|
 |
167d4b |
From 83fe679fb8058f9a15ff1b2e6260be01a1ebe990 Mon Sep 17 00:00:00 2001
|
|
|
167d4b |
From: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Date: Wed, 11 Dec 2013 14:59:20 +1300
|
|
|
167d4b |
Subject: [PATCH 1/5] netapi: Move DC check to NetJoinDomain() where it is
|
|
|
167d4b |
needed.
|
|
|
167d4b |
|
|
|
167d4b |
This partially reverts 15f6e27bd5a9065c8b781fa21f5989ce2c355776.
|
|
|
167d4b |
|
|
|
167d4b |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
|
|
|
167d4b |
|
|
|
167d4b |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
167d4b |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
167d4b |
(cherry picked from commit b299409410751ff3c8c775bd073e34d914a54efc)
|
|
|
167d4b |
---
|
|
|
167d4b |
source3/lib/netapi/joindomain.c | 4 ++++
|
|
|
167d4b |
source3/libnet/libnet_join.c | 4 ----
|
|
|
167d4b |
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
167d4b |
|
|
|
167d4b |
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
|
|
|
167d4b |
index 9da1bdc..632c8c6 100644
|
|
|
167d4b |
--- a/source3/lib/netapi/joindomain.c
|
|
|
167d4b |
+++ b/source3/lib/netapi/joindomain.c
|
|
|
167d4b |
@@ -115,6 +115,10 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
|
|
|
167d4b |
struct dcerpc_binding_handle *b;
|
|
|
167d4b |
DATA_BLOB session_key;
|
|
|
167d4b |
|
|
|
167d4b |
+ if (IS_DC) {
|
|
|
167d4b |
+ return WERR_SETUP_DOMAIN_CONTROLLER;
|
|
|
167d4b |
+ }
|
|
|
167d4b |
+
|
|
|
167d4b |
werr = libnetapi_open_pipe(ctx, r->in.server,
|
|
|
167d4b |
&ndr_table_wkssvc,
|
|
|
167d4b |
&pipe_cli);
|
|
|
167d4b |
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
|
|
|
167d4b |
index 187e524..962fc1f 100644
|
|
|
167d4b |
--- a/source3/libnet/libnet_join.c
|
|
|
167d4b |
+++ b/source3/libnet/libnet_join.c
|
|
|
167d4b |
@@ -1957,10 +1957,6 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
|
|
|
167d4b |
return WERR_INVALID_PARAM;
|
|
|
167d4b |
}
|
|
|
167d4b |
|
|
|
167d4b |
- if (IS_DC) {
|
|
|
167d4b |
- return WERR_SETUP_DOMAIN_CONTROLLER;
|
|
|
167d4b |
- }
|
|
|
167d4b |
-
|
|
|
167d4b |
if (!r->in.admin_domain) {
|
|
|
167d4b |
char *admin_domain = NULL;
|
|
|
167d4b |
char *admin_account = NULL;
|
|
|
167d4b |
--
|
|
|
167d4b |
2.2.0
|
|
|
167d4b |
|
|
|
167d4b |
|
|
|
167d4b |
From e71a1cf9dcd56432f17b62c99a720bd3568a83f8 Mon Sep 17 00:00:00 2001
|
|
|
167d4b |
From: Andreas Schneider <asn@samba.org>
|
|
|
167d4b |
Date: Thu, 11 Dec 2014 16:41:55 +0100
|
|
|
167d4b |
Subject: [PATCH 2/5] selftest: Add 'net dom join' test which fails cause we
|
|
|
167d4b |
are a DC
|
|
|
167d4b |
|
|
|
167d4b |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
167d4b |
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
|
167d4b |
(cherry picked from commit 6d6c673c6d33ceb1379c66d6b4d78a52077b928a)
|
|
|
167d4b |
---
|
|
|
167d4b |
source3/script/tests/test_net_dom_join_fail_dc.sh | 22 ++++++++++++++++++++++
|
|
|
167d4b |
source3/selftest/tests.py | 5 +++++
|
|
|
167d4b |
2 files changed, 27 insertions(+)
|
|
|
167d4b |
create mode 100755 source3/script/tests/test_net_dom_join_fail_dc.sh
|
|
|
167d4b |
|
|
|
167d4b |
diff --git a/source3/script/tests/test_net_dom_join_fail_dc.sh b/source3/script/tests/test_net_dom_join_fail_dc.sh
|
|
|
167d4b |
new file mode 100755
|
|
|
167d4b |
index 0000000..135e1da
|
|
|
167d4b |
--- /dev/null
|
|
|
167d4b |
+++ b/source3/script/tests/test_net_dom_join_fail_dc.sh
|
|
|
167d4b |
@@ -0,0 +1,22 @@
|
|
|
167d4b |
+#!/bin/sh
|
|
|
167d4b |
+
|
|
|
167d4b |
+if [ $# -lt 4 ]; then
|
|
|
167d4b |
+cat <
|
|
|
167d4b |
+Usage: test_net_dom_join_fail_dc.sh USERNAME PASSWORD DOMAIN PREFIX
|
|
|
167d4b |
+EOF
|
|
|
167d4b |
+exit 1;
|
|
|
167d4b |
+fi
|
|
|
167d4b |
+
|
|
|
167d4b |
+DC_USERNAME="$1"
|
|
|
167d4b |
+DC_PASSWORD="$2"
|
|
|
167d4b |
+DOMAIN="$3"
|
|
|
167d4b |
+PREFIX="$4"
|
|
|
167d4b |
+shift 4
|
|
|
167d4b |
+ADDARGS="$*"
|
|
|
167d4b |
+
|
|
|
167d4b |
+incdir=`dirname $0`/../../../testprogs/blackbox
|
|
|
167d4b |
+. $incdir/subunit.sh
|
|
|
167d4b |
+mkdir -p $PREFIX/private
|
|
|
167d4b |
+testit_expect_failure "net_dom_join_fail_dc" $VALGRIND $BINDIR/net dom join domain=$DOMAIN account=$USERNAME password=$PASSWORD --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
|
|
|
167d4b |
+
|
|
|
167d4b |
+testok $0 $failed
|
|
|
167d4b |
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
|
|
167d4b |
index 40599c3..092d9cc 100755
|
|
|
167d4b |
--- a/source3/selftest/tests.py
|
|
|
167d4b |
+++ b/source3/selftest/tests.py
|
|
|
167d4b |
@@ -411,6 +411,11 @@ for s in signseal_options:
|
|
|
167d4b |
plantestsuite("samba3.blackbox.rpcclient_samlogon", "s3member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
|
|
|
167d4b |
"$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration])
|
|
|
167d4b |
|
|
|
167d4b |
+plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "s3dc",
|
|
|
167d4b |
+ [os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"),
|
|
|
167d4b |
+ "$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_dom_join_fail_dc",
|
|
|
167d4b |
+ configuration])
|
|
|
167d4b |
+
|
|
|
167d4b |
options_list = ["", "-e"]
|
|
|
167d4b |
for options in options_list:
|
|
|
167d4b |
plantestsuite("samba3.blackbox.smbclient_krb5 old ccache %s" % options, "ktest:local",
|
|
|
167d4b |
--
|
|
|
167d4b |
2.2.0
|
|
|
167d4b |
|
|
|
167d4b |
|
|
|
167d4b |
From 9342bd31aad4fa8574b3fa28cf95fa072de793b9 Mon Sep 17 00:00:00 2001
|
|
|
167d4b |
From: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Date: Wed, 11 Dec 2013 15:39:38 +1300
|
|
|
167d4b |
Subject: [PATCH 3/5] auth: Allow domain join to itself when we are a PDC
|
|
|
167d4b |
|
|
|
167d4b |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
|
|
|
167d4b |
|
|
|
167d4b |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
167d4b |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
167d4b |
(cherry picked from commit c3b5f9cff56defedb0fc1e99fbbb528b1ce22f6d)
|
|
|
167d4b |
---
|
|
|
167d4b |
source3/libnet/libnet_join.c | 4 +++-
|
|
|
167d4b |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
167d4b |
|
|
|
167d4b |
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
|
|
|
167d4b |
index 962fc1f..942455c 100644
|
|
|
167d4b |
--- a/source3/libnet/libnet_join.c
|
|
|
167d4b |
+++ b/source3/libnet/libnet_join.c
|
|
|
167d4b |
@@ -2139,7 +2139,9 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
