sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code
samba-mirror/source4/utils/net/net_vampire.c

250 lines
6.1 KiB
C
Raw Normal View History

r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
/*
Samba Unix/Linux SMB client library
Distributed SMB/CIFS Server Management Utility
Copyright (C) 2004 Stefan Metzmacher <metze@samba.org>
Copyright (C) 2005 Andrew Bartlett <abartlet@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
*/
#include "includes.h"
#include "utils/net/net.h"
#include "libnet/libnet.h"
r14464: Don't include ndr_BASENAME.h files unless strictly required, instead try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2006-03-16 00:23:11 +00:00
#include "librpc/gen_ndr/samr.h"
r12928: This patch improves the interaction between the vampire and provsion code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2006-01-14 06:17:24 +00:00
#include "auth/auth.h"
s4:net Move net_vampire() to net_vampire.c
2009-07-06 16:41:42 +10:00
#include "libcli/security/security.h"
r26252: Specify loadparm_context explicitly when creating sessions. (This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-03 15:53:28 +01:00
#include "param/param.h"
Fix problems with event context not being the parent. (This used to be commit 957c4d893acf9e6db06a3fc3a4687ab6bb238635)
2008-04-14 12:43:37 -04:00
#include "lib/events/events.h"
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
static int net_samdump_keytab_usage(struct net_context *ctx, int argc, const char **argv)
{
d_printf("net samdump keytab <keytab>\n");
return 0;
}
static int net_samdump_keytab_help(struct net_context *ctx, int argc, const char **argv)
{
d_printf("Dumps kerberos keys of a domain into a keytab.\n");
return 0;
}
static int net_samdump_keytab(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_SamDump_keytab r;
switch (argc) {
case 0:
return net_samdump_keytab_usage(ctx, argc, argv);
break;
case 1:
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.in.keytab_name = argv[0];
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
break;
}
Avoid event_find_context() when the event context is already available in the net utility. (This used to be commit d40804777edf41889bd461f63f7a07cc1cc60e27)
2008-04-16 22:30:15 +02:00
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
Fix problems with event context not being the parent. (This used to be commit 957c4d893acf9e6db06a3fc3a4687ab6bb238635)
2008-04-14 12:43:37 -04:00
status = libnet_SamDump_keytab(libnetctx, ctx, &r);
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.out.error_string));
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
return -1;
}
talloc_free(libnetctx);
return 0;
}
/* main function table */
static const struct net_functable net_samdump_functable[] = {
{"keytab", "dump keys into a keytab\n", net_samdump_keytab, net_samdump_keytab_usage},
{NULL, NULL, NULL, NULL}
};
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
int net_samdump(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
r8748: fixed build. Andrew, please check. (This used to be commit 9411bd4e5e7ac9fd0aacd1432de967eda45e64f4)
2005-07-25 04:15:57 +00:00
struct libnet_SamDump r;
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
int rc;
switch (argc) {
case 0:
break;
case 1:
default:
rc = net_run_function(ctx, argc, argv, net_samdump_functable,
net_samdump_usage);
return rc;
}
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
Avoid event_find_context() when the event context is already available in the net utility. (This used to be commit d40804777edf41889bd461f63f7a07cc1cc60e27)
2008-04-16 22:30:15 +02:00
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
if (!libnetctx) {
return -1;
}
r7249: Cope with struct member rename (This used to be commit e7549f33f5fb06d8b2a8f31745545cc7b9c8d4f9)
2005-06-03 21:30:07 +00:00
libnetctx->cred = ctx->credentials;
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
Fix problems with event context not being the parent. (This used to be commit 957c4d893acf9e6db06a3fc3a4687ab6bb238635)
2008-04-14 12:43:37 -04:00
status = libnet_SamDump(libnetctx, ctx, &r);
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.out.error_string));
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
return -1;
}
r7633: this patch started as an attempt to make the dcerpc code use a given event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2005-06-16 11:36:09 +00:00
talloc_free(libnetctx);
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
return 0;
}
int net_samdump_usage(struct net_context *ctx, int argc, const char **argv)
{
d_printf("net samdump\n");
r12411: Add 'net samdump keytab <keytab>'. This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2005-12-21 22:02:52 +00:00
d_printf("net samdump keytab <keytab>\n");
r6573: Start on my project to implement an NT4 compatible BDC in Samba4. This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2005-05-02 14:17:19 +00:00
return 0;
}
int net_samdump_help(struct net_context *ctx, int argc, const char **argv)
{
d_printf("Dumps the sam of the domain we are joined to.\n");
return 0;
}
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_samsync_ldb r;
Avoid event_find_context() when the event context is already available in the net utility. (This used to be commit d40804777edf41889bd461f63f7a07cc1cc60e27)
2008-04-16 22:30:15 +02:00
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
r12928: This patch improves the interaction between the vampire and provsion code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2006-01-14 06:17:24 +00:00
/* Needed to override the ACLs on ldb */
r26295: Remove use of global_loadparm for net and wb_pam_auth. (This used to be commit 47696b42987ea67ae1c6c09a4bec5858e5db4542)
2007-12-04 19:33:00 +01:00
r.in.session_info = system_session(libnetctx, ctx->lp_ctx);
r12928: This patch improves the interaction between the vampire and provsion code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2006-01-14 06:17:24 +00:00
status = libnet_samsync_ldb(libnetctx, libnetctx, &r);
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_samsync_ldb returned %s: %s\n",
nt_errstr(status),
r12865: Upgrade the librpc and libnet code. In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2006-01-12 09:33:49 +00:00
r.out.error_string));
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
return -1;
}
talloc_free(libnetctx);
return 0;
}
int net_samsync_ldb_usage(struct net_context *ctx, int argc, const char **argv)
{
Link the new vampire code togeather. This adds in the newly attached secrets handling, as well as an interface to the command line 'net' tool. Andrew Bartlett (This used to be commit 1282e3c39479aa580124206814b493370d10690a)
2008-04-09 14:59:32 +10:00
d_printf("net samsync\n");
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
return 0;
}
int net_samsync_ldb_help(struct net_context *ctx, int argc, const char **argv)
{
r15490: Typo fixes and remove long forgotten commented piece. rafal (This used to be commit a2f6dc786031aa368b0398c21baf18cf82375c46)
2006-05-07 13:40:56 +00:00
d_printf("Synchronise into the local ldb the SAM of a domain.\n");
r8752: With all the infrustructure done, details like a SamSync migration into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)
2005-07-25 06:33:51 +00:00
return 0;
}
s4:net Move net_vampire() to net_vampire.c
2009-07-06 16:41:42 +10:00
int net_vampire(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_Vampire *r;
char *tmp, *targetdir = NULL;
const char *domain_name;
switch (argc) {
case 0: /* no args -> fail */
return net_vampire_usage(ctx, argc, argv);
case 1: /* only DOMAIN */
tmp = talloc_strdup(ctx, argv[0]);
break;
case 2: /* domain and target dir */
tmp = talloc_strdup(ctx, argv[0]);
targetdir = talloc_strdup(ctx, argv[1]);
break;
default: /* too many args -> fail */
return net_vampire_usage(ctx, argc, argv);
}
domain_name = tmp;
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r = talloc(ctx, struct libnet_Vampire);
if (!r) {
return -1;
}
/* prepare parameters for the vampire */
r->in.netbios_name = lp_netbios_name(ctx->lp_ctx);
r->in.domain_name = domain_name;
r->in.targetdir = targetdir;
r->out.error_string = NULL;
/* do the domain vampire */
status = libnet_Vampire(libnetctx, r, r);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "Vampire of domain failed: %s\n",
r->out.error_string ? r->out.error_string : nt_errstr(status));
talloc_free(r);
talloc_free(libnetctx);
return -1;
}
d_printf("Vampired domain %s (%s)\n", r->out.domain_name, dom_sid_string(ctx, r->out.domain_sid));
talloc_free(libnetctx);
return 0;
}
int net_vampire_usage(struct net_context *ctx, int argc, const char **argv)
{
d_printf("net vampire <domain> [options]\n");
return 0;
}
int net_vampire_help(struct net_context *ctx, int argc, const char **argv)
{
d_printf("Join and synchronise a remote AD domain to the local server.\n");
return 0;
}
Copy Permalink