From 6345220151c4b09380b0b461f51309c043052916 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 23:11:53 +0100 Subject: Only create machine account in libnetjoin when requested to. Guenther (This used to be commit bc025a3860483e8cdbd0f61579689c9edadd3af0) --- source3/libnet/libnet_join.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 95b643ffa6..36d5c0a889 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -138,17 +138,21 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, strlower_m(acct_name); const_acct_name = acct_name; - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, ACB_WSTRUST, - 0xe005000b, &user_pol, &user_rid); - if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { - if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { - goto done; + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, + &domain_pol, + acct_name, ACB_WSTRUST, + 0xe005000b, &user_pol, + &user_rid); + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { + goto done; + } } - } - if (NT_STATUS_IS_OK(status)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + if (NT_STATUS_IS_OK(status)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + } } status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, -- cgit From 077eaafed5ac61d5091b35c9fc7d7c768fd67ad3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 18:46:07 +0100 Subject: Add error_string to libnetjoin and libnetunjoin structures incl. set functions. Guenther (This used to be commit 4f9985bb33aa5973e6b685a45039c8e227487db1) --- source3/libnet/libnet_join.c | 36 ++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_join.h | 2 ++ 2 files changed, 38 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 36d5c0a889..95088606a2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -22,6 +22,42 @@ #include "libnet/libnet_join.h" #include "libnet/libnet_proto.h" +/**************************************************************** +****************************************************************/ + +static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + const char *format, ...) +{ + va_list args; + char *tmp = NULL; + + va_start(args, format); + tmp = talloc_vasprintf(mem_ctx, format, args); + va_end(args); + + TALLOC_FREE(r->out.error_string); + r->out.error_string = tmp; +} + +/**************************************************************** +****************************************************************/ + +static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r, + const char *format, ...) +{ + va_list args; + char *tmp = NULL; + + va_start(args, format); + tmp = talloc_vasprintf(mem_ctx, format, args); + va_end(args); + + TALLOC_FREE(r->out.error_string); + r->out.error_string = tmp; +} + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 9e7b8a9813..ac1fe6efcb 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -44,6 +44,7 @@ struct libnet_JoinCtx { struct dom_sid *domain_sid; bool modified_config; WERROR result; + char *error_string; } out; }; @@ -61,6 +62,7 @@ struct libnet_UnjoinCtx { struct { bool modified_config; WERROR result; + char *error_string; } out; }; -- cgit From 60555e66dd06f74316e05b59aec8943f5b0a62fa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 18:58:04 +0100 Subject: Add ADS_STRUCTs to libnetjoin and -unjoin, with talloc destructors. Guenther (This used to be commit 985d45206990988894e05ea6fb0aacc7396a6db4) --- source3/libnet/libnet_join.c | 137 +++++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_join.h | 3 + 2 files changed, 140 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 95088606a2..7c8b395cd3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,6 +58,103 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, + const char *netbios_domain_name, + const char *dc_name, + const char *user_name, + const char *password, + ADS_STRUCT **ads) +{ + ADS_STATUS status; + ADS_STRUCT *my_ads = NULL; + + my_ads = ads_init(dns_domain_name, + netbios_domain_name, + dc_name); + if (!my_ads) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + if (user_name) { + SAFE_FREE(my_ads->auth.user_name); + my_ads->auth.user_name = SMB_STRDUP(user_name); + } + + if (password) { + SAFE_FREE(my_ads->auth.password); + my_ads->auth.password = SMB_STRDUP(password); + } + + status = ads_connect(my_ads); + if (!ADS_ERR_OK(status)) { + ads_destroy(&my_ads); + return status; + } + + *ads = my_ads; + return ADS_SUCCESS; +} + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + status = libnet_connect_ads(r->in.domain_name, + r->in.domain_name, + r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + &r->in.ads); + if (!ADS_ERR_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to connect to AD: %s\n", + ads_errstr(status)); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + ADS_STATUS status; + + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + status = libnet_connect_ads(r->in.domain_name, + r->in.domain_name, + r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + &r->in.ads); + if (!ADS_ERR_OK(status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to connect to AD: %s\n", + ads_errstr(status)); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -484,6 +581,33 @@ static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ + +static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) +{ + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + return 0; +} + +/**************************************************************** +****************************************************************/ + +static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) +{ + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + return 0; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r) { @@ -494,11 +618,19 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, return WERR_NOMEM; } + talloc_set_destructor(ctx, libnet_destroy_JoinCtx); + + ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); + W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + *r = ctx; return WERR_OK; } +/**************************************************************** +****************************************************************/ + WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx **r) { @@ -509,6 +641,11 