From 9255dc9a14fabe4906c8a53ae570b1f07bd29de1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 25 Nov 2001 00:18:11 +0000 Subject: made a "net ads" command, currently with "net ads join" and "net ads leave" (This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826) --- source3/utils/net_ads.c | 187 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 source3/utils/net_ads.c (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c new file mode 100644 index 0000000000..038608503b --- /dev/null +++ b/source3/utils/net_ads.c @@ -0,0 +1,187 @@ +/* + Samba Unix/Linux SMB client library + Version 3.0 + net ads commands + Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#ifdef HAVE_ADS + +/* a lame random number generator - used /dev/urandom if possible */ +static unsigned one_random(void) +{ + int fd = -1; + static int initialised; + unsigned ret; + + if (!initialised) { + initialised = 1; + fd = open("/dev/urandom", O_RDONLY); + srandom(time(NULL) ^ getpid()); + } + + if (fd == -1) { + return random(); + } + + read(fd, &ret, sizeof(ret)); + return ret; +} + +/* + * Generate a simple random password of 15 chars - not a cryptographic one + */ +static char *generate_random_password(int len) +{ + int i; + char *pass; + + if (!(pass = malloc(len+1))) + return NULL; + + for (i=0; irealm); + return -1; + } + + d_printf("Removed '%s' from realm '%s'\n", hostname, ads->realm); + + return 0; +} + +static int net_ads_join(int argc, const char **argv) +{ + char *hostname; + ADS_STRUCT *ads; + int rc; + char *password; + extern pstring global_myname; + NTSTATUS status; + + hostname = strdup(global_myname); + strlower(hostname); + + if (!secrets_init()) { + DEBUG(1,("Failed to initialise secrets database\n")); + return -1; + } + + password = generate_random_password(15); + + ads = ads_init(NULL, NULL, NULL); + + rc = ads_connect(ads); + if (rc) { + d_printf("ads_connect: %s\n", ads_errstr(rc)); + return -1; + } + + rc = ads_join_realm(ads, hostname); + if (rc) { + d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + return -1; + } + + status = ads_set_machine_password(ads, hostname, password); + if (!NT_STATUS_IS_OK(status)) { + d_printf("ads_set_machine_password: %s\n", get_nt_error_msg(status)); + return -1; + } + + if (!secrets_store_machine_password(password)) { + DEBUG(1,("Failed to save machine password\n")); + return -1; + } + + d_printf("Joined '%s' to realm '%s'\n", hostname, ads->realm); + + return 0; +} + +int net_ads(int argc, const char **argv) +{ + struct functable func[] = { + {"JOIN", net_ads_join}, + {"LEAVE", net_ads_leave}, + {NULL, NULL} + }; + + return net_run_function(argc, argv, func, net_ads_usage); +} + +#else + +int net_ads_usage(void) +{ + d_printf("ADS support not compiled in\n"); + return -1; +} + +int net_ads(int argc, const char **argv) +{ + return net_ads_usage(); +} + +#endif -- cgit From 3906f9dff6f83e0075ae3d08709a35a629e97fa7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 25 Nov 2001 01:06:56 +0000 Subject: added "net ads status" command (This used to be commit ae0eabd04c97320c2cf3c4575263c53cf61d03ea) --- source3/utils/net_ads.c | 53 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 14 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 038608503b..d7b508bf89 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -76,15 +76,43 @@ int net_ads_usage(void) return -1; } -static int net_ads_leave(int argc, const char **argv) + +static int net_ads_status(int argc, const char **argv) { - char *hostname; ADS_STRUCT *ads; int rc; extern pstring global_myname; + void *res; + + ads = ads_init(NULL, NULL, NULL); + + rc = ads_connect(ads); + if (rc) { + d_printf("ads_connect: %s\n", ads_errstr(rc)); + return -1; + } - hostname = strdup(global_myname); - strlower(hostname); + rc = ads_find_machine_acct(ads, &res, global_myname); + if (rc) { + d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); + return -1; + } + + if (ads_count_replies(ads, res) == 0) { + d_printf("No machine account for '%s' found\n", global_myname); + return -1; + } + + ads_dump(ads, res); + + return 0; +} + +static int net_ads_leave(int argc, const char **argv) +{ + ADS_STRUCT *ads; + int rc; + extern pstring global_myname; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -99,30 +127,26 @@ static int net_ads_leave(int argc, const char **argv) return -1; } - rc = ads_leave_realm(ads, hostname); + rc = ads_leave_realm(ads, global_myname); if (rc) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", - hostname, ads->realm); + global_myname, ads->realm); return -1; } - d_printf("Removed '%s' from realm '%s'\n", hostname, ads->realm); + d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->realm); return 0; } static int net_ads_join(int argc, const char **argv) { - char *hostname; ADS_STRUCT *ads; int rc; char *password; extern pstring global_myname; NTSTATUS status; - hostname = strdup(global_myname); - strlower(hostname); - if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; @@ -138,13 +162,13 @@ static int net_ads_join(int argc, const char **argv) return -1; } - rc = ads_join_realm(ads, hostname); + rc = ads_join_realm(ads, global_myname); if (rc) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; } - status = ads_set_machine_password(ads, hostname, password); + status = ads_set_machine_password(ads, global_myname, password); if (!NT_STATUS_IS_OK(status)) { d_printf("ads_set_machine_password: %s\n", get_nt_error_msg(status)); return -1; @@ -155,7 +179,7 @@ static int net_ads_join(int argc, const char **argv) return -1; } - d_printf("Joined '%s' to realm '%s'\n", hostname, ads->realm); + d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->realm); return 0; } @@ -165,6 +189,7 @@ int net_ads(int argc, const char **argv) struct functable func[] = { {"JOIN", net_ads_join}, {"LEAVE", net_ads_leave}, + {"STATUS", net_ads_status}, {NULL, NULL} }; -- cgit From cb697dd72a51daa14f174fae4fede2b86e7a7fd2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 25 Nov 2001 01:31:07 +0000 Subject: added "net ads user" and "net ads group" commands (This used to be commit f482583139eedb75a23c7a720dca4e8fb7070fd5) --- source3/utils/net_ads.c | 85 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 66 insertions(+), 19 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d7b508bf89..87db4ada34 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -76,22 +76,79 @@ int net_ads_usage(void) return -1; } + -static int net_ads_status(int argc, const char **argv) +static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; int rc; - extern pstring global_myname; - void *res; - ads = ads_init(NULL, NULL, NULL); rc = ads_connect(ads); if (rc) { d_printf("ads_connect: %s\n", ads_errstr(rc)); + return NULL; + } + return ads; +} + + + +static int net_ads_user(int argc, const char **argv) +{ + ADS_STRUCT *ads; + int rc; + void *res; + const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; + + if (!(ads = ads_startup())) return -1; + rc = ads_search(ads, &res, "(objectclass=user)", attrs); + if (rc) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + + if (ads_count_replies(ads, res) == 0) { + d_printf("No users found\n"); + return -1; + } + + ads_dump(ads, res); + return 0; +} + +static int net_ads_group(int argc, const char **argv) +{ + ADS_STRUCT *ads; + int rc; + void *res; + const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; + + if (!(ads = ads_startup())) return -1; + rc = ads_search(ads, &res, "(objectclass=group)", attrs); + if (rc) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + + if (ads_count_replies(ads, res) == 0) { + d_printf("No groups found\n"); return -1; } + ads_dump(ads, res); + return 0; +} + +static int net_ads_status(int argc, const char **argv) +{ + ADS_STRUCT *ads; + int rc; + extern pstring global_myname; + void *res; + + if (!(ads = ads_startup())) return -1; + rc = ads_find_machine_acct(ads, &res, global_myname); if (rc) { d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); @@ -114,19 +171,13 @@ static int net_ads_leave(int argc, const char **argv) int rc; extern pstring global_myname; + if (!(ads = ads_startup())) return -1; + if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - ads = ads_init(NULL, NULL, NULL); - - rc = ads_connect(ads); - if (rc) { - d_printf("ads_connect: %s\n", ads_errstr(rc)); - return -1; - } - rc = ads_leave_realm(ads, global_myname); if (rc) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", @@ -154,13 +205,7 @@ static int net_ads_join(int argc, const char **argv) password = generate_random_password(15); - ads = ads_init(NULL, NULL, NULL); - - rc = ads_connect(ads); - if (rc) { - d_printf("ads_connect: %s\n", ads_errstr(rc)); - return -1; - } + if (!(ads = ads_startup())) return -1; rc = ads_join_realm(ads, global_myname); if (rc) { @@ -190,6 +235,8 @@ int net_ads(int argc, const char **argv) {"JOIN", net_ads_join}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, + {"USER", net_ads_user}, + {"GROUP", net_ads_group}, {NULL, NULL} }; -- cgit From a83e7725c4dd1880b14c5018ef321804fc17fdee Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 25 Nov 2001 01:36:02 +0000 Subject: use generate_random_str() (This used to be commit 720c50a7514febdd7cfd6ce40b7b5a0c5cc0abf8) --- source3/utils/net_ads.c | 51 ++++--------------------------------------------- 1 file changed, 4 insertions(+), 47 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 87db4ada34..d9b99c77dc 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,48 +23,6 @@ #ifdef HAVE_ADS -/* a lame random number generator - used /dev/urandom if possible */ -static unsigned one_random(void) -{ - int fd = -1; - static int initialised; - unsigned ret; - - if (!initialised) { - initialised = 1; - fd = open("/dev/urandom", O_RDONLY); - srandom(time(NULL) ^ getpid()); - } - - if (fd == -1) { - return random(); - } - - read(fd, &ret, sizeof(ret)); - return ret; -} - -/* - * Generate a simple random password of 15 chars - not a cryptographic one - */ -static char *generate_random_password(int len) -{ - int i; - char *pass; - - if (!(pass = malloc(len+1))) - return NULL; - - for (i=0; irealm); + free(password); + return 0; } -- cgit From 354cdfa8f87f7795e16461c86b122fa57ca912da Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 25 Nov 2001 01:42:29 +0000 Subject: better help (This used to be commit b390d6eef95ee6094eb193006bc2f23c40291026) --- source3/utils/net_ads.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d9b99c77dc..72f70532b7 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -29,7 +29,13 @@ int net_ads_usage(void) "\nnet ads join"\ "\n\tjoins the local machine to a ADS realm\n"\ "\nnet ads leave"\ -"\n\tremoves the local machine from a ADS realm\n" +"\n\tremoves the local machine from a ADS realm\n"\ +"\nnet ads user"\ +"\n\tlist users in the realm\n"\ +"\nnet ads group"\ +"\n\tlist groups in the realm\n"\ +"\nnet ads status"\ +"\n\tdump the machine account details to stdout\n" ); return -1; } -- cgit From 222311817f2e3c1e415ca3a489ff13acb0bbccf3 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 26 Nov 2001 04:53:08 +0000 Subject: More compiler warnings fixed. Some minor reformatting. (This used to be commit 8227f6909cca67fcc1a8455f4b386df7778ef2e7) --- source3/utils/net_ads.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 72f70532b7..345fc5c3db 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,7 +23,7 @@ #ifdef HAVE_ADS -int net_ads_usage(void) +int net_ads_usage(int argc, const char **argv) { d_printf( "\nnet ads join"\ @@ -208,7 +208,7 @@ int net_ads(int argc, const char **argv) #else -int net_ads_usage(void) +int net_ads_usage(int argc, const char **argv) { d_printf("ADS support not compiled in\n"); return -1; @@ -216,7 +216,7 @@ int net_ads_usage(void) int net_ads(int argc, const char **argv) { - return net_ads_usage(); + return net_ads_usage(argc, argv); } #endif -- cgit From fe64484824d8169bf66822ebf7f6a9180a238e6e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 Nov 2001 06:21:56 +0000 Subject: Make better use of the ads_init() function to get the kerberos relam etc. This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2) --- source3/utils/net_ads.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 345fc5c3db..1bfd5c637a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -74,6 +74,7 @@ static int net_ads_user(int argc, const char **argv) } ads_dump(ads, res); + ads_destroy(&ads); return 0; } -- cgit From f018400b69701e710f3c78924ad4821f7fea2ef9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Dec 2001 01:58:33 +0000 Subject: Follow herb's suggestion and don't strdup a string to itself. (This used to be commit ea76a687fc2614912fd6b0458622495f9920749e) --- source3/utils/net_ads.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 1bfd5c637a..a1ea063b20 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -156,6 +156,7 @@ static int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads; int rc; char *password; + char *tmp_password; extern pstring global_myname; NTSTATUS status; @@ -163,9 +164,10 @@ static int net_ads_join(int argc, const char **argv) DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - - password = generate_random_str(15); - password = strdup(password); + + + tmp_password = generate_random_str(15); + password = strdup(tmp_password); if (!(ads = ads_startup())) return -1; -- cgit From 9421ad4a7a900b219f87754bc20fa14f2f22fd35 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Dec 2001 09:46:53 +0000 Subject: added a REALLY gross hack into kerberos_kinit_password so that winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a1ea063b20..c956d9bb65 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -44,7 +44,7 @@ static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; int rc; - ads = ads_init(NULL, NULL, NULL); + ads = ads_init(NULL, NULL, NULL, NULL); rc = ads_connect(ads); if (rc) { -- cgit From 8ba00d147bbdb705b411e182433632c81a036188 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Dec 2001 11:00:26 +0000 Subject: OK. Smbpasswd -j is DEAD. This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c956d9bb65..cecfb6a4d0 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -166,7 +166,7 @@ static int net_ads_join(int argc, const char **argv) } - tmp_password = generate_random_str(15); + tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); if (!(ads = ads_startup())) return -1; -- cgit From 5d378a280f74405fccbadbfb28e1066613c76fd8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 8 Dec 2001 11:18:56 +0000 Subject: added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b) --- source3/utils/net_ads.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index cecfb6a4d0..4f44930038 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -44,8 +44,24 @@ static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; int rc; + extern char *opt_password; + extern char *opt_user_name; + ads = ads_init(NULL, NULL, NULL, NULL); + if (!opt_user_name) { + opt_user_name = "administrator"; + } + + if (!opt_password) { + char *prompt; + asprintf(&prompt,"%s password: ", opt_user_name); + opt_password = getpass(prompt); + free(prompt); + } + ads->password = strdup(opt_password); + ads->user_name = strdup(opt_user_name); + rc = ads_connect(ads); if (rc) { d_printf("ads_connect: %s\n", ads_errstr(rc)); -- cgit From 1fb2f3649d48dceff183ada68c0fac1de108d4cc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 13 Dec 2001 13:19:20 +0000 Subject: added "net ads info" to fetch basic ADS info without any auth (This used to be commit b107ecef7097e4b3b870f51fa6628b870703b4de) --- source3/utils/net_ads.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 4f44930038..c67fbda2c8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -34,12 +34,37 @@ int net_ads_usage(int argc, const char **argv) "\n\tlist users in the realm\n"\ "\nnet ads group"\ "\n\tlist groups in the realm\n"\ +"\nnet ads info"\ +"\n\tshows some info on the server\n"\ "\nnet ads status"\ "\n\tdump the machine account details to stdout\n" ); return -1; } + +static int net_ads_info(int argc, const char **argv) +{ + ADS_STRUCT *ads; + + ads = ads_init(NULL, NULL, NULL, NULL); + ads_connect(ads); + + if (!ads) { + d_printf("Didn't find the ldap server!\n"); + return -1; + } + + d_printf("LDAP server: %s\n", ads->ldap_server); + d_printf("LDAP server name: %s\n", ads->ldap_server_name); + d_printf("Realm: %s\n", ads->realm); + d_printf("Bind Path: %s\n", ads->bind_path); + d_printf("LDAP port: %d\n", ads->ldap_port); + + return 0; +} + + static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; @@ -214,6 +239,7 @@ static int net_ads_join(int argc, const char **argv) int net_ads(int argc, const char **argv) { struct functable func[] = { + {"INFO", net_ads_info}, {"JOIN", net_ads_join}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, -- cgit From 48c45486e3e67b96c7ea4c7044823274e9fa72e7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Dec 2001 11:16:22 +0000 Subject: allow selection of the organisational unit when joining a realm (This used to be commit f1231c2b54cac9d4fda7fa9d45fd329f1fd7b779) --- source3/utils/net_ads.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c67fbda2c8..8d41c09208 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -26,7 +26,7 @@ int net_ads_usage(int argc, const char **argv) { d_printf( -"\nnet ads join"\ +"\nnet ads join "\ "\n\tjoins the local machine to a ADS realm\n"\ "\nnet ads leave"\ "\n\tremoves the local machine from a ADS realm\n"\ @@ -169,11 +169,13 @@ static int net_ads_status(int argc, const char **argv) static int net_ads_leave(int argc, const char **argv) { - ADS_STRUCT *ads; + ADS_STRUCT *ads = NULL; int rc; extern pstring global_myname; - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -200,19 +202,39 @@ static int net_ads_join(int argc, const char **argv) char *tmp_password; extern pstring global_myname; NTSTATUS status; + const char *org_unit = "Computers"; + char *dn; + void *res; + + if (argc > 0) org_unit = argv[0]; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - - + tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); if (!(ads = ads_startup())) return -1; - rc = ads_join_realm(ads, global_myname); + asprintf(&dn, "cn=%s,%s", org_unit, ads->bind_path); + + rc = ads_search_dn(ads, &res, dn, NULL); + free(dn); + ads_msgfree(ads, res); + + if (rc == LDAP_NO_SUCH_OBJECT) { + d_printf("ads_join_realm: organisational unit %s does not exist\n", org_unit); + return rc; + } + + if (rc) { + d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + return -1; + } + + rc = ads_join_realm(ads, global_myname, org_unit); if (rc) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; -- cgit From a062e58d9e47f95ac7c66668b3cfe1f72386f6e0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Dec 2001 08:44:23 +0000 Subject: - added initial support for trusted domains in winbindd_ads - gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda) --- source3/utils/net_ads.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8d41c09208..0d7b641771 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -68,7 +68,7 @@ static int net_ads_info(int argc, const char **argv) static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; - int rc; + ADS_RETURN_CODE rc; extern char *opt_password; extern char *opt_user_name; @@ -88,8 +88,11 @@ static ADS_STRUCT *ads_startup(void) ads->user_name = strdup(opt_user_name); rc = ads_connect(ads); - if (rc) { - d_printf("ads_connect: %s\n", ads_errstr(rc)); + if (rc.rc) { + if(rc.error_type) + ads_display_status("ads_connect", rc.rc, rc.minor_status); + else + d_printf("ads_connect: %s\n", ads_errstr(rc.rc)); return NULL; } return ads; -- cgit From 1f31ace6cb771d7bf0b64091fba1d24c466ad4e5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Dec 2001 12:21:12 +0000 Subject: much better ADS error handling system (This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16) --- source3/utils/net_ads.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 0d7b641771..3bfc9d935c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -68,7 +68,7 @@ static int net_ads_info(int argc, const char **argv) static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; - ADS_RETURN_CODE rc; + ADS_STATUS status; extern char *opt_password; extern char *opt_user_name; @@ -87,12 +87,9 @@ static ADS_STRUCT *ads_startup(void) ads->password = strdup(opt_password); ads->user_name = strdup(opt_user_name); - rc = ads_connect(ads); - if (rc.rc) { - if(rc.error_type) - ads_display_status("ads_connect", rc.rc, rc.minor_status); - else - d_printf("ads_connect: %s\n", ads_errstr(rc.rc)); + status = ads_connect(ads); + if (!ADS_ERR_OK(status)) { + d_printf("ads_connect: %s\n", ads_errstr(status)); return NULL; } return ads; @@ -101,13 +98,13 @@ static ADS_STRUCT *ads_startup(void) static int net_ads_user(int argc, const char **argv) { ADS_STRUCT *ads; - int rc; + ADS_STATUS rc; void *res; const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; if (!(ads = ads_startup())) return -1; rc = ads_search(ads, &res, "(objectclass=user)", attrs); - if (rc) { + if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); return -1; } @@ -125,13 +122,13 @@ static int net_ads_user(int argc, const char **argv) static int net_ads_group(int argc, const char **argv) { ADS_STRUCT *ads; - int rc; + ADS_STATUS rc; void *res; const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; if (!(ads = ads_startup())) return -1; rc = ads_search(ads, &res, "(objectclass=group)", attrs); - if (rc) { + if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); return -1; } @@ -148,14 +145,14 @@ static int net_ads_group(int argc, const char **argv) static int net_ads_status(int argc, const char **argv) { ADS_STRUCT *ads; - int rc; + ADS_STATUS rc; extern pstring global_myname; void *res; if (!(ads = ads_startup())) return -1; rc = ads_find_machine_acct(ads, &res, global_myname); - if (rc) { + if (!ADS_ERR_OK(rc)) { d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); return -1; } @@ -173,7 +170,7 @@ static int net_ads_status(int argc, const char **argv) static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; - int rc; + ADS_STATUS rc; extern pstring global_myname; if (!(ads = ads_startup())) { @@ -186,7 +183,7 @@ static int net_ads_leave(int argc, const char **argv) } rc = ads_leave_realm(ads, global_myname); - if (rc) { + if (!ADS_ERR_OK(rc)) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", global_myname, ads->realm); return -1; @@ -200,11 +197,10 @@ static int net_ads_leave(int argc, const char **argv) static int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads; - int rc; + ADS_STATUS rc; char *password; char *tmp_password; extern pstring global_myname; - NTSTATUS status; const char *org_unit = "Computers"; char *dn; void *res; @@ -227,25 +223,25 @@ static int net_ads_join(int argc, const char **argv) free(dn); ads_msgfree(ads, res); - if (rc == LDAP_NO_SUCH_OBJECT) { + if (rc.error_type == ADS_ERROR_LDAP && rc.rc == LDAP_NO_SUCH_OBJECT) { d_printf("ads_join_realm: organisational unit %s does not exist\n", org_unit); - return rc; + return -1; } - if (rc) { + if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; } rc = ads_join_realm(ads, global_myname, org_unit); - if (rc) { + if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; } - status = ads_set_machine_password(ads, global_myname, password); - if (!NT_STATUS_IS_OK(status)) { - d_printf("ads_set_machine_password: %s\n", get_nt_error_msg(status)); + rc = ads_set_machine_password(ads, global_myname, password); + if (!ADS_ERR_OK(rc)) { + d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); return -1; } -- cgit From 6c7e9dfb293f1243d9d8d8a2ac50ef12d738198e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 20 Dec 2001 03:54:52 +0000 Subject: net ads password and net ads chostpass commands from Remus Koos (This used to be commit 412e79c448bf02e3097b5c14a36fe0172d8d2895) --- source3/utils/net_ads.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3bfc9d935c..0853cd3bbf 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -3,6 +3,7 @@ Version 3.0 net ads commands Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) + Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -38,6 +39,11 @@ int net_ads_usage(int argc, const char **argv) "\n\tshows some info on the server\n"\ "\nnet ads status"\ "\n\tdump the machine account details to stdout\n" +"\nnet ads password -Uadmin_username@realm%%admin_pass"\ +"\n\tchange a user's password using an admin account" +"\n\t(note: use realm in UPPERCASE)\n" +"\nnet ads chostpass" +"\n\tchange the trust account password of this machine in the AD tree\n" ); return -1; } @@ -257,6 +263,89 @@ static int net_ads_join(int argc, const char **argv) return 0; } + +static int net_ads_password(int argc, const char **argv) +{ + ADS_STRUCT *ads; + extern char *opt_user_name; + extern char *opt_password; + char *auth_principal = opt_user_name; + char *auth_password = opt_password; + char *realm = NULL; + char *new_password = NULL; + char *c; + char *prompt; + ADS_STATUS ret; + + + if ((argc != 1) || (opt_user_name == NULL) || + (opt_password == NULL) || (strchr(opt_user_name, '@') == NULL) || + (strchr(argv[0], '@') == NULL)) { + return net_ads_usage(argc, argv); + } + + c = strchr(auth_principal, '@'); + realm = ++c; + + /* use the realm so we can eventually change passwords for users + in realms other than default */ + if (!(ads = ads_init(realm, NULL, NULL, NULL))) return -1; + + asprintf(&prompt, "Enter new password for %s:", argv[0]); + + new_password = getpass(prompt); + + ret = kerberos_set_password(ads->kdc_server, auth_principal, + auth_password, argv[0], new_password); + if (!ADS_ERR_OK(ret)) { + d_printf("Password change failed :-( ...\n"); + ads_destroy(&ads); + free(prompt); + return -1; + } + + d_printf("Password change for %s completed.\n", argv[0]); + ads_destroy(&ads); + free(prompt); + + return 0; +} + + +static int net_ads_change_localhost_pass(int argc, const char **argv) +{ + ADS_STRUCT *ads; + extern pstring global_myname; + char *host_principal; + char *hostname; + ADS_STATUS ret; + + + if (!(ads = ads_init(NULL, NULL, NULL, NULL))) return -1; + + hostname = strdup(global_myname); + strlower(hostname); + asprintf(&host_principal, "%s@%s", hostname, ads->realm); + SAFE_FREE(hostname); + d_printf("Changing password for principal: HOST/%s\n", host_principal); + + ret = ads_change_trust_account_password(ads, host_principal); + + if (!ADS_ERR_OK(ret)) { + d_printf("Password change failed :-( ...\n"); + ads_destroy(&ads); + SAFE_FREE(host_principal); + return -1; + } + + d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); + ads_destroy(&ads); + SAFE_FREE(host_principal); + + return 0; +} + + int net_ads(int argc, const char **argv) { struct functable func[] = { @@ -266,6 +355,8 @@ int net_ads(int argc, const char **argv) {"STATUS", net_ads_status}, {"USER", net_ads_user}, {"GROUP", net_ads_group}, + {"PASSWORD", net_ads_password}, + {"CHOSTPASS", net_ads_change_localhost_pass}, {NULL, NULL} }; -- cgit From 91ee73e3009fdde79ce9e51ba0caac5669ed9279 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 20 Dec 2001 23:35:53 +0000 Subject: make sure we store the domain sid when joining a ADS domain (This used to be commit dfbe442c668480d88cb8b385c6b89f8e198ca500) --- source3/utils/net_ads.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 0853cd3bbf..7baa297230 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -210,6 +210,7 @@ static int net_ads_join(int argc, const char **argv) const char *org_unit = "Computers"; char *dn; void *res; + DOM_SID dom_sid; if (argc > 0) org_unit = argv[0]; @@ -251,6 +252,17 @@ static int net_ads_join(int argc, const char **argv) return -1; } + rc = ads_domain_sid(ads, &dom_sid); + if (!ADS_ERR_OK(rc)) { + d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); + return -1; + } + + if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) { + DEBUG(1,("Failed to save domain sid\n")); + return -1; + } + if (!secrets_store_machine_password(password)) { DEBUG(1,("Failed to save machine password\n")); return -1; -- cgit From 9f85d4ad5f2bb5fdb7739b3f90c4bfac705393ce Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 16 Jan 2002 02:22:30 +0000 Subject: much better support for organisational units in ADS join (This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688) --- source3/utils/net_ads.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 7baa297230..fec31c6ea3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -211,6 +211,7 @@ static int net_ads_join(int argc, const char **argv) char *dn; void *res; DOM_SID dom_sid; + char *ou_str; if (argc > 0) org_unit = argv[0]; @@ -224,16 +225,19 @@ static int net_ads_join(int argc, const char **argv) if (!(ads = ads_startup())) return -1; - asprintf(&dn, "cn=%s,%s", org_unit, ads->bind_path); + ou_str = ads_ou_string(org_unit); + asprintf(&dn, "%s,%s", ou_str, ads->bind_path); + free(ou_str); rc = ads_search_dn(ads, &res, dn, NULL); - free(dn); ads_msgfree(ads, res); if (rc.error_type == ADS_ERROR_LDAP && rc.rc == LDAP_NO_SUCH_OBJECT) { - d_printf("ads_join_realm: organisational unit %s does not exist\n", org_unit); + d_printf("ads_join_realm: organisational unit %s does not exist (dn:%s)\n", + org_unit, dn); return -1; } + free(dn); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); -- cgit From de260eadf956cae8aeaebc2a84f46a57c0671741 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 25 Jan 2002 22:07:46 +0000 Subject: Enable net ads commands to use existing tickets if the user doesn't specify a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified. (This used to be commit 7e5d7dfa834c0161460bde8a2f0d4824c0a0d1fe) --- source3/utils/net_ads.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index fec31c6ea3..ae7bf5d446 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -75,8 +75,12 @@ static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; ADS_STATUS status; + BOOL need_password = False; + BOOL second_time = False; extern char *opt_password; extern char *opt_user_name; + extern BOOL opt_user_specified; + ads = ads_init(NULL, NULL, NULL, NULL); @@ -84,19 +88,30 @@ static ADS_STRUCT *ads_startup(void) opt_user_name = "administrator"; } - if (!opt_password) { + if (opt_user_specified) + need_password = True; + +retry: + if (!opt_password && need_password) { char *prompt; asprintf(&prompt,"%s password: ", opt_user_name); opt_password = getpass(prompt); free(prompt); + ads->password = strdup(opt_password); } - ads->password = strdup(opt_password); + ads->user_name = strdup(opt_user_name); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { - d_printf("ads_connect: %s\n", ads_errstr(status)); - return NULL; + if (!need_password && !second_time) { + need_password = True; + second_time = True; + goto retry; + } else { + d_printf("ads_connect: %s\n", ads_errstr(status)); + return NULL; + } } return ads; } -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/utils/net_ads.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ae7bf5d446..32cf1aafb8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1,6 +1,5 @@ /* Samba Unix/Linux SMB client library - Version 3.0 net ads commands Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) -- cgit From ffc58a7ff86e74d62f7161abb6a690112dddb6e9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Sat, 2 Feb 2002 02:06:03 +0000 Subject: Add support for net ads printer to publish, remove, or display printer info in the directory. Only publishes required fields right now. (This used to be commit 1d326f8b7e68bcad6c35488f77b05c598ebaad5d) --- source3/utils/net_ads.c | 167 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 32cf1aafb8..28543e43a1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -3,6 +3,7 @@ net ads commands Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) + Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -43,6 +44,8 @@ int net_ads_usage(int argc, const char **argv) "\n\t(note: use realm in UPPERCASE)\n" "\nnet ads chostpass" "\n\tchange the trust account password of this machine in the AD tree\n" +"\nnet ads printer [info | publish | remove] " +"\n\t lookup, add, or remove directory entry for a printer\n" ); return -1; } @@ -293,6 +296,169 @@ static int net_ads_join(int argc, const char **argv) return 0; } +int net_ads_printer_usage(int argc, const char **argv) +{ + d_printf( +"\nnet ads printer info " +"\n\tlookup info in directory for printer on server" +"\n\t(note: printer defaults to \"*\", server defaults to local)\n" +"\nnet ads printer publish " +"\n\tpublish printer in directory" +"\n\t(note: printer name is required)\n" +"\nnet ads printer remove " +"\n\tremove printer from directory" +"\n\t(note: printer name is required)\n"); + return -1; +} + +static int net_ads_printer_info(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + char *servername, *printername; + extern pstring global_myname; + void *res = NULL; + + if (!(ads = ads_startup())) return -1; + + if (argc > 0) + printername = argv[0]; + else + printername = "*"; + + if (argc > 1) + servername = argv[1]; + else + servername = global_myname; + + rc = ads_find_printer_on_server(ads, &res, printername, servername); + + if (!ADS_ERR_OK(rc)) { + d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); + ads_msgfree(ads, res); + return -1; + } + + if (ads_count_replies(ads, res) == 0) { + d_printf("Printer '%s' not found\n", printername); + ads_msgfree(ads, res); + return -1; + } + + ads_dump(ads, res); + /* I wanted to do this ads_msgfree, but it coredumps...why? + the ads_dump routine doesn't free it, or does it partially + free it as it walks through the result? + ads_msgfree(ads, res); */ + + return 0; +} + +static int net_ads_printer_publish(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + char *uncname, *servername; + ADS_PRINTER_ENTRY prt; + extern pstring global_myname; + + /* + these const strings are only here as an example. The attributes + they represent are not implemented yet + */ + const char *bins[] = {"Tray 21", NULL}; + const char *media[] = {"Letter", NULL}; + const char *orients[] = {"PORTRAIT", NULL}; + const char *ports[] = {"Samba", NULL}; + + if (!(ads = ads_startup())) return -1; + + if (argc < 1) + return net_ads_printer_usage(argc, argv); + + memset(&prt, 0, sizeof(ADS_PRINTER_ENTRY)); + + prt.printerName = argv[0]; + asprintf(&servername, "%s.%s", global_myname, ads->realm); + prt.serverName = servername; + prt.shortServerName = global_myname; + prt.versionNumber = "4"; + asprintf(&uncname, "\\\\%s\\%s", global_myname, argv[0]); + prt.uNCName=uncname; + prt.printBinNames = (char **) bins; + prt.printMediaSupported = (char **) media; + prt.printOrientationsSupported = (char **) orients; + prt.portName = (char **) ports; + prt.printSpooling = "PrintAfterSpooled"; + + rc = ads_add_printer(ads, &prt); + if (!ADS_ERR_OK(rc)) { + d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); + return -1; + } + + d_printf("published printer\n"); + + return 0; +} + +static int net_ads_printer_remove(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + char *servername, *prt_dn; + extern pstring global_myname; + void *res = NULL; + + if (!(ads = ads_startup())) return -1; + + if (argc < 1) + return net_ads_printer_usage(argc, argv); + + if (argc > 1) + servername = argv[1]; + else + servername = global_myname; + + rc = ads_find_printer_on_server(ads, &res, argv[0], servername); + + if (!ADS_ERR_OK(rc)) { + d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); + ads_msgfree(ads, res); + return -1; + } + + if (ads_count_replies(ads, res) == 0) { + d_printf("Printer '%s' not found\n", argv[1]); + ads_msgfree(ads, res); + return -1; + } + + prt_dn = ads_get_dn(ads, res); + ads_msgfree(ads, res); + rc = ads_del_dn(ads, prt_dn); + ads_memfree(ads, prt_dn); + + if (!ADS_ERR_OK(rc)) { + d_printf("ads_del_dn: %s\n", ads_errstr(rc)); + return -1; + } + + return 0; +} + +static int net_ads_printer(int argc, const char **argv) +{ + struct functable func[] = { + {"INFO", net_ads_printer_info}, + {"PUBLISH", net_ads_printer_publish}, + {"REMOVE", net_ads_printer_remove}, + {NULL, NULL} + }; + + return net_run_function(argc, argv, func, net_ads_printer_usage); +} + static int net_ads_password(int argc, const char **argv) { @@ -387,6 +553,7 @@ int net_ads(int argc, const char **argv) {"GROUP", net_ads_group}, {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, + {"PRINTER", net_ads_printer}, {NULL, NULL} }; -- cgit From 62ee445422bf38a9049cb84a99321055bfec8d0b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Feb 2002 22:18:52 +0000 Subject: Subject: [PATCH] net ads error Date: Fri, 15 Feb 2002 20:03:32 +0200 From: Alexander Bokovoy To: samba-technical@samba.org Greetings! Attached patch fixes a problem with non-working 'net ads -Uuser%pass' in CVS HEAD. (This used to be commit a21a951ff9493a6e33e4ff8388a95facdeacf7b4) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 28543e43a1..03ec2920b9 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -99,9 +99,9 @@ retry: asprintf(&prompt,"%s password: ", opt_user_name); opt_password = getpass(prompt); free(prompt); - ads->password = strdup(opt_password); } + ads->password = strdup(opt_password); ads->user_name = strdup(opt_user_name); status = ads_connect(ads); -- cgit From 56d5f6bad267d758cd375d5ad7172ce097cab63c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 16 Feb 2002 22:11:49 +0000 Subject: dont strdup() possibly null values. (This used to be commit 0511589088dc3e990f7b1a38a06489814c49ec1b) --- source3/utils/net_ads.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 03ec2920b9..b9388f3349 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -101,7 +101,9 @@ retry: free(prompt); } - ads->password = strdup(opt_password); + if (opt_password) + ads->password = strdup(opt_password); + ads->user_name = strdup(opt_user_name); status = ads_connect(ads); -- cgit From 9b9d681870453c488a3c258ce7b56c5d250f3dc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Mar 2002 01:52:09 +0000 Subject: try to use our workstation account password for ADS leave (This used to be commit 2a42e91397d7871d326abed0e99af297e71dd77e) --- source3/utils/net_ads.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b9388f3349..22e511760c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -197,13 +197,20 @@ static int net_ads_leave(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS rc; extern pstring global_myname; + extern char *opt_user_name; + extern char *opt_password; - if (!(ads = ads_startup())) { + if (!secrets_init()) { + DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - if (!secrets_init()) { - DEBUG(1,("Failed to initialise secrets database\n")); + if (!opt_password) { + asprintf(&opt_user_name, "%s$", global_myname); + opt_password = secrets_fetch_machine_password(); + } + + if (!(ads = ads_startup())) { return -1; } @@ -252,7 +259,7 @@ static int net_ads_join(int argc, const char **argv) ads_msgfree(ads, res); if (rc.error_type == ADS_ERROR_LDAP && rc.rc == LDAP_NO_SUCH_OBJECT) { - d_printf("ads_join_realm: organisational unit %s does not exist (dn:%s)\n", + d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); return -1; } -- cgit From 5980e74d4cac49f73f4170e60f818990537e4471 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 14 Mar 2002 17:56:33 +0000 Subject: Add paged search requests to net ads user and net ads group commands, allowing more than 1000 (or whatever the query limit is on the server) objects to be returned. Printers will come next. (This used to be commit 9c447920dfbae2e2d2343600401c1d860dad863b) --- source3/utils/net_ads.c | 53 +++++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 21 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 22e511760c..091c254d88 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -125,21 +125,26 @@ static int net_ads_user(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; void *res; + int rescount; + void *cookie = NULL; const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; - + if (!(ads = ads_startup())) return -1; - rc = ads_search(ads, &res, "(objectclass=user)", attrs); - if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); - return -1; - } - if (ads_count_replies(ads, res) == 0) { - d_printf("No users found\n"); - return -1; - } + do { + rc = ads_do_paged_search(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=user)", attrs, &res, + &rescount, &cookie); + + if (!ADS_ERR_OK(rc)) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + ads_dump(ads, res); + + } while (cookie); - ads_dump(ads, res); ads_destroy(&ads); return 0; } @@ -149,21 +154,27 @@ static int net_ads_group(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; void *res; + int rescount; + void *cookie = NULL; const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; if (!(ads = ads_startup())) return -1; - rc = ads_search(ads, &res, "(objectclass=group)", attrs); - if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); - return -1; - } - if (ads_count_replies(ads, res) == 0) { - d_printf("No groups found\n"); - return -1; - } + do { + rc = ads_do_paged_search(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=group)", attrs, &res, + &rescount, &cookie); - ads_dump(ads, res); + if (!ADS_ERR_OK(rc)) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + ads_dump(ads, res); + + } while (cookie); + + ads_destroy(&ads); return 0; } -- cgit From 04845c4cc0b99cba6ce8ceb65d6ec356d9c513d8 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 15 Mar 2002 22:05:39 +0000 Subject: Expose net_ads_join to allow for auto-transport-detection for net join (This used to be commit 87ee4832312c9c65377500efd617bac086164834) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 091c254d88..3d758a39aa 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -237,7 +237,7 @@ static int net_ads_leave(int argc, const char **argv) return 0; } -static int net_ads_join(int argc, const char **argv) +int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; -- cgit From 0bb16f1d01a911aafe585fc558fbc473eddc4065 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Sat, 16 Mar 2002 01:30:09 +0000 Subject: Fix build for non-ads case (This used to be commit 7ba235c0fb4755092605743d575357602fd1ce05) --- source3/utils/net_ads.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3d758a39aa..31bf38726b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -588,6 +588,11 @@ int net_ads_usage(int argc, const char **argv) return -1; } +int net_ads_join(int argc, const char **argv) +{ + return -1; +} + int net_ads(int argc, const char **argv) { return net_ads_usage(argc, argv); -- cgit From 160358413797c038761d58ca3081df7c67aac28b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 19 Mar 2002 22:16:19 +0000 Subject: make "net ads user" and "net ads group" also use the new paged interface (This used to be commit 98769f08e723c616a98a2f0c427e9b0e22b28be9) --- source3/utils/net_ads.c | 46 ++++++++++++++++------------------------------ 1 file changed, 16 insertions(+), 30 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 31bf38726b..54d8eccbd7 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -125,26 +125,19 @@ static int net_ads_user(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; void *res; - int rescount; - void *cookie = NULL; const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; if (!(ads = ads_startup())) return -1; - do { - rc = ads_do_paged_search(ads, ads->bind_path, - LDAP_SCOPE_SUBTREE, - "(objectclass=user)", attrs, &res, - &rescount, &cookie); - - if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); - return -1; - } - ads_dump(ads, res); - - } while (cookie); + rc = ads_do_search_all(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=user)", attrs, &res); + if (!ADS_ERR_OK(rc)) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + ads_dump(ads, res); ads_destroy(&ads); return 0; } @@ -154,26 +147,19 @@ static int net_ads_group(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; void *res; - int rescount; - void *cookie = NULL; const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; if (!(ads = ads_startup())) return -1; - do { - rc = ads_do_paged_search(ads, ads->bind_path, - LDAP_SCOPE_SUBTREE, - "(objectclass=group)", attrs, &res, - &rescount, &cookie); - - if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); - return -1; - } - ads_dump(ads, res); - - } while (cookie); + rc = ads_do_search_all(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=group)", attrs, &res); + if (!ADS_ERR_OK(rc)) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + ads_dump(ads, res); ads_destroy(&ads); return 0; } -- cgit From 3fd8f2d6e8c50e62a5e4cd095abcb3da8063e708 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 21 Mar 2002 04:48:24 +0000 Subject: make net ads info work with -S (This used to be commit 57645fd85b7789d7807a5ffb5b2572c6d5f9e3de) --- source3/utils/net_ads.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 54d8eccbd7..7981bedb7e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -54,8 +54,9 @@ int net_ads_usage(int argc, const char **argv) static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; + extern char *opt_host; - ads = ads_init(NULL, NULL, NULL, NULL); + ads = ads_init(NULL, opt_host, NULL, NULL); ads_connect(ads); if (!ads) { @@ -81,10 +82,10 @@ static ADS_STRUCT *ads_startup(void) BOOL second_time = False; extern char *opt_password; extern char *opt_user_name; + extern char *opt_host; extern BOOL opt_user_specified; - - - ads = ads_init(NULL, NULL, NULL, NULL); + + ads = ads_init(NULL, opt_host, NULL, NULL); if (!opt_user_name) { opt_user_name = "administrator"; -- cgit From b94791f1d4a34d8c845dcfc7d1689e4131acab8e Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 29 Mar 2002 21:09:44 +0000 Subject: Re-implemented net ads user and net ads group to use the new ads_process_results function. Also made sure net rap user and net ads user display the same thing, to make auto-transport-detection smoother. (This used to be commit 4cf42c07ec5deb14921fabfbd52a8a3345a730c9) --- source3/utils/net_ads.c | 64 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 14 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 7981bedb7e..76036b1b1e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -121,24 +121,54 @@ retry: return ads; } +static void usergrp_display(char *field, void **values, void *data_area) +{ + char **disp_fields = (char **) data_area; + + if (!field) { /* must be end of record */ + if (disp_fields[1]) + printf("%-21.21s %-50.50s\n", + disp_fields[0], disp_fields[1]); + else + printf("%s\n", disp_fields[0]); + SAFE_FREE(disp_fields[0]); + SAFE_FREE(disp_fields[1]); + return; + } + if (StrCaseCmp(field, "sAMAccountName") == 0) { + disp_fields[0] = strdup(((struct berval *) values[0])->bv_val); + } + if (StrCaseCmp(field, "description") == 0) + disp_fields[1] = strdup(((struct berval *) values[0])->bv_val); +} + static int net_ads_user(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; void *res; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; + const char *shortattrs[] = {"sAMAccountName", NULL}; + const char *longattrs[] = {"sAMAccountName", "description", NULL}; + extern int opt_long_list_entries; + char *disp_fields[2] = {NULL, NULL}; if (!(ads = ads_startup())) return -1; - rc = ads_do_search_all(ads, ads->bind_path, - LDAP_SCOPE_SUBTREE, - "(objectclass=user)", attrs, &res); + rc = ads_do_search_all(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, + "(objectclass=user)", opt_long_list_entries ? + longattrs : shortattrs, &res); if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); return -1; } - ads_dump(ads, res); + + if (opt_long_list_entries) + d_printf("\nUser name Comment"\ + "\n-----------------------------\n"); + ads_process_results(ads, res, usergrp_display, disp_fields); + ads_msgfree(ads, res); + ads_destroy(&ads); return 0; } @@ -148,19 +178,28 @@ static int net_ads_group(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; void *res; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", NULL}; + const char *shortattrs[] = {"sAMAccountName", NULL}; + const char *longattrs[] = {"sAMAccountName", "description", NULL}; + extern int opt_long_list_entries; + char *disp_fields[2] = {NULL, NULL}; if (!