return status;
}
+
+NTSTATUS libnet_DeleteUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_DeleteUser *r)
+{
+ NTSTATUS status;
+ struct libnet_RpcConnect cn;
+ struct libnet_rpc_domain_open dom_io;
+ struct libnet_rpc_userdel user_io;
+
+ /* connect rpc service of remote DC */
+ cn.level = LIBNET_RPC_CONNECT_PDC;
+ cn.in.name = talloc_strdup(mem_ctx, r->in.domain_name);
+ cn.in.dcerpc_iface = &dcerpc_table_samr;
+
+ status = libnet_RpcConnect(ctx, mem_ctx, &cn);
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "Connection to SAMR pipe domain '%s' PDC failed: %s\n",
+ r->in.domain_name, nt_errstr(status));
+ return status;
+ }
+
+ ctx->pipe = cn.out.dcerpc_pipe;
+
+ /* open connected domain */
+ dom_io.in.domain_name = r->in.domain_name;
+ dom_io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+ status = libnet_rpc_domain_open(ctx->pipe, mem_ctx, &dom_io);
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "Opening domain to delete user account failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ ctx->domain_handle = dom_io.out.domain_handle;
+
+ /* create user */
+ user_io.in.username = r->in.user_name;
+ user_io.in.domain_handle = dom_io.out.domain_handle;
+
+ status = libnet_rpc_userdel(ctx->pipe, mem_ctx, &user_io);
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "Deleting user account failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ return status;
+}
const char *error_string;
} out;
};
+
+enum libnet_DeleteUser_level {
+ LIBNET_DELETE_USER_GENERIC,
+ LIBNET_DELETE_USER_SAMR,
+};
+
+
+struct libnet_DeleteUser {
+ enum libnet_DeleteUser_level level;
+
+ struct {
+ const char *user_name;
+ const char *domain_name;
+ } in;
+ struct {
+ const char *error_string;
+ } out;
+};
if [ $# -lt 3 ]; then
cat <<EOF
-Usage: test_ejs.sh SERVER USERNAME PASSWORD
+Usage: test_ejs.sh DOMAIN USERNAME PASSWORD
EOF
exit 1;
fi
-SERVER="$1"
+DOMAIN="$1"
USERNAME="$2"
PASSWORD="$3"
testit "$f" $SCRIPTDIR/$f $CONFIGURATION ncalrpc: -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
done
+testit "ejsnet.js" $SCRIPTDIR/ejsnet.js $CONFIGURATION -U$USERNAME%$PASSWORD $DOMAIN ejstestuser || failed=`expr $failed + 1`
+
testit "winreg" scripting/bin/winreg $CONFIGURATION ncalrpc: 'HKLM' -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
testok $0 $failed
- $SRCDIR/script/tests/test_ejs.sh $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
+ $SRCDIR/script/tests/test_ejs.sh $DOMAIN $USERNAME $PASSWORD || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_ldap.sh $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_nbt.sh $SERVER || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD "" || failed=`expr $failed + $?`
#include "libnet/libnet.h"
+static int ejs_net_userman(MprVarHandle, int, struct MprVar**);
+static int ejs_net_createuser(MprVarHandle, int, char**);
+static int ejs_net_deleteuser(MprVarHandle eid, int argc, char **argv);
+static int ejs_net_join_domain(MprVarHandle eid, int argc, struct MprVar **argv);
+static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv);
+
+/* Usage:
+ net = NetContext(credentials);
+*/
+
static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv)
{
struct cli_credentials *creds;
struct libnet_context *ctx;
- struct MprVar *obj;
+ struct MprVar obj;
+ /* TODO: Need to get the right event context in here */
ctx = libnet_context_init(NULL);
- creds = talloc(ctx, struct cli_credentials);
- ctx->cred = creds;
-
- ctx->name_res_methods = str_list_copy(ctx, lp_name_resolve_order());
if (argc == 0) {
+ creds = cli_credentials_init(ctx);
+ if (creds == NULL) {
+ ejsSetErrorMsg(eid, "cli_credential_init() failed");
+ talloc_free(ctx);
+ return -1;
+ }
+ cli_credentials_set_conf(creds);
cli_credentials_set_anonymous(creds);
+ } else if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
+ /* get credential values from credentials object */
+ creds = mprGetPtr(argv[0], "creds");
+ if (creds == NULL) {
+ ejsSetErrorMsg(eid, "userAuth requires a 'creds' first parameter");
+ talloc_free(ctx);
+ return -1;
+ }
+ } else {
+ ejsSetErrorMsg(eid, "NetContext invalid arguments, this function requires an object.");
+ talloc_free(ctx);
+ return -1;
+ }
+ ctx->cred = creds;
- } else if (argc == 2 || argc == 4 ) {
-
- cli_credentials_set_workstation(creds, lp_netbios_name(), CRED_SPECIFIED);
+ obj = mprObject("NetCtx");
+ mprSetPtrChild(&obj, "ctx", ctx);
+
+ mprSetCFunction(&obj, "UserMgr", ejs_net_userman);
+ mprSetCFunction(&obj, "JoinDomain", ejs_net_join_domain);
+ mprSetCFunction(&obj, "SamSyncLdb", ejs_net_samsync_ldb);
+ mpr_Return(eid, obj);
- if (!mprVarIsString(argv[0]->type)) {
- ejsSetErrorMsg(eid, "argument 1 must be a string");
- goto done;
- }
- cli_credentials_set_username(creds, argv[0]->string, CRED_SPECIFIED);
+ return 0;
+}
- if (!mprVarIsString(argv[1]->type)) {
- ejsSetErrorMsg(eid, "argument 2 must be a string");
- goto done;
+static int ejs_net_join_domain(MprVarHandle eid, int argc, struct MprVar **argv)
+{
+ TALLOC_CTX *mem_ctx;
+ struct libnet_context *ctx;
+ struct libnet_Join *join;
+ NTSTATUS status;
+ ctx = mprGetThisPtr(eid, "ctx");
+ mem_ctx = talloc_new(mprMemCtx());
+
+ join = talloc(mem_ctx, struct libnet_Join);
+ if (!join) {
+ talloc_free(mem_ctx);
+ return -1;
+ }
+
+ /* prepare parameters for the join */
+ join->in.netbios_name = NULL;
+ join->in.join_type = SEC_CHAN_WKSTA;
+ join->in.domain_name = cli_credentials_get_domain(ctx->cred);
+ join->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
+ join->out.error_string = NULL;
+
+ if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
+ MprVar *netbios_name = mprGetProperty(argv[0], "netbios_name", NULL);
+ MprVar *domain_name = mprGetProperty(argv[0], "domain_name", NULL);
+ MprVar *join_type = mprGetProperty(argv[0], "join_type", NULL);
+ if (netbios_name) {
+ join->in.netbios_name = mprToString(netbios_name);
+ }
+ if (domain_name) {
+ join->in.domain_name = mprToString(domain_name);
+ }
+ if (join_type) {
+ join->in.join_type = mprToInt(join_type);
}
- cli_credentials_set_password(creds, argv[1]->string, CRED_SPECIFIED);
+ }
- } else {
- ejsSetErrorMsg(eid, "invalid number of arguments");
- goto done;
+ if (!join->in.domain_name) {
+ ejsSetErrorMsg(eid, "a domain must be specified for to join");
+ talloc_free(mem_ctx);
+ return -1;
}
+ /* do the domain join */
+ status = libnet_Join(ctx, join, join);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ MprVar error_string = mprString(join->out.error_string);
- if (argc == 4) {
+ mprSetPropertyValue(argv[0], "error_string", error_string);
+ mpr_Return(eid, mprCreateBoolVar(False));
+ } else {
+ mpr_Return(eid, mprCreateBoolVar(True));
+ }
+ talloc_free(mem_ctx);
+ return 0;
+}
- if (!mprVarIsString(argv[2]->type)) {
- ejsSetErrorMsg(eid, "argument 3 must be a string");
- goto done;
- }
- cli_credentials_set_domain(creds, argv[2]->string, CRED_SPECIFIED);
-
- if (!mprVarIsString(argv[3]->type)) {
- ejsSetErrorMsg(eid, "argument 4 must be a string");
- goto done;
- }
