Example #1
0
def main():
    nsswitch_conf = {
        'group': ['files'],
        'hosts': ['files', 'dns'],
        'networks': ['files'],
        'passwd': ['files'],
        'shells': ['files'],
        'services': ['files'],
        'protocols': ['files'],
        'rpc': ['files'],
        'sudoers': ['files']
    }

    verb = "start"
    if len(sys.argv) > 1:
        verb = sys.argv[1].lower()

    if verb == 'start':
        if activedirectory_enabled() and activedirectory_has_unix_extensions():
            nsswitch_conf['passwd'].append('sss')
            nsswitch_conf['group'].append('sss')
        elif activedirectory_enabled() or \
            domaincontroller_enabled() or nt4_enabled():
            nsswitch_conf['passwd'].append('winbind')
            nsswitch_conf['group'].append('winbind')

        if nt4_enabled():
            nsswitch_conf['hosts'].append('wins')

        if ldap_enabled():
            nsswitch_conf['passwd'].append('sss')
            nsswitch_conf['group'].append('sss')
            if ldap_sudo_configured():
                nsswitch_conf['sudoers'].append('sss')

        if nis_enabled():
            nsswitch_conf['passwd'].append('nis')
            nsswitch_conf['group'].append('nis')
            nsswitch_conf['hosts'].append('nis')

    try:
        fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
        for key in nsswitch_conf:
            line = "%s: %s\n" % (
                key.strip(),
                string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
            )
            os.write(fd, line)
        os.close(fd)

    except Exception as e:
        print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
        sys.exit(1)
Example #2
0
def cache_count(**kwargs):
    if activedirectory_enabled():
        _cache_count_ActiveDirectory(**kwargs)

    elif nt4_enabled():
        _cache_count_NT4(**kwargs)

    elif ldap_enabled():
        _cache_count_default(**kwargs)

    else:
        _cache_count_default(**kwargs)
Example #3
0
def cache_rawdump(**kwargs):
    if activedirectory_enabled():
        _cache_rawdump_ActiveDirectory(**kwargs)

    elif nt4_enabled():
        _cache_rawdump_NT4(**kwargs)

    elif ldap_enabled():
        _cache_rawdump_default(**kwargs)

    else:
        _cache_rawdump_default(**kwargs)
Example #4
0
def _get_dflags():
    dflags = 0

    if activedirectory_enabled():
        dflags |= U_AD_ENABLED
    elif nt4_enabled():
        dflags |= U_NT4_ENABLED
    elif nis_enabled():
        dflags |= U_NIS_ENABLED
    elif ldap_enabled():
        dflags |= U_LDAP_ENABLED

    return dflags
Example #5
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_GroupCache.__new__: enter")

        obj = None
        if ldap_enabled() or activedirectory_enabled() or \
            nt4_enabled() or nis_enabled():
            obj = FreeNAS_Directory_LocalGroupCache(**kwargs)

        else:
            obj = FreeNAS_BaseCache(**kwargs)

        log.debug("FreeNAS_GroupCache.__new__: leave")
        return obj
Example #6
0
def get_server_role():
    role = "standalone"
    if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled():
        role = "member"

    if domaincontroller_enabled():
        try:
            dc = DomainController.objects.all()[0]
            role = dc.dc_role
        except:
            pass

    return role
Example #7
0
def cache_check(**kwargs):
    if activedirectory_enabled():
        _cache_check_ActiveDirectory(**kwargs) 

    elif nis_enabled():
        _cache_check_NIS(**kwargs) 

    elif nt4_enabled():
        _cache_check_NT4(**kwargs) 

    elif ldap_enabled():
        _cache_check_default(**kwargs)
     
    else:
        _cache_check_default(**kwargs)
Example #8
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_UserCache.__new__: enter")

        obj = None
        if (
            ldap_enabled() or activedirectory_enabled() or
            nt4_enabled() or nis_enabled() or
            domaincontroller_enabled() or nis_enabled()
        ):
            obj = FreeNAS_Directory_LocalUserCache(**kwargs)

        else:
            obj = FreeNAS_BaseCache(**kwargs)

        log.debug("FreeNAS_UserCache.__new__: leave")
        return obj
Example #9
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)

        elif nt4_enabled():
            obj = FreeNAS_NT4_LocalGroupCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_LocalGroupCache(**kwargs)

