def main():
nsswitch_conf = {
'group': ['files'],
'hosts': ['files', 'mdns', 'dns'],
'networks': ['files'],
'passwd': ['files'],
'shells': ['files'],
'services': ['files'],
'protocols': ['files'],
'rpc': ['files'],
'sudoers': ['files']
}
verb = "start"
if len(sys.argv) > 1:
verb = sys.argv[1].lower()
if verb == 'start':
if activedirectory_enabled() and \
activedirectory_has_unix_extensions() and \
activedirectory_has_keytab():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
elif activedirectory_enabled() or \
domaincontroller_enabled() or nt4_enabled():
nsswitch_conf['passwd'].append('winbind')
nsswitch_conf['group'].append('winbind')
#if nt4_enabled():
# nsswitch_conf['hosts'].append('wins')
if ldap_enabled() and ldap_anonymous_bind():
nsswitch_conf['passwd'].append('ldap')
nsswitch_conf['group'].append('ldap')
elif ldap_enabled():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
if ldap_sudo_configured():
nsswitch_conf['sudoers'].append('sss')
if nis_enabled():
nsswitch_conf['passwd'].append('nis')
nsswitch_conf['group'].append('nis')
nsswitch_conf['hosts'].append('nis')
try:
fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
for key in nsswitch_conf:
line = "%s: %s\n" % (
key.strip(),
string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
)
os.write(fd, line)
os.close(fd)
except Exception as e:
print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
sys.exit(1)
def main():
nsswitch_conf = {
'group': ['files'],
'hosts': ['files', 'mdns', 'dns'],
'networks': ['files'],
'passwd': ['files'],
'shells': ['files'],
'services': ['files'],
'protocols': ['files'],
'rpc': ['files'],
'sudoers': ['files']
}
verb = "start"
if len(sys.argv) > 1:
verb = sys.argv[1].lower()
if verb == 'start':
if activedirectory_enabled() and \
activedirectory_has_unix_extensions() and \
activedirectory_has_principal():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
elif activedirectory_enabled() or \
domaincontroller_enabled() or nt4_enabled():
nsswitch_conf['passwd'].append('winbind')
nsswitch_conf['group'].append('winbind')
#if nt4_enabled():
# nsswitch_conf['hosts'].append('wins')
if ldap_enabled() and ldap_anonymous_bind():
nsswitch_conf['passwd'].append('ldap')
nsswitch_conf['group'].append('ldap')
elif ldap_enabled():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
if ldap_sudo_configured():
nsswitch_conf['sudoers'].append('sss')
if nis_enabled():
nsswitch_conf['passwd'].append('nis')
nsswitch_conf['group'].append('nis')
nsswitch_conf['hosts'].append('nis')
try:
fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY | os.O_CREAT | os.O_TRUNC,
0644)
for key in nsswitch_conf:
line = "%s: %s\n" % (
key.strip(),
string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' '))
os.write(fd, line)
os.close(fd)
except Exception as e:
print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
sys.exit(1)
def main():
sssd_conf = None
if ldap_enabled() and ldap_anonymous_bind():
sys.exit(1)
sssd_setup()
if os.path.exists(SSSD_CONFIGFILE):
sssd_conf = SSSD_CONFIGFILE
cookie = get_directoryservice_cookie()
if not cookie:
sys.exit(1)
def nullfunc():
pass
sc = SSSDConf(path=sssd_conf, parse=nullfunc, cookie=cookie)
sc.add_sssd_section()
sc.add_nss_section()
sc.add_pam_section()
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory_section(sc)
if ldap_enabled():
add_ldap_section(sc)
sc.save(SSSD_CONFIGFILE)
def main():
sssd_conf = None
sssd_setup()
if os.path.exists(SSSD_CONFIGFILE):
sssd_conf = SSSD_CONFIGFILE
def nullfunc(): pass
sc = SSSDConf(path=sssd_conf, parse=nullfunc)
if not sc['sssd']:
sc['sssd'] = SSSDSectionSSSD()
sc['sssd'].config_file_version = 2
sc['sssd'].full_name_format = r"%2$s\%1$s"
sc['sssd'].re_expression = r"(((?P<domain>[^\\]+)\\(?P<name>.+$))" \
r"|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))"
if not sc['nss']:
sc['nss'] = SSSDSectionNSS()
sc['sssd'].add_service('nss')
if not sc['pam']:
sc['pam'] = SSSDSectionPAM()
sc['sssd'].add_service('pam')
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory(sc)
if ldap_enabled():
add_ldap(sc)
sc.save(SSSD_CONFIGFILE)
def main():
sssd_conf = None
if ldap_anonymous_bind():
sys.exit(1)
sssd_setup()
if os.path.exists(SSSD_CONFIGFILE):
sssd_conf = SSSD_CONFIGFILE
cookie = get_directoryservice_cookie()
if not cookie:
sys.exit(1)
def nullfunc():
pass
sc = SSSDConf(path=sssd_conf, parse=nullfunc, cookie=cookie)
sc.add_sssd_section()
sc.add_nss_section()
sc.add_pam_section()
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory_section(sc)
if ldap_enabled():
add_ldap_section(sc)
sc.save(SSSD_CONFIGFILE)
def main():
sssd_conf = None
sssd_setup()
if os.path.exists(SSSD_CONFIGFILE):
sssd_conf = SSSD_CONFIGFILE
def nullfunc(): pass
sc = SSSDConf(path=sssd_conf, parse=nullfunc)
if not sc['sssd']:
sc['sssd'] = SSSDSectionSSSD()
sc['sssd'].config_file_version = 2
if not sc['nss']:
sc['nss'] = SSSDSectionNSS()
sc['sssd'].add_service('nss')
if not sc['pam']:
sc['pam'] = SSSDSectionPAM()
sc['sssd'].add_service('pam')
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory(sc)
if ldap_enabled():
add_ldap(sc)
sc.save(SSSD_CONFIGFILE)
def get_directoryservice_cookie():
if activedirectory_enabled():
return get_activedirectory_cookie()
if ldap_enabled():
return get_ldap_cookie()
return None
def main():
ldap_conf = "/usr/local/etc/openldap/ldap.conf"
if ldap_enabled():
ldap_conf_ldap(ldap_conf)
elif activedirectory_enabled():
ldap_conf_activedirectory(ldap_conf)
def main():
ldap_conf = "/usr/local/etc/openldap/ldap.conf"
if ldap_enabled():
ldap_conf_ldap(ldap_conf)
elif activedirectory_enabled():
ldap_conf_activedirectory(ldap_conf)
def main():
sssd_conf = None
sssd_setup()
if os.path.exists(SSSD_CONFIGFILE):
sssd_conf = SSSD_CONFIGFILE
def nullfunc():
pass
sc = SSSDConf(path=sssd_conf, parse=nullfunc)
if not sc['sssd']:
sc['sssd'] = SSSDSectionSSSD()
sc['sssd'].config_file_version = 2
sc['sssd'].full_name_format = r"%2$s\%1$s"
sc['sssd'].re_expression = r"(((?P<domain>[^\\]+)\\(?P<name>.+$))" \
r"|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))"
if not sc['nss']:
sc['nss'] = SSSDSectionNSS()
sc['sssd'].add_service('nss')
if not sc['pam']:
sc['pam'] = SSSDSectionPAM()
sc['sssd'].add_service('pam')
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory(sc)
if ldap_enabled():
add_ldap(sc)
sc.save(SSSD_CONFIGFILE)
def get_directoryservice_cookie():
if activedirectory_enabled():
return get_activedirectory_cookie()
if ldap_enabled():
return get_ldap_cookie()
return None
def main():
nsswitch_conf = {
'group': ['files'],
'hosts': ['files', 'dns'],
'networks': ['files'],
'passwd': ['files'],
'shells': ['files'],
'services': ['files'],
'protocols': ['files'],
'rpc': ['files']
}
if activedirectory_enabled() and activedirectory_has_unix_extensions():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
elif activedirectory_enabled() or \
domaincontroller_enabled() or nt4_enabled():
nsswitch_conf['passwd'].append('winbind')
nsswitch_conf['group'].append('winbind')
if nt4_enabled():
nsswitch_conf['hosts'].append('wins')
if ldap_enabled():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
if nis_enabled():
nsswitch_conf['passwd'].append('nis')
nsswitch_conf['group'].append('nis')
nsswitch_conf['hosts'].append('nis')
try:
fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
for key in nsswitch_conf:
line = "%s: %s\n" % (
key.strip(),
string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
)
os.write(fd, line)
os.close(fd)
except Exception as e:
print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
sys.exit(1)
def get_activedirectory_cookie():
cookie = ''
if activedirectory_enabled():
cifs = CIFS.objects.latest('id')
cookie = cifs.get_netbiosname().upper()
parts = cookie.split('.')
