diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2019-05-06 14:31:51 +1200 |
|---|---|---|
| committer | Gary Lockyer <gary@samba.org> | 2019-05-06 05:46:11 +0000 |
| commit | 7671eb2ca0156ba8c1eb029932607968736b315b (patch) | |
| tree | 6b26e15ec87f7153a4cac89f20874869a327121e /source4 | |
| parent | e608a84fa4be95435c81291f98ba0825528111d3 (diff) | |
| download | samba-7671eb2ca0156ba8c1eb029932607968736b315b.tar.gz | |
libnet: Remove unused source4/libnet/libnet_samsync_ldb.c
The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af38415163f248e3dbd5a2abc156761e74b87c) by Amitay Isaacs in 2011
This was a prototype tool to sync a genine NT4 DC (never Samba) into ldb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/libnet/libnet_samsync.h | 11 | ||||
| -rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 1289 | ||||
| -rw-r--r-- | source4/libnet/wscript_build | 2 |
3 files changed, 1 insertions, 1301 deletions
diff --git a/source4/libnet/libnet_samsync.h b/source4/libnet/libnet_samsync.h index 439c3ba1624..54aed0a0c90 100644 --- a/source4/libnet/libnet_samsync.h +++ b/source4/libnet/libnet_samsync.h @@ -70,14 +70,3 @@ struct libnet_SamDump_keytab { } out; }; -struct libnet_samsync_ldb { - struct { - const char *binding_string; - struct cli_credentials *machine_account; - struct auth_session_info *session_info; - } in; - struct { - const char *error_string; - } out; -}; - diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c deleted file mode 100644 index 68e9cd110a6..00000000000 --- a/source4/libnet/libnet_samsync_ldb.c +++ /dev/null @@ -1,1289 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Extract the user/system database from a remote SamSync server - - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 - Copyright (C) Andrew Tridgell 2004 - Copyright (C) Volker Lendecke 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - - -#include "includes.h" -#include "libnet/libnet.h" -#include "libcli/ldap/ldap_ndr.h" -#include "dsdb/samdb/samdb.h" -#include "auth/auth.h" -#include "../lib/util/util_ldb.h" -#include "librpc/gen_ndr/ndr_misc.h" -#include "ldb_wrap.h" -#include "libcli/security/security.h" -#include "param/param.h" - -struct samsync_ldb_secret { - struct samsync_ldb_secret *prev, *next; - DATA_BLOB secret; - char *name; - NTTIME mtime; -}; - -struct samsync_ldb_trusted_domain { - struct samsync_ldb_trusted_domain *prev, *next; - struct dom_sid *sid; - char *name; -}; - -struct samsync_ldb_state { - /* Values from the LSA lookup */ - const struct libnet_SamSync_state *samsync_state; - - struct dom_sid *dom_sid[3]; - struct ldb_context *sam_ldb, *remote_ldb, *pdb; - struct ldb_dn *base_dn[3]; - struct samsync_ldb_secret *secrets; - struct samsync_ldb_trusted_domain *trusted_domains; -}; - -/* This wrapper is needed for the "ADD_OR_DEL" macros */ -static int samdb_msg_add_string(struct ldb_context *sam_ldb, - TALLOC_CTX *mem_ctx, struct ldb_message *msg, - const char *attr_name, const char *str) -{ - return ldb_msg_add_string(msg, attr_name, str); -} - -static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - struct dom_sid *sid, - struct ldb_dn **fsp_dn, - char **error_string) -{ - struct dom_sid_buf buf; - /* We assume that ForeignSecurityPrincipals are under the BASEDN of the main domain */ - struct ldb_dn *basedn = samdb_search_dn(state->sam_ldb, mem_ctx, - state->base_dn[SAM_DATABASE_DOMAIN], - "(&(objectClass=container)(cn=ForeignSecurityPrincipals))"); - struct ldb_message *msg; - int ret; - - if (basedn == NULL) { - *error_string = talloc_asprintf(mem_ctx, - "Failed to find DN for " - "ForeignSecurityPrincipal container under %s", - ldb_dn_get_linearized(state->base_dn[SAM_DATABASE_DOMAIN])); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* add core elements to the ldb_message for the alias */ - msg->dn = basedn; - if ( ! ldb_dn_add_child_fmt( - msg->dn, "CN=%s", dom_sid_str_buf(sid, &buf))) - return NT_STATUS_UNSUCCESSFUL; - - ldb_msg_add_string(msg, "objectClass", "foreignSecurityPrincipal"); - - *fsp_dn = msg->dn; - - /* create the alias */ - ret = ldb_add(state->sam_ldb, msg); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to create foreignSecurityPrincipal " - "record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - struct netr_DELTA_DOMAIN *domain = delta->delta_union.domain; - const char *domain_name = domain->domain_name.string; - struct ldb_message *msg; - int ret; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - if (database == SAM_DATABASE_DOMAIN) { - struct ldb_dn *partitions_basedn; - const char *domain_attrs[] = {"nETBIOSName", "nCName", NULL}; - struct ldb_message **msgs_domain; - int ret_domain; - - partitions_basedn = samdb_partitions_dn(state->sam_ldb, mem_ctx); - - ret_domain = gendb_search(state->sam_ldb, mem_ctx, partitions_basedn, &msgs_domain, domain_attrs, - "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", - domain_name); - if (ret_domain == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search for domain failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if (ret_domain != 1) { - *error_string = talloc_asprintf(mem_ctx, "Failed to find existing domain record for %s: %d results", domain_name, - ret_domain); - return NT_STATUS_NO_SUCH_DOMAIN; - } - - state->base_dn[database] = samdb_result_dn(state->sam_ldb, state, msgs_domain[0], "nCName", NULL); - - if (state->dom_sid[database]) { - /* Update the domain sid with the incoming - * domain (found on LSA pipe, database sid may - * be random) */ - ret = samdb_msg_add_dom_sid(state->sam_ldb, - mem_ctx, - msg, - "objectSid", - state->dom_sid[database]); - if (ret != LDB_SUCCESS) { - return NT_STATUS_INTERNAL_ERROR; - } - } else { - /* Well, we will have to use the one from the database */ - state->dom_sid[database] = samdb_search_dom_sid(state->sam_ldb, state, - state->base_dn[database], - "objectSid", NULL); - if (state->dom_sid[database] == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - } - - if (state->samsync_state->domain_guid) { - struct ldb_val v; - NTSTATUS status; - status = GUID_to_ndr_blob(state->samsync_state->domain_guid, msg, &v); - if (!NT_STATUS_IS_OK(status)) { - *error_string = talloc_asprintf(mem_ctx, "ndr_push of domain GUID failed!"); - return status; - } - - ret = ldb_msg_add_value(msg, "objectGUID", &v, NULL); - if (ret != LDB_SUCCESS) { - return NT_STATUS_INTERNAL_ERROR; - } - } - } else if (database == SAM_DATABASE_BUILTIN) { - /* work out the builtin_dn - useful for so many calls its worth - fetching here */ - const char *dnstring = samdb_search_string(state->sam_ldb, mem_ctx, NULL, - "distinguishedName", "objectClass=builtinDomain"); - state->base_dn[database] = ldb_dn_new(state, state->sam_ldb, dnstring); - if ( ! ldb_dn_validate(state->base_dn[database])) { - return NT_STATUS_INTERNAL_ERROR; - } - } else { - /* PRIVs DB */ - return NT_STATUS_INVALID_PARAMETER; - } - - msg->dn = talloc_reference(mem_ctx, state->base_dn[database]); - if (!msg->dn) { - return NT_STATUS_NO_MEMORY; - } - - ldb_msg_add_string(msg, "oEMInformation", - domain->oem_information.string); - - samdb_msg_add_int64(state->sam_ldb, mem_ctx, - msg, "forceLogoff", domain->force_logoff_time); - - samdb_msg_add_uint(state->sam_ldb, mem_ctx, - msg, "minPwdLen", domain->min_password_length); - - samdb_msg_add_int64(state->sam_ldb, mem_ctx, - msg, "maxPwdAge", domain->max_password_age); - - samdb_msg_add_int64(state->sam_ldb, mem_ctx, - msg, "minPwdAge", domain->min_password_age); - - samdb_msg_add_uint(state->sam_ldb, mem_ctx, - msg, "pwdHistoryLength", domain->password_history_length); - - samdb_msg_add_uint64(state->sam_ldb, mem_ctx, - msg, "modifiedCount", - domain->sequence_num); - - samdb_msg_add_uint64(state->sam_ldb, mem_ctx, - msg, "creationTime", domain->domain_create_time); - - /* TODO: Account lockout, password properties */ - - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, - "Failed to modify domain record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct netr_DELTA_USER *user = delta->delta_union.user; - const char *container, *obj_class; - char *cn_name; - int cn_name_len; - const struct dom_sid *user_sid; - struct dom_sid_buf buf; - struct ldb_message *msg; - struct ldb_message **msgs; - struct ldb_message **remote_msgs = NULL; - unsigned int i; - int ret; - uint32_t acb; - bool add = false; - const char *attrs[] = { NULL }; - /* we may change this to a global search, then fill in only the things not in ldap later */ - const char *remote_attrs[] = { "userPrincipalName", "servicePrincipalName", - "msDS-KeyVersionNumber", "objectGUID", NULL}; - - user_sid = dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid); - if (!user_sid) { - return NT_STATUS_NO_MEMORY; - } - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - msg->dn = NULL; - /* search for the user, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], - &msgs, attrs, "(&(objectClass=user)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, user_sid)); - - if (ret == -1) { - *error_string = talloc_asprintf( - mem_ctx, - "LDB for user %s failed: %s", - dom_sid_str_buf(user_sid, &buf), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - add = true; - } else if (ret > 1) { - *error_string = talloc_asprintf( - mem_ctx, - "More than one user with SID: %s in local LDB", - dom_sid_str_buf(user_sid, &buf)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = msgs[0]->dn; - talloc_steal(msg, msgs[0]->dn); - } - - /* and do the same on the remote database */ - if (state->remote_ldb) { - ret = gendb_search(state->remote_ldb, mem_ctx, state->base_dn[database], - &remote_msgs, remote_attrs, "(&(objectClass=user)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, user_sid)); - - if (ret == -1) { - *error_string = talloc_asprintf( - mem_ctx, - "remote LDAP for user %s failed: %s", - dom_sid_str_buf(user_sid, &buf), - ldb_errstring(state->remote_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - *error_string = talloc_asprintf( - mem_ctx, - "User exists in samsync but not in remote " - "LDAP domain! (base: %s, SID: %s)", - ldb_dn_get_linearized( - state->base_dn[database]), - dom_sid_str_buf(user_sid, &buf)); - return NT_STATUS_NO_SUCH_USER; - } else if (ret > 1) { - *error_string = talloc_asprintf( - mem_ctx, - "More than one user in remote LDAP domain " - "with SID: %s", - dom_sid_str_buf(user_sid, &buf)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - - /* Try to put things in the same location as the remote server */ - } else if (add) { - msg->dn = talloc_steal(msg, remote_msgs[0]->dn); - } - } - - cn_name = talloc_strdup(mem_ctx, user->account_name.string); - NT_STATUS_HAVE_NO_MEMORY(cn_name); - cn_name_len = strlen(cn_name); - -#define ADD_OR_DEL(type, attrib, field) do { \ - if (user->field) { \ - samdb_msg_add_ ## type(state->sam_ldb, mem_ctx, msg, \ - attrib, user->field); \ - } else if (!add) { \ - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, \ - attrib); \ - } \ - } while (0); - - ADD_OR_DEL(string, "samAccountName", account_name.string); - ADD_OR_DEL(string, "displayName", full_name.string); - - if (samdb_msg_add_dom_sid(state->sam_ldb, mem_ctx, msg, - "objectSid", dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))) { - return NT_STATUS_NO_MEMORY; - } - - ADD_OR_DEL(uint, "primaryGroupID", primary_gid); - ADD_OR_DEL(string, "homeDirectory", home_directory.string); - ADD_OR_DEL(string, "homeDrive", home_drive.string); - ADD_OR_DEL(string, "scriptPath", logon_script.string); - ADD_OR_DEL(string, "description", description.string); - ADD_OR_DEL(string, "userWorkstations", workstations.string); - - ADD_OR_DEL(uint64, "lastLogon", last_logon); - ADD_OR_DEL(uint64, "lastLogoff", last_logoff); - - if (samdb_msg_add_logon_hours(state->sam_ldb, mem_ctx, msg, "logonHours", &user->logon_hours) != 0) { - return NT_STATUS_NO_MEMORY; - } - - ADD_OR_DEL(uint, "badPwdCount", bad_password_count); - ADD_OR_DEL(uint, "logonCount", logon_count); - - ADD_OR_DEL(uint64, "pwdLastSet", last_password_change); - ADD_OR_DEL(uint64, "accountExpires", acct_expiry); - - if (samdb_msg_add_acct_flags(state->sam_ldb, mem_ctx, msg, - "userAccountControl", user->acct_flags) != 0) { - return NT_STATUS_NO_MEMORY; - } - - if (user->lm_password_present) { - samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg, - "dBCSPwd", &user->lmpassword); - } else if (!add) { - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - "dBCSPwd"); - } - if (user->nt_password_present) { - samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg, - "unicodePwd", &user->ntpassword); - } else if (!add) { - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - "unicodePwd"); - } - - ADD_OR_DEL(string, "comment", comment.string); - - if (samdb_msg_add_parameters(state->sam_ldb, mem_ctx, msg, "userParameters", &user->parameters) != 0) { - return NT_STATUS_NO_MEMORY; - } - - ADD_OR_DEL(uint, "countryCode", country_code); - ADD_OR_DEL(uint, "codePage", code_page); - - ADD_OR_DEL(string, "profilePath", profile_path.string); - -#undef ADD_OR_DEL - - for (i=0; remote_attrs[i]; i++) { - struct ldb_message_element *el = ldb_msg_find_element(remote_msgs[0], remote_attrs[i]); - if (!el) { - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - remote_attrs[i]); - } else { - ret = ldb_msg_add(msg, el, LDB_FLAG_MOD_REPLACE); - if (ret != LDB_SUCCESS) { - *error_string = talloc_strdup( - mem_ctx, "ldb_msg_add failed"); - return NT_STATUS_NO_MEMORY; - } - } - } - - acb = user->acct_flags; - if (acb & (ACB_WSTRUST)) { - cn_name[cn_name_len - 1] = '\0'; - container = "Computers"; - obj_class = "computer"; - - } else if (acb & ACB_SVRTRUST) { - if (cn_name[cn_name_len - 1] != '$') { - return NT_STATUS_FOOBAR; - } - cn_name[cn_name_len - 1] = '\0'; - container = "Domain Controllers"; - obj_class = "computer"; - } else { - container = "Users"; - obj_class = "user"; - } - if (add) { - ldb_msg_add_string(msg, "objectClass", obj_class); - if (!msg->dn) { - msg->dn = ldb_dn_copy(mem_ctx, state->base_dn[database]); - ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container); - if (!msg->dn) { - return NT_STATUS_NO_MEMORY; - } - } - - ret = ldb_add(state->sam_ldb, msg); - if (ret != LDB_SUCCESS) { - struct ldb_dn *first_try_dn = msg->dn; - /* Try again with the default DN */ - if (!remote_msgs) { - *error_string = talloc_asprintf(mem_ctx, "Failed to create user record. Tried %s: %s", - ldb_dn_get_linearized(first_try_dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = talloc_steal(msg, remote_msgs[0]->dn); - ret = ldb_add(state->sam_ldb, msg); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to create user record. Tried both %s and %s: %s", - ldb_dn_get_linearized(first_try_dn), - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } - } - } else { - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify user record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_delete_user(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct ldb_message **msgs; - int ret; - const char *attrs[] = { NULL }; - - /* search for the user, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], - &msgs, attrs, "(&(objectClass=user)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_USER; - } else if (ret > 1) { - *error_string = talloc_asprintf(mem_ctx, "More than one user with SID: %s", - dom_sid_string(mem_ctx, - dom_sid_add_rid(mem_ctx, - state->dom_sid[database], - rid))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - ret = ldb_delete(state->sam_ldb, msgs[0]->dn); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to delete user record %s: %s", - ldb_dn_get_linearized(msgs[0]->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_group(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct netr_DELTA_GROUP *group = delta->delta_union.group; - const char *container, *obj_class; - const char *cn_name; - - struct ldb_message *msg; - struct ldb_message **msgs; - int ret; - bool add = false; - const char *attrs[] = { NULL }; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* search for the group, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=group)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - add = true; - } else if (ret > 1) { - *error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s", - dom_sid_string(mem_ctx, - dom_sid_add_rid(mem_ctx, - state->dom_sid[database], - rid))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = talloc_steal(msg, msgs[0]->dn); - } - - cn_name = group->group_name.string; - -#define ADD_OR_DEL(type, attrib, field) do { \ - if (group->field) { \ - samdb_msg_add_ ## type(state->sam_ldb, mem_ctx, msg, \ - attrib, group->field); \ - } else if (!add) { \ - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, \ - attrib); \ - } \ - } while (0); - - ADD_OR_DEL(string, "samAccountName", group_name.string); - - if (samdb_msg_add_dom_sid(state->sam_ldb, mem_ctx, msg, - "objectSid", dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))) { - return NT_STATUS_NO_MEMORY; - } - - ADD_OR_DEL(string, "description", description.string); - -#undef ADD_OR_DEL - - container = "Users"; - obj_class = "group"; - - if (add) { - ldb_msg_add_string(msg, "objectClass", obj_class); - msg->dn = ldb_dn_copy(mem_ctx, state->base_dn[database]); - ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container); - if (!msg->dn) { - return NT_STATUS_NO_MEMORY; - } - - ret = ldb_add(state->sam_ldb, msg); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to create group record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } else { - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_delete_group(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct ldb_message **msgs; - int ret; - const char *attrs[] = { NULL }; - - /* search for the group, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=group)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_GROUP; - } else if (ret > 1) { - *error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s", - dom_sid_string(mem_ctx, - dom_sid_add_rid(mem_ctx, - state->dom_sid[database], - rid))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - ret = ldb_delete(state->sam_ldb, msgs[0]->dn); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to delete group record %s: %s", - ldb_dn_get_linearized(msgs[0]->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct netr_DELTA_GROUP_MEMBER *delta_group_member = delta->delta_union.group_member; - struct ldb_message *msg; - struct ldb_message **msgs; - int ret; - const char *attrs[] = { NULL }; - const char *str_dn; - uint32_t i; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* search for the group, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=group)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_GROUP; - } else if (ret > 1) { - *error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s", - dom_sid_string(mem_ctx, - dom_sid_add_rid(mem_ctx, - state->dom_sid[database], - rid))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = talloc_steal(msg, msgs[0]->dn); - } - - talloc_free(msgs); - - for (i=0; i<delta_group_member->num_rids; i++) { - /* search for the group, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=user)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], delta_group_member->rids[i]))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_USER; - } else if (ret > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - str_dn = ldb_dn_alloc_linearized(msg, msgs[0]->dn); - NT_STATUS_HAVE_NO_MEMORY(str_dn); - ret = ldb_msg_add_string(msg, "member", str_dn); - if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; - } - - talloc_free(msgs); - } - - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_alias(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct netr_DELTA_ALIAS *alias = delta->delta_union.alias; - const char *container, *obj_class; - const char *cn_name; - - struct ldb_message *msg; - struct ldb_message **msgs; - int ret; - bool add = false; - const char *attrs[] = { NULL }; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* search for the alias, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=group)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - add = true; - } else if (ret > 1) { - *error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s", - dom_sid_string(mem_ctx, - dom_sid_add_rid(mem_ctx, - state->dom_sid[database], - rid))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = talloc_steal(mem_ctx, msgs[0]->dn); - } - - cn_name = alias->alias_name.string; - -#define ADD_OR_DEL(type, attrib, field) do { \ - if (alias->field) { \ - samdb_msg_add_ ## type(state->sam_ldb, mem_ctx, msg, \ - attrib, alias->field); \ - } else if (!add) { \ - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, \ - attrib); \ - } \ - } while (0); - - ADD_OR_DEL(string, "samAccountName", alias_name.string); - - if (samdb_msg_add_dom_sid(state->sam_ldb, mem_ctx, msg, - "objectSid", dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))) { - return NT_STATUS_NO_MEMORY; - } - - ADD_OR_DEL(string, "description", description.string); - -#undef ADD_OR_DEL - - samdb_msg_add_uint(state->sam_ldb, mem_ctx, msg, "groupType", 0x80000004); - - container = "Users"; - obj_class = "group"; - - if (add) { - ldb_msg_add_string(msg, "objectClass", obj_class); - msg->dn = ldb_dn_copy(mem_ctx, state->base_dn[database]); - ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container); - if (!msg->dn) { - return NT_STATUS_NO_MEMORY; - } - - ret = ldb_add(state->sam_ldb, msg); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to create alias record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } else { - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify alias record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_delete_alias(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct ldb_message **msgs; - int ret; - const char *attrs[] = { NULL }; - - /* search for the alias, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=group)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_ALIAS; - } else if (ret > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - ret = ldb_delete(state->sam_ldb, msgs[0]->dn); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to delete alias record %s: %s", - ldb_dn_get_linearized(msgs[0]->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - uint32_t rid = delta->delta_id_union.rid; - struct netr_DELTA_ALIAS_MEMBER *alias_member = delta->delta_union.alias_member; - struct ldb_message *msg; - struct ldb_message **msgs; - int ret; - const char *attrs[] = { NULL }; - uint32_t i; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* search for the alias, by rid */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database], &msgs, attrs, - "(&(objectClass=group)(objectSid=%s))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid))); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_GROUP; - } else if (ret > 1) { - *error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s", - dom_sid_string(mem_ctx, - dom_sid_add_rid(mem_ctx, - state->dom_sid[database], - rid))); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = talloc_steal(msg, msgs[0]->dn); - } - - talloc_free(msgs); - - for (i=0; i<alias_member->sids.num_sids; i++) { - struct ldb_dn *alias_member_dn; - const char *str_dn; - /* search for members, in the top basedn (normal users are builtin aliases) */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN], &msgs, attrs, - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, alias_member->sids.sids[i].sid)); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - NTSTATUS nt_status; - nt_status = samsync_ldb_add_foreignSecurityPrincipal(mem_ctx, state, - alias_member->sids.sids[i].sid, - &alias_member_dn, - error_string); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - } else if (ret > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - alias_member_dn = msgs[0]->dn; - } - str_dn = ldb_dn_alloc_linearized(msg, alias_member_dn); - NT_STATUS_HAVE_NO_MEMORY(str_dn); - ret = ldb_msg_add_string(msg, "member", str_dn); - if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY; - - talloc_free(msgs); - } - - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - struct dom_sid *sid = delta->delta_id_union.sid; - struct netr_DELTA_ACCOUNT *account = delta->delta_union.account; - - struct ldb_message *msg; - int ret; - uint32_t i; - char *dnstr; - struct dom_sid_buf buf; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - dnstr = talloc_asprintf(msg, "sid=%s", dom_sid_str_buf(sid, &buf)); - if (dnstr == NULL) { - TALLOC_FREE(msg); - return NT_STATUS_NO_MEMORY; - } - - msg->dn = ldb_dn_new(msg, state->pdb, dnstr); - if (msg->dn == NULL) { - TALLOC_FREE(msg); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i< account->privilege_entries; i++) { - ldb_msg_add_string(msg, "privilege", account->privilege_name[i].string); - } - - ret = dsdb_replace(state->pdb, msg, 0); - if (ret == LDB_ERR_NO_SUCH_OBJECT) { - if (samdb_msg_add_dom_sid(state->pdb, msg, msg, "objectSid", sid) != LDB_SUCCESS) { - talloc_free(msg); - return NT_STATUS_NO_MEMORY; - } - ldb_msg_add_string(msg, "comment", "added via samsync"); - ret = ldb_add(state->pdb, msg); - } - - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s", - ldb_dn_get_linearized(msg->dn)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS samsync_ldb_delete_account(TALLOC_CTX *mem_ctx, - struct samsync_ldb_state *state, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - struct dom_sid *sid = delta->delta_id_union.sid; - - struct ldb_message *msg; - struct ldb_message **msgs; - int ret; - const char *attrs[] = { NULL }; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* search for the account, by sid, in the top basedn */ - ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN], &msgs, attrs, - "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, sid)); - - if (ret == -1) { - *error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else if (ret == 0) { - return NT_STATUS_NO_SUCH_USER; - } else if (ret > 1) { - struct dom_sid_buf buf; - *error_string = talloc_asprintf( - mem_ctx, - "More than one account with SID: %s", - dom_sid_str_buf(sid, &buf)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - msg->dn = talloc_steal(msg, msgs[0]->dn); - } - - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - "privilege"); - - ret = dsdb_replace(state->sam_ldb, msg, 0); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s", - ldb_dn_get_linearized(msg->dn)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - return NT_STATUS_OK; -} - -static NTSTATUS libnet_samsync_ldb_fn(TALLOC_CTX *mem_ctx, - void *private_data, - enum netr_SamDatabaseID database, - struct netr_DELTA_ENUM *delta, - char **error_string) -{ - NTSTATUS nt_status = NT_STATUS_OK; - struct samsync_ldb_state *state = talloc_get_type(private_data, struct samsync_ldb_state); - - *error_string = NULL; - switch (delta->delta_type) { - case NETR_DELTA_DOMAIN: - { - nt_status = samsync_ldb_handle_domain(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_USER: - { - nt_status = samsync_ldb_handle_user(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_DELETE_USER: - { - nt_status = samsync_ldb_delete_user(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_GROUP: - { - nt_status = samsync_ldb_handle_group(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_DELETE_GROUP: - { - nt_status = samsync_ldb_delete_group(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_GROUP_MEMBER: - { - nt_status = samsync_ldb_handle_group_member(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_ALIAS: - { - nt_status = samsync_ldb_handle_alias(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_DELETE_ALIAS: - { - nt_status = samsync_ldb_delete_alias(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_ALIAS_MEMBER: - { - nt_status = samsync_ldb_handle_alias_member(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_ACCOUNT: - { - nt_status = samsync_ldb_handle_account(mem_ctx, - state, - database, - delta, - error_string); - break; - } - case NETR_DELTA_DELETE_ACCOUNT: - { - nt_status = samsync_ldb_delete_account(mem_ctx, - state, - database, - delta, - error_string); - break; - } - default: - /* Can't dump them all right now */ - break; - } - if (!NT_STATUS_IS_OK(nt_status) && !