc.add_bindings(['realms'], bc)
bc = KerberosConfigBindingCollection()
bc.append(
KerberosConfigBinding(name=kr.krb_realm.lower(),
value=kr.krb_realm.upper()))
bc.append(
KerberosConfigBinding(name=".%s" % kr.krb_realm.lower(),
value=kr.krb_realm.upper()))
bc.append(
KerberosConfigBinding(name=kr.krb_realm.upper(),
value=kr.krb_realm.upper()))
bc.append(
KerberosConfigBinding(name=".%s" % kr.krb_realm.upper(),
value=kr.krb_realm.upper()))
kc.add_bindings(['domain_realm'], bc)
fp = open("/etc/krb5.conf", "w+")
kc.generate_krb5_conf(stdout=fp)
fp.close()
def add_activedirectory_conf(smb4_conf):
rid_range_start = 20000
rid_range_end = 20000000
ad_range_start = 10000
ad_range_end = 90000000
try:
ad = ActiveDirectory.objects.all()[0]
except:
return
cachedir = "/var/tmp/.cache/.samba"
try:
os.makedirs(cachedir)
except:
pass
ad_workgroup = None
try:
fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
ad_workgroup = fad.netbiosname.upper()
except:
return
confset2(smb4_conf, "netbios name = %s", ad.ad_netbiosname.upper())
confset2(smb4_conf, "workgroup = %s", ad_workgroup)
confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper())
confset1(smb4_conf, "security = ADS")
confset1(smb4_conf, "client use spnego = yes")
confset2(smb4_conf, "cache directory = %s", cachedir)
confset1(smb4_conf, "local master = no")
confset1(smb4_conf, "domain master = no")
confset1(smb4_conf, "preferred master = no")
confset1(smb4_conf, "acl check permissions = true")
confset1(smb4_conf, "acl map full control = true")
confset1(smb4_conf, "dos filemode = yes")
confset1(smb4_conf, "winbind cache time = 7200")
confset1(smb4_conf, "winbind offline logon = yes")
confset1(smb4_conf, "winbind enum users = yes")
confset1(smb4_conf, "winbind enum groups = yes")
confset1(smb4_conf, "winbind nested groups = yes")
confset2(smb4_conf, "winbind use default domain = %s",
"yes" if ad.ad_use_default_domain else "no")
confset1(smb4_conf, "winbind refresh tickets = yes")
if ad.ad_unix_extensions:
confset1(smb4_conf, "winbind nss info = rfc2307")
idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend)
configure_idmap_backend(smb4_conf, idmap, ad_workgroup)
confset2(smb4_conf, "allow trusted domains = %s",
"yes" if ad.ad_allow_trusted_doms else "no")
confset1(smb4_conf, "template shell = /bin/sh")
confset2(smb4_conf, "template homedir = %s",
"/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")
def _cache_check_ActiveDirectory(**kwargs):
if 'args' not in kwargs and kwargs['args']:
return
valid = {}
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
domains = ad.get_domains()
for d in domains:
workgroup = d['nETBIOSName']
valid[workgroup] = True
for arg in kwargs['args']:
key = val = None
if arg.startswith("u="):
key = "u"
val = arg.partition("u=")[2]
elif arg.startswith("g="):
key = "g"
val = arg.partition("g=")[2]
elif arg.startswith("du="):
key = "du"
val = arg.partition("du=")[2]
elif arg.startswith("dg="):
key = "dg"
val = arg.partition("dg=")[2]
else:
continue
if key in ('u', 'g'):
parts = val.split('\\')
if len(parts) < 2:
continue
workgroup = parts[0]
if workgroup not in valid:
continue
ucache = FreeNAS_UserCache(dir=workgroup)
gcache = FreeNAS_GroupCache(dir=workgroup)
ducache = FreeNAS_Directory_UserCache(dir=workgroup)
dgcache = FreeNAS_Directory_GroupCache(dir=workgroup)