(ads = ads_startup())) return -1; - rc = ads_do_search_all(ads, ads->bind_path, - LDAP_SCOPE_SUBTREE, - "(objectclass=group)", attrs, &res); + rc = ads_do_search_all(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, + "(objectclass=group)", opt_long_list_entries ? + longattrs : shortattrs, &res); + if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); return -1; } - ads_dump(ads, res); + if (opt_long_list_entries) + d_printf("\nGroup name Comment"\ + "\n-----------------------------\n"); + ads_process_results(ads, res, usergrp_display, disp_fields); + ads_msgfree(ads, res); + ads_destroy(&ads); return 0; } @@ -353,10 +392,7 @@ static int net_ads_printer_info(int argc, const char **argv) } ads_dump(ads, res); - /* I wanted to do this ads_msgfree, but it coredumps...why? - the ads_dump routine doesn't free it, or does it partially - free it as it walks through the result? - ads_msgfree(ads, res); */ + ads_msgfree(ads, res); return 0; } -- cgit From 94e3c18e9cdccefd458762b6f4ba5afb5a214e0b Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 4 Apr 2002 02:53:42 +0000 Subject: Add net ads user subcommands: add delete info. Also make user listing format consistent with rap version. (This used to be commit f6eb7c0c7ec83a3674d56f0e222b900887327319) --- source3/utils/net_ads.c | 181 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 169 insertions(+), 12 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 76036b1b1e..fb9a2b8b02 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -142,37 +142,174 @@ static void usergrp_display(char *field, void **values, void *data_area) disp_fields[1] = strdup(((struct berval *) values[0])->bv_val); } -static int net_ads_user(int argc, const char **argv) +static int net_ads_user_usage(int argc, const char **argv) +{ + d_printf("\nnet ads user \n\tList users\n"); + d_printf("\nnet ads user DELETE "\ + "\n\tDelete specified user\n"); + d_printf("\nnet ads user INFO "\ + "\n\tList the domain groups of the specified user\n"); + d_printf("\nnet ads user ADD [-F user flags]"\ + "\n\tAdd specified user\n"); + net_common_flags_usage(argc, argv); + + return -1; +} + +static int ads_user_add(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS status; + void *res=NULL; + int rc = -1; + extern char *opt_comment; + + if (argc < 1) return net_ads_user_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + status = ads_find_user_acct(ads, &res, argv[0]); + + if (!ADS_ERR_OK(status)) { + d_printf("ads_user_add: %s\n", ads_err2string(status)); + goto done; + } + + if (ads_count_replies(ads, res)) { + d_printf("ads_user_add: User %s already exists\n", argv[0]); + ads_msgfree(ads, res); + goto done; + } + + status = ads_add_user_acct(ads, argv[0], opt_comment); + + if (ADS_ERR_OK(status)) { + d_printf("User %s added\n", argv[0]); + rc = 0; + } else { + d_printf("Could not add user %s: %s\n", argv[0], + ads_err2string(status)); + } + + done: + if (res) + ads_msgfree(ads, res); + ads_destroy(&ads); + return rc; +} + +static int ads_user_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; void *res; - const char *shortattrs[] = {"sAMAccountName", NULL}; - const char *longattrs[] = {"sAMAccountName", "description", NULL}; - extern int opt_long_list_entries; - char *disp_fields[2] = {NULL, NULL}; + const char *attrs[] = {"memberOf", NULL}; + char *searchstring=NULL; + char **grouplist; + + if (argc < 1) return net_ads_user_usage(argc, argv); if (!(ads = ads_startup())) return -1; - rc = ads_do_search_all(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=user)", opt_long_list_entries ? - longattrs : shortattrs, &res); + asprintf(&searchstring, "(sAMAccountName=%s)", argv[0]); + rc = ads_search(ads, &res, searchstring, attrs); + safe_free(searchstring); if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); return -1; } - if (opt_long_list_entries) - d_printf("\nUser name Comment"\ - "\n-----------------------------\n"); - ads_process_results(ads, res, usergrp_display, disp_fields); + grouplist = ldap_get_values(ads->ld, res, "memberOf"); + + if (grouplist) { + int i; + char **groupname; + for (i=0;grouplist[i];i++) { + groupname = ldap_explode_dn(grouplist[i], 1); + printf("%s\n", groupname[0]); + ldap_value_free(groupname); + } + ldap_value_free(grouplist); + } + ads_msgfree(ads, res); ads_destroy(&ads); return 0; } +static int ads_user_delete(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + void *res; + char *userdn; + + if (argc < 1) return net_ads_user_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + rc = ads_find_user_acct(ads, &res, argv[0]); + if (!ADS_ERR_OK(rc)) { + DEBUG(0, ("User %s does not exist\n", argv[0])); + return -1; + } + userdn = ads_get_dn(ads, res); + ads_msgfree(ads, res); + rc = ads_del_dn(ads, userdn); + ads_memfree(ads, userdn); + if (!ADS_ERR_OK(rc)) { + d_printf("User %s deleted\n", argv[0]); + return 0; + } + d_printf("Error deleting user %s: %s\n", argv[0], + ldap_err2string(rc.rc)); + return -1; +} + +static int net_ads_user(int argc, const char **argv) +{ + struct functable func[] = { + {"ADD", ads_user_add}, + {"INFO", ads_user_info}, + {"DELETE", ads_user_delete}, + {NULL, NULL} + }; + ADS_STRUCT *ads; + ADS_STATUS rc; + void *res; + const char *shortattrs[] = {"sAMAccountName", NULL}; + const char *longattrs[] = {"sAMAccountName", "description", NULL}; + extern int opt_long_list_entries; + char *disp_fields[2] = {NULL, NULL}; + + if (argc == 0) { + if (!(ads = ads_startup())) return -1; + + rc = ads_do_search_all(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, + "(objectclass=user)", + opt_long_list_entries ? + longattrs : shortattrs, &res); + + if (!ADS_ERR_OK(rc)) { + d_printf("ads_search: %s\n", ads_errstr(rc)); + return -1; + } + + if (opt_long_list_entries) + d_printf("\nUser name Comment"\ + "\n-----------------------------\n"); + ads_process_results(ads, res, usergrp_display, disp_fields); + ads_msgfree(ads, res); + + ads_destroy(&ads); + return 0; + } + + return net_run_function(argc, argv, func, net_ads_user_usage); +} + static int net_ads_group(int argc, const char **argv) { ADS_STRUCT *ads; @@ -584,6 +721,25 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) return 0; } +int net_ads_help(int argc, const char **argv) +{ + struct functable func[] = { + {"USER", net_ads_user_usage}, +#if 0 + {"INFO", net_ads_info}, + {"JOIN", net_ads_join}, + {"LEAVE", net_ads_leave}, + {"STATUS", net_ads_status}, + {"GROUP", net_ads_group}, + {"PASSWORD", net_ads_password}, + {"CHOSTPASS", net_ads_change_localhost_pass}, + {"PRINTER", net_ads_printer}, +#endif + {NULL, NULL} + }; + + return net_run_function(argc, argv, func, net_ads_usage); +} int net_ads(int argc, const char **argv) { @@ -597,6 +753,7 @@ int net_ads(int argc, const char **argv) {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, {"PRINTER", net_ads_printer}, + {"HELP", net_ads_help}, {NULL, NULL} }; -- cgit From c0bf7d9db4c704fa43388dc7eb61f90ecdb7e974 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 4 Apr 2002 03:06:22 +0000 Subject: Correct error string function call to ads_errstr() (This used to be commit d7317ca8da4b04804f4d01752cef56ec5a9c3418) --- source3/utils/net_ads.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index fb9a2b8b02..722e5a8616 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -171,7 +171,7 @@ static int ads_user_add(int argc, const char **argv) status = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(status)) { - d_printf("ads_user_add: %s\n", ads_err2string(status)); + d_printf("ads_user_add: %s\n", ads_errstr(status)); goto done; } @@ -188,7 +188,7 @@ static int ads_user_add(int argc, const char **argv) rc = 0; } else { d_printf("Could not add user %s: %s\n", argv[0], - ads_err2string(status)); + ads_errstr(status)); } done: @@ -264,7 +264,7 @@ static int ads_user_delete(int argc, const char **argv) return 0; } d_printf("Error deleting user %s: %s\n", argv[0], - ldap_err2string(rc.rc)); + ads_errstr(rc)); return -1; } -- cgit From 7bfa5ead490e382d3dd534343639926a7025ce9c Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 4 Apr 2002 03:14:25 +0000 Subject: Add non-ads version of net_ads_help for build on non-ads machines. (This used to be commit dd7c20e5331116fd8cf9656a0f2406957b812bbb) --- source3/utils/net_ads.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 722e5a8616..ce51a50eb7 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -768,6 +768,12 @@ int net_ads_usage(int argc, const char **argv) return -1; } +int net_ads_help(int argc, const char **argv) +{ + d_printf("ADS support not compiled in\n"); + return -1; +} + int net_ads_join(int argc, const char **argv) { return -1; -- cgit From e2745e88e508b261ce57eac0a252283542404849 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 4 Apr 2002 16:47:24 +0000 Subject: More updates for auto-detecting server connection method. Added net_ads_check() to make a connection (which stores the password in a global so it can be used by rpc or rap function if ads fails) and close it to verify if ads method should be used. (This used to be commit 093297a27db9834cf8aea34302246af8997d9c66) --- source3/utils/net_ads.c | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ce51a50eb7..2696152b12 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -114,13 +114,31 @@ retry: second_time = True; goto retry; } else { - d_printf("ads_connect: %s\n", ads_errstr(status)); + DEBUG(1,("ads_connect: %s\n", ads_errstr(status))); return NULL; } } return ads; } + +/* + Check to see if connection can be made via ads. + ads_startup() stores the password in opt_password if it needs to so + that rpc or rap can use it without re-prompting. +*/ +int net_ads_check(void) +{ + ADS_STRUCT *ads; + + ads = ads_startup(); + if (!ads) + return -1; + ads_destroy(&ads); + return 0; +} + + static void usergrp_display(char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; @@ -268,7 +286,7 @@ static int ads_user_delete(int argc, const char **argv) return -1; } -static int net_ads_user(int argc, const char **argv) +int net_ads_user(int argc, const char **argv) { struct functable func[] = { {"ADD", ads_user_add}, @@ -762,19 +780,34 @@ int net_ads(int argc, const char **argv) #else -int net_ads_usage(int argc, const char **argv) +static int net_ads_noads(void) { d_printf("ADS support not compiled in\n"); return -1; } +int net_ads_usage(int argc, const char **argv) +{ + return net_ads_noads(); +} + int net_ads_help(int argc, const char **argv) { - d_printf("ADS support not compiled in\n"); - return -1; + return net_ads_noads(); } int net_ads_join(int argc, const char **argv) +{ + return net_ads_noads(); +} + +int net_ads_user(int argc, const char **argv) +{ + return net_ads_noads(); +} + +/* this one shouldn't display a message */ +int net_ads_check(void) { return -1; } -- cgit From 1458b7c7959be7720162fef441025954f0082fe9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 5 Apr 2002 01:36:28 +0000 Subject: Lots more net consistency work: - Added net_help.c for unified help when possible - Added net rpc user listing, delete, info commands - Unified net user command to autodetect ads/rpc/rap (try in that order) - Added generic routine for detecting rpc (protocol > PROTOCOL_NT1) - I'm sure I forgot something. (This used to be commit 9daa5788c822cf1ad20dc703e7f03b9ee82987bf) --- source3/utils/net_ads.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2696152b12..260f49ee76 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -162,16 +162,7 @@ static void usergrp_display(char *field, void **values, void *data_area) static int net_ads_user_usage(int argc, const char **argv) { - d_printf("\nnet ads user \n\tList users\n"); - d_printf("\nnet ads user DELETE "\ - "\n\tDelete specified user\n"); - d_printf("\nnet ads user INFO "\ - "\n\tList the domain groups of the specified user\n"); - d_printf("\nnet ads user ADD [-F user flags]"\ - "\n\tAdd specified user\n"); - net_common_flags_usage(argc, argv); - - return -1; + return net_help_user(argc, argv); } static int ads_user_add(int argc, const char **argv) -- cgit From 3fcb31db922f911a713c89bb2ee626042e41df46 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 5 Apr 2002 19:28:02 +0000 Subject: Use the new ads_do_search_all2 function. It provides sorted results. We now also filter out users that end in '$', which gives us the same results as the net rpc user and net rap user. (This used to be commit e3a813831276ec2aafa0caa4f4fed0785dcdb749) --- source3/utils/net_ads.c | 48 ++++++++++++++++++------------------------------ 1 file changed, 18 insertions(+), 30 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 260f49ee76..922e1331cd 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -144,11 +144,13 @@ static void usergrp_display(char *field, void **values, void *data_area) char **disp_fields = (char **) data_area; if (!field) { /* must be end of record */ - if (disp_fields[1]) - printf("%-21.21s %-50.50s\n", - disp_fields[0], disp_fields[1]); - else - printf("%s\n", disp_fields[0]); + if (!strchr_m(disp_fields[0], '$')) { + if (disp_fields[1]) + printf("%-21.21s %-50.50s\n", + disp_fields[0], disp_fields[1]); + else + printf("%-21.21s\n", disp_fields[0]); + } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); return; @@ -287,7 +289,6 @@ int net_ads_user(int argc, const char **argv) }; ADS_STRUCT *ads; ADS_STATUS rc; - void *res; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; extern int opt_long_list_entries; @@ -296,22 +297,17 @@ int net_ads_user(int argc, const char **argv) if (argc == 0) { if (!(ads = ads_startup())) return -1; - rc = ads_do_search_all(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=user)", - opt_long_list_entries ? - longattrs : shortattrs, &res); - - if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); - return -1; - } - if (opt_long_list_entries) d_printf("\nUser name Comment"\ "\n-----------------------------\n"); - ads_process_results(ads, res, usergrp_display, disp_fields); - ads_msgfree(ads, res); + rc = ads_do_search_all2(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=user)", + opt_long_list_entries ? + longattrs : shortattrs, + "sAMAccountName", usergrp_display, + disp_fields); ads_destroy(&ads); return 0; } @@ -323,7 +319,6 @@ static int net_ads_group(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - void *res; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; extern int opt_long_list_entries; @@ -331,20 +326,13 @@ static int net_ads_group(int argc, const char **argv) if (!(ads = ads_startup())) return -1; - rc = ads_do_search_all(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=group)", opt_long_list_entries ? - longattrs : shortattrs, &res); - - if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); - return -1; - } - if (opt_long_list_entries) d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); - ads_process_results(ads, res, usergrp_display, disp_fields); - ads_msgfree(ads, res); + rc = ads_do_search_all2(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, + "(objectclass=group)", opt_long_list_entries ? + longattrs : shortattrs, "sAMAccountName", + usergrp_display, disp_fields); ads_destroy(&ads); return 0; -- cgit From 6e0b34fb3c0598e7f242e9995b421212a88888f8 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 10 Apr 2002 13:29:23 +0000 Subject: Rename of ads_do_search_all2() to ads_do_search_all() and removal of server sort controls. Also put option externs in the net.h include. (This used to be commit b69f11170c2b27016c44a98bc603d1c94ad7d4c2) --- source3/utils/net_ads.c | 34 +++++++++++----------------------- 1 file changed, 11 insertions(+), 23 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 922e1331cd..68fa89ea35 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "../utils/net.h" #ifdef HAVE_ADS @@ -54,7 +55,6 @@ int net_ads_usage(int argc, const char **argv) static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - extern char *opt_host; ads = ads_init(NULL, opt_host, NULL, NULL); ads_connect(ads); @@ -80,10 +80,6 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; - extern char *opt_password; - extern char *opt_user_name; - extern char *opt_host; - extern BOOL opt_user_specified; ads = ads_init(NULL, opt_host, NULL, NULL); @@ -173,7 +169,6 @@ static int ads_user_add(int argc, const char **argv) ADS_STATUS status; void *res=NULL; int rc = -1; - extern char *opt_comment; if (argc < 1) return net_ads_user_usage(argc, argv); @@ -291,7 +286,6 @@ int net_ads_user(int argc, const char **argv) ADS_STATUS rc; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; - extern int opt_long_list_entries; char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { @@ -301,13 +295,12 @@ int net_ads_user(int argc, const char **argv) d_printf("\nUser name Comment"\ "\n-----------------------------\n"); - rc = ads_do_search_all2(ads, ads->bind_path, - LDAP_SCOPE_SUBTREE, - "(objectclass=user)", - opt_long_list_entries ? - longattrs : shortattrs, - "sAMAccountName", usergrp_display, - disp_fields); + rc = ads_do_search_all_fn(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=user)", + opt_long_list_entries ? longattrs : + shortattrs, usergrp_display, + disp_fields); ads_destroy(&ads); return 0; } @@ -321,7 +314,6 @@ static int net_ads_group(int argc, const char **argv) ADS_STATUS rc; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; - extern int opt_long_list_entries; char *disp_fields[2] = {NULL, NULL}; if (!(ads = ads_startup())) return -1; @@ -329,10 +321,10 @@ static int net_ads_group(int argc, const char **argv) if (opt_long_list_entries) d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); - rc = ads_do_search_all2(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=group)", opt_long_list_entries ? - longattrs : shortattrs, "sAMAccountName", - usergrp_display, disp_fields); + rc = ads_do_search_all_fn(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, + "(objectclass=group)", opt_long_list_entries + ? longattrs : shortattrs, usergrp_display, + disp_fields); ads_destroy(&ads); return 0; @@ -368,8 +360,6 @@ static int net_ads_leave(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS rc; extern pstring global_myname; - extern char *opt_user_name; - extern char *opt_password; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -640,8 +630,6 @@ static int net_ads_printer(int argc, const char **argv) static int net_ads_password(int argc, const char **argv) { ADS_STRUCT *ads; - extern char *opt_user_name; - extern char *opt_password; char *auth_principal = opt_user_name; char *auth_password = opt_password; char *realm = NULL; -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/utils/net_ads.c | 269 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 229 insertions(+), 40 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 68fa89ea35..fa3eac6bd3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -33,20 +33,22 @@ int net_ads_usage(int argc, const char **argv) "\nnet ads leave"\ "\n\tremoves the local machine from a ADS realm\n"\ "\nnet ads user"\ -"\n\tlist users in the realm\n"\ +"\n\tlist, add, or delete users in the realm\n"\ "\nnet ads group"\ -"\n\tlist groups in the realm\n"\ +"\n\tlist, add, or delete groups in the realm\n"\ "\nnet ads info"\ "\n\tshows some info on the server\n"\ "\nnet ads status"\ "\n\tdump the machine account details to stdout\n" "\nnet ads password -Uadmin_username@realm%%admin_pass"\ -"\n\tchange a user's password using an admin account" -"\n\t(note: use realm in UPPERCASE)\n" -"\nnet ads chostpass" -"\n\tchange the trust account password of this machine in the AD tree\n" -"\nnet ads printer [info | publish | remove] " -"\n\t lookup, add, or remove directory entry for a printer\n" +"\n\tchange a user's password using an admin account"\ +"\n\t(note: use realm in UPPERCASE)\n"\ +"\nnet ads chostpass"\ +"\n\tchange the trust account password of this machine in the AD tree\n"\ +"\nnet ads printer [info | publish | remove] "\ +"\n\t lookup, add, or remove directory entry for a printer\n"\ +"\nnet ads search"\ +"\n\tperform a raw LDAP search and dump the results\n" ); return -1; } @@ -56,7 +58,7 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host, NULL, NULL); ads_connect(ads); if (!ads) { @@ -81,7 +83,7 @@ static ADS_STRUCT *ads_startup(void) BOOL need_password = False; BOOL second_time = False; - ads = ads_init(NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host, NULL, NULL); if (!opt_user_name) { opt_user_name = "administrator"; @@ -135,27 +137,30 @@ int net_ads_check(void) } -static void usergrp_display(char *field, void **values, void *data_area) +static BOOL usergrp_display(char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; if (!field) { /* must be end of record */ if (!strchr_m(disp_fields[0], '$')) { if (disp_fields[1]) - printf("%-21.21s %-50.50s\n", + d_printf("%-21.21s %-50.50s\n", disp_fields[0], disp_fields[1]); else - printf("%-21.21s\n", disp_fields[0]); + d_printf("%s\n", disp_fields[0]); } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); - return; + return True; } + if (!values) /* must be new field, indicate string field */ + return True; if (StrCaseCmp(field, "sAMAccountName") == 0) { - disp_fields[0] = strdup(((struct berval *) values[0])->bv_val); + disp_fields[0] = strdup((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) - disp_fields[1] = strdup(((struct berval *) values[0])->bv_val); + disp_fields[1] = strdup((char *) values[0]); + return True; /* always strings here */ } static int net_ads_user_usage(int argc, const char **argv) @@ -167,6 +172,7 @@ static int ads_user_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; + char *upn, *userdn; void *res=NULL; int rc = -1; @@ -183,18 +189,43 @@ static int ads_user_add(int argc, const char **argv) if (ads_count_replies(ads, res)) { d_printf("ads_user_add: User %s already exists\n", argv[0]); - ads_msgfree(ads, res); goto done; } status = ads_add_user_acct(ads, argv[0], opt_comment); + if (!ADS_ERR_OK(status)) { + d_printf("Could not add user %s: %s\n", argv[0], + ads_errstr(status)); + goto done; + } + + /* if no password is to be set, we're done */ + if (argc == 1) { + d_printf("User %s added\n", argv[0]); + rc = 0; + goto done; + } + + /* try setting the password */ + asprintf(&upn, "%s@%s", argv[0], ads->realm); + status = krb5_set_password(ads->kdc_server, upn, argv[1]); + safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); rc = 0; - } else { - d_printf("Could not add user %s: %s\n", argv[0], - ads_errstr(status)); + goto done; + } + + /* password didn't set, delete account */ + d_printf("Could not add user %s. Error setting password %s\n", + argv[0], ads_errstr(status)); + ads_msgfree(ads, res); + status=ads_find_user_acct(ads, &res, argv[0]); + if (ADS_ERR_OK(status)) { + userdn = ads_get_dn(ads, res); + ads_del_dn(ads, userdn); + ads_memfree(ads, userdn); } done: @@ -233,7 +264,7 @@ static int ads_user_info(int argc, const char **argv) char **groupname; for (i=0;grouplist[i];i++) { groupname = ldap_explode_dn(grouplist[i], 1); - printf("%s\n", groupname[0]); + d_printf("%s\n", groupname[0]); ldap_value_free(groupname); } ldap_value_free(grouplist); @@ -308,26 +339,111 @@ int net_ads_user(int argc, const char **argv) return net_run_function(argc, argv, func, net_ads_user_usage); } -static int net_ads_group(int argc, const char **argv) +static int net_ads_group_usage(int argc, const char **argv) +{ + return net_help_group(argc, argv); +} + +static int ads_group_add(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS status; + void *res=NULL; + int rc = -1; + + if (argc < 1) return net_ads_group_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + status = ads_find_user_acct(ads, &res, argv[0]); + + if (!ADS_ERR_OK(status)) { + d_printf("ads_group_add: %s\n", ads_errstr(status)); + goto done; + } + + if (ads_count_replies(ads, res)) { + d_printf("ads_group_add: Group %s already exists\n", argv[0]); + ads_msgfree(ads, res); + goto done; + } + + status = ads_add_group_acct(ads, argv[0], opt_comment); + + if (ADS_ERR_OK(status)) { + d_printf("Group %s added\n", argv[0]); + rc = 0; + } else { + d_printf("Could not add group %s: %s\n", argv[0], + ads_errstr(status)); + } + + done: + if (res) + ads_msgfree(ads, res); + ads_destroy(&ads); + return rc; +} + +static int ads_group_delete(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + void *res; + char *groupdn; + + if (argc < 1) return net_ads_group_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + rc = ads_find_user_acct(ads, &res, argv[0]); + if (!ADS_ERR_OK(rc)) { + DEBUG(0, ("Group %s does not exist\n", argv[0])); + return -1; + } + groupdn = ads_get_dn(ads, res); + ads_msgfree(ads, res); + rc = ads_del_dn(ads, groupdn); + ads_memfree(ads, groupdn); + if (!ADS_ERR_OK(rc)) { + d_printf("Group %s deleted\n", argv[0]); + return 0; + } + d_printf("Error deleting group %s: %s\n", argv[0], + ads_errstr(rc)); + return -1; +} + +int net_ads_group(int argc, const char **argv) { + struct functable func[] = { + {"ADD", ads_group_add}, + {"DELETE", ads_group_delete}, + {NULL, NULL} + }; ADS_STRUCT *ads; ADS_STATUS rc; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; char *disp_fields[2] = {NULL, NULL}; - if (!(ads = ads_startup())) return -1; + if (argc == 0) { + if (!(ads = ads_startup())) return -1; - if (opt_long_list_entries) - d_printf("\nGroup name Comment"\ - "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=group)", opt_long_list_entries - ? longattrs : shortattrs, usergrp_display, - disp_fields); + if (opt_long_list_entries) + d_printf("\nGroup name Comment"\ + "\n-----------------------------\n"); + rc = ads_do_search_all_fn(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=group)", + opt_long_list_entries ? longattrs : + shortattrs, usergrp_display, + disp_fields); - ads_destroy(&ads); - return 0; + ads_destroy(&ads); + return 0; + } + return net_run_function(argc, argv, func, net_ads_group_usage); } static int net_ads_status(int argc, const char **argv) @@ -485,7 +601,7 @@ static int net_ads_printer_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - char *servername, *printername; + const char *servername, *printername; extern pstring global_myname; void *res = NULL; @@ -521,6 +637,11 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } +void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len) +{ + return; +} + static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; @@ -528,6 +649,7 @@ static int net_ads_printer_publish(int argc, const char **argv) char *uncname, *servername; ADS_PRINTER_ENTRY prt; extern pstring global_myname; + char *ports[2] = {"Samba", NULL}; /* these const strings are only here as an example. The attributes @@ -536,7 +658,6 @@ static int net_ads_printer_publish(int argc, const char **argv) const char *bins[] = {"Tray 21", NULL}; const char *media[] = {"Letter", NULL}; const char *orients[] = {"PORTRAIT", NULL}; - const char *ports[] = {"Samba", NULL}; if (!(ads = ads_startup())) return -1; @@ -545,6 +666,9 @@ static int net_ads_printer_publish(int argc, const char **argv) memset(&prt, 0, sizeof(ADS_PRINTER_ENTRY)); + /* we don't sue the servername or unc name provided by + get_a_printer, because the server name might be + localhost or an ip address */ prt.printerName = argv[0]; asprintf(&servername, "%s.%s", global_myname, ads->realm); prt.serverName = servername; @@ -557,7 +681,7 @@ static int net_ads_printer_publish(int argc, const char **argv) prt.printOrientationsSupported = (char **) orients; prt.portName = (char **) ports; prt.printSpooling = "PrintAfterSpooled"; - + rc = ads_add_printer(ads, &prt); if (!ADS_ERR_OK(rc)) { d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); @@ -650,7 +774,7 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init(realm, NULL, NULL, NULL, NULL))) return -1; asprintf(&prompt, "Enter new password for %s:", argv[0]); @@ -681,8 +805,7 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) char *hostname; ADS_STATUS ret; - - if (!(ads = ads_init(NULL, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init_simple())) return -1; hostname = strdup(global_myname); strlower(hostname); @@ -706,19 +829,79 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) return 0; } +/* + help for net ads search +*/ +static int net_ads_search_usage(int argc, const char **argv) +{ + d_printf( + "\nnet ads search \n"\ + "\nperform a raw LDAP search on a ADS server and dump the results\n"\ + "The expression is a standard LDAP search expression, and the\n"\ + "attributes are a list of LDAP fields to show in the results\n\n"\ + "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n" + ); + net_common_flags_usage(argc, argv); + return -1; +} + + +/* + general ADS search function. Useful in diagnosing problems in ADS +*/ +static int net_ads_search(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + const char *exp; + const char **attrs; + void *res = NULL; + + if (argc < 1) { + return net_ads_search_usage(argc, argv); + } + + if (!(ads = ads_startup())) { + return -1; + } + + exp = argv[0]; + attrs = (argv + 1); + + rc = ads_do_search_all(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + exp, attrs, &res); + if (!ADS_ERR_OK(rc)) { + d_printf("search failed: %s\n", ads_errstr(rc)); + return -1; + } + + d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); + + /* dump the results */ + ads_dump(ads, res); + + ads_msgfree(ads, res); + ads_destroy(&ads); + + return 0; +} + + int net_ads_help(int argc, const char **argv) { struct functable func[] = { {"USER", net_ads_user_usage}, + {"GROUP", net_ads_group_usage}, + {"PRINTER", net_ads_printer_usage}, + {"SEARCH", net_ads_search_usage}, #if 0 {"INFO", net_ads_info}, {"JOIN", net_ads_join}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, - {"GROUP", net_ads_group}, {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, - {"PRINTER", net_ads_printer}, #endif {NULL, NULL} }; @@ -738,6 +921,7 @@ int net_ads(int argc, const char **argv) {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, {"PRINTER", net_ads_printer}, + {"SEARCH", net_ads_search}, {"HELP", net_ads_help}, {NULL, NULL} }; @@ -773,6 +957,11 @@ int net_ads_user(int argc, const char **argv) return net_ads_noads(); } +int net_ads_group(int argc, const char **argv) +{ + return net_ads_noads(); +} + /* this one shouldn't display a message */ int net_ads_check(void) { -- cgit From f0255b38bc17f4da9a63b2be4c3ce505688e933e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 17 Aug 2002 14:45:04 +0000 Subject: sync 3.0 branch with HEAD (This used to be commit 1b83b78e332b9d28914eff155530e81cf2073a58) --- source3/utils/net_ads.c | 141 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 114 insertions(+), 27 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index fa3eac6bd3..ad405fe68c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -32,6 +32,8 @@ int net_ads_usage(int argc, const char **argv) "\n\tjoins the local machine to a ADS realm\n"\ "\nnet ads leave"\ "\n\tremoves the local machine from a ADS realm\n"\ +"\nnet ads testjoin"\ +"\n\ttests that an exiting join is OK\n"\ "\nnet ads user"\ "\n\tlist, add, or delete users in the realm\n"\ "\nnet ads group"\ @@ -58,18 +60,23 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host); + + if (ads) { + ads->auth.no_bind = 1; + } + ads_connect(ads); - if (!ads) { + if (!ads || !ads->config.realm) { d_printf("Didn't find the ldap server!\n"); return -1; } - d_printf("LDAP server: %s\n", ads->ldap_server); - d_printf("LDAP server name: %s\n", ads->ldap_server_name); - d_printf("Realm: %s\n", ads->realm); - d_printf("Bind Path: %s\n", ads->bind_path); + d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip)); + d_printf("LDAP server name: %s\n", ads->config.ldap_server_name); + d_printf("Realm: %s\n", ads->config.realm); + d_printf("Bind Path: %s\n", ads->config.bind_path); d_printf("LDAP port: %d\n", ads->ldap_port); return 0; @@ -83,7 +90,7 @@ static ADS_STRUCT *ads_startup(void) BOOL need_password = False; BOOL second_time = False; - ads = ads_init(NULL, NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; @@ -101,9 +108,9 @@ retry: } if (opt_password) - ads->password = strdup(opt_password); + ads->auth.password = strdup(opt_password); - ads->user_name = strdup(opt_user_name); + ads->auth.user_name = strdup(opt_user_name); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { @@ -136,8 +143,38 @@ int net_ads_check(void) return 0; } +/* + determine the netbios workgroup name for a domain + */ +static int net_ads_workgroup(int argc, const char **argv) +{ + ADS_STRUCT *ads; + TALLOC_CTX *ctx; + char *workgroup; + + if (!(ads = ads_startup())) return -1; + + if (!(ctx = talloc_init_named("net_ads_workgroup"))) { + return -1; + } + + if (!ADS_ERR_OK(ads_workgroup_name(ads, ctx, &workgroup))) { + d_printf("Failed to find workgroup for realm '%s'\n", + ads->config.realm); + talloc_destroy(ctx); + return -1; + } -static BOOL usergrp_display(char *field, void **values, void *data_area) + d_printf("Workgroup: %s\n", workgroup); + + talloc_destroy(ctx); + + return 0; +} + + + +static void usergrp_display(char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; @@ -151,16 +188,15 @@ static BOOL usergrp_display(char *field, void **values, void *data_area) } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); - return True; + return; } if (!values) /* must be new field, indicate string field */ - return True; + return; if (StrCaseCmp(field, "sAMAccountName") == 0) { disp_fields[0] = strdup((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) disp_fields[1] = strdup((char *) values[0]); - return True; /* always strings here */ } static int net_ads_user_usage(int argc, const char **argv) @@ -208,8 +244,8 @@ static int ads_user_add(int argc, const char **argv) } /* try setting the password */ - asprintf(&upn, "%s@%s", argv[0], ads->realm); - status = krb5_set_password(ads->kdc_server, upn, argv[1]); + asprintf(&upn, "%s@%s", argv[0], ads->config.realm); + status = krb5_set_password(ads->auth.kdc_server, upn, argv[1]); safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); @@ -326,7 +362,7 @@ int net_ads_user(int argc, const char **argv) d_printf("\nUser name Comment"\ "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->bind_path, + rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, "(objectclass=user)", opt_long_list_entries ? longattrs : @@ -433,7 +469,7 @@ int net_ads_group(int argc, const char **argv) if (opt_long_list_entries) d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->bind_path, + rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, "(objectclass=group)", opt_long_list_entries ? longattrs : @@ -494,15 +530,54 @@ static int net_ads_leave(int argc, const char **argv) rc = ads_leave_realm(ads, global_myname); if (!ADS_ERR_OK(rc)) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", - global_myname, ads->realm); + global_myname, ads->config.realm); return -1; } - d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->realm); + d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->config.realm); + + return 0; +} + +static int net_ads_join_ok(void) +{ + ADS_STRUCT *ads = NULL; + extern pstring global_myname; + + if (!secrets_init()) { + DEBUG(1,("Failed to initialise secrets database\n")); + return -1; + } + + asprintf(&opt_user_name, "%s$", global_myname); + opt_password = secrets_fetch_machine_password(); + if (!(ads = ads_startup())) { + return -1; + } + + ads_destroy(&ads); return 0; } +/* + check that an existing join is OK + */ +int net_ads_testjoin(int argc, const char **argv) +{ + /* Display success or failure */ + if (net_ads_join_ok() != 0) { + fprintf(stderr,"Join to domain is not valid\n"); + return -1; + } + + printf("Join is OK\n"); + return 0; +} + +/* + join a domain using ADS + */ int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads; @@ -529,7 +604,7 @@ int net_ads_join(int argc, const char **argv) if (!(ads = ads_startup())) return -1; ou_str = ads_ou_string(org_unit); - asprintf(&dn, "%s,%s", ou_str, ads->bind_path); + asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); free(ou_str); rc = ads_search_dn(ads, &res, dn, NULL); @@ -575,7 +650,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->realm); + d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->config.realm); free(password); @@ -670,7 +745,7 @@ static int net_ads_printer_publish(int argc, const char **argv) get_a_printer, because the server name might be localhost or an ip address */ prt.printerName = argv[0]; - asprintf(&servername, "%s.%s", global_myname, ads->realm); + asprintf(&servername, "%s.%s", global_myname, ads->config.realm); prt.serverName = servername; prt.shortServerName = global_myname; prt.versionNumber = "4"; @@ -774,13 +849,13 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, NULL, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init(realm, NULL, NULL))) return -1; asprintf(&prompt, "Enter new password for %s:", argv[0]); new_password = getpass(prompt); - ret = kerberos_set_password(ads->kdc_server, auth_principal, + ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, argv[0], new_password); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); @@ -805,11 +880,21 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) char *hostname; ADS_STATUS ret; - if (!(ads = ads_init_simple())) return -1; + if (!secrets_init()) { + DEBUG(1,("Failed to initialise secrets database\n")); + return -1; + } + + asprintf(&opt_user_name, "%s$", global_myname); + opt_password = secrets_fetch_machine_password(); + + if (!(ads = ads_startup())) { + return -1; + } hostname = strdup(global_myname); strlower(hostname); - asprintf(&host_principal, "%s@%s", hostname, ads->realm); + asprintf(&host_principal, "%s@%s", hostname, ads->config.realm); SAFE_FREE(hostname); d_printf("Changing password for principal: HOST/%s\n", host_principal); @@ -868,7 +953,7 @@ static int net_ads_search(int argc, const char **argv) exp = argv[0]; attrs = (argv + 1); - rc = ads_do_search_all(ads, ads->bind_path, + rc = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, exp, attrs, &res); if (!ADS_ERR_OK(rc)) { @@ -914,6 +999,7 @@ int net_ads(int argc, const char **argv) struct functable func[] = { {"INFO", net_ads_info}, {"JOIN", net_ads_join}, + {"TESTJOIN", net_ads_testjoin}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, {"USER", net_ads_user}, @@ -922,6 +1008,7 @@ int net_ads(int argc, const char **argv) {"CHOSTPASS", net_ads_change_localhost_pass}, {"PRINTER", net_ads_printer}, {"SEARCH", net_ads_search}, + {"WORKGROUP", net_ads_workgroup}, {"HELP", net_ads_help}, {NULL, NULL} }; -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/utils/net_ads.c | 50 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 11 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ad405fe68c..af290ce83c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -56,6 +56,31 @@ int net_ads_usage(int argc, const char **argv) } +/* + this implements the CLDAP based netlogon lookup requests + for finding the domain controller of a ADS domain +*/ +static int net_ads_lookup(int argc, const char **argv) +{ + ADS_STRUCT *ads; + + ads = ads_init(NULL, NULL, opt_host); + if (ads) { + ads->auth.flags |= ADS_AUTH_NO_BIND; + } + + ads_connect(ads); + + if (!ads || !ads->config.realm) { + d_printf("Didn't find the cldap server!\n"); + return -1; + } + + return ads_cldap_netlogon(ads); +} + + + static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; @@ -63,7 +88,7 @@ static int net_ads_info(int argc, const char **argv) ads = ads_init(NULL, NULL, opt_host); if (ads) { - ads->auth.no_bind = 1; + ads->auth.flags |= ADS_AUTH_NO_BIND; } ads_connect(ads); @@ -78,6 +103,7 @@ static int net_ads_info(int argc, const char **argv) d_printf("Realm: %s\n", ads->config.realm); d_printf("Bind Path: %s\n", ads->config.bind_path); d_printf("LDAP port: %d\n", ads->ldap_port); + d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); return 0; } @@ -174,7 +200,7 @@ static int net_ads_workgroup(int argc, const char **argv) -static void usergrp_display(char *field, void **values, void *data_area) +static BOOL usergrp_display(char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; @@ -188,15 +214,16 @@ static void usergrp_display(char *field, void **values, void *data_area) } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); - return; + return True; } if (!values) /* must be new field, indicate string field */ - return; + return True; if (StrCaseCmp(field, "sAMAccountName") == 0) { disp_fields[0] = strdup((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) disp_fields[1] = strdup((char *) values[0]); + return True; } static int net_ads_user_usage(int argc, const char **argv) @@ -245,7 +272,7 @@ static int ads_user_add(int argc, const char **argv) /* try setting the password */ asprintf(&upn, "%s@%s", argv[0], ads->config.realm); - status = krb5_set_password(ads->auth.kdc_server, upn, argv[1]); + status = krb5_set_password(ads->auth.kdc_server, upn, argv[1], ads->auth.time_offset); safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); @@ -610,7 +637,7 @@ int net_ads_join(int argc, const char **argv) rc = ads_search_dn(ads, &res, dn, NULL); ads_msgfree(ads, res); - if (rc.error_type == ADS_ERROR_LDAP && rc.rc == LDAP_NO_SUCH_OBJECT) { + if (rc.error_type == ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); return -1; @@ -628,15 +655,15 @@ int net_ads_join(int argc, const char **argv) return -1; } - rc = ads_set_machine_password(ads, global_myname, password); + rc = ads_domain_sid(ads, &dom_sid); if (!ADS_ERR_OK(rc)) { - d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); + d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); return -1; } - rc = ads_domain_sid(ads, &dom_sid); + rc = ads_set_machine_password(ads, global_myname, password); if (!ADS_ERR_OK(rc)) { - d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); + d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); return -1; } @@ -856,7 +883,7 @@ static int net_ads_password(int argc, const char **argv) new_password = getpass(prompt); ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, - auth_password, argv[0], new_password); + auth_password, argv[0], new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); @@ -1009,6 +1036,7 @@ int net_ads(int argc, const char **argv) {"PRINTER", net_ads_printer}, {"SEARCH", net_ads_search}, {"WORKGROUP", net_ads_workgroup}, + {"LOOKUP", net_ads_lookup}, {"HELP", net_ads_help}, {NULL, NULL} }; -- cgit From 2f194322d419350f35a48dff750066894d68eccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Nov 2002 23:20:50 +0000 Subject: Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89) --- source3/utils/net_ads.c | 45 +++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 26 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index af290ce83c..b138f67aa3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -513,19 +513,18 @@ static int net_ads_status(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - extern pstring global_myname; void *res; if (!(ads = ads_startup())) return -1; - rc = ads_find_machine_acct(ads, &res, global_myname); + rc = ads_find_machine_acct(ads, &res, global_myname()); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); return -1; } if (ads_count_replies(ads, res) == 0) { - d_printf("No machine account for '%s' found\n", global_myname); + d_printf("No machine account for '%s' found\n", global_myname()); return -1; } @@ -538,7 +537,6 @@ static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS rc; - extern pstring global_myname; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -546,7 +544,7 @@ static int net_ads_leave(int argc, const char **argv) } if (!opt_password) { - asprintf(&opt_user_name, "%s$", global_myname); + asprintf(&opt_user_name, "%s$", global_myname()); opt_password = secrets_fetch_machine_password(); } @@ -554,14 +552,14 @@ static int net_ads_leave(int argc, const char **argv) return -1; } - rc = ads_leave_realm(ads, global_myname); + rc = ads_leave_realm(ads, global_myname()); if (!ADS_ERR_OK(rc)) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", - global_myname, ads->config.realm); + global_myname(), ads->config.realm); return -1; } - d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->config.realm); + d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm); return 0; } @@ -569,14 +567,13 @@ static int net_ads_leave(int argc, const char **argv) static int net_ads_join_ok(void) { ADS_STRUCT *ads = NULL; - extern pstring global_myname; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - asprintf(&opt_user_name, "%s$", global_myname); + asprintf(&opt_user_name, "%s$", global_myname()); opt_password = secrets_fetch_machine_password(); if (!(ads = ads_startup())) { @@ -611,7 +608,6 @@ int net_ads_join(int argc, const char **argv) ADS_STATUS rc; char *password; char *tmp_password; - extern pstring global_myname; const char *org_unit = "Computers"; char *dn; void *res; @@ -649,7 +645,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - rc = ads_join_realm(ads, global_myname, org_unit); + rc = ads_join_realm(ads, global_myname(), org_unit); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; @@ -661,7 +657,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - rc = ads_set_machine_password(ads, global_myname, password); + rc = ads_set_machine_password(ads, global_myname(), password); if (!ADS_ERR_OK(rc)) { d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); return -1; @@ -677,7 +673,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->config.realm); + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); free(password); @@ -704,7 +700,6 @@ static int net_ads_printer_info(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; const char *servername, *printername; - extern pstring global_myname; void *res = NULL; if (!(ads = ads_startup())) return -1; @@ -717,7 +712,7 @@ static int net_ads_printer_info(int argc, const char **argv) if (argc > 1) servername = argv[1]; else - servername = global_myname; + servername = global_myname(); rc = ads_find_printer_on_server(ads, &res, printername, servername); @@ -750,7 +745,6 @@ static int net_ads_printer_publish(int argc, const char **argv) ADS_STATUS rc; char *uncname, *servername; ADS_PRINTER_ENTRY prt; - extern pstring global_myname; char *ports[2] = {"Samba", NULL}; /* @@ -772,11 +766,11 @@ static int net_ads_printer_publish(int argc, const char **argv) get_a_printer, because the server name might be localhost or an ip address */ prt.printerName = argv[0]; - asprintf(&servername, "%s.%s", global_myname, ads->config.realm); + asprintf(&servername, "%s.%s", global_myname(), ads->config.realm); prt.serverName = servername; - prt.shortServerName = global_myname; + prt.shortServerName = global_myname(); prt.versionNumber = "4"; - asprintf(&uncname, "\\\\%s\\%s", global_myname, argv[0]); + asprintf(&uncname, "\\\\%s\\%s", global_myname(), argv[0]); prt.uNCName=uncname; prt.printBinNames = (char **) bins; prt.printMediaSupported = (char **) media; @@ -799,8 +793,8 @@ static int net_ads_printer_remove(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - char *servername, *prt_dn; - extern pstring global_myname; + const char *servername; + char *prt_dn; void *res = NULL; if (!(ads = ads_startup())) return -1; @@ -811,7 +805,7 @@ static int net_ads_printer_remove(int argc, const char **argv) if (argc > 1) servername = argv[1]; else - servername = global_myname; + servername = global_myname(); rc = ads_find_printer_on_server(ads, &res, argv[0], servername); @@ -902,7 +896,6 @@ static int net_ads_password(int argc, const char **argv) static int net_ads_change_localhost_pass(int argc, const char **argv) { ADS_STRUCT *ads; - extern pstring global_myname; char *host_principal; char *hostname; ADS_STATUS ret; @@ -912,14 +905,14 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) return -1; } - asprintf(&opt_user_name, "%s$", global_myname); + asprintf(&opt_user_name, "%s$", global_myname()); opt_password = secrets_fetch_machine_password(); if (!(ads = ads_startup())) { return -1; } - hostname = strdup(global_myname); + hostname = strdup(global_myname()); strlower(hostname); asprintf(&host_principal, "%s@%s", hostname, ads->config.realm); SAFE_FREE(hostname); -- cgit From 3bea5acd2eabad7c9c71ce65c25889df87ae69f9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 18 Nov 2002 20:23:05 +0000 Subject: Next step of printer publishing. net ads printer publish [servername] Will retreive the DsSpooler and DsDriver info by rpc for a remote server then publish it. Next comes doing it within smbd (This used to be commit efeaa8f4f4104f3a4a4b12bd1d30e8efd5e3ec67) --- source3/utils/net_ads.c | 65 ++++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 31 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b138f67aa3..81a2750457 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -743,42 +743,45 @@ static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - char *uncname, *servername; - ADS_PRINTER_ENTRY prt; - char *ports[2] = {"Samba", NULL}; - - /* - these const strings are only here as an example. The attributes - they represent are not implemented yet - */ - const char *bins[] = {"Tray 21", NULL}; - const char *media[] = {"Letter", NULL}; - const char *orients[] = {"PORTRAIT", NULL}; + char *servername; + struct cli_state *cli; + struct in_addr server_ip; + NTSTATUS nt_status; + extern char *opt_workgroup; + TALLOC_CTX *mem_ctx = talloc_init(); + ADS_MODLIST mods = ads_init_mods(mem_ctx); + char *prt_dn, *srv_dn, **srv_cn; + void *res = NULL; if (!(ads = ads_startup())) return -1; if (argc < 1) return net_ads_printer_usage(argc, argv); - - memset(&prt, 0, sizeof(ADS_PRINTER_ENTRY)); - - /* we don't sue the servername or unc name provided by - get_a_printer, because the server name might be - localhost or an ip address */ - prt.printerName = argv[0]; - asprintf(&servername, "%s.%s", global_myname(), ads->config.realm); - prt.serverName = servername; - prt.shortServerName = global_myname(); - prt.versionNumber = "4"; - asprintf(&uncname, "\\\\%s\\%s", global_myname(), argv[0]); - prt.uNCName=uncname; - prt.printBinNames = (char **) bins; - prt.printMediaSupported = (char **) media; - prt.printOrientationsSupported = (char **) orients; - prt.portName = (char **) ports; - prt.printSpooling = "PrintAfterSpooled"; - - rc = ads_add_printer(ads, &prt); + + if (argc = 2) + servername = argv[1]; + else + servername = global_myname(); + + ads_find_machine_acct(ads, &res, servername); + srv_dn = ldap_get_dn(ads->ld, res); + srv_cn = ldap_explode_dn(srv_dn, 1); + asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], argv[0], srv_dn); + + resolve_name(servername, &server_ip, 0x20); + + nt_status = cli_full_connection(&cli, global_myname(), servername, + &server_ip, 0, + "IPC$", "IPC", + opt_user_name, opt_workgroup, + opt_password ? opt_password : "", + CLI_FULL_CONNECTION_USE_KERBEROS, + NULL); + + cli_nt_session_open(cli, PI_SPOOLSS); + get_remote_printer_publishing_data(cli, mem_ctx, &mods, argv[0]); + + rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); return -1; -- cgit From 46d5c060c60753b94ae97ccd48aa7a8be791feed Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 23 Nov 2002 02:51:28 +0000 Subject: jcmd really should run with a higher compiler warning level more often :-). Jeremy. (This used to be commit e93bd375b9e03d9d7038e2be66dd624f91118214) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 81a2750457..f0ea82d87c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -758,7 +758,7 @@ static int net_ads_printer_publish(int argc, const char **argv) if (argc < 1) return net_ads_printer_usage(argc, argv); - if (argc = 2) + if (argc == 2) servername = argv[1]; else servername = global_myname(); -- cgit From ef8bd7c4f7ae8192ea05db070962ecf0ff3615f3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 20 Dec 2002 20:21:31 +0000 Subject: Forward port the change to talloc_init() to make all talloc contexts named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f0ea82d87c..72dbe49c16 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -180,7 +180,7 @@ static int net_ads_workgroup(int argc, const char **argv) if (!