diff options
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 3 | ||||
| -rw-r--r-- | source4/libnet/libnet_vampire.h | 1 | ||||
| -rw-r--r-- | source4/scripting/ejs/ejsnet.c | 7 | ||||
| -rw-r--r-- | source4/scripting/libjs/provision.js | 64 | ||||
| -rw-r--r-- | source4/utils/net/net_vampire.c | 6 |
5 files changed, 62 insertions, 19 deletions
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 5140aa87ae..4bedbbf119 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -1199,7 +1199,8 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str state->secrets = NULL; state->trusted_domains = NULL; - state->sam_ldb = samdb_connect(state, system_session(state)); + state->sam_ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), r->in.session_info, + ctx->cred, 0, NULL); r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h index 5fd6504737..fcd93c3654 100644 --- a/source4/libnet/libnet_vampire.h +++ b/source4/libnet/libnet_vampire.h @@ -75,6 +75,7 @@ struct libnet_samsync_ldb { struct { const char *binding_string; struct cli_credentials *machine_account; + struct auth_session_info *session_info; } in; struct { const char *error_string; diff --git a/source4/scripting/ejs/ejsnet.c b/source4/scripting/ejs/ejsnet.c index e129ba6867..8962025259 100644 --- a/source4/scripting/ejs/ejsnet.c +++ b/source4/scripting/ejs/ejsnet.c @@ -46,7 +46,7 @@ static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv) /* TODO: Need to get the right event context in here */ ctx = libnet_context_init(NULL); - if (argc == 0) { + if (argc == 0 || (argc == 1 && argv[0]->type == MPR_TYPE_NULL)) { creds = cli_credentials_init(ctx); if (creds == NULL) { ejsSetErrorMsg(eid, "cli_credential_init() failed"); @@ -156,14 +156,19 @@ static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv) /* prepare parameters for the samsync */ samsync->in.machine_account = NULL; + samsync->in.session_info = NULL; samsync->in.binding_string = NULL; samsync->out.error_string = NULL; if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) { MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL); + MprVar *session_info = mprGetProperty(argv[0], "session_info", NULL); if (credentials) { samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials); } + if (session_info) { + samsync->in.session_info = talloc_get_type(mprGetPtr(session_info, "session_info"), struct auth_session_info); + } } /* do the domain samsync */ diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 60f267f8d5..2b04aa6791 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -302,10 +302,6 @@ function provision(subobj, message, blank, paths, session_info, credentials) } message("Setting up secrets.ldb\n"); setup_ldb("secrets.ldif", info, paths.secrets); - message("Setting up DNS zone file\n"); - setup_file("provision.zone", - paths.dns, - subobj); message("Setting up keytabs\n"); var keytab_ok = credentials_update_all_keytabs(); assert(keytab_ok); @@ -330,6 +326,32 @@ function provision(subobj, message, blank, paths, session_info, credentials) return true; } +/* Write out a DNS zone file, from the info in the current database */ +function provision_dns(subobj, message, paths, session_info, credentials) +{ + message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n"); + var ldb = ldb_init(); + ldb.session_info = session_info; + ldb.credentials = credentials; + + /* connect to the sam */ + var ok = ldb.connect(paths.samdb); + assert(ok); + + /* These values may have changed, due to an incoming SamSync, so fetch them from the database */ + subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID"); + assert(subobj.DOMAINGUID != undefined); + + subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); + assert(subobj.HOSTGUID != undefined); + + setup_file("provision.zone", + paths.dns, + subobj); + + message("Please install the zone located in " + paths.dns + " into your DNS server\n"); +} + /* guess reasonably default options for provisioning */ @@ -517,27 +539,37 @@ function provision_validate(subobj, message) return true; } -function join_domain(domain, netbios_name, join_type, creds, writefln) +function join_domain(domain, netbios_name, join_type, creds, message) { - ctx = NetContext(creds); - join = new Object(); - join.domain = domain; - join.join_type = join_type; - join.netbios_name = netbios_name; - if (!ctx.JoinDomain(join)) { - writefln("Domain Join failed: " + join.error_string); + var ctx = NetContext(creds); + var joindom = new Object(); + joindom.domain = domain; + joindom.join_type = join_type; + joindom.netbios_name = netbios_name; + if (!ctx.JoinDomain(joindom)) { + message("Domain Join failed: " + join.error_string); return false; } return true; } -function vampire(machine_creds, writefln) -{ - var ctx = NetContext(); +/* Vampire a remote domain. Session info and credentials are required for for + * access to our local database (might be remote ldap) + */ + +function vampire(domain, session_info, credentials, message) { + var ctx = NetContext(credentials); vampire = new Object(); + var machine_creds = credentials_init(); + machine_creds.set_domain(form.DOMAIN); + if (!machine_creds.set_machine_account()) { + message("Failed to access domain join information!"); + return false; + } vampire.machine_creds = machine_creds; + vampire.session_info = session_info; if (!ctx.SamSyncLdb(vampire)) { - writefln("Migration of remote domain to Samba failed: " + vampire.error_string); + message("Migration of remote domain to Samba failed: " + vampire.error_string); return false; } return true; diff --git a/source4/utils/net/net_vampire.c b/source4/utils/net/net_vampire.c index f89739225d..00ae647016 100644 --- a/source4/utils/net/net_vampire.c +++ b/source4/utils/net/net_vampire.c @@ -24,6 +24,7 @@ #include "utils/net/net.h" #include "libnet/libnet.h" #include "librpc/gen_ndr/ndr_samr.h" +#include "auth/auth.h" static int net_samdump_keytab_usage(struct net_context *ctx, int argc, const char **argv) { @@ -150,7 +151,10 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv) r.in.machine_account = NULL; r.in.binding_string = NULL; - status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r); + /* Needed to override the ACLs on ldb */ + r.in.session_info = system_session(libnetctx); + + status = libnet_samsync_ldb(libnetctx, libnetctx, &r); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("libnet_samsync_ldb returned %s: %s\n", nt_errstr(status), |