|
|
|
167d4b |
|
|
|
167d4b |
switch (r->out.domain_is_ad) {
|
|
|
167d4b |
case false:
|
|
|
167d4b |
- valid_security = (lp_security() == SEC_DOMAIN);
|
|
|
167d4b |
+ valid_security = (lp_security() == SEC_DOMAIN)
|
|
|
167d4b |
+ || (lp_server_role() == ROLE_DOMAIN_PDC)
|
|
|
167d4b |
+ || (lp_server_role() == ROLE_DOMAIN_BDC);
|
|
|
167d4b |
if (valid_workgroup && valid_security) {
|
|
|
167d4b |
/* nothing to be done */
|
|
|
167d4b |
return WERR_OK;
|
|
|
167d4b |
--
|
|
|
167d4b |
2.2.0
|
|
|
167d4b |
|
|
|
167d4b |
|
|
|
167d4b |
From b68628341ee7939b704cb09fa4fba284614d9228 Mon Sep 17 00:00:00 2001
|
|
|
167d4b |
From: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Date: Thu, 23 Oct 2014 12:28:48 +1300
|
|
|
167d4b |
Subject: [PATCH 4/5] libsmb: Allow change of BDC trust account password
|
|
|
167d4b |
|
|
|
167d4b |
This account is otherwise just like the workstation trust acocunt, so use that code.
|
|
|
167d4b |
|
|
|
167d4b |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
|
|
|
167d4b |
|
|
|
167d4b |
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
|
|
|
167d4b |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
167d4b |
(cherry picked from commit e6ec265a405e76e5d4ea59b8025da0f57b3d3ad1)
|
|
|
167d4b |
---
|
|
|
167d4b |
source3/libsmb/trusts_util.c | 3 +++
|
|
|
167d4b |
1 file changed, 3 insertions(+)
|
|
|
167d4b |
|
|
|
167d4b |
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
|
|
|
167d4b |
index bb2e977..7503ef0 100644
|
|
|
167d4b |
--- a/source3/libsmb/trusts_util.c
|
|
|
167d4b |
+++ b/source3/libsmb/trusts_util.c
|
|
|
167d4b |
@@ -111,6 +111,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
|
|
|
167d4b |
|
|
|
167d4b |
switch (sec_channel_type) {
|
|
|
167d4b |
case SEC_CHAN_WKSTA:
|
|
|
167d4b |
+ case SEC_CHAN_BDC:
|
|
|
167d4b |
pwd = secrets_fetch_machine_password(domain,
|
|
|
167d4b |
&pass_last_set_time,
|
|
|
167d4b |
NULL);
|
|
|
167d4b |
@@ -188,6 +189,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
|
|
|
167d4b |
switch (sec_channel_type) {
|
|
|
167d4b |
|
|
|
167d4b |
case SEC_CHAN_WKSTA:
|
|
|
167d4b |
+ case SEC_CHAN_BDC:
|
|
|
167d4b |
if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
|
|
|
167d4b |
TALLOC_FREE(frame);
|
|
|
167d4b |
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
|
|
167d4b |
@@ -206,6 +208,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
|
|
|
167d4b |
break;
|
|
|
167d4b |
|
|
|
167d4b |
default:
|
|
|
167d4b |
+ smb_panic("Unsupported secure channel type");
|
|
|
167d4b |
break;
|
|
|
167d4b |
}
|
|
|
167d4b |
|
|
|
167d4b |
--
|
|
|
167d4b |
2.2.0
|
|
|
167d4b |
|
|
|
167d4b |
|
|
|
167d4b |
From 6bb9fabdec93cd620f23973a04eaf1f1a59d8b81 Mon Sep 17 00:00:00 2001
|
|
|
167d4b |
From: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Date: Thu, 23 Oct 2014 12:38:15 +1300
|
|
|
167d4b |
Subject: [PATCH 5/5] selftest: Add test for joining a Samba classic DC as a
|
|
|
167d4b |
BDC
|
|
|
167d4b |
|
|
|
167d4b |
This does not join the DC itself, so as not to pertrub the test
|
|
|
167d4b |
environment mid-run, but does confirm that the join works and the
|
|
|
167d4b |
password can be changed.
|
|
|
167d4b |
|
|
|
167d4b |
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
|
|
|
167d4b |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
167d4b |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
167d4b |
|
|
|
167d4b |
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
|
|
167d4b |
Autobuild-Date(master): Thu Dec 11 21:40:27 CET 2014 on sn-devel-104
|
|
|
167d4b |
|
|
|
167d4b |
(cherry picked from commit 0da3ab96739df436b54fcf6c7e138229271b0866)
|
|
|
167d4b |
---
|
|
|
167d4b |
source3/script/tests/test_net_rpc_join.sh | 25 +++++++++++++++++++++++++
|
|
|
167d4b |
source3/selftest/tests.py | 4 ++++
|
|
|
167d4b |
2 files changed, 29 insertions(+)
|
|
|
167d4b |
create mode 100755 source3/script/tests/test_net_rpc_join.sh
|
|
|
167d4b |
|
|
|
167d4b |
diff --git a/source3/script/tests/test_net_rpc_join.sh b/source3/script/tests/test_net_rpc_join.sh
|
|
|
167d4b |
new file mode 100755
|
|
|
167d4b |
index 0000000..a7810a9
|
|
|
167d4b |
--- /dev/null
|
|
|
167d4b |
+++ b/source3/script/tests/test_net_rpc_join.sh
|
|
|
167d4b |
@@ -0,0 +1,25 @@
|
|
|
167d4b |
+#!/bin/sh
|
|
|
167d4b |
+
|
|
|
167d4b |
+if [ $# -lt 4 ]; then
|
|
|
167d4b |
+cat <
|
|
|
167d4b |
+Usage: test_net_rpc_join.sh USERNAME PASSWORD SERVER PREFIX
|
|
|
167d4b |
+EOF
|
|
|
167d4b |
+exit 1;
|
|
|
167d4b |
+fi
|
|
|
167d4b |
+
|
|
|
167d4b |
+USERNAME="$1"
|
|
|
167d4b |
+PASSWORD="$2"
|
|
|
167d4b |
+SERVER="$3"
|
|
|
167d4b |
+PREFIX="$4"
|
|
|
167d4b |
+shift 4
|
|
|
167d4b |
+ADDARGS="$*"
|
|
|
167d4b |
+
|
|
|
167d4b |
+incdir=`dirname $0`/../../../testprogs/blackbox
|
|
|
167d4b |
+. $incdir/subunit.sh
|
|
|
167d4b |
+mkdir -p $PREFIX/private
|
|
|
167d4b |
+testit "net_rpc_join" $VALGRIND $BINDIR/net rpc join -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private -U$USERNAME%$PASSWORD $ADDARGS || failed=`expr $failed + 1`
|
|
|
167d4b |
+testit "net_rpc_testjoin" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
|
|
|
167d4b |
+testit "net_rpc_changetrustpw" $VALGRIND $BINDIR/net rpc changetrustpw -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
|
|
|
167d4b |
+testit "net_rpc_testjoin2" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
|
|
|
167d4b |
+
|
|
|
167d4b |
+testok $0 $failed
|
|
|
167d4b |
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
|
|
167d4b |
index 092d9cc..c60f531 100755
|
|
|
167d4b |
--- a/source3/selftest/tests.py
|
|
|
167d4b |
+++ b/source3/selftest/tests.py
|
|
|
167d4b |
@@ -415,6 +415,10 @@ plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "s3dc",
|
|
|
167d4b |
[os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"),
|
|
|
167d4b |
"$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_dom_join_fail_dc",
|
|
|
167d4b |
configuration])
|
|
|
167d4b |
+plantestsuite("samba3.blackbox.net_rpc_join", "s3dc",
|
|
|
167d4b |
+ [os.path.join(samba3srcdir, "script/tests/test_net_rpc_join.sh"),
|
|
|
167d4b |
+ "$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_rpc_join",
|
|
|
167d4b |
+ configuration])
|
|
|
167d4b |
|
|
|
167d4b |
options_list = ["", "-e"]
|
|
|
167d4b |
for options in options_list:
|
|
|
167d4b |
--
|
|
|
167d4b |
2.2.0
|
|
|
167d4b |
|