^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.*
^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean
^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing
-^samba4.blackbox.net_ads_join.join
# We currently don't send referrals for LDAP modify of non-replicated attrs
^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
TALLOC_CTX *mem_ctx,
struct secrets_domain_info1 **pinfo);
-NTSTATUS secrets_prepare_password_change(const char *domain, const char *dcname,
- const char *cleartext_unix,
- TALLOC_CTX *mem_ctx,
- struct secrets_domain_info1 **pinfo,
- struct secrets_domain_info1_change **pprev,
- NTSTATUS (*sync_pw2keytabs_fn)(void));
+NTSTATUS secrets_prepare_password_change(
+ const char *domain,
+ const char *dcname,
+ const char *cleartext_unix,
+ TALLOC_CTX *mem_ctx,
+ struct secrets_domain_info1 **pinfo,
+ struct secrets_domain_info1_change **pprev,
+ NTSTATUS (*sync_pw2keytabs_fn)(const char *),
+ const char *opt_host);
NTSTATUS secrets_failed_password_change(const char *change_server,
NTSTATUS local_status,
NTSTATUS remote_status,
NTSTATUS local_status,
NTSTATUS remote_status,
const struct secrets_domain_info1 *info);
-NTSTATUS secrets_finish_password_change(const char *change_server,
- NTTIME change_time,
- const struct secrets_domain_info1 *info,
- NTSTATUS (*sync_pw2keytabs_fn)(void));
+NTSTATUS secrets_finish_password_change(
+ const char *change_server,
+ NTTIME change_time,
+ const struct secrets_domain_info1 *info,
+ NTSTATUS (*sync_pw2keytabs_fn)(const char *),
+ const char *prefer_dc);
bool secrets_delete_machine_password_ex(const char *domain, const char *realm);
bool secrets_delete_domain_sid(const char *domain);
char *secrets_fetch_prev_machine_password(const char *domain);
/* parse a windows style SPN, returns NULL if parsing fails */
struct spn_struct *parse_spn(TALLOC_CTX *ctx, const char *srvprinc);
-NTSTATUS sync_pw2keytabs(void);
+NTSTATUS sync_pw2keytabs(const char *prefer_dc);
#endif /* _LIBADS_ADS_PROTO_H_ */
char *ad_upn;
char *ad_sam_account;
char **ad_spn_array;
+ const char *prefer_dc;
size_t ad_num_spns;
/* This is from secrets.db */
struct secrets_domain_info1 *info;
int count;
bool ok;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
- ADS_STRUCT *ads = ads_init(
- tmp_ctx, lp_realm(), lp_workgroup(), NULL, ADS_SASL_SIGN);
+ ADS_STRUCT *ads = ads_init(tmp_ctx,
+ lp_realm(),
+ lp_workgroup(),
+ state->prefer_dc,
+ ADS_SASL_SIGN);
if (ads == NULL) {
DBG_ERR("ads_init() failed\n");
return true;
}
-NTSTATUS sync_pw2keytabs(void)
+/**
+ * @internal
+ *
+ * @brief Sync machine password from secrets to keytab
+ *
+ * @param prefer_dc The DC we should talk to. This is especially important
+ * during domain join. Pass NULL if we should pick a random
+ * one.
+ *
+ * @return An NTSTATUS error code.
+ *
+ * @see NT_STATUS_IS_OK()
+ */
+NTSTATUS sync_pw2keytabs(const char *prefer_dc)
{
TALLOC_CTX *frame = talloc_stackframe();
const struct loadparm_substitution *lp_sub =
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
+ state->prefer_dc = prefer_dc;
lp_ptr = lp_sync_machine_password_to_keytab();
if (lp_ptr == NULL) {
&info,
&prev,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ NULL /* opt_host */);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("secrets_prepare_password_change() failed for domain %s!\n",
domain));
prev->password->change_time,
info,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ prev->password->change_server);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("secrets_prepare_password_change() failed for domain %s!\n",
domain));
info->next_change->change_time,
info,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ info->next_change->change_server);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("secrets_finish_password_change() failed for domain %s!\n",
domain));
&info,
&prev,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ ads->auth.kdc_server);
if (!NT_STATUS_IS_OK(status)) {
return ADS_ERROR_NT(status);
}
now,
info,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ ads->auth.kdc_server);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("Failed to save machine password\n"));
return ADS_ERROR_NT(status);
static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
- NTSTATUS ntstatus = sync_pw2keytabs();
+ NTSTATUS ntstatus = sync_pw2keytabs(r->in.dc_name);
return NT_STATUS_IS_OK(ntstatus);
}
TALLOC_CTX *mem_ctx,
struct secrets_domain_info1 **pinfo,
struct secrets_domain_info1_change **pprev,
- NTSTATUS (*sync_pw2keytabs_fn)(void))
+ NTSTATUS (*sync_pw2keytabs_fn)(const char *),
+ const char *opt_host)
{
TALLOC_CTX *frame = talloc_stackframe();
struct db_context *db = NULL;
}
if (prev == NULL && sync_pw2keytabs_fn != NULL) {
- status = sync_pw2keytabs_fn();
+ status = sync_pw2keytabs_fn(opt_host);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("Sync of machine password failed.\n");
TALLOC_FREE(frame);
NTSTATUS secrets_finish_password_change(const char *change_server,
NTTIME change_time,
const struct secrets_domain_info1 *cookie,
- NTSTATUS (*sync_pw2keytabs_fn)(void))
+ NTSTATUS (*sync_pw2keytabs_fn)(const char *),
+ const char *prefer_dc)
{
const char *domain = cookie->domain_info.name.string;
TALLOC_CTX *frame = talloc_stackframe();
}
if (sync_pw2keytabs_fn != NULL) {
- status = sync_pw2keytabs_fn();
+ status = sync_pw2keytabs_fn(prefer_dc);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("Sync of machine password failed.\n");
TALLOC_FREE(frame);
&info,
&prev,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ c->opt_host);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr,
_("Unable to write the machine account password in the secrets database"));
now,
info,
#ifdef HAVE_ADS
- sync_pw2keytabs);
+ sync_pw2keytabs,
#else
- NULL);
+ NULL,
#endif
+ c->opt_host);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr,
_("Unable to write the machine account password in the secrets database"));
net_use_krb_machine_account(c);
}
- ntstatus = sync_pw2keytabs();
+ ntstatus = sync_pw2keytabs(c->opt_host);
ret = NT_STATUS_IS_OK(ntstatus) ? 0 : 1;
return ret;
}
projects / thirdparty / samba.git / commitdiff