        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
        return obj
Example #10
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_UserCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_UserCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_UserCache(**kwargs)

        elif nt4_enabled():
            obj = FreeNAS_NT4_UserCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_UserCache(**kwargs)

        elif domaincontroller_enabled():
            obj = FreeNAS_DomainController_UserCache(**kwargs)

        log.debug("FreeNAS_Directory_UserCache.__new__: leave")
        return obj
Example #11
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)

        elif nt4_enabled():
            obj = FreeNAS_NT4_LocalGroupCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_LocalGroupCache(**kwargs)

        elif domaincontroller_enabled():
            obj = FreeNAS_DomainController_LocalGroupCache(**kwargs)

        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
        return obj
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = 'ftp'
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    if os.path.exists("/usr/local/etc/smbusers"):
        confset1(smb4_conf, "username map = /usr/local/etc/smbusers")

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
    if cifs.cifs_srv_bindip:
        interfaces = []

        bindips = string.join(cifs.cifs_srv_bindip, ' ')
        if role != 'dc':
            bindips = "127.0.0.1 %s" % bindips

        n = notifier()
        bindips = bindips.split()
        for bindip in bindips:
            if not bindip:
                continue
            bindip = bindip.strip()
            iface = n.get_interface(bindip)
            if iface and n.is_carp_interface(iface):
                parent_iface = n.get_parent_interface(iface)
                if not parent_iface:
                    continue

                parent_iinfo = n.get_interface_info(parent_iface[0])
                if not parent_iinfo:
                    continue

                interfaces.append("%s/%s" % (bindip, parent_iface[2]))
            else:
                interfaces.append(bindip)

        if interfaces:
            confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
        confset1(smb4_conf, "bind interfaces only = yes")

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d",
             long(get_sysctl('kern.maxfilesperproc')) - 25)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        loglevel = cifs.cifs_srv_loglevel
    else:
        loglevel = "0"

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "logging = syslog:%s" % loglevel)
    else:
        confset1(smb4_conf, "logging = file")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s",
             cifs.cifs_srv_guest.encode('utf8'))
    confset1(smb4_conf, "map to guest = Bad User")
    confset2(smb4_conf, "obey pam restrictions = %s",
             "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf,
             "panic action = /usr/local/libexec/samba/samba-backtrace")
    confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset1(smb4_conf, "ea support = yes")
    confset1(smb4_conf, "store dos attributes = yes")
    confset1(smb4_conf, "lm announce = yes")
    confset2(smb4_conf, "hostname lookups = %s",
             "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s",
             "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s",
             "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s",
             "yes" if cifs.cifs_srv_nullpw else False)
    confset2(smb4_conf, "acl allow execute always = %s",
             "true" if cifs.cifs_srv_allow_execute_always else "false")
    confset1(smb4_conf, "dos filemode = yes")
    confset2(smb4_conf, "multicast dns register = %s",
             "yes" if cifs.cifs_srv_zeroconf else "no")

    if not smb4_ldap_enabled():
        confset2(smb4_conf, "domain logons = %s",
                 "yes" if cifs.cifs_srv_domain_logons else "no")

    if (not nt4_enabled() and not activedirectory_enabled()):
        confset2(smb4_conf, "local master = %s",
                 "yes" if cifs.cifs_srv_localmaster else "no")

    idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
    configure_idmap_backend(smb4_conf, idmap, None)

    if role == 'auto':
        confset1(smb4_conf, "server role = auto")

    elif role == 'classic':
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == 'netbios':
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == 'dc':
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == 'member':
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif smb4_ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

        confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper())
        if cifs.cifs_srv_netbiosalias:
            confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())

    elif role == 'standalone':
        confset1(smb4_conf, "server role = standalone")
        confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper())
        if cifs.cifs_srv_netbiosalias:
            confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != 'dc':
        confset1(smb4_conf, "pid directory = /var/run/samba")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    smb_options = cifs.cifs_srv_smb_options.encode('utf-8')
    smb_options = smb_options.strip()
    for line in smb_options.split('\n'):
        line = line.strip()
        if not line:
            continue
        confset1(smb4_conf, line)
Example #13
0
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = 'ftp'
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25)

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "syslog only = yes")
        confset1(smb4_conf, "syslog = 1")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8'))
    confset1(smb4_conf, "map to guest = Bad User")
    confset1(smb4_conf, "obey pam restrictions = Yes")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset2(smb4_conf, "ea support = %s",
        "yes" if cifs.cifs_srv_easupport else False)
    confset2(smb4_conf, "store dos attributes = %s",
        "yes" if cifs.cifs_srv_dosattr else False)
    if cifs.cifs_srv_dosattr:
        confset1(smb4_conf, "map archive = no")
        confset1(smb4_conf, "map readonly = no")
        confset1(smb4_conf, "map hidden = no")
        confset1(smb4_conf, "map system = no")
    confset2(smb4_conf, "hostname lookups = %s",
        "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s",
        "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s",
        "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s",
        "yes" if cifs.cifs_srv_nullpw else False)

    confset2(smb4_conf, "acl allow execute always = %s",
        "true" if cifs.cifs_srv_allow_execute_always else "false")

    if cifs.cifs_srv_localmaster and not nt4_enabled() \
        and not activedirectory_enabled():
        confset2(smb4_conf, "local master = %s",
            "yes" if cifs.cifs_srv_localmaster else False)

    if role == 'auto':
        confset1(smb4_conf, "server role = auto")

    elif role == 'classic':
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == 'netbios':
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == 'dc':
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == 'member':
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

    elif role == 'standalone':
        confset1(smb4_conf, "server role = standalone")
        confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper())
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != 'dc':
        confset1(smb4_conf, "pid directory = /var/run/samba")
        confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
        confset1(smb4_conf, "private dir = /var/etc/private")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    for line in cifs.cifs_srv_smb_options.split('\n'):
        confset1(smb4_conf, line)

    if cifs.cifs_srv_homedir_enable:
        valid_users_path = "%U"
        valid_users = "%U"

        if activedirectory_enabled():
            try:
                ad = ActiveDirectory.objects.all()[0]
                if not ad.ad_use_default_domain:
                    valid_users_path = "%D/%U"
                    valid_users = "%D\%U"
            except:
                pass

        if cifs.cifs_srv_homedir:
            cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path)
        else:
            cifs_homedir_path = False

        confset1(smb4_conf, "\n")
        confset1(smb4_conf, "[homes]", space=0)
        confset1(smb4_conf, "comment = Home Directories")
        confset2(smb4_conf, "valid users = %s", valid_users)
        confset1(smb4_conf, "writable = yes")
        confset2(smb4_conf, "browseable = %s",
            "yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
        if cifs_homedir_path:
            confset2(smb4_conf, "path = %s", cifs_homedir_path)

        for line in cifs.cifs_srv_homedir_aux.split('\n'):
            confset1(smb4_conf, line)
Example #14
0
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = 'ftp'
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
    if cifs.cifs_srv_bindip:
        interfaces = cifs.cifs_srv_bindip.replace(',', ' ')
        if role != 'dc':
            interfaces = "127.0.0.1 %s" % interfaces
        confset2(smb4_conf, "interfaces = %s", interfaces)
        confset1(smb4_conf, "bind interfaces only = yes")

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25)

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "syslog only = yes")
        confset1(smb4_conf, "syslog = 1")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8'))
    confset1(smb4_conf, "map to guest = Bad User")
    confset2(smb4_conf, "obey pam restrictions = %s",
        "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset1(smb4_conf, "ea support = yes")
    confset1(smb4_conf, "store dos attributes = yes")
    confset2(smb4_conf, "hostname lookups = %s",
        "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s",
        "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s",
        "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s",
        "yes" if cifs.cifs_srv_nullpw else False)
    confset2(smb4_conf, "acl allow execute always = %s",
        "true" if cifs.cifs_srv_allow_execute_always else "false")
    confset1(smb4_conf, "acl check permissions = true")
    confset1(smb4_conf, "dos filemode = yes")

    if not smb4_ldap_enabled():
        confset2(smb4_conf, "domain logons = %s",
            "yes" if cifs.cifs_srv_domain_logons else "no")

