Samba 4 libnet_join and RPC-JOIN torture test

Brad Henry j0j0 at riod.ca
Sun Sep 11 18:45:59 GMT 2005 

Andrew Bartlett wrote:

>On Sat, 2005-09-10 at 23:34 -0600, Brad Henry wrote:
>  
>
>>Brad Henry wrote:
>>
>>    
>>
>>>Andrew Bartlett wrote:
>>>
>>>      
>>>
>
>  
>
>>>>I'm still a little unclear on your BDC behaviours.  If we are already a
>>>>BDC, and 'rejoin' as a member, or we are a member and join as a BDC,
>>>>what happens?
>>>>
>>>>Andrew Bartlett
>>>>
>>>> 
>>>>
>>>>        
>>>>
>>>Nothing happens!
>>>If we are a BDC, and attempt to rejoin as a member, we remain a BDC.
>>>If we are a member and rejoin as a BDC, we remain a member.
>>>
>>>Brad
>>>
>>>
>>>      
>>>
>>That's probably not the best description. What happens is that the 
>>server remains in its role, and the appropriate libnet_Join or 
>>libnet_JoinDomain struct is filled in and returned to the caller.
>>    
>>
>
>Do you change any other flags (such as 'disabled') that may be set, and
>need clearing?  I'm still not sure that remaining in the role is the
>right behaviour, but perhaps we just need to build up the alternate
>toolset to show how it 'should' work.  (I support a 'net promo', that
>creates a BDC and does the sync).
>
>Andrew Bartlett
>
>  
>

libnet_JoinDomain() attempts an dcerpc_samr_CreateUser2() call. If it 
returns NT_STATUS_USER_EXISTS, the function calls 
dcerpc_samr_LookupNames() and dcerpc_samr_OpenUser() to get information 
like the account RID and user handle for the libnet_JoinDomain struct, 
and then a later test avoids changing any account flags.

What does get changed is the account password, which I don't think is 
bad. If that's not correct, libnet_JoinDomain() keeps the return status 
of the CreateUser2() call throughout, so we could just wrap the 
libnet_SetPassword() call in an 'NT_STATUS_EQUAL(cu_status, 
NT_STATUS_USER_EXISTS)' test. We would then have to retrieve the current 
account password though.

My concern with having the libnet join routines "upgrade" or "downgrade" 
accounts by default is that it would be very easy to do accidentally. I 
think that the functionality of something like 'net promo' / 'net 
demote' and 'net join' / 'net leave' would be less likely to be misused.

Brad

More information about the samba-technical mailing list