Lines 178-187
echo -n "$new_password" >/etc/machine.secret
|
Link Here
|
---|
|
178 |
chmod 600 /etc/machine.secret |
178 |
chmod 600 /etc/machine.secret |
179 |
[ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 |
179 |
[ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 |
180 |
|
180 |
|
181 |
# change samba password locally |
181 |
revert_password_change() { |
182 |
run-parts --verbose --arg localchange --regex '^univention-samba4' -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 |
|
|
183 |
# if samba-tool user setpassword fails, reset the old password. |
184 |
if [ $? != 0 ]; then |
185 |
# Reset to the old password with UDM |
182 |
# Reset to the old password with UDM |
186 |
/usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3 |
183 |
/usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3 |
187 |
|
184 |
|
|
192 |
|
189 |
|
193 |
# run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') |
190 |
# run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') |
194 |
run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 |
191 |
run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 |
|
|
192 |
} |
193 |
|
194 |
# change samba password locally |
195 |
run-parts --verbose --arg localchange --regex '^univention-samba4' -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 |
196 |
# if samba-tool user setpassword fails, reset the old password. |
197 |
if [ $? != 0 ]; then |
195 |
FAIL "resetting old server password for $ldap_hostdn, because samba could not set the new password locally." |
198 |
FAIL "resetting old server password for $ldap_hostdn, because samba could not set the new password locally." |
|
|
199 |
revert_password_change |
196 |
fi |
200 |
fi |
197 |
|
201 |
|
198 |
# The password is changed on the master now, but it is not clear if |
202 |
# The password is changed on the master now, but it is not clear if |
|
213 |
# been set with UDM but LDAP does't work with it. Do not continue with |
217 |
# been set with UDM but LDAP does't work with it. Do not continue with |
214 |
# changes that would only worsen the situation. Instead, try to rollback. |
218 |
# changes that would only worsen the situation. Instead, try to rollback. |
215 |
# Reset the old password with UDM and give up. |
219 |
# Reset the old password with UDM and give up. |
216 |
|
|
|
217 |
/usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3 |
218 |
|
219 |
# Rollback /etc/machine.secret and restart listener |
220 |
awk '{pwd=$2}; END {printf("%s", pwd)}' /etc/machine.secret.old > /etc/machine.secret |
221 |
chmod 600 /etc/machine.secret |
222 |
[ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 |
223 |
|
224 |
# run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') |
225 |
run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 |
226 |
FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password" |
220 |
FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password" |
|
|
221 |
revert_password_change |
227 |
fi |
222 |
fi |
228 |
trial_counter=$(( trial_counter - 1)) |
223 |
trial_counter=$(( trial_counter - 1)) |
229 |
done |
224 |
done |