Attachment #9531 for bug #46842

View | Details | Raw Unified | Return to bug 46842
Collapse All | Expand All

(-)a/management/univention-directory-manager-modules/univention-dnsedit (-1 / +1 lines)

Lines 102-108 def parse():	Link Here

102

	if options.bindpwdfile:

102

	if options.bindpwdfile:

103

		options.bindpwd = open(options.bindpwdfile).read().strip()

103

		options.bindpwd = open(options.bindpwdfile).read().strip()

104

	if options.binddn and not options.bindpwd:

104

	if options.binddn and not options.bindpwd:

105

		msg = 'authentication error: missing --bindpwd'

105

		msg = 'authentication error: missing any of --bindpwdfile or --bindpwd'

106

	elif not options.binddn and options.bindpwd:

106

	elif not options.binddn and options.bindpwd:

107

		msg = 'authentication error: missing --binddn'

107

		msg = 'authentication error: missing --binddn'

108

	if msg:

108

	if msg:




	done
}

# 1 binddn, 2 bindpwdfile, create join credential files /var/run/univention-join/binddn and /var/run/univention-join/bindpwd
joinscript_create_credentialfiles () {
	mkdir -p /var/run/univention-join
	chmod 700 /var/run/univention-join
	touch /var/run/univention-join/binddn
	chmod 600 /var/run/univention-join/binddn
	echo "$1" > /var/run/univention-join/binddn
	touch /var/run/univention-join/bindpwd
	chmod 600 /var/run/univention-join/bindpwd
	cp "$2" /var/run/univention-join/bindpwd
}

# remove join credential files
joinscript_remove_credentialfiles () {
	rm -f /var/run/univention-join/bindpwd \
		/var/run/univention-join/binddn
}

# join script can be called with --bindpwdfile

	return 1
}

# join script does not require domain credentials to be passed
joinscript_check_api_nocredentials () {
	if grep -q '^## joinscript api: nocredentials$' "$1"; then
		return 0

	return 1
}

# join script gets credentials from /var/univention-join/binddn and /var/univention-join/bindpwd by itself
joinscript_check_api_credentialfiles () {
	if grep -q '^## joinscript api: credentialfiles$' "$1"; then
		return 0
	fi
	return 1
}

# vim:set ft=sh:

(-)a/management/univention-join/univention-join (-1 / +2 lines)

Lines 191-196 run_join_scripts () {	Link Here

191

192

	LC_COLLATE="C"

192

	LC_COLLATE="C"

193

	joinscript_check_status_file

193

	joinscript_check_status_file

194

	trap "rm -f '$DCPWD' /var/run/univention-join/binddn /var/run/univention-join/bindpwd" EXIT

194

	joinscript_create_credentialfiles "$binddn" "$DCPWD"

195

	joinscript_create_credentialfiles "$binddn" "$DCPWD"

195

196

	if test -d "/usr/lib/univention-install/"; then

197

	if test -d "/usr/lib/univention-install/"; then

Lines 207-213 run_join_scripts () {	Link Here

207

			local args=()

208

			local args=()

208

			if joinscript_check_api_bindpwdfile "$i"; then

209

			if joinscript_check_api_bindpwdfile "$i"; then

209

				args=(--binddn "$binddn" --bindpwdfile "$DCPWD")

210

				args=(--binddn "$binddn" --bindpwdfile "$DCPWD")

210

			elif joinscript_check_api_nocredentials "$i" || joinscript_check_api_credentialfiles "$i"; then

211

			elif joinscript_check_api_nocredentials "$i"; then

211

				args=()

212

				args=()

212

			else

213

			else

213

				args=(--binddn "$binddn" --bindpwd "$(<"$DCPWD")")

214

				args=(--binddn "$binddn" --bindpwd "$(<"$DCPWD")")

(-)a/management/univention-join/univention-run-join-scripts (-2 / +2 lines)

Lines 143-149 if [ ! "$server_role" = "domaincontroller_master" ] \|\| [ -n "$ASK_PASS" ] ; then	Link Here

143

		echo -n "Enter DC Master Password: "

143

		echo -n "Enter DC Master Password: "

144

		read -s password

144

		read -s password

145

		DCPWD=$(mktemp)

145

		DCPWD=$(mktemp)

146

		trap "rm -f '$DCPWD'" EXIT

146

		trap "rm -f '$DCPWD' /var/run/univention-join/binddn /var/run/univention-join/bindpwd" EXIT

147

		echo -n "$password" >>"$DCPWD"

147

		echo -n "$password" >>"$DCPWD"

148

		echo ""

148

		echo ""

149

		echo ""

149

		echo ""

Lines 246-252 then	Link Here

246

			args=()

246

			args=()

247

			if joinscript_check_api_bindpwdfile "$i"; then

247

			if joinscript_check_api_bindpwdfile "$i"; then

248

				args=(--binddn "$binddn" --bindpwdfile "$DCPWD")

248

				args=(--binddn "$binddn" --bindpwdfile "$DCPWD")

249

			elif joinscript_check_api_nocredentials "$i" || joinscript_check_api_credentialfiles "$i"; then

249

			elif joinscript_check_api_nocredentials "$i"; then

250

				args=()

250

				args=()

251

			else

251

			else

252

				args=(--binddn "$binddn" --bindpwd "$(<"$DCPWD")")

252

				args=(--binddn "$binddn" --bindpwd "$(<"$DCPWD")")

Return to bug 46842