summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_wkssvc_nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_wkssvc_nt.c')
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c113
1 files changed, 89 insertions, 24 deletions
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 849ec9c4eb..6d03009d00 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -281,19 +281,20 @@ WERROR _wkssvc_NetrGetJoinableOus(pipes_struct *p, struct wkssvc_NetrGetJoinable
}
/********************************************************************
+ _wkssvc_NetrJoinDomain2
********************************************************************/
-WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r)
+WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
+ struct wkssvc_NetrJoinDomain2 *r)
{
-#if 0
struct libnet_JoinCtx *j = NULL;
- char *pwd = NULL;
+ char *cleartext_pwd = NULL;
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
NTSTATUS status;
struct nt_user_token *token = p->pipe_user.nt_user_token;
- struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+ struct netr_DsRGetDCNameInfo *info = NULL;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -302,18 +303,15 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+ DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
+ "sufficient privileges\n"));
return WERR_ACCESS_DENIED;
}
werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
r->in.encrypted_password,
&p->session_key,
- &pwd);
- if (!W_ERROR_IS_OK(werr)) {
- return werr;
- }
-
- werr = libnet_init_JoinCtx(p->mem_ctx, &j);
+ &cleartext_pwd);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -323,8 +321,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
&admin_domain,
&admin_account);
- status = DsGetDcName(p->mem_ctx,
- NULL,
+ status = dsgetdcname(p->mem_ctx,
r->in.domain_name,
NULL,
NULL,
@@ -336,33 +333,101 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
return ntstatus_to_werror(status);
}
- j->in.server_name = info->domain_controller_name;
+ werr = libnet_init_JoinCtx(p->mem_ctx, &j);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ j->in.dc_name = info->dc_unc;
j->in.domain_name = r->in.domain_name;
j->in.account_ou = r->in.account_ou;
j->in.join_flags = r->in.join_flags;
-
- j->in.admin_account = admin_account;
- j->in.password = pwd;
- j->in.modify_config = true;
+ j->in.admin_account = admin_account;
+ j->in.admin_password = cleartext_pwd;
+ j->in.debug = true;
become_root();
werr = libnet_Join(p->mem_ctx, j);
unbecome_root();
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+ j->out.error_string ? j->out.error_string :
+ dos_errstr(werr)));
+ }
+
+ TALLOC_FREE(j);
return werr;
-#endif
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
}
/********************************************************************
+ _wkssvc_NetrUnjoinDomain2
********************************************************************/
-WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, struct wkssvc_NetrUnjoinDomain2 *r)
+WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
+ struct wkssvc_NetrUnjoinDomain2 *r)
{
- /* FIXME: Add implementation code here */
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ struct libnet_UnjoinCtx *u = NULL;
+ char *cleartext_pwd = NULL;
+ char *admin_domain = NULL;
+ char *admin_account = NULL;
+ WERROR werr;
+ NTSTATUS status;
+ struct nt_user_token *token = p->pipe_user.nt_user_token;
+ struct netr_DsRGetDCNameInfo *info = NULL;
+
+ if (!user_has_privileges(token, &se_machine_account) &&
+ !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+ !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+ DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
+ "sufficient privileges\n"));
+ return WERR_ACCESS_DENIED;
+ }
+
+ werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
+ r->in.encrypted_password,
+ &p->session_key,
+ &cleartext_pwd);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ split_domain_user(p->mem_ctx,
+ r->in.account,
+ &admin_domain,
+ &admin_account);
+
+ status = dsgetdcname(p->mem_ctx,
+ lp_realm(),
+ NULL,
+ NULL,
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
+ }
+
+ werr = libnet_init_UnjoinCtx(p->mem_ctx, &u);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ u->in.dc_name = info->dc_unc;
+ u->in.domain_name = lp_realm();
+ u->in.unjoin_flags = r->in.unjoin_flags |
+ WKSSVC_JOIN_FLAGS_JOIN_TYPE;
+ u->in.admin_account = admin_account;
+ u->in.admin_password = cleartext_pwd;
+ u->in.debug = true;
+
+ become_root();
+ werr = libnet_Unjoin(p->mem_ctx, u);
+ unbecome_root();
+
+ TALLOC_FREE(u);
+ return werr;
}
/********************************************************************
generated by cgit (git 2.34.1) at 2024-06-11 17:46:54 +0000