svn commit: samba r8952 - in branches/SAMBA_4_0/source/libnet: .

abartlet at samba.org abartlet at samba.org
Tue Aug 2 21:21:44 GMT 2005


Author: abartlet
Date: 2005-08-02 21:21:43 +0000 (Tue, 02 Aug 2005)
New Revision: 8952

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8952

Log:
Partial work commit to find the DN of the new machine account - we
will use ldb to add servicePrincipalNames to this.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libnet/config.mk
   branches/SAMBA_4_0/source/libnet/libnet_join.c


Changeset:
Modified: branches/SAMBA_4_0/source/libnet/config.mk
===================================================================
--- branches/SAMBA_4_0/source/libnet/config.mk	2005-08-02 20:59:23 UTC (rev 8951)
+++ branches/SAMBA_4_0/source/libnet/config.mk	2005-08-02 21:21:43 UTC (rev 8952)
@@ -18,6 +18,6 @@
 		libnet/userman.o \
 		libnet/domain.o 
 
-REQUIRED_SUBSYSTEMS = RPC_NDR_SAMR RPC_NDR_LSA RPC_NDR_SRVSVC LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBSAMBA3
+REQUIRED_SUBSYSTEMS = RPC_NDR_SAMR RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBSAMBA3
 # End SUBSYSTEM LIBNET
 #################################

Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_join.c	2005-08-02 20:59:23 UTC (rev 8951)
+++ branches/SAMBA_4_0/source/libnet/libnet_join.c	2005-08-02 21:21:43 UTC (rev 8952)
@@ -23,6 +23,7 @@
 #include "libnet/libnet.h"
 #include "librpc/gen_ndr/ndr_samr.h"
 #include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
 #include "lib/ldb/include/ldb.h"
 #include "include/secrets.h"
 
@@ -73,6 +74,14 @@
 	struct samr_GetUserPwInfo pwp;
 	struct lsa_String samr_account_name;
 
+	struct dcerpc_pipe *drsuapi_pipe;
+	struct dcerpc_binding *drsuapi_binding;
+	struct drsuapi_DsBind r_drsuapi_bind;
+	struct drsuapi_DsCrackNames r_crack_names;
+	struct drsuapi_DsNameString names[1];
+	struct policy_handle drsuapi_bind_handle;
+	struct GUID drsuapi_bind_guid;
+
 	uint32_t acct_flags;
 	uint32_t rid, access_granted;
 	int policy_min_pw_len = 0;
@@ -80,6 +89,7 @@
 	struct dom_sid *domain_sid;
 	const char *domain_name;
 	const char *realm = NULL; /* Also flag for remote being AD */
+	const char *account_dn;
 
 	tmp_ctx = talloc_named(mem_ctx, 0, "libnet_Join temp context");
 	if (!tmp_ctx) {
@@ -418,8 +428,105 @@
 		talloc_free(tmp_ctx);
 		return NT_STATUS_OK;
 	}
-		
+
+	drsuapi_binding = talloc(tmp_ctx, struct dcerpc_binding);
+	*drsuapi_binding = *samr_binding;
+	drsuapi_binding->transport = NCACN_IP_TCP;
+	drsuapi_binding->endpoint = NULL;
+	drsuapi_binding->flags |= DCERPC_SEAL;
 	
+	status = dcerpc_pipe_connect_b(tmp_ctx, 
+				       &drsuapi_pipe,
+				       drsuapi_binding,
+				       DCERPC_DRSUAPI_UUID,
+				       DCERPC_DRSUAPI_VERSION, 
+				       ctx->cred, 
+				       ctx->event_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						"Connection to DRSUAPI pipe of PDC of domain '%s' failed: %s",
+						r->in.domain_name, nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+	
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &drsuapi_bind_guid);
+
+	r_drsuapi_bind.in.bind_guid = &drsuapi_bind_guid;
+	r_drsuapi_bind.in.bind_info = NULL;
+	r_drsuapi_bind.out.bind_handle = &drsuapi_bind_handle;
+
+	status = dcerpc_drsuapi_DsBind(drsuapi_pipe, tmp_ctx, &r_drsuapi_bind);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "dcerpc_drsuapi_DsBind for [%s\\%s] failed - %s\n", 
+						  domain_name, r->in.account_name, 
+						  dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code));
+			talloc_free(tmp_ctx);
+			return status;
+		} else {
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "dcerpc_drsuapi_DsBind for [%s\\%s] failed - %s\n", 
+						  domain_name, r->in.account_name, 
+						  nt_errstr(status));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
+		r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "DsBind failed - %s\n", win_errstr(r_drsuapi_bind.out.result));
+			talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	ZERO_STRUCT(r_crack_names);
+	r_crack_names.in.bind_handle		= &drsuapi_bind_handle;
+	r_crack_names.in.level			= 1;
+	r_crack_names.in.req.req1.unknown1		= 0x000004e4;
+	r_crack_names.in.req.req1.unknown2		= 0x00000407;
+	r_crack_names.in.req.req1.count		= 1;
+	r_crack_names.in.req.req1.names		= names;
+	r_crack_names.in.req.req1.format_flags	= DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+	r_crack_names.in.req.req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+	r_crack_names.in.req.req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	names[0].str = talloc_asprintf(tmp_ctx, "%s\\%s", domain_name, r->in.account_name);
+
+	status = dcerpc_drsuapi_DsCrackNames(drsuapi_pipe, tmp_ctx, &r_crack_names);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "dcerpc_drsuapi_DsCrackNames for [%s\\%s] failed - %s\n", 
+						  domain_name, r->in.account_name, 
+						  dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code));
+			talloc_free(tmp_ctx);
+			return status;
+		} else {
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "dcerpc_drsuapi_DsCrackNames for [%s\\%s] failed - %s\n", 
+						  domain_name, r->in.account_name, 
+						  nt_errstr(status));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
+		r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "DsCrackNames failed - %s\n", win_errstr(r_crack_names.out.result));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	account_dn = r_crack_names.out.ctr.ctr1->array[0].result_name;
+
+	printf("Account DN is: %s\n", account_dn);
+	
 	/* close connection */
 	talloc_free(tmp_ctx);
 



More information about the samba-cvs mailing list