Beispiel #1
0
function build($nopid = false)
{
    if (isset($GLOBALS["BUILD_EXECUTED"])) {
        progress_logs(20, "{continue}", "Already executed");
        return;
    }
    $GLOBALS["BUILD_EXECUTED"] = true;
    $unix = new unix();
    $sock = new sockets();
    $function = __FUNCTION__;
    $EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
    if (!is_numeric($EnableKerbAuth)) {
        $EnableKerbAuth = 0;
    }
    if ($EnableKerbAuth == 0) {
        progress_logs(110, "{authentication_via_activedirectory_is_disabled}", "{authentication_via_activedirectory_is_disabled}");
        if (is_file("/etc/monit/conf.d/winbindd.monitrc")) {
            @unlink("/etc/monit/conf.d/winbindd.monitrc");
        }
        return;
    }
    if (!$nopid) {
        $timefile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".time";
        $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".pid";
        $pid = $unix->get_pid_from_file($pidfile);
        if ($unix->process_exists($pid, basename(__FILE__))) {
            $timeExec = intval($unix->PROCCESS_TIME_MIN($pid));
            if ($GLOBALS["OUTPUT"]) {
                progress_logs(20, "{join_activedirectory_domain}", "Process {$pid} already exists since {$timeExec}Mn");
            }
            writelogs("Process {$pid} already exists since {$timeExec}Mn", __FUNCTION__, __FILE__, __LINE__);
            if ($timeExec > 5) {
                $kill = $unix->find_program("kill");
                progress_logs(20, "{join_activedirectory_domain}", "killing old pid {$pid} (already exists since {$timeExec}Mn)");
                unix_system_kill_force($pid);
            } else {
                return;
            }
        }
        $time = $unix->file_time_min($timefile);
        if ($time < 2) {
            if ($GLOBALS["OUTPUT"]) {
                progress_logs(20, "{join_activedirectory_domain}", "2mn minimal to run this script currently ({$time}Mn)");
            }
            writelogs("2mn minimal to run this script currently ({$time}Mn)", __FUNCTION__, __FILE__, __LINE__);
            return;
        }
    }
    pinglic(true);
    $mypid = getmypid();
    @file_put_contents($pidfile, $mypid);
    progress_logs(20, "{join_activedirectory_domain} Running PID {$mypid}", "Running PID {$mypid}", __LINE__);
    writelogs("Running PID {$mypid}", __FUNCTION__, __FILE__, __LINE__);
    $wbinfo = $unix->find_program("wbinfo");
    $nohup = $unix->find_program("nohup");
    $tar = $unix->find_program("tar");
    $ntpdate = $unix->find_program("ntpdate");
    $php5 = $unix->LOCATE_PHP5_BIN();
    if (!is_file($wbinfo)) {
        shell_exec("{$php5} /usr/share/artica-postfix exec.apt-get.php --sources-list");
        shell_exec("{$nohup} /usr/share/artica-postfix/bin/setup-ubuntu --check-samba >/dev/null 2>&1 &");
        $wbinfo = $unix->find_program("wbinfo");
    }
    if (!is_file($wbinfo)) {
        progress_logs(20, "{join_activedirectory_domain}", "Auth Winbindd, samba is not installed");
        progress_logs(100, "{finish}", "Auth Winbindd, samba is not installed");
        return;
    }
    if (!checkParams()) {
        progress_logs(20, "{join_activedirectory_domain} {failed}", "Auth Winbindd, misconfiguration failed");
        progress_logs(100, "{finish}", "Auth Winbindd, misconfiguration failed");
        return;
    }
    $unix = new unix();
    $chmod = $unix->find_program("chmod");
    $msktutil = check_msktutil();
    $kdb5_util = $unix->find_program("kdb5_util");
    $kadmin_bin = $unix->find_program("kadmin");
    $netbin = $unix->LOCATE_NET_BIN_PATH();
    if (!is_file($msktutil)) {
        return;
    }
