Link the new vampire code togeather.

This adds in the newly attached secrets handling, as well as an
interface to the command line 'net' tool.

Andrew Bartlett
(This used to be commit 1282e3c394)

source4/libnet/config.mk

@@ -1,5 +1,6 @@
 [SUBSYSTEM::LIBSAMBA-NET]
 PRIVATE_PROTO_HEADER = libnet_proto.h
+PRIVATE_DEPENDENCIES = PROVISION
 OBJ_FILES = \
 		libnet.o \
 		libnet_passwd.o \

source4/libnet/libnet_vampire.c

@@ -37,6 +37,7 @@
 #include "lib/ldb_wrap.h"
 #include "auth/auth.h"
 #include "param/param.h"
+#include "param/provision.h"
 
 /* 
 List of tasks vampire.py must perform:
@@ -52,7 +53,6 @@ List of tasks vampire.py must perform:
 
 */
 struct vampire_state {
-	struct libnet_context *ctx;
 	const char *netbios_name;
 	struct libnet_JoinDomain *join;
 	struct cli_credentials *machine_account;
@@ -93,7 +93,7 @@ static NTSTATUS vampire_prepare_db(void *private_data,
 	settings.schema_dn_str = p->forest->schema_dn_str;
 	settings.netbios_name = p->dest_dsa->netbios_name;
 	settings.realm = s->join->out.realm;
-	settings.domain = s->join->out.domain;
+	settings.domain = s->join->out.domain_name;
 	settings.server_dn_str = p->dest_dsa->server_dn_str;
 	settings.machine_password = generate_random_str(s, 16);
 	settings.targetdir = s->targetdir;
@@ -115,18 +115,13 @@ static NTSTATUS vampire_prepare_db(void *private_data,
 		return NT_STATUS_INTERNAL_DB_ERROR;
 	}
 	
-	/* We must set these up to ensure the replMetaData is written correctly, before our NTDS Settings entry is replicated */
+	/* We must set these up to ensure the replMetaData is written correctly, 
+	   before our NTDS Settings entry is replicated */
 	ok = samdb_set_ntds_invocation_id(s->ldb, &p->dest_dsa->invocation_id);
 	if (!ok) {
 		DEBUG(0,("Failed to set cached ntds invocationId\n"));
 		return NT_STATUS_FOOBAR;
 	}
-	ok = samdb_set_ntds_objectGUID(s->ldb, &p->dest_dsa->ntds_guid);
-	if (!ok) {
-		DEBUG(0,("Failed to set cached ntds objectGUID\n"));
-		return NT_STATUS_FOOBAR;
-	}
-	
 	s->lp_ctx = lp_ctx;
 
         return NT_STATUS_OK;
@@ -591,10 +586,11 @@ static NTSTATUS vampire_store_chunk(void *private_data,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, 
-			struct libnet_vampire *r)
+NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, 
+			struct libnet_Vampire *r)
 {
 	struct libnet_JoinDomain *join;
+	struct libnet_set_join_secrets *set_secrets;
 	struct libnet_BecomeDC b;
 	struct libnet_UnbecomeDC u;
 	struct vampire_state *s;
@@ -651,6 +647,8 @@ NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
 	
 	s->join = join;
 
+	s->targetdir = r->in.targetdir;
+
 	ZERO_STRUCT(b);
 	b.in.domain_dns_name		= join->out.realm;
 	b.in.domain_netbios_name	= join->out.domain_name;
@@ -665,7 +663,7 @@ NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
 	b.in.callbacks.config_chunk	= vampire_store_chunk;
 	b.in.callbacks.domain_chunk	= vampire_store_chunk;
 
-	status = libnet_BecomeDC(s->ctx, s, &b);
+	status = libnet_BecomeDC(ctx, s, &b);
 	if (!NT_STATUS_IS_OK(status)) {
 		printf("libnet_BecomeDC() failed - %s\n", nt_errstr(status));
 		talloc_free(s);
@@ -703,4 +701,32 @@ NTSTATUS libnet_vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
 		talloc_free(s);
 		return NT_STATUS_INTERNAL_DB_ERROR;
 	}
+
+	set_secrets = talloc_zero(s, struct libnet_set_join_secrets);
+	if (!set_secrets) {
+		return NT_STATUS_NO_MEMORY;
+	}
+		
+	set_secrets->in.domain_name = join->out.domain_name;
+	set_secrets->in.realm = join->out.realm;
+	set_secrets->in.account_name = account_name;
+	set_secrets->in.netbios_name = netbios_name;
+	set_secrets->in.join_type = SEC_CHAN_BDC;
+	set_secrets->in.join_password = join->out.join_password;
+	set_secrets->in.kvno = join->out.kvno;
+	set_secrets->in.domain_sid = join->out.domain_sid;
+	
+	status = libnet_set_join_secrets(ctx, set_secrets, set_secrets);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_steal(mem_ctx, set_secrets->out.error_string);
+		talloc_free(s);
+		return status;
+	}
+
+	r->out.domain_name = talloc_steal(r, join->out.domain_name);
+	r->out.domain_sid = talloc_steal(r, join->out.domain_sid);
+	talloc_free(s);
+	
+	return NT_STATUS_OK;
+
 }

