diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-13 12:52:56 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:00 -0500 |
| commit | b15582ed816f3d477f978976f43b82cfa90bf6dc (patch) | |
| tree | 01a6d0f6eaa039fe1262945c7dc2320f942e379a /source4/libnet/libnet_vampire.c | |
| parent | 867ae22a9bf4cfe829e405fcbbb9de994505fc30 (diff) | |
| download | samba-b15582ed816f3d477f978976f43b82cfa90bf6dc.tar.gz samba-b15582ed816f3d477f978976f43b82cfa90bf6dc.tar.bz2 samba-b15582ed816f3d477f978976f43b82cfa90bf6dc.zip | |
r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect to
the remote sever, and to query it for domain information.
Provide and use this information in the SamSync/Vampire callbacks, to allow a
parallel connection to LDAP, if we are talking to AD. This allows us
to get at some important attributes not exposed in the old protocol.
With this, we are able to do a all-GUI vampire of a AD domain from
SWAT, including getting all the SIDs, servicePrincipalNames and the
like correct.
Andrew Bartlett
(This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
Diffstat (limited to 'source4/libnet/libnet_vampire.c')
| -rw-r--r-- | source4/libnet/libnet_vampire.c | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index da8c3b49d1..b9fb37fea6 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -152,7 +152,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx struct cli_credentials *machine_account; struct dcerpc_pipe *p; struct libnet_context *machine_net_ctx; - struct libnet_RpcConnect *c; + struct libnet_RpcConnectDCInfo *c; const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS}; int i; @@ -187,7 +187,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - c = talloc(samsync_ctx, struct libnet_RpcConnect); + c = talloc(samsync_ctx, struct libnet_RpcConnectDCInfo); if (!c) { r->out.error_string = NULL; talloc_free(samsync_ctx); @@ -217,7 +217,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx machine_net_ctx->cred = machine_account; /* connect to the NETLOGON pipe of the PDC */ - nt_status = libnet_RpcConnect(machine_net_ctx, c, c); + nt_status = libnet_RpcConnectDCInfo(machine_net_ctx, c); if (!NT_STATUS_IS_OK(nt_status)) { if (r->in.binding_string) { r->out.error_string = talloc_asprintf(mem_ctx, @@ -258,6 +258,26 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx return nt_status; } + /* initialise the callback layer. It may wish to contact the + * server with ldap, now we know the name */ + + if (r->in.init_fn) { + char *error_string; + nt_status = r->in.init_fn(samsync_ctx, + r->in.fn_ctx, + machine_net_ctx, + p, + c->out.domain_name, + c->out.domain_sid, + c->out.realm, + &error_string); + if (!NT_STATUS_IS_OK(nt_status)) { + r->out.error_string = talloc_steal(mem_ctx, error_string); + talloc_free(samsync_ctx); + return nt_status; + } + } + /* get NETLOGON credentails */ nt_status = dcerpc_schannel_creds(p->conn->security_state.generic_state, samsync_ctx, &creds); @@ -285,13 +305,13 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync); if (!NT_STATUS_IS_OK(dbsync_nt_status) && !NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)) { - r->out.error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status)); + r->out.error_string = talloc_asprintf(mem_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status)); talloc_free(samsync_ctx); return nt_status; } if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) { - r->out.error_string = talloc_strdup(samsync_ctx, "Credential chaining failed"); + r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed"); talloc_free(samsync_ctx); return NT_STATUS_ACCESS_DENIED; } @@ -310,7 +330,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx &dbsync.out.delta_enum_array->delta_enum[d], &error_string); if (!NT_STATUS_IS_OK(nt_status)) { - r->out.error_string = talloc_steal(samsync_ctx, error_string); + r->out.error_string = talloc_steal(mem_ctx, error_string); talloc_free(samsync_ctx); return nt_status; } @@ -320,12 +340,11 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx * write to an ldb */ nt_status = r->in.delta_fn(delta_ctx, r->in.fn_ctx, - creds, dbsync.in.database_id, &dbsync.out.delta_enum_array->delta_enum[d], &error_string); if (!NT_STATUS_IS_OK(nt_status)) { - r->out.error_string = talloc_steal(samsync_ctx, error_string); + r->out.error_string = talloc_steal(mem_ctx, error_string); talloc_free(samsync_ctx); return nt_status; } @@ -333,7 +352,13 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx } talloc_free(loop_ctx); } while (NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)); - nt_status = dbsync_nt_status; + + if (!NT_STATUS_IS_OK(dbsync_nt_status)) { + r->out.error_string = talloc_asprintf(mem_ctx, "libnet_SamSync_netlogon failed: unexpected inconsistancy. Should not get error %s here", nt_errstr(nt_status)); + talloc_free(samsync_ctx); + return dbsync_nt_status; + } + nt_status = NT_STATUS_OK; } talloc_free(samsync_ctx); return nt_status; |