mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
samba-tool trust: support discovery via netr_GetDcName
In case a remote DC does not support netr_DsRGetDCNameEx2(), use netr_GetDcName() instead. This should help with FreeIPA where embedded smbd runs as a domain controller but does not implement full Active Directory compatibility. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13538 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Tue Jul 24 09:55:23 CEST 2018 on sn-devel-144
This commit is contained in:
parent
6800077c5c
commit
c390728819
@ -1876,6 +1876,15 @@ class DomainTrustCommand(Command):
|
|||||||
|
|
||||||
return (policy, info)
|
return (policy, info)
|
||||||
|
|
||||||
|
def get_netlogon_dc_unc(self, conn, server, domain):
|
||||||
|
try:
|
||||||
|
info = conn.netr_DsRGetDCNameEx2(server,
|
||||||
|
None, 0, None, None, None,
|
||||||
|
netlogon.DS_RETURN_DNS_NAME)
|
||||||
|
return info.dc_unc
|
||||||
|
except RuntimeError:
|
||||||
|
return conn.netr_GetDcName(server, domain)
|
||||||
|
|
||||||
def get_netlogon_dc_info(self, conn, server):
|
def get_netlogon_dc_info(self, conn, server):
|
||||||
info = conn.netr_DsRGetDCNameEx2(server,
|
info = conn.netr_DsRGetDCNameEx2(server,
|
||||||
None, 0, None, None, None,
|
None, 0, None, None, None,
|
||||||
@ -2509,7 +2518,8 @@ class cmd_domain_trust_create(DomainTrustCommand):
|
|||||||
raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server")
|
raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server)
|
remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon,
|
||||||
|
remote_server, domain)
|
||||||
except RuntimeError as error:
|
except RuntimeError as error:
|
||||||
raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info")
|
raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info")
|
||||||
|
|
||||||
@ -2659,9 +2669,9 @@ class cmd_domain_trust_create(DomainTrustCommand):
|
|||||||
# this triggers netr_GetForestTrustInformation to our domain.
|
# this triggers netr_GetForestTrustInformation to our domain.
|
||||||
# and lsaRSetForestTrustInformation() remotely, but new top level
|
# and lsaRSetForestTrustInformation() remotely, but new top level
|
||||||
# names are disabled by default.
|
# names are disabled by default.
|
||||||
remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc,
|
remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc,
|
||||||
local_lsa_info.dns_domain.string,
|
local_lsa_info.dns_domain.string,
|
||||||
netlogon.DS_GFTI_UPDATE_TDO)
|
netlogon.DS_GFTI_UPDATE_TDO)
|
||||||
except RuntimeError as error:
|
except RuntimeError as error:
|
||||||
raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
|
raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
|
||||||
|
|
||||||
@ -2712,10 +2722,10 @@ class cmd_domain_trust_create(DomainTrustCommand):
|
|||||||
if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
|
if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
|
||||||
self.outf.write("Validating incoming trust...\n")
|
self.outf.write("Validating incoming trust...\n")
|
||||||
try:
|
try:
|
||||||
remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc,
|
remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc,
|
||||||
netlogon.NETLOGON_CONTROL_TC_VERIFY,
|
netlogon.NETLOGON_CONTROL_TC_VERIFY,
|
||||||
2,
|
2,
|
||||||
local_lsa_info.dns_domain.string)
|
local_lsa_info.dns_domain.string)
|
||||||
except RuntimeError as error:
|
except RuntimeError as error:
|
||||||
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
|
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user