[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Feb 2 10:55:02 MST 2011
The branch, master has been updated
via ee5de71 s3-waf: remove RPCCLI_SAMR subsystem.
via 364ef35 s3-build: remove RPCCLI_SAMR subsytem.
via 50170d7 s3-net: prefer dcerpc_samr_X functions in net_rpc_join_newstyle.
via b53c0c8 s3-net: use status variable in net_rpc_join_newstyle.
via 175fbe0 s3-waf: fix the build after libnet changes.
from d038b45 s3: Fix a typo
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ee5de71796ad1985a3c0da0280567b301cc8204a
Author: Günther Deschner <gd at samba.org>
Date: Tue Jan 18 14:41:22 2011 +0100
s3-waf: remove RPCCLI_SAMR subsystem.
Guenther
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Wed Feb 2 18:54:38 CET 2011 on sn-devel-104
commit 364ef35afdee11202bdc657bc94b1ad84133d5ad
Author: Günther Deschner <gd at samba.org>
Date: Tue Jan 18 14:41:07 2011 +0100
s3-build: remove RPCCLI_SAMR subsytem.
Guenther
commit 50170d7fd5ef208755ed60f66bfa513f948a68f4
Author: Günther Deschner <gd at samba.org>
Date: Tue Jan 18 14:24:56 2011 +0100
s3-net: prefer dcerpc_samr_X functions in net_rpc_join_newstyle.
Guenther
commit b53c0c8c85a8a8bf35fc200bb340ef7cf3bf6949
Author: Günther Deschner <gd at samba.org>
Date: Tue Jan 18 14:13:23 2011 +0100
s3-net: use status variable in net_rpc_join_newstyle.
Guenther
commit 175fbe0bfc9c2754b202d06185d59358f0ac2ee9
Author: Günther Deschner <gd at samba.org>
Date: Wed Feb 2 17:01:08 2011 +0100
s3-waf: fix the build after libnet changes.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 3 +-
source3/utils/net_rpc_join.c | 164 ++++++++++++++++++++++++++----------------
source3/wscript_build | 7 +--
3 files changed, 104 insertions(+), 70 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index b891dcd..5771f40 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -372,8 +372,7 @@ LIBCLI_LSA_OBJ = librpc/gen_ndr/cli_lsa.o \
rpc_client/cli_lsarpc.o \
rpc_client/init_lsa.o
-LIBCLI_SAMR_OBJ = librpc/gen_ndr/cli_samr.o \
- librpc/gen_ndr/ndr_samr_c.o \
+LIBCLI_SAMR_OBJ = librpc/gen_ndr/ndr_samr_c.o \
rpc_client/cli_samr.o
LIBCLI_NETLOGON_OBJ = librpc/gen_ndr/ndr_netlogon_c.o \
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 5e67284..7759bde 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -23,7 +23,7 @@
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/cli_lsa.h"
#include "rpc_client/cli_lsarpc.h"
-#include "../librpc/gen_ndr/cli_samr.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/init_samr.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "rpc_client/cli_netlogon.h"
@@ -33,17 +33,41 @@
/* Macro for checking RPC error codes to make things more readable */
#define CHECK_RPC_ERR(rpc, msg) \
- if (!NT_STATUS_IS_OK(result = rpc)) { \
- DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
+ if (!NT_STATUS_IS_OK(status = rpc)) { \
+ DEBUG(0, (msg ": %s\n", nt_errstr(status))); \
goto done; \
}
+#define CHECK_DCERPC_ERR(rpc, msg) \
+ if (!NT_STATUS_IS_OK(status = rpc)) { \
+ DEBUG(0, (msg ": %s\n", nt_errstr(status))); \
+ goto done; \
+ } \
+ if (!NT_STATUS_IS_OK(result)) { \
+ status = result; \
+ DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
+ goto done; \
+ }
+
+
#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
- if (!NT_STATUS_IS_OK(result = rpc)) { \
+ if (!NT_STATUS_IS_OK(status = rpc)) { \
DEBUG(0, debug_args); \
goto done; \
}
+#define CHECK_DCERPC_ERR_DEBUG(rpc, debug_args) \
+ if (!NT_STATUS_IS_OK(status = rpc)) { \
+ DEBUG(0, debug_args); \
+ goto done; \
+ } \
+ if (!NT_STATUS_IS_OK(result)) { \
+ status = result; \
+ DEBUG(0, debug_args); \
+ goto done; \
+ }
+
+
/**
* confirm that a domain join is still valid
*
@@ -148,6 +172,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
enum netr_SchannelType sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
+ struct dcerpc_binding_handle *b = NULL;
/* rpc variables */
@@ -164,7 +189,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* Misc */
- NTSTATUS result;
+ NTSTATUS status, result;
int retval = 1;
const char *domain = NULL;
char *acct_name;
@@ -175,6 +200,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
struct samr_Ids user_rids;
struct samr_Ids name_types;
+
/* check what type of join */
if (argc >= 0) {
sec_channel_type = get_sec_channel_type(argv[0]);
@@ -202,8 +228,8 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* Make authenticated connection to remote machine */
- result = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
- if (!NT_STATUS_IS_OK(result)) {
+ status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
+ if (!NT_STATUS_IS_OK(status)) {
return 1;
}
@@ -214,11 +240,11 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* Fetch domain sid */
- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
&pipe_hnd);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
- nt_errstr(result) ));
+ nt_errstr(status) ));
goto done;
}
@@ -247,34 +273,38 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
}
/* Create domain user */
- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
&pipe_hnd);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
- nt_errstr(result) ));
+ nt_errstr(status) ));
goto done;
}
- CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
- pipe_hnd->desthost,
- SAMR_ACCESS_ENUM_DOMAINS
- | SAMR_ACCESS_LOOKUP_DOMAIN,
- &sam_pol),
+ b = pipe_hnd->binding_handle;
+
+ CHECK_DCERPC_ERR(dcerpc_samr_Connect2(b, mem_ctx,
+ pipe_hnd->desthost,
+ SAMR_ACCESS_ENUM_DOMAINS
+ | SAMR_ACCESS_LOOKUP_DOMAIN,
+ &sam_pol,
+ &result),
"could not connect to SAM database");
- CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
- &sam_pol,
- SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
- | SAMR_DOMAIN_ACCESS_CREATE_USER
- | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
- domain_sid,
- &domain_pol),
+ CHECK_DCERPC_ERR(dcerpc_samr_OpenDomain(b, mem_ctx,
+ &sam_pol,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+ | SAMR_DOMAIN_ACCESS_CREATE_USER
+ | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ domain_sid,
+ &domain_pol,
+ &result),
"could not open domain");
/* Create domain user */
if ((acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname())) == NULL) {
- result = NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
goto done;
}
strlower_m(acct_name);
@@ -289,17 +319,21 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
- result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ status = dcerpc_samr_CreateUser2(b, mem_ctx,
&domain_pol,
&lsa_acct_name,
acb_info,
acct_flags,
&user_pol,
&access_granted,
- &user_rid);
-
+ &user_rid,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
+ status = result;
d_fprintf(stderr,_("Creation of workstation account failed\n"));
/* If NT_STATUS_ACCESS_DENIED then we have a valid
@@ -316,17 +350,18 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* We *must* do this.... don't ask... */
if (NT_STATUS_IS_OK(result)) {
- rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
}
- CHECK_RPC_ERR_DEBUG(rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
- &domain_pol,
- 1,
- &lsa_acct_name,
- &user_rids,
- &name_types),
- ("error looking up rid for user %s: %s\n",
- acct_name, nt_errstr(result)));
+ CHECK_DCERPC_ERR_DEBUG(dcerpc_samr_LookupNames(b, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types,
+ &result),
+ ("error looking up rid for user %s: %s/%s\n",
+ acct_name, nt_errstr(status), nt_errstr(result)));
if (name_types.ids[0] != SID_NAME_USER) {
DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
@@ -337,14 +372,15 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* Open handle on user */
- CHECK_RPC_ERR_DEBUG(
- rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ CHECK_DCERPC_ERR_DEBUG(
+ dcerpc_samr_OpenUser(b, mem_ctx,
&domain_pol,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
- &user_pol),
- ("could not re-open existing user %s: %s\n",
- acct_name, nt_errstr(result)));
