[PATCH] Remove nt4-replication based code
Jeremy Allison
jra at samba.org
Wed Sep 20 18:32:56 UTC 2017
On Wed, Sep 20, 2017 at 07:49:44AM +0200, Volker Lendecke via samba-technical wrote:
> Hi!
>
> As discussed with gd and metze, here's a patch that removes users of
> code that nobody noticed to be broken since 2013.
>
> Review appreciated!
Thank goodness for that !
RB+. Pushed.
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 92bfbd0586f4d8f70e5da1a8d76fd857727178dd Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 14:33:07 -0700
> Subject: [PATCH 1/8] rpcclient: Remove sam_sync related commands
>
> These three commands don't use the netlogon credential chain
> correctly. They are missing the netlogon_creds_store after the dcerpc
> call, so they destroy the correct use of the netlogon creds.
>
> The only valid server for these calls that I know of would be NT4, and
> that should be gone long ago.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/rpcclient/cmd_netlogon.c | 352 ---------------------------------------
> 1 file changed, 352 deletions(-)
>
> diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
> index 4488ec2e0d9..88576aeb88b 100644
> --- a/source3/rpcclient/cmd_netlogon.c
> +++ b/source3/rpcclient/cmd_netlogon.c
> @@ -483,290 +483,6 @@ static WERROR cmd_netlogon_logon_ctrl(struct rpc_pipe_client *cli,
> return werr;
> }
>
> -/* Display sam synchronisation information */
> -
> -static void display_sam_sync(struct netr_DELTA_ENUM_ARRAY *r)
> -{
> - uint32_t i, j;
> -
> - for (i=0; i < r->num_deltas; i++) {
> -
> - union netr_DELTA_UNION u = r->delta_enum[i].delta_union;
> - union netr_DELTA_ID_UNION id = r->delta_enum[i].delta_id_union;
> -
> - switch (r->delta_enum[i].delta_type) {
> - case NETR_DELTA_DOMAIN:
> - printf("Domain: %s\n",
> - u.domain->domain_name.string);
> - break;
> - case NETR_DELTA_GROUP:
> - printf("Group: %s\n",
> - u.group->group_name.string);
> - break;
> - case NETR_DELTA_DELETE_GROUP:
> - printf("Delete Group: %d\n",
> - id.rid);
> - break;
> - case NETR_DELTA_RENAME_GROUP:
> - printf("Rename Group: %s -> %s\n",
> - u.rename_group->OldName.string,
> - u.rename_group->NewName.string);
> - break;
> - case NETR_DELTA_USER:
> - printf("Account: %s\n",
> - u.user->account_name.string);
> - break;
> - case NETR_DELTA_DELETE_USER:
> - printf("Delete User: %d\n",
> - id.rid);
> - break;
> - case NETR_DELTA_RENAME_USER:
> - printf("Rename user: %s -> %s\n",
> - u.rename_user->OldName.string,
> - u.rename_user->NewName.string);
> - break;
> - case NETR_DELTA_GROUP_MEMBER:
> - for (j=0; j < u.group_member->num_rids; j++) {
> - printf("rid 0x%x, attrib 0x%08x\n",
> - u.group_member->rids[j],
> - u.group_member->attribs[j]);
> - }
> - break;
> - case NETR_DELTA_ALIAS:
> - printf("Alias: %s\n",
> - u.alias->alias_name.string);
> - break;
> - case NETR_DELTA_DELETE_ALIAS:
> - printf("Delete Alias: %d\n",
> - id.rid);
> - break;
> - case NETR_DELTA_RENAME_ALIAS:
> - printf("Rename alias: %s -> %s\n",
> - u.rename_alias->OldName.string,
> - u.rename_alias->NewName.string);
> - break;
> - case NETR_DELTA_ALIAS_MEMBER:
> - for (j=0; j < u.alias_member->sids.num_sids; j++) {
> - fstring sid_str;
> - sid_to_fstring(sid_str,
> - u.alias_member->sids.sids[j].sid);
> - printf("%s\n", sid_str);
> - }
> - break;
> - case NETR_DELTA_POLICY:
> - printf("Policy: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_TRUSTED_DOMAIN:
> - printf("Trusted Domain: %s\n",
> - u.trusted_domain->domain_name.string);
> - break;
> - case NETR_DELTA_DELETE_TRUST:
> - printf("Delete Trust: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_ACCOUNT:
> - printf("Account: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_DELETE_ACCOUNT:
> - printf("Delete Account: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_SECRET:
> - printf("Secret: %s\n",
> - id.name);
> - break;
> - case NETR_DELTA_DELETE_SECRET:
> - printf("Delete Secret: %s\n",
> - id.name);
> - break;
> - case NETR_DELTA_DELETE_GROUP2:
> - printf("Delete Group2: %s\n",
> - u.delete_group->account_name);
> - break;
> - case NETR_DELTA_DELETE_USER2:
> - printf("Delete User2: %s\n",
> - u.delete_user->account_name);
> - break;
> - case NETR_DELTA_MODIFY_COUNT:
> - printf("sam sequence update: 0x%016llx\n",
> - (unsigned long long) *u.modified_count);
> - break;
> - default:
> - printf("unknown delta type 0x%02x\n",
> - r->delta_enum[i].delta_type);
> - break;
> - }
> - }
> -}
> -
> -/* Perform sam synchronisation */
> -
> -static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli,
> - TALLOC_CTX *mem_ctx, int argc,
> - const char **argv)
> -{
> - NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
> - NTSTATUS status;
> - const char *logon_server = cli->desthost;
> - const char *computername = lp_netbios_name();
> - struct netr_Authenticator credential;
> - struct netr_Authenticator return_authenticator;
> - enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
> - uint16_t restart_state = 0;
> - uint32_t sync_context = 0;
> - struct dcerpc_binding_handle *b = cli->binding_handle;
> -
> - if (argc > 2) {
> - fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
> - return NT_STATUS_OK;
> - }
> -
> - if (argc == 2) {
> - database_id = atoi(argv[1]);
> - }
> -
> - /* Synchronise sam database */
> -
> - do {
> - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
> - struct netlogon_creds_CredentialState *creds = NULL;
> -
> - if (rpcclient_netlogon_creds == NULL) {
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - status = netlogon_creds_cli_lock(rpcclient_netlogon_creds,
> - mem_ctx, &creds);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - netlogon_creds_client_authenticator(creds, &credential);
> -
> - status = dcerpc_netr_DatabaseSync2(b, mem_ctx,
> - logon_server,
> - computername,
> - &credential,
> - &return_authenticator,
> - database_id,
> - restart_state,
> - &sync_context,
> - &delta_enum_array,
> - 0xffff,
> - &result);
> - if (!NT_STATUS_IS_OK(status)) {
> - TALLOC_FREE(creds);
> - return status;
> - }
> -
> - /* Check returned credentials. */
> - if (!netlogon_creds_client_check(creds,
> - &return_authenticator.cred)) {
> - DEBUG(0,("credentials chain check failed\n"));
> - TALLOC_FREE(creds);
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - TALLOC_FREE(creds);
> -
> - if (NT_STATUS_IS_ERR(result)) {
> - break;
> - }
> -
> - /* Display results */
> -
> - display_sam_sync(delta_enum_array);
> -
> - TALLOC_FREE(delta_enum_array);
> -
> - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
> -
> - return result;
> -}
> -
> -/* Perform sam delta synchronisation */
> -
> -static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli,
> - TALLOC_CTX *mem_ctx, int argc,
> - const char **argv)
> -{
> - NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
> - NTSTATUS status;
> - uint32_t tmp;
> - const char *logon_server = cli->desthost;
> - const char *computername = lp_netbios_name();
> - struct netr_Authenticator credential;
> - struct netr_Authenticator return_authenticator;
> - enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
> - uint64_t sequence_num;
> - struct dcerpc_binding_handle *b = cli->binding_handle;
> -
> - if (argc != 3) {
> - fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]);
> - return NT_STATUS_OK;
> - }
> -
> - database_id = atoi(argv[1]);
> - tmp = atoi(argv[2]);
> -
> - sequence_num = tmp & 0xffff;
> -
> - do {
> - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
> - struct netlogon_creds_CredentialState *creds = NULL;
> -
> - if (rpcclient_netlogon_creds == NULL) {
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - status = netlogon_creds_cli_lock(rpcclient_netlogon_creds,
> - mem_ctx, &creds);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - netlogon_creds_client_authenticator(creds, &credential);
> -
> - status = dcerpc_netr_DatabaseDeltas(b, mem_ctx,
> - logon_server,
> - computername,
> - &credential,
> - &return_authenticator,
> - database_id,
> - &sequence_num,
> - &delta_enum_array,
> - 0xffff,
> - &result);
> - if (!NT_STATUS_IS_OK(status)) {
> - TALLOC_FREE(creds);
> - return status;
> - }
> -
> - /* Check returned credentials. */
> - if (!netlogon_creds_client_check(creds,
> - &return_authenticator.cred)) {
> - DEBUG(0,("credentials chain check failed\n"));
> - TALLOC_FREE(creds);
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - TALLOC_FREE(creds);
> -
> - if (NT_STATUS_IS_ERR(result)) {
> - break;
> - }
> -
> - /* Display results */
> -
> - display_sam_sync(delta_enum_array);
> -
> - TALLOC_FREE(delta_enum_array);
> -
> - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
> -
> - return result;
> -}
> -
> /* Log on a domain user */
>
> static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
> @@ -1158,71 +874,6 @@ static WERROR cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client *cli,
> return werr;
> }
>
> -static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
> - TALLOC_CTX *mem_ctx, int argc,
> - const char **argv)
> -{
> - NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
> - NTSTATUS result;
> - const char *server_name = cli->desthost;
> - struct netr_Authenticator clnt_creds, srv_cred;
> - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
> - struct netr_ChangeLogEntry e;
> - uint32_t rid = 500;
> - struct dcerpc_binding_handle *b = cli->binding_handle;
> - struct netlogon_creds_CredentialState *creds = NULL;
> -
> - if (argc > 2) {
> - fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
> - return NT_STATUS_OK;
> - }
> -
> - if (argc == 2) {
> - sscanf(argv[1], "%d", &rid);
> - }
> -
> - if (rpcclient_netlogon_creds == NULL) {
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - status = netlogon_creds_cli_lock(rpcclient_netlogon_creds,
> - mem_ctx, &creds);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - netlogon_creds_client_authenticator(creds, &clnt_creds);
> -
> - ZERO_STRUCT(e);
> -
> - e.object_rid = rid;
> - e.db_index = SAM_DATABASE_DOMAIN;
> - e.delta_type = NETR_DELTA_USER;
> -
> - status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
> - server_name,
> - lp_netbios_name(),
> - &clnt_creds,
> - &srv_cred,
> - e,
> - 0, /* is calculated automatically */
> - &delta_enum_array,
> - &result);
> - if (!NT_STATUS_IS_OK(status)) {
> - TALLOC_FREE(creds);
> - return status;
> - }
> -
> - if (!netlogon_creds_client_check(creds, &srv_cred.cred)) {
> - DEBUG(0,("credentials chain check failed\n"));
> - TALLOC_FREE(creds);
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - TALLOC_FREE(creds);
> -
> - return result;
> -}
> -
> static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli,
> TALLOC_CTX *mem_ctx, int argc,
> const char **argv)
> @@ -1300,8 +951,6 @@ struct cmd_set netlogon_commands[] = {
> { "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, &ndr_table_netlogon, NULL, "Get sitename", "" },
> { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, &ndr_table_netlogon, NULL, "Get Forest Trust Info", "" },
> { "logonctrl", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, &ndr_table_netlogon, NULL, "Logon Control", "" },
> - { "samsync", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync, NULL, &ndr_table_netlogon, NULL, "Sam Synchronisation", "", .use_netlogon_creds = true, },
> - { "samdeltas", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas, NULL, &ndr_table_netlogon, NULL, "Query Sam Deltas", "", .use_netlogon_creds = true, },
> { "samlogon", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon, NULL, &ndr_table_netlogon, NULL, "Sam Logon", "", .use_netlogon_creds = true, },
> { "change_trust_pw", RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw, NULL, &ndr_table_netlogon, NULL, "Change Trust Account Password", "", .use_netlogon_creds = true, },
> { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, &ndr_table_netlogon, NULL, "Get trust rid", "" },
> @@ -1311,7 +960,6 @@ struct cmd_set netlogon_commands[] = {
> { "netrenumtrusteddomains", RPC_RTYPE_NTSTATUS, cmd_netlogon_enumtrusteddomains, NULL, &ndr_table_netlogon, NULL, "Enumerate trusted domains", "" },
> { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon, NULL, "Enumerate trusted domains", "" },
> { "getdcsitecoverage", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcsitecoverage, &ndr_table_netlogon, NULL, "Get the Site-Coverage from a DC", "" },
> - { "database_redo", RPC_RTYPE_NTSTATUS, cmd_netlogon_database_redo, NULL, &ndr_table_netlogon, NULL, "Replicate single object from a DC", "", .use_netlogon_creds = true, },
> { "capabilities", RPC_RTYPE_NTSTATUS, cmd_netlogon_capabilities, NULL, &ndr_table_netlogon, NULL, "Return Capabilities", "", .use_netlogon_creds = true, },
>
> { NULL }
> --
> 2.11.0
>
>
> From efa6b9be6b5763f13612b3ecff4693522170f79a Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:02:09 -0700
> Subject: [PATCH 2/8] net: Remove rpc samdump
>
> This uses the NT4 replication commands. Samba does not have a server
> for this, no tests, and whoever needs to migrate a native domain can
> use an old Samba version
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/utils/net_proto.h | 8 --------
> source3/utils/net_rpc.c | 24 ----------------------
> source3/utils/net_rpc_samsync.c | 45 -----------------------------------------
> 3 files changed, 77 deletions(-)
>
> diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
> index f0ae538cbc4..85fe868e076 100644
> --- a/source3/utils/net_proto.h
> +++ b/source3/utils/net_proto.h
> @@ -317,14 +317,6 @@ struct rpc_sh_cmd *net_rpc_rights_cmds(struct net_context *c, TALLOC_CTX *mem_ct
>
> /* The following definitions come from utils/net_rpc_samsync.c */
>
> -NTSTATUS rpc_samdump_internals(struct net_context *c,
> - const struct dom_sid *domain_sid,
> - const char *domain_name,
> - struct cli_state *cli,
> - struct rpc_pipe_client *pipe_hnd,
> - TALLOC_CTX *mem_ctx,
> - int argc,
> - const char **argv);
> int rpc_vampire_usage(struct net_context *c, int argc, const char **argv);
> int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv);
> int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv);
> diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
> index 80536e5ab5e..51517e6f185 100644
> --- a/source3/utils/net_rpc.c
> +++ b/source3/utils/net_rpc.c
> @@ -7438,22 +7438,6 @@ bool net_rpc_check(struct net_context *c, unsigned flags)
> return ret;
> }
>
> -/* dump sam database via samsync rpc calls */
> -static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
> - if (c->display_usage) {
> - d_printf( "%s\n"
> - "net rpc samdump\n"
> - " %s\n",
> - _("Usage:"),
> - _("Dump remote SAM database"));
> - return 0;
> - }
> -
> - return run_rpc_command(c, NULL, &ndr_table_netlogon,
> - NET_FLAGS_ANONYMOUS,
> - rpc_samdump_internals, argc, argv);
> -}
> -
> /* syncronise sam database via samsync rpc calls */
> static int rpc_vampire(struct net_context *c, int argc, const char **argv)
> {
> @@ -8268,14 +8252,6 @@ int net_rpc(struct net_context *c, int argc, const char **argv)
> " Shutdown a remote server")
> },
> {
> - "samdump",
> - rpc_samdump,
> - NET_TRANSPORT_RPC,
> - N_("Dump SAM data of remote NT PDC"),
> - N_("net rpc samdump\n"
> - " Dump SAM data of remote NT PDC")
> - },
> - {
> "vampire",
> rpc_vampire,
> NET_TRANSPORT_RPC,
> diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
> index 6377ad44698..32045606e5e 100644
> --- a/source3/utils/net_rpc_samsync.c
> +++ b/source3/utils/net_rpc_samsync.c
> @@ -107,51 +107,6 @@ static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
> }
> }
>
> -/* dump sam database via samsync rpc calls */
> -NTSTATUS rpc_samdump_internals(struct net_context *c,