*error_string) { - *error_string = talloc_asprintf(mem_ctx, "Failed to handle samsync delta: %s", nt_errstr(nt_status)); - } - return nt_status; -} - -static NTSTATUS libnet_samsync_ldb_init(TALLOC_CTX *mem_ctx, - void *private_data, - struct libnet_SamSync_state *samsync_state, - char **error_string) -{ - struct samsync_ldb_state *state = talloc_get_type(private_data, struct samsync_ldb_state); - const char *server = dcerpc_server_name(samsync_state->netlogon_pipe); - char *ldap_url; - - state->samsync_state = samsync_state; - - ZERO_STRUCT(state->dom_sid); - if (state->samsync_state->domain_sid) { - state->dom_sid[SAM_DATABASE_DOMAIN] = dom_sid_dup(state, state->samsync_state->domain_sid); - } - - state->dom_sid[SAM_DATABASE_BUILTIN] = dom_sid_parse_talloc(state, SID_BUILTIN); - - if (state->samsync_state->realm) { - if (!server || !*server) { - /* huh? how do we not have a server name? */ - *error_string = talloc_strdup(mem_ctx, "No DCE/RPC server name available. How did we connect?"); - return NT_STATUS_INVALID_PARAMETER; - } - ldap_url = talloc_asprintf(state, "ldap://%s", server); - - state->remote_ldb = ldb_wrap_connect(mem_ctx, - NULL, - state->samsync_state->machine_net_ctx->lp_ctx, - ldap_url, - NULL, state->samsync_state->machine_net_ctx->cred, - 0); - if (!state->remote_ldb) { - *error_string = talloc_asprintf(mem_ctx, "Failed to connect to remote LDAP server at %s (used to extract additional data in SamSync replication)", ldap_url); - return NT_STATUS_NO_LOGON_SERVERS; - } - } else { - state->remote_ldb = NULL; - } - return NT_STATUS_OK; -} - -NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r) -{ - NTSTATUS nt_status; - struct libnet_SamSync r2; - struct samsync_ldb_state *state = talloc(mem_ctx, struct samsync_ldb_state); - - if (!state) { - return NT_STATUS_NO_MEMORY; - } - - state->secrets = NULL; - state->trusted_domains = NULL; - - state->sam_ldb = samdb_connect(mem_ctx, - ctx->event_ctx, - ctx->lp_ctx, - r->in.session_info, - NULL, - 0); - if (!state->sam_ldb) { - return NT_STATUS_INTERNAL_DB_ERROR; - } - - state->pdb = privilege_connect(mem_ctx, - ctx->lp_ctx); - if (!state->pdb) { - return NT_STATUS_INTERNAL_DB_ERROR; - } - - r2.out.error_string = NULL; - r2.in.binding_string = r->in.binding_string; - r2.in.init_fn = libnet_samsync_ldb_init; - r2.in.delta_fn = libnet_samsync_ldb_fn; - r2.in.fn_ctx = state; - r2.in.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */ - nt_status = libnet_SamSync_netlogon(ctx, state, &r2); - r->out.error_string = r2.out.error_string; - talloc_steal(mem_ctx, r->out.error_string); - - if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(state); - return nt_status; - } - talloc_free(state); - return nt_status; -} diff --git a/source4/libnet/wscript_build b/source4/libnet/wscript_build index 3f36e4aa3aa..fc045d5f41b 100644 --- a/source4/libnet/wscript_build +++ b/source4/libnet/wscript_build @@ -6,7 +6,7 @@ provision = bld.pyembed_libname('PROVISION') name = bld.pyembed_libname('samba-net') auto_proto='libnet_proto.h' bld.SAMBA_LIBRARY(name, - source='libnet.c libnet_passwd.c libnet_time.c libnet_rpc.c libnet_join.c libnet_site.c libnet_become_dc.c libnet_unbecome_dc.c libnet_vampire.c libnet_samdump.c libnet_samsync_ldb.c libnet_user.c libnet_group.c libnet_share.c libnet_lookup.c libnet_domain.c userinfo.c groupinfo.c userman.c groupman.c prereq_domain.c libnet_samsync.c', + source='libnet.c libnet_passwd.c libnet_time.c libnet_rpc.c libnet_join.c libnet_site.c libnet_become_dc.c libnet_unbecome_dc.c libnet_vampire.c libnet_samdump.c libnet_user.c libnet_group.c libnet_share.c libnet_lookup.c libnet_domain.c userinfo.c groupinfo.c userman.c groupman.c prereq_domain.c libnet_samsync.c', autoproto=auto_proto, public_deps='samba-credentials dcerpc dcerpc-samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI cli_composite LIBCLI_RESOLVE LIBCLI_FINDDCS cli_cldap LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH ndr smbpasswdparser %s LIBCLI_SAMSYNC LIBTSOCKET' % (provision), private_library=True, |