diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/utils/net.c | 52 | ||||
| -rw-r--r-- | source3/utils/net_help.c | 7 |
2 files changed, 57 insertions, 2 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index c49c77dd50..90f71f5035 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -79,6 +79,30 @@ struct in_addr opt_dest_ip; extern BOOL AllowDebugChange; +/**************************************************************************************************/ +/* Utility function to prompt for password from stdin. Password entered must end with a newline. */ +/**************************************************************************************************/ +static char *stdin_new_passwd(void) +{ + static fstring new_pw; + size_t len; + + ZERO_ARRAY(new_pw); + + /* + * if no error is reported from fgets() and string at least contains + * the newline that ends the password, then replace the newline with + * a null terminator. + */ + if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { + if ((len = strlen(new_pw)) > 0) { + if(new_pw[len-1] == '\n') + new_pw[len - 1] = 0; + } + } + return(new_pw); +} + uint32 get_sec_channel_type(const char *param) { if (!(param && *param)) { @@ -355,6 +379,33 @@ static int net_changetrustpw(int argc, const char **argv) return net_rpc_changetrustpw(argc, argv); } +static int net_changesecretpw(int argc, const char **argv) +{ + char *trust_pw; + char trust_pw_hash[16]; + uint32 sec_channel_type = SEC_CHAN_WKSTA; + + + if(opt_force) { + trust_pw = getpass("Enter machine password: "); + + if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) { + d_printf("Unable to write the machine account password in the secrets database"); + return 1; + } + else { + d_printf("Modified trust account password in secrets database\n"); + } + } + else { + d_printf("Machine account password change requires the -f flag.\n"); + d_printf("Do NOT use this function unless you know what it does!\n"); + d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n"); + } + + return 0; +} + static int net_share(int argc, const char **argv) { if (net_rpc_check(0)) @@ -537,6 +588,7 @@ static struct functable net_func[] = { {"SERVICE", net_rap_service}, {"PASSWORD", net_rap_password}, {"CHANGETRUSTPW", net_changetrustpw}, + {"CHANGESECRETPW", net_changesecretpw}, {"TIME", net_time}, {"LOOKUP", net_lookup}, {"JOIN", net_join}, diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 1f3afb1690..272a06bc90 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -47,7 +47,7 @@ int net_common_flags_usage(int argc, const char **argv) d_printf("\t-U or --user=<name>\t\tuser name\n"); d_printf("\t-s or --configfile=<path>\t\tpathname of smb.conf file\n"); d_printf("\t-l or --long\t\t\tDisplay full information\n"); - d_printf("\t-V or --version\t\tPrint samba version information\n"); + d_printf("\t-V or --version\t\t\tPrint samba version information\n"); d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n"); return -1; } @@ -60,7 +60,8 @@ static int help_usage(int argc, const char **argv) "\n"\ "Valid functions are:\n"\ " RPC RAP ADS FILE SHARE SESSION SERVER DOMAIN PRINTQ USER GROUP VALIDATE\n"\ -" GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"); +" GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"\ +" CHANGESCRETPW\n"); return -1; } @@ -156,6 +157,8 @@ static int net_usage(int argc, const char **argv) " net cache\t\tto operate on cache tdb file\n"\ " net getlocalsid [NAME]\tto get the SID for local name\n"\ " net setlocalsid SID\tto set the local domain SID\n"\ + " net changesecretpw\tto change the machine password in the local secrets database only\n"\ + " \tthis requires the -f flag as a safety barrier\n"\ "\n"\ " net ads <command>\tto run ADS commands\n"\ " net rap <command>\tto run RAP (pre-RPC) commands\n"\ |