if key == 'u':
if ucache and val in ucache and ucache[val]:
print "%s: %s" % (val, ucache[val])
elif key == 'g':
if gcache and val in gcache and gcache[val]:
print "%s: %s" % (val, gcache[val])
elif key in ('du', 'dg'):
for workgroup in valid.keys():
ucache = FreeNAS_UserCache(dir=workgroup)
gcache = FreeNAS_GroupCache(dir=workgroup)
ducache = FreeNAS_Directory_UserCache(dir=workgroup)
dgcache = FreeNAS_Directory_GroupCache(dir=workgroup)
if key == 'du':
if ducache and val in ducache and ducache[val]:
print "%s: %s" % (val, ducache[val])
elif key == 'dg':
if dgcache and val in dgcache and dgcache[val]:
print "%s: %s" % (val, dgcache[val])
def add_activedirectory(sc):
activedirectory = ActiveDirectory.objects.all()[0]
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
use_ad_provider = False
ad_cookie = ad.netbiosname
ad_domain = 'domain/%s' % ad_cookie
ad_section = None
for key in sc.keys():
if key == ad_domain:
ad_section = sc[key]
break
if not ad_section:
ad_section = SSSDSectionDomain(ad_domain)
ad_section.description = ad_cookie
if ad_section.description != ad_cookie:
return
ad_defaults = [{
'enumerate': 'true'
}, {
'id_provider': 'ldap'
}, {
'auth_provider': 'ldap'
}, {
'access_provider': 'ldap'
}, {
'chpass_provider': 'ldap'
}, {
'ldap_schema': 'rfc2307bis'
}, {
'ldap_user_object_class': 'person'
}, {
'ldap_user_name': 'msSFU30Name'
}, {
'ldap_user_uid_number': 'uidNumber'
}, {
'ldap_user_gid_number': 'gidNumber'
}, {
'ldap_user_home_directory': 'unixHomeDirectory'
}, {
'ldap_user_shell': 'loginShell'
}, {
'ldap_user_principal': 'userPrincipalName'
}, {
'ldap_group_object_class': 'group'
}, {
'ldap_group_name': 'msSFU30Name'
}, {
'ldap_group_gid_number': 'gidNumber'
}, {
'ldap_force_upper_case_realm': 'true'
}, {
'use_fully_qualified_names': 'true'
}]
__, hostname, __ = os.uname()[0:3]
if ad.keytab_name and ad.kerberos_realm and os.path.exists(ad.keytab_file):
use_ad_provider = True
if use_ad_provider:
for d in ad_defaults:
key = d.keys()[0]
if key.startswith("ldap_") and key in d:
del d[key]
elif key.endswith("_provider"):
d[key] = 'ad'
ad_section.ad_hostname = hostname
ad_section.ad_domain = ad.domainname
ad_section.ldap_id_mapping = False
for d in ad_defaults:
if not d:
continue
key = d.keys()[0]
if not key in ad_section:
setattr(ad_section, key, d[key])
if activedirectory.ad_use_default_domain:
ad_section.use_fully_qualified_names = 'false'
try:
shares = CIFS_Share.objects.all()
for share in shares:
if share.cifs_home and share.cifs_path:
if ad.use_default_domain:
homedir_path = "%s/%%u" % share.cifs_path
else:
homedir_path = "%s/%%d/%%u" % share.cifs_path
ad_section.override_homedir = homedir_path
except Exception as e:
pass
if use_ad_provider:
pass
# ad_section.auth_provider = 'krb5'
# ad_section.chpass_provider = 'krb5'
# ad_section.ldap_sasl_mech = 'GSSAPI'
# ad_section.ldap_sasl_authid = ad.keytab_principal
# ad_section.krb5_server = ad.krb_kdc
# ad_section.krb5_realm = ad.krb_realm
# ad_section.krb5_canonicalize = 'false'
else:
ad_section.ldap_uri = "ldap://%s" % ad.dchost
ad_section.ldap_search_base = ad.basedn
ad_section.ldap_default_bind_dn = ad.binddn
ad_section.ldap_default_authtok_type = 'password'
ad_section.ldap_default_authtok = ad.bindpw
sc[ad_domain] = ad_section
sc['sssd'].add_domain(ad_cookie)
sc['sssd'].add_newline()
