summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-07-17 11:04:47 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:38:10 -0500
commit9c160dd9a7c88afaac7570581062060271b6f757 (patch)
tree28c1b5c4d1846dff29c34bf7bac7c90060700515 /source3/utils
parent69543774036b709ed0e30f6dd7981ee3805f17e3 (diff)
downloadsamba-9c160dd9a7c88afaac7570581062060271b6f757.tar.gz
samba-9c160dd9a7c88afaac7570581062060271b6f757.tar.bz2
samba-9c160dd9a7c88afaac7570581062060271b6f757.zip
r17086: Re-add ability to contact remote domain controllers with the "net ads"
toolset. In 3.0.23 all those commands have been limited to the DC of our primary domain. Also distinguish calls that may go to remote DCs (search, info, lookup, etc.) from those that should only go to our primary domain (join, leave, etc.). Guenther (This used to be commit d573e64781667993478a289580fa65c34e847f64)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net.c4
-rw-r--r--source3/utils/net_ads.c99
2 files changed, 64 insertions, 39 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 8b4fb042fc..a43fae5c80 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -481,7 +481,7 @@ static int net_group(int argc, const char **argv)
static int net_join(int argc, const char **argv)
{
- if (net_ads_check() == 0) {
+ if (net_ads_check_our_domain() == 0) {
if (net_ads_join(argc, argv) == 0)
return 0;
else
@@ -492,7 +492,7 @@ static int net_join(int argc, const char **argv)
static int net_changetrustpw(int argc, const char **argv)
{
- if (net_ads_check() == 0)
+ if (net_ads_check_our_domain() == 0)
return net_ads_changetrustpw(argc, argv);
return net_rpc_changetrustpw(argc, argv);
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 99098dabdb..5e84f229aa 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -80,6 +80,17 @@ int net_ads_usage(int argc, const char **argv)
return -1;
}
+/* when we do not have sufficient input parameters to contact a remote domain
+ * we always fall back to our own realm - Guenther*/
+
+static const char *assume_own_realm(void)
+{
+ if (!opt_host && strequal(lp_workgroup(), opt_target_workgroup)) {
+ return lp_realm();
+ }
+
+ return NULL;
+}
/*
do a cldap netlogon query
@@ -161,10 +172,7 @@ static int net_ads_lookup(int argc, const char **argv)
{
ADS_STRUCT *ads;
ADS_STATUS status;
- const char *realm = NULL;
-
- if ( strequal(lp_workgroup(), opt_target_workgroup ) )
- realm = lp_realm();
+ const char *realm = assume_own_realm();
ads = ads_init(realm, opt_target_workgroup, opt_host);
if (ads) {
@@ -190,8 +198,9 @@ static int net_ads_lookup(int argc, const char **argv)
static int net_ads_info(int argc, const char **argv)
{
ADS_STRUCT *ads;
+ const char *realm = assume_own_realm();
- if ( (ads = ads_init(lp_realm(), opt_target_workgroup, opt_host)) != NULL ) {
+ if ( (ads = ads_init(realm, opt_target_workgroup, opt_host)) != NULL ) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
}
@@ -228,20 +237,25 @@ static void use_in_memory_ccache(void) {
setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
}
-static ADS_STRUCT *ads_startup(void)
+static ADS_STRUCT *ads_startup(BOOL only_own_domain)
{
ADS_STRUCT *ads;
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
char *cp;
+ const char *realm = NULL;
/* lp_realm() should be handled by a command line param,
However, the join requires that realm be set in smb.conf
and compares our realm with the remote server's so this is
ok until someone needs more flexibility */
-
- ads = ads_init(lp_realm(), opt_target_workgroup, opt_host);
+
+ if (only_own_domain) {
+ realm = lp_realm();
+ }
+
+ ads = ads_init(realm, opt_target_workgroup, opt_host);
if (!opt_user_name) {
opt_user_name = "administrator";
@@ -299,12 +313,12 @@ retry:
ads_startup() stores the password in opt_password if it needs to so
that rpc or rap can use it without re-prompting.
