[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-910-g53735ed

Günther Deschner gd at samba.org
Mon Apr 14 21:02:38 GMT 2008


The branch, v3-2-test has been updated
       via  53735edcbb059e73c51ae17d4ff75d2a4dee53e5 (commit)
       via  1782e89f3341eca5ee1fa39881ee8efb3fac9a5b (commit)
       via  8d3d1c094a28f75b01315ee05b7939ffba374f20 (commit)
      from  cb3f1df7d8f35848a432764ea7d6720ec131ede1 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 53735edcbb059e73c51ae17d4ff75d2a4dee53e5
Author: Günther Deschner <gd at samba.org>
Date:   Mon Apr 14 22:58:38 2008 +0200

    net: abort when lp_realm is not set in net_ads_leave().
    
    Guenther

commit 1782e89f3341eca5ee1fa39881ee8efb3fac9a5b
Author: Günther Deschner <gd at samba.org>
Date:   Mon Apr 14 22:57:37 2008 +0200

    libnetjoin: delete the workgroup name when requested while unjoining.
    
    Guenther

commit 8d3d1c094a28f75b01315ee05b7939ffba374f20
Author: Günther Deschner <gd at samba.org>
Date:   Mon Apr 14 22:56:12 2008 +0200

    libnetjoin: separate out libnet_join_lookup_dc_rpc.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/libnet/libnet_join.c |  127 ++++++++++++++++++++++++++++++-------------
 source/utils/net_ads.c      |    5 ++
 2 files changed, 95 insertions(+), 37 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index dda945e..90cb64c 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -642,36 +642,19 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
 }
 
 /****************************************************************
- Do the domain join
+ Lookup domain dc's info
 ****************************************************************/
 
-static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
-					   struct libnet_JoinCtx *r)
+static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
+					  struct libnet_JoinCtx *r,
+					  struct cli_state **cli)
 {
-	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *pipe_hnd = NULL;
-	POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol;
+	POLICY_HND lsa_pol;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	char *acct_name;
-	struct lsa_String lsa_acct_name;
-	uint32_t user_rid;
-	uint32_t acct_flags = ACB_WSTRUST;
-	uchar pwbuf[532];
-	struct MD5Context md5ctx;
-	uchar md5buffer[16];
-	DATA_BLOB digested_session_key;
-	uchar md4_trust_password[16];
 	union lsa_PolicyInformation *info = NULL;
-	struct samr_Ids user_rids;
-	struct samr_Ids name_types;
-	union samr_UserInfo user_info;
-
-	if (!r->in.machine_password) {
-		r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH));
-		NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
-	}
 
-	status = cli_full_connection(&cli, NULL,
+	status = cli_full_connection(cli, NULL,
 				     r->in.dc_name,
 				     NULL, 0,
 				     "IPC$", "IPC",
@@ -685,7 +668,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status);
+	pipe_hnd = cli_rpc_pipe_open_noauth(*cli, PI_LSARPC, &status);
 	if (!pipe_hnd) {
 		DEBUG(0,("Error connecting to LSA pipe. Error was %s\n",
 			nt_errstr(status)));
@@ -725,6 +708,43 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
 	cli_rpc_pipe_close(pipe_hnd);
 
+ done:
+	return status;
+}
+
+/****************************************************************
+ Do the domain join
+****************************************************************/
+
+static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
+					   struct libnet_JoinCtx *r,
+					   struct cli_state *cli)
+{
+	struct rpc_pipe_client *pipe_hnd = NULL;
+	POLICY_HND sam_pol, domain_pol, user_pol;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	char *acct_name;
+	struct lsa_String lsa_acct_name;
+	uint32_t user_rid;
+	uint32_t acct_flags = ACB_WSTRUST;
+	uchar pwbuf[532];
+	struct MD5Context md5ctx;
+	uchar md5buffer[16];
+	DATA_BLOB digested_session_key;
+	uchar md4_trust_password[16];
+	struct samr_Ids user_rids;
+	struct samr_Ids name_types;
+	union samr_UserInfo user_info;
+
+	ZERO_STRUCT(sam_pol);
+	ZERO_STRUCT(domain_pol);
+	ZERO_STRUCT(user_pol);
+
+	if (!r->in.machine_password) {
+		r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH));
+		NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
+	}
+
 	/* Open the domain */
 
 	pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status);
@@ -796,7 +816,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 					"administrator privileges");
 			}
 
-			return status;
+			goto done;
 		}
 
 		if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
@@ -915,14 +935,23 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
-	cli_rpc_pipe_close(pipe_hnd);
-
 	status = NT_STATUS_OK;
+
  done:
-	if (cli) {
-		cli_shutdown(cli);
+	if (!pipe_hnd) {
+		return status;
+	}
+
+	if (is_valid_policy_hnd(&sam_pol)) {
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol);
 	}
+	if (is_valid_policy_hnd(&domain_pol)) {
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
+	}
+	if (is_valid_policy_hnd(&user_pol)) {
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
+	}
+	cli_rpc_pipe_close(pipe_hnd);
 
 	return status;
 }
@@ -1259,6 +1288,10 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r)
 
 		werr = smbconf_set_global_parameter(ctx, "security", "user");
 		W_ERROR_NOT_OK_GOTO_DONE(werr);
+
+		werr = smbconf_delete_global_parameter(ctx, "workgroup");
+		W_ERROR_NOT_OK_GOTO_DONE(werr);
+
 		smbconf_delete_global_parameter(ctx, "realm");
 	}
 
@@ -1535,6 +1568,8 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 				struct libnet_JoinCtx *r)
 {
 	NTSTATUS status;
+	WERROR werr;
+	struct cli_state *cli = NULL;
 #ifdef WITH_ADS
 	ADS_STATUS ads_status;
 #endif /* WITH_ADS */
@@ -1583,31 +1618,49 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 	}
 #endif /* WITH_ADS */
 
-	status = libnet_join_joindomain_rpc(mem_ctx, r);
+	status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		libnet_join_set_error_string(mem_ctx, r,
-			"failed to join domain over rpc: %s",
-			get_friendly_nt_error_msg(status));
+			"failed to lookup DC info for domain '%s' over rpc: %s",
+			r->in.domain_name, get_friendly_nt_error_msg(status));
+		return ntstatus_to_werror(status);
+	}
+
+	status = libnet_join_joindomain_rpc(mem_ctx, r, cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"failed to join domain '%s' over rpc: %s",
+			r->in.domain_name, get_friendly_nt_error_msg(status));
 		if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 			return WERR_SETUP_ALREADY_JOINED;
 		}
-		return ntstatus_to_werror(status);
+		werr = ntstatus_to_werror(status);
+		goto done;
 	}
 
 	if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) {
-		return WERR_SETUP_NOT_JOINED;
+		werr = WERR_SETUP_NOT_JOINED;
+		goto done;
 	}
 
 #ifdef WITH_ADS
 	if (r->out.domain_is_ad) {
 		ads_status  = libnet_join_post_processing_ads(mem_ctx, r);
 		if (!ADS_ERR_OK(ads_status)) {
-			return WERR_GENERAL_FAILURE;
+			werr = WERR_GENERAL_FAILURE;
+			goto done;
 		}
 	}
 #endif /* WITH_ADS */
 
-	return WERR_OK;
+	werr = WERR_OK;
+
+ done:
+	if (cli) {
+		cli_shutdown(cli);
+	}
+
+	return werr;
 }
 
 /****************************************************************
diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c
index b481452..50e5b37 100644
--- a/source/utils/net_ads.c
+++ b/source/utils/net_ads.c
@@ -816,6 +816,11 @@ static int net_ads_leave(int argc, const char **argv)
 	struct libnet_UnjoinCtx *r = NULL;
 	WERROR werr;
 
+	if (!*lp_realm()) {
+		d_fprintf(stderr, "No realm set, are we joined ?\n");
+		return -1;
+	}
+
 	if (!(ctx = talloc_init("net_ads_leave"))) {
 		d_fprintf(stderr, "Could not initialise talloc context.\n");
 		return -1;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list