summaryrefslogtreecommitdiff
path: root/source3/utils/net_ads.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils/net_ads.c')
-rw-r--r--source3/utils/net_ads.c330
1 files changed, 0 insertions, 330 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 345665d62e..9358a4f184 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -948,336 +948,6 @@ static NTSTATUS check_ads_config( void )
}
/*******************************************************************
- Do the domain join
- ********************************************************************/
-
-static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
- struct sockaddr_storage *pss,
- const char **domain,
- DOM_SID **dom_sid,
- const char *password)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct cli_state *cli = NULL;
-
- ret = connect_to_ipc_krb5(&cli, pss, servername);
- if ( !NT_STATUS_IS_OK(ret) ) {
- goto done;
- }
-
- ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid );
- if ( !NT_STATUS_IS_OK(ret) ) {
- goto done;
- }
-
- /* cli->server_domain is not filled in when using krb5
- session setups */
-
- saf_store( *domain, cli->desthost );
-
- ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD );
-
-done:
- if ( cli )
- cli_shutdown(cli);
-
- return ret;
-}
-
-/*******************************************************************
- Set a machines dNSHostName and servicePrincipalName attributes
- ********************************************************************/
-
-static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s )
-{
- ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
- char *new_dn;
- ADS_MODLIST mods;
- const char *servicePrincipalName[3] = {NULL, NULL, NULL};
- char *psp;
- fstring my_fqdn;
- LDAPMessage *res = NULL;
- char *dn_string = NULL;
- const char *machine_name = global_myname();
- int count;
-
- if ( !machine_name ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* Find our DN */
-
- status = ads_find_machine_acct(ads_s, &res, machine_name);
- if (!ADS_ERR_OK(status))
- return status;
-
- if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
- DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
- DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n"));
- goto done;
- }
-
- new_dn = talloc_strdup(ctx, dn_string);
- ads_memfree(ads_s, dn_string);
- if (!new_dn) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* Windows only creates HOST/shortname & HOST/fqdn. */
-
- if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) )
- goto done;
- strupper_m(psp);
- servicePrincipalName[0] = psp;
-
- name_to_fqdn(my_fqdn, machine_name);
- strlower_m(my_fqdn);
- if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) )
- goto done;
- servicePrincipalName[1] = psp;
-
- if (!(mods = ads_init_mods(ctx))) {
- goto done;
- }
-
- /* fields of primary importance */
-
- ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn);
- ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
-
- status = ads_gen_mod(ads_s, new_dn, mods);
-
-done:
- ads_msgfree(ads_s, res);
-
- return status;
-}
-
-/*******************************************************************
- Set a machines dNSHostName and servicePrincipalName attributes
- ********************************************************************/
-
-static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *upn )
-{
- ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
- char *new_dn;
- ADS_MODLIST mods;
- LDAPMessage *res = NULL;
- char *dn_string = NULL;
- const char *machine_name = global_myname();
- int count;
-
- if ( !machine_name ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* Find our DN */
-
- status = ads_find_machine_acct(ads_s, &res, machine_name);
- if (!ADS_ERR_OK(status))
- return status;
-
- if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
- DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
- DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n"));
- goto done;
- }
-
- new_dn = talloc_strdup(ctx, dn_string);
- ads_memfree(ads_s, dn_string);
- if (!new_dn) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* now do the mods */
-
- if (!(mods = ads_init_mods(ctx))) {
- goto done;
- }
-
- /* fields of primary importance */
-
- ads_mod_str(ctx, &mods, "userPrincipalName", upn);
-
- status = ads_gen_mod(ads_s, new_dn, mods);
-
-done:
- ads_msgfree(ads_s, res);
-
- return status;
-}
-
-/*******************************************************************
- Set a machines dNSHostName and servicePrincipalName attributes
- ********************************************************************/
-
-static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s,
- const char *os_name, const char *os_version )
-{
- ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
- char *new_dn;
- ADS_MODLIST mods;
- LDAPMessage *res = NULL;
- char *dn_string = NULL;
- const char *machine_name = global_myname();
- int count;
- char *os_sp = NULL;
-
- if ( !os_name || !os_version ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* Find our DN */
-
- status = ads_find_machine_acct(ads_s, &res, machine_name);
- if (!ADS_ERR_OK(status))
- return status;
-
- if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
- DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
- DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n"));
- goto done;
- }
-
- new_dn = talloc_strdup(ctx, dn_string);
- ads_memfree(ads_s, dn_string);
- if (!new_dn) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* now do the mods */
-
- if (!(mods = ads_init_mods(ctx))) {
- goto done;
- }
-
- os_sp = talloc_asprintf( ctx, "Samba %s", SAMBA_VERSION_STRING );
-
- /* fields of primary importance */
-
- ads_mod_str(ctx, &mods, "operatingSystem", os_name);
- ads_mod_str(ctx, &mods, "operatingSystemVersion", os_version);
- if ( os_sp )
- ads_mod_str(ctx, &mods, "operatingSystemServicePack", os_sp);
-
- status = ads_gen_mod(ads_s, new_dn, mods);
-
-done:
- ads_msgfree(ads_s, res);
- TALLOC_FREE( os_sp );
-
- return status;
-}
-
-/*******************************************************************
- join a domain using ADS (LDAP mods)
- ********************************************************************/
-
-static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou )
-{
- ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN);
- char *ou_str = NULL;
- char *dn = NULL;
- LDAPMessage *res = NULL;
- bool moved;
-
- ou_str = ads_ou_string(ads, ou);
- if (asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path) == -1) {
- rc = ADS_ERROR(LDAP_NO_MEMORY);
- goto done;
- }
-
- rc = ads_search_dn(ads, &res, dn, NULL);
- if (!ADS_ERR_OK(rc)) {
- d_fprintf(stderr, "The specified OU does not exist.\n");
- goto done;
- }
-
- /* Attempt to create the machine account and bail if this fails.
- Assume that the admin wants exactly what they requested */
-
- rc = ads_create_machine_acct( ads, global_myname(), dn );
- if (ADS_ERR_OK(rc)) {
- DEBUG(1, ("machine account created\n"));
- goto done;
- }
- if ( !(rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS) ) {
- DEBUG(1, ("machine account creation failed\n"));
- goto done;
- }
-
- rc = ads_move_machine_acct(ads, global_myname(), dn, &moved);
- if (!ADS_ERR_OK(rc)) {
- DEBUG(1, ("failure to locate/move pre-existing machine account\n"));
- goto done;
- }
-
- if (moved) {
- d_printf("The machine account was moved into the specified OU.\n");
- } else {
- d_printf("The machine account already exists in the specified OU.\n");
- }
-
-done:
- ads_msgfree(ads, res);
- SAFE_FREE( ou_str );
- SAFE_FREE( dn );
-
- return rc;
-}
-
-/************************************************************************
- ************************************************************************/
-
-static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads )
-{
- uint32 domain_func;
- ADS_STATUS status;
- fstring salt;
- char *std_salt;
- const char *machine_name = global_myname();
-
- status = ads_domain_func_level( ads, &domain_func );
- if ( !ADS_ERR_OK(status) ) {
- DEBUG(2,("Failed to determine domain functional level!\n"));
- return False;
- }
-
- /* go ahead and setup the default salt */
-
- if ( (std_salt = kerberos_standard_des_salt()) == NULL ) {
- d_fprintf(stderr, "net_derive_salting_principal: failed to obtain stanard DES salt\n");
- return False;
- }
-
- fstrcpy( salt, std_salt );
- SAFE_FREE( std_salt );
-
- /* if it's a Windows functional domain, we have to look for the UPN */
-
- if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) {
- char *upn = ads_get_upn(ads, ctx, machine_name);
- if ( upn ) {
- fstrcpy( salt, upn );
- }
- }
-
- return kerberos_secrets_store_des_salt( salt );
-}
-
-/*******************************************************************
Send a DNS update request
*******************************************************************/
generated by cgit (git 2.34.1) at 2024-12-19 08:27:29 +0000