-Add ability for XCAT_ prefixed environment variables to be sent to server

-activedirectory plugin can now add users to active directory


git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@5342 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2010-03-02 21:54:37 +00:00
parent e884280458
commit 11370b278e
4 changed files with 93 additions and 13 deletions

View File

@ -60,6 +60,11 @@ if ($arg ne "NO_NODE_RANGE") {
$cmdref->{noderange}->[0]=$arg;
}
push (@{$cmdref->{arg}}, @ARGV);
foreach (keys %ENV) {
if (/^XCAT_/) {
$cmdref->{environment}->{$_} = $ENV{$_};
}
}
xCAT::Client::submit_request($cmdref,\&xCAT::Client::handle_response);
exit $xCAT::Client::EXITCODE;

View File

@ -25,6 +25,11 @@ if (-p STDIN) {
}
push (@{$cmdref->{arg}}, @ARGV);
foreach (keys %ENV) {
if (/^XCAT_/) {
$cmdref->{environment}->{$_} = $ENV{$_};
}
}
xCAT::Client::submit_request($cmdref,\&xCAT::Client::handle_response);
exit $xCAT::Client::EXITCODE;

View File

@ -107,7 +107,9 @@ sub add_user_account {
return {error=>"Unable to determine all required parameters"};
}
my $newpassword = $args{password};
unless ($newpassword) {
if ($newpassword) {
$newpassword = '"'.$newpassword.'"';
} else {
$newpassword = '"'.genpassword(8).'"';
}
Encode::from_to($newpassword,"utf8","utf16le"); #ms uses utf16le, we use utf8
@ -186,8 +188,6 @@ sub add_user_account {
} elsif (not $rc==8192) {
return {error=>"Unknown error $rc"};
}
open(HUH,">","/tmp/huhh");
print HUH $ldif;
$rc = system("echo '$ldif'|ldapmodify -H ldaps://$directoryserver");
return {password=>$newpassword};
}
@ -264,7 +264,7 @@ sub krb_login {
if (-x "/usr/kerberos/bin/kinit") {
$kinit = "/usr/kerberos/bin/kinit";
}
my $kinit = open3($krbin,$krbout,$krberr,$kinit,$username."@".$realm);
$kinit = open3($krbin,$krbout,$krberr,$kinit,$username."@".$realm);
my $ksel = IO::Select->new($krbout,$krberr);
my @handles;
while (@handles = $ksel->can_read()) {
@ -338,7 +338,8 @@ sub find_free_params { #search for things like next available uidNumber
#use Data::Dumper;
#print krb_login(username=>"Administrator",password=>"cluster",realm=>"XCAT.E1350");
#print Dumper(find_free_params(directoryserver=>"v4.xcat.e1350",ou=>"dc=xcat,dc=e1350"));
#print Dumper add_user_account(dnsdomain=>'xcat.e1350',username=>'ffuu',directoryserver=>'v4.xcat.e1350');
#use Data::Dumper;
#print Dumper(add_user_account(dnsdomain=>'xcat.e1350',username=>'ffuu',directoryserver=>'v4.xcat.e1350'));
#print Dumper add_machine_account(node=>'ufred.xcat.e1350',directoryserver=>'v4.xcat.e1350');
1;

View File

@ -7,12 +7,16 @@ BEGIN
my $callback;
use lib "$::XCATROOT/lib/perl";
use Getopt::Long;
use xCAT::ADUtils;
use Net::DNS;
sub handled_commands {
return {
addclusteruser => 'site:directoryprovider',
addclouduser => 'site:directoryprovider',
};
}
sub process_request {
my $request = shift;
my $command = $request->{command}->[0];
@ -24,26 +28,91 @@ sub process_request {
my $fullname;
my $gid;
my $uid;
my $ou;
@ARGV=@{$request->{arg}};
Getopt::Long::Configure("bundling");
Getopt::Long::Configure("pass_through");
Getopt::Long::Configure("no_pass_through");
if (!GetOptions(
'd=s' => \$homedir,
'c=s' => \$fullname,
'g=s' => \$gid,
'o=s' => \$ou,
'u=s' => \$uid)) {
die "Not possible";
die "TODO: usage message";
}
my $username = shift @ARGV;
my %args = ( username => $username );
my $domain;
my $sitetab = xCAT::Table->new('site');
if ($username =~ /@/) {
($username,$domain) = split /@/,$username;
$domain = lc($domain);
} else {
$domain = $sitetab->getAttribs({key=>'domain'},['value']);
unless ($domain and $domain->{value}) {
sendmsg([1,"Domain not provided and none set in site table"]);
}
$domain = $domain->{value};
}
#TODO: if multi-domain support implemented, use the domains table to reference between realm and domain
my $server = $sitetab->getAttribs({key=>'directoryserver'},['value']);
if ($server and $server->{value}) {
$server = $server->{value};
} else {
my $res = Net::DNS::Resolver->new;
my $query = $res->query("_ldap._tcp.$domain","SRV");
if ($query) {
foreach my $srec ($query->answer) {
$server = $srec->{target};
}
}
unless ($server) {
sendmsg([1,"Unable to determine a directory server to communicate with, try site.directoryserver"]);
}
}
my $realm = $sitetab->getAttribs({key=>'realm'},['value']);
if ($realm and $realm->{value}) {
$realm = $realm->{value};
} else {
$realm = uc($domain);
$realm =~ s/\.$//; #remove trailing dot if provided
}
#my $domainstab = xCAT::Table->new('domains');
#$realm = $domainstab->getAttribs({domain=>$domain},
my $passtab = xCAT::Table->new('passwd');
my $adpent = $passtab->getAttribs({key=>'activedirectory'},[qw/username password/]);
unless ($adpent and $adpent->{username} and $adpent->{password}) {
sendmsg([1,"activedirectory entry missing from passwd table"]);
return 1;
}
my $err = xCAT::ADUtils::krb_login(username=>$adpent->{username},password=>$adpent->{password},realm=>$realm);
if ($err) {
sendmsg([1,"Error authenticating to Active Directory"]);
return 1;
}
my %args = (
username => $username,
dnsdomain => $domain,
directoryserver=> $server,
);
if ($fullname) { $args{fullname} = $fullname };
sendmsg("Full name: ".$fullname);
sendmsg(join(" ",@ARGV));
if ($ou) { $args{ou} = $ou };
if ($request->{environment} and
$request->{environment}->[0]->{XCAT_USERPASS}) {
$args{password} = $request->{environment}->[0]->{XCAT_USERPASS}->[0];
}
#TODO: args password
if (defined $gid) { $args{gid} = $gid };
if (defined $uid) { $args{uid} = $uid };
#TODO: smbHome for windows
if (defined $homedir) { $args{homedir} = $homedir };
my $ret = xCAT::ADUtils::add_user_account(%args);
if (ref $ret and $ret->{error}) {
sendmsg([1,$ret->{error}]);
}
}
}