function build($nopid = false)
{
if (isset($GLOBALS["BUILD_EXECUTED"])) {
progress_logs(20, "{continue}", "Already executed");
return;
}
$GLOBALS["BUILD_EXECUTED"] = true;
$unix = new unix();
$sock = new sockets();
$function = __FUNCTION__;
$EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
if (!is_numeric($EnableKerbAuth)) {
$EnableKerbAuth = 0;
}
if ($EnableKerbAuth == 0) {
progress_logs(110, "{authentication_via_activedirectory_is_disabled}", "{authentication_via_activedirectory_is_disabled}");
if (is_file("/etc/monit/conf.d/winbindd.monitrc")) {
@unlink("/etc/monit/conf.d/winbindd.monitrc");
}
return;
}
if (!$nopid) {
$timefile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".time";
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$timeExec = intval($unix->PROCCESS_TIME_MIN($pid));
if ($GLOBALS["OUTPUT"]) {
progress_logs(20, "{join_activedirectory_domain}", "Process {$pid} already exists since {$timeExec}Mn");
}
writelogs("Process {$pid} already exists since {$timeExec}Mn", __FUNCTION__, __FILE__, __LINE__);
if ($timeExec > 5) {
$kill = $unix->find_program("kill");
progress_logs(20, "{join_activedirectory_domain}", "killing old pid {$pid} (already exists since {$timeExec}Mn)");
unix_system_kill_force($pid);
} else {
return;
}
}
$time = $unix->file_time_min($timefile);
if ($time < 2) {
if ($GLOBALS["OUTPUT"]) {
progress_logs(20, "{join_activedirectory_domain}", "2mn minimal to run this script currently ({$time}Mn)");
}
writelogs("2mn minimal to run this script currently ({$time}Mn)", __FUNCTION__, __FILE__, __LINE__);
return;
}
}
pinglic(true);
$mypid = getmypid();
@file_put_contents($pidfile, $mypid);
progress_logs(20, "{join_activedirectory_domain} Running PID {$mypid}", "Running PID {$mypid}", __LINE__);
writelogs("Running PID {$mypid}", __FUNCTION__, __FILE__, __LINE__);
$wbinfo = $unix->find_program("wbinfo");
$nohup = $unix->find_program("nohup");
$tar = $unix->find_program("tar");
$ntpdate = $unix->find_program("ntpdate");
$php5 = $unix->LOCATE_PHP5_BIN();
if (!is_file($wbinfo)) {
shell_exec("{$php5} /usr/share/artica-postfix exec.apt-get.php --sources-list");
shell_exec("{$nohup} /usr/share/artica-postfix/bin/setup-ubuntu --check-samba >/dev/null 2>&1 &");
$wbinfo = $unix->find_program("wbinfo");
}
if (!is_file($wbinfo)) {
progress_logs(20, "{join_activedirectory_domain}", "Auth Winbindd, samba is not installed");
progress_logs(100, "{finish}", "Auth Winbindd, samba is not installed");
return;
}
if (!checkParams()) {
progress_logs(20, "{join_activedirectory_domain} {failed}", "Auth Winbindd, misconfiguration failed");
progress_logs(100, "{finish}", "Auth Winbindd, misconfiguration failed");
return;
}
$unix = new unix();
$chmod = $unix->find_program("chmod");
$msktutil = check_msktutil();
$kdb5_util = $unix->find_program("kdb5_util");
$kadmin_bin = $unix->find_program("kadmin");
$netbin = $unix->LOCATE_NET_BIN_PATH();
if (!is_file($msktutil)) {
return;
}
@mkdir("/var/log/samba", 0755, true);
@mkdir("/var/run/samba", 0755, true);
$uname = posix_uname();
$mydomain = $uname["domainname"];
$myFullHostname = $unix->hostname_g();
$myNetBiosName = $unix->hostname_simple();
$enctype = null;
$sock = new sockets();
$array = unserialize(base64_decode($sock->GET_INFO("KerbAuthInfos")));
$hostname = strtolower(trim($array["WINDOWS_SERVER_NETBIOSNAME"])) . "." . strtolower(trim($array["WINDOWS_DNS_SUFFIX"]));
$domainUp = strtoupper($array["WINDOWS_DNS_SUFFIX"]);
$domaindow = strtolower($array["WINDOWS_DNS_SUFFIX"]);
$kinitpassword = $array["WINDOWS_SERVER_PASS"];
$kinitpassword = $unix->shellEscapeChars($kinitpassword);
$ipaddr = trim($array["ADNETIPADDR"]);
$UseADAsNameServer = $sock->GET_INFO("UseADAsNameServer");
if (!is_numeric($UseADAsNameServer)) {
