diff options
author | Günther Deschner <gd@samba.org> | 2008-01-04 17:01:52 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-01-04 17:43:02 +0100 |
commit | 0399df22f0f0999338e48d7b9598a7b2f7b9aab5 (patch) | |
tree | cdf4f3bfd9fd61851eb4997298d207bc55774f85 | |
parent | 1c183874abaad10188c9f9bf1db2863cbd4d1cef (diff) | |
download | samba-0399df22f0f0999338e48d7b9598a7b2f7b9aab5.tar.gz samba-0399df22f0f0999338e48d7b9598a7b2f7b9aab5.tar.xz samba-0399df22f0f0999338e48d7b9598a7b2f7b9aab5.zip |
In libnet_join finally separate the admin from the machine pwd entirely.
Guenther
(This used to be commit d88bb94f0ef00ddbb48498797bd11448e0d74645)
-rw-r--r-- | source3/lib/netapi/joindomain.c | 10 | ||||
-rw-r--r-- | source3/libnet/libnet_join.c | 28 | ||||
-rw-r--r-- | source3/libnet/libnet_join.h | 7 |
3 files changed, 24 insertions, 21 deletions
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index d200c9b7b06..921f816cbe3 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * NetApi Join Support - * Copyright (C) Guenther Deschner 2007 + * Copyright (C) Guenther Deschner 2007-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -69,8 +69,8 @@ static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx, } if (password) { - r->in.password = talloc_strdup(mem_ctx, password); - W_ERROR_HAVE_NO_MEMORY(r->in.password); + r->in.admin_password = talloc_strdup(mem_ctx, password); + W_ERROR_HAVE_NO_MEMORY(r->in.admin_password); } r->in.join_flags = join_flags; @@ -254,8 +254,8 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, } if (password) { - r->in.password = talloc_strdup(mem_ctx, password); - W_ERROR_HAVE_NO_MEMORY(r->in.password); + r->in.admin_password = talloc_strdup(mem_ctx, password); + W_ERROR_HAVE_NO_MEMORY(r->in.admin_password); } r->in.unjoin_flags = unjoin_flags; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 70777df247e..26b43202679 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * libnet Join Support * Copyright (C) Gerald (Jerry) Carter 2006 - * Copyright (C) Guenther Deschner 2007 + * Copyright (C) Guenther Deschner 2007-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,7 +27,6 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; - const char *password = NULL; POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; @@ -46,17 +45,19 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, DATA_BLOB digested_session_key; uchar md4_trust_password[16]; - password = talloc_strdup(mem_ctx, - generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); - NT_STATUS_HAVE_NO_MEMORY(password); + if (!r->in.machine_password) { + r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); + NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); + } status = cli_full_connection(&cli, NULL, r->in.server_name, NULL, 0, "IPC$", "IPC", r->in.admin_account, - NULL, //r->in.domain_name, - r->in.password, - 0, Undefined, NULL); + NULL, + r->in.admin_password, + 0, + Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -152,15 +153,16 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, goto done; } - E_md4hash(password, md4_trust_password); - encode_pw_buffer(pwbuf, password, STR_UNICODE); + E_md4hash(r->in.machine_password, md4_trust_password); + encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE); generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer)); digested_session_key = data_blob_talloc(mem_ctx, 0, 16); MD5Init(&md5ctx); MD5Update(&md5ctx, md5buffer, sizeof(md5buffer)); - MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length); + MD5Update(&md5ctx, cli->user_session_key.data, + cli->user_session_key.length); MD5Final(digested_session_key.data, &md5ctx); SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); @@ -237,8 +239,8 @@ static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx, NULL, 0, "IPC$", "IPC", r->in.admin_account, - NULL, //r->in.domain_name, - r->in.password, + NULL, + r->in.admin_password, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 46ab27e8b0f..85c756f77b1 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * libnet Join Support - * Copyright (C) Guenther Deschner 2007 + * Copyright (C) Guenther Deschner 2007-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,8 @@ struct libnet_JoinCtx { const char *domain_name; const char *account_ou; const char *admin_account; - const char *password; + const char *admin_password; + const char *machine_password; uint32_t join_flags; const char *os_version; const char *os_string; @@ -50,7 +51,7 @@ struct libnet_UnjoinCtx { const char *server_name; const char *domain_name; const char *admin_account; - const char *password; + const char *admin_password; uint32_t unjoin_flags; bool modify_config; struct dom_sid *domain_sid; |