search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
samba_upgradeprovision: Remove unused checkKeepAttributeOldMtd
[Samba.git] / source3 / lib / netapi / joindomain.c
blobb6fb57ae0260496c03fae33c79ad781138b376d0
1 /*
2 * Unix SMB/CIFS implementation.
3 * NetApi Join Support
4 * Copyright (C) Guenther Deschner 2007-2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "ads.h"
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "libcli/auth/libcli_auth.h"
24 #include "lib/netapi/netapi.h"
25 #include "lib/netapi/netapi_private.h"
26 #include "lib/netapi/libnetapi.h"
27 #include "librpc/gen_ndr/libnet_join.h"
28 #include "libnet/libnet_join.h"
29 #include "../librpc/gen_ndr/ndr_wkssvc_c.h"
30 #include "rpc_client/cli_pipe.h"
31 #include "secrets.h"
32
33 /****************************************************************
34 ****************************************************************/
35
36 WERROR NetJoinDomain_l(struct libnetapi_ctx *mem_ctx,
37 struct NetJoinDomain *r)
38 {
39 struct libnet_JoinCtx *j = NULL;
40 struct libnetapi_private_ctx *priv;
41 WERROR werr;
42
43 priv = talloc_get_type_abort(mem_ctx->private_data,
44 struct libnetapi_private_ctx);
45
46 if (!r->in.domain) {
47 return WERR_INVALID_PARAM;
48 }
49
50 werr = libnet_init_JoinCtx(mem_ctx, &j);
51 W_ERROR_NOT_OK_RETURN(werr);
52
53 j->in.domain_name = talloc_strdup(mem_ctx, r->in.domain);
54 W_ERROR_HAVE_NO_MEMORY(j->in.domain_name);
55
56 if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
57 NTSTATUS status;
58 struct netr_DsRGetDCNameInfo *info = NULL;
59 const char *dc = NULL;
60 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
61 DS_WRITABLE_REQUIRED |
62 DS_RETURN_DNS_NAME;
63 status = dsgetdcname(mem_ctx, priv->msg_ctx, r->in.domain,
64 NULL, NULL, flags, &info);
65 if (!NT_STATUS_IS_OK(status)) {
66 libnetapi_set_error_string(mem_ctx,
67 "%s", get_friendly_nt_error_msg(status));
68 return ntstatus_to_werror(status);
69 }
70
71 dc = strip_hostname(info->dc_unc);
72 j->in.dc_name = talloc_strdup(mem_ctx, dc);
73 W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
74 }
75
76 if (r->in.account_ou) {
77 j->in.account_ou = talloc_strdup(mem_ctx, r->in.account_ou);
78 W_ERROR_HAVE_NO_MEMORY(j->in.account_ou);
79 }
80
81 if (r->in.account) {
82 j->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
83 W_ERROR_HAVE_NO_MEMORY(j->in.admin_account);
84 }
85
86 if (r->in.password) {
87 j->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
88 W_ERROR_HAVE_NO_MEMORY(j->in.admin_password);
89 }
90
91 j->in.join_flags = r->in.join_flags;
92 j->in.modify_config = true;
93 j->in.debug = true;
94
95 werr = libnet_Join(mem_ctx, j);
96 if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
97 libnetapi_set_error_string(mem_ctx, "%s", j->out.error_string);
98 }
99 TALLOC_FREE(j);
100
101 return werr;
102 }
103
104 /****************************************************************
105 ****************************************************************/
106
107 WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
108 struct NetJoinDomain *r)
109 {
110 struct rpc_pipe_client *pipe_cli = NULL;
111 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
112 NTSTATUS status;
113 WERROR werr;
114 unsigned int old_timeout = 0;
115 struct dcerpc_binding_handle *b;
116 DATA_BLOB session_key;
117
118 werr = libnetapi_open_pipe(ctx, r->in.server,
119 &ndr_table_wkssvc.syntax_id,
120 &pipe_cli);
121 if (!W_ERROR_IS_OK(werr)) {
122 goto done;
123 }
124
125 b = pipe_cli->binding_handle;
126
127 if (r->in.password) {
128
129 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
130 if (!NT_STATUS_IS_OK(status)) {
131 werr = ntstatus_to_werror(status);
132 goto done;
133 }
134
135 encode_wkssvc_join_password_buffer(ctx,
136 r->in.password,
137 &session_key,
138 &encrypted_password);
139 }
140
141 old_timeout = rpccli_set_timeout(pipe_cli, 600000);
142
143 status = dcerpc_wkssvc_NetrJoinDomain2(b, talloc_tos(),
144 r->in.server,
145 r->in.domain,
146 r->in.account_ou,
147 r->in.account,
148 encrypted_password,
149 r->in.join_flags,
150 &werr);
151 if (!NT_STATUS_IS_OK(status)) {
152 werr = ntstatus_to_werror(status);
153 goto done;
154 }
155
156 done:
157 if (pipe_cli && old_timeout) {
158 rpccli_set_timeout(pipe_cli, old_timeout);
159 }
160
161 return werr;
162 }
163 /****************************************************************
164 ****************************************************************/
165
166 WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
167 struct NetUnjoinDomain *r)
168 {
169 struct libnet_UnjoinCtx *u = NULL;
170 struct dom_sid domain_sid;
171 const char *domain = NULL;
172 WERROR werr;
173 struct libnetapi_private_ctx *priv;
174
175 priv = talloc_get_type_abort(mem_ctx->private_data,
176 struct libnetapi_private_ctx);
177
178 if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
179 return WERR_SETUP_NOT_JOINED;
180 }
181
182 werr = libnet_init_UnjoinCtx(mem_ctx, &u);
183 W_ERROR_NOT_OK_RETURN(werr);
184
185 if (lp_realm()) {
186 domain = lp_realm();
187 } else {
188 domain = lp_workgroup();
189 }
190
191 if (r->in.server_name) {
192 u->in.dc_name = talloc_strdup(mem_ctx, r->in.server_name);
193 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
194 } else {
195 NTSTATUS status;
196 struct netr_DsRGetDCNameInfo *info = NULL;
197 const char *dc = NULL;
198 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
199 DS_WRITABLE_REQUIRED |
200 DS_RETURN_DNS_NAME;
201 status = dsgetdcname(mem_ctx, priv->msg_ctx, domain,
202 NULL, NULL, flags, &info);
203 if (!NT_STATUS_IS_OK(status)) {
204 libnetapi_set_error_string(mem_ctx,
205 "failed to find DC for domain %s: %s",
206 domain,
207 get_friendly_nt_error_msg(status));
208 return ntstatus_to_werror(status);
209 }
210
211 dc = strip_hostname(info->dc_unc);
212 u->in.dc_name = talloc_strdup(mem_ctx, dc);
213 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
214
215 u->in.domain_name = domain;
216 }
217
218 if (r->in.account) {
219 u->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
220 W_ERROR_HAVE_NO_MEMORY(u->in.admin_account);
221 }
222
223 if (r->in.password) {
224 u->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
225 W_ERROR_HAVE_NO_MEMORY(u->in.admin_password);
226 }
227
228 u->in.domain_name = domain;
229 u->in.unjoin_flags = r->in.unjoin_flags;
230 u->in.delete_machine_account = false;
231 u->in.modify_config = true;
232 u->in.debug = true;
233
234 u->in.domain_sid = &domain_sid;
235
236 werr = libnet_Unjoin(mem_ctx, u);
237 if (!W_ERROR_IS_OK(werr) && u->out.error_string) {
238 libnetapi_set_error_string(mem_ctx, "%s", u->out.error_string);
239 }
240 TALLOC_FREE(u);
241
242 return werr;
243 }
244
245 /****************************************************************
246 ****************************************************************/
247
248 WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
249 struct NetUnjoinDomain *r)
250 {
251 struct rpc_pipe_client *pipe_cli = NULL;
252 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
253 NTSTATUS status;
254 WERROR werr;
255 unsigned int old_timeout = 0;
256 struct dcerpc_binding_handle *b;
257 DATA_BLOB session_key;
258
259 werr = libnetapi_open_pipe(ctx, r->in.server_name,
260 &ndr_table_wkssvc.syntax_id,
261 &pipe_cli);
262 if (!W_ERROR_IS_OK(werr)) {
263 goto done;
264 }
265
266 b = pipe_cli->binding_handle;
267
268 if (r->in.password) {
269
270 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
