The branch, v4-0-test has been updated
via 75c8dc6c6f3134bb78356630f24617aaeb869344 (commit)
via 34adb0e0bb1b3c340d7098e7a3d12f73f798d0e7 (commit)
via 6875e6823f7a1fe9066bff4dffcab658a17d3b8c (commit)
via b51b8a2d846284de4dff736fc18cf747c188de96 (commit)
via 38634183a074556c8dfdcb6affc60f4bcc15a3f0 (commit)
via 10a8b7ea487f9725f69b02c4dd9cf5e1f67a23ab (commit)
via de5349cc7a5a97c0d2d7288436a4090dfd9bd093 (commit)
via 5bf1c89cf8af08fbcf4f5089079920840daad7b8 (commit)
via e77ab2fbd1836bc2f9c7b2a819b06ddccf1fa78f (commit)
via d01d542502f25d6c731204ecb3d33720a1706581 (commit)
via 1282e3c39479aa580124206814b493370d10690a (commit)
via c93208c13ce91b334eadf0ea02fa41354e761e97 (commit)
via c90751040e941d10234131852815e1cec1a54efe (commit)
via 5ebb64bdad7e80ee81d6b9d84d77c03fb9237eee (commit)
via 566c60b4649e2b94bf467993acd4bf72c7368e5a (commit)
via 58e00594d8c191f499225aa2755a06bac2937300 (commit)
via 02a33165ca700f71cf09680ded35c87aa2e88552 (commit)
from 4449ce381aca25e7f510a2f24b43c3a81e870032 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 75c8dc6c6f3134bb78356630f24617aaeb869344
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 19:38:36 2008 +1000
Actually test the different 'fill levels' in the provision process.
This should cover a few more codepaths in the provision script.
Andrew Bartlett
commit 34adb0e0bb1b3c340d7098e7a3d12f73f798d0e7
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 19:37:23 2008 +1000
Reuse the lp_ctx and samdb returned by the python provision.
Apply the same fix as in libnet_vampire in the old DRS test code.
Andrew Bartlett
commit 6875e6823f7a1fe9066bff4dffcab658a17d3b8c
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 19:35:15 2008 +1000
Don't specify the ntds_guid to the C -> python provision interface
This paramter was not used anyway.
Andrew Bartlett
commit b51b8a2d846284de4dff736fc18cf747c188de96
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 19:33:52 2008 +1000
Don't reopen the sam.ldb again
Andrew Bartlett
commit 38634183a074556c8dfdcb6affc60f4bcc15a3f0
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 19:15:24 2008 +1000
Use the python-provided ldb and lp_ctx pointers in libnet_vampire.c
By using the already open smb.conf and sam.ldb, we not only avoid
overhead, but also remove the risk we could touch a different
database.
Andrew Bartlett
commit 10a8b7ea487f9725f69b02c4dd9cf5e1f67a23ab
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 19:04:43 2008 +1000
Far less cryptic traceback when you have an existing smb.conf
When the user has an existing smb.conf, but no [netlogon] or [sysvol]
share, the provision script would trigger a traceback. While we still
need to abort in this situation, we do so now with a useful error.
Andrew Bartlett
commit de5349cc7a5a97c0d2d7288436a4090dfd9bd093
Merge: 5bf1c89cf8af08fbcf4f5089079920840daad7b8
4449ce381aca25e7f510a2f24b43c3a81e870032
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 14:35:26 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into
4-0-abartlet
commit 5bf1c89cf8af08fbcf4f5089079920840daad7b8
Merge: e77ab2fbd1836bc2f9c7b2a819b06ddccf1fa78f
a3e1b835656470f1a80f0fa69f53a9df849baee3
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 11:11:42 2008 +1000
Fix merge errors on C provision interface after jelmer's good work.
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into
4-0-abartlet
Conflicts:
source/torture/local/torture.c
commit e77ab2fbd1836bc2f9c7b2a819b06ddccf1fa78f
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Apr 11 11:09:34 2008 +1000
Set a netbios name into provision, and zero the rest.
Remove dns_name initialisation.
Andrew Bartlett
commit d01d542502f25d6c731204ecb3d33720a1706581
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 15:32:49 2008 +1000
Fix up provision to specify SERVERDN in more places.
Andrew Bartlett
commit 1282e3c39479aa580124206814b493370d10690a
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 14:59:32 2008 +1000
Link the new vampire code togeather.
This adds in the newly attached secrets handling, as well as an
interface to the command line 'net' tool.
Andrew Bartlett
commit c93208c13ce91b334eadf0ea02fa41354e761e97
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 14:57:57 2008 +1000
Don't fill in the secrets DB unless we make the entries.
