#include "secrets.h"
#include "rpc_client/init_lsa.h"
#include "rpc_client/cli_pipe.h"
-#include "krb5_env.h"
#include "../libcli/security/security.h"
#include "passdb.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/param/loadparm.h"
/****************************************************************
****************************************************************/
NULL,
pass,
flags,
- Undefined);
+ SMB_SIGNING_DEFAULT);
}
/****************************************************************
&user_info,
&result);
- if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
/* retry with level 24 */
NULL,
machine_password,
0,
- Undefined);
+ SMB_SIGNING_DEFAULT);
free(machine_account);
free(machine_password);
NULL,
"",
0,
- Undefined);
+ SMB_SIGNING_DEFAULT);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_join_ok: failed to get schannel session "
"key from server %s for domain %s. Error was %s\n",
- cli->desthost, netbios_domain_name, nt_errstr(status)));
+ smbXcli_conn_remote_name(cli->conn),
+ netbios_domain_name, nt_errstr(status)));
cli_shutdown(cli);
return status;
}
DEBUG(0,("libnet_join_ok: failed to open schannel session "
"on netlogon pipe to server %s for domain %s. "
"Error was %s\n",
- cli->desthost, netbios_domain_name, nt_errstr(status)));
+ smbXcli_conn_remote_name(cli->conn),
+ netbios_domain_name, nt_errstr(status)));
return status;
}
struct samr_Ids user_rids;
struct samr_Ids name_types;
union samr_UserInfo *info = NULL;
- struct dcerpc_binding_handle *b;
+ struct dcerpc_binding_handle *b = NULL;
ZERO_STRUCT(sam_pol);
ZERO_STRUCT(domain_pol);
dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
done:
- if (pipe_hnd) {
+ if (pipe_hnd && b) {
if (is_valid_policy_hnd(&domain_pol)) {
dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
}
static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r)
{
- WERROR werr;
+ WERROR werr = WERR_OK;
+ sbcErr err;
struct smbconf_ctx *ctx;
- werr = smbconf_init_reg(r, &ctx, NULL);
- if (!W_ERROR_IS_OK(werr)) {
+ err = smbconf_init_reg(r, &ctx, NULL);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
goto done;
}
if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) {
- werr = smbconf_set_global_parameter(ctx, "security", "user");
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_set_global_parameter(ctx, "security", "user");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
- werr = smbconf_set_global_parameter(ctx, "workgroup",
- r->in.domain_name);
+ err = smbconf_set_global_parameter(ctx, "workgroup",
+ r->in.domain_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
smbconf_delete_global_parameter(ctx, "realm");
goto done;
}
- werr = smbconf_set_global_parameter(ctx, "security", "domain");
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_set_global_parameter(ctx, "security", "domain");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
- werr = smbconf_set_global_parameter(ctx, "workgroup",
- r->out.netbios_domain_name);
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_set_global_parameter(ctx, "workgroup",
+ r->out.netbios_domain_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
if (r->out.domain_is_ad) {
- werr = smbconf_set_global_parameter(ctx, "security", "ads");
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_set_global_parameter(ctx, "security", "ads");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
- werr = smbconf_set_global_parameter(ctx, "realm",
- r->out.dns_domain_name);
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_set_global_parameter(ctx, "realm",
+ r->out.dns_domain_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
}
done:
static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r)
{
WERROR werr = WERR_OK;
+ sbcErr err;
struct smbconf_ctx *ctx;
- werr = smbconf_init_reg(r, &ctx, NULL);
- if (!W_ERROR_IS_OK(werr)) {
+ err = smbconf_init_reg(r, &ctx, NULL);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
goto done;
}
if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
- werr = smbconf_set_global_parameter(ctx, "security", "user");
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_set_global_parameter(ctx, "security", "user");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
- werr = smbconf_delete_global_parameter(ctx, "workgroup");
- W_ERROR_NOT_OK_GOTO_DONE(werr);
+ err = smbconf_delete_global_parameter(ctx, "workgroup");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_NO_SUCH_SERVICE;
+ goto done;
+ }
smbconf_delete_global_parameter(ctx, "realm");
}
return werr;
}
- lp_load(get_dyn_CONFIGFILE(),true,false,false,true);
+ lp_load_global(get_dyn_CONFIGFILE());
r->out.modified_config = true;
r->out.result = werr;
return werr;
}
- lp_load(get_dyn_CONFIGFILE(),true,false,false,true);
+ lp_load_global(get_dyn_CONFIGFILE());
r->out.modified_config = true;
r->out.result = werr;
if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
DEBUG(10,("Unable to auto-add domain administrators to "
"BUILTIN\\Administrators during join because "
- "winbindd must be running."));
+ "winbindd must be running.\n"));
} else if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Failed to auto-add domain administrators to "
"BUILTIN\\Administrators during join: %s\n",
status = create_builtin_users(domain_sid);
if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
DEBUG(10,("Unable to auto-add domain users to BUILTIN\\users "
- "during join because winbindd must be running."));
+ "during join because winbindd must be running.\n"));
} else if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Failed to auto-add domain administrators to "
"BUILTIN\\Administrators during join: %s\n",
static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r)
{
- const char *krb5_cc_env = NULL;
-
if (r->in.ads) {
ads_destroy(&r->in.ads);
}
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) {
- unsetenv(KRB5_ENV_CCNAME);
- }
-
return 0;
}
static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r)
{
- const char *krb5_cc_env = NULL;
-
if (r->in.ads) {
ads_destroy(&r->in.ads);
}
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) {
- unsetenv(KRB5_ENV_CCNAME);
- }
-
return 0;
}
struct libnet_JoinCtx **r)
{
struct libnet_JoinCtx *ctx;
- const char *krb5_cc_env = NULL;
ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx);
if (!ctx) {
talloc_set_destructor(ctx, libnet_destroy_JoinCtx);
- ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname());
+ ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name());
W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name);
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {
- krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin");
- W_ERROR_HAVE_NO_MEMORY(krb5_cc_env);
- setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1);
- }
-
ctx->in.secure_channel_type = SEC_CHAN_WKSTA;
*r = ctx;
struct libnet_UnjoinCtx **r)
{
struct libnet_UnjoinCtx *ctx;
- const char *krb5_cc_env = NULL;
ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx);
if (!ctx) {
talloc_set_destructor(ctx, libnet_destroy_UnjoinCtx);
- ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname());
+ ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name());
W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name);
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {
- krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin");
- W_ERROR_HAVE_NO_MEMORY(krb5_cc_env);
- setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1);
- }
-
*r = ctx;
return WERR_OK;
if (!valid_security) {
const char *sec = NULL;
switch (lp_security()) {
- case SEC_SHARE: sec = "share"; break;
case SEC_USER: sec = "user"; break;
case SEC_DOMAIN: sec = "domain"; break;
case SEC_ADS: sec = "ads"; break;
}
#ifdef HAVE_ADS
+
+ create_local_private_krb5_conf_for_domain(
+ r->out.dns_domain_name, r->out.netbios_domain_name,
+ NULL, smbXcli_conn_remote_sockaddr(cli->conn),
+ smbXcli_conn_remote_name(cli->conn));
+
if (r->out.domain_is_ad && r->in.account_ou &&
!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
LIBNET_JOIN_IN_DUMP_CTX(mem_ctx, r);
}
+ ZERO_STRUCT(r->out);
+
werr = libnet_join_pre_processing(mem_ctx, r);
if (!W_ERROR_IS_OK(werr)) {
goto done;