$UseADAsNameServer = 0;
}
if ($UseADAsNameServer == 1) {
if (preg_match("#[0-9\\.]+#", $ipaddr)) {
progress_logs(8, "{apply_settings}", "Patching Resolv.conf");
PatchResolvConf($ipaddr);
}
}
if ($ipaddr != null) {
$ipaddrZ = explode(".", $ipaddr);
while (list($num, $a) = each($ipaddrZ)) {
$ipaddrZ[$num] = intval($a);
}
$ipaddr = @implode(".", $ipaddrZ);
}
progress_logs(9, "{apply_settings} Synchronize time", "Synchronize time" . " in line " . __LINE__);
sync_time();
progress_logs(10, "{apply_settings} Check kerb5", "Check kerb5..in line " . __LINE__);
if (!krb5conf(12)) {
progress_logs(110, "{apply_settings} Check kerb5 {failed}", "Check kerb5..in line " . __LINE__);
return;
}
progress_logs(15, "{apply_settings} Check mskt", "Check msktutils in line " . __LINE__);
if (!run_msktutils()) {
progress_logs(110, "{apply_settings} Check mskt {failed}", "Check mskt..in line " . __LINE__);
return;
}
progress_logs(15, "{apply_settings} netbin", "netbin -> {$netbin} in line " . __LINE__);
if (is_file($netbin)) {
try {
progress_logs(15, "{apply_settings} netbin", "netbin -> SAMBA_PROXY() in line " . __LINE__);
SAMBA_PROXY();
} catch (Exception $e) {
progress_logs(15, "{failed}", "Exception Error: Message: " . $e->getMessage());
}
}
progress_logs(19, "{apply_settings} [kadmin_bin]", $kadmin_bin);
progress_logs(19, "{apply_settings} [netbin]", $netbin);
if (is_file("{$netbin}")) {
progress_logs(20, "{join_activedirectory_domain}", "netbin -> JOIN_ACTIVEDIRECTORY() ");
JOIN_ACTIVEDIRECTORY();
// 29%
}
progress_logs(51, "{restarting_winbind} 1", "winbind_priv();");
winbind_priv(false, 52);
progress_logs(60, "{restarting_winbind} 2", "winbind_priv();");
winbindd_monit();
progress_logs(65, "{restarting_winbind} 3", "winbind_priv();");
$php5 = $unix->LOCATE_PHP5_BIN();
if (!is_file("/etc/init.d/winbind")) {
shell_exec("{$php5} /usr/share/artica-postfix/exec.initslapd.php --winbind");
}
progress_logs(65, "{restarting_winbind}", "winbind_priv();");
system("/etc/init.d/winbind restart --force");
return true;
}
function JOIN_ACTIVEDIRECTORY()
{
$unix = new unix();
$function = __FUNCTION__;
$user = new settings_inc();
$netbin = $unix->LOCATE_NET_BIN_PATH();
if (!is_file($netbin)) {
echo "Starting......: " . date("H:i:s") . " {$function}, net, no such binary\n";
return;
}
if (!$user->SAMBA_INSTALLED) {
echo "Starting......: " . date("H:i:s") . " {$function}, Samba, no such software\n";
return;
}
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
$sock = new sockets();
$array = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
run_msktutils();
$domainUp = strtoupper($array["ADDOMAIN"]);
$domain_lower = strtolower($array["ADDOMAIN"]);
$adminpassword = $array["PASSWORD"];
$adminpassword = $unix->shellEscapeChars($adminpassword);
$adminname = $array["ADADMIN"];
$ad_server = $array["ADSERVER"];
$workgroup = $array["WORKGROUP"];
$ipaddr = trim($array["ADSERVER_IP"]);
if ($GLOBALS["VERBOSE"]) {
echo "{$function}, Using Password: {$adminpassword}";
}
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Trying to relink this server with Active Directory {$ad_server}.{$domain_lower} server", basename(__FILE__));
}
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: Kdc server ads : {$KDC_SERVER}\n";
if ($KDC_SERVER == null) {
$cmd = "{$netbin} ads join -W {$ad_server}.{$domain_lower} -S {$ad_server} -U {$adminname}%{$adminpassword} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
exec("{$cmd}", $results);
while (list($index, $line) = each($results)) {
echo "Starting......: " . date("H:i:s") . " {$function}, ads join [{$adminname}]: {$line}\n";
}
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
}
if ($KDC_SERVER == null) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: unable to join the domain {$domain_lower}\n";
