diff --git a/source/libnet/libnet_user.c b/source/libnet/libnet_user.c index 50cb14d2907..ba9fd0cc83d 100644 --- a/source/libnet/libnet_user.c +++ b/source/libnet/libnet_user.c @@ -75,3 +75,54 @@ NTSTATUS libnet_CreateUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return status; } + +NTSTATUS libnet_DeleteUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_DeleteUser *r) +{ + NTSTATUS status; + struct libnet_RpcConnect cn; + struct libnet_rpc_domain_open dom_io; + struct libnet_rpc_userdel user_io; + + /* connect rpc service of remote DC */ + cn.level = LIBNET_RPC_CONNECT_PDC; + cn.in.name = talloc_strdup(mem_ctx, r->in.domain_name); + cn.in.dcerpc_iface = &dcerpc_table_samr; + + status = libnet_RpcConnect(ctx, mem_ctx, &cn); + if (!NT_STATUS_IS_OK(status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "Connection to SAMR pipe domain '%s' PDC failed: %s\n", + r->in.domain_name, nt_errstr(status)); + return status; + } + + ctx->pipe = cn.out.dcerpc_pipe; + + /* open connected domain */ + dom_io.in.domain_name = r->in.domain_name; + dom_io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + + status = libnet_rpc_domain_open(ctx->pipe, mem_ctx, &dom_io); + if (!NT_STATUS_IS_OK(status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "Opening domain to delete user account failed: %s\n", + nt_errstr(status)); + return status; + } + + ctx->domain_handle = dom_io.out.domain_handle; + + /* create user */ + user_io.in.username = r->in.user_name; + user_io.in.domain_handle = dom_io.out.domain_handle; + + status = libnet_rpc_userdel(ctx->pipe, mem_ctx, &user_io); + if (!NT_STATUS_IS_OK(status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "Deleting user account failed: %s\n", + nt_errstr(status)); + return status; + } + + return status; +} diff --git a/source/libnet/libnet_user.h b/source/libnet/libnet_user.h index 358f0d0b0f5..2182ccb4e47 100644 --- a/source/libnet/libnet_user.h +++ b/source/libnet/libnet_user.h @@ -36,3 +36,21 @@ struct libnet_CreateUser { const char *error_string; } out; }; + +enum libnet_DeleteUser_level { + LIBNET_DELETE_USER_GENERIC, + LIBNET_DELETE_USER_SAMR, +}; + + +struct libnet_DeleteUser { + enum libnet_DeleteUser_level level; + + struct { + const char *user_name; + const char *domain_name; + } in; + struct { + const char *error_string; + } out; +}; diff --git a/source/script/tests/test_ejs.sh b/source/script/tests/test_ejs.sh index 2f1a2abcad8..6df202122ae 100755 --- a/source/script/tests/test_ejs.sh +++ b/source/script/tests/test_ejs.sh @@ -3,12 +3,12 @@ if [ $# -lt 3 ]; then cat <cred = creds; - - ctx->name_res_methods = str_list_copy(ctx, lp_name_resolve_order()); if (argc == 0) { + creds = cli_credentials_init(ctx); + if (creds == NULL) { + ejsSetErrorMsg(eid, "cli_credential_init() failed"); + talloc_free(ctx); + return -1; + } + cli_credentials_set_conf(creds); cli_credentials_set_anonymous(creds); - - } else if (argc == 2 || argc == 4 ) { - - cli_credentials_set_workstation(creds, lp_netbios_name(), CRED_SPECIFIED); - - if (!mprVarIsString(argv[0]->type)) { - ejsSetErrorMsg(eid, "argument 1 must be a string"); - goto done; + } else if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) { + /* get credential values from credentials object */ + creds = mprGetPtr(argv[0], "creds"); + if (creds == NULL) { + ejsSetErrorMsg(eid, "userAuth requires a 'creds' first parameter"); + talloc_free(ctx); + return -1; } - cli_credentials_set_username(creds, argv[0]->string, CRED_SPECIFIED); - - if (!mprVarIsString(argv[1]->type)) { - ejsSetErrorMsg(eid, "argument 2 must be a string"); - goto done; - } - cli_credentials_set_password(creds, argv[1]->string, CRED_SPECIFIED); - } else { - ejsSetErrorMsg(eid, "invalid number of arguments"); - goto done; + ejsSetErrorMsg(eid, "NetContext invalid arguments, this function requires an object."); + talloc_free(ctx); + return -1; } + ctx->cred = creds; - - if (argc == 4) { - - if (!mprVarIsString(argv[2]->type)) { - ejsSetErrorMsg(eid, "argument 3 must be a string"); - goto done; - } - cli_credentials_set_domain(creds, argv[2]->string, CRED_SPECIFIED); - - if (!mprVarIsString(argv[3]->type)) { - ejsSetErrorMsg(eid, "argument 4 must be a string"); - goto done; - } - cli_credentials_set_realm(creds, argv[3]->string, CRED_SPECIFIED); - } - - obj = mprInitObject(eid, "NetCtx", argc, argv); - mprSetPtrChild(obj, "ctx", ctx); - - mprSetCFunction(obj, "UserMgr", ejs_net_userman); + obj = mprObject("NetCtx"); + mprSetPtrChild(&obj, "ctx", ctx); + + mprSetCFunction(&obj, "UserMgr", ejs_net_userman); + mprSetCFunction(&obj, "JoinDomain", ejs_net_join_domain); + mprSetCFunction(&obj, "SamSyncLdb", ejs_net_samsync_ldb); + mpr_Return(eid, obj); return 0; -done: - talloc_free(ctx); - return -1; } +static int ejs_net_join_domain(MprVarHandle eid, int argc, struct MprVar **argv) +{ + TALLOC_CTX *mem_ctx; + struct libnet_context *ctx; + struct libnet_Join *join; + NTSTATUS status; + ctx = mprGetThisPtr(eid, "ctx"); + mem_ctx = talloc_new(mprMemCtx()); + + join = talloc(mem_ctx, struct libnet_Join); + if (!join) { + talloc_free(mem_ctx); + return -1; + } + + /* prepare parameters for the join */ + join->in.netbios_name = NULL; + join->in.join_type = SEC_CHAN_WKSTA; + join->in.domain_name = cli_credentials_get_domain(ctx->cred); + join->in.level = LIBNET_JOINDOMAIN_AUTOMATIC; + join->out.error_string = NULL; + + if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) { + MprVar *netbios_name = mprGetProperty(argv[0], "netbios_name", NULL); + MprVar *domain_name = mprGetProperty(argv[0], "domain_name", NULL); + MprVar *join_type = mprGetProperty(argv[0], "join_type", NULL); + if (netbios_name) { + join->in.netbios_name = mprToString(netbios_name); + } + if (domain_name) { + join->in.domain_name = mprToString(domain_name); + } + if (join_type) { + join->in.join_type = mprToInt(join_type); + } + } + + if (!join->in.domain_name) { + ejsSetErrorMsg(eid, "a domain must be specified for to join"); + talloc_free(mem_ctx); + return -1; + } + + /* do the domain join */ + status = libnet_Join(ctx, join, join); + + if (!NT_STATUS_IS_OK(status)) { + MprVar error_string = mprString(join->out.error_string); + + mprSetPropertyValue(argv[0], "error_string", error_string); + mpr_Return(eid, mprCreateBoolVar(False)); + } else { + mpr_Return(eid, mprCreateBoolVar(True)); + } + talloc_free(mem_ctx); + return 0; +} + +static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv) +{ + TALLOC_CTX *mem_ctx; + struct libnet_context *ctx; + struct libnet_samsync_ldb *samsync; + NTSTATUS status; + ctx = mprGetThisPtr(eid, "ctx"); + mem_ctx = talloc_new(mprMemCtx()); + + samsync = talloc(mem_ctx, struct libnet_samsync_ldb); + if (!samsync) { + talloc_free(mem_ctx); + return -1; + } + + /* prepare parameters for the samsync */ + samsync->in.machine_account = NULL; + samsync->in.binding_string = NULL; + samsync->out.error_string = NULL; + + if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) { + MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL); + if (credentials) { + samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials); + } + } + + /* do the domain samsync */ + status = libnet_samsync_ldb(ctx, samsync, samsync); + + if (!NT_STATUS_IS_OK(status)) { + MprVar error_string = mprString(samsync->out.error_string); + + mprSetPropertyValue(argv[0], "error_string", error_string); + mpr_Return(eid, mprCreateBoolVar(False)); + } else { + mpr_Return(eid, mprCreateBoolVar(True)); + } + talloc_free(mem_ctx); + return 0; +} static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv) { @@ -99,7 +189,7 @@ static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv) struct MprVar *obj = NULL; ctx = mprGetThisPtr(eid, "ctx"); - mem_ctx = talloc_init(NULL); + mem_ctx = talloc_new(mprMemCtx()); if (argc == 0) { userman_domain = cli_credentials_get_domain(ctx->cred); @@ -122,6 +212,7 @@ static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv) mprSetPtrChild(obj, "domain", userman_domain); mprSetStringCFunction(obj, "Create", ejs_net_createuser); + mprSetStringCFunction(obj, "Delete", ejs_net_deleteuser); return 0; done: @@ -140,22 +231,22 @@ static int ejs_net_createuser(MprVarHandle eid, int argc, char **argv) if (argc != 1) { ejsSetErrorMsg(eid, "argument 1 must be a string"); - goto done; + return -1; } ctx = mprGetThisPtr(eid, "ctx"); if (!ctx) { ejsSetErrorMsg(eid, "ctx property returns null pointer"); - goto done; + return -1; } userman_domain = mprGetThisPtr(eid, "domain"); if (!userman_domain) { ejsSetErrorMsg(eid, "domain property returns null pointer"); - goto done; + return -1; } - mem_ctx = talloc_init(NULL); + mem_ctx = talloc_new(mprMemCtx()); req.in.domain_name = userman_domain; req.in.user_name = argv[0]; @@ -168,10 +259,46 @@ static int ejs_net_createuser(MprVarHandle eid, int argc, char **argv) talloc_free(mem_ctx); mpr_Return(eid, mprNTSTATUS(status)); return 0; +} + +static int ejs_net_deleteuser(MprVarHandle eid, int argc, char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + TALLOC_CTX *mem_ctx; + struct libnet_context *ctx; + const char *userman_domain = NULL; + struct libnet_DeleteUser req; + + if (argc != 1) { + ejsSetErrorMsg(eid, "argument 1 must be a string"); + return -1; + } + + ctx = mprGetThisPtr(eid, "ctx"); + if (!ctx) { + ejsSetErrorMsg(eid, "ctx property returns null pointer"); + return -1; + } + + userman_domain = mprGetThisPtr(eid, "domain"); + if (!userman_domain) { + ejsSetErrorMsg(eid, "domain property returns null pointer"); + return -1; + } + + mem_ctx = talloc_new(mprMemCtx()); + + req.in.domain_name = userman_domain; + req.in.user_name = argv[0]; + + status = libnet_DeleteUser(ctx, mem_ctx, &req); + if (!NT_STATUS_IS_OK(status)) { + ejsSetErrorMsg(eid, "error when creating user: %s", nt_errstr(status)); + } -done: talloc_free(mem_ctx); - return -1; + mpr_Return(eid, mprNTSTATUS(status)); + return 0; } diff --git a/source/scripting/ejs/ejsnet.h b/source/scripting/ejs/ejsnet.h index 50978c648d3..7d4bc32753b 100644 --- a/source/scripting/ejs/ejsnet.h +++ b/source/scripting/ejs/ejsnet.h @@ -24,5 +24,3 @@ void ejsnet_setup(void); -static int ejs_net_userman(MprVarHandle, int, struct MprVar**); -static int ejs_net_createuser(MprVarHandle, int, char**); diff --git a/source/scripting/ejs/smbcalls_creds.c b/source/scripting/ejs/smbcalls_creds.c index bec70bc6f2a..4b0312bf837 100644 --- a/source/scripting/ejs/smbcalls_creds.c +++ b/source/scripting/ejs/smbcalls_creds.c @@ -181,6 +181,25 @@ static int ejs_creds_get_workstation(MprVarHandle eid, int argc, struct MprVar * return 0; } +/* + set machine account +*/ +static int ejs_creds_set_machine_account(MprVarHandle eid, int argc, char **argv) +{ + struct cli_credentials *creds = ejs_creds_get_credentials(eid); + if (argc != 0) { + ejsSetErrorMsg(eid, "bad arguments to set_machine_account"); + return -1; + } + + if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds))) { + mpr_Return(eid, mprCreateBoolVar(True)); + } else { + mpr_Return(eid, mprCreateBoolVar(False)); + } + return 0; +} + /* initialise credentials ejs object @@ -200,6 +219,7 @@ static int ejs_credentials_obj(struct MprVar *obj, struct cli_credentials *creds mprSetStringCFunction(obj, "set_realm", ejs_creds_set_realm); mprSetCFunction(obj, "get_workstation", ejs_creds_get_workstation); mprSetStringCFunction(obj, "set_workstation", ejs_creds_set_workstation); + mprSetCFunction(obj, "set_machine_account", ejs_creds_set_machine_account); return 0; } @@ -228,6 +248,8 @@ static int ejs_credentials_init(MprVarHandle eid, int argc, struct MprVar **argv return -1; } + cli_credentials_set_conf(creds); + return ejs_credentials_obj(obj, creds); } diff --git a/source/scripting/libjs/provision.js b/source/scripting/libjs/provision.js index 8b1d93c0567..60f267f8d5d 100644 --- a/source/scripting/libjs/provision.js +++ b/source/scripting/libjs/provision.js @@ -327,6 +327,7 @@ function provision(subobj, message, blank, paths, session_info, credentials) message("Setting up sam.ldb users and groups\n"); setup_ldb("provision_users.ldif", info, paths.samdb, data, false); } + return true; } /* @@ -516,5 +517,30 @@ function provision_validate(subobj, message) return true; } +function join_domain(domain, netbios_name, join_type, creds, writefln) +{ + ctx = NetContext(creds); + join = new Object(); + join.domain = domain; + join.join_type = join_type; + join.netbios_name = netbios_name; + if (!ctx.JoinDomain(join)) { + writefln("Domain Join failed: " + join.error_string); + return false; + } + return true; +} + +function vampire(machine_creds, writefln) +{ + var ctx = NetContext(); + vampire = new Object(); + vampire.machine_creds = machine_creds; + if (!ctx.SamSyncLdb(vampire)) { + writefln("Migration of remote domain to Samba failed: " + vampire.error_string); + return false; + } + return true; +} return 0; diff --git a/source/utils/net/net_user.c b/source/utils/net/net_user.c index 82ee2085342..ecc1834fcf4 100644 --- a/source/utils/net/net_user.c +++ b/source/utils/net/net_user.c @@ -64,9 +64,51 @@ static int net_user_add(struct net_context *ctx, int argc, const char **argv) return 0; } +static int net_user_delete(struct net_context *ctx, int argc, const char **argv) +{ + NTSTATUS status; + struct libnet_context *lnet_ctx; + struct libnet_DeleteUser r; + char *user_name; + + /* command line argument preparation */ + switch (argc) { + case 0: + return net_user_usage(ctx, argc, argv); + break; + case 1: + user_name = talloc_strdup(ctx->mem_ctx, argv[0]); + break; + default: + return net_user_usage(ctx, argc, argv); + } + + /* libnet context init and its params */ + lnet_ctx = libnet_context_init(NULL); + if (!lnet_ctx) return -1; + + lnet_ctx->cred = ctx->credentials; + + /* calling DeleteUser function */ + r.level = LIBNET_DELETE_USER_GENERIC; + r.in.user_name = user_name; + r.in.domain_name = cli_credentials_get_domain(lnet_ctx->cred); + + status = libnet_DeleteUser(lnet_ctx, ctx->mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to delete user account: %s\n", + r.out.error_string)); + return -1; + } + + talloc_free(lnet_ctx); + return 0; +} + static const struct net_functable net_user_functable[] = { { "add", "create new user account\n", net_user_add, net_user_usage }, + { "delete", "delete an existing user account\n", net_user_delete, net_user_usage }, { NULL, NULL } }; diff --git a/swat/install/vampire.esp b/swat/install/vampire.esp new file mode 100644 index 00000000000..bd96f919621 --- /dev/null +++ b/swat/install/vampire.esp @@ -0,0 +1,91 @@ +<% page_header("columns", "Windows to Samba Migration", "install"); + + include("/scripting/forms.js"); + libinclude("base.js"); + libinclude("provision.js"); + + var misc = misc_init(); +%> + +

Windows to Samba4 domain migration

