summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-01-04 17:01:52 +0100
committerGünther Deschner <gd@samba.org>2008-01-04 17:43:02 +0100
commit0399df22f0f0999338e48d7b9598a7b2f7b9aab5 (patch)
treecdf4f3bfd9fd61851eb4997298d207bc55774f85
parent1c183874abaad10188c9f9bf1db2863cbd4d1cef (diff)
downloadsamba-0399df22f0f0999338e48d7b9598a7b2f7b9aab5.tar.gz
samba-0399df22f0f0999338e48d7b9598a7b2f7b9aab5.tar.xz
samba-0399df22f0f0999338e48d7b9598a7b2f7b9aab5.zip
In libnet_join finally separate the admin from the machine pwd entirely.
Guenther (This used to be commit d88bb94f0ef00ddbb48498797bd11448e0d74645)
-rw-r--r--source3/lib/netapi/joindomain.c10
-rw-r--r--source3/libnet/libnet_join.c28
-rw-r--r--source3/libnet/libnet_join.h7
3 files changed, 24 insertions, 21 deletions
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
index d200c9b7b06..921f816cbe3 100644
--- a/source3/lib/netapi/joindomain.c
+++ b/source3/lib/netapi/joindomain.c
@@ -1,7 +1,7 @@
/*
* Unix SMB/CIFS implementation.
* NetApi Join Support
- * Copyright (C) Guenther Deschner 2007
+ * Copyright (C) Guenther Deschner 2007-2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -69,8 +69,8 @@ static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx,
}
if (password) {
- r->in.password = talloc_strdup(mem_ctx, password);
- W_ERROR_HAVE_NO_MEMORY(r->in.password);
+ r->in.admin_password = talloc_strdup(mem_ctx, password);
+ W_ERROR_HAVE_NO_MEMORY(r->in.admin_password);
}
r->in.join_flags = join_flags;
@@ -254,8 +254,8 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx,
}
if (password) {
- r->in.password = talloc_strdup(mem_ctx, password);
- W_ERROR_HAVE_NO_MEMORY(r->in.password);
+ r->in.admin_password = talloc_strdup(mem_ctx, password);
+ W_ERROR_HAVE_NO_MEMORY(r->in.admin_password);
}
r->in.unjoin_flags = unjoin_flags;
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 70777df247e..26b43202679 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2,7 +2,7 @@
* Unix SMB/CIFS implementation.
* libnet Join Support
* Copyright (C) Gerald (Jerry) Carter 2006
- * Copyright (C) Guenther Deschner 2007
+ * Copyright (C) Guenther Deschner 2007-2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +27,6 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx,
{
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
- const char *password = NULL;
POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
@@ -46,17 +45,19 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx,
DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
- password = talloc_strdup(mem_ctx,
- generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH));
- NT_STATUS_HAVE_NO_MEMORY(password);
+ if (!r->in.machine_password) {
+ r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH));
+ NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
+ }
status = cli_full_connection(&cli, NULL, r->in.server_name,
NULL, 0,
"IPC$", "IPC",
r->in.admin_account,
- NULL, //r->in.domain_name,
- r->in.password,
- 0, Undefined, NULL);
+ NULL,
+ r->in.admin_password,
+ 0,
+ Undefined, NULL);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -152,15 +153,16 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx,
goto done;
}
- E_md4hash(password, md4_trust_password);
- encode_pw_buffer(pwbuf, password, STR_UNICODE);
+ E_md4hash(r->in.machine_password, md4_trust_password);
+ encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);
generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
MD5Init(&md5ctx);
MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
- MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length);
+ MD5Update(&md5ctx, cli->user_session_key.data,
+ cli->user_session_key.length);
MD5Final(digested_session_key.data, &md5ctx);
SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
@@ -237,8 +239,8 @@ static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx,
NULL, 0,
"IPC$", "IPC",
r->in.admin_account,
- NULL, //r->in.domain_name,
- r->in.password,
+ NULL,
+ r->in.admin_password,
0, Undefined, NULL);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h
index 46ab27e8b0f..85c756f77b1 100644
--- a/source3/libnet/libnet_join.h
+++ b/source3/libnet/libnet_join.h
@@ -1,7 +1,7 @@
/*
* Unix SMB/CIFS implementation.
* libnet Join Support
- * Copyright (C) Guenther Deschner 2007
+ * Copyright (C) Guenther Deschner 2007-2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -26,7 +26,8 @@ struct libnet_JoinCtx {
const char *domain_name;
const char *account_ou;
const char *admin_account;
- const char *password;
+ const char *admin_password;
+ const char *machine_password;
uint32_t join_flags;
const char *os_version;
const char *os_string;
@@ -50,7 +51,7 @@ struct libnet_UnjoinCtx {
const char *server_name;
const char *domain_name;
const char *admin_account;
- const char *password;
+ const char *admin_password;
uint32_t unjoin_flags;
bool modify_config;
struct dom_sid *domain_sid;