%PDF- %PDF-
Direktori : /proc/self/root/etc/ansible/library/ |
Current File : //proc/self/root/etc/ansible/library/bx_ntlm |
#!/bin/bash # test ntlm settings on server export LANG=en_EN.UTF-8 export PATH=$PATH:/sbin:/usr/sbin [[ -z $DEBUG ]] && DEBUG=1 TMP=/opt/webdir/logs LOG=$TMP/bx_ntlm.log [[ $DEBUG -gt 0 ]] 2>/dev/null && echo -n "" > $LOG debug() { msg=$1 [[ $DEBUG -gt 1 ]] && printf "%s: %d: %s\n" "$(date +%F-%H-%M-%S)" "$$" "$msg" >> $LOG } # print ansible message print() { msg=${1} type=${2:-facts} debug "$msg" code=0 if [[ "$type" == "error" ]]; then msg_out=$(echo "$msg" | head -1) echo "{\"changed\":false,\"failed\":true,\"msg\":\"$msg_out\"}" code=1 elif [[ "$type" == "facts" ]]; then ansible_facts='{' ansible_facts=$ansible_facts'"ldap_server":"'$LDAP_SERVER'",' ansible_facts=$ansible_facts'"ldap_server_name":"'$LDAP_SERVER_NAME'",' ansible_facts=$ansible_facts'"realm":"'$REALM'",' ansible_facts=$ansible_facts'"kdc":"'$KDC_SERVER'",' ansible_facts=$ansible_facts'"offset":"'$OFFSET_TIME'",' ansible_facts=$ansible_facts'"domain_status":"'$DOMAIN_STATUS'",' ansible_facts=$ansible_facts'"nss_status":"'$NSS_STATUS'"' ansible_facts=$ansible_facts'}' echo "{\"changed\":false,\"failed\":false,\"ansible_facts\":$ansible_facts,\"msg\":\"$msg\"}" elif [[ "$type" == "changed" ]]; then echo "{\"changed\":true,\"failed\":false,\"msg\":\"$msg\"}" elif [[ "$type" == "not_changed" ]]; then echo "{\"changed\":false,\"failed\":false,\"msg\":\"$msg\"}" fi [[ ( $DEBUG -eq 0 ) && ( -f $safe_file ) ]] 2>/dev/null && rm -f $safe_file exit $code } # get net ads info status get_net_ads_info(){ # test net ads net_info=$($NET_CMD ads info 2>&1) [[ $? -gt 0 ]] && print "command='net ads info' return error" LDAP_SERVER=$(echo "$net_info" | \ awk -F':' '/^LDAP server:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;') [[ -z "$LDAP_SERVER" ]] && print "command='net ads info' does not return LDAP server IP" LDAP_SERVER_NAME=$(echo "$net_info" | \ awk -F':' '/^LDAP server name:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;') REALM=$(echo "$net_info" | \ awk -F':' '/^Realm:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;') KDC_SERVER=$(echo "$net_info" | \ awk -F':' '/^KDC server:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;') OFFSET_TIME=$(echo "$net_info" | \ awk -F':' '/^Server time offset:/{print $2}' | sed -e 's/^\s\+//;s/\s\+$//;') DOMAIN_STATUS="configured" } # get nss status; Does it use winbind database by getent cmd get_nss_groups(){ idmap_numbers=$(getent group | \ awk -v i=$idmap_id -F':' \ 'BEGIN{ad_ids=0}{if ($3>10000) ad_ids++ }END{printf "%d", ad_ids}') [[ $idmap_numbers -gt 0 ]] && NSS_STATUS="configured" } # parse safe file, convert data to the safe value parse_data(){ if [[ -n "$safe_file" ]]; then [[ -f $safe_file ]] || print "Not found file=$safe_file" error ntlm_user=$(grep '# NTLM_USER' $safe_file -A 1 | tail -n1) ntlm_pass=$(grep '# NTLM_PASSWORD' $safe_file -A 1 | tail -n1) ntlm_dps=$(grep '# NTLM_DPS' $safe_file -A 1 | tail -n1) ntlm_dnf=$(grep '# NTLM_DNF' $safe_file -A 1 | tail -n1) #ntlm_user=$(printf "%q" "$ntlm_user_file") #ntlm_pass=$(printf "%q" "$ntlm_pass_file") [[ $DEBUG -gt 0 ]] && echo $ntlm_pass fi } NET_CMD=$(which net 2>/dev/null) [[ -z $NET_CMD ]] && print "Not found net command. You need to install samba-common package." error # get ansible option source ${1} # debug ansible module ans_file=${1} [[ -z "$idmap_id" ]] && idmap_id=10000 # initial id for mapping AD accounts [[ -z "$state" ]] && state=status [[ $DEBUG -gt 0 ]] && cp -f $ans_file /tmp/$state LDAP_SERVER= LDAP_SERVER_NAME= REALM= KDC_SERVER= OFFSET_TIME= DOMAIN_STATUS='not_configured' # describe if host in the domain NSS_STATUS='not_configured' # describe nss database status, use winbind or not if [[ "$state" == "status" ]]; then get_net_ads_info [[ $idmap_id -gt 0 ]] 2>/dev/null && get_nss_groups print "Found options" elif [[ "$state" == "join" ]]; then parse_data [[ -z $ntlm_pass ]] && print "You must set ntlm_pass=" error [[ -z $ntlm_user ]] && ntlm_user="Administrator" debug "Add host to AD" net ads join -U $ntlm_user%$ntlm_pass 1>>$LOG 2>&1 net_join_code=$? debug "net ads join return=$net_join_code" if [[ $net_join_code -gt 0 ]]; then # try use ntlm_dps and ntlm_fqdn net ads join -S $ntlm_dps -D $NTLM_DNF -U $ntlm_user%$ntlm_pass 1>>$LOG 2>&1 net_join_code=$? debug "net ads join return=$net_join_code" fi [[ $net_join_code -gt 0 ]] && \ print "Error: net ads join returned error=$net_join_code" error print "Success join to domain" changed fi