Line data Source code
1 : /*
2 : Samba Unix/Linux SMB client library
3 : net join commands
4 : Copyright (C) 2021 Guenther Deschner (gd@samba.org)
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "utils/net.h"
22 : #include <netapi.h>
23 : #include "netapi/netapi_net.h"
24 : #include "libcli/registry/util_reg.h"
25 :
26 0 : int net_offlinejoin_usage(struct net_context *c, int argc, const char **argv)
27 : {
28 0 : d_printf(_("\nnet offlinejoin [misc. options]\n"
29 : "\tjoins a computer to a domain\n"));
30 0 : d_printf(_("Valid commands:\n"));
31 0 : d_printf(_("\tprovision\t\t\tProvision machine account in AD\n"));
32 0 : d_printf(_("\trequestodj\t\t\tRequest offline domain join\n"));
33 0 : net_common_flags_usage(c, argc, argv);
34 0 : return -1;
35 : }
36 :
37 12 : int net_offlinejoin(struct net_context *c, int argc, const char **argv)
38 : {
39 : int ret;
40 : NET_API_STATUS status;
41 :
42 12 : if ((argc > 0) && (strcasecmp_m(argv[0], "HELP") == 0)) {
43 0 : net_offlinejoin_usage(c, argc, argv);
44 0 : return 0;
45 : }
46 :
47 12 : if (argc == 0) {
48 0 : net_offlinejoin_usage(c, argc, argv);
49 0 : return -1;
50 : }
51 :
52 12 : status = libnetapi_net_init(&c->netapi_ctx);
53 12 : if (status != 0) {
54 0 : return -1;
55 : }
56 :
57 12 : status = libnetapi_set_creds(c->netapi_ctx, c->creds);
58 12 : if (status != 0) {
59 0 : return -1;
60 : }
61 :
62 12 : if (c->opt_kerberos) {
63 0 : libnetapi_set_use_kerberos(c->netapi_ctx);
64 : }
65 :
66 12 : if (strcasecmp_m(argv[0], "provision") == 0) {
67 6 : ret = net_offlinejoin_provision(c, argc, argv);
68 6 : if (ret != 0) {
69 0 : return ret;
70 : }
71 : }
72 :
73 12 : if (strcasecmp_m(argv[0], "requestodj") == 0) {
74 6 : ret = net_offlinejoin_requestodj(c, argc, argv);
75 6 : if (ret != 0) {
76 0 : return ret;
77 : }
78 : }
79 :
80 12 : return 0;
81 : }
82 :
83 0 : static int net_offlinejoin_provision_usage(struct net_context *c, int argc, const char **argv)
84 : {
85 0 : d_printf(_("\nnet offlinejoin provision [misc. options]\n"
86 : "\tProvisions machine account in AD\n"));
87 0 : d_printf(_("Valid options:\n"));
88 0 : d_printf(_("\tdomain=<DOMAIN>\t\t\t\tDefines AD Domain to join\n"));
89 0 : d_printf(_("\tmachine_name=<MACHINE_NAME>\t\tDefines the machine account name\n"));
90 0 : d_printf(_("\tmachine_account_ou=<OU>\t\t\tDefines the machine account organizational unit DN\n"));
91 0 : d_printf(_("\tdcname=<DCNAME>\t\t\t\tSpecifices a Domain Controller to join to\n"));
92 0 : d_printf(_("\tdefpwd\t\t\t\t\tUse default machine account password\n"));
93 0 : d_printf(_("\treuse\t\t\t\t\tReuse existing machine account in AD\n"));
94 0 : d_printf(_("\tsavefile=<FILENAME>\t\t\tFile to store the ODJ data\n"));
95 0 : d_printf(_("\tprintblob\t\t\t\tPrint the base64 encoded ODJ data on stdout\n"));
96 0 : net_common_flags_usage(c, argc, argv);
97 0 : return -1;
98 : }
99 :
100 6 : int net_offlinejoin_provision(struct net_context *c,
101 : int argc, const char **argv)
102 : {
103 : NET_API_STATUS status;
104 6 : const char *dcname = NULL;
105 6 : const char *domain = NULL;
106 6 : const char *machine_name = NULL;
107 6 : const char *machine_account_ou = NULL;
108 6 : const char *provision_text_data = NULL;
109 6 : uint32_t options = 0;
110 6 : const char *savefile = NULL;
111 6 : bool printblob = false;
112 : int i;
113 :
114 6 : if (c->display_usage || argc == 1) {
115 0 : return net_offlinejoin_provision_usage(c, argc, argv);
116 : }
117 :
118 : /* process additional command line args */
119 :
120 36 : for (i = 0; i < argc; i++) {
121 :
122 30 : if (strnequal(argv[i], "domain", strlen("domain"))) {
123 6 : domain = get_string_param(argv[i]);
124 6 : if (domain == NULL) {
125 0 : return -1;
126 : }
127 : }
128 30 : if (strnequal(argv[i], "machine_name", strlen("machine_name"))) {
129 6 : machine_name = get_string_param(argv[i]);
130 6 : if (machine_name == NULL) {
131 0 : return -1;
132 : }
133 : }
134 30 : if (strnequal(argv[i], "machine_account_ou", strlen("machine_account_ou"))) {
135 0 : machine_account_ou = get_string_param(argv[i]);
136 0 : if (machine_account_ou == NULL) {
137 0 : return -1;
138 : }
139 : }
140 30 : if (strnequal(argv[i], "dcname", strlen("dcname"))) {
141 4 : dcname = get_string_param(argv[i]);
142 4 : if (dcname == NULL) {
143 0 : return -1;
144 : }
145 : }
146 30 : if (strnequal(argv[i], "defpwd", strlen("defpwd"))) {
147 2 : options |= NETSETUP_PROVISION_USE_DEFAULT_PASSWORD;
148 : }
149 30 : if (strnequal(argv[i], "reuse", strlen("reuse"))) {
150 0 : options |= NETSETUP_PROVISION_REUSE_ACCOUNT;
151 : }
152 30 : if (strnequal(argv[i], "savefile", strlen("savefile"))) {
153 6 : savefile = get_string_param(argv[i]);
154 6 : if (savefile == NULL) {
155 0 : return -1;
156 : }
157 : }
158 30 : if (strnequal(argv[i], "printblob", strlen("printblob"))) {
159 0 : printblob = true;
160 : }
161 : }
162 :
163 6 : if (domain == NULL) {
164 0 : d_printf("Failed to provision computer account: %s\n",
165 0 : libnetapi_errstr(W_ERROR_V(WERR_INVALID_DOMAINNAME)));
166 0 : return -1;
167 : }
168 :
169 6 : if (machine_name == NULL) {
170 0 : d_printf("Failed to provision computer account: %s\n",
171 0 : libnetapi_errstr(W_ERROR_V(WERR_INVALID_COMPUTERNAME)));
172 0 : return -1;
173 : }
174 :
175 6 : status = NetProvisionComputerAccount(domain,
176 : machine_name,
177 : machine_account_ou,
178 : dcname,
179 : options,
180 : NULL,
181 : 0,
182 : &provision_text_data);
183 6 : if (status != 0) {
184 0 : d_printf("Failed to provision computer account: %s\n",
185 : libnetapi_get_error_string(c->netapi_ctx, status));
186 0 : return status;
187 : }
188 :
189 6 : if (savefile != NULL) {
190 :
191 : DATA_BLOB ucs2_blob, blob;
192 : bool ok;
193 :
194 6 : ok = push_reg_sz(c, &ucs2_blob, provision_text_data);
195 6 : if (!ok) {
196 0 : return -1;
197 : }
198 :
199 6 : blob = data_blob_talloc(c, NULL, ucs2_blob.length + 2);
200 :
201 6 : blob.data[0] = 0xff;
202 6 : blob.data[1] = 0xfe;
203 :
204 6 : memcpy(blob.data + 2, ucs2_blob.data, ucs2_blob.length);
205 :
206 6 : ok = file_save(savefile, blob.data, blob.length);
207 6 : if (!ok) {
208 0 : d_printf("Failed to save %s: %s\n", savefile,
209 0 : strerror(errno));
210 0 : return -1;
211 : }
212 : }
213 :
214 6 : d_printf("Successfully provisioned computer '%s' in domain '%s'\n",
215 : machine_name, domain);
216 :
217 6 : if (printblob) {
218 0 : printf("%s\n", provision_text_data);
219 : }
220 :
221 6 : return 0;
222 : }
223 :
224 0 : static int net_offlinejoin_requestodj_usage(struct net_context *c, int argc, const char **argv)
225 : {
226 0 : d_printf(_("\nnet offlinejoin requestodj [misc. options]\n"
227 : "\tRequests offline domain join\n"));
228 0 : d_printf(_("Valid options:\n"));
229 0 : d_printf(_("\tloadfile=<FILENAME>\t\t\tFile that provides the ODJ data\n"));
230 : /*d_printf(_("\tlocalos\t\t\t\t\tModify the local machine\n"));*/
231 0 : net_common_flags_usage(c, argc, argv);
232 0 : return -1;
233 : }
234 :
235 6 : int net_offlinejoin_requestodj(struct net_context *c,
236 : int argc, const char **argv)
237 : {
238 : NET_API_STATUS status;
239 6 : uint8_t *provision_bin_data = NULL;
240 6 : uint32_t provision_bin_data_size = 0;
241 6 : uint32_t options = NETSETUP_PROVISION_ONLINE_CALLER;
242 6 : const char *loadfile = NULL;
243 6 : const char *windows_path = NULL;
244 : int i;
245 :
246 6 : if (c->display_usage || argc == 1) {
247 0 : return net_offlinejoin_requestodj_usage(c, argc, argv);
248 : }
249 :
250 : /* process additional command line args */
251 :
252 18 : for (i = 0; i < argc; i++) {
253 :
254 12 : if (strnequal(argv[i], "loadfile", strlen("loadfile"))) {
255 6 : loadfile = get_string_param(argv[i]);
256 6 : if (loadfile == NULL) {
257 0 : return -1;
258 : }
259 : }
260 : #if 0
261 : if (strnequal(argv[i], "localos", strlen("localos"))) {
262 : options |= NETSETUP_PROVISION_ONLINE_CALLER;
263 : }
264 : #endif
265 : }
266 :
267 6 : provision_bin_data = (uint8_t *)file_load(loadfile,
268 : (size_t *)&provision_bin_data_size, 0, c);
269 6 : if (provision_bin_data == NULL) {
270 0 : d_printf("Failed to read loadfile: %s\n", loadfile);
271 0 : return -1;
272 : }
273 :
274 6 : status = NetRequestOfflineDomainJoin(provision_bin_data,
275 : provision_bin_data_size,
276 : options,
277 : windows_path);
278 6 : if (status != 0 && status != 0x00000a99) {
279 : /* NERR_JoinPerformedMustRestart */
280 0 : printf("Failed to call NetRequestOfflineDomainJoin: %s\n",
281 : libnetapi_get_error_string(c->netapi_ctx, status));
282 0 : return -1;
283 : }
284 :
285 6 : d_printf("Successfully requested Offline Domain Join\n");
286 :
287 6 : return 0;
288 : }
|