root/source4/torture/rpc/testjoin.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. DeleteUser_byname
  2. torture_create_testuser
  3. torture_join_domain
  4. torture_join_samr_pipe
  5. torture_join_samr_user_policy
  6. torture_leave_ads_domain
  7. torture_leave_domain
  8. torture_join_sid
  9. torture_join_user_sid
  10. torture_join_netbios_name
  11. torture_join_user_guid
  12. torture_join_dom_netbios_name
  13. torture_join_dom_dns_name
  14. torture_join_server_dn_str
  15. torture_join_domain_ads_dc

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    utility code to join/leave a domain
   5 
   6    Copyright (C) Andrew Tridgell 2004
   7    
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12    
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17    
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21 
  22 /*
  23   this code is used by other torture modules to join/leave a domain
  24   as either a member, bdc or thru a trust relationship
  25 */
  26 
  27 #include "includes.h"
  28 #include "torture/torture.h"
  29 #include "system/time.h"
  30 #include "../lib/crypto/crypto.h"
  31 #include "libnet/libnet.h"
  32 #include "lib/cmdline/popt_common.h"
  33 #include "lib/ldb/include/ldb.h"
  34 #include "librpc/gen_ndr/ndr_samr_c.h"
  35 
  36 #include "libcli/auth/libcli_auth.h"
  37 #include "torture/rpc/rpc.h"
  38 #include "libcli/security/security.h"
  39 #include "param/param.h"
  40 
  41 struct test_join {
  42         struct dcerpc_pipe *p;
  43         struct policy_handle user_handle;
  44         struct libnet_JoinDomain *libnet_r;
  45         struct dom_sid *dom_sid;
  46         const char *dom_netbios_name;
  47         const char *dom_dns_name;
  48         struct dom_sid *user_sid;
  49         struct GUID user_guid;
  50         const char *netbios_name;
  51 };
  52 
  53 
  54 static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
  55                                   struct policy_handle *handle, const char *name)
  56 {
  57         NTSTATUS status;
  58         struct samr_DeleteUser d;
  59         struct policy_handle user_handle;
  60         uint32_t rid;
  61         struct samr_LookupNames n;
  62         struct samr_Ids rids, types;
  63         struct lsa_String sname;
  64         struct samr_OpenUser r;
  65 
  66         sname.string = name;
  67 
  68         n.in.domain_handle = handle;
  69         n.in.num_names = 1;
  70         n.in.names = &sname;
  71         n.out.rids = &rids;
  72         n.out.types = &types;
  73 
  74         status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
  75         if (NT_STATUS_IS_OK(status)) {
  76                 rid = n.out.rids->ids[0];
  77         } else {
  78                 return status;
  79         }
  80 
  81         r.in.domain_handle = handle;
  82         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
  83         r.in.rid = rid;
  84         r.out.user_handle = &user_handle;
  85 
  86         status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
  87         if (!NT_STATUS_IS_OK(status)) {
  88                 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
  89                 return status;
  90         }
  91 
  92         d.in.user_handle = &user_handle;
  93         d.out.user_handle = &user_handle;
  94         status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
  95         if (!NT_STATUS_IS_OK(status)) {
  96                 return status;
  97         }
  98 
  99         return NT_STATUS_OK;
 100 }
 101 
 102 /*
 103   create a test user in the domain
 104   an opaque pointer is returned. Pass it to torture_leave_domain() 
 105   when finished
 106 */
 107 
 108 struct test_join *torture_create_testuser(struct torture_context *torture,
     /* [<][>][^][v][top][bottom][index][help] */
 109                                           const char *username, 
 110                                           const char *domain,
 111                                           uint16_t acct_type,
 112                                           const char **random_password)
 113 {
 114         NTSTATUS status;
 115         struct samr_Connect c;
 116         struct samr_CreateUser2 r;
 117         struct samr_OpenDomain o;
 118         struct samr_LookupDomain l;
 119         struct dom_sid2 *sid = NULL;
 120         struct samr_GetUserPwInfo pwp;
 121         struct samr_PwInfo info;
 122         struct samr_SetUserInfo s;
 123         union samr_UserInfo u;
 124         struct policy_handle handle;
 125         struct policy_handle domain_handle;
 126         uint32_t access_granted;
 127         uint32_t rid;
 128         DATA_BLOB session_key;
 129         struct lsa_String name;
 130         
 131         int policy_min_pw_len = 0;
 132         struct test_join *join;
 133         char *random_pw;
 134         const char *dc_binding = torture_setting_string(torture, "dc_binding", NULL);
 135 
 136         join = talloc(NULL, struct test_join);
 137         if (join == NULL) {
 138                 return NULL;
 139         }
 140 
 141         ZERO_STRUCTP(join);
 142 
 143         printf("Connecting to SAMR\n");
 144         
 145         if (dc_binding) {
 146                 status = dcerpc_pipe_connect(join,
 147                                              &join->p,
 148                                              dc_binding,
 149                                              &ndr_table_samr,
 150                                              cmdline_credentials, NULL, torture->lp_ctx);
 151                                              
 152         } else {
 153                 status = torture_rpc_connection(torture, 
 154                                                 &join->p, 
 155                                                 &ndr_table_samr);
 156         }
 157         if (!NT_STATUS_IS_OK(status)) {
 158                 return NULL;
 159         }
 160 
 161         c.in.system_name = NULL;
 162         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 163         c.out.connect_handle = &handle;
 164 
 165         status = dcerpc_samr_Connect(join->p, join, &c);
 166         if (!NT_STATUS_IS_OK(status)) {
 167                 const char *errstr = nt_errstr(status);
 168                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 169                         errstr = dcerpc_errstr(join, join->p->last_fault_code);
 170                 }
 171                 printf("samr_Connect failed - %s\n", errstr);
 172                 return NULL;
 173         }
 174 
 175         printf("Opening domain %s\n", domain);
 176 
 177         name.string = domain;
 178         l.in.connect_handle = &handle;
 179         l.in.domain_name = &name;
 180         l.out.sid = &sid;
 181 
 182         status = dcerpc_samr_LookupDomain(join->p, join, &l);
 183         if (!NT_STATUS_IS_OK(status)) {
 184                 printf("LookupDomain failed - %s\n", nt_errstr(status));
 185                 goto failed;
 186         }
 187 
 188         talloc_steal(join, *l.out.sid);
 189         join->dom_sid = *l.out.sid;
 190         join->dom_netbios_name = talloc_strdup(join, domain);
 191         if (!join->dom_netbios_name) goto failed;
 192 
 193         o.in.connect_handle = &handle;
 194         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 195         o.in.sid = *l.out.sid;
 196         o.out.domain_handle = &domain_handle;
 197 
 198         status = dcerpc_samr_OpenDomain(join->p, join, &o);
 199         if (!NT_STATUS_IS_OK(status)) {
 200                 printf("OpenDomain failed - %s\n", nt_errstr(status));
 201                 goto failed;
 202         }
 203 
 204         printf("Creating account %s\n", username);
 205 
 206 again:
 207         name.string = username;
 208         r.in.domain_handle = &domain_handle;
 209         r.in.account_name = &name;
 210         r.in.acct_flags = acct_type;
 211         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 212         r.out.user_handle = &join->user_handle;
 213         r.out.access_granted = &access_granted;
 214         r.out.rid = &rid;
 215 
 216         status = dcerpc_samr_CreateUser2(join->p, join, &r);
 217 
 218         if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 219                 status = DeleteUser_byname(join->p, join, &domain_handle, name.string);
 220                 if (NT_STATUS_IS_OK(status)) {
 221                         goto again;
 222                 }
 223         }
 224 
 225         if (!NT_STATUS_IS_OK(status)) {
 226                 printf("CreateUser2 failed - %s\n", nt_errstr(status));
 227                 goto failed;
 228         }
 229 
 230         join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);
 231 
 232         pwp.in.user_handle = &join->user_handle;
 233         pwp.out.info = &info;
 234 
 235         status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp);
 236         if (NT_STATUS_IS_OK(status)) {
 237                 policy_min_pw_len = pwp.out.info->min_password_length;
 238         }
 239 
 240         random_pw = generate_random_str(join, MAX(8, policy_min_pw_len));
 241 
 242         printf("Setting account password '%s'\n", random_pw);
 243 
 244         ZERO_STRUCT(u);
 245         s.in.user_handle = &join->user_handle;
 246         s.in.info = &u;
 247         s.in.level = 24;