(ads = ads_startup())) return -1; - if (!(ctx = talloc_init_named("net_ads_workgroup"))) { + if (!(ctx = talloc_init("net_ads_workgroup"))) { return -1; } @@ -748,7 +748,7 @@ static int net_ads_printer_publish(int argc, const char **argv) struct in_addr server_ip; NTSTATUS nt_status; extern char *opt_workgroup; - TALLOC_CTX *mem_ctx = talloc_init(); + TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); char *prt_dn, *srv_dn, **srv_cn; void *res = NULL; -- cgit From 634c54310c92c48dd4eceec602e230a021bdcfc5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Jan 2003 08:28:12 +0000 Subject: Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c) --- source3/utils/net_ads.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 72dbe49c16..25b6f23d2d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -544,8 +544,10 @@ static int net_ads_leave(int argc, const char **argv) } if (!opt_password) { - asprintf(&opt_user_name, "%s$", global_myname()); + char *user_name; + asprintf(&user_name, "%s$", global_myname()); opt_password = secrets_fetch_machine_password(); + opt_user_name = user_name; } if (!(ads = ads_startup())) { @@ -566,6 +568,7 @@ static int net_ads_leave(int argc, const char **argv) static int net_ads_join_ok(void) { + char *user_name; ADS_STRUCT *ads = NULL; if (!secrets_init()) { @@ -573,7 +576,8 @@ static int net_ads_join_ok(void) return -1; } - asprintf(&opt_user_name, "%s$", global_myname()); + asprintf(&user_name, "%s$", global_myname()); + opt_user_name = user_name; opt_password = secrets_fetch_machine_password(); if (!(ads = ads_startup())) { @@ -743,11 +747,10 @@ static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - char *servername; + const char *servername; struct cli_state *cli; struct in_addr server_ip; NTSTATUS nt_status; - extern char *opt_workgroup; TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); char *prt_dn, *srv_dn, **srv_cn; @@ -853,8 +856,8 @@ static int net_ads_printer(int argc, const char **argv) static int net_ads_password(int argc, const char **argv) { ADS_STRUCT *ads; - char *auth_principal = opt_user_name; - char *auth_password = opt_password; + const char *auth_principal = opt_user_name; + const char *auth_password = opt_password; char *realm = NULL; char *new_password = NULL; char *c; @@ -902,13 +905,16 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) char *host_principal; char *hostname; ADS_STATUS ret; + char *user_name; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - asprintf(&opt_user_name, "%s$", global_myname()); + asprintf(&user_name, "%s$", global_myname()); + opt_user_name = user_name; + opt_password = secrets_fetch_machine_password(); if (!(ads = ads_startup())) { -- cgit From 9eeab10e54e9e94082ced649b33ee45b4f59f858 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Jan 2003 16:10:57 +0000 Subject: [merge] * removed unused variable from rpcclient code * added container option to net command (patch from SuSE) * Makefile patch for examples/VFS from SuSE (This used to be commit 25a9681ddda47a41fac8fdc97ca50b7f4c579eaf) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 25b6f23d2d..933f63ae58 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -255,7 +255,7 @@ static int ads_user_add(int argc, const char **argv) goto done; } - status = ads_add_user_acct(ads, argv[0], opt_comment); + status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment); if (!ADS_ERR_OK(status)) { d_printf("Could not add user %s: %s\n", argv[0], @@ -431,7 +431,7 @@ static int ads_group_add(int argc, const char **argv) goto done; } - status = ads_add_group_acct(ads, argv[0], opt_comment); + status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment); if (ADS_ERR_OK(status)) { d_printf("Group %s added\n", argv[0]); -- cgit From 99cdb462083381c88689a4e698ca48b6ed4cf5ac Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Jan 2003 18:57:41 +0000 Subject: *lots of small merges form HEAD *sync up configure.in *don't build torture tools in make all *make sure to remove torture tools as part of make clean (This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef) --- source3/utils/net_ads.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 933f63ae58..29abc33fdf 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -42,6 +42,8 @@ int net_ads_usage(int argc, const char **argv) "\n\tshows some info on the server\n"\ "\nnet ads status"\ "\n\tdump the machine account details to stdout\n" +"\nnet ads lookup"\ +"\n\tperform a CLDAP search on the server\n" "\nnet ads password -Uadmin_username@realm%%admin_pass"\ "\n\tchange a user's password using an admin account"\ "\n\t(note: use realm in UPPERCASE)\n"\ -- cgit From 963e88aa90853a7e45c72cbc6630aa705b6d4e55 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 1 Feb 2003 07:59:29 +0000 Subject: Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and some misc libads fixes. Andrew Bartlett (This used to be commit 9c3a1710efba9fa4160004a554687d4b85927bb1) --- source3/utils/net_ads.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 29abc33fdf..867252c95f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -308,12 +308,18 @@ static int ads_user_info(int argc, const char **argv) const char *attrs[] = {"memberOf", NULL}; char *searchstring=NULL; char **grouplist; + char *escaped_user = escape_ldap_string_alloc(argv[0]); if (argc < 1) return net_ads_user_usage(argc, argv); if (!(ads = ads_startup())) return -1; - asprintf(&searchstring, "(sAMAccountName=%s)", argv[0]); + if (!escaped_user) { + d_printf("ads_user_info: failed to escape user %s\n", argv[0]); + return -1; + } + + asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user); rc = ads_search(ads, &res, searchstring, attrs); safe_free(searchstring); -- cgit From 52db4c66986d880cde5c0f7df7b6a017a04ba10c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Feb 2003 03:06:45 +0000 Subject: Missed a couple of files from the client-side kerberos merge (This used to be commit 56934f303c0551df858cc6d6ad32d0b37fcd1307) --- source3/utils/net_ads.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 867252c95f..75bb29f213 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -110,6 +110,11 @@ static int net_ads_info(int argc, const char **argv) return 0; } +static void use_in_memory_ccache(void) { + /* Use in-memory credentials cache so we do not interfere with + * existing credentials */ + setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); +} static ADS_STRUCT *ads_startup(void) { @@ -124,8 +129,10 @@ static ADS_STRUCT *ads_startup(void) opt_user_name = "administrator"; } - if (opt_user_specified) + if (opt_user_specified) { need_password = True; + use_in_memory_ccache(); + } retry: if (!opt_password && need_password) { @@ -601,6 +608,8 @@ static int net_ads_join_ok(void) */ int net_ads_testjoin(int argc, const char **argv) { + use_in_memory_ccache(); + /* Display success or failure */ if (net_ads_join_ok() != 0) { fprintf(stderr,"Join to domain is not valid\n"); @@ -878,7 +887,8 @@ static int net_ads_password(int argc, const char **argv) (strchr(argv[0], '@') == NULL)) { return net_ads_usage(argc, argv); } - + + use_in_memory_ccache(); c = strchr(auth_principal, '@'); realm = ++c; @@ -925,6 +935,8 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) opt_password = secrets_fetch_machine_password(); + use_in_memory_ccache(); + if (!(ads = ads_startup())) { return -1; } -- cgit From c945a9c97ffe476313ac64aa07f631c939654683 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Mar 2003 22:33:34 +0000 Subject: Merge from HEAD: new 'net ads dn' doxygen fixes net help fixes. (This used to be commit de24fcb097ebf0d1aec92e787622cab64d10c553) --- source3/utils/net_ads.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 66 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 75bb29f213..8cd3bac802 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -53,6 +53,8 @@ int net_ads_usage(int argc, const char **argv) "\n\t lookup, add, or remove directory entry for a printer\n"\ "\nnet ads search"\ "\n\tperform a raw LDAP search and dump the results\n" +"\nnet ads dn"\ +"\n\tperform a raw LDAP search and dump attributes of a particular DN\n" ); return -1; } @@ -131,7 +133,6 @@ static ADS_STRUCT *ads_startup(void) if (opt_user_specified) { need_password = True; - use_in_memory_ccache(); } retry: @@ -142,8 +143,10 @@ retry: free(prompt); } - if (opt_password) + if (opt_password) { + use_in_memory_ccache(); ads->auth.password = strdup(opt_password); + } ads->auth.user_name = strdup(opt_user_name); @@ -1002,7 +1005,7 @@ static int net_ads_search(int argc, const char **argv) exp = argv[0]; attrs = (argv + 1); - rc = ads_do_search_all(ads, ads->config.bind_path, + rc = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, exp, attrs, &res); if (!ADS_ERR_OK(rc)) { @@ -1022,6 +1025,65 @@ static int net_ads_search(int argc, const char **argv) } +/* + help for net ads search +*/ +static int net_ads_dn_usage(int argc, const char **argv) +{ + d_printf( + "\nnet ads dn \n"\ + "\nperform a raw LDAP search on a ADS server and dump the results\n"\ + "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"\ + "to show in the results\n\n"\ + "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n" + ); + net_common_flags_usage(argc, argv); + return -1; +} + + +/* + general ADS search function. Useful in diagnosing problems in ADS +*/ +static int net_ads_dn(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + const char *dn; + const char **attrs; + void *res = NULL; + + if (argc < 1) { + return net_ads_dn_usage(argc, argv); + } + + if (!(ads = ads_startup())) { + return -1; + } + + dn = argv[0]; + attrs = (argv + 1); + + rc = ads_do_search_all(ads, dn, + LDAP_SCOPE_BASE, + "(objectclass=*)", attrs, &res); + if (!ADS_ERR_OK(rc)) { + d_printf("search failed: %s\n", ads_errstr(rc)); + return -1; + } + + d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); + + /* dump the results */ + ads_dump(ads, res); + + ads_msgfree(ads, res); + ads_destroy(&ads); + + return 0; +} + + int net_ads_help(int argc, const char **argv) { struct functable func[] = { @@ -1057,6 +1119,7 @@ int net_ads(int argc, const char **argv) {"CHOSTPASS", net_ads_change_localhost_pass}, {"PRINTER", net_ads_printer}, {"SEARCH", net_ads_search}, + {"DN", net_ads_dn}, {"WORKGROUP", net_ads_workgroup}, {"LOOKUP", net_ads_lookup}, {"HELP", net_ads_help}, -- cgit From 83a580f49a3a7f5aff0aab3946faee0892239251 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Mar 2003 22:58:24 +0000 Subject: Merge from HEAD: net ads password Heimdal compile fixes. Andrew Bartlett (This used to be commit 3aa4f923e99f453310bb4a8d43ce43757591909d) --- source3/utils/net_ads.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8cd3bac802..b4697d73dd 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -899,6 +899,15 @@ static int net_ads_password(int argc, const char **argv) in realms other than default */ if (!(ads = ads_init(realm, NULL, NULL))) return -1; + /* we don't actually need a full connect, but it's the easy way to + fill in the KDC's addresss */ + ads_connect(ads); + + if (!ads || !ads->config.realm) { + d_printf("Didn't find the kerberos server!\n"); + return -1; + } + asprintf(&prompt, "Enter new password for %s:", argv[0]); new_password = getpass(prompt); -- cgit From 9397cdba5201245968f3a13d468dd0f22d9cc0d2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 14 Apr 2003 22:27:09 +0000 Subject: - Change ADS CHOSTPASS -> ADS CHANGETRUSTPW - Add general CHANGETRUSTPW function that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW (Merged from HEAD) (This used to be commit f0982e1102276453d79e438ffb90c9fa305ff98b) --- source3/utils/net_ads.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b4697d73dd..71b7a0802f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -47,7 +47,7 @@ int net_ads_usage(int argc, const char **argv) "\nnet ads password -Uadmin_username@realm%%admin_pass"\ "\n\tchange a user's password using an admin account"\ "\n\t(note: use realm in UPPERCASE)\n"\ -"\nnet ads chostpass"\ +"\nnet ads changetrustpw"\ "\n\tchange the trust account password of this machine in the AD tree\n"\ "\nnet ads printer [info | publish | remove] "\ "\n\t lookup, add, or remove directory entry for a printer\n"\ @@ -929,7 +929,7 @@ static int net_ads_password(int argc, const char **argv) } -static int net_ads_change_localhost_pass(int argc, const char **argv) +int net_ads_changetrustpw(int argc, const char **argv) { ADS_STRUCT *ads; char *host_principal; @@ -1106,7 +1106,7 @@ int net_ads_help(int argc, const char **argv) {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, {"PASSWORD", net_ads_password}, - {"CHOSTPASS", net_ads_change_localhost_pass}, + {"CHANGETRUSTPW", net_ads_changetrustpw}, #endif {NULL, NULL} }; @@ -1125,7 +1125,7 @@ int net_ads(int argc, const char **argv) {"USER", net_ads_user}, {"GROUP", net_ads_group}, {"PASSWORD", net_ads_password}, - {"CHOSTPASS", net_ads_change_localhost_pass}, + {"CHANGETRUSTPW", net_ads_changetrustpw}, {"PRINTER", net_ads_printer}, {"SEARCH", net_ads_search}, {"DN", net_ads_dn}, @@ -1156,6 +1156,11 @@ int net_ads_help(int argc, const char **argv) return net_ads_noads(); } +int net_ads_changetrustpw(int argc, const char **argv) +{ + return net_ads_noads(); +} + int net_ads_join(int argc, const char **argv) { return net_ads_noads(); -- cgit From f071020f5e49837154581c97c5af5f84d0e2de89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Apr 2003 14:09:03 +0000 Subject: Merge from HEAD - save the type of channel used to contact the DC. This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a) --- source3/utils/net_ads.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 71b7a0802f..3615fd0e94 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -564,7 +564,7 @@ static int net_ads_leave(int argc, const char **argv) if (!opt_password) { char *user_name; asprintf(&user_name, "%s$", global_myname()); - opt_password = secrets_fetch_machine_password(); + opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); opt_user_name = user_name; } @@ -596,7 +596,7 @@ static int net_ads_join_ok(void) asprintf(&user_name, "%s$", global_myname()); opt_user_name = user_name; - opt_password = secrets_fetch_machine_password(); + opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); if (!(ads = ads_startup())) { return -1; @@ -637,6 +637,8 @@ int net_ads_join(int argc, const char **argv) void *res; DOM_SID dom_sid; char *ou_str; + uint32 sec_channel_type; + uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT; if (argc > 0) org_unit = argv[0]; @@ -645,6 +647,11 @@ int net_ads_join(int argc, const char **argv) return -1; } + /* check what type of join + TODO: make this variable like RPC + */ + account_type = UF_WORKSTATION_TRUST_ACCOUNT; + tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); @@ -669,7 +676,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - rc = ads_join_realm(ads, global_myname(), org_unit); + rc = ads_join_realm(ads, global_myname(), account_type, org_unit); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; @@ -692,7 +699,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - if (!secrets_store_machine_password(password)) { + if (!secrets_store_machine_password(password, lp_workgroup(), sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); return -1; } @@ -945,7 +952,7 @@ int net_ads_changetrustpw(int argc, const char **argv) asprintf(&user_name, "%s$", global_myname()); opt_user_name = user_name; - opt_password = secrets_fetch_machine_password(); + opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); use_in_memory_ccache(); -- cgit From 96e1202f23177d07097eef09c36cf4eef22ae000 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Apr 2003 05:32:01 +0000 Subject: Fix up bugs in the new 'store sec_channel type' code - we were always joining as a BDC. Andrew Bartlett (This used to be commit f35674e7552dcfece342e7bece10bbfb0e81cbf8) --- source3/utils/net_ads.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3615fd0e94..a498104bce 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -637,7 +637,7 @@ int net_ads_join(int argc, const char **argv) void *res; DOM_SID dom_sid; char *ou_str; - uint32 sec_channel_type; + uint32 sec_channel_type = SEC_CHAN_WKSTA; uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT; if (argc > 0) org_unit = argv[0]; @@ -647,11 +647,6 @@ int net_ads_join(int argc, const char **argv) return -1; } - /* check what type of join - TODO: make this variable like RPC - */ - account_type = UF_WORKSTATION_TRUST_ACCOUNT; - tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); -- cgit From 7b126ce7a0061c717b1561adf3ad06811ddb936d Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Tue, 29 Apr 2003 15:15:31 +0000 Subject: Like net rpc user -l, let net ads user -l allow more than 50 characters in comments. (This used to be commit b5b1732b1144c9bcf5c3b08f6f9da9ad8875f5f7) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a498104bce..d775135e0a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -219,7 +219,7 @@ static BOOL usergrp_display(char *field, void **values, void *data_area) if (!field) { /* must be end of record */ if (!strchr_m(disp_fields[0], '$')) { if (disp_fields[1]) - d_printf("%-21.21s %-50.50s\n", + d_printf("%-21.21s %s\n", disp_fields[0], disp_fields[1]); else d_printf("%s\n", disp_fields[0]); -- cgit From 6a19f354e5ff4e0de91783b23a8161769220e844 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 4 May 2003 02:48:11 +0000 Subject: Patch from Ken Cross to allow an ADS domain join with a username of the form user@realm, where realm might not be the realm we are joining. Andrew Bartlett (This used to be commit 00e08efb5cd21bf42be9125d3188efbf9d13b8b7) --- source3/utils/net_ads.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d775135e0a..1a50f9d270 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -109,6 +109,9 @@ static int net_ads_info(int argc, const char **argv) d_printf("LDAP port: %d\n", ads->ldap_port); d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); + d_printf("KDC server: %s\n", ads->auth.kdc_server ); + d_printf("Server time offset: %d\n", ads->auth.time_offset ); + return 0; } @@ -124,6 +127,7 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; + char *cp; ads = ads_init(NULL, NULL, opt_host); @@ -145,12 +149,24 @@ retry: if (opt_password) { use_in_memory_ccache(); - ads->auth.password = strdup(opt_password); + ads->auth.password = smb_xstrdup(opt_password); } - ads->auth.user_name = strdup(opt_user_name); + ads->auth.user_name = smb_xstrdup(opt_user_name); + + /* + * If the username is of the form "name@realm", + * extract the realm and convert to upper case. + * This is only used to establish the connection. + */ + if (cp = strchr(ads->auth.user_name, '@')) { + *cp++ = '\0'; + ads->auth.realm = smb_xstrdup(cp); + strupper(ads->auth.realm); + } status = ads_connect(ads); + if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { need_password = True; -- cgit From 6abef0810007c317c3ee866eb3933ce2c696085f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 12 May 2003 21:27:54 +0000 Subject: Fix obvious compiler warnings. Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 1a50f9d270..626db96994 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -159,7 +159,7 @@ retry: * extract the realm and convert to upper case. * This is only used to establish the connection. */ - if (cp = strchr(ads->auth.user_name, '@')) { + if ((cp = strchr(ads->auth.user_name, '@'))!=0) { *cp++ = '\0'; ads->auth.realm = smb_xstrdup(cp); strupper(ads->auth.realm); -- cgit From 0463fc2d77293f496a4bff8525b8671f7d5b060a Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 30 May 2003 19:51:09 +0000 Subject: Fix bug #137: krb5_set_password is already defined in MIT 1.3 libs, so we wouldn't build. (This used to be commit 0e9836c4e9e71494b10d71a5f3d5f7da2888c5ef) --- source3/utils/net_ads.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 626db96994..5051f18188 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -300,7 +300,8 @@ static int ads_user_add(int argc, const char **argv) /* try setting the password */ asprintf(&upn, "%s@%s", argv[0], ads->config.realm); - status = krb5_set_password(ads->auth.kdc_server, upn, argv[1], ads->auth.time_offset); + status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1], + ads->auth.time_offset); safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); -- cgit From 0d556758de08a450fe7a725acef9c73c76688d81 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jun 2003 04:15:55 +0000 Subject: use lp_realm() to find the default realm for 'net ads password' (This used to be commit 21d92802781ac224f569a990df3ec1070f0da434) --- source3/utils/net_ads.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5051f18188..9a824e2662 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -899,20 +899,34 @@ static int net_ads_password(int argc, const char **argv) const char *auth_password = opt_password; char *realm = NULL; char *new_password = NULL; - char *c; - char *prompt; + char *c, *prompt; + const char *user; ADS_STATUS ret; + if (opt_user_name == NULL || opt_password == NULL) { + d_printf("You must supply an administrator username/password\n"); + return -1; + } + - if ((argc != 1) || (opt_user_name == NULL) || - (opt_password == NULL) || (strchr(opt_user_name, '@') == NULL) || - (strchr(argv[0], '@') == NULL)) { - return net_ads_usage(argc, argv); + if (argc != 1) { + d_printf("ERROR: You must say which username to change password for\n"); + return -1; + } + + user = argv[0]; + if (!strchr(user, '@')) { + asprintf(&c, "%s@%s", argv[0], lp_realm()); + user = c; } use_in_memory_ccache(); c = strchr(auth_principal, '@'); - realm = ++c; + if (c) { + realm = ++c; + } else { + realm = lp_realm(); + } /* use the realm so we can eventually change passwords for users in realms other than default */ @@ -927,12 +941,12 @@ static int net_ads_password(int argc, const char **argv) return -1; } - asprintf(&prompt, "Enter new password for %s:", argv[0]); + asprintf(&prompt, "Enter new password for %s:", user); new_password = getpass(prompt); ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, - auth_password, argv[0], new_password, ads->auth.time_offset); + auth_password, user, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); @@ -940,7 +954,7 @@ static int net_ads_password(int argc, const char **argv) return -1; } - d_printf("Password change for %s completed.\n", argv[0]); + d_printf("Password change for %s completed.\n", user); ads_destroy(&ads); free(prompt); -- cgit From 9d4b66c9744297b7daf52177d2561f14e0579a2f Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 30 Jun 2003 05:45:27 +0000 Subject: Yet more shadow variable warnings. (This used to be commit b401e78b6eb7efa2af74a7e645c3b34091041769) --- source3/utils/net_ads.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9a824e2662..9454cbc9f5 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1032,7 +1032,7 @@ static int net_ads_search(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - const char *exp; + const char *ldap_exp; const char **attrs; void *res = NULL; @@ -1044,12 +1044,12 @@ static int net_ads_search(int argc, const char **argv) return -1; } - exp = argv[0]; + ldap_exp = argv[0]; attrs = (argv + 1); rc = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, - exp, attrs, &res); + ldap_exp, attrs, &res); if (!ADS_ERR_OK(rc)) { d_printf("search failed: %s\n", ads_errstr(rc)); return -1; -- cgit From baf439cd55d79133e2fca598834e362a81a911a4 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Jul 2003 05:08:51 +0000 Subject: Implemented 'net ads printer search' which searches the directory for published printers. At the moment we don't search using any parameters but this can be fixed by changing the LDAP search string. Also we should contact the global catalog at SRV _gc._tcp instead of the ldap server we get back from ads_startup(). (This used to be commit 814519c5de7f962623163b732c8589abd355d845) --- source3/utils/net_ads.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9454cbc9f5..84bec81434 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -726,6 +726,8 @@ int net_ads_join(int argc, const char **argv) int net_ads_printer_usage(int argc, const char **argv) { d_printf( +"\nnet ads printer search " +"\n\tsearch for a printer in the directory" "\nnet ads printer info " "\n\tlookup info in directory for printer on server" "\n\t(note: printer defaults to \"*\", server defaults to local)\n" @@ -738,6 +740,35 @@ int net_ads_printer_usage(int argc, const char **argv) return -1; } +static int net_ads_printer_search(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + void *res = NULL; + + if (!(ads = ads_startup())) + return -1; + + rc = ads_find_printers(ads, &res); + + if (!ADS_ERR_OK(rc)) { + d_printf("ads_find_printer: %s\n", ads_errstr(rc)); + ads_msgfree(ads, res); + return -1; + } + + if (ads_count_replies(ads, res) == 0) { + d_printf("No results found\n"); + ads_msgfree(ads, res); + return -1; + } + + ads_dump(ads, res); + ads_msgfree(ads, res); + + return 0; +} + static int net_ads_printer_info(int argc, const char **argv) { ADS_STRUCT *ads; @@ -882,6 +913,7 @@ static int net_ads_printer_remove(int argc, const char **argv) static int net_ads_printer(int argc, const char **argv) { struct functable func[] = { + {"SEARCH", net_ads_printer_search}, {"INFO", net_ads_printer_info}, {"PUBLISH", net_ads_printer_publish}, {"REMOVE", net_ads_printer_remove}, -- cgit From ecb86e5e88579373f3a26f744ae5cdc1a63d9d2d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Jul 2003 05:58:55 +0000 Subject: Some fixes for ads printer publish: - check error return for cli_full_connection() when trying to obtain printer data - check error return on ads_find_machine_acct() - Minor reformatting to separate fetching printer data from publishing it (This used to be commit 94fe3b2cdfa67c9d74edc00a436b5eacbf3e0dc4) --- source3/utils/net_ads.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 84bec81434..e97ab6fc2b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -817,7 +817,7 @@ static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - const char *servername; + const char *servername, *printername; struct cli_state *cli; struct in_addr server_ip; NTSTATUS nt_status; @@ -831,15 +831,14 @@ static int net_ads_printer_publish(int argc, const char **argv) if (argc < 1) return net_ads_printer_usage(argc, argv); + printername = argv[0]; + if (argc == 2) servername = argv[1]; else servername = global_myname(); - ads_find_machine_acct(ads, &res, servername); - srv_dn = ldap_get_dn(ads->ld, res); - srv_cn = ldap_explode_dn(srv_dn, 1); - asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], argv[0], srv_dn); + /* Get printer data from SPOOLSS */ resolve_name(servername, &server_ip, 0x20); @@ -851,8 +850,29 @@ static int net_ads_printer_publish(int argc, const char **argv) CLI_FULL_CONNECTION_USE_KERBEROS, NULL); + if (NT_STATUS_IS_ERR(nt_status)) { + d_printf("Unable to open a connnection to %s to obtain data " + "for %s\n", servername, printername); + return -1; + } + + /* Publish on AD server */ + + ads_find_machine_acct(ads, &res, servername); + + if (ads_count_replies(ads, res) == 0) { + d_printf("Could not find machine account for server %s\n", + servername); + return -1; + } + + srv_dn = ldap_get_dn(ads->ld, res); + srv_cn = ldap_explode_dn(srv_dn, 1); + + asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn); + cli_nt_session_open(cli, PI_SPOOLSS); - get_remote_printer_publishing_data(cli, mem_ctx, &mods, argv[0]); + get_remote_printer_publishing_data(cli, mem_ctx, &mods, printername); rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { -- cgit From ce72beb2b558d86fb49063c6b1fa00e07952ce56 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Jul 2003 19:11:31 +0000 Subject: Removed strupper/strlower macros that automatically map to strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e97ab6fc2b..69d282420d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -162,7 +162,7 @@ retry: if ((cp = strchr(ads->auth.user_name, '@'))!=0) { *cp++ = '\0'; ads->auth.realm = smb_xstrdup(cp); - strupper(ads->auth.realm); + strupper_m(ads->auth.realm); } status = ads_connect(ads); @@ -1039,7 +1039,7 @@ int net_ads_changetrustpw(int argc, const char **argv) } hostname = strdup(global_myname()); - strlower(hostname); + strlower_m(hostname); asprintf(&host_principal, "%s@%s", hostname, ads->config.realm); SAFE_FREE(hostname); d_printf("Changing password for principal: HOST/%s\n", host_principal); -- cgit From 5ab880d684a3df5d8dee6066d31faad524de9c7f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Jul 2003 03:42:10 +0000 Subject: Use the specified workgroup in 'net ads'. (Defaults to lp_workgroup()). Andrew Bartlett (This used to be commit e6cc5ca780f24f19dda65a499fda95bd2d99ea93) --- source3/utils/net_ads.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 69d282420d..edf5ec37c2 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -68,7 +68,7 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, NULL, opt_host); + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } @@ -89,7 +89,7 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, NULL, opt_host); + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; @@ -129,7 +129,7 @@ static ADS_STRUCT *ads_startup(void) BOOL second_time = False; char *cp; - ads = ads_init(NULL, NULL, opt_host); + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; -- cgit From 29ca70cd34d3ba927ea1a9915ebd247f64965bd5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Jul 2003 23:49:29 +0000 Subject: Add a command line option (-S on|off|required) to enable signing on client connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index edf5ec37c2..631e235127 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -848,7 +848,7 @@ static int net_ads_printer_publish(int argc, const char **argv) opt_user_name, opt_workgroup, opt_password ? opt_password : "", CLI_FULL_CONNECTION_USE_KERBEROS, - NULL); + Undefined, NULL); if (NT_STATUS_IS_ERR(nt_status)) { d_printf("Unable to open a connnection to %s to obtain data " -- cgit From f1be3a5c5defc2df94550b90b7dd2ed4ab0cb1f2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Aug 2003 22:47:10 +0000 Subject: - Make 'net' use a single funciton for setting the 'use machine account' code. - Make winbindd try to use kerberos for connections to DCs, so that it can access RA=2 servers, particularly for netlogon. - Make rpcclient follow the new flags for the NETLOGON pipe - Make all the code that uses schannel use the centralised functions for doing so. Andrew Bartlett (This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf) --- source3/utils/net_ads.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 631e235127..352431a938 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -579,10 +579,7 @@ static int net_ads_leave(int argc, const char **argv) } if (!opt_password) { - char *user_name; - asprintf(&user_name, "%s$", global_myname()); - opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); - opt_user_name = user_name; + net_use_machine_password(); } if (!(ads = ads_startup())) { @@ -603,7 +600,6 @@ static int net_ads_leave(int argc, const char **argv) static int net_ads_join_ok(void) { - char *user_name; ADS_STRUCT *ads = NULL; if (!secrets_init()) { @@ -611,9 +607,7 @@ static int net_ads_join_ok(void) return -1; } - asprintf(&user_name, "%s$", global_myname()); - opt_user_name = user_name; - opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); + net_use_machine_password(); if (!(ads = ads_startup())) { return -1; @@ -648,6 +642,7 @@ int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; char *password; + char *machine_account = NULL; char *tmp_password; const char *org_unit = "Computers"; char *dn; @@ -669,6 +664,16 @@ int net_ads_join(int argc, const char **argv) if (!(ads = ads_startup())) return -1; + if (!*lp_realm()) { + d_printf("realm must be set in in smb.conf for ADS join to succeed.\n"); + return -1; + } + + if (strcmp(ads->config.realm, lp_realm()) != 0) { + d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); + return -1; + } + ou_str = ads_ou_string(org_unit); asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); free(ou_str); @@ -696,11 +701,16 @@ int net_ads_join(int argc, const char **argv) rc = ads_domain_sid(ads, &dom_sid); if (!ADS_ERR_OK(rc)) { - d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); + d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); + return -1; + } + + if (asprintf(&machine_account, "%s$", global_myname()) == -1) { + d_printf("asprintf failed\n"); return -1; } - rc = ads_set_machine_password(ads, global_myname(), password); + rc = ads_set_machine_password(ads, machine_account, password); if (!ADS_ERR_OK(rc)) { d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); return -1; @@ -718,7 +728,8 @@ int net_ads_join(int argc, const char **argv) d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); - free(password); + SAFE_FREE(password); + SAFE_FREE(machine_account); return 0; } @@ -1020,17 +1031,13 @@ int net_ads_changetrustpw(int argc, const char **argv) char *host_principal; char *hostname; ADS_STATUS ret; - char *user_name; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - asprintf(&user_name, "%s$", global_myname()); - opt_user_name = user_name; - - opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); + net_use_machine_password(); use_in_memory_ccache(); -- cgit From bf0f3be29dc04f51ebf18425abb41979fdb7897a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 4 Sep 2003 19:45:04 +0000 Subject: Check in Andrew's fix for bug #305 (always use lp_realm() ) Also make sure thet ads_startup uses lp_realm instead of just relying on the workgroup name. Fixes bug in net ads join when the workgroup defaults to "WORKGROUP" and we ignore the realm name. (This used to be commit b1763ace4e85f41574894e3807cabb5196fec661) --- source3/utils/net_ads.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 352431a938..0e909a6087 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -127,9 +127,14 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; - char *cp; + char *cp; - ads = ads_init(NULL, opt_target_workgroup, opt_host); + /* lp_realm() should be handled by a command line param, + However, the join requires that realm be set in smb.conf + and compares our realm with the remote server's so this is + ok until someone needs more flexibility */ + + ads = ads_init(lp_realm(), opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; -- cgit From 7544b0c77382e300da0e2daf2b325527a23e6ddc Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 5 Sep 2003 17:57:45 +0000 Subject: fixes for ads domain membership when only the realm is defined in smb.conf Fixes to ensure we work with disable netbios = yes (This used to be commit 3913e43724870c62a0d77ec3e73cbe9480cb6247) --- source3/utils/net_ads.c | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 0e909a6087..3b955742d8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -656,6 +656,8 @@ int net_ads_join(int argc, const char **argv) char *ou_str; uint32 sec_channel_type = SEC_CHAN_WKSTA; uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT; + char *short_domain_name = NULL; + TALLOC_CTX *ctx = NULL; if (argc > 0) org_unit = argv[0]; @@ -720,7 +722,33 @@ int net_ads_join(int argc, const char **argv) d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); return -1; } - + + /* make sure we get the right workgroup */ + + if ( !(ctx = talloc_init("net ads join")) ) { + d_printf("talloc_init() failed!\n"); + return -1; + } + + rc = ads_workgroup_name(ads, ctx, &short_domain_name); + if ( ADS_ERR_OK(rc) ) { + if ( !strequal(lp_workgroup(), short_domain_name) ) { + d_printf("The workgroup in smb.conf does not match the short\n"); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", short_domain_name); + d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); + } + } + else + short_domain_name = lp_workgroup(); + + d_printf("Using short domain name -- %s\n", short_domain_name); + + /* HACK ALRET! Store the sid and password under bother the lp_workgroup() + value from smb.conf and the string returned from the server. The former is + neede to bootstrap winbindd's first connection to the DC to get the real + short domain name --jerry */ + if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) { DEBUG(1,("Failed to save domain sid\n")); return -1; @@ -731,11 +759,22 @@ int net_ads_join(int argc, const char **argv) return -1; } + if (!secrets_store_domain_sid(short_domain_name, &dom_sid)) { + DEBUG(1,("Failed to save domain sid\n")); + return -1; + } + + if (!secrets_store_machine_password(password, short_domain_name, sec_channel_type)) { + DEBUG(1,("Failed to save machine password\n")); + return -1; + } + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); SAFE_FREE(password); SAFE_FREE(machine_account); - + if ( ctx ) + talloc_destroy(ctx); return 0; } -- cgit From c3125b6e2f1e1916faeb02460ab9064ab65dc8a9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 23 Oct 2003 14:33:19 +0000 Subject: Fix bug 451. Stop net -P from prompting for machine account password. Based on work by Ken Cross (kcross@nssolutions.com). (This used to be commit 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3b955742d8..cad93608dc 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -145,7 +145,7 @@ static ADS_STRUCT *ads_startup(void) } retry: - if (!opt_password && need_password) { + if (!opt_password && need_password && !opt_machine_pass) { char *prompt; asprintf(&prompt,"%s password: ", opt_user_name); opt_password = getpass(prompt); -- cgit From 203710ea6d74a6ff17ed3c2d718022242384ee3a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Nov 2003 09:58:41 +0000 Subject: Get rid of a const warning Volker (This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index cad93608dc..9404ae4b24 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -209,7 +209,7 @@ static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; TALLOC_CTX *ctx; - char *workgroup; + const char *workgroup; if (!(ads = ads_startup())) return -1; @@ -656,7 +656,7 @@ int net_ads_join(int argc, const char **argv) char *ou_str; uint32 sec_channel_type = SEC_CHAN_WKSTA; uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT; - char *short_domain_name = NULL; + const char *short_domain_name = NULL; TALLOC_CTX *ctx = NULL; if (argc > 0) org_unit = argv[0]; -- cgit From 8bfc33f5ed1338a7a6a7f2b99aa9563aa51649f4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 26 Dec 2003 19:38:36 +0000 Subject: Collecting some minor patches... This adds the ability to specify the new user password for 'net ads password' on the command line. As this needs the admin password on the command line, the information leak is minimally more. Patch from gd@suse.de Volker (This used to be commit e6b4b956f68bfea69b2de3608b4c829250d24a7a) --- source3/utils/net_ads.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9404ae4b24..9ee2f3c093 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -44,9 +44,9 @@ int net_ads_usage(int argc, const char **argv) "\n\tdump the machine account details to stdout\n" "\nnet ads lookup"\ "\n\tperform a CLDAP search on the server\n" -"\nnet ads password -Uadmin_username@realm%%admin_pass"\ +"\nnet ads password -Uadmin_username@realm%%admin_pass"\ "\n\tchange a user's password using an admin account"\ -"\n\t(note: use realm in UPPERCASE)\n"\ +"\n\t(note: use realm in UPPERCASE, prompts if password is obmitted)\n"\ "\nnet ads changetrustpw"\ "\n\tchange the trust account password of this machine in the AD tree\n"\ "\nnet ads printer [info | publish | remove] "\ @@ -1016,7 +1016,7 @@ static int net_ads_password(int argc, const char **argv) } - if (argc != 1) { + if (argc < 1) { d_printf("ERROR: You must say which username to change password for\n"); return -1; } @@ -1048,22 +1048,24 @@ static int net_ads_password(int argc, const char **argv) return -1; } - asprintf(&prompt, "Enter new password for %s:", user); - - new_password = getpass(prompt); + if (argv[1]) { + new_password = (char *)argv[1]; + } else { + asprintf(&prompt, "Enter new password for %s:", user); + new_password = getpass(prompt); + free(prompt); + } ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, user, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); - free(prompt); return -1; } d_printf("Password change for %s completed.\n", user); ads_destroy(&ads); - free(prompt); return 0; } -- cgit From 31a3842644d341906fcfeb57169ab9e6a021a48c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 12 Jan 2004 14:26:50 +0000 Subject: fixing compile problems due to my recent ads.h changes (This used to be commit d7b6298b9e4e7f83deaa2c6f3d711c390ff9cefd) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9ee2f3c093..24ae9a8811 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -688,7 +688,7 @@ int net_ads_join(int argc, const char **argv) rc = ads_search_dn(ads, &res, dn, NULL); ads_msgfree(ads, res); - if (rc.error_type == ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { + if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); return -1; -- cgit From 5a521453baefd43c4b16cf8bc1ff530feaf9a4b6 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 14 Mar 2004 03:47:03 +0000 Subject: Use possessive in message asking for user's password. (This used to be commit cc9765ce97b65bb7a6cd44e847a690d3fbe9d032) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 24ae9a8811..6eec71aedf 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -147,7 +147,7 @@ static ADS_STRUCT *ads_startup(void) retry: if (!opt_password && need_password && !opt_machine_pass) { char *prompt; - asprintf(&prompt,"%s password: ", opt_user_name); + asprintf(&prompt,"%s's password: ", opt_user_name); opt_password = getpass(prompt); free(prompt); } -- cgit From 20551552913e6794556ed86b2e912b773a74bd45 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 22 Jun 2004 21:58:35 +0000 Subject: r1221: Added the last of the system keytab patch from "Dan Perry" , fixed valgrind detected mem corruption in libads/kerberos_keytab.c. Jeremy. (This used to be commit 286f4c809cb1532b3f8ae7ddf92349c68cc8ce31) --- source3/utils/net_ads.c | 287 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 194 insertions(+), 93 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 6eec71aedf..650f9922cb 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -55,6 +55,8 @@ int net_ads_usage(int argc, const char **argv) "\n\tperform a raw LDAP search and dump the results\n" "\nnet ads dn"\ "\n\tperform a raw LDAP search and dump attributes of a particular DN\n" +"\nnet ads keytab"\ +"\n\tcreates and updates the kerberos system keytab file\n" ); return -1; } @@ -738,9 +740,9 @@ int net_ads_join(int argc, const char **argv) d_printf("Using the name [%s] from the server.\n", short_domain_name); d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); } - } - else + } else { short_domain_name = lp_workgroup(); + } d_printf("Using short domain name -- %s\n", short_domain_name); @@ -769,12 +771,18 @@ int net_ads_join(int argc, const char **argv) return -1; } + /* Now build the keytab, using the same ADS connection */ + if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { + DEBUG(1,("Error creating host keytab!\n")); + } + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); SAFE_FREE(password); SAFE_FREE(machine_account); - if ( ctx ) + if ( ctx ) { talloc_destroy(ctx); + } return 0; } @@ -1001,116 +1009,123 @@ static int net_ads_printer(int argc, const char **argv) static int net_ads_password(int argc, const char **argv) { - ADS_STRUCT *ads; - const char *auth_principal = opt_user_name; - const char *auth_password = opt_password; - char *realm = NULL; - char *new_password = NULL; - char *c, *prompt; - const char *user; - ADS_STATUS ret; - - if (opt_user_name == NULL || opt_password == NULL) { - d_printf("You must supply an administrator username/password\n"); - return -1; - } + ADS_STRUCT *ads; + const char *auth_principal = opt_user_name; + const char *auth_password = opt_password; + char *realm = NULL; + char *new_password = NULL; + char *c, *prompt; + const char *user; + ADS_STATUS ret; + + if (opt_user_name == NULL || opt_password == NULL) { + d_printf("You must supply an administrator username/password\n"); + return -1; + } + if (argc < 1) { + d_printf("ERROR: You must say which username to change password for\n"); + return -1; + } + + user = argv[0]; + if (!strchr_m(user, '@')) { + asprintf(&c, "%s@%s", argv[0], lp_realm()); + user = c; + } + + use_in_memory_ccache(); + c = strchr(auth_principal, '@'); + if (c) { + realm = ++c; + } else { + realm = lp_realm(); + } + + /* use the realm so we can eventually change passwords for users + in realms other than default */ + if (!(ads = ads_init(realm, NULL, NULL))) { + return -1; + } + + /* we don't actually need a full connect, but it's the easy way to + fill in the KDC's addresss */ + ads_connect(ads); - if (argc < 1) { - d_printf("ERROR: You must say which username to change password for\n"); - return -1; - } - - user = argv[0]; - if (!strchr(user, '@')) { - asprintf(&c, "%s@%s", argv[0], lp_realm()); - user = c; - } - - use_in_memory_ccache(); - c = strchr(auth_principal, '@'); - if (c) { - realm = ++c; - } else { - realm = lp_realm(); - } - - /* use the realm so we can eventually change passwords for users - in realms other than default */ - if (!(ads = ads_init(realm, NULL, NULL))) return -1; - - /* we don't actually need a full connect, but it's the easy way to - fill in the KDC's addresss */ - ads_connect(ads); - - if (!ads || !ads->config.realm) { - d_printf("Didn't find the kerberos server!\n"); - return -1; - } + if (!ads || !ads->config.realm) { + d_printf("Didn't find the kerberos server!\n"); + return -1; + } - if (argv[1]) { - new_password = (char *)argv[1]; - } else { - asprintf(&prompt, "Enter new password for %s:", user); - new_password = getpass(prompt); - free(prompt); - } + if (argv[1]) { + new_password = (char *)argv[1]; + } else { + asprintf(&prompt, "Enter new password for %s:", user); + new_password = getpass(prompt); + free(prompt); + } - ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, + ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, user, new_password, ads->auth.time_offset); - if (!ADS_ERR_OK(ret)) { - d_printf("Password change failed :-( ...\n"); - ads_destroy(&ads); - return -1; - } + if (!ADS_ERR_OK(ret)) { + d_printf("Password change failed :-( ...\n"); + ads_destroy(&ads); + return -1; + } - d_printf("Password change for %s completed.\n", user); - ads_destroy(&ads); + d_printf("Password change for %s completed.\n", user); + ads_destroy(&ads); - return 0; + return 0; } - int net_ads_changetrustpw(int argc, const char **argv) { - ADS_STRUCT *ads; - char *host_principal; - char *hostname; - ADS_STATUS ret; + ADS_STRUCT *ads; + char *host_principal; + fstring my_fqdn; + ADS_STATUS ret; - if (!secrets_init()) { - DEBUG(1,("Failed to initialise secrets database\n")); - return -1; - } + if (!secrets_init()) { + DEBUG(1,("Failed to initialise secrets database\n")); + return -1; + } - net_use_machine_password(); + net_use_machine_password(); - use_in_memory_ccache(); + use_in_memory_ccache(); - if (!(ads = ads_startup())) { - return -1; - } + if (!(ads = ads_startup())) { + return -1; + } + + name_to_fqdn(my_fqdn, global_myname()); + strlower_m(my_fqdn); + asprintf(&host_principal, "%s@%s", my_fqdn, ads->config.realm); + d_printf("Changing password for principal: HOST/%s\n", host_principal); + + ret = ads_change_trust_account_password(ads, host_principal); - hostname = strdup(global_myname()); - strlower_m(hostname); - asprintf(&host_principal, "%s@%s", hostname, ads->config.realm); - SAFE_FREE(hostname); - d_printf("Changing password for principal: HOST/%s\n", host_principal); + if (!ADS_ERR_OK(ret)) { + d_printf("Password change failed :-( ...\n"); + ads_destroy(&ads); + SAFE_FREE(host_principal); + return -1; + } - ret = ads_change_trust_account_password(ads, host_principal); + d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); + + if (lp_use_kerberos_keytab()) { + d_printf("Attempting to update system keytab with new password.\n"); + if (ads_keytab_create_default(ads)) { + d_printf("Failed to update system keytab.\n"); + } + } - if (!ADS_ERR_OK(ret)) { - d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); SAFE_FREE(host_principal); - return -1; - } - - d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); - ads_destroy(&ads); - SAFE_FREE(host_principal); - return 0; + return 0; } /* @@ -1230,6 +1245,86 @@ static int net_ads_dn(int argc, const char **argv) return 0; } +static int net_ads_keytab_usage(int argc, const char **argv) +{ + d_printf( + "net ads keytab \n"\ +" can be either:\n"\ +" CREATE Creates a fresh keytab\n"\ +" ADD Adds new service principal\n"\ +" FLUSH Flushes out all keytab entries\n"\ +" HELP Prints this help message\n"\ +"The ADD command will take arguments, the other commands\n"\ +"will not take any arguments. The arguments given to ADD\n"\ +"should be a list of principals to add. For example, \n"\ +" net ads keytab add srv1 srv2\n"\ +"will add principals for the services srv1 and srv2 to the\n"\ +"system's keytab.