}
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: setauthuser..\n";
$cmd = "{$netbin} setauthuser -U {$adminname}%{$adminpassword}";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
shell_exec($cmd);
if ($ipaddr == null) {
$JOINEDRES = false;
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr)\n";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function},[{$adminname} 0]: {$cmd}\n";
}
$cmd = "{$netbin} join -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
exec($cmd, $A1);
while (list($index, $line) = each($A1)) {
if (preg_match("#Joined#", $line)) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr) success\n";
$JOINEDRES = true;
break;
}
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " Samba, {$line}", basename(__FILE__));
}
}
if (!$JOINEDRES) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join as netrpc.. (without IP addr)\n";
$cmd = "{$netbin} rpc join -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
exec($cmd, $A2);
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
while (list($index, $line) = each($A2)) {
if (preg_match("#Joined#", $line)) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr) success\n";
$JOINEDRES = true;
break;
}
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " Samba, {$line}", basename(__FILE__));
}
}
}
}
if ($ipaddr != null) {
if (!$GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 1]: ads '{$netbin} ads join -I {$ipaddr} -U {$adminname}%**** {$workgroup}'\n";
}
//$cmd="$netbin ads join -S $ad_server.$domain_lower -I $ipaddr -U $adminname%$adminpassword 2>&1";
$cmd = "{$netbin} ads join -I {$ipaddr} -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function},[{$adminname} 1]: {$cmd}\n";
}
exec($cmd, $BIGRES2);
while (list($index, $line) = each($BIGRES2)) {
if (preg_match("#Failed to join#i", $line)) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 1]: ads join failed ({$line}), using pure IP\n";
if (!$GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 1]: '{$netbin} ads join -I {$ipaddr} -U {$adminname}%*** {$workgroup}'\n";
}
$cmd = "{$netbin} ads join -I {$ipaddr} -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
$BIGRESS = array();
$BIGRES1 = array();
exec($cmd, $BIGRES1);
while (list($index, $line) = each($BIGRES1)) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 2] {$line}\n";
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " {$function}, {$line}", basename(__FILE__));
}
}
break;
}
echo "Starting......: " . date("H:i:s") . " Samba,[{$adminname} 1] {$line}\n";
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " {$function}, {$line}", basename(__FILE__));
}
}
/*echo "Starting......: ".date("H:i:s")." Samba, [$adminname]: join with IP Adrr:$ipaddr..\n";
$cmd="$netbin join -U $adminname%$adminpassword -I $ipaddr";
if($GLOBALS["VERBOSE"]){echo "Starting......: ".date("H:i:s")." Samba, $cmd\n";}
shell_exec($cmd);*/
}
if ($KDC_SERVER == null) {
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
}
if ($KDC_SERVER == null) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: unable to join the domain {$domain_lower}\n";
}
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: Kdc server ads : {$KDC_SERVER}\n";
unset($results);
$cmd = "{$netbin} ads keytab create -P -U {$adminname}%{$adminpassword} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " Samba, {$cmd}\n";
}
exec("{$cmd}", $results);
$php5 = $unix->LOCATE_PHP5_BIN();
$unix->THREAD_COMMAND_SET("{$php5} " . dirname(__FILE__) . "/exec.adusers.php --computers");
while (list($index, $line) = each($results)) {
echo "Starting......: " . date("H:i:s") . " Samba,ads keytab: [{$adminname}]: {$line}\n";
}
shell_exec("/etc/init.d/winbind restart");
}