svn commit: samba r8970 - in branches/SAMBA_4_0/source/libnet: .

Wed Aug 3 00:59:35 GMT 2005

Author: abartlet
Date: 2005-08-03 00:59:35 +0000 (Wed, 03 Aug 2005)
New Revision: 8970

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8970

Log:
Add 'ADS' join support to Samba4.

We now fill in the servicePrincipalName over LDAP, just like XP does,
and store the kvno in our local db.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libnet/libnet_join.c
   branches/SAMBA_4_0/source/libnet/libnet_join.h


Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c
===================================================================

--- branches/SAMBA_4_0/source/libnet/libnet_join.c	2005-08-03 00:57:48 UTC (rev 8969)
+++ branches/SAMBA_4_0/source/libnet/libnet_join.c	2005-08-03 00:59:35 UTC (rev 8970)
@@ -82,6 +82,8 @@
 	struct policy_handle drsuapi_bind_handle;
 	struct GUID drsuapi_bind_guid;
 
+	struct ldb_context *remote_ldb;
+
 	uint32_t acct_flags;
 	uint32_t rid, access_granted;
 	int policy_min_pw_len = 0;
@@ -91,6 +93,17 @@
 	const char *realm = NULL; /* Also flag for remote being AD */
 	const char *account_dn;
 
+	char *remote_ldb_url;
+	struct ldb_message **msgs, *msg;
+	int ldb_ret;
+
+	const char *attrs[] = {
+		"msDS-KeyVersionNumber",
+		"servicePrincipalName",
+		"dNSHostName",
+		NULL,
+	};
+
 	tmp_ctx = talloc_named(mem_ctx, 0, "libnet_Join temp context");
 	if (!tmp_ctx) {
 		r->out.error_string = NULL;
@@ -476,7 +489,7 @@
 			talloc_free(tmp_ctx);
 			return status;
 		}
-	} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
+	} else if (!W_ERROR_IS_OK(r_drsuapi_bind.out.result)) {
 		r->out.error_string
 				= talloc_asprintf(mem_ctx,
 						  "DsBind failed - %s\n", win_errstr(r_drsuapi_bind.out.result));
@@ -525,8 +538,57 @@
 
 	account_dn = r_crack_names.out.ctr.ctr1->array[0].result_name;
 
-	printf("Account DN is: %s\n", account_dn);
-	
+	remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", 
+					 drsuapi_binding->host);
+	remote_ldb = ldb_wrap_connect(tmp_ctx, remote_ldb_url, 0, NULL);
+
+	if (!remote_ldb) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* search for the secret record */
+	ldb_ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE, 
+			     NULL, attrs, &msgs);
+
+	if (ldb_ret != 1) {
+		r->out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "ldb_search for %s failed - %s\n", 
+					  account_dn, 
+					  ldb_errstring(remote_ldb));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	r->out.kvno = ldb_msg_find_uint(msgs[0], "msDS-KeyVersionNumber", 0);
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (!msg) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = msgs[0]->dn;
+
+	{
+		char *service_principal_name[2];
+		char *dns_host_name = strlower_talloc(mem_ctx, 
+						      talloc_asprintf(mem_ctx, 
+								      "%s.%s", lp_netbios_name(), realm));
+		service_principal_name[0] = talloc_asprintf(tmp_ctx, "host/%s", dns_host_name);
+		service_principal_name[1] = talloc_asprintf(tmp_ctx, "host/%s", strlower_talloc(mem_ctx, lp_netbios_name()));
+
+		samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "dNSHostName", dns_host_name);
+		samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "servicePrincipalName", service_principal_name[0]);
+		samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "servicePrincipalName", service_principal_name[1]);
+		
+		ldb_ret = samdb_replace(remote_ldb, tmp_ctx, msg);
+		if (ldb_ret != 0) {
+			r->out.error_string
+				= talloc_asprintf(mem_ctx, 
+						  "Failed to replace entries on %s\n", 
+						  msg->dn);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
 	/* close connection */
 	talloc_free(tmp_ctx);
 
@@ -604,8 +666,12 @@
 	samdb_msg_add_string(ldb, mem_ctx, msg, "samAccountName", r2.in.account_name);
 	
 	samdb_msg_add_string(ldb, mem_ctx, msg, "secureChannelType", sct);
-	
 
+	if (r2.out.kvno) {
+		samdb_msg_add_uint(ldb, mem_ctx, msg, "msDS-KeyVersionNumber",
+				   r2.out.kvno);
+	}
+
 	if (ret == 0) {
 	} else if (ret == -1) {
 		r->out.error_string

Modified: branches/SAMBA_4_0/source/libnet/libnet_join.h
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_join.h	2005-08-03 00:57:48 UTC (rev 8969)
+++ branches/SAMBA_4_0/source/libnet/libnet_join.h	2005-08-03 00:59:35 UTC (rev 8970)
@@ -34,6 +34,7 @@
 		struct dom_sid *domain_sid;
 		const char *domain_name;
 		const char *realm;
+		unsigned int kvno;
 	} out;
 };
 

