%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /proc/self/root/etc/ansible/library/
Upload File :
Create Path :
Current File : //proc/self/root/etc/ansible/library/bx_ntlm

#!/bin/bash
# test ntlm settings on server 
export LANG=en_EN.UTF-8
export PATH=$PATH:/sbin:/usr/sbin

[[ -z $DEBUG ]] && DEBUG=1
TMP=/opt/webdir/logs
LOG=$TMP/bx_ntlm.log
[[ $DEBUG -gt 0 ]] 2>/dev/null && echo -n "" > $LOG

debug() {
  msg=$1

  [[ $DEBUG -gt 1 ]] && printf "%s: %d: %s\n" "$(date +%F-%H-%M-%S)" "$$" "$msg" >> $LOG
}

# print ansible message 
print() {
    msg=${1}
    type=${2:-facts}

    debug "$msg"

    code=0
    if [[ "$type" == "error" ]]; then
        msg_out=$(echo "$msg" | head -1)
        echo "{\"changed\":false,\"failed\":true,\"msg\":\"$msg_out\"}"
        code=1
    elif [[ "$type" == "facts" ]]; then
        ansible_facts='{'
        ansible_facts=$ansible_facts'"ldap_server":"'$LDAP_SERVER'",'
        ansible_facts=$ansible_facts'"ldap_server_name":"'$LDAP_SERVER_NAME'",'
        ansible_facts=$ansible_facts'"realm":"'$REALM'",'
        ansible_facts=$ansible_facts'"kdc":"'$KDC_SERVER'",'
        ansible_facts=$ansible_facts'"offset":"'$OFFSET_TIME'",'
        ansible_facts=$ansible_facts'"domain_status":"'$DOMAIN_STATUS'",'
        ansible_facts=$ansible_facts'"nss_status":"'$NSS_STATUS'"'
        ansible_facts=$ansible_facts'}'
        echo "{\"changed\":false,\"failed\":false,\"ansible_facts\":$ansible_facts,\"msg\":\"$msg\"}"
    elif [[ "$type" == "changed" ]]; then
        echo "{\"changed\":true,\"failed\":false,\"msg\":\"$msg\"}"
    elif [[ "$type" == "not_changed" ]]; then
        echo "{\"changed\":false,\"failed\":false,\"msg\":\"$msg\"}"
    fi
    [[ ( $DEBUG -eq 0 ) && ( -f $safe_file ) ]] 2>/dev/null && rm -f $safe_file
    exit $code
}

# get net ads info status
get_net_ads_info(){
    # test net ads
    net_info=$($NET_CMD ads info 2>&1)
    [[ $? -gt 0 ]] && print "command='net ads info' return error"

    LDAP_SERVER=$(echo "$net_info" | \
        awk -F':' '/^LDAP server:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;')
    [[ -z "$LDAP_SERVER" ]] && print "command='net ads info' does not return LDAP server IP"
    
    LDAP_SERVER_NAME=$(echo "$net_info" | \
    awk -F':' '/^LDAP server name:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;')
    REALM=$(echo "$net_info" | \
        awk -F':' '/^Realm:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;')
    KDC_SERVER=$(echo "$net_info" | \
        awk -F':' '/^KDC server:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;')
    OFFSET_TIME=$(echo "$net_info" | \
        awk -F':' '/^Server time offset:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;')
    DOMAIN_STATUS="configured"
}

# get nss status; Does it use winbind database by getent cmd
get_nss_groups(){
    idmap_numbers=$(getent group | \
        awk -v i=$idmap_id -F':' \
        'BEGIN{ad_ids=0}{if ($3>10000) ad_ids++ }END{printf "%d", ad_ids}')
    [[ $idmap_numbers -gt 0 ]] && NSS_STATUS="configured"
}

# parse safe file, convert data to the safe value
parse_data(){
    if [[ -n "$safe_file" ]]; then
        [[ -f $safe_file ]] || print "Not found file=$safe_file" error
        ntlm_user=$(grep '# NTLM_USER' $safe_file -A 1 | tail -n1) 
        ntlm_pass=$(grep '# NTLM_PASSWORD' $safe_file -A 1 | tail -n1) 

        ntlm_dps=$(grep '# NTLM_DPS' $safe_file -A 1 | tail -n1) 
        ntlm_dnf=$(grep '# NTLM_DNF' $safe_file -A 1 | tail -n1) 

        #ntlm_user=$(printf "%q" "$ntlm_user_file")
        #ntlm_pass=$(printf "%q" "$ntlm_pass_file")

        [[ $DEBUG -gt 0 ]] && echo $ntlm_pass
    fi
}

NET_CMD=$(which net 2>/dev/null)
[[ -z $NET_CMD ]] && print "Not found net command. You need to install samba-common package." error

# get ansible option
source ${1}

# debug ansible module
ans_file=${1}

[[ -z "$idmap_id" ]] && idmap_id=10000 # initial id for mapping AD accounts
[[ -z "$state" ]] && state=status
[[ $DEBUG -gt 0 ]] && cp -f $ans_file /tmp/$state

LDAP_SERVER=
LDAP_SERVER_NAME=
REALM=
KDC_SERVER=
OFFSET_TIME=
DOMAIN_STATUS='not_configured'          # describe if host in the domain
NSS_STATUS='not_configured'             # describe nss database status, use winbind or not

if [[ "$state" == "status" ]]; then
    get_net_ads_info
    [[ $idmap_id -gt 0 ]] 2>/dev/null && get_nss_groups
    print "Found options"

elif [[ "$state" == "join" ]]; then
    parse_data
    [[ -z $ntlm_pass ]] && print "You must set ntlm_pass=" error
    [[ -z $ntlm_user ]] && ntlm_user="Administrator"
    debug "Add host to AD"
    net ads join -U $ntlm_user%$ntlm_pass 1>>$LOG 2>&1
    net_join_code=$?

    debug "net ads join return=$net_join_code"
    
    if [[ $net_join_code -gt 0 ]]; then
        # try use ntlm_dps and ntlm_fqdn
        net ads join -S $ntlm_dps -D $NTLM_DNF -U $ntlm_user%$ntlm_pass 1>>$LOG 2>&1
        net_join_code=$?
        debug "net ads join return=$net_join_code"
    fi

    [[ $net_join_code -gt 0 ]] && \
        print "Error: net ads join returned error=$net_join_code" error
    print "Success join to domain" changed
fi

Zerion Mini Shell 1.0