2 Samba Unix/Linux SMB client library
4 Copyright (C) 2021 Guenther Deschner (gd@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "utils/net.h"
23 #include "netapi/netapi_net.h"
24 #include "libcli/registry/util_reg.h"
26 int net_offlinejoin_usage(struct net_context *c, int argc, const char **argv)
28 d_printf(_("\nnet offlinejoin [misc. options]\n"
29 "\tjoins a computer to a domain\n"));
30 d_printf(_("Valid commands:\n"));
31 d_printf(_("\tprovision\t\t\tProvision machine account in AD\n"));
32 d_printf(_("\trequestodj\t\t\tRequest offline domain join\n"));
33 net_common_flags_usage(c, argc, argv);
37 int net_offlinejoin(struct net_context *c, int argc, const char **argv)
40 NET_API_STATUS status;
42 if ((argc > 0) && (strcasecmp_m(argv[0], "HELP") == 0)) {
43 net_offlinejoin_usage(c, argc, argv);
48 net_offlinejoin_usage(c, argc, argv);
52 status = libnetapi_net_init(&c->netapi_ctx);
57 status = libnetapi_set_creds(c->netapi_ctx, c->creds);
62 if (c->opt_kerberos) {
63 libnetapi_set_use_kerberos(c->netapi_ctx);
66 if (strcasecmp_m(argv[0], "provision") == 0) {
67 ret = net_offlinejoin_provision(c, argc, argv);
73 if (strcasecmp_m(argv[0], "requestodj") == 0) {
74 ret = net_offlinejoin_requestodj(c, argc, argv);
83 static int net_offlinejoin_provision_usage(struct net_context *c, int argc, const char **argv)
85 d_printf(_("\nnet offlinejoin provision [misc. options]\n"
86 "\tProvisions machine account in AD\n"));
87 d_printf(_("Valid options:\n"));
88 d_printf(_("\tdomain=<DOMAIN>\t\t\t\tDefines AD Domain to join\n"));
89 d_printf(_("\tmachine_name=<MACHINE_NAME>\t\tDefines the machine account name\n"));
90 d_printf(_("\tmachine_account_ou=<OU>\t\t\tDefines the machine account organizational unit DN\n"));
91 d_printf(_("\tdcname=<DCNAME>\t\t\t\tSpecifices a Domain Controller to join to\n"));
92 d_printf(_("\tdefpwd\t\t\t\t\tUse default machine account password\n"));
93 d_printf(_("\treuse\t\t\t\t\tReuse existing machine account in AD\n"));
94 d_printf(_("\tsavefile=<FILENAME>\t\t\tFile to store the ODJ data\n"));
95 d_printf(_("\tprintblob\t\t\t\tPrint the base64 encoded ODJ data on stdout\n"));
96 net_common_flags_usage(c, argc, argv);
100 int net_offlinejoin_provision(struct net_context *c,
101 int argc, const char **argv)
103 NET_API_STATUS status;
104 const char *dcname = NULL;
105 const char *domain = NULL;
106 const char *machine_name = NULL;
107 const char *machine_account_ou = NULL;
108 const char *provision_text_data = NULL;
109 uint32_t options = 0;
110 const char *savefile = NULL;
111 bool printblob = false;
114 if (c->display_usage || argc == 1) {
115 return net_offlinejoin_provision_usage(c, argc, argv);
118 /* process additional command line args */
120 for (i = 0; i < argc; i++) {
122 if (strnequal(argv[i], "domain", strlen("domain"))) {
123 domain = get_string_param(argv[i]);
124 if (domain == NULL) {
128 if (strnequal(argv[i], "machine_name", strlen("machine_name"))) {
129 machine_name = get_string_param(argv[i]);
130 if (machine_name == NULL) {
134 if (strnequal(argv[i], "machine_account_ou", strlen("machine_account_ou"))) {
135 machine_account_ou = get_string_param(argv[i]);
136 if (machine_account_ou == NULL) {
140 if (strnequal(argv[i], "dcname", strlen("dcname"))) {