- cli_credentials_set_realm(creds, argv[3]->string, CRED_SPECIFIED);
+static int ejs_net_samsync_ldb(MprVarHandle eid, int argc, struct MprVar **argv)
+{
+ TALLOC_CTX *mem_ctx;
+ struct libnet_context *ctx;
+ struct libnet_samsync_ldb *samsync;
+ NTSTATUS status;
+ ctx = mprGetThisPtr(eid, "ctx");
+ mem_ctx = talloc_new(mprMemCtx());
+
+ samsync = talloc(mem_ctx, struct libnet_samsync_ldb);
+ if (!samsync) {
+ talloc_free(mem_ctx);
+ return -1;
}
- obj = mprInitObject(eid, "NetCtx", argc, argv);
- mprSetPtrChild(obj, "ctx", ctx);
+ /* prepare parameters for the samsync */
+ samsync->in.machine_account = NULL;
+ samsync->in.binding_string = NULL;
+ samsync->out.error_string = NULL;
- mprSetCFunction(obj, "UserMgr", ejs_net_userman);
+ if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
+ MprVar *credentials = mprGetProperty(argv[0], "machine_account", NULL);
+ if (credentials) {
+ samsync->in.machine_account = talloc_get_type(mprGetPtr(credentials, "creds"), struct cli_credentials);
+ }
+ }
+ /* do the domain samsync */
+ status = libnet_samsync_ldb(ctx, samsync, samsync);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ MprVar error_string = mprString(samsync->out.error_string);
+
+ mprSetPropertyValue(argv[0], "error_string", error_string);
+ mpr_Return(eid, mprCreateBoolVar(False));
+ } else {
+ mpr_Return(eid, mprCreateBoolVar(True));
+ }
+ talloc_free(mem_ctx);
return 0;
-done:
- talloc_free(ctx);
- return -1;
}
-
static int ejs_net_userman(MprVarHandle eid, int argc, struct MprVar **argv)
{
TALLOC_CTX *mem_ctx;
struct MprVar *obj = NULL;
ctx = mprGetThisPtr(eid, "ctx");
- mem_ctx = talloc_init(NULL);
+ mem_ctx = talloc_new(mprMemCtx());
if (argc == 0) {
userman_domain = cli_credentials_get_domain(ctx->cred);
mprSetPtrChild(obj, "domain", userman_domain);
mprSetStringCFunction(obj, "Create", ejs_net_createuser);
+ mprSetStringCFunction(obj, "Delete", ejs_net_deleteuser);
return 0;
done:
if (argc != 1) {
ejsSetErrorMsg(eid, "argument 1 must be a string");
- goto done;
+ return -1;
}
ctx = mprGetThisPtr(eid, "ctx");
if (!ctx) {
ejsSetErrorMsg(eid, "ctx property returns null pointer");
- goto done;
+ return -1;
}
userman_domain = mprGetThisPtr(eid, "domain");
if (!userman_domain) {
ejsSetErrorMsg(eid, "domain property returns null pointer");
- goto done;
+ return -1;
}
- mem_ctx = talloc_init(NULL);
+ mem_ctx = talloc_new(mprMemCtx());
req.in.domain_name = userman_domain;
req.in.user_name = argv[0];
talloc_free(mem_ctx);
mpr_Return(eid, mprNTSTATUS(status));
return 0;
+}
+
+static int ejs_net_deleteuser(MprVarHandle eid, int argc, char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ TALLOC_CTX *mem_ctx;
+ struct libnet_context *ctx;
+ const char *userman_domain = NULL;
+ struct libnet_DeleteUser req;
+
+ if (argc != 1) {
+ ejsSetErrorMsg(eid, "argument 1 must be a string");
+ return -1;
+ }
+
+ ctx = mprGetThisPtr(eid, "ctx");
+ if (!ctx) {
+ ejsSetErrorMsg(eid, "ctx property returns null pointer");
+ return -1;
+ }
+
+ userman_domain = mprGetThisPtr(eid, "domain");
+ if (!userman_domain) {
+ ejsSetErrorMsg(eid, "domain property returns null pointer");
+ return -1;
+ }
+
+ mem_ctx = talloc_new(mprMemCtx());
+
+ req.in.domain_name = userman_domain;
+ req.in.user_name = argv[0];
+
+ status = libnet_DeleteUser(ctx, mem_ctx, &req);
+ if (!NT_STATUS_IS_OK(status)) {
+ ejsSetErrorMsg(eid, "error when creating user: %s", nt_errstr(status));
+ }
-done:
talloc_free(mem_ctx);
- return -1;
+ mpr_Return(eid, mprNTSTATUS(status));
+ return 0;
}
void ejsnet_setup(void);
