#include "auth/auth.h"
#include "param/param.h"
#include "param/provision.h"
+#include "libcli/security/dom_sid.h"
/*
List of tasks vampire.py must perform:
settings.realm = s->join->out.realm;
settings.domain = s->join->out.domain_name;
settings.server_dn_str = p->dest_dsa->server_dn_str;
- settings.machine_password = generate_random_str(s, 16);
+ settings.machine_password = generate_random_password(s, 16, 255);
settings.targetdir = s->targetdir;
status = provision_bare(s, s->lp_ctx, &settings, &result);
return NT_STATUS_INVALID_PARAMETER;
}
- s_dsa->replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS;
+ s_dsa->replica_flags = DRSUAPI_DRS_WRIT_REP
+ | DRSUAPI_DRS_INIT_SYNC
+ | DRSUAPI_DRS_PER_SYNC;
memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
const char *oid = NULL;
a = &cur->object.attribute_ctr.attributes[i];
- status = dsdb_map_int2oid(s->self_made_schema, a->attid, s, &oid);
+ status = dsdb_schema_pfm_oid_from_attid(s->self_made_schema->prefixmap,
+ a->attid, s, &oid);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
sc = talloc_zero(s->self_made_schema, struct dsdb_class);
NT_STATUS_HAVE_NO_MEMORY(sc);
- status = dsdb_class_from_drsuapi(s->self_made_schema, &cur->object, s, sc);
+ status = dsdb_class_from_drsuapi(s->ldb, s->self_made_schema, &cur->object, s, sc);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
-
DLIST_ADD_END(s->self_made_schema->classes, sc, struct dsdb_class *);
}
}
return NT_STATUS_FOOBAR;
}
/* we don't want to access the self made schema anymore */
+ s->schema = s->self_made_schema;
s->self_made_schema = NULL;
- s->schema = dsdb_get_schema(s->ldb);
- status = dsdb_extended_replicated_objects_commit(s->ldb,
- c->partition->nc.dn,
- mapping_ctr,
- object_count,
- first_object,
- linked_attributes_count,
- linked_attributes,
- s_dsa,
- uptodateness_vector,
- c->gensec_skey,
- s, &objs, &seq_num);
+ /* Now convert the schema elements again, using the schema we just imported */
+ status = dsdb_extended_replicated_objects_convert(s->ldb,
+ c->partition->nc.dn,
+ mapping_ctr,
+ object_count,
+ first_object,
+ linked_attributes_count,
+ linked_attributes,
+ s_dsa,
+ uptodateness_vector,
+ c->gensec_skey,
+ s, &objs);
if (!W_ERROR_IS_OK(status)) {
DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
return werror_to_ntstatus(status);
}
}
+ status = dsdb_extended_replicated_objects_commit(s->ldb, objs, &seq_num);
+ if (!W_ERROR_IS_OK(status)) {
+ DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+ return werror_to_ntstatus(status);
+ }
+
msg = ldb_msg_new(objs);
NT_STATUS_HAVE_NO_MEMORY(msg);
msg->dn = objs->partition_dn;
return NT_STATUS_FOOBAR;
}
- s->schema = dsdb_get_schema(s->ldb);
+ s->schema = dsdb_get_schema(s->ldb, s);
if (!s->schema) {
DEBUG(0,("Failed to get loaded dsdb_schema\n"));
return NT_STATUS_FOOBAR;
c->partition->nc.dn, object_count, nc_object_count,
linked_attributes_count, nc_linked_attributes_count));
} else {
- DEBUG(0,("Schema-DN[%s] objects[%u] linked_values[%u\n",
+ DEBUG(0,("Schema-DN[%s] objects[%u] linked_values[%u]\n",
c->partition->nc.dn, object_count, linked_attributes_count));
}
NT_STATUS_HAVE_NO_MEMORY(s->self_made_schema);
- status = dsdb_load_oid_mappings_drsuapi(s->self_made_schema, mapping_ctr);
+ status = dsdb_load_prefixmap_from_drsuapi(s->self_made_schema, mapping_ctr);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
s->schema = s->self_made_schema;
} else {
- status = dsdb_verify_oid_mappings_drsuapi(s->schema, mapping_ctr);
+ status = dsdb_schema_pfm_contains_drsuapi_pfm(s->schema->prefixmap, mapping_ctr);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
return NT_STATUS_INVALID_PARAMETER;
}
- s_dsa->replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS;
+ s_dsa->replica_flags = DRSUAPI_DRS_WRIT_REP
+ | DRSUAPI_DRS_INIT_SYNC
+ | DRSUAPI_DRS_PER_SYNC;
memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
c->partition->nc.dn, s->total_objects, nc_object_count,
linked_attributes_count, nc_linked_attributes_count));
} else {
- DEBUG(0,("Partition[%s] objects[%u] linked_values[%u\n",
+ DEBUG(0,("Partition[%s] objects[%u] linked_values[%u]\n",
c->partition->nc.dn, s->total_objects, linked_attributes_count));
}
- status = dsdb_extended_replicated_objects_commit(s->ldb,
- c->partition->nc.dn,
- mapping_ctr,
- object_count,
- first_object,
- linked_attributes_count,
- linked_attributes,
- s_dsa,
- uptodateness_vector,
- c->gensec_skey,
- s, &objs, &seq_num);
+ status = dsdb_extended_replicated_objects_convert(s->ldb,
+ c->partition->nc.dn,