cookie = parts[0]
return cookie
def get_activedirectory_cookie():
cookie = ''
if activedirectory_enabled():
activedirectory = ActiveDirectory.objects.all()[0]
cookie = activedirectory.ad_netbiosname.upper()
parts = cookie.split('.')
cookie = parts[0]
return cookie
def get_activedirectory_cookie():
cookie = ''
if activedirectory_enabled():
activedirectory = ActiveDirectory.objects.all()[0]
cookie = activedirectory.ad_netbiosname.upper()
parts = cookie.split('.')
cookie = parts[0]
return cookie
def main():
nsswitch_conf = {
'group': ['files'],
'hosts': ['files', 'dns'],
'networks': ['files'],
'passwd': ['files'],
'shells': ['files'],
'services': ['files'],
'protocols': ['files'],
'rpc': ['files']
}
if activedirectory_enabled() and activedirectory_has_unix_extensions():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
elif activedirectory_enabled() or \
domaincontroller_enabled() or nt4_enabled():
nsswitch_conf['passwd'].append('winbind')
nsswitch_conf['group'].append('winbind')
if ldap_enabled():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
if nis_enabled():
nsswitch_conf['passwd'].append('nis')
nsswitch_conf['group'].append('nis')
nsswitch_conf['hosts'].append('nis')
try:
fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
for key in nsswitch_conf:
line = "%s: %s\n" % (
key.strip(),
string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
)
os.write(fd, line)
os.close(fd)
except Exception as e:
print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
sys.exit(1)
def _get_dflags():
dflags = 0
if activedirectory_enabled():
dflags |= U_AD_ENABLED
elif nis_enabled():
dflags |= U_NIS_ENABLED
elif ldap_enabled():
dflags |= U_LDAP_ENABLED
return dflags
def __new__(cls, **kwargs):
log.debug("FreeNAS_GroupCache.__new__: enter")
obj = None
if (ldap_enabled() or activedirectory_enabled() or nis_enabled()):
obj = FreeNAS_Directory_LocalGroupCache(**kwargs)
else:
obj = FreeNAS_BaseCache(**kwargs)
log.debug("FreeNAS_GroupCache.__new__: leave")
return obj
def cache_count(**kwargs):
if activedirectory_enabled():
_cache_count_ActiveDirectory(**kwargs)
elif nis_enabled():
_cache_count_NIS(**kwargs)
elif ldap_enabled():
_cache_count_default(**kwargs)
else:
_cache_count_default(**kwargs)
def cache_count(**kwargs):
if activedirectory_enabled():
_cache_count_ActiveDirectory(**kwargs)
elif nt4_enabled():
_cache_count_NT4(**kwargs)
elif ldap_enabled():
_cache_count_default(**kwargs)
else:
_cache_count_default(**kwargs)
def cache_rawdump(**kwargs):
if activedirectory_enabled():
_cache_rawdump_ActiveDirectory(**kwargs)
elif nis_enabled():
_cache_rawdump_NIS(**kwargs)
elif ldap_enabled():
_cache_rawdump_default(**kwargs)
else:
_cache_rawdump_default(**kwargs)
def cache_check(**kwargs):
if activedirectory_enabled():
_cache_check_ActiveDirectory(**kwargs)
elif nis_enabled():
_cache_check_NIS(**kwargs)
elif ldap_enabled():
_cache_check_default(**kwargs)
else:
_cache_check_default(**kwargs)
def cache_check(**kwargs):
if activedirectory_enabled():
_cache_check_ActiveDirectory(**kwargs)
elif nt4_enabled():
_cache_check_NT4(**kwargs)
elif ldap_enabled():
_cache_check_default(**kwargs)
else:
_cache_check_default(**kwargs)
def cache_rawdump(**kwargs):
if activedirectory_enabled():
_cache_rawdump_ActiveDirectory(**kwargs)
elif nt4_enabled():
_cache_rawdump_NT4(**kwargs)
elif ldap_enabled():
_cache_rawdump_default(**kwargs)
else:
_cache_rawdump_default(**kwargs)
def main():
smb_conf_path = "/usr/local/etc/smb4.conf"
smb4_tdb = []
smb4_conf = []
smb4_shares = []
backup_secrets_database()
smb4_setup()
old_samba4_datasets = get_old_samba4_datasets()
if migration_available(old_samba4_datasets):
do_migration(old_samba4_datasets)
role = get_server_role()
generate_smbusers()
generate_smb4_tdb(smb4_tdb)
generate_smb4_conf(smb4_conf, role)
generate_smb4_system_shares(smb4_shares)
generate_smb4_shares(smb4_shares)
if role == 'dc' and not Samba4().domain_provisioned():
provision_smb4()
with open(smb_conf_path, "w") as f:
for line in smb4_conf:
f.write(line + '\n')
for line in smb4_shares:
f.write(line + '\n')
smb4_set_SID()
if role == 'member' and smb4_ldap_enabled():
set_ldap_password()
backup_secrets_database()
if role != 'dc':
if not Samba4().users_imported():
smb4_import_users(
smb_conf_path,
smb4_tdb,
"/var/db/samba4/private/passdb.tdb"
)
smb4_grant_rights()
Samba4().user_import_sentinel_file_create()
smb4_map_groups()
if role == 'member' and activedirectory_enabled() and idmap_backend_rfc2307():
set_idmap_rfc2307_secret()
restore_secrets_database()
def get_server_role():
role = "standalone"
if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled():
role = "member"
if domaincontroller_enabled():
try:
dc = DomainController.objects.all()[0]
role = dc.dc_role
except:
pass
return role
def get_server_role():
role = "standalone"
if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled():
role = "member"
if domaincontroller_enabled():
try:
dc = DomainController.objects.all()[0]
role = dc.dc_role
except:
pass
return role
def _get_dflags():
dflags = 0
if activedirectory_enabled():
dflags |= U_AD_ENABLED
elif nis_enabled():
dflags |= U_NIS_ENABLED
elif ldap_enabled():
dflags |= U_LDAP_ENABLED
elif domaincontroller_enabled():
dflags |= U_DC_ENABLED
return dflags
def __new__(cls, **kwargs):
log.debug("FreeNAS_GroupCache.__new__: enter")
obj = None
if ldap_enabled() or activedirectory_enabled() or \
nt4_enabled() or nis_enabled():
obj = FreeNAS_Directory_LocalGroupCache(**kwargs)
else:
obj = FreeNAS_BaseCache(**kwargs)
log.debug("FreeNAS_GroupCache.__new__: leave")
return obj
def _get_dflags():
dflags = 0
if activedirectory_enabled():
dflags |= U_AD_ENABLED
elif nt4_enabled():
dflags |= U_NT4_ENABLED
elif nis_enabled():
dflags |= U_NIS_ENABLED
elif ldap_enabled():
dflags |= U_LDAP_ENABLED
return dflags
def __new__(cls, **kwargs):
log.debug("FreeNAS_UserCache.__new__: enter")
obj = None
if ldap_enabled() or activedirectory_enabled() or \
nt4_enabled() or nis_enabled() or domaincontroller_enabled():
obj = FreeNAS_Directory_LocalUserCache(**kwargs)
else:
