1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.

Doing this required reworking ejsnet, particularly so it could take a
set of credentials, not just a username and password argument.

This required fixing the ejsnet.js test script, which now adds and
deletes a user, and is run from 'make test'.  This should prevent it
being broken again.

Deleting a user from ejsnet required that the matching backend be
added to libnet, hooking fortunetly onto already existing code for the
actual deletion.

The js credentials interface now handles the 'set machine account' flag.

New functions have been added to provision.js to wrap the basic
operations (so we can write a command line version, as well as the web
based version).

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2006-01-13 03:39:49 +00:00 committed by Gerald (Jerry) Carter
parent 7b169aad3f
commit a5e7c17c34
12 changed files with 465 additions and 64 deletions

View File

@ -75,3 +75,54 @@ NTSTATUS libnet_CreateUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
return status;
}
NTSTATUS libnet_DeleteUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_DeleteUser *r)
{
NTSTATUS status;
struct libnet_RpcConnect cn;
struct libnet_rpc_domain_open dom_io;
struct libnet_rpc_userdel user_io;
/* connect rpc service of remote DC */
cn.level = LIBNET_RPC_CONNECT_PDC;
cn.in.name = talloc_strdup(mem_ctx, r->in.domain_name);
cn.in.dcerpc_iface = &dcerpc_table_samr;
status = libnet_RpcConnect(ctx, mem_ctx, &cn);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Connection to SAMR pipe domain '%s' PDC failed: %s\n",
r->in.domain_name, nt_errstr(status));
return status;
}
ctx->pipe = cn.out.dcerpc_pipe;
/* open connected domain */
dom_io.in.domain_name = r->in.domain_name;
dom_io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = libnet_rpc_domain_open(ctx->pipe, mem_ctx, &dom_io);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Opening domain to delete user account failed: %s\n",
nt_errstr(status));
return status;
}
ctx->domain_handle = dom_io.out.domain_handle;
/* create user */
user_io.in.username = r->in.user_name;
user_io.in.domain_handle = dom_io.out.domain_handle;
status = libnet_rpc_userdel(ctx->pipe, mem_ctx, &user_io);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Deleting user account failed: %s\n",
nt_errstr(status));
return status;
}
return status;
}

View File

@ -36,3 +36,21 @@ struct libnet_CreateUser {
const char *error_string;
} out;
};
enum libnet_DeleteUser_level {
LIBNET_DELETE_USER_GENERIC,
LIBNET_DELETE_USER_SAMR,
};
struct libnet_DeleteUser {
enum libnet_DeleteUser_level level;
struct {
const char *user_name;
const char *domain_name;
} in;
struct {
const char *error_string;
} out;
};

View File

@ -3,12 +3,12 @@
if [ $# -lt 3 ]; then
cat <<EOF
Usage: test_ejs.sh SERVER USERNAME PASSWORD
Usage: test_ejs.sh DOMAIN USERNAME PASSWORD
EOF
exit 1;
fi
SERVER="$1"
DOMAIN="$1"
USERNAME="$2"
PASSWORD="$3"
@ -24,6 +24,8 @@ for f in samr.js echo.js ldb.js; do
testit "$f" $SCRIPTDIR/$f $CONFIGURATION ncalrpc: -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
done
testit "ejsnet.js" $SCRIPTDIR/ejsnet.js $CONFIGURATION -U$USERNAME%$PASSWORD $DOMAIN ejstestuser || failed=`expr $failed + 1`
testit "winreg" scripting/bin/winreg $CONFIGURATION ncalrpc: 'HKLM' -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
testok $0 $failed

View File

@ -1,4 +1,4 @@
$SRCDIR/script/tests/test_ejs.sh $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_ejs.sh $DOMAIN $USERNAME $PASSWORD || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_ldap.sh $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_nbt.sh $SERVER || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD "" || failed=`expr $failed + $?`

