diff options
author | Stefan Metzmacher <metze@samba.org> | 2006-12-05 13:46:27 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:28:53 -0500 |
commit | 20f55aaad8e94f285b9bd0d8457440d51ae6a943 (patch) | |
tree | dc910e34ff287db13c3a03cdc8d26704b40589f6 | |
parent | 047f2c7091581b629bac96970ff92b07ab118172 (diff) | |
download | samba-20f55aaad8e94f285b9bd0d8457440d51ae6a943.tar.gz samba-20f55aaad8e94f285b9bd0d8457440d51ae6a943.tar.bz2 samba-20f55aaad8e94f285b9bd0d8457440d51ae6a943.zip |
r20043: when becoming a dc:
- implement set userAccountControl = UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION
- implement moving to CN=Domain Controllers
metze
(This used to be commit c4037880a0c35c5d2550a0bdc9363c0592089ed9)
-rw-r--r-- | source4/libnet/libnet_become_dc.c | 114 |
1 files changed, 113 insertions, 1 deletions
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index 418424dfb0..502b61d87a 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -26,6 +26,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/db_wrap.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/flags.h" struct libnet_BecomeDC_state { struct composite_context *creq; @@ -41,7 +42,7 @@ struct libnet_BecomeDC_state { struct becomeDC_ldap { struct ldb_context *ldb; const struct ldb_message *rootdse; - } ldap1; + } ldap1, ldap2; struct { /* input */ @@ -748,6 +749,8 @@ static NTSTATUS becomeDC_ldap1_server_object_add(struct libnet_BecomeDC_state *s return NT_STATUS_OK; } +static void becomeDC_connect_ldap2(struct libnet_BecomeDC_state *s); + static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s) { struct composite_context *c = s->creq; @@ -789,6 +792,115 @@ static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s) if (!composite_is_ok(c)) return; c->status = becomeDC_ldap1_server_object_add(s); +/* ignore for now... if (!composite_is_ok(c)) return;*/ + + becomeDC_connect_ldap2(s); +} + +static NTSTATUS becomeDC_ldap2_modify_computer(struct libnet_BecomeDC_state *s) +{ + int ret; + struct ldb_message *msg; + uint32_t i; + uint32_t user_account_control = UF_SERVER_TRUST_ACCOUNT | + UF_TRUSTED_FOR_DELEGATION; + + /* as the value is already as we want it to be, we're done */ + if (s->dest_dsa.user_account_control == user_account_control) { + return NT_STATUS_OK; + } + + /* make a 'modify' msg, and only for serverReference */ + msg = ldb_msg_new(s); + NT_STATUS_HAVE_NO_MEMORY(msg); + msg->dn = ldb_dn_new(msg, s->ldap2.ldb, s->dest_dsa.computer_dn_str); + NT_STATUS_HAVE_NO_MEMORY(msg->dn); + + ret = ldb_msg_add_fmt(msg, "userAccountControl", "%u", user_account_control); + if (ret != 0) { + talloc_free(msg); + return NT_STATUS_NO_MEMORY; + } + + /* mark all the message elements (should be just one) + as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + ret = ldb_modify(s->ldap2.ldb, msg); + talloc_free(msg); + if (ret != LDB_SUCCESS) { + return NT_STATUS_LDAP(ret); + } + + s->dest_dsa.user_account_control = user_account_control; + + return NT_STATUS_OK; +} + +static NTSTATUS becomeDC_ldap2_move_computer(struct libnet_BecomeDC_state *s) +{ + int ret; + struct ldb_result *r; + struct ldb_dn *basedn; + struct ldb_dn *old_dn; + struct ldb_dn *new_dn; + static const char *_1_1_attrs[] = { + "1.1", + NULL + }; + + basedn = ldb_dn_new_fmt(s, s->ldap2.ldb, "<WKGUID=a361b2ffffd211d1aa4b00c04fd7d83a,%s>", + s->domain.dn_str); + NT_STATUS_HAVE_NO_MEMORY(basedn); + + ret = ldb_search(s->ldap2.ldb, basedn, LDB_SCOPE_BASE, + "(objectClass=*)", _1_1_attrs, &r); + talloc_free(basedn); + if (ret != LDB_SUCCESS) { + return NT_STATUS_LDAP(ret); + } else if (r->count != 1) { + talloc_free(r); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + old_dn = ldb_dn_new(r, s->ldap2.ldb, s->dest_dsa.computer_dn_str); + NT_STATUS_HAVE_NO_MEMORY(old_dn); + + new_dn = r->msgs[0]->dn; + + if (!ldb_dn_add_child_fmt(new_dn, "CN=%s", s->dest_dsa.netbios_name)) { + talloc_free(r); + return NT_STATUS_NO_MEMORY; + } + + if (ldb_dn_compare(old_dn, new_dn) == 0) { + /* we don't need to rename if the old and new dn match */ + talloc_free(r); + return NT_STATUS_OK; + } + + ret = ldb_rename(s->ldap2.ldb, old_dn, new_dn); + talloc_free(r); + if (ret != LDB_SUCCESS) { + return NT_STATUS_LDAP(ret); + } + + return NT_STATUS_OK; +} + +static void becomeDC_connect_ldap2(struct libnet_BecomeDC_state *s) +{ + struct composite_context *c = s->creq; + + c->status = becomeDC_ldap_connect(s, &s->ldap2); + if (!composite_is_ok(c)) return; + + c->status = becomeDC_ldap2_modify_computer(s); + if (!composite_is_ok(c)) return; + + c->status = becomeDC_ldap2_move_computer(s); if (!composite_is_ok(c)) return; composite_error(c, NT_STATUS_NOT_IMPLEMENTED); |