obj = FreeNAS_BaseCache(**kwargs)
log.debug("FreeNAS_UserCache.__new__: leave")
return obj
def __init__(self, *args, **kwargs):
super(CIFSForm, self).__init__(*args, **kwargs)
if self.data and self.data.get('cifs_srv_bindip'):
if ',' in self.data['cifs_srv_bindip']:
self.data = self.data.copy()
self.data.setlist('cifs_srv_bindip',
self.data['cifs_srv_bindip'].split(','))
self.fields['cifs_srv_bindip'].choices = list(
choices.IPChoices(noloopback=False))
self.fields[
'cifs_srv_unixcharset'].choices = choices.UNIXCHARSET_CHOICES()
if self.instance.id and self.instance.cifs_srv_bindip:
bindips = []
for ip in self.instance.cifs_srv_bindip:
bindips.append(ip)
self.fields['cifs_srv_bindip'].initial = (bindips)
else:
self.fields['cifs_srv_bindip'].initial = ('')
if activedirectory_enabled():
self.initial['cifs_srv_localmaster'] = False
self.fields['cifs_srv_localmaster'].widget.attrs[
'disabled'] = 'disabled'
self.initial['cifs_srv_timeserver'] = False
self.fields['cifs_srv_timeserver'].widget.attrs[
'disabled'] = 'disabled'
self.initial['cifs_srv_domain_logons'] = False
self.fields['cifs_srv_domain_logons'].widget.attrs[
'disabled'] = 'disabled'
elif ldap_enabled():
self.initial['cifs_srv_domain_logons'] = True
self.fields['cifs_srv_domain_logons'].widget.attrs[
'readonly'] = True
_n = notifier()
if not _n.is_freenas():
if not _n.failover_licensed():
del self.fields['cifs_srv_netbiosname_b']
else:
from freenasUI.failover.utils import node_label_field
node_label_field(
_n.failover_node(),
self.fields['cifs_srv_netbiosname'],
self.fields['cifs_srv_netbiosname_b'],
)
else:
del self.fields['cifs_srv_netbiosname_b']
def __new__(cls, **kwargs):
log.debug("FreeNAS_UserCache.__new__: enter")
obj = None
if (
ldap_enabled() or activedirectory_enabled() or nis_enabled() or domaincontroller_enabled()
):
obj = FreeNAS_Directory_LocalUserCache(**kwargs)
else:
obj = FreeNAS_BaseCache(**kwargs)
log.debug("FreeNAS_UserCache.__new__: leave")
return obj
def run(context):
global dispatcher
dispatcher = context.client
smb_conf_path = "/usr/local/etc/smb4.conf"
smb4_tdb = []
smb4_conf = []
smb4_shares = []
smb4_setup()
old_samba4_datasets = get_old_samba4_datasets()
if migration_available(old_samba4_datasets):
do_migration(old_samba4_datasets)
role = get_server_role()
generate_smb4_tdb(smb4_tdb)
generate_smb4_conf(smb4_conf, role)
generate_smb4_system_shares(smb4_shares)
generate_smb4_shares(smb4_shares)
if role == 'dc' and not Samba4().domain_provisioned():
provision_smb4()
with open(smb_conf_path, "w") as f:
for line in smb4_conf:
f.write(line + '\n')
for line in smb4_shares:
f.write(line + '\n')
f.close()
context.emit_event('etcd.file_generated', {
'filename': smb_conf_path
})
smb4_set_SID()
if role == 'member' and smb4_ldap_enabled():
set_ldap_password()
if role != 'dc':
smb4_import_users(smb_conf_path, smb4_tdb,
"/var/etc/private/passdb.tdb")
smb4_map_groups()
smb4_grant_rights()
if role == 'member' and activedirectory_enabled() and idmap_backend_rfc2307():
set_idmap_rfc2307_secret()
def cache_keys(**kwargs):
if activedirectory_enabled():
_cache_keys_ActiveDirectory(**kwargs)
elif nis_enabled():
_cache_keys_NIS(**kwargs)
elif nt4_enabled():
_cache_keys_NT4(**kwargs)
elif ldap_enabled():
_cache_keys_default(**kwargs)
else:
_cache_keys_default(**kwargs)
def cache_keys(**kwargs):
if activedirectory_enabled():
_cache_keys_ActiveDirectory(**kwargs)
elif nis_enabled():
_cache_keys_NIS(**kwargs)
elif nt4_enabled():
_cache_keys_NT4(**kwargs)
elif ldap_enabled():
_cache_keys_default(**kwargs)
else:
_cache_keys_default(**kwargs)
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_LocalGroupCache(**kwargs)
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
return obj
def _get_dflags():
dflags = 0
if activedirectory_enabled():
dflags |= U_AD_ENABLED
elif nt4_enabled():
dflags |= U_NT4_ENABLED
elif nis_enabled():
dflags |= U_NIS_ENABLED
elif ldap_enabled():
dflags |= U_LDAP_ENABLED
elif domaincontroller_enabled():
dflags |= U_DC_ENABLED
return dflags
def __init__(self, *args, **kwargs):
super(CIFSForm, self).__init__(*args, **kwargs)
if self.data and self.data.get('cifs_srv_bindip'):
if ',' in self.data['cifs_srv_bindip']:
self.data = self.data.copy()
self.data.setlist(
'cifs_srv_bindip',
self.data['cifs_srv_bindip'].split(',')
)
self.fields['cifs_srv_bindip'].choices = list(choices.IPChoices(noloopback=False))
self.fields['cifs_srv_unixcharset'].choices = choices.UNIXCHARSET_CHOICES()
if self.instance.id and self.instance.cifs_srv_bindip:
bindips = []
for ip in self.instance.cifs_srv_bindip:
bindips.append(ip)
self.fields['cifs_srv_bindip'].initial = (bindips)
else:
self.fields['cifs_srv_bindip'].initial = ('')
if activedirectory_enabled():
self.initial['cifs_srv_localmaster'] = False
self.fields['cifs_srv_localmaster'].widget.attrs['disabled'] = 'disabled'
self.initial['cifs_srv_timeserver'] = False
self.fields['cifs_srv_timeserver'].widget.attrs['disabled'] = 'disabled'
self.initial['cifs_srv_domain_logons'] = False
self.fields['cifs_srv_domain_logons'].widget.attrs['disabled'] = 'disabled'
elif ldap_enabled():
self.initial['cifs_srv_domain_logons'] = True
self.fields['cifs_srv_domain_logons'].widget.attrs['readonly'] = True
_n = notifier()
if not _n.is_freenas():
if not _n.failover_licensed():
del self.fields['cifs_srv_netbiosname_b']
else:
from freenasUI.failover.utils import node_label_field
node_label_field(
_n.failover_node(),
self.fields['cifs_srv_netbiosname'],
self.fields['cifs_srv_netbiosname_b'],
)
else:
del self.fields['cifs_srv_netbiosname_b']
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_UserCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_UserCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_UserCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_UserCache(**kwargs)
elif domaincontroller_enabled():
obj = FreeNAS_DomainController_UserCache(**kwargs)
log.debug("FreeNAS_Directory_UserCache.__new__: leave")
return obj
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)
elif nt4_enabled():