+ mapping_ctr,
+ object_count,
+ first_object,
+ linked_attributes_count,
+ linked_attributes,
+ s_dsa,
+ uptodateness_vector,
+ c->gensec_skey,
+ s, &objs);
if (!W_ERROR_IS_OK(status)) {
- DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+ DEBUG(0,("Failed to convert objects: %s\n", win_errstr(status)));
return werror_to_ntstatus(status);
}
NDR_PRINT_DEBUG(replPropertyMetaDataBlob, objs->objects[i].meta_data);
}
}
+ status = dsdb_extended_replicated_objects_commit(s->ldb,
+ objs, &seq_num);
+ if (!W_ERROR_IS_OK(status)) {
+ DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+ return werror_to_ntstatus(status);
+ }
+
talloc_free(s_dsa);
talloc_free(objs);
struct libnet_Vampire *r)
{
struct libnet_JoinDomain *join;
- struct libnet_set_join_secrets *set_secrets;
+ struct provision_store_self_join_settings *set_secrets;
struct libnet_BecomeDC b;
struct vampire_state *s;
struct ldb_message *msg;
+ const char *error_string;
int ldb_ret;
uint32_t i;
NTSTATUS status;
join->in.account_name = account_name;
join->in.netbios_name = netbios_name;
join->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
- join->in.acct_type = ACB_WSTRUST;
+ join->in.acct_type = ACB_SVRTRUST;
join->in.recreate_account = false;
status = libnet_JoinDomain(ctx, join, join);
if (!NT_STATUS_IS_OK(status)) {
b.in.callbacks.config_chunk = vampire_store_chunk;
b.in.callbacks.domain_chunk = vampire_store_chunk;
+ b.in.rodc_join = lp_parm_bool(s->lp_ctx, NULL, "repl", "RODC", false);
+
status = libnet_BecomeDC(ctx, s, &b);
if (!NT_STATUS_IS_OK(status)) {
printf("libnet_BecomeDC() failed - %s\n", nt_errstr(status));
printf("mark ROOTDSE with isSynchronized=TRUE\n");
ldb_ret = ldb_modify(s->ldb, msg);
if (ldb_ret != LDB_SUCCESS) {
- printf("ldb_modify() failed: %d\n", ldb_ret);
+ printf("ldb_modify() failed: %d : %s\n", ldb_ret, ldb_errstring(s->ldb));
talloc_free(s);
return NT_STATUS_INTERNAL_DB_ERROR;
}
- /* commit the transaction - this commits all the changes in
- the ldb from the whole vampire. Note that this commit
+ /* prepare the transaction - this prepares to commit all the changes in
+ the ldb from the whole vampire. Note that this
triggers the writing of the linked attribute backlinks.
*/
- if (ldb_transaction_commit(s->ldb) != LDB_SUCCESS) {
- printf("Failed to commit vampire transaction\n");
+ if (ldb_transaction_prepare_commit(s->ldb) != LDB_SUCCESS) {
+ printf("Failed to prepare_commit vampire transaction: %s\n", ldb_errstring(s->ldb));
return NT_STATUS_INTERNAL_DB_ERROR;
}
- set_secrets = talloc_zero(s, struct libnet_set_join_secrets);
+ set_secrets = talloc(s, struct provision_store_self_join_settings);
if (!set_secrets) {
+ r->out.error_string = NULL;
+ talloc_free(s);
return NT_STATUS_NO_MEMORY;
}
-
- set_secrets->in.domain_name = join->out.domain_name;
- set_secrets->in.realm = join->out.realm;
- set_secrets->in.account_name = account_name;
- set_secrets->in.netbios_name = netbios_name;
- set_secrets->in.join_type = SEC_CHAN_BDC;
- set_secrets->in.join_password = join->out.join_password;
- set_secrets->in.kvno = join->out.kvno;
- set_secrets->in.domain_sid = join->out.domain_sid;
- status = libnet_set_join_secrets(ctx, set_secrets, set_secrets);
+ ZERO_STRUCTP(set_secrets);
+ set_secrets->domain_name = join->out.domain_name;
+ set_secrets->realm = join->out.realm;
+ set_secrets->account_name = account_name;
+ set_secrets->netbios_name = netbios_name;
+ set_secrets->secure_channel_type = SEC_CHAN_BDC;
+ set_secrets->machine_password = join->out.join_password;
+ set_secrets->key_version_number = join->out.kvno;
+ set_secrets->domain_sid = join->out.domain_sid;
+
+ status = provision_store_self_join(ctx, ctx->lp_ctx, ctx->event_ctx, set_secrets, &error_string);
if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_steal(mem_ctx, set_secrets->out.error_string);
+ r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(s);
return status;
}
- r->out.domain_name = talloc_steal(r, join->out.domain_name);
- r->out.domain_sid = talloc_steal(r, join->out.domain_sid);
- talloc_free(s);
+ r->out.domain_name = talloc_steal(mem_ctx, join->out.domain_name);
+ r->out.domain_sid = dom_sid_dup(mem_ctx, join->out.domain_sid);
+ /* commit the transaction now we know the secrets were written
+ * out properly
+ */
+ if (ldb_transaction_commit(s->ldb) != LDB_SUCCESS) {
+ printf("Failed to commit vampire transaction\n");
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
+ talloc_free(s);
+
return NT_STATUS_OK;
}
git.samba.org / kamenim / samba.git / blobdiff