Esempio n. 1
0
def main():
    sssd_conf = None

    if ldap_enabled() and ldap_anonymous_bind():
        sys.exit(1)

    sssd_setup()
    if os.path.exists(SSSD_CONFIGFILE):
        sssd_conf = SSSD_CONFIGFILE

    cookie = get_directoryservice_cookie()
    if not cookie:
        sys.exit(1)

    def nullfunc():
        pass
    sc = SSSDConf(path=sssd_conf, parse=nullfunc, cookie=cookie)

    sc.add_sssd_section()
    sc.add_nss_section()
    sc.add_pam_section()

    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        add_activedirectory_section(sc)
    if ldap_enabled():
        add_ldap_section(sc)

    sc.save(SSSD_CONFIGFILE)
def main():
    nsswitch_conf = {
        'group': ['files'],
        'hosts': ['files', 'mdns', 'dns'],
        'networks': ['files'],
        'passwd': ['files'],
        'shells': ['files'],
        'services': ['files'],
        'protocols': ['files'],
        'rpc': ['files'],
        'sudoers': ['files']
    }

    verb = "start"
    if len(sys.argv) > 1:
        verb = sys.argv[1].lower()

    if verb == 'start':
        if activedirectory_enabled() and \
            activedirectory_has_unix_extensions() and  \
            activedirectory_has_keytab():
            nsswitch_conf['passwd'].append('sss')
            nsswitch_conf['group'].append('sss')
        elif activedirectory_enabled() or \
            domaincontroller_enabled() or nt4_enabled():
            nsswitch_conf['passwd'].append('winbind')
            nsswitch_conf['group'].append('winbind')

        #if nt4_enabled():
        #    nsswitch_conf['hosts'].append('wins')

        if ldap_enabled() and ldap_anonymous_bind():
            nsswitch_conf['passwd'].append('ldap')
            nsswitch_conf['group'].append('ldap')
        elif ldap_enabled():
            nsswitch_conf['passwd'].append('sss')
            nsswitch_conf['group'].append('sss')
            if ldap_sudo_configured():
                nsswitch_conf['sudoers'].append('sss')

        if nis_enabled():
            nsswitch_conf['passwd'].append('nis')
            nsswitch_conf['group'].append('nis')
            nsswitch_conf['hosts'].append('nis')

    try:
        fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
        for key in nsswitch_conf:
            line = "%s: %s\n" % (
                key.strip(),
                string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
            )
            os.write(fd, line)
        os.close(fd)

    except Exception as e:
        print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
        sys.exit(1)
Esempio n. 3
0
def main():
    sssd_conf = None

    sssd_setup()
    if os.path.exists(SSSD_CONFIGFILE):
        sssd_conf = SSSD_CONFIGFILE

    def nullfunc(): pass
    sc = SSSDConf(path=sssd_conf, parse=nullfunc)
    if not sc['sssd']:
        sc['sssd'] = SSSDSectionSSSD()
        sc['sssd'].config_file_version = 2
    sc['sssd'].full_name_format = r"%2$s\%1$s"
    sc['sssd'].re_expression = r"(((?P<domain>[^\\]+)\\(?P<name>.+$))" \
        r"|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))"

    if not sc['nss']:
        sc['nss'] = SSSDSectionNSS()
    sc['sssd'].add_service('nss')

    if not sc['pam']:
        sc['pam'] = SSSDSectionPAM()
    sc['sssd'].add_service('pam')
    
    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        add_activedirectory(sc)
    if ldap_enabled():
        add_ldap(sc)

    sc.save(SSSD_CONFIGFILE)
Esempio n. 4
0
def smb4_ldap_enabled():
    ret = False

    if ldap_enabled() and ldap_has_samba_schema():
        ret = True

    return ret
Esempio n. 5
0
def main():
    sssd_conf = None

    sssd_setup()
    if os.path.exists(SSSD_CONFIGFILE):
        sssd_conf = SSSD_CONFIGFILE

    def nullfunc(): pass
    sc = SSSDConf(path=sssd_conf, parse=nullfunc)
    if not sc['sssd']:
        sc['sssd'] = SSSDSectionSSSD()
        sc['sssd'].config_file_version = 2

    if not sc['nss']:
        sc['nss'] = SSSDSectionNSS()
    sc['sssd'].add_service('nss')

    if not sc['pam']:
        sc['pam'] = SSSDSectionPAM()
    sc['sssd'].add_service('pam')
    