obj = FreeNAS_NT4_LocalGroupCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_LocalGroupCache(**kwargs)
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
return obj
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_LocalUserCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_LocalUserCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_LocalUserCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_LocalUserCache(**kwargs)
elif domaincontroller_enabled():
obj = FreeNAS_DomainController_LocalUserCache(**kwargs)
log.debug("FreeNAS_Directory_LocalUserCache.__new__: leave")
return obj
def main():
sssd_setup()
sc = SSSDConf(configfile=SSSD_CONFIGFILE)
if not sc['sssd']:
sc['sssd'] = SSSDSectionSSSD()
if not sc['nss']:
sc['nss'] = SSSDSectionNSS()
sc['sssd'].add_service('nss')
if not sc['pam']:
sc['pam'] = SSSDSectionPAM()
sc['sssd'].add_service('pam')
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory(sc)
if ldap_enabled():
add_ldap(sc)
sc.save(SSSD_CONFIGFILE)
def main():
sssd_setup()
sc = SSSDConf(configfile=SSSD_CONFIGFILE)
if not sc['sssd']:
sc['sssd'] = SSSDSectionSSSD()
if not sc['nss']:
sc['nss'] = SSSDSectionNSS()
sc['sssd'].add_service('nss')
if not sc['pam']:
sc['pam'] = SSSDSectionPAM()
sc['sssd'].add_service('pam')
if activedirectory_enabled() and activedirectory_has_unix_extensions():
add_activedirectory(sc)
if ldap_enabled():
add_ldap(sc)
sc.save(SSSD_CONFIGFILE)
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = "ftp"
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
if os.path.exists("/usr/local/etc/smbusers"):
confset1(smb4_conf, "username map = /usr/local/etc/smbusers")
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = []
bindips = string.join(cifs.cifs_srv_bindip, " ")
if role != "dc":
bindips = "127.0.0.1 %s" % bindips
n = notifier()
bindips = bindips.split()
for bindip in bindips:
if not bindip:
continue
bindip = bindip.strip()
iface = n.get_interface(bindip)
if iface and n.is_carp_interface(iface):
parent_iface = n.get_parent_interface(iface)
if not parent_iface:
continue
parent_iinfo = n.get_interface_info(parent_iface[0])
if not parent_iinfo:
continue
interfaces.append("%s/%s" % (bindip, parent_iface[2]))
else:
interfaces.append(bindip)
if interfaces:
confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d", long(get_sysctl("kern.maxfilesperproc")) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
else:
confset1(smb4_conf, "syslog only = no")
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "syslog = %s", cifs.cifs_srv_loglevel)
else:
confset1(smb4_conf, "syslog = 0")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode("utf8"))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")
confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset1(smb4_conf, "lm announce = yes")
confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "acl check permissions = true")
confset1(smb4_conf, "dos filemode = yes")
confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no")
if not smb4_ldap_enabled():
confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no")
if not nt4_enabled() and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no")
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, "tdb")
configure_idmap_backend(smb4_conf, idmap, None)
if role == "auto":
confset1(smb4_conf, "server role = auto")
elif role == "classic":
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == "netbios":
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == "dc":
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == "member":
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif smb4_ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == "standalone":
confset1(smb4_conf, "server role = standalone")
set_netbiosname(smb4_conf, cifs.cifs_srv_netbiosname)
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != "dc":
confset1(smb4_conf, "pid directory = /var/run/samba")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
smb_options = cifs.cifs_srv_smb_options.encode("utf-8")
smb_options = smb_options.strip()
for line in smb_options.split("\n"):
line = line.strip()
if not line:
continue
confset1(smb4_conf, line)
def generate_smb4_shares(smb4_shares):
try:
shares = CIFS_Share.objects.all()
except:
return
if len(shares) == 0:
return
for share in shares:
if not share.cifs_home and not os.path.isdir(share.cifs_path.encode("utf8")):
continue
confset1(smb4_shares, "\n")
if share.cifs_home:
confset1(smb4_shares, "[homes]", space=0)
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
confset2(smb4_shares, "valid users = %s", valid_users)
if share.cifs_path:
cifs_homedir_path = u"%s/%s" % (share.cifs_path, valid_users_path)
confset2(smb4_shares, "path = %s", cifs_homedir_path.encode("utf8"))
if share.cifs_comment:
confset2(smb4_shares, "comment = %s", share.cifs_comment.encode("utf8"))
else:
confset1(smb4_shares, "comment = Home Directories")
else:
confset2(smb4_shares, "[%s]", share.cifs_name.encode("utf8"), space=0)
confset2(smb4_shares, "path = %s", share.cifs_path.encode("utf8"))
confset2(smb4_shares, "comment = %s", share.cifs_comment.encode("utf8"))
confset1(smb4_shares, "printable = no")
confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/")
confset2(smb4_shares, "writeable = %s", "no" if share.cifs_ro else "yes")
confset2(smb4_shares, "browseable = %s", "yes" if share.cifs_browsable else "no")
task = None
if share.cifs_storage_task:
task = share.cifs_storage_task
vfs_objects = []
if task:
vfs_objects.append("shadow_copy2")
extend_vfs_objects_for_zfs(share.cifs_path, vfs_objects)
vfs_objects.extend(share.cifs_vfsobjects)
if share.cifs_recyclebin:
vfs_objects.append("recycle")
confset1(smb4_shares, "recycle:repository = .recycle/%U")
confset1(smb4_shares, "recycle:keeptree = yes")
confset1(smb4_shares, "recycle:versions = yes")
confset1(smb4_shares, "recycle:touch = yes")
confset1(smb4_shares, "recycle:directory_mode = 0777")
confset1(smb4_shares, "recycle:subdir_mode = 0700")
if task:
confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot")
confset1(smb4_shares, "shadow:sort = desc")
confset1(smb4_shares, "shadow:localtime = yes")
confset1(
smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" % (task.task_ret_count, task.task_ret_unit[0])
)
confset1(smb4_shares, "shadow:snapdirseverywhere = yes")
config_share_for_vfs_objects(smb4_shares, vfs_objects)
confset2(smb4_shares, "hide dot files = %s", "no" if share.cifs_showhiddenfiles else "yes")
confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow)
confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny)
confset2(smb4_shares, "guest ok = %s", "yes" if share.cifs_guestok else "no")
confset2(smb4_shares, "guest only = %s", "yes" if share.cifs_guestonly else False)
config_share_for_nfs4(smb4_shares)
config_share_for_zfs(smb4_shares)
for line in share.cifs_auxsmbconf.split("\n"):
line = line.strip()
if not line:
continue
line = line.encode("utf-8")
confset1(smb4_shares, line)
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
if os.path.exists("/usr/local/etc/smbusers"):
confset1(smb4_conf, "username map = /usr/local/etc/smbusers")
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = []
bindips = string.join(cifs.cifs_srv_bindip, ' ')
if role != 'dc':
bindips = "127.0.0.1 %s" % bindips
n = notifier()
bindips = bindips.split()
for bindip in bindips:
if not bindip:
continue
bindip = bindip.strip()
iface = n.get_interface(bindip)
if iface and n.is_carp_interface(iface):
parent_iface = n.get_parent_interface(iface)
if not parent_iface:
continue
parent_iinfo = n.get_interface_info(parent_iface[0])
if not parent_iinfo:
continue
interfaces.append("%s/%s" % (bindip, parent_iface[2]))
else:
interfaces.append(bindip)
if interfaces:
confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d",
long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
loglevel = cifs.cifs_srv_loglevel
else:
loglevel = "0"
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "logging = syslog:%s" % loglevel)
else:
confset1(smb4_conf, "logging = file")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s",
cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf,
"panic action = /usr/local/libexec/samba/samba-backtrace")
confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset1(smb4_conf, "lm announce = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "dos filemode = yes")
confset2(smb4_conf, "multicast dns register = %s",
"yes" if cifs.cifs_srv_zeroconf else "no")
if not smb4_ldap_enabled():
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
if (not nt4_enabled() and not activedirectory_enabled()):
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else "no")
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
configure_idmap_backend(smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif smb4_ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
smb_options = cifs.cifs_srv_smb_options.encode('utf-8')
smb_options = smb_options.strip()
for line in smb_options.split('\n'):
line = line.strip()
if not line:
continue
confset1(smb4_conf, line)
def main():
"""Use the django ORM to generate a config file. We'll build the
config file as a series of lines, and once that is done write it
out in one go"""
map_acls_mode = False
afp_config = "/usr/local/etc/afp.conf"
cf_contents = []
afp = AFP.objects.order_by('-id')[0]
cf_contents.append("[Global]\n")
uam_list = ['uams_dhx.so', 'uams_dhx2.so']
if afp.afp_srv_guest:
uam_list.append('uams_guest.so')
cf_contents.append('\tguest account = %s\n' % afp.afp_srv_guest_user)
# uams_gss.so bails out with an error if kerberos isn't configured
if KerberosKeytab.objects.count() > 0:
uam_list.append('uams_gss.so')
cf_contents.append('\tuam list = %s\n' % (" ").join(uam_list))
if afp.afp_srv_bindip:
cf_contents.append("\tafp listen = %s\n" %
' '.join(afp.afp_srv_bindip))
cf_contents.append("\tmax connections = %s\n" %
afp.afp_srv_connections_limit)
cf_contents.append("\tmimic model = RackMac\n")
if afp.afp_srv_dbpath:
cf_contents.append("\tvol dbnest = no\n")
cf_contents.append("\tvol dbpath = %s\n" % afp.afp_srv_dbpath)
else:
cf_contents.append("\tvol dbnest = yes\n")
if afp.afp_srv_global_aux:
cf_contents.append("\t%s" % afp.afp_srv_global_aux.encode('utf8'))
if afp.afp_srv_map_acls:
cf_contents.append("\tmap acls = %s\n" % afp.afp_srv_map_acls)
if afp.afp_srv_map_acls == 'mode' and activedirectory_enabled():
map_acls_mode = True
if map_acls_mode:
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
cf_contents.append("\tldap auth method = %s\n" % "simple")
cf_contents.append("\tldap auth dn = %s\n" % ad.binddn)
cf_contents.append("\tldap auth pw = %s\n" % ad.bindpw)
cf_contents.append("\tldap server = %s\n" % ad.domainname)
cf_contents.append("\tldap userbase = %s\n" % ad.userdn)
cf_contents.append("\tldap userscope = %s\n" % "sub")
cf_contents.append("\tldap groupbase = %s\n" % ad.groupdn)
cf_contents.append("\tldap groupscope = %s\n" % "sub")
cf_contents.append("\tldap user filter = %s\n" % "objectclass=user")
cf_contents.append("\tldap group filter = %s\n" % "objectclass=group")
cf_contents.append("\tldap uuid attr = %s\n" % "objectGUID")
cf_contents.append("\tldap uuid encoding = %s\n" % "ms-guid")
cf_contents.append("\tldap name attr = %s\n" % "sAMAccountName")
cf_contents.append("\tldap group attr = %s\n" % "sAMAccountName")
cf_contents.append("\n")
if afp.afp_srv_homedir_enable:
cf_contents.append("[Homes]\n")
cf_contents.append("\tbasedir regex = %s\n" % afp.afp_srv_homedir)
if afp.afp_srv_homename:
cf_contents.append("\thome name = %s\n" % afp.afp_srv_homename)
cf_contents.append("\n")
for share in AFP_Share.objects.all():
cf_contents.append("[%s]\n" % share.afp_name)
cf_contents.append("\tpath = %s\n" % share.afp_path)
if share.afp_allow:
cf_contents.append("\tvalid users = %s\n" % share.afp_allow)
if share.afp_deny:
cf_contents.append("\tinvalid users = %s\n" % share.afp_deny)
if share.afp_hostsallow:
cf_contents.append("\thosts allow = %s\n" % share.afp_hostsallow)
if share.afp_hostsdeny:
cf_contents.append("\thosts deny = %s\n" % share.afp_hostsdeny)
if share.afp_ro:
cf_contents.append("\trolist = %s\n" % share.afp_ro)
if share.afp_rw:
cf_contents.append("\trwlist = %s\n" % share.afp_rw)
if share.afp_timemachine:
cf_contents.append("\ttime machine = yes\n")
if not share.afp_nodev:
cf_contents.append("\tcnid dev = no\n")
if share.afp_nostat:
cf_contents.append("\tstat vol = no\n")
if not share.afp_upriv:
cf_contents.append("\tunix priv = no\n")
else:
if share.afp_fperm and not map_acls_mode:
cf_contents.append("\tfile perm = %s\n" % share.afp_fperm)
if share.afp_dperm and not map_acls_mode:
cf_contents.append("\tdirectory perm = %s\n" % share.afp_dperm)
if share.afp_umask and not map_acls_mode:
cf_contents.append("\tumask = %s\n" % share.afp_umask)
cf_contents.append("\tveto files = .windows/.mac/\n")
if map_acls_mode:
cf_contents.append("\tacls = yes\n")
with open(afp_config, "w") as fh:
for line in cf_contents:
fh.write(line)
if sid != sidval:
sanity = False
if sanity:
sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI'])
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')
import django
django.setup()
from freenasUI.common.system import (activedirectory_enabled,
domaincontroller_enabled,
ldap_enabled, nt4_enabled)
if (activedirectory_enabled() or domaincontroller_enabled()
or ldap_enabled() or nt4_enabled()):
print "A directory service is enabled, aborting without making changes."
exit(1)
print "detected SID: %s\n" % sidval
from freenasUI.services.models import CIFS
cifs = CIFS.objects.all()[0]
print "database SID: %s\n" % cifs.cifs_SID
if cifs.cifs_SID != sidval:
cifs.cifs_SID = sidval
print "Saving detected SID to the database"
cifs.save()
print "Please either reboot the system or run the following commands as root:"
print "service samba_server stop"
print "service ix-pre-samba start"
def generate_smb4_shares(smb4_shares):
try:
shares = CIFS_Share.objects.all()
except:
return
if len(shares) == 0:
return
p = pipeopen("zfs list -H -o mountpoint,name")
zfsout = p.communicate()[0].split('\n')
if p.returncode != 0:
zfsout = []
for share in shares:
if not os.path.isdir(
share.cifs_path.encode('utf8')) and not share.cifs_home:
continue
task = False
for line in zfsout:
try:
zfs_mp, zfs_ds = line.split()
if share.cifs_path == zfs_mp or share.cifs_path.startswith(
"%s/" % zfs_mp):
if share.cifs_path == zfs_mp:
task = Task.objects.filter(task_filesystem=zfs_ds)[0]
else:
task = Task.objects.filter(
Q(task_filesystem=zfs_ds)
& Q(task_recursive=True))[0]
break
except:
pass
confset1(smb4_shares, "\n")
if share.cifs_home:
confset1(smb4_shares, "[homes]", space=0)
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
confset2(smb4_shares, "valid users = %s", valid_users)
if share.cifs_path:
cifs_homedir_path = u"%s/%s" % (share.cifs_path,
valid_users_path)
confset2(smb4_shares, "path = %s",
cifs_homedir_path.encode('utf8'))
if share.cifs_comment:
confset2(smb4_shares, "comment = %s",
share.cifs_comment.encode('utf8'))
else:
confset1(smb4_shares, "comment = Home Directories")
else:
confset2(smb4_shares,
"[%s]",
share.cifs_name.encode('utf8'),
space=0)
confset2(smb4_shares, "path = %s", share.cifs_path.encode('utf8'))
confset2(smb4_shares, "comment = %s",
share.cifs_comment.encode('utf8'))
confset1(smb4_shares, "printable = no")
confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/")
confset2(smb4_shares, "writeable = %s",
"no" if share.cifs_ro else "yes")
confset2(smb4_shares, "browseable = %s",
"yes" if share.cifs_browsable else "no")
vfs_objects = []
if share.cifs_recyclebin:
vfs_objects.append('recycle')
if task:
vfs_objects.append('shadow_copy2')
if is_within_zfs(share.cifs_path):
vfs_objects.append('zfsacl')
vfs_objects.extend(share.cifs_vfsobjects)
confset1(smb4_shares, "recycle:repository = .recycle/%U")
confset1(smb4_shares, "recycle:keeptree = yes")
confset1(smb4_shares, "recycle:versions = yes")
confset1(smb4_shares, "recycle:touch = yes")
confset1(smb4_shares, "recycle:directory_mode = 0777")
confset1(smb4_shares, "recycle:subdir_mode = 0700")
if task:
confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot")
confset1(smb4_shares, "shadow:sort = desc")
confset1(smb4_shares, "shadow:localtime = yes")
confset1(
smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" %
(task.task_ret_count, task.task_ret_unit[0]))
if vfs_objects:
confset2(smb4_shares, "vfs objects = %s",
' '.join(vfs_objects).encode('utf8'))
confset2(smb4_shares, "hide dot files = %s",
"no" if share.cifs_showhiddenfiles else "yes")
confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow)
confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny)
confset2(smb4_shares, "guest ok = %s",
"yes" if share.cifs_guestok else "no")
confset2(smb4_shares, "guest only = %s",
"yes" if share.cifs_guestonly else False)
confset1(smb4_shares, "nfs4:mode = special")
confset1(smb4_shares, "nfs4:acedup = merge")
confset1(smb4_shares, "nfs4:chown = true")
confset1(smb4_shares, "zfsacl:acesort = dontcare")
for line in share.cifs_auxsmbconf.split('\n'):
confset1(smb4_shares, line)
def main():
"""Use the django ORM to generate a config file. We'll build the
config file as a series of lines, and once that is done write it
out in one go"""
map_acls_mode = False
afp_config = "/usr/local/etc/afp.conf"
cf_contents = []
afp = AFP.objects.order_by('-id')[0]
cf_contents.append("[Global]\n")
uam_list = ['uams_dhx.so', 'uams_dhx2.so']
if afp.afp_srv_guest:
uam_list.append('uams_guest.so')
cf_contents.append('\tguest account = %s\n' % afp.afp_srv_guest_user)
# uams_gss.so bails out with an error if kerberos isn't configured
if KerberosKeytab.objects.count() > 0:
uam_list.append('uams_gss.so')
cf_contents.append('\tuam list = %s\n' % (" ").join(uam_list))
if afp.afp_srv_bindip:
cf_contents.append("\tafp listen = %s\n" % ' '.join(afp.afp_srv_bindip))
cf_contents.append("\tmax connections = %s\n" % afp.afp_srv_connections_limit)
cf_contents.append("\tmimic model = RackMac\n")
if afp.afp_srv_dbpath:
cf_contents.append("\tvol dbnest = no\n")
cf_contents.append("\tvol dbpath = %s\n" % afp.afp_srv_dbpath)
else:
cf_contents.append("\tvol dbnest = yes\n")
if afp.afp_srv_global_aux:
cf_contents.append("\t%s" % afp.afp_srv_global_aux.encode('utf8'))
