function run_msktutils() { $unix = new unix(); $sock = new sockets(); if (is_file("/usr/sbin/msktutil")) { @chmod("/usr/sbin/msktutil", 0755); } $msktutil = $unix->find_program("msktutil"); $function = __FUNCTION__; if (!is_file($msktutil)) { if (is_file("/home/artica/mskutils.tar.gz.old")) { progress_logs(20, "{join_activedirectory_domain}", "{$function}, uncompress /home/artica/mskutils.tar.gz.old"); shell_exec("tar xf /home/artica/mskutils.tar.gz.old -C /"); } } $msktutil = $unix->find_program("msktutil"); if (!is_file($msktutil)) { progress_logs(20, "{join_activedirectory_domain}", "{$function}, msktutil not installed, you should use it.."); return; } $array = unserialize(base64_decode($sock->GET_INFO("KerbAuthInfos"))); if (!isset($array["COMPUTER_BRANCH"])) { $array["COMPUTER_BRANCH"] = "CN=Computers"; } $myFullHostname = $unix->hostname_g(); $myNetBiosName = $unix->hostname_simple(); $ipaddr = trim($array["ADNETIPADDR"]); $hostname = strtolower(trim($array["WINDOWS_SERVER_NETBIOSNAME"])) . "." . strtolower(trim($array["WINDOWS_DNS_SUFFIX"])); if (!isset($array["WINDOWS_SERVER_TYPE"])) { $array["WINDOWS_SERVER_TYPE"] = "WIN_2003"; } progress_logs(20, "{join_activedirectory_domain}", "{$function}, computers branch `{$array["COMPUTER_BRANCH"]}`"); progress_logs(20, "{join_activedirectory_domain}", "{$function}, my full hostname `{$myFullHostname}`"); progress_logs(20, "{join_activedirectory_domain}", "{$function}, my netbios name `{$myNetBiosName}`"); progress_logs(20, "{join_activedirectory_domain}", "{$function}, Active Directory hostname `{$hostname}` ({$ipaddr})"); $kdestroy = $unix->find_program("kdestroy"); $domain_controller = $hostname; if ($ipaddr != null) { $domain_controller = $ipaddr; } $enctypes = null; if ($array["WINDOWS_SERVER_TYPE"] == "WIN_2008AES") { $enctypes = " --enctypes 28"; } $msktutil_version = msktutil_version(); progress_logs(20, "{join_activedirectory_domain}", "{$function}, msktutil version 0.{$msktutil_version}"); $f[] = "{$msktutil} -c -b \"{$array["COMPUTER_BRANCH"]}\""; $f[] = "-s HTTP/{$myFullHostname} -h {$myFullHostname} -k /etc/krb5.keytab"; $f[] = "--computer-name {$myNetBiosName} --upn HTTP/{$myFullHostname} --server {$domain_controller} {$enctypes}"; $f[] = "--verbose"; if ($msktutil_version == 4) { //$f[]="--user-creds-only"; } $cmdline = @implode(" ", $f); progress_logs(20, "{join_activedirectory_domain}", "{$function},`{$cmdline}`"); exec("{$cmdline} 2>&1", $results); while (list($num, $a) = each($results)) { if (trim($a) == null) { continue; } progress_logs(20, "{join_activedirectory_domain}", "{$function}, {$a} Line:" . __LINE__ . ""); } if ($msktutil_version == 4) { $cmdline = "{$msktutil} --auto-update --verbose --computer-name {$myNetBiosName} --server {$domain_controller}"; exec("{$cmdline} 2>&1", $results); while (list($num, $a) = each($results)) { if (trim($a) == null) { continue; } progress_logs(20, "{join_activedirectory_domain}", "{$function}, {$a} Line:" . __LINE__ . ""); } } }
function run_msktutils() { $unix = new unix(); $sock = new sockets(); if (is_file("/usr/sbin/msktutil")) { @chmod("/usr/sbin/msktutil", 0755); } $msktutil = $unix->find_program("msktutil"); $function = __FUNCTION__; $klist = $unix->find_program("klist"); if (!is_file($msktutil)) { if (is_file("/home/artica/mskutils.tar.gz.old")) { progress_logs(20, "{join_activedirectory_domain}", "{$function}, uncompress /home/artica/mskutils.tar.gz.old"); shell_exec("tar xf /home/artica/mskutils.tar.gz.old -C /"); } } $msktutil = $unix->find_program("msktutil"); if (!is_file($msktutil)) { progress_logs(20, "{join_activedirectory_domain}", "{$function}, msktutil not installed, you should use it.."); return; } $array = unserialize(base64_decode($sock->GET_INFO("KerbAuthInfos"))); if (!isset($array["COMPUTER_BRANCH"])) { $array["COMPUTER_BRANCH"] = "CN=Computers"; } $myFullHostname = $unix->hostname_g(); $myNetBiosName = $unix->hostname_simple(); $ActiveDirectorySquidHTTPHostname = $sock->GET_INFO("ActiveDirectorySquidHTTPHostname"); $ipaddr = trim($array["ADNETIPADDR"]); $hostname = strtolower(trim($array["WINDOWS_SERVER_NETBIOSNAME"])) . "." . strtolower(trim($array["WINDOWS_DNS_SUFFIX"])); if (!isset($array["WINDOWS_SERVER_TYPE"])) { $array["WINDOWS_SERVER_TYPE"] = "WIN_2003"; } progress_logs(20, "{join_activedirectory_domain}", "{$function}, computers branch `{$array["COMPUTER_BRANCH"]}`"); progress_logs(20, "{join_activedirectory_domain}", "{$function}, my full hostname `{$myFullHostname}`"); progress_logs(20, "{join_activedirectory_domain}", "{$function}, my netbios name `{$myNetBiosName}`"); progress_logs(20, "{join_activedirectory_domain}", "{$function}, Active Directory hostname `{$hostname}` ({$ipaddr})"); $kdestroy = $unix->find_program("kdestroy"); $domain_controller = $hostname; $enctypes = null; if ($array["WINDOWS_SERVER_TYPE"] == "WIN_2008AES") { $enctypes = " --enctypes 28"; } $msktutil_version = msktutil_version(); progress_logs(20, "{join_activedirectory_domain}", "{$function}, msktutil version 0.{$msktutil_version}"); // msktutil -c -b "CN=COMPUTERS" //-s HTTP/squid.demo.local //-k /etc/squid3/PROXY.keytab //--computer-name squid-http --upn HTTP/squid.demo.local --server dc2008demo.demo.local --verbose --enctypes 28 $myNetBiosName = strtolower($myNetBiosName); $myFullHostname = strtolower($myFullHostname); if ($ActiveDirectorySquidHTTPHostname != null) { $myFullHostname = strtolower($ActiveDirectorySquidHTTPHostname); } $f[] = "{$msktutil} -c -b \"{$array["COMPUTER_BRANCH"]}\""; $f[] = "-s HTTP/{$myFullHostname}"; $f[] = "-k /etc/squid3/PROXY.keytab"; $f[] = "--computer-name {$myNetBiosName}-k"; $f[] = "--upn HTTP/{$myFullHostname}"; $f[] = "--server {$domain_controller}"; $f[] = "--verbose"; $f[] = "{$enctypes}"; $IpClass = new IP(); echo "{$domain_controller} as IP address {$ipaddr}\n"; if ($IpClass->isValid($ipaddr)) { echo "{$domain_controller} as IP address {$ipaddr} -> /etc/hosts\n"; $unix->create_EtcHosts($domain_controller, $ipaddr); } $MSKTUTIL_SUCCESS = true; $cmdline = @implode(" ", $f); progress_logs(20, "{join_activedirectory_domain}", "{$function},`{$cmdline}`"); exec("{$cmdline} 2>&1", $results); while (list($num, $a) = each($results)) { if (trim($a) == null) { continue; } progress_logs(20, "{join_activedirectory_domain}", "{$function}, {$a} Line:" . __LINE__ . ""); if (preg_match("#Is your kerberos ticket expired#i", $a)) { progress_logs(20, "{join_activedirectory_domain} kerberos failed", "{$function},`{$cmdline}`"); echo "###################################################################\n"; echo "######################### MKTUTILS FAILED #########################\n"; echo "###################################################################\n"; $MSKTUTIL_SUCCESS = false; break; } } if (!$MSKTUTIL_SUCCESS) { $net = $unix->find_program("net"); echo "###################################################################\n"; echo "######################### ALTERNATIVE KEYTAB ######################\n"; echo "###################################################################\n"; $f = array(); $f[] = "#!/bin/sh"; $f[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin"; $f[] = "export KRB5_KTNAME=FILE:/etc/squid3/PROXY.keytab"; $f[] = "{$net} ads keytab CREATE"; $f[] = "{$net} ads keytab ADD HTTP"; $f[] = "unset KRB5_KTNAME\n"; @file_put_contents("/tmp/netads.sh", @implode("\n", $f)); @chmod("/tmp/netads.sh", 0755); system("/tmp/netads.sh"); @unlink("/tmp/netads.sh"); } exec("{$klist} -k /etc/squid3/PROXY.keytab -t 2>&1", $klist_results); @chmod("/etc/squid3/PROXY.keytab", 0755); @chown("/etc/squid3/PROXY.keytab", "squid"); @chgrp("/etc/squid3/PROXY.keytab", "squid"); $SUCCESS = false; while (list($num, $a) = each($klist_results)) { if (preg_match("#{$myNetBiosName}-k#", $a)) { echo "{$a} [SUCCESS]\n"; $SUCCESS = true; } } $cmdline = "{$msktutil} --auto-update --verbose --computer-name {$myNetBiosName}-k --server {$domain_controller}"; $CRON[] = "#!