271 if (!NT_STATUS_IS_OK(status)) {
272 werr = ntstatus_to_werror(status);
273 goto done;
274 }
275
276 encode_wkssvc_join_password_buffer(ctx,
277 r->in.password,
278 &session_key,
279 &encrypted_password);
280 }
281
282 old_timeout = rpccli_set_timeout(pipe_cli, 60000);
283
284 status = dcerpc_wkssvc_NetrUnjoinDomain2(b, talloc_tos(),
285 r->in.server_name,
286 r->in.account,
287 encrypted_password,
288 r->in.unjoin_flags,
289 &werr);
290 if (!NT_STATUS_IS_OK(status)) {
291 werr = ntstatus_to_werror(status);
292 goto done;
293 }
294
295 done:
296 if (pipe_cli && old_timeout) {
297 rpccli_set_timeout(pipe_cli, old_timeout);
298 }
299
300 return werr;
301 }
302
303 /****************************************************************
304 ****************************************************************/
305
306 WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
307 struct NetGetJoinInformation *r)
308 {
309 struct rpc_pipe_client *pipe_cli = NULL;
310 NTSTATUS status;
311 WERROR werr;
312 const char *buffer = NULL;
313 struct dcerpc_binding_handle *b;
314
315 werr = libnetapi_open_pipe(ctx, r->in.server_name,
316 &ndr_table_wkssvc.syntax_id,
317 &pipe_cli);
318 if (!W_ERROR_IS_OK(werr)) {
319 goto done;
320 }
321
322 b = pipe_cli->binding_handle;
323
324 status = dcerpc_wkssvc_NetrGetJoinInformation(b, talloc_tos(),
325 r->in.server_name,
326 &buffer,
327 (enum wkssvc_NetJoinStatus *)r->out.name_type,
328 &werr);
329 if (!NT_STATUS_IS_OK(status)) {
330 werr = ntstatus_to_werror(status);
331 goto done;
332 }
333
334 if (!W_ERROR_IS_OK(werr)) {
335 goto done;
336 }
337
338 *r->out.name_buffer = talloc_strdup(ctx, buffer);
339 W_ERROR_HAVE_NO_MEMORY(*r->out.name_buffer);
340
341 done:
342 return werr;
343 }
344
345 /****************************************************************
346 ****************************************************************/
347
348 WERROR NetGetJoinInformation_l(struct libnetapi_ctx *ctx,
349 struct NetGetJoinInformation *r)
350 {
351 if ((lp_security() == SEC_ADS) && lp_realm()) {
352 *r->out.name_buffer = talloc_strdup(ctx, lp_realm());
353 } else {
354 *r->out.name_buffer = talloc_strdup(ctx, lp_workgroup());
355 }
356 if (!*r->out.name_buffer) {
357 return WERR_NOMEM;
358 }
359
360 switch (lp_server_role()) {
361 case ROLE_DOMAIN_MEMBER:
362 case ROLE_DOMAIN_PDC:
363 case ROLE_DOMAIN_BDC:
364 *r->out.name_type = NetSetupDomainName;
365 break;
366 case ROLE_STANDALONE:
367 default:
368 *r->out.name_type = NetSetupWorkgroupName;
369 break;
370 }
371
372 return WERR_OK;
373 }
374
375 /****************************************************************
376 ****************************************************************/
377
378 WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
379 struct NetGetJoinableOUs *r)
380 {
381 #ifdef HAVE_ADS
382 NTSTATUS status;
383 ADS_STATUS ads_status;
384 ADS_STRUCT *ads = NULL;
385 struct netr_DsRGetDCNameInfo *info = NULL;
386 const char *dc = NULL;
387 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
388 DS_RETURN_DNS_NAME;
389 struct libnetapi_private_ctx *priv;
390
391 priv = talloc_get_type_abort(ctx->private_data,
392 struct libnetapi_private_ctx);
393
394 status = dsgetdcname(ctx, priv->msg_ctx, r->in.domain,
395 NULL, NULL, flags, &info);
396 if (!NT_STATUS_IS_OK(status)) {
397 libnetapi_set_error_string(ctx, "%s",
398 get_friendly_nt_error_msg(status));
399 return ntstatus_to_werror(status);
400 }
401
402 dc = strip_hostname(info->dc_unc);
403
404 ads = ads_init(info->domain_name, info->domain_name, dc);
405 if (!ads) {
406 return WERR_GENERAL_FAILURE;
407 }
408
409 SAFE_FREE(ads->auth.user_name);
410 if (r->in.account) {
411 ads->auth.user_name = SMB_STRDUP(r->in.account);
412 } else if (ctx->username) {
413 ads->auth.user_name = SMB_STRDUP(ctx->username);
414 }
415
416 SAFE_FREE(ads->auth.password);
417 if (r->in.password) {
418 ads->auth.password = SMB_STRDUP(r->in.password);
419 } else if (ctx->password) {
420 ads->auth.password = SMB_STRDUP(ctx->password);
421 }
422
423 ads_status = ads_connect_user_creds(ads);
424 if (!ADS_ERR_OK(ads_status)) {
425 ads_destroy(&ads);
426 return WERR_DEFAULT_JOIN_REQUIRED;
427 }
428
429 ads_status = ads_get_joinable_ous(ads, ctx,
430 (char ***)r->out.ous,
431 (size_t *)r->out.ou_count);
432 if (!ADS_ERR_OK(ads_status)) {
433 ads_destroy(&ads);
434 return WERR_DEFAULT_JOIN_REQUIRED;
435 }
436
437 ads_destroy(&ads);
438 return WERR_OK;
439 #else
440 return WERR_NOT_SUPPORTED;
441 #endif
442 }
443
444 /****************************************************************
445 ****************************************************************/
446
447 WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
448 struct NetGetJoinableOUs *r)
449 {
450 struct rpc_pipe_client *pipe_cli = NULL;
451 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
452 NTSTATUS status;
453 WERROR werr;
454 struct dcerpc_binding_handle *b;
455 DATA_BLOB session_key;
456
457 werr = libnetapi_open_pipe(ctx, r->in.server_name,
458 &ndr_table_wkssvc.syntax_id,
459 &pipe_cli);
460 if (!W_ERROR_IS_OK(werr)) {
461 goto done;
462 }
463
464 b = pipe_cli->binding_handle;
465
466 if (r->in.password) {
467
468 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
469 if (!NT_STATUS_IS_OK(status)) {
470 werr = ntstatus_to_werror(status);
471 goto done;
472 }
473
474 encode_wkssvc_join_password_buffer(ctx,
475 r->in.password,
476 &session_key,
477 &encrypted_password);
478 }
479
480 status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
481 r->in.server_name,
482 r->in.domain,
483 r->in.account,
484 encrypted_password,
485 r->out.ou_count,
486 r->out.ous,
487 &werr);
488 if (!NT_STATUS_IS_OK(status)) {
489 werr = ntstatus_to_werror(status);
490 goto done;
491 }
492
493 done:
494 return werr;
495 }
496
497 /****************************************************************
498 ****************************************************************/
499
500 WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
501 struct NetRenameMachineInDomain *r)
502 {
503 struct rpc_pipe_client *pipe_cli = NULL;
504 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
505 NTSTATUS status;
506 WERROR werr;
507 struct dcerpc_binding_handle *b;
508 DATA_BLOB session_key;
509
510 werr = libnetapi_open_pipe(ctx, r->in.server_name,
511 &ndr_table_wkssvc.syntax_id,
512 &pipe_cli);
513 if (!W_ERROR_IS_OK(werr)) {
514 goto done;
515 }
516
517 b = pipe_cli->binding_handle;
518
519 if (r->in.password) {
520
521 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
522 if (!NT_STATUS_IS_OK(status)) {
523 werr = ntstatus_to_werror(status);
524 goto done;
525 }
526
527 encode_wkssvc_join_password_buffer(ctx,
528 r->in.password,
529 &session_key,
530 &encrypted_password);
531 }
532
533 status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),
534 r->in.server_name,
535 r->in.new_machine_name,
536 r->in.account,
537 encrypted_password,
538 r->in.rename_options,
539 &werr);
540 if (!NT_STATUS_IS_OK(status)) {
541 werr = ntstatus_to_werror(status);
542 goto done;
543 }
544
545 done:
546 return werr;
547 }
548
549 /****************************************************************
550 ****************************************************************/
551
552 WERROR NetRenameMachineInDomain_l(struct libnetapi_ctx *ctx,
553 struct NetRenameMachineInDomain *r)
554 {
555 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetRenameMachineInDomain);
556 }
Samba GIT mirror