if afp.afp_srv_map_acls:
cf_contents.append("\tmap acls = %s\n" % afp.afp_srv_map_acls)
if afp.afp_srv_map_acls == 'mode' and activedirectory_enabled():
map_acls_mode = True
if map_acls_mode:
ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT)
cf_contents.append("\tldap auth method = %s\n" % "simple")
cf_contents.append("\tldap auth dn = %s\n" % ad.binddn)
cf_contents.append("\tldap auth pw = %s\n" % ad.bindpw)
cf_contents.append("\tldap server = %s\n" % ad.domainname)
cf_contents.append("\tldap userbase = %s\n" % ad.userdn)
cf_contents.append("\tldap userscope = %s\n" % "sub")
cf_contents.append("\tldap groupbase = %s\n" % ad.groupdn)
cf_contents.append("\tldap groupscope = %s\n" % "sub")
cf_contents.append("\tldap user filter = %s\n" % "objectclass=user")
cf_contents.append("\tldap group filter = %s\n" % "objectclass=group")
cf_contents.append("\tldap uuid attr = %s\n" % "objectGUID")
cf_contents.append("\tldap uuid encoding = %s\n" % "ms-guid")
cf_contents.append("\tldap name attr = %s\n" % "sAMAccountName")
cf_contents.append("\tldap group attr = %s\n" % "sAMAccountName")
cf_contents.append("\n")
if afp.afp_srv_homedir_enable:
cf_contents.append("[Homes]\n")
cf_contents.append("\tbasedir regex = %s\n" % afp.afp_srv_homedir)
if afp.afp_srv_homename:
cf_contents.append("\thome name = %s\n" % afp.afp_srv_homename)
cf_contents.append("\n")
for share in AFP_Share.objects.all():
cf_contents.append("[%s]\n" % share.afp_name)
cf_contents.append("\tpath = %s\n" % share.afp_path)
if share.afp_allow:
cf_contents.append("\tvalid users = %s\n" % share.afp_allow)
if share.afp_deny:
cf_contents.append("\tinvalid users = %s\n" % share.afp_deny)
if share.afp_hostsallow:
cf_contents.append("\thosts allow = %s\n" % share.afp_hostsallow)
if share.afp_hostsdeny:
cf_contents.append("\thosts deny = %s\n" % share.afp_hostsdeny)
if share.afp_ro:
cf_contents.append("\trolist = %s\n" % share.afp_ro)
if share.afp_rw:
cf_contents.append("\trwlist = %s\n" % share.afp_rw)
if share.afp_timemachine:
cf_contents.append("\ttime machine = yes\n")
if not share.afp_nodev:
cf_contents.append("\tcnid dev = no\n")
if share.afp_nostat:
cf_contents.append("\tstat vol = no\n")
if not share.afp_upriv:
cf_contents.append("\tunix priv = no\n")
else:
if share.afp_fperm and not map_acls_mode:
cf_contents.append("\tfile perm = %s\n" % share.afp_fperm)
if share.afp_dperm and not map_acls_mode:
cf_contents.append("\tdirectory perm = %s\n" % share.afp_dperm)
if share.afp_umask and not map_acls_mode:
cf_contents.append("\tumask = %s\n" % share.afp_umask)
cf_contents.append("\tveto files = .windows/.mac/\n")
if map_acls_mode:
cf_contents.append("\tacls = yes\n")
with open(afp_config, "w") as fh:
for line in cf_contents:
fh.write(line)
def generate_smb4_shares(smb4_shares):
try:
shares = CIFS_Share.objects.all()
except:
return
if len(shares) == 0:
return
for share in shares:
if (not share.cifs_home and
not os.path.isdir(share.cifs_path.encode('utf8'))):
continue
confset1(smb4_shares, "\n")
if share.cifs_home:
confset1(smb4_shares, "[homes]", space=0)
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
confset2(smb4_shares, "valid users = %s", valid_users)
if share.cifs_path:
cifs_homedir_path = (u"%s/%s" %
(share.cifs_path, valid_users_path))
confset2(smb4_shares, "path = %s",
cifs_homedir_path.encode('utf8'))
if share.cifs_comment:
confset2(smb4_shares,
"comment = %s", share.cifs_comment.encode('utf8'))
else:
confset1(smb4_shares, "comment = Home Directories")
else:
confset2(smb4_shares, "[%s]",
share.cifs_name.encode('utf8'), space=0)
confset2(smb4_shares, "path = %s", share.cifs_path.encode('utf8'))
confset2(smb4_shares, "comment = %s",
share.cifs_comment.encode('utf8'))
confset1(smb4_shares, "printable = no")
confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/")
confset2(smb4_shares, "writeable = %s",
"no" if share.cifs_ro else "yes")
confset2(smb4_shares, "browseable = %s",
"yes" if share.cifs_browsable else "no")
task = None
if share.cifs_storage_task:
task = share.cifs_storage_task
vfs_objects = []
if task:
vfs_objects.append('shadow_copy2')
extend_vfs_objects_for_zfs(share.cifs_path, vfs_objects)
vfs_objects.extend(share.cifs_vfsobjects)
if share.cifs_recyclebin:
vfs_objects.append('recycle')
confset1(smb4_shares, "recycle:repository = .recycle/%U")
confset1(smb4_shares, "recycle:keeptree = yes")
confset1(smb4_shares, "recycle:versions = yes")
confset1(smb4_shares, "recycle:touch = yes")
confset1(smb4_shares, "recycle:directory_mode = 0777")
confset1(smb4_shares, "recycle:subdir_mode = 0700")
if task:
confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot")
confset1(smb4_shares, "shadow:sort = desc")
confset1(smb4_shares, "shadow:localtime = yes")
confset1(smb4_shares,
"shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" %
(task.task_ret_count, task.task_ret_unit[0]))
confset1(smb4_shares, "shadow:snapdirseverywhere = yes")
config_share_for_vfs_objects(smb4_shares, vfs_objects)
confset2(smb4_shares, "hide dot files = %s",
"no" if share.cifs_showhiddenfiles else "yes")
confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow)
confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny)
confset2(smb4_shares, "guest ok = %s",
"yes" if share.cifs_guestok else "no")
confset2(smb4_shares, "guest only = %s",
"yes" if share.cifs_guestonly else False)
config_share_for_nfs4(smb4_shares)
config_share_for_zfs(smb4_shares)
for line in share.cifs_auxsmbconf.split('\n'):
line = line.strip()
if not line:
continue
line = line.encode('utf-8')
confset1(smb4_shares, line)
def generate_smb4_shares(smb4_shares):
try:
shares = CIFS_Share.objects.all()
except:
return
if len(shares) == 0:
return
p = pipeopen("zfs list -H -o mountpoint,name")
zfsout = p.communicate()[0].split('\n')
if p.returncode != 0:
zfsout = []
for share in shares:
if not os.path.isdir(share.cifs_path.encode('utf8')) and not share.cifs_home:
continue
task = False
for line in zfsout:
try:
zfs_mp, zfs_ds = line.split()
if share.cifs_path == zfs_mp or share.cifs_path.startswith("%s/" % zfs_mp):
