From f3db23ac75578198ee411b21a7ba2ec49dedafab Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 14 Jan 2006 06:17:24 +0000 Subject: [PATCH] r12928: This patch improves the interaction between the vampire and provsion code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1) --- source4/libnet/libnet_samsync_ldb.c | 3 +- source4/libnet/libnet_vampire.h | 1 + source4/scripting/ejs/ejsnet.c | 7 ++- source4/scripting/libjs/provision.js | 64 +++++++++++++++++++++------- source4/utils/net/net_vampire.c | 6 ++- swat/install/provision.esp | 17 +++++--- swat/install/vampire.esp | 29 +++++++------ 7 files changed, 89 insertions(+), 38 deletions(-) diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 5140aa87aeb..4bedbbf119f 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -1199,7 +1199,8 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str state->secrets = NULL; state->trusted_domains = NULL; - state->sam_ldb = samdb_connect(state, system_session(state)); + state->sam_ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), r->in.session_info, + ctx->cred, 0, NULL); r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h index 5fd65047374..fcd93c3654f 100644 --- a/source4/libnet/libnet_vampire.h +++ b/source4/libnet/libnet_vampire.h @@ -75,6 +75,7 @@ struct libnet_samsync_ldb { struct { const char *binding_string; struct cli_credentials *machine_account; + struct auth_session_info *session_info; } in; struct { const char *error_string; diff --git a/source4/scripting/ejs/ejsnet.c b/source4/scripting/ejs/ejsnet.c index e129ba68670..89620252590 100644 --- a/source4/scripting/ejs/ejsnet.c +++ b/source4/scripting/ejs/ejsnet.c @@ -46,7 +46,7 @@ static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv) /* TODO: Need to get the right event context in here */ ctx = libnet_context_init(NULL); - if (argc == 0) { + if (argc == 0 || (argc == 1 && argv[0]->type == MPR_TYPE_NULL)) { creds = cli_credentials_init(ctx); if (creds == NULL) { ejsSetErrorMsg(eid, "cli_credential_init() failed"); @@ -156,14 +156,19 @@ static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv) /* prepare parameters for the samsync */ samsync->in.machine_account = NULL; + samsync->in.session_info = NULL; samsync->in.binding_string = NULL; samsync->out.error_string = NULL; if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) { MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL); + MprVar *session_info = mprGetProperty(argv[0], "session_info", NULL); if (credentials) { samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials); } + if (session_info) { + samsync->in.session_info = talloc_get_type(mprGetPtr(session_info, "session_info"), struct auth_session_info); + } } /* do the domain samsync */ diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 60f267f8d5d..2b04aa67914 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -302,10 +302,6 @@ function provision(subobj, message, blank, paths, session_info, credentials) } message("Setting up secrets.ldb\n"); setup_ldb("secrets.ldif", info, paths.secrets); - message("Setting up DNS zone file\n"); - setup_file("provision.zone", - paths.dns, - subobj); message("Setting up keytabs\n"); var keytab_ok = credentials_update_all_keytabs(); assert(keytab_ok); @@ -330,6 +326,32 @@ function provision(subobj, message, blank, paths, session_info, credentials) return true; } +/* Write out a DNS zone file, from the info in the current database */ +function provision_dns(subobj, message, paths, session_info, credentials) +{ + message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n"); + var ldb = ldb_init(); + ldb.session_info = session_info; + ldb.credentials = credentials; + + /* connect to the sam */ + var ok = ldb.connect(paths.samdb); + assert(ok); + + /* These values may have changed, due to an incoming SamSync, so fetch them from the database */ + subobj.DOMAINGUID = searchone(ldb, "(&(objectClass=domainDNS)(dnsDomain=" + subobj.DNSDOMAIN + "))", "objectGUID"); + assert(subobj.DOMAINGUID != undefined); + + subobj.HOSTGUID = searchone(ldb, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); + assert(subobj.HOSTGUID != undefined); + + setup_file("provision.zone", + paths.dns, + subobj); + + message("Please install the zone located in " + paths.dns + " into your DNS server\n"); +} + /* guess reasonably default options for provisioning */ @@ -517,27 +539,37 @@ function provision_validate(subobj, message) return true; } -function join_domain(domain, netbios_name, join_type, creds, writefln) +function join_domain(domain, netbios_name, join_type, creds, message) { - ctx = NetContext(creds); - join = new Object(); - join.domain = domain; - join.join_type = join_type; - join.netbios_name = netbios_name; - if (!ctx.JoinDomain(join)) { - writefln("Domain Join failed: " + join.error_string); + var ctx = NetContext(creds); + var joindom = new Object(); + joindom.domain = domain; + joindom.join_type = join_type; + joindom.netbios_name = netbios_name; + if (!ctx.JoinDomain(joindom)) { + message("Domain Join failed: " + join.error_string); return false; } return true; } -function vampire(machine_creds, writefln) -{ - var ctx = NetContext(); +/* Vampire