2 * Unix SMB/CIFS implementation.
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "libcli/auth/libcli_auth.h"
24 #include "lib/netapi/netapi.h"
25 #include "lib/netapi/netapi_private.h"
26 #include "lib/netapi/libnetapi.h"
27 #include "librpc/gen_ndr/libnet_join.h"
28 #include "libnet/libnet_join.h"
29 #include "../librpc/gen_ndr/ndr_wkssvc_c.h"
32 /****************************************************************
33 ****************************************************************/
35 WERROR NetJoinDomain_l(struct libnetapi_ctx *mem_ctx,
36 struct NetJoinDomain *r)
38 struct libnet_JoinCtx *j = NULL;
39 struct libnetapi_private_ctx *priv;
42 priv = talloc_get_type_abort(mem_ctx->private_data,
43 struct libnetapi_private_ctx);
46 return WERR_INVALID_PARAM;
49 werr = libnet_init_JoinCtx(mem_ctx, &j);
50 W_ERROR_NOT_OK_RETURN(werr);
52 j->in.domain_name = talloc_strdup(mem_ctx, r->in.domain);
53 W_ERROR_HAVE_NO_MEMORY(j->in.domain_name);
55 if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
57 struct netr_DsRGetDCNameInfo *info = NULL;
58 const char *dc = NULL;
59 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
60 DS_WRITABLE_REQUIRED |
62 status = dsgetdcname(mem_ctx, priv->msg_ctx, r->in.domain,
63 NULL, NULL, flags, &info);
64 if (!NT_STATUS_IS_OK(status)) {
65 libnetapi_set_error_string(mem_ctx,
66 "%s", get_friendly_nt_error_msg(status));
67 return ntstatus_to_werror(status);
70 dc = strip_hostname(info->dc_unc);
71 j->in.dc_name = talloc_strdup(mem_ctx, dc);
72 W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
75 if (r->in.account_ou) {
76 j->in.account_ou = talloc_strdup(mem_ctx, r->in.account_ou);
77 W_ERROR_HAVE_NO_MEMORY(j->in.account_ou);
81 j->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
82 W_ERROR_HAVE_NO_MEMORY(j->in.admin_account);
86 j->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
87 W_ERROR_HAVE_NO_MEMORY(j->in.admin_password);
90 j->in.join_flags = r->in.join_flags;
91 j->in.modify_config = true;
94 werr = libnet_Join(mem_ctx, j);
95 if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
96 libnetapi_set_error_string(mem_ctx, "%s", j->out.error_string);
103 /****************************************************************
104 ****************************************************************/
106 WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
107 struct NetJoinDomain *r)
109 struct rpc_pipe_client *pipe_cli = NULL;
110 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
113 unsigned int old_timeout = 0;
114 struct dcerpc_binding_handle *b;
116 werr = libnetapi_open_pipe(ctx, r->in.server,
117 &ndr_table_wkssvc.syntax_id,
119 if (!W_ERROR_IS_OK(werr)) {
123 b = pipe_cli->binding_handle;
125 if (r->in.password) {
126 encode_wkssvc_join_password_buffer(ctx,
128 &pipe_cli->auth->user_session_key,
129 &encrypted_password);
132 old_timeout = rpccli_set_timeout(pipe_cli, 600000);
134 status = dcerpc_wkssvc_NetrJoinDomain2(b, talloc_tos(),
142 if (!NT_STATUS_IS_OK(status)) {
143 werr = ntstatus_to_werror(status);
148 if (pipe_cli && old_timeout) {
149 rpccli_set_timeout(pipe_cli, old_timeout);
154 /****************************************************************
155 ****************************************************************/
157 WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
158 struct NetUnjoinDomain *r)
160 struct libnet_UnjoinCtx *u = NULL;
161 struct dom_sid domain_sid;
162 const char *domain = NULL;
164 struct libnetapi_private_ctx *priv;
166 priv = talloc_get_type_abort(mem_ctx->private_data,
167 struct libnetapi_private_ctx);
169 if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
170 return WERR_SETUP_NOT_JOINED;
173 werr = libnet_init_UnjoinCtx(mem_ctx, &u);
174 W_ERROR_NOT_OK_RETURN(werr);
179 domain = lp_workgroup();
182 if (r->in.server_name) {
183 u->in.dc_name = talloc_strdup(mem_ctx, r->in.server_name);
184 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
187 struct netr_DsRGetDCNameInfo *info = NULL;
188 const char *dc = NULL;
189 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
190 DS_WRITABLE_REQUIRED |
192 status = dsgetdcname(mem_ctx, priv->msg_ctx, domain,
193 NULL, NULL, flags, &info);
194 if (!NT_STATUS_IS_OK(status)) {
195 libnetapi_set_error_string(mem_ctx,
196 "failed to find DC for domain %s: %s",
198 get_friendly_nt_error_msg(status));
199 return ntstatus_to_werror(status);
202 dc = strip_hostname(info->dc_unc);
203 u->in.dc_name = talloc_strdup(mem_ctx, dc);
204 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
206 u->in.domain_name = domain;
210 u->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
211 W_ERROR_HAVE_NO_MEMORY(u->in.admin_account);
214 if (r->in.password) {
215 u->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
216 W_ERROR_HAVE_NO_MEMORY(u->in.admin_password);
219 u->in.domain_name = domain;
220 u->in.unjoin_flags = r->in.unjoin_flags;
221 u->in.delete_machine_account = false;
222 u->in.modify_config = true;
225 u->in.domain_sid = &domain_sid;
227 werr = libnet_Unjoin(mem_ctx, u);
228 if (!W_ERROR_IS_OK(werr) && u->out.error_string) {
229 libnetapi_set_error_string(mem_ctx, "%s", u->out.error_string);
236 /****************************************************************
237 ****************************************************************/
239 WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
240 struct NetUnjoinDomain *r)
242 struct rpc_pipe_client *pipe_cli = NULL;
243 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
246 unsigned int old_timeout = 0;
247 struct dcerpc_binding_handle *b;
249 werr = libnetapi_open_pipe(ctx, r->in.server_name,
250 &ndr_table_wkssvc.syntax_id,
252 if (!W_ERROR_IS_OK(werr)) {
256 b = pipe_cli->binding_handle;
258 if (r->in.password) {
259 encode_wkssvc_join_password_buffer(ctx,
261 &pipe_cli->auth->user_session_key,
262 &encrypted_password);
265 old_timeout = rpccli_set_timeout(pipe_cli, 60000);
267 status = dcerpc_wkssvc_NetrUnjoinDomain2(b, talloc_tos(),
273 if (!NT_STATUS_IS_OK(status)) {
274 werr = ntstatus_to_werror(status);
279 if (pipe_cli && old_timeout) {
280 rpccli_set_timeout(pipe_cli, old_timeout);
286 /****************************************************************
287 ****************************************************************/
289 WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
290 struct NetGetJoinInformation *r)
292 struct rpc_pipe_client *pipe_cli = NULL;
295 const char *buffer = NULL;
296 struct dcerpc_binding_handle *b;
298 werr = libnetapi_open_pipe(ctx, r->in.server_name,
299 &ndr_table_wkssvc.syntax_id,
301 if (!W_ERROR_IS_OK(werr)) {
305 b = pipe_cli->binding_handle;
307 status = dcerpc_wkssvc_NetrGetJoinInformation(b, talloc_tos(),
310 (enum wkssvc_NetJoinStatus *)r->out.name_type,
312 if (!NT_STATUS_IS_OK(status)) {
313 werr = ntstatus_to_werror(status);
317 if (!W_ERROR_IS_OK(werr)) {
321 *r->out.name_buffer = talloc_strdup(ctx, buffer);
322 W_ERROR_HAVE_NO_MEMORY(*r->out.name_buffer);
328 /****************************************************************
329 ****************************************************************/
331 WERROR NetGetJoinInformation_l(struct libnetapi_ctx *ctx,
332 struct NetGetJoinInformation *r)
334 if ((lp_security() == SEC_ADS) && lp_realm()) {
335 *r->out.name_buffer = talloc_strdup(ctx, lp_realm());
337 *r->out.name_buffer = talloc_strdup(ctx, lp_workgroup());
339 if (!*r->out.name_buffer) {
343 switch (lp_server_role()) {
344 case ROLE_DOMAIN_MEMBER:
345 case ROLE_DOMAIN_PDC:
346 case ROLE_DOMAIN_BDC:
347 *r->out.name_type = NetSetupDomainName;
349 case ROLE_STANDALONE:
351 *r->out.name_type = NetSetupWorkgroupName;
358 /****************************************************************
359 ****************************************************************/
361 WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
362 struct NetGetJoinableOUs *r)
366 ADS_STATUS ads_status;
367 ADS_STRUCT *ads = NULL;
368 struct netr_DsRGetDCNameInfo *info = NULL;
369 const char *dc = NULL;
370 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
372 struct libnetapi_private_ctx *priv;
374 priv = talloc_get_type_abort(ctx->private_data,
375 struct libnetapi_private_ctx);
377 status = dsgetdcname(ctx, priv->msg_ctx, r->in.domain,
378 NULL, NULL, flags, &info);
379 if (!NT_STATUS_IS_OK(status)) {
380 libnetapi_set_error_string(ctx, "%s",
381 get_friendly_nt_error_msg(status));
382 return ntstatus_to_werror(status);
385 dc = strip_hostname(info->dc_unc);
387 ads = ads_init(info->domain_name, info->domain_name, dc);
389 return WERR_GENERAL_FAILURE;
392 SAFE_FREE(ads->auth.user_name);
394 ads->auth.user_name = SMB_STRDUP(r->in.account);
395 } else if (ctx->username) {
396 ads->auth.user_name = SMB_STRDUP(ctx->username);
399 SAFE_FREE(ads->auth.password);
400 if (r->in.password) {
401 ads->auth.password = SMB_STRDUP(r->in.password);
402 } else if (ctx->password) {
403 ads->auth.password = SMB_STRDUP(ctx->password);
406 ads_status = ads_connect_user_creds(ads);
407 if (!ADS_ERR_OK(ads_status)) {
409 return WERR_DEFAULT_JOIN_REQUIRED;
412 ads_status = ads_get_joinable_ous(ads, ctx,
413 (char ***)r->out.ous,
414 (size_t *)r->out.ou_count);
415 if (!ADS_ERR_OK(ads_status)) {
417 return WERR_DEFAULT_JOIN_REQUIRED;
423 return WERR_NOT_SUPPORTED;
427 /****************************************************************
428 ****************************************************************/
430 WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
431 struct NetGetJoinableOUs *r)
433 struct rpc_pipe_client *pipe_cli = NULL;
434 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
437 struct dcerpc_binding_handle *b;
439 werr = libnetapi_open_pipe(ctx, r->in.server_name,
440 &ndr_table_wkssvc.syntax_id,
442 if (!W_ERROR_IS_OK(werr)) {
446 b = pipe_cli->binding_handle;
448 if (r->in.password) {
449 encode_wkssvc_join_password_buffer(ctx,
451 &pipe_cli->auth->user_session_key,
452 &encrypted_password);
455 status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
463 if (!NT_STATUS_IS_OK(status)) {
464 werr = ntstatus_to_werror(status);
472 /****************************************************************
473 ****************************************************************/
475 WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
476 struct NetRenameMachineInDomain *r)
478 struct rpc_pipe_client *pipe_cli = NULL;
479 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
482 struct dcerpc_binding_handle *b;
484 werr = libnetapi_open_pipe(ctx, r->in.server_name,
485 &ndr_table_wkssvc.syntax_id,
487 if (!W_ERROR_IS_OK(werr)) {
491 b = pipe_cli->binding_handle;
493 if (r->in.password) {
494 encode_wkssvc_join_password_buffer(ctx,
496 &pipe_cli->auth->user_session_key,
497 &encrypted_password);
500 status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),
502 r->in.new_machine_name,
505 r->in.rename_options,
507 if (!NT_STATUS_IS_OK(status)) {
508 werr = ntstatus_to_werror(status);
516 /****************************************************************
517 ****************************************************************/
519 WERROR NetRenameMachineInDomain_l(struct libnetapi_ctx *ctx,
520 struct NetRenameMachineInDomain *r)
522 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetRenameMachineInDomain);