diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-12 09:33:49 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:50:55 -0500 |
| commit | a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f (patch) | |
| tree | 71b27ab4d11e2fc537b0ccf5d4e9c75dcc9757eb /source4/libnet | |
| parent | 4c6b9c79ff5d35e1d03ad5eb543db4b6b906b5ce (diff) | |
| download | samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.gz | |
r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
Diffstat (limited to 'source4/libnet')
| -rw-r--r-- | source4/libnet/libnet_join.c | 11 | ||||
| -rw-r--r-- | source4/libnet/libnet_rpc.c | 4 | ||||
| -rw-r--r-- | source4/libnet/libnet_samdump.c | 71 | ||||
| -rw-r--r-- | source4/libnet/libnet_samdump_keytab.c | 42 | ||||
| -rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 45 | ||||
| -rw-r--r-- | source4/libnet/libnet_vampire.c | 116 | ||||
| -rw-r--r-- | source4/libnet/libnet_vampire.h | 62 |
7 files changed, 163 insertions, 188 deletions
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 616c80b1a44..7a897b12804 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -745,14 +745,11 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru */ /* Find the original binding string */ - status = dcerpc_parse_binding(tmp_ctx, lsa_pipe->conn->binding_string, &samr_binding); - if (!NT_STATUS_IS_OK(status)) { - r->out.error_string = talloc_asprintf(mem_ctx, - "Failed to parse lsa binding '%s'", - lsa_pipe->conn->binding_string); - talloc_free(tmp_ctx); - return status; + samr_binding = talloc(tmp_ctx, struct dcerpc_binding); + if (!samr_binding) { + return NT_STATUS_NO_MEMORY; } + *samr_binding = *lsa_pipe->binding; /* Make binding string for samr, not the other pipe */ status = dcerpc_epm_map_binding(tmp_ctx, samr_binding, diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c index ffed674f1f3..1f98e575d1b 100644 --- a/source4/libnet/libnet_rpc.c +++ b/source4/libnet/libnet_rpc.c @@ -57,8 +57,8 @@ static NTSTATUS libnet_RpcConnectSrv(struct libnet_context *ctx, TALLOC_CTX *mem if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(mem_ctx, - "dcerpc_pipe_connect to pipe %s failed with %s\n", - r->in.dcerpc_iface->name, binding); + "dcerpc_pipe_connect to pipe %s[%s] failed with %s\n", + r->in.dcerpc_iface->name, binding, nt_errstr(status)); return status; } diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c index 52513fa1b1b..e094293916a 100644 --- a/source4/libnet/libnet_samdump.c +++ b/source4/libnet/libnet_samdump.c @@ -151,7 +151,7 @@ static NTSTATUS libnet_samdump_fn(TALLOC_CTX *mem_ctx, return nt_status; } -static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r) +NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r) { NTSTATUS nt_status; struct libnet_SamSync r2; @@ -164,15 +164,16 @@ static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX * return NT_STATUS_NO_MEMORY; } - samdump_state->secrets = NULL; + samdump_state->secrets = NULL; samdump_state->trusted_domains = NULL; - r2.error_string = NULL; - r2.delta_fn = libnet_samdump_fn; - r2.fn_ctx = samdump_state; - r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */ - nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2); - r->error_string = r2.error_string; + r2.out.error_string = NULL; + r2.in.binding_string = r->in.binding_string; + r2.in.delta_fn = libnet_samdump_fn; + r2.in.fn_ctx = samdump_state; + r2.in.machine_account = r->in.machine_account; + nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2); + r->out.error_string = r2.out.error_string; if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(samdump_state); @@ -183,49 +184,25 @@ static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX * for (t=samdump_state->trusted_domains; t; t=t->next) { char *secret_name = talloc_asprintf(mem_ctx, "G$$%s", t->name); for (s=samdump_state->secrets; s; s=s->next) { - if (strcasecmp_m(s->name, secret_name) == 0) { - char *secret_string; - if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, - s->secret.data, s->secret.length, - (void **)&secret_string) == -1) { - r->error_string = talloc_asprintf(mem_ctx, - "Could not convert secret for domain %s to a string\n", - t->name); - talloc_free(samdump_state); - return NT_STATUS_INVALID_PARAMETER; - } - printf("%s\t%s\t%s\n", - t->name, dom_sid_string(mem_ctx, t->sid), - secret_string); + char *secret_string; + if (strcasecmp_m(s->name, secret_name) != 0) { + continue; + } + if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, + s->secret.data, s->secret.length, + (void **)&secret_string) == -1) { + r->out.error_string = talloc_asprintf(mem_ctx, + "Could not convert secret for domain %s to a string\n", + t->name); + talloc_free(samdump_state); + return NT_STATUS_INVALID_PARAMETER; } + printf("%s\t%s\t%s\n", + t->name, dom_sid_string(mem_ctx, t->sid), + secret_string); } } talloc_free(samdump_state); return nt_status; } - - -static NTSTATUS libnet_SamDump_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r) -{ - NTSTATUS nt_status; - struct libnet_SamDump r2; - r2.level = LIBNET_SAMDUMP_NETLOGON; - r2.error_string = NULL; - nt_status = libnet_SamDump(ctx, mem_ctx, &r2); - r->error_string = r2.error_string; - - return nt_status; -} - -NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r) -{ - switch (r->level) { - case LIBNET_SAMDUMP_GENERIC: - return libnet_SamDump_generic(ctx, mem_ctx, r); - case LIBNET_SAMDUMP_NETLOGON: - return libnet_SamDump_netlogon(ctx, mem_ctx, r); - } - - return NT_STATUS_INVALID_LEVEL; -} diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c index e267cfdc2ed..f16e0ae383f 100644 --- a/source4/libnet/libnet_samdump_keytab.c +++ b/source4/libnet/libnet_samdump_keytab.c @@ -94,17 +94,18 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, return nt_status; } -static NTSTATUS libnet_SamDump_keytab_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r) +NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r) { NTSTATUS nt_status; struct libnet_SamSync r2; - r2.error_string = NULL; - r2.delta_fn = libnet_samdump_keytab_fn; - r2.fn_ctx = r->keytab_name; - r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */ - nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2); - r->error_string = r2.error_string; + r2.out.error_string = NULL; + r2.in.binding_string = r->in.binding_string; + r2.in.delta_fn = libnet_samdump_keytab_fn; + r2.in.fn_ctx = discard_const(r->in.keytab_name); + r2.in.machine_account = r->in.machine_account; + nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2); + r->out.error_string = r2.out.error_string; if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -112,30 +113,3 @@ static NTSTATUS libnet_SamDump_keytab_netlogon(struct libnet_context *ctx, TALLO return nt_status; } - - - -static NTSTATUS libnet_SamDump_keytab_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r) -{ - NTSTATUS nt_status; - struct libnet_SamDump_keytab r2; - r2.level = LIBNET_SAMDUMP_NETLOGON; - r2.error_string = NULL; - r2.keytab_name = r->keytab_name; - nt_status = libnet_SamDump_keytab(ctx, mem_ctx, &r2); - r->error_string = r2.error_string; - - return nt_status; -} - -NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r) -{ - switch (r->level) { - case LIBNET_SAMDUMP_GENERIC: - return libnet_SamDump_keytab_generic(ctx, mem_ctx, r); - case LIBNET_SAMDUMP_NETLOGON: - return libnet_SamDump_keytab_netlogon(ctx, mem_ctx, r); - } - - return NT_STATUS_INVALID_LEVEL; -} diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 03c551d2f7c..2baab532892 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -1053,7 +1053,7 @@ static NTSTATUS libnet_samsync_ldb_fn(TALLOC_CTX *mem_ctx, return nt_status; } -static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r) +NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r) { NTSTATUS nt_status; struct libnet_SamSync r2; @@ -1063,17 +1063,18 @@ static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_C return NT_STATUS_NO_MEMORY; } - state->secrets = NULL; + state->secrets = NULL; state->trusted_domains = NULL; - state->sam_ldb = samdb_connect(state, system_session(state)); + state->sam_ldb = samdb_connect(state, system_session(state)); - r2.error_string = NULL; - r2.delta_fn = libnet_samsync_ldb_fn; - r2.fn_ctx = state; - r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */ - nt_status = libnet_SamSync_netlogon(ctx, state, &r2); - r->error_string = r2.error_string; + r2.out.error_string = NULL; + r2.in.binding_string = r->in.binding_string; + r2.in.delta_fn = libnet_samsync_ldb_fn; + r2.in.fn_ctx = state; + r2.in.