Index: univention-server-join =================================================================== --- univention-server-join (Revision 19266) +++ univention-server-join (Arbeitskopie) @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Univention Join # joins a server to an univention domain @@ -32,16 +32,16 @@ export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin" -ADMINOPTIONS="" +declare -a ADMINOPTIONS LOGFILE="/var/log/univention/server-join.log" if [ "$USER" != "root" ]; then - if [ "$HOME" ]; then - LOGFILE="$HOME/.univention-server-join.log" - else - USERTMP=`mktemp -d` - LOGFILE="$USERTMP/.univention-server-join.log" - fi - ADMINOPTIONS="$ADMINOPTIONS --logfile $LOGFILE" + if [ "$HOME" ]; then + LOGFILE="$HOME/.univention-server-join.log" + else + USERTMP="$(mktemp -d)" + LOGFILE="$USERTMP/.univention-server-join.log" + fi + ADMINOPTIONS+=(--logfile "$LOGFILE") fi display_help() { @@ -87,7 +87,7 @@ log() { - if [ $1 = 1 ]; then + if [ "$1" = 1 ]; then shift echo "$@" >>"$LOGFILE" echo "$@" @@ -108,49 +108,40 @@ do case "$1" in "-role") - shift - ROLE=$1 - shift + ROLE="${2:?missing role}" + shift 2 ;; "-hostname") - shift - HOSTNAME=$1 - shift + HOSTNAME="${2:?missing host name}" + shift 2 ;; "-domainname") - shift - DOMAINNAME=$1 - shift + DOMAINNAME="${2:?missing domain name}" + shift 2 ;; "-ip") - shift - IP=$1 - shift + IP="${2:?missing IP address}" + shift 2 ;; "-certs") - shift - CERTS="$1" - shift + CERTS="${2:?missing certificate}" + shift 2 ;; "-mac") - shift - MAC="$1" - shift + MAC="${2:?missing ethernec MAC address}" + shift 2 ;; "-bindaccount") - shift - BINDACCOUNT="$1" - shift + BINDACCOUNT="${2:?missing account name for bind}" + shift 2 ;; "-bindpwfile") - shift - BINDPWFILE="$1" - shift + BINDPWFILE="${2:?missing password file for bind}" + shift 2 ;; "-position") - shift - POSITION="$1" - shift + POSITION="${2:?missing LDAP position}" + shift 2 ;; "--version") display_version @@ -165,23 +156,23 @@ # extend options for univention-admin if [ "$BINDACCOUNT" ]; then - BINDDN=`ldapsearch -x "(&(uid=$BINDACCOUNT)(objectclass=posixAccount))" dn | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||'` - log 0 "found BINDDN: $BINDDN" >>$LOGFILE - if [ -z "$BINDDN" ]; then - log 1 "failed to get binddn for $BINDACCOUNT" - exit 1 - fi + BINDDN="$(ldapsearch -x "(&(uid=$BINDACCOUNT)(objectclass=posixAccount))" dn | ldapsearch-wrapper | sed -ne '^s|dn: ||p')" + log 0 "found BINDDN: $BINDDN" >>$LOGFILE + if [ -z "$BINDDN" ]; then + log 1 "failed to get binddn for $BINDACCOUNT" + exit 1 + fi fi if [ "$BINDDN" ]; then - ADMINOPTIONS="$ADMINOPTIONS --binddn $BINDDN" + ADMINOPTIONS+=(--binddn "$BINDDN") fi if [ "$BINDPWFILE" ]; then - ADMINOPTIONS="$ADMINOPTIONS --bindpw `cat $BINDPWFILE`" + ADMINOPTIONS+=(--bindpw "$(<"$BINDPWFILE")") fi -eval `univention-config-registry shell` +eval "$(univention-config-registry shell)" if [ -z "$ROLE" ]; then log 1 "E: -role is missing" display_help @@ -197,100 +188,98 @@ display_header create_entry () { -# $1 desc -# $2 module -# $3 position -# $4 primaryGroup -# $5 group - log 0 "Join $1" + local desc="${1?:missing description}" + local module="${2?:missing computer module}" + local position="${3?:missing LDAP position}" + local primaryGroup="$4" + local group="$5" + log 0 "Join $desc" - old_dn=`univention-admin $2 list --filter name=$HOSTNAME $ADMINOPTIONS | ldapsearch-wrapper | grep "DN: " | sed -e "s|.*DN: ||"` + old_dn="$(univention-admin "$module" list --filter name="$HOSTNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne "s|.*DN: ||p")" if [ $? = 1 ]; then - log 1 "E: failed search $1 [$old_dn]" + log 1 "E: failed search $desc [$old_dn]" exit 1 fi + declare -a args if [ -z "$old_dn" ]; then - log 0 " Create new $1 " + log 0 " Create new $desc " if [ -n "$MAC" -a -n "$dhcpEntry" -a "$module" = "computers/managedclient" ]; then - mac_cmd="--set mac=$MAC --set dhcpEntryZone=$dhcpEntry" + args+=(--set mac="$MAC" --set dhcpEntryZone="$dhcpEntry") elif [ -n "$MAC" -a -n "$dhcpEntry" -a "$module" = "computers/mobileclient" ]; then - mac_cmd="--set mac=$MAC --set dhcpEntryZone=$dhcpEntry" + args+=(--set mac="$MAC" --set dhcpEntryZone="$dhcpEntry") elif [ -n "$MAC" ]; then - mac_cmd="--set mac=$MAC" + args+=(--set mac="$MAC") fi if [ -n "$IP" ]; then - ip_cmd="--set ip=$IP" + args+=(--set ip="$IP") if [ -n "$forwardZone" ]; then - ip_cmd="$ip_cmd --set dnsEntryZoneForward=$forwardZone " + args+=(--set dnsEntryZoneForward="$forwardZone") if [ -n "$reverseZone" ]; then - ip_cmd="$ip_cmd --set dnsEntryZoneReverse=$reverseZone " + args+=(--set dnsEntryZoneReverse="$reverseZone") fi fi fi - rc=`univention-admin $2 create --position "$3"\ - --set name=$HOSTNAME $ip_cmd \ - --set domain=$DOMAINNAME \ - --set password=$computerPassword --set unixhome=/dev/null --set shell=/bin/sh --set primaryGroup="$4" $mac_cmd $ADMINOPTIONS` - if [ $? = 1 ]; then - log 1 "E: failed to create $1 (1) [$rc]" + rc="$(univention-admin "$module" create --position "$position"\ + --set name="$HOSTNAME" \ + --set domain="$DOMAINNAME" \ + --set password="$computerPassword" --set unixhome=/dev/null --set shell=/bin/sh --set primaryGroup="$primaryGroup" "${args[@]}" "${ADMINOPTIONS[@]}")" + if [ $? -ne 0 ]; then + log 1 "E: failed to create $desc (1) [$rc]" exit 1 fi if [ -z "$rc" ]; then - log 1 "E: failed to create $1: no result" + log 1 "E: failed to create $desc: no result" exit 1 fi - ldap_dn=`echo $rc | grep "Object created:" | sed -e 's|Object created: ||'` + ldap_dn="$(echo $rc | sed -ne 's|Object created: ||p')" if [ -z "$ldap_dn" ]; then - log 1 "E: failed to create $1 (2) [$rc]" + log 1 "E: failed to create $desc (2) [$rc]" exit 1 fi echo "ldap_dn=\"$ldap_dn\"" - if [ -n "$5" ]; then - rc=`univention-admin groups/group modify --dn="$5" --append users="$ldap_dn" $ADMINOPTIONS` + if [ -n "$group" ]; then + rc="$(univention-admin groups/group modify --dn="$group" --append users="$ldap_dn" "${ADMINOPTIONS[@]}")" fi else - log 0 "Modify $1 [$old_dn]" + log 0 "Modify $desc [$old_dn]" if [ -n "$MAC" ]; then - mac_cmd="--set mac=$MAC" + args+=(--set mac="$MAC") fi if [ -n "$IP" ]; then - ip_cmd="--set ip=$IP" + args+=(--set ip="$IP") fi - rc=`univention-admin $2 modify --dn "$old_dn" --set password=$computerPassword --set domain=$DOMAINNAME $mac_cmd $ip_cmd $ADMINOPTIONS` + rc="$(univention-admin "$module" modify --dn "$old_dn" --set password="$computerPassword" --set domain="$DOMAINNAME" "${args[@]}" "${ADMINOPTIONS[@]}")" - if [ $? = 1 ]; then - log 1 "E: failed to modify $1 $old_dn [$rc]" + if [ $? -ne 0 ]; then + log 1 "E: failed to modify $desc $old_dn [$rc]" fi echo "ldap_dn=\"$old_dn\" " - fi - - } if [ -n "$IP" ]; then - subnet=`univention-ipcalc --ip $IP --netmask $interfaces_eth0_netmask --output network --calcdns` + subnet="$(univention-ipcalc --ip "$IP" --netmask "$interfaces_eth0_netmask" --output network --calcdns)" log 0 " Calculated subnet = $subnet" - forwardZone=`univention-admin dns/forward_zone list --filter zone=$DOMAINNAME $ADMINOPTIONS | ldapsearch-wrapper | grep DN | sed -e 's/DN: //g'` - reverseZone=`univention-admin dns/reverse_zone list --filter subnet=$subnet $ADMINOPTIONS | ldapsearch-wrapper | grep DN | sed -e 's/DN: //g'` - dhcpEntry=`univention-admin dhcp/service list --filter name=$DOMAINNAME $ADMINOPTIONS | ldapsearch-wrapper | grep DN | sed -e 's/DN: //g'` + forwardZone="$(univention-admin dns/forward_zone list --filter zone="$DOMAINNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')" + reverseZone="$(univention-admin dns/reverse_zone list --filter subnet="$subnet" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')" + dhcpEntry="$(univention-admin dhcp/service list --filter name="$DOMAINNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')" log 0 " forwardZone $forwardZone " log 0 " reverseZone $reverseZone " fi -computerPassword=`makepasswd --chars=8` +computerPassword="$(makepasswd --chars=8)" if [ "$ROLE" = "domaincontroller_master" ]; then if [ -n "$POSITION" ]; then @@ -305,14 +294,14 @@ else create_entry "DC Backup" "computers/domaincontroller_backup" "cn=dc,cn=computers,$ldap_base" "cn=DC Backup Hosts,cn=groups,$ldap_base" "cn=DC Slave Hosts,cn=groups,$ldap_base" fi - kadmin -l add --random-key --use-defaults ldap/$HOSTNAME.$DOMAINNAME + kadmin -l add --random-key --use-defaults "ldap/$HOSTNAME.$DOMAINNAME" elif [ "$ROLE" = "domaincontroller_slave" ]; then if [ -n "$POSITION" ]; then create_entry "DC Slave" "computers/domaincontroller_slave" "$POSITION" "cn=DC Slave Hosts,cn=groups,$ldap_base" else create_entry "DC Slave" "computers/domaincontroller_slave" "cn=dc,cn=computers,$ldap_base" "cn=DC Slave Hosts,cn=groups,$ldap_base" fi - kadmin -l add --random-key --use-defaults ldap/$HOSTNAME.$DOMAINNAME + kadmin -l add --random-key --use-defaults "ldap/$HOSTNAME.$DOMAINNAME" elif [ "$ROLE" = "memberserver" ]; then if [ -n "$POSITION" ]; then create_entry "Member Server" "computers/memberserver" "$POSITION" "cn=Computers,cn=groups,$ldap_base" Index: debian/control =================================================================== --- debian/control (Revision 19266) +++ debian/control (Arbeitskopie) @@ -7,7 +7,10 @@ Package: univention-join Architecture: all -Depends: univention-config-registry, univention-ssh, ldap-utils, sysutils +Depends: univention-config-registry, + univention-ssh (>= 2.0.1), + ldap-utils, + sysutils Description: UCS - join domains This packages allows for the joining of UCS computers to a UCS domain. Index: debian/changelog =================================================================== --- debian/changelog (Revision 19266) +++ debian/changelog (Arbeitskopie) @@ -1,3 +1,12 @@ +univention-join (3.0.3-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix spelling (Bug #9861) + * Fix error test (Bug #16214) + * Improve check for join status (Bug #19361,#13495,#13497,#18120) + + -- Philipp Hahn Thu, 12 Aug 2010 19:38:02 +0200 + univention-join (3.0.3-1) unstable; urgency=low * For