📄 testjoin.c
字号:
status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r); if (!NT_STATUS_IS_OK(status)) { if (libnet_r->out.error_string) { DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string)); } else { DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status))); } talloc_free(tj); return NULL; } tj->p = libnet_r->out.samr_pipe; tj->user_handle = *libnet_r->out.user_handle; tj->dom_sid = libnet_r->out.domain_sid; talloc_steal(tj, libnet_r->out.domain_sid); tj->dom_netbios_name = libnet_r->out.domain_name; talloc_steal(tj, libnet_r->out.domain_name); tj->dom_dns_name = libnet_r->out.realm; talloc_steal(tj, libnet_r->out.realm); tj->user_guid = libnet_r->out.account_guid; tj->netbios_name = talloc_strdup(tj, machine_name); if (!tj->netbios_name) { talloc_free(tj); return NULL; } ZERO_STRUCT(u); s.in.user_handle = &tj->user_handle; s.in.info = &u; s.in.level = 21; u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME; u.info21.comment.string = talloc_asprintf(tj, "Tortured by Samba4: %s", timestring(tj, time(NULL))); u.info21.full_name.string = talloc_asprintf(tj, "Torture account for Samba4: %s", timestring(tj, time(NULL))); u.info21.description.string = talloc_asprintf(tj, "Samba4 torture account created by host %s: %s", lp_netbios_name(tctx->lp_ctx), timestring(tj, time(NULL))); status = dcerpc_samr_SetUserInfo(tj->p, tj, &s); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status)); } *machine_credentials = cli_credentials_init(tj); cli_credentials_set_conf(*machine_credentials, tctx->lp_ctx); cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED); cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED); if (libnet_r->out.realm) { cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED); } cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED); cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED); if (acct_flags & ACB_SVRTRUST) { cli_credentials_set_secure_channel_type(*machine_credentials, SEC_CHAN_BDC); } else if (acct_flags & ACB_WSTRUST) { cli_credentials_set_secure_channel_type(*machine_credentials, SEC_CHAN_WKSTA); } else { DEBUG(0, ("Invalid account type specificed to torture_join_domain\n")); talloc_free(*machine_credentials); return NULL; } return tj;}struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join) { return join->p;}struct policy_handle *torture_join_samr_user_policy(struct test_join *join) { return &join->user_handle;}static NTSTATUS torture_leave_ads_domain(TALLOC_CTX *mem_ctx, struct libnet_JoinDomain *libnet_r){ int rtn; TALLOC_CTX *tmp_ctx; struct ldb_dn *server_dn; struct ldb_context *ldb_ctx; char *remote_ldb_url; /* Check if we are a domain controller. If not, exit. */ if (!libnet_r->out.server_dn_str) { return NT_STATUS_OK; } tmp_ctx = talloc_named(mem_ctx, 0, "torture_leave temporary context"); if (!tmp_ctx) { libnet_r->out.error_string = NULL; return NT_STATUS_NO_MEMORY; } ldb_ctx = ldb_init(tmp_ctx); if (!ldb_ctx) { libnet_r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } /* Remove CN=Servers,... entry from the AD. */ server_dn = ldb_dn_new(tmp_ctx, ldb_ctx, libnet_r->out.server_dn_str); if (! ldb_dn_validate(server_dn)) { libnet_r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", libnet_r->out.samr_binding->host); if (!remote_ldb_url) { libnet_r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials); rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL); if (rtn != 0) { libnet_r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } rtn = ldb_delete(ldb_ctx, server_dn); if (rtn != 0) { libnet_r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str)); talloc_free(tmp_ctx); return NT_STATUS_OK;}/* leave the domain, deleting the machine acct*/_PUBLIC_ void torture_leave_domain(struct test_join *join){ struct samr_DeleteUser d; NTSTATUS status; if (!join) { return; } d.in.user_handle = &join->user_handle; d.out.user_handle = &join->user_handle; /* Delete machine account */ status = dcerpc_samr_DeleteUser(join->p, join, &d); if (!NT_STATUS_IS_OK(status)) { printf("Delete of machine account %s failed\n", join->netbios_name); } else { printf("Delete of machine account %s was successful.\n", join->netbios_name); } if (join->libnet_r) { status = torture_leave_ads_domain(join, join->libnet_r); } talloc_free(join);}/* return the dom sid for a test join*/_PUBLIC_ const struct dom_sid *torture_join_sid(struct test_join *join){ return join->dom_sid;}const struct dom_sid *torture_join_user_sid(struct test_join *join){ return join->user_sid;}const char *torture_join_netbios_name(struct test_join *join){ return join->netbios_name;}const struct GUID *torture_join_user_guid(struct test_join *join){ return &join->user_guid;}const char *torture_join_dom_netbios_name(struct test_join *join){ return join->dom_netbios_name;}const char *torture_join_dom_dns_name(struct test_join *join){ return join->dom_dns_name;}const char *torture_join_server_dn_str(struct test_join *join){ if (join->libnet_r) { return join->libnet_r->out.server_dn_str; } return NULL;}#if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */struct test_join_ads_dc { struct test_join *join;};struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name, const char *domain, struct cli_credentials **machine_credentials){ struct test_join_ads_dc *join; join = talloc(NULL, struct test_join_ads_dc); if (join == NULL) { return NULL; } join->join = torture_join_domain(machine_name, ACB_SVRTRUST, machine_credentials); if (!join->join) { return NULL; }/* W2K: */ /* W2K: modify userAccountControl from 4096 to 532480 */ /* W2K: modify RDN to OU=Domain Controllers and skip the $ from server name */ /* ask objectVersion of Schema Partition */ /* ask rIDManagerReferenz of the Domain Partition */ /* ask fsMORoleOwner of the RID-Manager$ object * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */ /* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */ /* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */ /* ask for * of CN=Default-First-Site-Name, ... */ /* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition * attributes : distinguishedName, userAccountControl */ /* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... * should fail with noSuchObject */ /* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... * * objectClass = server * systemFlags = 50000000 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,... */ /* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ... * should fail with noSuchObject */ /* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,... * attributes: ncName, dnsRoot */ /* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... * serverReferenz = CN=<machine_name>,OU=Domain Controllers,... * should fail with attributeOrValueExists */ /* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... * serverReferenz = CN=<machine_name>,OU=Domain Controllers,... */ /* DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ... * */ /* replicate CN=Schema,CN=Configuration,... * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71") * */ /* replicate CN=Configuration,... * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71") * */ /* replicate Domain Partition * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71") * */ /* call DsReplicaUpdateRefs() for all partitions like this: * req1: struct drsuapi_DsReplicaUpdateRefsRequest1 * naming_context : * * naming_context: struct drsuapi_DsReplicaObjectIdentifier * __ndr_size : 0x000000ae (174) * __ndr_size_sid : 0x00000000 (0) * guid : 00000000-0000-0000-0000-000000000000 * sid : S-0-0 * dn : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base' * dest_dsa_dns_name : * * dest_dsa_dns_name : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base' * dest_dsa_guid : 4a0df188-a0b8-47ea-bbe5-e614723f16dd * options : 0x0000001c (28) * 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION * 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE * 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE * 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE * 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010 * * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ... *//* W2K3: see libnet/libnet_become_dc.c */ return join;}#endif⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -