search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-server: Clean up connection tracking functions
[samba4-gss.git] / source3 / lib / netapi / joindomain.c
blobeca836b8381d66d428ec4b74961cc2d099fd0ad2
1 /*
2 * Unix SMB/CIFS implementation.
3 * NetApi Join Support
4 * Copyright (C) Guenther Deschner 2007-2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "ads.h"
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "libcli/auth/libcli_auth.h"
24 #include "lib/netapi/netapi.h"
25 #include "lib/netapi/netapi_private.h"
26 #include "lib/netapi/libnetapi.h"
27 #include "librpc/gen_ndr/libnet_join.h"
28 #include "libnet/libnet_join.h"
29 #include "../librpc/gen_ndr/ndr_wkssvc_c.h"
30 #include "rpc_client/cli_pipe.h"
31 #include "secrets.h"
32 #include "libsmb/dsgetdcname.h"
33 #include "../librpc/gen_ndr/ndr_ODJ.h"
34 #include "lib/util/base64.h"
35 #include "libnet/libnet_join_offline.h"
36 #include "libcli/security/dom_sid.h"
37
38 /****************************************************************
39 ****************************************************************/
40
41 WERROR NetJoinDomain_l(struct libnetapi_ctx *mem_ctx,
42 struct NetJoinDomain *r)
43 {
44 struct libnet_JoinCtx *j = NULL;
45 struct libnetapi_private_ctx *priv;
46 WERROR werr;
47
48 priv = talloc_get_type_abort(mem_ctx->private_data,
49 struct libnetapi_private_ctx);
50
51 if (!r->in.domain) {
52 return WERR_INVALID_PARAMETER;
53 }
54
55 werr = libnet_init_JoinCtx(mem_ctx, &j);
56 W_ERROR_NOT_OK_RETURN(werr);
57
58 j->in.domain_name = talloc_strdup(mem_ctx, r->in.domain);
59 W_ERROR_HAVE_NO_MEMORY(j->in.domain_name);
60
61 if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
62 NTSTATUS status;
63 struct netr_DsRGetDCNameInfo *info = NULL;
64 const char *dc = NULL;
65 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
66 DS_WRITABLE_REQUIRED |
67 DS_RETURN_DNS_NAME;
68 status = dsgetdcname(mem_ctx, priv->msg_ctx, r->in.domain,
69 NULL, NULL, flags, &info);
70 if (!NT_STATUS_IS_OK(status)) {
71 libnetapi_set_error_string(mem_ctx,
72 "%s", get_friendly_nt_error_msg(status));
73 return ntstatus_to_werror(status);
74 }
75
76 dc = strip_hostname(info->dc_unc);
77 j->in.dc_name = talloc_strdup(mem_ctx, dc);
78 W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
79 }
80
81 if (r->in.account_ou) {
82 j->in.account_ou = talloc_strdup(mem_ctx, r->in.account_ou);
83 W_ERROR_HAVE_NO_MEMORY(j->in.account_ou);
84 }
85
86 if (r->in.account != NULL) {
87 NTSTATUS status;
88
89 status = ads_simple_creds(j,
90 r->in.domain,
91 r->in.account,
92 r->in.password,
93 &j->in.admin_credentials);
94 if (!NT_STATUS_IS_OK(status)) {
95 TALLOC_FREE(j);
96 return WERR_NERR_BADUSERNAME;
97 }
98 } else {
99 libnetapi_get_creds(mem_ctx, &j->in.admin_credentials);
100 if (j->in.admin_credentials == NULL) {
101 TALLOC_FREE(j);
102 return WERR_NERR_BADUSERNAME;
103 }
104 }
105
106 j->in.join_flags = r->in.join_flags;
107 j->in.modify_config = true;
108 j->in.debug = true;
109
110 werr = libnet_Join(mem_ctx, j);
111 if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
112 libnetapi_set_error_string(mem_ctx, "%s", j->out.error_string);
113 }
114 TALLOC_FREE(j);
115
116 return werr;
117 }
118
119 /****************************************************************
120 ****************************************************************/
121
122 WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
123 struct NetJoinDomain *r)
124 {
125 struct rpc_pipe_client *pipe_cli = NULL;
126 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
127 NTSTATUS status;
128 WERROR werr;
129 unsigned int old_timeout = 0;
130 struct dcerpc_binding_handle *b;
131 DATA_BLOB session_key;
132
133 if (IS_DC) {
134 return WERR_NERR_SETUPDOMAINCONTROLLER;
135 }
136
137 werr = libnetapi_open_pipe(ctx, r->in.server,
138 &ndr_table_wkssvc,
139 &pipe_cli);
140 if (!W_ERROR_IS_OK(werr)) {
141 goto done;
142 }
143
144 b = pipe_cli->binding_handle;
145
146 if (r->in.password) {
147
148 status = dcerpc_binding_handle_transport_session_key(
149 b, talloc_tos(), &session_key);
150 if (!NT_STATUS_IS_OK(status)) {
151 werr = ntstatus_to_werror(status);
152 goto done;
153 }
154
155 werr = encode_wkssvc_join_password_buffer(ctx,
156 r->in.password,
157 &session_key,
158 &encrypted_password);
159 if (!W_ERROR_IS_OK(werr)) {
160 goto done;
161 }
162 }
163
164 old_timeout = rpccli_set_timeout(pipe_cli, 600000);
165
166 status = dcerpc_wkssvc_NetrJoinDomain2(b, talloc_tos(),
167 r->in.server,
168 r->in.domain,
169 r->in.account_ou,
170 r->in.account,
171 encrypted_password,
172 r->in.join_flags,
173 &werr);
174 if (!NT_STATUS_IS_OK(status)) {
175 werr = ntstatus_to_werror(status);
176 goto done;
177 }
178
179 done:
180 if (pipe_cli && old_timeout) {
181 rpccli_set_timeout(pipe_cli, old_timeout);
182 }
183
184 return werr;
185 }
186 /****************************************************************
187 ****************************************************************/
188
189 WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
190 struct NetUnjoinDomain *r)
191 {
192 struct libnet_UnjoinCtx *u = NULL;
193 struct dom_sid domain_sid;
194 const char *domain = NULL;
195 WERROR werr;
196 struct libnetapi_private_ctx *priv;
197 const char *realm = lp_realm();
198
199 priv = talloc_get_type_abort(mem_ctx->private_data,
200 struct libnetapi_private_ctx);
201
202 if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
203 return WERR_NERR_SETUPNOTJOINED;
204 }
205
206 werr = libnet_init_UnjoinCtx(mem_ctx, &u);
207 W_ERROR_NOT_OK_RETURN(werr);
208
209 if (realm[0] != '\0') {
210 domain = realm;
211 } else {
212 domain = lp_workgroup();
213 }
214
215 if (r->in.server_name) {
216 u->in.dc_name = talloc_strdup(mem_ctx, r->in.server_name);
217 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
218 } else {
219 NTSTATUS status;
220 struct netr_DsRGetDCNameInfo *info = NULL;
221 const char *dc = NULL;
222 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
223 DS_WRITABLE_REQUIRED |
224 DS_RETURN_DNS_NAME;
225 status = dsgetdcname(mem_ctx, priv->msg_ctx, domain,
226 NULL, NULL, flags, &info);
227 if (!NT_STATUS_IS_OK(status)) {
228 libnetapi_set_error_string(mem_ctx,
229 "failed to find DC for domain %s: %s",
230 domain,
231 get_friendly_nt_error_msg(status));
232 return ntstatus_to_werror(status);
233 }
234
235 dc = strip_hostname(info->dc_unc);
236 u->in.dc_name = talloc_strdup(mem_ctx, dc);
237 W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
238
239 u->in.domain_name = domain;
240 }
241
242 if (r->in.account != NULL) {
243 NTSTATUS status;
244
245 status = ads_simple_creds(u,
246 domain,
247 r->in.account,
248 r->in.password,
249 &u->in.admin_credentials);
250 if (!NT_STATUS_IS_OK(status)) {
251 TALLOC_FREE(u);
252 return WERR_NERR_BADUSERNAME;
253 }
254 } else {
255 libnetapi_get_creds(mem_ctx, &u->in.admin_credentials);
256 if (u->in.admin_credentials == NULL) {
257 TALLOC_FREE(u);
258 return WERR_NERR_BADUSERNAME;
259 }
260 }
261
262 u->in.domain_name = domain;
263 u->in.unjoin_flags = r->in.unjoin_flags;
264 u->in.delete_machine_account = false;
265 u->in.modify_config = true;
266 u->in.debug = true;
267
268 u->in.domain_sid = &domain_sid;
269
270 werr = libnet_Unjoin(mem_ctx, u);
271 if (!W_ERROR_IS_OK(werr) && u->out.error_string) {
272 libnetapi_set_error_string(mem_ctx, "%s", u->out.error_string);
273 }
274 TALLOC_FREE(u);
275
276 return werr;
277 }
278
279 /****************************************************************
280 ****************************************************************/
281
282 WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
283 struct NetUnjoinDomain *r)
284 {
285 struct rpc_pipe_client *pipe_cli = NULL;
286 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
287 NTSTATUS status;
288 WERROR werr;
289 unsigned int old_timeout = 0;
290 struct dcerpc_binding_handle *b;