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, return WERR_NOMEM; } + talloc_set_destructor(ctx, libnet_destroy_UnjoinCtx); + + ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); + W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + *r = ctx; return WERR_OK; diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index ac1fe6efcb..b2e59b99c9 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -34,6 +34,7 @@ struct libnet_JoinCtx { const char *os_string; const char *upn; bool modify_config; + struct ads_struct *ads; } in; struct { @@ -51,12 +52,14 @@ struct libnet_JoinCtx { struct libnet_UnjoinCtx { struct { const char *dc_name; + const char *machine_name; const char *domain_name; const char *admin_account; const char *admin_password; uint32_t unjoin_flags; bool modify_config; struct dom_sid *domain_sid; + struct ads_struct *ads; } in; struct { -- cgit From 0bbc04d5164858ed91353600ee068715a272568b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 19:07:38 +0100 Subject: Rearrange libnet join code and add support for account pre-creation in AD. Guenther (This used to be commit 18ae8580420c37aa4b189eb5ce53cc65a9827d95) --- source3/libnet/libnet_join.c | 112 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 100 insertions(+), 12 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7c8b395cd3..1d52b81a75 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -155,6 +155,39 @@ static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + const char *attrs[] = { "dn", NULL }; + + status = ads_search_dn(r->in.ads, &res, r->in.account_ou, attrs); + if (!ADS_ERR_OK(status)) { + return status; + } + + if (ads_count_replies(r->in.ads, res) != 1) { + ads_msgfree(r->in.ads, res); + return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT); + } + + status = ads_create_machine_acct(r->in.ads, + r->in.machine_name, + r->in.account_ou); + ads_msgfree(r->in.ads, res); + + if ((status.error_type == ENUM_ADS_ERROR_LDAP) && + (status.err.rc == LDAP_ALREADY_EXISTS)) { + status = ADS_SUCCESS; + } + + return status; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -174,6 +207,9 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, return true; } +/**************************************************************** +****************************************************************/ + static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -362,6 +398,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, return status; } +/**************************************************************** +****************************************************************/ + static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { @@ -376,6 +415,9 @@ static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, return true; } +/**************************************************************** +****************************************************************/ + static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { @@ -481,6 +523,9 @@ done: return status; } +/**************************************************************** +****************************************************************/ + static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) { WERROR werr; @@ -519,6 +564,9 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ + static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) { WERROR werr = WERR_OK; @@ -534,6 +582,8 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ static WERROR do_JoinConfig(struct libnet_JoinCtx *r) { @@ -558,6 +608,9 @@ static WERROR do_JoinConfig(struct libnet_JoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ + static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) { WERROR werr; @@ -651,11 +704,54 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, return WERR_OK; } +/**************************************************************** +****************************************************************/ + +static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + NTSTATUS status; + ADS_STATUS ads_status; + + if (r->in.account_ou) { + ads_status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + return WERR_GENERAL_FAILURE; + } + ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to precreate account in ou %s: %s\n", + r->in.account_ou, + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; + } + + status = libnet_join_joindomain_rpc(mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + return WERR_SETUP_ALREADY_JOINED; + } + return ntstatus_to_werror(status); + } + + if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { + return WERR_SETUP_NOT_JOINED; + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_Join(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { WERROR werr; - NTSTATUS status; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -670,17 +766,9 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, } if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - - status = libnet_join_joindomain_rpc(mem_ctx, r); - if (!NT_STATUS_IS_OK(status)) { - if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { - return WERR_SETUP_ALREADY_JOINED; - } - return ntstatus_to_werror(status); - } - - if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { - return WERR_SETUP_NOT_JOINED; + werr = libnet_DomainJoin(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + return werr; } } -- cgit From 5b5f17a81d76b4675a4a0f09f92dddbc3a221673 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 19:11:26 +0100 Subject: Honor the WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag when unjoining from AD. Guenther (This used to be commit ed164b523e63c3ebf2c822a00a877ef169738a3a) --- source3/libnet/libnet_join.c | 66 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 1d52b81a75..627558d4a9 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -188,6 +188,24 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + ADS_STATUS status; + + if (!r->in.ads) { + status = libnet_unjoin_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + return ads_leave_realm(r->in.ads, r->in.machine_name); +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -780,27 +798,55 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, return