diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libnet/libnet_unbecome_dc.c | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 4e12ca7c8d..c0629a6949 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -26,6 +26,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/db_wrap.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/flags.h" struct libnet_UnbecomeDC_state { struct composite_context *creq; @@ -185,6 +186,86 @@ static NTSTATUS unbecomeDC_ldap_rootdse(struct libnet_UnbecomeDC_state *s) return NT_STATUS_OK; } +static NTSTATUS unbecomeDC_ldap_computer_object(struct libnet_UnbecomeDC_state *s) +{ + int ret; + struct ldb_result *r; + struct ldb_dn *basedn; + char *filter; + static const char *attrs[] = { + "distinguishedName", + "userAccountControl", + NULL + }; + + basedn = ldb_dn_new(s, s->ldap.ldb, s->domain.dn_str); + NT_STATUS_HAVE_NO_MEMORY(basedn); + + filter = talloc_asprintf(basedn, "(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=%s$))", + s->dest_dsa.netbios_name); + NT_STATUS_HAVE_NO_MEMORY(filter); + + ret = ldb_search(s->ldap.ldb, basedn, LDB_SCOPE_SUBTREE, + filter, attrs, &r); + talloc_free(basedn); + if (ret != LDB_SUCCESS) { + return NT_STATUS_LDAP(ret); + } else if (r->count != 1) { + talloc_free(r); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + s->dest_dsa.computer_dn_str = samdb_result_string(r->msgs[0], "distinguishedName", NULL); + if (!s->dest_dsa.computer_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE; + talloc_steal(s, s->dest_dsa.computer_dn_str); + + s->dest_dsa.user_account_control = samdb_result_uint(r->msgs[0], "userAccountControl", 0); + + talloc_free(r); + return NT_STATUS_OK; +} + +static NTSTATUS unbecomeDC_ldap_modify_computer(struct libnet_UnbecomeDC_state *s) +{ + int ret; + struct ldb_message *msg; + uint32_t user_account_control = UF_WORKSTATION_TRUST_ACCOUNT; + uint32_t i; + + /* as the value is already as we want it to be, we're done */ + if (s->dest_dsa.user_account_control == user_account_control) { + return NT_STATUS_OK; + } + + /* make a 'modify' msg, and only for serverReference */ + msg = ldb_msg_new(s); + NT_STATUS_HAVE_NO_MEMORY(msg); + msg->dn = ldb_dn_new(msg, s->ldap.ldb, s->dest_dsa.computer_dn_str); + NT_STATUS_HAVE_NO_MEMORY(msg->dn); + + ret = ldb_msg_add_fmt(msg, "userAccountControl", "%u", user_account_control); + if (ret != 0) { + talloc_free(msg); + return NT_STATUS_NO_MEMORY; + } + + /* mark all the message elements (should be just one) + as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + ret = ldb_modify(s->ldap.ldb, msg); + talloc_free(msg); + if (ret != LDB_SUCCESS) { + return NT_STATUS_LDAP(ret); + } + + s->dest_dsa.user_account_control = user_account_control; + + return NT_STATUS_OK; +} + static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s) { struct composite_context *c = s->creq; @@ -195,6 +276,12 @@ static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s) c->status = unbecomeDC_ldap_rootdse(s); if (!composite_is_ok(c)) return; + c->status = unbecomeDC_ldap_computer_object(s); + if (!composite_is_ok(c)) return; + + c->status = unbecomeDC_ldap_modify_computer(s); + if (!composite_is_ok(c)) return; + composite_error(c, NT_STATUS_NOT_IMPLEMENTED); } |