From 5bea31aa3c6a1e66496d6bb596b96977ba01457f Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Wed, 30 Jul 2008 21:38:21 +0200
Subject: libnetjoin: support kerberized joining/unjoing (fix #5416).

Guenther
(This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
---
 source3/libnet/libnet_join.c | 60 ++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 19 deletions(-)

(limited to 'source3/libnet')

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 2f2c71dfce..b7a15c558b 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -641,6 +641,37 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
 	return true;
 }
 
+/****************************************************************
+ Connect dc's IPC$ share
+****************************************************************/
+
+static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
+					   const char *user,
+					   const char *pass,
+					   bool use_kerberos,
+					   struct cli_state **cli)
+{
+	int flags = 0;
+
+	if (use_kerberos) {
+		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+	}
+
+	if (use_kerberos && pass) {
+		flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+	}
+
+	return cli_full_connection(cli, NULL,
+				   dc,
+				   NULL, 0,
+				   "IPC$", "IPC",
+				   user,
+				   NULL,
+				   pass,
+				   flags,
+				   Undefined, NULL);
+}
+
 /****************************************************************
  Lookup domain dc's info
 ****************************************************************/
@@ -654,16 +685,11 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 	union lsa_PolicyInformation *info = NULL;
 
-	status = cli_full_connection(cli, NULL,
-				     r->in.dc_name,
-				     NULL, 0,
-				     "IPC$", "IPC",
-				     r->in.admin_account,
-				     NULL,
-				     r->in.admin_password,
-				     0,
-				     Undefined, NULL);
-
+	status = libnet_join_connect_dc_ipc(r->in.dc_name,
+					    r->in.admin_account,
+					    r->in.admin_password,
+					    r->in.use_kerberos,
+					    cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
@@ -1109,15 +1135,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
 	ZERO_STRUCT(domain_pol);
 	ZERO_STRUCT(user_pol);
 
-	status = cli_full_connection(&cli, NULL,
-				     r->in.dc_name,
-				     NULL, 0,
-				     "IPC$", "IPC",
-				     r->in.admin_account,
-				     NULL,
-				     r->in.admin_password,
-				     0, Undefined, NULL);
-
+	status = libnet_join_connect_dc_ipc(r->in.dc_name,
+					    r->in.admin_account,
+					    r->in.admin_password,
+					    r->in.use_kerberos,
+					    &cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
-- 
cgit