    if cifs.cifs_srv_localmaster and not nt4_enabled() \
        and not activedirectory_enabled():
        confset2(smb4_conf, "local master = %s",
            "yes" if cifs.cifs_srv_localmaster else False)

    idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
    configure_idmap_backend(smb4_conf, idmap, None)

    if role == 'auto':
        confset1(smb4_conf, "server role = auto")

    elif role == 'classic':
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == 'netbios':
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == 'dc':
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == 'member':
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif smb4_ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

    elif role == 'standalone':
        confset1(smb4_conf, "server role = standalone")
        confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper())
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != 'dc':
        confset1(smb4_conf, "pid directory = /var/run/samba")
        confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
        confset1(smb4_conf, "private dir = /var/etc/private")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    for line in cifs.cifs_srv_smb_options.split('\n'):
        confset1(smb4_conf, line)
Example #15
0
            sanity = False

if sanity:
    sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI'])

    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')

    import django
    django.setup()

    from freenasUI.common.system import (activedirectory_enabled,
                                         domaincontroller_enabled,
                                         ldap_enabled, nt4_enabled)

    if (activedirectory_enabled() or domaincontroller_enabled()
            or ldap_enabled() or nt4_enabled()):
        print "A directory service is enabled, aborting without making changes."
        exit(1)

    print "detected SID: %s\n" % sidval
    from freenasUI.services.models import CIFS
    cifs = CIFS.objects.all()[0]
    print "database SID: %s\n" % cifs.cifs_SID
    if cifs.cifs_SID != sidval:
        cifs.cifs_SID = sidval
        print "Saving detected SID to the database"
        cifs.save()
        print "Please either reboot the system or run the following commands as root:"
        print "service samba_server stop"
        print "service ix-pre-samba start"
        print "service samba_server start"
Example #16
0
    # Make sure to load all modules
    from django.db.models.loading import cache
    cache.get_apps()

    from freenasUI.common.system import (
        activedirectory_enabled,
        domaincontroller_enabled,
        ldap_enabled,
        nt4_enabled
    )

    if (activedirectory_enabled() or
            domaincontroller_enabled() or
            ldap_enabled() or
            nt4_enabled()):
        print "A directory service is enabled, aborting without making changes."
        exit(1)

    print "detected SID: %s\n" % sidval
    from freenasUI.services.models import CIFS
    cifs = CIFS.objects.all()[0]
    print "database SID: %s\n" % cifs.cifs_SID
    if cifs.cifs_SID != sidval:
        cifs.cifs_SID = sidval
        print "Saving detected SID to the database"
        cifs.save()
        print "Please either reboot the system or run the following commands as root:"
        print "service samba_server stop"
        print "service ix-pre-samba start"
        print "service samba_server start"
Example #17
0
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = "ftp"
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    if os.path.exists("/usr/local/etc/smbusers"):
        confset1(smb4_conf, "username map = /usr/local/etc/smbusers")

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
    if cifs.cifs_srv_bindip:
        interfaces = []

        bindips = string.join(cifs.cifs_srv_bindip, " ")
        if role != "dc":
            bindips = "127.0.0.1 %s" % bindips

        n = notifier()
        bindips = bindips.split()
        for bindip in bindips:
            if not bindip:
                continue
            bindip = bindip.strip()
            iface = n.get_interface(bindip)
            if iface and n.is_carp_interface(iface):
                parent_iface = n.get_parent_interface(iface)
                if not parent_iface:
                    continue

                parent_iinfo = n.get_interface_info(parent_iface[0])
                if not parent_iinfo:
                    continue

                interfaces.append("%s/%s" % (bindip, parent_iface[2]))
            else:
                interfaces.append(bindip)

        if interfaces:
            confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
        confset1(smb4_conf, "bind interfaces only = yes")

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d", long(get_sysctl("kern.maxfilesperproc")) - 25)

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "syslog only = yes")
    else:
        confset1(smb4_conf, "syslog only = no")

