2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan Metzmacher 2006
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #include "libnet/libnet.h"
23 #include "libcli/composite/composite.h"
24 #include "libcli/cldap/cldap.h"
25 #include "lib/ldb/include/ldb.h"
26 #include "lib/ldb/include/ldb_errors.h"
27 #include "lib/db_wrap.h"
28 #include "dsdb/samdb/samdb.h"
29 #include "dsdb/common/flags.h"
31 struct libnet_UnbecomeDC_state {
32 struct composite_context *creq;
34 struct libnet_context *libnet;
37 struct cldap_socket *sock;
38 struct cldap_netlogon io;
39 struct nbt_cldap_netlogon_5 netlogon5;
43 struct ldb_context *ldb;
49 const char *netbios_name;
58 const char *config_dn_str;
67 const char *netbios_name;
68 const char *site_name;
73 const char *netbios_name;
77 const char *site_name;
78 const char *computer_dn_str;
79 const char *server_dn_str;
80 uint32_t user_account_control;
84 static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s);
86 static void unbecomeDC_recv_cldap(struct cldap_request *req)
88 struct libnet_UnbecomeDC_state *s = talloc_get_type(req->async.private,
89 struct libnet_UnbecomeDC_state);
90 struct composite_context *c = s->creq;
92 c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
93 if (!composite_is_ok(c)) return;
95 s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5;
97 s->domain.dns_name = s->cldap.netlogon5.dns_domain;
98 s->domain.netbios_name = s->cldap.netlogon5.domain;
99 s->domain.guid = s->cldap.netlogon5.domain_uuid;
101 s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name;
102 s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name;
103 s->source_dsa.site_name = s->cldap.netlogon5.server_site;
105 s->dest_dsa.site_name = s->cldap.netlogon5.client_site;
107 unbecomeDC_connect_ldap(s);
110 static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s)
112 struct composite_context *c = s->creq;
113 struct cldap_request *req;
115 s->cldap.io.in.dest_address = s->source_dsa.address;
116 s->cldap.io.in.realm = s->domain.dns_name;
117 s->cldap.io.in.host = s->dest_dsa.netbios_name;
118 s->cldap.io.in.user = NULL;
119 s->cldap.io.in.domain_guid = NULL;
120 s->cldap.io.in.domain_sid = NULL;
121 s->cldap.io.in.acct_control = -1;
122 s->cldap.io.in.version = 6;
124 s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx);
125 if (composite_nomem(s->cldap.sock, c)) return;
127 req = cldap_netlogon_send(s->cldap.sock, &s->cldap.io);
128 if (composite_nomem(req, c)) return;
129 req->async.fn = unbecomeDC_recv_cldap;
130 req->async.private = s;
133 static NTSTATUS unbecomeDC_ldap_connect(struct libnet_UnbecomeDC_state *s)
137 url = talloc_asprintf(s, "ldap://%s/", s->source_dsa.dns_name);
138 NT_STATUS_HAVE_NO_MEMORY(url);
140 s->ldap.ldb = ldb_wrap_connect(s, url,
145 if (s->ldap.ldb == NULL) {
146 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
152 static NTSTATUS unbecomeDC_ldap_rootdse(struct libnet_UnbecomeDC_state *s)
155 struct ldb_result *r;
156 struct ldb_dn *basedn;
157 static const char *attrs[] = {
158 "defaultNamingContext",
159 "configurationNamingContext",
163 basedn = ldb_dn_new(s, s->ldap.ldb, NULL);
164 NT_STATUS_HAVE_NO_MEMORY(basedn);
166 ret = ldb_search(s->ldap.ldb, basedn, LDB_SCOPE_BASE,
167 "(objectClass=*)", attrs, &r);
169 if (ret != LDB_SUCCESS) {
170 return NT_STATUS_LDAP(ret);
171 } else if (r->count != 1) {
173 return NT_STATUS_INVALID_NETWORK_RESPONSE;
177 s->domain.dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "defaultNamingContext", NULL);
178 if (!s->domain.dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
179 talloc_steal(s, s->domain.dn_str);
181 s->forest.config_dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "configurationNamingContext", NULL);
182 if (!s->forest.config_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
183 talloc_steal(s, s->forest.config_dn_str);
189 static NTSTATUS unbecomeDC_ldap_computer_object(struct libnet_UnbecomeDC_state *s)
192 struct ldb_result *r;
