WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
struct wkssvc_NetrJoinDomain2 *r)
{
struct libnet_JoinCtx *j = NULL;
char *cleartext_pwd = NULL;
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
struct security_token *token = p->session_info->security_token;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
}
if (!r->in.admin_account || !r->in.encrypted_password) {
return WERR_INVALID_PARAM;
}
if (!security_token_has_privilege(token, SEC_PRIV_MACHINE_ACCOUNT) &&
!nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
"sufficient privileges\n"));
return WERR_ACCESS_DENIED;
}
if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) ||
(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
return WERR_NOT_SUPPORTED;
}
werr = decode_wkssvc_join_password_buffer(
p->mem_ctx, r->in.encrypted_password,
&p->session_info->session_key, &cleartext_pwd);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
split_domain_user(p->mem_ctx,
r->in.admin_account,
&admin_domain,
&admin_account);
werr = libnet_init_JoinCtx(p->mem_ctx, &j);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
j->in.domain_name = r->in.domain_name;
j->in.account_ou = r->in.account_ou;
j->in.join_flags = r->in.join_flags;
j->in.admin_account = admin_account;
j->in.admin_password = cleartext_pwd;
j->in.debug = true;
j->in.modify_config = lp_config_backend_is_registry();
j->in.msg_ctx = p->msg_ctx;
become_root();
werr = libnet_Join(p->mem_ctx, j);
unbecome_root();
if (!W_ERROR_IS_OK(werr)) {
DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n",
j->out.error_string ? j->out.error_string :
win_errstr(werr)));
}
TALLOC_FREE(j);
return werr;
}
WERROR NetJoinDomain_l(struct libnetapi_ctx *mem_ctx,
struct NetJoinDomain *r)
{
struct libnet_JoinCtx *j = NULL;
WERROR werr;
if (!r->in.domain) {
return WERR_INVALID_PARAM;
}
werr = libnet_init_JoinCtx(mem_ctx, &j);
W_ERROR_NOT_OK_RETURN(werr);
j->in.domain_name = talloc_strdup(mem_ctx, r->in.domain);
W_ERROR_HAVE_NO_MEMORY(j->in.domain_name);
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
NTSTATUS status;
struct netr_DsRGetDCNameInfo *info = NULL;
const char *dc = NULL;
uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
DS_WRITABLE_REQUIRED |
DS_RETURN_DNS_NAME;
status = dsgetdcname(mem_ctx, NULL, r->in.domain,
NULL, NULL, flags, &info);
if (!NT_STATUS_IS_OK(status)) {
libnetapi_set_error_string(mem_ctx,
"%s", get_friendly_nt_error_msg(status));
return ntstatus_to_werror(status);
}
dc = strip_hostname(info->dc_unc);
j->in.dc_name = talloc_strdup(mem_ctx, dc);
W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
}
if (r->in.account_ou) {
j->in.account_ou = talloc_strdup(mem_ctx, r->in.account_ou);
W_ERROR_HAVE_NO_MEMORY(j->in.account_ou);
}
if (r->in.account) {
j->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
W_ERROR_HAVE_NO_MEMORY(j->in.admin_account);
}
if (r->in.password) {
j->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
W_ERROR_HAVE_NO_MEMORY(j->in.admin_password);
}
j->in.join_flags = r->in.join_flags;
j->in.modify_config = true;
j->in.debug = true;
werr = libnet_Join(mem_ctx, j);
if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
libnetapi_set_error_string(mem_ctx, "%s", j->out.error_string);
}
TALLOC_FREE(j);
return werr;
}