mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r12928: This patch improves the interaction between the vampire and provsion code.
Previously, we had to know (or guess) the host and domain guid at the
provision stage. Now we query the database post-provision, to extract
the values and fill in the zone file.
This allows us to generate a correct zone file in the Windows migration case.
In an effort to make SWAT easier to use, I have removed and renamed
some of the provision options.
I have also fixed a nasty issue in my js code. I had implictly
declared a global variable of the name 'join', with disasterious
results for any subsequent user of the string utility function:
esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0
Backtrace:
[ 0] substitute_var:20 -> list[i] = join("", list2)
[ 1] setup_file:9 -> data = substitute_var(data, subobj)
Andrew Bartlett
(This used to be commit a38ceefd11
)
This commit is contained in:
parent
ae51cc9bec
commit
f3db23ac75
@ -1199,7 +1199,8 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str
|
||||
state->secrets = NULL;
|
||||
state->trusted_domains = NULL;
|
||||
|
||||
state->sam_ldb = samdb_connect(state, system_session(state));
|
||||
state->sam_ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), r->in.session_info,
|
||||
ctx->cred, 0, NULL);
|
||||
|
||||
r2.out.error_string = NULL;
|
||||
r2.in.binding_string = r->in.binding_string;
|
||||
|
@ -75,6 +75,7 @@ struct libnet_samsync_ldb {
|
||||
struct {
|
||||
const char *binding_string;
|
||||
struct cli_credentials *machine_account;
|
||||
struct auth_session_info *session_info;
|
||||
} in;
|
||||
struct {
|
||||
const char *error_string;
|
||||
|
@ -46,7 +46,7 @@ static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv)
|
||||
/* TODO: Need to get the right event context in here */
|
||||
ctx = libnet_context_init(NULL);
|
||||
|
||||
if (argc == 0) {
|
||||
if (argc == 0 || (argc == 1 && argv[0]->type == MPR_TYPE_NULL)) {
|
||||
creds = cli_credentials_init(ctx);
|
||||
if (creds == NULL) {
|
||||
ejsSetErrorMsg(eid, "cli_credential_init() failed");
|
||||
@ -156,14 +156,19 @@ static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv)
|
||||
|
||||
/* prepare parameters for the samsync */
|
||||
samsync->in.machine_account = NULL;
|
||||
samsync->in.session_info = NULL;
|
||||
samsync->in.binding_string = NULL;
|
||||
samsync->out.error_string = NULL;
|
||||
|
||||
if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
|
||||
MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL);
|
||||
MprVar *session_info = mprGetProperty(argv[0], "session_info", NULL);
|
||||
if (credentials) {
|
||||
samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials);
|
||||
}
|
||||
if (session_info) {
|
||||
samsync->in.session_info = talloc_get_type(mprGetPtr(session_info, "session_info"), struct auth_session_info);
|
||||
}
|
||||
}
|
||||
|
||||
/* do the domain samsync */
|
||||
|
@ -302,10 +302,6 @@ function provision(subobj, message, blank, paths, session_info, credentials)
|
||||
}
|
||||
message("Setting up secrets.ldb\n");
|
||||
setup_ldb("secrets.ldif", info, paths.secrets);
|
||||
message("Setting up DNS zone file\n");
|
||||
setup_file("provision.zone",
|
||||
paths.dns,
|
||||
subobj);
|
||||
message("Setting up keytabs\n");
|
||||
var keytab_ok = credentials_update_all_keytabs();
|
||||
assert(keytab_ok);
|
||||
@ -330,6 +326,32 @@ function provision(subobj, message, blank, paths, session_info, credentials)
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Write out a DNS zone file, from the info in the current database */
|
||||