    @mkdir("/var/log/samba", 0755, true);
    @mkdir("/var/run/samba", 0755, true);
    $uname = posix_uname();
    $mydomain = $uname["domainname"];
    $myFullHostname = $unix->hostname_g();
    $myNetBiosName = $unix->hostname_simple();
    $enctype = null;
    $sock = new sockets();
    $array = unserialize(base64_decode($sock->GET_INFO("KerbAuthInfos")));
    $hostname = strtolower(trim($array["WINDOWS_SERVER_NETBIOSNAME"])) . "." . strtolower(trim($array["WINDOWS_DNS_SUFFIX"]));
    $domainUp = strtoupper($array["WINDOWS_DNS_SUFFIX"]);
    $domaindow = strtolower($array["WINDOWS_DNS_SUFFIX"]);
    $kinitpassword = $array["WINDOWS_SERVER_PASS"];
    $kinitpassword = $unix->shellEscapeChars($kinitpassword);
    $ipaddr = trim($array["ADNETIPADDR"]);
    $UseADAsNameServer = $sock->GET_INFO("UseADAsNameServer");
    if (!is_numeric($UseADAsNameServer)) {
        $UseADAsNameServer = 0;
    }
    if ($UseADAsNameServer == 1) {
        if (preg_match("#[0-9\\.]+#", $ipaddr)) {
            progress_logs(8, "{apply_settings}", "Patching Resolv.conf");
            PatchResolvConf($ipaddr);
        }
    }
    if ($ipaddr != null) {
        $ipaddrZ = explode(".", $ipaddr);
        while (list($num, $a) = each($ipaddrZ)) {
            $ipaddrZ[$num] = intval($a);
        }
        $ipaddr = @implode(".", $ipaddrZ);
    }
    progress_logs(9, "{apply_settings} Synchronize time", "Synchronize time" . " in line " . __LINE__);
    sync_time();
    progress_logs(10, "{apply_settings} Check kerb5", "Check kerb5..in line " . __LINE__);
    if (!krb5conf(12)) {
        progress_logs(110, "{apply_settings} Check kerb5 {failed}", "Check kerb5..in line " . __LINE__);
        return;
    }
    progress_logs(15, "{apply_settings} Check mskt", "Check msktutils in line " . __LINE__);
    if (!run_msktutils()) {
        progress_logs(110, "{apply_settings} Check mskt {failed}", "Check mskt..in line " . __LINE__);
        return;
    }
    progress_logs(15, "{apply_settings} netbin", "netbin -> {$netbin} in line " . __LINE__);
    if (is_file($netbin)) {
        try {
            progress_logs(15, "{apply_settings} netbin", "netbin -> SAMBA_PROXY()  in line " . __LINE__);
            SAMBA_PROXY();
        } catch (Exception $e) {
            progress_logs(15, "{failed}", "Exception Error: Message: " . $e->getMessage());
        }
    }
    progress_logs(19, "{apply_settings} [kadmin_bin]", $kadmin_bin);
    progress_logs(19, "{apply_settings} [netbin]", $netbin);
    if (is_file("{$netbin}")) {
        progress_logs(20, "{join_activedirectory_domain}", "netbin -> JOIN_ACTIVEDIRECTORY() ");
        JOIN_ACTIVEDIRECTORY();
        // 29%
    }
    progress_logs(51, "{restarting_winbind} 1", "winbind_priv();");
    winbind_priv(false, 52);
    progress_logs(60, "{restarting_winbind} 2", "winbind_priv();");
    winbindd_monit();
    progress_logs(65, "{restarting_winbind} 3", "winbind_priv();");
    $php5 = $unix->LOCATE_PHP5_BIN();
    if (!is_file("/etc/init.d/winbind")) {
        shell_exec("{$php5} /usr/share/artica-postfix/exec.initslapd.php --winbind");
    }
    progress_logs(65, "{restarting_winbind}", "winbind_priv();");
    system("/etc/init.d/winbind restart --force");
    return true;
}
Beispiel #2
0
function JOIN_ACTIVEDIRECTORY()
{
    $unix = new unix();
    $function = __FUNCTION__;
    $user = new settings_inc();
    $netbin = $unix->LOCATE_NET_BIN_PATH();
    if (!is_file($netbin)) {
        echo "Starting......: " . date("H:i:s") . "  {$function}, net, no such binary\n";
        return;
    }
    if (!$user->SAMBA_INSTALLED) {
        echo "Starting......: " . date("H:i:s") . "  {$function}, Samba, no such software\n";