join scripts is an admin account required on DC Backups Index: univention-run-join-scripts =================================================================== --- univention-run-join-scripts (Revision 19266) +++ univention-run-join-scripts (Arbeitskopie) @@ -33,7 +33,7 @@ export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin" -eval `univention-config-registry shell` +eval "$(univention-config-registry shell)" display_help() { display_header @@ -76,24 +76,24 @@ echo "**************************************************************************" echo "* Message: $@" echo "**************************************************************************" - if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then - rm -f $DCPWD - fi exit 1 } +USERTMP="$(mktemp -d)" +DCPWD="$USERTMP/dcpwd" +trap "rm -rf '$USERTMP'" EXIT + while [ $# -gt 0 ] do case "$1" in "-dcaccount") - shift - DCACCOUNT=$1 - shift + DCACCOUNT="${2:?missing DC master account}" + shift 2 ;; "-dcpwd") - shift - DCPWD=$1 - shift + dcpwd="${2:?missing DC password file}" + cp "$dcpwd" "$DCPWD" + shift 2 ;; "--version") display_version @@ -113,19 +113,17 @@ echo -n "Enter DC Master Account : " read DCACCOUNT fi - if [ -z "$DCPWD" ]; then + if [ ! -f "$DCPWD" ]; then echo -n "Enter DC Master Password: " read -s password - DCPWD=$(mktemp) - echo "$password" >>$DCPWD - REMOVE_PWD_FILE="1" + echo -n "$password" >>"$DCPWD" echo "" echo "" fi echo -n "Search LDAP binddn " binddn="" - for i in `ldapsearch -x -LLL -b $ldap_base "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||'`; do + for i in $(ldapsearch -x -LLL -b "$ldap_base" "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | sed -ne 's|dn: ||p'); do if [ -n "$binddn" ]; then failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn" fi @@ -135,8 +133,8 @@ if [ -z "$binddn" ]; then failed_message "binddn for user $DCACCOUNT not found" else - ldapsearch -x -LLL -b "$ldap_base" -D "$binddn" -w `cat $DCPWD` -LLL -s base >/dev/null 2>&1 - if [ $? != 0 ]; then + if ! ldapsearch -x -LLL -b "$ldap_base" -D "$binddn" -w "$(<"$DCPWD")" -LLL -s base >/dev/null 2>&1 + then failed_message "Invalid credentials" fi fi @@ -146,10 +144,11 @@ echo "univention-run-join-scripts started" >>/var/log/univention/join.log 2>&1 date >>/var/log/univention/join.log 2>&1 echo >>/var/log/univention/join.log 2>&1 -if test -e "/usr/lib/univention-install/"; then +if test -d "/usr/lib/univention-install" +then for i in /usr/lib/univention-install/*.inst; do - echo -n "Running `basename $i` " - echo "RUNNING `basename $i` " >>/var/log/univention/join.log + echo -n "Running ${i##*/}" + echo "RUNNING ${i##*/} " >>/var/log/univention/join.log if ! joinscript_extern_init "$i"; then echo -e "\033[60Gskipped (invalid joinscript)" @@ -163,9 +162,9 @@ fi if [ ! "$server_role" = "domaincontroller_master" ] ; then - $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 + "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 else - $i >>/var/log/univention/join.log 2>&1 + "$i" >>/var/log/univention/join.log 2>&1 fi RET=$? echo "EXITCODE=$RET" >>/var/log/univention/join.log 2>&1 @@ -177,10 +176,6 @@ done fi -if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then - rm -f $DCPWD -fi - echo >>/var/log/univention/join.log 2>&1 date >>/var/log/univention/join.log 2>&1 echo "univention-run-join-scripts finished" >>/var/log/univention/join.log 2>&1 Index: check_join_status.sh =================================================================== --- check_join_status.sh (Revision 19266) +++ check_join_status.sh (Arbeitskopie) @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Univention Join # helper script: checks the join status of the local system @@ -34,33 +34,33 @@ log_error () { - local message="Error: $1" + local message="Error: $@" echo $message - echo $message >> $LOG_FILE + echo $message >>"$LOG_FILE" exit 1 } log_warn () { - local message="Warning: $1" + local message="Warning: $@" echo $message - echo $message >> $LOG_FILE + echo $message >>"$LOG_FILE" } -echo "Start $0 at $(date)" >>$LOG_FILE -eval `univention-config-registry shell` +echo "Start $0 at $(date)" >>"$LOG_FILE" +eval "$(univention-config-registry shell)" if [ ! -e /etc/machine.secret ]; then log_error "/etc/machine.secret not found" fi -ldapsearch -x -h "$ldap_master" -D "$ldap_hostdn" -w `cat /etc/machine.secret` -b $ldap_base -s base >>$LOG_FILE 2>&1 -if [ $? != 0 ]; then +if ! ldapsearch -x -h "$ldap_master" -D "$ldap_hostdn" -w "$(>"$LOG_FILE" 2>&1 +then log_error "ldapsearch -x failed" fi -ldapsearch -x -ZZ -h "$ldap_master" -D "$ldap_hostdn" -w `cat /etc/machine.secret` -b $ldap_base -s base >>$LOG_FILE 2>&1 -if [ $? != 0 ]; then +if ! ldapsearch -x -ZZ -h "$ldap_master" -D "$ldap_hostdn" -w "$(>"$LOG_FILE" 2>&1 +then log_error "ldapsearch -x -ZZ failed" fi @@ -68,19 +68,30 @@ log_error "The system isn't joined yet" fi -ldapsearch -x -ZZ -D "$ldap_hostdn" -w `cat /etc/machine.secret` -b $ldap_base -s base >>$LOG_FILE 2>&1 -if [ $? != 0 ]; then +if ! ldapsearch -x -ZZ -D "$ldap_hostdn" -w "$(>"$LOG_FILE" 2>&1 +then log_error "localhost ldapsearch failed" fi -inst_files=`ls -l /usr/lib/univention-install/*.inst | wc -l` -configured=`wc -l /usr/lib/univention-install/.index.txt | awk '{print $1}'` +for i in /usr/lib/univention-install/*.inst +do + unset VERSION + eval "$(grep -h ^VERSION= "$i")" + n="${i##*/[0-9][0-9]}" + n="${n%.inst}" + if ! grep -Fxq "$n v${VERSION} successful" /usr/lib/univention-install/.index.txt + then + log_warn "'$n' is not configured." + MISSING=1 + fi +done -if [ $configured -lt $inst_files ]; then +if [ -n "$MISSING" ] +then log_error "Not all install files configured" fi echo "Joined successful" -echo "Joined successfully" >> $LOG_FILE +echo "Joined successfully" >>"$LOG_FILE" exit 0 Index: univention-join =================================================================== --- univention-join (Revision 19266) +++ univention-join (Arbeitskopie) @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Univention Join # joins a system into a UCS domain @@ -34,11 +34,14 @@ export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin" -eval `univention-config-registry shell` +eval "$(univention-config-registry shell)" -TYPE=0 -REMOVE_PWD_FILE="" +TYPE= +USERTMP="$(mktemp -d)" +DCPWD="$USERTMP/dcpwd" +trap "rm -rf '$USERTMP'" EXIT + display_help() { display_header cat <<-EOL @@ -76,7 +79,6 @@ echo "univention-join @%@package_version@%@" } - failed_message () { echo "" echo "" @@ -86,23 +88,18 @@ echo "**************************************************************************" echo "* Message: $@" echo "**************************************************************************" - if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then - rm -f $DCPWD - fi exit 1 } download_host_certificate () { echo -n "Download host certificate " - HOSTPWD="/etc/machine.secret" - HOSTACCOUNT="$hostname\$" - univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 - univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 + local HOSTPWD="/etc/machine.secret" + local HOSTACCOUNT="$hostname\$" + univention-scp "$HOSTPWD" -q -r "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 while [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; do echo -n "." sleep 20 - univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 - univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 + univention-scp "$HOSTPWD" -q -r "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 done echo -e "\033[60Gdone" @@ -111,8 +108,7 @@ check_ldap_tls_connection () { echo -n "Check TLS connection " - ldapsearch -x -ZZ -s base -h "$DCNAME" dn >/dev/null - if [ $? != 0 ]; then + if ! ldapsearch -x -ZZ -s base -h "$DCNAME" dn >/dev/null failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN." fi @@ -123,34 +119,29 @@ do case "$1" in "-dcname") - shift - DCNAME=$1 - shift + DCNAME="${2:?missing DC master FQDN}" + shift 2 ;; "-dcaccount") - shift - DCACCOUNT=$1 - shift + DCACCOUNT="${2:?missing DC master account}" + shift 2 ;; "-dcpwd") - shift - DCPWD=$1 - shift + dcpwd="${2:?missing DC password file}" + cp "$dcpwd" "$DCPWD" + shift 2 ;; "-ldapbase") - shift - LDAPBASE="$1" - shift + LDAPBASE="${2:?missing LDAP base}" + shift 2 ;; "-realm") - shift - REALM="$1" - shift + REALM="${2:?missing Kerberos real}" + shift 2 ;; "-type") - shift - TYPE=$1 - shift + TYPE="${2:?missing computer role}" + shift 2 ;; "--version") display_version @@ -171,21 +162,21 @@ fi if [ -z "$DCACCOUNT" ]; then - echo -n "Insert DC Master Account : " + echo -n "Enter DC Master Account : " read DCACCOUNT fi -if [ -z "$DCPWD" ]; then - echo -n "Insert DC Master Password: " +if [ ! -f "$DCPWD" ]; then + echo -n "Enter DC Master Password: " read -s password - DCPWD=`mktemp` - echo "$password" >>$DCPWD - REMOVE_PWD_FILE="1" + echo -n "$password" >"$DCPWD" echo "" echo "" fi +declare -a args + if [ "$DCACCOUNT" != "root" ]; then - auth_cmd="-bindaccount \"$DCACCOUNT\" -bindpwfile \"$DCPWD\"" + args+=(-bindaccount "$DCACCOUNT" -bindpwfile "/dev/stdin") fi if [ -z "$server_role" ]; then @@ -193,7 +184,7 @@ echo "try: -type" display_help else - server_role=$TYPE + server_role="$TYPE" fi fi @@ -201,23 +192,23 @@ server_role="client" fi -mac_addr=`/sbin/ifconfig eth0 | grep HWaddr | sed -e "s|.*HWaddr ||"` +mac_addr="$(LC_ALL=C /sbin/ifconfig eth0 | sed -ne "s|.*HWaddr ||p")" if [ -n "$mac_addr" ]; then - mac_cmd="-mac $mac_addr" + args+=(-mac "$mac_addr") fi if [ -z "$DCNAME" ]; then echo -n "Search DC Master: " if [ "$interfaces_eth0_type" = "dhcp" ]; then - DCNAME=`host -t SRV _domaincontroller_master._tcp.$domainname | grep -v "not found" | grep -v "reached" | tail -1 | sed -e 's|.* ||g' | sed -e 's|\.$||'` + DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" if [ -n "$DCNAME" ]; then echo -e "\033[60Gdone" fi else for i in "$nameserver" "$nameserver1" "$nameserver2" "$nameserver3" "$dns_forwarder1" "$dns_forwarder2" "$dns_forwarder3"; do if [ -z "$i" ]; then continue; fi - DCNAME=`host -t SRV _domaincontroller_master._tcp.