    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        add_activedirectory(sc)
    if ldap_enabled():
        add_ldap(sc)

    sc.save(SSSD_CONFIGFILE)
Esempio n. 6
0
def get_directoryservice_cookie():
    if activedirectory_enabled():
        return get_activedirectory_cookie()
    if ldap_enabled():
        return get_ldap_cookie()

    return None
Esempio n. 7
0
def main():
    ldap_conf = "/usr/local/etc/openldap/ldap.conf"

    if ldap_enabled():
        ldap_conf_ldap(ldap_conf)
    elif activedirectory_enabled():
        ldap_conf_activedirectory(ldap_conf)
Esempio n. 8
0
def get_ldap_cookie():
    cookie = ''

    if ldap_enabled():
        ldap = LDAP.objects.all()[0]
        cookie = ldap.ldap_hostname.upper()
        parts = cookie.split('.')
        cookie = parts[0]

    return cookie
Esempio n. 9
0
def cache_rawdump(**kwargs):
    if activedirectory_enabled():
        _cache_rawdump_ActiveDirectory(**kwargs)

    elif nt4_enabled():
        _cache_rawdump_NT4(**kwargs)

    elif ldap_enabled():
        _cache_rawdump_default(**kwargs)

    else:
        _cache_rawdump_default(**kwargs)
Esempio n. 10
0
def cache_check(**kwargs):
    if activedirectory_enabled():
        _cache_check_ActiveDirectory(**kwargs)

    elif nis_enabled():
        _cache_check_NIS(**kwargs)

    elif ldap_enabled():
        _cache_check_default(**kwargs)

    else:
        _cache_check_default(**kwargs)
Esempio n. 11
0
def cache_count(**kwargs):
    if activedirectory_enabled():
        _cache_count_ActiveDirectory(**kwargs)

    elif nt4_enabled():
        _cache_count_NT4(**kwargs)

    elif ldap_enabled():
        _cache_count_default(**kwargs)

    else:
        _cache_count_default(**kwargs)
Esempio n. 12
0
def cache_rawdump(**kwargs):
    if activedirectory_enabled():
        _cache_rawdump_ActiveDirectory(**kwargs)

    elif nt4_enabled():
        _cache_rawdump_NT4(**kwargs)

    elif ldap_enabled():
        _cache_rawdump_default(**kwargs)

    else:
        _cache_rawdump_default(**kwargs)
Esempio n. 13
0
def cache_keys(**kwargs):
    if activedirectory_enabled():
        _cache_keys_ActiveDirectory(**kwargs)

    elif nt4_enabled():
        _cache_keys_NT4(**kwargs)

    elif ldap_enabled():
        _cache_keys_default(**kwargs)

    else:
        _cache_keys_default(**kwargs)
Esempio n. 14
0
def _get_dflags():
    dflags = 0

    if activedirectory_enabled():
        dflags |= U_AD_ENABLED
    elif nt4_enabled():
        dflags |= U_NT4_ENABLED
    elif nis_enabled():
        dflags |= U_NIS_ENABLED
    elif ldap_enabled():
        dflags |= U_LDAP_ENABLED

    return dflags
Esempio n. 15
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_GroupCache.__new__: enter")

        obj = None
        if ldap_enabled() or activedirectory_enabled() or \
            nt4_enabled() or nis_enabled() or domaincontroller_enabled():
            obj = FreeNAS_Directory_LocalGroupCache(**kwargs)

        else:
            obj = FreeNAS_BaseCache(**kwargs)

        log.debug("FreeNAS_GroupCache.__new__: leave")
        return obj
Esempio n. 16
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_GroupCache.__new__: enter")

        obj = None
        if ldap_enabled() or activedirectory_enabled() or \
            nt4_enabled() or nis_enabled():
            obj = FreeNAS_Directory_LocalGroupCache(**kwargs)

        else:
            obj = FreeNAS_BaseCache(**kwargs)

        log.debug("FreeNAS_GroupCache.__new__: leave")
        return obj
Esempio n. 17
0
def get_server_role():
    role = "standalone"
    if nt4_enabled() or activedirectory_enabled() or ldap_enabled():
        role = "member"

    if domaincontroller_enabled():
        try:
            dc = DomainController.objects.all()[0]
            role = dc.dc_role
        except:
            pass

    return role
Esempio n. 18
0
def _get_dflags():
    dflags = 0

    if activedirectory_enabled():
        dflags |= U_AD_ENABLED
    elif nis_enabled():
        dflags |= U_NIS_ENABLED
    elif ldap_enabled():
        dflags |= U_LDAP_ENABLED
    elif domaincontroller_enabled():
        dflags |= U_DC_ENABLED

    return dflags
Esempio n. 19
0
def _get_dflags():
    dflags = 0

    if activedirectory_enabled():
        dflags |= U_AD_ENABLED
    elif nt4_enabled():
        dflags |= U_NT4_ENABLED
    elif nis_enabled():
        dflags |= U_NIS_ENABLED
    elif ldap_enabled():
        dflags |= U_LDAP_ENABLED

    return dflags
Esempio n. 20
0
def _get_dflags():
    dflags = 0

    if activedirectory_enabled():
        dflags |= U_AD_ENABLED
    elif nis_enabled():
        dflags |= U_NIS_ENABLED
    elif ldap_enabled():
        dflags |= U_LDAP_ENABLED
    elif domaincontroller_enabled():
        dflags |= U_DC_ENABLED

    return dflags
Esempio n. 21
0
def get_server_role():
    role = "standalone"
    if nt4_enabled() or activedirectory_enabled() or ldap_enabled():
        role = "member"

    if domaincontroller_enabled():
        try:
            dc = DomainController.objects.all()[0]
            role = dc.dc_role
        except:
            pass

    return role
Esempio n. 22
0
    def __init__(self, *args, **kwargs):
        super(CIFSForm, self).__init__(*args, **kwargs)
        if self.data and self.data.get('cifs_srv_bindip'):
            if ',' in self.data['cifs_srv_bindip']:
                self.data = self.data.copy()
                self.data.setlist('cifs_srv_bindip',
                                  self.data['cifs_srv_bindip'].split(','))

        self.fields['cifs_srv_bindip'].choices = list(
            choices.IPChoices(noloopback=False))
        self.fields[
            'cifs_srv_unixcharset'].choices = choices.UNIXCHARSET_CHOICES()

        if self.instance.id and self.instance.cifs_srv_bindip:
            bindips = []
            for ip in self.instance.cifs_srv_bindip:
                bindips.append(ip)

            self.fields['cifs_srv_bindip'].initial = (bindips)
        else:
            self.fields['cifs_srv_bindip'].initial = ('')

        if activedirectory_enabled():
            self.initial['cifs_srv_localmaster'] = False
            self.fields['cifs_srv_localmaster'].widget.attrs[
                'disabled'] = 'disabled'
            self.initial['cifs_srv_timeserver'] = False
            self.fields['cifs_srv_timeserver'].widget.attrs[
                'disabled'] = 'disabled'
            self.initial['cifs_srv_domain_logons'] = False
            self.fields['cifs_srv_domain_logons'].widget.attrs[
                'disabled'] = 'disabled'

        elif ldap_enabled():
            self.initial['cifs_srv_domain_logons'] = True
            self.fields['cifs_srv_domain_logons'].widget.attrs[
                'readonly'] = True

        _n = notifier()
        if not _n.is_freenas():
            if not _n.failover_licensed():
                del self.fields['cifs_srv_netbiosname_b']
            else:
                from freenasUI.failover.utils import node_label_field
                node_label_field(
                    _n.failover_node(),
                    self.fields['cifs_srv_netbiosname'],
                    self.fields['cifs_srv_netbiosname_b'],
                )
        else:
            del self.fields['cifs_srv_netbiosname_b']
Esempio n. 23
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_UserCache.__new__: enter")

        obj = None
        if (
            ldap_enabled() or activedirectory_enabled() or nis_enabled() or domaincontroller_enabled()
        ):
            obj = FreeNAS_Directory_LocalUserCache(**kwargs)

        else:
            obj = FreeNAS_BaseCache(**kwargs)

        log.debug("FreeNAS_UserCache.__new__: leave")
        return obj
Esempio n. 24
0
def cache_count(**kwargs):
    if activedirectory_enabled():
        _cache_count_ActiveDirectory(**kwargs)

    elif nis_enabled():
        _cache_count_NIS(**kwargs)

    elif nt4_enabled():
        _cache_count_NT4(**kwargs)

    elif ldap_enabled():
        _cache_count_default(**kwargs)

    else:
        _cache_count_default(**kwargs)
Esempio n. 25
0
def cache_keys(**kwargs):
    if activedirectory_enabled():
        _cache_keys_ActiveDirectory(**kwargs)

    elif nis_enabled():
        _cache_keys_NIS(**kwargs)

    elif nt4_enabled():
        _cache_keys_NT4(**kwargs)

    elif ldap_enabled():
        _cache_keys_default(**kwargs)

    else:
        _cache_keys_default(**kwargs)
Esempio n. 26
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_LocalGroupCache(**kwargs)

