The branch, v3-2-test has been updated via 53735edcbb059e73c51ae17d4ff75d2a4dee53e5 (commit) via 1782e89f3341eca5ee1fa39881ee8efb3fac9a5b (commit) via 8d3d1c094a28f75b01315ee05b7939ffba374f20 (commit) from cb3f1df7d8f35848a432764ea7d6720ec131ede1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log ----------------------------------------------------------------- commit 53735edcbb059e73c51ae17d4ff75d2a4dee53e5 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Mon Apr 14 22:58:38 2008 +0200 net: abort when lp_realm is not set in net_ads_leave(). Guenther commit 1782e89f3341eca5ee1fa39881ee8efb3fac9a5b Author: Günther Deschner <[EMAIL PROTECTED]> Date: Mon Apr 14 22:57:37 2008 +0200 libnetjoin: delete the workgroup name when requested while unjoining. Guenther commit 8d3d1c094a28f75b01315ee05b7939ffba374f20 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Mon Apr 14 22:56:12 2008 +0200 libnetjoin: separate out libnet_join_lookup_dc_rpc. Guenther ----------------------------------------------------------------------- Summary of changes: source/libnet/libnet_join.c | 127 ++++++++++++++++++++++++++++++------------- source/utils/net_ads.c | 5 ++ 2 files changed, 95 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c index dda945e..90cb64c 100644 --- a/source/libnet/libnet_join.c +++ b/source/libnet/libnet_join.c @@ -642,36 +642,19 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, } /**************************************************************** - Do the domain join + Lookup domain dc's info ****************************************************************/ -static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + struct cli_state **cli) { - struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; + POLICY_HND lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *acct_name; - struct lsa_String lsa_acct_name; - uint32_t user_rid; - uint32_t acct_flags = ACB_WSTRUST; - uchar pwbuf[532]; - struct MD5Context md5ctx; - uchar md5buffer[16]; - DATA_BLOB digested_session_key; - uchar md4_trust_password[16]; union lsa_PolicyInformation *info = NULL; - struct samr_Ids user_rids; - struct samr_Ids name_types; - union samr_UserInfo user_info; - - if (!r->in.machine_password) { - r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); - NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); - } - status = cli_full_connection(&cli, NULL, + status = cli_full_connection(cli, NULL, r->in.dc_name, NULL, 0, "IPC$", "IPC", @@ -685,7 +668,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status); + pipe_hnd = cli_rpc_pipe_open_noauth(*cli, PI_LSARPC, &status); if (!pipe_hnd) { DEBUG(0,("Error connecting to LSA pipe. Error was %s\n", nt_errstr(status))); @@ -725,6 +708,43 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); cli_rpc_pipe_close(pipe_hnd); + done: + return status; +} + +/**************************************************************** + Do the domain join +****************************************************************/ + +static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + struct cli_state *cli) +{ + struct rpc_pipe_client *pipe_hnd = NULL; + POLICY_HND sam_pol, domain_pol, user_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *acct_name; + struct lsa_String lsa_acct_name; + uint32_t user_rid; + uint32_t acct_flags = ACB_WSTRUST; + uchar pwbuf[532]; + struct MD5Context md5ctx; + uchar md5buffer[16]; + DATA_BLOB digested_session_key; + uchar md4_trust_password[16]; + struct samr_Ids user_rids; + struct samr_Ids name_types; + union samr_UserInfo user_info; + + ZERO_STRUCT(sam_pol); + ZERO_STRUCT(domain_pol); + ZERO_STRUCT(user_pol); + + if (!r->in.machine_password) { + r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); + NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); + } + /* Open the domain */ pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); @@ -796,7 +816,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, "administrator privileges"); } - return status; + goto done; } if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -915,14 +935,23 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); - cli_rpc_pipe_close(pipe_hnd); - status = NT_STATUS_OK; + done: - if (cli) { - cli_shutdown(cli); + if (!pipe_hnd) { + return status; + } + + if (is_valid_policy_hnd(&sam_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); } + if (is_valid_policy_hnd(&domain_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); + } + if (is_valid_policy_hnd(&user_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); + } + cli_rpc_pipe_close(pipe_hnd); return status; } @@ -1259,6 +1288,10 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) werr = smbconf_set_global_parameter(ctx, "security", "user"); W_ERROR_NOT_OK_GOTO_DONE(werr); + + werr = smbconf_delete_global_parameter(ctx, "workgroup"); + W_ERROR_NOT_OK_GOTO_DONE(werr); + smbconf_delete_global_parameter(ctx, "realm"); } @@ -1535,6 +1568,8 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; + WERROR werr; + struct cli_state *cli = NULL; #ifdef WITH_ADS ADS_STATUS ads_status; #endif /* WITH_ADS */ @@ -1583,31 +1618,49 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, } #endif /* WITH_ADS */ - status = libnet_join_joindomain_rpc(mem_ctx, r); + status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to join domain over rpc: %s", - get_friendly_nt_error_msg(status)); + "failed to lookup DC info for domain '%s' over rpc: %s", + r->in.domain_name, get_friendly_nt_error_msg(status)); + return ntstatus_to_werror(status); + } + + status = libnet_join_joindomain_rpc(mem_ctx, r, cli); + if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to join domain '%s' over rpc: %s", + r->in.domain_name, get_friendly_nt_error_msg(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { return WERR_SETUP_ALREADY_JOINED; } - return ntstatus_to_werror(status); + werr = ntstatus_to_werror(status); + goto done; } if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { - return WERR_SETUP_NOT_JOINED; + werr = WERR_SETUP_NOT_JOINED; + goto done; } #ifdef WITH_ADS if (r->out.domain_is_ad) { ads_status = libnet_join_post_processing_ads(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { - return WERR_GENERAL_FAILURE; + werr = WERR_GENERAL_FAILURE; + goto done; } } #endif /* WITH_ADS */ - return WERR_OK; + werr = WERR_OK; + + done: + if (cli) { + cli_shutdown(cli); + } + + return werr; } /**************************************************************** diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c index b481452..50e5b37 100644 --- a/source/utils/net_ads.c +++ b/source/utils/net_ads.c @@ -816,6 +816,11 @@ static int net_ads_leave(int argc, const char **argv) struct libnet_UnjoinCtx *r = NULL; WERROR werr; + if (!*lp_realm()) { + d_fprintf(stderr, "No realm set, are we joined ?\n"); + return -1; + } + if (!(ctx = talloc_init("net_ads_leave"))) { d_fprintf(stderr, "Could not initialise talloc context.\n"); return -1; -- Samba Shared Repository