freeipa/install/oddjob/org.freeipa.server.config-enable-sid.in

#!/usr/bin/python3
#
# Copyright (C) 2021  FreeIPA Contributors see COPYING for license
#

import logging

from ipalib import api
from ipalib.install import sysrestore
from ipaplatform.paths import paths
from ipapython import ipaldap
from ipapython.admintool import AdminTool
from ipaserver.install import adtrust, adtrustinstance

logger = logging.getLogger(__name__)

class IPAConfigEnableSid(AdminTool):
    command_name = "ipa-enable-sid"
    log_file_name = paths.IPASERVER_ENABLESID_LOG
    usage = "%prog"
    description = "Enable SID generation"

    @classmethod
    def add_options(cls, parser):
        super(IPAConfigEnableSid, cls).add_options(parser)

        parser.add_option(
            "--add-sids",
            dest="add_sids", default=False, action="store_true",
            help="Add SIDs for existing users and groups as the final step"
        )

        parser.add_option(
            "--netbios-name",
            dest="netbios_name", default=None,
            help="NetBIOS name of the IPA domain"
        )

        parser.add_option(
            "--reset-netbios-name",
            dest="reset_netbios_name", default=False, action="store_true",
            help="Force reset of the existing NetBIOS name"
        )


    def validate_options(self):
        super(IPAConfigEnableSid, self).validate_options(needs_root=True)

    def run(self):
        api.bootstrap(in_server=True, confdir=paths.ETC_IPA)
        api.finalize()

        try:
            api.Backend.ldap2.connect()
            fstore = sysrestore.FileStore(paths.SYSRESTORE)

            smb = adtrustinstance.ADTRUSTInstance(fstore, False)
            smb.realm = api.env.realm
            smb.autobind = ipaldap.AUTOBIND_ENABLED
            smb.setup(api.env.host, api.env.realm,
                      self.options.netbios_name,
                      self.options.reset_netbios_name,
                      adtrust.DEFAULT_PRIMARY_RID_BASE,
                      adtrust.DEFAULT_SECONDARY_RID_BASE,
                      self.options.add_sids,
                      enable_compat=False)
            smb.find_local_id_range()
            smb.create_instance()

        finally:
            if api.Backend.ldap2.isconnected():
                api.Backend.ldap2.disconnect()

        return 0

IPAConfigEnableSid.run_cli()