mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4-netlogon: merge netr_DatabaseSync from s3 idl.
Guenther
This commit is contained in:
parent
f285af6367
commit
cbc0b63a77
@ -741,12 +741,12 @@ interface netlogon
|
||||
NTSTATUS netr_DatabaseSync(
|
||||
[in] [string,charset(UTF16)] uint16 logon_server[],
|
||||
[in] [string,charset(UTF16)] uint16 computername[],
|
||||
[in] netr_Authenticator credential,
|
||||
[in,ref] netr_Authenticator *credential,
|
||||
[in,out,ref] netr_Authenticator *return_authenticator,
|
||||
[in] netr_SamDatabaseID database_id,
|
||||
[in,out,ref] uint32 *sync_context,
|
||||
[in] uint32 preferredmaximumlength,
|
||||
[out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array
|
||||
[out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
|
||||
[in] uint32 preferredmaximumlength
|
||||
);
|
||||
|
||||
|
||||
|
@ -169,6 +169,8 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
|
||||
TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
|
||||
struct creds_CredentialState *creds;
|
||||
struct netr_DatabaseSync dbsync;
|
||||
struct netr_Authenticator credential, return_authenticator;
|
||||
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
|
||||
struct cli_credentials *machine_account;
|
||||
struct dcerpc_pipe *p;
|
||||
struct libnet_context *machine_net_ctx;
|
||||
@ -320,19 +322,30 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
|
||||
}
|
||||
|
||||
/* Setup details for the synchronisation */
|
||||
|
||||
ZERO_STRUCT(return_authenticator);
|
||||
|
||||
dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||
dbsync.in.computername = cli_credentials_get_workstation(machine_account);
|
||||
dbsync.in.preferredmaximumlength = (uint32_t)-1;
|
||||
ZERO_STRUCT(dbsync.in.return_authenticator);
|
||||
dbsync.in.return_authenticator = &return_authenticator;
|
||||
dbsync.out.return_authenticator = &return_authenticator;
|
||||
dbsync.out.delta_enum_array = &delta_enum_array;
|
||||
|
||||
for (i=0;i< ARRAY_SIZE(database_ids); i++) {
|
||||
dbsync.in.sync_context = 0;
|
||||
dbsync.in.database_id = database_ids[i];
|
||||
for (i=0;i< ARRAY_SIZE(database_ids); i++) {
|
||||
|
||||
uint32_t sync_context = 0;
|
||||
|
||||
dbsync.in.database_id = database_ids[i];
|
||||
dbsync.in.sync_context = &sync_context;
|
||||
dbsync.out.sync_context = &sync_context;
|
||||
|
||||
do {
|
||||
int d;
|
||||
loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
|
||||
creds_client_authenticator(creds, &dbsync.in.credential);
|
||||
creds_client_authenticator(creds, &credential);
|
||||
|
||||
dbsync.in.credential = &credential;
|
||||
|
||||
dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync);
|
||||
if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
|
||||
@ -342,7 +355,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) {
|
||||
if (!creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
|
||||
r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
|
||||
talloc_free(samsync_ctx);
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
@ -351,7 +364,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
|
||||
dbsync.in.sync_context = dbsync.out.sync_context;
|
||||
|
||||
/* For every single remote 'delta' entry: */
|
||||
for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) {
|
||||
for (d=0; d < delta_enum_array->num_deltas; d++) {
|
||||
char *error_string = NULL;
|
||||
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
|
||||
/* 'Fix' elements, by decrypting and
|
||||
@ -360,7 +373,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
|
||||
creds,
|
||||
r->in.rid_crypt,
|
||||
dbsync.in.database_id,
|
||||
&dbsync.out.delta_enum_array->delta_enum[d],
|
||||
&delta_enum_array->delta_enum[d],
|
||||
&error_string);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
r->out.error_string = talloc_steal(mem_ctx, error_string);
|
||||
@ -374,7 +387,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
