/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- DeleteUser_byname
- torture_create_testuser
- torture_join_domain
- torture_join_samr_pipe
- torture_join_samr_user_policy
- torture_leave_ads_domain
- torture_leave_domain
- torture_join_sid
- torture_join_user_sid
- torture_join_netbios_name
- torture_join_user_guid
- torture_join_dom_netbios_name
- torture_join_dom_dns_name
- torture_join_server_dn_str
- torture_join_domain_ads_dc
1 /*
2 Unix SMB/CIFS implementation.
3
4 utility code to join/leave a domain
5
6 Copyright (C) Andrew Tridgell 2004
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 /*
23 this code is used by other torture modules to join/leave a domain
24 as either a member, bdc or thru a trust relationship
25 */
26
27 #include "includes.h"
28 #include "torture/torture.h"
29 #include "system/time.h"
30 #include "../lib/crypto/crypto.h"
31 #include "libnet/libnet.h"
32 #include "lib/cmdline/popt_common.h"
33 #include "lib/ldb/include/ldb.h"
34 #include "librpc/gen_ndr/ndr_samr_c.h"
35
36 #include "libcli/auth/libcli_auth.h"
37 #include "torture/rpc/rpc.h"
38 #include "libcli/security/security.h"
39 #include "param/param.h"
40
41 struct test_join {
42 struct dcerpc_pipe *p;
43 struct policy_handle user_handle;
44 struct libnet_JoinDomain *libnet_r;
45 struct dom_sid *dom_sid;
46 const char *dom_netbios_name;
47 const char *dom_dns_name;
48 struct dom_sid *user_sid;
49 struct GUID user_guid;
50 const char *netbios_name;
51 };
52
53
54 static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
55 struct policy_handle *handle, const char *name)
56 {
57 NTSTATUS status;
58 struct samr_DeleteUser d;
59 struct policy_handle user_handle;
60 uint32_t rid;
61 struct samr_LookupNames n;
62 struct samr_Ids rids, types;
63 struct lsa_String sname;
64 struct samr_OpenUser r;
65
66 sname.string = name;
67
68 n.in.domain_handle = handle;
69 n.in.num_names = 1;
70 n.in.names = &sname;
71 n.out.rids = &rids;
72 n.out.types = &types;
73
74 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
75 if (NT_STATUS_IS_OK(status)) {
76 rid = n.out.rids->ids[0];
77 } else {
78 return status;
79 }
80
81 r.in.domain_handle = handle;
82 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
83 r.in.rid = rid;
84 r.out.user_handle = &user_handle;
85
86 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
87 if (!NT_STATUS_IS_OK(status)) {
88 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
89 return status;
90 }
91
92 d.in.user_handle = &user_handle;
93 d.out.user_handle = &user_handle;
94 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
95 if (!NT_STATUS_IS_OK(status)) {
96 return status;
97 }
98
99 return NT_STATUS_OK;
100 }
101
102 /*
103 create a test user in the domain
104 an opaque pointer is returned. Pass it to torture_leave_domain()
105 when finished
106 */
107
108 struct test_join *torture_create_testuser(struct torture_context *torture,
/* [<][>][^][v][top][bottom][index][help] */
109 const char *username,
110 const char *domain,
111 uint16_t acct_type,
112 const char **random_password)
113 {
114 NTSTATUS status;
115 struct samr_Connect c;
116 struct samr_CreateUser2 r;
117 struct samr_OpenDomain o;
118 struct samr_LookupDomain l;
119 struct dom_sid2 *sid = NULL;
120 struct samr_GetUserPwInfo pwp;
121 struct samr_PwInfo info;
122 struct samr_SetUserInfo s;
123 union samr_UserInfo u;
124 struct policy_handle handle;
125 struct policy_handle domain_handle;
126 uint32_t access_granted;
127 uint32_t rid;
128 DATA_BLOB session_key;
129 struct lsa_String name;
130
131 int policy_min_pw_len = 0;
132 struct test_join *join;
133 char *random_pw;
134 const char *dc_binding = torture_setting_string(torture, "dc_binding", NULL);
135
136 join = talloc(NULL, struct test_join);
137 if (join == NULL) {
138 return NULL;
139 }
140
141 ZERO_STRUCTP(join);
142
143 printf("Connecting to SAMR\n");
144
145 if (dc_binding) {
146 status = dcerpc_pipe_connect(join,
147 &join->p,
148 dc_binding,
149 &ndr_table_samr,
150 cmdline_credentials, NULL, torture->lp_ctx);
151
152 } else {
153 status = torture_rpc_connection(torture,
154 &join->p,
155 &ndr_table_samr);
156 }
157 if (!NT_STATUS_IS_OK(status)) {
158 return NULL;
159 }
160
161 c.in.system_name = NULL;
162 c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
163 c.out.connect_handle = &handle;
164
165 status = dcerpc_samr_Connect(join->p, join, &c);
166 if (!NT_STATUS_IS_OK(status)) {
167 const char *errstr = nt_errstr(status);
168 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
169 errstr = dcerpc_errstr(join, join->p->last_fault_code);
170 }
171 printf("samr_Connect failed - %s\n", errstr);
172 return NULL;
173 }
174
175 printf("Opening domain %s\n", domain);
176
177 name.string = domain;
178 l.in.connect_handle = &handle;
179 l.in.domain_name = &name;
180 l.out.sid = &sid;
181
182 status = dcerpc_samr_LookupDomain(join->p, join, &l);
183 if (!NT_STATUS_IS_OK(status)) {
184 printf("LookupDomain failed - %s\n", nt_errstr(status));
185 goto failed;
186 }
187
188 talloc_steal(join, *l.out.sid);
189 join->dom_sid = *l.out.sid;
190 join->dom_netbios_name = talloc_strdup(join, domain);
191 if (!join->dom_netbios_name) goto failed;
192
193 o.in.connect_handle = &handle;
194 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
195 o.in.sid = *l.out.sid;
196 o.out.domain_handle = &domain_handle;
197
198 status = dcerpc_samr_OpenDomain(join->p, join, &o);
199 if (!NT_STATUS_IS_OK(status)) {
200 printf("OpenDomain failed - %s\n", nt_errstr(status));
201 goto failed;
202 }
203
204 printf("Creating account %s\n", username);
205
206 again:
207 name.string = username;
208 r.in.domain_handle = &domain_handle;
209 r.in.account_name = &name;
210 r.in.acct_flags = acct_type;
211 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
212 r.out.user_handle = &join->user_handle;
213 r.out.access_granted = &access_granted;
214 r.out.rid = &rid;
215
216 status = dcerpc_samr_CreateUser2(join->p, join, &r);
217
218 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
219 status = DeleteUser_byname(join->p, join, &domain_handle, name.string);
220 if (NT_STATUS_IS_OK(status)) {
221 goto again;
222 }
223 }
224
225 if (!NT_STATUS_IS_OK(status)) {
226 printf("CreateUser2 failed - %s\n", nt_errstr(status));
227 goto failed;
228 }
229
230 join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);
231
232 pwp.in.user_handle = &join->user_handle;
233 pwp.out.info = &info;
234
235 status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp);
236 if (NT_STATUS_IS_OK(status)) {
237 policy_min_pw_len = pwp.out.info->min_password_length;
238 }
239
240 random_pw = generate_random_str(join, MAX(8, policy_min_pw_len));
241
242 printf("Setting account password '%s'\n", random_pw);
243
244 ZERO_STRUCT(u);
245 s.in.user_handle = &join->user_handle;
246 s.in.info = &u;
247 s.in.level = 24;
248
249 encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
250 u.info24.password_expired = 0;
251
252 status = dcerpc_fetch_session_key(join->p, &session_key);
253 if (!NT_STATUS_IS_OK(status)) {
254 printf("SetUserInfo level %u - no session key - %s\n",
255 s.in.level, nt_errstr(status));
256 torture_leave_domain(torture, join);
257 goto failed;
258 }
259
260 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
261
262 status = dcerpc_samr_SetUserInfo(join->p, join, &s);
263 if (!NT_STATUS_IS_OK(status)) {
264 printf("SetUserInfo failed - %s\n", nt_errstr(status));
265 goto failed;
266 }
267
268 ZERO_STRUCT(u);
269 s.in.user_handle = &join->user_handle;
270 s.in.info = &u;
271 s.in.level = 21;
272
273 u.info21.acct_flags = acct_type | ACB_PWNOEXP;
274 u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
275
276 u.info21.comment.string = talloc_asprintf(join,
277 "Tortured by Samba4: %s",
278 timestring(join, time(NULL)));
279
280 u.info21.full_name.string = talloc_asprintf(join,
281 "Torture account for Samba4: %s",
282 timestring(join, time(NULL)));
283
284 u.info21.description.string = talloc_asprintf(join,
285 "Samba4 torture account created by host %s: %s",
286 lp_netbios_name(torture->lp_ctx),
287 timestring(join, time(NULL)));
288
289 printf("Resetting ACB flags, force pw change time\n");
290
291 status = dcerpc_samr_SetUserInfo(join->p, join, &s);
292 if (!NT_STATUS_IS_OK(status)) {
293 printf("SetUserInfo failed - %s\n", nt_errstr(status));
294 goto failed;
295 }
296
297 if (random_password) {
298 *random_password = random_pw;
299 }
300
301 return join;
302
303 failed:
304 torture_leave_domain(torture, join);
305 return NULL;
306 }
307
308
309 _PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx,
/* [<][>][^][v][top][bottom][index][help] */
310 const char *machine_name,
311 uint32_t acct_flags,
312 struct cli_credentials **machine_credentials)
313 {
314 NTSTATUS status;
315 struct libnet_context *libnet_ctx;
316 struct libnet_JoinDomain *libnet_r;
317 struct test_join *tj;
318 struct samr_SetUserInfo s;
319 union samr_UserInfo u;
320
321 tj = talloc(tctx, struct test_join);
322 if (!tj) return NULL;
323
324 libnet_r = talloc(tj, struct libnet_JoinDomain);
325 if (!libnet_r) {
326 talloc_free(tj);
327 return NULL;
328 }
329
330 libnet_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
331 if (!libnet_ctx) {
332 talloc_free(tj);
333 return NULL;
334 }
335
336 tj->libnet_r = libnet_r;
337
338 libnet_ctx->cred = cmdline_credentials;
339 libnet_r->in.binding = torture_setting_string(tctx, "binding", NULL);
340 if (!libnet_r->in.binding) {
341 libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", torture_setting_string(tctx, "host", NULL));
342 }
343 libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
344 libnet_r->in.netbios_name = machine_name;
345 libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
346 if (!libnet_r->in.account_name) {
347 talloc_free(tj);
348 return NULL;
349 }
350
351 libnet_r->in.acct_type = acct_flags;
352 libnet_r->in.recreate_account = true;
353
354 status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
355 if (!NT_STATUS_IS_OK(status)) {
356 if (libnet_r->out.error_string) {
357 DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string));
358 } else {
359 DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status)));
360 }
361 talloc_free(tj);
362 return NULL;
363 }
364 tj->p = libnet_r->out.samr_pipe;
365 tj->user_handle = *libnet_r->out.user_handle;
366 tj->dom_sid = libnet_r->out.domain_sid;
367 talloc_steal(tj, libnet_r->out.domain_sid);
368 tj->dom_netbios_name = libnet_r->out.domain_name;
369 talloc_steal(tj, libnet_r->out.domain_name);
370 tj->dom_dns_name = libnet_r->out.realm;
371 talloc_steal(tj, libnet_r->out.realm);
372 tj->user_guid = libnet_r->out.account_guid;
373 tj->netbios_name = talloc_strdup(tj, machine_name);
374 if (!tj->netbios_name) {
375 talloc_free(tj);
376 return NULL;
377 }
378
379 ZERO_STRUCT(u);
380 s.in.user_handle = &tj->user_handle;
381 s.in.info = &u;
382 s.in.level = 21;
383
384 u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
385 u.info21.comment.string = talloc_asprintf(tj,
386 "Tortured by Samba4: %s",
387 timestring(tj, time(NULL)));
388 u.info21.full_name.string = talloc_asprintf(tj,
389 "Torture account for Samba4: %s",
390 timestring(tj, time(NULL)));
391
392 u.info21.description.string = talloc_asprintf(tj,
393 "Samba4 torture account created by host %s: %s",
394 lp_netbios_name(tctx->lp_ctx), timestring(tj, time(NULL)));
395
396 status = dcerpc_samr_SetUserInfo(tj->p, tj, &s);
397 if (!NT_STATUS_IS_OK(status)) {
398 printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
399 }
400
401 *machine_credentials = cli_credentials_init(tj);
402 cli_credentials_set_conf(*machine_credentials, tctx->lp_ctx);
403 cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
404 cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
405 if (libnet_r->out.realm) {
406 cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
407 }
408 cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
409 cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
410 cli_credentials_set_kvno(*machine_credentials, libnet_r->out.kvno);
411 if (acct_flags & ACB_SVRTRUST) {
412 cli_credentials_set_secure_channel_type(*machine_credentials,
413 SEC_CHAN_BDC);
414 } else if (acct_flags & ACB_WSTRUST) {
415 cli_credentials_set_secure_channel_type(*machine_credentials,
416 SEC_CHAN_WKSTA);
417 } else {
418 DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
419 talloc_free(*machine_credentials);
420 return NULL;
421 }
422
423 return tj;
424 }
425
426 struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
427 {
428 return join->p;
429 }
430
431 struct policy_handle *torture_join_samr_user_policy(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
432 {
433 return &join->user_handle;
434 }
435
436 static NTSTATUS torture_leave_ads_domain(struct torture_context *torture,
/* [<][>][^][v][top][bottom][index][help] */
437 TALLOC_CTX *mem_ctx,
438 struct libnet_JoinDomain *libnet_r)
439 {
440 int rtn;
441 TALLOC_CTX *tmp_ctx;
442
443 struct ldb_dn *server_dn;
444 struct ldb_context *ldb_ctx;
445
446 char *remote_ldb_url;
447
448 /* Check if we are a domain controller. If not, exit. */
449 if (!libnet_r->out.server_dn_str) {
450 return NT_STATUS_OK;
451 }
452
453 tmp_ctx = talloc_named(mem_ctx, 0, "torture_leave temporary context");
454 if (!tmp_ctx) {
455 libnet_r->out.error_string = NULL;
456 return NT_STATUS_NO_MEMORY;
457 }
458
459 ldb_ctx = ldb_init(tmp_ctx, torture->ev);
460 if (!ldb_ctx) {
461 libnet_r->out.error_string = NULL;
462 talloc_free(tmp_ctx);
463 return NT_STATUS_NO_MEMORY;
464 }
465
466 /* Remove CN=Servers,... entry from the AD. */
467 server_dn = ldb_dn_new(tmp_ctx, ldb_ctx, libnet_r->out.server_dn_str);
468 if (! ldb_dn_validate(server_dn)) {
469 libnet_r->out.error_string = NULL;
470 talloc_free(tmp_ctx);
471 return NT_STATUS_NO_MEMORY;
472 }
473
474 remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", libnet_r->out.samr_binding->host);
475 if (!remote_ldb_url) {
476 libnet_r->out.error_string = NULL;
477 talloc_free(tmp_ctx);
478 return NT_STATUS_NO_MEMORY;
479 }
480
481 ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials);
482 ldb_set_opaque(ldb_ctx, "loadparm", cmdline_lp_ctx);
483
484 rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL);
485 if (rtn != 0) {
486 libnet_r->out.error_string = NULL;
487 talloc_free(tmp_ctx);
488 return NT_STATUS_UNSUCCESSFUL;
489 }
490
491 rtn = ldb_delete(ldb_ctx, server_dn);
492 if (rtn != 0) {
493 libnet_r->out.error_string = NULL;
494 talloc_free(tmp_ctx);
495 return NT_STATUS_UNSUCCESSFUL;
496 }
497
498 DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str));
499
500 talloc_free(tmp_ctx);
501 return NT_STATUS_OK;
502 }
503
504 /*
505 leave the domain, deleting the machine acct
506 */
507
508 _PUBLIC_ void torture_leave_domain(struct torture_context *torture, struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
509 {
510 struct samr_DeleteUser d;
511 NTSTATUS status;
512
513 if (!join) {
514 return;
515 }
516 d.in.user_handle = &join->user_handle;
517 d.out.user_handle = &join->user_handle;
518
519 /* Delete machine account */
520 status = dcerpc_samr_DeleteUser(join->p, join, &d);
521 if (!NT_STATUS_IS_OK(status)) {
522 printf("Delete of machine account %s failed\n",
523 join->netbios_name);
524 } else {
525 printf("Delete of machine account %s was successful.\n",
526 join->netbios_name);
527 }
528
529 if (join->libnet_r) {
530 status = torture_leave_ads_domain(torture, join, join->libnet_r);
531 }
532
533 talloc_free(join);
534 }
535
536 /*
537 return the dom sid for a test join
538 */
539 _PUBLIC_ const struct dom_sid *torture_join_sid(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
540 {
541 return join->dom_sid;
542 }
543
544 const struct dom_sid *torture_join_user_sid(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
545 {
546 return join->user_sid;
547 }
548
549 const char *torture_join_netbios_name(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
550 {
551 return join->netbios_name;
552 }
553
554 const struct GUID *torture_join_user_guid(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
555 {
556 return &join->user_guid;
557 }
558
559 const char *torture_join_dom_netbios_name(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
560 {
561 return join->dom_netbios_name;
562 }
563
