Changeset 745 for trunk/server/source3/utils/net_rpc_join.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/utils/net_rpc_join.c (modified) (18 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/utils/net_rpc_join.c
r414 r745 21 21 #include "includes.h" 22 22 #include "utils/net.h" 23 23 24 #include "../libcli/auth/libcli_auth.h" 24 #include "../librpc/gen_ndr/cli_lsa.h" 25 #include "../librpc/gen_ndr/cli_samr.h" 25 #include "../librpc/gen_ndr/ndr_lsa_c.h" 26 #include "rpc_client/cli_lsarpc.h" 27 #include "../librpc/gen_ndr/ndr_samr_c.h" 28 #include "rpc_client/init_samr.h" 29 #include "../librpc/gen_ndr/ndr_netlogon.h" 30 #include "rpc_client/cli_netlogon.h" 31 #include "secrets.h" 32 #include "rpc_client/init_lsa.h" 33 #include "libsmb/libsmb.h" 26 34 27 35 /* Macro for checking RPC error codes to make things more readable */ 28 36 29 37 #define CHECK_RPC_ERR(rpc, msg) \ 30 if (!NT_STATUS_IS_OK( result= rpc)) { \31 DEBUG(0, (msg ": %s\n", nt_errstr( result))); \38 if (!NT_STATUS_IS_OK( = rpc)) { \ 39 DEBUG(0, (msg ": %s\n", nt_errstr())); \ 32 40 goto done; \ 33 41 } 34 42 43 44 45 46 47 48 49 50 51 52 53 54 35 55 #define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \ 36 if (!NT_STATUS_IS_OK( result= rpc)) { \56 if (!NT_STATUS_IS_OK( = rpc)) { \ 37 57 DEBUG(0, debug_args); \ 38 58 goto done; \ 39 59 } 60 61 62 63 64 65 66 67 68 69 70 71 40 72 41 73 /** … … 143 175 enum netr_SchannelType sec_channel_type; 144 176 struct rpc_pipe_client *pipe_hnd = NULL; 177 145 178 146 179 /* rpc variables */ 147 180 148 181 struct policy_handle lsa_pol, sam_pol, domain_pol, user_pol; 149 DOM_SID*domain_sid;182 *domain_sid; 150 183 uint32 user_rid; 151 184 … … 159 192 /* Misc */ 160 193 161 NTSTATUS result;194 NTSTATUS result; 162 195 int retval = 1; 163 196 const char *domain = NULL; … … 169 202 struct samr_Ids user_rids; 170 203 struct samr_Ids name_types; 204 171 205 172 206 /* check what type of join */ … … 197 231 /* Make authenticated connection to remote machine */ 198 232 199 result= net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);200 if (!NT_STATUS_IS_OK( result)) {233 = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli); 234 if (!NT_STATUS_IS_OK()) { 201 235 return 1; 202 236 } … … 209 243 /* Fetch domain sid */ 210 244 211 result= cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,245 = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, 212 246 &pipe_hnd); 213 if (!NT_STATUS_IS_OK( result)) {247 if (!NT_STATUS_IS_OK()) { 214 248 DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", 215 nt_errstr(result) )); 216 goto done; 217 } 218 249 nt_errstr(status) )); 250 goto done; 251 } 252 253 b = pipe_hnd->binding_handle; 219 254 220 255 CHECK_RPC_ERR(rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, … … 223 258 "error opening lsa policy handle"); 224 259 225 CHECK_RPC_ERR(rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, 226 &lsa_pol, 227 LSA_POLICY_INFO_ACCOUNT_DOMAIN, 228 &info), 260 CHECK_DCERPC_ERR(dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, 261 &lsa_pol, 262 LSA_POLICY_INFO_ACCOUNT_DOMAIN, 263 &info, 264 &result), 229 265 "error querying info policy"); 230 266 … … 232 268 domain_sid = info->account_domain.sid; 233 269 234 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);270 ); 235 271 TALLOC_FREE(pipe_hnd); /* Done with this pipe */ 236 272 … … 242 278 243 279 /* Create domain user */ 244 result= cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,280 = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, 245 281 &pipe_hnd); 246 if (!NT_STATUS_IS_OK( result)) {282 if (!NT_STATUS_IS_OK()) { 247 283 DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", 248 nt_errstr(result) )); 249 goto done; 250 } 251 252 CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx, 253 pipe_hnd->desthost, 254 SAMR_ACCESS_ENUM_DOMAINS 255 | SAMR_ACCESS_LOOKUP_DOMAIN, 256 &sam_pol), 284 nt_errstr(status) )); 285 goto done; 286 } 287 288 b = pipe_hnd->binding_handle; 289 290 CHECK_DCERPC_ERR(dcerpc_samr_Connect2(b, mem_ctx, 291 pipe_hnd->desthost, 292 SAMR_ACCESS_ENUM_DOMAINS 293 | SAMR_ACCESS_LOOKUP_DOMAIN, 294 &sam_pol, 295 &result), 257 296 "could not connect to SAM database"); 258 297 259 298 260 CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, 261 &sam_pol, 262 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 263 | SAMR_DOMAIN_ACCESS_CREATE_USER 264 | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, 265 domain_sid, 266 &domain_pol), 299 CHECK_DCERPC_ERR(dcerpc_samr_OpenDomain(b, mem_ctx, 300 &sam_pol, 301 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 302 | SAMR_DOMAIN_ACCESS_CREATE_USER 303 | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, 304 domain_sid, 305 &domain_pol, 306 &result), 267 307 "could not open domain"); 268 308 269 309 /* Create domain user */ 270 310 if ((acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname())) == NULL) { 271 result= NT_STATUS_NO_MEMORY;311 = NT_STATUS_NO_MEMORY; 272 312 goto done; 273 313 } … … 284 324 DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); 285 325 286 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,326 , mem_ctx, 287 327 &domain_pol, 288 328 &lsa_acct_name, … … 291 331 &user_pol, 292 332 &access_granted, 293 &user_rid); 294 333 &user_rid, 334 &result); 335 if (!NT_STATUS_IS_OK(status)) { 336 goto done; 337 } 295 338 if (!NT_STATUS_IS_OK(result) && 296 339 !