291 DATA_BLOB session_key;
292
293 werr = libnetapi_open_pipe(ctx, r->in.server_name,
294 &ndr_table_wkssvc,
295 &pipe_cli);
296 if (!W_ERROR_IS_OK(werr)) {
297 goto done;
298 }
299
300 b = pipe_cli->binding_handle;
301
302 if (r->in.password) {
303
304 status = dcerpc_binding_handle_transport_session_key(
305 b, talloc_tos(), &session_key);
306 if (!NT_STATUS_IS_OK(status)) {
307 werr = ntstatus_to_werror(status);
308 goto done;
309 }
310
311 werr = encode_wkssvc_join_password_buffer(ctx,
312 r->in.password,
313 &session_key,
314 &encrypted_password);
315 if (!W_ERROR_IS_OK(werr)) {
316 goto done;
317 }
318 }
319
320 old_timeout = rpccli_set_timeout(pipe_cli, 60000);
321
322 status = dcerpc_wkssvc_NetrUnjoinDomain2(b, talloc_tos(),
323 r->in.server_name,
324 r->in.account,
325 encrypted_password,
326 r->in.unjoin_flags,
327 &werr);
328 if (!NT_STATUS_IS_OK(status)) {
329 werr = ntstatus_to_werror(status);
330 goto done;
331 }
332
333 done:
334 if (pipe_cli && old_timeout) {
335 rpccli_set_timeout(pipe_cli, old_timeout);
336 }
337
338 return werr;
339 }
340
341 /****************************************************************
342 ****************************************************************/
343
344 WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
345 struct NetGetJoinInformation *r)
346 {
347 struct rpc_pipe_client *pipe_cli = NULL;
348 NTSTATUS status;
349 WERROR werr;
350 const char *buffer = NULL;
351 struct dcerpc_binding_handle *b;
352
353 werr = libnetapi_open_pipe(ctx, r->in.server_name,
354 &ndr_table_wkssvc,
355 &pipe_cli);
356 if (!W_ERROR_IS_OK(werr)) {
357 goto done;
358 }
359
360 b = pipe_cli->binding_handle;
361
362 status = dcerpc_wkssvc_NetrGetJoinInformation(b, talloc_tos(),
363 r->in.server_name,
364 &buffer,
365 (enum wkssvc_NetJoinStatus *)r->out.name_type,
366 &werr);
367 if (!NT_STATUS_IS_OK(status)) {
368 werr = ntstatus_to_werror(status);
369 goto done;
370 }
371
372 if (!W_ERROR_IS_OK(werr)) {
373 goto done;
374 }
375
376 *r->out.name_buffer = talloc_strdup(ctx, buffer);
377 W_ERROR_HAVE_NO_MEMORY(*r->out.name_buffer);
378
379 done:
380 return werr;
381 }
382
383 /****************************************************************
384 ****************************************************************/
385
386 WERROR NetGetJoinInformation_l(struct libnetapi_ctx *ctx,
387 struct NetGetJoinInformation *r)
388 {
389 const char *realm = lp_realm();
390
391 if ((lp_security() == SEC_ADS) && realm[0] != '\0') {
392 *r->out.name_buffer = talloc_strdup(ctx, realm);
393 } else {
394 *r->out.name_buffer = talloc_strdup(ctx, lp_workgroup());
395 }
396 if (!*r->out.name_buffer) {
397 return WERR_NOT_ENOUGH_MEMORY;
398 }
399
400 switch (lp_server_role()) {
401 case ROLE_DOMAIN_MEMBER:
402 case ROLE_DOMAIN_PDC:
403 case ROLE_DOMAIN_BDC:
404 case ROLE_IPA_DC:
405 *r->out.name_type = NetSetupDomainName;
406 break;
407 case ROLE_STANDALONE:
408 default:
409 *r->out.name_type = NetSetupWorkgroupName;
410 break;
411 }
412
413 return WERR_OK;
414 }
415
416 /****************************************************************
417 ****************************************************************/
418
419 WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
420 struct NetGetJoinableOUs *r)
421 {
422 #ifdef HAVE_ADS
423 TALLOC_CTX *tmp_ctx = talloc_stackframe();
424 WERROR ret;
425 NTSTATUS status;
426 ADS_STATUS ads_status;
427 ADS_STRUCT *ads = NULL;
428 struct cli_credentials *creds = NULL;
429 struct netr_DsRGetDCNameInfo *info = NULL;
430 const char *dc = NULL;
431 uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
432 DS_RETURN_DNS_NAME;
433 struct libnetapi_private_ctx *priv;
434 char **p;
435 size_t s;
436
437 priv = talloc_get_type_abort(ctx->private_data,
438 struct libnetapi_private_ctx);
439
440 status = dsgetdcname(tmp_ctx, priv->msg_ctx, r->in.domain,
441 NULL, NULL, flags, &info);
442 if (!NT_STATUS_IS_OK(status)) {
