[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Wed Feb 2 10:55:02 MST 2011


The branch, master has been updated
       via  ee5de71 s3-waf: remove RPCCLI_SAMR subsystem.
       via  364ef35 s3-build: remove RPCCLI_SAMR subsytem.
       via  50170d7 s3-net: prefer dcerpc_samr_X functions in net_rpc_join_newstyle.
       via  b53c0c8 s3-net: use status variable in net_rpc_join_newstyle.
       via  175fbe0 s3-waf: fix the build after libnet changes.
      from  d038b45 s3: Fix a typo

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ee5de71796ad1985a3c0da0280567b301cc8204a
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jan 18 14:41:22 2011 +0100

    s3-waf: remove RPCCLI_SAMR subsystem.
    
    Guenther
    
    Autobuild-User: Günther Deschner <gd at samba.org>
    Autobuild-Date: Wed Feb  2 18:54:38 CET 2011 on sn-devel-104

commit 364ef35afdee11202bdc657bc94b1ad84133d5ad
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jan 18 14:41:07 2011 +0100

    s3-build: remove RPCCLI_SAMR subsytem.
    
    Guenther

commit 50170d7fd5ef208755ed60f66bfa513f948a68f4
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jan 18 14:24:56 2011 +0100

    s3-net: prefer dcerpc_samr_X functions in net_rpc_join_newstyle.
    
    Guenther

commit b53c0c8c85a8a8bf35fc200bb340ef7cf3bf6949
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jan 18 14:13:23 2011 +0100

    s3-net: use status variable in net_rpc_join_newstyle.
    
    Guenther

commit 175fbe0bfc9c2754b202d06185d59358f0ac2ee9
Author: Günther Deschner <gd at samba.org>
Date:   Wed Feb 2 17:01:08 2011 +0100

    s3-waf: fix the build after libnet changes.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/Makefile.in          |    3 +-
 source3/utils/net_rpc_join.c |  164 ++++++++++++++++++++++++++----------------
 source3/wscript_build        |    7 +--
 3 files changed, 104 insertions(+), 70 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index b891dcd..5771f40 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -372,8 +372,7 @@ LIBCLI_LSA_OBJ = librpc/gen_ndr/cli_lsa.o \
 		 rpc_client/cli_lsarpc.o \
 		 rpc_client/init_lsa.o
 
-LIBCLI_SAMR_OBJ = librpc/gen_ndr/cli_samr.o \
-		  librpc/gen_ndr/ndr_samr_c.o \
+LIBCLI_SAMR_OBJ = librpc/gen_ndr/ndr_samr_c.o \
 		  rpc_client/cli_samr.o
 
 LIBCLI_NETLOGON_OBJ = librpc/gen_ndr/ndr_netlogon_c.o \
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 5e67284..7759bde 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -23,7 +23,7 @@
 #include "../libcli/auth/libcli_auth.h"
 #include "../librpc/gen_ndr/cli_lsa.h"
 #include "rpc_client/cli_lsarpc.h"
-#include "../librpc/gen_ndr/cli_samr.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
 #include "rpc_client/init_samr.h"
 #include "../librpc/gen_ndr/ndr_netlogon.h"
 #include "rpc_client/cli_netlogon.h"
@@ -33,17 +33,41 @@
 /* Macro for checking RPC error codes to make things more readable */
 
 #define CHECK_RPC_ERR(rpc, msg) \
-        if (!NT_STATUS_IS_OK(result = rpc)) { \
-                DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
+        if (!NT_STATUS_IS_OK(status = rpc)) { \
+                DEBUG(0, (msg ": %s\n", nt_errstr(status))); \
                 goto done; \
         }
 
+#define CHECK_DCERPC_ERR(rpc, msg) \
+	if (!NT_STATUS_IS_OK(status = rpc)) { \
+		DEBUG(0, (msg ": %s\n", nt_errstr(status))); \
+		goto done; \
+	} \
+	if (!NT_STATUS_IS_OK(result)) { \
+		status = result; \
+		DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
+		goto done; \
+	}
+
+
 #define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
-        if (!NT_STATUS_IS_OK(result = rpc)) { \
+        if (!NT_STATUS_IS_OK(status = rpc)) { \
                 DEBUG(0, debug_args); \
                 goto done; \
         }
 
+#define CHECK_DCERPC_ERR_DEBUG(rpc, debug_args) \
+	if (!NT_STATUS_IS_OK(status = rpc)) { \
+		DEBUG(0, debug_args); \
+		goto done; \
+	} \
+	if (!NT_STATUS_IS_OK(result)) { \
+		status = result; \
+		DEBUG(0, debug_args); \
+		goto done; \
+	}
+
+
 /**
  * confirm that a domain join is still valid
  *
@@ -148,6 +172,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	enum netr_SchannelType sec_channel_type;
 	struct rpc_pipe_client *pipe_hnd = NULL;
+	struct dcerpc_binding_handle *b = NULL;
 