 248 
 249         encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
 250         u.info24.password_expired = 0;
 251 
 252         status = dcerpc_fetch_session_key(join->p, &session_key);
 253         if (!NT_STATUS_IS_OK(status)) {
 254                 printf("SetUserInfo level %u - no session key - %s\n",
 255                        s.in.level, nt_errstr(status));
 256                 torture_leave_domain(torture, join);
 257                 goto failed;
 258         }
 259 
 260         arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
 261 
 262         status = dcerpc_samr_SetUserInfo(join->p, join, &s);
 263         if (!NT_STATUS_IS_OK(status)) {
 264                 printf("SetUserInfo failed - %s\n", nt_errstr(status));
 265                 goto failed;
 266         }
 267 
 268         ZERO_STRUCT(u);
 269         s.in.user_handle = &join->user_handle;
 270         s.in.info = &u;
 271         s.in.level = 21;
 272 
 273         u.info21.acct_flags = acct_type | ACB_PWNOEXP;
 274         u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
 275 
 276         u.info21.comment.string = talloc_asprintf(join, 
 277                                                   "Tortured by Samba4: %s", 
 278                                                   timestring(join, time(NULL)));
 279         
 280         u.info21.full_name.string = talloc_asprintf(join, 
 281                                                     "Torture account for Samba4: %s", 
 282                                                     timestring(join, time(NULL)));
 283         
 284         u.info21.description.string = talloc_asprintf(join, 
 285                                          "Samba4 torture account created by host %s: %s", 
 286                                          lp_netbios_name(torture->lp_ctx), 
 287                                          timestring(join, time(NULL)));
 288 
 289         printf("Resetting ACB flags, force pw change time\n");
 290 
 291         status = dcerpc_samr_SetUserInfo(join->p, join, &s);
 292         if (!NT_STATUS_IS_OK(status)) {
 293                 printf("SetUserInfo failed - %s\n", nt_errstr(status));
 294                 goto failed;
 295         }
 296 
 297         if (random_password) {
 298                 *random_password = random_pw;
 299         }
 300 
 301         return join;
 302 
 303 failed:
 304         torture_leave_domain(torture, join);
 305         return NULL;
 306 }
 307 
 308 
 309 _PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 310                                                const char *machine_name, 
 311                                       uint32_t acct_flags,
 312                                       struct cli_credentials **machine_credentials)
 313 {
 314         NTSTATUS status;
 315         struct libnet_context *libnet_ctx;
 316         struct libnet_JoinDomain *libnet_r;
 317         struct test_join *tj;
 318         struct samr_SetUserInfo s;
 319         union samr_UserInfo u;
 320         
 321         tj = talloc(tctx, struct test_join);
 322         if (!tj) return NULL;
 323 
 324         libnet_r = talloc(tj, struct libnet_JoinDomain);
 325         if (!libnet_r) {
 326                 talloc_free(tj);
 327                 return NULL;
 328         }
 329         
 330         libnet_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);       
 331         if (!libnet_ctx) {
 332                 talloc_free(tj);
 333                 return NULL;
 334         }
 335         
 336         tj->libnet_r = libnet_r;
 337                 
 338         libnet_ctx->cred = cmdline_credentials;
 339         libnet_r->in.binding = torture_setting_string(tctx, "binding", NULL);
 340         if (!libnet_r->in.binding) {
 341                 libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", torture_setting_string(tctx, "host", NULL));
 342         }
 343         libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
 344         libnet_r->in.netbios_name = machine_name;
 345         libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
 346         if (!libnet_r->in.account_name) {
 347                 talloc_free(tj);
 348                 return NULL;
 349         }
 350         
 351         libnet_r->in.acct_type = acct_flags;
 352         libnet_r->in.recreate_account = true;
 353 
 354         status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
 355         if (!NT_STATUS_IS_OK(status)) {
 356                 if (libnet_r->out.error_string) {
 357                         DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string));
 358                 } else {