View File

@ -27,69 +27,159 @@
#include "libnet/libnet.h"
static int ejs_net_userman(MprVarHandle, int, struct MprVar**);
static int ejs_net_createuser(MprVarHandle, int, char**);
static int ejs_net_deleteuser(MprVarHandle eid, int argc, char **argv);
static int ejs_net_join_domain(MprVarHandle eid, int argc, struct MprVar **argv);
static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv);
/* Usage:
net = NetContext(credentials);
*/
static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv)
{
struct cli_credentials *creds;
struct libnet_context *ctx;
struct MprVar *obj;
struct MprVar obj;
/* TODO: Need to get the right event context in here */
ctx = libnet_context_init(NULL);
creds = talloc(ctx, struct cli_credentials);
ctx->cred = creds;
ctx->name_res_methods = str_list_copy(ctx, lp_name_resolve_order());
if (argc == 0) {
creds = cli_credentials_init(ctx);
if (creds == NULL) {
ejsSetErrorMsg(eid, "cli_credential_init() failed");
talloc_free(ctx);
return -1;
}
cli_credentials_set_conf(creds);
cli_credentials_set_anonymous(creds);
} else if (argc == 2 || argc == 4 ) {
cli_credentials_set_workstation(creds, lp_netbios_name(), CRED_SPECIFIED);
if (!mprVarIsString(argv[0]->type)) {
ejsSetErrorMsg(eid, "argument 1 must be a string");
goto done;
} else if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
/* get credential values from credentials object */
creds = mprGetPtr(argv[0], "creds");
if (creds == NULL) {
ejsSetErrorMsg(eid, "userAuth requires a 'creds' first parameter");
talloc_free(ctx);
return -1;
}
cli_credentials_set_username(creds, argv[0]->string, CRED_SPECIFIED);
if (!mprVarIsString(argv[1]->type)) {
ejsSetErrorMsg(eid, "argument 2 must be a string");
goto done;
}
cli_credentials_set_password(creds, argv[1]->string, CRED_SPECIFIED);
} else {
ejsSetErrorMsg(eid, "invalid number of arguments");
goto done;
ejsSetErrorMsg(eid, "NetContext invalid arguments, this function requires an object.");
talloc_free(ctx);
return -1;
}
ctx->cred = creds;
if (argc == 4) {
if (!mprVarIsString(argv[2]->type)) {
ejsSetErrorMsg(eid, "argument 3 must be a string");
goto done;
}
cli_credentials_set_domain(creds, argv[2]->string, CRED_SPECIFIED);
if (!mprVarIsString(argv[3]->type)) {
ejsSetErrorMsg(eid, "argument 4 must be a string");
goto done;
}
cli_credentials_set_realm(creds, argv[3]->string, CRED_SPECIFIED);
}
obj = mprInitObject(eid, "NetCtx", argc, argv);
mprSetPtrChild(obj, "ctx", ctx);
mprSetCFunction(obj, "UserMgr", ejs_net_userman);
obj = mprObject("NetCtx");
mprSetPtrChild(&obj, "ctx", ctx);
mprSetCFunction(&obj, "UserMgr", ejs_net_userman);
mprSetCFunction(&obj, "JoinDomain", ejs_net_join_domain);
mprSetCFunction(&obj, "SamSyncLdb", ejs_net_samsync_ldb);
mpr_Return(eid, obj);
return 0;
done:
talloc_free(ctx);
return -1;
}
static int ejs_net_join_domain(MprVarHandle eid, int argc, struct MprVar **argv)
{
TALLOC_CTX *mem_ctx;
struct libnet_context *ctx;
struct libnet_Join *join;
NTSTATUS status;
ctx = mprGetThisPtr(eid, "ctx");
mem_ctx = talloc_new(mprMemCtx());
join = talloc(mem_ctx, struct libnet_Join);
if (!join) {
talloc_free(mem_ctx);
return -1;
}
/* prepare parameters for the join */
join->in.netbios_name = NULL;
join->in.join_type = SEC_CHAN_WKSTA;
join->in.domain_name = cli_credentials_get_domain(ctx->cred);
join->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
join->out.error_string = NULL;
if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
MprVar *netbios_name = mprGetProperty(argv[0], "netbios_name", NULL);
MprVar *domain_name = mprGetProperty(argv[0], "domain_name", NULL);
MprVar *join_type = mprGetProperty(argv[0], "join_type", NULL);
if (netbios_name) {
join->in.netbios_name = mprToString(netbios_name);
}
if (domain_name) {
join->in.domain_name = mprToString(domain_name);
}
if (join_type) {
join->in.join_type = mprToInt(join_type);
}
}
if (!join->in.domain_name) {
ejsSetErrorMsg(eid, "a domain must be specified for to join");
talloc_free(mem_ctx);
return -1;
}
/* do the domain join */
status = libnet_Join(ctx, join, join);
if (!NT_STATUS_IS_OK(status)) {
MprVar error_string = mprString(join->out.error_string);
mprSetPropertyValue(argv[0], "error_string", error_string);
mpr_Return(eid, mprCreateBoolVar(False));
} else {
mpr_Return(eid, mprCreateBoolVar(True));
}
talloc_free(mem_ctx);
return 0;
}
static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv)
{
TALLOC_CTX *mem_ctx;
struct libnet_context *ctx;
struct libnet_samsync_ldb *samsync;
NTSTATUS status;
ctx = mprGetThisPtr(eid, "ctx");
mem_ctx = talloc_new(mprMemCtx());
samsync = talloc(mem_ctx, struct libnet_samsync_ldb);
if (!samsync) {
talloc_free(mem_ctx);
return -1;
}
/* prepare parameters for the samsync */
samsync->in.machine_account = NULL;
samsync->in.binding_string = NULL;
samsync->out.error_string = NULL;
if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL);
if (credentials) {
samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials);
}
}
/* do the domain samsync */
status = libnet_samsync_ldb(ctx, samsync, samsync);
if (!NT_STATUS_IS_OK(status)) {
MprVar error_string = mprString(samsync->out.error_string);
mprSetPropertyValue(argv[0], "error_string", error_string);
mpr_Return(eid, mprCreateBoolVar(False));
} else {
mpr_Return(eid, mprCreateBoolVar(True));
}
talloc_free(mem_ctx);
return 0;
}
static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv)
{
@ -99,7 +189,7 @@ static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv)
struct MprVar *obj = NULL;
ctx = mprGetThisPtr(eid, "ctx");
mem_ctx = talloc_init(NULL);
mem_ctx = talloc_new(mprMemCtx());
if (argc == 0) {
userman_domain = cli_credentials_get_domain(ctx->cred);
@ -122,6 +212,7 @@ static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv)
mprSetPtrChild(obj, "domain", userman_domain);
mprSetStringCFunction(obj, "Create", ejs_net_createuser);
mprSetStringCFunction(obj, "Delete", ejs_net_deleteuser);
return 0;
done:
@ -140,22 +231,22 @@ static int ejs_net_createuser(MprVarHandle eid, int argc, char **argv)
if (argc != 1) {
ejsSetErrorMsg(eid, "argument 1 must be a string");
goto done;
return -1;
}
ctx = mprGetThisPtr(eid, "ctx");
if (!ctx) {
ejsSetErrorMsg(eid, "ctx property returns null pointer");
goto done;
return -1;
}
userman_domain = mprGetThisPtr(eid, "domain");
if (!userman_domain) {
ejsSetErrorMsg(eid, "domain property returns null pointer");
goto done;
return -1;
}
mem_ctx = talloc_init(NULL);
mem_ctx = talloc_new(mprMemCtx());
req.in.domain_name = userman_domain;
req.in.user_name = argv[0];
@ -168,10 +259,46 @@ static int ejs_net_createuser(MprVarHandle eid, int argc, char **argv)
talloc_free(mem_ctx);
mpr_Return(eid, mprNTSTATUS(status));
return 0;
}
static int ejs_net_deleteuser(MprVarHandle eid, int argc, char **argv)
{
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
TALLOC_CTX *mem_ctx;
struct libnet_context *ctx;
const char *userman_domain = NULL;
struct libnet_DeleteUser req;
if (argc != 1) {
ejsSetErrorMsg(eid, "argument 1 must be a string");
return -1;
}
ctx = mprGetThisPtr(eid, "ctx");
if (!ctx) {
ejsSetErrorMsg(eid, "ctx property returns null pointer");
return -1;
}
userman_domain = mprGetThisPtr(eid, "domain");
if (!userman_domain) {
ejsSetErrorMsg(eid, "domain property returns null pointer");
return -1;
}
mem_ctx = talloc_new(mprMemCtx());
req.in.domain_name = userman_domain;
req.in.user_name = argv[0];
status = libnet_DeleteUser(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status)) {
ejsSetErrorMsg(eid, "error when creating user: %s", nt_errstr(status));
}
done:
talloc_free(mem_ctx);
return -1;
mpr_Return(eid, mprNTSTATUS(status));
return 0;
}

