summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/libjs/provision.js56
-rw-r--r--swat/install/vampire.esp11
2 files changed, 45 insertions, 22 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 14a81e898d..fe112eeb24 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -52,20 +52,20 @@ function findnss()
/*
add a foreign security principle
*/
-function add_foreign(str, sid, desc)
+function add_foreign(ldb, subobj, sid, desc)
{
- var add = "
-dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN}
+ var add = sprintf("
+dn: CN=%s,CN=ForeignSecurityPrincipals,%s
objectClass: top
objectClass: foreignSecurityPrincipal
-description: ${DESC}
+description: %s
uSNCreated: 1
uSNChanged: 1
-";
- var sub = new Object();
- sub.SID = sid;
- sub.DESC = desc;
- return str + substitute_var(add, sub);
+",
+ sid, subobj.BASEDN, desc);
+ /* deliberately ignore errors from this, as the records may
+ already exist */
+ ldb.add(add);
}
@@ -78,6 +78,7 @@ function setup_name_mapping(info, ldb, sid, unixname)
var res = ldb.search(sprintf("objectSid=%s", sid),
NULL, ldb.SCOPE_DEFAULT, attrs);
if (res.length != 1) {
+ info.message("Failed to find record for objectSid %s\n", sid);
return false;
}
var mod = sprintf("
@@ -298,6 +299,21 @@ function setup_name_mappings(info, subobj, session_info, credentials)
if (!ok) {
return false;
}
+ var attrs = new Array("objectSid");
+ var res = ldb.search("dnsDomain=" + subobj.REALM,
+ NULL, ldb.SCOPE_DEFAULT, attrs);
+ if (res.length != 1) {
+ info.message("Failed to find dnsDomain %s\n", subobj.REALM);
+ return false;
+ }
+ var sid = res[0].objectSid;
+
+ /* add some foreign sids if they are not present already */
+ add_foreign(ldb, subobj, "S-1-5-7", "Anonymous");
+ add_foreign(ldb, subobj, "S-1-1-0", "World");
+ add_foreign(ldb, subobj, "S-1-5-2", "Network");
+ add_foreign(ldb, subobj, "S-1-5-18", "System");
+ add_foreign(ldb, subobj, "S-1-5-11", "Authenticated Users");
/* some well known sids */
setup_name_mapping(info, ldb, "S-1-5-7", subobj.NOBODY);
@@ -307,14 +323,15 @@ function setup_name_mappings(info, subobj, session_info, credentials)
setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS);
setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL);
setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP);
+ setup_name_mapping(info, ldb, "S-1-5-32-551", subobj.BACKUP);
/* and some well known domain rids */
- setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT);
- setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL);
- setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL);
- setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL);
- setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS);
- setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL);
+ setup_name_mapping(info, ldb, sid + "-500", subobj.ROOT);
+ setup_name_mapping(info, ldb, sid + "-518", subobj.WHEEL);
+ setup_name_mapping(info, ldb, sid + "-519", subobj.WHEEL);
+ setup_name_mapping(info, ldb, sid + "-512", subobj.WHEEL);
+ setup_name_mapping(info, ldb, sid + "-513", subobj.USERS);
+ setup_name_mapping(info, ldb, sid + "-520", subobj.WHEEL);
return true;
}
@@ -342,12 +359,6 @@ function provision(subobj, message, blank, paths, session_info, credentials)
var rdns = split(",", subobj.BASEDN);
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
- data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}");
- data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}");
- data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}");
- data = add_foreign(data, "S-1-5-18", "System", "${ROOT}");
- data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}");
-
provision_next_usn = 1;
info.subobj = subobj;
@@ -381,6 +392,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
message("Setting up sam.ldb data\n");
setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
+
if (blank != false) {
return true;
}
@@ -458,6 +470,7 @@ function provision_guess()
subobj.NOBODY = findnss(nss.getpwnam, "nobody");
subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root", "staff");
+ subobj.BACKUP = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
subobj.DNSDOMAIN = strlower(subobj.REALM);
subobj.DNSNAME = sprintf("%s.%s",
@@ -656,6 +669,7 @@ function vampire(domain, session_info, credentials, message) {
message("Migration of remote domain to Samba failed: " + vampire_ctx.error_string);
return false;
}
+
return true;
}
diff --git a/swat/install/vampire.esp b/swat/install/vampire.esp
index db317e2635..437cbda32c 100644
--- a/swat/install/vampire.esp
+++ b/swat/install/vampire.esp
@@ -54,6 +54,8 @@ if (form['submit'] == "Migrate") {
f.display();
} else if (!provision_validate(subobj, writefln)) {
f.display();
+ } else if (strupper(lp.get("server role")) == "PDC") {
+ writefln("You need to set 'server role' to 'member server' before starting the migration process");
} else {
var creds = credentials_init();
creds.set_username(form.ADMIN);
@@ -61,11 +63,16 @@ if (form['submit'] == "Migrate") {
creds.set_domain(form.DOMAIN);
creds.set_realm(form.REALM);
+ var info = new Object();
+ info.message = writefln;
+
var paths = provision_default_paths(subobj);
+ var session_info = session.authinfo.session_info;
+ var credentials = session.authinfo.credentials;
/* Setup a basic database structure, but don't setup any users */
if (!provision(subobj, writefln, true, paths,
- session.authinfo.session_info, session.authinfo.credentials)) {
+ session_info, credentials)) {
writefln("Provision failed!");
/* Join domain */
@@ -79,6 +86,8 @@ if (form['submit'] == "Migrate") {
} else if (!provision_dns(subobj, writefln, paths,
session.authinfo.session_info, session.authinfo.credentials)) {
writefln("DNS Provision failed!");
+ } else if (!setup_name_mappings(info, subobj, session_info, credentials)) {
+ writefln("Setup of name mappings failed!");
} else {
var zonepath = paths.dns;
%>