function kinit_if_needed($security_enabled, $kinit_path_local, $keytab_path, $principal_name)
{
if ($security_enabled === 'true') {
$is_logined = is_logined($principal_name);
if (!$is_logined) {
$status = kinit($kinit_path_local, $keytab_path, $principal_name);
} else {
$status = array(0, '');
}
} else {
$status = array(0, '');
}
return $status;
}
function kinit(){
$unix=new unix();
$kinit=$unix->find_program("kinit");
$echo=$unix->find_program("echo");
$net=$unix->LOCATE_NET_BIN_PATH();
$hostname=$unix->find_program("hostname");
$sock=new sockets();
$config=unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
$domain=strtoupper($config["ADDOMAIN"]);
$domain_lower=strtolower($config["ADDOMAIN"]);
$cachefile="/etc/artica-postfix/NetADSInfo.cache";
$CyrusToAD=$sock->GET_INFO("CyrusToAD");
if(!is_numeric($CyrusToAD)){$CyrusToAD=0;}
$ADSERVER_IP=$config["ADSERVER_IP"];
@unlink("/etc/artica-postfix/NetADSInfo.cache");
$ad_server=strtolower($config["ADSERVER"]);
$kinitpassword=$config["PASSWORD"];
$kinitpassword=$unix->shellEscapeChars($kinitpassword);
if($kinit<>null){
shell_exec("$echo $kinitpassword|$kinit {$config["ADADMIN"]}@$domain");
}
exec($hostname,$results);
$servername=trim(@implode(" ",$results));
echo "Starting......: Samba using server name has $servername.$domain_lower\n";
shell_exec("/usr/share/artica-postfix/bin/artica-install --change-hostname $servername.$domain_lower");
echo "Starting......: connecting to $ad_server.$domain_lower\n";
@unlink($cachefile);
$NetADSINFOS=GetNetAdsInfos();
$KDC_SERVER=$NetADSINFOS["KDC server"];
$adminpassword=$config["PASSWORD"];
$WINBINDPASSWORD=$config["WINBINDPASSWORD"];
if(strlen($WINBINDPASSWORD)>2){
$WINBINDPASSWORD=$unix->shellEscapeChars($WINBINDPASSWORD);
exec("$net setauthuser -U winbind%$WINBINDPASSWORD 2>&1",$results);
while (list ($index, $line) = each ($results) ){writelogs("setauthuser [winbind]: $line",__FUNCTION__,__FILE__,__LINE__);}
}
echo "Starting......: checking winbindd daemon...\n";
shell_exec("/etc/init.d/artica-postfix start winbindd");
$adminpassword=$unix->shellEscapeChars($adminpassword);
if($KDC_SERVER==null){
$cmd="$net ads join -W $ad_server.$domain_lower -S $ad_server -U {$config["ADADMIN"]}%$adminpassword 2>&1";
if($GLOBALS["VERBOSE"]){echo $cmd."\n";}
exec("$cmd",$results);
while (list ($index, $line) = each ($results) ){
writelogs("ads join [{$config["ADADMIN"]}]: $line",__FUNCTION__,__FILE__,__LINE__);
if(preg_match("#DNS update failed#",$line)){
echo "Starting......: ADS Join FAILED with command line \"$cmd\"\n";
}
if(preg_match("#The network name cannot be found#",$line)){
echo "Starting......: ADS Join $ad_server.$domain_lower failed, unable to resolve it\n";
if($ADSERVER_IP<>null){
if(!$GLOBALS["CHANGE_ETC_HOSTS_AD"]){
$line=base64_encode("$ADSERVER_IP\t$ad_server.$domain_lower\t$ad_server");
$sock->getFrameWork("cmd.php?etc-hosts-add=$line");
$GLOBALS["CHANGE_ETC_HOSTS_AD"]=true;
echo "Starting......: ADS Join add $ad_server.$domain_lower $ADSERVER_IP in hosts file done, restart\n";
kinit();
return;
}
}
}
echo "Starting......: ADS Join $ad_server.$domain_lower ($line)\n";
}
}else{
echo "Starting......: ADS Already joined to \"$KDC_SERVER\"\n";
}
if($CyrusToAD==1){
echo "Starting......: Activate PAM for Cyrus sasl\n";
EnablePamd();
}else{
echo "Starting......: Disable PAM for Cyrus sasl\n";
DisablePamd();
}
}
function reconfigure()
{
$unix = new unix();
$sock = new sockets();
$EnableSambaActiveDirectory = $sock->GET_INFO("EnableSambaActiveDirectory");
if ($EnableSambaActiveDirectory == 1) {
activedirectory();
}
CheckExistentDirectories();
$samba = new samba();
@file_put_contents("/etc/samba/smb.conf", $samba->BuildConfig());
if (!is_file("/var/lib/samba/usershares/data")) {
@mkdir("/var/lib/samba/usershares", null, true);
@file_put_contents("/var/lib/samba/usershares/data", "#");
