s3-dssync-passdb: add basic routines and net function.

Guenther

4 files changed, 157 insertions, 2 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 7e07435bbf..b891dcde53 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1123,6 +1123,7 @@ LIBNET_OBJ = libnet/libnet_join.o \
 	     librpc/gen_ndr/ndr_libnet_join.o
 
 LIBNET_DSSYNC_OBJ = libnet/libnet_dssync.o \
+		    libnet/libnet_dssync_passdb.o \
 		    libnet/libnet_dssync_keytab.o \
 		    ../libcli/drsuapi/repl_decrypt.o
 
diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h
index f47365263f..d426d8bedc 100644
--- a/source3/libnet/libnet_dssync.h
+++ b/source3/libnet/libnet_dssync.h
@@ -63,6 +63,7 @@ struct dssync_context {
 };
 
 extern const struct dssync_ops libnet_dssync_keytab_ops;
+extern const struct dssync_ops libnet_dssync_passdb_ops;
 
 /* The following definitions come from libnet/libnet_dssync.c  */
 
diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c
new file mode 100644
index 0000000000..7e7e14b49c
--- /dev/null
+++ b/source3/libnet/libnet_dssync_passdb.c
@@ -0,0 +1,59 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Guenther Deschner <gd@samba.org> 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet_dssync.h"
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS passdb_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+			       struct replUpToDateVectorBlob **pold_utdv)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS passdb_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+			      struct replUpToDateVectorBlob *new_utdv)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS passdb_process_objects(struct dssync_context *ctx,
+				       TALLOC_CTX *mem_ctx,
+				       struct drsuapi_DsReplicaObjectListItemEx *cur,
+				       struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+const struct dssync_ops libnet_dssync_passdb_ops = {
+	.startup		= passdb_startup,
+	.process_objects	= passdb_process_objects,
+	.finish			= passdb_finish,
+};
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index cd7131bd89..72fa460b88 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -174,6 +174,58 @@ int rpc_vampire_usage(struct net_context *c, int argc, const char **argv)
 	return -1;
 }
 
+static NTSTATUS rpc_vampire_ds_internals(struct net_context *c,
+					 const struct dom_sid *domain_sid,
+					 const char *domain_name,
+					 struct cli_state *cli,
+					 struct rpc_pipe_client *pipe_hnd,
+					 TALLOC_CTX *mem_ctx,
+					 int argc,
+					 const char **argv)
+{
+	NTSTATUS status;
+	struct dssync_context *ctx = NULL;
+
+	if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
+		d_printf(_("Cannot import users from %s at this time, "
+			   "as the current domain:\n\t%s: %s\nconflicts "
+			   "with the remote domain\n\t%s: %s\n"
+			   "Perhaps you need to set: \n\n\tsecurity=user\n\t"
+			   "workgroup=%s\n\n in your smb.conf?\n"),
+			 domain_name,
+			 get_global_sam_name(),
+			 sid_string_dbg(get_global_sam_sid()),
+			 domain_name,
+			 sid_string_dbg(domain_sid),
+			 domain_name);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	status = libnet_dssync_init_context(mem_ctx,
+					    &ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	ctx->cli		= pipe_hnd;
+	ctx->domain_name	= domain_name;
+	ctx->ops		= &libnet_dssync_passdb_ops;
+
+	status = libnet_dssync(mem_ctx, ctx);
+	if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
+		d_fprintf(stderr, "%s\n", ctx->error_message);
+		goto out;
+	}
+
+	if (ctx->result_message) {
+		d_fprintf(stdout, "%s\n", ctx->result_message);
+	}
+
+ out:
+	TALLOC_FREE(ctx);
+
+	return status;
+}
 
 /* dump sam database via samsync rpc calls */
 static NTSTATUS rpc_vampire_internals(struct net_context *c,
@@ -256,6 +308,11 @@ static NTSTATUS rpc_vampire_internals(struct net_context *c,
 
 int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
 {
+	int ret = 0;
+	NTSTATUS status;
+	struct cli_state *cli = NULL;
+	struct net_dc_info dc_info;
+
 	if (c->display_usage) {
 		d_printf(  "%s\n"
 			   "net rpc vampire passdb\n"
@@ -265,8 +322,45 @@ int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
 		return 0;
 	}
 
-	return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
-			       rpc_vampire_internals, argc, argv);
+	status = net_make_ipc_connection(c, 0, &cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+	status = net_scan_dc(c, cli, &dc_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+	if (!dc_info.is_ad) {
+		printf(_("DC is not running Active Directory\n"));
+		ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id,
+				      0,
+				      rpc_vampire_internals, argc, argv);
+		return ret;
+	}
+
+	if (!c->opt_force) {
+		d_printf(  "%s\n"
+			   "net rpc vampire passdb\n"
+			   "    %s\n",
+			 _("Usage:"),
+			 _("Should not be used against Active Directory, maybe use --force"));
+		return -1;
+	}
+
+	ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id,
+			      NET_FLAGS_SEAL | NET_FLAGS_TCP,
+			      rpc_vampire_ds_internals, argc, argv);
+	if (ret != 0 && dc_info.is_mixed_mode) {
+		printf(_("Fallback to NT4 vampire on Mixed-Mode AD "
+			 "Domain\n"));
+		ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id,
+				      0,
+				      rpc_vampire_internals, argc, argv);
+	}
+
+	return ret;
 }
 
 static NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,