> - const struct dom_sid *domain_sid,
> - const char *domain_name,
> - struct cli_state *cli,
> - struct rpc_pipe_client *pipe_hnd,
> - TALLOC_CTX *mem_ctx,
> - int argc,
> - const char **argv)
> -{
> - struct samsync_context *ctx = NULL;
> - NTSTATUS status;
> -
> - status = libnet_samsync_init_context(mem_ctx,
> - domain_sid,
> - &ctx);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - ctx->mode = NET_SAMSYNC_MODE_DUMP;
> - ctx->cli = pipe_hnd;
> - ctx->netlogon_creds = c->netlogon_creds;
> - ctx->ops = &libnet_samsync_display_ops;
> - ctx->domain_name = domain_name;
> -
> - ctx->force_full_replication = c->opt_force_full_repl ? true : false;
> - ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
> -
> - parse_samsync_partial_replication_objects(ctx, argc, argv,
> - &ctx->single_object_replication,
> - &ctx->objects,
> - &ctx->num_objects);
> -
> - libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
> -
> - libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
> -
> - libnet_samsync(SAM_DATABASE_PRIVS, ctx);
> -
> - TALLOC_FREE(ctx);
> -
> - return NT_STATUS_OK;
> -}
> -
> /**
> * Basic usage function for 'net rpc vampire'
> *
> --
> 2.11.0
>
>
> From 19d653ff8fb3a31f6219723b9946aec81c65c011 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:03:43 -0700
> Subject: [PATCH 3/8] net: Remove rpc vampire from NT4 domains
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/utils/net_rpc_samsync.c | 94 +----------------------------------------
> 1 file changed, 2 insertions(+), 92 deletions(-)
>
> diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
> index 32045606e5e..9b9d97041c3 100644
> --- a/source3/utils/net_rpc_samsync.c
> +++ b/source3/utils/net_rpc_samsync.c
> @@ -184,85 +184,6 @@ static NTSTATUS rpc_vampire_ds_internals(struct net_context *c,
> return status;
> }
>
> -/* dump sam database via samsync rpc calls */
> -static NTSTATUS rpc_vampire_internals(struct net_context *c,
> - const struct dom_sid *domain_sid,
> - const char *domain_name,
> - struct cli_state *cli,
> - struct rpc_pipe_client *pipe_hnd,
> - TALLOC_CTX *mem_ctx,
> - int argc,
> - const char **argv)
> -{
> - NTSTATUS result;
> - struct samsync_context *ctx = NULL;
> -
> - if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
> - d_printf(_("Cannot import users from %s at this time, "
> - "as the current domain:\n\t%s: %s\nconflicts "
> - "with the remote domain\n\t%s: %s\n"
> - "Perhaps you need to set: \n\n\tsecurity=user\n\t"
> - "workgroup=%s\n\n in your smb.conf?\n"),
> - domain_name,
> - get_global_sam_name(),
> - sid_string_dbg(get_global_sam_sid()),
> - domain_name,
> - sid_string_dbg(domain_sid),
> - domain_name);
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - result = libnet_samsync_init_context(mem_ctx,
> - domain_sid,
> - &ctx);
> - if (!NT_STATUS_IS_OK(result)) {
> - return result;
> - }
> -
> - ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB;
> - ctx->cli = pipe_hnd;
> - ctx->ops = &libnet_samsync_passdb_ops;
> - ctx->domain_name = domain_name;
> -
> - ctx->force_full_replication = c->opt_force_full_repl ? true : false;
> - ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
> -
> - parse_samsync_partial_replication_objects(ctx, argc, argv,
> - &ctx->single_object_replication,
> - &ctx->objects,
> - &ctx->num_objects);
> -
> - /* fetch domain */
> - result = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
> -
> - if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
> - d_fprintf(stderr, "%s\n", ctx->error_message);
> - goto fail;
> - }
> -
> - if (ctx->result_message) {
> - d_fprintf(stdout, "%s\n", ctx->result_message);
> - }
> -
> - /* fetch builtin */
> - ctx->domain_sid = dom_sid_dup(mem_ctx, &global_sid_Builtin);
> - ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
> - result = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
> -
> - if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
> - d_fprintf(stderr, "%s\n", ctx->error_message);
> - goto fail;
> - }
> -
> - if (ctx->result_message) {
> - d_fprintf(stdout, "%s\n", ctx->result_message);
> - }
> -
> - fail:
> - TALLOC_FREE(ctx);
> - return result;
> -}
> -
> int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
> {
> int ret = 0;
> @@ -290,11 +211,8 @@ int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
> }
>
> if (!dc_info.is_ad) {
> - printf(_("DC is not running Active Directory\n"));
> - ret = run_rpc_command(c, cli, &ndr_table_netlogon,
> - 0,
> - rpc_vampire_internals, argc, argv);
> - return ret;
> + printf(_("DC is not running Active Directory, exiting\n"));
> + return -1;
> }
>
> if (!c->opt_force) {
> @@ -309,14 +227,6 @@ int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
> ret = run_rpc_command(c, cli, &ndr_table_drsuapi,
> NET_FLAGS_SEAL | NET_FLAGS_TCP,
> rpc_vampire_ds_internals, argc, argv);
> - if (ret != 0 && dc_info.is_mixed_mode) {
> - printf(_("Fallback to NT4 vampire on Mixed-Mode AD "
> - "Domain\n"));
> - ret = run_rpc_command(c, cli, &ndr_table_netlogon,
> - 0,
> - rpc_vampire_internals, argc, argv);
> - }
> -
> return ret;
> }
>
> --
> 2.11.0
>
>
> From 19113fa140c62bda96c2d1836d9bc1f2b25d9e13 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:06:11 -0700
> Subject: [PATCH 4/8] net: Remove NT4-based rpc vampire ldif
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/utils/net_proto.h | 1 -
> source3/utils/net_rpc.c | 9 -----
> source3/utils/net_rpc_samsync.c | 85 -----------------------------------------
> 3 files changed, 95 deletions(-)
>
> diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
> index 85fe868e076..293685c18d4 100644
> --- a/source3/utils/net_proto.h
> +++ b/source3/utils/net_proto.h
> @@ -319,7 +319,6 @@ struct rpc_sh_cmd *net_rpc_rights_cmds(struct net_context *c, TALLOC_CTX *mem_ct
>
> int rpc_vampire_usage(struct net_context *c, int argc, const char **argv);
> int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv);
> -int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv);
> int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv);
>
> /* The following definitions come from utils/net_rpc_service.c */
> diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
> index 51517e6f185..8a989d790f2 100644
> --- a/source3/utils/net_rpc.c
> +++ b/source3/utils/net_rpc.c
> @@ -7443,15 +7443,6 @@ static int rpc_vampire(struct net_context *c, int argc, const char **argv)
> {
> struct functable func[] = {
> {
> - "ldif",
> - rpc_vampire_ldif,
> - NET_TRANSPORT_RPC,
> - N_("Dump remote SAM database to ldif"),
> - N_("net rpc vampire ldif\n"
> - " Dump remote SAM database to LDIF file or "
> - "stdout")
> - },
> - {
> "keytab",
> rpc_vampire_keytab,
> NET_TRANSPORT_RPC,
> diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
> index 9b9d97041c3..7cfd0abfde7 100644
> --- a/source3/utils/net_rpc_samsync.c
> +++ b/source3/utils/net_rpc_samsync.c
> @@ -230,91 +230,6 @@ int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
> return ret;
> }
>
> -static NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
> - const struct dom_sid *domain_sid,
> - const char *domain_name,
> - struct cli_state *cli,
> - struct rpc_pipe_client *pipe_hnd,
> - TALLOC_CTX *mem_ctx,
> - int argc,
> - const char **argv)
> -{
> - NTSTATUS status;
> - struct samsync_context *ctx = NULL;
> -
> - status = libnet_samsync_init_context(mem_ctx,
> - domain_sid,
> - &ctx);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - if (argc >= 1) {
> - ctx->output_filename = argv[0];
> - }
> - if (argc >= 2) {
> - parse_samsync_partial_replication_objects(ctx, argc-1, argv+1,
> - &ctx->single_object_replication,
> - &ctx->objects,
> - &ctx->num_objects);
> - }
> -
> - ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF;
> - ctx->cli = pipe_hnd;
> - ctx->ops = &libnet_samsync_ldif_ops;
> - ctx->domain_name = domain_name;
> -
> - ctx->force_full_replication = c->opt_force_full_repl ? true : false;
> - ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
> -
> - /* fetch domain */
> - status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
> -
> - if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
> - d_fprintf(stderr, "%s\n", ctx->error_message);
> - goto fail;
> - }
> -
> - if (ctx->result_message) {
> - d_fprintf(stdout, "%s\n", ctx->result_message);
> - }
> -
> - /* fetch builtin */
> - ctx->domain_sid = dom_sid_dup(mem_ctx, &global_sid_Builtin);
> - ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
> - status = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
> -
> - if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
> - d_fprintf(stderr, "%s\n", ctx->error_message);
> - goto fail;
> - }
> -
> - if (ctx->result_message) {
> - d_fprintf(stdout, "%s\n", ctx->result_message);
> - }
> -
> - fail:
> - TALLOC_FREE(ctx);
> - return status;
> -}
> -
> -int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
> -{
> - if (c->display_usage) {
> - d_printf( "%s\n"
> - "net rpc vampire ldif\n"
> - " %s\n",
> - _("Usage:"),
> - _("Dump remote SAM database to LDIF file or "
> - "stdout"));
> - return 0;
> - }
> -
> - return run_rpc_command(c, NULL, &ndr_table_netlogon, 0,
> - rpc_vampire_ldif_internals, argc, argv);
> -}
> -
> -
> static NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
> const struct dom_sid *domain_sid,
> const char *domain_name,
> --
> 2.11.0
>
>
> From 1796a74810716a4f91b7d9723b5c7bf52876b682 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:09:05 -0700
> Subject: [PATCH 5/8] net: Remove NT4-based vampire keytab
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/utils/net_rpc_samsync.c | 160 ++--------------------------------------
> 1 file changed, 5 insertions(+), 155 deletions(-)
>
> diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
> index 7cfd0abfde7..8b19afabc8d 100644
> --- a/source3/utils/net_rpc_samsync.c
> +++ b/source3/utils/net_rpc_samsync.c
> @@ -32,81 +32,6 @@
> #include "../libcli/security/security.h"
> #include "passdb/machine_sid.h"
>
> -static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
> - int argc,
> - const char **argv,
> - bool *do_single_object_replication,
> - struct samsync_object **objects,
> - uint32_t *num_objects)
> -{
> - int i;
> -
> - if (argc > 0) {
> - *do_single_object_replication = true;
> - }
> -
> - for (i=0; i<argc; i++) {
> -
> - struct samsync_object o;
> -
> - ZERO_STRUCT(o);
> -
> - if (!strncasecmp_m(argv[i], "user_rid=", strlen("user_rid="))) {
> - o.object_identifier.rid = get_int_param(argv[i]);
> - o.object_type = NETR_DELTA_USER;
> - o.database_id = SAM_DATABASE_DOMAIN;
> - }
> - if (!strncasecmp_m(argv[i], "group_rid=", strlen("group_rid="))) {
> - o.object_identifier.rid = get_int_param(argv[i]);
> - o.object_type = NETR_DELTA_GROUP;
> - o.database_id = SAM_DATABASE_DOMAIN;
> - }
> - if (!strncasecmp_m(argv[i], "group_member_rid=", strlen("group_member_rid="))) {
> - o.object_identifier.rid = get_int_param(argv[i]);
> - o.object_type = NETR_DELTA_GROUP_MEMBER;
> - o.database_id = SAM_DATABASE_DOMAIN;
> - }
> - if (!strncasecmp_m(argv[i], "alias_rid=", strlen("alias_rid="))) {
> - o.object_identifier.rid = get_int_param(argv[i]);
> - o.object_type = NETR_DELTA_ALIAS;
> - o.database_id = SAM_DATABASE_BUILTIN;
> - }
> - if (!strncasecmp_m(argv[i], "alias_member_rid=", strlen("alias_member_rid="))) {
> - o.object_identifier.rid = get_int_param(argv[i]);
> - o.object_type = NETR_DELTA_ALIAS_MEMBER;
> - o.database_id = SAM_DATABASE_BUILTIN;
> - }
> - if (!strncasecmp_m(argv[i], "account_sid=", strlen("account_sid="))) {
> - const char *sid_str = get_string_param(argv[i]);
> - string_to_sid(&o.object_identifier.sid, sid_str);
> - o.object_type = NETR_DELTA_ACCOUNT;
> - o.database_id = SAM_DATABASE_PRIVS;
> - }
> - if (!strncasecmp_m(argv[i], "policy_sid=", strlen("policy_sid="))) {
> - const char *sid_str = get_string_param(argv[i]);
> - string_to_sid(&o.object_identifier.sid, sid_str);
> - o.object_type = NETR_DELTA_POLICY;
> - o.database_id = SAM_DATABASE_PRIVS;
> - }
> - if (!strncasecmp_m(argv[i], "trustdom_sid=", strlen("trustdom_sid="))) {
> - const char *sid_str = get_string_param(argv[i]);
> - string_to_sid(&o.object_identifier.sid, sid_str);
> - o.object_type = NETR_DELTA_TRUSTED_DOMAIN;
> - o.database_id = SAM_DATABASE_PRIVS;
> - }
> - if (!strncasecmp_m(argv[i], "secret_name=", strlen("secret_name="))) {
> - o.object_identifier.name = get_string_param(argv[i]);
> - o.object_type = NETR_DELTA_SECRET;
> - o.database_id = SAM_DATABASE_PRIVS;
> - }
> -
> - if (o.object_type > 0) {
> - ADD_TO_ARRAY(mem_ctx, struct samsync_object, o,
> - objects, num_objects);
> - }
> - }
> -}
> -
> /**
> * Basic usage function for 'net rpc vampire'
> *
> @@ -230,66 +155,6 @@ int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
> return ret;
> }
>
> -static NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
> - const struct dom_sid *domain_sid,
> - const char *domain_name,
> - struct cli_state *cli,
> - struct rpc_pipe_client *pipe_hnd,
> - TALLOC_CTX *mem_ctx,
> - int argc,
> - const char **argv)
> -{
> - NTSTATUS status;
> - struct samsync_context *ctx = NULL;
> -
> - status = libnet_samsync_init_context(mem_ctx,
> - domain_sid,
> - &ctx);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - if (argc < 1) {
> - /* the caller should ensure that a filename is provided */
> - return NT_STATUS_INVALID_PARAMETER;
> - } else {
> - ctx->output_filename = argv[0];
> - }
> - if (argc >= 2) {
> - parse_samsync_partial_replication_objects(ctx, argc-1, argv+1,
> - &ctx->single_object_replication,
> - &ctx->objects,
> - &ctx->num_objects);
> - }
> -
> - ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB;
> - ctx->cli = pipe_hnd;
> - ctx->ops = &libnet_samsync_keytab_ops;
> - ctx->domain_name = domain_name;
> - ctx->username = c->opt_user_name;
> - ctx->password = c->opt_password;
> -
> - ctx->force_full_replication = c->opt_force_full_repl ? true : false;
> - ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
> -
> - /* fetch domain */
> - status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
> -
> - if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
> - d_fprintf(stderr, "%s\n", ctx->error_message);
> - goto out;
> - }
> -
> - if (ctx->result_message) {
> - d_fprintf(stdout, "%s\n", ctx->result_message);
> - }
> -
> - out:
> - TALLOC_FREE(ctx);
> -
> - return status;
> -}
> -
> static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
> const struct dom_sid *domain_sid,
> const char *domain_name,
> @@ -381,27 +246,12 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
> }
>
> if (!dc_info.is_ad) {
> - printf(_("DC is not running Active Directory\n"));
> - ret = run_rpc_command(c, cli, &ndr_table_netlogon,
> - 0,
> - rpc_vampire_keytab_internals, argc, argv);
> - } else {
> - ret = run_rpc_command(c, cli, &ndr_table_drsuapi,
> - NET_FLAGS_SEAL | NET_FLAGS_TCP,
> - rpc_vampire_keytab_ds_internals, argc, argv);
> - if (ret != 0 && dc_info.is_mixed_mode) {
> - printf(_("Fallback to NT4 vampire on Mixed-Mode AD "
> - "Domain\n"));
> - ret = run_rpc_command(c, cli, &ndr_table_netlogon,
> - 0,
> - rpc_vampire_keytab_internals, argc, argv);
> - } else {
> -#ifndef HAVE_ADS
> - printf(_("Vampire requested against AD DC but ADS"
> - " support not built in: HAVE_ADS is not defined\n"));
> -#endif
> - }
> + printf(_("DC is not running Active Directory, exiting\n"));
> + return -1;
> }
>
> + ret = run_rpc_command(c, cli, &ndr_table_drsuapi,
> + NET_FLAGS_SEAL | NET_FLAGS_TCP,
> + rpc_vampire_keytab_ds_internals, argc, argv);
> return ret;
> }
> --
> 2.11.0
>
>
> From cf3460ab787c5c80837e09e23d88492de086799e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:14:32 -0700
