From 5bea31aa3c6a1e66496d6bb596b96977ba01457f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 21:38:21 +0200 Subject: libnetjoin: support kerberized joining/unjoing (fix #5416). Guenther (This used to be commit da6e0f4f375aa533c4c765891c960070478972eb) --- source3/libnet/libnet_join.c | 60 ++++++++++++++++++++++++++++++-------------- source3/utils/net_ads.c | 10 ++++++-- 2 files changed, 49 insertions(+), 21 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2f2c71dfce..b7a15c558b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -641,6 +641,37 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, return true; } +/**************************************************************** + Connect dc's IPC$ share +****************************************************************/ + +static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, + const char *user, + const char *pass, + bool use_kerberos, + struct cli_state **cli) +{ + int flags = 0; + + if (use_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + + if (use_kerberos && pass) { + flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + } + + return cli_full_connection(cli, NULL, + dc, + NULL, 0, + "IPC$", "IPC", + user, + NULL, + pass, + flags, + Undefined, NULL); +} + /**************************************************************** Lookup domain dc's info ****************************************************************/ @@ -654,16 +685,11 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; union lsa_PolicyInformation *info = NULL; - status = cli_full_connection(cli, NULL, - r->in.dc_name, - NULL, 0, - "IPC$", "IPC", - r->in.admin_account, - NULL, - r->in.admin_password, - 0, - Undefined, NULL); - + status = libnet_join_connect_dc_ipc(r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + r->in.use_kerberos, + cli); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -1109,15 +1135,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, ZERO_STRUCT(domain_pol); ZERO_STRUCT(user_pol); - status = cli_full_connection(&cli, NULL, - r->in.dc_name, - NULL, 0, - "IPC$", "IPC", - r->in.admin_account, - NULL, - r->in.admin_password, - 0, Undefined, NULL); - + status = libnet_join_connect_dc_ipc(r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + r->in.use_kerberos, + &cli); if (!NT_STATUS_IS_OK(status)) { goto done; } diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 934ac1da1e..7dbe518c3d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -879,7 +879,9 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - use_in_memory_ccache(); + if (!c->opt_kerberos) { + use_in_memory_ccache(); + } werr = libnet_init_UnjoinCtx(ctx, &r); if (!W_ERROR_IS_OK(werr)) { @@ -888,6 +890,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) } r->in.debug = true; + r->in.use_kerberos = c->opt_kerberos; r->in.dc_name = c->opt_host; r->in.domain_name = lp_realm(); r->in.admin_account = c->opt_user_name; @@ -1192,7 +1195,9 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) goto fail; } - use_in_memory_ccache(); + if (!c->opt_kerberos) { + use_in_memory_ccache(); + } werr = libnet_init_JoinCtx(ctx, &r); if (!W_ERROR_IS_OK(werr)) { @@ -1250,6 +1255,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) r->in.admin_account = c->opt_user_name; r->in.admin_password = net_prompt_pass(c, c->opt_user_name); r->in.debug = true; + r->in.use_kerberos = c->opt_kerberos; r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | -- cgit