141 dcname = get_string_param(argv[i]);
142 if (dcname == NULL) {
146 if (strnequal(argv[i], "defpwd", strlen("defpwd"))) {
147 options |= NETSETUP_PROVISION_USE_DEFAULT_PASSWORD;
149 if (strnequal(argv[i], "reuse", strlen("reuse"))) {
150 options |= NETSETUP_PROVISION_REUSE_ACCOUNT;
152 if (strnequal(argv[i], "savefile", strlen("savefile"))) {
153 savefile = get_string_param(argv[i]);
154 if (savefile == NULL) {
158 if (strnequal(argv[i], "printblob", strlen("printblob"))) {
163 if (domain == NULL) {
164 d_printf("Failed to provision computer account: %s\n",
165 libnetapi_errstr(W_ERROR_V(WERR_INVALID_DOMAINNAME)));
169 if (machine_name == NULL) {
170 d_printf("Failed to provision computer account: %s\n",
171 libnetapi_errstr(W_ERROR_V(WERR_INVALID_COMPUTERNAME)));
175 status = NetProvisionComputerAccount(domain,
182 &provision_text_data);
184 d_printf("Failed to provision computer account: %s\n",
185 libnetapi_get_error_string(c->netapi_ctx, status));
189 if (savefile != NULL) {
191 DATA_BLOB ucs2_blob, blob;
194 ok = push_reg_sz(c, &ucs2_blob, provision_text_data);
199 blob = data_blob_talloc(c, NULL, ucs2_blob.length + 2);
204 memcpy(blob.data + 2, ucs2_blob.data, ucs2_blob.length);
206 ok = file_save(savefile, blob.data, blob.length);
208 d_printf("Failed to save %s: %s\n", savefile,
214 d_printf("Successfully provisioned computer '%s' in domain '%s'\n",
215 machine_name, domain);
218 printf("%s\n", provision_text_data);
224 static int net_offlinejoin_requestodj_usage(struct net_context *c, int argc, const char **argv)
226 d_printf(_("\nnet offlinejoin requestodj [misc. options]\n"
227 "\tRequests offline domain join\n"));
228 d_printf(_("Valid options:\n"));
229 d_printf(_("\tloadfile=<FILENAME>\t\t\tFile that provides the ODJ data\n"));
230 /*d_printf(_("\tlocalos\t\t\t\t\tModify the local machine\n"));*/
231 net_common_flags_usage(c, argc, argv);
235 int net_offlinejoin_requestodj(struct net_context *c,
236 int argc, const char **argv)
238 NET_API_STATUS status;
239 uint8_t *provision_bin_data = NULL;
240 size_t provision_bin_data_size = 0;
241 uint32_t options = NETSETUP_PROVISION_ONLINE_CALLER;
242 const char *loadfile = NULL;
243 const char *windows_path = NULL;
246 if (c->display_usage || argc == 1) {
247 return net_offlinejoin_requestodj_usage(c, argc, argv);
250 /* process additional command line args */
252 for (i = 0; i < argc; i++) {
254 if (strnequal(argv[i], "loadfile", strlen("loadfile"))) {
255 loadfile = get_string_param(argv[i]);
256 if (loadfile == NULL) {
261 if (strnequal(argv[i], "localos", strlen("localos"))) {
262 options |= NETSETUP_PROVISION_ONLINE_CALLER;
268 (uint8_t *)file_load(loadfile, &provision_bin_data_size, 0, c);
269 if (provision_bin_data == NULL) {
270 d_printf("Failed to read loadfile: %s\n", loadfile);
273 if (provision_bin_data_size > UINT32_MAX) {
274 d_printf("provision binary data size too big: %zu\n",
275 provision_bin_data_size);
279 status = NetRequestOfflineDomainJoin(provision_bin_data,
280 provision_bin_data_size,
283 if (status != 0 && status != 0x00000a99) {
284 /* NERR_JoinPerformedMustRestart */
285 printf("Failed to call NetRequestOfflineDomainJoin: %s\n",
286 libnetapi_get_error_string(c->netapi_ctx, status));
290 d_printf("Successfully requested Offline Domain Join\n");