Leave filling in (we still initialise it) the secrets DB for the join
or vampire code.
Andrew Bartlett
commit c90751040e941d10234131852815e1cec1a54efe
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 14:56:24 2008 +1000
Factor out filling in the secrets database.
This allows the vampire code to start with a join, but fill in the
secrets only when the process is compleated.
Andrew Bartlett
commit 5ebb64bdad7e80ee81d6b9d84d77c03fb9237eee
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 14:55:01 2008 +1000
Remove dns_name element
This is only used in the DEBUG() message, so let's remove it.
Andrew Bartlett
commit 566c60b4649e2b94bf467993acd4bf72c7368e5a
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 14:51:22 2008 +1000
Be consistant in using ${SEVERDN}.
This ensures we don't fall out of sync with the provision scripts.
Andrew Bartlett
commit 58e00594d8c191f499225aa2755a06bac2937300
Merge: 02a33165ca700f71cf09680ded35c87aa2e88552
596fc05785020cd7bd6d15d91b49172039f83bab
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 12:03:36 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into
4-0-abartlet
commit 02a33165ca700f71cf09680ded35c87aa2e88552
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Wed Apr 9 12:02:11 2008 +1000
Start implementation of real 'net vampire' code.
This will use DRS Replication (metze's thesis work) and possibly
samsync, and will work outside the smbtorture process.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source/libnet/config.mk | 2 +
source/libnet/libnet.h | 1 +
source/libnet/libnet_join.c | 196 +++--
source/libnet/libnet_join.h | 17 +
.../libnet/{libnet_vampire.c => libnet_samsync.c} | 0
.../libnet/{libnet_vampire.h => libnet_samsync.h} | 0
source/libnet/libnet_vampire.c | 942 +++++++++++++-------
source/libnet/libnet_vampire.h | 70 +--
source/param/provision.c | 6 +-
source/param/provision.h | 2 -
source/scripting/python/samba/provision.py | 49 +-
source/setup/provision.ldif | 4 +-
source/setup/provision_basedn_modify.ldif | 2 +-
source/setup/provision_configuration.ldif | 2 +-
source/setup/provision_schema_basedn_modify.ldif | 2 +-
source/setup/provision_self_join.ldif | 4 +-
source/setup/tests/blackbox_provision.sh | 2 +
source/torture/libnet/libnet_BecomeDC.c | 39 +-
source/torture/local/torture.c | 5 +-
source/utils/net/net.c | 3 +-
source/utils/net/net_join.c | 67 ++
source/utils/net/net_vampire.c | 2 +-
22 files changed, 894 insertions(+), 523 deletions(-)
copy source/libnet/{libnet_vampire.c => libnet_samsync.c} (100%)
copy source/libnet/{libnet_vampire.h => libnet_samsync.h} (100%)
Changeset truncated at 500 lines:
diff --git a/source/libnet/config.mk b/source/libnet/config.mk
index 11b8bdf..231d67c 100644
--- a/source/libnet/config.mk
+++ b/source/libnet/config.mk
@@ -1,5 +1,6 @@
[SUBSYSTEM::LIBSAMBA-NET]
PRIVATE_PROTO_HEADER = libnet_proto.h
+PRIVATE_DEPENDENCIES = PROVISION
OBJ_FILES = \
libnet.o \
libnet_passwd.o \
@@ -10,6 +11,7 @@ OBJ_FILES = \
libnet_become_dc.o \
libnet_unbecome_dc.o \
libnet_vampire.o \
+ libnet_samsync.o \
libnet_samdump.o \
libnet_samdump_keytab.o \
libnet_samsync_ldb.o \
diff --git a/source/libnet/libnet.h b/source/libnet/libnet.h
index 015661a..b65a13c 100644
--- a/source/libnet/libnet.h
+++ b/source/libnet/libnet.h
@@ -68,6 +68,7 @@ struct libnet_context {
#include "libnet/libnet_site.h"
#include "libnet/libnet_become_dc.h"
#include "libnet/libnet_unbecome_dc.h"
+#include "libnet/libnet_samsync.h"
#include "libnet/libnet_vampire.h"
#include "libnet/libnet_user.h"
#include "libnet/libnet_group.h"
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 2213451..4549cd6 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -839,13 +839,11 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx,
TALLOC_CTX *mem_ctx, stru
return status;
}
-static NTSTATUS libnet_Join_primary_domain(struct libnet_context *ctx,
- TALLOC_CTX *mem_ctx,
- struct libnet_Join *r)
+NTSTATUS libnet_set_join_secrets(struct libnet_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct libnet_set_join_secrets *r)
{
- NTSTATUS status;
TALLOC_CTX *tmp_mem;
- struct libnet_JoinDomain *r2;
int ret, rtn;
struct ldb_context *ldb;
struct ldb_dn *base_dn;
@@ -860,56 +858,13 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
"privateKeytab",
NULL
};
- uint32_t acct_type = 0;
- const char *account_name;
- const char *netbios_name;
-
- r->out.error_string = NULL;
tmp_mem = talloc_new(mem_ctx);
if (!tmp_mem) {
return NT_STATUS_NO_MEMORY;
}
- r2 = talloc(tmp_mem, struct libnet_JoinDomain);
- if (!r2) {
- r->out.error_string = NULL;
- talloc_free(tmp_mem);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (r->in.join_type == SEC_CHAN_BDC) {
- acct_type = ACB_SVRTRUST;
- } else if (r->in.join_type == SEC_CHAN_WKSTA) {
- acct_type = ACB_WSTRUST;
- } else {
- r->out.error_string = NULL;
- talloc_free(tmp_mem);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (r->in.netbios_name != NULL) {
- netbios_name = r->in.netbios_name;
- } else {
- netbios_name = talloc_reference(tmp_mem,
lp_netbios_name(ctx->lp_ctx));
- if (!netbios_name) {
- r->out.error_string = NULL;
- talloc_free(tmp_mem);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- account_name = talloc_asprintf(tmp_mem, "%s$", netbios_name);
- if (!account_name) {
- r->out.error_string = NULL;
- talloc_free(tmp_mem);
- return NT_STATUS_NO_MEMORY;
- }
-
- /*
- * Local secrets are stored in secrets.ldb
- * open it to make sure we can write the info into it after the join
- */
+ /* Open the secrets database */
ldb = secrets_db_connect(tmp_mem, ctx->lp_ctx);
if (!ldb) {
r->out.error_string
@@ -920,23 +875,6 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
}
/*
- * join the domain
- */
- ZERO_STRUCTP(r2);
- r2->in.domain_name = r->in.domain_name;
- r2->in.account_name = account_name;
- r2->in.netbios_name = netbios_name;
- r2->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
- r2->in.acct_type = acct_type;
- r2->in.recreate_account = false;
- status = libnet_JoinDomain(ctx, r2, r2);
- if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_steal(mem_ctx,
r2->out.error_string);
- talloc_free(tmp_mem);
- return status;
- }
-
- /*
* now prepare the record for secrets.ldb
*/
sct = talloc_asprintf(tmp_mem, "%d", r->in.join_type);
@@ -961,21 +899,21 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
}
msg->dn = ldb_dn_copy(tmp_mem, base_dn);
- if ( ! ldb_dn_add_child_fmt(msg->dn, "flatname=%s",
r2->out.domain_name)) {
+ if ( ! ldb_dn_add_child_fmt(msg->dn, "flatname=%s", r->in.domain_name))
{
r->out.error_string = NULL;
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
}
- rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "flatname",
r2->out.domain_name);
+ rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "flatname",
r->in.domain_name);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
}
- if (r2->out.realm) {
- rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "realm",
r2->out.realm);
+ if (r->in.realm) {
+ rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "realm",
r->in.realm);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -997,14 +935,14 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
return NT_STATUS_NO_MEMORY;
}
- rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "secret",
r2->out.join_password);
+ rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "secret",
r->in.join_password);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
}
- rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "samAccountName",
r2->in.account_name);
+ rtn = samdb_msg_add_string(ldb, tmp_mem, msg, "samAccountName",
r->in.account_name);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -1018,9 +956,9 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
return NT_STATUS_NO_MEMORY;
}
- if (r2->out.kvno) {
+ if (r->in.kvno) {
rtn = samdb_msg_add_uint(ldb, tmp_mem, msg,
"msDS-KeyVersionNumber",
- r2->out.kvno);
+ r->in.kvno);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -1028,9 +966,9 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
}
}
- if (r2->out.domain_sid) {
+ if (r->in.domain_sid) {
rtn = samdb_msg_add_dom_sid(ldb, tmp_mem, msg, "objectSid",
- r2->out.domain_sid);
+ r->in.domain_sid);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -1047,7 +985,7 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
tmp_mem, base_dn,
&msgs, attrs,
"(|" SECRETS_PRIMARY_DOMAIN_FILTER "(realm=%s))",
- r2->out.domain_name, r2->out.realm);
+ r->in.domain_name, r->in.realm);
if (ret == 0) {
rtn = samdb_msg_set_string(ldb, tmp_mem, msg, "secretsKeytab",
"secrets.keytab");
if (rtn == -1) {
@@ -1059,7 +997,7 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
r->out.error_string
= talloc_asprintf(mem_ctx,
"Search for domain: %s and realm: %s
failed: %s",
- r2->out.domain_name, r2->out.realm,
ldb_errstring(ldb));
