summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-08-19 22:47:10 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-08-19 22:47:10 +0000
commitf1be3a5c5defc2df94550b90b7dd2ed4ab0cb1f2 (patch)
treee79dfbfedf8fbdaed7873463939fbe28c2b07070 /source3/utils
parentec8b32df568260446b815619815e94a7e1b3fd4e (diff)
downloadsamba-f1be3a5c5defc2df94550b90b7dd2ed4ab0cb1f2.tar.gz
samba-f1be3a5c5defc2df94550b90b7dd2ed4ab0cb1f2.tar.bz2
samba-f1be3a5c5defc2df94550b90b7dd2ed4ab0cb1f2.zip
- Make 'net' use a single funciton for setting the 'use machine account' code.
- Make winbindd try to use kerberos for connections to DCs, so that it can access RA=2 servers, particularly for netlogon. - Make rpcclient follow the new flags for the NETLOGON pipe - Make all the code that uses schannel use the centralised functions for doing so. Andrew Bartlett (This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net.c38
-rw-r--r--source3/utils/net_ads.c39
2 files changed, 46 insertions, 31 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 8f6b09a3fa..c49c77dd50 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -181,6 +181,27 @@ NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
}
}
+/****************************************************************************
+ Use the local machine's password for this session
+****************************************************************************/
+int net_use_machine_password(void)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_printf("ERROR: Unable to open secrets database\n");
+ exit(1);
+ }
+
+ user_name = NULL;
+ opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
+ if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
+ return -1;
+ }
+ opt_user_name = user_name;
+ return 0;
+}
+
BOOL net_find_server(unsigned flags, struct in_addr *server_ip, char **server_name)
{
@@ -321,7 +342,7 @@ static int net_join(int argc, const char **argv)
if (net_ads_join(argc, argv) == 0)
return 0;
else
- d_printf("ADS join did not work, trying RPC...\n");
+ d_printf("ADS join did not work, falling back to RPC...\n");
}
return net_rpc_join(argc, argv);
}
@@ -649,23 +670,10 @@ static struct functable net_func[] = {
sec_init();
if (opt_machine_pass) {
- char *user = NULL;
/* it is very useful to be able to make ads queries as the
machine account for testing purposes and for domain leave */
- if (!secrets_init()) {
- d_printf("ERROR: Unable to open secrets database\n");
- exit(1);
- }
-
- opt_password = secrets_fetch_machine_password(opt_workgroup, NULL, NULL);
-
- asprintf(&user,"%s$", global_myname());
- opt_user_name = user;
- if (!opt_password) {
- d_printf("ERROR: Unable to fetch machine password\n");
- exit(1);
- }
+ net_use_machine_password();
}
if (!opt_password) {
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 631e235127..352431a938 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -579,10 +579,7 @@ static int net_ads_leave(int argc, const char **argv)
}
if (!opt_password) {
- char *user_name;
- asprintf(&user_name, "%s$", global_myname());
- opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
- opt_user_name = user_name;
+ net_use_machine_password();
}
if (!(ads = ads_startup())) {
@@ -603,7 +600,6 @@ static int net_ads_leave(int argc, const char **argv)
static int net_ads_join_ok(void)
{
- char *user_name;
ADS_STRUCT *ads = NULL;
if (!secrets_init()) {
@@ -611,9 +607,7 @@ static int net_ads_join_ok(void)
return -1;
}
- asprintf(&user_name, "%s$", global_myname());
- opt_user_name = user_name;
- opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
+ net_use_machine_password();
if (!(ads = ads_startup())) {
return -1;
@@ -648,6 +642,7 @@ int net_ads_join(int argc, const char **argv)
ADS_STRUCT *ads;
ADS_STATUS rc;
char *password;
+ char *machine_account = NULL;
char *tmp_password;
const char *org_unit = "Computers";
char *dn;
@@ -669,6 +664,16 @@ int net_ads_join(int argc, const char **argv)
if (!(ads = ads_startup())) return -1;
+ if (!*lp_realm()) {
+ d_printf("realm must be set in in smb.conf for ADS join to succeed.\n");
+ return -1;
+ }
+
+ if (strcmp(ads->config.realm, lp_realm()) != 0) {
+ d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm());
+ return -1;
+ }
+
ou_str = ads_ou_string(org_unit);
asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path);
free(ou_str);
@@ -696,11 +701,16 @@ int net_ads_join(int argc, const char **argv)
rc = ads_domain_sid(ads, &dom_sid);
if (!ADS_ERR_OK(rc)) {
- d_printf("ads_domain_sid: %s\n", ads_errstr(rc));
+ d_printf("ads_domain_sid: %s\n", ads_errstr(rc));
+ return -1;
+ }
+
+ if (asprintf(&machine_account, "%s$", global_myname()) == -1) {
+ d_printf("asprintf failed\n");
return -1;
}
- rc = ads_set_machine_password(ads, global_myname(), password);
+ rc = ads_set_machine_password(ads, machine_account, password);
if (!ADS_ERR_OK(rc)) {
d_printf("ads_set_machine_password: %s\n", ads_errstr(rc));
return -1;
@@ -718,7 +728,8 @@ int net_ads_join(int argc, const char **argv)
d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm);
- free(password);
+ SAFE_FREE(password);
+ SAFE_FREE(machine_account);
return 0;
}
@@ -1020,17 +1031,13 @@ int net_ads_changetrustpw(int argc, const char **argv)
char *host_principal;
char *hostname;
ADS_STATUS ret;
- char *user_name;
if (!secrets_init()) {
DEBUG(1,("Failed to initialise secrets database\n"));
return -1;
}
- asprintf(&user_name, "%s$", global_myname());
- opt_user_name = user_name;
-
- opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
+ net_use_machine_password();
use_in_memory_ccache();