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "syslog = %s", cifs.cifs_srv_loglevel)
    else:
        confset1(smb4_conf, "syslog = 0")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode("utf8"))
    confset1(smb4_conf, "map to guest = Bad User")
    confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")
    confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset1(smb4_conf, "ea support = yes")
    confset1(smb4_conf, "store dos attributes = yes")
    confset1(smb4_conf, "lm announce = yes")
    confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False)
    confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false")
    confset1(smb4_conf, "acl check permissions = true")
    confset1(smb4_conf, "dos filemode = yes")
    confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no")

    if not smb4_ldap_enabled():
        confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no")

    if not nt4_enabled() and not activedirectory_enabled():
        confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no")

    idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, "tdb")
    configure_idmap_backend(smb4_conf, idmap, None)

    if role == "auto":
        confset1(smb4_conf, "server role = auto")

    elif role == "classic":
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == "netbios":
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == "dc":
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == "member":
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif smb4_ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

    elif role == "standalone":
        confset1(smb4_conf, "server role = standalone")
        set_netbiosname(smb4_conf, cifs.cifs_srv_netbiosname)
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != "dc":
        confset1(smb4_conf, "pid directory = /var/run/samba")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    smb_options = cifs.cifs_srv_smb_options.encode("utf-8")
    smb_options = smb_options.strip()
    for line in smb_options.split("\n"):
        line = line.strip()
        if not line:
            continue
        confset1(smb4_conf, line)
Example #18
0
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = 'ftp'
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d",
             long(get_sysctl('kern.maxfilesperproc')) - 25)

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "syslog only = yes")
        confset1(smb4_conf, "syslog = 1")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s",
             cifs.cifs_srv_guest.encode('utf8'))
    confset1(smb4_conf, "map to guest = Bad User")
    confset2(smb4_conf, "obey pam restrictions = %s",
             "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf,
             "panic action = /usr/local/libexec/samba/samba-backtrace")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset1(smb4_conf, "ea support = yes")
    confset1(smb4_conf, "store dos attributes = yes")
    confset2(smb4_conf, "hostname lookups = %s",
             "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s",
             "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s",
             "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s",
             "yes" if cifs.cifs_srv_nullpw else False)
    confset2(smb4_conf, "domain logons = %s",
             "yes" if cifs.cifs_srv_domain_logons else "no")

    confset2(smb4_conf, "acl allow execute always = %s",
             "true" if cifs.cifs_srv_allow_execute_always else "false")

    if cifs.cifs_srv_localmaster and not nt4_enabled() \
        and not activedirectory_enabled():
        confset2(smb4_conf, "local master = %s",
                 "yes" if cifs.cifs_srv_localmaster else False)

    idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
    configure_idmap_backend(smb4_conf, idmap, None)

    if role == 'auto':
        confset1(smb4_conf, "server role = auto")

    elif role == 'classic':
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == 'netbios':
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == 'dc':
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == 'member':
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

    elif role == 'standalone':
        confset1(smb4_conf, "server role = standalone")
        confset2(smb4_conf, "netbios name = %s",
                 cifs.cifs_srv_netbiosname.upper())
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != 'dc':
        confset1(smb4_conf, "pid directory = /var/run/samba")
        confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
        confset1(smb4_conf, "private dir = /var/etc/private")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    for line in cifs.cifs_srv_smb_options.split('\n'):
        confset1(smb4_conf, line)

    if cifs.cifs_srv_homedir_enable:
        valid_users_path = "%U"
        valid_users = "%U"

        if activedirectory_enabled():
            try:
                ad = ActiveDirectory.objects.all()[0]
                if not ad.ad_use_default_domain:
                    valid_users_path = "%D/%U"
                    valid_users = "%D\%U"
            except:
                pass

        if cifs.cifs_srv_homedir:
            cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir,
                                           valid_users_path)
        else:
            cifs_homedir_path = False

        confset1(smb4_conf, "\n")
        confset1(smb4_conf, "[homes]", space=0)
        confset1(smb4_conf, "comment = Home Directories")
        confset2(smb4_conf, "valid users = %s", valid_users)
        confset1(smb4_conf, "writable = yes")
        confset2(smb4_conf, "browseable = %s",
                 "yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
        if cifs_homedir_path:
            confset2(smb4_conf, "path = %s", cifs_homedir_path)

        for line in cifs.cifs_srv_homedir_aux.split('\n'):
            confset1(smb4_conf, line)