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) { 340 297 341 d_fprintf(stderr,_("Creation of workstation account failed\n")); 298 342 … … 311 355 312 356 if (NT_STATUS_IS_OK(result)) { 313 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); 314 } 315 316 CHECK_RPC_ERR_DEBUG(rpccli_samr_LookupNames(pipe_hnd, mem_ctx, 317 &domain_pol, 318 1, 319 &lsa_acct_name, 320 &user_rids, 321 &name_types), 322 ("error looking up rid for user %s: %s\n", 323 acct_name, nt_errstr(result))); 357 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result); 358 } 359 360 CHECK_DCERPC_ERR_DEBUG(dcerpc_samr_LookupNames(b, mem_ctx, 361 &domain_pol, 362 1, 363 &lsa_acct_name, 364 &user_rids, 365 &name_types, 366 &result), 367 ("error looking up rid for user %s: %s/%s\n", 368 acct_name, nt_errstr(status), nt_errstr(result))); 324 369 325 370 if (name_types.ids[0] != SID_NAME_USER) { … … 332 377 /* Open handle on user */ 333 378 334 CHECK_ RPC_ERR_DEBUG(335 rpccli_samr_OpenUser(pipe_hnd, mem_ctx,379 CHECK_RPC_ERR_DEBUG( 380 , mem_ctx, 336 381 &domain_pol, 337 382 SEC_FLAG_MAXIMUM_ALLOWED, 338 383 user_rid, 339 &user_pol), 340 ("could not re-open existing user %s: %s\n", 341 acct_name, nt_errstr(result))); 384 &user_pol, 385 &result), 386 ("could not re-open existing user %s: %s/%s\n", 387 acct_name, nt_errstr(status), nt_errstr(result))); 342 388 343 389 /* Create a random machine account password */ … … 355 401 set_info.info24.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON; 356 402 357 CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, 358 &user_pol, 359 24, 360 &set_info), 403 CHECK_DCERPC_ERR(dcerpc_samr_SetUserInfo2(b, mem_ctx, 404 &user_pol, 405 24, 406 &set_info, 407 &result), 361 408 "error setting trust account password"); 362 409 … … 375 422 as a normal user with "Add workstation to domain" privilege. */ 376 423 377 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,424 , mem_ctx, 378 425 &user_pol, 379 426 16, 380 &set_info); 381 382 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); 427 &set_info, 428 &result); 429 430 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result); 383 431 TALLOC_FREE(pipe_hnd); /* Done with this pipe */ 384 432 385 433 /* Now check the whole process from top-to-bottom */ 386 434 387 result= cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,435 = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, 388 436 &pipe_hnd); 389 if (!NT_STATUS_IS_OK( result)) {437 if (!NT_STATUS_IS_OK()) { 390 438 DEBUG(0,("Error connecting to NETLOGON pipe. Error was %s\n", 391 nt_errstr( result) ));392 goto done; 393 } 394 395 result= rpccli_netlogon_setup_creds(pipe_hnd,439 nt_errstr() )); 440 goto done; 441 } 442 443 = rpccli_netlogon_setup_creds(pipe_hnd, 396 444 cli->desthost, /* server name */ 397 445 domain, /* domain */ … … 402 450 &neg_flags); 403 451 404 if (!NT_STATUS_IS_OK( result)) {452 if (!NT_STATUS_IS_OK()) { 405 453 DEBUG(0, ("Error in domain join verification (credential setup failed): %s\n\n", 406 nt_errstr( result)));407 408 if ( NT_STATUS_EQUAL( result, NT_STATUS_ACCESS_DENIED) &&454 nt_errstr())); 455 456 if ( NT_STATUS_EQUAL(, NT_STATUS_ACCESS_DENIED) && 409 457 (sec_channel_type == SEC_CHAN_BDC) ) { 410 458 d_fprintf(stderr, _("Please make sure that no computer " … … 425 473 struct rpc_pipe_client *netlogon_schannel_pipe; 426 474 427 result= cli_rpc_pipe_open_schannel_with_key(475 = cli_rpc_pipe_open_schannel_with_key( 428 476 cli, &ndr_table_netlogon.syntax_id, NCACN_NP, 429 477 DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, 430 478 &netlogon_schannel_pipe); 431 479 432 if (!NT_STATUS_IS_OK( result)) {480 if (!NT_STATUS_IS_OK()) { 433 481 DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", 434 nt_errstr( result)));435 436 if ( NT_STATUS_EQUAL( result, NT_STATUS_ACCESS_DENIED) &&482 nt_errstr())); 483 484 if ( NT_STATUS_EQUAL(, NT_STATUS_ACCESS_DENIED) && 437 485 (sec_channel_type == SEC_CHAN_BDC) ) { 438 486 d_fprintf(stderr, _("Please make sure that no " … … 464 512 465 513 /* double-check, connection from scratch */ 466 result= net_rpc_join_ok(c, domain, cli->desthost, &cli->dest_ss);467 retval = NT_STATUS_IS_OK( result) ? 0 : -1;514 = net_rpc_join_ok(c, domain, cli->desthost, &cli->dest_ss); 515 retval = NT_STATUS_IS_OK() ? 0 : -1; 468 516 469 517 done:
Note:
See TracChangeset
for help on using the changeset viewer.