+ &user_pol,
+ &result),
+ ("could not re-open existing user %s: %s/%s\n",
+ acct_name, nt_errstr(status), nt_errstr(result)));
/* Create a random machine account password */
@@ -360,10 +396,11 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
set_info.info24.password = crypt_pwd;
set_info.info24.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
- CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
- &user_pol,
- 24,
- &set_info),
+ CHECK_DCERPC_ERR(dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ &user_pol,
+ 24,
+ &set_info,
+ &result),
"error setting trust account password");
/* Why do we have to try to (re-)set the ACB to be the same as what
@@ -380,25 +417,26 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* Ignoring the return value is necessary for joining a domain
as a normal user with "Add workstation to domain" privilege. */
- result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ status = dcerpc_samr_SetUserInfo(b, mem_ctx,
&user_pol,
16,
- &set_info);
+ &set_info,
+ &result);
- rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
TALLOC_FREE(pipe_hnd); /* Done with this pipe */
/* Now check the whole process from top-to-bottom */
- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
&pipe_hnd);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n",
- nt_errstr(result) ));
+ nt_errstr(status) ));
goto done;
}
- result = rpccli_netlogon_setup_creds(pipe_hnd,
+ status = rpccli_netlogon_setup_creds(pipe_hnd,
cli->desthost, /* server name */
domain, /* domain */
global_myname(), /* client name */
@@ -407,11 +445,11 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
sec_channel_type,
&neg_flags);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Error in domain join verification (credential setup failed): %s\n\n",
- nt_errstr(result)));
+ nt_errstr(status)));
- if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+ if ( NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
(sec_channel_type == SEC_CHAN_BDC) ) {
d_fprintf(stderr, _("Please make sure that no computer "
"account\nnamed like this machine "
@@ -430,16 +468,16 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
struct rpc_pipe_client *netlogon_schannel_pipe;
- result = cli_rpc_pipe_open_schannel_with_key(
+ status = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
&netlogon_schannel_pipe);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
- nt_errstr(result)));
+ nt_errstr(status)));
- if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+ if ( NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
(sec_channel_type == SEC_CHAN_BDC) ) {
d_fprintf(stderr, _("Please make sure that no "
"computer account\nnamed "
@@ -469,8 +507,8 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
}
/* double-check, connection from scratch */
- result = net_rpc_join_ok(c, domain, cli->desthost, &cli->dest_ss);
- retval = NT_STATUS_IS_OK(result) ? 0 : -1;
+ status = net_rpc_join_ok(c, domain, cli->desthost, &cli->dest_ss);
+ retval = NT_STATUS_IS_OK(status) ? 0 : -1;
done:
diff --git a/source3/wscript_build b/source3/wscript_build
index 23d55b9..297b3b8 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -564,6 +564,7 @@ LIBNET_SRC = 'libnet/libnet_join.c libnet/libnet_keytab.c'
LIBNET_DSSYNC_SRC = '''libnet/libnet_dssync.c
+ libnet/libnet_dssync_passdb.c
libnet/libnet_dssync_keytab.c'''
LIBNET_SAMSYNC_SRC = '''libnet/libnet_samsync.c
@@ -1075,17 +1076,13 @@ bld.SAMBA_SUBSYSTEM('NDR_NBT_BUF',
deps='talloc',
autoproto='nbtname.h')
-bld.SAMBA_SUBSYSTEM('RPCCLI_SAMR',
- source='../librpc/gen_ndr/cli_samr.c',
- public_deps='RPC_NDR_SAMR')
-
bld.SAMBA_SUBSYSTEM('RPCCLI_LSA',
source='../librpc/gen_ndr/cli_lsa.c',
public_deps='RPC_NDR_LSA')
bld.SAMBA_SUBSYSTEM('LIBCLI_SAMR',
source=LIBCLI_SAMR_SRC,
- deps='RPCCLI_SAMR')
+ deps='RPC_NDR_SAMR')
bld.SAMBA_SUBSYSTEM('LIBCLI_LSA',
source=LIBCLI_LSA_SRC,
--
Samba Shared Repository
More information about the samba-cvs
mailing list