2 * Unix SMB/CIFS implementation.
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "libcli/auth/libcli_auth.h"
24 #include "lib/netapi/netapi.h"
25 #include "lib/netapi/netapi_private.h"
26 #include "lib/netapi/libnetapi.h"
27 #include "librpc/gen_ndr/libnet_join.h"
28 #include "libnet/libnet_join.h"
29 #include "../librpc/gen_ndr/ndr_wkssvc_c.h"
30 #include "rpc_client/cli_pipe.h"
33 /****************************************************************
34 ****************************************************************/
36 WERROR NetJoinDomain_l(struct libnetapi_ctx *mem_ctx,
37 struct NetJoinDomain *r)
39 struct libnet_JoinCtx *j = NULL;
40 struct libnetapi_private_ctx *priv;
43 priv = talloc_get_type_abort(mem_ctx->private_data,
44 struct libnetapi_private_ctx);
47 return WERR_INVALID_PARAMETER;
50 werr = libnet_init_JoinCtx(mem_ctx, &j);
51 W_ERROR_NOT_OK_RETURN(werr);
53 j->in.domain_name = talloc_strdup(mem_ctx, r->in.domain);
54 W_ERROR_HAVE_NO_MEMORY(j->in.domain_name);
56 if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
58 struct netr_DsRGetDCNameInfo *info = NULL;
59 const char *dc = NULL;
60 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
61 DS_WRITABLE_REQUIRED |
63 status = dsgetdcname(mem_ctx, priv->msg_ctx, r->in.domain,
64 NULL, NULL, flags, &info);
65 if (!NT_STATUS_IS_OK(status)) {
66 libnetapi_set_error_string(mem_ctx,
67 "%s", get_friendly_nt_error_msg(status));
68 return ntstatus_to_werror(status);
71 dc = strip_hostname(info->dc_unc);
72 j->in.dc_name = talloc_strdup(mem_ctx, dc);
73 W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
76 if (r->in.account_ou) {
77 j->in.account_ou = talloc_strdup(mem_ctx, r->in.account_ou);
78 W_ERROR_HAVE_NO_MEMORY(j->in.account_ou);
82 j->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
83 W_ERROR_HAVE_NO_MEMORY(j->in.admin_account);
87 j->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
88 W_ERROR_HAVE_NO_MEMORY(j->in.admin_password);
91 j->in.join_flags = r->in.join_flags;
92 j->in.modify_config = true;
95 werr = libnet_Join(mem_ctx, j);
96 if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
97 libnetapi_set_error_string(mem_ctx, "%s", j->out.error_string);
104 /****************************************************************
105 ****************************************************************/
107 WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
108 struct NetJoinDomain *r)
110 struct rpc_pipe_client *pipe_cli = NULL;
111 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
114 unsigned int old_timeout = 0;
115 struct dcerpc_binding_handle *b;
116 DATA_BLOB session_key;
119 return WERR_SETUP_DOMAIN_CONTROLLER;
122 werr = libnetapi_open_pipe(ctx, r->in.server,
125 if (!W_ERROR_IS_OK(werr)) {
129 b = pipe_cli->binding_handle;
131 if (r->in.password) {
133 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
134 if (!NT_STATUS_IS_OK(status)) {
135 werr = ntstatus_to_werror(status);
139 encode_wkssvc_join_password_buffer(ctx,
142 &encrypted_password);
145 old_timeout = rpccli_set_timeout(pipe_cli, 600000);
147 status = dcerpc_wkssvc_NetrJoinDomain2(b, talloc_tos(),
155 if (!NT_STATUS_IS_OK(status)) {
156 werr = ntstatus_to_werror(status);
161 if (pipe_cli && old_timeout) {
162 rpccli_set_timeout(pipe_cli, old_timeout);
167 /****************************************************************
168 ****************************************************************/
170 WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
171 struct NetUnjoinDomain *r)
173 struct libnet_UnjoinCtx *u = NULL;
174 struct dom_sid domain_sid;
175 const char *domain = NULL;
177 struct libnetapi_private_ctx *priv;
178 const char *realm = lp_realm();
180 priv = talloc_get_type_abort(mem_ctx->private_data,
181 struct libnetapi_private_ctx);
183 if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
184 return WERR_NERR_SETUPNOTJOINED;
187 werr = libnet_init_UnjoinCtx(mem_ctx, &u);
188 W_ERROR_NOT_OK_RETURN(werr);
190 if (realm[0] != '\0') {
193 domain = lp_workgroup();
196 if (r->in.server_name) {
197 u->in.dc_name = talloc_strdup(mem_ctx, r->in.server_name);
198 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
201 struct netr_DsRGetDCNameInfo *info = NULL;
202 const char *dc = NULL;
203 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
204 DS_WRITABLE_REQUIRED |
206 status = dsgetdcname(mem_ctx, priv->msg_ctx, domain,
207 NULL, NULL, flags, &info);
208 if (!NT_STATUS_IS_OK(status)) {
209 libnetapi_set_error_string(mem_ctx,
210 "failed to find DC for domain %s: %s",
212 get_friendly_nt_error_msg(status));
213 return ntstatus_to_werror(status);
216 dc = strip_hostname(info->dc_unc);
217 u->in.dc_name = talloc_strdup(mem_ctx, dc);
218 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
220 u->in.domain_name = domain;
224 u->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
225 W_ERROR_HAVE_NO_MEMORY(u->in.admin_account);
228 if (r->in.password) {
229 u->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
230 W_ERROR_HAVE_NO_MEMORY(u->in.admin_password);
233 u->in.domain_name = domain;
234 u->in.unjoin_flags = r->in.unjoin_flags;
235 u->in.delete_machine_account = false;
236 u->in.modify_config = true;
239 u->in.domain_sid = &domain_sid;
241 werr = libnet_Unjoin(mem_ctx, u);
242 if (!W_ERROR_IS_OK(werr) && u->out.error_string) {
243 libnetapi_set_error_string(mem_ctx, "%s", u->out.error_string);
250 /****************************************************************
251 ****************************************************************/
253 WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
254 struct NetUnjoinDomain *r)
256 struct rpc_pipe_client *pipe_cli = NULL;
257 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
260 unsigned int old_timeout = 0;
261 struct dcerpc_binding_handle *b;
262 DATA_BLOB session_key;
264 werr = libnetapi_open_pipe(ctx, r->in.server_name,
267 if (!W_ERROR_IS_OK(werr)) {
271 b = pipe_cli->binding_handle;
273 if (r->in.password) {
275 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
276 if (!NT_STATUS_IS_OK(status)) {
277 werr = ntstatus_to_werror(status);
281 encode_wkssvc_join_password_buffer(ctx,
284 &encrypted_password);
287 old_timeout = rpccli_set_timeout(pipe_cli, 60000);
289 status = dcerpc_wkssvc_NetrUnjoinDomain2(b, talloc_tos(),
295 if (!NT_STATUS_IS_OK(status)) {
296 werr = ntstatus_to_werror(status);
301 if (pipe_cli && old_timeout) {
302 rpccli_set_timeout(pipe_cli, old_timeout);
308 /****************************************************************
309 ****************************************************************/
311 WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
312 struct NetGetJoinInformation *r)
314 struct rpc_pipe_client *pipe_cli = NULL;
317 const char *buffer = NULL;
318 struct dcerpc_binding_handle *b;
320 werr = libnetapi_open_pipe(ctx, r->in.server_name,
323 if (!W_ERROR_IS_OK(werr)) {
327 b = pipe_cli->binding_handle;
329 status = dcerpc_wkssvc_NetrGetJoinInformation(b, talloc_tos(),
332 (enum wkssvc_NetJoinStatus *)r->out.name_type,
334 if (!NT_STATUS_IS_OK(status)) {
335 werr = ntstatus_to_werror(status);
339 if (!W_ERROR_IS_OK(werr)) {
343 *r->out.name_buffer = talloc_strdup(ctx, buffer);
344 W_ERROR_HAVE_NO_MEMORY(*r->out.name_buffer);
350 /****************************************************************
351 ****************************************************************/
353 WERROR NetGetJoinInformation_l(struct libnetapi_ctx *ctx,
354 struct NetGetJoinInformation *r)
356 const char *realm = lp_realm();
358 if ((lp_security() == SEC_ADS) && realm[0] != '\0') {
359 *r->out.name_buffer = talloc_strdup(ctx, realm);
361 *r->out.name_buffer = talloc_strdup(ctx, lp_workgroup());
363 if (!*r->out.name_buffer) {
364 return WERR_NOT_ENOUGH_MEMORY;
367 switch (lp_server_role()) {
368 case ROLE_DOMAIN_MEMBER:
369 case ROLE_DOMAIN_PDC:
370 case ROLE_DOMAIN_BDC:
371 *r->out.name_type = NetSetupDomainName;
373 case ROLE_STANDALONE:
375 *r->out.name_type = NetSetupWorkgroupName;
382 /****************************************************************
383 ****************************************************************/
385 WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
386 struct NetGetJoinableOUs *r)
390 ADS_STATUS ads_status;
391 ADS_STRUCT *ads = NULL;
392 struct netr_DsRGetDCNameInfo *info = NULL;
393 const char *dc = NULL;
394 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
396 struct libnetapi_private_ctx *priv;
400 priv = talloc_get_type_abort(ctx->private_data,
401 struct libnetapi_private_ctx);
403 status = dsgetdcname(ctx, priv->msg_ctx, r->in.domain,
404 NULL, NULL, flags, &info);
405 if (!NT_STATUS_IS_OK(status)) {
406 libnetapi_set_error_string(ctx, "%s",
407 get_friendly_nt_error_msg(status));
408 return ntstatus_to_werror(status);
411 dc = strip_hostname(info->dc_unc);
413 ads = ads_init(info->domain_name, info->domain_name, dc);
415 return WERR_GEN_FAILURE;
418 SAFE_FREE(ads->auth.user_name);
420 ads->auth.user_name = SMB_STRDUP(r->in.account);
421 } else if (ctx->username) {
422 ads->auth.user_name = SMB_STRDUP(ctx->username);
425 SAFE_FREE(ads->auth.password);
426 if (r->in.password) {
427 ads->auth.password = SMB_STRDUP(r->in.password);
428 } else if (ctx->password) {
429 ads->auth.password = SMB_STRDUP(ctx->password);
432 ads_status = ads_connect_user_creds(ads);
433 if (!ADS_ERR_OK(ads_status)) {
435 return WERR_DEFAULT_JOIN_REQUIRED;
438 ads_status = ads_get_joinable_ous(ads, ctx, &p, &s);
439 if (!ADS_ERR_OK(ads_status)) {
441 return WERR_DEFAULT_JOIN_REQUIRED;
443 *r->out.ous = discard_const_p(const char *, p);
444 *r->out.ou_count = s;
449 return WERR_NOT_SUPPORTED;
453 /****************************************************************
454 ****************************************************************/
456 WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
457 struct NetGetJoinableOUs *r)
459 struct rpc_pipe_client *pipe_cli = NULL;
460 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
463 struct dcerpc_binding_handle *b;
464 DATA_BLOB session_key;
466 werr = libnetapi_open_pipe(ctx, r->in.server_name,
469 if (!W_ERROR_IS_OK(werr)) {
473 b = pipe_cli->binding_handle;
475 if (r->in.password) {
477 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
478 if (!NT_STATUS_IS_OK(status)) {
479 werr = ntstatus_to_werror(status);
483 encode_wkssvc_join_password_buffer(ctx,
486 &encrypted_password);
489 status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
497 if (!NT_STATUS_IS_OK(status)) {
498 werr = ntstatus_to_werror(status);
506 /****************************************************************
507 ****************************************************************/
509 WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
510 struct NetRenameMachineInDomain *r)
512 struct rpc_pipe_client *pipe_cli = NULL;
513 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
516 struct dcerpc_binding_handle *b;
517 DATA_BLOB session_key;
519 werr = libnetapi_open_pipe(ctx, r->in.server_name,
522 if (!W_ERROR_IS_OK(werr)) {
526 b = pipe_cli->binding_handle;
528 if (r->in.password) {
530 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
531 if (!NT_STATUS_IS_OK(status)) {
532 werr = ntstatus_to_werror(status);
536 encode_wkssvc_join_password_buffer(ctx,
539 &encrypted_password);
542 status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),
544 r->in.new_machine_name,
547 r->in.rename_options,
549 if (!NT_STATUS_IS_OK(status)) {
550 werr = ntstatus_to_werror(status);
558 /****************************************************************
559 ****************************************************************/
561 WERROR NetRenameMachineInDomain_l(struct libnetapi_ctx *ctx,
562 struct NetRenameMachineInDomain *r)
564 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetRenameMachineInDomain);