summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/utils/net.c52
-rw-r--r--source3/utils/net_help.c7
2 files changed, 57 insertions, 2 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index c49c77dd50..90f71f5035 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -79,6 +79,30 @@ struct in_addr opt_dest_ip;
extern BOOL AllowDebugChange;
+/**************************************************************************************************/
+/* Utility function to prompt for password from stdin. Password entered must end with a newline. */
+/**************************************************************************************************/
+static char *stdin_new_passwd(void)
+{
+ static fstring new_pw;
+ size_t len;
+
+ ZERO_ARRAY(new_pw);
+
+ /*
+ * if no error is reported from fgets() and string at least contains
+ * the newline that ends the password, then replace the newline with
+ * a null terminator.
+ */
+ if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) {
+ if ((len = strlen(new_pw)) > 0) {
+ if(new_pw[len-1] == '\n')
+ new_pw[len - 1] = 0;
+ }
+ }
+ return(new_pw);
+}
+
uint32 get_sec_channel_type(const char *param)
{
if (!(param && *param)) {
@@ -355,6 +379,33 @@ static int net_changetrustpw(int argc, const char **argv)
return net_rpc_changetrustpw(argc, argv);
}
+static int net_changesecretpw(int argc, const char **argv)
+{
+ char *trust_pw;
+ char trust_pw_hash[16];
+ uint32 sec_channel_type = SEC_CHAN_WKSTA;
+
+
+ if(opt_force) {
+ trust_pw = getpass("Enter machine password: ");
+
+ if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
+ d_printf("Unable to write the machine account password in the secrets database");
+ return 1;
+ }
+ else {
+ d_printf("Modified trust account password in secrets database\n");
+ }
+ }
+ else {
+ d_printf("Machine account password change requires the -f flag.\n");
+ d_printf("Do NOT use this function unless you know what it does!\n");
+ d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
+ }
+
+ return 0;
+}
+
static int net_share(int argc, const char **argv)
{
if (net_rpc_check(0))
@@ -537,6 +588,7 @@ static struct functable net_func[] = {
{"SERVICE", net_rap_service},
{"PASSWORD", net_rap_password},
{"CHANGETRUSTPW", net_changetrustpw},
+ {"CHANGESECRETPW", net_changesecretpw},
{"TIME", net_time},
{"LOOKUP", net_lookup},
{"JOIN", net_join},
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 1f3afb1690..272a06bc90 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -47,7 +47,7 @@ int net_common_flags_usage(int argc, const char **argv)
d_printf("\t-U or --user=<name>\t\tuser name\n");
d_printf("\t-s or --configfile=<path>\t\tpathname of smb.conf file\n");
d_printf("\t-l or --long\t\t\tDisplay full information\n");
- d_printf("\t-V or --version\t\tPrint samba version information\n");
+ d_printf("\t-V or --version\t\t\tPrint samba version information\n");
d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n");
return -1;
}
@@ -60,7 +60,8 @@ static int help_usage(int argc, const char **argv)
"\n"\
"Valid functions are:\n"\
" RPC RAP ADS FILE SHARE SESSION SERVER DOMAIN PRINTQ USER GROUP VALIDATE\n"\
-" GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n");
+" GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"\
+" CHANGESCRETPW\n");
return -1;
}
@@ -156,6 +157,8 @@ static int net_usage(int argc, const char **argv)
" net cache\t\tto operate on cache tdb file\n"\
" net getlocalsid [NAME]\tto get the SID for local name\n"\
" net setlocalsid SID\tto set the local domain SID\n"\
+ " net changesecretpw\tto change the machine password in the local secrets database only\n"\
+ " \tthis requires the -f flag as a safety barrier\n"\
"\n"\
" net ads <command>\tto run ADS commands\n"\
" net rap <command>\tto run RAP (pre-RPC) commands\n"\