diff options
| -rw-r--r-- | source3/utils/net.c | 4 | ||||
| -rw-r--r-- | source3/utils/net_ads.c | 99 |
2 files changed, 64 insertions, 39 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index 8b4fb042fc..a43fae5c80 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -481,7 +481,7 @@ static int net_group(int argc, const char **argv) static int net_join(int argc, const char **argv) { - if (net_ads_check() == 0) { + if (net_ads_check_our_domain() == 0) { if (net_ads_join(argc, argv) == 0) return 0; else @@ -492,7 +492,7 @@ static int net_join(int argc, const char **argv) static int net_changetrustpw(int argc, const char **argv) { - if (net_ads_check() == 0) + if (net_ads_check_our_domain() == 0) return net_ads_changetrustpw(argc, argv); return net_rpc_changetrustpw(argc, argv); diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 99098dabdb..5e84f229aa 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -80,6 +80,17 @@ int net_ads_usage(int argc, const char **argv) return -1; } +/* when we do not have sufficient input parameters to contact a remote domain + * we always fall back to our own realm - Guenther*/ + +static const char *assume_own_realm(void) +{ + if (!opt_host && strequal(lp_workgroup(), opt_target_workgroup)) { + return lp_realm(); + } + + return NULL; +} /* do a cldap netlogon query @@ -161,10 +172,7 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; - const char *realm = NULL; - - if ( strequal(lp_workgroup(), opt_target_workgroup ) ) - realm = lp_realm(); + const char *realm = assume_own_realm(); ads = ads_init(realm, opt_target_workgroup, opt_host); if (ads) { @@ -190,8 +198,9 @@ static int net_ads_lookup(int argc, const char **argv) static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; + const char *realm = assume_own_realm(); - if ( (ads = ads_init(lp_realm(), opt_target_workgroup, opt_host)) != NULL ) { + if ( (ads = ads_init(realm, opt_target_workgroup, opt_host)) != NULL ) { ads->auth.flags |= ADS_AUTH_NO_BIND; } @@ -228,20 +237,25 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -static ADS_STRUCT *ads_startup(void) +static ADS_STRUCT *ads_startup(BOOL only_own_domain) { ADS_STRUCT *ads; ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; char *cp; + const char *realm = NULL; /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf and compares our realm with the remote server's so this is ok until someone needs more flexibility */ - - ads = ads_init(lp_realm(), opt_target_workgroup, opt_host); + + if (only_own_domain) { + realm = lp_realm(); + } + + ads = ads_init(realm, opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; @@ -299,12 +313,12 @@ retry: ads_startup() stores the password in opt_password if it needs to so that rpc or rap can use it without re-prompting. */ -int net_ads_check(void) +static int net_ads_check_int(const char *realm, const char *workgroup, const char *host) { ADS_STRUCT *ads; ADS_STATUS status; - if ( (ads = ads_init( lp_realm(), lp_workgroup(), NULL )) == NULL ) { + if ( (ads = ads_init( realm, workgroup, host )) == NULL ) { return -1; } @@ -319,6 +333,15 @@ int net_ads_check(void) return 0; } +int net_ads_check_our_domain(void) +{ + return net_ads_check_int(lp_realm(), lp_workgroup(), NULL); +} + +int net_ads_check(void) +{ + return net_ads_check_int(NULL, opt_workgroup, opt_host); +} /* determine the netbios workgroup name for a domain */ @@ -326,12 +349,9 @@ static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; - const char *realm = NULL; + const char *realm = assume_own_realm(); struct cldap_netlogon_reply reply; - if ( strequal(lp_workgroup(), opt_target_workgroup ) ) - realm = lp_realm(); - ads = ads_init(realm, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; @@ -405,7 +425,7 @@ static int ads_user_add(int argc, const char **argv) if (argc < 1) return net_ads_user_usage(argc, argv); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -490,7 +510,7 @@ static int ads_user_info(int argc, const char **argv) return -1; } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { SAFE_FREE(escaped_user); return -1; } @@ -537,7 +557,7 @@ static int ads_user_delete(int argc, const char **argv) return net_ads_user_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -577,7 +597,7 @@ int net_ads_user(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -614,7 +634,7 @@ static int ads_group_add(int argc, const char **argv) return net_ads_group_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -663,7 +683,7 @@ static int ads_group_delete(int argc, const char **argv) return net_ads_group_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -702,7 +722,7 @@ int net_ads_group(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -728,7 +748,7 @@ static int net_ads_status(int argc, const char **argv) ADS_STATUS rc; void *res; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -777,7 +797,7 @@ static int net_ads_leave(int argc, const char **argv) /* The finds a DC and takes care of getting the user creds if necessary */ - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -827,7 +847,7 @@ static int net_ads_join_ok(void) net_use_machine_password(); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1105,7 +1125,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - if ( (ads = ads_startup()) == NULL ) { + if ( (ads = ads_startup(True)) == NULL ) { return -1; } @@ -1244,7 +1264,7 @@ static int net_ads_printer_search(int argc, const char **argv) ADS_STATUS rc; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1277,7 +1297,7 @@ static int net_ads_printer_info(int argc, const char **argv) const char *servername, *printername; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1336,7 +1356,7 @@ static int net_ads_printer_publish(int argc, const char **argv) char *prt_dn, *srv_dn, **srv_cn; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1419,7 +1439,7 @@ static int net_ads_printer_remove(int argc, const char **argv) char *prt_dn; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1515,7 +1535,7 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, opt_workgroup, NULL))) { + if (!(ads = ads_init(realm, opt_workgroup, opt_host))) { return -1; } @@ -1566,7 +1586,7 @@ int net_ads_changetrustpw(int argc, const char **argv) use_in_memory_ccache(); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1631,7 +1651,7 @@ static int net_ads_search(int argc, const char **argv) return net_ads_search_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1691,7 +1711,7 @@ static int net_ads_dn(int argc, const char **argv) return net_ads_dn_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1751,7 +1771,7 @@ static int net_ads_sid(int argc, const char **argv) return net_ads_sid_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1808,7 +1828,7 @@ static int net_ads_keytab_flush(int argc, const char **argv) int ret; ADS_STRUCT *ads; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } ret = ads_keytab_flush(ads); @@ -1823,7 +1843,7 @@ static int net_ads_keytab_add(int argc, const char **argv) ADS_STRUCT *ads; d_printf("Processing principals to add...\n"); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } for (i = 0; i < argc; i++) { @@ -1838,7 +1858,7 @@ static int net_ads_keytab_create(int argc, const char **argv) ADS_STRUCT *ads; int ret; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } ret = ads_keytab_create_default(ads); @@ -1961,6 +1981,11 @@ int net_ads_check(void) return -1; } +int net_ads_check_our_domain(void) +{ + return -1; +} + int net_ads(int argc, const char **argv) { return net_ads_usage(argc, argv); |