> Subject: [PATCH 6/8] net: Don't depend on libnet_samsync anymore
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/utils/net_rpc_samsync.c | 1 -
> source3/utils/wscript_build | 1 -
> 2 files changed, 2 deletions(-)
>
> diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
> index 8b19afabc8d..be2b085d55b 100644
> --- a/source3/utils/net_rpc_samsync.c
> +++ b/source3/utils/net_rpc_samsync.c
> @@ -27,7 +27,6 @@
> #include "utils/net.h"
> #include "../librpc/gen_ndr/ndr_netlogon.h"
> #include "../librpc/gen_ndr/ndr_drsuapi.h"
> -#include "libnet/libnet_samsync.h"
> #include "libnet/libnet_dssync.h"
> #include "../libcli/security/security.h"
> #include "passdb/machine_sid.h"
> diff --git a/source3/utils/wscript_build b/source3/utils/wscript_build
> index 3c1f9a4773d..8d3378f0f0d 100644
> --- a/source3/utils/wscript_build
> +++ b/source3/utils/wscript_build
> @@ -232,7 +232,6 @@ bld.SAMBA3_BINARY('net',
> PASSWD_UTIL
> LIBNET
> LIBNET_DSSYNC
> - LIBNET_SAMSYNC
> LIBEVENTLOG
> REGFIO
> NDR_NTPRINTING
> --
> 2.11.0
>
>
> From e9e6ed4f54c7ec2ac405c83b5bd1a8e7f3a3eff6 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:17:38 -0700
> Subject: [PATCH 7/8] libnet: Remove libnet_samsync
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/libnet/libnet_samsync.c | 437 ----------
> source3/libnet/libnet_samsync.h | 100 ---
> source3/libnet/libnet_samsync_display.c | 307 -------
> source3/libnet/libnet_samsync_keytab.c | 308 -------
> source3/libnet/libnet_samsync_ldif.c | 1378 -------------------------------
> source3/libnet/libnet_samsync_passdb.c | 882 --------------------
> source3/wscript_build | 13 -
> 7 files changed, 3425 deletions(-)
> delete mode 100644 source3/libnet/libnet_samsync.c
> delete mode 100644 source3/libnet/libnet_samsync.h
> delete mode 100644 source3/libnet/libnet_samsync_display.c
> delete mode 100644 source3/libnet/libnet_samsync_keytab.c
> delete mode 100644 source3/libnet/libnet_samsync_ldif.c
> delete mode 100644 source3/libnet/libnet_samsync_passdb.c
>
> diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c
> deleted file mode 100644
> index e7e1393fdc8..00000000000
> --- a/source3/libnet/libnet_samsync.c
> +++ /dev/null
> @@ -1,437 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> -
> - Extract the user/system database from a remote SamSync server
> -
> - Copyright (C) Andrew Bartlett <abartlet at samba.org> 2004-2005
> - Copyright (C) Guenther Deschner <gd at samba.org> 2008
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -
> -#include "includes.h"
> -#include "libnet/libnet_samsync.h"
> -#include "../libcli/samsync/samsync.h"
> -#include "../libcli/auth/libcli_auth.h"
> -#include "rpc_client/rpc_client.h"
> -#include "../librpc/gen_ndr/ndr_netlogon.h"
> -#include "../librpc/gen_ndr/ndr_netlogon_c.h"
> -#include "../libcli/security/security.h"
> -#include "messages.h"
> -#include "../libcli/auth/netlogon_creds_cli.h"
> -
> -/**
> - * Fix up the delta, dealing with encryption issues so that the final
> - * callback need only do the printing or application logic
> - */
> -
> -static NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
> - struct netlogon_creds_CredentialState *creds,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r)
> -{
> - NTSTATUS status;
> - int i;
> -
> - for (i = 0; i < r->num_deltas; i++) {
> -
> - status = samsync_fix_delta(mem_ctx,
> - creds,
> - database_id,
> - &r->delta_enum[i]);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -/**
> - * libnet_samsync_init_context
> - */
> -
> -NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx,
> - const struct dom_sid *domain_sid,
> - struct samsync_context **ctx_p)
> -{
> - struct samsync_context *ctx;
> -
> - *ctx_p = NULL;
> -
> - ctx = talloc_zero(mem_ctx, struct samsync_context);
> - NT_STATUS_HAVE_NO_MEMORY(ctx);
> -
> - if (domain_sid) {
> - ctx->domain_sid = dom_sid_dup(mem_ctx, domain_sid);
> - NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid);
> -
> - ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
> - NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str);
> - }
> -
> - ctx->msg_ctx = messaging_init(ctx, samba_tevent_context_init(ctx));
> - NT_STATUS_HAVE_NO_MEMORY(ctx->msg_ctx);
> -
> - *ctx_p = ctx;
> -
> - return NT_STATUS_OK;
> -}
> -
> -/**
> - * samsync_database_str
> - */
> -
> -static const char *samsync_database_str(enum netr_SamDatabaseID database_id)
> -{
> -
> - switch (database_id) {
> - case SAM_DATABASE_DOMAIN:
> - return "DOMAIN";
> - case SAM_DATABASE_BUILTIN:
> - return "BUILTIN";
> - case SAM_DATABASE_PRIVS:
> - return "PRIVS";
> - default:
> - return "unknown";
> - }
> -}
> -
> -/**
> - * samsync_debug_str
> - */
> -
> -static const char *samsync_debug_str(TALLOC_CTX *mem_ctx,
> - enum net_samsync_mode mode,
> - enum netr_SamDatabaseID database_id)
> -{
> - const char *action = NULL;
> -
> - switch (mode) {
> - case NET_SAMSYNC_MODE_DUMP:
> - action = "Dumping (to stdout)";
> - break;
> - case NET_SAMSYNC_MODE_FETCH_PASSDB:
> - action = "Fetching (to passdb)";
> - break;
> - case NET_SAMSYNC_MODE_FETCH_LDIF:
> - action = "Fetching (to ldif)";
> - break;
> - case NET_SAMSYNC_MODE_FETCH_KEYTAB:
> - action = "Fetching (to keytab)";
> - break;
> - default:
> - action = "Unknown";
> - break;
> - }
> -
> - return talloc_asprintf(mem_ctx, "%s %s database",
> - action, samsync_database_str(database_id));
> -}
> -
> -/**
> - * libnet_samsync
> - */
> -
> -static void libnet_init_netr_ChangeLogEntry(struct samsync_object *o,
> - struct netr_ChangeLogEntry *e)
> -{
> - ZERO_STRUCTP(e);
> -
> - e->db_index = o->database_id;
> - e->delta_type = o->object_type;
> -
> - switch (e->delta_type) {
> - case NETR_DELTA_DOMAIN:
> - case NETR_DELTA_DELETE_GROUP:
> - case NETR_DELTA_RENAME_GROUP:
> - case NETR_DELTA_DELETE_USER:
> - case NETR_DELTA_RENAME_USER:
> - case NETR_DELTA_DELETE_ALIAS:
> - case NETR_DELTA_RENAME_ALIAS:
> - case NETR_DELTA_DELETE_TRUST:
> - case NETR_DELTA_DELETE_ACCOUNT:
> - case NETR_DELTA_DELETE_SECRET:
> - case NETR_DELTA_DELETE_GROUP2:
> - case NETR_DELTA_DELETE_USER2:
> - case NETR_DELTA_MODIFY_COUNT:
> - break;
> - case NETR_DELTA_USER:
> - case NETR_DELTA_GROUP:
> - case NETR_DELTA_GROUP_MEMBER:
> - case NETR_DELTA_ALIAS:
> - case NETR_DELTA_ALIAS_MEMBER:
> - e->object_rid = o->object_identifier.rid;
> - break;
> - case NETR_DELTA_SECRET:
> - e->object.object_name = o->object_identifier.name;
> - e->flags = NETR_CHANGELOG_NAME_INCLUDED;
> - break;
> - case NETR_DELTA_TRUSTED_DOMAIN:
> - case NETR_DELTA_ACCOUNT:
> - case NETR_DELTA_POLICY:
> - e->object.object_sid = o->object_identifier.sid;
> - e->flags = NETR_CHANGELOG_SID_INCLUDED;
> - break;
> - default:
> - break;
> - }
> -}
> -
> -/**
> - * libnet_samsync_delta
> - */
> -
> -static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx,
> - struct netr_ChangeLogEntry *e)
> -{
> - NTSTATUS result, status;
> - NTSTATUS callback_status;
> - const char *logon_server = ctx->cli->desthost;
> - const char *computername = lp_netbios_name();
> - struct netr_Authenticator credential;
> - struct netr_Authenticator return_authenticator;
> - uint16_t restart_state = 0;
> - uint32_t sync_context = 0;
> - struct dcerpc_binding_handle *b = ctx->cli->binding_handle;
> -
> - ZERO_STRUCT(return_authenticator);
> -
> - do {
> - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
> - struct netlogon_creds_CredentialState *creds = NULL;
> -
> - status = netlogon_creds_cli_lock(ctx->netlogon_creds,
> - mem_ctx, &creds);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - netlogon_creds_client_authenticator(creds, &credential);
> -
> - if (ctx->single_object_replication &&
> - !ctx->force_full_replication) {
> - status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
> - logon_server,
> - computername,
> - &credential,
> - &return_authenticator,
> - *e,
> - 0,
> - &delta_enum_array,
> - &result);
> - } else if (!ctx->force_full_replication &&
> - sequence_num && (*sequence_num > 0)) {
> - status = dcerpc_netr_DatabaseDeltas(b, mem_ctx,
> - logon_server,
> - computername,
> - &credential,
> - &return_authenticator,
> - database_id,
> - sequence_num,
> - &delta_enum_array,
> - 0xffff,
> - &result);
> - } else {
> - status = dcerpc_netr_DatabaseSync2(b, mem_ctx,
> - logon_server,
> - computername,
> - &credential,
> - &return_authenticator,
> - database_id,
> - restart_state,
> - &sync_context,
> - &delta_enum_array,
> - 0xffff,
> - &result);
> - }
> -
> - if (!NT_STATUS_IS_OK(status)) {
> - TALLOC_FREE(creds);
> - return status;
> - }
> -
> - /* Check returned credentials. */
> - if (!netlogon_creds_client_check(creds,
> - &return_authenticator.cred)) {
> - TALLOC_FREE(creds);
> - DEBUG(0,("credentials chain check failed\n"));
> - return NT_STATUS_ACCESS_DENIED;
> - }
> -
> - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) {
> - TALLOC_FREE(creds);
> - return result;
> - }
> -
> - if (NT_STATUS_IS_ERR(result)) {
> - TALLOC_FREE(creds);
> - break;
> - }
> -
> - samsync_fix_delta_array(mem_ctx,
> - creds,
> - database_id,
> - delta_enum_array);
> - TALLOC_FREE(creds);
> -
> - /* Process results */
> - callback_status = ctx->ops->process_objects(mem_ctx, database_id,
> - delta_enum_array,
> - sequence_num,
> - ctx);
> - if (!NT_STATUS_IS_OK(callback_status)) {
> - result = callback_status;
> - goto out;
> - }
> -
> - TALLOC_FREE(delta_enum_array);
> -
> - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
> -
> - out:
> -
> - return result;
> -}
> -
> -/**
> - * libnet_samsync
> - */
> -
> -NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
> - struct samsync_context *ctx)
> -{
> - NTSTATUS status = NT_STATUS_OK;
> - NTSTATUS callback_status;
> - TALLOC_CTX *mem_ctx;
> - const char *debug_str;
> - uint64_t sequence_num = 0;
> - int i = 0;
> -
> - if (!(mem_ctx = talloc_new(ctx))) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (!ctx->ops) {
> - return NT_STATUS_INVALID_PARAMETER;
> - }
> -
> - if (ctx->ops->startup) {
> - status = ctx->ops->startup(mem_ctx, ctx,
> - database_id, &sequence_num);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto done;
> - }
> - }
> -
> - debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id);
> - if (debug_str) {
> - d_fprintf(stderr, "%s\n", debug_str);
> - }
> -
> - if (!ctx->single_object_replication) {
> - status = libnet_samsync_delta(mem_ctx, database_id,
> - &sequence_num, ctx, NULL);
> - goto done;
> - }
> -
> - for (i=0; i<ctx->num_objects; i++) {
> -
> - struct netr_ChangeLogEntry e;
> -
> - if (ctx->objects[i].database_id != database_id) {
> - continue;
> - }
> -
> - libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e);
> -
> - status = libnet_samsync_delta(mem_ctx, database_id,
> - &sequence_num, ctx, &e);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto done;
> - }
> - }
> -
> - done:
> -
> - if (NT_STATUS_IS_OK(status) && ctx->ops->finish) {
> - callback_status = ctx->ops->finish(mem_ctx, ctx,
> - database_id, sequence_num);
> - if (!NT_STATUS_IS_OK(callback_status)) {
> - status = callback_status;
> - }
> - }
> -
> - if (NT_STATUS_IS_ERR(status) && !ctx->error_message) {
> -
> - ctx->error_message = talloc_asprintf(ctx,
> - "Failed to fetch %s database: %s",
> - samsync_database_str(database_id),
> - nt_errstr(status));
> -
> - if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
> -
> - ctx->error_message =
> - talloc_asprintf_append(ctx->error_message,
> - "\nPerhaps %s is a Windows native mode domain?",
> - ctx->domain_name);
> - }
> - }
> -
> - talloc_destroy(mem_ctx);
> -
> - return status;
> -}
> -
> -/**
> - * pull_netr_AcctLockStr
> - */
> -
> -NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx,
> - struct lsa_BinaryString *r,
> - struct netr_AcctLockStr **str_p)
> -{
> - struct netr_AcctLockStr *str;
> - enum ndr_err_code ndr_err;
> - DATA_BLOB blob;
> -
> - if (!mem_ctx || !r || !str_p) {
> - return NT_STATUS_INVALID_PARAMETER;
> - }
> -
> - *str_p = NULL;
> -
> - str = talloc_zero(mem_ctx, struct netr_AcctLockStr);
> - if (!str) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - blob = data_blob_const(r->array, r->length);
> -
> - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, str,
> - (ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr);
> -
> - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
> - return ndr_map_error2ntstatus(ndr_err);
> - }
> -
> - *str_p = str;
> -
> - return NT_STATUS_OK;
> -}
> -
> diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h
> deleted file mode 100644
> index e1d66ec37f5..00000000000
> --- a/source3/libnet/libnet_samsync.h
> +++ /dev/null
> @@ -1,100 +0,0 @@
> -/*
> - * Unix SMB/CIFS implementation.
> - * libnet Support
> - * Copyright (C) Guenther Deschner 2008
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 3 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -#include "../librpc/gen_ndr/netlogon.h"
> -
> -enum net_samsync_mode {
> - NET_SAMSYNC_MODE_FETCH_PASSDB = 0,
> - NET_SAMSYNC_MODE_FETCH_LDIF = 1,
> - NET_SAMSYNC_MODE_FETCH_KEYTAB = 2,
> - NET_SAMSYNC_MODE_DUMP = 3
> -};
> -
> -struct samsync_context;
> -
> -struct samsync_ops {
> - NTSTATUS (*startup)(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID id,
> - uint64_t *sequence_num);
> - NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID id,
> - struct netr_DELTA_ENUM_ARRAY *array,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx);
> - NTSTATUS (*finish)(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID id,
> - uint64_t sequence_num);
> -};
> -
> -struct samsync_object {
> - uint16_t database_id;
> - uint16_t object_type;
> - union {
> - uint32_t rid;
> - const char *name;
> - struct dom_sid sid;
> - } object_identifier;
> -};
> -
> -struct samsync_context {
> - enum net_samsync_mode mode;
> - const struct dom_sid *domain_sid;
> - const char *domain_sid_str;
> - const char *domain_name;
> - const char *output_filename;
> -
> - const char *username;
> - const char *password;
> -
> - char *result_message;
> - char *error_message;
> -
> - bool single_object_replication;
> - bool force_full_replication;
> - bool clean_old_entries;
> -
> - uint32_t num_objects;
> - struct samsync_object *objects;
> -
> - struct rpc_pipe_client *cli;
> - struct netlogon_creds_cli_context *netlogon_creds;
> - struct messaging_context *msg_ctx;
> -
> - const struct samsync_ops *ops;
> -
> - void *private_data;
> -};
> -
> -extern const struct samsync_ops libnet_samsync_ldif_ops;
> -extern const struct samsync_ops libnet_samsync_keytab_ops;
> -extern const struct samsync_ops libnet_samsync_display_ops;
> -extern const struct samsync_ops libnet_samsync_passdb_ops;
> -
> -/* The following definitions come from libnet/libnet_samsync.c */
> -
> -NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx,
> - const struct dom_sid *domain_sid,
> - struct samsync_context **ctx_p);
> -NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
> - struct samsync_context *ctx);
> -NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx,
> - struct lsa_BinaryString *r,
> - struct netr_AcctLockStr **str_p);
> diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c
> deleted file mode 100644
> index 040742d72ac..00000000000
> --- a/source3/libnet/libnet_samsync_display.c
> +++ /dev/null
> @@ -1,307 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> - dump the remote SAM using rpc samsync operations
> -
> - Copyright (C) Andrew Tridgell 2002
> - Copyright (C) Tim Potter 2001,2002
> - Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2005
> - Modified by Volker Lendecke 2002
> - Copyright (C) Jeremy Allison 2005.
> - Copyright (C) Guenther Deschner 2008.
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -#include "includes.h"
> -#include "libnet/libnet_samsync.h"
> -#include "passdb.h"
> -
> -static void display_group_mem_info(uint32_t rid,
> - struct netr_DELTA_GROUP_MEMBER *r)
> -{
> - int i;
> - d_printf("Group mem %u: ", rid);
> - for (i=0; i< r->num_rids; i++) {
> - d_printf("%u ", r->rids[i]);
> - }
> - d_printf("\n");
> -}
> -
> -static void display_alias_info(uint32_t rid,
> - struct netr_DELTA_ALIAS *r)
> -{
> - d_printf("Alias '%s' ", r->alias_name.string);
> - d_printf("desc='%s' rid=%u\n", r->description.string, r->rid);
> -}
> -
> -static void display_alias_mem(uint32_t rid,
> - struct netr_DELTA_ALIAS_MEMBER *r)
> -{
> - int i;
> - d_printf("Alias rid %u: ", rid);
> - for (i=0; i< r->sids.num_sids; i++) {
> - d_printf("%s ", sid_string_tos(r->sids.sids[i].sid));
> - }
> - d_printf("\n");
> -}
> -
> -static void display_account_info(uint32_t rid,
> - struct netr_DELTA_USER *r)
> -{
> - fstring hex_nt_passwd, hex_lm_passwd;
> -
> -
> - /* Decode hashes from password hash (if they are not NULL) */
> -
> - if (!all_zero(r->lmpassword.hash, 16)) {
> - pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
> - } else {
> - pdb_sethexpwd(hex_lm_passwd, NULL, 0);
> - }
> -
> - if (!all_zero(r->ntpassword.hash, 16)) {
> - pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags);
> - } else {
> - pdb_sethexpwd(hex_nt_passwd, NULL, 0);
> - }
> -
> - printf("%s:%d:%s:%s:%s:LCT-0\n",
> - r->account_name.string,
> - r->rid, hex_lm_passwd, hex_nt_passwd,
> - pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN));
> -}
> -
> -static void display_domain_info(struct netr_DELTA_DOMAIN *r)
> -{
> - time_t u_logout;
> - struct netr_AcctLockStr *lockstr = NULL;
> - NTSTATUS status;
> - TALLOC_CTX *mem_ctx = talloc_tos();
> -
> - status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout,
> - &lockstr);
> - if (!NT_STATUS_IS_OK(status)) {
> - d_printf("failed to pull account lockout string: %s\n",
> - nt_errstr(status));
> - }
> -
> - u_logout = uint64s_nt_time_to_unix_abs((const uint64_t *)&r->force_logoff_time);
> -
> - d_printf("Domain name: %s\n", r->domain_name.string);
> -
> - d_printf("Minimal Password Length: %d\n", r->min_password_length);
> - d_printf("Password History Length: %d\n", r->password_history_length);
> -
> - d_printf("Force Logoff: %d\n", (int)u_logout);
> -
> - d_printf("Max Password Age: %s\n", display_time(r->max_password_age));
> - d_printf("Min Password Age: %s\n", display_time(r->min_password_age));
> -
> - if (lockstr) {
> - d_printf("Lockout Time: %s\n", display_time((NTTIME)lockstr->lockout_duration));
> - d_printf("Lockout Reset Time: %s\n", display_time((NTTIME)lockstr->reset_count));
> - d_printf("Bad Attempt Lockout: %d\n", lockstr->bad_attempt_lockout);
> - }
> -
> - d_printf("User must logon to change password: %d\n", r->logon_to_chgpass);
> -}
> -
> -static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r)
> -{
> - d_printf("Group '%s' ", r->group_name.string);
> - d_printf("desc='%s', rid=%u\n", r->description.string, rid);
> -}
> -
> -static void display_delete_group(uint32_t rid)
> -{
> - d_printf("Delete Group '%d'\n", rid);
> -}
> -
> -static void display_rename_group(uint32_t rid, struct netr_DELTA_RENAME *r)
> -{
> - d_printf("Rename Group '%d' ", rid);
> - d_printf("Rename Group: %s -> %s\n",
> - r->OldName.string, r->NewName.string);
> -}
> -
> -static void display_delete_user(uint32_t rid)
> -{
> - d_printf("Delete User '%d'\n", rid);
> -}
> -
> -static void display_rename_user(uint32_t rid, struct netr_DELTA_RENAME *r)
> -{
> - d_printf("Rename User '%d' ", rid);
> - d_printf("Rename User: %s -> %s\n",
> - r->OldName.string, r->NewName.string);
> -}
> -
> -static void display_delete_alias(uint32_t rid)
> -{
> - d_printf("Delete Alias '%d'\n", rid);
> -}
> -
> -static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r)
> -{
> - d_printf("Rename Alias '%d' ", rid);
> - d_printf("Rename Alias: %s -> %s\n",
> - r->OldName.string, r->NewName.string);
> -}
> -
> -static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM *r,
> - struct samsync_context *ctx)
> -{
> - union netr_DELTA_UNION u = r->delta_union;
> - union netr_DELTA_ID_UNION id = r->delta_id_union;
> -
> - switch (r->delta_type) {
> - case NETR_DELTA_DOMAIN:
> - display_domain_info(u.domain);
> - break;
> - case NETR_DELTA_GROUP:
> - display_group_info(id.rid, u.group);
> - break;
> - case NETR_DELTA_DELETE_GROUP:
> - display_delete_group(id.rid);
> - break;
> - case NETR_DELTA_RENAME_GROUP:
> - display_rename_group(id.rid, u.rename_group);
> - break;
> - case NETR_DELTA_USER:
> - display_account_info(id.rid, u.user);
> - break;
> - case NETR_DELTA_DELETE_USER:
> - display_delete_user(id.rid);
> - break;
> - case NETR_DELTA_RENAME_USER:
> - display_rename_user(id.rid, u.rename_user);
> - break;
> - case NETR_DELTA_GROUP_MEMBER:
> - display_group_mem_info(id.rid, u.group_member);
> - break;
> - case NETR_DELTA_ALIAS:
> - display_alias_info(id.rid, u.alias);
> - break;
> - case NETR_DELTA_DELETE_ALIAS:
> - display_delete_alias(id.rid);
> - break;
> - case NETR_DELTA_RENAME_ALIAS:
> - display_rename_alias(id.rid, u.rename_alias);
> - break;
> - case NETR_DELTA_ALIAS_MEMBER:
> - display_alias_mem(id.rid, u.alias_member);
> - break;
> - case NETR_DELTA_POLICY:
> - printf("Policy: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_TRUSTED_DOMAIN:
> - printf("Trusted Domain: %s\n",
> - u.trusted_domain->domain_name.string);
> - break;
> - case NETR_DELTA_DELETE_TRUST:
> - printf("Delete Trust: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_ACCOUNT:
> - printf("Account: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_DELETE_ACCOUNT:
> - printf("Delete Account: %s\n",
> - sid_string_dbg(id.sid));
> - break;
> - case NETR_DELTA_SECRET:
> - printf("Secret: %s\n",
> - id.name);
> - break;
> - case NETR_DELTA_DELETE_SECRET:
> - printf("Delete Secret: %s\n",
> - id.name);
> - break;
> - case NETR_DELTA_DELETE_GROUP2:
> - printf("Delete Group2: %s\n",
> - u.delete_group->account_name);
> - break;
> - case NETR_DELTA_DELETE_USER2:
> - printf("Delete User2: %s\n",
> - u.delete_user->account_name);
> - break;
> - case NETR_DELTA_MODIFY_COUNT:
> - printf("sam sequence update: 0x%016llx\n",
> - (unsigned long long) *u.modified_count);
> - break;
> -#if 0
> - /* The following types are recognised but not handled */
> - case NETR_DELTA_POLICY:
> - d_printf("NETR_DELTA_POLICY not handled\n");
> - break;
> - case NETR_DELTA_TRUSTED_DOMAIN:
> - d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n");
> - break;
> - case NETR_DELTA_ACCOUNT:
> - d_printf("NETR_DELTA_ACCOUNT not handled\n");
> - break;
> - case NETR_DELTA_SECRET:
> - d_printf("NETR_DELTA_SECRET not handled\n");
> - break;
> - case NETR_DELTA_MODIFY_COUNT:
> - d_printf("NETR_DELTA_MODIFY_COUNT not handled\n");
> - break;
> - case NETR_DELTA_DELETE_TRUST:
> - d_printf("NETR_DELTA_DELETE_TRUST not handled\n");
> - break;
> - case NETR_DELTA_DELETE_ACCOUNT:
> - d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n");
> - break;
> - case NETR_DELTA_DELETE_SECRET:
> - d_printf("NETR_DELTA_DELETE_SECRET not handled\n");
> - break;
> - case NETR_DELTA_DELETE_GROUP2:
> - d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n");
> - break;
> - case NETR_DELTA_DELETE_USER2:
> - d_printf("NETR_DELTA_DELETE_USER2 not handled\n");
> - break;
> -#endif
> - default:
> - printf("unknown delta type 0x%02x\n",
> - r->delta_type);
> - break;
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx)
> -{
> - int i;
> -
> - for (i = 0; i < r->num_deltas; i++) {
> - display_sam_entry(mem_ctx, database_id, &r->delta_enum[i],
> - ctx);
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -const struct samsync_ops libnet_samsync_display_ops = {
> - .process_objects = display_sam_entries,
> -};
> diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c
> deleted file mode 100644
> index 5c072b921ad..00000000000
> --- a/source3/libnet/libnet_samsync_keytab.c
> +++ /dev/null
> @@ -1,308 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> - dump the remote SAM using rpc samsync operations
> -
> - Copyright (C) Guenther Deschner 2008.
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -#include "includes.h"
> -#include "smb_krb5.h"
> -#include "ads.h"
> -#include "libnet/libnet_keytab.h"
> -#include "libnet/libnet_samsync.h"
> -#include "krb5_env.h"
> -
> -#if defined(HAVE_ADS)
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS keytab_ad_connect(TALLOC_CTX *mem_ctx,
> - const char *domain_name,
> - const char *dc,
> - const char *username,
> - const char *password,
> - struct libnet_keytab_context *ctx)
> -{
> - ADS_STATUS ad_status;
> - ADS_STRUCT *ads;
> -
> - ads = ads_init(NULL, domain_name, dc);
> - NT_STATUS_HAVE_NO_MEMORY(ads);
> -
> - if (getenv(KRB5_ENV_CCNAME) == NULL) {
> - setenv(KRB5_ENV_CCNAME, "MEMORY:libnet_samsync_keytab", 1);
> - }
> -
> - ads->auth.user_name = SMB_STRDUP(username);
> - ads->auth.password = SMB_STRDUP(password);
> -
> - ad_status = ads_connect_user_creds(ads);
> - if (!ADS_ERR_OK(ad_status)) {
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - ctx->ads = ads;
> -
> - ctx->dns_domain_name = talloc_strdup_upper(mem_ctx, ads->config.realm);
> - NT_STATUS_HAVE_NO_MEMORY(ctx->dns_domain_name);
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - uint32_t rid,
> - struct netr_DELTA_USER *r,
> - struct libnet_keytab_context *ctx)
> -{
> - NTSTATUS status;
> - uint32_t kvno = 0;
> - DATA_BLOB blob;
> -
> - if (all_zero(r->ntpassword.hash, 16)) {
> - return NT_STATUS_OK;
> - }
> -
> - kvno = ads_get_kvno(ctx->ads, r->account_name.string);
> - blob = data_blob_const(r->ntpassword.hash, 16);
> -
> - status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx,
> - kvno,
> - r->account_name.string,
> - NULL,
> - ENCTYPE_ARCFOUR_HMAC,
> - blob);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t *sequence_num)
> -{
> - krb5_error_code ret = 0;
> - NTSTATUS status;
> - struct libnet_keytab_context *keytab_ctx = NULL;
> - struct libnet_keytab_entry *entry;
> - uint64_t old_sequence_num = 0;
> - const char *principal = NULL;
> - struct netr_DsRGetDCNameInfo *info = NULL;
> - const char *dc;
> -
> - ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx);
> - if (ret) {
> - return krb5_to_nt_status(ret);
> - }
> -
> - status = dsgetdcname(mem_ctx, ctx->msg_ctx,
> - ctx->domain_name, NULL, NULL, 0, &info);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - dc = strip_hostname(info->dc_unc);
> -
> - keytab_ctx->clean_old_entries = ctx->clean_old_entries;
> - ctx->private_data = keytab_ctx;
> -
> - status = keytab_ad_connect(mem_ctx,
> - ctx->domain_name,
> - dc,
> - ctx->username,
> - ctx->password,
> - keytab_ctx);
> - if (!NT_STATUS_IS_OK(status)) {
> - TALLOC_FREE(keytab_ctx);
> - return status;
> - }
> -
> - principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s",
> - keytab_ctx->dns_domain_name);
> - NT_STATUS_HAVE_NO_MEMORY(principal);
> -
> - entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
> - mem_ctx);
> - if (entry && (entry->password.length == 8)) {
> - old_sequence_num = BVAL(entry->password.data, 0);
> - }
> -
> - if (sequence_num) {
> - *sequence_num = old_sequence_num;
> - }
> -
> - return status;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx)
> -{
> - struct libnet_keytab_context *keytab_ctx =
> - (struct libnet_keytab_context *)ctx->private_data;
> -
> - NTSTATUS status = NT_STATUS_OK;
> - int i;
> -
> - for (i = 0; i < r->num_deltas; i++) {
> -
> - switch (r->delta_enum[i].delta_type) {
> - case NETR_DELTA_USER:
> - break;
> - case NETR_DELTA_DOMAIN:
> - if (sequence_num) {
> - *sequence_num =
> - r->delta_enum[i].delta_union.domain->sequence_num;
> - }
> - continue;
> - case NETR_DELTA_MODIFY_COUNT:
> - if (sequence_num) {
> - *sequence_num =
> - *r->delta_enum[i].delta_union.modified_count;
> - }
> - continue;
> - default:
> - continue;
> - }
> -
> - status = fetch_sam_entry_keytab(mem_ctx, database_id,
> - r->delta_enum[i].delta_id_union.rid,
> - r->delta_enum[i].delta_union.user,
> - keytab_ctx);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto out;
> - }
> - }
> - out:
> - return status;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t sequence_num)
> -{
> - struct libnet_keytab_context *keytab_ctx =
> - (struct libnet_keytab_context *)ctx->private_data;
> - krb5_error_code ret;
> - NTSTATUS status;
> - struct libnet_keytab_entry *entry;
> - uint64_t old_sequence_num = 0;
> - const char *principal = NULL;
> -
> - principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s",
> - keytab_ctx->dns_domain_name);
> - NT_STATUS_HAVE_NO_MEMORY(principal);
> -
> -
> - entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
> - mem_ctx);
> - if (entry && (entry->password.length == 8)) {
> - old_sequence_num = BVAL(entry->password.data, 0);
> - }
> -
> -
> - if (sequence_num > old_sequence_num) {
> - DATA_BLOB blob;
> - blob = data_blob_talloc_zero(mem_ctx, 8);
> - SBVAL(blob.data, 0, sequence_num);
> -
> - status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx,
> - 0,
> - "SEQUENCE_NUM",
> - NULL,
> - ENCTYPE_NULL,
> - blob);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto done;
> - }
> - }
> -
> - ret = libnet_keytab_add(keytab_ctx);
> - if (ret) {
> - status = krb5_to_nt_status(ret);
> - ctx->error_message = talloc_asprintf(ctx,
> - "Failed to add entries to keytab %s: %s",
> - keytab_ctx->keytab_name, error_message(ret));
> - TALLOC_FREE(keytab_ctx);
> - return status;
> - }
> -
> - ctx->result_message = talloc_asprintf(ctx,
> - "Vampired %d accounts to keytab %s",
> - keytab_ctx->count,
> - keytab_ctx->keytab_name);
> -
> - status = NT_STATUS_OK;
> -
> - done:
> - TALLOC_FREE(keytab_ctx);
> -
> - return status;
> -}
> -
> -#else
> -
> -static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t *sequence_num)
> -{
> - return NT_STATUS_NOT_SUPPORTED;
> -}
> -
> -static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx)
> -{
> - return NT_STATUS_NOT_SUPPORTED;
> -}
> -
> -static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t sequence_num)
> -{
> - return NT_STATUS_NOT_SUPPORTED;
> -}
> -
> -#endif /* defined(HAVE_ADS) */
> -
> -const struct samsync_ops libnet_samsync_keytab_ops = {
> - .startup = init_keytab,
> - .process_objects = fetch_sam_entries_keytab,
> - .finish = close_keytab
> -};
> diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c
> deleted file mode 100644
> index 170231636e0..00000000000
> --- a/source3/libnet/libnet_samsync_ldif.c
> +++ /dev/null
> @@ -1,1378 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> - dump the remote SAM using rpc samsync operations
> -
> - Copyright (C) Andrew Tridgell 2002
> - Copyright (C) Tim Potter 2001,2002
> - Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2005
> - Modified by Volker Lendecke 2002
> - Copyright (C) Jeremy Allison 2005.
> - Copyright (C) Guenther Deschner 2008.
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -#include "includes.h"
> -#include "system/filesys.h"
> -#include "libnet/libnet_samsync.h"
> -#include "transfer_file.h"
> -#include "passdb.h"
> -#include "passdb/pdb_ldap_schema.h"
> -#include "lib/util/base64.h"
> -
> -#ifdef HAVE_LDAP
> -
> -/* uid's and gid's for writing deltas to ldif */
> -static uint32_t ldif_gid = 999;
> -static uint32_t ldif_uid = 999;
> -
> -/* global counters */
> -static uint32_t g_index = 0;
> -static uint32_t a_index = 0;
> -
> -/* Structure for mapping accounts to groups */
> -/* Array element is the group rid */
> -typedef struct _groupmap {
> - uint32_t rid;
> - uint32_t gidNumber;
> - const char *sambaSID;
> - const char *group_dn;
> -} GROUPMAP;
> -
> -typedef struct _accountmap {
> - uint32_t rid;
> - const char *cn;
> -} ACCOUNTMAP;
> -
> -struct samsync_ldif_context {
> - GROUPMAP *groupmap;
> - ACCOUNTMAP *accountmap;
> - bool initialized;
> - const char *add_template;
> - const char *mod_template;
> - char *add_name;
> - char *module_name;
> - FILE *add_file;
> - FILE *mod_file;
> - FILE *ldif_file;
> - const char *suffix;
> - int num_alloced;
> -};
> -
> -/*
> - Returns the substring from src between the first occurrence of
> - the char "front" and the first occurence of the char "back".