View File

@ -24,5 +24,3 @@
void ejsnet_setup(void);
static int ejs_net_userman(MprVarHandle, int, struct MprVar**);
static int ejs_net_createuser(MprVarHandle, int, char**);

View File

@ -181,6 +181,25 @@ static int ejs_creds_get_workstation(MprVarHandle eid, int argc, struct MprVar *
return 0;
}
/*
set machine account
*/
static int ejs_creds_set_machine_account(MprVarHandle eid, int argc, char **argv)
{
struct cli_credentials *creds = ejs_creds_get_credentials(eid);
if (argc != 0) {
ejsSetErrorMsg(eid, "bad arguments to set_machine_account");
return -1;
}
if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds))) {
mpr_Return(eid, mprCreateBoolVar(True));
} else {
mpr_Return(eid, mprCreateBoolVar(False));
}
return 0;
}
/*
initialise credentials ejs object
@ -200,6 +219,7 @@ static int ejs_credentials_obj(struct MprVar *obj, struct cli_credentials *creds
mprSetStringCFunction(obj, "set_realm", ejs_creds_set_realm);
mprSetCFunction(obj, "get_workstation", ejs_creds_get_workstation);
mprSetStringCFunction(obj, "set_workstation", ejs_creds_set_workstation);
mprSetCFunction(obj, "set_machine_account", ejs_creds_set_machine_account);
return 0;
}
@ -228,6 +248,8 @@ static int ejs_credentials_init(MprVarHandle eid, int argc, struct MprVar **argv
return -1;
}
cli_credentials_set_conf(creds);
return ejs_credentials_obj(obj, creds);
}

View File

@ -327,6 +327,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
message("Setting up sam.ldb users and groups\n");
setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
}
return true;
}
/*
@ -516,5 +517,30 @@ function provision_validate(subobj, message)
return true;
}
function join_domain(domain, netbios_name, join_type, creds, writefln)
{
ctx = NetContext(creds);
join = new Object();
join.domain = domain;
join.join_type = join_type;
join.netbios_name = netbios_name;
if (!ctx.JoinDomain(join)) {
writefln("Domain Join failed: " + join.error_string);
return false;
}
return true;
}
function vampire(machine_creds, writefln)
{
var ctx = NetContext();
vampire = new Object();
vampire.machine_creds = machine_creds;
if (!ctx.SamSyncLdb(vampire)) {
writefln("Migration of remote domain to Samba failed: " + vampire.error_string);
return false;
}
return true;
}
return 0;

View File

@ -64,9 +64,51 @@ static int net_user_add(struct net_context *ctx, int argc, const char **argv)
return 0;
}
static int net_user_delete(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *lnet_ctx;
struct libnet_DeleteUser r;
char *user_name;
/* command line argument preparation */
switch (argc) {
case 0:
return net_user_usage(ctx, argc, argv);
break;
case 1:
user_name = talloc_strdup(ctx->mem_ctx, argv[0]);
break;
default:
return net_user_usage(ctx, argc, argv);
}
/* libnet context init and its params */
lnet_ctx = libnet_context_init(NULL);
if (!lnet_ctx) return -1;
lnet_ctx->cred = ctx->credentials;
/* calling DeleteUser function */
r.level = LIBNET_DELETE_USER_GENERIC;
r.in.user_name = user_name;
r.in.domain_name = cli_credentials_get_domain(lnet_ctx->cred);
status = libnet_DeleteUser(lnet_ctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to delete user account: %s\n",
r.out.error_string));
return -1;
}
talloc_free(lnet_ctx);
return 0;
}
static const struct net_functable net_user_functable[] = {
{ "add", "create new user account\n", net_user_add, net_user_usage },
{ "delete", "delete an existing user account\n", net_user_delete, net_user_usage },
{ NULL, NULL }
};

