From 8a982108a4f115e350c4246276f2ec886934c7fe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 9 Apr 2008 14:59:32 +1000 Subject: Link the new vampire code togeather. This adds in the newly attached secrets handling, as well as an interface to the command line 'net' tool. Andrew Bartlett (This used to be commit 1282e3c39479aa580124206814b493370d10690a) --- source4/libnet/config.mk | 1 + source4/libnet/libnet_vampire.c | 50 ++++++++++++++++++++++-------- source4/libnet/libnet_vampire.h | 5 ++- source4/utils/net/net.c | 3 +- source4/utils/net/net_join.c | 67 +++++++++++++++++++++++++++++++++++++++++ source4/utils/net/net_vampire.c | 2 +- 6 files changed, 113 insertions(+), 15 deletions(-) diff --git a/source4/libnet/config.mk b/source4/libnet/config.mk index 0890941398..231d67cf35 100644 --- a/source4/libnet/config.mk +++ b/source4/libnet/config.mk @@ -1,5 +1,6 @@ [SUBSYSTEM::LIBSAMBA-NET] PRIVATE_PROTO_HEADER = libnet_proto.h +PRIVATE_DEPENDENCIES = PROVISION OBJ_FILES = \ libnet.o \ libnet_passwd.o \ diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index cd9167f541..476b97954f 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -37,6 +37,7 @@ #include "lib/ldb_wrap.h" #include "auth/auth.h" #include "param/param.h" +#include "param/provision.h" /* List of tasks vampire.py must perform: @@ -52,7 +53,6 @@ List of tasks vampire.py must perform: */ struct vampire_state { - struct libnet_context *ctx; const char *netbios_name; struct libnet_JoinDomain *join; struct cli_credentials *machine_account; @@ -93,7 +93,7 @@ static NTSTATUS vampire_prepare_db(void *private_data, settings.schema_dn_str = p->forest->schema_dn_str; settings.netbios_name = p->dest_dsa->netbios_name; settings.realm = s->join->out.realm; - settings.domain = s->join->out.domain; + settings.domain = s->join->out.domain_name; settings.server_dn_str = p->dest_dsa->server_dn_str; settings.machine_password = generate_random_str(s, 16); settings.targetdir = s->targetdir; @@ -115,18 +115,13 @@ static NTSTATUS vampire_prepare_db(void *private_data, return NT_STATUS_INTERNAL_DB_ERROR; } - /* We must set these up to ensure the replMetaData is written correctly, before our NTDS Settings entry is replicated */ + /* We must set these up to ensure the replMetaData is written correctly, + before our NTDS Settings entry is replicated */ ok = samdb_set_ntds_invocation_id(s->ldb, &p->dest_dsa->invocation_id); if (!ok) { DEBUG(0,("Failed to set cached ntds invocationId\n")); return NT_STATUS_FOOBAR; } - ok = samdb_set_ntds_objectGUID(s->ldb, &p->dest_dsa->ntds_guid); - if (!ok) { - DEBUG(0,("Failed to set cached ntds objectGUID\n")); - return NT_STATUS_FOOBAR; - } - s->lp_ctx = lp_ctx; return NT_STATUS_OK; @@ -591,10 +586,11 @@ static NTSTATUS vampire_store_chunk(void *private_data, return NT_STATUS_OK; } -NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, - struct libnet_vampire *r) +NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, + struct libnet_Vampire *r) { struct libnet_JoinDomain *join; + struct libnet_set_join_secrets *set_secrets; struct libnet_BecomeDC b; struct libnet_UnbecomeDC u; struct vampire_state *s; @@ -651,6 +647,8 @@ NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s->join = join; + s->targetdir = r->in.targetdir; + ZERO_STRUCT(b); b.in.domain_dns_name = join->out.realm; b.in.domain_netbios_name = join->out.domain_name; @@ -665,7 +663,7 @@ NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, b.in.callbacks.config_chunk = vampire_store_chunk; b.in.callbacks.domain_chunk = vampire_store_chunk; - status = libnet_BecomeDC(s->ctx, s, &b); + status = libnet_BecomeDC(ctx, s, &b); if (!NT_STATUS_IS_OK(status)) { printf("libnet_BecomeDC() failed - %s\n", nt_errstr(status)); talloc_free(s); @@ -703,4 +701,32 @@ NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, talloc_free(s); return NT_STATUS_INTERNAL_DB_ERROR; } + + set_secrets = talloc_zero(s, struct libnet_set_join_secrets); + if (!set_secrets) { + return NT_STATUS_NO_MEMORY; + } + + set_secrets->in.domain_name = join->out.domain_name; + set_secrets->in.realm = join->out.realm; + set_secrets->in.account_name = account_name; + set_secrets->in.netbios_name = netbios_name; + set_secrets->in.join_type = SEC_CHAN_BDC; + set_secrets->in.join_password = join->out.join_password; + set_secrets->in.kvno = join->out.kvno; + set_secrets->in.domain_sid = join->out.domain_sid; + + status = libnet_set_join_secrets(ctx, set_secrets, set_secrets); + if (!NT_STATUS_IS_OK(status)) { + r->out.error_string = talloc_steal(mem_ctx, set_secrets->out.error_string); + talloc_free(s); + return status; + } + + r->out.domain_name = talloc_steal(r, join->out.domain_name); + r->out.domain_sid = talloc_steal(r, join->out.domain_sid); + talloc_free(s); + + return NT_STATUS_OK; + } diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h index af461139ff..5e0c7594b2 100644 --- a/source4/libnet/libnet_vampire.h +++ b/source4/libnet/libnet_vampire.h @@ -22,13 +22,16 @@ #ifndef __LIBNET_VAMPIRE_H__ #define __LIBNET_VAMPIRE_H__ -struct libnet_vampire { +struct libnet_Vampire { struct { const char *domain_name; const char *netbios_name; + const char *targetdir; } in; struct { + struct dom_sid *domain_sid; + const char *domain_name; const char *error_string; } out; }; diff --git a/source4/utils/net/net.c b/source4/utils/net/net.c index e0865c4416..c908ea6279 100644 --- a/source4/utils/net/net.c +++ b/source4/utils/net/net.c @@ -102,7 +102,8 @@ static const struct net_functable net_functable[] = { {"time", "get remote server's time\n", net_time, net_time_usage}, {"join", "join a domain\n", net_join, net_join_usage}, {"samdump", "dump the sam of a domain\n", net_samdump, net_samdump_usage}, - {"samsync", "synchronise into the local ldb the sam of a domain\n", net_samsync_ldb, net_samsync_ldb_usage}, + {"vampire", "join and syncronise an AD domain onto the local server\n", net_vampire, net_vampire_usage}, + {"samsync", "synchronise into the local ldb the sam of an NT4 domain\n", net_samsync_ldb, net_samsync_ldb_usage}, {"user", "manage user accounts\n", net_user, net_user_usage}, {NULL, NULL, NULL, NULL} }; diff --git a/source4/utils/net/net_join.c b/source4/utils/net/net_join.c index 08a4fbd4a1..abdcbf6027 100644 --- a/source4/utils/net/net_join.c +++ b/source4/utils/net/net_join.c @@ -100,3 +100,70 @@ int net_join_help(struct net_context *ctx, int argc, const char **argv) d_printf("Joins domain as either member or backup domain controller.\n"); return 0; } + +int net_vampire(struct net_context *ctx, int argc, const char **argv) +{ + NTSTATUS status; + struct libnet_context *libnetctx; + struct libnet_Vampire *r; + char *tmp, *targetdir = NULL; + const char *domain_name; + + switch (argc) { + case 0: /* no args -> fail */ + return net_vampire_usage(ctx, argc, argv); + case 1: /* only DOMAIN */ + tmp = talloc_strdup(ctx->mem_ctx, argv[0]); + break; + case 2: /* domain and target dir */ + tmp = talloc_strdup(ctx->mem_ctx, argv[0]); + targetdir = talloc_strdup(ctx->mem_ctx, argv[1]); + break; + default: /* too many args -> fail */ + return net_vampire_usage(ctx, argc, argv); + } + + domain_name = tmp; + + libnetctx = libnet_context_init(NULL, ctx->lp_ctx); + if (!libnetctx) { + return -1; + } + libnetctx->cred = ctx->credentials; + r = talloc(ctx->mem_ctx, struct libnet_Vampire); + if (!r) { + return -1; + } + /* prepare parameters for the vampire */ + r->in.netbios_name = lp_netbios_name(ctx->lp_ctx); + r->in.domain_name = domain_name; + r->in.targetdir = targetdir; + r->out.error_string = NULL; + + /* do the domain vampire */ + status = libnet_Vampire(libnetctx, r, r); + + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Vampire of domain failed: %s\n", + r->out.error_string ? r->out.error_string : nt_errstr(status)); + talloc_free(r); + talloc_free(libnetctx); + return -1; + } + d_printf("Vampired domain %s (%s)\n", r->out.domain_name, dom_sid_string(ctx->mem_ctx, r->out.domain_sid)); + + talloc_free(libnetctx); + return 0; +} + +int net_vampire_usage(struct net_context *ctx, int argc, const char **argv) +{ + d_printf("net vampire [options]\n"); + return 0; +} + +int net_vampire_help(struct net_context *ctx, int argc, const char **argv) +{ + d_printf("Vampires domain as either member or backup domain controller.\n"); + return 0; +} diff --git a/source4/utils/net/net_vampire.c b/source4/utils/net/net_vampire.c index c798112d7b..4f6371d617 100644 --- a/source4/utils/net/net_vampire.c +++ b/source4/utils/net/net_vampire.c @@ -169,7 +169,7 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv) int net_samsync_ldb_usage(struct net_context *ctx, int argc, const char **argv) { - d_printf("net samsync_ldb\n"); + d_printf("net samsync\n"); return 0; } -- cgit