        return;
    }
    $NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
    $KDC_SERVER = $NetADSINFOS["KDC server"];
    $sock = new sockets();
    $array = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
    run_msktutils();
    $domainUp = strtoupper($array["ADDOMAIN"]);
    $domain_lower = strtolower($array["ADDOMAIN"]);
    $adminpassword = $array["PASSWORD"];
    $adminpassword = $unix->shellEscapeChars($adminpassword);
    $adminname = $array["ADADMIN"];
    $ad_server = $array["ADSERVER"];
    $workgroup = $array["WORKGROUP"];
    $ipaddr = trim($array["ADSERVER_IP"]);
    if ($GLOBALS["VERBOSE"]) {
        echo "{$function}, Using Password: {$adminpassword}";
    }
    if (function_exists("WriteToSyslogMail")) {
        WriteToSyslogMail("Trying to relink this server with Active Directory {$ad_server}.{$domain_lower} server", basename(__FILE__));
    }
    echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname}]: Kdc server ads : {$KDC_SERVER}\n";
    if ($KDC_SERVER == null) {
        $cmd = "{$netbin} ads join -W {$ad_server}.{$domain_lower} -S {$ad_server} -U {$adminname}%{$adminpassword} 2>&1";
        if ($GLOBALS["VERBOSE"]) {
            echo "Starting......: " . date("H:i:s") . "  {$function}, {$cmd}\n";
        }
        exec("{$cmd}", $results);
        while (list($index, $line) = each($results)) {
            echo "Starting......: " . date("H:i:s") . "  {$function}, ads join [{$adminname}]: {$line}\n";
        }
        $NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
        $KDC_SERVER = $NetADSINFOS["KDC server"];
    }
    if ($KDC_SERVER == null) {
        echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname}]: unable to join the domain {$domain_lower}\n";
    }
    echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname}]: setauthuser..\n";
    $cmd = "{$netbin} setauthuser -U {$adminname}%{$adminpassword}";
    if ($GLOBALS["VERBOSE"]) {
        echo "Starting......: " . date("H:i:s") . "  {$function}, {$cmd}\n";
    }
    shell_exec($cmd);
    if ($ipaddr == null) {
        $JOINEDRES = false;
        echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr)\n";
        if ($GLOBALS["VERBOSE"]) {
            echo "Starting......: " . date("H:i:s") . "  {$function},[{$adminname} 0]: {$cmd}\n";
        }
        $cmd = "{$netbin} join -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
        exec($cmd, $A1);
        while (list($index, $line) = each($A1)) {
            if (preg_match("#Joined#", $line)) {
                echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr) success\n";
                $JOINEDRES = true;
                break;
            }
            if (function_exists("WriteToSyslogMail")) {
                WriteToSyslogMail("Starting......: " . date("H:i:s") . "  Samba, {$line}", basename(__FILE__));
            }
        }
        if (!$JOINEDRES) {
            echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname} 0]: join as netrpc.. (without IP addr)\n";
            $cmd = "{$netbin} rpc join -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
            exec($cmd, $A2);
            if ($GLOBALS["VERBOSE"]) {
                echo "Starting......: " . date("H:i:s") . "  {$function}, {$cmd}\n";
            }
            while (list($index, $line) = each($A2)) {
                if (preg_match("#Joined#", $line)) {
                    echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr) success\n";
                    $JOINEDRES = true;
                    break;
                }
                if (function_exists("WriteToSyslogMail")) {
