diff options
Diffstat (limited to 'source3/lib/netapi/joindomain.c')
| -rw-r--r-- | source3/lib/netapi/joindomain.c | 432 |
1 files changed, 375 insertions, 57 deletions
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index 210763174e..e3d5eada02 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -19,56 +19,96 @@ #include "includes.h" -extern const char *opt_user_name; -extern const char *opt_workgroup; -extern const char *opt_password; - -WERROR NetJoinDomain(const char *server_name, - const char *domain_name, - const char *account_ou, - const char *Account, - const char *password, - uint32_t join_flags) +#include "lib/netapi/netapi.h" +#include "libnet/libnet.h" + +static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx, + const char *server_name, + const char *domain_name, + const char *account_ou, + const char *Account, + const char *password, + uint32_t join_flags) { - TALLOC_CTX *mem_ctx = NULL; - struct cli_state *cli = NULL; - struct rpc_pipe_client *pipe_cli = NULL; - struct wkssvc_PasswordBuffer encrypted_password; - NTSTATUS status; + struct libnet_JoinCtx *r = NULL; WERROR werr; - unsigned int old_timeout = 0; - ZERO_STRUCT(encrypted_password); + werr = libnet_init_JoinCtx(mem_ctx, &r); + W_ERROR_NOT_OK_RETURN(werr); - mem_ctx = talloc_init("NetJoinDomain"); - if (!mem_ctx) { - werr = WERR_NOMEM; - goto done; + if (!domain_name) { + return WERR_INVALID_PARAM; } - if (!server_name || is_myname_or_ipaddr(server_name)) { - werr = WERR_NOT_SUPPORTED; - goto done; + r->in.domain_name = talloc_strdup(mem_ctx, domain_name); + W_ERROR_HAVE_NO_MEMORY(r->in.domain_name); + + if (join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { + NTSTATUS status; + struct DS_DOMAIN_CONTROLLER_INFO *info = NULL; + uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | + DS_WRITABLE_REQUIRED | + DS_RETURN_DNS_NAME; + status = DsGetDcName(mem_ctx, NULL, domain_name, + NULL, NULL, flags, &info); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + r->in.server_name = talloc_strdup(mem_ctx, info->domain_controller_name); + W_ERROR_HAVE_NO_MEMORY(r->in.server_name); } - if (!domain_name) { - werr = WERR_INVALID_PARAM; - goto done; + if (account_ou) { + r->in.account_ou = talloc_strdup(mem_ctx, account_ou); + W_ERROR_HAVE_NO_MEMORY(r->in.account_ou); + } + + if (Account) { + r->in.admin_account = talloc_strdup(mem_ctx, Account); + W_ERROR_HAVE_NO_MEMORY(r->in.admin_account); } + if (password) { + r->in.password = talloc_strdup(mem_ctx, password); + W_ERROR_HAVE_NO_MEMORY(r->in.password); + } + + r->in.join_flags = join_flags; + r->in.modify_config = true; + + return libnet_Join(mem_ctx, r); +} + +static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx, + const char *server_name, + const char *domain_name, + const char *account_ou, + const char *Account, + const char *password, + uint32_t join_flags) +{ + struct cli_state *cli = NULL; + struct rpc_pipe_client *pipe_cli = NULL; + struct wkssvc_PasswordBuffer encrypted_password; + NTSTATUS status; + WERROR werr; + unsigned int old_timeout = 0; + + ZERO_STRUCT(encrypted_password); + status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", - opt_user_name, opt_workgroup, - opt_password, 0, Undefined, NULL); + ctx->username, + ctx->workgroup, + ctx->password, + 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } - old_timeout = cli_set_timeout(cli, 60000); - pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC, &status); if (!pipe_cli) { @@ -77,7 +117,7 @@ WERROR NetJoinDomain(const char *server_name, }; if (password) { - encode_wkssvc_join_password_buffer(mem_ctx, + encode_wkssvc_join_password_buffer(ctx, password, &cli->user_session_key, &encrypted_password); @@ -85,7 +125,7 @@ WERROR NetJoinDomain(const char *server_name, old_timeout = cli_set_timeout(cli, 60000); - status = rpccli_wkssvc_NetrJoinDomain2(pipe_cli, mem_ctx, + status = rpccli_wkssvc_NetrJoinDomain2(pipe_cli, ctx, server_name, domain_name, account_ou, Account, &encrypted_password, @@ -100,17 +140,140 @@ WERROR NetJoinDomain(const char *server_name, cli_set_timeout(cli, old_timeout); cli_shutdown(cli); } - TALLOC_FREE(mem_ctx); return werr; } -WERROR NetUnjoinDomain(const char *server_name, - const char *account, - const char *password, - uint32_t unjoin_flags) +static WERROR libnetapi_NetJoinDomain(struct libnetapi_ctx *ctx, + const char *server_name, + const char *domain_name, + const char *account_ou, + const char *Account, + const char *password, + uint32_t join_flags) +{ + if (!domain_name) { + return WERR_INVALID_PARAM; + } + + if (!server_name || is_myname_or_ipaddr(server_name)) { + + return NetJoinDomainLocal(ctx, + server_name, + domain_name, + account_ou, + Account, + password, + join_flags); + } + + return NetJoinDomainRemote(ctx, + server_name, + domain_name, + account_ou, + Account, + password, + join_flags); +} + +NET_API_STATUS NetJoinDomain(const char *server_name, + const char *domain_name, + const char *account_ou, + const char *Account, + const char *password, + uint32_t join_flags) +{ + struct libnetapi_ctx *ctx = NULL; + NET_API_STATUS status; + WERROR werr; + + status = libnetapi_getctx(&ctx); + if (status != 0) { + return status; + } + + werr = libnetapi_NetJoinDomain(ctx, + server_name, + domain_name, + account_ou, + Account, + password, + join_flags); + if (!W_ERROR_IS_OK(werr)) { + return W_ERROR_V(werr); + } + + return 0; +} + +static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, + const char *server_name, + const char *account, + const char *password, + uint32_t unjoin_flags) +{ + struct libnet_UnjoinCtx *r = NULL; + struct dom_sid domain_sid; + WERROR werr; + + if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { + return WERR_SETUP_NOT_JOINED; + } + + werr = libnet_init_UnjoinCtx(mem_ctx, &r); + W_ERROR_NOT_OK_RETURN(werr); + + if (server_name) { + r->in.server_name = talloc_strdup(mem_ctx, server_name); + W_ERROR_HAVE_NO_MEMORY(r->in.server_name); + } else { + + NTSTATUS status; + const char *domain = NULL; + struct DS_DOMAIN_CONTROLLER_INFO *info = NULL; + uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | + DS_WRITABLE_REQUIRED | + DS_IS_FLAT_NAME | + DS_RETURN_DNS_NAME; + if (lp_realm()) { + domain = lp_realm(); + } else { + domain = lp_workgroup(); + } + status = DsGetDcName(mem_ctx, NULL, domain, + NULL, NULL, flags, &info); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + r->in.server_name = talloc_strdup(mem_ctx, info->domain_controller_name); + W_ERROR_HAVE_NO_MEMORY(r->in.server_name); + } + + if (account) { + r->in.admin_account = talloc_strdup(mem_ctx, account); + W_ERROR_HAVE_NO_MEMORY(r->in.admin_account); + } + + if (password) { + r->in.password = talloc_strdup(mem_ctx, password); + W_ERROR_HAVE_NO_MEMORY(r->in.password); + } + + r->in.unjoin_flags = unjoin_flags; + r->in.modify_config = true; + + r->in.domain_sid = &domain_sid; + + return libnet_Unjoin(mem_ctx, r); + +} + +static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx, + const char *server_name, + const char *account, + const char *password, + uint32_t unjoin_flags) { - TALLOC_CTX *mem_ctx = NULL; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_cli = NULL; struct wkssvc_PasswordBuffer encrypted_password; @@ -120,30 +283,19 @@ WERROR NetUnjoinDomain(const char *server_name, ZERO_STRUCT(encrypted_password); - mem_ctx = talloc_init("NetUnjoinDomain"); - if (!mem_ctx) { - werr = WERR_NOMEM; - goto done; - } - - if (!server_name || is_myname_or_ipaddr(server_name)) { - werr = WERR_NOT_SUPPORTED; - goto done; - } - status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", - opt_user_name, opt_workgroup, - opt_password, 0, Undefined, NULL); + ctx->username, + ctx->workgroup, + ctx->password, + 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } - old_timeout = cli_set_timeout(cli, 