summaryrefslogtreecommitdiff
path: root/source3/utils/net_rpc_join.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2002-08-05 14:11:50 +0000
committerAndrew Tridgell <tridge@samba.org>2002-08-05 14:11:50 +0000
commitcded51d936dcbd31f5968570de5be6ad0ad9931d (patch)
tree86c686aad8dfec6cd39dfbbc7bbd91c6711e7415 /source3/utils/net_rpc_join.c
parentff2132e1b37cfca8d36fe515dd1a5139459dd719 (diff)
downloadsamba-cded51d936dcbd31f5968570de5be6ad0ad9931d.tar.gz
samba-cded51d936dcbd31f5968570de5be6ad0ad9931d.tar.bz2
samba-cded51d936dcbd31f5968570de5be6ad0ad9931d.zip
added 'net rpc testjoin' and 'net ads testjoin' commands
unfortuately we don't seem to be able to auto-test the ADS join due to a rather nasty property of the GSSAPI library. (This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
Diffstat (limited to 'source3/utils/net_rpc_join.c')
-rw-r--r--source3/utils/net_rpc_join.c101
1 files changed, 81 insertions, 20 deletions
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index cfa37d25df..c8be93c39c 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -35,6 +35,61 @@
goto done; \
}
+
+/**
+ * confirm that a domain join is still valid
+ *
+ * @return A shell status integer (0 for success)
+ *
+ **/
+int net_rpc_join_ok(const char *domain)
+{
+ struct cli_state *cli;
+ uchar stored_md4_trust_password[16];
+ int retval = 1;
+ uint32 channel;
+ NTSTATUS result;
+
+ /* Connect to remote machine */
+ if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) {
+ return 1;
+ }
+
+ if (!cli_nt_session_open(cli, PIPE_NETLOGON)) {
+ DEBUG(0,("Error connecting to NETLOGON pipe\n"));
+ goto done;
+ }
+
+ if (!secrets_fetch_trust_account_password(domain,
+ stored_md4_trust_password, NULL)) {
+ DEBUG(0,("Could not reterive domain trust secret"));
+ goto done;
+ }
+
+ if (lp_server_role() == ROLE_DOMAIN_BDC ||
+ lp_server_role() == ROLE_DOMAIN_PDC) {
+ channel = SEC_CHAN_BDC;
+ } else {
+ channel = SEC_CHAN_WKSTA;
+ }
+
+ CHECK_RPC_ERR(cli_nt_setup_creds(cli,
+ channel,
+ stored_md4_trust_password),
+ "error in domain join verification");
+
+ retval = 0; /* Success! */
+
+done:
+ /* Close down pipe - this will clean up open policy handles */
+ if (cli->nt_pipe_fnum)
+ cli_nt_session_close(cli);
+
+ cli_shutdown(cli);
+
+ return retval;
+}
+
/**
* Join a domain using the administrator username and password
*
@@ -67,7 +122,6 @@ int net_rpc_join_newstyle(int argc, const char **argv)
char *clear_trust_password = NULL;
fstring ucs2_trust_password;
int ucs2_pw_len;
- uchar stored_md4_trust_password[16];
uchar pwbuf[516], sess_key[16];
SAM_USERINFO_CTR ctr;
SAM_USER_INFO_24 p24;
@@ -256,28 +310,10 @@ int net_rpc_join_newstyle(int argc, const char **argv)
}
/* Now check the whole process from top-to-bottom */
-
cli_samr_close(cli, mem_ctx, &user_pol);
-
cli_nt_session_close(cli); /* Done with this pipe */
- if (!cli_nt_session_open(cli, PIPE_NETLOGON)) {
- DEBUG(0, ("Error connecting to NETLOGON pipe\n"));
- goto done;
- }
-
- if (!secrets_fetch_trust_account_password(domain,
- stored_md4_trust_password, NULL)) {
- DEBUG(0, ("Could not reterive secrets we just stored!"));
- goto done;
- }
-
- CHECK_RPC_ERR(cli_nt_setup_creds(cli,
- (acb_info & ACB_SVRTRUST) ? SEC_CHAN_BDC : SEC_CHAN_WKSTA,
- stored_md4_trust_password),
- "error in domain join verification");
-
- retval = 0; /* Success! */
+ retval = net_rpc_join_ok(domain);
done:
/* Close down pipe - this will clean up open policy handles */
@@ -300,3 +336,28 @@ done:
return retval;
}
+
+
+/**
+ * check that a join is OK
+ *
+ * @return A shell status integer (0 for success)
+ *
+ **/
+int net_rpc_testjoin(int argc, const char **argv)
+{
+ char *domain = lp_workgroup();
+
+ domain = smb_xstrdup(domain);
+
+ /* Display success or failure */
+ if (net_rpc_join_ok(domain) != 0) {
+ fprintf(stderr,"Join to domain '%s' is not valid\n",domain);
+ free(domain);
+ return -1;
+ }
+
+ printf("Join to '%s' is OK\n",domain);
+ free(domain);
+ return 0;
+}