        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
        return obj
Esempio n. 27
0
    def __init__(self, *args, **kwargs):
        super(CIFSForm, self).__init__(*args, **kwargs)
        if self.data and self.data.get('cifs_srv_bindip'):
            if ',' in self.data['cifs_srv_bindip']:
                self.data = self.data.copy()
                self.data.setlist(
                    'cifs_srv_bindip',
                    self.data['cifs_srv_bindip'].split(',')
                )

        self.fields['cifs_srv_bindip'].choices = list(choices.IPChoices(noloopback=False))
        self.fields['cifs_srv_unixcharset'].choices = choices.UNIXCHARSET_CHOICES()

        if self.instance.id and self.instance.cifs_srv_bindip:
            bindips = []
            for ip in self.instance.cifs_srv_bindip:
                bindips.append(ip)

            self.fields['cifs_srv_bindip'].initial = (bindips)
        else:
            self.fields['cifs_srv_bindip'].initial = ('')

        if activedirectory_enabled():
            self.initial['cifs_srv_localmaster'] = False
            self.fields['cifs_srv_localmaster'].widget.attrs['disabled'] = 'disabled'
            self.initial['cifs_srv_timeserver'] = False
            self.fields['cifs_srv_timeserver'].widget.attrs['disabled'] = 'disabled'
            self.initial['cifs_srv_domain_logons'] = False
            self.fields['cifs_srv_domain_logons'].widget.attrs['disabled'] = 'disabled'

        elif ldap_enabled():
            self.initial['cifs_srv_domain_logons'] = True
            self.fields['cifs_srv_domain_logons'].widget.attrs['readonly'] = True

        _n = notifier()
        if not _n.is_freenas():
            if not _n.failover_licensed():
                del self.fields['cifs_srv_netbiosname_b']
            else:
                from freenasUI.failover.utils import node_label_field
                node_label_field(
                    _n.failover_node(),
                    self.fields['cifs_srv_netbiosname'],
                    self.fields['cifs_srv_netbiosname_b'],
                )
        else:
            del self.fields['cifs_srv_netbiosname_b']
Esempio n. 28
0
def main():
    smb_conf_path = "/usr/local/etc/smb4.conf"

    smb4_tdb = []
    smb4_conf = []
    smb4_shares = []

    smb4_setup()

    old_samba4_datasets = get_old_samba4_datasets()
    if migration_available(old_samba4_datasets):
        do_migration(old_samba4_datasets)

    role = get_server_role()

    generate_smb4_tdb(smb4_tdb)
    generate_smb4_conf(smb4_conf, role)
    generate_smb4_shares(smb4_shares)

    if role == 'dc' and not Samba4().domain_provisioned():
        provision_smb4()

    with open(smb_conf_path, "w") as f:
        for line in smb4_conf:
            f.write(line + '\n')
        for line in smb4_shares:
            f.write(line + '\n')
        f.close()

    if role == 'member' and ldap_enabled():
        set_ldap_password()

    (fd, tmpfile) = tempfile.mkstemp(dir="/tmp")
    for line in smb4_tdb:
        os.write(fd, line + '\n')
    os.close(fd)

    if role == 'dc':
        import_users(smb_conf_path, tmpfile)
        smb4_import_groups()  

    else:
        import_users(smb_conf_path, tmpfile,
            "tdbsam:/var/etc/private/passdb.tdb")
        smb4_map_groups()

    os.unlink(tmpfile)
Esempio n. 29
0
def main():
    smb_conf_path = "/usr/local/etc/smb4.conf"

    smb4_tdb = []
    smb4_conf = []
    smb4_shares = []

    smb4_setup()

    old_samba4_datasets = get_old_samba4_datasets()
    if migration_available(old_samba4_datasets):
        do_migration(old_samba4_datasets)

    role = get_server_role()

    generate_smb4_tdb(smb4_tdb)
    generate_smb4_conf(smb4_conf, role)
    generate_smb4_shares(smb4_shares)

    if role == 'dc' and not Samba4().domain_provisioned():
        provision_smb4()

    with open(smb_conf_path, "w") as f:
        for line in smb4_conf:
            f.write(line + '\n')
        for line in smb4_shares:
            f.write(line + '\n')
        f.close()

    if role == 'member' and ldap_enabled():
        set_ldap_password()

    (fd, tmpfile) = tempfile.mkstemp(dir="/tmp")
    for line in smb4_tdb:
        os.write(fd, line + '\n')
    os.close(fd)

    if role == 'dc':
        import_users(smb_conf_path, tmpfile)
        smb4_import_groups()

    else:
        import_users(smb_conf_path, tmpfile,
                     "tdbsam:/var/etc/private/passdb.tdb")
        smb4_map_groups()

    os.unlink(tmpfile)
Esempio n. 30
0
def main():
    nsswitch_conf = {
        'group': ['files'],
        'hosts': ['files', 'dns'],
        'networks': ['files'],
        'passwd': ['files'],
        'shells': ['files'],
        'services': ['files'],
        'protocols': ['files'],
        'rpc': ['files']
    }

    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        nsswitch_conf['passwd'].append('sss')
        nsswitch_conf['group'].append('sss')
    elif activedirectory_enabled() or \
        domaincontroller_enabled() or nt4_enabled():
        nsswitch_conf['passwd'].append('winbind')
        nsswitch_conf['group'].append('winbind')

    if nt4_enabled():
        nsswitch_conf['hosts'].append('wins')

    if ldap_enabled():
        nsswitch_conf['passwd'].append('sss')
        nsswitch_conf['group'].append('sss')

    if nis_enabled():
        nsswitch_conf['passwd'].append('nis')
        nsswitch_conf['group'].append('nis')
        nsswitch_conf['hosts'].append('nis')

    try:
        fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
        for key in nsswitch_conf:
            line = "%s: %s\n" % (
                key.strip(),
                string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
            )
            os.write(fd, line)
        os.close(fd)

    except Exception as e:
        print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
        sys.exit(1)
Esempio n. 31
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)

        elif nt4_enabled():
            obj = FreeNAS_NT4_LocalGroupCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_LocalGroupCache(**kwargs)

        log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
        return obj
Esempio n. 32
0
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_LocalUserCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_LocalUserCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_LocalUserCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_LocalUserCache(**kwargs)

        elif domaincontroller_enabled():
            obj = FreeNAS_DomainController_LocalUserCache(**kwargs)

        log.debug("FreeNAS_Directory_LocalUserCache.__new__: leave")
        return obj
    def __new__(cls, **kwargs):
        log.debug("FreeNAS_Directory_UserCache.__new__: enter")

        obj = None
        if ldap_enabled():
            obj = FreeNAS_LDAP_UserCache(**kwargs)

        elif activedirectory_enabled():
            obj = FreeNAS_ActiveDirectory_UserCache(**kwargs)

        elif nis_enabled():
            obj = FreeNAS_NIS_UserCache(**kwargs)

        elif domaincontroller_enabled():
            obj = FreeNAS_DomainController_UserCache(**kwargs)

        log.debug("FreeNAS_Directory_UserCache.__new__: leave")
        return obj
Esempio n. 34
0
def main():
    smb_conf_path = "/usr/local/etc/smb4.conf"

    smb4_tdb = []
    smb4_conf = []
    smb4_shares = []

    smb4_setup()

    old_samba4_datasets = get_old_samba4_datasets()
    if migration_available(old_samba4_datasets):
        do_migration(old_samba4_datasets)

    generate_smb4_tdb(smb4_tdb)
    generate_smb4_conf(smb4_conf)
    generate_smb4_shares(smb4_shares)

    role = get_server_role()
    if role == 'dc' and not Samba4().domain_provisioned():
        provision_smb4()

    with open(smb_conf_path, "w") as f:
        for line in smb4_conf:
            f.write(line + '\n')
        for line in smb4_shares:
            f.write(line + '\n')
        f.close()

    (fd, tmpfile) = tempfile.mkstemp(dir="/tmp")
    for line in smb4_tdb:
        os.write(fd, line + '\n')
    os.close(fd)

    if role == 'member' and ldap_enabled():
        set_ldap_password()

    if role != 'dc':
        p = pipeopen("/usr/local/bin/pdbedit -d 0 -i smbpasswd:%s -e %s -s %s" % (
            tmpfile, "tdbsam:/var/etc/private/passdb.tdb", smb_conf_path))
        out = p.communicate()
        if out and out[1]:
            for line in out[1].split('\n'):
                print line
        os.unlink(tmpfile)
Esempio n. 35
0
def main():
    nsswitch_conf = {
        'group': ['files'],
        'hosts': ['files', 'dns'],
        'networks': ['files'],
        'passwd': ['files'],
        'shells': ['files'],
        'services': ['files'],
        'protocols': ['files'],
        'rpc': ['files']
    }

    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        nsswitch_conf['passwd'].append('sss')
        nsswitch_conf['group'].append('sss')
    elif activedirectory_enabled() or \
        domaincontroller_enabled() or nt4_enabled():
        nsswitch_conf['passwd'].append('winbind')
        nsswitch_conf['group'].append('winbind')

    if ldap_enabled():
        nsswitch_conf['passwd'].append('sss')
        nsswitch_conf['group'].append('sss')

    if nis_enabled():
        nsswitch_conf['passwd'].append('nis')
        nsswitch_conf['group'].append('nis')
        nsswitch_conf['hosts'].append('nis')

    try:
        fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
        for key in nsswitch_conf:
            line = "%s: %s\n" % (
                key.strip(),
                string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
            )
            os.write(fd, line)
        os.close(fd)

    except Exception as e:
        print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
        sys.exit(1)
Esempio n. 36
0
def main():
    sssd_setup()

    sc = SSSDConf(configfile=SSSD_CONFIGFILE)
    if not sc['sssd']:
        sc['sssd'] = SSSDSectionSSSD()

    if not sc['nss']:
        sc['nss'] = SSSDSectionNSS()
    sc['sssd'].add_service('nss')

    if not sc['pam']:
        sc['pam'] = SSSDSectionPAM()
    sc['sssd'].add_service('pam')

    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        add_activedirectory(sc)
    if ldap_enabled():
        add_ldap(sc)

    sc.save(SSSD_CONFIGFILE)
Esempio n. 37
0
def main():
    sssd_setup()

    sc = SSSDConf(configfile=SSSD_CONFIGFILE)
    if not sc['sssd']:
        sc['sssd'] = SSSDSectionSSSD()

    if not sc['nss']:
        sc['nss'] = SSSDSectionNSS()
    sc['sssd'].add_service('nss')

    if not sc['pam']:
        sc['pam'] = SSSDSectionPAM()
    sc['sssd'].add_service('pam')
    
    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        add_activedirectory(sc)
    if ldap_enabled():
        add_ldap(sc)

    sc.save(SSSD_CONFIGFILE)
Esempio n. 38
0
def main():
    sssd_conf = None

    sssd_setup()
    if os.path.exists(SSSD_CONFIGFILE):
        sssd_conf = SSSD_CONFIGFILE

    cookie = get_directoryservice_cookie()
    if not cookie:
        sys.exit(1)

    def nullfunc(): pass
    sc = SSSDConf(path=sssd_conf, parse=nullfunc, cookie=cookie)

    sc.add_sssd_section()
    sc.add_nss_section()
    sc.add_pam_section()

    if activedirectory_enabled() and activedirectory_has_unix_extensions():
        add_activedirectory_section(sc)
    if ldap_enabled():
        add_ldap_section(sc)

    sc.save(SSSD_CONFIGFILE)
Esempio n. 39
0
 def Enabled(self):
     return ldap_enabled()
Esempio n. 40
0
    ])

    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')

    import django
    django.setup()

    from freenasUI.common.system import (
        activedirectory_enabled,
        domaincontroller_enabled,
        ldap_enabled
    )

    if (activedirectory_enabled() or
            domaincontroller_enabled() or
            ldap_enabled()):
        print("A directory service is enabled, aborting without making changes.")
        exit(1)

    print("detected SID: %s\n" % sidval)
    from freenasUI.services.models import CIFS
    cifs = CIFS.objects.all()[0]
    print("database SID: %s\n" % cifs.cifs_SID)
    if cifs.cifs_SID != sidval:
        cifs.cifs_SID = sidval
        print("Saving detected SID to the database")
        cifs.save()
        print("Please either reboot the system or run the following commands as root:")
        print("service samba_server stop")
        print("service ix-pre-samba start")
        print("service samba_server start")
Esempio n. 41
0
            sanity = False

if sanity:
    sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI'])

    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')

    import django
    django.setup()

    from freenasUI.common.system import (activedirectory_enabled,
                                         domaincontroller_enabled,
                                         ldap_enabled)

    if (activedirectory_enabled() or domaincontroller_enabled()
            or ldap_enabled()):
        print(
            "A directory service is enabled, aborting without making changes.")
        exit(1)

    print("detected SID: %s\n" % sidval)
    from freenasUI.services.models import CIFS
    cifs = CIFS.objects.all()[0]
    print("database SID: %s\n" % cifs.cifs_SID)
    if cifs.cifs_SID != sidval:
        cifs.cifs_SID = sidval
        print("Saving detected SID to the database")
        cifs.save()
        print(
            "Please either reboot the system or run the following commands as root:"
        )
Esempio n. 42
0
    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')

    # Make sure to load all modules
    from django.db.models.loading import cache
    cache.get_apps()

    from freenasUI.common.system import (
        activedirectory_enabled,
        domaincontroller_enabled,
        ldap_enabled,
        nt4_enabled
    )

    if (activedirectory_enabled() or
            domaincontroller_enabled() or
            ldap_enabled() or
            nt4_enabled()):
        print "A directory service is enabled, aborting without making changes."
        exit(1)

    print "detected SID: %s\n" % sidval
    from freenasUI.services.models import CIFS
    cifs = CIFS.objects.all()[0]
    print "database SID: %s\n" % cifs.cifs_SID
    if cifs.cifs_SID != sidval:
        cifs.cifs_SID = sidval
        print "Saving detected SID to the database"
        cifs.save()
        print "Please either reboot the system or run the following commands as root:"
        print "service samba_server stop"
        print "service ix-pre-samba start"
Esempio n. 43
0
 def Enabled(self):
     return ldap_enabled()
Esempio n. 44
0
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = 'ftp'
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25)

