WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
struct NetJoinDomain *r)
{
struct rpc_pipe_client *pipe_cli = NULL;
struct wkssvc_PasswordBuffer *encrypted_password = NULL;
NTSTATUS status;
WERROR werr;
unsigned int old_timeout = 0;
struct dcerpc_binding_handle *b;
DATA_BLOB session_key;
if (IS_DC) {
return WERR_NERR_SETUPDOMAINCONTROLLER;
}
werr = libnetapi_open_pipe(ctx, r->in.server,
&ndr_table_wkssvc,
&pipe_cli);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
b = pipe_cli->binding_handle;
if (r->in.password) {
status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
}
old_timeout = rpccli_set_timeout(pipe_cli, 600000);
status = dcerpc_wkssvc_NetrJoinDomain2(b, talloc_tos(),
r->in.server,
r->in.domain,
r->in.account_ou,
r->in.account,
encrypted_password,
r->in.join_flags,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
done:
if (pipe_cli && old_timeout) {
rpccli_set_timeout(pipe_cli, old_timeout);
}
return werr;
}
WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
struct NetJoinDomain *r)
{
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_cli = NULL;
struct wkssvc_PasswordBuffer *encrypted_password = NULL;
NTSTATUS status;
WERROR werr;
unsigned int old_timeout = 0;
werr = libnetapi_open_pipe(ctx, r->in.server,
&ndr_table_wkssvc.syntax_id,
&cli,
&pipe_cli);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
if (r->in.password) {
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&cli->user_session_key,
&encrypted_password);
}
old_timeout = cli_set_timeout(cli, 600000);
status = rpccli_wkssvc_NetrJoinDomain2(pipe_cli, ctx,
r->in.server,
r->in.domain,
r->in.account_ou,
r->in.account,
encrypted_password,
r->in.join_flags,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
done:
if (cli) {
if (old_timeout) {
cli_set_timeout(cli, old_timeout);
}
}
return werr;
}
WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
struct NetGetJoinableOUs *r)
{
struct rpc_pipe_client *pipe_cli = NULL;
struct wkssvc_PasswordBuffer *encrypted_password = NULL;
NTSTATUS status;
WERROR werr;
struct dcerpc_binding_handle *b;
DATA_BLOB session_key;
werr = libnetapi_open_pipe(ctx, r->in.server_name,
&ndr_table_wkssvc,
&pipe_cli);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
b = pipe_cli->binding_handle;
if (r->in.password) {
status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
}
status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
r->in.server_name,
r->in.domain,
r->in.account,
encrypted_password,
r->out.ou_count,
r->out.ous,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
done:
return werr;
}
WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
struct NetGetJoinableOUs *r)
{
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_cli = NULL;
struct wkssvc_PasswordBuffer *encrypted_password = NULL;
NTSTATUS status;
WERROR werr;
werr = libnetapi_open_pipe(ctx, r->in.server_name,
&ndr_table_wkssvc.syntax_id,
&cli,
&pipe_cli);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
if (r->in.password) {
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&cli->user_session_key,
&encrypted_password);
}
status = rpccli_wkssvc_NetrGetJoinableOus2(pipe_cli, ctx,
r->in.server_name,
r->in.domain,
r->in.account,
encrypted_password,
r->out.ou_count,
r->out.ous,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
done:
return werr;
}
WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
struct NetRenameMachineInDomain *r)
{
struct rpc_pipe_client *pipe_cli = NULL;
struct wkssvc_PasswordBuffer *encrypted_password = NULL;
NTSTATUS status;
WERROR werr;
werr = libnetapi_open_pipe(ctx, r->in.server_name,
&ndr_table_wkssvc.syntax_id,
&pipe_cli);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
if (r->in.password) {
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&pipe_cli->auth->user_session_key,
&encrypted_password);
}
status = rpccli_wkssvc_NetrRenameMachineInDomain2(pipe_cli, talloc_tos(),
r->in.server_name,
r->in.new_machine_name,
r->in.account,
encrypted_password,
r->in.rename_options,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
goto done;
}
done:
return werr;
}
static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrUnjoinDomain2 r;
const char *domain_admin_account = NULL;
const char *domain_admin_password = NULL;
struct wkssvc_PasswordBuffer *pwd_buf;
enum wkssvc_NetJoinStatus join_status;
const char *join_name = NULL;
WERROR expected_err;
DATA_BLOB session_key;
struct dcerpc_binding_handle *b = p->binding_handle;
/* FIXME: this test assumes to join workstations / servers and does not
* handle DCs (WERR_SETUP_DOMAIN_CONTROLLER) */
if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
{
return false;
}
switch (join_status) {
case NET_SETUP_UNJOINED:
expected_err = WERR_SETUP_NOT_JOINED;
break;
case NET_SETUP_DOMAIN_NAME:
case NET_SETUP_UNKNOWN_STATUS:
case NET_SETUP_WORKGROUP_NAME:
default:
expected_err = WERR_OK;
break;
}
domain_admin_account = torture_setting_string(tctx, "domain_admin_account", NULL);
domain_admin_password = torture_setting_string(tctx, "domain_admin_password", NULL);
if ((domain_admin_account == NULL) ||
(domain_admin_password == NULL)) {
torture_comment(tctx, "not enough input parameter\n");
return false;
}
status = dcerpc_fetch_session_key(p, &session_key);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
encode_wkssvc_join_password_buffer(tctx, domain_admin_password,
&session_key, &pwd_buf);
r.in.server_name = dcerpc_server_name(p);
r.in.account = domain_admin_account;
r.in.encrypted_password = pwd_buf;
r.in.unjoin_flags = 0;
torture_comment(tctx, "Testing NetrUnjoinDomain2 (assuming non-DC)\n");
status = dcerpc_wkssvc_NetrUnjoinDomain2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrUnjoinDomain2 failed");
torture_assert_werr_equal(tctx, r.out.result, expected_err,
"NetrUnjoinDomain2 failed");
if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
{
return false;
}
switch (join_status) {
case NET_SETUP_UNJOINED:
case NET_SETUP_WORKGROUP_NAME:
break;
case NET_SETUP_UNKNOWN_STATUS:
case NET_SETUP_DOMAIN_NAME:
default:
torture_comment(tctx,
"Unjoin verify failed: got %d\n", join_status);
return false;
}
return true;
}