60000); - pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC, &status); if (!pipe_cli) { @@ -152,7 +304,7 @@ WERROR NetUnjoinDomain(const char *server_name, }; if (password) { - encode_wkssvc_join_password_buffer(mem_ctx, + encode_wkssvc_join_password_buffer(ctx, password, &cli->user_session_key, &encrypted_password); @@ -160,7 +312,7 @@ WERROR NetUnjoinDomain(const char *server_name, old_timeout = cli_set_timeout(cli, 60000); - status = rpccli_wkssvc_NetrUnjoinDomain2(pipe_cli, mem_ctx, + status = rpccli_wkssvc_NetrUnjoinDomain2(pipe_cli, ctx, server_name, account, &encrypted_password, @@ -176,7 +328,173 @@ WERROR NetUnjoinDomain(const char *server_name, cli_set_timeout(cli, old_timeout); cli_shutdown(cli); } - TALLOC_FREE(mem_ctx); return werr; } + +static WERROR libnetapi_NetUnjoinDomain(struct libnetapi_ctx *ctx, + const char *server_name, + const char *account, + const char *password, + uint32_t unjoin_flags) +{ + if (!server_name || is_myname_or_ipaddr(server_name)) { + + return NetUnjoinDomainLocal(ctx, + server_name, + account, + password, + unjoin_flags); + } + + return NetUnjoinDomainRemote(ctx, + server_name, + account, + password, + unjoin_flags); +} + +NET_API_STATUS NetUnjoinDomain(const char *server_name, + const char *account, + const char *password, + uint32_t unjoin_flags) +{ + struct libnetapi_ctx *ctx = NULL; + NET_API_STATUS status; + WERROR werr; + + status = libnetapi_getctx(&ctx); + if (status != 0) { + return status; + } + + werr = libnetapi_NetUnjoinDomain(ctx, + server_name, + account, + password, + unjoin_flags); + if (!W_ERROR_IS_OK(werr)) { + return W_ERROR_V(werr); + } + + return 0; +} + +static WERROR NetGetJoinInformationRemote(struct libnetapi_ctx *ctx, + const char *server_name, + const char **name_buffer, + uint16_t *name_type) +{ + struct cli_state *cli = NULL; + struct rpc_pipe_client *pipe_cli = NULL; + NTSTATUS status; + WERROR werr; + + status = cli_full_connection(&cli, NULL, server_name, + NULL, 0, + "IPC$", "IPC", + ctx->username, + ctx->workgroup, + ctx->password, + 0, Undefined, NULL); + + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC, + &status); + if (!pipe_cli) { + werr = ntstatus_to_werror(status); + goto done; + }; + + status = rpccli_wkssvc_NetrGetJoinInformation(pipe_cli, ctx, + server_name, + name_buffer, + (enum wkssvc_NetJoinStatus *)name_type, + &werr); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + done: + if (cli) { + cli_shutdown(cli); + } + + return werr; +} + +static WERROR NetGetJoinInformationLocal(struct libnetapi_ctx *ctx, + const char *server_name, + const char **name_buffer, + uint16_t *name_type) +{ + if ((lp_security() == SEC_ADS) && lp_realm()) { + *name_buffer = SMB_STRDUP(lp_realm()); + } else { + *name_buffer = SMB_STRDUP(lp_workgroup()); + } + if (!*name_buffer) { + return WERR_NOMEM; + } + + switch (lp_server_role()) { + case ROLE_DOMAIN_MEMBER: + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + *name_type = NetSetupDomainName; + break; + case ROLE_STANDALONE: + default: + *name_type = NetSetupWorkgroupName; + break; + } + + return WERR_OK; +} + +static WERROR libnetapi_NetGetJoinInformation(struct libnetapi_ctx *ctx, + const char *server_name, + const char **name_buffer, + uint16_t *name_type) +{ + if (!server_name || is_myname_or_ipaddr(server_name)) { + return NetGetJoinInformationLocal(ctx, + server_name, + name_buffer, + name_type); + } + + return NetGetJoinInformationRemote(ctx, + server_name, + name_buffer, + name_type); +} + +NET_API_STATUS NetGetJoinInformation(const char *server_name, + const char **name_buffer, + uint16_t *name_type) +{ + struct libnetapi_ctx *ctx = NULL; + NET_API_STATUS status; + WERROR werr; + + status = libnetapi_getctx(&ctx); + if (status != 0) { + return status; + } + + werr = libnetapi_NetGetJoinInformation(ctx, + server_name, + name_buffer, + name_type); + if (!W_ERROR_IS_OK(werr)) { + return W_ERROR_V(werr); + } + + return 0; +} |