| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 #!/bin/bash 2 # $Id: integreDomaine.sh 8512 2015-03-08 09:30:26Z dbo $ 3 # 4 # /usr/share/se3/scripts/integreDomaine.sh $action $name $ip $mac [$adminname $adminpasswd] 5 # ce script permet de sortir un poste du domaine si il y est deja, et de l'y remettre 6 # sous un autre nom. 7 # l'enregistrement ldap cn=machine est également mis à jour. 8 # 9 # On utilise le mecanisme des GPO locales : copie d'un script shutdown.cmd par admin$, 10 # qui sort le poste du domaine et configure le demarrage au boot suivant, 11 # copie dans %systemdrive%\netinst de tout ce qu'il faut pour la mise au domaine au reboot, 12 # puis on initie un reboot par rpc. 13 # 14 # si cela foire, on lance rejointSE3 depuis le poste. 15 # usage : 16 # integreDomaine.sh rejoint $nom $ip $mac [$adminame] [$passadmin] : met au domaine 17 # integredomaine.sh renomme $nom $ip $anciennom [$adminame] [$passadmin] : renomme 18 # integredomaine.sh clone $nom $ip $mac [$adminame] [$passadmin] : prepare le clonage 19 # integredomaine.sh ldap $nom $ip $mac : met uniquement a jour le ldap 20 # 21 # le script rejointSE3 22 # recupere l'action dans \\se3\netlogon\machine\$ip\ 23 # 24 25 if [ -f /home/netlogon/$3.lck ]; then 26 exit 0 27 fi 28 >/home/netlogon/$3.lck 29 30 31 function mkgpopasswd 32 { 33 [ -f /home/netlogon/machine/$1 ] && rm -f /home/netlogon/machine/$1 34 [ ! -d /home/netlogon/machine/$1 ] && mkdir -p /home/netlogon/machine/$1 35 ( 36 echo username=$1\\$adminname 37 echo password=$passadmin 38 )>$logondir/gpoPASSWD 39 chmod 600 $logondir/gpoPASSWD 40 chown adminse3 $logondir/gpoPASSWD 41 } 42 43 function uploadGPO # argument : $remotename $localname $remotedom 44 { 45 mkgpopasswd $3 46 smbclient //$ip/ADMIN$ -A /home/netlogon/machine/"$2"/gpoPASSWD << EOF 47 mkdir \System32\GroupPolicy 48 mkdir \System32\GroupPolicy\Machine 49 mkdir \System32\GroupPolicy\Machine\Scripts 50 mkdir \System32\GroupPolicy\Machine\Scripts\Startup 51 mkdir \System32\GroupPolicy\Machine\Scripts\Shutdown 52 put $logondir/shutdown.cmd \System32\GroupPolicy\Machine\Scripts\Shutdown\shutdown.cmd 53 put $domscripts/startup.cmd \System32\GroupPolicy\Machine\Scripts\Startup\startup.cmd 54 put $logondir/registry.pol \System32\GroupPolicy\Machine\registry.pol 55 put $logondir/gpt.ini \System32\GroupPolicy\gpt.ini 56 put /home/netlogon/scriptsC.ini \System32\GroupPolicy\Machine\Scripts\scripts.ini 57 prompt OFF 58 # rmdir \System32\GroupPolicy\User 59 rm \tasks\wpkg.job 60 EOF 61 return $? 62 } 63 function setADM 64 { 65 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy" -C "$1\\administrateur" || return $? 66 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -C "$1\\administrateur" || return $? 67 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine" -C "$1\\administrateur" || return $? 68 # smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/registry.pol" -C "$1\\administrateur" || return $? 69 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts" -C "$1\\administrateur" || return $? 70 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/scripts.ini" -C "$1\\administrateur" || return $? 71 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Startup" -C "$1\\administrateur" || return $? 72 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Startup/startup.cmd" -C "$1\\administrateur" || return $? 73 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Shutdown" -C "$1\\administrateur" || return $? 74 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Shutdown/shutdown.cmd" -C "$1\\administrateur" || return $? 75 76 } 77 78 function uploadDom # argument : $remotename $localname $remotedom 79 { 80 mkgpopasswd $3 81 smbclient //$ip/C$ -A /home/netlogon/machine/"$2"/gpoPASSWD << EOF 82 mkdir Netinst 83 mkdir Netinst\logs 84 put /home/netlogon/machine/$2/action.bat Netinst\action.bat 85 put /home/netlogon/CPAU.exe Netinst\CPAU.exe 86 cd Netinst 87 lcd $domscripts 88 prompt OFF 89 mput -y * 90 EOF 91 #if [ "$adminname" == "adminse3" ]; then 92 # smbclient //"$1"/C$ -A /home/netlogon/machine/"$2"/gpoPASSWD << EOF 93 # prompt OFF 94 # rmdir "\Documents and Settings\Administrateur" 95 #EOF 96 #fi 97 return $? 98 } 99 100 101 102 function setACL 103 { 104 # smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/registry.pol" -a "ACL:adminse3:ALLOWED/0/FULL,ACL:SYSTEM:ALLOWED/0/FULL" 105 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -a "ACL:adminse3:ALLOWED/0/FULL,ACL:SYSTEM:ALLOWED/0/FULL" 106 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/scripts.ini" -a "ACL:adminse3:ALLOWED/0/FULL,ACL:SYSTEM:ALLOWED/0/FULL" 107 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Startup/startup.cmd" -a "ACL:adminse3:ALLOWED/0/FULL,ACL:SYSTEM:ALLOWED/0/FULL" 108 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Shutdown/shutdown.cmd" -a "ACL:adminse3:ALLOWED/0/FULL,ACL:SYSTEM:ALLOWED/0/FULL" 109 smbcacls //$ip/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -a "ACL:adminse3:ALLOWED/0/FULL" 110 } 111 112 function tryuploadgpo # remotename remotedom 113 { 114 115 uploadGPO $1 $ip $2 >/dev/null 2>&1 116 if [ "$?" == "0" ] 117 then 118 setADM $1 $ip 119 setACL $1 $ip 120 uploadDom $1 $ip $2 >/dev/null 2>&1 121 cp $logondir/action.bat /home/netlogon/machine/$oldname 122 rm -rf $logondir 123 124 if [ "action" == "clone" ]; then 125 echo "clonage : la machine est prete<br>" 126 else 127 # on fait l'enregistrement ldap de la machine et on efface l'ancien si besoin 128 /usr/share/se3/shares/shares.avail/connexion.sh adminse3 $name $ip $mac 129 # /usr/share/se3/sbin/update-csv.sh 130 fi 131 /usr/bin/net rpc shutdown -t 30 -r -C "$action : Le poste $oldname ($ip) va etre renomme $name avec $2/$adminname%XXXXXXX " -I $ip -U "$2/$adminname%$passadmin" 132 return 0 133 else 134 echo "integration a distance : connexion a $1 impossible avec $2/$adminname...<br>" 135 return 1 136 fi 137 } 138 139 # initialisation des variables 140 . /etc/se3/config_m.cache.sh 141 142 action="$1" 143 name=$(echo "$2" | tr 'A-Z' 'a-z') 144 ip="$3" 145 146 if [ -z "$5" ]; then 147 adminname=adminse3 148 else 149 adminname="$5" 150 fi 151 if [ -z "$6" ]; then 152 passadmin=$xppass 153 else 154 passadmin="$6" 155 fi 156 if [ "$action" == "ldap" ]; then 157 # on enregistre la machine dans la base ldap 158 /usr/share/se3/shares/shares.avail/connexion.sh adminse3 $name $ip $4 159 # /usr/share/se3/sbin/update-csv.sh 160 [ -f /home/netlogon/machine/$name/action.bat ] && rm -f /home/netlogon/machine/$name/action.bat 161 else 162 if [ "$action" == "rejoint" ]; then 163 oldname=$name 164 mac="$4" 165 else 166 oldname=$(echo "$4" | tr 'A-Z' 'a-z') 167 fi 168 169 # on repere la machine par son iP et on copie les GPO de son ancien nom si elles existent 170 domscripts=/home/netlogon/domscripts 171 logondir="/home/netlogon/machine/$ip" 172 [ -f "$logondir" ] && rm -f $logondir 173 if [ ! -d "$logondir" ]; then 174 mkdir -p $logondir 175 fi 176 rm -f $logondir/* 177 /usr/share/se3/logonpy/logon.py adminse3 $ip XP 178 [ -f /home/netlogon/machine/$oldname ] && rm -f /home/netlogon/machine/$oldname 179 if [ -d "/home/netlogon/machine/$oldname" ]; then 180 cp "/home/netlogon/machine/$oldname/*" $logondir 181 fi 182 echo -e "set ACTION=$action\r 183 set NAME=$name\r 184 ">$logondir/action.bat 185 sed -e "s/set ADMIN=.*$/set ADMIN=$adminname\r/;s/set PASSWD=.*$/set PASSWD=$passadmin\r/" $domscripts/shutdowngpo.cmd >$logondir/shutdown.cmd 186 if [ ! -f "$logondir/gpt.ini" ] 187 then 188 cp -f /home/netlogon/gpt.ini $logondir/gpt.ini 189 fi 190 GPO_VERS="$(grep Version $logondir/gpt.ini|cut -d '=' -f2|sed -e 's/\r//g')" 191 if [ -z "$GPO_VERS" ]; then 192 cp -f /home/netlogon/gpt.ini $logondir/gpt.ini 193 GPO_VERS=268439552 194 else 195 (( GPO_VERS+=268439552 )) 196 fi 197 sed -i "s/Version=.*/Version=$GPO_VERS\r/g" $logondir/gpt.ini 198 if [ "$passadmin" != "$xppass" ]; then 199 # Création du job cryptant le md administrateur local 200 export HOME=/root 201 ############################ 202 WINECMD="env WINEDEBUG=-all wine" 203 JOB=$logondir/localpw.job 204 TASK="net user administrateur $2" 205 $WINECMD /home/netlogon/CPAU.exe -u administrateur -p wawa -wait -enc -file $JOB -lwp -c -ex "$TASK" > /dev/null 206 fi 207 208 chmod -R 755 $logondir 209 chown -R adminse3 $logondir 210 211 # Try to upload GPO 212 # Sometime, Windows XP isn't ready to accept connexions on C$ (just after boot) 213 # on essaie toutes les combinaisons ip/netbiosname.... 214 /usr/share/se3/sbin/tcpcheck 20 $ip:445 >/dev/null 215 tryuploadgpo $oldname $oldname 216 if [ "$?" == "1" ]; then 217 tryuploadgpo $ip $oldname 218 if [ "$?" == "1" ]; then 219 tryuploadgpo $name $oldname 220 if [ "$?" == "1" ]; then 221 tryuploadgpo $name $name 222 if [ "$?" == "1" ]; then 223 echo "la mise au domaine ne peut pas se faire a distance. Vous 224 devez la lancer depuis le poste.<br> Pour cela il faut lancer le script 225 \\\\$netbios_name\netlogon\domscripts\rejointSE3.cmd<br>" 1>&2 226 fi 227 fi 228 fi 229 fi 230 fi 231 rm -f /home/netlogon/$ip.lck 232
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |