summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/libnet/libnet_samsync_ldb.c3
-rw-r--r--source4/libnet/libnet_vampire.h1
-rw-r--r--source4/scripting/ejs/ejsnet.c7
-rw-r--r--source4/scripting/libjs/provision.js64
-rw-r--r--source4/utils/net/net_vampire.c6
-rw-r--r--swat/install/provision.esp17
-rw-r--r--swat/install/vampire.esp29
7 files changed, 89 insertions, 38 deletions
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index 5140aa87ae..4bedbbf119 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -1199,7 +1199,8 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str
state->secrets = NULL;
state->trusted_domains = NULL;
- state->sam_ldb = samdb_connect(state, system_session(state));
+ state->sam_ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), r->in.session_info,
+ ctx->cred, 0, NULL);
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h
index 5fd6504737..fcd93c3654 100644
--- a/source4/libnet/libnet_vampire.h
+++ b/source4/libnet/libnet_vampire.h
@@ -75,6 +75,7 @@ struct libnet_samsync_ldb {
struct {
const char *binding_string;
struct cli_credentials *machine_account;
+ struct auth_session_info *session_info;
} in;
struct {
const char *error_string;
diff --git a/source4/scripting/ejs/ejsnet.c b/source4/scripting/ejs/ejsnet.c
index e129ba6867..8962025259 100644
--- a/source4/scripting/ejs/ejsnet.c
+++ b/source4/scripting/ejs/ejsnet.c
@@ -46,7 +46,7 @@ static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv)
/* TODO: Need to get the right event context in here */
ctx = libnet_context_init(NULL);
- if (argc == 0) {
+ if (argc == 0 || (argc == 1 && argv[0]->type == MPR_TYPE_NULL)) {
creds = cli_credentials_init(ctx);
if (creds == NULL) {
ejsSetErrorMsg(eid, "cli_credential_init() failed");
@@ -156,14 +156,19 @@ static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv)
/* prepare parameters for the samsync */
samsync->in.machine_account = NULL;
+ samsync->in.session_info = NULL;
samsync->in.binding_string = NULL;
samsync->out.error_string = NULL;
if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL);
+ MprVar *session_info = mprGetProperty(argv[0], "session_info", NULL);
if (credentials) {
samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials);
}
+ if (session_info) {
+ samsync->in.session_info = talloc_get_type(mprGetPtr(session_info, "session_info"), struct auth_session_info);
+ }
}
/* do the domain samsync */
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 60f267f8d5..2b04aa6791 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -302,10 +302,6 @@ function provision(subobj, message, blank, paths, session_info, credentials)
}
message("Setting up secrets.ldb\n");
setup_ldb("secrets.ldif", info, paths.secrets);
- message("Setting up DNS zone file\n");
- setup_file("provision.zone",
- paths.dns,
- subobj);
message("Setting up keytabs\n");
var keytab_ok = credentials_update_all_keytabs();
assert(keytab_ok);
@@ -330,6 +326,32 @@ function provision(subobj, message, blank, paths, session_info, credentials)
return true;
}
+/* Write out a DNS zone file, from the info in the current database */
+function provision_dns(subobj, message, paths, session_info, credentials)
+{
+ message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
+ var ldb = ldb_init();
+ ldb.session_info = session_info;
+ ldb.credentials = credentials;
+
+ /* connect to the sam */
+ var ok = ldb.connect(paths.samdb);
+ assert(ok);
+
+ /* These values may have changed, due to an incoming SamSync, so fetch them from the database */
+ subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID");
+ assert(subobj.DOMAINGUID != undefined);
+
+ subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+ assert(subobj.HOSTGUID != undefined);
+
+ setup_file("provision.zone",
+ paths.dns,
+ subobj);
+
+ message("Please install the zone located in " + paths.dns + " into your DNS server\n");
+}
+
/*
guess reasonably default options for provisioning
*/
@@ -517,27 +539,37 @@ function provision_validate(subobj, message)
return true;
}
-function join_domain(domain, netbios_name, join_type, creds, writefln)
+function join_domain(domain, netbios_name, join_type, creds, message)
{
- ctx = NetContext(creds);
- join = new Object();
- join.domain = domain;
- join.join_type = join_type;
- join.netbios_name = netbios_name;
- if (!ctx.JoinDomain(join)) {
- writefln("Domain Join failed: " + join.error_string);
+ var ctx = NetContext(creds);
+ var joindom = new Object();
+ joindom.domain = domain;
+ joindom.join_type = join_type;
+ joindom.netbios_name = netbios_name;
+ if (!ctx.JoinDomain(joindom)) {
+ message("Domain Join failed: " + join.error_string);
return false;
}
return true;
}
-function vampire(machine_creds, writefln)
-{
- var ctx = NetContext();
+/* Vampire a remote domain. Session info and credentials are required for for
+ * access to our local database (might be remote ldap)
+ */
+
+function vampire(domain, session_info, credentials, message) {
+ var ctx = NetContext(credentials);
vampire = new Object();
+ var machine_creds = credentials_init();
+ machine_creds.set_domain(form.DOMAIN);
+ if (!machine_creds.set_machine_account()) {
+ message("Failed to access domain join information!");
+ return false;
+ }
vampire.machine_creds = machine_creds;
+ vampire.session_info = session_info;
if (!ctx.SamSyncLdb(vampire)) {
- writefln("Migration of remote domain to Samba failed: " + vampire.error_string);
+ message("Migration of remote domain to Samba failed: " + vampire.error_string);
return false;
}
return true;
diff --git a/source4/utils/net/net_vampire.c b/source4/utils/net/net_vampire.c
index f89739225d..00ae647016 100644
--- a/source4/utils/net/net_vampire.c
+++ b/source4/utils/net/net_vampire.c
@@ -24,6 +24,7 @@
#include "utils/net/net.h"
#include "libnet/libnet.h"
#include "librpc/gen_ndr/ndr_samr.h"
+#include "auth/auth.h"
static int net_samdump_keytab_usage(struct net_context *ctx, int argc, const char **argv)
{
@@ -150,7 +151,10 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
r.in.machine_account = NULL;
r.in.binding_string = NULL;
- status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r);
+ /* Needed to override the ACLs on ldb */
+ r.in.session_info = system_session(libnetctx);
+
+ status = libnet_samsync_ldb(libnetctx, libnetctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_samsync_ldb returned %s: %s\n",
nt_errstr(status),
diff --git a/swat/install/provision.esp b/swat/install/provision.esp
index 7dda74e732..ee9673d507 100644
--- a/swat/install/provision.esp
+++ b/swat/install/provision.esp
@@ -21,13 +21,12 @@ var subobj = provision_guess();
/* Don't supply default password for web interface */
subobj.ADMINPASS = "";
-f.add("REALM", "Realm");
-f.add("DOMAIN", "Domain Name");
+f.add("REALM", "DNS Domain Name");
+f.add("DOMAIN", "NetBIOS Domain Name");
f.add("HOSTNAME", "Hostname");
f.add("ADMINPASS", "Administrator Password", "password");
f.add("CONFIRM", "Confirm Password", "password");
f.add("DOMAINSID", "Domain SID");
-f.add("HOSTGUID", "Host GUID");
f.add("HOSTIP", "Host IP");
f.add("DEFAULTSITE", "Default Site");
f.submit[0] = "Provision";
@@ -60,8 +59,16 @@ if (form['submit'] == "Provision") {
} else if (!provision_validate(subobj, writefln)) {
f.display();
} else {
- provision(subobj, writefln, false, provision_default_paths(subobj),
- session.authinfo.session_info, session.authinfo.credentials);
+ var paths = provision_default_paths(subobj);
+ if (!provision(subobj, writefln, false, paths,
+ session.authinfo.session_info, session.authinfo.credentials)) {
+ writefln("Provision failed!");
+ } else if (!provision_dns(subobj, writefln, paths,
+ session.authinfo.session_info, session.authinfo.credentials)) {
+ writefln("DNS Provision failed!");
+ } else {
+ writefln("Provision Complete!");
+ }
}
} else {
f.display();
diff --git a/swat/install/vampire.esp b/swat/install/vampire.esp
index bd96f91962..19f99dce98 100644
--- a/swat/install/vampire.esp
+++ b/swat/install/vampire.esp
@@ -23,13 +23,12 @@ var subobj = provision_guess();
/* Don't supply default password for web interface */
subobj.ADMINPASS = "";
-f.add("REALM", "Realm");
-f.add("DOMAIN", "Domain Name");
+f.add("REALM", "DNS Domain Name");
+f.add("DOMAIN", "NetBIOS Domain Name");
f.add("ADMIN", "Administrator Username");
f.add("ADMINPASS", "Administrator Password", "password");
f.add("HOSTNAME", "My Hostname");
-f.add("HOSTGUID", "Host GUID");
-f.add("HOSTIP", "Host IP");
+f.add("HOSTIP", "My Host's IP");
f.add("DEFAULTSITE", "Default Site");
f.submit[0] = "Migrate";
f.submit[1] = "Cancel";
@@ -62,24 +61,26 @@ if (form['submit'] == "Migrate") {
creds.set_domain(form.DOMAIN);
creds.set_realm(form.REALM);
+ var paths = provision_default_paths(subobj);
+
/* Setup a basic database structure, but don't setup any users */
- if (!provision(subobj, writefln, true, provision_default_paths(subobj),
- session.authinfo.session_info, session.authinfo.credentials)) {
+ if (!provision(subobj, writefln, true, paths,
+ session.authinfo.session_info, session.authinfo.credentials)) {
writefln("Provision failed!");
/* Join domain */
} else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) {
writefln("Domain Join failed!");
+ /* Vampire */
+ } else if (!vampire(form.DOMAIN, session.authinfo.session_info,
+ session.authinfo.credentials, writefln)) {
+ writefln("Failed to syncronsise remote domain into local database!");
+ } else if (!provision_dns(subobj, writefln, paths,
+ session.authinfo.session_info, session.authinfo.credentials)) {
+ writefln("DNS Provision failed!");
} else {
- /* Vampire */
- var machine_creds = credentials_init();
- machine_creds.set_domain(form.DOMAIN);
- if (!machine_creds.set_machine_account()) {
- writefln("Failed to access newly setup domain join!");
- } else if (!vampire(machine_creds, writefln)) {
- writefln("Failed to syncronsise remote domain into local database!");
- }
+ writefln("Migration Complete!");
}
}
} else {
generated by cgit (git 2.34.1) at 2024-12-01 05:54:24 +0000