+ r->in.domain_name, r->in.realm,
ldb_errstring(ldb));
talloc_free(tmp_mem);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else {
@@ -1082,7 +1020,7 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
return NT_STATUS_NO_MEMORY;
}
}
- rtn = samdb_msg_set_string(ldb, tmp_mem, msg, "secret",
r2->out.join_password);
+ rtn = samdb_msg_set_string(ldb, tmp_mem, msg, "secret",
r->in.join_password);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -1101,7 +1039,7 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
}
}
- rtn = samdb_msg_set_string(ldb, tmp_mem, msg, "samAccountName",
r2->in.account_name);
+ rtn = samdb_msg_set_string(ldb, tmp_mem, msg, "samAccountName",
r->in.account_name);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -1146,6 +1084,104 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS libnet_Join_primary_domain(struct libnet_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct libnet_Join *r)
+{
+ NTSTATUS status;
+ TALLOC_CTX *tmp_mem;
+ struct libnet_JoinDomain *r2;
+ struct libnet_set_join_secrets *r3;
+ uint32_t acct_type = 0;
+ const char *account_name;
+ const char *netbios_name;
+
+ r->out.error_string = NULL;
+
+ tmp_mem = talloc_new(mem_ctx);
+ if (!tmp_mem) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ r2 = talloc(tmp_mem, struct libnet_JoinDomain);
+ if (!r2) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (r->in.join_type == SEC_CHAN_BDC) {
+ acct_type = ACB_SVRTRUST;
+ } else if (r->in.join_type == SEC_CHAN_WKSTA) {
+ acct_type = ACB_WSTRUST;
+ } else {
+ r->out.error_string = NULL;
+ talloc_free(tmp_mem);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (r->in.netbios_name != NULL) {
+ netbios_name = r->in.netbios_name;
+ } else {
+ netbios_name = talloc_reference(tmp_mem,
lp_netbios_name(ctx->lp_ctx));
+ if (!netbios_name) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ account_name = talloc_asprintf(tmp_mem, "%s$", netbios_name);
+ if (!account_name) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /*
+ * join the domain
+ */
+ ZERO_STRUCTP(r2);
+ r2->in.domain_name = r->in.domain_name;
+ r2->in.account_name = account_name;
+ r2->in.netbios_name = netbios_name;
+ r2->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
+ r2->in.acct_type = acct_type;
+ r2->in.recreate_account = false;
+ status = libnet_JoinDomain(ctx, r2, r2);
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_steal(mem_ctx,
r2->out.error_string);
+ talloc_free(tmp_mem);
+ return status;
+ }
+
+ r3 = talloc(tmp_mem, struct libnet_set_join_secrets);
+ if (!r3) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCTP(r3);
+ r3->in.domain_name = r2->out.domain_name;
+ r3->in.realm = r2->out.realm;
+ r3->in.account_name = account_name;
+ r3->in.netbios_name = netbios_name;
+ r3->in.join_type = r->in.join_type;
+ r3->in.join_password = r2->out.join_password;
+ r3->in.kvno = r2->out.kvno;
+ r3->in.domain_sid = r2->out.domain_sid;
+
+ status = libnet_set_join_secrets(ctx, r3, r3);
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_steal(mem_ctx,
r3->out.error_string);
+ talloc_free(tmp_mem);
+ return status;
+ }
+
/* move all out parameter to the callers TALLOC_CTX */
r->out.error_string = NULL;
r->out.join_password = r2->out.join_password;
diff --git a/source/libnet/libnet_join.h b/source/libnet/libnet_join.h
index 6da4564..7988413 100644
--- a/source/libnet/libnet_join.h
+++ b/source/libnet/libnet_join.h
@@ -79,5 +79,22 @@ struct libnet_Join {
} out;
};
+struct libnet_set_join_secrets {
+ struct {
+ const char *domain_name;
+ const char *realm;
+ const char *netbios_name;
+ const char *account_name;
+ enum netr_SchannelType join_type;
+ const char *join_password;
+ int kvno;
+ struct dom_sid *domain_sid;
+ } in;
+
+ struct {
+ const char *error_string;
+ } out;
+};
+
#endif /* __LIBNET_JOIN_H__ */
diff --git a/source/libnet/libnet_vampire.c b/source/libnet/libnet_samsync.c
similarity index 100%
copy from source/libnet/libnet_vampire.c
copy to source/libnet/libnet_samsync.c
diff --git a/source/libnet/libnet_vampire.h b/source/libnet/libnet_samsync.h
similarity index 100%
copy from source/libnet/libnet_vampire.h
copy to source/libnet/libnet_samsync.h
diff --git a/source/libnet/libnet_vampire.c b/source/libnet/libnet_vampire.c
index 0f82d98..9d32088 100644
--- a/source/libnet/libnet_vampire.c
+++ b/source/libnet/libnet_vampire.c
@@ -1,9 +1,11 @@
/*
Unix SMB/CIFS implementation.