*/
-int net_ads_check(void)
+static int net_ads_check_int(const char *realm, const char *workgroup, const char *host)
{
ADS_STRUCT *ads;
ADS_STATUS status;
- if ( (ads = ads_init( lp_realm(), lp_workgroup(), NULL )) == NULL ) {
+ if ( (ads = ads_init( realm, workgroup, host )) == NULL ) {
return -1;
}
@@ -319,6 +333,15 @@ int net_ads_check(void)
return 0;
}
+int net_ads_check_our_domain(void)
+{
+ return net_ads_check_int(lp_realm(), lp_workgroup(), NULL);
+}
+
+int net_ads_check(void)
+{
+ return net_ads_check_int(NULL, opt_workgroup, opt_host);
+}
/*
determine the netbios workgroup name for a domain
*/
@@ -326,12 +349,9 @@ static int net_ads_workgroup(int argc, const char **argv)
{
ADS_STRUCT *ads;
ADS_STATUS status;
- const char *realm = NULL;
+ const char *realm = assume_own_realm();
struct cldap_netlogon_reply reply;
- if ( strequal(lp_workgroup(), opt_target_workgroup ) )
- realm = lp_realm();
-
ads = ads_init(realm, opt_target_workgroup, opt_host);
if (ads) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
@@ -405,7 +425,7 @@ static int ads_user_add(int argc, const char **argv)
if (argc < 1) return net_ads_user_usage(argc, argv);
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -490,7 +510,7 @@ static int ads_user_info(int argc, const char **argv)
return -1;
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
SAFE_FREE(escaped_user);
return -1;
}
@@ -537,7 +557,7 @@ static int ads_user_delete(int argc, const char **argv)
return net_ads_user_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -577,7 +597,7 @@ int net_ads_user(int argc, const char **argv)
char *disp_fields[2] = {NULL, NULL};
if (argc == 0) {
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -614,7 +634,7 @@ static int ads_group_add(int argc, const char **argv)
return net_ads_group_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -663,7 +683,7 @@ static int ads_group_delete(int argc, const char **argv)
return net_ads_group_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -702,7 +722,7 @@ int net_ads_group(int argc, const char **argv)
char *disp_fields[2] = {NULL, NULL};
if (argc == 0) {
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -728,7 +748,7 @@ static int net_ads_status(int argc, const char **argv)
ADS_STATUS rc;
void *res;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -777,7 +797,7 @@ static int net_ads_leave(int argc, const char **argv)
/* The finds a DC and takes care of getting the
user creds if necessary */
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -827,7 +847,7 @@ static int net_ads_join_ok(void)
net_use_machine_password();
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1105,7 +1125,7 @@ int net_ads_join(int argc, const char **argv)
return -1;
}
- if ( (ads = ads_startup()) == NULL ) {
+ if ( (ads = ads_startup(True)) == NULL ) {
return -1;
}
@@ -1244,7 +1264,7 @@ static int net_ads_printer_search(int argc, const char **argv)
ADS_STATUS rc;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1277,7 +1297,7 @@ static int net_ads_printer_info(int argc, const char **argv)
const char *servername, *printername;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1336,7 +1356,7 @@ static int net_ads_printer_publish(int argc, const char **argv)
char *prt_dn, *srv_dn, **srv_cn;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1419,7 +1439,7 @@ static int net_ads_printer_remove(int argc, const char **argv)
char *prt_dn;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1515,7 +1535,7 @@ static int net_ads_password(int argc, const char **argv)
/* use the realm so we can eventually change passwords for users
in realms other than default */
- if (!(ads = ads_init(realm, opt_workgroup, NULL))) {
+ if (!(ads = ads_init(realm, opt_workgroup, opt_host))) {
return -1;
}
@@ -1566,7 +1586,7 @@ int net_ads_changetrustpw(int argc, const char **argv)
use_in_memory_ccache();
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1631,7 +1651,7 @@ static int net_ads_search(int argc, const char **argv)
return net_ads_search_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1691,7 +1711,7 @@ static int net_ads_dn(int argc, const char **argv)
return net_ads_dn_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1751,7 +1771,7 @@ static int net_ads_sid(int argc, const char **argv)
return net_ads_sid_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1808,7 +1828,7 @@ static int net_ads_keytab_flush(int argc, const char **argv)
int ret;
ADS_STRUCT *ads;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
ret = ads_keytab_flush(ads);
@@ -1823,7 +1843,7 @@ static int net_ads_keytab_add(int argc, const char **argv)
ADS_STRUCT *ads;
d_printf("Processing principals to add...\n");
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
for (i = 0; i < argc; i++) {
@@ -1838,7 +1858,7 @@ static int net_ads_keytab_create(int argc, const char **argv)
ADS_STRUCT *ads;
int ret;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
ret = ads_keytab_create_default(ads);
@@ -1961,6 +1981,11 @@ int net_ads_check(void)
return -1;
}
+int net_ads_check_our_domain(void)
+{
+ return -1;
+}
+
int net_ads(int argc, const char **argv)
{
return net_ads_usage(argc, argv);