}
SambaAudit();
ParseHomeDirectories();
$samba = new samba();
$net = $unix->find_program("net");
$master_password = $samba->GetAdminPassword("administrator");
$SambaEnableEditPosixExtension = $sock->GET_INFO("SambaEnableEditPosixExtension");
if ($SambaEnableEditPosixExtension == 1) {
$cmd = "{$net} idmap secret {$samba->main_array["global"]["workgroup"]} {$master_password} >/dev/null 2>&1 &";
shell_exec($cmd);
$cmd = "{$net} idmap secret alloc {$master_password} >/dev/null 2>&1 &";
}
if ($EnableSambaActiveDirectory == 1) {
kinit();
}
shell_exec("/usr/share/artica-postfix/bin/artica-install --samba-reconfigure >/dev/null 2>&1");
}
function run_msktutils()
{
kinit();
$unix = new unix();
$sock = new sockets();
if (is_file("/usr/sbin/msktutil")) {
@chmod("/usr/sbin/msktutil", 0755);
}
$msktutil = $unix->find_program("msktutil");
$function = __FUNCTION__;
if (!is_file($msktutil)) {
if (is_file("/home/artica/mskutils.tar.gz.old")) {
echo "Starting......: " . date("H:i:s") . " {$function}, uncompress /home/artica/mskutils.tar.gz.old\n";
shell_exec("tar xf /home/artica/mskutils.tar.gz.old -C /");
}
}
$msktutil = $unix->find_program("msktutil");
if (!is_file($msktutil)) {
echo "Starting......: " . date("H:i:s") . " {$function}, msktutil not installed, you should use it..\n";
return;
}
$array = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
$domainUp = strtoupper($array["ADDOMAIN"]);
$domain_lower = strtolower($array["ADDOMAIN"]);
$adminpassword = $array["PASSWORD"];
$adminpassword = $unix->shellEscapeChars($adminpassword);
$adminname = $array["ADADMIN"];
$ad_server = $array["ADSERVER"];
$workgroup = $array["WORKGROUP"];
$ipaddr = trim($array["ADSERVER_IP"]);
if (!isset($array["COMPUTER_BRANCH"])) {
$array["COMPUTER_BRANCH"] = "CN=Computers";
}
$myFullHostname = $unix->hostname_g();
$myNetBiosName = $unix->hostname_simple();
$hostname = strtolower(trim($array["ADSERVER"])) . "." . strtolower(trim($array["ADDOMAIN"]));
if (!isset($array["WINDOWS_SERVER_TYPE"])) {
$array["WINDOWS_SERVER_TYPE"] = "WIN_2003";
}
echo "Starting......: " . date("H:i:s") . " {$function}, computers branch `{$array["COMPUTER_BRANCH"]}`\n";
echo "Starting......: " . date("H:i:s") . " {$function}, my full hostname `{$myFullHostname}`\n";
echo "Starting......: " . date("H:i:s") . " {$function}, my netbios name `{$myNetBiosName}`\n";
echo "Starting......: " . date("H:i:s") . " {$function}, Active Directory hostname `{$hostname}` ({$ipaddr})\n";
$kdestroy = $unix->find_program("kdestroy");
$domain_controller = $hostname;
if ($ipaddr != null) {
$domain_controller = $ipaddr;
}
$enctypes = null;
if ($array["WINDOWS_SERVER_TYPE"] == "WIN_2008AES") {
$enctypes = " --enctypes 28";
}
$msktutil_version = msktutil_version();
echo "Starting......: " . date("H:i:s") . " {$function}, msktutil version 0.{$msktutil_version}\n";
$f[] = "{$msktutil} -c -b \"{$array["COMPUTER_BRANCH"]}\"";
$f[] = "-s HTTP/{$myFullHostname} -h {$myFullHostname} -k /etc/krb5.keytab";
$f[] = "--computer-name {$myNetBiosName} --upn HTTP/{$myFullHostname} --server {$domain_controller} {$enctypes}";
$f[] = "--verbose";
if ($msktutil_version == 4) {
//$f[]="--user-creds-only";
}
$cmdline = @implode(" ", $f);
echo "Starting......: " . date("H:i:s") . " {$function},`{$cmdline}`\n";
exec("{$cmdline} 2>&1", $results);
while (list($num, $a) = each($results)) {
if (trim($a) == null) {
continue;
}
echo "Starting......: " . date("H:i:s") . " {$function}, {$a} Line:" . __LINE__ . "\n";
}
if ($msktutil_version == 4) {
$cmdline = "{$msktutil} --auto-update --verbose --computer-name {$myNetBiosName} --server {$domain_controller}";
exec("{$cmdline} 2>&1", $results);
while (list($num, $a) = each($results)) {
if (trim($a) == null) {
continue;
}
echo "Starting......: " . date("H:i:s") . " {$function}, {$a} Line:" . __LINE__ . "\n";
}
}
}