/bin/sh"; $CRON[] = "exec {$cmdline}"; $CRON[] = ""; @file_put_contents("/etc/cron.daily/msktutil", @implode("\n", $CRON)); chmod("/etc/cron.daily/msktutil", 0755); chown("/etc/cron.daily/msktutil", "root"); if ($SUCCESS) { if ($msktutil_version == 4) { exec("{$cmdline} 2>&1", $results); while (list($num, $a) = each($results)) { if (trim($a) == null) { continue; } progress_logs(20, "{join_activedirectory_domain}", "{$function}, {$a} Line:" . __LINE__ . ""); } } } return true; }
function run_msktutils() { kinit(); $unix = new unix(); $sock = new sockets(); if (is_file("/usr/sbin/msktutil")) { @chmod("/usr/sbin/msktutil", 0755); } $msktutil = $unix->find_program("msktutil"); $function = __FUNCTION__; if (!is_file($msktutil)) { if (is_file("/home/artica/mskutils.tar.gz.old")) { echo "Starting......: " . date("H:i:s") . " {$function}, uncompress /home/artica/mskutils.tar.gz.old\n"; shell_exec("tar xf /home/artica/mskutils.tar.gz.old -C /"); } } $msktutil = $unix->find_program("msktutil"); if (!is_file($msktutil)) { echo "Starting......: " . date("H:i:s") . " {$function}, msktutil not installed, you should use it..\n"; return; } $array = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos"))); $domainUp = strtoupper($array["ADDOMAIN"]); $domain_lower = strtolower($array["ADDOMAIN"]); $adminpassword = $array["PASSWORD"]; $adminpassword = $unix->shellEscapeChars($adminpassword); $adminname = $array["ADADMIN"]; $ad_server = $array["ADSERVER"]; $workgroup = $array["WORKGROUP"]; $ipaddr = trim($array["ADSERVER_IP"]); if (!isset($array["COMPUTER_BRANCH"])) { $array["COMPUTER_BRANCH"] = "CN=Computers"; } $myFullHostname = $unix->hostname_g(); $myNetBiosName = $unix->hostname_simple(); $hostname = strtolower(trim($array["ADSERVER"])) . "." . strtolower(trim($array["ADDOMAIN"])); if (!isset($array["WINDOWS_SERVER_TYPE"])) { $array["WINDOWS_SERVER_TYPE"] = "WIN_2003"; } echo "Starting......: " . date("H:i:s") . " {$function}, computers branch `{$array["COMPUTER_BRANCH"]}`\n"; echo "Starting......: " . date("H:i:s") . " {$function}, my full hostname `{$myFullHostname}`\n"; echo "Starting......: " . date("H:i:s") . " {$function}, my netbios name `{$myNetBiosName}`\n"; echo "Starting......: " . date("H:i:s") . " {$function}, Active Directory hostname `{$hostname}` ({$ipaddr})\n"; $kdestroy = $unix->find_program("kdestroy"); $domain_controller = $hostname; if ($ipaddr != null) { $domain_controller = $ipaddr; } $enctypes = null; if ($array["WINDOWS_SERVER_TYPE"] == "WIN_2008AES") { $enctypes = " --enctypes 28"; } $msktutil_version = msktutil_version(); echo "Starting......: " . date("H:i:s") . " {$function}, msktutil version 0.{$msktutil_version}\n"; $f[] = "{$msktutil} -c -b \"{$array["COMPUTER_BRANCH"]}\""; $f[] = "-s HTTP/{$myFullHostname} -h {$myFullHostname} -k /etc/krb5.keytab"; $f[] = "--computer-name {$myNetBiosName} --upn HTTP/{$myFullHostname} --server {$domain_controller} {$enctypes}"; $f[] = "--verbose"; if ($msktutil_version == 4) { //$f[]="--user-creds-only"; } $cmdline = @implode(" ", $f); echo "Starting......: " . date("H:i:s") . " {$function},`{$cmdline}`\n"; exec("{$cmdline} 2>&1", $results); while (list($num, $a) = each($results)) { if (trim($a) == null) { continue; } echo "Starting......: " . date("H:i:s") . " {$function}, {$a} Line:" . __LINE__ . "\n"; } if ($msktutil_version == 4) { $cmdline = "{$msktutil} --auto-update --verbose --computer-name {$myNetBiosName} --server {$domain_controller}"; exec("{$cmdline} 2>&1", $results); while (list($num, $a) = each($results)) { if (trim($a) == null) { continue; } echo "Starting......: " . date("H:i:s") . " {$function}, {$a} Line:" . __LINE__ . "\n"; } } }