$domainname $i | grep -v "not found" | grep -v "reached" | tail -1 | sed -e 's|.* ||g' | sed -e 's|\.$||'` + DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" "$i" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" if [ -n "$DCNAME" ]; then echo -e "\033[60Gdone" echo "domain $domainname" >/etc/resolv.conf @@ -236,14 +227,13 @@ echo -n "Check DC Master: " -ping -c 1 $DCNAME >/dev/null 2>&1 - -if [ $? != 0 ]; then +if ! ping -c 1 "$DCNAME" >/dev/null 2>&1 +then failed_message "ping to $DCNAME failed" fi -univention-ssh "$DCPWD" "$DCACCOUNT"@"$DCNAME" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check -if [ $? != 0 ]; then +if ! univention-ssh "$DCPWD" "$DCACCOUNT"@"$DCNAME" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check +then failed_message "ssh-login for $DCACCOUNT@$DCNAME failed. Maybe you entered a wrong password." fi @@ -257,7 +247,7 @@ if [ -z "$LDAPBASE" ]; then echo -n "Search ldap/base" - ldap_base=`ldapsearch -x -h $DCNAME -b "" -s base 'objectclass=*' NamingContexts -LLL | grep namingContexts | sed -e 's|namingContexts: ||'` + ldap_base=$(ldapsearch -x -h "$DCNAME" -b "" -s base 'objectclass=*' NamingContexts -LLL | ldapsearch-wrapper | sed -ne 's|namingContexts: ||p') else ldap_base="$LDAPBASE" fi @@ -272,7 +262,7 @@ echo -n "Search LDAP binddn " binddn="" -for i in `ldapsearch -x -h $DCNAME -LLL -b $ldap_base "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||'`; do +for i in $(ldapsearch -x -h "$DCNAME" -LLL -b "$ldap_base" "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p'); do if [ -n "$binddn" ]; then failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn" fi @@ -282,35 +272,32 @@ if [ -z "$binddn" ]; then failed_message "binddn for user $DCACCOUNT not found" else - ldapsearch -x -h $DCNAME -LLL -b "$ldap_base" -D "$binddn" -w `cat $DCPWD` -LLL -s base >/dev/null 2>&1 - if [ $? != 0 ]; then + if ! ldapsearch -x -h "$DCNAME" -LLL -b "$ldap_base" -D "$binddn" -w "$(<"$DCPWD")" -LLL -s base >/dev/null 2>&1 failed_message "Invalid credentials" fi fi -if [ $server_role != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]; then +if [ "$server_role" != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]; then failed_message "binddn for user $DCACCOUNT not found" fi if [ -x /usr/bin/rdate ]; then echo -n "Sync time " - /usr/bin/rdate $DCNAME >/dev/null 2>&1 + /usr/bin/rdate "$DCNAME" >/dev/null 2>&1 echo -e "\033[60Gdone" fi if [ -n "$ldap_position" ]; then - position_cmd="-position \"$ldap_position\"" + args+=(-position "$ldap_position") fi if [ -n "$server_role" ]; then if [ -n "$interfaces_eth0_address" ]; then - ip_cmd="-ip $interfaces_eth0_address" + args+=(-ip "$interfaces_eth0_address") fi echo -n "Join Computer Account: " - univention-scp "$DCPWD" "$DCPWD" "$DCACCOUNT@$DCNAME:$DCPWD" >>/var/log/univention/join.log 2>&1 - res=`univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/share/univention-join/univention-server-join -role $server_role -hostname $hostname -domainname $domainname $ip_cmd $mac_cmd $position_cmd $auth_cmd 2>>/var/log/univention/join.log` - univention-ssh $DCPWD $DCACCOUNT@$DCNAME "rm $DCPWD" >>/var/log/univention/join.log 2>&1 - res_message=`echo $res | grep uexception | sed -e 's|.*univention.admin.uexceptions.||'g` + univention-ssh --no-split "$DCPWD" "$DCACCOUNT@$DCNAME" /usr/share/univention-join/univention-server-join -role "$server_role" -hostname "$hostname" -domainname "$domainname" "${args[@]}" <"$DCPWD" 2>&1 | tee "$USERTMP/log" >>/var/log/univention/join.log + res_message="$(grep uexception "$USERTMP/log" | sed -e 's|.*univention.admin.uexceptions.||'g)" if [ -z "$res_message" ]; then echo -e "\033[60Gdone" fi @@ -318,15 +305,13 @@ failed_message "No server role defined" fi -if [ -n "$res" ]; then - echo "Join result = [$res]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log +if [ -s "$USERTMP/log" ]; then + echo "Join result = [$(<"$USERTMP/log")]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log #try to get password - pwd=`echo $res | grep -i KerberosPasswd | sed -e 's|.*KerberosPasswd="||;s|".*||g'` + pwd="$(sed -ne 's|.*KerberosPasswd="||;s|".*||gp' <"$USERTMP/log")" - if [ -n "$pwd" ]; then - if [ -e /etc/machine.secret ]; then cat /etc/machine.secret >>/etc/machine.secret.SAVE fi @@ -335,17 +320,17 @@ fromdos /etc/machine.secret chmod 600 /etc/machine.secret if [ -e /etc/machine.secret.SAVE ]; then - chmod 600 /etc/machine.secret.SAVE + chmod 600 /etc/machine.secret.SAVE fi else if [ -n "$res_message" ]; then failed_message "$res_message" else - failed_message "$res" + failed_message "$(<"$USERTMP/log")" fi fi - ldap_dn="`echo $res | grep ldap_dn | sed -e 's|.*ldap_dn="||;s|".*||'`" + ldap_dn="$(sed -ne 's|.*ldap_dn="||;s|".