diff options
-rw-r--r-- | source4/scripting/libjs/provision.js | 56 | ||||
-rw-r--r-- | swat/install/vampire.esp | 11 |
2 files changed, 45 insertions, 22 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 14a81e898d..fe112eeb24 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -52,20 +52,20 @@ function findnss() /* add a foreign security principle */ -function add_foreign(str, sid, desc) +function add_foreign(ldb, subobj, sid, desc) { - var add = " -dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN} + var add = sprintf(" +dn: CN=%s,CN=ForeignSecurityPrincipals,%s objectClass: top objectClass: foreignSecurityPrincipal -description: ${DESC} +description: %s uSNCreated: 1 uSNChanged: 1 -"; - var sub = new Object(); - sub.SID = sid; - sub.DESC = desc; - return str + substitute_var(add, sub); +", + sid, subobj.BASEDN, desc); + /* deliberately ignore errors from this, as the records may + already exist */ + ldb.add(add); } @@ -78,6 +78,7 @@ function setup_name_mapping(info, ldb, sid, unixname) var res = ldb.search(sprintf("objectSid=%s", sid), NULL, ldb.SCOPE_DEFAULT, attrs); if (res.length != 1) { + info.message("Failed to find record for objectSid %s\n", sid); return false; } var mod = sprintf(" @@ -298,6 +299,21 @@ function setup_name_mappings(info, subobj, session_info, credentials) if (!ok) { return false; } + var attrs = new Array("objectSid"); + var res = ldb.search("dnsDomain=" + subobj.REALM, + NULL, ldb.SCOPE_DEFAULT, attrs); + if (res.length != 1) { + info.message("Failed to find dnsDomain %s\n", subobj.REALM); + return false; + } + var sid = res[0].objectSid; + + /* add some foreign sids if they are not present already */ + add_foreign(ldb, subobj, "S-1-5-7", "Anonymous"); + add_foreign(ldb, subobj, "S-1-1-0", "World"); + add_foreign(ldb, subobj, "S-1-5-2", "Network"); + add_foreign(ldb, subobj, "S-1-5-18", "System"); + add_foreign(ldb, subobj, "S-1-5-11", "Authenticated Users"); /* some well known sids */ setup_name_mapping(info, ldb, "S-1-5-7", subobj.NOBODY); @@ -307,14 +323,15 @@ function setup_name_mappings(info, subobj, session_info, credentials) setup_name_mapping(info, ldb, "S-1-5-11", subobj.USERS); setup_name_mapping(info, ldb, "S-1-5-32-544", subobj.WHEEL); setup_name_mapping(info, ldb, "S-1-5-32-546", subobj.NOGROUP); + setup_name_mapping(info, ldb, "S-1-5-32-551", subobj.BACKUP); /* and some well known domain rids */ - setup_name_mapping(info, ldb, subobj.DOMAINSID + "-500", subobj.ROOT); - setup_name_mapping(info, ldb, subobj.DOMAINSID + "-518", subobj.WHEEL); - setup_name_mapping(info, ldb, subobj.DOMAINSID + "-519", subobj.WHEEL); - setup_name_mapping(info, ldb, subobj.DOMAINSID + "-512", subobj.WHEEL); - setup_name_mapping(info, ldb, subobj.DOMAINSID + "-513", subobj.USERS); - setup_name_mapping(info, ldb, subobj.DOMAINSID + "-520", subobj.WHEEL); + setup_name_mapping(info, ldb, sid + "-500", subobj.ROOT); + setup_name_mapping(info, ldb, sid + "-518", subobj.WHEEL); + setup_name_mapping(info, ldb, sid + "-519", subobj.WHEEL); + setup_name_mapping(info, ldb, sid + "-512", subobj.WHEEL); + setup_name_mapping(info, ldb, sid + "-513", subobj.USERS); + setup_name_mapping(info, ldb, sid + "-520", subobj.WHEEL); return true; } @@ -342,12 +359,6 @@ function provision(subobj, message, blank, paths, session_info, credentials) var rdns = split(",", subobj.BASEDN); subobj.RDN_DC = substr(rdns[0], strlen("DC=")); - data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}"); - data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}"); - data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}"); - data = add_foreign(data, "S-1-5-18", "System", "${ROOT}"); - data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}"); - provision_next_usn = 1; info.subobj = subobj; @@ -381,6 +392,7 @@ function provision(subobj, message, blank, paths, session_info, credentials) setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false); message("Setting up sam.ldb data\n"); setup_ldb("provision.ldif", info, paths.samdb, NULL, false); + if (blank != false) { return true; } @@ -458,6 +470,7 @@ function provision_guess() subobj.NOBODY = findnss(nss.getpwnam, "nobody"); subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody"); subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root", "staff"); + subobj.BACKUP = findnss(nss.getgrnam, "backup", "wheel", "root", "staff"); subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other"); subobj.DNSDOMAIN = strlower(subobj.REALM); subobj.DNSNAME = sprintf("%s.%s", @@ -656,6 +669,7 @@ function vampire(domain, session_info, credentials, message) { message("Migration of remote domain to Samba failed: " + vampire_ctx.error_string); return false; } + return true; } diff --git a/swat/install/vampire.esp b/swat/install/vampire.esp index db317e2635..437cbda32c 100644 --- a/swat/install/vampire.esp +++ b/swat/install/vampire.esp @@ -54,6 +54,8 @@ if (form['submit'] == "Migrate") { f.display(); } else if (!provision_validate(subobj, writefln)) { f.display(); + } else if (strupper(lp.get("server role")) == "PDC") { + writefln("You need to set 'server role' to 'member server' before starting the migration process"); } else { var creds = credentials_init(); creds.set_username(form.ADMIN); @@ -61,11 +63,16 @@ if (form['submit'] == "Migrate") { creds.set_domain(form.DOMAIN); creds.set_realm(form.REALM); + var info = new Object(); + info.message = writefln; + var paths = provision_default_paths(subobj); + var session_info = session.authinfo.session_info; + var credentials = session.authinfo.credentials; /* Setup a basic database structure, but don't setup any users */ if (!provision(subobj, writefln, true, paths, - session.authinfo.session_info, session.authinfo.credentials)) { + session_info, credentials)) { writefln("Provision failed!"); /* Join domain */ @@ -79,6 +86,8 @@ if (form['submit'] == "Migrate") { } else if (!provision_dns(subobj, writefln, paths, session.authinfo.session_info, session.authinfo.credentials)) { writefln("DNS Provision failed!"); + } else if (!setup_name_mappings(info, subobj, session_info, credentials)) { + writefln("Setup of name mappings failed!"); } else { var zonepath = paths.dns; %> |