function provision_dns(subobj, message, paths, session_info, credentials)
|
||||
{
|
||||
message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
|
||||
var ldb = ldb_init();
|
||||
ldb.session_info = session_info;
|
||||
ldb.credentials = credentials;
|
||||
|
||||
/* connect to the sam */
|
||||
var ok = ldb.connect(paths.samdb);
|
||||
assert(ok);
|
||||
|
||||
/* These values may have changed, due to an incoming SamSync, so fetch them from the database */
|
||||
subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID");
|
||||
assert(subobj.DOMAINGUID != undefined);
|
||||
|
||||
subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
|
||||
assert(subobj.HOSTGUID != undefined);
|
||||
|
||||
setup_file("provision.zone",
|
||||
paths.dns,
|
||||
subobj);
|
||||
|
||||
message("Please install the zone located in " + paths.dns + " into your DNS server\n");
|
||||
}
|
||||
|
||||
/*
|
||||
guess reasonably default options for provisioning
|
||||
*/
|
||||
@ -517,27 +539,37 @@ function provision_validate(subobj, message)
|
||||
return true;
|
||||
}
|
||||
|
||||
function join_domain(domain, netbios_name, join_type, creds, writefln)
|
||||
function join_domain(domain, netbios_name, join_type, creds, message)
|
||||
{
|
||||
ctx = NetContext(creds);
|
||||
join = new Object();
|
||||
join.domain = domain;
|
||||
join.join_type = join_type;
|
||||
join.netbios_name = netbios_name;
|
||||
if (!ctx.JoinDomain(join)) {
|
||||
writefln("Domain Join failed: " + join.error_string);
|
||||
var ctx = NetContext(creds);
|
||||
var joindom = new Object();
|
||||
joindom.domain = domain;
|
||||
joindom.join_type = join_type;
|
||||
joindom.netbios_name = netbios_name;
|
||||
if (!ctx.JoinDomain(joindom)) {
|
||||
message("Domain Join failed: " + join.error_string);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function vampire(machine_creds, writefln)
|
||||
{
|
||||
var ctx = NetContext();
|
||||
/* Vampire a remote domain. Session info and credentials are required for for
|
||||
* access to our local database (might be remote ldap)
|
||||
*/
|
||||
|
||||
function vampire(domain, session_info, credentials, message) {
|
||||
var ctx = NetContext(credentials);
|
||||
vampire = new Object();
|
||||
var machine_creds = credentials_init();
|
||||
machine_creds.set_domain(form.DOMAIN);
|
||||
if (!machine_creds.set_machine_account()) {
|
||||
message("Failed to access domain join information!");
|
||||
return false;
|
||||
}
|
||||
vampire.machine_creds = machine_creds;
|
||||
vampire.session_info = session_info;
|
||||
if (!ctx.SamSyncLdb(vampire)) {
|
||||
writefln("Migration of remote domain to Samba failed: " + vampire.error_string);
|
||||
message("Migration of remote domain to Samba failed: " + vampire.error_string);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include "utils/net/net.h"
|
||||
#include "libnet/libnet.h"
|
||||
#include "librpc/gen_ndr/ndr_samr.h"
|
||||
#include "auth/auth.h"
|
||||
|
||||
static int net_samdump_keytab_usage(struct net_context *ctx, int argc, const char **argv)
|
||||
{
|
||||
@ -150,7 +151,10 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
|
||||
r.in.machine_account = NULL;
|
||||
r.in.binding_string = NULL;
|
||||
|
||||
status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r);
|
||||
/* Needed to override the ACLs on ldb */
|
||||
r.in.session_info = system_session(libnetctx);
|
||||
|
||||
status = libnet_samsync_ldb(libnetctx, libnetctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("libnet_samsync_ldb returned %s: %s\n",
|
||||
nt_errstr(status),
|
||||
|
@ -21,13 +21,12 @@ var subobj = provision_guess();
|
