This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "libnet/libnet.h"
-#include "libcli/ldap/ldap.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "dsdb/samdb/samdb.h"
#include "auth/auth.h"
+#include "util/util_ldb.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "ldb_wrap.h"
+#include "libcli/security/security.h"
+#include "librpc/rpc/dcerpc.h"
+#include "param/param.h"
struct samsync_ldb_secret {
struct samsync_ldb_secret *prev, *next;
struct samsync_ldb_state {
/* Values from the LSA lookup */
- const char *domain_name;
- const struct dom_sid *domain_sid;
- const char *realm;
+ const struct libnet_SamSync_state *samsync_state;
struct dom_sid *dom_sid[3];
struct ldb_context *sam_ldb, *remote_ldb;
*error_string = talloc_asprintf(mem_ctx,
"Failed to find DN for "
"ForeignSecurityPrincipal container under %s",
- ldb_dn_linearize(mem_ctx, state->base_dn[SAM_DATABASE_DOMAIN]));
+ ldb_dn_get_linearized(state->base_dn[SAM_DATABASE_DOMAIN]));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
/* add core elements to the ldb_message for the alias */
- msg->dn = ldb_dn_build_child(mem_ctx, "CN", sidstr, basedn);
- if (msg->dn == NULL)
- return NT_STATUS_NO_MEMORY;
+ msg->dn = basedn;
+ if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s", sidstr))
+ return NT_STATUS_UNSUCCESSFUL;
samdb_msg_add_string(state->sam_ldb, mem_ctx, msg,
"objectClass",
*fsp_dn = msg->dn;
/* create the alias */
- ret = samdb_add(state->sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state->sam_ldb, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to create foreignSecurityPrincipal "
"record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
struct ldb_message *msg;
int ret;
+ msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (database == SAM_DATABASE_DOMAIN) {
+ struct ldb_dn *partitions_basedn;
const char *domain_attrs[] = {"nETBIOSName", "nCName", NULL};
struct ldb_message **msgs_domain;
int ret_domain;
- ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
+ partitions_basedn = samdb_partitions_dn(state->sam_ldb, mem_ctx);
+
+ ret_domain = gendb_search(state->sam_ldb, mem_ctx, partitions_basedn, &msgs_domain, domain_attrs,
"(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
domain_name);
if (ret_domain == -1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- state->base_dn[database] = samdb_result_dn(state, msgs_domain[0], "nCName", NULL);
+ state->base_dn[database] = samdb_result_dn(state->sam_ldb, state, msgs_domain[0], "nCName", NULL);
- if (state->domain_sid) {
- state->dom_sid[database] = dom_sid_dup(state, state->domain_sid);
+ if (state->dom_sid[database]) {
+ /* Update the domain sid with the incoming
+ * domain (found on LSA pipe, database sid may
+ * be random) */
+ samdb_msg_add_dom_sid(state->sam_ldb, mem_ctx,
+ msg, "objectSid", state->dom_sid[database]);
} else {
+ /* Well, we will have to use the one from the database */
state->dom_sid[database] = samdb_search_dom_sid(state->sam_ldb, state,
state->base_dn[database],
"objectSid", NULL);
}
+
+ if (state->samsync_state->domain_guid) {
+ enum ndr_err_code ndr_err;
+ struct ldb_val v;
+ ndr_err = ndr_push_struct_blob(&v, msg, NULL,
+ state->samsync_state->domain_guid,
+ (ndr_push_flags_fn_t)ndr_push_GUID);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ *error_string = talloc_asprintf(mem_ctx, "ndr_push of domain GUID failed!");
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ ldb_msg_add_value(msg, "objectGUID", &v, NULL);
+ }
} else if (database == SAM_DATABASE_BUILTIN) {
/* work out the builtin_dn - useful for so many calls its worth
fetching here */
const char *dnstring = samdb_search_string(state->sam_ldb, mem_ctx, NULL,
"distinguishedName", "objectClass=builtinDomain");
- state->base_dn[database] = ldb_dn_explode(state, dnstring);
- state->dom_sid[database] = dom_sid_parse_talloc(state, SID_BUILTIN);
+ state->base_dn[database] = ldb_dn_new(state, state->sam_ldb, dnstring);
+ if ( ! ldb_dn_validate(state->base_dn[database])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
} else {
/* PRIVs DB */
return NT_STATUS_INVALID_PARAMETER;
}
- msg = ldb_msg_new(mem_ctx);
- if (msg == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
msg->dn = talloc_reference(mem_ctx, state->base_dn[database]);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