\n"\ +"\n" + ); + return -1; +} + +static int net_ads_keytab_flush(int argc, const char **argv) +{ + int ret; + ADS_STRUCT *ads; + + if (!(ads = ads_startup())) { + return -1; + } + ret = ads_keytab_flush(ads); + ads_destroy(&ads); + return ret; +} + +static int net_ads_keytab_add(int argc, const char **argv) +{ + int i; + int ret = 0; + ADS_STRUCT *ads; + + d_printf("Processing principals to add...\n"); + if (!(ads = ads_startup())) { + return -1; + } + for (i = 0; i < argc; i++) { + ret |= ads_keytab_add_entry(ads, argv[i]); + } + ads_destroy(&ads); + return ret; +} + +static int net_ads_keytab_create(int argc, const char **argv) +{ + ADS_STRUCT *ads; + int ret; + + if (!(ads = ads_startup())) { + return -1; + } + ret = ads_keytab_create_default(ads); + ads_destroy(&ads); + return ret; +} + +int net_ads_keytab(int argc, const char **argv) +{ + struct functable func[] = { + {"CREATE", net_ads_keytab_create}, + {"ADD", net_ads_keytab_add}, + {"FLUSH", net_ads_keytab_flush}, + {"HELP", net_ads_keytab_usage}, + {NULL, NULL} + }; + + if (!lp_use_kerberos_keytab()) { + d_printf("\nWarning: \"use kerberos keytab\" must be set to \"true\" in order to \ +use keytab functions.\n"); + } + + return net_run_function(argc, argv, func, net_ads_keytab_usage); +} int net_ads_help(int argc, const char **argv) { @@ -1269,6 +1364,7 @@ int net_ads(int argc, const char **argv) {"DN", net_ads_dn}, {"WORKGROUP", net_ads_workgroup}, {"LOOKUP", net_ads_lookup}, + {"KEYTAB", net_ads_keytab}, {"HELP", net_ads_help}, {NULL, NULL} }; @@ -1278,12 +1374,17 @@ int net_ads(int argc, const char **argv) #else -static int net_ads_noads(void) +static int net_ads_noads(int argc, const char **argv) { d_printf("ADS support not compiled in\n"); return -1; } +int net_ads_keytab(int argc, const char **argv) +{ + return net_ads_noads(); +} + int net_ads_usage(int argc, const char **argv) { return net_ads_noads(); -- cgit From 7825677b862bb62b8350b6fee458fbbecc53893f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 23 Jun 2004 00:20:31 +0000 Subject: r1222: Valgrind memory leak fixes. Still tracking down a strange one... Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669) --- source3/utils/net_ads.c | 164 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 123 insertions(+), 41 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 650f9922cb..b5706e919a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -111,8 +111,8 @@ static int net_ads_info(int argc, const char **argv) d_printf("LDAP port: %d\n", ads->ldap_port); d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); - d_printf("KDC server: %s\n", ads->auth.kdc_server ); - d_printf("Server time offset: %d\n", ads->auth.time_offset ); + d_printf("KDC server: %s\n", ads->auth.kdc_server ); + d_printf("Server time offset: %d\n", ads->auth.time_offset ); return 0; } @@ -216,6 +216,7 @@ static int net_ads_workgroup(int argc, const char **argv) if (!(ads = ads_startup())) return -1; if (!(ctx = talloc_init("net_ads_workgroup"))) { + ads_destroy(&ads); return -1; } @@ -223,13 +224,14 @@ static int net_ads_workgroup(int argc, const char **argv) d_printf("Failed to find workgroup for realm '%s'\n", ads->config.realm); talloc_destroy(ctx); + ads_destroy(&ads); return -1; } d_printf("Workgroup: %s\n", workgroup); talloc_destroy(ctx); - + ads_destroy(&ads); return 0; } @@ -276,7 +278,9 @@ static int ads_user_add(int argc, const char **argv) if (argc < 1) return net_ads_user_usage(argc, argv); - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } status = ads_find_user_acct(ads, &res, argv[0]); @@ -344,13 +348,18 @@ static int ads_user_info(int argc, const char **argv) char **grouplist; char *escaped_user = escape_ldap_string_alloc(argv[0]); - if (argc < 1) return net_ads_user_usage(argc, argv); + if (argc < 1) { + return net_ads_user_usage(argc, argv); + } - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } if (!escaped_user) { d_printf("ads_user_info: failed to escape user %s\n", argv[0]); - return -1; + ads_destroy(&ads); + return -1; } asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user); @@ -359,6 +368,7 @@ static int ads_user_info(int argc, const char **argv) if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } @@ -376,7 +386,6 @@ static int ads_user_info(int argc, const char **argv) } ads_msgfree(ads, res); - ads_destroy(&ads); return 0; } @@ -388,13 +397,18 @@ static int ads_user_delete(int argc, const char **argv) void *res; char *userdn; - if (argc < 1) return net_ads_user_usage(argc, argv); + if (argc < 1) { + return net_ads_user_usage(argc, argv); + } - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } rc = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(rc)) { DEBUG(0, ("User %s does not exist\n", argv[0])); + ads_destroy(&ads); return -1; } userdn = ads_get_dn(ads, res); @@ -403,10 +417,12 @@ static int ads_user_delete(int argc, const char **argv) ads_memfree(ads, userdn); if (!ADS_ERR_OK(rc)) { d_printf("User %s deleted\n", argv[0]); + ads_destroy(&ads); return 0; } d_printf("Error deleting user %s: %s\n", argv[0], ads_errstr(rc)); + ads_destroy(&ads); return -1; } @@ -425,7 +441,9 @@ int net_ads_user(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } if (opt_long_list_entries) d_printf("\nUser name Comment"\ @@ -456,9 +474,13 @@ static int ads_group_add(int argc, const char **argv) void *res=NULL; int rc = -1; - if (argc < 1) return net_ads_group_usage(argc, argv); + if (argc < 1) { + return net_ads_group_usage(argc, argv); + } - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } status = ads_find_user_acct(ads, &res, argv[0]); @@ -497,13 +519,18 @@ static int ads_group_delete(int argc, const char **argv) void *res; char *groupdn; - if (argc < 1) return net_ads_group_usage(argc, argv); + if (argc < 1) { + return net_ads_group_usage(argc, argv); + } - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } rc = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(rc)) { DEBUG(0, ("Group %s does not exist\n", argv[0])); + ads_destroy(&ads); return -1; } groupdn = ads_get_dn(ads, res); @@ -512,10 +539,12 @@ static int ads_group_delete(int argc, const char **argv) ads_memfree(ads, groupdn); if (!ADS_ERR_OK(rc)) { d_printf("Group %s deleted\n", argv[0]); + ads_destroy(&ads); return 0; } d_printf("Error deleting group %s: %s\n", argv[0], ads_errstr(rc)); + ads_destroy(&ads); return -1; } @@ -533,7 +562,9 @@ int net_ads_group(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } if (opt_long_list_entries) d_printf("\nGroup name Comment"\ @@ -557,21 +588,25 @@ static int net_ads_status(int argc, const char **argv) ADS_STATUS rc; void *res; - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } rc = ads_find_machine_acct(ads, &res, global_myname()); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("No machine account for '%s' found\n", global_myname()); + ads_destroy(&ads); return -1; } ads_dump(ads, res); - + ads_destroy(&ads); return 0; } @@ -595,13 +630,14 @@ static int net_ads_leave(int argc, const char **argv) rc = ads_leave_realm(ads, global_myname()); if (!ADS_ERR_OK(rc)) { - d_printf("Failed to delete host '%s' from the '%s' realm.\n", - global_myname(), ads->config.realm); - return -1; + d_printf("Failed to delete host '%s' from the '%s' realm.\n", + global_myname(), ads->config.realm); + ads_destroy(&ads); + return -1; } d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm); - + ads_destroy(&ads); return 0; } @@ -661,7 +697,9 @@ int net_ads_join(int argc, const char **argv) const char *short_domain_name = NULL; TALLOC_CTX *ctx = NULL; - if (argc > 0) org_unit = argv[0]; + if (argc > 0) { + org_unit = argv[0]; + } if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -671,15 +709,19 @@ int net_ads_join(int argc, const char **argv) tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } if (!*lp_realm()) { d_printf("realm must be set in in smb.conf for ADS join to succeed.\n"); + ads_destroy(&ads); return -1; } if (strcmp(ads->config.realm, lp_realm()) != 0) { d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); + ads_destroy(&ads); return -1; } @@ -693,35 +735,41 @@ int net_ads_join(int argc, const char **argv) if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); + ads_destroy(&ads); return -1; } free(dn); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } rc = ads_join_realm(ads, global_myname(), account_type, org_unit); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } rc = ads_domain_sid(ads, &dom_sid); if (!ADS_ERR_OK(rc)) { d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); - return -1; + ads_destroy(&ads); + return -1; } if (asprintf(&machine_account, "%s$", global_myname()) == -1) { d_printf("asprintf failed\n"); + ads_destroy(&ads); return -1; } rc = ads_set_machine_password(ads, machine_account, password); if (!ADS_ERR_OK(rc)) { d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } @@ -729,6 +777,7 @@ int net_ads_join(int argc, const char **argv) if ( !(ctx = talloc_init("net ads join")) ) { d_printf("talloc_init() failed!\n"); + ads_destroy(&ads); return -1; } @@ -753,21 +802,25 @@ int net_ads_join(int argc, const char **argv) if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) { DEBUG(1,("Failed to save domain sid\n")); + ads_destroy(&ads); return -1; } if (!secrets_store_machine_password(password, lp_workgroup(), sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); + ads_destroy(&ads); return -1; } if (!secrets_store_domain_sid(short_domain_name, &dom_sid)) { DEBUG(1,("Failed to save domain sid\n")); + ads_destroy(&ads); return -1; } if (!secrets_store_machine_password(password, short_domain_name, sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); + ads_destroy(&ads); return -1; } @@ -783,6 +836,7 @@ int net_ads_join(int argc, const char **argv) if ( ctx ) { talloc_destroy(ctx); } + ads_destroy(&ads); return 0; } @@ -809,26 +863,29 @@ static int net_ads_printer_search(int argc, const char **argv) ADS_STATUS rc; void *res = NULL; - if (!(ads = ads_startup())) + if (!(ads = ads_startup())) { return -1; + } rc = ads_find_printers(ads, &res); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_printer: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); - return -1; + ads_destroy(&ads); + return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("No results found\n"); ads_msgfree(ads, res); + ads_destroy(&ads); return -1; } ads_dump(ads, res); ads_msgfree(ads, res); - + ads_destroy(&ads); return 0; } @@ -839,34 +896,41 @@ static int net_ads_printer_info(int argc, const char **argv) const char *servername, *printername; void *res = NULL; - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } - if (argc > 0) + if (argc > 0) { printername = argv[0]; - else + } else { printername = "*"; + } - if (argc > 1) + if (argc > 1) { servername = argv[1]; - else + } else { servername = global_myname(); + } rc = ads_find_printer_on_server(ads, &res, printername, servername); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); + ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("Printer '%s' not found\n", printername); ads_msgfree(ads, res); + ads_destroy(&ads); return -1; } ads_dump(ads, res); ads_msgfree(ads, res); + ads_destroy(&ads); return 0; } @@ -889,17 +953,21 @@ static int net_ads_printer_publish(int argc, const char **argv) char *prt_dn, *srv_dn, **srv_cn; void *res = NULL; - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } - if (argc < 1) + if (argc < 1) { return net_ads_printer_usage(argc, argv); + } printername = argv[0]; - if (argc == 2) + if (argc == 2) { servername = argv[1]; - else + } else { servername = global_myname(); + } /* Get printer data from SPOOLSS */ @@ -916,6 +984,7 @@ static int net_ads_printer_publish(int argc, const char **argv) if (NT_STATUS_IS_ERR(nt_status)) { d_printf("Unable to open a connnection to %s to obtain data " "for %s\n", servername, printername); + ads_destroy(&ads); return -1; } @@ -926,6 +995,7 @@ static int net_ads_printer_publish(int argc, const char **argv) if (ads_count_replies(ads, res) == 0) { d_printf("Could not find machine account for server %s\n", servername); + ads_destroy(&ads); return -1; } @@ -940,10 +1010,12 @@ static int net_ads_printer_publish(int argc, const char **argv) rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } d_printf("published printer\n"); + ads_destroy(&ads); return 0; } @@ -956,27 +1028,33 @@ static int net_ads_printer_remove(int argc, const char **argv) char *prt_dn; void *res = NULL; - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } - if (argc < 1) + if (argc < 1) { return net_ads_printer_usage(argc, argv); + } - if (argc > 1) + if (argc > 1) { servername = argv[1]; - else + } else { servername = global_myname(); + } rc = ads_find_printer_on_server(ads, &res, argv[0], servername); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); + ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("Printer '%s' not found\n", argv[1]); ads_msgfree(ads, res); + ads_destroy(&ads); return -1; } @@ -987,9 +1065,11 @@ static int net_ads_printer_remove(int argc, const char **argv) if (!ADS_ERR_OK(rc)) { d_printf("ads_del_dn: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } + ads_destroy(&ads); return 0; } @@ -1172,6 +1252,7 @@ static int net_ads_search(int argc, const char **argv) ldap_exp, attrs, &res); if (!ADS_ERR_OK(rc)) { d_printf("search failed: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } @@ -1231,6 +1312,7 @@ static int net_ads_dn(int argc, const char **argv) "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(rc)) { d_printf("search failed: %s\n", ads_errstr(rc)); + ads_destroy(&ads); return -1; } -- cgit From 792776782e18417b8e6e63954db153f4d3d0d558 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 24 Jun 2004 19:25:20 +0000 Subject: r1240: Ensure we don't shadow Heimdal globals. Jeremy. (This used to be commit 464d2e90480c676688a851a141aabddf992e0b0e) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b5706e919a..b25303a97e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1456,7 +1456,7 @@ int net_ads(int argc, const char **argv) #else -static int net_ads_noads(int argc, const char **argv) +static int net_ads_noads(void) { d_printf("ADS support not compiled in\n"); return -1; -- cgit From 824bc32be71afafdbaaea94a6cf104a1b3d329ec Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 8 Jul 2004 15:36:23 +0000 Subject: r1399: applying heimdal krb5 fixes from Guenther and fixing compile warnings in libadskerberos_keyatb.c (This used to be commit 837f56ec8bc171497fb84d332002776313c26305) --- source3/utils/net_ads.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b25303a97e..7b8ace85b6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -180,7 +180,7 @@ retry: second_time = True; goto retry; } else { - DEBUG(1,("ads_connect: %s\n", ads_errstr(status))); + DEBUG(0,("ads_connect: %s\n", ads_errstr(status))); return NULL; } } @@ -1163,7 +1163,7 @@ int net_ads_changetrustpw(int argc, const char **argv) { ADS_STRUCT *ads; char *host_principal; - fstring my_fqdn; + fstring my_name; ADS_STATUS ret; if (!secrets_init()) { @@ -1179,9 +1179,9 @@ int net_ads_changetrustpw(int argc, const char **argv) return -1; } - name_to_fqdn(my_fqdn, global_myname()); - strlower_m(my_fqdn); - asprintf(&host_principal, "%s@%s", my_fqdn, ads->config.realm); + fstrcpy(my_name, global_myname()); + strlower_m(my_name); + asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); d_printf("Changing password for principal: HOST/%s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); -- cgit From d86f6ceeadd04dccf6b5d7a78e627f78bb424fc7 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 12 Aug 2004 03:28:57 +0000 Subject: r1750: This patch allows net ads lookup to rely on command line arguments if contacting an ADS server fails. This allows net ads lookup to work with clapd (very useful for testing). from aliguori@us.ibm.com (This used to be commit edb4e940b45cbb06a93004b15fc45a7a45a42498) --- source3/utils/net_ads.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 7b8ace85b6..2efd470bbe 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -77,9 +77,12 @@ static int net_ads_lookup(int argc, const char **argv) ads_connect(ads); - if (!ads || !ads->config.realm) { + if (!ads) { d_printf("Didn't find the cldap server!\n"); return -1; + } if (!ads->config.realm) { + ads->config.realm = opt_target_workgroup; + ads->ldap_port = 389; } return ads_cldap_netlogon(ads); -- cgit From 676aa559fe80a50e9d0398d80aabc6d4e41db09e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 29 Sep 2004 09:56:35 +0000 Subject: r2746: Fix typos in net's usage-output. Guenther (This used to be commit 4886d6663d7479978e2c395602392accb5939fa0) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2efd470bbe..70e9e6cea8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -847,7 +847,7 @@ int net_ads_printer_usage(int argc, const char **argv) { d_printf( "\nnet ads printer search " -"\n\tsearch for a printer in the directory" +"\n\tsearch for a printer in the directory\n" "\nnet ads printer info " "\n\tlookup info in directory for printer on server" "\n\t(note: printer defaults to \"*\", server defaults to local)\n" -- cgit From 132879b285e66bff896c761858311d7f5d43e9b6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Oct 2004 16:21:35 +0000 Subject: r2832: Readd WKGUID-binding to match the correct default-locations of new User-, Group- and Machine-Accounts in Active Directory (this got lost during the last trunk-merge). This way we match e.g. default containers moved by redircmp.exe and redirusr.exe in Windows 2003 and don't blindly default to cn=Users or cn=Computers. Further wkguids can be examied via "net ads search wellknownobjects=*". This should still keep a samba3-client joining a samba4 dc. Fixes Bugzilla #1343. Guenther (This used to be commit 8836621694c95779475fa9a1acf158e5e0577288) --- source3/utils/net_ads.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 70e9e6cea8..8afc42c456 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -297,6 +297,10 @@ static int ads_user_add(int argc, const char **argv) goto done; } + if (opt_container == NULL) { + opt_container = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); + } + status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment); if (!ADS_ERR_OK(status)) { @@ -498,6 +502,10 @@ static int ads_group_add(int argc, const char **argv) goto done; } + if (opt_container == NULL) { + opt_container = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); + } + status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment); if (ADS_ERR_OK(status)) { @@ -690,7 +698,7 @@ int net_ads_join(int argc, const char **argv) char *password; char *machine_account = NULL; char *tmp_password; - const char *org_unit = "Computers"; + const char *org_unit = NULL; char *dn; void *res; DOM_SID dom_sid; @@ -728,7 +736,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - ou_str = ads_ou_string(org_unit); + ou_str = ads_ou_string(ads,org_unit); asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); free(ou_str); -- cgit From b4cf9e95059071df49b34ff8574e48cb96f42da1 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 7 Oct 2004 04:01:18 +0000 Subject: r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of '..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8afc42c456..19311cde65 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -21,7 +21,7 @@ */ #include "includes.h" -#include "../utils/net.h" +#include "utils/net.h" #ifdef HAVE_ADS -- cgit From f8345c1b18904169666955c98474fa2d5894a007 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 27 Oct 2004 00:41:41 +0000 Subject: r3273: Ensure we're consistent in the use of strchr_m for '@'. Jeremy. (This used to be commit 0f3f7b035b37bfc51d3a59d0472003c3d4ac1511) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 19311cde65..2202ee11e2 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -169,7 +169,7 @@ retry: * extract the realm and convert to upper case. * This is only used to establish the connection. */ - if ((cp = strchr(ads->auth.user_name, '@'))!=0) { + if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) { *cp++ = '\0'; ads->auth.realm = smb_xstrdup(cp); strupper_m(ads->auth.realm); @@ -1126,7 +1126,7 @@ static int net_ads_password(int argc, const char **argv) } use_in_memory_ccache(); - c = strchr(auth_principal, '@'); + c = strchr_m(auth_principal, '@'); if (c) { realm = ++c; } else { -- cgit From 917a53cc5875a7ea0384b906dd262b619eb2178e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 Nov 2004 21:28:14 +0000 Subject: r3492: Fixes from testing kerberos salted principal fix. Jeremy. (This used to be commit b356a8fdc5a1ac45f2f7f56a0836e794bdecddc6) --- source3/utils/net_ads.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2202ee11e2..9efa45e58f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -823,6 +823,20 @@ int net_ads_join(int argc, const char **argv) return -1; } +#ifdef HAVE_KRB5 + if (!kerberos_derive_salting_principal(machine_account)) { + DEBUG(1,("Failed to determine salting principal\n")); + ads_destroy(&ads); + return -1; + } + + if (!kerberos_derive_cifs_salting_principals()) { + DEBUG(1,("Failed to determine salting principals\n")); + ads_destroy(&ads); + return -1; + } +#endif + if (!secrets_store_domain_sid(short_domain_name, &dom_sid)) { DEBUG(1,("Failed to save domain sid\n")); ads_destroy(&ads); -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/utils/net_ads.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9efa45e58f..72e8f70a7d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -259,10 +259,10 @@ static BOOL usergrp_display(char *field, void **values, void *data_area) if (!values) /* must be new field, indicate string field */ return True; if (StrCaseCmp(field, "sAMAccountName") == 0) { - disp_fields[0] = strdup((char *) values[0]); + disp_fields[0] = SMB_STRDUP((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) - disp_fields[1] = strdup((char *) values[0]); + disp_fields[1] = SMB_STRDUP((char *) values[0]); return True; } @@ -718,7 +718,7 @@ int net_ads_join(int argc, const char **argv) } tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - password = strdup(tmp_password); + password = SMB_STRDUP(tmp_password); if (!(ads = ads_startup())) { return -1; -- cgit From d44a7379323cc44f49ac1f5e57ce1b8a9d6c3f31 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 22 Mar 2005 16:35:15 +0000 Subject: r5955: BUG 2517: use the realm from smb.conf for 'net ads info' when 'disable netbios = yes' (This used to be commit 77734120d30c64941e2046574c81653c5bca4220) --- source3/utils/net_ads.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 72e8f70a7d..9c00f05bfb 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -94,7 +94,12 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, opt_target_workgroup, opt_host); + /* if netbios is disabled we have to default to the realm from smb.conf */ + + if ( lp_disable_netbios() && *lp_realm() ) + ads = ads_init(lp_realm(), opt_target_workgroup, opt_host); + else + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; -- cgit From 934d41d23956c663406ff9d68e5a8ba9d81b5096 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Wed, 30 Mar 2005 04:40:24 +0000 Subject: r6127: Eliminated all compiler warnings pertaining to mismatched "qualifiers". The whole of samba comiles warning-free with the default compiler flags. Temporarily defined -Wall to locate other potential problems. Found an unused static function (#ifdefed out rather than deleted, in case it's needed for something in progress). There are also a number of uses of undeclared functions, mostly krb5_*. Files with these problems need to have appropriate header files included, but they are not fixed in this update. oplock_linux.c.c has undefined functions capget() and capset(), which need to have "#undef _POSIX_SOURCE" specified before including , but that could potentially have other side effects, so that remains uncorrected as well. The flag -Wall should be added permanently to CFLAGS, and all warnings then generated should be eliminated. (This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9c00f05bfb..83fdb08a9a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -81,7 +81,7 @@ static int net_ads_lookup(int argc, const char **argv) d_printf("Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { - ads->config.realm = opt_target_workgroup; + ads->config.realm = (char *) opt_target_workgroup; ads->ldap_port = 389; } -- cgit From 9840db418bad5a39edc4a32a1786f5e2d2c9dff8 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Thu, 31 Mar 2005 05:06:04 +0000 Subject: r6149: Fixes bugs #2498 and 2484. 1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 83fdb08a9a..34a357cd46 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -81,7 +81,7 @@ static int net_ads_lookup(int argc, const char **argv) d_printf("Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { - ads->config.realm = (char *) opt_target_workgroup; + ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap_port = 389; } @@ -1168,7 +1168,7 @@ static int net_ads_password(int argc, const char **argv) } if (argv[1]) { - new_password = (char *)argv[1]; + new_password = CONST_DISCARD(char *, argv[1]); } else { asprintf(&prompt, "Enter new password for %s:", user); new_password = getpass(prompt); -- cgit From 6019df0858aa33e81167eeeade7f7264cd719cef Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 16 May 2005 22:54:46 +0000 Subject: r6834: Fix bug #2703, found by John Antonishek . Add NULL guard for disp_fields[0]. Jeremy. (This used to be commit ee45f4b17e4131a9e0779046c49b24d1e35256d8) --- source3/utils/net_ads.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 34a357cd46..03fbb29f5b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -250,12 +250,14 @@ static BOOL usergrp_display(char *field, void **values, void *data_area) char **disp_fields = (char **) data_area; if (!field) { /* must be end of record */ - if (!strchr_m(disp_fields[0], '$')) { - if (disp_fields[1]) - d_printf("%-21.21s %s\n", - disp_fields[0], disp_fields[1]); - else - d_printf("%s\n", disp_fields[0]); + if (disp_fields[0]) { + if (!strchr_m(disp_fields[0], '$')) { + if (disp_fields[1]) + d_printf("%-21.21s %s\n", + disp_fields[0], disp_fields[1]); + else + d_printf("%s\n", disp_fields[0]); + } } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); -- cgit From f272f4069204711b9e1d9e72e42f134c65283f45 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 19 May 2005 10:52:36 +0000 Subject: r6900: Fix bug 2725. Thanks, John, for finding it. Volker (This used to be commit 913c06ad3e752f2b185faa411d90a2f7aaf42291) --- source3/utils/net_ads.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 03fbb29f5b..dbed99e9cc 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -360,11 +360,13 @@ static int ads_user_info(int argc, const char **argv) const char *attrs[] = {"memberOf", NULL}; char *searchstring=NULL; char **grouplist; - char *escaped_user = escape_ldap_string_alloc(argv[0]); + char *escaped_user; if (argc < 1) { return net_ads_user_usage(argc, argv); } + + escaped_user = escape_ldap_string_alloc(argv[0]); if (!(ads = ads_startup())) { return -1; -- cgit From e2404c81295fe3468c9b635b549f1b16f5c5f323 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 23 May 2005 15:25:38 +0000 Subject: r6940: fixing debug messages (This used to be commit 81c1ac255ebf0adf3bdb96b077a34dcfab1812cf) --- source3/utils/net_ads.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index dbed99e9cc..f558c8eafd 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -753,7 +753,7 @@ int net_ads_join(int argc, const char **argv) ads_msgfree(ads, res); if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { - d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", + d_printf("ads_join: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); ads_destroy(&ads); return -1; @@ -761,14 +761,14 @@ int net_ads_join(int argc, const char **argv) free(dn); if (!ADS_ERR_OK(rc)) { - d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + d_printf("ads_join: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } rc = ads_join_realm(ads, global_myname(), account_type, org_unit); if (!ADS_ERR_OK(rc)) { - d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + d_printf("ads_join: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } -- cgit From f24d88cf9da46680d52b42b92bd484e7b09ce99b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 31 May 2005 13:46:45 +0000 Subject: r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1) --- source3/utils/net_ads.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f558c8eafd..efeb34e53d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -81,7 +81,7 @@ static int net_ads_lookup(int argc, const char **argv) d_printf("Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { - ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); + ads->config.realm = opt_target_workgroup; ads->ldap_port = 389; } @@ -753,7 +753,7 @@ int net_ads_join(int argc, const char **argv) ads_msgfree(ads, res); if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { - d_printf("ads_join: organizational unit %s does not exist (dn:%s)\n", + d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); ads_destroy(&ads); return -1; @@ -761,14 +761,14 @@ int net_ads_join(int argc, const char **argv) free(dn); if (!ADS_ERR_OK(rc)) { - d_printf("ads_join: %s\n", ads_errstr(rc)); + d_printf("ads_join_realm: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } rc = ads_join_realm(ads, global_myname(), account_type, org_unit); if (!ADS_ERR_OK(rc)) { - d_printf("ads_join: %s\n", ads_errstr(rc)); + d_printf("ads_join_realm: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -1172,7 +1172,7 @@ static int net_ads_password(int argc, const char **argv) } if (argv[1]) { - new_password = CONST_DISCARD(char *, argv[1]); + new_password = (char *)argv[1]; } else { asprintf(&prompt, "Enter new password for %s:", user); new_password = getpass(prompt); -- cgit From 63546f1c79db09c1d7032af8d941d6d9497280e7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 21 Jul 2005 09:28:12 +0000 Subject: r8675: fix some compile warnings. Guenther (This used to be commit afa8ae831a8d9cde8c6474c5fc807a9ca8155273) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index efeb34e53d..6a58fa9fac 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -81,7 +81,7 @@ static int net_ads_lookup(int argc, const char **argv) d_printf("Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { - ads->config.realm = opt_target_workgroup; + ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap_port = 389; } -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/utils/net_ads.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 6a58fa9fac..49a7f1cc2d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -969,7 +969,8 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } -void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len) +void do_drv_upgrade_printer(int msg_type, struct process_id src, + void *buf, size_t len) { return; } @@ -980,6 +981,7 @@ static int net_ads_printer_publish(int argc, const char **argv) ADS_STATUS rc; const char *servername, *printername; struct cli_state *cli; + struct rpc_pipe_client *pipe_hnd; struct in_addr server_ip; NTSTATUS nt_status; TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); @@ -1038,8 +1040,9 @@ static int net_ads_printer_publish(int argc, const char **argv) asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn); - cli_nt_session_open(cli, PI_SPOOLSS); - get_remote_printer_publishing_data(cli, mem_ctx, &mods, printername); + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SPOOLSS, &nt_status); + get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods, + printername); rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { -- cgit From c42be9fd38556a1cc2e16c8d763a592beb863806 Mon Sep 17 00:00:00 2001 From: Lars Müller Date: Tue, 17 Jan 2006 21:22:00 +0000 Subject: r12986: Use d_fprintf(stderr, ...) for any error message in net. All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb) --- source3/utils/net_ads.c | 88 ++++++++++++++++++++++++------------------------- 1 file changed, 44 insertions(+), 44 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 49a7f1cc2d..f54896b3a8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -78,7 +78,7 @@ static int net_ads_lookup(int argc, const char **argv) ads_connect(ads); if (!ads) { - d_printf("Didn't find the cldap server!\n"); + d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); @@ -108,7 +108,7 @@ static int net_ads_info(int argc, const char **argv) ads_connect(ads); if (!ads || !ads->config.realm) { - d_printf("Didn't find the ldap server!\n"); + d_fprintf(stderr, "Didn't find the ldap server!\n"); return -1; } @@ -229,7 +229,7 @@ static int net_ads_workgroup(int argc, const char **argv) } if (!ADS_ERR_OK(ads_workgroup_name(ads, ctx, &workgroup))) { - d_printf("Failed to find workgroup for realm '%s'\n", + d_fprintf(stderr, "Failed to find workgroup for realm '%s'\n", ads->config.realm); talloc_destroy(ctx); ads_destroy(&ads); @@ -295,12 +295,12 @@ static int ads_user_add(int argc, const char **argv) status = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(status)) { - d_printf("ads_user_add: %s\n", ads_errstr(status)); + d_fprintf(stderr, "ads_user_add: %s\n", ads_errstr(status)); goto done; } if (ads_count_replies(ads, res)) { - d_printf("ads_user_add: User %s already exists\n", argv[0]); + d_fprintf(stderr, "ads_user_add: User %s already exists\n", argv[0]); goto done; } @@ -311,7 +311,7 @@ static int ads_user_add(int argc, const char **argv) status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment); if (!ADS_ERR_OK(status)) { - d_printf("Could not add user %s: %s\n", argv[0], + d_fprintf(stderr, "Could not add user %s: %s\n", argv[0], ads_errstr(status)); goto done; } @@ -335,7 +335,7 @@ static int ads_user_add(int argc, const char **argv) } /* password didn't set, delete account */ - d_printf("Could not add user %s. Error setting password %s\n", + d_fprintf(stderr, "Could not add user %s. Error setting password %s\n", argv[0], ads_errstr(status)); ads_msgfree(ads, res); status=ads_find_user_acct(ads, &res, argv[0]); @@ -373,7 +373,7 @@ static int ads_user_info(int argc, const char **argv) } if (!escaped_user) { - d_printf("ads_user_info: failed to escape user %s\n", argv[0]); + d_fprintf(stderr, "ads_user_info: failed to escape user %s\n", argv[0]); ads_destroy(&ads); return -1; } @@ -383,7 +383,7 @@ static int ads_user_info(int argc, const char **argv) safe_free(searchstring); if (!ADS_ERR_OK(rc)) { - d_printf("ads_search: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -436,7 +436,7 @@ static int ads_user_delete(int argc, const char **argv) ads_destroy(&ads); return 0; } - d_printf("Error deleting user %s: %s\n", argv[0], + d_fprintf(stderr, "Error deleting user %s: %s\n", argv[0], ads_errstr(rc)); ads_destroy(&ads); return -1; @@ -501,12 +501,12 @@ static int ads_group_add(int argc, const char **argv) status = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(status)) { - d_printf("ads_group_add: %s\n", ads_errstr(status)); + d_fprintf(stderr, "ads_group_add: %s\n", ads_errstr(status)); goto done; } if (ads_count_replies(ads, res)) { - d_printf("ads_group_add: Group %s already exists\n", argv[0]); + d_fprintf(stderr, "ads_group_add: Group %s already exists\n", argv[0]); ads_msgfree(ads, res); goto done; } @@ -521,7 +521,7 @@ static int ads_group_add(int argc, const char **argv) d_printf("Group %s added\n", argv[0]); rc = 0; } else { - d_printf("Could not add group %s: %s\n", argv[0], + d_fprintf(stderr, "Could not add group %s: %s\n", argv[0], ads_errstr(status)); } @@ -562,7 +562,7 @@ static int ads_group_delete(int argc, const char **argv) ads_destroy(&ads); return 0; } - d_printf("Error deleting group %s: %s\n", argv[0], + d_fprintf(stderr, "Error deleting group %s: %s\n", argv[0], ads_errstr(rc)); ads_destroy(&ads); return -1; @@ -614,13 +614,13 @@ static int net_ads_status(int argc, const char **argv) rc = ads_find_machine_acct(ads, &res, global_myname()); if (!ADS_ERR_OK(rc)) { - d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_find_machine_acct: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { - d_printf("No machine account for '%s' found\n", global_myname()); + d_fprintf(stderr, "No machine account for '%s' found\n", global_myname()); ads_destroy(&ads); return -1; } @@ -650,7 +650,7 @@ static int net_ads_leave(int argc, const char **argv) rc = ads_leave_realm(ads, global_myname()); if (!ADS_ERR_OK(rc)) { - d_printf("Failed to delete host '%s' from the '%s' realm.\n", + d_fprintf(stderr, "Failed to delete host '%s' from the '%s' realm.\n", global_myname(), ads->config.realm); ads_destroy(&ads); return -1; @@ -734,13 +734,13 @@ int net_ads_join(int argc, const char **argv) } if (!*lp_realm()) { - d_printf("realm must be set in in smb.conf for ADS join to succeed.\n"); + d_fprintf(stderr, "realm must be set in in smb.conf for ADS join to succeed.\n"); ads_destroy(&ads); return -1; } if (strcmp(ads->config.realm, lp_realm()) != 0) { - d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); + d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); ads_destroy(&ads); return -1; } @@ -753,7 +753,7 @@ int net_ads_join(int argc, const char **argv) ads_msgfree(ads, res); if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { - d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", + d_fprintf(stderr, "ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); ads_destroy(&ads); return -1; @@ -761,34 +761,34 @@ int net_ads_join(int argc, const char **argv) free(dn); if (!ADS_ERR_OK(rc)) { - d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_join_realm: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } rc = ads_join_realm(ads, global_myname(), account_type, org_unit); if (!ADS_ERR_OK(rc)) { - d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_join_realm: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } rc = ads_domain_sid(ads, &dom_sid); if (!ADS_ERR_OK(rc)) { - d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_domain_sid: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } if (asprintf(&machine_account, "%s$", global_myname()) == -1) { - d_printf("asprintf failed\n"); + d_fprintf(stderr, "asprintf failed\n"); ads_destroy(&ads); return -1; } rc = ads_set_machine_password(ads, machine_account, password); if (!ADS_ERR_OK(rc)) { - d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_set_machine_password: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -796,7 +796,7 @@ int net_ads_join(int argc, const char **argv) /* make sure we get the right workgroup */ if ( !(ctx = talloc_init("net ads join")) ) { - d_printf("talloc_init() failed!\n"); + d_fprintf(stderr, "talloc_init() failed!\n"); ads_destroy(&ads); return -1; } @@ -904,14 +904,14 @@ static int net_ads_printer_search(int argc, const char **argv) rc = ads_find_printers(ads, &res); if (!ADS_ERR_OK(rc)) { - d_printf("ads_find_printer: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_find_printer: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { - d_printf("No results found\n"); + d_fprintf(stderr, "No results found\n"); ads_msgfree(ads, res); ads_destroy(&ads); return -1; @@ -949,14 +949,14 @@ static int net_ads_printer_info(int argc, const char **argv) rc = ads_find_printer_on_server(ads, &res, printername, servername); if (!ADS_ERR_OK(rc)) { - d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_find_printer_on_server: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { - d_printf("Printer '%s' not found\n", printername); + d_fprintf(stderr, "Printer '%s' not found\n", printername); ads_msgfree(ads, res); ads_destroy(&ads); return -1; @@ -1018,7 +1018,7 @@ static int net_ads_printer_publish(int argc, const char **argv) Undefined, NULL); if (NT_STATUS_IS_ERR(nt_status)) { - d_printf("Unable to open a connnection to %s to obtain data " + d_fprintf(stderr, "Unable to open a connnection to %s to obtain data " "for %s\n", servername, printername); ads_destroy(&ads); return -1; @@ -1029,7 +1029,7 @@ static int net_ads_printer_publish(int argc, const char **argv) ads_find_machine_acct(ads, &res, servername); if (ads_count_replies(ads, res) == 0) { - d_printf("Could not find machine account for server %s\n", + d_fprintf(stderr, "Could not find machine account for server %s\n", servername); ads_destroy(&ads); return -1; @@ -1046,7 +1046,7 @@ static int net_ads_printer_publish(int argc, const char **argv) rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { - d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -1082,14 +1082,14 @@ static int net_ads_printer_remove(int argc, const char **argv) rc = ads_find_printer_on_server(ads, &res, argv[0], servername); if (!ADS_ERR_OK(rc)) { - d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_find_printer_on_server: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { - d_printf("Printer '%s' not found\n", argv[1]); + d_fprintf(stderr, "Printer '%s' not found\n", argv[1]); ads_msgfree(ads, res); ads_destroy(&ads); return -1; @@ -1101,7 +1101,7 @@ static int net_ads_printer_remove(int argc, const char **argv) ads_memfree(ads, prt_dn); if (!ADS_ERR_OK(rc)) { - d_printf("ads_del_dn: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "ads_del_dn: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -1136,12 +1136,12 @@ static int net_ads_password(int argc, const char **argv) ADS_STATUS ret; if (opt_user_name == NULL || opt_password == NULL) { - d_printf("You must supply an administrator username/password\n"); + d_fprintf(stderr, "You must supply an administrator username/password\n"); return -1; } if (argc < 1) { - d_printf("ERROR: You must say which username to change password for\n"); + d_fprintf(stderr, "ERROR: You must say which username to change password for\n"); return -1; } @@ -1170,7 +1170,7 @@ static int net_ads_password(int argc, const char **argv) ads_connect(ads); if (!ads || !ads->config.realm) { - d_printf("Didn't find the kerberos server!\n"); + d_fprintf(stderr, "Didn't find the kerberos server!\n"); return -1; } @@ -1185,7 +1185,7 @@ static int net_ads_password(int argc, const char **argv) ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, user, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { - d_printf("Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed :-( ...\n"); ads_destroy(&ads); return -1; } @@ -1224,7 +1224,7 @@ int net_ads_changetrustpw(int argc, const char **argv) ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { - d_printf("Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed :-( ...\n"); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; @@ -1288,7 +1288,7 @@ static int net_ads_search(int argc, const char **argv) LDAP_SCOPE_SUBTREE, ldap_exp, attrs, &res); if (!ADS_ERR_OK(rc)) { - d_printf("search failed: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -1348,7 +1348,7 @@ static int net_ads_dn(int argc, const char **argv) LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(rc)) { - d_printf("search failed: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } @@ -1495,7 +1495,7 @@ int net_ads(int argc, const char **argv) static int net_ads_noads(void) { - d_printf("ADS support not compiled in\n"); + d_fprintf(stderr, "ADS support not compiled in\n"); return -1; } -- cgit From d95efac94d6ea0ed539f3f6bde762dd479dbd599 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 9 Mar 2006 20:51:22 +0000 Subject: r14099: Fix Coverity # 113 (This used to be commit db00570535c03360bb2833f070878a33e94306b0) --- source3/utils/net_ads.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f54896b3a8..a55bc4fe56 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -367,15 +367,15 @@ static int ads_user_info(int argc, const char **argv) } escaped_user = escape_ldap_string_alloc(argv[0]); - - if (!(ads = ads_startup())) { - return -1; - } if (!escaped_user) { d_fprintf(stderr, "ads_user_info: failed to escape user %s\n", argv[0]); - ads_destroy(&ads); - return -1; + return -1; + } + + if (!(ads = ads_startup())) { + SAFE_FREE(escaped_user); + return -1; } asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user); @@ -385,6 +385,7 @@ static int ads_user_info(int argc, const char **argv) if (!ADS_ERR_OK(rc)) { d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc)); ads_destroy(&ads); + SAFE_FREE(escaped_user); return -1; } @@ -403,6 +404,7 @@ static int ads_user_info(int argc, const char **argv) ads_msgfree(ads, res); ads_destroy(&ads); + SAFE_FREE(escaped_user); return 0; } -- cgit From 895fc239a489d82f0d5ccd82eec410f391bcc296 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 29 Mar 2006 15:30:26 +0000 Subject: r14757: Make sure we only send out a CLDAP request to an connected AD server. Guenther (This used to be commit d17712f9761589115e976e2240498396f36838ee) --- source3/utils/net_ads.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a55bc4fe56..5f5e1aa5ea 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -69,18 +69,20 @@ int net_ads_usage(int argc, const char **argv) static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; + ADS_STATUS status; ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } - ads_connect(ads); - - if (!ads) { + status = ads_connect(ads); + if (!ADS_ERR_OK(status) || !ads) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; - } if (!ads->config.realm) { + } + + if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap_port = 389; } -- cgit From 576e17cbf3fe10cb8338ab00eeea6211266af390 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 31 Mar 2006 00:47:08 +0000 Subject: r14831: Fix possible null deref. Coverity #279. Jeremy. (This used to be commit 75be5c17bc74c86219c7cac749b52b7d43abb780) --- source3/utils/net_ads.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5f5e1aa5ea..dd53cc5289 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1045,6 +1045,13 @@ static int net_ads_printer_publish(int argc, const char **argv) asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn); pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SPOOLSS, &nt_status); + if (!pipe_hnd) { + d_fprintf(stderr, "Unable to open a connnection to the spoolss pipe on %s\n", + servername); + ads_destroy(&ads); + return -1; + } + get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods, printername); -- cgit From 4549efe6967cf8abeac3e275b37754e59d87af5c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Apr 2006 13:22:14 +0000 Subject: r15123: Don't even try to join with an inproper configuration. Guenther (This used to be commit 22b687589785051eca16a868e3475f066b647ea7) --- source3/utils/net_ads.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index dd53cc5289..6cd332fd3d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -721,6 +721,13 @@ int net_ads_join(int argc, const char **argv) const char *short_domain_name = NULL; TALLOC_CTX *ctx = NULL; + if ((lp_server_role() != ROLE_DOMAIN_MEMBER) || + (lp_server_role() != ROLE_DOMAIN_BDC)) { + d_printf("can only join as domain member or as BDC\n"); + return -1; + } + + if (argc > 0) { org_unit = argv[0]; } -- cgit From d4d04313ea9291a0769fe66ff65895adfb04d89f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Apr 2006 15:38:43 +0000 Subject: r15136: Fix join consistency check (This used to be commit a6e88785e7116c1a88e1bfdfa2afadecd501bfb0) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 6cd332fd3d..93d564bea0 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -721,7 +721,7 @@ int net_ads_join(int argc, const char **argv) const char *short_domain_name = NULL; TALLOC_CTX *ctx = NULL; - if ((lp_server_role() != ROLE_DOMAIN_MEMBER) || + if ((lp_server_role() != ROLE_DOMAIN_MEMBER) && (lp_server_role() != ROLE_DOMAIN_BDC)) { d_printf("can only join as domain member or as BDC\n"); return -1; -- cgit From fb1f83b05d96fb2e5094c2b35765f62a0fc6c26c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Apr 2006 15:43:48 +0000 Subject: r15137: Refuse to join if our netbios name is longer than 15 chars. I think this is sufficient to fix bug #3659. Volker (This used to be commit 0ef5e4372c45a60d66a902a6dbca58ae98529358) --- source3/utils/net_ads.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 93d564bea0..11e7ae0282 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -727,6 +727,12 @@ int net_ads_join(int argc, const char **argv) return -1; } + if (strlen(global_myname()) > 15) { + d_printf("Our netbios name can only be 15 chars long, \"%s\"" + " is %d chars long\n", + global_myname(), strlen(global_myname())); + return -1; + } if (argc > 0) { org_unit = argv[0]; -- cgit From 8fca274e4748f779d8fb89c40b3ab78b56fafbcc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 24 Apr 2006 10:09:45 +0000 Subject: r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett. Guenther (This used to be commit ba81b508caa4ab21a04d142f3621e43a55e859cf) --- source3/utils/net_ads.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 11e7ae0282..538a269614 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -721,9 +721,8 @@ int net_ads_join(int argc, const char **argv) const char *short_domain_name = NULL; TALLOC_CTX *ctx = NULL; - if ((lp_server_role() != ROLE_DOMAIN_MEMBER) && - (lp_server_role() != ROLE_DOMAIN_BDC)) { - d_printf("can only join as domain member or as BDC\n"); + if (lp_server_role() == ROLE_STANDALONE) { + d_printf("cannot join as standalone machine\n"); return -1; } -- cgit From 34e810076df8720a145f5a619ed648c384898563 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Apr 2006 14:44:43 +0000 Subject: r15305: Let winbind search by sid directly (or in windows terms: "bind to a sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5) --- source3/utils/net_ads.