summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-02-08 11:42:28 +0000
committerAndrew Bartlett <abartlet@samba.org>2004-02-08 11:42:28 +0000
commitcfd8958091b84d90e4a823faadcc3fa05a67e4ac (patch)
treee82c42d195f2f3606e6fe079f95fd894795a940c
parentf97d6e76fb6e4030ca2a56598f9bb81cbd622f8d (diff)
downloadsamba-cfd8958091b84d90e4a823faadcc3fa05a67e4ac.tar.gz
samba-cfd8958091b84d90e4a823faadcc3fa05a67e4ac.tar.bz2
samba-cfd8958091b84d90e4a823faadcc3fa05a67e4ac.zip
(merge from 3.0)
I should have done this years ago... This adds the very simple 'admin set password' capability to 'net rpc', much as we have it for 'net ads'. Andrew Bartlett (This used to be commit 5243b89e33efd2ea8842a624d8abd6c5755afb64)
-rw-r--r--source3/passdb/pdb_ldap.c4
-rw-r--r--source3/utils/net_rpc.c131
2 files changed, 133 insertions, 2 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index dcb2040530..3db0702c92 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -911,7 +911,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
|| (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) {
if (need_update(sampass, PDB_LMPASSWD)) {
- uchar *lm_pw = pdb_get_lanman_passwd(sampass);
+ const uchar *lm_pw = pdb_get_lanman_passwd(sampass);
if (lm_pw) {
pdb_sethexpwd(temp, lm_pw,
pdb_get_acct_ctrl(sampass));
@@ -925,7 +925,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
}
}
if (need_update(sampass, PDB_NTPASSWD)) {
- uchar *nt_pw = pdb_get_nt_passwd(sampass);
+ const uchar *nt_pw = pdb_get_nt_passwd(sampass);
if (nt_pw) {
pdb_sethexpwd(temp, nt_pw,
pdb_get_acct_ctrl(sampass));
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 804faf3b9a..eef3adbcb8 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -678,6 +678,135 @@ static int rpc_user_delete(int argc, const char **argv)
}
/**
+ * Set a password for a user on a remote RPC server
+ *
+ * All parameters are provided by the run_rpc_command function, except for
+ * argc, argv which are passes through.
+ *
+ * @param domain_sid The domain sid acquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param argc Standard main() style argc
+ * @param argv Standard main() style argv. Initial components are already
+ * stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
+ struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ POLICY_HND connect_pol, domain_pol, user_pol;
+ SAM_USERINFO_CTR ctr;
+ SAM_USER_INFO_24 p24;
+ uchar pwbuf[516];
+ const char *user;
+ const char *new_password;
+ char *prompt = NULL;
+
+ if (argc < 1) {
+ d_printf("User must be specified\n");
+ rpc_user_usage(argc, argv);
+ return NT_STATUS_OK;
+ }
+
+ user = argv[0];
+
+ if (argv[1]) {
+ new_password = argv[1];
+ } else {
+ asprintf(&prompt, "Enter new password for %s:", user);
+ new_password = getpass(prompt);
+ SAFE_FREE(prompt);
+ }
+
+ /* Get sam policy and domain handles */
+
+ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ domain_sid, &domain_pol);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ /* Get handle on user */
+
+ {
+ uint32 *user_rids, num_rids, *name_types;
+ uint32 flags = 0x000003e8; /* Unknown */
+
+ result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+ flags, 1, &user,
+ &num_rids, &user_rids,
+ &name_types);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids[0], &user_pol);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+ }
+
+ /* Set password on account */
+
+ ZERO_STRUCT(ctr);
+ ZERO_STRUCT(p24);
+
+ encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
+
+ init_sam_user_info24(&p24, (char *)pwbuf,24);
+
+ ctr.switch_value = 24;
+ ctr.info.id24 = &p24;
+
+ result = cli_samr_set_userinfo(cli, mem_ctx, &user_pol, 24,
+ &cli->user_session_key, &ctr);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ /* Display results */
+
+ done:
+ return result;
+
+}
+
+/**
+ * Set a user's password on a remote RPC server
+ *
+ * @param argc Standard main() style argc
+ * @param argv Standard main() style argv. Initial components are already
+ * stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_user_password(int argc, const char **argv)
+{
+ return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_password_internals,
+ argc, argv);
+}
+
+/**
* List user's groups on a remote RPC server
*
* All parameters are provided by the run_rpc_command function, except for
@@ -870,6 +999,7 @@ int net_rpc_user(int argc, const char **argv)
{"add", rpc_user_add},
{"info", rpc_user_info},
{"delete", rpc_user_delete},
+ {"password", rpc_user_password},
{NULL, NULL}
};
@@ -2547,6 +2677,7 @@ int net_rpc(int argc, const char **argv)
{"oldjoin", net_rpc_oldjoin},
{"testjoin", net_rpc_testjoin},
{"user", net_rpc_user},
+ {"password", rpc_user_password},
{"group", net_rpc_group},
{"share", net_rpc_share},
{"file", net_rpc_file},