diff options
-rw-r--r-- | source3/Makefile.in | 1 | ||||
-rw-r--r-- | source3/libnet/libnet_dssync.h | 1 | ||||
-rw-r--r-- | source3/libnet/libnet_dssync_passdb.c | 59 | ||||
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 98 |
4 files changed, 157 insertions, 2 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 7e07435bbf..b891dcde53 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1123,6 +1123,7 @@ LIBNET_OBJ = libnet/libnet_join.o \ librpc/gen_ndr/ndr_libnet_join.o LIBNET_DSSYNC_OBJ = libnet/libnet_dssync.o \ + libnet/libnet_dssync_passdb.o \ libnet/libnet_dssync_keytab.o \ ../libcli/drsuapi/repl_decrypt.o diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index f47365263f..d426d8bedc 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -63,6 +63,7 @@ struct dssync_context { }; extern const struct dssync_ops libnet_dssync_keytab_ops; +extern const struct dssync_ops libnet_dssync_passdb_ops; /* The following definitions come from libnet/libnet_dssync.c */ diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c new file mode 100644 index 0000000000..7e7e14b49c --- /dev/null +++ b/source3/libnet/libnet_dssync_passdb.c @@ -0,0 +1,59 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Guenther Deschner <gd@samba.org> 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "libnet/libnet_dssync.h" + +/**************************************************************** +****************************************************************/ + +static NTSTATUS passdb_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob **pold_utdv) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS passdb_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob *new_utdv) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS passdb_process_objects(struct dssync_context *ctx, + TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur, + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +/**************************************************************** +****************************************************************/ + +const struct dssync_ops libnet_dssync_passdb_ops = { + .startup = passdb_startup, + .process_objects = passdb_process_objects, + .finish = passdb_finish, +}; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index cd7131bd89..72fa460b88 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -174,6 +174,58 @@ int rpc_vampire_usage(struct net_context *c, int argc, const char **argv) return -1; } +static NTSTATUS rpc_vampire_ds_internals(struct net_context *c, + const struct dom_sid *domain_sid, + const char *domain_name, + struct cli_state *cli, + struct rpc_pipe_client *pipe_hnd, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + struct dssync_context *ctx = NULL; + + if (!dom_sid_equal(domain_sid, get_global_sam_sid())) { + d_printf(_("Cannot import users from %s at this time, " + "as the current domain:\n\t%s: %s\nconflicts " + "with the remote domain\n\t%s: %s\n" + "Perhaps you need to set: \n\n\tsecurity=user\n\t" + "workgroup=%s\n\n in your smb.conf?\n"), + domain_name, + get_global_sam_name(), + sid_string_dbg(get_global_sam_sid()), + domain_name, + sid_string_dbg(domain_sid), + domain_name); + return NT_STATUS_UNSUCCESSFUL; + } + + status = libnet_dssync_init_context(mem_ctx, + &ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + ctx->cli = pipe_hnd; + ctx->domain_name = domain_name; + ctx->ops = &libnet_dssync_passdb_ops; + + status = libnet_dssync(mem_ctx, ctx); + if (!NT_STATUS_IS_OK(status) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); + goto out; + } + + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } + + out: + TALLOC_FREE(ctx); + + return status; +} /* dump sam database via samsync rpc calls */ static NTSTATUS rpc_vampire_internals(struct net_context *c, @@ -256,6 +308,11 @@ static NTSTATUS rpc_vampire_internals(struct net_context *c, int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv) { + int ret = 0; + NTSTATUS status; + struct cli_state *cli = NULL; + struct net_dc_info dc_info; + if (c->display_usage) { d_printf( "%s\n" "net rpc vampire passdb\n" @@ -265,8 +322,45 @@ int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, - rpc_vampire_internals, argc, argv); + status = net_make_ipc_connection(c, 0, &cli); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + status = net_scan_dc(c, cli, &dc_info); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + if (!dc_info.is_ad) { + printf(_("DC is not running Active Directory\n")); + ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id, + 0, + rpc_vampire_internals, argc, argv); + return ret; + } + + if (!c->opt_force) { + d_printf( "%s\n" + "net rpc vampire passdb\n" + " %s\n", + _("Usage:"), + _("Should not be used against Active Directory, maybe use --force")); + return -1; + } + + ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id, + NET_FLAGS_SEAL | NET_FLAGS_TCP, + rpc_vampire_ds_internals, argc, argv); + if (ret != 0 && dc_info.is_mixed_mode) { + printf(_("Fallback to NT4 vampire on Mixed-Mode AD " + "Domain\n")); + ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id, + 0, + rpc_vampire_internals, argc, argv); + } + + return ret; } static NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, |