91
swat/install/vampire.esp Normal file
View File

@ -0,0 +1,91 @@
<% page_header("columns", "Windows to Samba Migration", "install");
include("/scripting/forms.js");
libinclude("base.js");
libinclude("provision.js");
var misc = misc_init();
%>
<h1>Windows to Samba4 domain migration</h1>
<%
var f = FormObj("Provisioning", 0, 2);
var i;
var lp = loadparm_init();
if (lp.get("realm") == "") {
lp.set("realm", lp.get("workgroup") + ".example.com");
}
var subobj = provision_guess();
/* Don't supply default password for web interface */
subobj.ADMINPASS = "";
f.add("REALM", "Realm");
f.add("DOMAIN", "Domain Name");
f.add("ADMIN", "Administrator Username");
f.add("ADMINPASS", "Administrator Password", "password");
f.add("HOSTNAME", "My Hostname");
f.add("HOSTGUID", "Host GUID");
f.add("HOSTIP", "Host IP");
f.add("DEFAULTSITE", "Default Site");
f.submit[0] = "Migrate";
f.submit[1] = "Cancel";
if (form['submit'] == "Cancel") {
redirect("/");
}
if (form['submit'] == "Migrate") {
for (r in form) {
subobj[r] = form[r];
}
}
for (i=0;i<f.element.length;i++) {
f.element[i].value = subobj[f.element[i].name];
}
if (form['submit'] == "Migrate") {
lp.set("realm", subobj.REALM);
if (subobj.ADMINPASS == "") {
write("<h3>We need the administrator password for the " + subobj.DOMAIN + " domain to proceed. Please try again.</h3>");
f.display();
} else if (!provision_validate(subobj, writefln)) {
f.display();
} else {
var creds = credentials_init();
creds.set_username(form.ADMIN);
creds.set_password(form.ADMINPASS);
creds.set_domain(form.DOMAIN);
creds.set_realm(form.REALM);
/* Setup a basic database structure, but don't setup any users */
if (!provision(subobj, writefln, true, provision_default_paths(subobj),
session.authinfo.session_info, session.authinfo.credentials)) {
writefln("Provision failed!");
/* Join domain */
} else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) {
writefln("Domain Join failed!");
} else {
/* Vampire */
var machine_creds = credentials_init();
machine_creds.set_domain(form.DOMAIN);
if (!machine_creds.set_machine_account()) {
writefln("Failed to access newly setup domain join!");
} else if (!vampire(machine_creds, writefln)) {
writefln("Failed to syncronsise remote domain into local database!");
}
}
}
} else {
f.display();
}
%>
<% page_footer(); %>

View File

@ -40,7 +40,8 @@ swat_menus.install = simple_menu(
"Installation",
"Provisioning", session_uri("/install/provision.esp"),
"New User", session_uri("/install/newuser.esp"),
"Import from Samba3", session_uri("/install/samba3.esp"));
"Import from Samba3", session_uri("/install/samba3.esp"),
"Import from Windows", session_uri("/install/vampire.esp"));
swat_menus.nbt_server = simple_menu(

View File

@ -1,15 +1,38 @@
#!/usr/bin/env smbscript
var ctx = NetContext("Administrator", "admin");
var usr_ctx = ctx.UserMgr("BUILTIN");
var options = GetOptions(ARGV,
"POPT_AUTOHELP",
"POPT_COMMON_SAMBA",
"POPT_COMMON_CREDENTIALS");
if (options == undefined) {
println("Failed to parse options");
return -1;
}
if (options.ARGV.length != 2) {
println("Usage: ejsnet.js <DOMAIN> <NEW USER NAME>");
return -1;
}
/* use command line creds if available */
var creds = options.get_credentials();
var ctx = NetContext(creds);
var usr_ctx = ctx.UserMgr(options.ARGV[0]);
if (usr_ctx == undefined) {
print("Couln't get user management context.\n");
println("Couln't get user management context.");
return -1;
}
var status = usr_ctx.Create("noname");
var status = usr_ctx.Create(options.ARGV[1]);
if (status.is_ok != true) {
print("Failed to create user account: " + status.errstr + "\n");
println("Failed to create user account " + options.ARGV[1] + ": " + status.errstr);
return -1;
}
var status = usr_ctx.Delete(options.ARGV[1]);
if (status.is_ok != true) {
println("Failed to delete user account " + options.ARGV[1] + ": " + status.errstr);
return -1;
}