 359                         DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status)));
 360                 }
 361                 talloc_free(tj);
 362                 return NULL;
 363         }
 364         tj->p = libnet_r->out.samr_pipe;
 365         tj->user_handle = *libnet_r->out.user_handle;
 366         tj->dom_sid = libnet_r->out.domain_sid;
 367         talloc_steal(tj, libnet_r->out.domain_sid);
 368         tj->dom_netbios_name    = libnet_r->out.domain_name;
 369         talloc_steal(tj, libnet_r->out.domain_name);
 370         tj->dom_dns_name        = libnet_r->out.realm;
 371         talloc_steal(tj, libnet_r->out.realm);
 372         tj->user_guid = libnet_r->out.account_guid;
 373         tj->netbios_name = talloc_strdup(tj, machine_name);
 374         if (!tj->netbios_name) {
 375                 talloc_free(tj);
 376                 return NULL;
 377         }
 378 
 379         ZERO_STRUCT(u);
 380         s.in.user_handle = &tj->user_handle;
 381         s.in.info = &u;
 382         s.in.level = 21;
 383 
 384         u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
 385         u.info21.comment.string = talloc_asprintf(tj, 
 386                                                   "Tortured by Samba4: %s", 
 387                                                   timestring(tj, time(NULL)));
 388         u.info21.full_name.string = talloc_asprintf(tj, 
 389                                                     "Torture account for Samba4: %s", 
 390                                                     timestring(tj, time(NULL)));
 391         
 392         u.info21.description.string = talloc_asprintf(tj, 
 393                                                       "Samba4 torture account created by host %s: %s", 
 394                                                       lp_netbios_name(tctx->lp_ctx), timestring(tj, time(NULL)));
 395 
 396         status = dcerpc_samr_SetUserInfo(tj->p, tj, &s);
 397         if (!NT_STATUS_IS_OK(status)) {
 398                 printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
 399         }
 400 
 401         *machine_credentials = cli_credentials_init(tj);
 402         cli_credentials_set_conf(*machine_credentials, tctx->lp_ctx);
 403         cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
 404         cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
 405         if (libnet_r->out.realm) {
 406                 cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
 407         }
 408         cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
 409         cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
 410         cli_credentials_set_kvno(*machine_credentials, libnet_r->out.kvno);
 411         if (acct_flags & ACB_SVRTRUST) {
 412                 cli_credentials_set_secure_channel_type(*machine_credentials,
 413                                                         SEC_CHAN_BDC);
 414         } else if (acct_flags & ACB_WSTRUST) {
 415                 cli_credentials_set_secure_channel_type(*machine_credentials,
 416                                                         SEC_CHAN_WKSTA);
 417         } else {
 418                 DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
 419                 talloc_free(*machine_credentials);
 420                 return NULL;
 421         }
 422 
 423         return tj;
 424 }
 425 
 426 struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join) 
     /* [<][>][^][v][top][bottom][index][help] */
 427 {
 428         return join->p;
 429 }
 430 
 431 struct policy_handle *torture_join_samr_user_policy(struct test_join *join) 
     /* [<][>][^][v][top][bottom][index][help] */
 432 {
 433         return &join->user_handle;
 434 }
 435 
 436 static NTSTATUS torture_leave_ads_domain(struct torture_context *torture,
     /* [<][>][^][v][top][bottom][index][help] */
 437                                          TALLOC_CTX *mem_ctx,
 438                                          struct libnet_JoinDomain *libnet_r)
 439 {
 440         int rtn;
 441         TALLOC_CTX *tmp_ctx;
 442 
 443         struct ldb_dn *server_dn;
 444         struct ldb_context *ldb_ctx;
 445 
 446         char *remote_ldb_url; 
 447          
 448         /* Check if we are a domain controller. If not, exit. */
 449         if (!libnet_r->out.server_dn_str) {
 450                 return NT_STATUS_OK;
 451         }
 452 
 453         tmp_ctx = talloc_named(mem_ctx, 0, "torture_leave temporary context");
 454         if (!tmp_ctx) {
 455                 libnet_r->out.error_string = NULL;
 456                 return NT_STATUS_NO_MEMORY;
 457         }
 458 
 459         ldb_ctx = ldb_init(tmp_ctx, torture->ev);
