sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-20 22:50:26 +03:00
Code

samba-tool trust: support discovery via netr_GetDcName

Browse Source 
In case a remote DC does not support netr_DsRGetDCNameEx2(),
use netr_GetDcName() instead.

This should help with FreeIPA where embedded smbd runs as a domain
controller but does not implement full Active Directory compatibility.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13538

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Jul 24 09:55:23 CEST 2018 on sn-devel-144

(cherry picked from commit c390728819e73cefbf02e0d52d22805930f4c45b)
This commit is contained in:
Alexander Bokovoy 2018-02-24 14:34:44 +02:00 committed by Karolin Seeger
parent a3c26b35d6
commit 0b3e00a622
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
python/samba/netcmd/domain.py
View File

@ -1869,6 +1869,15 @@ class DomainTrustCommand(Command):
return (policy, info)
def get_netlogon_dc_unc(self, conn, server, domain):
try:
info = conn.netr_DsRGetDCNameEx2(server,
None, 0, None, None, None,
netlogon.DS_RETURN_DNS_NAME)
return info.dc_unc
except RuntimeError:
return conn.netr_GetDcName(server, domain)
def get_netlogon_dc_info(self, conn, server):
info = conn.netr_DsRGetDCNameEx2(server,
None, 0, None, None, None,
@ -2502,7 +2511,8 @@ class cmd_domain_trust_create(DomainTrustCommand):
raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server")
try:
remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server)
remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon,
remote_server, domain)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info")
@ -2652,9 +2662,9 @@ class cmd_domain_trust_create(DomainTrustCommand):
# this triggers netr_GetForestTrustInformation to our domain.
# and lsaRSetForestTrustInformation() remotely, but new top level
# names are disabled by default.
remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc,
local_lsa_info.dns_domain.string,
netlogon.DS_GFTI_UPDATE_TDO)
remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc,
local_lsa_info.dns_domain.string,
netlogon.DS_GFTI_UPDATE_TDO)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
@ -2705,10 +2715,10 @@ class cmd_domain_trust_create(DomainTrustCommand):
if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
self.outf.write("Validating incoming trust...\n")
try:
remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc,
netlogon.NETLOGON_CONTROL_TC_VERIFY,
2,
local_lsa_info.dns_domain.string)
remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc,
netlogon.NETLOGON_CONTROL_TC_VERIFY,
2,
local_lsa_info.dns_domain.string)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")