443 libnetapi_set_error_string(ctx, "%s",
444 get_friendly_nt_error_msg(status));
445 ret = ntstatus_to_werror(status);
446 goto out;
447 }
448
449 dc = strip_hostname(info->dc_unc);
450
451 ads = ads_init(tmp_ctx,
452 info->domain_name,
453 info->domain_name,
454 dc,
455 ADS_SASL_PLAIN);
456 if (!ads) {
457 ret = WERR_GEN_FAILURE;
458 goto out;
459 }
460
461 if (r->in.account != NULL) {
462 status = ads_simple_creds(ads,
463 r->in.domain,
464 r->in.account,
465 r->in.password,
466 &creds);
467 if (!NT_STATUS_IS_OK(status)) {
468 ret = WERR_NERR_DEFAULTJOINREQUIRED;
469 goto out;
470 }
471 } else {
472 libnetapi_get_creds(ctx, &creds);
473 }
474
475 ads_status = ads_connect_creds(ads, creds);
476 if (!ADS_ERR_OK(ads_status)) {
477 ret = WERR_NERR_DEFAULTJOINREQUIRED;
478 goto out;
479 }
480
481 ads_status = ads_get_joinable_ous(ads, ctx, &p, &s);
482 if (!ADS_ERR_OK(ads_status)) {
483 ret = WERR_NERR_DEFAULTJOINREQUIRED;
484 goto out;
485 }
486 *r->out.ous = discard_const_p(const char *, p);
487 *r->out.ou_count = s;
488
489 ret = WERR_OK;
490 out:
491 TALLOC_FREE(tmp_ctx);
492
493 return ret;
494 #else
495 return WERR_NOT_SUPPORTED;
496 #endif
497 }
498
499 /****************************************************************
500 ****************************************************************/
501
502 WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
503 struct NetGetJoinableOUs *r)
504 {
505 struct rpc_pipe_client *pipe_cli = NULL;
506 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
507 NTSTATUS status;
508 WERROR werr;
509 struct dcerpc_binding_handle *b;
510 DATA_BLOB session_key;
511
512 werr = libnetapi_open_pipe(ctx, r->in.server_name,
513 &ndr_table_wkssvc,
514 &pipe_cli);
515 if (!W_ERROR_IS_OK(werr)) {
516 goto done;
517 }
518
519 b = pipe_cli->binding_handle;
520
521 if (r->in.password) {
522
523 status = dcerpc_binding_handle_transport_session_key(
524 b, talloc_tos(), &session_key);
525 if (!NT_STATUS_IS_OK(status)) {
526 werr = ntstatus_to_werror(status);
527 goto done;
528 }
529
530 werr = encode_wkssvc_join_password_buffer(ctx,
531 r->in.password,
532 &session_key,
533 &encrypted_password);
534 if (!W_ERROR_IS_OK(werr)) {
535 goto done;
536 }
537 }
538
539 status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
540 r->in.server_name,
541 r->in.domain,
542 r->in.account,
543 encrypted_password,
544 r->out.ou_count,
545 r->out.ous,
546 &werr);
547 if (!NT_STATUS_IS_OK(status)) {
548 werr = ntstatus_to_werror(status);
549 goto done;
550 }
551
552 done:
553 return werr;
554 }
555
556 /****************************************************************
557 ****************************************************************/
558
559 WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
560 struct NetRenameMachineInDomain *r)
561 {
562 struct rpc_pipe_client *pipe_cli = NULL;
563 struct wkssvc_PasswordBuffer *encrypted_password = NULL;
564 NTSTATUS status;
565 WERROR werr;
566 struct dcerpc_binding_handle *b;
567 DATA_BLOB session_key;
568
569 werr = libnetapi_open_pipe(ctx, r->in.server_name,
570 &ndr_table_wkssvc,
571 &pipe_cli);
572 if (!W_ERROR_IS_OK(werr)) {
573 goto done;
574 }
575
576 b = pipe_cli->binding_handle;
577
578 if (r->in.password) {
579
580 status = dcerpc_binding_handle_transport_session_key(
581 b, talloc_tos(), &session_key);
582 if (!NT_STATUS_IS_OK(status)) {
583 werr = ntstatus_to_werror(status);
584 goto done;
585 }
586
587 werr = encode_wkssvc_join_password_buffer(ctx,
588 r->in.password,
589 &session_key,
590 &encrypted_password);
591 if (!W_ERROR_IS_OK(werr)) {
592 goto done;
593 }
594 }
595
596 status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),
597 r->in.server_name,
598 r->in.new_machine_name,
599 r->in.account,
600 encrypted_password,
601 r->in.rename_options,
602 &werr);
603 if (!NT_STATUS_IS_OK(status)) {
604 werr = ntstatus_to_werror(status);
605 goto done;
606 }
607
608 done:
609 return werr;
610 }
611
612 /****************************************************************
613 ****************************************************************/
614
615 WERROR NetRenameMachineInDomain_l(struct libnetapi_ctx *ctx,
616 struct NetRenameMachineInDomain *r)
617 {
618 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetRenameMachineInDomain);
619 }
620
621 /****************************************************************
622 ****************************************************************/
623
624 WERROR NetProvisionComputerAccount_r(struct libnetapi_ctx *ctx,
625 struct NetProvisionComputerAccount *r)
626 {
627 return NetProvisionComputerAccount_l(ctx, r);
628 }
629
630 /****************************************************************
631 ****************************************************************/
632
633 static WERROR NetProvisionComputerAccount_backend(struct libnetapi_ctx *ctx,
634 struct NetProvisionComputerAccount *r,
635 TALLOC_CTX *mem_ctx,
636 struct ODJ_PROVISION_DATA **p)
637 {
638 WERROR werr;
639 struct libnet_JoinCtx *j = NULL;
640
641 werr = libnet_init_JoinCtx(mem_ctx, &j);
642 if (!W_ERROR_IS_OK(werr)) {
643 return werr;
644 }
645
646 j->in.domain_name = talloc_strdup(j, r->in.domain);
647 if (j->in.domain_name == NULL) {
648 talloc_free(j);
649 return WERR_NOT_ENOUGH_MEMORY;
650 }
651
652 talloc_free(discard_const_p(char *, j->in.machine_name));
653 j->in.machine_name = talloc_strdup(j, r->in.machine_name);
654 if (j->in.machine_name == NULL) {
655 talloc_free(j);
656 return WERR_NOT_ENOUGH_MEMORY;
657 }
658
659 if (r->in.dcname) {
660 j->in.dc_name = talloc_strdup(j, r->in.dcname);
661 if (j->in.dc_name == NULL) {
662 talloc_free(j);
663 return WERR_NOT_ENOUGH_MEMORY;
664 }
665 }
666
667 if (r->in.machine_account_ou) {
668 j->in.account_ou = talloc_strdup(j, r->in.machine_account_ou);
669 if (j->in.account_ou == NULL) {
670 talloc_free(j);
671 return WERR_NOT_ENOUGH_MEMORY;
672 }
673 }
674
675 libnetapi_get_creds(ctx, &j->in.admin_credentials);
676 if (j->in.admin_credentials == NULL) {
677 talloc_free(j);
678 return WERR_NERR_BADUSERNAME;
679 }
680
681 j->in.debug = true;
682 j->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
683 WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE;
684
685 if (r->in.options & NETSETUP_PROVISION_REUSE_ACCOUNT) {
686 j->in.join_flags |= WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
687 }
688
689 if (r->in.options & NETSETUP_PROVISION_USE_DEFAULT_PASSWORD) {
690 j->in.join_flags |= WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
691 j->in.machine_password = talloc_strdup(j, r->in.machine_name);
692 if (j->in.machine_password == NULL) {
693 talloc_free(j);
694 return WERR_NOT_ENOUGH_MEMORY;
695 }
696 }
697
698 j->in.provision_computer_account_only = true;
699
700 werr = libnet_Join(mem_ctx, j);
701 if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
702 libnetapi_set_error_string(ctx, "%s", j->out.error_string);
703 talloc_free(j);
704 return werr;
705 }
706
707 werr = libnet_odj_compose_ODJ_PROVISION_DATA(mem_ctx, j, p);
708 if (!W_ERROR_IS_OK(werr)) {
709 talloc_free(j);
710 return werr;
711 }
712
713 TALLOC_FREE(j);
714
715 return WERR_OK;
716 }
717
718 WERROR NetProvisionComputerAccount_l(struct libnetapi_ctx *ctx,
719 struct NetProvisionComputerAccount *r)
720 {
721 WERROR werr;
722 enum ndr_err_code ndr_err;
723 const char *b64_bin_data_str;
724 DATA_BLOB blob;
725 struct ODJ_PROVISION_DATA_serialized_ptr odj_provision_data;
726 struct ODJ_PROVISION_DATA *p;
727 TALLOC_CTX *mem_ctx = talloc_new(ctx);
728
729 if (r->in.provision_bin_data == NULL &&
730 r->in.provision_text_data == NULL) {
731 return WERR_INVALID_PARAMETER;
732 }
733 if (r->in.provision_bin_data != NULL &&
734 r->in.provision_text_data != NULL) {
735 return WERR_INVALID_PARAMETER;
736 }
737 if (r->in.provision_bin_data == NULL &&
738 r->in.provision_bin_data_size != NULL) {
739 return WERR_INVALID_PARAMETER;
740 }
741 if (r->in.provision_bin_data != NULL &&
742 r->in.provision_bin_data_size == NULL) {
743 return WERR_INVALID_PARAMETER;
744 }
745
746 if (r->in.domain == NULL) {
747 return WERR_INVALID_PARAMETER;
748 }
749
750 if (r->in.machine_name == NULL) {
751 return WERR_INVALID_PARAMETER;
752 }
753
754 werr = NetProvisionComputerAccount_backend(ctx, r, mem_ctx, &p);
755 if (!W_ERROR_IS_OK(werr)) {
756 talloc_free(mem_ctx);
757 return werr;
758 }
759
760 ZERO_STRUCT(odj_provision_data);
761
762 odj_provision_data.s.p = p;
763
764 ndr_err = ndr_push_struct_blob(&blob, ctx, &odj_provision_data,
765 (ndr_push_flags_fn_t)ndr_push_ODJ_PROVISION_DATA_serialized_ptr);
766 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
767 talloc_free(mem_ctx);
768 return W_ERROR(NERR_BadOfflineJoinInfo);
769 }
770
771 talloc_free(mem_ctx);
772
773 if (r->out.provision_text_data != NULL) {
774 b64_bin_data_str = base64_encode_data_blob(ctx, blob);
775 if (b64_bin_data_str == NULL) {
776 return WERR_NOT_ENOUGH_MEMORY;
777 }
778 *r->out.provision_text_data = b64_bin_data_str;
779 }
780
781 if (r->out.provision_bin_data != NULL &&
782 r->out.provision_bin_data_size != NULL) {
783 *r->out.provision_bin_data = blob.data;
784 *r->out.provision_bin_data_size = blob.length;
785 }
786
787 return werr;
788 }
789
790 /****************************************************************
791 ****************************************************************/
792
793 WERROR NetRequestOfflineDomainJoin_r(struct libnetapi_ctx *ctx,
794 struct NetRequestOfflineDomainJoin *r)
795 {
796 return WERR_NOT_SUPPORTED;
797 }
798
799 /****************************************************************
800 ****************************************************************/
801
802 static WERROR NetRequestOfflineDomainJoin_backend(struct libnetapi_ctx *ctx,
803 const struct ODJ_WIN7BLOB *win7blob,
804 const struct ODJ_PROVISION_DATA *odj_provision_data)
805 {
806 struct libnet_JoinCtx *j = NULL;
807 WERROR werr;
808
809 werr = libnet_init_JoinCtx(ctx, &j);
810 if (!W_ERROR_IS_OK(werr)) {
811 return werr;
812 }
813
814 j->in.domain_name = talloc_strdup(j, win7blob->lpDomain);
815 if (j->in.domain_name == NULL) {
816 talloc_free(j);
817 return WERR_NOT_ENOUGH_MEMORY;
818 }
819
820 talloc_free(discard_const_p(char *, j->in.machine_name));
821 j->in.machine_name = talloc_strdup(j, win7blob->lpMachineName);
822 if (j->in.machine_name == NULL) {
823 talloc_free(j);
824 return WERR_NOT_ENOUGH_MEMORY;
825 }
826
827 j->in.machine_password = talloc_strdup(j, win7blob->lpMachinePassword);
828 if (j->in.machine_password == NULL) {
829 talloc_free(j);
830 return WERR_NOT_ENOUGH_MEMORY;
831 }
832
833 j->in.request_offline_join = true;
834 j->in.odj_provision_data = discard_const(odj_provision_data);
835 j->in.debug = true;
836 j->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
837 WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
838
839 werr = libnet_Join(j, j);
840 if (!W_ERROR_IS_OK(werr)) {
841 if (j->out.error_string != NULL) {
842 libnetapi_set_error_string(ctx, "%s", j->out.error_string);
843 }
844 talloc_free(j);
845 return werr;
846 }
847
848 TALLOC_FREE(j);
849
850 return WERR_OK;
851 }
852
853 WERROR NetRequestOfflineDomainJoin_l(struct libnetapi_ctx *ctx,
854 struct NetRequestOfflineDomainJoin *r)
855 {
856 DATA_BLOB blob, blob_base64;
857 enum ndr_err_code ndr_err;
858 struct ODJ_PROVISION_DATA_serialized_ptr odj_provision_data;
859 bool ok;
860 struct ODJ_WIN7BLOB win7blob = { 0 };
861 WERROR werr;
862
863 if (r->in.provision_bin_data == NULL ||
864 r->in.provision_bin_data_size == 0) {
865 return W_ERROR(NERR_NoOfflineJoinInfo);
866 }
867
868 if (r->in.provision_bin_data_size < 2) {
869 return W_ERROR(NERR_BadOfflineJoinInfo);
870 }
871
872 /*
873 * Windows produces and consumes UTF16/UCS2 encoded blobs. Check for the
874 * unicode BOM mark and convert back to UNIX charset if necessary.