|
||||
nt_status = r->in.delta_fn(delta_ctx,
|
||||
r->in.fn_ctx,
|
||||
dbsync.in.database_id,
|
||||
&dbsync.out.delta_enum_array->delta_enum[d],
|
||||
&delta_enum_array->delta_enum[d],
|
||||
&error_string);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
r->out.error_string = talloc_steal(mem_ctx, error_string);
|
||||
|
@ -739,12 +739,12 @@ interface netlogon
|
||||
NTSTATUS netr_DatabaseSync(
|
||||
[in] [string,charset(UTF16)] uint16 logon_server[],
|
||||
[in] [string,charset(UTF16)] uint16 computername[],
|
||||
[in] netr_Authenticator credential,
|
||||
[in,out] netr_Authenticator return_authenticator,
|
||||
[in,ref] netr_Authenticator *credential,
|
||||
[in,out,ref] netr_Authenticator *return_authenticator,
|
||||
[in] netr_SamDatabaseID database_id,
|
||||
[in,out] uint32 sync_context,
|
||||
[in] uint32 preferredmaximumlength,
|
||||
[out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
|
||||
[in,out,ref] uint32 *sync_context,
|
||||
[out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
|
||||
[in] uint32 preferredmaximumlength
|
||||
);
|
||||
|
||||
|
||||
|
@ -695,24 +695,36 @@ static bool test_DatabaseSync(struct torture_context *tctx,
|
||||
struct creds_CredentialState *creds;
|
||||
const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
|
||||
int i;
|
||||
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
|
||||
struct netr_Authenticator credential, return_authenticator;
|
||||
|
||||
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
ZERO_STRUCT(return_authenticator);
|
||||
|
||||
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
|
||||
r.in.computername = TEST_MACHINE_NAME;
|
||||
r.in.preferredmaximumlength = (uint32_t)-1;
|
||||
ZERO_STRUCT(r.in.return_authenticator);
|
||||
r.in.return_authenticator = &return_authenticator;
|
||||
r.out.delta_enum_array = &delta_enum_array;
|
||||
r.out.return_authenticator = &return_authenticator;
|
||||
|
||||
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
|
||||
r.in.sync_context = 0;
|
||||
|
||||
uint32_t sync_context = 0;
|
||||
|
||||
r.in.database_id = database_ids[i];
|
||||
r.in.sync_context = &sync_context;
|
||||
r.out.sync_context = &sync_context;
|
||||
|
||||
torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
|
||||
|
||||
do {
|
||||
creds_client_authenticator(creds, &r.in.credential);
|
||||
creds_client_authenticator(creds, &credential);
|
||||
|
||||
r.in.credential = &credential;
|
||||
|
||||
status = dcerpc_netr_DatabaseSync(p, tctx, &r);
|
||||
if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
|
||||
@ -724,18 +736,16 @@ static bool test_DatabaseSync(struct torture_context *tctx,
|
||||
}
|
||||
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
|
||||
|
||||
if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
|
||||
if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
|
||||
torture_comment(tctx, "Credential chaining failed\n");
|
||||
}
|
||||
|
||||
r.in.sync_context = r.out.sync_context;
|
||||
|
||||
if (r.out.delta_enum_array &&
|
||||
r.out.delta_enum_array->num_deltas > 0 &&
|
||||
r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
|
||||
r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
|
||||
if (delta_enum_array &&
|
||||
delta_enum_array->num_deltas > 0 &&
|
||||
delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
|
||||
delta_enum_array->delta_enum[0].delta_union.domain) {
|
||||
sequence_nums[r.in.database_id] =
|
||||
r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
|
||||
delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
|
||||
torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
|
||||
r.in.database_id,
|
||||
(unsigned long long)sequence_nums[r.in.database_id]);
|
||||
|
@ -1131,23 +1131,35 @@ static bool test_DatabaseSync(struct torture_context *tctx,
|
||||
bool ret = true;
|
||||
struct samsync_trusted_domain *t;
|
||||
struct samsync_secret *s;
|
||||
