Attachment #9924 for bug #48992

View | Details | Raw Unified | Return to bug 48992
Collapse All | Expand All




fi

# sign the license
LICENSEKEY=`univentionLicenseCreateSignature -d cn="$CUSTOMER","$LDAPTMP" -k key.privat -p "$( cat passwort.txt )" 2>/dev/null | grep ^univentionLicenseSignatur;`

# add the key
(


if [ "$INTERNAL" == 1 ]; then
	mkdir -p "$INTERNALKEYS";
	echo "$LICENSEKEY" > "$INTERNALKEYS"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
elif [ "$EVALKEY" == 1 ]; then 
	mkdir -p "$EVALUATIONKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$EVALUATIONKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
else
	mkdir -p "$CUSTOMERKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$CUSTOMERKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
fi;

# store it to the chosen file;




fi

# sign the license
LICENSEKEY=`univentionLicenseCreateSignature -d cn="$CUSTOMER","$LDAPTMP" -k key.privat -p "$( cat passwort.txt )" 2>/dev/null | grep ^univentionLicenseSignatur;`

# add the key
(


if [ "$INTERNAL" == 1 ]; then
	mkdir -p "$INTERNALKEYS";
	echo "$LICENSEKEY" > "$INTERNALKEYS"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
elif [ "$EVALKEY" == 1 ]; then 
	mkdir -p "$EVALUATIONKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$EVALUATIONKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
else
	mkdir -p "$CUSTOMERKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$CUSTOMERKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
fi;

# store it to the chosen file;

(-)a/base/univention-quota/debian/univention-quota.postinst (-1 / +1 lines)

Lines 38-44 eval "$(univention-config-registry shell)"	Link Here

univention-config-registry set samba/quota/command?'/usr/sbin/univention-setquota'

univention-config-registry set samba/quota/command?'/usr/sbin/univention-setquota'

if [ ! `echo $kernel_modules | grep quota_v2` ]; then

if [ ! "$(echo "$kernel_modules" | grep quota_v2)" ]; then

	univention-config-registry set kernel/modules="$kernel_modules;quota_v2"

	univention-config-registry set kernel/modules="$kernel_modules;quota_v2"

fi

fi




JS_SCRIPT_FULLNAME="$(readlink -f "$JS_RUNNING_FILENAME")"
APP="$(echo "$JS_SCRIPT_FULLNAME" | sed 's/.*\/[0-9]\+\(\(.*\)-uninstall\.uinst\|\(.*\)\.u\?inst\)/\2\3/')"
SERVICE="$(univention-app get "$APP" Application:Name --values-only)"
ucr_container_key="$(univention-app get "$APP" ucr_container_key --values-only)"
APP_VERSION="$(univention-app get "$APP" version --values-only)"
CONTAINER=$(ucr get "$ucr_container_key")

joinscript_add_simple_app_system_user () {

	pwdfile="/etc/$APP.secret"
	joinscript_run_in_container touch "$pwdfile"
	joinscript_run_in_container chmod 600 "$pwdfile"
	echo "$password" > "$(joinscript_container_file "$pwdfile")"

	eval "$(ucr shell ldap/base)"



joinscript_container_file_touch () {
	local filename
	filename="$(joinscript_container_file "$1")"
	mkdir -p "$(dirname "$filename")"
	touch "$filename"
	echo "$filename"
}

joinscript_container_file () {
	joinscript_container_is_running 1>/dev/null || die
	docker_dir="$(docker inspect --format='{{.GraphDriver.Data.MergedDir}}' "$CONTAINER")"
	echo "${docker_dir}/${1}"
}





LOG_FILE=/var/log/univention/check_join_status.log

log_error () { # Log error message and exit
	local message="Error: $*"
	echo "$message"
	echo "$message" >>"$LOG_FILE"
	exit 1
}
log_warn () { # Log warning message
	local message="Warning: $*"
	echo "$message"
	echo "$message" >>"$LOG_FILE"
}

echo "Start $0 at $(date)" >>"$LOG_FILE"

(-)a/management/univention-portal/33univention-portal.inst (-1 / +1 lines)

Lines 179-185 fi	Link Here

179

if [ $JS_LAST_EXECUTED_VERSION = 0 ]; then

179

if [ $JS_LAST_EXECUTED_VERSION = 0 ]; then

180

	ucr search --brief "ucs/web/overview/entries/(admin|service)/.*/link" | awk '{print $1}' | while read k; do

180

	ucr search --brief "ucs/web/overview/entries/(admin|service)/.*/link" | awk '{print $1}' | while read k; do

181

		key="${k%:}"

181

		key="${k%:}"

182

		value="$(ucr get $key)"

182

		value="$(ucr get "$key")"

183

		if [ -n "$value" ]; then

183

		if [ -n "$value" ]; then

184

			ucr set "$key"="$value"

184

			ucr set "$key"="$value"

185

fi

185

fi

(-)a/services/univention-printquota/debian/univention-printquotadb.postinst (-1 / +1 lines)

Lines 65-71 if [ ! "$pykotadb" ] ;then	Link Here

	su - postgres -c "PGOPTIONS='-c client_min_messages=ERROR ' psql -d template1 -f /usr/share/univention-printquotadb/pykota-postgresql.sql" > /dev/null

	su - postgres -c "PGOPTIONS='-c client_min_messages=ERROR ' psql -d template1 -f /usr/share/univention-printquotadb/pykota-postgresql.sql" > /dev/null

fi

fi

secret=`cat $cups_quota_secret`

secret=`cat "$cups_quota_secret"`

su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '$secret';\" |psql -d pykota"

su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '$secret';\" |psql -d pykota"

#su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '';\" |psql -d pykota"

#su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '';\" |psql -d pykota"

(-)a/services/univention-s4-connector/debian/univention-s4-connector.postinst (-1 / +1 lines)

Lines 154-160 if [ -x /etc/init.d/univention-s4-connector ] && [ -f /usr/share/univention-join	Link Here

154

	# Bug 43397

154

	# Bug 43397

155

	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then

155

	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then

156

      # cleanup wrong formatted `connector/s4/mapping/dns/ignorelist`

156

      # cleanup wrong formatted `connector/s4/mapping/dns/ignorelist`

157

      ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" | sed -e 's/^DC=//i' -e 's/,DC=/,/gi')

157

      ucr set connector/s4/mapping/dns/ignorelist="$(echo "$connector_s4_mapping_dns_ignorelist" | sed -e 's/^DC=//i' -e 's/,DC=/,/gi')"

158

fi

158

fi

159

160

	# Bug 44333

160

	# Bug 44333





if [ -n "$dcaccount" -a -n "$bindpwdfile" ]; then
	samba_account="$dcaccount"
	samba_pwd="$(< "$bindpwdfile")"
else
	if is_ucr_true ad/member; then
		echo "INFO: Cannot run joinscript in memberserver mode without join credentials. Please run:"

# configure profile/home settings
if [ "$samba_role" = "domaincontroller" ]; then
	if [ -n "$samba_netbios_name" ]; then
		tmphostname="$samba_netbios_name"
	elif [ -n "$samba_ha_master" ]; then
		tmphostname="$samba_ha_master"
	else
		tmphostname="$hostname"
	fi
	univention-config-registry set \
		samba/profileserver?"$tmphostname" \
		samba/profilepath?'%U\windows-profiles\%a' \
		samba/homedirserver?"$tmphostname" \
		samba/homedirpath?%U \
		samba/homedirletter?I
fi

(-)a/services/univention-samba4/96univention-samba4.inst (-1 / +1 lines)

Lines 500-506 remove_dc_ntds_guid_records_from_dns() {	Link Here

500

501

	univention-directory-manager dns/alias list "$@" \

501

	univention-directory-manager dns/alias list "$@" \

502

		--superordinate "$zoneDN" \

502

		--superordinate "$zoneDN" \

503

		--filter "(&(cname="$hostname.$domainname.")(name=*._msdcs))" \

503

		--filter "(&(cname=$hostname.$domainname.)(name=*._msdcs))" \

504

		| sed -n 's/^DN: //p' | while read recordDN; do

504

		| sed -n 's/^DN: //p' | while read recordDN; do

505

506

		univention-directory-manager dns/alias delete "$@" \

506

		univention-directory-manager dns/alias delete "$@" \

(-)a/services/univention-samba4/98univention-samba4-saml-kerberos.inst (-1 / +1 lines)

Lines 72-78 if [ "$server_role" == "domaincontroller_master" ]; then	Link Here

	done

	done

	if [ -n "$spn_account_dn" ] && [ -n "$previous_spn_secrets_password" ]; then

	if [ -n "$spn_account_dn" ] && [ -n "$previous_spn_secrets_password" ]; then

		test_output=$(ldbsearch -k no -H ldap://$(hostname -f) -U"$spn_account_name" \

		test_output=$(ldbsearch -k no -H ldap://"$(hostname -f)" -U"$spn_account_name" \

			--password="$previous_spn_secrets_password" -b "$spn_account_dn" -s base dn 2>/dev/null \

			--password="$previous_spn_secrets_password" -b "$spn_account_dn" -s base dn 2>/dev/null \

			| sed -n 's/^dn: //p')

			| sed -n 's/^dn: //p')

		if [ -n "$test_output" ]; then

		if [ -n "$test_output" ]; then

(-)a/services/univention-samba4/debian/univention-samba4.postinst (-1 / +1 lines)

Lines 312-318 if [ "$1" = "configure" ]; then	Link Here

312

		##  https://forge.univention.org/bugzilla/show_bug.cgi?id=26641

312

		##  https://forge.univention.org/bugzilla/show_bug.cgi?id=26641

313

314

		# get the secret from ldb

314

		# get the secret from ldb

315

		secret="$(ldbsearch -H /var/lib/samba/private/secrets.ldb  flatname=$windows_domain secret | sed -ne 's|secret: ||p')"

315

		secret="$(ldbsearch -H /var/lib/samba/private/secrets.ldb  flatname="$windows_domain" secret | sed -ne 's|secret: ||p')"

316

		# get the host dn

316

		# get the host dn

317

		dn="$(ldbsearch -H /var/lib/samba/private/sam.ldb "(&(cn=$hostname)(objectClass=computer))" dn | ldapsearch-wrapper | sed -ne 's|^dn: ||p')"

317

		dn="$(ldbsearch -H /var/lib/samba/private/sam.ldb "(&(cn=$hostname)(objectClass=computer))" dn | ldapsearch-wrapper | sed -ne 's|^dn: ||p')"

318

		if [ -n "$dn" -a -n "$secret" ]; then

318

		if [ -n "$dn" -a -n "$secret" ]; then

(-)a/services/univention-samba4/sysvol-sync-scripts/sysvol-sync.sh (-3 / +3 lines)

Lines 34-40	Link Here

log() {

log() {

	local msg="${2//$'\r'/}"

	local msg="${2//$'\r'/}"

	builtin echo $(date +"%F %T") "$1" "${msg//$'\n'/}" 1>&2

	builtin echo "$(date +"%F %T")" "$1" "${msg//$'\n'/}" 1>&2

stderr_log_error() {

stderr_log_error() {

Lines 282-289 fix_gpt_ini () {	Link Here

282

			# multiple gpt.ini's found, delete first element of list (newest gpt.ini) and remove the rest

282

			# multiple gpt.ini's found, delete first element of list (newest gpt.ini) and remove the rest

283

			gpts=("${gpts[@]:1}")

283

			gpts=("${gpts[@]:1}")

284

			for gpt in "${gpts[@]}"; do

284

			for gpt in "${gpts[@]}"; do

285

				local file=${gpt#* }

285

				local file="${gpt#* }"

286

				test -f $file && rm $file

286

				test -f "$file" && rm "$file"

287

			done

287

			done

288

fi

288

fi

289

	done < <(find "$poldir" -maxdepth 1 -type d -name '{*}')

289

	done < <(find "$poldir" -maxdepth 1 -type d -name '{*}')




udm shares/share create --position "cn=shares,$ldap_base" --set name="testshare" \
	--set host="$(hostname -f)" --set path="/home/testshare"
udm shares/printer create --position "cn=printers,$ldap_base" --set name="printer1" \
	--set spoolHost="$(hostname -f)" --set uri="cups-pdf:/" --set model="cups-pdf/CUPS-PDF.ppd"
sleep 15

# Login als Domänen-Administrator am Windows-Client

# * Dateirechte aus Homeshare prüfen:
#  ** Windows: Rechte Maustaste, Eigenschaften..
#  ** Server: getfacl
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator
stat /home/Administrator/test-admin.txt
getfacl /home/Administrator/test-admin.txt | grep "Domain.*Admin"
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share newuser01
stat /home/newuser01/test-newuser01.txt
getfacl /home/newuser01/test-newuser01.txt | grep "Domain.*Users"
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share testshare
stat /home/testshare/test-admin.txt

# this should fail
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share testshare --debug 2>&1 | grep 'denied.'
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share Administrator --debug 2>&1 | grep 'denied.'

# check windows acl's
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users"
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-admin.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins"
su newuser01 -c "touch /home/newuser01/newfile.txt"
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \
	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users"

# create files on samba and check share
su Administrator -c "touch /home/Administrator/newfile.txt"
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins"

# * GPO's

    	--set password=$password --set lastname=$user --set username=$user
	udm users/user modify \
		--dn "$(univention-ldapsearch -LLL uid=$user dn |  sed -n 's/^dn: //p')" \
		--set password="$password" --set overridePWHistory=1
done
sleep 10
for client in $clients; do
	for user in $users; do
		smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit
	done
done
# password change via windows

# check password
for user in $users; do
	for client in $clients; do
		smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit
	done
	echo "$password" > /tmp/.usertest
	kinit --password-file=/tmp/.usertest "$user"
done
# check sid uid wbinfo
for user in $USERS; do
	uidNumber="$(univention-ldapsearch -LLL uid=$user uidNumber |  sed -n 's/^uidNumber: //p')"
	sid="$(univention-ldapsearch -LLL uid=$user sambaSID |  sed -n 's/^sambaSID: //p')"
	test "$uidNumber" = "$(wbinfo -S "$sid")"
	test "$sid" = "$(wbinfo -U "$uidNumber")"
	wbinfo -i "$windows_domain+$user"
done



Return to bug 48992