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "syslog only = yes")
        confset1(smb4_conf, "syslog = 1")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8'))
    confset1(smb4_conf, "map to guest = Bad User")
    confset1(smb4_conf, "obey pam restrictions = Yes")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset2(smb4_conf, "ea support = %s",
        "yes" if cifs.cifs_srv_easupport else False)
    confset2(smb4_conf, "store dos attributes = %s",
        "yes" if cifs.cifs_srv_dosattr else False)
    if cifs.cifs_srv_dosattr:
        confset1(smb4_conf, "map archive = no")
        confset1(smb4_conf, "map readonly = no")
        confset1(smb4_conf, "map hidden = no")
        confset1(smb4_conf, "map system = no")
    confset2(smb4_conf, "hostname lookups = %s",
        "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s",
        "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s",
        "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s",
        "yes" if cifs.cifs_srv_nullpw else False)

    confset2(smb4_conf, "acl allow execute always = %s",
        "true" if cifs.cifs_srv_allow_execute_always else "false")

    if cifs.cifs_srv_localmaster and not nt4_enabled() \
        and not activedirectory_enabled():
        confset2(smb4_conf, "local master = %s",
            "yes" if cifs.cifs_srv_localmaster else False)

    if role == 'auto':
        confset1(smb4_conf, "server role = auto")

    elif role == 'classic':
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == 'netbios':
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == 'dc':
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == 'member':
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

    elif role == 'standalone':
        confset1(smb4_conf, "server role = standalone")
        confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper())
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != 'dc':
        confset1(smb4_conf, "pid directory = /var/run/samba")
        confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
        confset1(smb4_conf, "private dir = /var/etc/private")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    for line in cifs.cifs_srv_smb_options.split('\n'):
        confset1(smb4_conf, line)

    if cifs.cifs_srv_homedir_enable:
        valid_users_path = "%U"
        valid_users = "%U"

        if activedirectory_enabled():
            try:
                ad = ActiveDirectory.objects.all()[0]
                if not ad.ad_use_default_domain:
                    valid_users_path = "%D/%U"
                    valid_users = "%D\%U"
            except:
                pass

        if cifs.cifs_srv_homedir:
            cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path)
        else:
            cifs_homedir_path = False

        confset1(smb4_conf, "\n")
        confset1(smb4_conf, "[homes]", space=0)
        confset1(smb4_conf, "comment = Home Directories")
        confset2(smb4_conf, "valid users = %s", valid_users)
        confset1(smb4_conf, "writable = yes")
        confset2(smb4_conf, "browseable = %s",
            "yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
        if cifs_homedir_path:
            confset2(smb4_conf, "path = %s", cifs_homedir_path)

        for line in cifs.cifs_srv_homedir_aux.split('\n'):
            confset1(smb4_conf, line)
Esempio n. 45
0
def main():
    ldap_conf = "/usr/local/etc/nss_ldap.conf"

    if ldap_enabled():
        ldap_conf_ldap(ldap_conf)
Esempio n. 46
0
            sanity = False

if sanity:
    sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI'])

    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')

    import django
    django.setup()

    from freenasUI.common.system import (activedirectory_enabled,
                                         domaincontroller_enabled,
                                         ldap_enabled, nt4_enabled)

    if (activedirectory_enabled() or domaincontroller_enabled()
            or ldap_enabled() or nt4_enabled()):
        print "A directory service is enabled, aborting without making changes."
        exit(1)

    print "detected SID: %s\n" % sidval
    from freenasUI.services.models import CIFS
    cifs = CIFS.objects.all()[0]
    print "database SID: %s\n" % cifs.cifs_SID
    if cifs.cifs_SID != sidval:
        cifs.cifs_SID = sidval
        print "Saving detected SID to the database"
        cifs.save()
        print "Please either reboot the system or run the following commands as root:"
        print "service samba_server stop"
        print "service ix-pre-samba start"
        print "service samba_server start"
Esempio n. 47
0
def generate_smb4_conf(smb4_conf, role):
    try:
        cifs = CIFS.objects.all()[0]
    except:
        return

    if not cifs.cifs_srv_guest:
        cifs.cifs_srv_guest = 'ftp'
    if not cifs.cifs_srv_filemask:
        cifs.cifs_srv_filemask = "0666"
    if not cifs.cifs_srv_dirmask:
        cifs.cifs_srv_dirmask = "0777"

