diff options
-rw-r--r-- | source4/scripting/python/samba/netcmd/__init__.py | 2 | ||||
-rw-r--r-- | source4/scripting/python/samba/netcmd/join.py | 59 | ||||
-rw-r--r-- | source4/scripting/python/samba/netcmd/machinepw.py | 53 | ||||
-rw-r--r-- | source4/scripting/python/samba/netcmd/vampire.py | 63 | ||||
-rw-r--r-- | source4/utils/net/net.c | 1 | ||||
-rw-r--r-- | source4/utils/net/net_machinepw.c | 91 | ||||
-rw-r--r-- | source4/utils/net/wscript_build | 2 |
7 files changed, 115 insertions, 156 deletions
diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py index 8164bbbe81..528262ec9e 100644 --- a/source4/scripting/python/samba/netcmd/__init__.py +++ b/source4/scripting/python/samba/netcmd/__init__.py @@ -155,3 +155,5 @@ from samba.netcmd.user import cmd_user commands["user"] = cmd_user() from samba.netcmd.vampire import cmd_vampire commands["vampire"] = cmd_vampire() +from samba.netcmd.machinepw import cmd_machinepw +commands["machinepw"] = cmd_machinepw() diff --git a/source4/scripting/python/samba/netcmd/join.py b/source4/scripting/python/samba/netcmd/join.py new file mode 100644 index 0000000000..981161d8ba --- /dev/null +++ b/source4/scripting/python/samba/netcmd/join.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# +# joins +# +# Copyright Jelmer Vernooij 2010 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import samba.getopt as options + +from samba.net import Net, LIBNET_JOIN_AUTOMATIC +from samba.netcmd import Command, CommandError +from samba.dcerpc.netr import SEC_CHAN_WKSTA, SEC_CHAN_BDC + + +class cmd_join(Command): + """Joins domain as either member or backup domain controller.""" + + synopsis = "%prog join <domain> [BDC | MEMBER] [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_args = ["domain", "role?"] + + def run(self, domain, role=None, sambaopts=None, credopts=None, + versionopts=None): + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp) + net = Net(creds, lp) + + if role is None: + secure_channel_type = SEC_CHAN_WKSTA + elif role == "BDC": + secure_channel_type = SEC_CHAN_BDC + elif role == "MEMBER": + secure_channel_type = SEC_CHAN_WKSTA + else: + raise CommandError("Invalid role %s (possible values: MEMBER, BDC)" % role) + + (join_password, sid, domain_name) = net.join(domain, + lp.get("netbios name"), SEC_CHAN_WKSTA, LIBNET_JOIN_AUTOMATIC) + + self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid)) diff --git a/source4/scripting/python/samba/netcmd/machinepw.py b/source4/scripting/python/samba/netcmd/machinepw.py new file mode 100644 index 0000000000..8788e06a60 --- /dev/null +++ b/source4/scripting/python/samba/netcmd/machinepw.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# +# Machine passwords +# Copyright Jelmer Vernooij 2010 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import samba.getopt as options + +from samba import Ldb +from samba.auth import system_session +from samba.netcmd import Command, CommandError + + +class cmd_machinepw(Command): + """Get a machine password out of our SAM.""" + + synopsis = "%prog machinepw <accountname>" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_args = ["secret"] + + def run(self, secret, sambaopts=None, credopts=None, versionopts=None): + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp) + url = lp.get("secrets database") + secretsdb = Ldb(url=url, session_info=system_session(), + credentials=creds, lp=lp) + + result = secretsdb.search(attrs=["secret"], + expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret) + + if len(result) != 1: + raise CommandError("search returned %d records, expected 1" % len(result)) + + self.outf.write("%s\n" % result[0]["secret"]) diff --git a/source4/scripting/python/samba/netcmd/vampire.py b/source4/scripting/python/samba/netcmd/vampire.py index f5598cff62..fcf969490a 100644 --- a/source4/scripting/python/samba/netcmd/vampire.py +++ b/source4/scripting/python/samba/netcmd/vampire.py @@ -50,66 +50,3 @@ class cmd_vampire(Command): net = Net(creds, lp) (domain_name, domain_sid) = net.vampire(domain=domain, target_dir=target_dir) self.outf.write("Vampired domain %s (%s)\n" % (domain_name, domain_sid)) - - -class cmd_samdump_keytab(Command): - """Dumps kerberos keys of a domain into a keytab.""" - - synopsis = "%prog samdump keytab [options] <keytab>" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_args = ["keytab"] - - def run(self, keytab, credopts=None, sambaopts=None, versionopts=None): - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - net = Net(creds, lp) - net.samdump_keytab(keytab) - - -class cmd_samsync_ldb(Command): - """Synchronise into the local ldb the SAM of a domain.""" - - synopsis = "%prog samsync" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - def run(self, credopts=None, sambaopts=None, versionopts=None): - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - net = Net(creds, lp) - net.samdump() - - -class cmd_samsync(SuperCommand): - - commands = { - "ldb": cmd_samsync_ldb() - } - - -class cmd_samdump(Command): - """Dump the sam database.""" - - synopsis = "%prog samdump" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - def run(self, credopts=None, sambaopts=None, versionopts=None): - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - net = Net(creds, lp) - net.samdump() diff --git a/source4/utils/net/net.c b/source4/utils/net/net.c index 398a4709ae..56f7c77736 100644 --- a/source4/utils/net/net.c +++ b/source4/utils/net/net.c @@ -200,7 +200,6 @@ static const struct net_functable net_functable[] = { {"join", "join a domain\n", net_join, net_join_usage}, {"samdump", "dump the sam of a domain\n", net_samdump, net_samdump_usage}, {"samsync", "synchronise into the local ldb the sam of an NT4 domain\n", net_samsync_ldb, net_samsync_ldb_usage}, - {"machinepw", "Get a machine password out of our SAM\n", net_machinepw, net_machinepw_usage}, {"drs", "Implements functionality offered by repadmin.exe utility in Windows\n", net_drs, net_drs_usage}, {NULL, NULL, NULL, NULL} }; diff --git a/source4/utils/net/net_machinepw.c b/source4/utils/net/net_machinepw.c deleted file mode 100644 index 390eb8df0b..0000000000 --- a/source4/utils/net/net_machinepw.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - Samba Unix/Linux SMB client library - Distributed SMB/CIFS Server Management Utility - - Copyright (C) 2008 Volker Lendecke - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "lib/events/events.h" -#include "utils/net/net.h" -#include "libnet/libnet.h" -#include "libcli/security/security.h" -#include "param/secrets.h" -#include "param/param.h" -#include "lib/util/util_ldb.h" - -int net_machinepw_usage(struct net_context *ctx, int argc, const char **argv) -{ - d_printf("net machinepw <accountname>\n"); - return -1; -} - -int net_machinepw(struct net_context *ctx, int argc, const char **argv) -{ - struct ldb_context *secrets; - TALLOC_CTX *mem_ctx; - struct tevent_context *ev; - struct ldb_message **msgs; - int num_records; - const char *attrs[] = { "secret", NULL }; - const char *secret; - - if (argc != 1) { - net_machinepw_usage(ctx, argc, argv); - return -1; - } - - mem_ctx = talloc_new(ctx); - if (mem_ctx == NULL) { - d_fprintf(stderr, "talloc_new failed\n"); - return -1; - } - - ev = event_context_init(mem_ctx); - if (ev == NULL) { - d_fprintf(stderr, "event_context_init failed\n"); - goto fail; - } - - secrets = secrets_db_connect(mem_ctx, ev, ctx->lp_ctx); - if (secrets == NULL) { - d_fprintf(stderr, "secrets_db_connect failed\n"); - goto fail; - } - - num_records = gendb_search(secrets, mem_ctx, NULL, &msgs, attrs, - "(&(objectclass=primaryDomain)" - "(samaccountname=%s))", argv[0]); - if (num_records != 1) { - d_fprintf(stderr, "gendb_search returned %d records, " - "expected 1\n", num_records); - goto fail; - } - - secret = ldb_msg_find_attr_as_string(msgs[0], "secret", NULL); - if (secret == NULL) { - d_fprintf(stderr, "machine account contains no secret\n"); - goto fail; - } - - printf("%s\n", secret); - talloc_free(mem_ctx); - return 0; - - fail: - talloc_free(mem_ctx); - return -1; -} diff --git a/source4/utils/net/wscript_build b/source4/utils/net/wscript_build index a7cdb10c2c..af1a0c931c 100644 --- a/source4/utils/net/wscript_build +++ b/source4/utils/net/wscript_build @@ -10,7 +10,7 @@ bld.SAMBA_MODULE('net_drs', bld.SAMBA_BINARY('net', - source='net.c net_machinepw.c net_password.c net_join.c net_vampire.c', + source='net.c net_password.c net_join.c net_vampire.c', autoproto='net_proto.h', installdir='BINDIR', deps='LIBSAMBA-HOSTCONFIG LIBSAMBA-UTIL LIBSAMBA-NET popt POPT_SAMBA POPT_CREDENTIALS net_drs', |