Author: jra Date: 2005-09-08 23:44:54 +0000 (Thu, 08 Sep 2005) New Revision: 10095
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10095 Log: We always open netlogon with schannel now - make samsync compile. Jeremy. Modified: branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c branches/tmp/RPCREWRITE/source/passdb/secrets.c branches/tmp/RPCREWRITE/source/utils/net_rpc.c branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c Changeset: Modified: branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c =================================================================== --- branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c 2005-09-08 22:33:48 UTC (rev 10094) +++ branches/tmp/RPCREWRITE/source/libsmb/trusts_util.c 2005-09-08 23:44:54 UTC (rev 10095) @@ -36,23 +36,32 @@ uint32 sec_channel_type) { NTSTATUS result; - uint32 flags_out; - /* ensure that schannel uses the right domain */ - result = rpccli_netlogon_setup_creds(cli, +#if 0 + We always open netlogon with schannel now... + + /* Check if the netlogon pipe is open using schannel. If so we + already have valid creds. If not we must set them up. */ + + if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + + result = rpccli_netlogon_setup_creds(cli, cli->cli->desthost, lp_workgroup(), global_myname(), orig_trust_passwd_hash, sec_channel_type, - &flags_out); + &neg_flags); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", - nt_errstr(result))); - return result; + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", + nt_errstr(result))); + return result; + } } - +#endif + result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash); if (!NT_STATUS_IS_OK(result)) { Modified: branches/tmp/RPCREWRITE/source/passdb/secrets.c =================================================================== --- branches/tmp/RPCREWRITE/source/passdb/secrets.c 2005-09-08 22:33:48 UTC (rev 10094) +++ branches/tmp/RPCREWRITE/source/passdb/secrets.c 2005-09-08 23:44:54 UTC (rev 10095) @@ -468,11 +468,11 @@ return ret; } - /************************************************************************ Routine to fetch the plaintext machine account password for a realm -the password is assumed to be a null terminated ascii string + the password is assumed to be a null terminated ascii string. ************************************************************************/ + char *secrets_fetch_machine_password(const char *domain, time_t *pass_last_set_time, uint32 *channel) @@ -576,7 +576,6 @@ return secrets_delete(trustdom_keystr(domain)); } - BOOL secrets_store_ldap_pw(const char* dn, char* pw) { char *key = NULL; @@ -594,8 +593,9 @@ } /******************************************************************* - find the ldap password + Find the ldap password. ******************************************************************/ + BOOL fetch_ldap_pw(char **dn, char** pw) { char *key = NULL; @@ -658,7 +658,6 @@ return True; } - /** * Get trusted domains info from secrets.tdb. * Modified: branches/tmp/RPCREWRITE/source/utils/net_rpc.c =================================================================== --- branches/tmp/RPCREWRITE/source/utils/net_rpc.c 2005-09-08 22:33:48 UTC (rev 10094) +++ branches/tmp/RPCREWRITE/source/utils/net_rpc.c 2005-09-08 23:44:54 UTC (rev 10095) @@ -139,9 +139,23 @@ domain_sid = net_get_remote_domain_sid(cli, mem_ctx, &domain_name); if (!(conn_flags & NET_FLAGS_NO_PIPE)) { - pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx); - if (!pipe_hnd) { - DEBUG(0, ("Could not initialise pipe %s\n", cli_get_pipe_name(pipe_idx))); + if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) { + /* Always try and create an schannel netlogon pipe. */ + pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx, + PIPE_AUTH_LEVEL_PRIVACY, + domain_name); + if (!pipe_hnd) { + DEBUG(0, ("Could not initialise schannel netlogon pipe\n")); + cli_shutdown(cli); + return -1; + } + } else { + pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx); + if (!pipe_hnd) { + DEBUG(0, ("Could not initialise pipe %s\n", cli_get_pipe_name(pipe_idx))); + cli_shutdown(cli); + return -1; + } } } Modified: branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c =================================================================== --- branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c 2005-09-08 22:33:48 UTC (rev 10094) +++ branches/tmp/RPCREWRITE/source/utils/net_rpc_samsync.c 2005-09-08 23:44:54 UTC (rev 10095) @@ -264,6 +264,9 @@ int argc, const char **argv) { +#if 0 + /* net_rpc.c now always tries to create an schannel pipe.. */ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; @@ -288,16 +291,13 @@ DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } +#endif dump_database(pipe_hnd, SAM_DATABASE_DOMAIN); dump_database(pipe_hnd, SAM_DATABASE_BUILTIN); dump_database(pipe_hnd, SAM_DATABASE_PRIVS); - nt_status = NT_STATUS_OK; - -fail: - - return nt_status; + return NT_STATUS_OK; } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ @@ -2130,11 +2130,8 @@ const char **argv) { NTSTATUS result; - uchar trust_password[16]; fstring my_dom_sid_str; fstring rem_dom_sid_str; - uint32 sec_channel_type = 0; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; if (!sid_equal(domain_sid, get_global_sam_sid())) { d_printf("Cannot import users from %s at this time, " @@ -2149,34 +2146,11 @@ return NT_STATUS_UNSUCCESSFUL; } - if (!secrets_fetch_trust_account_password(domain_name, - trust_password, NULL, - &sec_channel_type)) { - result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - d_printf("Could not retrieve domain trust secret\n"); - goto fail; - } - - result = rpccli_netlogon_setup_creds(pipe_hnd, - cli->desthost, - domain_name, - global_myname(), - trust_password, - sec_channel_type, - &neg_flags); - result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); - - if (!NT_STATUS_IS_OK(result)) { - d_printf("Failed to setup BDC creds\n"); - goto fail; - } - if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(cli, SAM_DATABASE_DOMAIN, - &ret_creds, *domain_sid, argv[1]); + result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN, + *domain_sid, argv[1]); } else { - result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, - *domain_sid); + result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, *domain_sid); } if (!NT_STATUS_IS_OK(result)) { @@ -2189,12 +2163,10 @@ } if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(cli, SAM_DATABASE_BUILTIN, - &ret_creds, global_sid_Builtin, - argv[1]); + result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, + global_sid_Builtin, argv[1]); } else { - result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, - global_sid_Builtin); + result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, global_sid_Builtin); } if (!NT_STATUS_IS_OK(result)) {