samdb_msg_add_string(state->sam_ldb, mem_ctx,
- msg, "oEMInformation", domain->comment.string);
+ msg, "oEMInformation", domain->oem_information.string);
samdb_msg_add_int64(state->sam_ldb, mem_ctx,
msg, "forceLogoff", domain->force_logoff_time);
samdb_msg_add_uint64(state->sam_ldb, mem_ctx,
msg, "creationTime", domain->domain_create_time);
- /* Update the domain sid with the incoming domain */
- samdb_msg_add_dom_sid(state->sam_ldb, mem_ctx,
- msg, "objectSid", state->dom_sid[database]);
-
/* TODO: Account lockout, password properties */
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
const struct dom_sid *user_sid;
struct ldb_message *msg;
struct ldb_message **msgs;
- struct ldb_message **remote_msgs;
+ struct ldb_message **remote_msgs = NULL;
int ret, i;
uint32_t acb;
- BOOL add = False;
+ bool add = false;
const char *attrs[] = { NULL };
/* we may change this to a global search, then fill in only the things not in ldap later */
const char *remote_attrs[] = { "userPrincipalName", "servicePrincipalName",
- "msDS-KeyVersionNumber", NULL};
+ "msDS-KeyVersionNumber", "objectGUID", NULL};
user_sid = dom_sid_add_rid(mem_ctx, state->dom_sid[database], rid);
if (!user_sid) {
return NT_STATUS_NO_MEMORY;
}
+ msg->dn = NULL;
/* search for the user, by rid */
ret = gendb_search(state->sam_ldb, mem_ctx, state->base_dn[database],
&msgs, attrs, "(&(objectClass=user)(objectSid=%s))",
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
- add = True;
+ add = true;
} else if (ret > 1) {
*error_string = talloc_asprintf(mem_ctx, "More than one user with SID: %s in local LDB",
dom_sid_string(mem_ctx, user_sid));
}
/* and do the same on the remote database */
- ret = gendb_search(state->remote_ldb, mem_ctx, state->base_dn[database],
- &remote_msgs, remote_attrs, "(&(objectClass=user)(objectSid=%s))",
- ldap_encode_ndr_dom_sid(mem_ctx, user_sid));
-
- if (ret == -1) {
- *error_string = talloc_asprintf(mem_ctx, "remote LDAP for user %s failed: %s",
- dom_sid_string(mem_ctx, user_sid),
- ldb_errstring(state->remote_ldb));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else if (ret == 0) {
- *error_string = talloc_asprintf(mem_ctx, "User exists in samsync but not in remote LDAP domain! (base: %s, SID: %s)",
- ldb_dn_linearize(mem_ctx, state->base_dn[database]),
- dom_sid_string(mem_ctx, user_sid));
- return NT_STATUS_NO_SUCH_USER;
- } else if (ret > 1) {
- *error_string = talloc_asprintf(mem_ctx, "More than one user in remote LDAP domain with SID: %s",
- dom_sid_string(mem_ctx, user_sid));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
-
- /* Try to put things in the same location as the remote server */
- } else if (add) {
- msg->dn = remote_msgs[0]->dn;
- talloc_steal(msg, remote_msgs[0]->dn);
+ if (state->remote_ldb) {
+ ret = gendb_search(state->remote_ldb, mem_ctx, state->base_dn[database],
+ &remote_msgs, remote_attrs, "(&(objectClass=user)(objectSid=%s))",
+ ldap_encode_ndr_dom_sid(mem_ctx, user_sid));
+
+ if (ret == -1) {
+ *error_string = talloc_asprintf(mem_ctx, "remote LDAP for user %s failed: %s",
+ dom_sid_string(mem_ctx, user_sid),
+ ldb_errstring(state->remote_ldb));
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ } else if (ret == 0) {
+ *error_string = talloc_asprintf(mem_ctx, "User exists in samsync but not in remote LDAP domain! (base: %s, SID: %s)",
+ ldb_dn_get_linearized(state->base_dn[database]),
+ dom_sid_string(mem_ctx, user_sid));
+ return NT_STATUS_NO_SUCH_USER;
+ } else if (ret > 1) {
+ *error_string = talloc_asprintf(mem_ctx, "More than one user in remote LDAP domain with SID: %s",
+ dom_sid_string(mem_ctx, user_sid));
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+
+ /* Try to put things in the same location as the remote server */
+ } else if (add) {
+ msg->dn = remote_msgs[0]->dn;
+ talloc_steal(msg, remote_msgs[0]->dn);
+ }
}
cn_name = talloc_strdup(mem_ctx, user->account_name.string);
return NT_STATUS_NO_MEMORY;
}
- /* Passwords. Ensure there is no plaintext stored against
- * this entry, as we only have hashes */
- samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
- "sambaPassword");
+ if (!add) {
+ /* Passwords. Ensure there is no plaintext stored against
+ * this entry, as we only have hashes */
+ samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
+ "userPassword");
+ }
if (user->lm_password_present) {
samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,
- "lmPwdHash", &user->lmpassword);
- } else {
+ "dBCSPwd", &user->lmpassword);
+ } else if (!add) {
samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
- "lmPwdHash");
+ "dBCSPwd");
}
if (user->nt_password_present) {
samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,
- "ntPwdHash", &user->ntpassword);
- } else {
+ "unicodePwd", &user->ntpassword);
+ } else if (!add) {
samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
- "ntPwdHash");
+ "unicodePwd");
}
ADD_OR_DEL(string, "comment", comment.string);
if (add) {
samdb_msg_add_string(state->sam_ldb, mem_ctx, msg,
"objectClass", obj_class);
- msg->dn = ldb_dn_string_compose(mem_ctx, state->base_dn[database],
- "CN=%s, CN=%s", cn_name, container);
if (!msg->dn) {
- return NT_STATUS_NO_MEMORY;
+ msg->dn = ldb_dn_copy(mem_ctx, state->base_dn[database]);
+ ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container);
+ if (!msg->dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
- ret = samdb_add(state->sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state->sam_ldb, msg);
if (ret != 0) {
struct ldb_dn *first_try_dn = msg->dn;
/* Try again with the default DN */
- msg->dn = talloc_steal(msg, msgs[0]->dn);
- ret = samdb_add(state->sam_ldb, mem_ctx, msg);
- if (ret != 0) {
- *error_string = talloc_asprintf(mem_ctx, "Failed to create user record. Tried both %s and %s: %s",
- ldb_dn_linearize(mem_ctx, first_try_dn),
- ldb_dn_linearize(mem_ctx, msg->dn),
+ if (!remote_msgs) {
+ *error_string = talloc_asprintf(mem_ctx, "Failed to create user record. Tried %s: %s",
+ ldb_dn_get_linearized(first_try_dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ } else {
+ msg->dn = talloc_steal(msg, remote_msgs[0]->dn);
+ ret = ldb_add(state->sam_ldb, msg);
+ if (ret != 0) {
+ *error_string = talloc_asprintf(mem_ctx, "Failed to create user record. Tried both %s and %s: %s",
+ ldb_dn_get_linearized(first_try_dn),
+ ldb_dn_get_linearized(msg->dn),
+ ldb_errstring(state->sam_ldb));
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
}
}
} else {
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify user record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ret = samdb_delete(state->sam_ldb, mem_ctx, msgs[0]->dn);
+ ret = ldb_delete(state->sam_ldb, msgs[0]->dn);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to delete user record %s: %s",
- ldb_dn_linearize(mem_ctx, msgs[0]->dn),
+ ldb_dn_get_linearized(msgs[0]->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
struct ldb_message *msg;
struct ldb_message **msgs;
int ret;
- BOOL add = False;
+ bool add = false;
const char *attrs[] = { NULL };
msg = ldb_msg_new(mem_ctx);
*error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
- add = True;
+ add = true;
} else if (ret > 1) {
*error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s",
dom_sid_string(mem_ctx,
if (add) {
samdb_msg_add_string(state->sam_ldb, mem_ctx, msg,
"objectClass", obj_class);
- msg->dn = ldb_dn_string_compose(mem_ctx, state->base_dn[database],
- "CN=%s, CN=%s", cn_name, container);
+ msg->dn = ldb_dn_copy(mem_ctx, state->base_dn[database]);
+ ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_add(state->sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state->sam_ldb, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to create group record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ret = samdb_delete(state->sam_ldb, mem_ctx, msgs[0]->dn);
+ ret = ldb_delete(state->sam_ldb, msgs[0]->dn);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to delete group record %s: %s",
- ldb_dn_linearize(mem_ctx, msgs[0]->dn),
+ ldb_dn_get_linearized(msgs[0]->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else if (ret > 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else {
- samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_linearize(mem_ctx, msgs[0]->dn));
+ samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_alloc_linearized(mem_ctx, msgs[0]->dn));
}
talloc_free(msgs);
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
struct ldb_message *msg;
struct ldb_message **msgs;
int ret;
- BOOL add = False;
+ bool add = false;
const char *attrs[] = { NULL };
msg = ldb_msg_new(mem_ctx);
*error_string = talloc_asprintf(mem_ctx, "gendb_search failed: %s", ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
- add = True;
+ add = true;
} else if (ret > 1) {
*error_string = talloc_asprintf(mem_ctx, "More than one group/alias with SID: %s",
dom_sid_string(mem_ctx,
if (add) {
samdb_msg_add_string(state->sam_ldb, mem_ctx, msg,
"objectClass", obj_class);
- msg->dn = ldb_dn_string_compose(mem_ctx, state->base_dn[database],
- "CN=%s, CN=%s", cn_name, container);
+ msg->dn = ldb_dn_copy(mem_ctx, state->base_dn[database]);
+ ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container);
if (!msg->dn) {
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_add(state->sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state->sam_ldb, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to create alias record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify alias record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ret = samdb_delete(state->sam_ldb, mem_ctx, msgs[0]->dn);
+ ret = ldb_delete(state->sam_ldb, msgs[0]->dn);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to delete alias record %s: %s",
- ldb_dn_linearize(mem_ctx, msgs[0]->dn),
+ ldb_dn_get_linearized(msgs[0]->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
alias_member_dn = msgs[0]->dn;
}
- samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_linearize(mem_ctx, alias_member_dn));
+ samdb_msg_add_string(state->sam_ldb, mem_ctx, msg, "member", ldb_dn_alloc_linearized(mem_ctx, alias_member_dn));
talloc_free(msgs);
}
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
- ldb_dn_linearize(mem_ctx, msg->dn),
+ ldb_dn_get_linearized(msg->dn),
ldb_errstring(state->sam_ldb));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s",
- ldb_dn_linearize(mem_ctx, msg->dn));
+ ldb_dn_get_linearized(msg->dn));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s",
- ldb_dn_linearize(mem_ctx, msg->dn));
+ ldb_dn_get_linearized(msg->dn));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
static NTSTATUS libnet_samsync_ldb_init(TALLOC_CTX *mem_ctx,
void *private,
- struct libnet_context *machine_net_ctx,
- struct dcerpc_pipe *p,
- const char *domain_name,
- const struct dom_sid *domain_sid,
- const char *realm,
+ struct libnet_SamSync_state *samsync_state,
char **error_string)
{
struct samsync_ldb_state *state = talloc_get_type(private, struct samsync_ldb_state);
- const char *server = dcerpc_server_name(p);
+ const char *server = dcerpc_server_name(samsync_state->netlogon_pipe);
char *ldap_url;
- state->domain_name = domain_name;
- state->domain_sid = domain_sid;
- state->realm = realm;
+ state->samsync_state = samsync_state;
+
+ ZERO_STRUCT(state->dom_sid);
+ if (state->samsync_state->domain_sid) {
+ state->dom_sid[SAM_DATABASE_DOMAIN] = dom_sid_dup(state, state->samsync_state->domain_sid);
+ }
+
+ state->dom_sid[SAM_DATABASE_BUILTIN] = dom_sid_parse_talloc(state, SID_BUILTIN);
- if (realm) {
+ if (state->samsync_state->realm) {
if (!server || !*server) {
/* huh? how do we not have a server name? */
*error_string = talloc_strdup(mem_ctx, "No DCE/RPC server name available. How did we connect?");
return NT_STATUS_INVALID_PARAMETER;
}
- ldap_url = talloc_asprintf(state, "ldap://%s", dcerpc_server_name(p));
+ ldap_url = talloc_asprintf(state, "ldap://%s", server);
- state->remote_ldb = ldb_wrap_connect(mem_ctx, ldap_url,
- NULL, machine_net_ctx->cred,
+ state->remote_ldb = ldb_wrap_connect(mem_ctx,
+ state->samsync_state->machine_net_ctx->event_ctx,
+ state->samsync_state->machine_net_ctx->lp_ctx,
+ ldap_url,
+ NULL, state->samsync_state->machine_net_ctx->cred,
0, NULL);
- /* TODO: Make inquires to see if this is AD, then decide that
- * the ldap connection is critical */
+ if (!state->remote_ldb) {
+ *error_string = talloc_asprintf(mem_ctx, "Failed to connect to remote LDAP server at %s (used to extract additional data in SamSync replication)", ldap_url);
+ return NT_STATUS_NO_LOGON_SERVERS;
+ }
+ } else {
+ state->remote_ldb = NULL;
}
return NT_STATUS_OK;
}
state->secrets = NULL;
state->trusted_domains = NULL;
- state->sam_ldb = samdb_connect(state, system_session(state));
+ state->sam_ldb = samdb_connect(mem_ctx,
+ ctx->event_ctx,
+ ctx->lp_ctx,
+ r->in.session_info);
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
+ r2.in.rid_crypt = true;
r2.in.init_fn = libnet_samsync_ldb_init;
r2.in.delta_fn = libnet_samsync_ldb_fn;
r2.in.fn_ctx = state;