if share.cifs_path == zfs_mp:
task = Task.objects.filter(task_filesystem = zfs_ds)[0]
else:
task = Task.objects.filter(Q(task_filesystem = zfs_ds) & Q(task_recursive=True))[0]
break
except:
pass
confset1(smb4_shares, "\n")
if share.cifs_home:
confset1(smb4_shares, "[homes]", space=0)
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
confset2(smb4_shares, "valid users = %s", valid_users)
if share.cifs_path:
cifs_homedir_path = u"%s/%s" % (share.cifs_path, valid_users_path)
confset2(smb4_shares, "path = %s", cifs_homedir_path.encode('utf8'))
if share.cifs_comment:
confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8'))
else:
confset1(smb4_shares, "comment = Home Directories")
else:
confset2(smb4_shares, "[%s]", share.cifs_name.encode('utf8'), space=0)
confset2(smb4_shares, "path = %s", share.cifs_path.encode('utf8'))
confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8'))
confset1(smb4_shares, "printable = no")
confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/")
confset2(smb4_shares, "writeable = %s",
"no" if share.cifs_ro else "yes")
confset2(smb4_shares, "browseable = %s",
"yes" if share.cifs_browsable else "no")
vfs_objects = []
if share.cifs_recyclebin:
vfs_objects.append('recycle')
if task:
vfs_objects.append('shadow_copy2')
if is_within_zfs(share.cifs_path):
vfs_objects.append('zfsacl')
vfs_objects.extend(share.cifs_vfsobjects)
confset1(smb4_shares, "recycle:repository = .recycle/%U")
confset1(smb4_shares, "recycle:keeptree = yes")
confset1(smb4_shares, "recycle:versions = yes")
confset1(smb4_shares, "recycle:touch = yes")
confset1(smb4_shares, "recycle:directory_mode = 0777")
confset1(smb4_shares, "recycle:subdir_mode = 0700")
if task:
confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot")
confset1(smb4_shares, "shadow:sort = desc")
confset1(smb4_shares, "shadow:localtime = yes")
confset1(smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" % (
task.task_ret_count, task.task_ret_unit[0]))
if vfs_objects:
confset2(smb4_shares, "vfs objects = %s", ' '.join(vfs_objects).encode('utf8'))
confset2(smb4_shares, "hide dot files = %s",
"no" if share.cifs_showhiddenfiles else "yes")
confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow)
confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny)
confset2(smb4_shares, "guest ok = %s", "yes" if share.cifs_guestok else "no")
confset2(smb4_shares, "guest only = %s",
"yes" if share.cifs_guestonly else False)
confset1(smb4_shares, "nfs4:mode = special")
confset1(smb4_shares, "nfs4:acedup = merge")
confset1(smb4_shares, "nfs4:chown = true")
confset1(smb4_shares, "zfsacl:acesort = dontcare")
for line in share.cifs_auxsmbconf.split('\n'):
confset1(smb4_shares, line)
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d",
long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
confset1(smb4_conf, "syslog = 1")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s",
cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf,
"panic action = /usr/local/libexec/samba/samba-backtrace")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
if cifs.cifs_srv_localmaster and not nt4_enabled() \
and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else False)
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
configure_idmap_backend(smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s",
cifs.cifs_srv_netbiosname.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
confset1(smb4_conf, "private dir = /var/etc/private")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
for line in cifs.cifs_srv_smb_options.split('\n'):
confset1(smb4_conf, line)
if cifs.cifs_srv_homedir_enable:
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
if cifs.cifs_srv_homedir:
cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir,
valid_users_path)
else:
cifs_homedir_path = False
confset1(smb4_conf, "\n")
confset1(smb4_conf, "[homes]", space=0)
confset1(smb4_conf, "comment = Home Directories")
confset2(smb4_conf, "valid users = %s", valid_users)
confset1(smb4_conf, "writable = yes")
confset2(smb4_conf, "browseable = %s",
"yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
if cifs_homedir_path:
confset2(smb4_conf, "path = %s", cifs_homedir_path)
for line in cifs.cifs_srv_homedir_aux.split('\n'):
confset1(smb4_conf, line)
def Enabled(self):
return activedirectory_enabled()
def Enabled(self):
return activedirectory_enabled()
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
confset1(smb4_conf, "syslog = 1")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset1(smb4_conf, "obey pam restrictions = Yes")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset2(smb4_conf, "ea support = %s",
"yes" if cifs.cifs_srv_easupport else False)
confset2(smb4_conf, "store dos attributes = %s",
"yes" if cifs.cifs_srv_dosattr else False)
if cifs.cifs_srv_dosattr:
confset1(smb4_conf, "map archive = no")
confset1(smb4_conf, "map readonly = no")
confset1(smb4_conf, "map hidden = no")
confset1(smb4_conf, "map system = no")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
if cifs.cifs_srv_localmaster and not nt4_enabled() \
and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else False)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
confset1(smb4_conf, "private dir = /var/etc/private")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
for line in cifs.cifs_srv_smb_options.split('\n'):
confset1(smb4_conf, line)
if cifs.cifs_srv_homedir_enable:
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
if cifs.cifs_srv_homedir:
cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path)
else:
cifs_homedir_path = False
confset1(smb4_conf, "\n")
confset1(smb4_conf, "[homes]", space=0)
confset1(smb4_conf, "comment = Home Directories")
confset2(smb4_conf, "valid users = %s", valid_users)
confset1(smb4_conf, "writable = yes")
confset2(smb4_conf, "browseable = %s",
"yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
if cifs_homedir_path:
confset2(smb4_conf, "path = %s", cifs_homedir_path)
for line in cifs.cifs_srv_homedir_aux.split('\n'):
confset1(smb4_conf, line)