875 */
876 if (r->in.provision_bin_data[0] == 0xff &&
877 r->in.provision_bin_data[1] == 0xfe) {
878 ok = convert_string_talloc(ctx, CH_UTF16LE, CH_UNIX,
879 r->in.provision_bin_data+2,
880 r->in.provision_bin_data_size-2,
881 &blob_base64.data,
882 &blob_base64.length);
883 if (!ok) {
884 return W_ERROR(NERR_BadOfflineJoinInfo);
885 }
886 } else {
887 blob_base64 = data_blob(r->in.provision_bin_data,
888 r->in.provision_bin_data_size);
889 }
890
891 blob = base64_decode_data_blob_talloc(ctx, (const char *)blob_base64.data);
892
893 ndr_err = ndr_pull_struct_blob(&blob, ctx, &odj_provision_data,
894 (ndr_pull_flags_fn_t)ndr_pull_ODJ_PROVISION_DATA_serialized_ptr);
895 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
896 return W_ERROR(NERR_BadOfflineJoinInfo);
897 }
898
899 if (DEBUGLEVEL >= 10) {
900 NDR_PRINT_DEBUG(ODJ_PROVISION_DATA_serialized_ptr, &odj_provision_data);
901 }
902
903 if (odj_provision_data.s.p->ulVersion != 1) {
904 return W_ERROR(NERR_ProvisioningBlobUnsupported);
905 }
906
907 werr = libnet_odj_find_win7blob(odj_provision_data.s.p, &win7blob);
908 if (!W_ERROR_IS_OK(werr)) {
909 return werr;
910 }
911
912 if (!(r->in.options & NETSETUP_PROVISION_ONLINE_CALLER)) {
913 return WERR_NERR_SETUPNOTJOINED;
914 }
915
916 werr = NetRequestOfflineDomainJoin_backend(ctx,
917 &win7blob,
918 odj_provision_data.s.p);
919 if (!W_ERROR_IS_OK(werr)) {
920 return werr;
921 }
922
923 return W_ERROR(NERR_JoinPerformedMustRestart);
924 }
925
926 /****************************************************************
927 ****************************************************************/
928
929 WERROR NetComposeOfflineDomainJoin_r(struct libnetapi_ctx *ctx,
930 struct NetComposeOfflineDomainJoin *r)
931 {
932 return WERR_NOT_SUPPORTED;
933 }
934
935 /****************************************************************
936 ****************************************************************/
937
938 static WERROR NetComposeOfflineDomainJoin_backend(struct libnetapi_ctx *ctx,
939 struct NetComposeOfflineDomainJoin *r,
940 TALLOC_CTX *mem_ctx,
941 struct ODJ_PROVISION_DATA **p)
942 {
943 struct libnet_JoinCtx *j = NULL;
944 WERROR werr;
945
946 werr = libnet_init_JoinCtx(ctx, &j);
947 if (!W_ERROR_IS_OK(werr)) {
948 return werr;
949 }
950
951 j->in.domain_name = talloc_strdup(j, r->in.dns_domain_name);
952 if (j->in.domain_name == NULL) {
953 return WERR_NOT_ENOUGH_MEMORY;
954 }
955
956 j->in.dc_name = talloc_strdup(j, r->in.dc_name);
957 W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
958
959 j->in.machine_password = talloc_strdup(j, r->in.machine_account_password);
960 W_ERROR_HAVE_NO_MEMORY(j->in.machine_password);
961
962 j->out.account_name = talloc_strdup(j, r->in.machine_account_name);
963 W_ERROR_HAVE_NO_MEMORY(j->out.account_name);
964
965 j->out.dns_domain_name = talloc_strdup(j, r->in.dns_domain_name);
966 W_ERROR_HAVE_NO_MEMORY(j->out.dns_domain_name);
967
968 j->out.netbios_domain_name = talloc_strdup(j, r->in.netbios_domain_name);
969 W_ERROR_HAVE_NO_MEMORY(j->out.netbios_domain_name);
970
971 j->out.domain_sid = dom_sid_dup(j, (struct dom_sid *)r->in.domain_sid);
972 W_ERROR_HAVE_NO_MEMORY(j->out.domain_sid);
973
974 j->out.domain_guid = *r->in.domain_guid;
975
976 j->out.forest_name = talloc_strdup(j, r->in.forest_name);
977 W_ERROR_HAVE_NO_MEMORY(j->out.forest_name);
978
979 j->out.domain_is_ad = r->in.domain_is_ad;
980
981 j->out.dcinfo = talloc_zero(j, struct netr_DsRGetDCNameInfo);
982 W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo);
983
984 j->out.dcinfo->dc_unc = talloc_asprintf(j->out.dcinfo, "\\\\%s", r->in.dc_name);
985 W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->dc_unc);
986