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 538a269614..c7e9529c97 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -55,6 +55,8 @@ int net_ads_usage(int argc, const char **argv) "\n\tperform a raw LDAP search and dump the results\n" "\nnet ads dn"\ "\n\tperform a raw LDAP search and dump attributes of a particular DN\n" +"\nnet ads sid"\ +"\n\tperform a raw LDAP search and dump attributes of a particular SID\n" "\nnet ads keytab"\ "\n\tcreates and updates the kerberos system keytab file\n" ); @@ -1387,6 +1389,71 @@ static int net_ads_dn(int argc, const char **argv) return 0; } +/* + help for net ads sid search +*/ +static int net_ads_sid_usage(int argc, const char **argv) +{ + d_printf( + "\nnet ads sid \n"\ + "\nperform a raw LDAP search on a ADS server and dump the results\n"\ + "The SID is in string format, and the attributes are a list of LDAP fields \n"\ + "to show in the results\n\n"\ + "Example: net ads sid 'S-1-5-32' distinguishedName\n\n" + ); + net_common_flags_usage(argc, argv); + return -1; +} + + +/* + general ADS search function. Useful in diagnosing problems in ADS +*/ +static int net_ads_sid(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + const char *sid_string; + const char **attrs; + void *res = NULL; + DOM_SID sid; + + if (argc < 1) { + return net_ads_sid_usage(argc, argv); + } + + if (!(ads = ads_startup())) { + return -1; + } + + sid_string = argv[0]; + attrs = (argv + 1); + + if (!string_to_sid(&sid, sid_string)) { + d_fprintf(stderr, "could not convert sid\ņ"); + ads_destroy(&ads); + return -1; + } + + rc = ads_search_retry_sid(ads, &res, &sid, attrs); + if (!ADS_ERR_OK(rc)) { + d_fprintf(stderr, "search failed: %s\n", ads_errstr(rc)); + ads_destroy(&ads); + return -1; + } + + d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); + + /* dump the results */ + ads_dump(ads, res); + + ads_msgfree(ads, res); + ads_destroy(&ads); + + return 0; +} + + static int net_ads_keytab_usage(int argc, const char **argv) { d_printf( @@ -1504,6 +1571,7 @@ int net_ads(int argc, const char **argv) {"PRINTER", net_ads_printer}, {"SEARCH", net_ads_search}, {"DN", net_ads_dn}, + {"SID", net_ads_sid}, {"WORKGROUP", net_ads_workgroup}, {"LOOKUP", net_ads_lookup}, {"KEYTAB", net_ads_keytab}, -- cgit From c176ec262928a61c688870f9537c5e17e7b2aed4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 29 Apr 2006 23:41:09 +0000 Subject: r15336: Unknown escape sequence: '\305' - should have been '\n'. (How did that get in there ?). Jeremy (This used to be commit 780b71d300da71acc8b4f0fe10c1ae78c71e23c4) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c7e9529c97..e02da46b9c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1430,7 +1430,7 @@ static int net_ads_sid(int argc, const char **argv) attrs = (argv + 1); if (!string_to_sid(&sid, sid_string)) { - d_fprintf(stderr, "could not convert sid\ņ"); + d_fprintf(stderr, "could not convert sid\n"); ads_destroy(&ads); return -1; } -- cgit From c6fa16f330bbc0cc9f428622ca2c4ad0c75cf56a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 5 May 2006 15:44:00 +0000 Subject: r15460: Prefer to use the indexed objectCategory attribute (instead of objectClass which is not indexed on AD) in LDAP queries. Guenther (This used to be commit 847882a98328b91a2157959c5dad0a2023223846) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e02da46b9c..cca8dd63d0 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -473,7 +473,7 @@ int net_ads_user(int argc, const char **argv) rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=user)", + "(objectCategory=user)", opt_long_list_entries ? longattrs : shortattrs, usergrp_display, disp_fields); @@ -597,7 +597,7 @@ int net_ads_group(int argc, const char **argv) "\n-----------------------------\n"); rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=group)", + "(objectCategory=group)", opt_long_list_entries ? longattrs : shortattrs, usergrp_display, disp_fields); -- cgit From af086da4ec19de83717820de85d8e672850ed4b2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 5 May 2006 19:24:48 +0000 Subject: r15462: replace the use of OpenLDAP's ldap_domain2hostlist() for locating AD DC's with out own DNS SRV queries. Testing on Linux and Solaris. (This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb) --- source3/utils/net_ads.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index cca8dd63d0..8076860569 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -72,8 +72,12 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; + const char *realm = NULL; - ads = ads_init(NULL, opt_target_workgroup, opt_host); + if ( strequal(lp_workgroup(), opt_target_workgroup ) ) + realm = lp_realm(); + + ads = ads_init(realm, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } -- cgit From 18250bc299b824ce1b0e53e0a99432d4d1412eeb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 6 May 2006 13:33:14 +0000 Subject: r15471: Clarify error message (This used to be commit f21adc04f745a966dbe6ef0b4ffd9729afa3fa78) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8076860569..f00bf0e527 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -733,8 +733,8 @@ int net_ads_join(int argc, const char **argv) } if (strlen(global_myname()) > 15) { - d_printf("Our netbios name can only be 15 chars long, \"%s\"" - " is %d chars long\n", + d_printf("Our netbios name can be at most 15 chars long, " + "\"%s\" is %d chars long\n", global_myname(), strlen(global_myname())); return -1; } -- cgit From 2c029a8b96ae476f1d5c2abe14ee25f98a1513d8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 12 May 2006 15:17:35 +0000 Subject: r15543: New implementation of 'net ads join' to be more like Windows XP. The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b) --- source3/utils/net_ads.c | 669 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 550 insertions(+), 119 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f00bf0e527..a514b6c4e6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,6 +23,20 @@ #include "includes.h" #include "utils/net.h" +/* Macro for checking RPC error codes to make things more readable */ + +#define CHECK_RPC_ERR(rpc, msg) \ + if (!NT_STATUS_IS_OK(result = rpc)) { \ + DEBUG(0, (msg ": %s\n", nt_errstr(result))); \ + goto done; \ + } + +#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \ + if (!NT_STATUS_IS_OK(result = rpc)) { \ + DEBUG(0, debug_args); \ + goto done; \ + } + #ifdef HAVE_ADS int net_ads_usage(int argc, const char **argv) @@ -64,6 +78,79 @@ int net_ads_usage(int argc, const char **argv) } +/* + do a cldap netlogon query +*/ +static int net_ads_cldap_netlogon(ADS_STRUCT *ads) +{ + int ret; + struct cldap_netlogon_reply reply; + + if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap_ip), ads->server.realm, &reply ) ) { + d_fprintf(stderr, "CLDAP query failed!\n"); + return -1; + } + + d_printf("Information for Domain Controller: %s\n\n", + inet_ntoa(ads->ldap_ip)); + + d_printf("Response Type: "); + switch (reply.type) { + case SAMLOGON_AD_UNK_R: + d_printf("SAMLOGON\n"); + break; + case SAMLOGON_AD_R: + d_printf("SAMLOGON_USER\n"); + break; + default: + d_printf("0x%x\n", reply.type); + break; + } + d_printf("GUID: %s\n", + smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + d_printf("Flags:\n" + "\tIs a PDC: %s\n" + "\tIs a GC of the forest: %s\n" + "\tIs an LDAP server: %s\n" + "\tSupports DS: %s\n" + "\tIs running a KDC: %s\n" + "\tIs running time services: %s\n" + "\tIs the closest DC: %s\n" + "\tIs writable: %s\n" + "\tHas a hardware clock: %s\n" + "\tIs a non-domain NC serviced by LDAP server: %s\n", + (reply.flags & ADS_PDC) ? "yes" : "no", + (reply.flags & ADS_GC) ? "yes" : "no", + (reply.flags & ADS_LDAP) ? "yes" : "no", + (reply.flags & ADS_DS) ? "yes" : "no", + (reply.flags & ADS_KDC) ? "yes" : "no", + (reply.flags & ADS_TIMESERV) ? "yes" : "no", + (reply.flags & ADS_CLOSEST) ? "yes" : "no", + (reply.flags & ADS_WRITABLE) ? "yes" : "no", + (reply.flags & ADS_GOOD_TIMESERV) ? "yes" : "no", + (reply.flags & ADS_NDNC) ? "yes" : "no"); + + printf("Forest:\t\t\t%s\n", reply.forest); + printf("Domain:\t\t\t%s\n", reply.domain); + printf("Domain Controller:\t%s\n", reply.hostname); + + printf("Pre-Win2k Domain:\t%s\n", reply.netbios_domain); + printf("Pre-Win2k Hostname:\t%s\n", reply.netbios_hostname); + + if (*reply.unk) printf("Unk:\t\t\t%s\n", reply.unk); + if (*reply.user_name) printf("User name:\t%s\n", reply.user_name); + + printf("Site Name:\t\t%s\n", reply.site_name); + printf("Site Name (2):\t\t%s\n", reply.site_name_2); + + d_printf("NT Version: %d\n", reply.version); + d_printf("LMNT Token: %.2x\n", reply.lmnt_token); + d_printf("LM20 Token: %.2x\n", reply.lm20_token); + + return ret; +} + + /* this implements the CLDAP based netlogon lookup requests for finding the domain controller of a ADS domain @@ -93,7 +180,7 @@ static int net_ads_lookup(int argc, const char **argv) ads->ldap_port = 389; } - return ads_cldap_netlogon(ads); + return net_ads_cldap_netlogon(ads); } @@ -102,14 +189,7 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - /* if netbios is disabled we have to default to the realm from smb.conf */ - - if ( lp_disable_netbios() && *lp_realm() ) - ads = ads_init(lp_realm(), opt_target_workgroup, opt_host); - else - ads = ads_init(NULL, opt_target_workgroup, opt_host); - - if (ads) { + if ( (ads = ads_init(lp_realm(), opt_target_workgroup, opt_host)) != NULL ) { ads->auth.flags |= ADS_AUTH_NO_BIND; } @@ -120,6 +200,13 @@ static int net_ads_info(int argc, const char **argv) return -1; } + /* Try to set the server's current time since we didn't do a full + TCP LDAP session initially */ + + if ( !ADS_ERR_OK(ads_current_time( ads )) ) { + d_fprintf( stderr, "Failed to get server's current time!\n"); + } + d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip)); d_printf("LDAP server name: %s\n", ads->config.ldap_server_name); d_printf("Realm: %s\n", ads->config.realm); @@ -212,10 +299,19 @@ retry: int net_ads_check(void) { ADS_STRUCT *ads; + ADS_STATUS status; - ads = ads_startup(); - if (!ads) + if ( (ads = ads_init( lp_realm(), lp_workgroup(), NULL )) == NULL ) { return -1; + } + + ads->auth.flags |= ADS_AUTH_NO_BIND; + + status = ads_connect(ads); + if ( !ADS_ERR_OK(status) ) { + return -1; + } + ads_destroy(&ads); return 0; } @@ -226,28 +322,38 @@ int net_ads_check(void) static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; - TALLOC_CTX *ctx; - const char *workgroup; + ADS_STATUS status; + const char *realm = NULL; + struct cldap_netlogon_reply reply; - if (!(ads = ads_startup())) return -1; + if ( strequal(lp_workgroup(), opt_target_workgroup ) ) + realm = lp_realm(); - if (!(ctx = talloc_init("net_ads_workgroup"))) { - ads_destroy(&ads); - return -1; + ads = ads_init(realm, opt_target_workgroup, opt_host); + if (ads) { + ads->auth.flags |= ADS_AUTH_NO_BIND; } - if (!ADS_ERR_OK(ads_workgroup_name(ads, ctx, &workgroup))) { - d_fprintf(stderr, "Failed to find workgroup for realm '%s'\n", - ads->config.realm); - talloc_destroy(ctx); - ads_destroy(&ads); + status = ads_connect(ads); + if (!ADS_ERR_OK(status) || !ads) { + d_fprintf(stderr, "Didn't find the cldap server!\n"); + return -1; + } + + if (!ads->config.realm) { + ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); + ads->ldap_port = 389; + } + + if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap_ip), ads->server.realm, &reply ) ) { + d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } - d_printf("Workgroup: %s\n", workgroup); + d_printf("Workgroup: %s\n", reply.netbios_domain); - talloc_destroy(ctx); ads_destroy(&ads); + return 0; } @@ -707,28 +813,14 @@ int net_ads_testjoin(int argc, const char **argv) return 0; } -/* - join a domain using ADS - */ -int net_ads_join(int argc, const char **argv) -{ - ADS_STRUCT *ads; - ADS_STATUS rc; - char *password; - char *machine_account = NULL; - char *tmp_password; - const char *org_unit = NULL; - char *dn; - void *res; - DOM_SID dom_sid; - char *ou_str; - uint32 sec_channel_type = SEC_CHAN_WKSTA; - uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT; - const char *short_domain_name = NULL; - TALLOC_CTX *ctx = NULL; +/******************************************************************* + Simple configu checks before beginning the join + ********************************************************************/ - if (lp_server_role() == ROLE_STANDALONE) { - d_printf("cannot join as standalone machine\n"); +static int check_ads_config( void ) +{ + if (lp_server_role() != ROLE_DOMAIN_MEMBER ) { + d_printf("Host is not configured as a member server.\n"); return -1; } @@ -739,92 +831,397 @@ int net_ads_join(int argc, const char **argv) return -1; } - if (argc > 0) { - org_unit = argv[0]; + if ( lp_security() == SEC_ADS && !*lp_realm()) { + d_fprintf(stderr, "realm must be set in in smb.conf for ADS " + "join to succeed.\n"); + return -1; } if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } + + return 0; +} - tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - password = SMB_STRDUP(tmp_password); +/******************************************************************* + Store the machine password and domain SID + ********************************************************************/ - if (!(ads = ads_startup())) { +static int store_domain_account( const char *domain, DOM_SID *sid, const char *pw ) +{ + if (!secrets_store_domain_sid(domain, sid)) { + DEBUG(1,("Failed to save domain sid\n")); return -1; } - if (!*lp_realm()) { - d_fprintf(stderr, "realm must be set in in smb.conf for ADS join to succeed.\n"); - ads_destroy(&ads); + if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) { + DEBUG(1,("Failed to save machine password\n")); return -1; } - if (strcmp(ads->config.realm, lp_realm()) != 0) { - d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); - ads_destroy(&ads); - return -1; + return 0; +} + +/******************************************************************* + ********************************************************************/ + +static NTSTATUS join_fetch_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid ) +{ + struct rpc_pipe_client *pipe_hnd = NULL; + POLICY_HND lsa_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *domain = NULL; + + if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) { + DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", + nt_errstr(status) )); + return status; } - ou_str = ads_ou_string(ads,org_unit); - asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); - free(ou_str); + status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol); + if ( !NT_STATUS_IS_OK(status) ) + return status; - rc = ads_search_dn(ads, &res, dn, NULL); - ads_msgfree(ads, res); + status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, + &lsa_pol, 5, &domain, sid); + if ( !NT_STATUS_IS_OK(status) ) + return status; - if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { - d_fprintf(stderr, "ads_join_realm: organizational unit %s does not exist (dn:%s)\n", - org_unit, dn); - ads_destroy(&ads); - return -1; + rpccli_lsa_close(pipe_hnd, mem_ctx, &lsa_pol); + cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ + + /* Bail out if domain didn't get set. */ + if (!domain) { + DEBUG(0, ("Could not get domain name.\n")); + return NT_STATUS_UNSUCCESSFUL; } - free(dn); + + return NT_STATUS_OK; +} - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "ads_join_realm: %s\n", ads_errstr(rc)); - ads_destroy(&ads); - return -1; - } +/******************************************************************* + Do the domain join + ********************************************************************/ + +static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, + DOM_SID *dom_sid, const char *clear_pw ) +{ + struct rpc_pipe_client *pipe_hnd = NULL; + POLICY_HND sam_pol, domain_pol, user_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *acct_name; + const char *const_acct_name; + uint32 user_rid; + uint32 num_rids, *name_types, *user_rids; + uint32 flags = 0x3e8; + uint32 acb_info = ACB_WSTRUST; + uchar pwbuf[516]; + SAM_USERINFO_CTR ctr; + SAM_USER_INFO_24 p24; + SAM_USER_INFO_16 p16; + uchar md4_trust_password[16]; + + /* Open the domain */ + + if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) { + DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", + nt_errstr(status) )); + return status; + } - rc = ads_join_realm(ads, global_myname(), account_type, org_unit); - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "ads_join_realm: %s\n", ads_errstr(rc)); - ads_destroy(&ads); + status = rpccli_samr_connect(pipe_hnd, mem_ctx, + SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); + if ( !NT_STATUS_IS_OK(status) ) + return status; + + + status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol); + if ( !NT_STATUS_IS_OK(status) ) + return status; + + /* Create domain user */ + + acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); + strlower_m(acct_name); + const_acct_name = acct_name; + + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, + acct_name, acb_info, 0xe005000b, &user_pol, &user_rid); + + if ( !NT_STATUS_IS_OK(status) + && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) + { + d_fprintf(stderr, "Creation of workstation account failed\n"); + + /* If NT_STATUS_ACCESS_DENIED then we have a valid + username/password combo but the user does not have + administrator access. */ + + if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) + d_fprintf(stderr, "User specified does not have administrator privileges\n"); + + return status; + } + + /* We *must* do this.... don't ask... */ + + if (NT_STATUS_IS_OK(status)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + } + + status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, + &domain_pol, flags, 1, &const_acct_name, + &num_rids, &user_rids, &name_types); + if ( !NT_STATUS_IS_OK(status) ) + return status; + + if ( name_types[0] != SID_NAME_USER) { + DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0])); + return NT_STATUS_INVALID_WORKSTATION; + } + + user_rid = user_rids[0]; + + /* Open handle on user */ + + status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); + + /* Create a random machine account password */ + + E_md4hash( clear_pw, md4_trust_password); + encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE); + + /* Set password on machine account */ + + ZERO_STRUCT(ctr); + ZERO_STRUCT(p24); + + init_sam_user_info24(&p24, (char *)pwbuf,24); + + ctr.switch_value = 24; + ctr.info.id24 = &p24; + + status = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, + 24, &cli->user_session_key, &ctr); + + /* Why do we have to try to (re-)set the ACB to be the same as what + we passed in the samr_create_dom_user() call? When a NT + workstation is joined to a domain by an administrator the + acb_info is set to 0x80. For a normal user with "Add + workstations to the domain" rights the acb_info is 0x84. I'm + not sure whether it is supposed to make a difference or not. NT + seems to cope with either value so don't bomb out if the set + userinfo2 level 0x10 fails. -tpot */ + + ZERO_STRUCT(ctr); + ctr.switch_value = 16; + ctr.info.id16 = &p16; + + init_sam_user_info16(&p16, acb_info); + + /* Ignoring the return value is necessary for joining a domain + as a normal user with "Add workstation to domain" privilege. */ + + status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, + &cli->user_session_key, &ctr); + + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ + + return status; +} + +/******************************************************************* + Do the domain join + ********************************************************************/ + +static int net_join_domain( TALLOC_CTX *ctx, const char *servername, + struct in_addr *ip, DOM_SID **dom_sid, const char *password ) +{ + int ret = -1; + struct cli_state *cli = NULL; + + if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, ip, servername)) ) + goto done; + + saf_store( cli->server_domain, cli->desthost ); + + if ( !NT_STATUS_IS_OK(join_fetch_domain_sid( ctx, cli, dom_sid )) ) + goto done; + + if ( !NT_STATUS_IS_OK(join_create_machine( ctx, cli, *dom_sid, password )) ) + goto done; + + ret = 0; + +done: + if ( cli ) + cli_shutdown(cli); + + return ret; +} + +/******************************************************************* + Set a machines dNSHostName and servicePrincipalName attributes + ********************************************************************/ + +static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) +{ + ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); + char *host_upn, *new_dn, *controlstr; + ADS_MODLIST mods; + const char *servicePrincipalName[3] = {NULL, NULL, NULL}; + char *psp; + unsigned acct_control; + fstring my_fqdn; + LDAPMessage *res = NULL; + char *dn_string = NULL; + const char *machine_name = global_myname(); + int count; + uint32 account_type; + + if ( !machine_name ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* Find our DN */ + + status = ads_find_machine_acct(ads_s, (void **)(void *)&res, machine_name); + if (!ADS_ERR_OK(status)) + return status; + + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { + DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { + DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); + goto done; + } + + new_dn = talloc_strdup(ctx, dn_string); + ads_memfree(ads_s, dn_string); + if (!new_dn) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* Windows only creates HOST/shortname & HOST/fqdn. We create + the UPN as well so that 'kinit -k' will work. You can only + request a TGT for entries with a UPN in AD. */ + + if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) ) + goto done; + strupper_m(psp); + servicePrincipalName[0] = psp; + + name_to_fqdn(my_fqdn, machine_name); + strlower_m(my_fqdn); + if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) ) + goto done; + servicePrincipalName[1] = psp; + + if (!(host_upn = talloc_asprintf(ctx, "%s@%s", servicePrincipalName[0], ads_s->config.realm))) + goto done; + + /* set the account control string now */ + + acct_control = account_type | UF_DONT_EXPIRE_PASSWD; +#ifndef ENCTYPE_ARCFOUR_HMAC + acct_control |= UF_USE_DES_KEY_ONLY; +#endif + if (!(controlstr = talloc_asprintf(ctx, "%u", acct_control))) { + goto done; + } + + /* now do the mods */ + + if (!(mods = ads_init_mods(ctx))) { + goto done; + } + + /* fields of primary importance */ + + ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); + ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); +#if 0 + ads_mod_str(ctx, &mods, "userPrincipalName", host_upn); + ads_mod_str(ctx, &mods, "operatingSystem", "Samba"); + ads_mod_str(ctx, &mods, "operatingSystemVersion", SAMBA_VERSION_STRING); + ads_mod_str(ctx, &mods, "userAccountControl", controlstr); +#endif + + status = ads_gen_mod(ads_s, new_dn, mods); + +done: + ads_msgfree(ads_s, res); + + return status; +} + +/******************************************************************* + join a domain using ADS (LDAP mods) + ********************************************************************/ + +int net_ads_join(int argc, const char **argv) +{ + ADS_STRUCT *ads, *ads_s; + ADS_STATUS status; + char *machine_account = NULL; + const char *short_domain_name = NULL; + char *tmp_password, *password; + struct cldap_netlogon_reply cldap_reply; + TALLOC_CTX *ctx; + DOM_SID *domain_sid = NULL; + + if ( check_ads_config() != 0 ) { + d_fprintf(stderr, "Invalid configuration. Exiting....\n"); return -1; } - rc = ads_domain_sid(ads, &dom_sid); - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "ads_domain_sid: %s\n", ads_errstr(rc)); - ads_destroy(&ads); + if (!(ads = ads_init(lp_realm(), NULL, NULL ))) { return -1; } + ads->auth.flags = ADS_AUTH_NO_BIND; + status = ads_connect(ads); - if (asprintf(&machine_account, "%s$", global_myname()) == -1) { - d_fprintf(stderr, "asprintf failed\n"); + if (strcmp(ads->config.realm, lp_realm()) != 0) { + d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf " + "(%s) DO NOT match. Aborting join\n", ads->config.realm, + lp_realm()); ads_destroy(&ads); return -1; } - rc = ads_set_machine_password(ads, machine_account, password); - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "ads_set_machine_password: %s\n", ads_errstr(rc)); - ads_destroy(&ads); + + if (!(ctx = talloc_init("net_join_domain"))) { + DEBUG(0, ("Could not initialise talloc context\n")); return -1; } + + /* Do the domain join here */ + + tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); + password = talloc_strdup(ctx, tmp_password); - /* make sure we get the right workgroup */ - - if ( !(ctx = talloc_init("net ads join")) ) { - d_fprintf(stderr, "talloc_init() failed!\n"); - ads_destroy(&ads); + if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) { + d_fprintf(stderr, "Failed to join domain!\n"); return -1; } - rc = ads_workgroup_name(ads, ctx, &short_domain_name); - if ( ADS_ERR_OK(rc) ) { + /* Check the short name of the domain */ + + ZERO_STRUCT( cldap_reply ); + + if ( ads_cldap_netlogon( ads->config.ldap_server_name, + ads->server.realm, &cldap_reply ) ) + { + short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain ); if ( !strequal(lp_workgroup(), short_domain_name) ) { d_printf("The workgroup in smb.conf does not match the short\n"); d_printf("domain name obtained from the server.\n"); @@ -836,46 +1233,74 @@ int net_ads_join(int argc, const char **argv) } d_printf("Using short domain name -- %s\n", short_domain_name); - - /* HACK ALRET! Store the sid and password under bother the lp_workgroup() + + /* HACK ALERT! Store the sid and password under both the lp_workgroup() value from smb.conf and the string returned from the server. The former is neede to bootstrap winbindd's first connection to the DC to get the real short domain name --jerry */ - - if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) { - DEBUG(1,("Failed to save domain sid\n")); + + if ( (store_domain_account( lp_workgroup(), domain_sid, password ) == -1) + || (store_domain_account( short_domain_name, domain_sid, password ) == -1) ) + { ads_destroy(&ads); return -1; } - if (!secrets_store_machine_password(password, lp_workgroup(), sec_channel_type)) { - DEBUG(1,("Failed to save machine password\n")); - ads_destroy(&ads); - return -1; - } + /* Verify that everything is ok */ -#ifdef HAVE_KRB5 - if (!kerberos_derive_salting_principal(machine_account)) { - DEBUG(1,("Failed to determine salting principal\n")); - ads_destroy(&ads); + if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap_ip) != 0 ) { + d_fprintf(stderr, "Failed to verify membership in domain!\n"); return -1; + } + + /* From here on out, use the machine account. But first delete any + existing tickets based on the user's creds. */ + + ads_kdestroy( NULL ); + + status = ADS_ERROR(LDAP_SERVER_DOWN); + ads_s = ads_init( ads->server.realm, ads->server.workgroup, ads->server.ldap_server ); + + if ( ads_s ) { + asprintf( &ads_s->auth.user_name, "%s$", global_myname() ); + ads_s->auth.password = secrets_fetch_machine_password( short_domain_name, NULL, NULL ); + ads_s->auth.realm = SMB_STRDUP( lp_realm() ); + ads_kinit_password( ads_s ); + status = ads_connect( ads_s ); + } + if ( !ADS_ERR_OK(status) ) { + d_fprintf( stderr, "LDAP bind using machine credentials failed!\n"); + d_fprintf(stderr, "Only NTLM authentication will be possible.\n"); + } else { + /* create the dNSHostName & servicePrincipalName values */ + + status = net_set_machine_spn( ctx, ads_s ); + if ( !ADS_ERR_OK(status) ) { + d_fprintf(stderr, "Failed to set servicePrincipalNames.\n"); + d_fprintf(stderr, "Only NTLM authentication will be possible.\n"); + + /* don't fail */ + } } + + ads_destroy( &ads_s ); + - if (!kerberos_derive_cifs_salting_principals()) { - DEBUG(1,("Failed to determine salting principals\n")); +#if defined(HAVE_KRB5) + if (asprintf(&machine_account, "%s$", global_myname()) == -1) { + d_fprintf(stderr, "asprintf failed\n"); ads_destroy(&ads); return -1; } -#endif - if (!secrets_store_domain_sid(short_domain_name, &dom_sid)) { - DEBUG(1,("Failed to save domain sid\n")); + if (!kerberos_derive_salting_principal(machine_account)) { + DEBUG(1,("Failed to determine salting principal\n")); ads_destroy(&ads); return -1; } - if (!secrets_store_machine_password(password, short_domain_name, sec_channel_type)) { - DEBUG(1,("Failed to save machine password\n")); + if (!kerberos_derive_cifs_salting_principals()) { + DEBUG(1,("Failed to determine salting principals\n")); ads_destroy(&ads); return -1; } @@ -884,18 +1309,20 @@ int net_ads_join(int argc, const char **argv) if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { DEBUG(1,("Error creating host keytab!\n")); } +#endif d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); - SAFE_FREE(password); SAFE_FREE(machine_account); - if ( ctx ) { - talloc_destroy(ctx); - } + TALLOC_FREE( ctx ); ads_destroy(&ads); + return 0; } +/******************************************************************* + ********************************************************************/ + int net_ads_printer_usage(int argc, const char **argv) { d_printf( @@ -913,6 +1340,9 @@ int net_ads_printer_usage(int argc, const char **argv) return -1; } +/******************************************************************* + ********************************************************************/ + static int net_ads_printer_search(int argc, const char **argv) { ADS_STRUCT *ads; @@ -1549,6 +1979,7 @@ int net_ads_help(int argc, const char **argv) #if 0 {"INFO", net_ads_info}, {"JOIN", net_ads_join}, + {"JOIN2", net_ads_join2}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, {"PASSWORD", net_ads_password}, -- cgit From 453e4b50aae52089eb2c2ae6a2abc3b48425ee55 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 13 May 2006 01:29:04 +0000 Subject: r15559: Smaller fixes for the new cldap code: * replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492) --- source3/utils/net_ads.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a514b6c4e6..e75090449d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -83,7 +83,6 @@ int net_ads_usage(int argc, const char **argv) */ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) { - int ret; struct cldap_netlogon_reply reply; if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap_ip), ads->server.realm, &reply ) ) { @@ -147,7 +146,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("LMNT Token: %.2x\n", reply.lmnt_token); d_printf("LM20 Token: %.2x\n", reply.lm20_token); - return ret; + return 0; } -- cgit From f1039b8fb461c6e1276dba8564f62ec1496a7b88 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sat, 13 May 2006 04:39:19 +0000 Subject: r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who".... Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. (This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d) --- source3/utils/net_ads.c | 76 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 71 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e75090449d..e913437ef1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -4,6 +4,7 @@ Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) + Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1163,6 +1164,61 @@ done: return status; } + +/******************************************************************* + join a domain using ADS (LDAP mods) + ********************************************************************/ + +static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) +{ + ADS_STRUCT *ads_s = ads; + ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); + char *dn, *ou_str; + LDAPMessage *res = NULL; + + ou_str = ads_ou_string(ads, ou); + asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); + free(ou_str); + + if ( !ads->ld ) { + ads_s = ads_init( ads->config.realm, NULL, ads->config.ldap_server_name ); + + if ( ads_s ) { + rc = ads_connect( ads_s ); + } + + if ( !ADS_ERR_OK(rc) ) { + goto done; + } + } + + rc = ads_search_dn(ads, (void**)&res, dn, NULL); + ads_msgfree(ads, res); + + if (!ADS_ERR_OK(rc)) { + goto done; + } + + /* Attempt to create the machine account and bail if this fails. + Assume that the admin wants exactly what they requested */ + + rc = ads_create_machine_acct( ads, global_myname(), dn ); + if ( rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS ) { + rc = ADS_SUCCESS; + goto done; + } + if ( !ADS_ERR_OK(rc) ) { + goto done; + } + +done: + if ( ads_s != ads ) + ads_destroy( &ads_s ); + SAFE_FREE( dn ); + + return rc; +} + /******************************************************************* join a domain using ADS (LDAP mods) ********************************************************************/ @@ -1183,11 +1239,9 @@ int net_ads_join(int argc, const char **argv) return -1; } - if (!(ads = ads_init(lp_realm(), NULL, NULL ))) { + if ( (ads = ads_startup()) == NULL ) { return -1; } - ads->auth.flags = ADS_AUTH_NO_BIND; - status = ads_connect(ads); if (strcmp(ads->config.realm, lp_realm()) != 0) { d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf " @@ -1197,12 +1251,24 @@ int net_ads_join(int argc, const char **argv) return -1; } - - if (!(ctx = talloc_init("net_join_domain"))) { + if (!(ctx = talloc_init("net_ads_join"))) { DEBUG(0, ("Could not initialise talloc context\n")); return -1; } + /* If we were given an OU, try to create the machine in the OU account + first and then do the normal RPC join */ + + if ( argc > 0 ) { + status = net_precreate_machine_acct( ads, argv[0] ); + if ( !ADS_ERR_OK(status) ) { + d_fprintf( stderr, "Failed to pre-create the machine object " + "in OU %s.\n", argv[0]); + ads_destroy( &ads ); + return -1; + } + } + /* Do the domain join here */ tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); -- cgit From bc89437cca94e6a6fcfb9299d53ac2c55b44491d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sat, 13 May 2006 05:06:20 +0000 Subject: r15561: Should re-fix older systems without RC4-HMAC support (This used to be commit 00c795e3660a65419e707706abf48916dcd7f850) --- source3/utils/net_ads.c | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e913437ef1..b1790ea898 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -917,7 +917,7 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; - uint32 acb_info = ACB_WSTRUST; + uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP; uchar pwbuf[516]; SAM_USERINFO_CTR ctr; SAM_USER_INFO_24 p24; @@ -949,6 +949,10 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, strlower_m(acct_name); const_acct_name = acct_name; +#ifndef ENCTYPE_ARCFOUR_HMAC + acb_info |= ACB_USE_DES_KEY_ONLY; +#endif + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, 0xe005000b, &user_pol, &user_rid); @@ -1073,17 +1077,15 @@ done: static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) { ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *host_upn, *new_dn, *controlstr; + char *host_upn, *new_dn; ADS_MODLIST mods; const char *servicePrincipalName[3] = {NULL, NULL, NULL}; char *psp; - unsigned acct_control; fstring my_fqdn; LDAPMessage *res = NULL; char *dn_string = NULL; const char *machine_name = global_myname(); int count; - uint32 account_type; if ( !machine_name ) { return ADS_ERROR(LDAP_NO_MEMORY); @@ -1129,16 +1131,6 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) if (!(host_upn = talloc_asprintf(ctx, "%s@%s", servicePrincipalName[0], ads_s->config.realm))) goto done; - /* set the account control string now */ - - acct_control = account_type | UF_DONT_EXPIRE_PASSWD; -#ifndef ENCTYPE_ARCFOUR_HMAC - acct_control |= UF_USE_DES_KEY_ONLY; -#endif - if (!(controlstr = talloc_asprintf(ctx, "%u", acct_control))) { - goto done; - } - /* now do the mods */ if (!(mods = ads_init_mods(ctx))) { @@ -1153,7 +1145,6 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) ads_mod_str(ctx, &mods, "userPrincipalName", host_upn); ads_mod_str(ctx, &mods, "operatingSystem", "Samba"); ads_mod_str(ctx, &mods, "operatingSystemVersion", SAMBA_VERSION_STRING); - ads_mod_str(ctx, &mods, "userAccountControl", controlstr); #endif status = ads_gen_mod(ads_s, new_dn, mods); -- cgit From b16bdf985d59dd23b18fcd36a6f39e486bafb80d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 14 May 2006 12:58:52 +0000 Subject: r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb flags on the setuserinfo(), not the createuser info call (This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e) --- source3/utils/net_ads.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b1790ea898..90738f2031 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -917,7 +917,7 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; - uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP; + uint32 acb_info = ACB_WSTRUST; uchar pwbuf[516]; SAM_USERINFO_CTR ctr; SAM_USER_INFO_24 p24; @@ -949,9 +949,7 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, strlower_m(acct_name); const_acct_name = acct_name; -#ifndef ENCTYPE_ARCFOUR_HMAC - acb_info |= ACB_USE_DES_KEY_ONLY; -#endif + /* Don't try to set any acb_info flags other than ACB_WSTRUST */ status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, 0xe005000b, &user_pol, &user_rid); @@ -1026,10 +1024,14 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, ctr.switch_value = 16; ctr.info.id16 = &p16; - init_sam_user_info16(&p16, acb_info); + /* Fill in the additional account flags now */ - /* Ignoring the return value is necessary for joining a domain - as a normal user with "Add workstation to domain" privilege. */ + acb_info |= ACB_PWNOEXP; +#ifndef ENCTYPE_ARCFOUR_HMAC + acb_info |= ACB_USE_DES_KEY_ONLY; +#endif + + init_sam_user_info16(&p16, acb_info); status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, &cli->user_session_key, &ctr); -- cgit From 13bc6d4666a60f4f6566086bc199b14470c2b1b2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 18 May 2006 04:13:07 +0000 Subject: r15680: use the user creds when calling net_set_machine_spn() rather than the machine creds (just like WinXP) (This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5) --- source3/utils/net_ads.c | 79 ++++++++++--------------------------------------- 1 file changed, 15 insertions(+), 64 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 90738f2031..fc62558320 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1143,11 +1143,6 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); -#if 0 - ads_mod_str(ctx, &mods, "userPrincipalName", host_upn); - ads_mod_str(ctx, &mods, "operatingSystem", "Samba"); - ads_mod_str(ctx, &mods, "operatingSystemVersion", SAMBA_VERSION_STRING); -#endif status = ads_gen_mod(ads_s, new_dn, mods); @@ -1164,7 +1159,6 @@ done: static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) { - ADS_STRUCT *ads_s = ads; ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); char *dn, *ou_str; LDAPMessage *res = NULL; @@ -1173,40 +1167,19 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); free(ou_str); - if ( !ads->ld ) { - ads_s = ads_init( ads->config.realm, NULL, ads->config.ldap_server_name ); - - if ( ads_s ) { - rc = ads_connect( ads_s ); - } - - if ( !ADS_ERR_OK(rc) ) { - goto done; - } - } - rc = ads_search_dn(ads, (void**)&res, dn, NULL); ads_msgfree(ads, res); - if (!ADS_ERR_OK(rc)) { - goto done; - } - - /* Attempt to create the machine account and bail if this fails. - Assume that the admin wants exactly what they requested */ + if (ADS_ERR_OK(rc)) { + /* Attempt to create the machine account and bail if this fails. + Assume that the admin wants exactly what they requested */ - rc = ads_create_machine_acct( ads, global_myname(), dn ); - if ( rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS ) { - rc = ADS_SUCCESS; - goto done; - } - if ( !ADS_ERR_OK(rc) ) { - goto done; + rc = ads_create_machine_acct( ads, global_myname(), dn ); + if ( rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS ) { + rc = ADS_SUCCESS; + } } -done: - if ( ads_s != ads ) - ads_destroy( &ads_s ); SAFE_FREE( dn ); return rc; @@ -1218,7 +1191,7 @@ done: int net_ads_join(int argc, const char **argv) { - ADS_STRUCT *ads, *ads_s; + ADS_STRUCT *ads; ADS_STATUS status; char *machine_account = NULL; const char *short_domain_name = NULL; @@ -1311,38 +1284,16 @@ int net_ads_join(int argc, const char **argv) return -1; } - /* From here on out, use the machine account. But first delete any - existing tickets based on the user's creds. */ - - ads_kdestroy( NULL ); + /* create the dNSHostName & servicePrincipalName values */ - status = ADS_ERROR(LDAP_SERVER_DOWN); - ads_s = ads_init( ads->server.realm, ads->server.workgroup, ads->server.ldap_server ); - - if ( ads_s ) { - asprintf( &ads_s->auth.user_name, "%s$", global_myname() ); - ads_s->auth.password = secrets_fetch_machine_password( short_domain_name, NULL, NULL ); - ads_s->auth.realm = SMB_STRDUP( lp_realm() ); - ads_kinit_password( ads_s ); - status = ads_connect( ads_s ); - } - if ( !ADS_ERR_OK(status) ) { - d_fprintf( stderr, "LDAP bind using machine credentials failed!\n"); - d_fprintf(stderr, "Only NTLM authentication will be possible.\n"); - } else { - /* create the dNSHostName & servicePrincipalName values */ - - status = net_set_machine_spn( ctx, ads_s ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf(stderr, "Failed to set servicePrincipalNames.\n"); - d_fprintf(stderr, "Only NTLM authentication will be possible.\n"); + status = net_set_machine_spn( ctx, ads ); + if ( !ADS_ERR_OK(status) ) { + d_fprintf(stderr, "Failed to set servicePrincipalNames. Only NTLM authentication will be possible.\n"); + d_fprintf(stderr, "Please ensure that the DNS domain of this server matches the AD domain,\n"); + d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n"); - /* don't fail */ - } + /* don't fail */ } - - ads_destroy( &ads_s ); - #if defined(HAVE_KRB5) if (asprintf(&machine_account, "%s$", global_myname()) == -1) { -- cgit From 463e7c11711e0c511d81c892e4be621ea3bfe8b1 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 18 May 2006 20:12:45 +0000 Subject: r15701: change 'net ads leave' to disable the machine account in the domain (since removal implies greater permissions that Windows clients require) (This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02) --- source3/utils/net_ads.c | 267 ++++++++++-------------------------------------- 1 file changed, 55 insertions(+), 212 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index fc62558320..10831c878b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -26,6 +26,7 @@ /* Macro for checking RPC error codes to make things more readable */ +#if 0 #define CHECK_RPC_ERR(rpc, msg) \ if (!NT_STATUS_IS_OK(result = rpc)) { \ DEBUG(0, (msg ": %s\n", nt_errstr(result))); \ @@ -38,6 +39,7 @@ goto done; \ } +#endif #ifdef HAVE_ADS int net_ads_usage(int argc, const char **argv) @@ -746,35 +748,70 @@ static int net_ads_status(int argc, const char **argv) return 0; } +/******************************************************************* + Leave an AD domain. Windows XP disables the machine account. + We'll try the same. The old code would do an LDAP delete. + That only worked using the machine creds because added the machine + with full control to the computer object's ACL. +*******************************************************************/ static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; - ADS_STATUS rc; + int ret = -1; + struct cli_state *cli = NULL; + TALLOC_CTX *ctx; + DOM_SID *dom_sid = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - if (!opt_password) { - net_use_machine_password(); + if (!(ctx = talloc_init("net_ads_leave"))) { + DEBUG(0, ("Could not initialise talloc context\n")); + return -1; } + /* The finds a DC and takes care of getting the + user creds if necessary */ + if (!(ads = ads_startup())) { return -1; } - rc = ads_leave_realm(ads, global_myname()); - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "Failed to delete host '%s' from the '%s' realm.\n", + /* make RPC calls here */ + + if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap_ip, + ads->config.ldap_server_name)) ) + { + goto done; + } + + saf_store( cli->server_domain, cli->desthost ); + + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) { + goto done; + } + + if ( !NT_STATUS_IS_OK(netdom_leave_domain( ctx, cli, dom_sid )) ) { + d_printf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", global_myname(), ads->config.realm); - ads_destroy(&ads); - return -1; + goto done; } + + d_printf("Disabled account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + + ret = 0; + +done: + if ( cli ) + cli_shutdown(cli); - d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm); ads_destroy(&ads); - return 0; + TALLOC_FREE( ctx ); + + return ret; } static int net_ads_join_ok(void) @@ -845,203 +882,6 @@ static int check_ads_config( void ) return 0; } -/******************************************************************* - Store the machine password and domain SID - ********************************************************************/ - -static int store_domain_account( const char *domain, DOM_SID *sid, const char *pw ) -{ - if (!secrets_store_domain_sid(domain, sid)) { - DEBUG(1,("Failed to save domain sid\n")); - return -1; - } - - if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) { - DEBUG(1,("Failed to save machine password\n")); - return -1; - } - - return 0; -} - -/******************************************************************* - ********************************************************************/ - -static NTSTATUS join_fetch_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid ) -{ - struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND lsa_pol; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *domain = NULL; - - if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) { - DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", - nt_errstr(status) )); - return status; - } - - status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, - &lsa_pol, 5, &domain, sid); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - rpccli_lsa_close(pipe_hnd, mem_ctx, &lsa_pol); - cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ - - /* Bail out if domain didn't get set. */ - if (!domain) { - DEBUG(0, ("Could not get domain name.\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -/******************************************************************* - Do the domain join - ********************************************************************/ - -static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli, - DOM_SID *dom_sid, const char *clear_pw ) -{ - struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND sam_pol, domain_pol, user_pol; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *acct_name; - const char *const_acct_name; - uint32 user_rid; - uint32 num_rids, *name_types, *user_rids; - uint32 flags = 0x3e8; - uint32 acb_info = ACB_WSTRUST; - uchar pwbuf[516]; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; - SAM_USER_INFO_16 p16; - uchar md4_trust_password[16]; - - /* Open the domain */ - - if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) { - DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", - nt_errstr(status) )); - return status; - } - - status = rpccli_samr_connect(pipe_hnd, mem_ctx, - SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - - status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - /* Create domain user */ - - acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); - strlower_m(acct_name); - const_acct_name = acct_name; - - /* Don't try to set any acb_info flags other than ACB_WSTRUST */ - - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, 0xe005000b, &user_pol, &user_rid); - - if ( !NT_STATUS_IS_OK(status) - && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) - { - d_fprintf(stderr, "Creation of workstation account failed\n"); - - /* If NT_STATUS_ACCESS_DENIED then we have a valid - username/password combo but the user does not have - administrator access. */ - - if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) - d_fprintf(stderr, "User specified does not have administrator privileges\n"); - - return status; - } - - /* We *must* do this.... don't ask... */ - - if (NT_STATUS_IS_OK(status)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); - } - - status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, - &domain_pol, flags, 1, &const_acct_name, - &num_rids, &user_rids, &name_types); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - if ( name_types[0] != SID_NAME_USER) { - DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0])); - return NT_STATUS_INVALID_WORKSTATION; - } - - user_rid = user_rids[0]; - - /* Open handle on user */ - - status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); - - /* Create a random machine account password */ - - E_md4hash( clear_pw, md4_trust_password); - encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE); - - /* Set password on machine account */ - - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - - init_sam_user_info24(&p24, (char *)pwbuf,24); - - ctr.switch_value = 24; - ctr.info.id24 = &p24; - - status = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, - 24, &cli->user_session_key, &ctr); - - /* Why do we have to try to (re-)set the ACB to be the same as what - we passed in the samr_create_dom_user() call? When a NT - workstation is joined to a domain by an administrator the - acb_info is set to 0x80. For a normal user with "Add - workstations to the domain" rights the acb_info is 0x84. I'm - not sure whether it is supposed to make a difference or not. NT - seems to cope with either value so don't bomb out if the set - userinfo2 level 0x10 fails. -tpot */ - - ZERO_STRUCT(ctr); - ctr.switch_value = 16; - ctr.info.id16 = &p16; - - /* Fill in the additional account flags now */ - - acb_info |= ACB_PWNOEXP; -#ifndef ENCTYPE_ARCFOUR_HMAC - acb_info |= ACB_USE_DES_KEY_ONLY; -#endif - - init_sam_user_info16(&p16, acb_info); - - status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, - &cli->user_session_key, &ctr); - - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); - cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ - - return status; -} - /******************************************************************* Do the domain join ********************************************************************/ @@ -1057,12 +897,15 @@ static int net_join_domain( TALLOC_CTX *ctx, const char *servername, saf_store( cli->server_domain, cli->desthost ); - if ( !NT_STATUS_IS_OK(join_fetch_domain_sid( ctx, cli, dom_sid )) ) + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, dom_sid )) ) goto done; - if ( !NT_STATUS_IS_OK(join_create_machine( ctx, cli, *dom_sid, password )) ) + if ( !NT_STATUS_IS_OK(netdom_join_domain( ctx, cli, *dom_sid, + password, ND_TYPE_AD )) ) + { goto done; - + } + ret = 0; done: @@ -1270,8 +1113,8 @@ int net_ads_join(int argc, const char **argv) neede to bootstrap winbindd's first connection to the DC to get the real short domain name --jerry */ - if ( (store_domain_account( lp_workgroup(), domain_sid, password ) == -1) - || (store_domain_account( short_domain_name, domain_sid, password ) == -1) ) + if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1) + || (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) ) { ads_destroy(&ads); return -1; -- cgit From ae4a2a2b9de61696093e75348e87e33acbe40d29 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 18 May 2006 22:13:03 +0000 Subject: r15703: Fix d_printf call. Guenther (This used to be commit 741602e03ad2404d4e38e55b9e5fd20b85fd205d) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 10831c878b..e701803d17 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -794,7 +794,7 @@ static int net_ads_leave(int argc, const char **argv) } if ( !NT_STATUS_IS_OK(netdom_leave_domain( ctx, cli, dom_sid )) ) { - d_printf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", + d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", global_myname(), ads->config.realm); goto done; } -- cgit From bf7a5433b4da564c5298e856cdd46383b8998bb2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 9 Jun 2006 10:50:28 +0000 Subject: r16115: Make "net ads changetrustpw" work again. (adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d) --- source3/utils/net_ads.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e701803d17..e82eece0f9 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1529,19 +1529,19 @@ int net_ads_changetrustpw(int argc, const char **argv) fstrcpy(my_name, global_myname()); strlower_m(my_name); - asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); - d_printf("Changing password for principal: HOST/%s\n", host_principal); + asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm); + d_printf("Changing password for principal: %s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { - d_fprintf(stderr, "Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret)); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; } - d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); + d_printf("Password change for principal %s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { d_printf("Attempting to update system keytab with new password.\n"); -- cgit From e942ca4e0a2a28ad5132abb2bf165f064d792c44 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 15 Jun 2006 16:09:31 +0000 Subject: r16261: Smaller fixes for net ads password. Guenther (This used to be commit 689ae22c80a890278610d9ada1eb4fa5e37bd5ce) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e82eece0f9..0393644494 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1472,7 +1472,7 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, NULL, NULL))) { + if (!(ads = ads_init(realm, opt_workgroup, NULL))) { return -1; } @@ -1496,7 +1496,7 @@ static int net_ads_password(int argc, const char **argv) ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, user, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { - d_fprintf(stderr, "Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret)); ads_destroy(&ads); return -1; } -- cgit From 300acb99ad9fcd4a36998d4ee4d8349478deca59 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Jun 2006 01:47:02 +0000 Subject: r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned int in a format string. Jeremy. (This used to be commit face01ef01e1a3c96eae17c56cadf01020d4cb46) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 0393644494..fabf36e252 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -863,8 +863,8 @@ static int check_ads_config( void ) if (strlen(global_myname()) > 15) { d_printf("Our netbios name can be at most 15 chars long, " - "\"%s\" is %d chars long\n", - global_myname(), strlen(global_myname())); + "\"%s\" is %u chars long\n", + global_myname(), (unsigned int)strlen(global_myname())); return -1; } -- cgit From 10252f270eae11c9f06f37b91831fcd00ceea2ef Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 21 Jun 2006 23:46:07 +0000 Subject: r16453: Fix another memleak. Guenther (This used to be commit 49fb1a3ebc44602302c347195752891bf28c7037) --- source3/utils/net_ads.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index fabf36e252..9d122a466b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -286,6 +286,7 @@ retry: goto retry; } else { DEBUG(0,("ads_connect: %s\n", ads_errstr(status))); + ads_destroy(&ads); return NULL; } } -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/utils/net_ads.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9d122a466b..bfbc80759a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -506,7 +506,8 @@ static int ads_user_info(int argc, const char **argv) return -1; } - grouplist = ldap_get_values(ads->ld, res, "memberOf"); + grouplist = ldap_get_values((LDAP *)ads->ld, + (LDAPMessage *)res, "memberOf"); if (grouplist) { int i; @@ -591,7 +592,7 @@ int net_ads_user(int argc, const char **argv) shortattrs, usergrp_display, disp_fields); ads_destroy(&ads); - return 0; + return ADS_ERR_OK(rc) ? 0 : -1; } return net_run_function(argc, argv, func, net_ads_user_usage); @@ -716,7 +717,7 @@ int net_ads_group(int argc, const char **argv) disp_fields); ads_destroy(&ads); - return 0; + return ADS_ERR_OK(rc) ? 0 : -1; } return net_run_function(argc, argv, func, net_ads_group_usage); } @@ -1011,7 +1012,7 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); free(ou_str); - rc = ads_search_dn(ads, (void**)&res, dn, NULL); + rc = ads_search_dn(ads, &res, dn, NULL); ads_msgfree(ads, res); if (ADS_ERR_OK(rc)) { @@ -1340,7 +1341,7 @@ static int net_ads_printer_publish(int argc, const char **argv) return -1; } - srv_dn = ldap_get_dn(ads->ld, res); + srv_dn = ldap_get_dn((LDAP *)ads->ld, (LDAPMessage *)res); srv_cn = ldap_explode_dn(srv_dn, 1); asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn); -- cgit From 060b155cd2f77e37086f97461f93e9ef1ff8dce2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 11 Jul 2006 18:45:22 +0000 Subject: r16952: New derive DES salt code and Krb5 keytab generation Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4) --- source3/utils/net_ads.c | 71 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 56 insertions(+), 15 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index bfbc80759a..99098dabdb 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1030,6 +1030,61 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) return rc; } +/************************************************************************ + ************************************************************************/ + +static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) +{ + uint32 domain_func; + ADS_STATUS status; + fstring salt; + char *std_salt; + LDAPMessage *res = NULL; + const char *machine_name = global_myname(); + + status = ads_domain_func_level( ads, &domain_func ); + if ( !ADS_ERR_OK(status) ) { + DEBUG(2,("Failed to determine domain functional level!\n")); + return False; + } + + /* go ahead and setup the default salt */ + + if ( (std_salt = kerberos_standard_des_salt()) == NULL ) { + DEBUG(0,("net_derive_salting_principal: failed to obtain stanard DES salt\n")); + return False; + } + + fstrcpy( salt, std_salt ); + SAFE_FREE( std_salt ); + + /* if it's a Windows functional domain, we have to look for the UPN */ + + if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { + char *upn; + int count; + + status = ads_find_machine_acct(ads, (void **)(void *)&res, machine_name); + if (!ADS_ERR_OK(status)) { + return False; + } + + if ( (count = ads_count_replies(ads, res)) != 1 ) { + DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); + return False; + } + + upn = ads_pull_string(ads, ctx, res, "userPrincipalName"); + if ( upn ) { + fstrcpy( salt, upn ); + } + + ads_msgfree(ads, res); + } + + return kerberos_secrets_store_des_salt( salt ); +} + /******************************************************************* join a domain using ADS (LDAP mods) ********************************************************************/ @@ -1140,30 +1195,16 @@ int net_ads_join(int argc, const char **argv) /* don't fail */ } -#if defined(HAVE_KRB5) - if (asprintf(&machine_account, "%s$", global_myname()) == -1) { - d_fprintf(stderr, "asprintf failed\n"); - ads_destroy(&ads); - return -1; - } - - if (!kerberos_derive_salting_principal(machine_account)) { + if ( !net_derive_salting_principal( ctx, ads ) ) { DEBUG(1,("Failed to determine salting principal\n")); ads_destroy(&ads); return -1; } - if (!kerberos_derive_cifs_salting_principals()) { - DEBUG(1,("Failed to determine salting principals\n")); - ads_destroy(&ads); - return -1; - } - /* Now build the keytab, using the same ADS connection */ if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { DEBUG(1,("Error creating host keytab!\n")); } -#endif d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); -- cgit From 9c160dd9a7c88afaac7570581062060271b6f757 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Jul 2006 11:04:47 +0000 Subject: r17086: Re-add ability to contact remote domain controllers with the "net ads" toolset. In 3.0.23 all those commands have been limited to the DC of our primary domain. Also distinguish calls that may go to remote DCs (search, info, lookup, etc.) from those that should only go to our primary domain (join, leave, etc.). Guenther (This used to be commit d573e64781667993478a289580fa65c34e847f64) --- source3/utils/net_ads.c | 99 +++++++++++++++++++++++++++++++------------------ 1 file changed, 62 insertions(+), 37 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 99098dabdb..5e84f229aa 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -80,6 +80,17 @@ int net_ads_usage(int argc, const char **argv) return -1; } +/* when we do not have sufficient input parameters to contact a remote domain + * we always fall back to our own realm - Guenther*/ + +static const char *assume_own_realm(void) +{ + if (!opt_host && strequal(lp_workgroup(), opt_target_workgroup)) { + return lp_realm(); + } + + return NULL; +} /* do a cldap netlogon query @@ -161,10 +172,7 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; - const char *realm = NULL; - - if ( strequal(lp_workgroup(), opt_target_workgroup ) ) - realm = lp_realm(); + const char *realm = assume_own_realm(); ads = ads_init(realm, opt_target_workgroup, opt_host); if (ads) { @@ -190,8 +198,9 @@ static int net_ads_lookup(int argc, const char **argv) static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; + const char *realm = assume_own_realm(); - if ( (ads = ads_init(lp_realm(), opt_target_workgroup, opt_host)) != NULL ) { + if ( (ads = ads_init(realm, opt_target_workgroup, opt_host)) != NULL ) { ads->auth.flags |= ADS_AUTH_NO_BIND; } @@ -228,20 +237,25 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -static ADS_STRUCT *ads_startup(void) +static ADS_STRUCT *ads_startup(BOOL only_own_domain) { ADS_STRUCT *ads; ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; char *cp; + const char *realm = NULL; /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf and compares our realm with the remote server's so this is ok until someone needs more flexibility */ - - ads = ads_init(lp_realm(), opt_target_workgroup, opt_host); + + if (only_own_domain) { + realm = lp_realm(); + } + + ads = ads_init(realm, opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; @@ -299,12 +313,12 @@ retry: ads_startup() stores the password in opt_password if it needs to so that rpc or rap can use it without re-prompting. */ -int net_ads_check(void) +static int net_ads_check_int(const char *realm, const char *workgroup, const char *host) { ADS_STRUCT *ads; ADS_STATUS status; - if ( (ads = ads_init( lp_realm(), lp_workgroup(), NULL )) == NULL ) { + if ( (ads = ads_init( realm, workgroup, host )) == NULL ) { return -1; } @@ -319,6 +333,15 @@ int net_ads_check(void) return 0; } +int net_ads_check_our_domain(void) +{ + return net_ads_check_int(lp_realm(), lp_workgroup(), NULL); +} + +int net_ads_check(void) +{ + return net_ads_check_int(NULL, opt_workgroup, opt_host); +} /* determine the netbios workgroup name for a domain */ @@ -326,12 +349,9 @@ static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; - const char *realm = NULL; + const char *realm = assume_own_realm(); struct cldap_netlogon_reply reply; - if ( strequal(lp_workgroup(), opt_target_workgroup ) ) - realm = lp_realm(); - ads = ads_init(realm, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; @@ -405,7 +425,7 @@ static int ads_user_add(int argc, const char **argv) if (argc < 1) return net_ads_user_usage(argc, argv); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -490,7 +510,7 @@ static int ads_user_info(int argc, const char **argv) return -1; } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { SAFE_FREE(escaped_user); return -1; } @@ -537,7 +557,7 @@ static int ads_user_delete(int argc, const char **argv) return net_ads_user_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -577,7 +597,7 @@ int net_ads_user(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -614,7 +634,7 @@ static int ads_group_add(int argc, const char **argv) return net_ads_group_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -663,7 +683,7 @@ static int ads_group_delete(int argc, const char **argv) return net_ads_group_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -702,7 +722,7 @@ int net_ads_group(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -728,7 +748,7 @@ static int net_ads_status(int argc, const char **argv) ADS_STATUS rc; void *res; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -777,7 +797,7 @@ static int net_ads_leave(int argc, const char **argv) /* The finds a DC and takes care of getting the user creds if necessary */ - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -827,7 +847,7 @@ static int net_ads_join_ok(void) net_use_machine_password(); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1105,7 +1125,7 @@ int net_ads_join(int argc, const char **argv) return -1; } - if ( (ads = ads_startup()) == NULL ) { + if ( (ads = ads_startup(True)) == NULL ) { return -1; } @@ -1244,7 +1264,7 @@ static int net_ads_printer_search(int argc, const char **argv) ADS_STATUS rc; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1277,7 +1297,7 @@ static int net_ads_printer_info(int argc, const char **argv) const char *servername, *printername; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1336,7 +1356,7 @@ static int net_ads_printer_publish(int argc, const char **argv) char *prt_dn, *srv_dn, **srv_cn; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1419,7 +1439,7 @@ static int net_ads_printer_remove(int argc, const char **argv) char *prt_dn; void *res = NULL; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1515,7 +1535,7 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, opt_workgroup, NULL))) { + if (!(ads = ads_init(realm, opt_workgroup, opt_host))) { return -1; } @@ -1566,7 +1586,7 @@ int net_ads_changetrustpw(int argc, const char **argv) use_in_memory_ccache(); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } @@ -1631,7 +1651,7 @@ static int net_ads_search(int argc, const char **argv) return net_ads_search_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1691,7 +1711,7 @@ static int net_ads_dn(int argc, const char **argv) return net_ads_dn_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1751,7 +1771,7 @@ static int net_ads_sid(int argc, const char **argv) return net_ads_sid_usage(argc, argv); } - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(False))) { return -1; } @@ -1808,7 +1828,7 @@ static int net_ads_keytab_flush(int argc, const char **argv) int ret; ADS_STRUCT *ads; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } ret = ads_keytab_flush(ads); @@ -1823,7 +1843,7 @@ static int net_ads_keytab_add(int argc, const char **argv) ADS_STRUCT *ads; d_printf("Processing principals to add...\n"); - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } for (i = 0; i < argc; i++) { @@ -1838,7 +1858,7 @@ static int net_ads_keytab_create(int argc, const char **argv) ADS_STRUCT *ads; int ret; - if (!(ads = ads_startup())) { + if (!(ads = ads_startup(True))) { return -1; } ret = ads_keytab_create_default(ads); @@ -1961,6 +1981,11 @@ int net_ads_check(void) return -1; } +int net_ads_check_our_domain(void) +{ + return -1; +} + int net_ads(int argc, const char **argv) { return net_ads_usage(argc, argv); -- cgit From 02f272f3c65b63e80cced94e499e9b18c6e6b005 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 19 Jul 2006 20:56:11 +0000 Subject: r17149: Fail the join if we cannot set any SPNs for the machine account. Disable the one we created and whine. (This used to be commit 1a7e81a4a8955e643d1c8a54365221a9e2ed8a12) --- source3/utils/net_ads.c | 42 ++++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 24 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5e84f229aa..54998592db 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -24,22 +24,6 @@ #include "includes.h" #include "utils/net.h" -/* Macro for checking RPC error codes to make things more readable */ - -#if 0 -#define CHECK_RPC_ERR(rpc, msg) \ - if (!NT_STATUS_IS_OK(result = rpc)) { \ - DEBUG(0, (msg ": %s\n", nt_errstr(result))); \ - goto done; \ - } - -#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \ - if (!NT_STATUS_IS_OK(result = rpc)) { \ - DEBUG(0, debug_args); \ - goto done; \ - } - -#endif #ifdef HAVE_ADS int net_ads_usage(int argc, const char **argv) @@ -1208,11 +1192,24 @@ int net_ads_join(int argc, const char **argv) status = net_set_machine_spn( ctx, ads ); if ( !ADS_ERR_OK(status) ) { - d_fprintf(stderr, "Failed to set servicePrincipalNames. Only NTLM authentication will be possible.\n"); - d_fprintf(stderr, "Please ensure that the DNS domain of this server matches the AD domain,\n"); - d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n"); - /* don't fail */ + d_fprintf(stderr, "Failed to set servicePrincipalNames. Please ensure that\n"); + d_fprintf(stderr, "the DNS domain of this server matches the AD domain,\n"); + d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n"); + + /* Disable the machine account in AD. Better to fail than to leave + a confused admin. */ + + if ( net_ads_leave( 0, NULL ) != 0 ) { + d_fprintf( stderr, "Failed to disable machine account in AD. Please do so manually.\n"); + } + + /* clear out the machine password */ + + netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); + netdom_store_machine_account( short_domain_name, domain_sid, "" ); + + return -1; } if ( !net_derive_salting_principal( ctx, ads ) ) { @@ -1891,15 +1888,12 @@ int net_ads_help(int argc, const char **argv) {"GROUP", net_ads_group_usage}, {"PRINTER", net_ads_printer_usage}, {"SEARCH", net_ads_search_usage}, -#if 0 {"INFO", net_ads_info}, {"JOIN", net_ads_join}, - {"JOIN2", net_ads_join2}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, {"PASSWORD", net_ads_password}, {"CHANGETRUSTPW", net_ads_changetrustpw}, -#endif {NULL, NULL} }; @@ -1991,4 +1985,4 @@ int net_ads(int argc, const char **argv) return net_ads_usage(argc, argv); } -#endif +#endif /* WITH_ADS */ -- cgit From 188e7ac75669bf6cacfe19150b2eb3ae8f650029 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 20 Jul 2006 14:39:06 +0000 Subject: r17158: Add two new options to 'net ads join' * createupn=[host_upn@realm] * createcomputer= (this was previously the only arg) (This used to be commit 75054e984e5ca7249b1327630db9d09da974a54e) --- source3/utils/net_ads.c | 126 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 114 insertions(+), 12 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 54998592db..31a6b80912 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -928,7 +928,7 @@ done: static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) { ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *host_upn, *new_dn; + char *new_dn; ADS_MODLIST mods; const char *servicePrincipalName[3] = {NULL, NULL, NULL}; char *psp; @@ -964,9 +964,7 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) return ADS_ERROR(LDAP_NO_MEMORY); } - /* Windows only creates HOST/shortname & HOST/fqdn. We create - the UPN as well so that 'kinit -k' will work. You can only - request a TGT for entries with a UPN in AD. */ + /* Windows only creates HOST/shortname & HOST/fqdn. */ if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) ) goto done; @@ -979,9 +977,63 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) goto done; servicePrincipalName[1] = psp; - if (!(host_upn = talloc_asprintf(ctx, "%s@%s", servicePrincipalName[0], ads_s->config.realm))) + if (!(mods = ads_init_mods(ctx))) { goto done; + } + + /* fields of primary importance */ + + ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); + ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); + + status = ads_gen_mod(ads_s, new_dn, mods); + +done: + ads_msgfree(ads_s, res); + + return status; +} + +/******************************************************************* + Set a machines dNSHostName and servicePrincipalName attributes + ********************************************************************/ +static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *upn ) +{ + ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); + char *new_dn; + ADS_MODLIST mods; + LDAPMessage *res = NULL; + char *dn_string = NULL; + const char *machine_name = global_myname(); + int count; + + if ( !machine_name ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* Find our DN */ + + status = ads_find_machine_acct(ads_s, (void **)(void *)&res, machine_name); + if (!ADS_ERR_OK(status)) + return status; + + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { + DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { + DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); + goto done; + } + + new_dn = talloc_strdup(ctx, dn_string); + ads_memfree(ads_s, dn_string); + if (!new_dn) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + /* now do the mods */ if (!(mods = ads_init_mods(ctx))) { @@ -990,8 +1042,7 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) /* fields of primary importance */ - ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); - ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); + ads_mod_str(ctx, &mods, "userPrincipalName", upn); status = ads_gen_mod(ads_s, new_dn, mods); @@ -1001,7 +1052,6 @@ done: return status; } - /******************************************************************* join a domain using ADS (LDAP mods) ********************************************************************/ @@ -1089,6 +1139,19 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) return kerberos_secrets_store_des_salt( salt ); } +/********************************************************* + utility function to parse an integer parameter from + "parameter = value" +**********************************************************/ +static char* get_string_param( const char* param ) +{ + char *p; + + if ( (p = strchr( param, '=' )) == NULL ) + return NULL; + + return (p+1); +} /******************************************************************* join a domain using ADS (LDAP mods) ********************************************************************/ @@ -1103,6 +1166,10 @@ int net_ads_join(int argc, const char **argv) struct cldap_netlogon_reply cldap_reply; TALLOC_CTX *ctx; DOM_SID *domain_sid = NULL; + BOOL createupn = False; + const char *machineupn = NULL; + const char *create_in_ou = NULL; + int i; if ( check_ads_config() != 0 ) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); @@ -1126,11 +1193,30 @@ int net_ads_join(int argc, const char **argv) return -1; } - /* If we were given an OU, try to create the machine in the OU account - first and then do the normal RPC join */ + /* process additional command line args */ + + for ( i=0; i 0 ) { - status = net_precreate_machine_acct( ads, argv[0] ); + if ( create_in_ou ) { + status = net_precreate_machine_acct( ads, create_in_ou ); if ( !ADS_ERR_OK(status) ) { d_fprintf( stderr, "Failed to pre-create the machine object " "in OU %s.\n", argv[0]); @@ -1218,6 +1304,22 @@ int net_ads_join(int argc, const char **argv) return -1; } + if ( createupn ) { + pstring upn; + + /* default to using the short UPN name */ + if ( !machineupn ) { + snprintf( upn, sizeof(upn), "host/%s@%s", global_myname(), + ads->config.realm ); + machineupn = upn; + } + + status = net_set_machine_upn( ctx, ads, machineupn ); + if ( !ADS_ERR_OK(status) ) { + d_fprintf(stderr, "Failed to set userPrincipalName. Are you a Domain Admin?\n"); + } + } + /* Now build the keytab, using the same ADS connection */ if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { DEBUG(1,("Error creating host keytab!\n")); -- cgit From 20c09b75faff9c231cf0fa0cc96ed58b9e6416bd Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 26 Jul 2006 15:26:51 +0000 Subject: r17258: Cleanup the 'net ads help join' output and document createupn and createcomputer options (This used to be commit 87be77bf35635fc925e1be36073571f8c6ec3e81) --- source3/utils/net_ads.c | 81 ++++++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 35 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 31a6b80912..dcbd53bafc 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -28,39 +28,34 @@ int net_ads_usage(int argc, const char **argv) { - d_printf( -"\nnet ads join "\ -"\n\tjoins the local machine to a ADS realm\n"\ -"\nnet ads leave"\ -"\n\tremoves the local machine from a ADS realm\n"\ -"\nnet ads testjoin"\ -"\n\ttests that an exiting join is OK\n"\ -"\nnet ads user"\ -"\n\tlist, add, or delete users in the realm\n"\ -"\nnet ads group"\ -"\n\tlist, add, or delete groups in the realm\n"\ -"\nnet ads info"\ -"\n\tshows some info on the server\n"\ -"\nnet ads status"\ -"\n\tdump the machine account details to stdout\n" -"\nnet ads lookup"\ -"\n\tperform a CLDAP search on the server\n" -"\nnet ads password -Uadmin_username@realm%%admin_pass"\ -"\n\tchange a user's password using an admin account"\ -"\n\t(note: use realm in UPPERCASE, prompts if password is obmitted)\n"\ -"\nnet ads changetrustpw"\ -"\n\tchange the trust account password of this machine in the AD tree\n"\ -"\nnet ads printer [info | publish | remove] "\ -"\n\t lookup, add, or remove directory entry for a printer\n"\ -"\nnet ads search"\ -"\n\tperform a raw LDAP search and dump the results\n" -"\nnet ads dn"\ -"\n\tperform a raw LDAP search and dump attributes of a particular DN\n" -"\nnet ads sid"\ -"\n\tperform a raw LDAP search and dump attributes of a particular SID\n" -"\nnet ads keytab"\ -"\n\tcreates and updates the kerberos system keytab file\n" - ); + d_printf("join [createupn[=principal]] [createcomputer=]\n"); + d_printf(" Join the local machine to a ADS realm\n"); + d_printf("leave\n"); + d_printf(" Remove the local machine from a ADS realm\n"); + d_printf("testjoin\n"); + d_printf(" Validates the machine account in the domain\n"); + d_printf("user\n"); + d_printf(" List, add, or delete users in the realm\n"); + d_printf("group\n"); + d_printf(" List, add, or delete groups in the realm\n"); + d_printf("info\n"); + d_printf(" Displays details regarding a specific AD server\n"); + d_printf("status\n"); + d_printf(" Display details regarding the machine's account in AD\n"); + d_printf("lookup\n"); + d_printf(" Performs CLDAP query of AD domain controllers\n"); + d_printf("password -Uadmin_username@realm%%admin_pass\n"); + d_printf(" Change a user's password using an admin account\n"); + d_printf(" (note: use realm in UPPERCASE, prompts if password is obmitted)\n"); + d_printf("changetrustpw\n"); + d_printf(" Change the trust account password of this machine in the AD tree\n"); + d_printf("printer [info | publish | remove] \n"); + d_printf(" Lookup, add, or remove directory entry for a printer\n"); + d_printf("{search,dn,sid}\n"); + d_printf(" Issue LDAP search queries using a general filter, by DN, or by SID\n"); + d_printf("keytab\n"); + d_printf(" Manage a local keytab file based on the machine account in AD\n"); + return -1; } @@ -1152,8 +1147,24 @@ static char* get_string_param( const char* param ) return (p+1); } + +/******************************************************************* + ********************************************************************/ + +static int net_ads_join_usage(int argc, const char **argv) +{ + d_printf("net ads join [options]\n"); + d_printf("Valid options:\n"); + d_printf(" createupn[=UPN] Set the userPrincipalName attribute during the join.\n"); + d_printf(" The deault UPN is in the form host/netbiosname@REALM.\n"); + d_printf(" createcomputer=OU Precreate the computer account in a specific OU.\n"); + d_printf(" The OU string read from top to bottom without RDNs and delimited by a '/'.\n"); + d_printf(" E.g. \"createcomputer=Computers/Servers/Unix\"\n"); + + return -1; +} + /******************************************************************* - join a domain using ADS (LDAP mods) ********************************************************************/ int net_ads_join(int argc, const char **argv) @@ -1991,7 +2002,7 @@ int net_ads_help(int argc, const char **argv) {"PRINTER", net_ads_printer_usage}, {"SEARCH", net_ads_search_usage}, {"INFO", net_ads_info}, - {"JOIN", net_ads_join}, + {"JOIN", net_ads_join_usage}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, {"PASSWORD", net_ads_password}, -- cgit From e5f6544df10ca923d9408de9df1cedbabb2987af Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 3 Aug 2006 12:41:20 +0000 Subject: r17383: Patch from Michael Adams to catch some memory leaks on error paths in net_ads_join() (This used to be commit 24de2d83ff1d27400a89985126edee588bc415f3) --- source3/utils/net_ads.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index dcbd53bafc..f01f7ac33b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1169,7 +1169,7 @@ static int net_ads_join_usage(int argc, const char **argv) int net_ads_join(int argc, const char **argv) { - ADS_STRUCT *ads; + ADS_STRUCT *ads = NULL; ADS_STATUS status; char *machine_account = NULL; const char *short_domain_name = NULL; @@ -1184,24 +1184,23 @@ int net_ads_join(int argc, const char **argv) if ( check_ads_config() != 0 ) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); - return -1; + goto fail; } if ( (ads = ads_startup(True)) == NULL ) { - return -1; + goto fail; } if (strcmp(ads->config.realm, lp_realm()) != 0) { d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf " "(%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); - ads_destroy(&ads); - return -1; + goto fail; } if (!(ctx = talloc_init("net_ads_join"))) { DEBUG(0, ("Could not initialise talloc context\n")); - return -1; + goto fail; } /* process additional command line args */ @@ -1214,12 +1213,12 @@ int net_ads_join(int argc, const char **argv) else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) { if ( (create_in_ou = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a valid OU path\n"); - return -1; + goto fail; } } else { d_fprintf(stderr, "Bad option: %s\n", argv[i]); - return -1; + goto fail; } } @@ -1231,8 +1230,7 @@ int net_ads_join(int argc, const char **argv) if ( !ADS_ERR_OK(status) ) { d_fprintf( stderr, "Failed to pre-create the machine object " "in OU %s.\n", argv[0]); - ads_destroy( &ads ); - return -1; + goto fail; } } @@ -1243,7 +1241,7 @@ int net_ads_join(int argc, const char **argv) if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) { d_fprintf(stderr, "Failed to join domain!\n"); - return -1; + goto fail; } /* Check the short name of the domain */ @@ -1274,15 +1272,14 @@ int net_ads_join(int argc, const char **argv) if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1) || (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) ) { - ads_destroy(&ads); - return -1; + goto fail; } /* Verify that everything is ok */ if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap_ip) != 0 ) { d_fprintf(stderr, "Failed to verify membership in domain!\n"); - return -1; + goto fail; } /* create the dNSHostName & servicePrincipalName values */ @@ -1306,13 +1303,12 @@ int net_ads_join(int argc, const char **argv) netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); netdom_store_machine_account( short_domain_name, domain_sid, "" ); - return -1; + goto fail; } if ( !net_derive_salting_principal( ctx, ads ) ) { DEBUG(1,("Failed to determine salting principal\n")); - ads_destroy(&ads); - return -1; + goto fail; } if ( createupn ) { @@ -1343,6 +1339,10 @@ int net_ads_join(int argc, const char **argv) ads_destroy(&ads); return 0; + +fail: + ads_destroy(&ads); + return -1; } /******************************************************************* -- cgit From c804dd01171903440cd2c90153d62ab549d6b800 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Aug 2006 09:53:16 +0000 Subject: r17551: Move some DEBUG to d_printf in interactive functions and return NO_LOGON_SERVERS if no domain controller was found. Thanks to Michael Adam . Volker (This used to be commit d44599de3a61707a32851f37ddfb2425949622f8) --- source3/utils/net_ads.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f01f7ac33b..37bdd4e456 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -278,7 +278,7 @@ retry: second_time = True; goto retry; } else { - DEBUG(0,("ads_connect: %s\n", ads_errstr(status))); + d_printf("%s.\n", ads_errstr(status)); ads_destroy(&ads); return NULL; } @@ -542,7 +542,7 @@ static int ads_user_delete(int argc, const char **argv) rc = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(rc)) { - DEBUG(0, ("User %s does not exist\n", argv[0])); + d_printf("User %s does not exist.\n", argv[0]); ads_destroy(&ads); return -1; } @@ -668,7 +668,7 @@ static int ads_group_delete(int argc, const char **argv) rc = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(rc)) { - DEBUG(0, ("Group %s does not exist\n", argv[0])); + d_printf("Group %s does not exist.\n", argv[0]); ads_destroy(&ads); return -1; } @@ -769,7 +769,7 @@ static int net_ads_leave(int argc, const char **argv) } if (!(ctx = talloc_init("net_ads_leave"))) { - DEBUG(0, ("Could not initialise talloc context\n")); + d_fprintf(stderr, "Could not initialise talloc context.\n"); return -1; } @@ -1100,7 +1100,7 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) /* go ahead and setup the default salt */ if ( (std_salt = kerberos_standard_des_salt()) == NULL ) { - DEBUG(0,("net_derive_salting_principal: failed to obtain stanard DES salt\n")); + d_fprintf(stderr, "net_derive_salting_principal: failed to obtain stanard DES salt\n"); return False; } @@ -1199,7 +1199,7 @@ int net_ads_join(int argc, const char **argv) } if (!(ctx = talloc_init("net_ads_join"))) { - DEBUG(0, ("Could not initialise talloc context\n")); + d_fprintf(stderr, "Could not initialise talloc context.\n"); goto fail; } @@ -1240,7 +1240,8 @@ int net_ads_join(int argc, const char **argv) password = talloc_strdup(ctx, tmp_password); if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) { - d_fprintf(stderr, "Failed to join domain!\n"); + /* There should be more detailed output here... */ + d_fprintf(stderr, "call of net_join_domain failed\n"); goto fail; } @@ -1341,6 +1342,8 @@ int net_ads_join(int argc, const char **argv) return 0; fail: + /* issue an overall failure message at the end. */ + d_printf("Failed to join domain!\n"); ads_destroy(&ads); return -1; } -- cgit From db21dceb43a0bb049fa87cc5c30861e3a5a53cd2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Aug 2006 14:27:20 +0000 Subject: r17557: Change net_join_domain to return NTSTATUS instead of int. Thanks to Michael Adam . Volker (This used to be commit c4e10afadb39ff562287ab2294df0a1f83b28908) --- source3/utils/net_ads.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 37bdd4e456..8b8790a1f0 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -887,27 +887,26 @@ static int check_ads_config( void ) Do the domain join ********************************************************************/ -static int net_join_domain( TALLOC_CTX *ctx, const char *servername, - struct in_addr *ip, DOM_SID **dom_sid, const char *password ) +static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, + struct in_addr *ip, DOM_SID **dom_sid, + const char *password) { - int ret = -1; + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; struct cli_state *cli = NULL; - if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, ip, servername)) ) + ret = connect_to_ipc_krb5(&cli, ip, servername); + if ( !NT_STATUS_IS_OK(ret) ) { goto done; + } saf_store( cli->server_domain, cli->desthost ); - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, dom_sid )) ) - goto done; - - if ( !NT_STATUS_IS_OK(netdom_join_domain( ctx, cli, *dom_sid, - password, ND_TYPE_AD )) ) - { + ret = netdom_get_domain_sid( ctx, cli, dom_sid ); + if ( !NT_STATUS_IS_OK(ret) ) { goto done; } - - ret = 0; + + ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD ); done: if ( cli ) @@ -1171,6 +1170,7 @@ int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS status; + NTSTATUS nt_status; char *machine_account = NULL; const char *short_domain_name = NULL; char *tmp_password, *password; @@ -1239,9 +1239,10 @@ int net_ads_join(int argc, const char **argv) tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = talloc_strdup(ctx, tmp_password); - if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) { - /* There should be more detailed output here... */ - d_fprintf(stderr, "call of net_join_domain failed\n"); + nt_status = net_join_domain(ctx, ads->config.ldap_server_name, + &ads->ldap_ip, &domain_sid, password); + if ( !NT_STATUS_IS_OK(nt_status) ) { + d_fprintf(stderr, "call of net_join_domain failed: %s\n", nt_errstr(nt_status)); goto fail; } -- cgit From 20ad622b9888aa2021786498e91d144400d31b4c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 17 Aug 2006 12:44:59 +0000 Subject: r17585: Don't let ads_status throw away the error information. Thanks to Michael Adam . Volker (This used to be commit ea3a4142a0f2140d8743a50518ae94df2d84d972) --- source3/utils/net_ads.c | 83 +++++++++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 38 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8b8790a1f0..bc17e1d66b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -216,9 +216,8 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -static ADS_STRUCT *ads_startup(BOOL only_own_domain) +static ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) { - ADS_STRUCT *ads; ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; @@ -234,7 +233,7 @@ static ADS_STRUCT *ads_startup(BOOL only_own_domain) realm = lp_realm(); } - ads = ads_init(realm, opt_target_workgroup, opt_host); + *ads = ads_init(realm, opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; @@ -254,23 +253,23 @@ retry: if (opt_password) { use_in_memory_ccache(); - ads->auth.password = smb_xstrdup(opt_password); + (*ads)->auth.password = smb_xstrdup(opt_password); } - ads->auth.user_name = smb_xstrdup(opt_user_name); + (*ads)->auth.user_name = smb_xstrdup(opt_user_name); /* * If the username is of the form "name@realm", * extract the realm and convert to upper case. * This is only used to establish the connection. */ - if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) { + if ((cp = strchr_m((*ads)->auth.user_name, '@'))!=0) { *cp++ = '\0'; - ads->auth.realm = smb_xstrdup(cp); - strupper_m(ads->auth.realm); + (*ads)->auth.realm = smb_xstrdup(cp); + strupper_m((*ads)->auth.realm); } - status = ads_connect(ads); + status = ads_connect(*ads); if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { @@ -278,12 +277,10 @@ retry: second_time = True; goto retry; } else { - d_printf("%s.\n", ads_errstr(status)); - ads_destroy(&ads); - return NULL; + ads_destroy(ads); } } - return ads; + return status; } @@ -404,7 +401,7 @@ static int ads_user_add(int argc, const char **argv) if (argc < 1) return net_ads_user_usage(argc, argv); - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -489,7 +486,7 @@ static int ads_user_info(int argc, const char **argv) return -1; } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { SAFE_FREE(escaped_user); return -1; } @@ -536,7 +533,7 @@ static int ads_user_delete(int argc, const char **argv) return net_ads_user_usage(argc, argv); } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -576,7 +573,7 @@ int net_ads_user(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -613,7 +610,7 @@ static int ads_group_add(int argc, const char **argv) return net_ads_group_usage(argc, argv); } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -662,7 +659,7 @@ static int ads_group_delete(int argc, const char **argv) return net_ads_group_usage(argc, argv); } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -701,7 +698,7 @@ int net_ads_group(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -727,7 +724,7 @@ static int net_ads_status(int argc, const char **argv) ADS_STATUS rc; void *res; - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } @@ -776,7 +773,7 @@ static int net_ads_leave(int argc, const char **argv) /* The finds a DC and takes care of getting the user creds if necessary */ - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } @@ -826,7 +823,7 @@ static int net_ads_join_ok(void) net_use_machine_password(); - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } @@ -1170,7 +1167,7 @@ int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS status; - NTSTATUS nt_status; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *machine_account = NULL; const char *short_domain_name = NULL; char *tmp_password, *password; @@ -1187,7 +1184,10 @@ int net_ads_join(int argc, const char **argv) goto fail; } - if ( (ads = ads_startup(True)) == NULL ) { + status = ads_startup(True, &ads); + if (!ADS_ERR_OK(status)) { + DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); + nt_status = ads_ntstatus(status); goto fail; } @@ -1218,6 +1218,7 @@ int net_ads_join(int argc, const char **argv) } else { d_fprintf(stderr, "Bad option: %s\n", argv[i]); + nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } } @@ -1230,6 +1231,9 @@ int net_ads_join(int argc, const char **argv) if ( !ADS_ERR_OK(status) ) { d_fprintf( stderr, "Failed to pre-create the machine object " "in OU %s.\n", argv[0]); + DEBUG(1, ("error calling net_precreate_machine_acct: %s\n", + ads_errstr(status))); + nt_status = ads_ntstatus(status); goto fail; } } @@ -1242,7 +1246,8 @@ int net_ads_join(int argc, const char **argv) nt_status = net_join_domain(ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password); if ( !NT_STATUS_IS_OK(nt_status) ) { - d_fprintf(stderr, "call of net_join_domain failed: %s\n", nt_errstr(nt_status)); + DEBUG(1, ("call of net_join_domain failed: %s\n", + get_friendly_nt_error_msg(nt_status))); goto fail; } @@ -1305,6 +1310,7 @@ int net_ads_join(int argc, const char **argv) netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); netdom_store_machine_account( short_domain_name, domain_sid, "" ); + nt_status = ads_ntstatus(status); goto fail; } @@ -1344,7 +1350,8 @@ int net_ads_join(int argc, const char **argv) fail: /* issue an overall failure message at the end. */ - d_printf("Failed to join domain!\n"); + d_printf("Failed to join domain: %s\n", + get_friendly_nt_error_msg(nt_status)); ads_destroy(&ads); return -1; } @@ -1378,7 +1385,7 @@ static int net_ads_printer_search(int argc, const char **argv) ADS_STATUS rc; void *res = NULL; - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -1411,7 +1418,7 @@ static int net_ads_printer_info(int argc, const char **argv) const char *servername, *printername; void *res = NULL; - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -1470,7 +1477,7 @@ static int net_ads_printer_publish(int argc, const char **argv) char *prt_dn, *srv_dn, **srv_cn; void *res = NULL; - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } @@ -1553,7 +1560,7 @@ static int net_ads_printer_remove(int argc, const char **argv) char *prt_dn; void *res = NULL; - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } @@ -1700,7 +1707,7 @@ int net_ads_changetrustpw(int argc, const char **argv) use_in_memory_ccache(); - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } @@ -1765,7 +1772,7 @@ static int net_ads_search(int argc, const char **argv) return net_ads_search_usage(argc, argv); } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -1825,7 +1832,7 @@ static int net_ads_dn(int argc, const char **argv) return net_ads_dn_usage(argc, argv); } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -1885,7 +1892,7 @@ static int net_ads_sid(int argc, const char **argv) return net_ads_sid_usage(argc, argv); } - if (!(ads = ads_startup(False))) { + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -1942,7 +1949,7 @@ static int net_ads_keytab_flush(int argc, const char **argv) int ret; ADS_STRUCT *ads; - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } ret = ads_keytab_flush(ads); @@ -1957,7 +1964,7 @@ static int net_ads_keytab_add(int argc, const char **argv) ADS_STRUCT *ads; d_printf("Processing principals to add...\n"); - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } for (i = 0; i < argc; i++) { @@ -1972,7 +1979,7 @@ static int net_ads_keytab_create(int argc, const char **argv) ADS_STRUCT *ads; int ret; - if (!(ads = ads_startup(True))) { + if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; } ret = ads_keytab_create_default(ads); -- cgit From 8b39f5ef37be33f8b9fb70eae11ae521545edea3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 17 Aug 2006 14:38:59 +0000 Subject: r17591: machine_account is unused, and ctx must be freed. Thanks Michael (This used to be commit a347f8a9c480cf09abac9144e04ab2b13457e3b0) --- source3/utils/net_ads.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index bc17e1d66b..eb72cdba3f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1168,11 +1168,10 @@ int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS status; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char *machine_account = NULL; const char *short_domain_name = NULL; char *tmp_password, *password; struct cldap_netlogon_reply cldap_reply; - TALLOC_CTX *ctx; + TALLOC_CTX *ctx = NULL; DOM_SID *domain_sid = NULL; BOOL createupn = False; const char *machineupn = NULL; @@ -1342,7 +1341,6 @@ int net_ads_join(int argc, const char **argv) d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); - SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); @@ -1353,6 +1351,7 @@ fail: d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status)); ads_destroy(&ads); + TALLOC_FREE( ctx ); return -1; } -- cgit From 01c77cefef0aa2e45384ee0fe9899b8b1d25ab66 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 18 Aug 2006 12:39:21 +0000 Subject: r17602: Make check_ads_config return NTSTATUS, set some error codes in net_ads_join. Thanks to Michael Adam Volker (This used to be commit 27cca861507afa9caf694ef89e543c86de01c2cd) --- source3/utils/net_ads.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index eb72cdba3f..8303e22a3b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -852,32 +852,33 @@ int net_ads_testjoin(int argc, const char **argv) Simple configu checks before beginning the join ********************************************************************/ -static int check_ads_config( void ) +static NTSTATUS check_ads_config( void ) { if (lp_server_role() != ROLE_DOMAIN_MEMBER ) { d_printf("Host is not configured as a member server.\n"); - return -1; + return NT_STATUS_INVALID_DOMAIN_ROLE; } if (strlen(global_myname()) > 15) { d_printf("Our netbios name can be at most 15 chars long, " - "\"%s\" is %u chars long\n", - global_myname(), (unsigned int)strlen(global_myname())); - return -1; + "\"%s\" is %u chars long\n", global_myname(), + (unsigned int)strlen(global_myname())); + return NT_STATUS_NAME_TOO_LONG; } if ( lp_security() == SEC_ADS && !*lp_realm()) { d_fprintf(stderr, "realm must be set in in smb.conf for ADS " "join to succeed.\n"); - return -1; + return NT_STATUS_INVALID_PARAMETER; } if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); - return -1; + /* This is a good bet for failure of secrets_init ... */ + return NT_STATUS_ACCESS_DENIED; } - return 0; + return NT_STATUS_OK; } /******************************************************************* @@ -1167,7 +1168,7 @@ int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS status; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + NTSTATUS nt_status; const char *short_domain_name = NULL; char *tmp_password, *password; struct cldap_netlogon_reply cldap_reply; @@ -1178,7 +1179,8 @@ int net_ads_join(int argc, const char **argv) const char *create_in_ou = NULL; int i; - if ( check_ads_config() != 0 ) { + nt_status = check_ads_config(); + if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); goto fail; } @@ -1194,11 +1196,13 @@ int net_ads_join(int argc, const char **argv) d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf " "(%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); + nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } if (!