werr; } +/**************************************************************** +****************************************************************/ + +static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + NTSTATUS status; + + status = libnet_join_unjoindomain_rpc(mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + return WERR_SETUP_NOT_JOINED; + } + return ntstatus_to_werror(status); + } + + if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { + ADS_STATUS ads_status; + libnet_unjoin_connect_ads(mem_ctx, r); + ads_status = libnet_unjoin_remove_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to remove machine account from AD: %s\n", + ads_errstr(ads_status)); + } + } + + libnet_join_unjoindomain_remove_secrets(mem_ctx, r); + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { WERROR werr; - NTSTATUS status; if (r->in.modify_config && !lp_include_registry_globals()) { return WERR_NOT_SUPPORTED; } if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - - status = libnet_join_unjoindomain_rpc(mem_ctx, r); - if (!NT_STATUS_IS_OK(status)) { - if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { - return WERR_SETUP_NOT_JOINED; - } - return ntstatus_to_werror(status); + werr = libnet_DomainUnjoin(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + return werr; } - - libnet_join_unjoindomain_remove_secrets(mem_ctx, r); } werr = do_UnjoinConfig(r); -- cgit From d66118629cccf01799ecdbcd73a944903908a64c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 19:31:20 +0100 Subject: Add libnet_join_find_machine_acct(). Guenther (This used to be commit f550ed02ff9e0546c63064ab9dac760eac7e1e16) --- source3/libnet/libnet_join.c | 46 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 627558d4a9..bc775a9d40 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -206,6 +206,52 @@ static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + char *dn = NULL; + + if (!r->in.machine_name) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + status = ads_find_machine_acct(r->in.ads, + &res, + r->in.machine_name); + if (!ADS_ERR_OK(status)) { + return status; + } + + if (ads_count_replies(r->in.ads, res) != 1) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + dn = ads_get_dn(r->in.ads, res); + if (!dn) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + TALLOC_FREE(r->out.dn); + r->out.dn = talloc_strdup(mem_ctx, dn); + if (!r->out.dn) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + done: + ads_msgfree(r->in.ads, res); + ads_memfree(r->in.ads, dn); + + return status; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { -- cgit From 60eb92478c58ae3c68b691c62e6bc7cb6518c679 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:16:57 +0100 Subject: Merge remaining post-AD-join functions from net into libnet_join. Guenther (This used to be commit 3e816d7555218192881d79645fca26981a7099c7) --- source3/libnet/libnet_join.c | 184 +++++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_join.h | 3 +- 2 files changed, 186 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bc775a9d40..4149116833 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -252,6 +252,190 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + ADS_MODLIST mods; + fstring my_fqdn; + const char *spn_array[3] = {NULL, NULL, NULL}; + char *spn = NULL; + + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + status = libnet_join_find_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + + spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); + if (!spn) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + strupper_m(spn); + spn_array[0] = spn; + + if (name_to_fqdn(my_fqdn, r->in.machine_name) && + !strequal(my_fqdn, r->in.machine_name)) { + + strlower_m(my_fqdn); + spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); + if (!spn) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + spn_array[1] = spn; + } + + mods = ads_init_mods(mem_ctx); + if (!mods) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn); + if (!ADS_ERR_OK(status)) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName", + spn_array); + if (!ADS_ERR_OK(status)) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + return ads_gen_mod(r->in.ads, r->out.dn, mods); +} + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + ADS_MODLIST mods; + + if (!r->in.create_upn) { + return ADS_SUCCESS; + } + + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + status = libnet_join_find_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + + if (!r->in.upn) { + r->in.upn = talloc_asprintf(mem_ctx, + "host/%s@%s", + r->in.machine_name, + r->out.dns_domain_name); + if (!r->in.upn) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + } + + mods = ads_init_mods(mem_ctx); + if (!mods) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", r->in.upn); + if (!ADS_ERR_OK(status)) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + return ads_gen_mod(r->in.ads, r->out.dn, mods); +} + + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + ADS_MODLIST mods; + char *os_sp = NULL; + + if (!r->in.os_name || !r->in.os_version ) { + return ADS_SUCCESS; + } + + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + status = libnet_join_find_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + + mods = ads_init_mods(mem_ctx); + if (!mods) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + os_sp = talloc_asprintf(mem_ctx, "Samba %s", SAMBA_VERSION_STRING); + if (!os_sp) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + status = ads_mod_str(mem_ctx, &mods, "operatingSystem", + r->in.os_name); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", + r->in.os_version); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_mod_str(mem_ctx, &mods, "operatingSystemServicePack", + os_sp); + if (!ADS_ERR_OK(status)) { + return status; + } + + return ads_gen_mod(r->in.ads, r->out.dn, mods); +} + +/**************************************************************** +****************************************************************/ + +static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + if (!lp_use_kerberos_keytab()) { + return true; + } + + if (!ads_keytab_create_default(r->in.ads)) { + return false; + } + + return true; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index b2e59b99c9..c6a0cd183c 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -31,7 +31,8 @@ struct libnet_JoinCtx { const char *machine_password; uint32_t join_flags; const char *os_version; - const char *os_string; + const char *os_name; + bool create_upn; const char *upn; bool modify_config; struct ads_struct *ads; -- cgit From ec75d53dfc6b678f1270927864dae621e63b11c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:20:03 +0100 Subject: Finally use libnet_join_set_* functions in libnetjoin. Guenther (This used to be commit 1436670854ae635cfa2a69939d3ac31da87c3f66) --- source3/libnet/libnet_join.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4149116833..94fa62e47b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -990,6 +990,36 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } + ads_status = libnet_join_set_machine_spn(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine spn: %s\n", + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + ads_status = libnet_join_set_os_attributes(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine os attributes: %s\n", + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + ads_status = libnet_join_set_machine_upn(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine upn: %s\n", + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + if (!libnet_join_create_keytab(mem_ctx, r)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to create kerberos keytab\n"); + return WERR_GENERAL_FAILURE; + } + return WERR_OK; } -- cgit From d5dec339043875e98cbceadf3cbd0d1b39c9b463 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:41:55 +0100 Subject: There is no LDAP in some corners of this world. Fix the build... Guenther (This used to be commit 83ed37023c2be4c6b4d99d8117ac8438a413112c) --- source3/libnet/libnet_join.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 94fa62e47b..5c64778da3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,6 +58,8 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } +#ifdef WITH_LDAP + /**************************************************************** ****************************************************************/ @@ -416,6 +418,8 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ads_gen_mod(r->in.ads, r->out.dn, mods); } +#endif + /**************************************************************** ****************************************************************/ @@ -426,10 +430,11 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, return true; } +#ifdef WITH_ADS if (!ads_keytab_create_default(r->in.ads)) { return false; } - +#endif return true; } @@ -959,6 +964,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; +#ifdef WITH_LDAP ADS_STATUS ads_status; if (r->in.account_ou) { @@ -977,7 +983,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; } - +#endif status = libnet_join_joindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -990,6 +996,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } +#ifdef WITH_LDAP ads_status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, @@ -1013,7 +1020,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; } - +#endif if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, "failed to create kerberos keytab\n"); @@ -1074,6 +1081,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } +#ifdef WITH_LDAP if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { ADS_STATUS ads_status; libnet_unjoin_connect_ads(mem_ctx, r); @@ -1084,7 +1092,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); } } - +#endif libnet_join_unjoindomain_remove_secrets(mem_ctx, r); return WERR_OK; -- cgit From c8abd25d94fba0df62136c33837ddfcdaa459a66 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:56:34 +0100 Subject: Trying to make the buildfarm w/o krb5 happy. Guenther (This used to be commit 079f2eba81886707ea4b18f103e097dbac994b2f) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5c64778da3..f4c0dfa2c2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -430,7 +430,7 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, return true; } -#ifdef WITH_ADS +#ifdef WITH_KRB5 if (!ads_keytab_create_default(r->in.ads)) { return false; } -- cgit From c6576503c9298f1123ac4902e2b72453745d3566 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 11:46:11 +0100 Subject: When unjoining fails (e.g. missing creds) make sure we still correct config. Guenther (This used to be commit 7f51583f681b1acc9bfbab6ee0e2d1c13d2c4ca4) --- source3/libnet/libnet_join.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f4c0dfa2c2..05ab184cec 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1075,6 +1075,9 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, status = libnet_join_unjoindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to unjoin domain: %s\n", + nt_errstr(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { return WERR_SETUP_NOT_JOINED; } @@ -1113,6 +1116,7 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_DomainUnjoin(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { + do_UnjoinConfig(r); return werr; } } -- cgit From 697208406cd5b669d76265f753097faa761df9c8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 14:03:12 +0100 Subject: Fix define check s/WITH_LDAP/HAVE_LDAP/ in libnet_join. Guenther (This used to be commit 045a69c59c3b0732bb12a8b0efc8c9675e811719) --- source3/libnet/libnet_join.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 05ab184cec..454c1f29fb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,7 +58,7 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } -#ifdef WITH_LDAP +#ifdef HAVE_LDAP /**************************************************************** ****************************************************************/ @@ -964,7 +964,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; -#ifdef WITH_LDAP +#ifdef HAVE_LDAP ADS_STATUS ads_status; if (r->in.account_ou) { @@ -996,7 +996,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } -#ifdef WITH_LDAP +#ifdef HAVE_LDAP ads_status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, @@ -1084,7 +1084,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } -#ifdef WITH_LDAP +#ifdef HAVE_LDAP if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { ADS_STATUS ads_status; libnet_unjoin_connect_ads(mem_ctx, r); -- cgit