987 j->out.dcinfo->dc_address = talloc_asprintf(j->out.dcinfo, "\\\\%s", r->in.dc_address);
988 W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->dc_address);
989
990 j->out.dcinfo->dc_address_type = DS_ADDRESS_TYPE_INET;
991
992 j->out.dcinfo->domain_guid = *r->in.domain_guid;
993
994 j->out.dcinfo->domain_name = talloc_strdup(j->out.dcinfo, r->in.dns_domain_name);
995 W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->domain_name);
996
997 j->out.dcinfo->forest_name = talloc_strdup(j->out.dcinfo, r->in.forest_name);
998 W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->forest_name);
999
1000 werr = libnet_odj_compose_ODJ_PROVISION_DATA(mem_ctx, j, p);
1001 if (!W_ERROR_IS_OK(werr)) {
1002 return werr;
1003 }
1004
1005 return WERR_OK;
1006 }
1007
1008 WERROR NetComposeOfflineDomainJoin_l(struct libnetapi_ctx *ctx,
1009 struct NetComposeOfflineDomainJoin *r)
1010 {
1011 WERROR werr;
1012 enum ndr_err_code ndr_err;
1013 const char *b64_bin_data_str;
1014 DATA_BLOB blob;
1015 struct ODJ_PROVISION_DATA_serialized_ptr odj_compose_data;
1016 struct ODJ_PROVISION_DATA *p;
1017 TALLOC_CTX *tmp_ctx = talloc_stackframe();
1018
1019 if (r->in.compose_bin_data == NULL &&
1020 r->in.compose_text_data == NULL) {
1021 werr = WERR_INVALID_PARAMETER;
1022 goto out;
1023 }
1024 if (r->in.compose_bin_data != NULL &&
1025 r->in.compose_text_data != NULL) {
1026 werr = WERR_INVALID_PARAMETER;
1027 goto out;
1028 }
1029 if (r->in.compose_bin_data == NULL &&
1030 r->in.compose_bin_data_size != NULL) {
1031 werr = WERR_INVALID_PARAMETER;
1032 goto out;
1033 }
1034 if (r->in.compose_bin_data != NULL &&
1035 r->in.compose_bin_data_size == NULL) {
1036 werr = WERR_INVALID_PARAMETER;
1037 goto out;
1038 }
1039
1040 if (r->in.dns_domain_name == NULL) {
1041 werr = WERR_INVALID_PARAMETER;
1042 goto out;
1043 }
1044
1045 if (r->in.netbios_domain_name == NULL) {
1046 werr = WERR_INVALID_PARAMETER;
1047 goto out;
1048 }
1049
1050 if (r->in.domain_sid == NULL) {
1051 werr = WERR_INVALID_PARAMETER;
1052 goto out;
1053 }
1054
1055 if (r->in.domain_guid == NULL) {
1056 werr = WERR_INVALID_PARAMETER;
1057 goto out;
1058 }
1059
1060 if (r->in.forest_name == NULL) {
1061 werr = WERR_INVALID_PARAMETER;
1062 goto out;
1063 }
1064
1065 if (r->in.machine_account_name == NULL) {
1066 werr = WERR_INVALID_PARAMETER;
1067 goto out;
1068 }
1069
1070 if (r->in.machine_account_password == NULL) {
1071 werr = WERR_INVALID_PARAMETER;
1072 goto out;
1073 }
1074
1075 if (r->in.dc_name == NULL) {
1076 werr = WERR_INVALID_PARAMETER;
1077 goto out;
1078 }
1079
1080 if (r->in.dc_address == NULL) {
1081 werr = WERR_INVALID_PARAMETER;
1082 goto out;
1083 }
1084
1085 werr = NetComposeOfflineDomainJoin_backend(ctx, r, tmp_ctx, &p);
1086 if (!W_ERROR_IS_OK(werr)) {
1087 goto out;
1088 }
1089
1090 ZERO_STRUCT(odj_compose_data);
1091
1092 odj_compose_data.s.p = p;
1093
1094 ndr_err = ndr_push_struct_blob(&blob, ctx, &odj_compose_data,
1095 (ndr_push_flags_fn_t)ndr_push_ODJ_PROVISION_DATA_serialized_ptr);
1096 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1097 werr = W_ERROR(NERR_BadOfflineJoinInfo);
1098 goto out;
1099 }
1100
1101 if (r->out.compose_text_data != NULL) {
1102 b64_bin_data_str = base64_encode_data_blob(ctx, blob);
1103 if (b64_bin_data_str == NULL) {
1104 werr = WERR_NOT_ENOUGH_MEMORY;
1105 }
1106 *r->out.compose_text_data = b64_bin_data_str;
1107 }
1108
1109 if (r->out.compose_bin_data != NULL &&
1110 r->out.compose_bin_data_size != NULL) {
1111 *r->out.compose_bin_data = blob.data;
1112 *r->out.compose_bin_data_size = blob.length;
1113 }
1114
1115 werr = WERR_OK;
1116 out:
1117 talloc_free(tmp_ctx);
1118 return werr;
1119 }
GSS-enabled samba4