193 struct ldb_dn *basedn;
195 static const char *attrs[] = {
197 "userAccountControl",
201 basedn = ldb_dn_new(s, s->ldap.ldb, s->domain.dn_str);
202 NT_STATUS_HAVE_NO_MEMORY(basedn);
204 filter = talloc_asprintf(basedn, "(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=%s$))",
205 s->dest_dsa.netbios_name);
206 NT_STATUS_HAVE_NO_MEMORY(filter);
208 ret = ldb_search(s->ldap.ldb, basedn, LDB_SCOPE_SUBTREE,
211 if (ret != LDB_SUCCESS) {
212 return NT_STATUS_LDAP(ret);
213 } else if (r->count != 1) {
215 return NT_STATUS_INVALID_NETWORK_RESPONSE;
218 s->dest_dsa.computer_dn_str = samdb_result_string(r->msgs[0], "distinguishedName", NULL);
219 if (!s->dest_dsa.computer_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
220 talloc_steal(s, s->dest_dsa.computer_dn_str);
222 s->dest_dsa.user_account_control = samdb_result_uint(r->msgs[0], "userAccountControl", 0);
228 static NTSTATUS unbecomeDC_ldap_modify_computer(struct libnet_UnbecomeDC_state *s)
231 struct ldb_message *msg;
232 uint32_t user_account_control = UF_WORKSTATION_TRUST_ACCOUNT;
235 /* as the value is already as we want it to be, we're done */
236 if (s->dest_dsa.user_account_control == user_account_control) {
240 /* make a 'modify' msg, and only for serverReference */
241 msg = ldb_msg_new(s);
242 NT_STATUS_HAVE_NO_MEMORY(msg);
243 msg->dn = ldb_dn_new(msg, s->ldap.ldb, s->dest_dsa.computer_dn_str);
244 NT_STATUS_HAVE_NO_MEMORY(msg->dn);
246 ret = ldb_msg_add_fmt(msg, "userAccountControl", "%u", user_account_control);
249 return NT_STATUS_NO_MEMORY;
252 /* mark all the message elements (should be just one)
253 as LDB_FLAG_MOD_REPLACE */
254 for (i=0;i<msg->num_elements;i++) {
255 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
258 ret = ldb_modify(s->ldap.ldb, msg);
260 if (ret != LDB_SUCCESS) {
261 return NT_STATUS_LDAP(ret);
264 s->dest_dsa.user_account_control = user_account_control;
269 static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s)
271 struct composite_context *c = s->creq;
273 c->status = unbecomeDC_ldap_connect(s);
274 if (!composite_is_ok(c)) return;
276 c->status = unbecomeDC_ldap_rootdse(s);
277 if (!composite_is_ok(c)) return;
279 c->status = unbecomeDC_ldap_computer_object(s);
280 if (!composite_is_ok(c)) return;
282 c->status = unbecomeDC_ldap_modify_computer(s);
283 if (!composite_is_ok(c)) return;
285 composite_error(c, NT_STATUS_NOT_IMPLEMENTED);
288 struct composite_context *libnet_UnbecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
290 struct composite_context *c;
291 struct libnet_UnbecomeDC_state *s;
294 c = composite_create(mem_ctx, ctx->event_ctx);
295 if (c == NULL) return NULL;
297 s = talloc_zero(c, struct libnet_UnbecomeDC_state);
298 if (composite_nomem(s, c)) return c;
304 s->domain.dns_name = talloc_strdup(s, r->in.domain_dns_name);
305 if (composite_nomem(s->domain.dns_name, c)) return c;
306 s->domain.netbios_name = talloc_strdup(s, r->in.domain_netbios_name);
307 if (composite_nomem(s->domain.netbios_name, c)) return c;
309 /* Source DSA input */
310 s->source_dsa.address = talloc_strdup(s, r->in.source_dsa_address);
311 if (composite_nomem(s->source_dsa.address, c)) return c;
313 /* Destination DSA input */
314 s->dest_dsa.netbios_name= talloc_strdup(s, r->in.dest_dsa_netbios_name);
315 if (composite_nomem(s->dest_dsa.netbios_name, c)) return c;
317 /* Destination DSA dns_name construction */
318 tmp_name = strlower_talloc(s, s->dest_dsa.netbios_name);
319 if (composite_nomem(tmp_name, c)) return c;
320 s->dest_dsa.dns_name = talloc_asprintf_append(tmp_name, ".%s",
322 if (composite_nomem(s->dest_dsa.dns_name, c)) return c;
324 unbecomeDC_send_cldap(s);
328 NTSTATUS libnet_UnbecomeDC_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
332 status = composite_wait(c);
340 NTSTATUS libnet_UnbecomeDC(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
343 struct composite_context *c;
344 c = libnet_UnbecomeDC_send(ctx, mem_ctx, r);
345 status = libnet_UnbecomeDC_recv(c, mem_ctx, r);