> - Mallocs the return string which must be freed. Not for use
> - with wide character strings.
> -*/
> -static char *sstring_sub(const char *src, char front, char back)
> -{
> - char *temp1, *temp2, *temp3;
> - ptrdiff_t len;
> -
> - temp1 = strchr(src, front);
> - if (temp1 == NULL) return NULL;
> - temp2 = strchr(src, back);
> - if (temp2 == NULL) return NULL;
> - len = temp2 - temp1;
> - if (len <= 0) return NULL;
> - temp3 = (char*)SMB_MALLOC(len);
> - if (temp3 == NULL) {
> - DEBUG(1,("Malloc failure in sstring_sub\n"));
> - return NULL;
> - }
> - memcpy(temp3, temp1+1, len-1);
> - temp3[len-1] = '\0';
> - return temp3;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS populate_ldap_for_ldif(const char *sid,
> - const char *suffix,
> - const char *builtin_sid,
> - FILE *add_fd)
> -{
> - const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix;
> - char *user_attr=NULL, *group_attr=NULL;
> - char *suffix_attr;
> - int len;
> -
> - /* Get the suffix attribute */
> - suffix_attr = sstring_sub(suffix, '=', ',');
> - if (suffix_attr == NULL) {
> - len = strlen(suffix);
> - suffix_attr = (char*)SMB_MALLOC(len+1);
> - if (!suffix_attr) {
> - return NT_STATUS_NO_MEMORY;
> - }
> - memcpy(suffix_attr, suffix, len);
> - suffix_attr[len] = '\0';
> - }
> -
> - /* Write the base */
> - fprintf(add_fd, "# %s\n", suffix);
> - fprintf(add_fd, "dn: %s\n", suffix);
> - fprintf(add_fd, "objectClass: dcObject\n");
> - fprintf(add_fd, "objectClass: organization\n");
> - fprintf(add_fd, "o: %s\n", suffix_attr);
> - fprintf(add_fd, "dc: %s\n", suffix_attr);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - user_suffix = lp_ldap_user_suffix(talloc_tos());
> - if (user_suffix == NULL) {
> - SAFE_FREE(suffix_attr);
> - return NT_STATUS_NO_MEMORY;
> - }
> - /* If it exists and is distinct from other containers,
> - Write the Users entity */
> - if (*user_suffix && strcmp(user_suffix, suffix)) {
> - user_attr = sstring_sub(lp_ldap_user_suffix(talloc_tos()), '=', ',');
> - fprintf(add_fd, "# %s\n", user_suffix);
> - fprintf(add_fd, "dn: %s\n", user_suffix);
> - fprintf(add_fd, "objectClass: organizationalUnit\n");
> - fprintf(add_fd, "ou: %s\n", user_attr);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> - }
> -
> -
> - group_suffix = lp_ldap_group_suffix(talloc_tos());
> - if (group_suffix == NULL) {
> - SAFE_FREE(suffix_attr);
> - SAFE_FREE(user_attr);
> - return NT_STATUS_NO_MEMORY;
> - }
> - /* If it exists and is distinct from other containers,
> - Write the Groups entity */
> - if (*group_suffix && strcmp(group_suffix, suffix)) {
> - group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ',');
> - fprintf(add_fd, "# %s\n", group_suffix);
> - fprintf(add_fd, "dn: %s\n", group_suffix);
> - fprintf(add_fd, "objectClass: organizationalUnit\n");
> - fprintf(add_fd, "ou: %s\n", group_attr);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> - }
> -
> - /* If it exists and is distinct from other containers,
> - Write the Computers entity */
> - machine_suffix = lp_ldap_machine_suffix(talloc_tos());
> - if (machine_suffix == NULL) {
> - SAFE_FREE(suffix_attr);
> - SAFE_FREE(user_attr);
> - SAFE_FREE(group_attr);
> - return NT_STATUS_NO_MEMORY;
> - }
> - if (*machine_suffix && strcmp(machine_suffix, user_suffix) &&
> - strcmp(machine_suffix, suffix)) {
> - char *machine_ou = NULL;
> - fprintf(add_fd, "# %s\n", machine_suffix);
> - fprintf(add_fd, "dn: %s\n", machine_suffix);
> - fprintf(add_fd, "objectClass: organizationalUnit\n");
> - /* this isn't totally correct as it assumes that
> - there _must_ be an ou. just fixing memleak now. jmcd */
> - machine_ou = sstring_sub(lp_ldap_machine_suffix(talloc_tos()), '=', ',');
> - fprintf(add_fd, "ou: %s\n", machine_ou);
> - SAFE_FREE(machine_ou);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> - }
> -
> - /* If it exists and is distinct from other containers,
> - Write the IdMap entity */
> - idmap_suffix = lp_ldap_idmap_suffix(talloc_tos());
> - if (idmap_suffix == NULL) {
> - SAFE_FREE(suffix_attr);
> - SAFE_FREE(user_attr);
> - SAFE_FREE(group_attr);
> - return NT_STATUS_NO_MEMORY;
> - }
> - if (*idmap_suffix &&
> - strcmp(idmap_suffix, user_suffix) &&
> - strcmp(idmap_suffix, suffix)) {
> - char *s;
> - fprintf(add_fd, "# %s\n", idmap_suffix);
> - fprintf(add_fd, "dn: %s\n", idmap_suffix);
> - fprintf(add_fd, "ObjectClass: organizationalUnit\n");
> - s = sstring_sub(lp_ldap_idmap_suffix(talloc_tos()), '=', ',');
> - fprintf(add_fd, "ou: %s\n", s);
> - SAFE_FREE(s);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> - }
> -
> - /* Write the domain entity */
> - fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix);
> - fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(),
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_DOMINFO);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_IDPOOL);
> - fprintf(add_fd, "sambaDomainName: %s\n", lp_workgroup());
> - fprintf(add_fd, "sambaSID: %s\n", sid);
> - fprintf(add_fd, "uidNumber: %d\n", ++ldif_uid);
> - fprintf(add_fd, "gidNumber: %d\n", ++ldif_gid);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Domain Admins entity */
> - fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "cn: Domain Admins\n");
> - fprintf(add_fd, "memberUid: Administrator\n");
> - fprintf(add_fd, "description: Netbios Domain Administrators\n");
> - fprintf(add_fd, "gidNumber: 512\n");
> - fprintf(add_fd, "sambaSID: %s-512\n", sid);
> - fprintf(add_fd, "sambaGroupType: 2\n");
> - fprintf(add_fd, "displayName: Domain Admins\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Domain Users entity */
> - fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "cn: Domain Users\n");
> - fprintf(add_fd, "description: Netbios Domain Users\n");
> - fprintf(add_fd, "gidNumber: 513\n");
> - fprintf(add_fd, "sambaSID: %s-513\n", sid);
> - fprintf(add_fd, "sambaGroupType: 2\n");
> - fprintf(add_fd, "displayName: Domain Users\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Domain Guests entity */
> - fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "cn: Domain Guests\n");
> - fprintf(add_fd, "description: Netbios Domain Guests\n");
> - fprintf(add_fd, "gidNumber: 514\n");
> - fprintf(add_fd, "sambaSID: %s-514\n", sid);
> - fprintf(add_fd, "sambaGroupType: 2\n");
> - fprintf(add_fd, "displayName: Domain Guests\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Domain Computers entity */
> - fprintf(add_fd, "# Domain Computers, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Domain Computers,ou=%s,%s\n",
> - group_attr, suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "gidNumber: 515\n");
> - fprintf(add_fd, "cn: Domain Computers\n");
> - fprintf(add_fd, "description: Netbios Domain Computers accounts\n");
> - fprintf(add_fd, "sambaSID: %s-515\n", sid);
> - fprintf(add_fd, "sambaGroupType: 2\n");
> - fprintf(add_fd, "displayName: Domain Computers\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Admininistrators Groups entity */
> - fprintf(add_fd, "# Administrators, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Administrators,ou=%s,%s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "gidNumber: 544\n");
> - fprintf(add_fd, "cn: Administrators\n");
> - fprintf(add_fd, "description: Netbios Domain Members can fully administer the computer/sambaDomainName\n");
> - fprintf(add_fd, "sambaSID: %s-544\n", builtin_sid);
> - fprintf(add_fd, "sambaGroupType: 5\n");
> - fprintf(add_fd, "displayName: Administrators\n");
> - fprintf(add_fd, "\n");
> -
> - /* Write the Print Operator entity */
> - fprintf(add_fd, "# Print Operators, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Print Operators,ou=%s,%s\n",
> - group_attr, suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "gidNumber: 550\n");
> - fprintf(add_fd, "cn: Print Operators\n");
> - fprintf(add_fd, "description: Netbios Domain Print Operators\n");
> - fprintf(add_fd, "sambaSID: %s-550\n", builtin_sid);
> - fprintf(add_fd, "sambaGroupType: 5\n");
> - fprintf(add_fd, "displayName: Print Operators\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Backup Operators entity */
> - fprintf(add_fd, "# Backup Operators, %s, %s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "dn: cn=Backup Operators,ou=%s,%s\n",
> - group_attr, suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "gidNumber: 551\n");
> - fprintf(add_fd, "cn: Backup Operators\n");
> - fprintf(add_fd, "description: Netbios Domain Members can bypass file security to back up files\n");
> - fprintf(add_fd, "sambaSID: %s-551\n", builtin_sid);
> - fprintf(add_fd, "sambaGroupType: 5\n");
> - fprintf(add_fd, "displayName: Backup Operators\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Write the Replicators entity */
> - fprintf(add_fd, "# Replicators, %s, %s\n", group_attr, suffix);
> - fprintf(add_fd, "dn: cn=Replicators,ou=%s,%s\n", group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "gidNumber: 552\n");
> - fprintf(add_fd, "cn: Replicators\n");
> - fprintf(add_fd, "description: Netbios Domain Supports file replication in a sambaDomainName\n");
> - fprintf(add_fd, "sambaSID: %s-552\n", builtin_sid);
> - fprintf(add_fd, "sambaGroupType: 5\n");
> - fprintf(add_fd, "displayName: Replicators\n");
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Deallocate memory, and return */
> - SAFE_FREE(suffix_attr);
> - SAFE_FREE(user_attr);
> - SAFE_FREE(group_attr);
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS map_populate_groups(TALLOC_CTX *mem_ctx,
> - GROUPMAP *groupmap,
> - ACCOUNTMAP *accountmap,
> - const char *sid,
> - const char *suffix,
> - const char *builtin_sid)
> -{
> - char *group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ',');
> -
> - /* Map the groups created by populate_ldap_for_ldif */
> - groupmap[0].rid = 512;
> - groupmap[0].gidNumber = 512;
> - groupmap[0].sambaSID = talloc_asprintf(mem_ctx, "%s-512", sid);
> - groupmap[0].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Domain Admins,ou=%s,%s", group_attr, suffix);
> - if (groupmap[0].sambaSID == NULL || groupmap[0].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[0].rid = 512;
> - accountmap[0].cn = talloc_strdup(mem_ctx, "Domain Admins");
> - if (accountmap[0].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[1].rid = 513;
> - groupmap[1].gidNumber = 513;
> - groupmap[1].sambaSID = talloc_asprintf(mem_ctx, "%s-513", sid);
> - groupmap[1].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Domain Users,ou=%s,%s", group_attr, suffix);
> - if (groupmap[1].sambaSID == NULL || groupmap[1].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[1].rid = 513;
> - accountmap[1].cn = talloc_strdup(mem_ctx, "Domain Users");
> - if (accountmap[1].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[2].rid = 514;
> - groupmap[2].gidNumber = 514;
> - groupmap[2].sambaSID = talloc_asprintf(mem_ctx, "%s-514", sid);
> - groupmap[2].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Domain Guests,ou=%s,%s", group_attr, suffix);
> - if (groupmap[2].sambaSID == NULL || groupmap[2].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[2].rid = 514;
> - accountmap[2].cn = talloc_strdup(mem_ctx, "Domain Guests");
> - if (accountmap[2].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[3].rid = 515;
> - groupmap[3].gidNumber = 515;
> - groupmap[3].sambaSID = talloc_asprintf(mem_ctx, "%s-515", sid);
> - groupmap[3].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Domain Computers,ou=%s,%s", group_attr, suffix);
> - if (groupmap[3].sambaSID == NULL || groupmap[3].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[3].rid = 515;
> - accountmap[3].cn = talloc_strdup(mem_ctx, "Domain Computers");
> - if (accountmap[3].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[4].rid = 544;
> - groupmap[4].gidNumber = 544;
> - groupmap[4].sambaSID = talloc_asprintf(mem_ctx, "%s-544", builtin_sid);
> - groupmap[4].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Administrators,ou=%s,%s", group_attr, suffix);
> - if (groupmap[4].sambaSID == NULL || groupmap[4].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[4].rid = 515;
> - accountmap[4].cn = talloc_strdup(mem_ctx, "Administrators");
> - if (accountmap[4].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[5].rid = 550;
> - groupmap[5].gidNumber = 550;
> - groupmap[5].sambaSID = talloc_asprintf(mem_ctx, "%s-550", builtin_sid);
> - groupmap[5].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Print Operators,ou=%s,%s", group_attr, suffix);
> - if (groupmap[5].sambaSID == NULL || groupmap[5].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[5].rid = 550;
> - accountmap[5].cn = talloc_strdup(mem_ctx, "Print Operators");
> - if (accountmap[5].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[6].rid = 551;
> - groupmap[6].gidNumber = 551;
> - groupmap[6].sambaSID = talloc_asprintf(mem_ctx, "%s-551", builtin_sid);
> - groupmap[6].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Backup Operators,ou=%s,%s", group_attr, suffix);
> - if (groupmap[6].sambaSID == NULL || groupmap[6].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[6].rid = 551;
> - accountmap[6].cn = talloc_strdup(mem_ctx, "Backup Operators");
> - if (accountmap[6].cn == NULL) {
> - goto err;
> - }
> -
> - groupmap[7].rid = 552;
> - groupmap[7].gidNumber = 552;
> - groupmap[7].sambaSID = talloc_asprintf(mem_ctx, "%s-552", builtin_sid);
> - groupmap[7].group_dn = talloc_asprintf(mem_ctx,
> - "cn=Replicators,ou=%s,%s", group_attr, suffix);
> - if (groupmap[7].sambaSID == NULL || groupmap[7].group_dn == NULL) {
> - goto err;
> - }
> -
> - accountmap[7].rid = 551;
> - accountmap[7].cn = talloc_strdup(mem_ctx, "Replicators");
> - if (accountmap[7].cn == NULL) {
> - goto err;
> - }
> -
> - SAFE_FREE(group_attr);
> -
> - return NT_STATUS_OK;
> -
> - err:
> -
> - SAFE_FREE(group_attr);
> - return NT_STATUS_NO_MEMORY;
> -}
> -
> -/*
> - * This is a crap routine, but I think it's the quickest way to solve the
> - * UTF8->base64 problem.
> - */
> -
> -static int fprintf_attr(FILE *add_fd, const char *attr_name,
> - const char *fmt, ...) PRINTF_ATTRIBUTE(3,4);
> -
> -static int fprintf_attr(FILE *add_fd, const char *attr_name,
> - const char *fmt, ...)
> -{
> - va_list ap;
> - char *value, *p, *base64;
> - DATA_BLOB base64_blob;
> - bool do_base64 = false;
> - int res;
> -
> - va_start(ap, fmt);
> - value = talloc_vasprintf(NULL, fmt, ap);
> - va_end(ap);
> -
> - SMB_ASSERT(value != NULL);
> -
> - for (p=value; *p; p++) {
> - if (*p & 0x80) {
> - do_base64 = true;
> - break;
> - }
> - }
> -
> - if (!do_base64) {
> - bool only_whitespace = true;
> - for (p=value; *p; p++) {
> - /*
> - * I know that this not multibyte safe, but we break
> - * on the first non-whitespace character anyway.