struct netr_Authenticator return_authenticator, credential;
|
||||
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
|
||||
|
||||
const char *domain, *username;
|
||||
|
||||
ZERO_STRUCT(return_authenticator);
|
||||
|
||||
r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(samsync_state->p));
|
||||
r.in.computername = TEST_MACHINE_NAME;
|
||||
r.in.preferredmaximumlength = (uint32_t)-1;
|
||||
ZERO_STRUCT(r.in.return_authenticator);
|
||||
r.in.return_authenticator = &return_authenticator;
|
||||
r.out.return_authenticator = &return_authenticator;
|
||||
r.out.delta_enum_array = &delta_enum_array;
|
||||
|
||||
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
|
||||
r.in.sync_context = 0;
|
||||
|
||||
uint32_t sync_context = 0;
|
||||
|
||||
r.in.database_id = database_ids[i];
|
||||
r.in.sync_context = &sync_context;
|
||||
r.out.sync_context = &sync_context;
|
||||
|
||||
printf("Testing DatabaseSync of id %d\n", r.in.database_id);
|
||||
|
||||
do {
|
||||
loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context");
|
||||
creds_client_authenticator(samsync_state->creds, &r.in.credential);
|
||||
creds_client_authenticator(samsync_state->creds, &credential);
|
||||
|
||||
r.in.credential = &credential;
|
||||
|
||||
status = dcerpc_netr_DatabaseSync(samsync_state->p, loop_ctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status) &&
|
||||
@ -1157,67 +1169,67 @@ static bool test_DatabaseSync(struct torture_context *tctx,
|
||||
break;
|
||||
}
|
||||
|
||||
if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator.cred)) {
|
||||
if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
|
||||
printf("Credential chaining failed\n");
|
||||
}
|
||||
|
||||
r.in.sync_context = r.out.sync_context;
|
||||
|
||||
for (d=0; d < r.out.delta_enum_array->num_deltas; d++) {
|
||||
for (d=0; d < delta_enum_array->num_deltas; d++) {
|
||||
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
|
||||
switch (r.out.delta_enum_array->delta_enum[d].delta_type) {
|
||||
switch (delta_enum_array->delta_enum[d].delta_type) {
|
||||
case NETR_DELTA_DOMAIN:
|
||||
if (!samsync_handle_domain(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_DOMAIN\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_GROUP:
|
||||
if (!samsync_handle_group(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_USER\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_USER:
|
||||
if (!samsync_handle_user(tctx, delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_USER\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_ALIAS:
|
||||
if (!samsync_handle_alias(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_ALIAS\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_POLICY:
|
||||
if (!samsync_handle_policy(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_POLICY\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_TRUSTED_DOMAIN:
|
||||
if (!samsync_handle_trusted_domain(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_TRUSTED_DOMAIN\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_ACCOUNT:
|
||||
if (!samsync_handle_account(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_ACCOUNT\n");
|
||||
ret = false;
|
||||
}
|
||||
break;
|
||||
case NETR_DELTA_SECRET:
|
||||
if (!samsync_handle_secret(delta_ctx, samsync_state,
|
||||
r.in.database_id, &r.out.delta_enum_array->delta_enum[d])) {
|
||||
r.in.database_id, &delta_enum_array->delta_enum[d])) {
|
||||
printf("Failed to handle DELTA_SECRET\n");
|
||||
ret = false;
|
||||
}
|
||||
@ -1239,7 +1251,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
|
||||
case NETR_DELTA_DELETE_USER2:
|
||||
case NETR_DELTA_MODIFY_COUNT:
|
||||
default:
|
||||
printf("Uxpected delta type %d\n", r.out.delta_enum_array->delta_enum[d].delta_type);
|
||||
printf("Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type);
|
||||
ret = false;
|
||||
break;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user