 	/* rpc variables */
 
@@ -164,7 +189,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 
 	/* Misc */
 
-	NTSTATUS result;
+	NTSTATUS status, result;
 	int retval = 1;
 	const char *domain = NULL;
 	char *acct_name;
@@ -175,6 +200,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	struct samr_Ids user_rids;
 	struct samr_Ids name_types;
 
+
 	/* check what type of join */
 	if (argc >= 0) {
 		sec_channel_type = get_sec_channel_type(argv[0]);
@@ -202,8 +228,8 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 
 	/* Make authenticated connection to remote machine */
 
-	result = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
-	if (!NT_STATUS_IS_OK(result)) {
+	status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
+	if (!NT_STATUS_IS_OK(status)) {
 		return 1;
 	}
 
@@ -214,11 +240,11 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 
 	/* Fetch domain sid */
 
-	result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
+	status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
 					  &pipe_hnd);
-	if (!NT_STATUS_IS_OK(result)) {
+	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
-			nt_errstr(result) ));
+			nt_errstr(status) ));
 		goto done;
 	}
 
@@ -247,34 +273,38 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	}
 
 	/* Create domain user */
-	result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
+	status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
 					  &pipe_hnd);
-	if (!NT_STATUS_IS_OK(result)) {
+	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
-			nt_errstr(result) ));
+			nt_errstr(status) ));
 		goto done;
 	}
 
-	CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
-					   pipe_hnd->desthost,
-					   SAMR_ACCESS_ENUM_DOMAINS
-					   | SAMR_ACCESS_LOOKUP_DOMAIN,
-					   &sam_pol),
+	b = pipe_hnd->binding_handle;
+
+	CHECK_DCERPC_ERR(dcerpc_samr_Connect2(b, mem_ctx,
+					      pipe_hnd->desthost,
+					      SAMR_ACCESS_ENUM_DOMAINS
+					      | SAMR_ACCESS_LOOKUP_DOMAIN,
+					      &sam_pol,
+					      &result),
 		      "could not connect to SAM database");
 
 
-	CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
-					     &sam_pol,
-					     SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
-					     | SAMR_DOMAIN_ACCESS_CREATE_USER
-					     | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
-					     domain_sid,
-					     &domain_pol),
+	CHECK_DCERPC_ERR(dcerpc_samr_OpenDomain(b, mem_ctx,
+						&sam_pol,
+						SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+						| SAMR_DOMAIN_ACCESS_CREATE_USER
+						| SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+						domain_sid,
+						&domain_pol,
+						&result),
 		      "could not open domain");
 
 	/* Create domain user */
 	if ((acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname())) == NULL) {
-		result = NT_STATUS_NO_MEMORY;
+		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
 	strlower_m(acct_name);
@@ -289,17 +319,21 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 
 	DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
 
-	result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+	status = dcerpc_samr_CreateUser2(b, mem_ctx,
 					 &domain_pol,
 					 &lsa_acct_name,
 					 acb_info,
 					 acct_flags,
 					 &user_pol,
 					 &access_granted,
-					 &user_rid);
-
+					 &user_rid,
+					 &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
 	if (!NT_STATUS_IS_OK(result) &&
 	    !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
+		status = result;
 		d_fprintf(stderr,_("Creation of workstation account failed\n"));
 
 		/* If NT_STATUS_ACCESS_DENIED then we have a valid
@@ -316,17 +350,18 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	/* We *must* do this.... don't ask... */
 
 	if (NT_STATUS_IS_OK(result)) {
-		rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
+		dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
 	}
 
-	CHECK_RPC_ERR_DEBUG(rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
-						    &domain_pol,
-						    1,
-						    &lsa_acct_name,
-						    &user_rids,
-						    &name_types),
-			    ("error looking up rid for user %s: %s\n",
-			     acct_name, nt_errstr(result)));
+	CHECK_DCERPC_ERR_DEBUG(dcerpc_samr_LookupNames(b, mem_ctx,
+						       &domain_pol,
+						       1,
+						       &lsa_acct_name,
+						       &user_rids,
+						       &name_types,
+						       &result),
+			    ("error looking up rid for user %s: %s/%s\n",
+			     acct_name, nt_errstr(status), nt_errstr(result)));
 
 	if (name_types.ids[0] != SID_NAME_USER) {
 		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
@@ -337,14 +372,15 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 
 	/* Open handle on user */
 
-	CHECK_RPC_ERR_DEBUG(
-		rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+	CHECK_DCERPC_ERR_DEBUG(
+		dcerpc_samr_OpenUser(b, mem_ctx,
 				     &domain_pol,
 				     SEC_FLAG_MAXIMUM_ALLOWED,
 				     user_rid,
-				     &user_pol),
-		("could not re-open existing user %s: %s\n",
-		 acct_name, nt_errstr(result)));
+				     &user_pol,
+				     &result),
+		("could not re-open existing user %s: %s/%s\n",
+		 acct_name, nt_errstr(status), nt_errstr(result)));
 	
 	/* Create a random machine account password */
 
@@ -360,10 +396,11 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	set_info.info24.password = crypt_pwd;
 	set_info.info24.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
 
-	CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
-					       &user_pol,
-					       24,
-					       &set_info),
+	CHECK_DCERPC_ERR(dcerpc_samr_SetUserInfo2(b, mem_ctx,
+						  &user_pol,
+						  24,
+						  &set_info,
+						  &result),
 		      "error setting trust account password");
 
 	/* Why do we have to try to (re-)set the ACB to be the same as what
@@ -380,25 +417,26 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	/* Ignoring the return value is necessary for joining a domain
 	   as a normal user with "Add workstation to domain" privilege. */
 
-	result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+	status = dcerpc_samr_SetUserInfo(b, mem_ctx,
 					 &user_pol,
 					 16,
-					 &set_info);
+					 &set_info,
+					 &result);
 
-	rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
+	dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
 	TALLOC_FREE(pipe_hnd); /* Done with this pipe */
 
 	/* Now check the whole process from top-to-bottom */
 
-	result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
+	status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
 					  &pipe_hnd);
-	if (!NT_STATUS_IS_OK(result)) {
+	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n",
-			nt_errstr(result) ));
+			nt_errstr(status) ));
 		goto done;
 	}
 
-	result = rpccli_netlogon_setup_creds(pipe_hnd,
+	status = rpccli_netlogon_setup_creds(pipe_hnd,
 					cli->desthost, /* server name */
 					domain,        /* domain */
 					global_myname(), /* client name */
@@ -407,11 +445,11 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
                                         sec_channel_type,
                                         &neg_flags);
 
-	if (!NT_STATUS_IS_OK(result)) {
+	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("Error in domain join verification (credential setup failed): %s\n\n",
-			  nt_errstr(result)));
+			  nt_errstr(status)));
 
-		if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+		if ( NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
 		     (sec_channel_type == SEC_CHAN_BDC) ) {
 			d_fprintf(stderr, _("Please make sure that no computer "
 					    "account\nnamed like this machine "
@@ -430,16 +468,16 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
 		struct rpc_pipe_client *netlogon_schannel_pipe;
 
-		result = cli_rpc_pipe_open_schannel_with_key(
+		status = cli_rpc_pipe_open_schannel_with_key(
 			cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
 			DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
 			&netlogon_schannel_pipe);
 
-		if (!NT_STATUS_IS_OK(result)) {
+		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
-				  nt_errstr(result)));
+				  nt_errstr(status)));
 
-			if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+			if ( NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
 			     (sec_channel_type == SEC_CHAN_BDC) ) {
 				d_fprintf(stderr, _("Please make sure that no "
 						    "computer account\nnamed "
@@ -469,8 +507,8 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	}
 
 	/* double-check, connection from scratch */
-	result = net_rpc_join_ok(c, domain, cli->desthost, &cli->dest_ss);
-	retval = NT_STATUS_IS_OK(result) ? 0 : -1;
+	status = net_rpc_join_ok(c, domain, cli->desthost, &cli->dest_ss);
+	retval = NT_STATUS_IS_OK(status) ? 0 : -1;
 
 done:
 
diff --git a/source3/wscript_build b/source3/wscript_build
index 23d55b9..297b3b8 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -564,6 +564,7 @@ LIBNET_SRC = 'libnet/libnet_join.c libnet/libnet_keytab.c'
 
 
 LIBNET_DSSYNC_SRC = '''libnet/libnet_dssync.c
+                       libnet/libnet_dssync_passdb.c
                        libnet/libnet_dssync_keytab.c'''
 
 LIBNET_SAMSYNC_SRC = '''libnet/libnet_samsync.c
@@ -1075,17 +1076,13 @@ bld.SAMBA_SUBSYSTEM('NDR_NBT_BUF',
 	deps='talloc',
 	autoproto='nbtname.h')
 
-bld.SAMBA_SUBSYSTEM('RPCCLI_SAMR',
-	source='../librpc/gen_ndr/cli_samr.c',
-	public_deps='RPC_NDR_SAMR')
-
 bld.SAMBA_SUBSYSTEM('RPCCLI_LSA',
 	source='../librpc/gen_ndr/cli_lsa.c',
 	public_deps='RPC_NDR_LSA')
 
 bld.SAMBA_SUBSYSTEM('LIBCLI_SAMR',
                     source=LIBCLI_SAMR_SRC,
-                    deps='RPCCLI_SAMR')
+                    deps='RPC_NDR_SAMR')
 
 bld.SAMBA_SUBSYSTEM('LIBCLI_LSA',
                     source=LIBCLI_LSA_SRC,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list