- Extract the user/system database from a remote SamSync server
+ Extract the user/system database from a remote server
- Copyright (C) Andrew Bartlett <[EMAIL PROTECTED]> 2004-2005
+ Copyright (C) Stefan Metzmacher 2004-2006
+ Copyright (C) Brad Henry 2005
+ Copyright (C) Andrew Bartlett <[EMAIL PROTECTED]> 2005-2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,378 +24,686 @@
#include "includes.h"
#include "libnet/libnet.h"
-#include "libcli/auth/libcli_auth.h"
-#include "auth/gensec/gensec.h"
-#include "auth/credentials/credentials.h"
-#include "auth/gensec/schannel_proto.h"
-#include "librpc/gen_ndr/ndr_netlogon.h"
-#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/util/dlinklist.h"
+#include "lib/ldb/include/ldb.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "system/time.h"
+#include "lib/ldb_wrap.h"
+#include "auth/auth.h"
#include "param/param.h"
+#include "param/provision.h"
+/*
+List of tasks vampire.py must perform:
+- Domain Join
+ - but don't write the secrets.ldb
+ - results for this should be enough to handle the provision
+- if vampire method is samsync
+ - Provision using these results
+ - do we still want to support this NT4 technology?
+- Start samsync with libnet code
+ - provision in the callback
+- Write out the secrets database, using the code from libnet_Join
+
+*/
+struct vampire_state {
+ const char *netbios_name;
+ struct libnet_JoinDomain *join;
+ struct cli_credentials *machine_account;
+ struct dsdb_schema *self_made_schema;
+ const struct dsdb_schema *schema;
+
+ struct ldb_context *ldb;
-/**
- * Decrypt and extract the user's passwords.
- *
- * The writes decrypted (no longer 'RID encrypted' or arcfour encrypted)
passwords back into the structure
- */
-static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
- bool rid_crypt,
- enum netr_SamDatabaseID database,
- struct netr_DELTA_ENUM *delta,
- char **error_string)
+ struct {
+ uint32_t object_count;
+ struct drsuapi_DsReplicaObjectListItemEx *first_object;
+ struct drsuapi_DsReplicaObjectListItemEx *last_object;
+ } schema_part;
+
+ const char *targetdir;
+
+ struct loadparm_context *lp_ctx;
+};
+
+static NTSTATUS vampire_prepare_db(void *private_data,
+ const struct
libnet_BecomeDC_PrepareDB *p)
{
+ struct vampire_state *s = talloc_get_type(private_data, struct
vampire_state);
+ struct provision_settings settings;
+ struct provision_result result;
+ NTSTATUS status;
+
+ settings.site_name = p->dest_dsa->site_name;
+ settings.root_dn_str = p->forest->root_dn_str;
+ settings.domain_dn_str = p->domain->dn_str;
+ settings.config_dn_str = p->forest->config_dn_str;
+ settings.schema_dn_str = p->forest->schema_dn_str;
+ settings.netbios_name = p->dest_dsa->netbios_name;
+ settings.realm = s->join->out.realm;
+ settings.domain = s->join->out.domain_name;
+ settings.server_dn_str = p->dest_dsa->server_dn_str;
+ settings.machine_password = generate_random_str(s, 16);
+ settings.targetdir = s->targetdir;
+
+ status = provision_bare(s, s->lp_ctx, &settings, &result);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- uint32_t rid = delta->delta_id_union.rid;
- struct netr_DELTA_USER *user = delta->delta_union.user;
- struct samr_Password lm_hash;
- struct samr_Password nt_hash;
- const char *username = user->account_name.string;
+ s->ldb = result.samdb;
+ s->lp_ctx = result.lp_ctx;
- if (rid_crypt) {
- if (user->lm_password_present) {
--
Samba Shared Repository
