def generate_smb4_conf(client, smb4_conf, role): cifs = Struct(client.call('cifs.config')) if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, ' ') if role != 'dc': bindips = "127.0.0.1 %s" % bindips bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = client.call('notifier.get_interface', bindip) if iface and client.call('notifier.is_carp_interface', iface): parent_iface = client.call('notifier.get_parent_interface', iface) if not parent_iface: continue parent_iinfo = client.call('notifier.get_interface_info', parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: loglevel = cifs.cifs_srv_loglevel else: loglevel = "0" if cifs.cifs_srv_syslog: confset1(smb4_conf, "logging = syslog:%s" % loglevel) else: confset1(smb4_conf, "logging = file") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(client): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if (not client.call('notifier.common', 'system', 'nt4_enabled') and not client.call('notifier.common', 'system', 'activedirectory_enabled')): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") # 5 = DS_TYPE_CIFS idmap = Struct( client.call('notifier.ds_get_idmap_object', 5, cifs.id, 'tdb')) configure_idmap_backend(client, smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(client, smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if client.call('notifier.common', 'system', 'nt4_enabled'): add_nt4_conf(client, smb4_conf) elif smb4_ldap_enabled(client): add_ldap_conf(client, smb4_conf) elif client.call('notifier.common', 'system', 'activedirectory_enabled'): add_activedirectory_conf(client, smb4_conf) confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode('utf-8') smb_options = smb_options.strip() for line in smb_options.split('\n'): line = line.strip() if not line: continue confset1(smb4_conf, line)
def generate_smb4_conf(client, smb4_conf, role): cifs = Struct(client.call('cifs.config')) if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, ' ') if role != 'dc': bindips = "127.0.0.1 %s" % bindips bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = client.call('notifier.get_interface', bindip) if iface and client.call('notifier.is_carp_interface', iface): parent_iface = client.call('notifier.get_parent_interface', iface) if not parent_iface: continue parent_iinfo = client.call('notifier.get_interface_info', parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: loglevel = cifs.cifs_srv_loglevel else: loglevel = "0" if cifs.cifs_srv_syslog: confset1(smb4_conf, "logging = syslog:%s" % loglevel) else: confset1(smb4_conf, "logging = file") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(client): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if (not client.call('notifier.common', 'system', 'nt4_enabled') and not client.call('notifier.common', 'system', 'activedirectory_enabled')): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") # 5 = DS_TYPE_CIFS idmap = Struct(client.call('notifier.ds_get_idmap_object', 5, cifs.id, 'tdb')) configure_idmap_backend(client, smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(client, smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if client.call('notifier.common', 'system', 'nt4_enabled'): add_nt4_conf(client, smb4_conf) elif smb4_ldap_enabled(client): add_ldap_conf(client, smb4_conf) elif client.call('notifier.common', 'system', 'activedirectory_enabled'): add_activedirectory_conf(client, smb4_conf) confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode('utf-8') smb_options = smb_options.strip() for line in smb_options.split('\n'): line = line.strip() if not line: continue confset1(smb4_conf, line)