Univention Bugzilla – Attachment 2697 Details for
Bug 19430
univention-join Robustheit verbessern
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Verbesserungen 2
19430_univention-join.diff (text/plain), 39.61 KB, created by
Philipp Hahn
on 2010-09-16 09:48 CEST
(
hide
)
Description:
Verbesserungen 2
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2010-09-16 09:48 CEST
Size:
39.61 KB
patch
obsolete
> >Eigenschaftsänderungen: . >___________________________________________________________________ >Hinzugefügt: svn:ignore > + build-stamp >configure-stamp > > >Index: univention-server-join >=================================================================== >--- univention-server-join (Revision 19452) >+++ univention-server-join (Arbeitskopie) >@@ -1,4 +1,4 @@ >-#!/bin/sh >+#!/bin/bash > # > # Univention Join > # joins a server to an univention domain >@@ -32,16 +32,16 @@ > > export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin" > >-ADMINOPTIONS="" >+declare -a ADMINOPTIONS > LOGFILE="/var/log/univention/server-join.log" > if [ "$USER" != "root" ]; then >- if [ "$HOME" ]; then >- LOGFILE="$HOME/.univention-server-join.log" >- else >- USERTMP=`mktemp -d` >- LOGFILE="$USERTMP/.univention-server-join.log" >- fi >- ADMINOPTIONS="$ADMINOPTIONS --logfile $LOGFILE" >+ if [ "$HOME" ]; then >+ LOGFILE="$HOME/.univention-server-join.log" >+ else >+ USERTMP="$(mktemp -d)" >+ LOGFILE="$USERTMP/.univention-server-join.log" >+ fi >+ ADMINOPTIONS+=(--logfile "$LOGFILE") > fi > > display_help() { >@@ -87,7 +87,7 @@ > > > log() { >- if [ $1 = 1 ]; then >+ if [ "$1" = 1 ]; then > shift > echo "$@" >>"$LOGFILE" > echo "$@" >@@ -108,49 +108,40 @@ > do > case "$1" in > "-role") >- shift >- ROLE=$1 >- shift >+ ROLE="${2:?missing role}" >+ shift 2 > ;; > "-hostname") >- shift >- HOSTNAME=$1 >- shift >+ HOSTNAME="${2:?missing host name}" >+ shift 2 > ;; > "-domainname") >- shift >- DOMAINNAME=$1 >- shift >+ DOMAINNAME="${2:?missing domain name}" >+ shift 2 > ;; > "-ip") >- shift >- IP=$1 >- shift >+ IP="${2:?missing IP address}" >+ shift 2 > ;; > "-certs") >- shift >- CERTS="$1" >- shift >+ CERTS="${2:?missing certificate}" >+ shift 2 > ;; > "-mac") >- shift >- MAC="$1" >- shift >+ MAC="${2:?missing ethernec MAC address}" >+ shift 2 > ;; > "-bindaccount") >- shift >- BINDACCOUNT="$1" >- shift >+ BINDACCOUNT="${2:?missing account name for bind}" >+ shift 2 > ;; > "-bindpwfile") >- shift >- BINDPWFILE="$1" >- shift >+ BINDPWFILE="${2:?missing password file for bind}" >+ shift 2 > ;; > "-position") >- shift >- POSITION="$1" >- shift >+ POSITION="${2:?missing LDAP position}" >+ shift 2 > ;; > "--version") > display_version >@@ -164,24 +155,27 @@ > done > > # extend options for univention-admin >-if [ "$BINDACCOUNT" ]; then >- BINDDN=`ldapsearch -x "(&(uid=$BINDACCOUNT)(objectclass=posixAccount))" dn | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||'` >- log 0 "found BINDDN: $BINDDN" >>$LOGFILE >- if [ -z "$BINDDN" ]; then >- log 1 "failed to get binddn for $BINDACCOUNT" >- exit 1 >- fi >+if [ -n "$BINDACCOUNT" ] >+then >+ BINDDN="$(ldapsearch -x "(&(uid=$BINDACCOUNT)(objectclass=posixAccount))" dn | ldapsearch-wrapper | sed -ne '^s|dn: ||p')" >+ log 0 "found BINDDN: $BINDDN" >>$LOGFILE >+ if [ -z "$BINDDN" ]; then >+ log 1 "failed to get binddn for $BINDACCOUNT" >+ exit 1 >+ fi > fi > >-if [ "$BINDDN" ]; then >- ADMINOPTIONS="$ADMINOPTIONS --binddn $BINDDN" >+if [ -n "$BINDDN" ] >+then >+ ADMINOPTIONS+=(--binddn "$BINDDN") > fi >-if [ "$BINDPWFILE" ]; then >- ADMINOPTIONS="$ADMINOPTIONS --bindpw `cat $BINDPWFILE`" >+if [ -n "$BINDPWFILE" ] >+then >+ ADMINOPTIONS+=(--bindpw "$(<"$BINDPWFILE")") > fi > > >-eval `univention-config-registry shell` >+eval "$(univention-config-registry shell)" > if [ -z "$ROLE" ]; then > log 1 "E: -role is missing" > display_help >@@ -197,100 +191,98 @@ > > display_header > create_entry () { >-# $1 desc >-# $2 module >-# $3 position >-# $4 primaryGroup >-# $5 group >- log 0 "Join $1" >+ local desc="${1?:missing description}" >+ local module="${2?:missing computer module}" >+ local position="${3?:missing LDAP position}" >+ local primaryGroup="$4" >+ local group="$5" >+ log 0 "Join $desc" > >- old_dn=`univention-admin $2 list --filter name=$HOSTNAME $ADMINOPTIONS | ldapsearch-wrapper | grep "DN: " | sed -e "s|.*DN: ||"` >+ old_dn="$(univention-admin "$module" list --filter name="$HOSTNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne "s|.