 460         if (!ldb_ctx) {
 461                 libnet_r->out.error_string = NULL;
 462                 talloc_free(tmp_ctx);
 463                 return NT_STATUS_NO_MEMORY;
 464         }
 465 
 466         /* Remove CN=Servers,... entry from the AD. */ 
 467         server_dn = ldb_dn_new(tmp_ctx, ldb_ctx, libnet_r->out.server_dn_str);
 468         if (! ldb_dn_validate(server_dn)) {
 469                 libnet_r->out.error_string = NULL;
 470                 talloc_free(tmp_ctx);
 471                 return NT_STATUS_NO_MEMORY;
 472         }
 473 
 474         remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", libnet_r->out.samr_binding->host);
 475         if (!remote_ldb_url) {
 476                 libnet_r->out.error_string = NULL;
 477                 talloc_free(tmp_ctx);
 478                 return NT_STATUS_NO_MEMORY;
 479         }
 480 
 481         ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials);
 482         ldb_set_opaque(ldb_ctx, "loadparm", cmdline_lp_ctx);
 483 
 484         rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL);
 485         if (rtn != 0) {
 486                 libnet_r->out.error_string = NULL;
 487                 talloc_free(tmp_ctx);
 488                 return NT_STATUS_UNSUCCESSFUL;
 489         }
 490 
 491         rtn = ldb_delete(ldb_ctx, server_dn);
 492         if (rtn != 0) {
 493                 libnet_r->out.error_string = NULL;
 494                 talloc_free(tmp_ctx);
 495                 return NT_STATUS_UNSUCCESSFUL;
 496         }
 497 
 498         DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str));
 499 
 500         talloc_free(tmp_ctx); 
 501         return NT_STATUS_OK;
 502 }
 503 
 504 /*
 505   leave the domain, deleting the machine acct
 506 */
 507 
 508 _PUBLIC_ void torture_leave_domain(struct torture_context *torture, struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 509 {
 510         struct samr_DeleteUser d;
 511         NTSTATUS status;
 512 
 513         if (!join) {
 514                 return;
 515         }
 516         d.in.user_handle = &join->user_handle;
 517         d.out.user_handle = &join->user_handle;
 518 
 519         /* Delete machine account */
 520         status = dcerpc_samr_DeleteUser(join->p, join, &d);
 521         if (!NT_STATUS_IS_OK(status)) {
 522                 printf("Delete of machine account %s failed\n",
 523                        join->netbios_name);
 524         } else {
 525                 printf("Delete of machine account %s was successful.\n",
 526                        join->netbios_name);
 527         }
 528 
 529         if (join->libnet_r) {
 530                 status = torture_leave_ads_domain(torture, join, join->libnet_r);
 531         }
 532         
 533         talloc_free(join);
 534 }
 535 
 536 /*
 537   return the dom sid for a test join
 538 */
 539 _PUBLIC_ const struct dom_sid *torture_join_sid(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 540 {
 541         return join->dom_sid;
 542 }
 543 
 544 const struct dom_sid *torture_join_user_sid(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 545 {
 546         return join->user_sid;
 547 }
 548 
 549 const char *torture_join_netbios_name(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 550 {
 551         return join->netbios_name;
 552 }
 553 
 554 const struct GUID *torture_join_user_guid(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 555 {
 556         return &join->user_guid;
 557 }
 558 
 559 const char *torture_join_dom_netbios_name(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 560 {
 561         return join->dom_netbios_name;
 562 }
 563 
 564 const char *torture_join_dom_dns_name(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 565 {
 566         return join->dom_dns_name;
 567 }
 568 
 569 const char *torture_join_server_dn_str(struct test_join *join)
     /* [<][>][^][v][top][bottom][index][help] */
 570 {
 571         if (join->libnet_r) {
 572                 return join->libnet_r->out.server_dn_str;
 573         }
 574         return NULL;
 575 }
 576 
 577 
 578 #if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */
 579 struct test_join_ads_dc {
 580         struct test_join *join;
 581 };
 582 
 583 struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name, 
     /* [<][>][^][v][top][bottom][index][help] */
 584                                                     const char *domain,
 585                                                     struct cli_credentials **machine_credentials)
 586 {
 587         struct test_join_ads_dc *join;
 588 
 589         join = talloc(NULL, struct test_join_ads_dc);
 590         if (join == NULL) {
 591                 return NULL;
 592         }
 593 
 594         join->join = torture_join_domain(machine_name, 
 595                                         ACB_SVRTRUST,
 596                                         machine_credentials);
 597 
 598         if (!join->join) {
 599                 return NULL;
 600         }
 601 
 602 /* W2K: */
 603         /* W2K: modify userAccountControl from 4096 to 532480 */
 604         
 605         /* W2K: modify RDN to OU=Domain Controllers and skip the $ from server name */
 606 
 607         /* ask objectVersion of Schema Partition */
 608 
 609         /* ask rIDManagerReferenz of the Domain Partition */
 610 
 611         /* ask fsMORoleOwner of the RID-Manager$ object
 612          * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ...
 613          */
 614 
 615         /* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
 616 
 617         /* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
 618 
 619         /* ask for * of CN=Default-First-Site-Name, ... */
 620 
 621         /* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition 
 622          * attributes : distinguishedName, userAccountControl
 623          */
 624 
 625         /* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... 
 626          * should fail with noSuchObject
 627          */
 628 
 629         /* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... 
 630          *
 631          * objectClass = server
 632          * systemFlags = 50000000
 633          * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
 634          */
 635 
 636         /* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
 637          * should fail with noSuchObject
 638          */
 639 
 640         /* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,... 
 641          * attributes: ncName, dnsRoot
 642          */
 643 
 644         /* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
 645          * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
 646          * should fail with attributeOrValueExists
 647          */
 648 
 649         /* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
 650          * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
 651          */
 652 
 653         /* DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
 654          *
 655          */
 656 
 657         /* replicate CN=Schema,CN=Configuration,...
 658          * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
 659          *
 660          */
 661 
 662         /* replicate CN=Configuration,...
 663          * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
 664          *
 665          */
 666 
 667         /* replicate Domain Partition
 668          * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
 669          *
 670          */
 671 
 672         /* call DsReplicaUpdateRefs() for all partitions like this:
 673          *     req1: struct drsuapi_DsReplicaUpdateRefsRequest1
 674          *           naming_context           : *
 675          *                 naming_context: struct drsuapi_DsReplicaObjectIdentifier
 676          *                     __ndr_size               : 0x000000ae (174)
 677          *                     __ndr_size_sid           : 0x00000000 (0)
 678          *                     guid                     : 00000000-0000-0000-0000-000000000000
 679          *                     sid                      : S-0-0
 680          *                     dn                       : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base'
 681          *           dest_dsa_dns_name        : *
 682          *                 dest_dsa_dns_name        : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base'
 683          *           dest_dsa_guid            : 4a0df188-a0b8-47ea-bbe5-e614723f16dd
 684          *           options                  : 0x0000001c (28)
 685          *                 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION
 686          *                 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE
 687          *                 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE
 688          *                 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE
 689          *                 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010      
 690          *
 691          * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the
 692          * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
 693          */
 694 
 695 /* W2K3: see libnet/libnet_become_dc.c */
 696         return join;
 697 }
 698 
 699 #endif

/* [<][>][^][v][top][bottom][index][help] */