a remote domain. Session info and credentials are required for for + * access to our local database (might be remote ldap) + */ + +function vampire(domain, session_info, credentials, message) { + var ctx = NetContext(credentials); vampire = new Object(); + var machine_creds = credentials_init(); + machine_creds.set_domain(form.DOMAIN); + if (!machine_creds.set_machine_account()) { + message("Failed to access domain join information!"); + return false; + } vampire.machine_creds = machine_creds; + vampire.session_info = session_info; if (!ctx.SamSyncLdb(vampire)) { - writefln("Migration of remote domain to Samba failed: " + vampire.error_string); + message("Migration of remote domain to Samba failed: " + vampire.error_string); return false; } return true; diff --git a/source4/utils/net/net_vampire.c b/source4/utils/net/net_vampire.c index f89739225d9..00ae647016e 100644 --- a/source4/utils/net/net_vampire.c +++ b/source4/utils/net/net_vampire.c @@ -24,6 +24,7 @@ #include "utils/net/net.h" #include "libnet/libnet.h" #include "librpc/gen_ndr/ndr_samr.h" +#include "auth/auth.h" static int net_samdump_keytab_usage(struct net_context *ctx, int argc, const char **argv) { @@ -150,7 +151,10 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv) r.in.machine_account = NULL; r.in.binding_string = NULL; - status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r); + /* Needed to override the ACLs on ldb */ + r.in.session_info = system_session(libnetctx); + + status = libnet_samsync_ldb(libnetctx, libnetctx, &r); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("libnet_samsync_ldb returned %s: %s\n", nt_errstr(status), diff --git a/swat/install/provision.esp b/swat/install/provision.esp index 7dda74e732a..ee9673d507f 100644 --- a/swat/install/provision.esp +++ b/swat/install/provision.esp @@ -21,13 +21,12 @@ var subobj = provision_guess(); /* Don't supply default password for web interface */ subobj.ADMINPASS = ""; -f.add("REALM", "Realm"); -f.add("DOMAIN", "Domain Name"); +f.add("REALM", "DNS Domain Name"); +f.add("DOMAIN", "NetBIOS Domain Name"); f.add("HOSTNAME", "Hostname"); f.add("ADMINPASS", "Administrator Password", "password"); f.add("CONFIRM", "Confirm Password", "password"); f.add("DOMAINSID", "Domain SID"); -f.add("HOSTGUID", "Host GUID"); f.add("HOSTIP", "Host IP"); f.add("DEFAULTSITE", "Default Site"); f.submit[0] = "Provision"; @@ -60,8 +59,16 @@ if (form['submit'] == "Provision") { } else if (!provision_validate(subobj, writefln)) { f.display(); } else { - provision(subobj, writefln, false, provision_default_paths(subobj), - session.authinfo.session_info, session.authinfo.credentials); + var paths = provision_default_paths(subobj); + if (!provision(subobj, writefln, false, paths, + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("Provision failed!"); + } else if (!provision_dns(subobj, writefln, paths, + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("DNS Provision failed!"); + } else { + writefln("Provision Complete!"); + } } } else { f.display(); diff --git a/swat/install/vampire.esp b/swat/install/vampire.esp index bd96f919621..19f99dce98d 100644 --- a/swat/install/vampire.esp +++ b/swat/install/vampire.esp @@ -23,13 +23,12 @@ var subobj = provision_guess(); /* Don't supply default password for web interface */ subobj.ADMINPASS = ""; -f.add("REALM", "Realm"); -f.add("DOMAIN", "Domain Name"); +f.add("REALM", "DNS Domain Name"); +f.add("DOMAIN", "NetBIOS Domain Name"); f.add("ADMIN", "Administrator Username"); f.add("ADMINPASS", "Administrator Password", "password"); f.add("HOSTNAME", "My Hostname"); -f.add("HOSTGUID", "Host GUID"); -f.add("HOSTIP", "Host IP"); +f.add("HOSTIP", "My Host's IP"); f.add("DEFAULTSITE", "Default Site"); f.submit[0] = "Migrate"; f.submit[1] = "Cancel"; @@ -62,24 +61,26 @@ if (form['submit'] == "Migrate") { creds.set_domain(form.DOMAIN); creds.set_realm(form.REALM); + var paths = provision_default_paths(subobj); + /* Setup a basic database structure, but don't setup any users */ - if (!provision(subobj, writefln, true, provision_default_paths(subobj), - session.authinfo.session_info, session.authinfo.credentials)) { + if (!provision(subobj, writefln, true, paths, + session.authinfo.session_info, session.authinfo.credentials)) { writefln("Provision failed!"); /* Join domain */ } else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) { writefln("Domain Join failed!"); + /* Vampire */ + } else if (!vampire(form.DOMAIN, session.authinfo.session_info, + session.authinfo.credentials, writefln)) { + writefln("Failed to syncronsise remote domain into local database!"); + } else if (!provision_dns(subobj, writefln, paths, + session.authinfo.session_info, session.authinfo.credentials)) { + writefln("DNS Provision failed!"); } else { - /* Vampire */ - var machine_creds = credentials_init(); - machine_creds.set_domain(form.DOMAIN); - if (!machine_creds.set_machine_account()) { - writefln("Failed to access newly setup domain join!"); - } else if (!vampire(machine_creds, writefln)) { - writefln("Failed to syncronsise remote domain into local database!"); - } + writefln("Migration Complete!"); } } } else { -- 2.34.1