> - */
> - if (!isspace(*p)) {
> - only_whitespace = false;
> - break;
> - }
> - }
> - if (only_whitespace) {
> - do_base64 = true;
> - }
> - }
> -
> - if (!do_base64) {
> - res = fprintf(add_fd, "%s: %s\n", attr_name, value);
> - TALLOC_FREE(value);
> - return res;
> - }
> -
> - base64_blob.data = (unsigned char *)value;
> - base64_blob.length = strlen(value);
> -
> - base64 = base64_encode_data_blob(value, base64_blob);
> - SMB_ASSERT(base64 != NULL);
> -
> - res = fprintf(add_fd, "%s:: %s\n", attr_name, base64);
> - TALLOC_FREE(value);
> - return res;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx,
> - struct netr_DELTA_GROUP *r,
> - GROUPMAP *groupmap,
> - FILE *add_fd,
> - const char *sid,
> - const char *suffix)
> -{
> - const char *groupname = r->group_name.string;
> - uint32_t grouptype = 0, g_rid = 0;
> - char *group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ',');
> -
> - /* Set up the group type (always 2 for group info) */
> - grouptype = 2;
> -
> - /* These groups are entered by populate_ldap_for_ldif */
> - if (strcmp(groupname, "Domain Admins") == 0 ||
> - strcmp(groupname, "Domain Users") == 0 ||
> - strcmp(groupname, "Domain Guests") == 0 ||
> - strcmp(groupname, "Domain Computers") == 0 ||
> - strcmp(groupname, "Administrators") == 0 ||
> - strcmp(groupname, "Print Operators") == 0 ||
> - strcmp(groupname, "Backup Operators") == 0 ||
> - strcmp(groupname, "Replicators") == 0) {
> - SAFE_FREE(group_attr);
> - return NT_STATUS_OK;
> - } else {
> - /* Increment the gid for the new group */
> - ldif_gid++;
> - }
> -
> - /* Map the group rid, gid, and dn */
> - g_rid = r->rid;
> - groupmap->rid = g_rid;
> - groupmap->gidNumber = ldif_gid;
> - groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid);
> - groupmap->group_dn = talloc_asprintf(mem_ctx,
> - "cn=%s,ou=%s,%s", groupname, group_attr, suffix);
> - if (groupmap->sambaSID == NULL || groupmap->group_dn == NULL) {
> - SAFE_FREE(group_attr);
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - /* Write the data to the temporary add ldif file */
> - fprintf(add_fd, "# %s, %s, %s\n", groupname, group_attr,
> - suffix);
> - fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", groupname, group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf_attr(add_fd, "cn", "%s", groupname);
> - fprintf(add_fd, "gidNumber: %d\n", ldif_gid);
> - fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID);
> - fprintf(add_fd, "sambaGroupType: %d\n", grouptype);
> - fprintf_attr(add_fd, "displayName", "%s", groupname);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - SAFE_FREE(group_attr);
> - /* Return */
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx,
> - struct netr_DELTA_USER *r,
> - GROUPMAP *groupmap,
> - ACCOUNTMAP *accountmap,
> - FILE *add_fd,
> - const char *sid,
> - const char *suffix,
> - int alloced)
> -{
> - fstring username, logonscript, homedrive, homepath = "", homedir = "";
> - fstring hex_nt_passwd, hex_lm_passwd;
> - fstring description, profilepath, fullname, sambaSID;
> - char *flags, *user_rdn;
> - const char *ou;
> - const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
> - uint32_t rid = 0, group_rid = 0, gidNumber = 0;
> - time_t unix_time;
> - int i, ret;
> -
> - /* Get the username */
> - fstrcpy(username, r->account_name.string);
> -
> - /* Get the rid */
> - rid = r->rid;
> -
> - /* Map the rid and username for group member info later */
> - accountmap->rid = rid;
> - accountmap->cn = talloc_strdup(mem_ctx, username);
> - NT_STATUS_HAVE_NO_MEMORY(accountmap->cn);
> -
> - /* Get the home directory */
> - if (r->acct_flags & ACB_NORMAL) {
> - fstrcpy(homedir, r->home_directory.string);
> - if (!*homedir) {
> - snprintf(homedir, sizeof(homedir), "/home/%s", username);
> - } else {
> - snprintf(homedir, sizeof(homedir), "/nobodyshomedir");
> - }
> - ou = lp_ldap_user_suffix(talloc_tos());
> - } else {
> - ou = lp_ldap_machine_suffix(talloc_tos());
> - snprintf(homedir, sizeof(homedir), "/machinehomedir");
> - }
> -
> - /* Get the logon script */
> - fstrcpy(logonscript, r->logon_script.string);
> -
> - /* Get the home drive */
> - fstrcpy(homedrive, r->home_drive.string);
> -
> - /* Get the home path */
> - fstrcpy(homepath, r->home_directory.string);
> -
> - /* Get the description */
> - fstrcpy(description, r->description.string);
> -
> - /* Get the display name */
> - fstrcpy(fullname, r->full_name.string);
> -
> - /* Get the profile path */
> - fstrcpy(profilepath, r->profile_path.string);
> -
> - /* Get lm and nt password data */
> - if (!all_zero(r->lmpassword.hash, 16)) {
> - pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
> - } else {
> - pdb_sethexpwd(hex_lm_passwd, NULL, 0);
> - }
> - if (!all_zero(r->ntpassword.hash, 16)) {
> - pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags);
> - } else {
> - pdb_sethexpwd(hex_nt_passwd, NULL, 0);
> - }
> - unix_time = nt_time_to_unix(r->last_password_change);
> -
> - /* Increment the uid for the new user */
> - ldif_uid++;
> -
> - /* Set up group id and sambaSID for the user */
> - group_rid = r->primary_gid;
> - for (i=0; i<alloced; i++) {
> - if (groupmap[i].rid == group_rid) break;
> - }
> - if (i == alloced){
> - DEBUG(1, ("Could not find rid %d in groupmap array\n",
> - group_rid));
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> - gidNumber = groupmap[i].gidNumber;
> - ret = snprintf(sambaSID, sizeof(sambaSID), "%s", groupmap[i].sambaSID);
> - if (ret < 0 || ret == sizeof(sambaSID)) {
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - /* Set up sambaAcctFlags */
> - flags = pdb_encode_acct_ctrl(r->acct_flags,
> - NEW_PW_FORMAT_SPACE_PADDED_LEN);
> -
> - /* Add the user to the temporary add ldif file */
> - /* this isn't quite right...we can't assume there's just OU=. jmcd */
> - user_rdn = sstring_sub(ou, '=', ',');
> - fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix);
> - fprintf_attr(add_fd, "dn", "uid=%s,ou=%s,%s", username, user_rdn,
> - suffix);
> - SAFE_FREE(user_rdn);
> - fprintf(add_fd, "ObjectClass: top\n");
> - fprintf(add_fd, "objectClass: inetOrgPerson\n");
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXACCOUNT);
> - fprintf(add_fd, "objectClass: shadowAccount\n");
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_SAMBASAMACCOUNT);
> - fprintf_attr(add_fd, "cn", "%s", username);
> - fprintf_attr(add_fd, "sn", "%s", username);
> - fprintf_attr(add_fd, "uid", "%s", username);
> - fprintf(add_fd, "uidNumber: %d\n", ldif_uid);
> - fprintf(add_fd, "gidNumber: %d\n", gidNumber);
> - fprintf_attr(add_fd, "homeDirectory", "%s", homedir);
> - if (*homepath)
> - fprintf_attr(add_fd, "sambaHomePath", "%s", homepath);
> - if (*homedrive)
> - fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive);
> - if (*logonscript)
> - fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript);
> - fprintf(add_fd, "loginShell: %s\n",
> - ((r->acct_flags & ACB_NORMAL) ?
> - "/bin/bash" : "/bin/false"));
> - fprintf(add_fd, "gecos: System User\n");
> - if (*description)
> - fprintf_attr(add_fd, "description", "%s", description);
> - fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid);
> - fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID);
> - if(*fullname)
> - fprintf_attr(add_fd, "displayName", "%s", fullname);
> - if(*profilepath)
> - fprintf_attr(add_fd, "sambaProfilePath", "%s", profilepath);
> - if (strcmp(nopasswd, hex_lm_passwd) != 0)
> - fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd);
> - if (strcmp(nopasswd, hex_nt_passwd) != 0)
> - fprintf(add_fd, "sambaNTPassword: %s\n", hex_nt_passwd);
> - fprintf(add_fd, "sambaPwdLastSet: %d\n", (int)unix_time);
> - fprintf(add_fd, "sambaAcctFlags: %s\n", flags);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - /* Return */
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx,
> - struct netr_DELTA_ALIAS *r,
> - GROUPMAP *groupmap,
> - FILE *add_fd,
> - const char *sid,
> - const char *suffix,
> - enum netr_SamDatabaseID database_id)
> -{
> - fstring aliasname, description;
> - uint32_t grouptype = 0, g_rid = 0;
> - char *group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ',');
> -
> - /* Get the alias name */
> - fstrcpy(aliasname, r->alias_name.string);
> -
> - /* Get the alias description */
> - fstrcpy(description, r->description.string);
> -
> - /* Set up the group type */
> - switch (database_id) {
> - case SAM_DATABASE_DOMAIN:
> - grouptype = 4;
> - break;
> - case SAM_DATABASE_BUILTIN:
> - grouptype = 5;
> - break;
> - default:
> - grouptype = 4;
> - break;
> - }
> -
> - /*
> - These groups are entered by populate_ldap_for_ldif
> - Note that populate creates a group called Relicators,
> - but NT returns a group called Replicator
> - */
> - if (strcmp(aliasname, "Domain Admins") == 0 ||
> - strcmp(aliasname, "Domain Users") == 0 ||
> - strcmp(aliasname, "Domain Guests") == 0 ||
> - strcmp(aliasname, "Domain Computers") == 0 ||
> - strcmp(aliasname, "Administrators") == 0 ||
> - strcmp(aliasname, "Print Operators") == 0 ||
> - strcmp(aliasname, "Backup Operators") == 0 ||
> - strcmp(aliasname, "Replicator") == 0) {
> - SAFE_FREE(group_attr);
> - return NT_STATUS_OK;
> - } else {
> - /* Increment the gid for the new group */
> - ldif_gid++;
> - }
> -
> - /* Map the group rid and gid */
> - g_rid = r->rid;
> - groupmap->gidNumber = ldif_gid;
> - groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid);
> - if (groupmap->sambaSID == NULL) {
> - SAFE_FREE(group_attr);
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - /* Write the data to the temporary add ldif file */
> - fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr,
> - suffix);
> - fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", aliasname, group_attr,
> - suffix);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP);
> - fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP);
> - fprintf(add_fd, "cn: %s\n", aliasname);
> - fprintf(add_fd, "gidNumber: %d\n", ldif_gid);
> - fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID);
> - fprintf(add_fd, "sambaGroupType: %d\n", grouptype);
> - fprintf_attr(add_fd, "displayName", "%s", aliasname);
> - if (description[0])
> - fprintf_attr(add_fd, "description", "%s", description);
> - fprintf(add_fd, "\n");
> - fflush(add_fd);
> -
> - SAFE_FREE(group_attr);
> - /* Return */
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r,
> - uint32_t id_rid,
> - GROUPMAP *groupmap,
> - ACCOUNTMAP *accountmap,
> - FILE *mod_fd, int alloced)
> -{
> - fstring group_dn;
> - uint32_t group_rid = 0, rid = 0;
> - int i, j, k;
> -
> - /* Get the dn for the group */
> - if (r->num_rids > 0) {
> - group_rid = id_rid;
> - for (j=0; j<alloced; j++) {
> - if (groupmap[j].rid == group_rid) break;
> - }
> - if (j == alloced){
> - DEBUG(1, ("Could not find rid %d in groupmap array\n",
> - group_rid));
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> - snprintf(group_dn, sizeof(group_dn), "%s", groupmap[j].group_dn);
> - fprintf(mod_fd, "dn: %s\n", group_dn);
> -
> - /* Get the cn for each member */
> - for (i=0; i < r->num_rids; i++) {
> - rid = r->rids[i];
> - for (k=0; k<alloced; k++) {
> - if (accountmap[k].rid == rid) break;
> - }
> - if (k == alloced){
> - DEBUG(1, ("Could not find rid %d in "
> - "accountmap array\n", rid));
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> - fprintf(mod_fd, "memberUid: %s\n", accountmap[k].cn);
> - }
> - fprintf(mod_fd, "\n");
> - }
> - fflush(mod_fd);
> -
> - /* Return */
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - const char *ldif_filename,
> - const char *domain_sid_str,
> - struct samsync_ldif_context **ctx)
> -{
> - NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
> - struct samsync_ldif_context *r;
> - const char *add_template = "/tmp/add.ldif.XXXXXX";
> - const char *mod_template = "/tmp/mod.ldif.XXXXXX";
> - const char *builtin_sid = "S-1-5-32";
> - mode_t mask;
> - int fd;
> -
> - r = talloc_zero(mem_ctx, struct samsync_ldif_context);
> - NT_STATUS_HAVE_NO_MEMORY(r);
> -
> - /* Get the ldap suffix */
> - r->suffix = lp_ldap_suffix(talloc_tos());
> -
> - /* Get other smb.conf data */
> - if (!(lp_workgroup()) || !*(lp_workgroup())) {
> - DEBUG(0,("workgroup missing from smb.conf--exiting\n"));
> - exit(1);
> - }
> -
> - /* Get the ldap suffix */
> - if (!r->suffix || !*r->suffix) {
> - DEBUG(0,("ldap suffix missing from smb.conf--exiting\n"));
> - exit(1);
> - }
> -
> - if (*ctx && (*ctx)->initialized) {
> - return NT_STATUS_OK;
> - }
> -
> - /* Ensure we have an output file */
> - if (ldif_filename) {
> - r->ldif_file = fopen(ldif_filename, "a");
> - } else {
> - r->ldif_file = stdout;
> - }
> -
> - if (!r->ldif_file) {
> - fprintf(stderr, "Could not open %s\n", ldif_filename);
> - DEBUG(1, ("Could not open %s\n", ldif_filename));
> - status = NT_STATUS_UNSUCCESSFUL;
> - goto done;
> - }
> -
> - r->add_template = talloc_strdup(mem_ctx, add_template);
> - r->mod_template = talloc_strdup(mem_ctx, mod_template);
> - if (!r->add_template || !r->mod_template) {
> - status = NT_STATUS_NO_MEMORY;
> - goto done;
> - }
> -
> - r->add_name = talloc_strdup(mem_ctx, add_template);
> - r->module_name = talloc_strdup(mem_ctx, mod_template);
> - if (!r->add_name || !r->module_name) {
> - status = NT_STATUS_NO_MEMORY;
> - goto done;
> - }
> -
> - mask = umask(S_IRWXO | S_IRWXG);
> - fd = mkstemp(r->add_name);
> - umask(mask);
> - if (fd < 0) {
> - DEBUG(1, ("Could not create %s\n", r->add_name));
> - status = NT_STATUS_UNSUCCESSFUL;
> - goto done;
> - }
> -
> - /* Open the add and mod ldif files */
> - r->add_file = fdopen(fd, "w");
> - if (r->add_file == NULL) {
> - DEBUG(1, ("Could not open %s\n", r->add_name));
> - close(fd);
> - status = NT_STATUS_UNSUCCESSFUL;
> - goto done;
> - }
> -
> - mask = umask(S_IRWXO | S_IRWXG);
> - fd = mkstemp(r->module_name);
> - umask(mask);
> - if (fd < 0) {
> - DEBUG(1, ("Could not create %s\n", r->module_name));
> - status = NT_STATUS_UNSUCCESSFUL;
> - goto done;
> - }
> -
> - r->mod_file = fdopen(fd, "w");
> - if (r->mod_file == NULL) {
> - DEBUG(1, ("Could not open %s\n", r->module_name));
> - close(fd);
> - status = NT_STATUS_UNSUCCESSFUL;
> - goto done;
> - }
> -
> - /* Allocate initial memory for groupmap and accountmap arrays */
> - r->groupmap = talloc_zero_array(mem_ctx, GROUPMAP, 8);
> - r->accountmap = talloc_zero_array(mem_ctx, ACCOUNTMAP, 8);
> - if (r->groupmap == NULL || r->accountmap == NULL) {
> - DEBUG(1,("GROUPMAP talloc failed\n"));
> - status = NT_STATUS_NO_MEMORY;
> - goto done;
> - }
> -
> - /* Remember how many we malloced */
> - r->num_alloced = 8;
> -
> - /* Initial database population */
> - if (database_id == SAM_DATABASE_DOMAIN) {
> -
> - status = populate_ldap_for_ldif(domain_sid_str,
> - r->suffix,
> - builtin_sid,
> - r->add_file);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto done;
> - }
> -
> - status = map_populate_groups(mem_ctx,
> - r->groupmap,
> - r->accountmap,
> - domain_sid_str,
> - r->suffix,
> - builtin_sid);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto done;
> - }
> - }
> -
> - r->initialized = true;
> -
> - *ctx = r;
> -
> - return NT_STATUS_OK;
> - done:
> - TALLOC_FREE(r);
> - return status;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static void ldif_free_context(struct samsync_ldif_context *r)
> -{
> - if (!r) {
> - return;
> - }
> -
> - /* Close and delete the ldif files */
> - if (r->add_file) {
> - fclose(r->add_file);
> - }
> -
> - if ((r->add_name != NULL) &&
> - strcmp(r->add_name, r->add_template) && (unlink(r->add_name))) {
> - DEBUG(1,("unlink(%s) failed, error was (%s)\n",
> - r->add_name, strerror(errno)));
> - }
> -
> - if (r->mod_file) {
> - fclose(r->mod_file);
> - }
> -
> - if ((r->module_name != NULL) &&
> - strcmp(r->module_name, r->mod_template) && (unlink(r->module_name))) {
> - DEBUG(1,("unlink(%s) failed, error was (%s)\n",
> - r->module_name, strerror(errno)));
> - }
> -
> - if (r->ldif_file && (r->ldif_file != stdout)) {
> - fclose(r->ldif_file);
> - }
> -
> - TALLOC_FREE(r);
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static void ldif_write_output(enum netr_SamDatabaseID database_id,
> - struct samsync_ldif_context *l)
> -{
> - /* Write ldif data to the user's file */
> - if (database_id == SAM_DATABASE_DOMAIN) {
> - fprintf(l->ldif_file,
> - "# SAM_DATABASE_DOMAIN: ADD ENTITIES\n");
> - fprintf(l->ldif_file,
> - "# =================================\n\n");
> - fflush(l->ldif_file);
> - } else if (database_id == SAM_DATABASE_BUILTIN) {
> - fprintf(l->ldif_file,
> - "# SAM_DATABASE_BUILTIN: ADD ENTITIES\n");
> - fprintf(l->ldif_file,
> - "# ==================================\n\n");
> - fflush(l->ldif_file);
> - }
> - fseek(l->add_file, 0, SEEK_SET);
> - transfer_file(fileno(l->add_file), fileno(l->ldif_file), (size_t) -1);
> -
> - if (database_id == SAM_DATABASE_DOMAIN) {
> - fprintf(l->ldif_file,
> - "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n");
> - fprintf(l->ldif_file,
> - "# ====================================\n\n");
> - fflush(l->ldif_file);
> - } else if (database_id == SAM_DATABASE_BUILTIN) {
> - fprintf(l->ldif_file,
> - "# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n");
> - fprintf(l->ldif_file,
> - "# =====================================\n\n");
> - fflush(l->ldif_file);
> - }
> - fseek(l->mod_file, 0, SEEK_SET);
> - transfer_file(fileno(l->mod_file), fileno(l->ldif_file), (size_t) -1);
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM *r,
> - struct samsync_context *ctx,
> - uint32_t *a_index_p,
> - uint32_t *g_index_p)
> -{
> - union netr_DELTA_UNION u = r->delta_union;
> - union netr_DELTA_ID_UNION id = r->delta_id_union;
> - struct samsync_ldif_context *l =
> - talloc_get_type_abort(ctx->private_data, struct samsync_ldif_context);
> -
> - switch (r->delta_type) {
> - case NETR_DELTA_DOMAIN:
> - break;
> -
> - case NETR_DELTA_GROUP:
> - fetch_group_info_to_ldif(mem_ctx,
> - u.group,
> - &l->groupmap[*g_index_p],
> - l->add_file,
> - ctx->domain_sid_str,
> - l->suffix);
> - (*g_index_p)++;
> - break;
> -
> - case NETR_DELTA_USER:
> - fetch_account_info_to_ldif(mem_ctx,
> - u.user,
> - l->groupmap,
> - &l->accountmap[*a_index_p],
> - l->add_file,
> - ctx->domain_sid_str,
> - l->suffix,
> - l->num_alloced);
> - (*a_index_p)++;
> - break;
> -
> - case NETR_DELTA_ALIAS:
> - fetch_alias_info_to_ldif(mem_ctx,
> - u.alias,
> - &l->groupmap[*g_index_p],
> - l->add_file,
> - ctx->domain_sid_str,
> - l->suffix,
> - database_id);
> - (*g_index_p)++;
> - break;
> -
> - case NETR_DELTA_GROUP_MEMBER:
> - fetch_groupmem_info_to_ldif(u.group_member,
> - id.rid,
> - l->groupmap,
> - l->accountmap,
> - l->mod_file,
> - l->num_alloced);
> - break;
> -
> - case NETR_DELTA_ALIAS_MEMBER:
> - case NETR_DELTA_POLICY:
> - case NETR_DELTA_ACCOUNT:
> - case NETR_DELTA_TRUSTED_DOMAIN:
> - case NETR_DELTA_SECRET:
> - case NETR_DELTA_RENAME_GROUP:
> - case NETR_DELTA_RENAME_USER:
> - case NETR_DELTA_RENAME_ALIAS:
> - case NETR_DELTA_DELETE_GROUP:
> - case NETR_DELTA_DELETE_USER:
> - case NETR_DELTA_MODIFY_COUNT:
> - default:
> - break;
> - } /* end of switch */
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx,
> - struct samsync_ldif_context *l,
> - uint32_t num_entries)
> -{
> - /* Re-allocate memory for groupmap and accountmap arrays */
> - l->groupmap = talloc_realloc(mem_ctx,
> - l->groupmap,
> - GROUPMAP,
> - num_entries + l->num_alloced);
> -
> - l->accountmap = talloc_realloc(mem_ctx,
> - l->accountmap,
> - ACCOUNTMAP,
> - num_entries + l->num_alloced);
> -
> - if (l->groupmap == NULL || l->accountmap == NULL) {
> - DEBUG(1,("GROUPMAP talloc failed\n"));
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - /* Initialize the new records */
> - memset(&(l->groupmap[l->num_alloced]), 0,
> - sizeof(GROUPMAP) * num_entries);
> - memset(&(l->accountmap[l->num_alloced]), 0,
> - sizeof(ACCOUNTMAP) * num_entries);
> -
> - /* Remember how many we alloced this time */
> - l->num_alloced += num_entries;
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t *sequence_num)
> -{
> - NTSTATUS status;
> - struct samsync_ldif_context *ldif_ctx =
> - (struct samsync_ldif_context *)ctx->private_data;
> -
> - status = ldif_init_context(mem_ctx,
> - database_id,
> - ctx->output_filename,
> - ctx->domain_sid_str,
> - &ldif_ctx);
> - if (!NT_STATUS_IS_OK(status)) {
> - return status;
> - }
> -
> - ctx->private_data = ldif_ctx;
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx)
> -{
> - NTSTATUS status;
> - int i;
> - struct samsync_ldif_context *ldif_ctx =
> - (struct samsync_ldif_context *)ctx->private_data;
> -
> - status = ldif_realloc_maps(mem_ctx, ldif_ctx, r->num_deltas);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto failed;
> - }
> -
> - for (i = 0; i < r->num_deltas; i++) {
> - status = fetch_sam_entry_ldif(mem_ctx, database_id,
> - &r->delta_enum[i], ctx,
> - &a_index, &g_index);
> - if (!NT_STATUS_IS_OK(status)) {
> - goto failed;
> - }
> - }
> -
> - return NT_STATUS_OK;
> -
> - failed:
> - ldif_free_context(ldif_ctx);
> - ctx->private_data = NULL;
> -
> - return status;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t sequence_num)
> -{
> - struct samsync_ldif_context *ldif_ctx =
> - (struct samsync_ldif_context *)ctx->private_data;
> -
> - /* This was the last query */
> - ldif_write_output(database_id, ldif_ctx);
> - if (ldif_ctx->ldif_file != stdout) {
> - ctx->result_message = talloc_asprintf(ctx,
> - "Vampired %d accounts and %d groups to %s",
> - a_index, g_index, ctx->output_filename);
> - }
> -
> - ldif_free_context(ldif_ctx);
> - ctx->private_data = NULL;
> -
> - return NT_STATUS_OK;
> -}
> -
> -#else /* HAVE_LDAP */
> -
> -static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t *sequence_num)
> -{
> - return NT_STATUS_NOT_SUPPORTED;
> -}
> -
> -static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx)
> -{
> - return NT_STATUS_NOT_SUPPORTED;
> -}
> -
> -static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx,
> - struct samsync_context *ctx,
> - enum netr_SamDatabaseID database_id,
> - uint64_t sequence_num)
> -{
> - return NT_STATUS_NOT_SUPPORTED;
> -}
> -
> -#endif
> -
> -const struct samsync_ops libnet_samsync_ldif_ops = {
> - .startup = init_ldif,
> - .process_objects = fetch_sam_entries_ldif,
> - .finish = close_ldif,
> -};
> diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c
> deleted file mode 100644
> index 9ba637e744c..00000000000
> --- a/source3/libnet/libnet_samsync_passdb.c
> +++ /dev/null
> @@ -1,882 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> - dump the remote SAM using rpc samsync operations
> -
> - Copyright (C) Andrew Tridgell 2002
> - Copyright (C) Tim Potter 2001,2002
> - Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2005
> - Modified by Volker Lendecke 2002
> - Copyright (C) Jeremy Allison 2005.
> - Copyright (C) Guenther Deschner 2008.
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -#include "includes.h"
> -#include "system/passwd.h"
> -#include "libnet/libnet_samsync.h"
> -#include "../libcli/security/security.h"
> -#include "passdb.h"
> -#include "lib/util/base64.h"
> -
> -/* Convert a struct samu_DELTA to a struct samu. */
> -#define STRING_CHANGED (old_string && !new_string) ||\
> - (!old_string && new_string) ||\
> - (old_string && new_string && (strcmp(old_string, new_string) != 0))
> -
> -#define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\
> - (!(s1) && (s2)) ||\
> - ((s1) && (s2) && (strcmp((s1), (s2)) != 0))
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS sam_account_from_delta(struct samu *account,
> - struct netr_DELTA_USER *r)
> -{
> - const char *old_string, *new_string;
> - time_t unix_time, stored_time;
> -
> - /* Username, fullname, home dir, dir drive, logon script, acct
> - desc, workstations, profile. */
> -
> - if (r->account_name.string) {
> - old_string = pdb_get_nt_username(account);
> - new_string = r->account_name.string;
> -
> - if (STRING_CHANGED) {
> - pdb_set_nt_username(account, new_string, PDB_CHANGED);
> - }
> -
> - /* Unix username is the same - for sanity */
> - old_string = pdb_get_username( account );
> - if (STRING_CHANGED) {
> - pdb_set_username(account, new_string, PDB_CHANGED);
> - }
> - }
> -
> - if (r->full_name.string) {
> - old_string = pdb_get_fullname(account);
> - new_string = r->full_name.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_fullname(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->home_directory.string) {
> - old_string = pdb_get_homedir(account);
> - new_string = r->home_directory.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_homedir(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->home_drive.string) {
> - old_string = pdb_get_dir_drive(account);
> - new_string = r->home_drive.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_dir_drive(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->logon_script.string) {
> - old_string = pdb_get_logon_script(account);
> - new_string = r->logon_script.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_logon_script(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->description.string) {
> - old_string = pdb_get_acct_desc(account);
> - new_string = r->description.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_acct_desc(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->workstations.string) {
> - old_string = pdb_get_workstations(account);
> - new_string = r->workstations.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_workstations(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->profile_path.string) {
> - old_string = pdb_get_profile_path(account);
> - new_string = r->profile_path.string;
> -
> - if (STRING_CHANGED)
> - pdb_set_profile_path(account, new_string, PDB_CHANGED);
> - }
> -
> - if (r->parameters.array) {
> - DATA_BLOB mung;
> - char *newstr = NULL;
> - old_string = pdb_get_munged_dial(account);
> - mung.length = r->parameters.length * 2;
> - mung.data = (uint8_t *) r->parameters.array;
> -
> - if (mung.length != 0) {
> - newstr = base64_encode_data_blob(talloc_tos(), mung);
> - SMB_ASSERT(newstr != NULL);
> - }
> -
> - if (STRING_CHANGED_NC(old_string, newstr))
> - pdb_set_munged_dial(account, newstr, PDB_CHANGED);
> - TALLOC_FREE(newstr);
> - }
> -
> - /* User and group sid */
> - if (pdb_get_user_rid(account) != r->rid)
> - pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED);
> - if (pdb_get_group_rid(account) != r->primary_gid)
> - pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED);
> -
> - /* Logon and password information */
> - if (!nt_time_is_zero(&r->last_logon)) {
> - unix_time = nt_time_to_unix(r->last_logon);
> - stored_time = pdb_get_logon_time(account);
> - if (stored_time != unix_time)
> - pdb_set_logon_time(account, unix_time, PDB_CHANGED);
> - }
> -
> - if (!nt_time_is_zero(&r->last_logoff)) {
> - unix_time = nt_time_to_unix(r->last_logoff);
> - stored_time = pdb_get_logoff_time(account);
> - if (stored_time != unix_time)
> - pdb_set_logoff_time(account, unix_time,PDB_CHANGED);
> - }
> -
> - /* Logon Divs */
> - if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week)
> - pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED);
> -
> -#if 0
> - /* no idea what to do with this one - gd */
> - /* Max Logon Hours */
> - if (delta->unknown1 != pdb_get_unknown_6(account)) {
> - pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED);
> - }
> -#endif
> - /* Logon Hours Len */
> - if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) {
> - pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED);
> - }
> -
> - /* Logon Hours */
> - if (r->logon_hours.bits) {
> - char oldstr[44], newstr[44];
> - pdb_sethexhours(oldstr, pdb_get_hours(account));
> - pdb_sethexhours(newstr, r->logon_hours.bits);
> - if (!strequal(oldstr, newstr))
> - pdb_set_hours(account, r->logon_hours.bits,
> - pdb_get_hours_len(account), PDB_CHANGED);
> - }
> -
> - if (pdb_get_bad_password_count(account) != r->bad_password_count)
> - pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED);
> -
> - if (pdb_get_logon_count(account) != r->logon_count)
> - pdb_set_logon_count(account, r->logon_count, PDB_CHANGED);
> -
> - if (!nt_time_is_zero(&r->last_password_change)) {
> - unix_time = nt_time_to_unix(r->last_password_change);
> - stored_time = pdb_get_pass_last_set_time(account);
> - if (stored_time != unix_time)
> - pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED);
> - } else {
> - /* no last set time, make it now */
> - pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED);
> - }
> -
> - if (!nt_time_is_zero(&r->acct_expiry)) {
> - unix_time = nt_time_to_unix(r->acct_expiry);
> - stored_time = pdb_get_kickoff_time(account);
> - if (stored_time != unix_time)
> - pdb_set_kickoff_time(account, unix_time, PDB_CHANGED);
> - }
> -
> - /* Decode hashes from password hash
> - Note that win2000 may send us all zeros for the hashes if it doesn't
> - think this channel is secure enough - don't set the passwords at all
> - in that case
> - */
> - if (!all_zero(r->lmpassword.hash, 16)) {
> - pdb_set_lanman_passwd(account, r->lmpassword.hash, PDB_CHANGED);
> - }
> -
> - if (!all_zero(r->ntpassword.hash, 16)) {
> - pdb_set_nt_passwd(account, r->ntpassword.hash, PDB_CHANGED);
> - }
> -
> - /* TODO: account expiry time */
> -
> - pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED);
> -
> - pdb_set_domain(account, lp_workgroup(), PDB_CHANGED);
> -
> - return NT_STATUS_OK;
> -}
> -
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS smb_create_user(TALLOC_CTX *mem_ctx,
> - uint32_t acct_flags,
> - const char *account,
> - struct passwd **passwd_p)
> -{
> - struct passwd *passwd;
> - char *add_script = NULL;
> -
> - passwd = Get_Pwnam_alloc(mem_ctx, account);
> - if (passwd) {
> - *passwd_p = passwd;
> - return NT_STATUS_OK;
> - }
> -
> - /* Create appropriate user */
> - if (acct_flags & ACB_NORMAL) {
> - add_script = lp_add_user_script(mem_ctx);
> - } else if ( (acct_flags & ACB_WSTRUST) ||
> - (acct_flags & ACB_SVRTRUST) ||
> - (acct_flags & ACB_DOMTRUST) ) {
> - add_script = lp_add_machine_script(mem_ctx);
> - } else {
> - DEBUG(1, ("Unknown user type: %s\n",
> - pdb_encode_acct_ctrl(acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - if (!add_script) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (*add_script) {
> - int add_ret;
> - add_script = talloc_all_string_sub(mem_ctx, add_script,
> - "%u", account);
> - if (!add_script) {
> - return NT_STATUS_NO_MEMORY;
> - }
> - add_ret = smbrun(add_script, NULL, NULL);
> - DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' "
> - "gave %d\n", add_script, add_ret));
> - if (add_ret == 0) {
> - smb_nscd_flush_user_cache();
> - }
> - }
> -
> - /* try and find the possible unix account again */
> - passwd = Get_Pwnam_alloc(mem_ctx, account);
> - if (!passwd) {
> - return NT_STATUS_NO_SUCH_USER;
> - }
> -
> - *passwd_p = passwd;
> -
> - return NT_STATUS_OK;
> -}
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
> - uint32_t rid,
> - struct netr_DELTA_USER *r)
> -{
> -
> - NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
> - fstring account;
> - struct samu *sam_account=NULL;
> - GROUP_MAP *map = NULL;
> - struct group *grp;
> - struct dom_sid user_sid;
> - struct dom_sid group_sid;
> - struct passwd *passwd = NULL;
> - fstring sid_string;
> -
> - fstrcpy(account, r->account_name.string);
> - d_printf("Creating account: %s\n", account);
> -
> - if ( !(sam_account = samu_new(mem_ctx)) ) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - nt_ret = smb_create_user(sam_account, r->acct_flags, account, &passwd);
> - if (!NT_STATUS_IS_OK(nt_ret)) {
> - d_fprintf(stderr, "Could not create posix account info for '%s'\n",
> - account);
> - goto done;
> - }
> -
> - sid_compose(&user_sid, get_global_sam_sid(), r->rid);
> -
> - DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
> - sid_to_fstring(sid_string, &user_sid), account));
> - if (!pdb_getsampwsid(sam_account, &user_sid)) {
> - sam_account_from_delta(sam_account, r);
> - DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
> - sid_to_fstring(sid_string, &user_sid),
> - pdb_get_username(sam_account)));
> - if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) {
> - DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
> - account));
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - } else {
> - sam_account_from_delta(sam_account, r);
> - DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
> - sid_to_fstring(sid_string, &user_sid),
> - pdb_get_username(sam_account)));
> - if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) {
> - DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
> - account));
> - TALLOC_FREE(sam_account);
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - }
> -
> - if (pdb_get_group_sid(sam_account) == NULL) {
> - return NT_STATUS_UNSUCCESSFUL;
> - }
> -
> - group_sid = *pdb_get_group_sid(sam_account);
> -
> - map = talloc_zero(mem_ctx, GROUP_MAP);
> - if (!map) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (!pdb_getgrsid(map, group_sid)) {
> - DEBUG(0, ("Primary group of %s has no mapping!\n",
> - pdb_get_username(sam_account)));
> - } else {
> - if (map->gid != passwd->pw_gid) {
> - if (!(grp = getgrgid(map->gid))) {
> - DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
> - (unsigned long)map->gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
> - } else {
> - smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
> - }
> - }
> - }
> -
> - if ( !passwd ) {
> - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
> - pdb_get_username(sam_account)));
> - }
> -
> - done:
> - TALLOC_FREE(sam_account);
> - TALLOC_FREE(map);
> - return nt_ret;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
> - uint32_t rid,
> - struct netr_DELTA_GROUP *r)
> -{
> - struct group *grp = NULL;
> - struct dom_sid group_sid;
> - fstring sid_string;
> - GROUP_MAP *map;
> - bool insert = true;
> -
> - map = talloc_zero(mem_ctx, GROUP_MAP);
> - if (!map) {
> - return NT_STATUS_NO_MEMORY;
> - }
> - /* add the group to the mapping table */
> - sid_compose(&group_sid, get_global_sam_sid(), rid);
> - sid_to_fstring(sid_string, &group_sid);
> -
> - if (pdb_getgrsid(map, group_sid)) {
> - if (map->gid != -1) {
> - grp = getgrgid(map->gid);
> - }
> - insert = false;
> - }
> -
> - map->nt_name = talloc_strdup(map, r->group_name.string);
> - if (!map->nt_name) {
> - return NT_STATUS_NO_MEMORY;
> - }
> - map->comment = talloc_strdup(map, r->description.string);
> - if (!map->comment) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (grp == NULL) {
> - gid_t gid;
> -
> - /* No group found from mapping, find it from its name. */
> - if ((grp = getgrnam(map->nt_name)) == NULL) {
> -
> - /* No appropriate group found, create one */
> -
> - d_printf("Creating unix group: '%s'\n", map->nt_name);
> -
> - if (smb_create_group(map->nt_name, &gid) != 0)
> - return NT_STATUS_ACCESS_DENIED;
> -
> - if ((grp = getgrnam(map->nt_name)) == NULL)
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - }
> -
> - map->gid = grp->gr_gid;
> - map->sid = group_sid;
> - map->sid_name_use = SID_NAME_DOM_GRP;
> -
> - if (insert) {
> - pdb_add_group_mapping_entry(map);
> - } else {
> - pdb_update_group_mapping_entry(map);
> - }
> -
> - TALLOC_FREE(map);
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
> - uint32_t rid,
> - struct netr_DELTA_GROUP_MEMBER *r)
> -{
> - int i;
> - char **nt_members = NULL;
> - char **unix_members;
> - struct dom_sid group_sid;
> - GROUP_MAP *map;
> - struct group *grp;
> -
> - if (r->num_rids == 0) {
> - return NT_STATUS_OK;
> - }
> -
> - sid_compose(&group_sid, get_global_sam_sid(), rid);
> -
> - map = talloc_zero(mem_ctx, GROUP_MAP);
> - if (!map) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (!get_domain_group_from_sid(group_sid, map)) {
> - DEBUG(0, ("Could not find global group %d\n", rid));
> - TALLOC_FREE(map);
> - return NT_STATUS_NO_SUCH_GROUP;
> - }
> -
> - if (!(grp = getgrgid(map->gid))) {
> - DEBUG(0, ("Could not find unix group %lu\n",
> - (unsigned long)map->gid));
> - TALLOC_FREE(map);
> - return NT_STATUS_NO_SUCH_GROUP;
> - }
> -
> - TALLOC_FREE(map);
> -
> - d_printf("Group members of %s: ", grp->gr_name);
> -
> - if (r->num_rids) {
> - if ((nt_members = talloc_zero_array(mem_ctx, char *, r->num_rids)) == NULL) {
> - DEBUG(0, ("talloc failed\n"));
> - return NT_STATUS_NO_MEMORY;
> - }
> - } else {
> - nt_members = NULL;
> - }
> -
> - for (i=0; i < r->num_rids; i++) {
> - struct samu *member = NULL;
> - struct dom_sid member_sid;
> -
> - if ( !(member = samu_new(mem_ctx)) ) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - sid_compose(&member_sid, get_global_sam_sid(), r->rids[i]);
> -
> - if (!pdb_getsampwsid(member, &member_sid)) {
> - DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n",
> - r->rids[i], sid_string_tos(&member_sid), grp->gr_name));
> - TALLOC_FREE(member);
> - continue;
> - }
> -
> - if (pdb_get_group_rid(member) == rid) {
> - d_printf("%s(primary),", pdb_get_username(member));
> - TALLOC_FREE(member);
> - continue;
> - }
> -
> - d_printf("%s,", pdb_get_username(member));
> - nt_members[i] = talloc_strdup(mem_ctx, pdb_get_username(member));
> - TALLOC_FREE(member);
> - }
> -
> - d_printf("\n");
> -
> - unix_members = grp->gr_mem;
> -
> - while (*unix_members) {
> - bool is_nt_member = false;
> - for (i=0; i < r->num_rids; i++) {
> - if (nt_members[i] == NULL) {
> - /* This was a primary group */
> - continue;
> - }
> -
> - if (strcmp(*unix_members, nt_members[i]) == 0) {
> - is_nt_member = true;
> - break;
> - }
> - }
> - if (!is_nt_member) {
> - /* We look at a unix group member that is not
> - an nt group member. So, remove it. NT is
> - boss here. */
> - smb_delete_user_group(grp->gr_name, *unix_members);
> - }
> - unix_members += 1;
> - }
> -
> - for (i=0; i < r->num_rids; i++) {
> - bool is_unix_member = false;
> -
> - if (nt_members[i] == NULL) {
> - /* This was the primary group */
> - continue;
> - }
> -
> - unix_members = grp->gr_mem;
> -
> - while (*unix_members) {
> - if (strcmp(*unix_members, nt_members[i]) == 0) {
> - is_unix_member = true;
> - break;
> - }
> - unix_members += 1;
> - }
> -
> - if (!is_unix_member) {
> - /* We look at a nt group member that is not a
> - unix group member currently. So, add the nt
> - group member. */
> - smb_add_user_group(grp->gr_name, nt_members[i]);
> - }
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
> - uint32_t rid,
> - struct netr_DELTA_ALIAS *r,
> - const struct dom_sid *dom_sid)
> -{
> - struct group *grp = NULL;
> - struct dom_sid alias_sid;
> - fstring sid_string;
> - GROUP_MAP *map;
> - bool insert = true;
> -
> - map = talloc_zero(mem_ctx, GROUP_MAP);
> - if (!map) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - /* Find out whether the group is already mapped */
> - sid_compose(&alias_sid, dom_sid, rid);
> - sid_to_fstring(sid_string, &alias_sid);
> -
> - if (pdb_getgrsid(map, alias_sid)) {
> - grp = getgrgid(map->gid);
> - insert = false;
> - }
> -
> - map->nt_name = talloc_strdup(map, r->alias_name.string);
> - if (!map->nt_name) {
> - return NT_STATUS_NO_MEMORY;
> - }
> - map->comment = talloc_strdup(map, r->description.string);
> - if (!map->comment) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (grp == NULL) {
> - gid_t gid;
> -
> - /* No group found from mapping, find it from its name. */
> - if ((grp = getgrnam(map->nt_name)) == NULL) {
> - /* No appropriate group found, create one */
> - d_printf("Creating unix group: '%s'\n", map->nt_name);
> - if (smb_create_group(map->nt_name, &gid) != 0)
> - return NT_STATUS_ACCESS_DENIED;
> - if ((grp = getgrgid(gid)) == NULL)
> - return NT_STATUS_ACCESS_DENIED;
> - }
> - }
> -
> - map->gid = grp->gr_gid;
> - map->sid = alias_sid;
> -
> - if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
> - map->sid_name_use = SID_NAME_WKN_GRP;
> - } else {
> - map->sid_name_use = SID_NAME_ALIAS;
> - }
> -
> - if (insert) {
> - pdb_add_group_mapping_entry(map);
> - } else {
> - pdb_update_group_mapping_entry(map);
> - }
> -
> - TALLOC_FREE(map);
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_alias_mem(TALLOC_CTX *mem_ctx,
> - uint32_t rid,
> - struct netr_DELTA_ALIAS_MEMBER *r,
> - const struct dom_sid *dom_sid)
> -{
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
> - uint32_t rid,
> - struct netr_DELTA_DOMAIN *r)
> -{
> - time_t u_max_age, u_min_age, u_logout;
> - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
> - const char *domname;
> - struct netr_AcctLockStr *lockstr = NULL;
> - NTSTATUS status;
> -
> - status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout,
> - &lockstr);
> - if (!NT_STATUS_IS_OK(status)) {
> - d_printf("failed to pull account lockout string: %s\n",
> - nt_errstr(status));
> - }
> -
> - u_max_age = uint64s_nt_time_to_unix_abs((uint64_t *)&r->max_password_age);
> - u_min_age = uint64s_nt_time_to_unix_abs((uint64_t *)&r->min_password_age);
> - u_logout = uint64s_nt_time_to_unix_abs((uint64_t *)&r->force_logoff_time);
> -
> - domname = r->domain_name.string;
> - if (!domname) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - /* we don't handle BUILTIN account policies */
> - if (!strequal(domname, get_global_sam_name())) {
> - printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname);
> - return NT_STATUS_OK;
> - }
> -
> -
> - if (!pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
> - r->password_history_length))
> - return nt_status;
> -
> - if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
> - r->min_password_length))
> - return nt_status;
> -
> - if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE,
> - (uint32_t)u_max_age))
> - return nt_status;
> -
> - if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE,
> - (uint32_t)u_min_age))
> - return nt_status;
> -
> - if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT,
> - (uint32_t)u_logout))
> - return nt_status;
> -
> - if (lockstr) {
> - time_t u_lockoutreset, u_lockouttime;
> -
> - u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count);
> - u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration);
> -
> - if (!pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
> - lockstr->bad_attempt_lockout))
> - return nt_status;
> -
> - if (!pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME,
> - (uint32_t)u_lockoutreset/60))
> - return nt_status;
> -
> - if (u_lockouttime != -1)
> - u_lockouttime /= 60;
> -
> - if (!pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
> - (uint32_t)u_lockouttime))
> - return nt_status;
> - }
> -
> - if (!pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
> - r->logon_to_chgpass))
> - return nt_status;
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM *r,
> - struct samsync_context *ctx)
> -{
> - NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
> -
> - switch (r->delta_type) {
> - case NETR_DELTA_USER:
> - status = fetch_account_info(mem_ctx,
> - r->delta_id_union.rid,
> - r->delta_union.user);
> - break;
> - case NETR_DELTA_GROUP:
> - status = fetch_group_info(mem_ctx,
> - r->delta_id_union.rid,
> - r->delta_union.group);
> - break;
> - case NETR_DELTA_GROUP_MEMBER:
> - status = fetch_group_mem_info(mem_ctx,
> - r->delta_id_union.rid,
> - r->delta_union.group_member);
> - break;
> - case NETR_DELTA_ALIAS:
> - status = fetch_alias_info(mem_ctx,
> - r->delta_id_union.rid,
> - r->delta_union.alias,
> - ctx->domain_sid);
> - break;
> - case NETR_DELTA_ALIAS_MEMBER:
> - status = fetch_alias_mem(mem_ctx,
> - r->delta_id_union.rid,
> - r->delta_union.alias_member,
> - ctx->domain_sid);
> - break;
> - case NETR_DELTA_DOMAIN:
> - status = fetch_domain_info(mem_ctx,
> - r->delta_id_union.rid,
> - r->delta_union.domain);
> - break;
> - /* The following types are recognised but not handled */
> - case NETR_DELTA_RENAME_GROUP:
> - d_printf("NETR_DELTA_RENAME_GROUP not handled\n");
> - break;
> - case NETR_DELTA_RENAME_USER:
> - d_printf("NETR_DELTA_RENAME_USER not handled\n");
> - break;
> - case NETR_DELTA_RENAME_ALIAS:
> - d_printf("NETR_DELTA_RENAME_ALIAS not handled\n");
> - break;
> - case NETR_DELTA_POLICY:
> - d_printf("NETR_DELTA_POLICY not handled\n");
> - break;
> - case NETR_DELTA_TRUSTED_DOMAIN:
> - d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n");
> - break;
> - case NETR_DELTA_ACCOUNT:
> - d_printf("NETR_DELTA_ACCOUNT not handled\n");
> - break;
> - case NETR_DELTA_SECRET:
> - d_printf("NETR_DELTA_SECRET not handled\n");
> - break;
> - case NETR_DELTA_DELETE_GROUP:
> - d_printf("NETR_DELTA_DELETE_GROUP not handled\n");
> - break;
> - case NETR_DELTA_DELETE_USER:
> - d_printf("NETR_DELTA_DELETE_USER not handled\n");
> - break;
> - case NETR_DELTA_MODIFY_COUNT:
> - d_printf("NETR_DELTA_MODIFY_COUNT not handled\n");
> - break;
> - case NETR_DELTA_DELETE_ALIAS:
> - d_printf("NETR_DELTA_DELETE_ALIAS not handled\n");
> - break;
> - case NETR_DELTA_DELETE_TRUST:
> - d_printf("NETR_DELTA_DELETE_TRUST not handled\n");
> - break;
> - case NETR_DELTA_DELETE_ACCOUNT:
> - d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n");
> - break;
> - case NETR_DELTA_DELETE_SECRET:
> - d_printf("NETR_DELTA_DELETE_SECRET not handled\n");
> - break;
> - case NETR_DELTA_DELETE_GROUP2:
> - d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n");
> - break;
> - case NETR_DELTA_DELETE_USER2:
> - d_printf("NETR_DELTA_DELETE_USER2 not handled\n");
> - break;
> - default:
> - d_printf("Unknown delta record type %d\n", r->delta_type);
> - status = NT_STATUS_INVALID_PARAMETER;
> - break;
> - }
> -
> - return status;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx,
> - enum netr_SamDatabaseID database_id,
> - struct netr_DELTA_ENUM_ARRAY *r,
> - uint64_t *sequence_num,
> - struct samsync_context *ctx)
> -{
> - int i;
> -
> - for (i = 0; i < r->num_deltas; i++) {
> - fetch_sam_entry(mem_ctx, database_id, &r->delta_enum[i], ctx);
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -/****************************************************************
> -****************************************************************/
> -
> -const struct samsync_ops libnet_samsync_passdb_ops = {
> - .process_objects = fetch_sam_entries,
> -};
> diff --git a/source3/wscript_build b/source3/wscript_build
> index 7cf757b93d6..3f7fdff8dd3 100644
> --- a/source3/wscript_build
> +++ b/source3/wscript_build
> @@ -874,19 +874,6 @@ bld.SAMBA3_SUBSYSTEM('LIBNET_DSSYNC',
> RPC_NDR_DRSUAPI
> ''')
>
> -bld.SAMBA3_SUBSYSTEM('LIBNET_SAMSYNC',
> - source='''
> - libnet/libnet_samsync.c
> - libnet/libnet_samsync_ldif.c
> - libnet/libnet_samsync_passdb.c
> - libnet/libnet_samsync_display.c
> - libnet/libnet_samsync_keytab.c
> - ''',
> - deps='''
> - LIBNET
> - LIBCLI_SAMSYNC
> - ''')
> -
> bld.SAMBA3_SUBSYSTEM('LIBEVENTLOG',
> source='lib/eventlog/eventlog.c',
> deps='NDR_EVENTLOG tdb')
> --
> 2.11.0
>
>
> From c33c7e870bd0f83ecd117714778102c01c17e23d Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 19 Sep 2017 15:26:55 -0700
> Subject: [PATCH 8/8] WHATSNEW: Mention code removal from "net" and "rpcclient"
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> WHATSNEW.txt | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/WHATSNEW.txt b/WHATSNEW.txt
> index 428c2919f1a..2f2f2f61c98 100644
> --- a/WHATSNEW.txt
> +++ b/WHATSNEW.txt
> @@ -41,6 +41,28 @@ smb.conf changes
> Parameter Name Description Default
> -------------- ----------- -------
>
> +NT4-style replication based net commands removed
> +================================================
> +
> +The following commands and sub-commands have been removed from the
> +"net" utility:
> +
> +net rpc samdump
> +net rpc vampire ldif
> +
> +Also, replicating from a real NT4 domain with "net rpc vampire" and
> +"net rpc vampire keytab" has been removed.
> +
> +The NT4-based commands were accidentially broken in 2013, and nobody
> +noticed the breakage. So instead of fixing them including tests (which
> +would have meant writing a server for the protocols, which we don't
> +have) we decided to remove them.
> +
> +For the same reason, the "samsync", "samdeltas" and "database_redo"
> +commands have been removed from rpcclient.
> +
> +"net rpc vampire keytab" from Active Directory domains continues to be
> +supported.
>
> KNOWN ISSUES
> ============
> --
> 2.11.0
>
More information about the samba-technical
mailing list