OK. Smbpasswd -j is DEAD.

This moves the rest of the functionality into the 'net rpc join' code.

Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.

I have also fixed up the smbpasswd -a -m bug in the process.

We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.

With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).

Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)

1 files changed, 40 insertions, 139 deletions

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 92136bea7a..e076687c4f 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -50,7 +50,6 @@ static void usage(void)
 	printf("extra options when run by root or in local mode:\n");
 	printf("  -L                   local mode (must be first option)\n");
 	printf("  -R ORDER             name resolve order\n");
-	printf("  -j DOMAIN            join domain name\n");
 	printf("  -a                   add user\n");
 	printf("  -x                   delete user\n");
 	printf("  -d                   disable user\n");
@@ -61,67 +60,6 @@ static void usage(void)
 	exit(1);
 }
 
-/*********************************************************
-Join a domain.
-**********************************************************/
-static int join_domain(char *domain, char *remote)
-{
-	pstring remote_machine;
-	fstring trust_passwd;
-	unsigned char orig_trust_passwd_hash[16];
-	BOOL ret;
-
-	pstrcpy(remote_machine, remote ? remote : "");
-	fstrcpy(trust_passwd, global_myname);
-	strlower(trust_passwd);
-	E_md4hash( (uchar *)trust_passwd, orig_trust_passwd_hash);
-
-	/* Ensure that we are not trying to join a
-	   domain if we are locally set up as a domain
-	   controller. */
-
-	if(strequal(remote, global_myname)) {
-		fprintf(stderr, "Cannot join domain %s as the domain controller name is our own. We cannot be a domain controller for a domain and also be a domain member.\n", domain);
-		return 1;
-	}
-
-	/*
-	 * Write the old machine account password.
-	 */
-	
-	if(!secrets_store_trust_account_password(domain,  orig_trust_passwd_hash)) {              
-		fprintf(stderr, "Unable to write the machine account password for \
-machine %s in domain %s.\n", global_myname, domain);
-		return 1;
-	}
-	
-	/*
-	 * If we are given a remote machine assume this is the PDC.
-	 */
-	
-	if(remote == NULL) {
-		pstrcpy(remote_machine, lp_passwordserver());
-	}
-
-	if(!*remote_machine) {
-		fprintf(stderr, "No password server list given in smb.conf - \
-unable to join domain.\n");
-		return 1;
-	}
-
-	ret = change_trust_account_password( domain, remote_machine);
-	
-	if(!ret) {
-		trust_password_delete(domain);
-		fprintf(stderr,"Unable to join domain %s.\n",domain);
-	} else {
-		printf("Joined domain %s.\n",domain);
-	}
-	
-	return (int)ret;
-}
-
-
 static void set_line_buffering(FILE *f)
 {
 	setvbuf(f, NULL, _IOLBF, 0);
@@ -241,11 +179,10 @@ static int process_root(int argc, char *argv[])
 {
 	struct passwd  *pwd;
 	int result = 0, ch;
-	BOOL joining_domain = False, got_pass = False, got_username = False;
+	BOOL got_pass = False, got_username = False;
 	int local_flags = LOCAL_SET_PASSWORD;
 	BOOL stdin_passwd_get = False;
 	fstring user_name, user_password;
-	char *new_domain = NULL;
 	char *new_passwd = NULL;
 	char *old_passwd = NULL;
 	char *remote_machine = NULL;
@@ -255,7 +192,7 @@ static int process_root(int argc, char *argv[])
 
 	user_name[0] = '\0';
 
-	while ((ch = getopt(argc, argv, "axdehmnj:r:sR:D:U:L")) != EOF) {
+	while ((ch = getopt(argc, argv, "axdehmnjr:sR:D:U:L")) != EOF) {
 		switch(ch) {
 		case 'L':
 			local_mode = True;
@@ -278,14 +215,9 @@ static int process_root(int argc, char *argv[])
 		case 'm':
 			local_flags |= LOCAL_TRUST_ACCOUNT;
 			break;
-		case 'n':
-			local_flags |= LOCAL_SET_NO_PASSWORD;
-			local_flags &= ~LOCAL_SET_PASSWORD;
-			break;
 		case 'j':
-			new_domain = optarg;
-			strupper(new_domain);
-			joining_domain = True;
+			d_printf("See 'net rpc join' for this functionality\n");
+			exit(1);
 			break;
 		case 'r':
 			remote_machine = optarg;
@@ -334,48 +266,16 @@ static int process_root(int argc, char *argv[])
 	 */	
 	if(((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) || 
 	   ((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && 
-		((remote_machine != NULL) || joining_domain))) {
+		(remote_machine != NULL))) {
 		usage();
 	}
 	
 	/* Only load interfaces if we are doing network operations. */
 
-	if (joining_domain || remote_machine) {
+	if (remote_machine) {
 		load_interfaces();
 	}
 
-	/* Join a domain */
-
-	if (joining_domain) {
-
-		if (argc != 0)
-			usage();
-
-		/* Are we joining by specifing an admin username and
-		   password? */
-
-		if (user_name[0]) {
-
-			/* Get administrator password if not specified */
-
-			if (!got_pass) {
-				char *pass = getpass("Password: ");
-
-				if (pass)
-					pstrcpy(user_password, pass);
-			}
-				
-			d_printf("use net rpc join to do this now.\n");
-			return 1;
-			
-		} else {
-
-			/* Or just with the server manager? */
-
-			return join_domain(new_domain, remote_machine);
-		}
-	}
-
 	/*
 	 * Deal with root - can add a user, but only locally.
 	 */
@@ -435,45 +335,46 @@ static int process_root(int argc, char *argv[])
 
 		slprintf(buf, sizeof(buf)-1, "%s$", user_name);
 		fstrcpy(user_name, buf);
-	}
-
-	if (remote_machine != NULL) {
-		old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
-	}
-	
-	if (!(local_flags & LOCAL_SET_PASSWORD)) {
-
-		/*
-		 * If we are trying to enable a user, first we need to find out
-		 * if they are using a modern version of the smbpasswd file that
-		 * disables a user by just writing a flag into the file. If so
-		 * then we can re-enable a user without prompting for a new
-		 * password. If not (ie. they have a no stored password in the
-		 * smbpasswd file) then we need to prompt for a new password.
-		 */
-
-		if(local_flags & LOCAL_ENABLE_USER) {
-			SAM_ACCOUNT *sampass = NULL;
-			BOOL ret;
+	} else {
+		
+		if (remote_machine != NULL) {
+			old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
+		}
+		
+		if (!(local_flags & LOCAL_SET_PASSWORD)) {
+			
+			/*
+			 * If we are trying to enable a user, first we need to find out
+			 * if they are using a modern version of the smbpasswd file that
+			 * disables a user by just writing a flag into the file. If so
+			 * then we can re-enable a user without prompting for a new
+			 * password. If not (ie. they have a no stored password in the
+			 * smbpasswd file) then we need to prompt for a new password.
+			 */
 			
-			pdb_init_sam(&sampass);
-			ret = pdb_getsampwnam(sampass, user_name);
-			if((sampass != False) && (pdb_get_lanman_passwd(sampass) == NULL)) {
-				local_flags |= LOCAL_SET_PASSWORD;
+			if(local_flags & LOCAL_ENABLE_USER) {
+				SAM_ACCOUNT *sampass = NULL;
+				BOOL ret;
+				
+				pdb_init_sam(&sampass);
+				ret = pdb_getsampwnam(sampass, user_name);
+				if((sampass != False) && (pdb_get_lanman_passwd(sampass) == NULL)) {
+					local_flags |= LOCAL_SET_PASSWORD;
+				}
+				pdb_free_sam(&sampass);
 			}
-			pdb_free_sam(&sampass);
 		}
-	}
-
-	if(local_flags & LOCAL_SET_PASSWORD) {
-		new_passwd = prompt_for_new_password(stdin_passwd_get);
 		
-		if(!new_passwd) {
-			fprintf(stderr, "Unable to get new password.\n");
-			exit(1);
+		if(local_flags & LOCAL_SET_PASSWORD) {
+			new_passwd = prompt_for_new_password(stdin_passwd_get);
+			
+			if(!new_passwd) {
+				fprintf(stderr, "Unable to get new password.\n");
+				exit(1);
+			}
 		}
 	}
-	
+
 	if (!password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags)) {
 		fprintf(stderr,"Failed to modify password entry for user %s\n", user_name);
 		result = 1;