*||p' <"$USERTMP/log")" if [ -n "$ldap_dn" ]; then univention-config-registry set ldap/hostdn="$ldap_dn" >>/var/log/univention/join.log 2>&1 else @@ -357,49 +342,60 @@ fi if [ -e "/usr/lib/univention-install/.index.txt" ]; then - mkdir -p /var/univention-join/ + mkdir -p /var/univention-join/ rm -rf /var/univention-join/status rm /usr/lib/univention-install/.index.txt touch /var/univention-join/status fi if [ ! -e "/usr/lib/univention-install/.index.txt" ]; then - mkdir -p /var/univention-join/ + mkdir -p /var/univention-join/ touch /var/univention-join/status ln -sf /var/univention-join/status /usr/lib/univention-install/.index.txt fi if [ -e "/etc/univention/ssl" ]; then - mv /etc/univention/ssl "/etc/univention/ssl_`date +"%y%m%d%H%M"`" + mv /etc/univention/ssl "/etc/univention/ssl_$(date +"%y%m%d%H%M")" mkdir /etc/univention/ssl fi # Stop Notifier -notifier_pid=`pidof univention-directory-notifier` +notifier_pid="$(pidof univention-directory-notifier)" if [ -n "$notifier_pid" -a -e /etc/runit/univention/univention-directory-notifier ]; then echo -n "Stopping univention-directory-notifier daemon: " /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1 - while ! sv status univention-directory-notifier | grep "^down" >/dev/null ; do sleep 1; /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1; echo -n "." ;done; echo "" done + while ! sv status univention-directory-notifier | grep -q "^down" + do + sleep 1 + /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1 + echo -n "." + done + echo " done" fi # Stop Listener -listener_pid=`pidof univention-directory-listener` +listener_pid="$(pidof univention-directory-listener)" if [ -e /etc/runit/univention/univention-directory-listener ]; then echo -n "Stopping univention-directory-listener daemon: " /etc/init.d/univention-directory-listener stop >/dev/null 2>&1 - while ! sv status univention-directory-listener | grep "^down" >/dev/null ; do sleep 1; /etc/init.d/univention-directory-listener stop >/dev/null 2>&1; echo -n "." ;done; echo "" done + while ! sv status univention-directory-listener | grep -q "^down" + do + sleep 1 + /etc/init.d/univention-directory-listener stop >/dev/null 2>&1 + echo -n "." + done + echo " done" fi rm -Rf /var/lib/univention-directory-listener/* -set_kerberos_realm () -{ - DCPWD="$1" - DCACCOUNT="$2" - DCNAME="$3" - realm="$4" +set_kerberos_realm () { + local DCPWD="${1:?missing DC password file}" + local DCACCOUNT="${2:?missing DC master account}" + local DCNAME="${3:?missing DC master FQDN}" + local realm="$4" if [ -z "$realm" ]; then - realm=$(univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/sbin/univention-config-registry get kerberos/realm | sed -e 's, ,,g' | grep [A-Za-z0-9] ) >>/var/log/univention/join.log 2>&1 + realm=$(univention-ssh "$DCPWD" "$DCACCOUNT@$DCNAME" /usr/sbin/univention-config-registry get kerberos/realm) >>/var/log/univention/join.log 2>&1 if [ $? != 0 -o -z "$realm" ]; then echo "Unable to retrieve the kerberos realm. Try to use option -realm " exit 1 @@ -414,42 +410,42 @@ if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi echo -n "Sync ldap.secret: " - univention-scp $DCPWD $DCACCOUNT@$DCNAME:/etc/ldap.secret /etc/ldap.secret >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap.secret" /etc/ldap.secret >>/var/log/univention/join.log 2>&1 if [ ! -e "/etc/ldap.secret" ]; then failed_message "/etc/ldap.secret not found" fi echo -e "\033[60Gdone" echo -n "Sync ldap-backup.secret: " - univention-scp $DCPWD $DCACCOUNT@$DCNAME:/etc/ldap-backup.secret /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret" /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1 if [ ! -e "/etc/ldap-backup.secret" ]; then failed_message "/etc/ldap-backup.secret not found" fi echo -e "\033[60Gdone" - univention-config-registry set ldap/server/name=$hostname.$domainname >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/server/ip=$interfaces_eth0_address >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/server/type=slave >>/var/log/univention/join.log 2>&1 + univention-config-registry set \ + ldap/server/name="$hostname.$domainname" \ + ldap/server/ip="$interfaces_eth0_address" \ + ldap/master="$DCNAME" \ + ldap/server/type=slave \ + >>/var/log/univention/join.log 2>&1 echo -n "Sync SSL directory: " - univention-ssh-rsync $DCPWD -az -e ssh $DCACCOUNT@$DCNAME:/etc/univention/ssl/* /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 + univention-ssh-rsync "$DCPWD" -az "$DCACCOUNT@$DCNAME:/etc/univention/ssl/*" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 echo -e "\033[60Gdone" check_ldap_tls_connection download_host_certificate - if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then + if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then echo "failed to get host certificate" failed_message "failed to get host certificate" fi echo -n "Sync SSL settings: " - eval `echo univention-config-registry set \` univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/sbin/univention-config-registry dump ssl/common ssl/country ssl/email ssl/locality ssl/organization ssl/organizationalunit ssl/state | grep ^ssl| sed -e 's|: |="|' \`` >>/var/log/univention/join.log 2>&1 - - + univention-ssh --no-split "$DCPWD" "$DCACCOUNT@$DCNAME" univention-config-registry search --key --non-empty --brief ^ssl/ | sed -e 's/: /=/' | xargs -d '\n' univention-config-registry set echo -e "\033[60Gdone" echo -n "Restart LDAP Server: " @@ -458,20 +454,22 @@ #TODO: implement a real sync echo -n "Sync Kerberos settings: " - univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/* /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q -r "$DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 echo -e "\033[60Gdone" # invalidate the nscd hosts cache nscd -i hosts - univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1 + univention-config-registry set \ + ldap/server/name?"$DCNAME" \ + ldap/master?"$DCNAME" \ + kerberos/adminserver?"$DCNAME" \ + >>/var/log/univention/join.log 2>&1 set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" - eval `univention-config-registry shell` + eval "$(univention-config-registry shell)" mkdir -p /var/lib/univention-ldap/notify/ @@ -481,29 +479,29 @@ echo -n "0" >/var/lib/univention-ldap/schema/id/id chown listener /var/lib/univention-ldap/schema/id/id - if test -e "/usr/lib/univention-install/"; then + if test -d "/usr/lib/univention-install/"; then for i in /usr/lib/univention-install/*.inst; do - echo -n "Configure `basename $i` " - echo "Configure `basename $i` " >>/var/log/univention/join.log - $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 + echo -n "Configure ${i##*/} " + echo "Configure ${i##*/} " >>/var/log/univention/join.log + "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 if [ $? != 0 ]; then echo -e "\033[60Gfailed" - failed_message "FAILED: `basename $i`" + failed_message "FAILED: ${i##*/}" else echo -e "\033[60Gdone" fi - if [ "`basename $i`" = "03univention-directory-listener.inst" ]; then + if [ "${i##*/}" = "03univention-directory-listener.inst" ]; then if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then failed_message "FAILED: failed.ldif exists." fi - univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction /tmp/ >/dev/null 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction" /tmp/ >/dev/null 2>&1 if [ ! -e /tmp/transaction ]; then - failed_message " FAILED: failed do copy /var/lib/univention-ldap/notify/transaction from the dc master. Please try again." + failed_message " FAILED: failed to copy /var/lib/univention-ldap/notify/transaction from the dc master. Please try again." fi - id=`cat /var/lib/univention-directory-listener/notifier_id` - cat /tmp/transaction | awk -F ' ' '{ if ( $1 <= '$id') print }' >/var/lib/univention-ldap/notify/transaction + read id < /var/lib/univention-directory-listener/notifier_id + awk -F ' ' '{ if ( $1 <= '$id') print }' /var/lib/univention-ldap/notify/transaction rm /tmp/transaction echo "">/var/lib/univention-ldap/replog/replog fi @@ -517,26 +515,28 @@ if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi - univention-scp $DCPWD "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret /etc/ldap-backup.secret" >/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret" /etc/ldap-backup.secret >/var/log/univention/join.log 2>&1 echo -e "\033[60Gdone" - univention-config-registry set ldap/server/name=$hostname.$domainname >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/server/ip=$interfaces_eth0_address >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/server/type=slave >>/var/log/univention/join.log 2>&1 + univention-config-registry set \ + ldap/server/name="$hostname.$domainname" \ + ldap/server/ip="$interfaces_eth0_address" \ + ldap/master="$DCNAME" \ + ldap/server/type=slave \ + >>/var/log/univention/join.log 2>&1 mkdir -p /etc/univention/ssl/ucsCA - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 fi check_ldap_tls_connection download_host_certificate - if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then + if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then failed_message "failed to get host certificate" fi @@ -545,7 +545,7 @@ echo -e "\033[60Gdone" echo -n "Sync Kerberos settings: " - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/* /var/lib/heimdal-kdc/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q -r "$DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 echo -e "\033[60Gdone" mkdir -p /var/lib/univention-ldap/notify/ @@ -553,9 +553,11 @@ # invalidate the nscd hosts cache nscd -i hosts - univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1 + univention-config-registry set \ + ldap/server/name?"$DCNAME" \ + ldap/master?"$DCNAME" \ + kerberos/adminserver?"