Initial AD DC Support

examples/addc.json

@@ -0,0 +1,127 @@
+{
+  "samba-container-config": "v0",
+  "configs": {
+    "demo": {
+      "instance_features": ["addc"],
+      "domain_settings": "sink",
+      "instance_name": "dc1"
+    }
+  },
+  "domain_settings": {
+    "sink": {
+      "realm": "DOMAIN1.SINK.TEST",
+      "short_domain": "DOMAIN1",
+      "admin_password": "Passw0rd"
+    }
+  },
+  "domain_groups": {
+    "sink": [
+        {"name": "supervisors"},
+        {"name": "employees"},
+        {"name": "characters"},
+        {"name": "bulk"}
+    ]
+  },
+  "domain_users": {
+    "sink": [
+      {
+        "name": "bwayne",
+        "password": "1115Rose.",
+        "given_name": "Bruce",
+        "surname": "Wayne",
+        "member_of": ["supervisors", "characters", "employees"]
+      },
+      {
+        "name": "ckent",
+        "password": "1115Rose.",
+        "given_name": "Clark",
+        "surname": "Kent",
+        "member_of": ["characters", "employees"]
+      },
+      {
+        "name": "bbanner",
+        "password": "1115Rose.",
+        "given_name": "Bruce",
+        "surname": "Banner",
+        "member_of": ["characters", "employees"]
+      },
+      {
+        "name": "pparker",
+        "password": "1115Rose.",
+        "given_name": "Peter",
+        "surname": "Parker",
+        "member_of": ["characters", "employees"]
+      },
+      {
+        "name": "user0",
+        "password": "1115Rose.",
+        "given_name": "George0",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user1",
+        "password": "1115Rose.",
+        "given_name": "George1",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user2",
+        "password": "1115Rose.",
+        "given_name": "George2",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user3",
+        "password": "1115Rose.",
+        "given_name": "George3",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user4",
+        "password": "1115Rose.",
+        "given_name": "George4",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user5",
+        "password": "1115Rose.",
+        "given_name": "George5",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user6",
+        "password": "1115Rose.",
+        "given_name": "George6",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user7",
+        "password": "1115Rose.",
+        "given_name": "George7",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user8",
+        "password": "1115Rose.",
+        "given_name": "George8",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      },
+      {
+        "name": "user9",
+        "password": "1115Rose.",
+        "given_name": "George9",
+        "surname": "Hue-Sir",
+        "member_of": ["bulk"]
+      }
+    ]
+  }
+}

sambacc/addc.py

@@ -0,0 +1,178 @@
+#
+# sambacc: a samba container configuration tool
+# Copyright (C) 2021  John Mulligan
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>
+#
+
+import logging
+import subprocess
+import typing
+
+from sambacc import samba_cmds
+
+_logger = logging.getLogger(__name__)
+
+
+def provision(
+    realm: str,
+    dcname: str,
+    admin_password: str,
+    dns_backend: typing.Optional[str] = None,
+    domain: typing.Optional[str] = None,
+) -> None:
+    # this function is a direct translation of a previous shell script
+    # as samba-tool is based on python libs, this function could possibly
+    # be converted to import samba's libs and use that.
+    _logger.info(f"Provisioning AD domain: realm={realm}")
+    subprocess.check_call(
+        _provision_cmd(
+            realm,
+            dcname,
+            admin_password=admin_password,
+            dns_backend=dns_backend,
+            domain=domain,
+        )
+    )
+    return
+
+
+def join(
+    realm: str,
+    dcname: str,
+    admin_password: str,
+    dns_backend: typing.Optional[str] = None,
+    domain: typing.Optional[str] = None,
+) -> None:
+    _logger.info(f"Joining AD domain: realm={realm}")
+    subprocess.check_call(
+        _join_cmd(
+            realm,
+            dcname,
+            admin_password=admin_password,
+            dns_backend=dns_backend,
+        )
+    )
+
+
+def create_user(
+    name: str,
+    password: str,
+    surname: typing.Optional[str],
+    given_name: typing.Optional[str],
+) -> None:
+    cmd = _user_create_cmd(name, password, surname, given_name)
+    _logger.info("Creating user: %r", name)
+    subprocess.check_call(cmd)
+
+
+def create_group(name: str) -> None:
+    cmd = _group_add_cmd(name)
+    _logger.info("Creating group: %r", name)
+    subprocess.check_call(cmd)
+
+
+def add_group_members(group_name: str, members: typing.List[str]) -> None:
+    cmd = _group_add_members_cmd(group_name, members)
+    _logger.info("Adding group members: %r", cmd)
+    subprocess.check_call(cmd)
+
+
+def _provision_cmd(
+    realm: str,
+    dcname: str,
+    admin_password: str,
+    dns_backend: typing.Optional[str] = None,
+    domain: typing.Optional[str] = None,
+) -> typing.List[str]:
+    if not dns_backend:
+        dns_backend = "SAMBA_INTERNAL"
+    if not domain:
+        domain = realm.split(".")[0].upper()
+    cmd = samba_cmds.sambatool[
+        "domain",
+        "provision",
+        f"--option=netbios name={dcname}",
+        "--use-rfc2307",
+        f"--dns-backend={dns_backend}",
+        "--server-role=dc",
+        f"--realm={realm}",
+        f"--domain={domain}",
+        f"--adminpass={admin_password}",
+    ].argv()
+    return cmd
+
+
+def _join_cmd(
+    realm: str,
+    dcname: str,
+    admin_password: str,
+    dns_backend: typing.Optional[str] = None,
+    domain: typing.Optional[str] = None,
+) -> typing.List[str]:
+    if not dns_backend:
+        dns_backend = "SAMBA_INTERNAL"
+    if not domain:
+        domain = realm.split(".")[0].upper()
+    cmd = samba_cmds.sambatool[
+        "domain",
+        "join",
+        realm,
+        "DC",
+        f"-U{domain}\\Administrator",
+        f"--option=netbios name={dcname}",
+        f"--dns-backend={dns_backend}",
+        f"--password={admin_password}",
+    ].argv()
+    return cmd
+
+
+def _user_create_cmd(
+    name: str,
+    password: str,
+    surname: typing.Optional[str],
+    given_name: typing.Optional[str],
+) -> typing.List[str]:
+    cmd = samba_cmds.sambatool[
+        "user",
+        "create",
+        name,
+        password,
+    ].argv()
+    if surname:
+        cmd.append(f"--surname={surname}")
+    if given_name:
+        cmd.append(f"--given-name={given_name}")
+    return cmd
+
+
+def _group_add_cmd(name: str) -> typing.List[str]:
+    cmd = samba_cmds.sambatool[
+        "group",
+        "add",
+        name,
+    ].argv()
+    return cmd
+
+
+def _group_add_members_cmd(
+    group_name: str, members: typing.List[str]
+) -> typing.List[str]:
+    cmd = samba_cmds.sambatool[
+        "group",
+        "addmembers",
+        group_name,
+        ",".join(members),
+    ].argv()
+    return cmd