*DN: ||p")" > if [ $? = 1 ]; then >- log 1 "E: failed search $1 [$old_dn]" >+ log 1 "E: failed search $desc [$old_dn]" > exit 1 > fi > >+ declare -a args > if [ -z "$old_dn" ]; then >- log 0 " Create new $1 " >+ log 0 " Create new $desc " > > if [ -n "$MAC" -a -n "$dhcpEntry" -a "$module" = "computers/managedclient" ]; then >- mac_cmd="--set mac=$MAC --set dhcpEntryZone=$dhcpEntry" >+ args+=(--set mac="$MAC" --set dhcpEntryZone="$dhcpEntry") > elif [ -n "$MAC" -a -n "$dhcpEntry" -a "$module" = "computers/mobileclient" ]; then >- mac_cmd="--set mac=$MAC --set dhcpEntryZone=$dhcpEntry" >+ args+=(--set mac="$MAC" --set dhcpEntryZone="$dhcpEntry") > elif [ -n "$MAC" ]; then >- mac_cmd="--set mac=$MAC" >+ args+=(--set mac="$MAC") > fi > > if [ -n "$IP" ]; then >- ip_cmd="--set ip=$IP" >+ args+=(--set ip="$IP") > if [ -n "$forwardZone" ]; then >- ip_cmd="$ip_cmd --set dnsEntryZoneForward=$forwardZone " >+ args+=(--set dnsEntryZoneForward="$forwardZone") > if [ -n "$reverseZone" ]; then >- ip_cmd="$ip_cmd --set dnsEntryZoneReverse=$reverseZone " >+ args+=(--set dnsEntryZoneReverse="$reverseZone") > fi > fi > fi > >- rc=`univention-admin $2 create --position "$3"\ >- --set name=$HOSTNAME $ip_cmd \ >- --set domain=$DOMAINNAME \ >- --set password=$computerPassword --set unixhome=/dev/null --set shell=/bin/sh --set primaryGroup="$4" $mac_cmd $ADMINOPTIONS` >- if [ $? = 1 ]; then >- log 1 "E: failed to create $1 (1) [$rc]" >+ rc="$(univention-admin "$module" create --position "$position"\ >+ --set name="$HOSTNAME" \ >+ --set domain="$DOMAINNAME" \ >+ --set password="$computerPassword" --set unixhome=/dev/null --set shell=/bin/sh --set primaryGroup="$primaryGroup" "${args[@]}" "${ADMINOPTIONS[@]}")" >+ if [ $? -ne 0 ]; then >+ log 1 "E: failed to create $desc (1) [$rc]" > exit 1 > fi > > if [ -z "$rc" ]; then >- log 1 "E: failed to create $1: no result" >+ log 1 "E: failed to create $desc: no result" > exit 1 > fi > >- ldap_dn=`echo $rc | grep "Object created:" | sed -e 's|Object created: ||'` >+ ldap_dn="$(echo $rc | sed -ne 's|Object created: ||p')" > if [ -z "$ldap_dn" ]; then >- log 1 "E: failed to create $1 (2) [$rc]" >+ log 1 "E: failed to create $desc (2) [$rc]" > exit 1 > fi > > echo "ldap_dn=\"$ldap_dn\"" > >- if [ -n "$5" ]; then >- rc=`univention-admin groups/group modify --dn="$5" --append users="$ldap_dn" $ADMINOPTIONS` >+ if [ -n "$group" ]; then >+ rc="$(univention-admin groups/group modify --dn="$group" --append users="$ldap_dn" "${ADMINOPTIONS[@]}")" > fi > else >- log 0 "Modify $1 [$old_dn]" >+ log 0 "Modify $desc [$old_dn]" > > if [ -n "$MAC" ]; then >- mac_cmd="--set mac=$MAC" >+ args+=(--set mac="$MAC") > fi > if [ -n "$IP" ]; then >- ip_cmd="--set ip=$IP" >+ args+=(--set ip="$IP") > fi >- rc=`univention-admin $2 modify --dn "$old_dn" --set password=$computerPassword --set domain=$DOMAINNAME $mac_cmd $ip_cmd $ADMINOPTIONS` >+ rc="$(univention-admin "$module" modify --dn "$old_dn" --set password="$computerPassword" --set domain="$DOMAINNAME" "${args[@]}" "${ADMINOPTIONS[@]}")" > >- if [ $? = 1 ]; then >- log 1 "E: failed to modify $1 $old_dn [$rc]" >+ if [ $? -ne 0 ]; then >+ log 1 "E: failed to modify $desc $old_dn [$rc]" > fi > > echo "ldap_dn=\"$old_dn\" " >- > fi >- >- > } > > if [ -n "$IP" ]; then >- subnet=`univention-ipcalc --ip $IP --netmask $interfaces_eth0_netmask --output network --calcdns` >+ subnet="$(univention-ipcalc --ip "$IP" --netmask "$interfaces_eth0_netmask" --output network --calcdns)" > log 0 " Calculated subnet = $subnet" > >- forwardZone=`univention-admin dns/forward_zone list --filter zone=$DOMAINNAME $ADMINOPTIONS | ldapsearch-wrapper | grep DN | sed -e 's/DN: //g'` >- reverseZone=`univention-admin dns/reverse_zone list --filter subnet=$subnet $ADMINOPTIONS | ldapsearch-wrapper | grep DN | sed -e 's/DN: //g'` >- dhcpEntry=`univention-admin dhcp/service list --filter name=$DOMAINNAME $ADMINOPTIONS | ldapsearch-wrapper | grep DN | sed -e 's/DN: //g'` >+ forwardZone="$(univention-admin dns/forward_zone list --filter zone="$DOMAINNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')" >+ reverseZone="$(univention-admin dns/reverse_zone list --filter subnet="$subnet" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')" >+ dhcpEntry="$(univention-admin dhcp/service list --filter name="$DOMAINNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')" > > log 0 " forwardZone $forwardZone " > log 0 " reverseZone $reverseZone " > fi > >-computerPassword=`makepasswd --chars=8` >+computerPassword="$(makepasswd --chars=8)" > > if [ "$ROLE" = "domaincontroller_master" ]; then > if [ -n "$POSITION" ]; then >@@ -305,14 +297,14 @@ > else > create_entry "DC Backup" "computers/domaincontroller_backup" "cn=dc,cn=computers,$ldap_base" "cn=DC Backup Hosts,cn=groups,$ldap_base" "cn=DC Slave Hosts,cn=groups,$ldap_base" > fi >- kadmin -l add --random-key --use-defaults ldap/$HOSTNAME.