+ +<% +var f = FormObj("Provisioning", 0, 2); +var i; +var lp = loadparm_init(); + +if (lp.get("realm") == "") { + lp.set("realm", lp.get("workgroup") + ".example.com"); +} + + +var subobj = provision_guess(); +/* Don't supply default password for web interface */ +subobj.ADMINPASS = ""; + +f.add("REALM", "Realm"); +f.add("DOMAIN", "Domain Name"); +f.add("ADMIN", "Administrator Username"); +f.add("ADMINPASS", "Administrator Password", "password"); +f.add("HOSTNAME", "My Hostname"); +f.add("HOSTGUID", "Host GUID"); +f.add("HOSTIP", "Host IP"); +f.add("DEFAULTSITE", "Default Site"); +f.submit[0] = "Migrate"; +f.submit[1] = "Cancel"; + +if (form['submit'] == "Cancel") { + redirect("/"); +} + +if (form['submit'] == "Migrate") { + for (r in form) { + subobj[r] = form[r]; + } +} + +for (i=0;iWe need the administrator password for the " + subobj.DOMAIN + " domain to proceed. Please try again."); + f.display(); + } else if (!provision_validate(subobj, writefln)) { + f.display(); + } else { + var creds = credentials_init(); + creds.set_username(form.ADMIN); + creds.set_password(form.ADMINPASS); + creds.set_domain(form.DOMAIN); + creds.set_realm(form.REALM); + + /* Setup a basic database structure, but don't setup any users */ + if (!provision(subobj, writefln, true, provision_default_paths(subobj), + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("Provision failed!"); + + /* Join domain */ + } else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) { + writefln("Domain Join failed!"); + + } else { + /* Vampire */ + var machine_creds = credentials_init(); + machine_creds.set_domain(form.DOMAIN); + if (!machine_creds.set_machine_account()) { + writefln("Failed to access newly setup domain join!"); + } else if (!vampire(machine_creds, writefln)) { + writefln("Failed to syncronsise remote domain into local database!"); + } + } + } +} else { + f.display(); +} +%> + + +<% page_footer(); %> diff --git a/swat/menu.js b/swat/menu.js index e28160e16f8..07acd300cbc 100644 --- a/swat/menu.js +++ b/swat/menu.js @@ -40,7 +40,8 @@ swat_menus.install = simple_menu( "Installation", "Provisioning", session_uri("/install/provision.esp"), "New User", session_uri("/install/newuser.esp"), - "Import from Samba3", session_uri("/install/samba3.esp")); + "Import from Samba3", session_uri("/install/samba3.esp"), + "Import from Windows", session_uri("/install/vampire.esp")); swat_menus.nbt_server = simple_menu( diff --git a/testprogs/ejs/ejsnet.js b/testprogs/ejs/ejsnet.js index 537312766a7..f1d84ffde05 100755 --- a/testprogs/ejs/ejsnet.js +++ b/testprogs/ejs/ejsnet.js @@ -1,15 +1,38 @@ #!/usr/bin/env smbscript -var ctx = NetContext("Administrator", "admin"); -var usr_ctx = ctx.UserMgr("BUILTIN"); +var options = GetOptions(ARGV, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_CREDENTIALS"); +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +if (options.ARGV.length != 2) { + println("Usage: ejsnet.js "); + return -1; +} + +/* use command line creds if available */ +var creds = options.get_credentials(); + +var ctx = NetContext(creds); +var usr_ctx = ctx.UserMgr(options.ARGV[0]); if (usr_ctx == undefined) { - print("Couln't get user management context.\n"); + println("Couln't get user management context."); return -1; } -var status = usr_ctx.Create("noname"); +var status = usr_ctx.Create(options.ARGV[1]); if (status.is_ok != true) { - print("Failed to create user account: " + status.errstr + "\n"); + println("Failed to create user account " + options.ARGV[1] + ": " + status.errstr); + return -1; +} + +var status = usr_ctx.Delete(options.ARGV[1]); +if (status.is_ok != true) { + println("Failed to delete user account " + options.ARGV[1] + ": " + status.errstr); return -1; }