From 2c029a8b96ae476f1d5c2abe14ee25f98a1513d8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 12 May 2006 15:17:35 +0000 Subject: r15543: New implementation of 'net ads join' to be more like Windows XP. The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b) --- source3/include/ads.h | 15 ------------ source3/include/ads_cldap.h | 58 +++++++++++++++++++++++++++++++++++++++++++++ source3/include/includes.h | 34 +------------------------- 3 files changed, 59 insertions(+), 48 deletions(-) create mode 100644 source3/include/ads_cldap.h (limited to 'source3/include') diff --git a/source3/include/ads.h b/source3/include/ads.h index f29c94bb90..48b9bbffa0 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -17,7 +17,6 @@ typedef struct { char *realm; char *workgroup; char *ldap_server; - char *ldap_uri; int foreign; /* set to 1 if connecting to a foreign realm */ } server; @@ -37,7 +36,6 @@ typedef struct { struct { char *realm; char *bind_path; - char *schema_path; char *ldap_server_name; time_t current_time; } config; @@ -219,19 +217,6 @@ typedef void **ADS_MODLIST; #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */ #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */ -/* Mailslot or cldap getdcname response flags */ -#define ADS_PDC 0x00000001 /* DC is PDC */ -#define ADS_GC 0x00000004 /* DC is a GC of forest */ -#define ADS_LDAP 0x00000008 /* DC is an LDAP server */ -#define ADS_DS 0x00000010 /* DC supports DS */ -#define ADS_KDC 0x00000020 /* DC is running KDC */ -#define ADS_TIMESERV 0x00000040 /* DC is running time services */ -#define ADS_CLOSEST 0x00000080 /* DC is closest to client */ -#define ADS_WRITABLE 0x00000100 /* DC has writable DS */ -#define ADS_GOOD_TIMESERV 0x00000200 /* DC has hardware clock - (and running time) */ -#define ADS_NDNC 0x00000400 /* DomainName is non-domain NC serviced - by LDAP server */ #define ADS_PINGS 0x0000FFFF /* Ping response */ #define ADS_DNS_CONTROLLER 0x20000000 /* DomainControllerName is a DNS name*/ #define ADS_DNS_DOMAIN 0x40000000 /* DomainName is a DNS name */ diff --git a/source3/include/ads_cldap.h b/source3/include/ads_cldap.h new file mode 100644 index 0000000000..65feb072e0 --- /dev/null +++ b/source3/include/ads_cldap.h @@ -0,0 +1,58 @@ +/* + Samba Unix/Linux SMB client library + net ads cldap functions + Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) + Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#define MAX_DNS_LABEL 255 + 1 + +struct cldap_netlogon_reply { + uint32 type; + uint32 flags; + UUID_FLAT guid; + + char forest[MAX_DNS_LABEL]; + char domain[MAX_DNS_LABEL]; + char hostname[MAX_DNS_LABEL]; + + char netbios_domain[MAX_DNS_LABEL]; + char netbios_hostname[MAX_DNS_LABEL]; + + char unk[MAX_DNS_LABEL]; + char user_name[MAX_DNS_LABEL]; + char site_name[MAX_DNS_LABEL]; + char site_name_2[MAX_DNS_LABEL]; + + uint32 version; + uint16 lmnt_token; + uint16 lm20_token; +}; + +/* Mailslot or cldap getdcname response flags */ +#define ADS_PDC 0x00000001 /* DC is PDC */ +#define ADS_GC 0x00000004 /* DC is a GC of forest */ +#define ADS_LDAP 0x00000008 /* DC is an LDAP server */ +#define ADS_DS 0x00000010 /* DC supports DS */ +#define ADS_KDC 0x00000020 /* DC is running KDC */ +#define ADS_TIMESERV 0x00000040 /* DC is running time services */ +#define ADS_CLOSEST 0x00000080 /* DC is closest to client */ +#define ADS_WRITABLE 0x00000100 /* DC has writable DS */ +#define ADS_GOOD_TIMESERV 0x00000200 /* DC has hardware clock (and running time) */ +#define ADS_NDNC 0x00000400 /* DomainName is non-domain NC serviced by LDAP server */ + + diff --git a/source3/include/includes.h b/source3/include/includes.h index 998a0715e2..a13cffea14 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -911,50 +911,29 @@ extern int errno; #include "messages.h" #include "charset.h" #include "dynconfig.h" - #include "util_getent.h" - #include "debugparse.h" - #include "version.h" - #include "privileges.h" - #include "smb.h" - +#include "ads_cldap.h" #include "nameserv.h" - #include "secrets.h" - #include "byteorder.h" - #include "privileges.h" - #include "rpc_misc.h" - #include "rpc_dce.h" - #include "mapping.h" - #include "passdb.h" - #include "rpc_secdes.h" - #include "authdata.h" - #include "msdfs.h" - #include "rap.h" - #include "md5.h" #include "hmacmd5.h" - #include "ntlmssp.h" - #include "auth.h" - #include "ntdomain.h" - #include "rpc_svcctl.h" #include "rpc_ntsvcs.h" #include "rpc_lsa.h" @@ -972,11 +951,8 @@ extern int errno; #include "rpc_shutdown.h" #include "rpc_perfcount.h" #include "rpc_perfcount_defs.h" - #include "nt_printing.h" - #include "idmap.h" - #include "client.h" #ifdef WITH_SMBWRAPPER @@ -984,21 +960,13 @@ extern int errno; #endif #include "session.h" - #include "asn_1.h" - #include "popt.h" - #include "mangle.h" - #include "module.h" - #include "nsswitch/winbind_client.h" - #include "spnego.h" - #include "rpc_client.h" - #include "event.h" /* -- cgit