||||
/* Don't supply default password for web interface */
|
||||
subobj.ADMINPASS = "";
|
||||
|
||||
f.add("REALM", "Realm");
|
||||
f.add("DOMAIN", "Domain Name");
|
||||
f.add("REALM", "DNS Domain Name");
|
||||
f.add("DOMAIN", "NetBIOS Domain Name");
|
||||
f.add("HOSTNAME", "Hostname");
|
||||
f.add("ADMINPASS", "Administrator Password", "password");
|
||||
f.add("CONFIRM", "Confirm Password", "password");
|
||||
f.add("DOMAINSID", "Domain SID");
|
||||
f.add("HOSTGUID", "Host GUID");
|
||||
f.add("HOSTIP", "Host IP");
|
||||
f.add("DEFAULTSITE", "Default Site");
|
||||
f.submit[0] = "Provision";
|
||||
@ -60,8 +59,16 @@ if (form['submit'] == "Provision") {
|
||||
} else if (!provision_validate(subobj, writefln)) {
|
||||
f.display();
|
||||
} else {
|
||||
provision(subobj, writefln, false, provision_default_paths(subobj),
|
||||
session.authinfo.session_info, session.authinfo.credentials);
|
||||
var paths = provision_default_paths(subobj);
|
||||
if (!provision(subobj, writefln, false, paths,
|
||||
session.authinfo.session_info, session.authinfo.credentials)) {
|
||||
writefln("Provision failed!");
|
||||
} else if (!provision_dns(subobj, writefln, paths,
|
||||
session.authinfo.session_info, session.authinfo.credentials)) {
|
||||
writefln("DNS Provision failed!");
|
||||
} else {
|
||||
writefln("Provision Complete!");
|
||||
}
|
||||
}
|
||||
} else {
|
||||
f.display();
|
||||
|
@ -23,13 +23,12 @@ var subobj = provision_guess();
|
||||
/* Don't supply default password for web interface */
|
||||
subobj.ADMINPASS = "";
|
||||
|
||||
f.add("REALM", "Realm");
|
||||
f.add("DOMAIN", "Domain Name");
|
||||
f.add("REALM", "DNS Domain Name");
|
||||
f.add("DOMAIN", "NetBIOS Domain Name");
|
||||
f.add("ADMIN", "Administrator Username");
|
||||
f.add("ADMINPASS", "Administrator Password", "password");
|
||||
f.add("HOSTNAME", "My Hostname");
|
||||
f.add("HOSTGUID", "Host GUID");
|
||||
f.add("HOSTIP", "Host IP");
|
||||
f.add("HOSTIP", "My Host's IP");
|
||||
f.add("DEFAULTSITE", "Default Site");
|
||||
f.submit[0] = "Migrate";
|
||||
f.submit[1] = "Cancel";
|
||||
@ -62,8 +61,10 @@ if (form['submit'] == "Migrate") {
|
||||
creds.set_domain(form.DOMAIN);
|
||||
creds.set_realm(form.REALM);
|
||||
|
||||
var paths = provision_default_paths(subobj);
|
||||
|
||||
/* Setup a basic database structure, but don't setup any users */
|
||||
if (!provision(subobj, writefln, true, provision_default_paths(subobj),
|
||||
if (!provision(subobj, writefln, true, paths,
|
||||
session.authinfo.session_info, session.authinfo.credentials)) {
|
||||
writefln("Provision failed!");
|
||||
|
||||
@ -71,15 +72,15 @@ if (form['submit'] == "Migrate") {
|
||||
} else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) {
|
||||
writefln("Domain Join failed!");
|
||||
|
||||
} else {
|
||||
/* Vampire */
|
||||
var machine_creds = credentials_init();
|
||||
machine_creds.set_domain(form.DOMAIN);
|
||||
if (!machine_creds.set_machine_account()) {
|
||||
writefln("Failed to access newly setup domain join!");
|
||||
} else if (!vampire(machine_creds, writefln)) {
|
||||
} else if (!vampire(form.DOMAIN, session.authinfo.session_info,
|
||||
session.authinfo.credentials, writefln)) {
|
||||
writefln("Failed to syncronsise remote domain into local database!");
|
||||
}
|
||||
} else if (!provision_dns(subobj, writefln, paths,
|
||||
session.authinfo.session_info, session.authinfo.credentials)) {
|
||||
writefln("DNS Provision failed!");
|
||||
} else {
|
||||
writefln("Migration Complete!");
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
Loading…
Reference in New Issue
Block a user