564 const char *torture_join_dom_dns_name(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
565 {
566 return join->dom_dns_name;
567 }
568
569 const char *torture_join_server_dn_str(struct test_join *join)
/* [<][>][^][v][top][bottom][index][help] */
570 {
571 if (join->libnet_r) {
572 return join->libnet_r->out.server_dn_str;
573 }
574 return NULL;
575 }
576
577
578 #if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */
579 struct test_join_ads_dc {
580 struct test_join *join;
581 };
582
583 struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
/* [<][>][^][v][top][bottom][index][help] */
584 const char *domain,
585 struct cli_credentials **machine_credentials)
586 {
587 struct test_join_ads_dc *join;
588
589 join = talloc(NULL, struct test_join_ads_dc);
590 if (join == NULL) {
591 return NULL;
592 }
593
594 join->join = torture_join_domain(machine_name,
595 ACB_SVRTRUST,
596 machine_credentials);
597
598 if (!join->join) {
599 return NULL;
600 }
601
602 /* W2K: */
603 /* W2K: modify userAccountControl from 4096 to 532480 */
604
605 /* W2K: modify RDN to OU=Domain Controllers and skip the $ from server name */
606
607 /* ask objectVersion of Schema Partition */
608
609 /* ask rIDManagerReferenz of the Domain Partition */
610
611 /* ask fsMORoleOwner of the RID-Manager$ object
612 * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ...
613 */
614
615 /* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
616
617 /* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
618
619 /* ask for * of CN=Default-First-Site-Name, ... */
620
621 /* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition
622 * attributes : distinguishedName, userAccountControl
623 */
624
625 /* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
626 * should fail with noSuchObject
627 */
628
629 /* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
630 *
631 * objectClass = server
632 * systemFlags = 50000000
633 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
634 */
635
636 /* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
637 * should fail with noSuchObject
638 */
639
640 /* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,...
641 * attributes: ncName, dnsRoot
642 */
643
644 /* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
645 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
646 * should fail with attributeOrValueExists
647 */
648
649 /* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
650 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
651 */
652
653 /* DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
654 *
655 */
656
657 /* replicate CN=Schema,CN=Configuration,...
658 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
659 *
660 */
661
662 /* replicate CN=Configuration,...
663 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
664 *
665 */
666
667 /* replicate Domain Partition
668 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
669 *
670 */
671
672 /* call DsReplicaUpdateRefs() for all partitions like this:
673 * req1: struct drsuapi_DsReplicaUpdateRefsRequest1
674 * naming_context : *
675 * naming_context: struct drsuapi_DsReplicaObjectIdentifier
676 * __ndr_size : 0x000000ae (174)
677 * __ndr_size_sid : 0x00000000 (0)
678 * guid : 00000000-0000-0000-0000-000000000000
679 * sid : S-0-0
680 * dn : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base'
681 * dest_dsa_dns_name : *
682 * dest_dsa_dns_name : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base'
683 * dest_dsa_guid : 4a0df188-a0b8-47ea-bbe5-e614723f16dd
684 * options : 0x0000001c (28)
685 * 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION
686 * 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE
687 * 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE
688 * 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE
689 * 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010
690 *
691 * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the
692 * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
693 */
694
695 /* W2K3: see libnet/libnet_become_dc.c */
696 return join;
697 }
698
699 #endif