    # standard stuff... should probably do this differently
    confset1(smb4_conf, "[global]", space=0)

    confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
    confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)

    confset1(smb4_conf, "encrypt passwords = yes")
    confset1(smb4_conf, "dns proxy = no")
    confset1(smb4_conf, "strict locking = no")
    confset1(smb4_conf, "oplocks = yes")
    confset1(smb4_conf, "deadtime = 15")
    confset1(smb4_conf, "max log size = 51200")

    confset2(smb4_conf, "max open files = %d",
             long(get_sysctl('kern.maxfilesperproc')) - 25)

    if cifs.cifs_srv_syslog:
        confset1(smb4_conf, "syslog only = yes")
        confset1(smb4_conf, "syslog = 1")

    confset1(smb4_conf, "load printers = no")
    confset1(smb4_conf, "printing = bsd")
    confset1(smb4_conf, "printcap name = /dev/null")
    confset1(smb4_conf, "disable spoolss = yes")
    confset1(smb4_conf, "getwd cache = yes")
    confset2(smb4_conf, "guest account = %s",
             cifs.cifs_srv_guest.encode('utf8'))
    confset1(smb4_conf, "map to guest = Bad User")
    confset2(smb4_conf, "obey pam restrictions = %s",
             "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
    confset1(smb4_conf, "directory name cache size = 0")
    confset1(smb4_conf, "kernel change notify = no")

    confset1(smb4_conf,
             "panic action = /usr/local/libexec/samba/samba-backtrace")

    confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
    confset1(smb4_conf, "ea support = yes")
    confset1(smb4_conf, "store dos attributes = yes")
    confset2(smb4_conf, "hostname lookups = %s",
             "yes" if cifs.cifs_srv_hostlookup else False)
    confset2(smb4_conf, "unix extensions = %s",
             "no" if not cifs.cifs_srv_unixext else False)
    confset2(smb4_conf, "time server = %s",
             "yes" if cifs.cifs_srv_timeserver else False)
    confset2(smb4_conf, "null passwords = %s",
             "yes" if cifs.cifs_srv_nullpw else False)
    confset2(smb4_conf, "domain logons = %s",
             "yes" if cifs.cifs_srv_domain_logons else "no")

    confset2(smb4_conf, "acl allow execute always = %s",
             "true" if cifs.cifs_srv_allow_execute_always else "false")

    if cifs.cifs_srv_localmaster and not nt4_enabled() \
        and not activedirectory_enabled():
        confset2(smb4_conf, "local master = %s",
                 "yes" if cifs.cifs_srv_localmaster else False)

    idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
    configure_idmap_backend(smb4_conf, idmap, None)

    if role == 'auto':
        confset1(smb4_conf, "server role = auto")

    elif role == 'classic':
        confset1(smb4_conf, "server role = classic primary domain controller")

    elif role == 'netbios':
        confset1(smb4_conf, "server role = netbios backup domain controller")

    elif role == 'dc':
        confset1(smb4_conf, "server role = active directory domain controller")
        add_domaincontroller_conf(smb4_conf)

    elif role == 'member':
        confset1(smb4_conf, "server role = member server")

        if nt4_enabled():
            add_nt4_conf(smb4_conf)

        elif ldap_enabled():
            add_ldap_conf(smb4_conf)

        elif activedirectory_enabled():
            add_activedirectory_conf(smb4_conf)

    elif role == 'standalone':
        confset1(smb4_conf, "server role = standalone")
        confset2(smb4_conf, "netbios name = %s",
                 cifs.cifs_srv_netbiosname.upper())
        confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
        confset1(smb4_conf, "security = user")

    if role != 'dc':
        confset1(smb4_conf, "pid directory = /var/run/samba")
        confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
        confset1(smb4_conf, "private dir = /var/etc/private")

    confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
    confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
    confset1(smb4_conf, "client ntlmv2 auth = yes")
    confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
    confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)

    if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
        confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)

    for line in cifs.cifs_srv_smb_options.split('\n'):
        confset1(smb4_conf, line)

    if cifs.cifs_srv_homedir_enable:
        valid_users_path = "%U"
        valid_users = "%U"

        if activedirectory_enabled():
            try:
                ad = ActiveDirectory.objects.all()[0]
                if not ad.ad_use_default_domain:
                    valid_users_path = "%D/%U"
                    valid_users = "%D\%U"
            except:
                pass

        if cifs.cifs_srv_homedir:
            cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir,
                                           valid_users_path)
        else:
            cifs_homedir_path = False

        confset1(smb4_conf, "\n")
        confset1(smb4_conf, "[homes]", space=0)
        confset1(smb4_conf, "comment = Home Directories")
        confset2(smb4_conf, "valid users = %s", valid_users)
        confset1(smb4_conf, "writable = yes")
        confset2(smb4_conf, "browseable = %s",
                 "yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
        if cifs_homedir_path:
            confset2(smb4_conf, "path = %s", cifs_homedir_path)

        for line in cifs.cifs_srv_homedir_aux.split('\n'):
            confset1(smb4_conf, line)