(ctx = talloc_init("net_ads_join"))) { d_fprintf(stderr, "Could not initialise talloc context.\n"); + nt_status = NT_STATUS_NO_MEMORY; goto fail; } @@ -1212,6 +1216,7 @@ int net_ads_join(int argc, const char **argv) else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) { if ( (create_in_ou = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a valid OU path\n"); + nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } } @@ -1278,6 +1283,9 @@ int net_ads_join(int argc, const char **argv) if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1) || (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) ) { + /* issue an internal error here for now. + * everything else would mean changing tdb routines. */ + nt_status = NT_STATUS_INTERNAL_ERROR; goto fail; } -- cgit From 900fe6a6258b441d54f88400996235ce25ab7f83 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 18 Aug 2006 12:45:51 +0000 Subject: r17603: Make net_ads_join_ok return NTSTATUS. Thanks to Michael Adam hop, hop, hop... ;-) Volker (This used to be commit 47facab798bdc6e20b2620972f1b8f2338fac239) --- source3/utils/net_ads.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8303e22a3b..2fbe088653 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -812,23 +812,25 @@ done: return ret; } -static int net_ads_join_ok(void) +static NTSTATUS net_ads_join_ok(void) { ADS_STRUCT *ads = NULL; + ADS_STATUS status; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); - return -1; + return NT_STATUS_ACCESS_DENIED; } net_use_machine_password(); - if (!ADS_ERR_OK(ads_startup(True, &ads))) { - return -1; + status = ads_startup(True, &ads); + if (!ADS_ERR_OK(status)) { + return ads_ntstatus(status); } ads_destroy(&ads); - return 0; + return NT_STATUS_OK; } /* @@ -836,11 +838,14 @@ static int net_ads_join_ok(void) */ int net_ads_testjoin(int argc, const char **argv) { + NTSTATUS status; use_in_memory_ccache(); /* Display success or failure */ - if (net_ads_join_ok() != 0) { - fprintf(stderr,"Join to domain is not valid\n"); + status = net_ads_join_ok(); + if (!NT_STATUS_IS_OK(status)) { + fprintf(stderr,"Join to domain is not valid: %s\n", + get_friendly_nt_error_msg(status)); return -1; } -- cgit From 5693e6c599a586b1bb19eea375c6b1e22526031c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 24 Aug 2006 15:43:32 +0000 Subject: r17798: Beginnings of a standalone libaddns library released under the LGPL. Original code by Krishna Ganugapati . Additional work by me. It's still got some warts, but non-secure updates do currently work. There are at least four things left to really clean up. 1. Change the memory management to use talloc() rather than malloc() and cleanup the leaks. 2. Fix the error code reporting (see initial changes to dnserr.h) 3. Fix the secure updates 4. Define a public interface in addns.h 5. Move the code in libads/dns.c into the libaddns/ directory (and under the LGPL). A few notes: * Enable the new code by compiling with --with-dnsupdate * Also adds the command 'net ads dns register' * Requires -luuid (included in the e2fsprogs-devel package). * Has only been tested on Linux platforms so there may be portability issues. (This used to be commit 36f04674aeefd93c5a0408b8967dcd48b86fdbc1) --- source3/utils/net_ads.c | 179 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 176 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2fbe088653..e6ad7c21b3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -55,6 +55,9 @@ int net_ads_usage(int argc, const char **argv) d_printf(" Issue LDAP search queries using a general filter, by DN, or by SID\n"); d_printf("keytab\n"); d_printf(" Manage a local keytab file based on the machine account in AD\n"); + d_printf("dns\n"); + d_printf(" Issue a dynamic DNS update request the server's hostname\n"); + d_printf(" (using the machine credentials)\n"); return -1; } @@ -1136,7 +1139,89 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) return kerberos_secrets_store_des_salt( salt ); } -/********************************************************* +/******************************************************************* + Send a DNS update request +*******************************************************************/ + +#if defined(WITH_DNS_UPDATES) +static BOOL net_update_dns( TALLOC_CTX *ctx, ADS_STRUCT *ads ) +{ + int num_addrs; + struct in_addr *iplist = NULL; + struct dns_rr_ns *nameservers = NULL; + int ns_count = 0; + int ret = 0; + NTSTATUS dns_status; + fstring machine_name; + fstring dns_server; + const char *dnsdomain; + ADS_STRUCT *ads_s = NULL; + + name_to_fqdn( machine_name, global_myname() ); + strlower_m( machine_name ); + + if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) { + d_printf("No DNS domain configured for %s. Unable to perform DNS Update.\n", + machine_name); + goto done; + } + dnsdomain++; + + dns_status = ads_dns_lookup_ns( ctx, dnsdomain, &nameservers, &ns_count ); + if ( !NT_STATUS_IS_OK(dns_status) || (ns_count == 0)) { + DEBUG(3,("net_ads_join: Failed to find name server for the %s realm\n", + ads->config.realm)); + goto done; + } + + /* Get our ip address (not the 127.0.0.x address but a real ip address) */ + + num_addrs = get_my_ip_address( &iplist ); + if ( num_addrs <= 0 ) { + DEBUG(4,("net_ads_join: Failed to find my non-loopback IP addresses!\n")); + ret = -1; + goto done; + } + + /* Drop the user creds */ + + ads_kdestroy( NULL ); + + ads_s = ads_init( ads->server.realm, ads->server.workgroup, ads->server.ldap_server ); + if ( !ads_s ) { + DEBUG(1,("net_ads_join: ads_init() failed!\n")); + ret = -1; + goto done; + } + + /* kinit with the machine password */ + + asprintf( &ads_s->auth.user_name, "%s$", global_myname() ); + ads_s->auth.password = secrets_fetch_machine_password( lp_workgroup(), NULL, NULL ); + ads_s->auth.realm = SMB_STRDUP( lp_realm() ); + ads_kinit_password( ads_s ); + + /* Now perform the dns update - we'll try non-secure and if we fail, we'll + follow it up with a secure update */ + + fstrcpy( dns_server, nameservers[0].hostname ); + + ret = DoDNSUpdate(dns_server, dnsdomain, machine_name, iplist, num_addrs ); + if ( ret ) { + DEBUG(1, ("Error creating dns update!\n")); + } + +done: + SAFE_FREE( iplist ); + if ( ads_s ) + ads_destroy( &ads_s ); + + return (ret == 0); +} +#endif + + +/******************************************************************* utility function to parse an integer parameter from "parameter = value" **********************************************************/ @@ -1174,6 +1259,7 @@ int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS status; NTSTATUS nt_status; + char *machine_account = NULL; const char *short_domain_name = NULL; char *tmp_password, *password; struct cldap_netlogon_reply cldap_reply; @@ -1352,8 +1438,19 @@ int net_ads_join(int argc, const char **argv) DEBUG(1,("Error creating host keytab!\n")); } +#if defined(WITH_DNS_UPDATES) + /* We enter this block with user creds */ + + if ( !net_update_dns( ctx, ads ) ) { + d_fprintf( stderr, "DNS update failed!\n" ); + } + + /* exit from this block using machine creds */ +#endif + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); + SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); @@ -1361,11 +1458,85 @@ int net_ads_join(int argc, const char **argv) fail: /* issue an overall failure message at the end. */ - d_printf("Failed to join domain: %s\n", - get_friendly_nt_error_msg(nt_status)); + d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status)); + + SAFE_FREE(machine_account); + TALLOC_FREE( ctx ); + ads_destroy(&ads); + + return -1; + +} + +/******************************************************************* + ********************************************************************/ + +static int net_ads_dns_usage(int argc, const char **argv) +{ +#if defined(WITH_DNS_UPDATES) + d_printf("net ads dns \n"); + d_printf("Valid commands:\n"); + d_printf(" register Issue a dynamic DNS update request for our hostname\n"); + + return 0; +#else + d_fprintf(stderr, "DNS update support not enabled at compile time!\n"); + return -1; +#endif +} + +/******************************************************************* + ********************************************************************/ + +static int net_ads_dns(int argc, const char **argv) +{ +#if defined(WITH_DNS_UPDATES) + ADS_STRUCT *ads; + ADS_STATUS status; + TALLOC_CTX *ctx; + BOOL register_dns = False; + int i; + + status = ads_startup(True, &ads); + if ( !ADS_ERR_OK(status) ) { + DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); + return -1; + } + + if (!(ctx = talloc_init("net_ads_dns"))) { + DEBUG(0, ("Could not initialise talloc context\n")); + return -1; + } + + /* process additional command line args */ + + for ( i=0; i Date: Wed, 30 Aug 2006 04:40:03 +0000 Subject: r17928: Implement the basic store for CLDAP sitename support when looking up DC's. On every CLDAP call store the returned client sitename (if present, delete store if not) in gencache with infinate timeout. On AD DNS DC lookup, try looking for sitename DC's first, only try generic if sitename DNS lookup failed. I still haven't figured out yet how to ensure we fetch the sitename with a CLDAP query before doing the generic DC list lookup. This code is difficult to understand. I'll do some experiments and backtraces tomorrow to try and work out where to force a CLDAP site query first. Jeremy. (This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e6ad7c21b3..83e2114135 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -135,8 +135,8 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) if (*reply.unk) printf("Unk:\t\t\t%s\n", reply.unk); if (*reply.user_name) printf("User name:\t%s\n", reply.user_name); - printf("Site Name:\t\t%s\n", reply.site_name); - printf("Site Name (2):\t\t%s\n", reply.site_name_2); + printf("Server Site Name :\t\t%s\n", reply.server_site_name); + printf("Client Site Name (2):\t\t%s\n", reply.client_site_name); d_printf("NT Version: %d\n", reply.version); d_printf("LMNT Token: %.2x\n", reply.lmnt_token); -- cgit From 4dcda274ef461d72eb81c2242c938fea108ffa7f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Aug 2006 23:56:40 +0000 Subject: r17941: Fix print out of client site name. Jeremy. (This used to be commit b8cedcac933fef9370bd42d1ff7c35c5c27103d1) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 83e2114135..2e9f86c302 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -136,7 +136,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) if (*reply.user_name) printf("User name:\t%s\n", reply.user_name); printf("Server Site Name :\t\t%s\n", reply.server_site_name); - printf("Client Site Name (2):\t\t%s\n", reply.client_site_name); + printf("Client Site Name :\t\t%s\n", reply.client_site_name); d_printf("NT Version: %d\n", reply.version); d_printf("LMNT Token: %.2x\n", reply.lmnt_token); -- cgit From ee0e397d6f003c583768803aa27716b2b7a23981 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 3 Sep 2006 21:07:16 +0000 Subject: r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore. Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker (This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11) --- source3/utils/net_ads.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2e9f86c302..af95c3a908 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -399,7 +399,7 @@ static int ads_user_add(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS status; char *upn, *userdn; - void *res=NULL; + LDAPMessage *res=NULL; int rc = -1; if (argc < 1) return net_ads_user_usage(argc, argv); @@ -472,7 +472,7 @@ static int ads_user_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - void *res; + LDAPMessage *res; const char *attrs[] = {"memberOf", NULL}; char *searchstring=NULL; char **grouplist; @@ -529,7 +529,7 @@ static int ads_user_delete(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - void *res; + LDAPMessage *res; char *userdn; if (argc < 1) { @@ -606,7 +606,7 @@ static int ads_group_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; - void *res=NULL; + LDAPMessage *res=NULL; int rc = -1; if (argc < 1) { @@ -655,7 +655,7 @@ static int ads_group_delete(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - void *res; + LDAPMessage *res; char *groupdn; if (argc < 1) { @@ -725,7 +725,7 @@ static int net_ads_status(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - void *res; + LDAPMessage *res; if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; @@ -944,7 +944,7 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) /* Find our DN */ - status = ads_find_machine_acct(ads_s, (void **)(void *)&res, machine_name); + status = ads_find_machine_acct(ads_s, &res, machine_name); if (!ADS_ERR_OK(status)) return status; @@ -1014,7 +1014,7 @@ static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const /* Find our DN */ - status = ads_find_machine_acct(ads_s, (void **)(void *)&res, machine_name); + status = ads_find_machine_acct(ads_s, &res, machine_name); if (!ADS_ERR_OK(status)) return status; @@ -1118,7 +1118,7 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) char *upn; int count; - status = ads_find_machine_acct(ads, (void **)(void *)&res, machine_name); + status = ads_find_machine_acct(ads, &res, machine_name); if (!ADS_ERR_OK(status)) { return False; } @@ -1566,7 +1566,7 @@ static int net_ads_printer_search(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - void *res = NULL; + LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; @@ -1599,7 +1599,7 @@ static int net_ads_printer_info(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS rc; const char *servername, *printername; - void *res = NULL; + LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; @@ -1658,7 +1658,7 @@ static int net_ads_printer_publish(int argc, const char **argv) TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); char *prt_dn, *srv_dn, **srv_cn; - void *res = NULL; + LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; @@ -1741,7 +1741,7 @@ static int net_ads_printer_remove(int argc, const char **argv) ADS_STATUS rc; const char *servername; char *prt_dn; - void *res = NULL; + LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(True, &ads))) { return -1; @@ -1949,7 +1949,7 @@ static int net_ads_search(int argc, const char **argv) ADS_STATUS rc; const char *ldap_exp; const char **attrs; - void *res = NULL; + LDAPMessage *res = NULL; if (argc < 1) { return net_ads_search_usage(argc, argv); @@ -2009,7 +2009,7 @@ static int net_ads_dn(int argc, const char **argv) ADS_STATUS rc; const char *dn; const char **attrs; - void *res = NULL; + LDAPMessage *res = NULL; if (argc < 1) { return net_ads_dn_usage(argc, argv); @@ -2068,7 +2068,7 @@ static int net_ads_sid(int argc, const char **argv) ADS_STATUS rc; const char *sid_string; const char **attrs; - void *res = NULL; + LDAPMessage *res = NULL; DOM_SID sid; if (argc < 1) { -- cgit From a58dc69813e7f6667f6e6c40072b30f77f36e3a9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Sep 2006 12:29:45 +0000 Subject: r18170: Make sure to actually get the printing data before trying to publish it in AD. Guenther (This used to be commit 1bb29acb3bf40afdb5bc196ab7dbc642e2fdd680) --- source3/utils/net_ads.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index af95c3a908..5134727066 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1719,8 +1719,11 @@ static int net_ads_printer_publish(int argc, const char **argv) return -1; } - get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods, - printername); + if (!W_ERROR_IS_OK(get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods, + printername))) { + ads_destroy(&ads); + return -1; + } rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { -- cgit From 8c2c5c5d1d3ccbb9f3bab9136c23d1020e4e20f1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 13 Sep 2006 09:03:42 +0000 Subject: r18446: Add the ldap 'leave domain' code - call this as a non-fatal error path if the 'disable machine account' code succeeded. Jeremy. (This used to be commit f47bffa21ec1caf5ec3a6ec77af801df0b63d83a) --- source3/utils/net_ads.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5134727066..18c00f3de8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -758,6 +758,7 @@ static int net_ads_status(int argc, const char **argv) static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; + ADS_STATUS adsret; int ret = -1; struct cli_state *cli = NULL; TALLOC_CTX *ctx; @@ -800,11 +801,21 @@ static int net_ads_leave(int argc, const char **argv) goto done; } - d_printf("Disabled account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - ret = 0; + /* Now we've disabled the account, try and delete it + via LDAP - the old way we used to. Don't log a failure + if this failed. */ + + adsret = ads_leave_realm(ads, global_myname()); + if (ADS_ERR_OK(adsret)) { + d_printf("Deleted account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + } else { + d_printf("Disabled account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + } + done: if ( cli ) cli_shutdown(cli); -- cgit From dc14e67a6ba07946b5b98644d950a6b29b1c11c6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 13 Sep 2006 13:28:42 +0000 Subject: r18467: Some sites allow an account to be deleted, but not disabled. Cope with both - print appropriate messages. Jeremy. (This used to be commit 2c003a4463ff59c477fa2558f869444cfa75e3a8) --- source3/utils/net_ads.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 18c00f3de8..3fa1be78c1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -755,10 +755,12 @@ static int net_ads_status(int argc, const char **argv) That only worked using the machine creds because added the machine with full control to the computer object's ACL. *******************************************************************/ + static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS adsret; + NTSTATUS status; int ret = -1; struct cli_state *cli = NULL; TALLOC_CTX *ctx; @@ -795,28 +797,29 @@ static int net_ads_leave(int argc, const char **argv) goto done; } - if ( !NT_STATUS_IS_OK(netdom_leave_domain( ctx, cli, dom_sid )) ) { - d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - goto done; - } - - ret = 0; + status = netdom_leave_domain(ctx, cli, dom_sid); - /* Now we've disabled the account, try and delete it - via LDAP - the old way we used to. Don't log a failure - if this failed. */ + /* Ty and delete it via LDAP - the old way we used to. */ adsret = ads_leave_realm(ads, global_myname()); if (ADS_ERR_OK(adsret)) { d_printf("Deleted account for '%s' in realm '%s'\n", global_myname(), ads->config.realm); + ret = 0; } else { - d_printf("Disabled account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); + /* We couldn't delete it - see if the disable succeeded. */ + if (NT_STATUS_IS_OK(status)) { + d_printf("Disabled account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + ret = 0; + } else { + d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + } } done: + if ( cli ) cli_shutdown(cli); -- cgit From 0d12a35e6b4434f8aef4431f96cf67857ada31c0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 22 Sep 2006 09:07:31 +0000 Subject: r18817: Enable the build of the gpo tool but do not make it available yet. Guenther (This used to be commit 927cda5d31e9cb02105df3cfc06f5cb273233747) --- source3/utils/net_ads.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3fa1be78c1..e5b144cf25 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -219,7 +219,7 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -static ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) +ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) { ADS_STATUS status; BOOL need_password = False; @@ -2245,6 +2245,7 @@ int net_ads(int argc, const char **argv) {"WORKGROUP", net_ads_workgroup}, {"LOOKUP", net_ads_lookup}, {"KEYTAB", net_ads_keytab}, + /* {"GPO", net_ads_gpo}, */ {"HELP", net_ads_help}, {NULL, NULL} }; -- cgit From 88a98e35c780b1665bc21006b9c8c096e6b06f3f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 29 Sep 2006 17:15:45 +0000 Subject: r19003: Finally activate "net ads gpo". For those who are interested, try net ads gpo refresh mybox$ to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache. Detailed information about GPOs is currently only printed when setting a higher debuglevel then 0. Guenther (This used to be commit d086babf9d2592f041cc35db3d60b4452ea953f5) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e5b144cf25..2593a59603 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2245,7 +2245,7 @@ int net_ads(int argc, const char **argv) {"WORKGROUP", net_ads_workgroup}, {"LOOKUP", net_ads_lookup}, {"KEYTAB", net_ads_keytab}, - /* {"GPO", net_ads_gpo}, */ + {"GPO", net_ads_gpo}, {"HELP", net_ads_help}, {NULL, NULL} }; -- cgit From ac080e3184abcc177f9f8e8bf2f3537739b9e8ad Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 2 Oct 2006 12:06:49 +0000 Subject: r19039: Do not segfault in "net ads printer info" when a requested printserver does not exist. Guenther (This used to be commit 359315021df3a4dbfe5142e529e3efdbc49e405c) --- source3/utils/net_ads.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2593a59603..53d9f65d6b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1634,7 +1634,8 @@ static int net_ads_printer_info(int argc, const char **argv) rc = ads_find_printer_on_server(ads, &res, printername, servername); if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "ads_find_printer_on_server: %s\n", ads_errstr(rc)); + d_fprintf(stderr, "Server '%s' not found: %s\n", + servername, ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; -- cgit From a0c84f1b12ce8d4fc9e55c70fd7ad8cc0bb34dcb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 12 Oct 2006 21:03:28 +0000 Subject: r19257: Janitor for Guenther - as well as a little massaging to make his patch fit SAMBA_3_0. (This is guenthers code). Make site support work correctly in net ads join. Jeremy. (This used to be commit 47352b5398e67eb8f4f383dafce31c922626ae99) --- source3/utils/net_ads.c | 111 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 74 insertions(+), 37 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 53d9f65d6b..7902248f94 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -153,20 +153,12 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; - ADS_STATUS status; - const char *realm = assume_own_realm(); - - ads = ads_init(realm, opt_target_workgroup, opt_host); - if (ads) { - ads->auth.flags |= ADS_AUTH_NO_BIND; - } - status = ads_connect(ads); - if (!ADS_ERR_OK(status) || !ads) { + if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; } - + if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap_port = 389; @@ -180,14 +172,12 @@ static int net_ads_lookup(int argc, const char **argv) static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - const char *realm = assume_own_realm(); - if ( (ads = ads_init(realm, opt_target_workgroup, opt_host)) != NULL ) { - ads->auth.flags |= ADS_AUTH_NO_BIND; + if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { + d_fprintf(stderr, "Didn't find the ldap server!\n"); + return -1; } - ads_connect(ads); - if (!ads || !ads->config.realm) { d_fprintf(stderr, "Didn't find the ldap server!\n"); return -1; @@ -219,24 +209,33 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) +static ADS_STATUS ads_startup_int(BOOL only_own_domain, uint32 auth_flags, ADS_STRUCT **ads_ret) { + ADS_STRUCT *ads = NULL; ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; char *cp; const char *realm = NULL; - + BOOL tried_closest_dc = False; + BOOL closest_dc = False; + BOOL site_matches = False; + /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf and compares our realm with the remote server's so this is ok until someone needs more flexibility */ + *ads_ret = NULL; + +retry_connect: if (only_own_domain) { realm = lp_realm(); + } else { + realm = assume_own_realm(); } - - *ads = ads_init(realm, opt_target_workgroup, opt_host); + + ads = ads_init(realm, opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; @@ -248,31 +247,39 @@ ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) retry: if (!opt_password && need_password && !opt_machine_pass) { - char *prompt; + char *prompt = NULL; asprintf(&prompt,"%s's password: ", opt_user_name); + if (!prompt) { + ads_destroy(&ads); + return ADS_ERROR(LDAP_NO_MEMORY); + } opt_password = getpass(prompt); free(prompt); } if (opt_password) { use_in_memory_ccache(); - (*ads)->auth.password = smb_xstrdup(opt_password); + SAFE_FREE(ads->auth.password); + ads->auth.password = smb_xstrdup(opt_password); } - (*ads)->auth.user_name = smb_xstrdup(opt_user_name); + ads->auth.flags |= auth_flags; + SAFE_FREE(ads->auth.user_name); + ads->auth.user_name = smb_xstrdup(opt_user_name); /* * If the username is of the form "name@realm", * extract the realm and convert to upper case. * This is only used to establish the connection. */ - if ((cp = strchr_m((*ads)->auth.user_name, '@'))!=0) { - *cp++ = '\0'; - (*ads)->auth.realm = smb_xstrdup(cp); - strupper_m((*ads)->auth.realm); + if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) { + *cp++ = '\0'; + SAFE_FREE(ads->auth.realm); + ads->auth.realm = smb_xstrdup(cp); + strupper_m(ads->auth.realm); } - status = ads_connect(*ads); + status = ads_connect(ads); if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { @@ -280,12 +287,50 @@ retry: second_time = True; goto retry; } else { - ads_destroy(ads); + ads_destroy(&ads); + return status; } } + + /* when contacting our own domain, make sure we use the closest DC. + * This is done by reconnecting to ADS because only the first call to + * ads_connect will give us our own sitename */ + + closest_dc = (ads->config.flags & ADS_CLOSEST); + site_matches = ads_sitename_match(ads); + + DEBUG(10,("ads_startup_int: DC %s closest DC\n", closest_dc ? "is":"is *NOT*")); + DEBUG(10,("ads_startup_int: sitenames %s match\n", site_matches ? "do":"do *NOT*")); + + if ((only_own_domain || !opt_host) && !tried_closest_dc) { + + tried_closest_dc = True; /* avoid loop */ + + if (!closest_dc || !site_matches) { + + namecache_delete(ads->server.realm, 0x1C); + namecache_delete(ads->server.workgroup, 0x1C); + + ads_destroy(&ads); + ads = NULL; + + goto retry_connect; + } + } + + *ads_ret = ads; return status; } +ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) +{ + return ads_startup_int(only_own_domain, 0, ads); +} + +ADS_STATUS ads_startup_nobind(BOOL only_own_domain, ADS_STRUCT **ads) +{ + return ads_startup_int(only_own_domain, ADS_AUTH_NO_BIND, ads); +} /* Check to see if connection can be made via ads. @@ -327,17 +372,9 @@ int net_ads_check(void) static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; - ADS_STATUS status; - const char *realm = assume_own_realm(); struct cldap_netlogon_reply reply; - ads = ads_init(realm, opt_target_workgroup, opt_host); - if (ads) { - ads->auth.flags |= ADS_AUTH_NO_BIND; - } - - status = ads_connect(ads); - if (!ADS_ERR_OK(status) || !ads) { + if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; } -- cgit From 78f977f746cf1f83fe1cc6f09634a831171a3435 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 25 Oct 2006 12:10:48 +0000 Subject: r19493: There is no point in prompting for a user's password in "net ads" when we can't find a domain controller at all. Guenther (This used to be commit e691ae7da3620a7d4c0e0b1217aaae44db0b8db3) --- source3/utils/net_ads.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 7902248f94..97b64a271c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -282,6 +282,14 @@ retry: status = ads_connect(ads); if (!ADS_ERR_OK(status)) { + + if (NT_STATUS_EQUAL(ads_ntstatus(status), + NT_STATUS_NO_LOGON_SERVERS)) { + DEBUG(0,("ads_connect: %s\n", ads_errstr(status))); + ads_destroy(&ads); + return status; + } + if (!need_password && !second_time) { need_password = True; second_time = True; -- cgit From 8a9c4331a30ad6fd012d291e2e3e935a13cb5cd6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 1 Nov 2006 10:38:54 +0000 Subject: r19524: Stop "net ads user delete" from doing funny things. Guenther (This used to be commit a20e7c0315f9a06ce2139f99d035b409b066d722) --- source3/utils/net_ads.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 97b64a271c..a4ed3d50ea 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -574,7 +574,7 @@ static int ads_user_delete(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - LDAPMessage *res; + LDAPMessage *res = NULL; char *userdn; if (argc < 1) { @@ -586,8 +586,9 @@ static int ads_user_delete(int argc, const char **argv) } rc = ads_find_user_acct(ads, &res, argv[0]); - if (!ADS_ERR_OK(rc)) { + if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) { d_printf("User %s does not exist.\n", argv[0]); + ads_msgfree(ads, res); ads_destroy(&ads); return -1; } @@ -595,7 +596,7 @@ static int ads_user_delete(int argc, const char **argv) ads_msgfree(ads, res); rc = ads_del_dn(ads, userdn); ads_memfree(ads, userdn); - if (!ADS_ERR_OK(rc)) { + if (ADS_ERR_OK(rc)) { d_printf("User %s deleted\n", argv[0]); ads_destroy(&ads); return 0; -- cgit From 25fb86570d24ac22e5d69447a610e87f8584f83d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 1 Nov 2006 10:59:28 +0000 Subject: r19525: Fix the same error in "net ads group delete". Guenther (This used to be commit 94ed3e9de8671d677451d2a16977caeeb7e744d1) --- source3/utils/net_ads.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a4ed3d50ea..b425ecf7c2 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -701,7 +701,7 @@ static int ads_group_delete(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - LDAPMessage *res; + LDAPMessage *res = NULL; char *groupdn; if (argc < 1) { @@ -713,8 +713,9 @@ static int ads_group_delete(int argc, const char **argv) } rc = ads_find_user_acct(ads, &res, argv[0]); - if (!ADS_ERR_OK(rc)) { + if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) { d_printf("Group %s does not exist.\n", argv[0]); + ads_msgfree(ads, res); ads_destroy(&ads); return -1; } @@ -722,7 +723,7 @@ static int ads_group_delete(int argc, const char **argv) ads_msgfree(ads, res); rc = ads_del_dn(ads, groupdn); ads_memfree(ads, groupdn); - if (!ADS_ERR_OK(rc)) { + if (ADS_ERR_OK(rc)) { d_printf("Group %s deleted\n", argv[0]); ads_destroy(&ads); return 0; -- cgit From 4e0f560f609f1d79f1821f20a16f8c50eaae7b3e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 1 Nov 2006 11:08:05 +0000 Subject: r19527: Fix double free in "net ads group add". Guenther (This used to be commit 08db3d3b04d91238b739e88e817bd3f800b768ee) --- source3/utils/net_ads.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b425ecf7c2..060114f548 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -672,7 +672,6 @@ static int ads_group_add(int argc, const char **argv) if (ads_count_replies(ads, res)) { d_fprintf(stderr, "ads_group_add: Group %s already exists\n", argv[0]); - ads_msgfree(ads, res); goto done; } -- cgit From 31a63ab19f2a1f717db90d1164a8b696c625e739 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 1 Nov 2006 11:19:33 +0000 Subject: r19528: Fix container handling for "net ads user" and "net ads group" functions along with some memleaks. Guenther (This used to be commit 4bad52c5b3a983418d4216a2c3f5e04926e37e94) --- source3/utils/net_ads.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 060114f548..377bfa22b7 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -446,6 +446,7 @@ static int ads_user_add(int argc, const char **argv) char *upn, *userdn; LDAPMessage *res=NULL; int rc = -1; + char *ou_str = NULL; if (argc < 1) return net_ads_user_usage(argc, argv); @@ -465,11 +466,13 @@ static int ads_user_add(int argc, const char **argv) goto done; } - if (opt_container == NULL) { - opt_container = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); + if (opt_container) { + ou_str = SMB_STRDUP(opt_container); + } else { + ou_str = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); } - status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment); + status = ads_add_user_acct(ads, argv[0], ou_str, opt_comment); if (!ADS_ERR_OK(status)) { d_fprintf(stderr, "Could not add user %s: %s\n", argv[0], @@ -510,6 +513,7 @@ static int ads_user_add(int argc, const char **argv) if (res) ads_msgfree(ads, res); ads_destroy(&ads); + SAFE_FREE(ou_str); return rc; } @@ -654,6 +658,7 @@ static int ads_group_add(int argc, const char **argv) ADS_STATUS status; LDAPMessage *res=NULL; int rc = -1; + char *ou_str = NULL; if (argc < 1) { return net_ads_group_usage(argc, argv); @@ -675,11 +680,13 @@ static int ads_group_add(int argc, const char **argv) goto done; } - if (opt_container == NULL) { - opt_container = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); + if (opt_container) { + ou_str = SMB_STRDUP(opt_container); + } else { + ou_str = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); } - status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment); + status = ads_add_group_acct(ads, argv[0], ou_str, opt_comment); if (ADS_ERR_OK(status)) { d_printf("Group %s added\n", argv[0]); @@ -693,6 +700,7 @@ static int ads_group_add(int argc, const char **argv) if (res) ads_msgfree(ads, res); ads_destroy(&ads); + SAFE_FREE(ou_str); return rc; } @@ -1123,8 +1131,10 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) LDAPMessage *res = NULL; ou_str = ads_ou_string(ads, ou); - asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); - free(ou_str); + if ((asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path)) == -1) { + SAFE_FREE(ou_str); + return ADS_ERROR(LDAP_NO_MEMORY); + } rc = ads_search_dn(ads, &res, dn, NULL); ads_msgfree(ads, res); @@ -1139,6 +1149,7 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) } } + SAFE_FREE( ou_str ); SAFE_FREE( dn ); return rc; -- cgit From 61a38bd4b83b7f72b479e84daa5ea89164a92f85 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Nov 2006 12:42:50 +0000 Subject: r19651: Fix interesting bug with the automatic site coverage in Active Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 377bfa22b7..e1762da2f7 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -314,7 +314,7 @@ retry: tried_closest_dc = True; /* avoid loop */ - if (!closest_dc || !site_matches) { + if (!ads_closest_dc(ads)) { namecache_delete(ads->server.realm, 0x1C); namecache_delete(ads->server.workgroup, 0x1C); -- cgit From 8fa0a80b498f2681fc9a4f5e6ab5522ee599f224 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 16 Nov 2006 23:48:46 +0000 Subject: r19754: * When using a krb5 session setup, we don't fill in the server_name string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete() (This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607) --- source3/utils/net_ads.c | 49 ++++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 27 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e1762da2f7..0f189f9c6f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -819,6 +819,7 @@ static int net_ads_leave(int argc, const char **argv) struct cli_state *cli = NULL; TALLOC_CTX *ctx; DOM_SID *dom_sid = NULL; + char *short_domain_name = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -845,15 +846,15 @@ static int net_ads_leave(int argc, const char **argv) goto done; } - saf_store( cli->server_domain, cli->desthost ); - - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) { + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) { goto done; } + saf_delete( short_domain_name ); + status = netdom_leave_domain(ctx, cli, dom_sid); - /* Ty and delete it via LDAP - the old way we used to. */ + /* Try and delete it via LDAP - the old way we used to. */ adsret = ads_leave_realm(ads, global_myname()); if (ADS_ERR_OK(adsret)) { @@ -962,7 +963,8 @@ static NTSTATUS check_ads_config( void ) ********************************************************************/ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct in_addr *ip, DOM_SID **dom_sid, + struct in_addr *ip, char **domain, + DOM_SID **dom_sid, const char *password) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -973,13 +975,16 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, goto done; } - saf_store( cli->server_domain, cli->desthost ); - - ret = netdom_get_domain_sid( ctx, cli, dom_sid ); + ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid ); if ( !NT_STATUS_IS_OK(ret) ) { goto done; } + /* cli->server_domain is not filled in when using krb5 + session setups */ + + saf_store( *domain, cli->desthost ); + ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD ); done: @@ -1331,9 +1336,8 @@ int net_ads_join(int argc, const char **argv) ADS_STATUS status; NTSTATUS nt_status; char *machine_account = NULL; - const char *short_domain_name = NULL; + char *short_domain_name = NULL; char *tmp_password, *password; - struct cldap_netlogon_reply cldap_reply; TALLOC_CTX *ctx = NULL; DOM_SID *domain_sid = NULL; BOOL createupn = False; @@ -1410,29 +1414,20 @@ int net_ads_join(int argc, const char **argv) password = talloc_strdup(ctx, tmp_password); nt_status = net_join_domain(ctx, ads->config.ldap_server_name, - &ads->ldap_ip, &domain_sid, password); + &ads->ldap_ip, &short_domain_name, &domain_sid, password); if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(1, ("call of net_join_domain failed: %s\n", get_friendly_nt_error_msg(nt_status))); goto fail; } - + /* Check the short name of the domain */ - ZERO_STRUCT( cldap_reply ); - - if ( ads_cldap_netlogon( ads->config.ldap_server_name, - ads->server.realm, &cldap_reply ) ) - { - short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain ); - if ( !strequal(lp_workgroup(), short_domain_name) ) { - d_printf("The workgroup in smb.conf does not match the short\n"); - d_printf("domain name obtained from the server.\n"); - d_printf("Using the name [%s] from the server.\n", short_domain_name); - d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); - } - } else { - short_domain_name = lp_workgroup(); + if ( !strequal(lp_workgroup(), short_domain_name) ) { + d_printf("The workgroup in smb.conf does not match the short\n"); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", short_domain_name); + d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); } d_printf("Using short domain name -- %s\n", short_domain_name); @@ -1519,7 +1514,7 @@ int net_ads_join(int argc, const char **argv) /* exit from this block using machine creds */ #endif - d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); SAFE_FREE(machine_account); TALLOC_FREE( ctx ); -- cgit From c2aae726ea3f697c50f8d2304e2a9e69c56ab90f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 17 Nov 2006 21:46:26 +0000 Subject: r19762: libaddns/*[ch] code fixes donated by Centeris Corporation (http://www.centeris.com/) under my copyright. * Rework error reporting to use DNS_ERROR instead of int32 * Convert memory allocation to use talloc() * Generalize the DNS request/response packet marshalling * Fix the secure update requests (This used to be commit c78798333616c3f823514df0f58da2eb3a30a988) --- source3/utils/net_ads.c | 206 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 144 insertions(+), 62 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 0f189f9c6f..76b6b043ba 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1220,79 +1220,79 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) *******************************************************************/ #if defined(WITH_DNS_UPDATES) -static BOOL net_update_dns( TALLOC_CTX *ctx, ADS_STRUCT *ads ) +#include "dns.h" +DNS_ERROR DoDNSUpdate(ADS_STRUCT *ads, char *pszServerName, + const char *pszDomainName, + const char *pszHostName, + const struct in_addr *iplist, int num_addrs ); + + +static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, + const char *machine_name, + const struct in_addr *addrs, + int num_addrs) { - int num_addrs; - struct in_addr *iplist = NULL; struct dns_rr_ns *nameservers = NULL; int ns_count = 0; - int ret = 0; - NTSTATUS dns_status; - fstring machine_name; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + DNS_ERROR dns_err; fstring dns_server; const char *dnsdomain; - ADS_STRUCT *ads_s = NULL; - name_to_fqdn( machine_name, global_myname() ); - strlower_m( machine_name ); if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) { - d_printf("No DNS domain configured for %s. Unable to perform DNS Update.\n", - machine_name); + d_printf("No DNS domain configured for %s. " + "Unable to perform DNS Update.\n", machine_name); + status = NT_STATUS_INVALID_PARAMETER; goto done; } dnsdomain++; - dns_status = ads_dns_lookup_ns( ctx, dnsdomain, &nameservers, &ns_count ); - if ( !NT_STATUS_IS_OK(dns_status) || (ns_count == 0)) { - DEBUG(3,("net_ads_join: Failed to find name server for the %s realm\n", - ads->config.realm)); - goto done; - } - - /* Get our ip address (not the 127.0.0.x address but a real ip address) */ - - num_addrs = get_my_ip_address( &iplist ); - if ( num_addrs <= 0 ) { - DEBUG(4,("net_ads_join: Failed to find my non-loopback IP addresses!\n")); - ret = -1; + status = ads_dns_lookup_ns( ctx, dnsdomain, &nameservers, &ns_count ); + if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { + DEBUG(3,("net_ads_join: Failed to find name server for the %s " + "realm\n", ads->config.realm)); goto done; } - /* Drop the user creds */ + /* Now perform the dns update - we'll try non-secure and if we fail, + we'll follow it up with a secure update */ - ads_kdestroy( NULL ); + fstrcpy( dns_server, nameservers[0].hostname ); - ads_s = ads_init( ads->server.realm, ads->server.workgroup, ads->server.ldap_server ); - if ( !ads_s ) { - DEBUG(1,("net_ads_join: ads_init() failed!\n")); - ret = -1; - goto done; + dns_err = DoDNSUpdate(ads, dns_server, dnsdomain, machine_name, addrs, num_addrs); + if (!ERR_DNS_IS_OK(dns_err)) { + status = NT_STATUS_UNSUCCESSFUL; } - /* kinit with the machine password */ +done: + return status; + } - asprintf( &ads_s->auth.user_name, "%s$", global_myname() ); - ads_s->auth.password = secrets_fetch_machine_password( lp_workgroup(), NULL, NULL ); - ads_s->auth.realm = SMB_STRDUP( lp_realm() ); - ads_kinit_password( ads_s ); +static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) +{ + int num_addrs; + struct in_addr *iplist = NULL; + fstring machine_name; + NTSTATUS status; - /* Now perform the dns update - we'll try non-secure and if we fail, we'll - follow it up with a secure update */ + name_to_fqdn( machine_name, global_myname() ); + strlower_m( machine_name ); - fstrcpy( dns_server, nameservers[0].hostname ); + /* Get our ip address (not the 127.0.0.x address but a real ip + * address) */ - ret = DoDNSUpdate(dns_server, dnsdomain, machine_name, iplist, num_addrs ); - if ( ret ) { - DEBUG(1, ("Error creating dns update!\n")); + num_addrs = get_my_ip_address( &iplist ); + if ( num_addrs <= 0 ) { + DEBUG(4,("net_ads_join: Failed to find my non-loopback IP " + "addresses!\n")); + return NT_STATUS_INVALID_PARAMETER; } -done: + status = net_update_dns_internal(mem_ctx, ads, machine_name, + iplist, num_addrs); SAFE_FREE( iplist ); - if ( ads_s ) - ads_destroy( &ads_s ); - - return (ret == 0); + return status; } #endif @@ -1506,8 +1506,22 @@ int net_ads_join(int argc, const char **argv) #if defined(WITH_DNS_UPDATES) /* We enter this block with user creds */ + ads_kdestroy( NULL ); + ads_destroy(&ads); + ads = NULL; + + if ( (ads = ads_init( lp_realm(), NULL, NULL )) != NULL ) { + /* kinit with the machine password */ + + use_in_memory_ccache(); + asprintf( &ads->auth.user_name, "%s$", global_myname() ); + ads->auth.password = secrets_fetch_machine_password( + lp_workgroup(), NULL, NULL ); + ads->auth.realm = SMB_STRDUP( lp_realm() ); + ads_kinit_password( ads ); + } - if ( !net_update_dns( ctx, ads ) ) { + if ( !ads || !NT_STATUS_IS_OK(net_update_dns( ctx, ads )) ) { d_fprintf( stderr, "DNS update failed!\n" ); } @@ -1554,42 +1568,72 @@ static int net_ads_dns_usage(int argc, const char **argv) /******************************************************************* ********************************************************************/ -static int net_ads_dns(int argc, const char **argv) +static int net_ads_dns_register(int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) ADS_STRUCT *ads; ADS_STATUS status; TALLOC_CTX *ctx; - BOOL register_dns = False; - int i; + fstring name; + int num_addrs; + struct in_addr *iplist = NULL; - status = ads_startup(True, &ads); - if ( !ADS_ERR_OK(status) ) { - DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); +#ifdef DEVELOPER + talloc_enable_leak_report(); +#endif + + if (argc > 2) { + d_fprintf(stderr, "net ads dns register \n"); return -1; } if (!(ctx = talloc_init("net_ads_dns"))) { - DEBUG(0, ("Could not initialise talloc context\n")); + d_fprintf(stderr, "Could not initialise talloc context\n"); return -1; } - /* process additional command line args */ + if (argc > 0) { + fstrcpy(name, argv[0]); + } else { + name_to_fqdn(name, global_myname()); + } + strlower_m(name); - for ( i=0; i 1) { + if (!(iplist = SMB_MALLOC_ARRAY(struct in_addr, 1))) { + d_fprintf(stderr, "net_ads_dns_register: malloc " + "failed\n"); + return -1; } - else { - d_fprintf(stderr, "Bad option: %s\n", argv[i]); + if (inet_aton(argv[1], iplist) == 0) { + d_fprintf(stderr, "net_ads_dns_register: %s is not " + "a valid IP address\n", argv[1]); + SAFE_FREE(iplist); + return -1; + } + num_addrs = 1; + } else { + num_addrs = get_my_ip_address( &iplist ); + if ( num_addrs <= 0 ) { + d_fprintf(stderr, "net_ads_dns_regiser: Failed to " + "find my non-loopback IP addresses!\n"); return -1; } } - if ( !net_update_dns( ctx, ads ) ) { + status = ads_startup_nobind(True, &ads); + if ( !ADS_ERR_OK(status) ) { + DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); + TALLOC_FREE(ctx); + return -1; + } + + if ( !NT_STATUS_IS_OK(net_update_dns_internal(ctx, ads, name, + iplist, num_addrs)) ) { d_fprintf( stderr, "DNS update failed!\n" ); ads_destroy( &ads ); TALLOC_FREE( ctx ); + SAFE_FREE(iplist); return -1; } @@ -1597,6 +1641,7 @@ static int net_ads_dns(int argc, const char **argv) ads_destroy(&ads); TALLOC_FREE( ctx ); + SAFE_FREE(iplist); return 0; #else @@ -1605,6 +1650,43 @@ static int net_ads_dns(int argc, const char **argv) #endif } +#if defined(WITH_DNS_UPDATES) +DNS_ERROR do_gethostbyname(const char *server, const char *host); +#endif + +static int net_ads_dns_gethostbyname(int argc, const char **argv) +{ +#if defined(WITH_DNS_UPDATES) + DNS_ERROR err; + +#ifdef DEVELOPER + talloc_enable_leak_report(); +#endif + + if (argc != 2) { + d_fprintf(stderr, "net ads dns gethostbyname " + "\n"); + return -1; + } + + err = do_gethostbyname(argv[0], argv[1]); + + d_printf("do_gethostbyname returned %d\n", ERROR_DNS_V(err)); +#endif + return 0; +} + +static int net_ads_dns(int argc, const char *argv[]) +{ + struct functable func[] = { + {"REGISTER", net_ads_dns_register}, + {"GETHOSTBYNAME", net_ads_dns_gethostbyname}, + {NULL, NULL} + }; + + return net_run_function(argc, argv, func, net_ads_dns_usage); +} + /******************************************************************* ********************************************************************/ -- cgit From 5f3b7ee71323190ec1888214d0ef46781f6cc6b6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 18 Nov 2006 11:29:29 +0000 Subject: r19766: Fix a const-warning. Jerry, what did you want to fix with this line? Volker (This used to be commit 55dc4741cfead0f21deb7ea2d28afb240505686b) --- source3/utils/net_ads.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 76b6b043ba..82c57e8723 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1238,7 +1238,6 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, DNS_ERROR dns_err; fstring dns_server; const char *dnsdomain; - name_to_fqdn( machine_name, global_myname() ); if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) { d_printf("No DNS domain configured for %s. " -- cgit From 243b462b094f80d89020bdad78a531a857281bad Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Tue, 12 Dec 2006 16:40:57 +0000 Subject: r20119: Update help info indicating how to use separators (forward slash only) and properly use backslashes in "net ads join computername=" (This used to be commit cc26e2f9a155529b8ac2122bd2bec401bb516264) --- source3/utils/net_ads.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 82c57e8723..359e1ef240 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1322,6 +1322,8 @@ static int net_ads_join_usage(int argc, const char **argv) d_printf(" createcomputer=OU Precreate the computer account in a specific OU.\n"); d_printf(" The OU string read from top to bottom without RDNs and delimited by a '/'.\n"); d_printf(" E.g. \"createcomputer=Computers/Servers/Unix\"\n"); + d_printf(" NB: A backslash '\\' is used as escape at multiple levels and may\n"); + d_printf(" need to be doubled or even quadrupled. It is not used as a separator"); return -1; } -- cgit From db7bf9a6b6754b604ee44d28c564bab10c7b98a7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 14 Dec 2006 17:00:10 +0000 Subject: r20173: DNS update fixes: * Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() (This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7) --- source3/utils/net_ads.c | 106 ++++++++++++++++++++++++++++-------------------- 1 file changed, 62 insertions(+), 44 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 359e1ef240..8c35f201ad 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1221,7 +1221,7 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) #if defined(WITH_DNS_UPDATES) #include "dns.h" -DNS_ERROR DoDNSUpdate(ADS_STRUCT *ads, char *pszServerName, +DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, const struct in_addr *iplist, int num_addrs ); @@ -1237,7 +1237,8 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; DNS_ERROR dns_err; fstring dns_server; - const char *dnsdomain; + const char *dnsdomain = NULL; + char *root_domain = NULL; if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) { d_printf("No DNS domain configured for %s. " @@ -1249,9 +1250,52 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, status = ads_dns_lookup_ns( ctx, dnsdomain, &nameservers, &ns_count ); if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { - DEBUG(3,("net_ads_join: Failed to find name server for the %s " + /* Child domains often do not have NS records. Look + for the NS record for the forest root domain + (rootDomainNamingContext in therootDSE) */ + + const char *rootname_attrs[] = { "rootDomainNamingContext", NULL }; + LDAPMessage *msg = NULL; + char *root_dn; + ADS_STATUS ads_status; + + if ( !ads->ld ) { + ads_status = ads_connect( ads ); + if ( !ADS_ERR_OK(ads_status) ) { + DEBUG(0,("net_update_dns_internal: Failed to connect to our DC!