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */ + nt_status = libnet_SamSync_netlogon(ctx, state, &r2); + r->out.error_string = r2.out.error_string; if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(state); @@ -1082,29 +1083,3 @@ static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_C talloc_free(state); return nt_status; } - - - -static NTSTATUS libnet_samsync_ldb_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r) -{ - NTSTATUS nt_status; - struct libnet_samsync_ldb r2; - r2.level = LIBNET_SAMSYNC_LDB_NETLOGON; - r2.error_string = NULL; - nt_status = libnet_samsync_ldb(ctx, mem_ctx, &r2); - r->error_string = r2.error_string; - - return nt_status; -} - -NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r) -{ - switch (r->level) { - case LIBNET_SAMSYNC_LDB_GENERIC: - return libnet_samsync_ldb_generic(ctx, mem_ctx, r); - case LIBNET_SAMSYNC_LDB_NETLOGON: - return libnet_samsync_ldb_netlogon(ctx, mem_ctx, r); - } - - return NT_STATUS_INVALID_LEVEL; -} diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index dc271ba577e..26e39392051 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -150,24 +150,15 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx struct creds_CredentialState *creds; struct netr_DatabaseSync dbsync; struct cli_credentials *machine_account; - struct dcerpc_binding *b; struct dcerpc_pipe *p; + struct libnet_context *machine_net_ctx; + struct libnet_RpcConnect *c; const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS}; int i; - /* TODO: This is bogus */ - const char **bindings = lp_passwordserver(); - const char *binding; - - if (bindings && bindings[0]) { - binding = bindings[0]; - } else { - return NT_STATUS_INVALID_PARAMETER; - } - samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context"); - if (!r->machine_account) { + if (!r->in.machine_account) { machine_account = cli_credentials_init(samsync_ctx); if (!machine_account) { talloc_free(samsync_ctx); @@ -176,16 +167,17 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx cli_credentials_set_conf(machine_account); nt_status = cli_credentials_set_machine_account(machine_account); if (!NT_STATUS_IS_OK(nt_status)) { - r->error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?"); + r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?"); talloc_free(samsync_ctx); return nt_status; } } else { - machine_account = r->machine_account; + machine_account = r->in.machine_account; } + /* We cannot do this unless we are a BDC. Check, before we get odd errors later */ if (cli_credentials_get_secure_channel_type(machine_account) != SEC_CHAN_BDC) { - r->error_string + r->out.error_string = talloc_asprintf(mem_ctx, "Our join to domain %s is not as a BDC (%d), please rejoin as a BDC", @@ -195,25 +187,67 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - /* Connect to DC (take a binding string for now) */ + c = talloc(samsync_ctx, struct libnet_RpcConnect); + if (!c) { + r->out.error_string = NULL; + talloc_free(samsync_ctx); + return NT_STATUS_NO_MEMORY; + } + + if (r->in.binding_string) { + c->level = LIBNET_RPC_CONNECT_BINDING; + c->in.binding = r->in.binding_string; + } else { + /* prepare connect to the NETLOGON pipe of PDC */ + c->level = LIBNET_RPC_CONNECT_PDC; + c->in.name = cli_credentials_get_domain(machine_account); + } + c->in.dcerpc_iface = &dcerpc_table_netlogon; + + /* We must do this as the machine, not as any command-line + * user. So we override the credentials in the + * libnet_context */ + machine_net_ctx = talloc(samsync_ctx, struct libnet_context); + if (!machine_net_ctx) { + r->out.error_string = NULL; + talloc_free(samsync_ctx); + return NT_STATUS_NO_MEMORY; + } + *machine_net_ctx = *ctx; + machine_net_ctx->cred = machine_account; - nt_status = dcerpc_parse_binding(samsync_ctx, binding, &b); + /* connect to the NETLOGON pipe of the PDC */ + nt_status = libnet_RpcConnect(machine_net_ctx, c, c); if (!NT_STATUS_IS_OK(nt_status)) { - r->error_string = talloc_asprintf(mem_ctx, "Bad binding string %s\n", binding); + r->out.error_string = talloc_asprintf(mem_ctx, + "Connection to NETLOGON pipe of DC failed: %s", + c->out.error_string); talloc_free(samsync_ctx); - return NT_STATUS_INVALID_PARAMETER; + return nt_status; } - /* We like schannel */ - b->flags &= ~DCERPC_AUTH_OPTIONS; - b->flags |= DCERPC_SCHANNEL | DCERPC_SEAL /* | DCERPC_SCHANNEL_128 */; + /* This makes a new pipe, on which we can do schannel. We + * should do this in the RpcConnect code, but the abstaction + * layers do not suit yet */ + + nt_status = dcerpc_secondary_connection(c->out.dcerpc_pipe, &p, + c->out.dcerpc_pipe->binding); + + if (!NT_STATUS_IS_OK(nt_status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "Secondary connection to NETLOGON pipe of DC %s failed: %s", + dcerpc_server_name(p), nt_errstr(nt_status)); + talloc_free(samsync_ctx); + return nt_status; + } - /* Setup schannel */ - nt_status = dcerpc_pipe_connect_b(samsync_ctx, &p, b, - &dcerpc_table_netlogon, - machine_account, ctx->event_ctx); + nt_status = dcerpc_bind_auth_schannel(samsync_ctx, p, &dcerpc_table_netlogon, + machine_account, DCERPC_AUTH_LEVEL_PRIVACY); if (!NT_STATUS_IS_OK(nt_status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "SCHANNEL