diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-14 06:17:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:07 -0500 |
commit | f3db23ac75578198ee411b21a7ba2ec49dedafab (patch) | |
tree | 4625f46ea496e475be03e8c94d968d15f56e9693 | |
parent | ae51cc9bec8bc5d6efd035ac6e594aa7cc108ffe (diff) | |
download | samba-f3db23ac75578198ee411b21a7ba2ec49dedafab.tar.gz samba-f3db23ac75578198ee411b21a7ba2ec49dedafab.tar.bz2 samba-f3db23ac75578198ee411b21a7ba2ec49dedafab.zip |
r12928: This patch improves the interaction between the vampire and provsion code.
Previously, we had to know (or guess) the host and domain guid at the
provision stage. Now we query the database post-provision, to extract
the values and fill in the zone file.
This allows us to generate a correct zone file in the Windows migration case.
In an effort to make SWAT easier to use, I have removed and renamed
some of the provision options.
I have also fixed a nasty issue in my js code. I had implictly
declared a global variable of the name 'join', with disasterious
results for any subsequent user of the string utility function:
esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0
Backtrace:
[ 0] substitute_var:20 -> list[i] = join("", list2)
[ 1] setup_file:9 -> data = substitute_var(data, subobj)
Andrew Bartlett
(This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
-rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 3 | ||||
-rw-r--r-- | source4/libnet/libnet_vampire.h | 1 | ||||
-rw-r--r-- | source4/scripting/ejs/ejsnet.c | 7 | ||||
-rw-r--r-- | source4/scripting/libjs/provision.js | 64 | ||||
-rw-r--r-- | source4/utils/net/net_vampire.c | 6 | ||||
-rw-r--r-- | swat/install/provision.esp | 17 | ||||
-rw-r--r-- | swat/install/vampire.esp | 29 |
7 files changed, 89 insertions, 38 deletions
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 5140aa87ae..4bedbbf119 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -1199,7 +1199,8 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str state->secrets = NULL; state->trusted_domains = NULL; - state->sam_ldb = samdb_connect(state, system_session(state)); + state->sam_ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), r->in.session_info, + ctx->cred, 0, NULL); r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h index 5fd6504737..fcd93c3654 100644 --- a/source4/libnet/libnet_vampire.h +++ b/source4/libnet/libnet_vampire.h @@ -75,6 +75,7 @@ struct libnet_samsync_ldb { struct { const char *binding_string; struct cli_credentials *machine_account; + struct auth_session_info *session_info; } in; struct { const char *error_string; diff --git a/source4/scripting/ejs/ejsnet.c b/source4/scripting/ejs/ejsnet.c index e129ba6867..8962025259 100644 --- a/source4/scripting/ejs/ejsnet.c +++ b/source4/scripting/ejs/ejsnet.c @@ -46,7 +46,7 @@ static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv) /* TODO: Need to get the right event context in here */ ctx = libnet_context_init(NULL); - if (argc == 0) { + if (argc == 0 || (argc == 1 && argv[0]->type == MPR_TYPE_NULL)) { creds = cli_credentials_init(ctx); if (creds == NULL) { ejsSetErrorMsg(eid, "cli_credential_init() failed"); @@ -156,14 +156,19 @@ static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv) /* prepare parameters for the samsync */ samsync->in.machine_account = NULL; + samsync->in.session_info = NULL; samsync->in.binding_string = NULL; samsync->out.error_string = NULL; if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) { MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL); + MprVar *session_info = mprGetProperty(argv[0], "session_info", NULL); if (credentials) { samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials); } + if (session_info) { + samsync->in.session_info = talloc_get_type(mprGetPtr(session_info, "session_info"), struct auth_session_info); + } } /* do the domain samsync */ diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 60f267f8d5..2b04aa6791 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -302,10 +302,6 @@ function provision(subobj, message, blank, paths, session_info, credentials) } message("Setting up secrets.ldb\n"); setup_ldb("secrets.ldif", info, paths.secrets); - message("Setting up DNS zone file\n"); - setup_file("provision.zone", - paths.dns, - subobj); message("Setting up keytabs\n"); var keytab_ok = credentials_update_all_keytabs(); assert(keytab_ok); @@ -330,6 +326,32 @@ function provision(subobj, message, blank, paths, session_info, credentials) return true; } +/* Write out a DNS zone file, from the info in the current database */ +function provision_dns(subobj, message, paths, session_info, credentials) +{ + message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n"); + var ldb = ldb_init(); + ldb.session_info = session_info; + ldb.credentials = credentials; + + /* connect to the sam */ + var ok = ldb.connect(paths.samdb); + assert(ok); + + /* These values may have changed, due to an incoming SamSync, so fetch them from the database */ + subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID"); + assert(subobj.DOMAINGUID != undefined); + + subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); + assert(subobj.HOSTGUID != undefined); + + setup_file("provision.zone", + paths.dns, + subobj); + + message("Please install the zone located in " + paths.dns + " into your DNS server\n"); +} + /* guess reasonably default options for provisioning */ @@ -517,27 +539,37 @@ function provision_validate(subobj, message) return true; } -function join_domain(domain, netbios_name, join_type, creds, writefln) +function join_domain(domain, netbios_name, join_type, creds, message) { - ctx = NetContext(creds); - join = new Object(); - join.domain = domain; - join.join_type = join_type; - join.netbios_name = netbios_name; - if (!ctx.JoinDomain(join)) { - writefln("Domain Join failed: " + join.error_string); + var ctx = NetContext(creds); + var joindom = new Object(); + joindom.domain = domain; + joindom.join_type = join_type; + joindom.netbios_name = netbios_name; + if (!ctx.JoinDomain(joindom)) { + message("Domain Join failed: " + join.error_string); return false; } return true; } -function vampire(machine_creds, writefln) -{ - var ctx = NetContext(); +/* Vampire a remote domain. Session info and credentials are required for for + * access to our local database (might be remote ldap) + */ + +function vampire(domain, session_info, credentials, message) { + var ctx = NetContext(credentials); vampire = new Object(); + var machine_creds = credentials_init(); + machine_creds.set_domain(form.DOMAIN); + if (!machine_creds.set_machine_account()) { + message("Failed to access domain join information!"); + return false; + } vampire.machine_creds = machine_creds; + vampire.session_info = session_info; if (!ctx.SamSyncLdb(vampire)) { - writefln("Migration of remote domain to Samba failed: " + vampire.error_string); + message("Migration of remote domain to Samba failed: " + vampire.error_string); return false; } return true; diff --git a/source4/utils/net/net_vampire.c b/source4/utils/net/net_vampire.c index f89739225d..00ae647016 100644 --- a/source4/utils/net/net_vampire.c +++ b/source4/utils/net/net_vampire.c @@ -24,6 +24,7 @@ #include "utils/net/net.h" #include "libnet/libnet.h" #include "librpc/gen_ndr/ndr_samr.h" +#include "auth/auth.h" static int net_samdump_keytab_usage(struct net_context *ctx, int argc, const char **argv) { @@ -150,7 +151,10 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv) r.in.machine_account = NULL; r.in.binding_string = NULL; - status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r); + /* Needed to override the ACLs on ldb */ + r.in.session_info = system_session(libnetctx); + + status = libnet_samsync_ldb(libnetctx, libnetctx, &r); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("libnet_samsync_ldb returned %s: %s\n", nt_errstr(status), diff --git a/swat/install/provision.esp b/swat/install/provision.esp index 7dda74e732..ee9673d507 100644 --- a/swat/install/provision.esp +++ b/swat/install/provision.esp @@ -21,13 +21,12 @@ var subobj = provision_guess(); /* Don't supply default password for web interface */ subobj.ADMINPASS = ""; -f.add("REALM", "Realm"); -f.add("DOMAIN", "Domain Name"); +f.add("REALM", "DNS Domain Name"); +f.add("DOMAIN", "NetBIOS Domain Name"); f.add("HOSTNAME", "Hostname"); f.add("ADMINPASS", "Administrator Password", "password"); f.add("CONFIRM", "Confirm Password", "password"); f.add("DOMAINSID", "Domain SID"); -f.add("HOSTGUID", "Host GUID"); f.add("HOSTIP", "Host IP"); f.add("DEFAULTSITE", "Default Site"); f.submit[0] = "Provision"; @@ -60,8 +59,16 @@ if (form['submit'] == "Provision") { } else if (!provision_validate(subobj, writefln)) { f.display(); } else { - provision(subobj, writefln, false, provision_default_paths(subobj), - session.authinfo.session_info, session.authinfo.credentials); + var paths = provision_default_paths(subobj); + if (!provision(subobj, writefln, false, paths, + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("Provision failed!"); + } else if (!provision_dns(subobj, writefln, paths, + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("DNS Provision failed!"); + } else { + writefln("Provision Complete!"); + } } } else { f.display(); diff --git a/swat/install/vampire.esp b/swat/install/vampire.esp index bd96f91962..19f99dce98 100644 --- a/swat/install/vampire.esp +++ b/swat/install/vampire.esp @@ -23,13 +23,12 @@ var subobj = provision_guess(); /* Don't supply default password for web interface */ subobj.ADMINPASS = ""; -f.add("REALM", "Realm"); -f.add("DOMAIN", "Domain Name"); +f.add("REALM", "DNS Domain Name"); +f.add("DOMAIN", "NetBIOS Domain Name"); f.add("ADMIN", "Administrator Username"); f.add("ADMINPASS", "Administrator Password", "password"); f.add("HOSTNAME", "My Hostname"); -f.add("HOSTGUID", "Host GUID"); -f.add("HOSTIP", "Host IP"); +f.add("HOSTIP", "My Host's IP"); f.add("DEFAULTSITE", "Default Site"); f.submit[0] = "Migrate"; f.submit[1] = "Cancel"; @@ -62,24 +61,26 @@ if (form['submit'] == "Migrate") { creds.set_domain(form.DOMAIN); creds.set_realm(form.REALM); + var paths = provision_default_paths(subobj); + /* Setup a basic database structure, but don't setup any users */ - if (!provision(subobj, writefln, true, provision_default_paths(subobj), - session.authinfo.session_info, session.authinfo.credentials)) { + if (!provision(subobj, writefln, true, paths, + session.authinfo.session_info, session.authinfo.credentials)) { writefln("Provision failed!"); /* Join domain */ } else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) { writefln("Domain Join failed!"); + /* Vampire */ + } else if (!vampire(form.DOMAIN, session.authinfo.session_info, + session.authinfo.credentials, writefln)) { + writefln("Failed to syncronsise remote domain into local database!"); + } else if (!provision_dns(subobj, writefln, paths, + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("DNS Provision failed!"); } else { - /* Vampire */ - var machine_creds = credentials_init(); - machine_creds.set_domain(form.DOMAIN); - if (!machine_creds.set_machine_account()) { - writefln("Failed to access newly setup domain join!"); - } else if (!vampire(machine_creds, writefln)) { - writefln("Failed to syncronsise remote domain into local database!"); - } + writefln("Migration Complete!"); } } } else { |