/* * Unix SMB/CIFS implementation. * NetApi Join Support * Copyright (C) Guenther Deschner 2007 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include "includes.h" #include "lib/netapi/netapi.h" #include "libnet/libnet.h" static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx, const char *server_name, const char *domain_name, const char *account_ou, const char *Account, const char *password, uint32_t join_flags) { struct libnet_JoinCtx *r = NULL; WERROR werr; werr = libnet_init_JoinCtx(mem_ctx, &r); W_ERROR_NOT_OK_RETURN(werr); if (!domain_name) { return WERR_INVALID_PARAM; } r->in.domain_name = talloc_strdup(mem_ctx, domain_name); W_ERROR_HAVE_NO_MEMORY(r->in.domain_name); if (join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { NTSTATUS status; struct DS_DOMAIN_CONTROLLER_INFO *info = NULL; uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_WRITABLE_REQUIRED | DS_RETURN_DNS_NAME; status = DsGetDcName(mem_ctx, NULL, domain_name, NULL, NULL, flags, &info); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); } r->in.server_name = talloc_strdup(mem_ctx, info->domain_controller_name); W_ERROR_HAVE_NO_MEMORY(r->in.server_name); } if (account_ou) { r->in.account_ou = talloc_strdup(mem_ctx, account_ou); W_ERROR_HAVE_NO_MEMORY(r->in.account_ou); } if (Account) { r->in.admin_account = talloc_strdup(mem_ctx, Account); W_ERROR_HAVE_NO_MEMORY(r->in.admin_account); } if (password) { r->in.password = talloc_strdup(mem_ctx, password); W_ERROR_HAVE_NO_MEMORY(r->in.password); } r->in.join_flags = join_flags; r->in.modify_config = true; return libnet_Join(mem_ctx, r); } static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx, const char *server_name, const char *domain_name, const char *account_ou, const char *Account, const char *password, uint32_t join_flags) { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_cli = NULL; struct wkssvc_PasswordBuffer encrypted_password; NTSTATUS status; WERROR werr; unsigned int old_timeout = 0; ZERO_STRUCT(encrypted_password); status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", ctx->username, ctx->workgroup, ctx->password, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } old_timeout = cli_set_timeout(cli, 60000); pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC, &status); if (!pipe_cli) { werr = ntstatus_to_werror(status); goto done; }; if (password) { encode_wkssvc_join_password_buffer(ctx, password, &cli->user_session_key, &encrypted_password); } old_timeout = cli_set_timeout(cli, 60000); status = rpccli_wkssvc_NetrJoinDomain2(pipe_cli, ctx, server_name, domain_name, account_ou, Account, &encrypted_password, join_flags, &werr); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } done: if (cli) { cli_set_timeout(cli, old_timeout); cli_shutdown(cli); } return werr; } static WERROR libnetapi_NetJoinDomain(struct libnetapi_ctx *ctx, const char *server_name, const char *domain_name, const char *account_ou, const char *Account, const char *password, uint32_t join_flags) { if (!domain_name) { return WERR_INVALID_PARAM; } if (!server_name || is_myname_or_ipaddr(server_name)) { return NetJoinDomainLocal(ctx, server_name, domain_name, account_ou, Account, password, join_flags); } return NetJoinDomainRemote(ctx, server_name, domain_name, account_ou, Account, password, join_flags); } NET_API_STATUS NetJoinDomain(const char *server_name, const char *domain_name, const char *account_ou, const char *Account, const char *password, uint32_t join_flags) { struct libnetapi_ctx *ctx = NULL; NET_API_STATUS status; WERROR werr; status = libnetapi_getctx(&ctx); if (status != 0) { return status; } werr = libnetapi_NetJoinDomain(ctx, server_name, domain_name, account_ou, Account, password, join_flags); if (!W_ERROR_IS_OK(werr)) { return W_ERROR_V(werr); } return 0; } static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, const char *server_name, const char *account, const char *password, uint32_t unjoin_flags) { struct libnet_UnjoinCtx *r = NULL; struct dom_sid domain_sid; WERROR werr; if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { return WERR_SETUP_NOT_JOINED; } werr = libnet_init_UnjoinCtx(mem_ctx, &r); W_ERROR_NOT_OK_RETURN(werr); if (server_name) { r->in.server_name = talloc_strdup(mem_ctx, server_name); W_ERROR_HAVE_NO_MEMORY(r->in.server_name); } else { NTSTATUS status; const char *domain = NULL; struct DS_DOMAIN_CONTROLLER_INFO *info = NULL; uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_WRITABLE_REQUIRED | DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME; if (lp_realm()) { domain = lp_realm(); } else { domain = lp_workgroup(); } status = DsGetDcName(mem_ctx, NULL, domain, NULL, NULL, flags, &info); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); } r->in.server_name = talloc_strdup(mem_ctx, info->domain_controller_name); W_ERROR_HAVE_NO_MEMORY(r->in.server_name); } if (account) { r->in.admin_account = talloc_strdup(mem_ctx, account); W_ERROR_HAVE_NO_MEMORY(r->in.admin_account); } if (password) { r->in.password = talloc_strdup(mem_ctx, password); W_ERROR_HAVE_NO_MEMORY(r->in.password); } r->in.unjoin_flags = unjoin_flags; r->in.modify_config = true; r->in.domain_sid = &domain_sid; return libnet_Unjoin(mem_ctx, r); } static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx, const char *server_name, const char *account, const char *password, uint32_t unjoin_flags) { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_cli = NULL; struct wkssvc_PasswordBuffer encrypted_password; NTSTATUS status; WERROR werr; unsigned int old_timeout = 0; ZERO_STRUCT(encrypted_password); status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", ctx->username, ctx->workgroup, ctx->password, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } old_timeout = cli_set_timeout(cli, 60000); pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC, &status); if (!pipe_cli) { werr = ntstatus_to_werror(status); goto done; }; if (password) { encode_wkssvc_join_password_buffer(ctx, password, &cli->user_session_key, &encrypted_password); } old_timeout = cli_set_timeout(cli, 60000); status = rpccli_wkssvc_NetrUnjoinDomain2(pipe_cli, ctx, server_name, account, &encrypted_password, unjoin_flags, &werr); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } done: if (cli) { cli_set_timeout(cli, old_timeout); cli_shutdown(cli); } return werr; } static WERROR libnetapi_NetUnjoinDomain(struct libnetapi_ctx *ctx, const char *server_name, const char *account, const char *password, uint32_t unjoin_flags) { if (!server_name || is_myname_or_ipaddr(server_name)) { return NetUnjoinDomainLocal(ctx, server_name, account, password, unjoin_flags); } return NetUnjoinDomainRemote(ctx, server_name, account, password, unjoin_flags); } NET_API_STATUS NetUnjoinDomain(const char *server_name, const char *account, const char *password, uint32_t unjoin_flags) { struct libnetapi_ctx *ctx = NULL; NET_API_STATUS status; WERROR werr; status = libnetapi_getctx(&ctx); if (status != 0) { return status; } werr = libnetapi_NetUnjoinDomain(ctx, server_name, account, password, unjoin_flags); if (!W_ERROR_IS_OK(werr)) { return W_ERROR_V(werr); } return 0; } WERROR libnetapi_NetGetJoinInformation(struct libnetapi_ctx *ctx, const char *server_name, const char **name_buffer, uint16_t *name_type) { TALLOC_CTX *mem_ctx = NULL; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_cli = NULL; NTSTATUS status; WERROR werr; mem_ctx = talloc_init("NetGetJoinInformation"); if (!mem_ctx) { werr = WERR_NOMEM; goto done; } if (!server_name || is_myname_or_ipaddr(server_name)) { if ((lp_security() == SEC_ADS) && lp_realm()) { *name_buffer = SMB_STRDUP(lp_realm()); } else { *name_buffer = SMB_STRDUP(lp_workgroup()); } if (!*name_buffer) { werr = WERR_NOMEM; goto done; } switch (lp_server_role()) { case ROLE_DOMAIN_MEMBER: case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: *name_type = NetSetupDomainName; break; case ROLE_STANDALONE: default: *name_type = NetSetupWorkgroupName; break; } werr = WERR_OK; goto done; } status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", ctx->username, ctx->workgroup, ctx->password, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC, &status); if (!pipe_cli) { werr = ntstatus_to_werror(status); goto done; }; status = rpccli_wkssvc_NetrGetJoinInformation(pipe_cli, mem_ctx, server_name, name_buffer, (enum wkssvc_NetJoinStatus *)name_type, &werr); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } done: if (cli) { cli_shutdown(cli); } TALLOC_FREE(mem_ctx); return werr; } NET_API_STATUS NetGetJoinInformation(const char *server_name, const char **name_buffer, uint16_t *name_type) { struct libnetapi_ctx *ctx = NULL; NET_API_STATUS status; WERROR werr; status = libnetapi_getctx(&ctx); if (status != 0) { return status; } werr = libnetapi_NetGetJoinInformation(ctx, server_name, name_buffer, name_type); if (!W_ERROR_IS_OK(werr)) { return W_ERROR_V(werr); } return 0; }