authentication to NETLOGON pipe of DC %s failed: %s", + dcerpc_server_name(p), nt_errstr(nt_status)); talloc_free(samsync_ctx); return nt_status; } @@ -222,11 +256,12 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx nt_status = dcerpc_schannel_creds(p->conn->security_state.generic_state, samsync_ctx, &creds); if (!NT_STATUS_IS_OK(nt_status)) { - r->error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer"); + r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer"); talloc_free(samsync_ctx); return nt_status; } + /* Setup details for the syncronisation */ dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p)); dbsync.in.computername = cli_credentials_get_workstation(machine_account); dbsync.in.preferredmaximumlength = (uint32_t)-1; @@ -244,40 +279,47 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync); if (!NT_STATUS_IS_OK(dbsync_nt_status) && !NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)) { - r->error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status)); + r->out.error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status)); talloc_free(samsync_ctx); return nt_status; } if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) { - r->error_string = talloc_strdup(samsync_ctx, "Credential chaining failed"); + r->out.error_string = talloc_strdup(samsync_ctx, "Credential chaining failed"); talloc_free(samsync_ctx); return NT_STATUS_ACCESS_DENIED; } dbsync.in.sync_context = dbsync.out.sync_context; + /* For every single remote 'delta' entry: */ for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) { char *error_string = NULL; delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context"); + /* 'Fix' elements, by decrypting and + * de-obfustiating the data */ nt_status = fix_delta(delta_ctx, creds, dbsync.in.database_id, &dbsync.out.delta_enum_array->delta_enum[d], &error_string); if (!NT_STATUS_IS_OK(nt_status)) { - r->error_string = talloc_steal(samsync_ctx, error_string); + r->out.error_string = talloc_steal(samsync_ctx, error_string); talloc_free(samsync_ctx); return nt_status; } - nt_status = r->delta_fn(delta_ctx, - r->fn_ctx, - creds, - dbsync.in.database_id, - &dbsync.out.delta_enum_array->delta_enum[d], - &error_string); + + /* Now call the callback. This will + * do something like print the data or + * write to an ldb */ + nt_status = r->in.delta_fn(delta_ctx, + r->in.fn_ctx, + creds, + dbsync.in.database_id, + &dbsync.out.delta_enum_array->delta_enum[d], + &error_string); if (!NT_STATUS_IS_OK(nt_status)) { - r->error_string = talloc_steal(samsync_ctx, error_string); + r->out.error_string = talloc_steal(samsync_ctx, error_string); talloc_free(samsync_ctx); return nt_status; } diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h index ed1b3ea8280..4bbdf2733a9 100644 --- a/source4/libnet/libnet_vampire.h +++ b/source4/libnet/libnet_vampire.h @@ -22,40 +22,50 @@ /* struct and enum for doing a remote domain vampire dump */ struct libnet_SamSync { - NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx, - void *private, - struct creds_CredentialState *creds, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string); - void *fn_ctx; - const char *error_string; - struct cli_credentials *machine_account; -}; - -enum libnet_SamDump_level { - LIBNET_SAMDUMP_GENERIC, - LIBNET_SAMDUMP_NETLOGON, + struct { + const char *binding_string; + NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx, + void *private, + struct creds_CredentialState *creds, + enum netr_SamDatabaseID database, + struct netr_DELTA_ENUM *delta, + char **error_string); + void *fn_ctx; + struct cli_credentials *machine_account; + } in; + struct { + const char *error_string; + } out; }; struct libnet_SamDump { - enum libnet_SamDump_level level; - const char *error_string; + struct { + const char *binding_string; + struct cli_credentials *machine_account; + } in; + struct { + const char *error_string; + } out; }; struct libnet_SamDump_keytab { - enum libnet_SamDump_level level; - const char *keytab_name; - const char *error_string; -}; - -enum libnet_samsync_ldb_level { - LIBNET_SAMSYNC_LDB_GENERIC, - LIBNET_SAMSYNC_LDB_NETLOGON, + struct { + const char *binding_string; + const char *keytab_name; + struct cli_credentials *machine_account; + } in; + struct { + const char *error_string; + } out; }; struct libnet_samsync_ldb { - enum libnet_samsync_ldb_level level; - const char *error_string; + struct { + const char *binding_string; + struct cli_credentials *machine_account; + } in; + struct { + const char *error_string; + } out; }; |