summaryrefslogtreecommitdiff
path: root/webapps/install/vampire.esp
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-07-23 02:10:11 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:01:16 -0500
commitae0115d8dbf05c52c631ea915f036a2129cd033e (patch)
tree98e608b0f05dd00328d4b5ae77f835435939fe51 /webapps/install/vampire.esp
parentb7f9e85db13c8a6959b7c391efdaa3c723d2772e (diff)
downloadsamba-ae0115d8dbf05c52c631ea915f036a2129cd033e.tar.gz
samba-ae0115d8dbf05c52c631ea915f036a2129cd033e.tar.bz2
samba-ae0115d8dbf05c52c631ea915f036a2129cd033e.zip
r23994: Finish my work to ensure that non-root and non-administrator users
cannot vampire, provision or upgrade a Samba4 server via SWAT. (The previous commit was an accident, and not complete). This should get Samba4 closer to being 'secure' for an alpha release. Andrew Bartlett (This used to be commit 3b6695de36bcea8a76001c9a5585eac871646450)
Diffstat (limited to 'webapps/install/vampire.esp')
-rw-r--r--webapps/install/vampire.esp176
1 files changed, 88 insertions, 88 deletions
diff --git a/webapps/install/vampire.esp b/webapps/install/vampire.esp
index 6860b3ac5b..e0c895404c 100644
--- a/webapps/install/vampire.esp
+++ b/webapps/install/vampire.esp
@@ -14,111 +14,111 @@ var f = FormObj("Provisioning", 0, 2);
var i;
var lp = loadparm_init();
-if (session.authinfo.user_class != "ADMINISTRATOR"
- && session.authinfo.user_class != "SYSTEM") {
- redirect("/");
-}
-
-if (lp.get("realm") == "") {
- lp.set("realm", lp.get("workgroup") + ".example.com");
-}
+if (session.authinfo.user_class == "ADMINISTRATOR"
+ || session.authinfo.user_class == "SYSTEM") {
+ if (lp.get("realm") == "") {
+ lp.set("realm", lp.get("workgroup") + ".example.com");
+ }
-var subobj = provision_guess();
-/* Don't supply default password for web interface */
-subobj.ADMINPASS = "";
-f.add("REALM", "DNS Domain Name");
-f.add("DOMAIN", "NetBIOS Domain Name");
-f.add("ADMIN", "Administrator Username");
-f.add("ADMINPASS", "Administrator Password", "password");
-f.add("HOSTNAME", "My Hostname");
-f.add("HOSTIP", "My Host's IP");
-f.add("DEFAULTSITE", "Default Site");
-f.submit[0] = "Migrate";
-f.submit[1] = "Cancel";
+ var subobj = provision_guess();
+ /* Don't supply default password for web interface */
+ subobj.ADMINPASS = "";
-if (form['submit'] == "Cancel") {
- redirect("/");
-}
+ f.add("REALM", "DNS Domain Name");
+ f.add("DOMAIN", "NetBIOS Domain Name");
+ f.add("ADMIN", "Administrator Username");
+ f.add("ADMINPASS", "Administrator Password", "password");
+ f.add("HOSTNAME", "My Hostname");
+ f.add("HOSTIP", "My Host's IP");
+ f.add("DEFAULTSITE", "Default Site");
+ f.submit[0] = "Migrate";
+ f.submit[1] = "Cancel";
-if (form['submit'] == "Migrate") {
- for (r in form) {
- subobj[r] = form[r];
+ if (form['submit'] == "Cancel") {
+ redirect("/");
}
-}
-
-for (i=0;i<f.element.length;i++) {
- f.element[i].value = subobj[f.element[i].name];
-}
-if (form['submit'] == "Migrate") {
- lp.set("realm", subobj.REALM);
- if (subobj.ADMINPASS == "") {
- write("<h3>We need the administrator password for the " + subobj.DOMAIN + " domain to proceed. Please try again.</h3>");
- f.display();
- } else if (!provision_validate(subobj, writefln)) {
- f.display();
- } else if (strupper(lp.get("server role")) == "domain controller") {
- writefln("You need to set 'server role' to 'member server' before starting the migration process");
- } else {
- var creds = credentials_init();
- var samdb;
- creds.set_username(form.ADMIN);
- creds.set_password(form.ADMINPASS);
- creds.set_domain(form.DOMAIN);
- creds.set_realm(form.REALM);
-
- var info = new Object();
- var paths = provision_default_paths(subobj);
- var session_info = session.authinfo.session_info;
- var credentials = session.authinfo.credentials;
-
- info.credentials = credentials;
- info.session_info = session_info;
- info.message = writefln;
- info.subobj = subobj;
-
- /* Setup a basic database structure, but don't setup any users */
- if (!provision(subobj, writefln, true, paths,
- session_info, credentials, false)) {
- writefln("Provision failed!");
-
- /* Join domain */
- } else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) {
- writefln("Domain Join failed!");
+ if (form['submit'] == "Migrate") {
+ for (r in form) {
+ subobj[r] = form[r];
+ }
+ }
+
+ for (i=0;i<f.element.length;i++) {
+ f.element[i].value = subobj[f.element[i].name];
+ }
+
+ if (form['submit'] == "Migrate") {
+ lp.set("realm", subobj.REALM);
+ if (subobj.ADMINPASS == "") {
+ write("<h3>We need the administrator password for the " + subobj.DOMAIN + " domain to proceed. Please try again.</h3>");
+ f.display();
+ } else if (!provision_validate(subobj, writefln)) {
+ f.display();
+ } else if (strupper(lp.get("server role")) == "domain controller") {
+ writefln("You need to set 'server role' to 'member server' before starting the migration process");
+ } else {
+ var creds = credentials_init();
+ var samdb;
+ creds.set_username(form.ADMIN);
+ creds.set_password(form.ADMINPASS);
+ creds.set_domain(form.DOMAIN);
+ creds.set_realm(form.REALM);
+
+ var info = new Object();
+ var paths = provision_default_paths(subobj);
+ var session_info = session.authinfo.session_info;
+ var credentials = session.authinfo.credentials;
+
+ info.credentials = credentials;
+ info.session_info = session_info;
+ info.message = writefln;
+ info.subobj = subobj;
+
+ /* Setup a basic database structure, but don't setup any users */
+ if (!provision(subobj, writefln, true, paths,
+ session_info, credentials, false)) {
+ writefln("Provision failed!");
+
+ /* Join domain */
+ } else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) {
+ writefln("Domain Join failed!");
- /* Vampire */
- } else if (!vampire(form.DOMAIN, session.authinfo.session_info,
+ /* Vampire */
+ } else if (!vampire(form.DOMAIN, session.authinfo.session_info,
session.authinfo.credentials, writefln)) {
- writefln("Failed to syncronsise remote domain into local database!");
- } else if (!provision_dns(subobj, writefln, paths,
- session.authinfo.session_info, session.authinfo.credentials)) {
- writefln("DNS Provision failed!");
- } else if (!(samdb = open_ldb(info, paths.samdb, false))) {
- writefln("Opening " + paths.samdb + " failed!");
- info.samdb = samdb;
- } else if (!setup_name_mappings(info, samdb)) {
- writefln("Setup of name mappings failed!");
- } else {
- var zonepath = paths.dns;
- %>
+ writefln("Failed to syncronsise remote domain into local database!");
+ } else if (!provision_dns(subobj, writefln, paths,
+ session.authinfo.session_info, session.authinfo.credentials)) {
+ writefln("DNS Provision failed!");
+ } else if (!(samdb = open_ldb(info, paths.samdb, false))) {
+ writefln("Opening " + paths.samdb + " failed!");
+ info.samdb = samdb;
+ } else if (!setup_name_mappings(info, samdb)) {
+ writefln("Setup of name mappings failed!");
+ } else {
+ var zonepath = paths.dns;
+ %>
<h3>Database migrated!</h3>
-
You need to do the following to complete the process:
-
<ul>
-<li>Install the <b>@@zonepath</b> zone file into your bind install, and restart bind
-<li>Change your smb.conf to set "server role = domain controller"
-<li>Shutdown your existing PDC and any other DCs
-<li>Restart smbd
+ <li>Install the <b>@@zonepath</b> zone file into your bind install, and restart bind
+ <li>Change your smb.conf to set "server role = domain controller"
+ <li>Shutdown your existing PDC and any other DCs
+ <li>Restart smbd
</ul>
- <%
+<%
+ }
}
+ } else {
+ f.display();
}
} else {
- f.display();
+ redirect("/");
}
+
%>
generated by cgit (git 2.34.1) at 2024-08-23 10:37:59 +0000