svn commit: samba r10095 - in branches/tmp/RPCREWRITE/source:
libsmb passdb utils
jra at samba.org
jra at samba.org
Thu Sep 8 23:44:55 GMT 2005
Author: jra
Date: 2005-09-08 23:44:54 +0000 (Thu, 08 Sep 2005)
New Revision: 10095
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10095
Log:
We always open netlogon with schannel now - make samsync compile.
Jeremy.
Modified:
branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c
branches/tmp/RPCREWRITE/source/passdb/secrets.c
branches/tmp/RPCREWRITE/source/utils/net_rpc.c
branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c
Changeset:
Modified: branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c
===================================================================
--- branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c 2005-09-08 22:33:48 UTC (rev 10094)
+++ branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c 2005-09-08 23:44:54 UTC (rev 10095)
@@ -36,23 +36,32 @@
uint32 sec_channel_type)
{
NTSTATUS result;
- uint32 flags_out;
- /* ensure that schannel uses the right domain */
- result = rpccli_netlogon_setup_creds(cli,
+#if 0
+ We always open netlogon with schannel now...
+
+ /* Check if the netlogon pipe is open using schannel. If so we
+ already have valid creds. If not we must set them up. */
+
+ if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+
+ result = rpccli_netlogon_setup_creds(cli,
cli->cli->desthost,
lp_workgroup(),
global_myname(),
orig_trust_passwd_hash,
sec_channel_type,
- &flags_out);
+ &neg_flags);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
- nt_errstr(result)));
- return result;
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
}
-
+#endif
+
result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
if (!NT_STATUS_IS_OK(result)) {
Modified: branches/tmp/RPCREWRITE/source/passdb/secrets.c
===================================================================
--- branches/tmp/RPCREWRITE/source/passdb/secrets.c 2005-09-08 22:33:48 UTC (rev 10094)
+++ branches/tmp/RPCREWRITE/source/passdb/secrets.c 2005-09-08 23:44:54 UTC (rev 10095)
@@ -468,11 +468,11 @@
return ret;
}
-
/************************************************************************
Routine to fetch the plaintext machine account password for a realm
-the password is assumed to be a null terminated ascii string
+ the password is assumed to be a null terminated ascii string.
************************************************************************/
+
char *secrets_fetch_machine_password(const char *domain,
time_t *pass_last_set_time,
uint32 *channel)
@@ -576,7 +576,6 @@
return secrets_delete(trustdom_keystr(domain));
}
-
BOOL secrets_store_ldap_pw(const char* dn, char* pw)
{
char *key = NULL;
@@ -594,8 +593,9 @@
}
/*******************************************************************
- find the ldap password
+ Find the ldap password.
******************************************************************/
+
BOOL fetch_ldap_pw(char **dn, char** pw)
{
char *key = NULL;
@@ -658,7 +658,6 @@
return True;
}
-
/**
* Get trusted domains info from secrets.tdb.
*
Modified: branches/tmp/RPCREWRITE/source/utils/net_rpc.c
===================================================================
--- branches/tmp/RPCREWRITE/source/utils/net_rpc.c 2005-09-08 22:33:48 UTC (rev 10094)
+++ branches/tmp/RPCREWRITE/source/utils/net_rpc.c 2005-09-08 23:44:54 UTC (rev 10095)
@@ -139,9 +139,23 @@
domain_sid = net_get_remote_domain_sid(cli, mem_ctx, &domain_name);
if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
- pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx);
- if (!pipe_hnd) {
- DEBUG(0, ("Could not initialise pipe %s\n", cli_get_pipe_name(pipe_idx)));
+ if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
+ /* Always try and create an schannel netlogon pipe. */
+ pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
+ PIPE_AUTH_LEVEL_PRIVACY,
+ domain_name);
+ if (!pipe_hnd) {
+ DEBUG(0, ("Could not initialise schannel netlogon pipe\n"));
+ cli_shutdown(cli);
+ return -1;
+ }
+ } else {
+ pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx);
+ if (!pipe_hnd) {
+ DEBUG(0, ("Could not initialise pipe %s\n", cli_get_pipe_name(pipe_idx)));
+ cli_shutdown(cli);
+ return -1;
+ }
}
}
Modified: branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c
===================================================================
--- branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c 2005-09-08 22:33:48 UTC (rev 10094)
+++ branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c 2005-09-08 23:44:54 UTC (rev 10095)
@@ -264,6 +264,9 @@
int argc,
const char **argv)
{
+#if 0
+ /* net_rpc.c now always tries to create an schannel pipe.. */
+
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
uchar trust_password[16];
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
@@ -288,16 +291,13 @@
DEBUG(0,("Error connecting to NETLOGON pipe\n"));
goto fail;
}
+#endif
dump_database(pipe_hnd, SAM_DATABASE_DOMAIN);
dump_database(pipe_hnd, SAM_DATABASE_BUILTIN);
dump_database(pipe_hnd, SAM_DATABASE_PRIVS);
- nt_status = NT_STATUS_OK;
-
-fail:
-
- return nt_status;
+ return NT_STATUS_OK;
}
/* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */
@@ -2130,11 +2130,8 @@
const char **argv)
{
NTSTATUS result;
- uchar trust_password[16];
fstring my_dom_sid_str;
fstring rem_dom_sid_str;
- uint32 sec_channel_type = 0;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
if (!sid_equal(domain_sid, get_global_sam_sid())) {
d_printf("Cannot import users from %s at this time, "
@@ -2149,34 +2146,11 @@
return NT_STATUS_UNSUCCESSFUL;
}
- if (!secrets_fetch_trust_account_password(domain_name,
- trust_password, NULL,
- &sec_channel_type)) {
- result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- d_printf("Could not retrieve domain trust secret\n");
- goto fail;
- }
-
- result = rpccli_netlogon_setup_creds(pipe_hnd,
- cli->desthost,
- domain_name,
- global_myname(),
- trust_password,
- sec_channel_type,
- &neg_flags);
- result = cli_nt_establish_netlogon(cli, sec_channel, trust_password);
-
- if (!NT_STATUS_IS_OK(result)) {
- d_printf("Failed to setup BDC creds\n");
- goto fail;
- }
-
if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) {
- result = fetch_database_to_ldif(cli, SAM_DATABASE_DOMAIN,
- &ret_creds, *domain_sid, argv[1]);
+ result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN,
+ *domain_sid, argv[1]);
} else {
- result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds,
- *domain_sid);
+ result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, *domain_sid);
}
if (!NT_STATUS_IS_OK(result)) {
@@ -2189,12 +2163,10 @@
}
if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) {
- result = fetch_database_to_ldif(cli, SAM_DATABASE_BUILTIN,
- &ret_creds, global_sid_Builtin,
- argv[1]);
+ result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN,
+ global_sid_Builtin, argv[1]);
} else {
- result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds,
- global_sid_Builtin);
+ result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, global_sid_Builtin);
}
if (!NT_STATUS_IS_OK(result)) {
More information about the samba-cvs
mailing list