$DCNAME" \ + >>/var/log/univention/join.log 2>&1 set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" echo -n "0" >/var/lib/univention-ldap/schema/id/id @@ -566,23 +568,23 @@ if test -e "/usr/lib/univention-install/"; then for i in /usr/lib/univention-install/*.inst; do - echo -n "Configure `basename $i` " - echo "Configure `basename $i` " >>/var/log/univention/join.log - $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 + echo -n "Configure ${i##*/} " + echo "Configure ${i##*/} " >>/var/log/univention/join.log + "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 if [ $? != 0 ]; then echo -e "\033[60Gfailed" - failed_message "FAILED: `basename $i`" + failed_message "FAILED: ${i##*/}" else echo -e "\033[60Gdone" fi - if [ "`basename $i`" = "03univention-directory-listener.inst" ]; then + if [ "${i##*/}" = "03univention-directory-listener.inst" ]; then if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then failed_message "FAILED: failed.ldif exists." fi if [ -n "$listener_supply_notifier" -a "$listener_supply_notifier" = "yes" ]; then - univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction /tmp/ >/dev/null 2>&1 - id=`cat /var/lib/univention-directory-listener/notifier_id` - cat /tmp/transaction | awk -F ' ' '{ if ( $1 <= '$id') print }' >/var/lib/univention-ldap/notify/transaction + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction" /tmp/ >/dev/null 2>&1 + read id < /var/lib/univention-directory-listener/notifier_id + awk -F ' ' '{ if ( $1 <= '$id') print }' /var/lib/univention-ldap/notify/transaction rm /tmp/transaction echo "">/var/lib/univention-ldap/replog/replog fi @@ -593,24 +595,26 @@ elif [ "$server_role" = "memberserver" ]; then mkdir -p /etc/univention/ssl/ucsCA - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 fi check_ldap_tls_connection download_host_certificate - univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1 - cat /etc/ldap/ldap.conf | sed -e "s|#.*||g" | grep -q TLS_CACERT || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf + univention-config-registry set ldap/master="$DCNAME" >>/var/log/univention/join.log 2>&1 + grep -q ^TLS_CACERT /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf # invalidate the nscd hosts cache nscd -i hosts - univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1 + univention-config-registry set \ + ldap/server/name?"$DCNAME" \ + ldap/master?"$DCNAME" \ + kerberos/adminserver?"$DCNAME" \ + >>/var/log/univention/join.log 2>&1 set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" touch /var/univention-join/joined @@ -618,13 +622,13 @@ if test -e "/usr/lib/univention-install/"; then for i in /usr/lib/univention-install/*.inst; do - echo -n "Configure `basename $i` " - echo "Configure `basename $i` " >>/var/log/univention/join.log - $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 + echo -n "Configure ${i##*/} " + echo "Configure ${i##*/} " >>/var/log/univention/join.log + "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 if [ $? != 0 ]; then echo -e "\033[60Gfailed" - echo "FAILED: `basename $i`" - failed_message "FAILED: `basename $i`" + echo "FAILED: ${i##*/}" + failed_message "FAILED: ${i##*/}" else echo -e "\033[60Gdone" fi @@ -637,9 +641,9 @@ mkdir -p /etc/univention/ssl/ucsCA - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then - univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 + univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 fi check_ldap_tls_connection @@ -649,27 +653,29 @@ # invalidate the nscd hosts cache nscd -i hosts - univention-config-registry set ldap/server/name="$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set ldap/master="$DCNAME" >>/var/log/univention/join.log 2>&1 - univention-config-registry set kerberos/adminserver="$DCNAME" >>/var/log/univention/join.log 2>&1 + univention-config-registry set \ + ldap/server/name="$DCNAME" \ + ldap/master="$DCNAME" \ + kerberos/adminserver="$DCNAME" \ + >>/var/log/univention/join.log 2>&1 set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" - cat /etc/ldap/ldap.conf | sed -e "s|#.*||g" | grep -q TLS_CACERT || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf + grep -q ^TLS_CACERT /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf touch /var/univention-join/joined ln -sf /var/univention-join/joined /usr/share/univention-join/.joined univention-config-registry set nsswitch/ldap=yes >>/var/log/univention/join.log 2>&1 - eval `univention-config-registry shell` + eval "$(univention-config-registry shell)" if test -e "/usr/lib/univention-install/"; then for i in /usr/lib/univention-install/*.inst; do - echo -n "Configure `basename $i` " - echo "Configure `basename $i` " >>/var/log/univention/join.log - $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 + echo -n "Configure ${i##*/} " + echo "Configure ${i##*/} " >>/var/log/univention/join.log + "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 if [ $? != 0 ]; then echo -e "\033[60Gfailed" - echo "FAILED: `basename $i`" - failed_message "FAILED: `basename $i`" + echo "FAILED: ${i##*/}" + failed_message "FAILED: ${i##*/}" else echo -e "\033[60Gdone" fi @@ -687,10 +693,6 @@ /etc/init.d/univention-directory-listener restart >>/var/log/univention/join.log 2>&1 fi -if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then - rm -f $DCPWD -fi - if [ "$interfaces_eth0_type" != "dhcp" ]; then univention-config-registry commit /etc/resolv.conf >>/var/log/univention/join.log 2>&1 fi