source4/libnet/libnet_vampire.h

@@ -22,13 +22,16 @@
 #ifndef __LIBNET_VAMPIRE_H__
 #define __LIBNET_VAMPIRE_H__
 
-struct libnet_vampire {
+struct libnet_Vampire {
 	struct {
 		const char *domain_name;
 		const char *netbios_name;
+		const char *targetdir;
 	} in;
 	
 	struct {
+		struct dom_sid *domain_sid;
+		const char *domain_name;
 		const char *error_string;
 	} out;
 };

source4/utils/net/net.c

@@ -102,7 +102,8 @@ static const struct net_functable net_functable[] = {
 	{"time", "get remote server's time\n", net_time, net_time_usage},
 	{"join", "join a domain\n", net_join, net_join_usage},
 	{"samdump", "dump the sam of a domain\n", net_samdump, net_samdump_usage},
-	{"samsync", "synchronise into the local ldb the sam of a domain\n", net_samsync_ldb, net_samsync_ldb_usage},
+	{"vampire", "join and syncronise an AD domain onto the local server\n", net_vampire, net_vampire_usage},
+	{"samsync", "synchronise into the local ldb the sam of an NT4 domain\n", net_samsync_ldb, net_samsync_ldb_usage},
 	{"user", "manage user accounts\n", net_user, net_user_usage},
 	{NULL, NULL, NULL, NULL}
 };

source4/utils/net/net_join.c

@@ -100,3 +100,70 @@ int net_join_help(struct net_context *ctx, int argc, const char **argv)
 	d_printf("Joins domain as either member or backup domain controller.\n");
 	return 0;	
 }
+
+int net_vampire(struct net_context *ctx, int argc, const char **argv) 
+{
+	NTSTATUS status;
+	struct libnet_context *libnetctx;
+	struct libnet_Vampire *r;
+	char *tmp, *targetdir = NULL;
+	const char *domain_name;
+
+	switch (argc) {
+		case 0: /* no args -> fail */
+			return net_vampire_usage(ctx, argc, argv);
+		case 1: /* only DOMAIN */
+			tmp = talloc_strdup(ctx->mem_ctx, argv[0]);
+			break;
+		case 2: /* domain and target dir */
+			tmp = talloc_strdup(ctx->mem_ctx, argv[0]);
+			targetdir = talloc_strdup(ctx->mem_ctx, argv[1]);
+			break;
+		default: /* too many args -> fail */
+			return net_vampire_usage(ctx, argc, argv);
+	}
+
+	domain_name = tmp;
+
+	libnetctx = libnet_context_init(NULL, ctx->lp_ctx);
+	if (!libnetctx) {
+		return -1;	
+	}
+	libnetctx->cred = ctx->credentials;
+	r = talloc(ctx->mem_ctx, struct libnet_Vampire);
+	if (!r) {
+		return -1;
+	}
+	/* prepare parameters for the vampire */
+	r->in.netbios_name  = lp_netbios_name(ctx->lp_ctx);
+	r->in.domain_name   = domain_name;
+	r->in.targetdir	    = targetdir;
+	r->out.error_string = NULL;
+
+	/* do the domain vampire */
+	status = libnet_Vampire(libnetctx, r, r);
+	
+	if (!NT_STATUS_IS_OK(status)) {
+		d_fprintf(stderr, "Vampire of domain failed: %s\n",
+			  r->out.error_string ? r->out.error_string : nt_errstr(status));
+		talloc_free(r);
+		talloc_free(libnetctx);
+		return -1;
+	}
+	d_printf("Vampired domain %s (%s)\n", r->out.domain_name, dom_sid_string(ctx->mem_ctx, r->out.domain_sid));
+
+	talloc_free(libnetctx);
+	return 0;
+}
+
+int net_vampire_usage(struct net_context *ctx, int argc, const char **argv)
+{
+	d_printf("net vampire <domain> [options]\n");
+	return 0;	
+}
+
+int net_vampire_help(struct net_context *ctx, int argc, const char **argv)
+{
+	d_printf("Vampires domain as either member or backup domain controller.\n");
+	return 0;	
+}

source4/utils/net/net_vampire.c

@@ -169,7 +169,7 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
 
 int net_samsync_ldb_usage(struct net_context *ctx, int argc, const char **argv)
 {
-	d_printf("net samsync_ldb\n");
+	d_printf("net samsync\n");
 	return 0;	
 }