-static int ejs_net_userman(MprVarHandle, int, struct MprVar**);
-static int ejs_net_createuser(MprVarHandle, int, char**);
return 0;
}
+/*
+ set machine account
+*/
+static int ejs_creds_set_machine_account(MprVarHandle eid, int argc, char **argv)
+{
+ struct cli_credentials *creds = ejs_creds_get_credentials(eid);
+ if (argc != 0) {
+ ejsSetErrorMsg(eid, "bad arguments to set_machine_account");
+ return -1;
+ }
+
+ if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds))) {
+ mpr_Return(eid, mprCreateBoolVar(True));
+ } else {
+ mpr_Return(eid, mprCreateBoolVar(False));
+ }
+ return 0;
+}
+
/*
initialise credentials ejs object
mprSetStringCFunction(obj, "set_realm", ejs_creds_set_realm);
mprSetCFunction(obj, "get_workstation", ejs_creds_get_workstation);
mprSetStringCFunction(obj, "set_workstation", ejs_creds_set_workstation);
+ mprSetCFunction(obj, "set_machine_account", ejs_creds_set_machine_account);
return 0;
}
return -1;
}
+ cli_credentials_set_conf(creds);
+
return ejs_credentials_obj(obj, creds);
}
message("Setting up sam.ldb users and groups\n");
setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
}
+ return true;
}
/*
return true;
}
+function join_domain(domain, netbios_name, join_type, creds, writefln)
+{
+ ctx = NetContext(creds);
+ join = new Object();
+ join.domain = domain;
+ join.join_type = join_type;
+ join.netbios_name = netbios_name;
+ if (!ctx.JoinDomain(join)) {
+ writefln("Domain Join failed: " + join.error_string);
+ return false;
+ }
+ return true;
+}
+
+function vampire(machine_creds, writefln)
+{
+ var ctx = NetContext();
+ vampire = new Object();
+ vampire.machine_creds = machine_creds;
+ if (!ctx.SamSyncLdb(vampire)) {
+ writefln("Migration of remote domain to Samba failed: " + vampire.error_string);
+ return false;
+ }
+ return true;
+}
return 0;
return 0;
}
+static int net_user_delete(struct net_context *ctx, int argc, const char **argv)
+{
+ NTSTATUS status;
+ struct libnet_context *lnet_ctx;
+ struct libnet_DeleteUser r;
+ char *user_name;
+
+ /* command line argument preparation */
+ switch (argc) {
+ case 0:
+ return net_user_usage(ctx, argc, argv);
+ break;
+ case 1:
+ user_name = talloc_strdup(ctx->mem_ctx, argv[0]);
+ break;
+ default:
+ return net_user_usage(ctx, argc, argv);
+ }
+
+ /* libnet context init and its params */
+ lnet_ctx = libnet_context_init(NULL);
+ if (!lnet_ctx) return -1;
+
+ lnet_ctx->cred = ctx->credentials;
+
+ /* calling DeleteUser function */
+ r.level = LIBNET_DELETE_USER_GENERIC;
+ r.in.user_name = user_name;
+ r.in.domain_name = cli_credentials_get_domain(lnet_ctx->cred);
+
+ status = libnet_DeleteUser(lnet_ctx, ctx->mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to delete user account: %s\n",
+ r.out.error_string));
+ return -1;
+ }
+
+ talloc_free(lnet_ctx);
+ return 0;
+}
+
static const struct net_functable net_user_functable[] = {
{ "add", "create new user account\n", net_user_add, net_user_usage },
+ { "delete", "delete an existing user account\n", net_user_delete, net_user_usage },
{ NULL, NULL }
};
--- /dev/null
+<% page_header("columns", "Windows to Samba Migration", "install");
+
+ include("/scripting/forms.js");
+ libinclude("base.js");
+ libinclude("provision.js");
+
+ var misc = misc_init();
+%>
+
+<h1>Windows to Samba4 domain migration</h1>
+
+<%
+var f = FormObj("Provisioning", 0, 2);
+var i;
+var lp = loadparm_init();
+
+if (lp.get("realm") == "") {
+ lp.set("realm", lp.get("workgroup") + ".example.com");
+}
+
+
+var subobj = provision_guess();
+/* Don't supply default password for web interface */
+subobj.ADMINPASS = "";
+
+f.add("REALM", "Realm");
+f.add("DOMAIN", "Domain Name");
+f.add("ADMIN", "Administrator Username");
+f.add("ADMINPASS", "Administrator Password", "password");
+f.add("HOSTNAME", "My Hostname");
+f.add("HOSTGUID", "Host GUID");
+f.add("HOSTIP", "Host IP");
+f.add("DEFAULTSITE", "Default Site");
+f.submit[0] = "Migrate";
+f.submit[1] = "Cancel";
+
+if (form['submit'] == "Cancel") {
+ redirect("/");
+}
+
+if (form['submit'] == "Migrate") {
+ for (r in form) {
+ subobj[r] = form[r];
+ }
+}
+
+for (i=0;i<f.element.length;i++) {
+ f.element[i].value = subobj[f.element[i].name];
+}
+
+if (form['submit'] == "Migrate") {
+ lp.set("realm", subobj.REALM);
+ if (subobj.ADMINPASS == "") {
+ write("<h3>We need the administrator password for the " + subobj.DOMAIN + " domain to proceed. Please try again.</h3>");
+ f.display();
+ } else if (!provision_validate(subobj, writefln)) {
+ f.display();
+ } else {
+ var creds = credentials_init();
+ creds.set_username(form.ADMIN);
+ creds.set_password(form.ADMINPASS);
+ creds.set_domain(form.DOMAIN);
+ creds.set_realm(form.REALM);
+
+ /* Setup a basic database structure, but don't setup any users */
+ if (!provision(subobj, writefln, true, provision_default_paths(subobj),
+ session.authinfo.session_info, session.authinfo.credentials)) {
+ writefln("Provision failed!");
+
+ /* Join domain */
+ } else if (!join_domain(form.DOMAIN, form.HOSTNAME, misc.SEC_CHAN_BDC, creds, writefln)) {
+ writefln("Domain Join failed!");
+
+ } else {
+ /* Vampire */
+ var machine_creds = credentials_init();
+ machine_creds.set_domain(form.DOMAIN);
+ if (!machine_creds.set_machine_account()) {
+ writefln("Failed to access newly setup domain join!");
+ } else if (!vampire(machine_creds, writefln)) {
+ writefln("Failed to syncronsise remote domain into local database!");
+ }
+ }
+ }
+} else {
+ f.display();
+}
+%>
+
+
+<% page_footer(); %>
"Installation",
"Provisioning", session_uri("/install/provision.esp"),
"New User", session_uri("/install/newuser.esp"),
- "Import from Samba3", session_uri("/install/samba3.esp"));
+ "Import from Samba3", session_uri("/install/samba3.esp"),
+ "Import from Windows", session_uri("/install/vampire.esp"));
swat_menus.nbt_server = simple_menu(
#!/usr/bin/env smbscript
-var ctx = NetContext("Administrator", "admin");
-var usr_ctx = ctx.UserMgr("BUILTIN");
+var options = GetOptions(ARGV,
+ "POPT_AUTOHELP",
+ "POPT_COMMON_SAMBA",
+ "POPT_COMMON_CREDENTIALS");
+if (options == undefined) {
+ println("Failed to parse options");
+ return -1;
+}
+
+if (options.ARGV.length != 2) {
+ println("Usage: ejsnet.js <DOMAIN> <NEW USER NAME>");
+ return -1;
+}
+
+/* use command line creds if available */
+var creds = options.get_credentials();
+
+var ctx = NetContext(creds);
+var usr_ctx = ctx.UserMgr(options.ARGV[0]);
if (usr_ctx == undefined) {
- print("Couln't get user management context.\n");
+ println("Couln't get user management context.");
+ return -1;
+}
+
+var status = usr_ctx.Create(options.ARGV[1]);
+if (status.is_ok != true) {
+ println("Failed to create user account " + options.ARGV[1] + ": " + status.errstr);
return -1;
}
-var status = usr_ctx.Create("noname");
+var status = usr_ctx.Delete(options.ARGV[1]);
if (status.is_ok != true) {
- print("Failed to create user account: " + status.errstr + "\n");
+ println("Failed to delete user account " + options.ARGV[1] + ": " + status.errstr);
return -1;
}
git.samba.org / idra / samba.git / commitdiff