$DOMAINNAME >+ kadmin -l add --random-key --use-defaults "ldap/$HOSTNAME.$DOMAINNAME" > elif [ "$ROLE" = "domaincontroller_slave" ]; then > if [ -n "$POSITION" ]; then > create_entry "DC Slave" "computers/domaincontroller_slave" "$POSITION" "cn=DC Slave Hosts,cn=groups,$ldap_base" > else > create_entry "DC Slave" "computers/domaincontroller_slave" "cn=dc,cn=computers,$ldap_base" "cn=DC Slave Hosts,cn=groups,$ldap_base" > fi >- kadmin -l add --random-key --use-defaults ldap/$HOSTNAME.$DOMAINNAME >+ kadmin -l add --random-key --use-defaults "ldap/$HOSTNAME.$DOMAINNAME" > elif [ "$ROLE" = "memberserver" ]; then > if [ -n "$POSITION" ]; then > create_entry "Member Server" "computers/memberserver" "$POSITION" "cn=Computers,cn=groups,$ldap_base" >@@ -334,3 +326,4 @@ > fi > > echo "KerberosPasswd=\"$computerPassword\" " >+# vim:set ts=8 sw=8: >Index: debian/changelog >=================================================================== >--- debian/changelog (Revision 19719) >+++ debian/changelog (Arbeitskopie) >@@ -1,5 +1,7 @@ > univention-join (3.0.4-3) unstable; urgency=low > >+ * Fix spelling (Bug #9861) >+ * Fix error test (Bug #16214) > * Improve check for join status (Bug #19361,#13495,#13497,#18120) > > -- Philipp Hahn <hahn@univention.de> Thu, 12 Aug 2010 19:38:02 +0200 >Index: univention-run-join-scripts >=================================================================== >--- univention-run-join-scripts (Revision 19452) >+++ univention-run-join-scripts (Arbeitskopie) >@@ -33,7 +33,7 @@ > > export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin" > >-eval `univention-config-registry shell` >+eval "$(univention-config-registry shell)" > > display_help() { > display_header > >Eigenschaftsänderungen: univention-run-join-scripts >___________________________________________________________________ >Hinzugefügt: svn:executable > + * > >Index: univention-join >=================================================================== >--- univention-join (Revision 19452) >+++ univention-join (Arbeitskopie) >@@ -1,4 +1,4 @@ >-#!/bin/sh >+#!/bin/bash > # > # Univention Join > # joins a system into a UCS domain >@@ -37,8 +37,11 @@ > eval "$(univention-config-registry shell)" > > TYPE= >-REMOVE_PWD_FILE="" > >+USERTMP="$(mktemp -d)" >+DCPWD="$USERTMP/dcpwd" >+trap "rm -rf '$USERTMP'" EXIT >+ > display_help() { > display_header > cat <<-EOL >@@ -76,7 +79,6 @@ > echo "univention-join @%@package_version@%@" > } > >- > failed_message () { > echo "" > echo "" >@@ -86,23 +88,18 @@ > echo "**************************************************************************" > echo "* Message: $@" > echo "**************************************************************************" >- if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then >- rm -f $DCPWD >- fi > exit 1 > } > > download_host_certificate () { > echo -n "Download host certificate " >- HOSTPWD="/etc/machine.secret" >- HOSTACCOUNT="$hostname\$" >- univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 >- univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 >+ local HOSTPWD="/etc/machine.secret" >+ local HOSTACCOUNT="$hostname\$" >+ univention-scp "$HOSTPWD" -q -r "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 > while [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; do > echo -n "." > sleep 20 >- univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 >- univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$HOSTPWD" -q -r "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 > done > > echo -e "\033[60Gdone" >@@ -111,8 +108,8 @@ > check_ldap_tls_connection () { > echo -n "Check TLS connection " > >- ldapsearch -x -ZZ -s base -h "$DCNAME" dn >/dev/null >- if [ $? != 0 ]; then >+ if ! ldapsearch -x -ZZ -s base -h "$DCNAME" dn >/dev/null >+ then > failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN." > fi > >@@ -123,34 +120,29 @@ > do > case "$1" in > "-dcname") >- shift >- DCNAME=$1 >- shift >+ DCNAME="${2:?missing DC master FQDN}" >+ shift 2 > ;; > "-dcaccount") >- shift >- DCACCOUNT=$1 >- shift >+ DCACCOUNT="${2:?missing DC master account}" >+ shift 2 > ;; > "-dcpwd") >- shift >- DCPWD=$1 >- shift >+ dcpwd="${2:?missing DC password file}" >+ cp "$dcpwd" "$DCPWD" >+ shift 2 > ;; > "-ldapbase") >- shift >- LDAPBASE="$1" >- shift >+ LDAPBASE="${2:?missing LDAP base}" >+ shift 2 > ;; > "-realm") >- shift >- REALM="$1" >- shift >+ REALM="${2:?missing Kerberos real}" >+ shift 2 > ;; > "-type") >- shift >- TYPE=$1 >- shift >+ TYPE="${2:?missing computer role}" >+ shift 2 > ;; > "--version") > display_version >@@ -171,21 +163,21 @@ > fi > > if [ -z "$DCACCOUNT" ]; then >- echo -n "Insert DC Master Account : " >+ echo -n "Enter DC Master Account : " > read DCACCOUNT > fi >-if [ -z "$DCPWD" ]; then >- echo -n "Insert DC Master Password: " >+if [ ! -f "$DCPWD" ]; then >+ echo -n "Enter DC Master Password: " > read -s password >- DCPWD=`mktemp` >- echo "$password" >>$DCPWD >- REMOVE_PWD_FILE="1" >+ echo -n "$password" >"$DCPWD" > echo "" > echo "" > fi > >+declare -a args >+ > if [ "$DCACCOUNT" != "root" ]; then >- auth_cmd="-bindaccount \"$DCACCOUNT\" -bindpwfile \"$DCPWD\"" >+ args+=(-bindaccount "$DCACCOUNT") > fi > > if [ -z "$server_role" ]; then >@@ -193,7 +185,7 @@ > echo "try: -type" > display_help > else >- server_role=$TYPE >+ server_role="$TYPE" > fi > fi > >@@ -201,23 +193,23 @@ > server_role="client" > fi > >-mac_addr=`/sbin/ifconfig eth0 | grep HWaddr | sed -e "s|.*HWaddr ||"` >+mac_addr="$(LC_ALL=C /sbin/ifconfig eth0 | sed -ne "s|.*HWaddr ||p")" > if [ -n "$mac_addr" ]; then >- mac_cmd="-mac $mac_addr" >+ args+=(-mac "$mac_addr") > fi > > > if [ -z "$DCNAME" ]; then > echo -n "Search DC Master: " > if [ "$interfaces_eth0_type" = "dhcp" ]; then >- DCNAME=`host -t SRV _domaincontroller_master._tcp.$domainname | grep -v "not found" | grep -v "reached" | tail -1 | sed -e 's|.* ||g' | sed -e 's|\.$||'` >+ DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" > if [ -n "$DCNAME" ]; then > echo -e "\033[60Gdone" > fi > else > for i in "$nameserver" "$nameserver1" "$nameserver2" "$nameserver3" "$dns_forwarder1" "$dns_forwarder2" "$dns_forwarder3"; do > if [ -z "$i" ]; then continue; fi >- DCNAME=`host -t SRV _domaincontroller_master._tcp.$domainname $i | grep -v "not found" | grep -v "reached" | tail -1 | sed -e 's|.* ||g' | sed -e 's|\.$||'` >+ DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" "$i" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" > if [ -n "$DCNAME" ]; then > echo -e "\033[60Gdone" > echo "domain $domainname" >/etc/resolv.conf >@@ -236,14 +228,13 @@ > > echo -n "Check DC Master: " > >-ping -c 1 $DCNAME >/dev/null 2>&1 >- >-if [ $? != 0 ]; then >+if ! ping -c 1 "$DCNAME" >/dev/null 2>&1 >+then > failed_message "ping to $DCNAME failed" > fi > >-univention-ssh "$DCPWD" "$DCACCOUNT"@"$DCNAME" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check >-if [ $? != 0 ]; then >+if ! univention-ssh "$DCPWD" "$DCACCOUNT"@"$DCNAME" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check >+then > failed_message "ssh-login for $DCACCOUNT@$DCNAME failed. Maybe you entered a wrong password." > fi > >@@ -257,7 +248,7 @@ > > if [ -z "$LDAPBASE" ]; then > echo -n "Search ldap/base" >- ldap_base=`ldapsearch -x -h $DCNAME -b "" -s base 'objectclass=*' NamingContexts -LLL | grep namingContexts | sed -e 's|namingContexts: ||'` >+ ldap_base=$(ldapsearch -x -h "$DCNAME" -b "" -s base 'objectclass=*' NamingContexts -LLL | ldapsearch-wrapper | sed -ne 's|namingContexts: ||p') > else > ldap_base="$LDAPBASE" > fi >@@ -272,7 +263,8 @@ > > echo -n "Search LDAP binddn " > binddn="" >-for i in `ldapsearch -x -h $DCNAME -LLL -b $ldap_base "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||'`; do >+for i in $(ldapsearch -x -h "$DCNAME" -LLL -b "$ldap_base" "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p') >+do > if [ -n "$binddn" ]; then > failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn" > fi >@@ -282,35 +274,47 @@ > if [ -z "$binddn" ]; then > failed_message "binddn for user $DCACCOUNT not found" > else >- ldapsearch -x -h $DCNAME -LLL -b "$ldap_base" -D "$binddn" -w `cat $DCPWD` -LLL -s base >/dev/null 2>&1 >- if [ $? != 0 ]; then >+ if ! ldapsearch -x -h "$DCNAME" -LLL -b "$ldap_base" -D "$binddn" -w "$(<"$DCPWD")" -LLL -s base >/dev/null 2>&1 >+ then > failed_message "Invalid credentials" > fi > fi > >-if [ $server_role != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]; then >+if [ "$server_role" != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ] >+then > failed_message "binddn for user $DCACCOUNT not found" > fi > > if [ -x /usr/bin/rdate ]; then > echo -n "Sync time " >- /usr/bin/rdate $DCNAME >/dev/null 2>&1 >+ /usr/bin/rdate "$DCNAME" >/dev/null 2>&1 > echo -e "\033[60Gdone" > fi > > if [ -n "$ldap_position" ]; then >- position_cmd="-position \"$ldap_position\"" >+ args+=(-position "$ldap_position") > fi > >+bashquote () { # quote arguments for eval >+ declare -a escaped >+ declare -r quote=\\\' >+ local arg >+ for arg in "$@" >+ do >+ escaped+=("'${arg//\'/'$quote'}'") >+ done >+ echo -n "${escaped[@]}" >+} >+ > if [ -n "$server_role" ]; then > if [ -n "$interfaces_eth0_address" ]; then >- ip_cmd="-ip $interfaces_eth0_address" >+ args+=(-ip "$interfaces_eth0_address") > fi > echo -n "Join Computer Account: " >- univention-scp "$DCPWD" "$DCPWD" "$DCACCOUNT@$DCNAME:$DCPWD" >>/var/log/univention/join.log 2>&1 >- res=`univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/share/univention-join/univention-server-join -role $server_role -hostname $hostname -domainname $domainname $ip_cmd $mac_cmd $position_cmd $auth_cmd 2>>/var/log/univention/join.log` >- univention-ssh $DCPWD $DCACCOUNT@$DCNAME "rm $DCPWD" >>/var/log/univention/join.log 2>&1 >- res_message=`echo $res | grep uexception | sed -e 's|.*univention.admin.uexceptions.||'g` >+ args+=(-role "$server_role" -hostname "$hostname" -domainname "$domainname") >+ # Copy local $DCPWD to remote $DCPWD' and invoke univention-join remotely >+ univention-ssh --no-split "$DCPWD" "$DCACCOUNT@$DCNAME" 'DCPWD=$(mktemp) && trap "rm -f \"$DCPWD\"" EXIT && cat >"$DCPWD" && /usr/share/univention-join/univention-server-join -bindpwfile "$DCPWD"' "$(bashquote "${args[@]}")" <"$DCPWD" 2>&1 | tee "$USERTMP/log" >>/var/log/univention/join.log >+ res_message="$(grep uexception "$USERTMP/log" | sed -e 's|.*univention.admin.uexceptions.||'g)" > if [ -z "$res_message" ]; then > echo -e "\033[60Gdone" > fi >@@ -318,15 +322,14 @@ > failed_message "No server role defined" > fi > >-if [ -n "$res" ]; then >- echo "Join result = [$res]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log >+if [ -s "$USERTMP/log" ] >+then >+ echo "Join result = [$(<"$USERTMP/log")]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log > > #try to get password >- pwd=`echo $res | grep -i KerberosPasswd | sed -e 's|.*KerberosPasswd="||;s|".*||g'` >+ pwd="$(sed -ne 's|^KerberosPasswd="\(.*\)" *|\1|p' <"$USERTMP/log")" > >- > if [ -n "$pwd" ]; then >- > if [ -e /etc/machine.secret ]; then > cat /etc/machine.secret >>/etc/machine.secret.SAVE > fi >@@ -335,17 +338,17 @@ > fromdos /etc/machine.secret > chmod 600 /etc/machine.secret > if [ -e /etc/machine.secret.SAVE ]; then >- chmod 600 /etc/machine.secret.SAVE >+ chmod 600 /etc/machine.secret.SAVE > fi > else > if [ -n "$res_message" ]; then > failed_message "$res_message" > else >- failed_message "$res" >+ failed_message "$(<"$USERTMP/log")" > fi > fi > >- ldap_dn="`echo $res | grep ldap_dn | sed -e 's|.*ldap_dn="||;s|".*||'`" >+ ldap_dn="$(sed -ne 's|^ldap_dn="\(.*\)" *|\1|p' <"$USERTMP/log")" > if [ -n "$ldap_dn" ]; then > univention-config-registry set ldap/hostdn="$ldap_dn" >>/var/log/univention/join.log 2>&1 > else >@@ -357,49 +360,60 @@ > fi > > if [ -e "/usr/lib/univention-install/.index.txt" ]; then >- mkdir -p /var/univention-join/ >+ mkdir -p /var/univention-join/ > rm -rf /var/univention-join/status > rm /usr/lib/univention-install/.index.txt > touch /var/univention-join/status > fi > > if [ ! -e "/usr/lib/univention-install/.index.txt" ]; then >- mkdir -p /var/univention-join/ >+ mkdir -p /var/univention-join/ > touch /var/univention-join/status > ln -sf /var/univention-join/status /usr/lib/univention-install/.index.txt > fi > > > if [ -e "/etc/univention/ssl" ]; then >- mv /etc/univention/ssl "/etc/univention/ssl_`date +"%y%m%d%H%M"`" >+ mv /etc/univention/ssl "/etc/univention/ssl_$(date +"%y%m%d%H%M")" > mkdir /etc/univention/ssl > fi > > # Stop Notifier >-notifier_pid=`pidof univention-directory-notifier` >+notifier_pid="$(pidof univention-directory-notifier)" > if [ -n "$notifier_pid" -a -e /etc/runit/univention/univention-directory-notifier ]; then > echo -n "Stopping univention-directory-notifier daemon: " > /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1 >- while ! sv status univention-directory-notifier | grep "^down" >/dev/null ; do sleep 1; /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1; echo -n "." ;done; echo "" done >+ while ! sv status univention-directory-notifier | grep -q "^down" >+ do >+ sleep 1 >+ /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1 >+ echo -n "." >+ done >+ echo " done" > fi > > # Stop Listener >-listener_pid=`pidof univention-directory-listener` >+listener_pid="$(pidof univention-directory-listener)" > if [ -e /etc/runit/univention/univention-directory-listener ]; then > echo -n "Stopping univention-directory-listener daemon: " > /etc/init.d/univention-directory-listener stop >/dev/null 2>&1 >- while ! sv status univention-directory-listener | grep "^down" >/dev/null ; do sleep 1; /etc/init.d/univention-directory-listener stop >/dev/null 2>&1; echo -n "." ;done; echo "" done >+ while ! sv status univention-directory-listener | grep -q "^down" >+ do >+ sleep 1 >+ /etc/init.d/univention-directory-listener stop >/dev/null 2>&1 >+ echo -n "." >+ done >+ echo " done" > fi > rm -Rf /var/lib/univention-directory-listener/* > >-set_kerberos_realm () >-{ >- DCPWD="$1" >- DCACCOUNT="$2" >- DCNAME="$3" >- realm="$4" >+set_kerberos_realm () { >+ local DCPWD="${1:?missing DC password file}" >+ local DCACCOUNT="${2:?missing DC master account}" >+ local DCNAME="${3:?missing DC master FQDN}" >+ local realm="$4" > if [ -z "$realm" ]; then >- realm=$(univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/sbin/univention-config-registry get kerberos/realm | sed -e 's, ,,g' | grep [A-Za-z0-9] ) >>/var/log/univention/join.log 2>&1 >+ realm=$(univention-ssh "$DCPWD" "$DCACCOUNT@$DCNAME" /usr/sbin/univention-config-registry get kerberos/realm) >>/var/log/univention/join.log 2>&1 > if [ $? != 0 -o -z "$realm" ]; then > echo "Unable to retrieve the kerberos realm. Try to use option -realm <kerberos/realm>" > exit 1 >@@ -414,34 +428,35 @@ > if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi > > echo -n "Sync ldap.secret: " >- univention-scp $DCPWD $DCACCOUNT@$DCNAME:/etc/ldap.secret /etc/ldap.secret >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap.secret" /etc/ldap.secret >>/var/log/univention/join.log 2>&1 > if [ ! -e "/etc/ldap.secret" ]; then > failed_message "/etc/ldap.secret not found" > fi > echo -e "\033[60Gdone" > > echo -n "Sync ldap-backup.secret: " >- univention-scp $DCPWD $DCACCOUNT@$DCNAME:/etc/ldap-backup.secret /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret" /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1 > if [ ! -e "/etc/ldap-backup.secret" ]; then > failed_message "/etc/ldap-backup.secret not found" > fi > echo -e "\033[60Gdone" > >- univention-config-registry set ldap/server/name=$hostname.$domainname >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/server/ip=$interfaces_eth0_address >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/server/type=slave >>/var/log/univention/join.log 2>&1 >+ univention-config-registry set \ >+ ldap/server/name="$hostname.$domainname" \ >+ ldap/server/ip="$interfaces_eth0_address" \ >+ ldap/master="$DCNAME" \ >+ ldap/server/type=slave \ >+ >>/var/log/univention/join.log 2>&1 > >- > echo -n "Sync SSL directory: " >- univention-ssh-rsync $DCPWD -az -e ssh $DCACCOUNT@$DCNAME:/etc/univention/ssl/* /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 >+ univention-ssh-rsync "$DCPWD" -az "$DCACCOUNT@$DCNAME:/etc/univention/ssl/*" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 > echo -e "\033[60Gdone" > > check_ldap_tls_connection > > download_host_certificate > >- if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then >+ if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then > echo "failed to get host certificate" > failed_message "failed to get host certificate" > fi >@@ -465,20 +480,22 @@ > > #TODO: implement a real sync > echo -n "Sync Kerberos settings: " >- univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/* /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q -r "$DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 > echo -e "\033[60Gdone" > > > # invalidate the nscd hosts cache > nscd -i hosts > >- univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1 >+ univention-config-registry set \ >+ ldap/server/name?"$DCNAME" \ >+ ldap/master?"$DCNAME" \ >+ kerberos/adminserver?"$DCNAME" \ >+ >>/var/log/univention/join.log 2>&1 > > set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" > >- eval `univention-config-registry shell` >+ eval "$(univention-config-registry shell)" > > mkdir -p /var/lib/univention-ldap/notify/ > >@@ -488,29 +505,31 @@ > echo -n "0" >/var/lib/univention-ldap/schema/id/id > chown listener /var/lib/univention-ldap/schema/id/id > >- if test -e "/usr/lib/univention-install/"; then >+ if test -d "/usr/lib/univention-install/" >+ then > for i in /usr/lib/univention-install/*.inst; do >- echo -n "Configure `basename $i` " >- echo "Configure `basename $i` " >>/var/log/univention/join.log >- $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 >- if [ $? != 0 ]; then >+ echo -n "Configure ${i##*/} " >+ echo "Configure ${i##*/} " >>/var/log/univention/join.log >+ if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 >+ then > echo -e "\033[60Gfailed" >- failed_message "FAILED: `basename $i`" >+ failed_message "FAILED: ${i##*/}" > else > echo -e "\033[60Gdone" > fi > >- if [ "`basename $i`" = "03univention-directory-listener.inst" ]; then >+ if [ "${i##*/}" = "03univention-directory-listener.inst" ] >+ then > if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then > failed_message "FAILED: failed.ldif exists." > fi >- univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction /tmp/ >/dev/null 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction" /tmp/ >/dev/null 2>&1 > if [ ! -e /tmp/transaction ]; then >- failed_message " FAILED: failed do copy /var/lib/univention-ldap/notify/transaction from the dc master. Please try again." >+ failed_message " FAILED: failed to copy /var/lib/univention-ldap/notify/transaction from the dc master. Please try again." > fi > >- id=`cat /var/lib/univention-directory-listener/notifier_id` >- cat /tmp/transaction | awk -F ' ' '{ if ( $1 <= '$id') print }' >/var/lib/univention-ldap/notify/transaction >+ read id < /var/lib/univention-directory-listener/notifier_id >+ awk -F ' ' '{ if ( $1 <= '$id') print }' </tmp/transaction >/var/lib/univention-ldap/notify/transaction > rm /tmp/transaction > echo "">/var/lib/univention-ldap/replog/replog > fi >@@ -524,26 +543,28 @@ > > if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi > >- univention-scp $DCPWD "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret /etc/ldap-backup.secret" >/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret" /etc/ldap-backup.secret >/var/log/univention/join.log 2>&1 > > echo -e "\033[60Gdone" > >- univention-config-registry set ldap/server/name=$hostname.$domainname >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/server/ip=$interfaces_eth0_address >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/server/type=slave >>/var/log/univention/join.log 2>&1 >+ univention-config-registry set \ >+ ldap/server/name="$hostname.$domainname" \ >+ ldap/server/ip="$interfaces_eth0_address" \ >+ ldap/master="$DCNAME" \ >+ ldap/server/type=slave \ >+ >>/var/log/univention/join.log 2>&1 > > mkdir -p /etc/univention/ssl/ucsCA >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 > if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 > fi > > check_ldap_tls_connection > > download_host_certificate > >- if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then >+ if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then > failed_message "failed to get host certificate" > fi > >@@ -552,7 +573,7 @@ > echo -e "\033[60Gdone" > > echo -n "Sync Kerberos settings: " >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/* /var/lib/heimdal-kdc/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q -r "$DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 > echo -e "\033[60Gdone" > > mkdir -p /var/lib/univention-ldap/notify/ >@@ -560,9 +581,11 @@ > # invalidate the nscd hosts cache > nscd -i hosts > >- univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1 >+ univention-config-registry set \ >+ ldap/server/name?"$DCNAME" \ >+ ldap/master?"$DCNAME" \ >+ kerberos/adminserver?"$DCNAME" \ >+ >>/var/log/univention/join.log 2>&1 > set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" > > echo -n "0" >/var/lib/univention-ldap/schema/id/id >@@ -573,23 +596,24 @@ > > if test -e "/usr/lib/univention-install/"; then > for i in /usr/lib/univention-install/*.inst; do >- echo -n "Configure `basename $i` " >- echo "Configure `basename $i` " >>/var/log/univention/join.log >- $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 >- if [ $? != 0 ]; then >+ echo -n "Configure ${i##*/} " >+ echo "Configure ${i##*/} " >>/var/log/univention/join.log >+ if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 >+ then > echo -e "\033[60Gfailed" >- failed_message "FAILED: `basename $i`" >+ failed_message "FAILED: ${i##*/}" > else > echo -e "\033[60Gdone" > fi >- if [ "`basename $i`" = "03univention-directory-listener.inst" ]; then >+ if [ "${i##*/}" = "03univention-directory-listener.inst" ] >+ then > if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then > failed_message "FAILED: failed.ldif exists." > fi > if [ -n "$listener_supply_notifier" -a "$listener_supply_notifier" = "yes" ]; then >- univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction /tmp/ >/dev/null 2>&1 >- id=`cat /var/lib/univention-directory-listener/notifier_id` >- cat /tmp/transaction | awk -F ' ' '{ if ( $1 <= '$id') print }' >/var/lib/univention-ldap/notify/transaction >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction" /tmp/ >/dev/null 2>&1 >+ read id < /var/lib/univention-directory-listener/notifier_id >+ awk -F ' ' '{ if ( $1 <= '$id') print }' </tmp/transaction >/var/lib/univention-ldap/notify/transaction > rm /tmp/transaction > echo "">/var/lib/univention-ldap/replog/replog > fi >@@ -600,24 +624,26 @@ > > elif [ "$server_role" = "memberserver" ]; then > mkdir -p /etc/univention/ssl/ucsCA >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 > if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 > fi > > check_ldap_tls_connection > > download_host_certificate > >- univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1 >- cat /etc/ldap/ldap.conf | sed -e "s|#.*||g" | grep -q TLS_CACERT || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf >+ univention-config-registry set ldap/master="$DCNAME" >>/var/log/univention/join.log 2>&1 >+ grep -q ^TLS_CACERT /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf > > # invalidate the nscd hosts cache > nscd -i hosts > >- univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1 >+ univention-config-registry set \ >+ ldap/server/name?"$DCNAME" \ >+ ldap/master?"$DCNAME" \ >+ kerberos/adminserver?"$DCNAME" \ >+ >>/var/log/univention/join.log 2>&1 > set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" > > touch /var/univention-join/joined >@@ -625,13 +651,13 @@ > > if test -e "/usr/lib/univention-install/"; then > for i in /usr/lib/univention-install/*.inst; do >- echo -n "Configure `basename $i` " >- echo "Configure `basename $i` " >>/var/log/univention/join.log >- $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 >- if [ $? != 0 ]; then >+ echo -n "Configure ${i##*/} " >+ echo "Configure ${i##*/} " >>/var/log/univention/join.log >+ if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 >+ then > echo -e "\033[60Gfailed" >- echo "FAILED: `basename $i`" >- failed_message "FAILED: `basename $i`" >+ echo "FAILED: ${i##*/}" >+ failed_message "FAILED: ${i##*/}" > else > echo -e "\033[60Gdone" > fi >@@ -644,9 +670,9 @@ > > mkdir -p /etc/univention/ssl/ucsCA > >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 > if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then >- univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1 >+ univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 > fi > > check_ldap_tls_connection >@@ -656,27 +682,29 @@ > # invalidate the nscd hosts cache > nscd -i hosts > >- univention-config-registry set ldap/server/name="$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set ldap/master="$DCNAME" >>/var/log/univention/join.log 2>&1 >- univention-config-registry set kerberos/adminserver="$DCNAME" >>/var/log/univention/join.log 2>&1 >+ univention-config-registry set \ >+ ldap/server/name="$DCNAME" \ >+ ldap/master="$DCNAME" \ >+ kerberos/adminserver="$DCNAME" \ >+ >>/var/log/univention/join.log 2>&1 > set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" >- cat /etc/ldap/ldap.conf | sed -e "s|#.*||g" | grep -q TLS_CACERT || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf >+ grep -q ^TLS_CACERT /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf > > touch /var/univention-join/joined > ln -sf /var/univention-join/joined /usr/share/univention-join/.joined > > univention-config-registry set nsswitch/ldap=yes >>/var/log/univention/join.log 2>&1 >- eval `univention-config-registry shell` >+ eval "$(univention-config-registry shell)" > > if test -e "/usr/lib/univention-install/"; then > for i in /usr/lib/univention-install/*.inst; do >- echo -n "Configure `basename $i` " >- echo "Configure `basename $i` " >>/var/log/univention/join.log >- $i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1 >- if [ $? != 0 ]; then >+ echo -n "Configure ${i##*/} " >+ echo "Configure ${i##*/} " >>/var/log/univention/join.log >+ if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 >+ then > echo -e "\033[60Gfailed" >- echo "FAILED: `basename $i`" >- failed_message "FAILED: `basename $i`" >+ echo "FAILED: ${i##*/}" >+ failed_message "FAILED: ${i##*/}" > else > echo -e "\033[60Gdone" > fi >@@ -694,10 +722,6 @@ > /etc/init.d/univention-directory-listener restart >>/var/log/univention/join.log 2>&1 > fi > >-if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then >- rm -f $DCPWD >-fi >- > if [ "$interfaces_eth0_type" != "dhcp" ]; then > univention-config-registry commit /etc/resolv.conf >>/var/log/univention/join.log 2>&1 > fi
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2697">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 19430
:
2585
| 2697 |
4797