                    WriteToSyslogMail("Starting......: " . date("H:i:s") . "  Samba, {$line}", basename(__FILE__));
                }
            }
        }
    }
    if ($ipaddr != null) {
        if (!$GLOBALS["VERBOSE"]) {
            echo "Starting......: " . date("H:i:s") . "  {$function}, [{$adminname} 1]: ads '{$netbin} ads join -I {$ipaddr} -U {$adminname}%**** {$workgroup}'\n";
        }
        //$cmd="$netbin ads join -S $ad_server.$domain_lower -I $ipaddr -U $adminname%$adminpassword 2>&1";
        $cmd = "{$netbin} ads join -I {$ipaddr} -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
        if ($GLOBALS["VERBOSE"]) {
            echo "Starting......: " . date("H:i:s") . "  {$function},[{$adminname} 1]: {$cmd}\n";
        }
        exec($cmd, $BIGRES2);
        while (list($index, $line) = each($BIGRES2)) {
            if (preg_match("#Failed to join#i", $line)) {
                echo "Starting......: " . date("H:i:s") . "  {$function}, [{$adminname} 1]: ads join failed ({$line}), using pure IP\n";
                if (!$GLOBALS["VERBOSE"]) {
                    echo "Starting......: " . date("H:i:s") . "  {$function}, [{$adminname} 1]: '{$netbin} ads join -I {$ipaddr} -U {$adminname}%*** {$workgroup}'\n";
                }
                $cmd = "{$netbin} ads join -I {$ipaddr} -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
                if ($GLOBALS["VERBOSE"]) {
                    echo "Starting......: " . date("H:i:s") . "  {$function}, {$cmd}\n";
                }
                $BIGRESS = array();
                $BIGRES1 = array();
                exec($cmd, $BIGRES1);
                while (list($index, $line) = each($BIGRES1)) {
                    echo "Starting......: " . date("H:i:s") . "  {$function}, [{$adminname} 2] {$line}\n";
                    if (function_exists("WriteToSyslogMail")) {
                        WriteToSyslogMail("Starting......: " . date("H:i:s") . "  {$function}, {$line}", basename(__FILE__));
                    }
                }
                break;
            }
            echo "Starting......: " . date("H:i:s") . "  Samba,[{$adminname} 1] {$line}\n";
            if (function_exists("WriteToSyslogMail")) {
                WriteToSyslogMail("Starting......: " . date("H:i:s") . "  {$function}, {$line}", basename(__FILE__));
            }
        }
        /*echo "Starting......: ".date("H:i:s")."  Samba, [$adminname]: join with  IP Adrr:$ipaddr..\n";	
        	$cmd="$netbin join -U $adminname%$adminpassword -I $ipaddr";
        	if($GLOBALS["VERBOSE"]){echo "Starting......: ".date("H:i:s")."  Samba, $cmd\n";}
        	shell_exec($cmd);*/
    }
    if ($KDC_SERVER == null) {
        $NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
        $KDC_SERVER = $NetADSINFOS["KDC server"];
    }
    if ($KDC_SERVER == null) {
        echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname}]: unable to join the domain {$domain_lower}\n";
    }
    echo "Starting......: " . date("H:i:s") . "  Samba, [{$adminname}]: Kdc server ads : {$KDC_SERVER}\n";
    unset($results);
    $cmd = "{$netbin} ads keytab create -P -U {$adminname}%{$adminpassword} 2>&1";
    if ($GLOBALS["VERBOSE"]) {
        echo "Starting......: " . date("H:i:s") . "  Samba, {$cmd}\n";
    }
    exec("{$cmd}", $results);
    $php5 = $unix->LOCATE_PHP5_BIN();
    $unix->THREAD_COMMAND_SET("{$php5} " . dirname(__FILE__) . "/exec.adusers.php --computers");
    while (list($index, $line) = each($results)) {
        echo "Starting......: " . date("H:i:s") . "  Samba,ads keytab: [{$adminname}]: {$line}\n";
    }
    shell_exec("/etc/init.d/winbind restart");
}