\n")); + goto done; + } + } + + ads_status = ads_do_search(ads, "", LDAP_SCOPE_BASE, + "(objectclass=*)", rootname_attrs, &msg); + if (!ADS_ERR_OK(ads_status)) { + goto done; + } + + root_dn = ads_pull_string(ads, ctx, msg, "rootDomainNamingContext"); + if ( !root_dn ) { + ads_msgfree( ads, msg ); + goto done; + } + + root_domain = ads_build_domain( root_dn ); + + /* cleanup */ + ads_msgfree( ads, msg ); + + /* try again for NS servers */ + + status = ads_dns_lookup_ns( ctx, root_domain, &nameservers, &ns_count ); + + if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { + DEBUG(3,("net_ads_join: Failed to find name server for the %s " "realm\n", ads->config.realm)); - goto done; + goto done; + } + + dnsdomain = root_domain; + } /* Now perform the dns update - we'll try non-secure and if we fail, @@ -1259,14 +1303,17 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, fstrcpy( dns_server, nameservers[0].hostname ); - dns_err = DoDNSUpdate(ads, dns_server, dnsdomain, machine_name, addrs, num_addrs); + dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs); if (!ERR_DNS_IS_OK(dns_err)) { status = NT_STATUS_UNSUCCESSFUL; } done: + + SAFE_FREE( root_domain ); + return status; - } +} static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) { @@ -1345,6 +1392,8 @@ int net_ads_join(int argc, const char **argv) const char *machineupn = NULL; const char *create_in_ou = NULL; int i; + fstring dc_name; + struct in_addr dcip; nt_status = check_ads_config(); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1352,6 +1401,10 @@ int net_ads_join(int argc, const char **argv) goto fail; } + /* find a DC to initialize the server affinity cache */ + + get_dc_name( lp_workgroup(), lp_realm(), dc_name, &dcip ); + status = ads_startup(True, &ads); if (!ADS_ERR_OK(status)) { DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); @@ -1575,15 +1628,12 @@ static int net_ads_dns_register(int argc, const char **argv) ADS_STRUCT *ads; ADS_STATUS status; TALLOC_CTX *ctx; - fstring name; - int num_addrs; - struct in_addr *iplist = NULL; #ifdef DEVELOPER talloc_enable_leak_report(); #endif - if (argc > 2) { + if (argc > 0) { d_fprintf(stderr, "net ads dns register \n"); return -1; } @@ -1593,48 +1643,17 @@ static int net_ads_dns_register(int argc, const char **argv) return -1; } - if (argc > 0) { - fstrcpy(name, argv[0]); - } else { - name_to_fqdn(name, global_myname()); - } - strlower_m(name); - - if (argc > 1) { - if (!(iplist = SMB_MALLOC_ARRAY(struct in_addr, 1))) { - d_fprintf(stderr, "net_ads_dns_register: malloc " - "failed\n"); - return -1; - } - if (inet_aton(argv[1], iplist) == 0) { - d_fprintf(stderr, "net_ads_dns_register: %s is not " - "a valid IP address\n", argv[1]); - SAFE_FREE(iplist); - return -1; - } - num_addrs = 1; - } else { - num_addrs = get_my_ip_address( &iplist ); - if ( num_addrs <= 0 ) { - d_fprintf(stderr, "net_ads_dns_regiser: Failed to " - "find my non-loopback IP addresses!\n"); - return -1; - } - } - - status = ads_startup_nobind(True, &ads); + status = ads_startup(True, &ads); if ( !ADS_ERR_OK(status) ) { DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); TALLOC_FREE(ctx); return -1; } - if ( !NT_STATUS_IS_OK(net_update_dns_internal(ctx, ads, name, - iplist, num_addrs)) ) { + if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads)) ) { d_fprintf( stderr, "DNS update failed!\n" ); ads_destroy( &ads ); TALLOC_FREE( ctx ); - SAFE_FREE(iplist); return -1; } @@ -1642,7 +1661,6 @@ static int net_ads_dns_register(int argc, const char **argv) ads_destroy(&ads); TALLOC_FREE( ctx ); - SAFE_FREE(iplist); return 0; #else -- cgit From bfd099e148ed97394bc858e746a1a998a71ac43c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 17 Jan 2007 18:25:35 +0000 Subject: r20857: Silence gives assent :-). Checking in the fix for site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3) --- source3/utils/net_ads.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8c35f201ad..bd67983954 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -218,8 +218,6 @@ static ADS_STATUS ads_startup_int(BOOL only_own_domain, uint32 auth_flags, ADS_S char *cp; const char *realm = NULL; BOOL tried_closest_dc = False; - BOOL closest_dc = False; - BOOL site_matches = False; /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf @@ -290,7 +288,7 @@ retry: return status; } - if (!need_password && !second_time) { + if (!need_password && !second_time && !(auth_flags & ADS_AUTH_NO_BIND)) { need_password = True; second_time = True; goto retry; @@ -304,17 +302,11 @@ retry: * This is done by reconnecting to ADS because only the first call to * ads_connect will give us our own sitename */ - closest_dc = (ads->config.flags & ADS_CLOSEST); - site_matches = ads_sitename_match(ads); - - DEBUG(10,("ads_startup_int: DC %s closest DC\n", closest_dc ? "is":"is *NOT*")); - DEBUG(10,("ads_startup_int: sitenames %s match\n", site_matches ? "do":"do *NOT*")); - if ((only_own_domain || !opt_host) && !tried_closest_dc) { tried_closest_dc = True; /* avoid loop */ - if (!ads_closest_dc(ads)) { + if (!ads->config.tried_closest_dc) { namecache_delete(ads->server.realm, 0x1C); namecache_delete(ads->server.workgroup, 0x1C); -- cgit From fe830f22c9249be5876385fb7c36cda0c3656b21 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 19 Jan 2007 14:29:42 +0000 Subject: r20903: Replace the hardcoded "smb.conf" string with the dyn_CONFIGFILE (This used to be commit ff8f27108d247aa9e46176f2b29fc8d2da103906) --- source3/utils/net_ads.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index bd67983954..48127f6c8a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -936,8 +936,8 @@ static NTSTATUS check_ads_config( void ) } if ( lp_security() == SEC_ADS && !*lp_realm()) { - d_fprintf(stderr, "realm must be set in in smb.conf for ADS " - "join to succeed.\n"); + d_fprintf(stderr, "realm must be set in in %s for ADS " + "join to succeed.\n", dyn_CONFIGFILE); return NT_STATUS_INVALID_PARAMETER; } @@ -1405,9 +1405,9 @@ int net_ads_join(int argc, const char **argv) } if (strcmp(ads->config.realm, lp_realm()) != 0) { - d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf " + d_fprintf(stderr, "realm of remote server (%s) and realm in %s " "(%s) DO NOT match. Aborting join\n", ads->config.realm, - lp_realm()); + dyn_CONFIGFILE, lp_realm()); nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } @@ -1470,10 +1470,11 @@ int net_ads_join(int argc, const char **argv) /* Check the short name of the domain */ if ( !strequal(lp_workgroup(), short_domain_name) ) { - d_printf("The workgroup in smb.conf does not match the short\n"); + d_printf("The workgroup in %s does not match the short\n", dyn_CONFIGFILE); d_printf("domain name obtained from the server.\n"); d_printf("Using the name [%s] from the server.\n", short_domain_name); - d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); + d_printf("You should set \"workgroup = %s\" in %s.\n", + short_domain_name, dyn_CONFIGFILE); } d_printf("Using short domain name -- %s\n", short_domain_name); -- cgit From caf8c6a76be051559ffcfe97084edca43e0a3cee Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 30 Jan 2007 22:22:06 +0000 Subject: r21064: The core of this patch is void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 48127f6c8a..f2fa807322 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1802,7 +1802,7 @@ static int net_ads_printer_info(int argc, const char **argv) } void do_drv_upgrade_printer(int msg_type, struct process_id src, - void *buf, size_t len) + void *buf, size_t len, void *private_data) { return; } -- cgit From e9e6af59510242fbc78fd2100026d8dc79f18773 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 1 Mar 2007 00:49:28 +0000 Subject: r21606: Implement escaping function for ldap RDN values Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322) --- source3/utils/net_ads.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f2fa807322..cb5b08c672 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1819,6 +1819,7 @@ static int net_ads_printer_publish(int argc, const char **argv) TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); char *prt_dn, *srv_dn, **srv_cn; + char *srv_cn_escaped, *printername_escaped; LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(True, &ads))) { @@ -1870,7 +1871,15 @@ static int net_ads_printer_publish(int argc, const char **argv) srv_dn = ldap_get_dn((LDAP *)ads->ld, (LDAPMessage *)res); srv_cn = ldap_explode_dn(srv_dn, 1); - asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn); + srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn[0]); + printername_escaped = escape_rdn_val_string_alloc(printername); + if (!srv_cn_escaped || !printername_escaped) { + d_fprintf(stderr, "Internal error, out of memory!"); + ads_destroy(&ads); + return -1; + } + + asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn); pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SPOOLSS, &nt_status); if (!pipe_hnd) { @@ -2158,6 +2167,7 @@ static int net_ads_dn_usage(int argc, const char **argv) "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"\ "to show in the results\n\n"\ "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n" + "Note: the DN must be provided properly escaped. See RFC 4514 for details\n\n" ); net_common_flags_usage(argc, argv); return -1; -- cgit From fae01b48994fd3168fd921af68dab1b4003adc49 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Mar 2007 01:17:36 +0000 Subject: r21608: Fix a couple of memleaks in error code paths before Coverity finds them :-) Jeremy. (This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336) --- source3/utils/net_ads.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index cb5b08c672..b1ac40fd72 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1819,7 +1819,7 @@ static int net_ads_printer_publish(int argc, const char **argv) TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); char *prt_dn, *srv_dn, **srv_cn; - char *srv_cn_escaped, *printername_escaped; + char *srv_cn_escaped = NULL, *printername_escaped = NULL; LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(True, &ads))) { @@ -1874,6 +1874,8 @@ static int net_ads_printer_publish(int argc, const char **argv) srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn[0]); printername_escaped = escape_rdn_val_string_alloc(printername); if (!srv_cn_escaped || !printername_escaped) { + SAFE_FREE(srv_cn_escaped); + SAFE_FREE(printername_escaped); d_fprintf(stderr, "Internal error, out of memory!"); ads_destroy(&ads); return -1; @@ -1881,16 +1883,21 @@ static int net_ads_printer_publish(int argc, const char **argv) asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn); + SAFE_FREE(srv_cn_escaped); + SAFE_FREE(printername_escaped); + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SPOOLSS, &nt_status); if (!pipe_hnd) { d_fprintf(stderr, "Unable to open a connnection to the spoolss pipe on %s\n", servername); + SAFE_FREE(prt_dn); ads_destroy(&ads); return -1; } if (!W_ERROR_IS_OK(get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods, printername))) { + SAFE_FREE(prt_dn); ads_destroy(&ads); return -1; } @@ -1898,11 +1905,13 @@ static int net_ads_printer_publish(int argc, const char **argv) rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc)); + SAFE_FREE(prt_dn); ads_destroy(&ads); return -1; } d_printf("published printer\n"); + SAFE_FREE(prt_dn); ads_destroy(&ads); return 0; -- cgit From 8e00e9d7a6114089fc176bc3446c6c97a01543d6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Mar 2007 02:43:33 +0000 Subject: r21609: Fix memory leaks in error code paths (and one in winbindd_group.c). Patch from Zack Kirsch . Jeremy. (This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51) --- source3/utils/net_ads.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b1ac40fd72..363bfbc666 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1823,10 +1823,12 @@ static int net_ads_printer_publish(int argc, const char **argv) LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(True, &ads))) { + talloc_destroy(mem_ctx); return -1; } if (argc < 1) { + talloc_destroy(mem_ctx); return net_ads_printer_usage(argc, argv); } @@ -1854,6 +1856,7 @@ static int net_ads_printer_publish(int argc, const char **argv) d_fprintf(stderr, "Unable to open a connnection to %s to obtain data " "for %s\n", servername, printername); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1865,6 +1868,7 @@ static int net_ads_printer_publish(int argc, const char **argv) d_fprintf(stderr, "Could not find machine account for server %s\n", servername); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1878,6 +1882,7 @@ static int net_ads_printer_publish(int argc, const char **argv) SAFE_FREE(printername_escaped); d_fprintf(stderr, "Internal error, out of memory!"); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1892,6 +1897,7 @@ static int net_ads_printer_publish(int argc, const char **argv) servername); SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1899,6 +1905,7 @@ static int net_ads_printer_publish(int argc, const char **argv) printername))) { SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1907,12 +1914,14 @@ static int net_ads_printer_publish(int argc, const char **argv) d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc)); SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } d_printf("published printer\n"); SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return 0; } -- cgit From 2af42eaaa35e356ed605f750489b327b1e1b9193 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 20 Mar 2007 15:29:33 +0000 Subject: r21888: Add the osname and osver options to 'net ads join' as discussed on the samba-technical ml. I'll add a 'net ads set attribute=value' utility later rather than the original 'net ads setmachineupn' patch that was also posted to the tech ml. (This used to be commit 5035778ae4b3a5e445faa535c5caf00bc8d220d8) --- source3/utils/net_ads.c | 95 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 94 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 363bfbc666..f5a3c36264 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1117,6 +1117,72 @@ done: return status; } +/******************************************************************* + Set a machines dNSHostName and servicePrincipalName attributes + ********************************************************************/ + +static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, + const char *os_name, const char *os_version ) +{ + ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); + char *new_dn; + ADS_MODLIST mods; + LDAPMessage *res = NULL; + char *dn_string = NULL; + const char *machine_name = global_myname(); + int count; + char *os_sp = NULL; + + if ( !os_name || !os_version ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* Find our DN */ + + status = ads_find_machine_acct(ads_s, &res, machine_name); + if (!ADS_ERR_OK(status)) + return status; + + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { + DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { + DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); + goto done; + } + + new_dn = talloc_strdup(ctx, dn_string); + ads_memfree(ads_s, dn_string); + if (!new_dn) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* now do the mods */ + + if (!(mods = ads_init_mods(ctx))) { + goto done; + } + + os_sp = talloc_asprintf( ctx, "Samba %s", SAMBA_VERSION_STRING ); + + /* fields of primary importance */ + + ads_mod_str(ctx, &mods, "operatingSystem", os_name); + ads_mod_str(ctx, &mods, "operatingSystemVersion", os_version); + if ( os_sp ) + ads_mod_str(ctx, &mods, "operatingSystemServicePack", os_sp); + + status = ads_gen_mod(ads_s, new_dn, mods); + +done: + ads_msgfree(ads_s, res); + TALLOC_FREE( os_sp ); + + return status; +} + /******************************************************************* join a domain using ADS (LDAP mods) ********************************************************************/ @@ -1386,6 +1452,8 @@ int net_ads_join(int argc, const char **argv) int i; fstring dc_name; struct in_addr dcip; + const char *os_name = NULL; + const char *os_version = NULL; nt_status = check_ads_config(); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1427,7 +1495,21 @@ int net_ads_join(int argc, const char **argv) } else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) { if ( (create_in_ou = get_string_param(argv[i])) == NULL ) { - d_fprintf(stderr, "Please supply a valid OU path\n"); + d_fprintf(stderr, "Please supply a valid OU path.\n"); + nt_status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + else if ( !StrnCaseCmp(argv[i], "osName", strlen("osName")) ) { + if ( (os_name = get_string_param(argv[i])) == NULL ) { + d_fprintf(stderr, "Please supply a operating system name.\n"); + nt_status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + else if ( !StrnCaseCmp(argv[i], "osVer", strlen("osVer")) ) { + if ( (os_version = get_string_param(argv[i])) == NULL ) { + d_fprintf(stderr, "Please supply a valid operating system version.\n"); nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } @@ -1546,7 +1628,18 @@ int net_ads_join(int argc, const char **argv) } } + /* Try to set the operatingSystem attributes if asked */ + + if ( os_name && os_version ) { + status = net_set_os_attributes( ctx, ads, os_name, os_version ); + if ( !ADS_ERR_OK(status) ) { + d_fprintf(stderr, "Failed to set operatingSystem attributes. " + "Are you a Domain Admin?\n"); + } + } + /* Now build the keytab, using the same ADS connection */ + if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { DEBUG(1,("Error creating host keytab!\n")); } -- cgit From 1ee9650a1dfa28badac1f37b4c14fca920c6330c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 23 Apr 2007 08:40:54 +0000 Subject: r22479: Add "net ads keytab list". Guenther (This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1) --- source3/utils/net_ads.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f5a3c36264..37ede28a97 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2397,10 +2397,11 @@ static int net_ads_keytab_usage(int argc, const char **argv) d_printf( "net ads keytab \n"\ " can be either:\n"\ -" CREATE Creates a fresh keytab\n"\ " ADD Adds new service principal\n"\ +" CREATE Creates a fresh keytab\n"\ " FLUSH Flushes out all keytab entries\n"\ " HELP Prints this help message\n"\ +" LIST List the keytab\n"\ "The ADD command will take arguments, the other commands\n"\ "will not take any arguments. The arguments given to ADD\n"\ "should be a list of principals to add. For example, \n"\ @@ -2455,6 +2456,12 @@ static int net_ads_keytab_create(int argc, const char **argv) return ret; } +static int net_ads_keytab_list(int argc, const char **argv) +{ + return ads_keytab_list(); +} + + int net_ads_keytab(int argc, const char **argv) { struct functable func[] = { @@ -2462,6 +2469,7 @@ int net_ads_keytab(int argc, const char **argv) {"ADD", net_ads_keytab_add}, {"FLUSH", net_ads_keytab_flush}, {"HELP", net_ads_keytab_usage}, + {"LIST", net_ads_keytab_list}, {NULL, NULL} }; -- cgit From 3eca3af1bcd92e575b8c5d1034efd8d516df5e6c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 6 May 2007 21:45:53 +0000 Subject: r22728: Patch from Danilo Almeida : When asked to create a machine account in an OU as part of "net ads join" and the account already exists in another OU, simply move the machine object to the requested OU. (This used to be commit 3004cc6e593e6659a618de66f659f579e71c07f7) --- source3/utils/net_ads.c | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 37ede28a97..030c5762f3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1190,28 +1190,50 @@ done: static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) { ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); - char *dn, *ou_str; + char *ou_str = NULL; + char *dn = NULL; LDAPMessage *res = NULL; + BOOL moved; ou_str = ads_ou_string(ads, ou); - if ((asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path)) == -1) { - SAFE_FREE(ou_str); - return ADS_ERROR(LDAP_NO_MEMORY); + if (asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path) == -1) { + rc = ADS_ERROR(LDAP_NO_MEMORY); + goto done; } rc = ads_search_dn(ads, &res, dn, NULL); - ads_msgfree(ads, res); + if (!ADS_ERR_OK(rc)) { + d_fprintf(stderr, "The specified OU does not exist.\n"); + goto done; + } - if (ADS_ERR_OK(rc)) { /* Attempt to create the machine account and bail if this fails. Assume that the admin wants exactly what they requested */ rc = ads_create_machine_acct( ads, global_myname(), dn ); - if ( rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS ) { - rc = ADS_SUCCESS; + if (ADS_ERR_OK(rc)) { + DEBUG(1, ("machine account created\n")); + goto done; } + if ( !(rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS) ) { + DEBUG(1, ("machine account creation failed\n")); + goto done; + } + + rc = ads_move_machine_acct(ads, global_myname(), dn, &moved); + if (!ADS_ERR_OK(rc)) { + DEBUG(1, ("failure to locate/move pre-existing machine account\n")); + goto done; } + if (moved) { + d_printf("The machine account was moved into the specified OU.\n"); + } else { + d_printf("The machine account already exists in the specified OU.\n"); + } + +done: + ads_msgfree(ads, res); SAFE_FREE( ou_str ); SAFE_FREE( dn ); @@ -1528,7 +1550,7 @@ int net_ads_join(int argc, const char **argv) status = net_precreate_machine_acct( ads, create_in_ou ); if ( !ADS_ERR_OK(status) ) { d_fprintf( stderr, "Failed to pre-create the machine object " - "in OU %s.\n", argv[0]); + "in OU %s.\n", create_in_ou); DEBUG(1, ("error calling net_precreate_machine_acct: %s\n", ads_errstr(status))); nt_status = ads_ntstatus(status); -- cgit From cfc4946ebf578f6030c8fb44e26b16fede1d0ff7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 6 May 2007 22:18:44 +0000 Subject: r22729: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.) (This used to be commit 3f588e0b65433176f8f80312c1456836717cf6de) --- source3/utils/net_ads.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 030c5762f3..385d9c1aa5 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1450,7 +1450,12 @@ static int net_ads_join_usage(int argc, const char **argv) d_printf(" The OU string read from top to bottom without RDNs and delimited by a '/'.\n"); d_printf(" E.g. \"createcomputer=Computers/Servers/Unix\"\n"); d_printf(" NB: A backslash '\\' is used as escape at multiple levels and may\n"); - d_printf(" need to be doubled or even quadrupled. It is not used as a separator"); + d_printf(" need to be doubled or even quadrupled. It is not used as a separator.\n"); + d_printf(" osName=string Set the operatingSystem attribute during the join.\n"); + d_printf(" osVer=string Set the operatingSystemVersion attribute during the join.\n"); + d_printf(" NB: osName and osVer must be specified together for either to take effect.\n"); + d_printf(" Also, the operatingSystemService attribute is also set when along with\n"); + d_printf(" the two other attributes.\n"); return -1; } -- cgit From e6383f47629368d9dd4e803f17566a24e9d7359e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 7 May 2007 09:35:35 +0000 Subject: r22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch. This changes "struct process_id" to "struct server_id", keeping both is just too much hassle. No functional change (I hope ;-)) Volker (This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 385d9c1aa5..a9319a380c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1921,7 +1921,7 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } -void do_drv_upgrade_printer(int msg_type, struct process_id src, +void do_drv_upgrade_printer(int msg_type, struct server_id src, void *buf, size_t len, void *private_data) { return; -- cgit From e95942ed84fef4dd34c380d59145d3e182b01702 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 16 May 2007 20:56:39 +0000 Subject: r22954: More messaging_register (This used to be commit 9b8df24107ffe3016031e5257c5680689f061886) --- source3/utils/net_ads.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a9319a380c..a1206bbd52 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1921,12 +1921,6 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } -void do_drv_upgrade_printer(int msg_type, struct server_id src, - void *buf, size_t len, void *private_data) -{ - return; -} - static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; -- cgit From a2618aa8d5a46305c02a083b880ce299681810c3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 29 Jun 2007 09:01:29 +0000 Subject: r23648: Allow to list a custom krb5 keytab file with: net ads keytab list /path/to/krb5.keytab Guenther (This used to be commit a2befee3f240543ea02ea99cebad886b54ae64eb) --- source3/utils/net_ads.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a1206bbd52..29d7e386d8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2423,12 +2423,13 @@ static int net_ads_keytab_usage(int argc, const char **argv) " FLUSH Flushes out all keytab entries\n"\ " HELP Prints this help message\n"\ " LIST List the keytab\n"\ -"The ADD command will take arguments, the other commands\n"\ +"The ADD and LIST command will take arguments, the other commands\n"\ "will not take any arguments. The arguments given to ADD\n"\ "should be a list of principals to add. For example, \n"\ " net ads keytab add srv1 srv2\n"\ "will add principals for the services srv1 and srv2 to the\n"\ "system's keytab.\n"\ +"The LIST command takes a keytabname.\n"\ "\n" ); return -1; @@ -2479,15 +2480,21 @@ static int net_ads_keytab_create(int argc, const char **argv) static int net_ads_keytab_list(int argc, const char **argv) { - return ads_keytab_list(); + const char *keytab = NULL; + + if (argc >= 1) { + keytab = argv[0]; + } + + return ads_keytab_list(keytab); } int net_ads_keytab(int argc, const char **argv) { struct functable func[] = { - {"CREATE", net_ads_keytab_create}, {"ADD", net_ads_keytab_add}, + {"CREATE", net_ads_keytab_create}, {"FLUSH", net_ads_keytab_flush}, {"HELP", net_ads_keytab_usage}, {"LIST", net_ads_keytab_list}, -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 29d7e386d8..888c5a58d9 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/utils/net_ads.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 888c5a58d9..70f9f62187 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From c252b04abf31c2cade71a83e8e6c650d7c41f80b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jul 2007 13:21:32 +0000 Subject: r23834: Allow to pass an ADS_STRUCT pointer down to the dump function callback in libads. Guenther (This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 70f9f62187..10d33fcfef 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -397,7 +397,7 @@ static int net_ads_workgroup(int argc, const char **argv) -static BOOL usergrp_display(char *field, void **values, void *data_area) +static BOOL usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; -- cgit From 809c9d4d3136cc46dc228107918ca19d5a008a0a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Jul 2007 11:08:00 +0000 Subject: r23888: move elements belonging to the current ldap connection to a substructure. metze (This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c) --- source3/utils/net_ads.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 10d33fcfef..d4dfbb6a2b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -80,13 +80,13 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) { struct cldap_netlogon_reply reply; - if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap_ip), ads->server.realm, &reply ) ) { + if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap.ip), ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } d_printf("Information for Domain Controller: %s\n\n", - inet_ntoa(ads->ldap_ip)); + inet_ntoa(ads->ldap.ip)); d_printf("Response Type: "); switch (reply.type) { @@ -160,7 +160,7 @@ static int net_ads_lookup(int argc, const char **argv) if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); - ads->ldap_port = 389; + ads->ldap.port = 389; } return net_ads_cldap_netlogon(ads); @@ -189,11 +189,11 @@ static int net_ads_info(int argc, const char **argv) d_fprintf( stderr, "Failed to get server's current time!\n"); } - d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip)); + d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap.ip)); d_printf("LDAP server name: %s\n", ads->config.ldap_server_name); d_printf("Realm: %s\n", ads->config.realm); d_printf("Bind Path: %s\n", ads->config.bind_path); - d_printf("LDAP port: %d\n", ads->ldap_port); + d_printf("LDAP port: %d\n", ads->ldap.port); d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); d_printf("KDC server: %s\n", ads->auth.kdc_server ); @@ -380,10 +380,10 @@ static int net_ads_workgroup(int argc, const char **argv) if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); - ads->ldap_port = 389; + ads->ldap.port = 389; } - if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap_ip), ads->server.realm, &reply ) ) { + if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap.ip), ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } @@ -545,7 +545,7 @@ static int ads_user_info(int argc, const char **argv) return -1; } - grouplist = ldap_get_values((LDAP *)ads->ld, + grouplist = ldap_get_values((LDAP *)ads->ldap.ld, (LDAPMessage *)res, "memberOf"); if (grouplist) { @@ -831,7 +831,7 @@ static int net_ads_leave(int argc, const char **argv) /* make RPC calls here */ - if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap_ip, + if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ip, ads->config.ldap_server_name)) ) { goto done; @@ -1338,7 +1338,7 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, char *root_dn; ADS_STATUS ads_status; - if ( !ads->ld ) { + if ( !ads->ldap.ld ) { ads_status = ads_connect( ads ); if ( !ADS_ERR_OK(ads_status) ) { DEBUG(0,("net_update_dns_internal: Failed to connect to our DC!\n")); @@ -1568,7 +1568,7 @@ int net_ads_join(int argc, const char **argv) password = talloc_strdup(ctx, tmp_password); nt_status = net_join_domain(ctx, ads->config.ldap_server_name, - &ads->ldap_ip, &short_domain_name, &domain_sid, password); + &ads->ldap.ip, &short_domain_name, &domain_sid, password); if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(1, ("call of net_join_domain failed: %s\n", get_friendly_nt_error_msg(nt_status))); @@ -1603,7 +1603,7 @@ int net_ads_join(int argc, const char **argv) /* Verify that everything is ok */ - if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap_ip) != 0 ) { + if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap.ip) != 0 ) { d_fprintf(stderr, "Failed to verify membership in domain!\n"); goto fail; } @@ -1985,7 +1985,7 @@ static int net_ads_printer_publish(int argc, const char **argv) return -1; } - srv_dn = ldap_get_dn((LDAP *)ads->ld, (LDAPMessage *)res); + srv_dn = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res); srv_cn = ldap_explode_dn(srv_dn, 1); srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn[0]); -- cgit From 7d3e5834ec441b371ec65595ed810011deee74d3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 19 Jul 2007 13:07:22 +0000 Subject: r23968: Harmonize net's password prompts. Guenther (This used to be commit 7e2fb14d6e4f58fe6645b7e7468f925c21cb4c9d) --- source3/utils/net_ads.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d4dfbb6a2b..71217b5137 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -244,14 +244,11 @@ retry_connect: retry: if (!opt_password && need_password && !opt_machine_pass) { - char *prompt = NULL; - asprintf(&prompt,"%s's password: ", opt_user_name); - if (!prompt) { + opt_password = net_prompt_pass(opt_user_name); + if (!opt_password) { ads_destroy(&ads); return ADS_ERROR(LDAP_NO_MEMORY); } - opt_password = getpass(prompt); - free(prompt); } if (opt_password) { -- cgit From 2349acdd4366f665b9091d879682bc578b03c42d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 19 Jul 2007 13:47:53 +0000 Subject: r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew, pac). Guenther (This used to be commit 4cada7c1485c9957e553d6e75cb6f30f4338489f) --- source3/utils/net_ads.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 71217b5137..f92985091e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2505,6 +2505,111 @@ use keytab functions.\n"); return net_run_function(argc, argv, func, net_ads_keytab_usage); } +static int net_ads_kerberos_usage(int argc, const char **argv) +{ + d_printf( + "net ads kerberos \n"\ + " can be either:\n"\ + " RENEW Renew TGT from existing credential cache\n"\ + " PAC Dumps the Kerberos PAC\n"\ + " KINIT Retrieve Ticket Granting Ticket (TGT)\n"\ + "\n" + ); + + return -1; +} + +static int net_ads_kerberos_renew(int argc, const char **argv) +{ + int ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL); + if (ret) { + d_printf("failed to renew kerberos ticket: %s\n", + error_message(ret)); + } + return ret; +} + +static int net_ads_kerberos_pac(int argc, const char **argv) +{ + PAC_DATA *pac = NULL; + PAC_LOGON_INFO *info = NULL; + TALLOC_CTX *mem_ctx = NULL; + NTSTATUS status; + int ret = -1; + + mem_ctx = talloc_init("net_ads_kerberos_pac"); + if (!mem_ctx) { + goto out; + } + + opt_password = net_prompt_pass(opt_user_name); + + status = kerberos_return_pac(mem_ctx, + opt_user_name, + opt_password, + 0, &pac); + if (!NT_STATUS_IS_OK(status)) { + d_printf("failed to query kerberos PAC: %s\n", + nt_errstr(status)); + goto out; + } + + info = get_logon_info_from_pac(pac); + if (info) { + dump_pac_logon_info(0, info); + } + + ret = 0; + out: + TALLOC_FREE(mem_ctx); + return ret; +} + +static int net_ads_kerberos_kinit(int argc, const char **argv) +{ + TALLOC_CTX *mem_ctx = NULL; + int ret = -1; + NTSTATUS status; + + mem_ctx = talloc_init("net_ads_kerberos_kinit"); + if (!mem_ctx) { + goto out; + } + + opt_password = net_prompt_pass(opt_user_name); + + ret = kerberos_kinit_password_ext(opt_user_name, + opt_password, + 0, + NULL, + NULL, + NULL, + True, + True, + 2592000, /* one month */ + &status); + if (ret) { + d_printf("failed to kinit password: %s\n", + nt_errstr(status)); + } + out: + return ret; +} + +int net_ads_kerberos(int argc, const char **argv) +{ + struct functable func[] = { + {"KINIT", net_ads_kerberos_kinit}, + {"RENEW", net_ads_kerberos_renew}, + {"PAC", net_ads_kerberos_pac}, + {"HELP", net_ads_kerberos_usage}, + {NULL, NULL} + }; + + return net_run_function(argc, argv, func, net_ads_kerberos_usage); +} + + int net_ads_help(int argc, const char **argv) { struct functable func[] = { @@ -2546,6 +2651,7 @@ int net_ads(int argc, const char **argv) {"LOOKUP", net_ads_lookup}, {"KEYTAB", net_ads_keytab}, {"GPO", net_ads_gpo}, + {"KERBEROS", net_ads_kerberos}, {"HELP", net_ads_help}, {NULL, NULL} }; @@ -2566,6 +2672,11 @@ int net_ads_keytab(int argc, const char **argv) return net_ads_noads(); } +int net_ads_kerberos(int argc, const char **argv) +{ + return net_ads_noads(); +} + int net_ads_usage(int argc, const char **argv) { return net_ads_noads(); -- cgit From a81c8b2a2830f964216da7f77250f77d3bcbf29d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 31 Jul 2007 19:15:27 +0000 Subject: r24107: Fix bug 4849. Thanks to Matthijs Kooijman (This used to be commit 6e6eea64a5f770a585487734b1d0c28746bf5550) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f92985091e..b4337d9f38 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1743,7 +1743,7 @@ static int net_ads_dns_register(int argc, const char **argv) #endif if (argc > 0) { - d_fprintf(stderr, "net ads dns register \n"); + d_fprintf(stderr, "net ads dns register\n"); return -1; } -- cgit From 201f0e1ce405273ffc19d280f91d8eee17bdaaec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 14 Aug 2007 19:47:57 +0000 Subject: r24432: Expand kerberos_return_pac() so that it can be used in winbindd. Guenther (This used to be commit e70bf0ecc3ec6d3ba8ba384024bbdf9a783072ea) --- source3/utils/net_ads.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b4337d9f38..f4fc9470f6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2547,7 +2547,14 @@ static int net_ads_kerberos_pac(int argc, const char **argv) status = kerberos_return_pac(mem_ctx, opt_user_name, opt_password, - 0, &pac); + 0, + NULL, + NULL, + NULL, + True, + True, + 2592000, /* one month */ + &pac); if (!NT_STATUS_IS_OK(status)) { d_printf("failed to query kerberos PAC: %s\n", nt_errstr(status)); -- cgit From 48853f0badc92b86c18ed3daad3d45f8d74c5cac Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Wed, 29 Aug 2007 19:55:13 +0000 Subject: r24789: Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. The server may be configured to deny anonymous netlogon connections which would stop domain join verification step. Still, winnt domains require such smb sessions not to be authenticated using machine credentials. Creds employed in smb session cannot have a username in upn form, so provide the separate function to use machine account. rafal (This used to be commit 30d99d8ac3379caadc5bdb353977149d1ee16403) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f4fc9470f6..bb7945dbf5 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -882,7 +882,7 @@ static NTSTATUS net_ads_join_ok(void) return NT_STATUS_ACCESS_DENIED; } - net_use_machine_password(); + net_use_upn_machine_account(); status = ads_startup(True, &ads); if (!ADS_ERR_OK(status)) { @@ -2187,7 +2187,7 @@ int net_ads_changetrustpw(int argc, const char **argv) return -1; } - net_use_machine_password(); + net_use_upn_machine_account(); use_in_memory_ccache(); -- cgit From 00737da4f4e47f43a2fcfcbcecc7d0b44c2dd774 Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Fri, 31 Aug 2007 21:25:53 +0000 Subject: r24853: Rename function as Jerry asked. s/net_use_upn_machine_account/net_use_krb_machine_account/ rafal (This used to be commit 86af9fedad71697f22cc739518340f7753b8f9da) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index bb7945dbf5..5646a0c8a8 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -882,7 +882,7 @@ static NTSTATUS net_ads_join_ok(void) return NT_STATUS_ACCESS_DENIED; } - net_use_upn_machine_account(); + net_use_krb_machine_account(); status = ads_startup(True, &ads); if (!ADS_ERR_OK(status)) { @@ -2187,7 +2187,7 @@ int net_ads_changetrustpw(int argc, const char **argv) return -1; } - net_use_upn_machine_account(); + net_use_krb_machine_account(); use_in_memory_ccache(); -- cgit From 4dc265d6a0fe799006ac5be79114a145b3a114c5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Sep 2007 15:34:22 +0000 Subject: r25198: Change net_rpc_join_ok() to return NTSTATUS for better error propagation. Michael (This used to be commit 5a16da2185f07d1f48fabd93a7a6b8f2d6b91089) --- source3/utils/net_ads.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5646a0c8a8..4a43306666 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1600,8 +1600,12 @@ int net_ads_join(int argc, const char **argv) /* Verify that everything is ok */ - if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap.ip) != 0 ) { - d_fprintf(stderr, "Failed to verify membership in domain!\n"); + nt_status = net_rpc_join_ok(short_domain_name, + ads->config.ldap_server_name, &ads->ldap.ip); + if (!NT_STATUS_IS_OK(nt_status)) { + d_fprintf(stderr, + "Failed to verify membership in domain: %s!\n", + nt_errstr(nt_status)); goto fail; } -- cgit From 75f82d454fd5d03d538239270f1a6e6d185b87d5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Sep 2007 20:01:47 +0000 Subject: r25200: Fix a debug message. (This used to be commit f1f4758e2c40a470c19b4b738f79ec5807522909) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 4a43306666..b180ef7e97 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1406,7 +1406,7 @@ static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) num_addrs = get_my_ip_address( &iplist ); if ( num_addrs <= 0 ) { - DEBUG(4,("net_ads_join: Failed to find my non-loopback IP " + DEBUG(4,("net_update_dns: Failed to find my non-loopback IP " "addresses!\n")); return NT_STATUS_INVALID_PARAMETER; } -- cgit From 34af42e87ef2ea867c8a43ccfbc0665e97c06241 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Sep 2007 21:04:10 +0000 Subject: r25201: Fight those red bars... (This used to be commit cc4599fdc1fb9aa51f6a4487cb1aa78a5556757a) --- source3/utils/net_ads.c | 365 ++++++++++++++++++++++++------------------------ 1 file changed, 183 insertions(+), 182 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b180ef7e97..08623d6834 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1,5 +1,5 @@ -/* - Samba Unix/Linux SMB client library +/* + Samba Unix/Linux SMB client library net ads commands Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) @@ -10,14 +10,14 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License - along with this program. If not, see . + along with this program. If not, see . */ #include "includes.h" @@ -57,7 +57,7 @@ int net_ads_usage(int argc, const char **argv) d_printf("dns\n"); d_printf(" Issue a dynamic DNS update request the server's hostname\n"); d_printf(" (using the machine credentials)\n"); - + return -1; } @@ -85,7 +85,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) return -1; } - d_printf("Information for Domain Controller: %s\n\n", + d_printf("Information for Domain Controller: %s\n\n", inet_ntoa(ads->ldap.ip)); d_printf("Response Type: "); @@ -100,8 +100,8 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("0x%x\n", reply.type); break; } - d_printf("GUID: %s\n", - smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + d_printf("GUID: %s\n", + smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); d_printf("Flags:\n" "\tIs a PDC: %s\n" "\tIs a GC of the forest: %s\n" @@ -218,7 +218,7 @@ static ADS_STATUS ads_startup_int(BOOL only_own_domain, uint32 auth_flags, ADS_S const char *realm = NULL; BOOL tried_closest_dc = False; - /* lp_realm() should be handled by a command line param, + /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf and compares our realm with the remote server's so this is ok until someone needs more flexibility */ @@ -262,7 +262,7 @@ retry: ads->auth.user_name = smb_xstrdup(opt_user_name); /* - * If the username is of the form "name@realm", + * If the username is of the form "name@realm", * extract the realm and convert to upper case. * This is only used to establish the connection. */ @@ -277,13 +277,13 @@ retry: if (!ADS_ERR_OK(status)) { - if (NT_STATUS_EQUAL(ads_ntstatus(status), + if (NT_STATUS_EQUAL(ads_ntstatus(status), NT_STATUS_NO_LOGON_SERVERS)) { DEBUG(0,("ads_connect: %s\n", ads_errstr(status))); ads_destroy(&ads); return status; } - + if (!need_password && !second_time && !(auth_flags & ADS_AUTH_NO_BIND)) { need_password = True; second_time = True; @@ -362,7 +362,8 @@ int net_ads_check(void) { return net_ads_check_int(NULL, opt_workgroup, opt_host); } -/* + +/* determine the netbios workgroup name for a domain */ static int net_ads_workgroup(int argc, const char **argv) @@ -374,12 +375,12 @@ static int net_ads_workgroup(int argc, const char **argv) d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; } - + if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap.port = 389; } - + if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap.ip), ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; @@ -388,7 +389,7 @@ static int net_ads_workgroup(int argc, const char **argv) d_printf("Workgroup: %s\n", reply.netbios_domain); ads_destroy(&ads); - + return 0; } @@ -402,7 +403,7 @@ static BOOL usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *d if (disp_fields[0]) { if (!strchr_m(disp_fields[0], '$')) { if (disp_fields[1]) - d_printf("%-21.21s %s\n", + d_printf("%-21.21s %s\n", disp_fields[0], disp_fields[1]); else d_printf("%s\n", disp_fields[0]); @@ -425,7 +426,7 @@ static BOOL usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *d static int net_ads_user_usage(int argc, const char **argv) { return net_help_user(argc, argv); -} +} static int ads_user_add(int argc, const char **argv) { @@ -437,7 +438,7 @@ static int ads_user_add(int argc, const char **argv) char *ou_str = NULL; if (argc < 1) return net_ads_user_usage(argc, argv); - + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -448,7 +449,7 @@ static int ads_user_add(int argc, const char **argv) d_fprintf(stderr, "ads_user_add: %s\n", ads_errstr(status)); goto done; } - + if (ads_count_replies(ads, res)) { d_fprintf(stderr, "ads_user_add: User %s already exists\n", argv[0]); goto done; @@ -469,7 +470,7 @@ static int ads_user_add(int argc, const char **argv) } /* if no password is to be set, we're done */ - if (argc == 1) { + if (argc == 1) { d_printf("User %s added\n", argv[0]); rc = 0; goto done; @@ -477,7 +478,7 @@ static int ads_user_add(int argc, const char **argv) /* try setting the password */ asprintf(&upn, "%s@%s", argv[0], ads->config.realm); - status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1], + status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1], ads->auth.time_offset); safe_free(upn); if (ADS_ERR_OK(status)) { @@ -541,7 +542,7 @@ static int ads_user_info(int argc, const char **argv) SAFE_FREE(escaped_user); return -1; } - + grouplist = ldap_get_values((LDAP *)ads->ldap.ld, (LDAPMessage *)res, "memberOf"); @@ -555,7 +556,7 @@ static int ads_user_info(int argc, const char **argv) } ldap_value_free(grouplist); } - + ads_msgfree(ads, res); ads_destroy(&ads); SAFE_FREE(escaped_user); @@ -572,7 +573,7 @@ static int ads_user_delete(int argc, const char **argv) if (argc < 1) { return net_ads_user_usage(argc, argv); } - + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -593,7 +594,7 @@ static int ads_user_delete(int argc, const char **argv) ads_destroy(&ads); return 0; } - d_fprintf(stderr, "Error deleting user %s: %s\n", argv[0], + d_fprintf(stderr, "Error deleting user %s: %s\n", argv[0], ads_errstr(rc)); ads_destroy(&ads); return -1; @@ -612,7 +613,7 @@ int net_ads_user(int argc, const char **argv) const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; char *disp_fields[2] = {NULL, NULL}; - + if (argc == 0) { if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; @@ -622,11 +623,11 @@ int net_ads_user(int argc, const char **argv) d_printf("\nUser name Comment"\ "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->config.bind_path, + rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, - "(objectCategory=user)", + "(objectCategory=user)", opt_long_list_entries ? longattrs : - shortattrs, usergrp_display, + shortattrs, usergrp_display, disp_fields); ads_destroy(&ads); return ADS_ERR_OK(rc) ? 0 : -1; @@ -638,7 +639,7 @@ int net_ads_user(int argc, const char **argv) static int net_ads_group_usage(int argc, const char **argv) { return net_help_group(argc, argv); -} +} static int ads_group_add(int argc, const char **argv) { @@ -651,7 +652,7 @@ static int ads_group_add(int argc, const char **argv) if (argc < 1) { return net_ads_group_usage(argc, argv); } - + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -662,7 +663,7 @@ static int ads_group_add(int argc, const char **argv) d_fprintf(stderr, "ads_group_add: %s\n", ads_errstr(status)); goto done; } - + if (ads_count_replies(ads, res)) { d_fprintf(stderr, "ads_group_add: Group %s already exists\n", argv[0]); goto done; @@ -702,7 +703,7 @@ static int ads_group_delete(int argc, const char **argv) if (argc < 1) { return net_ads_group_usage(argc, argv); } - + if (!ADS_ERR_OK(ads_startup(False, &ads))) { return -1; } @@ -723,7 +724,7 @@ static int ads_group_delete(int argc, const char **argv) ads_destroy(&ads); return 0; } - d_fprintf(stderr, "Error deleting group %s: %s\n", argv[0], + d_fprintf(stderr, "Error deleting group %s: %s\n", argv[0], ads_errstr(rc)); ads_destroy(&ads); return -1; @@ -750,11 +751,11 @@ int net_ads_group(int argc, const char **argv) if (opt_long_list_entries) d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->config.bind_path, - LDAP_SCOPE_SUBTREE, - "(objectCategory=group)", - opt_long_list_entries ? longattrs : - shortattrs, usergrp_display, + rc = ads_do_search_all_fn(ads, ads->config.bind_path, + LDAP_SCOPE_SUBTREE, + "(objectCategory=group)", + opt_long_list_entries ? longattrs : + shortattrs, usergrp_display, disp_fields); ads_destroy(&ads); @@ -807,7 +808,7 @@ static int net_ads_leave(int argc, const char **argv) struct cli_state *cli = NULL; TALLOC_CTX *ctx; DOM_SID *dom_sid = NULL; - char *short_domain_name = NULL; + char *short_domain_name = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -819,7 +820,7 @@ static int net_ads_leave(int argc, const char **argv) return -1; } - /* The finds a DC and takes care of getting the + /* The finds a DC and takes care of getting the user creds if necessary */ if (!ADS_ERR_OK(ads_startup(True, &ads))) { @@ -828,12 +829,12 @@ static int net_ads_leave(int argc, const char **argv) /* make RPC calls here */ - if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ip, + if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ip, ads->config.ldap_server_name)) ) { goto done; } - + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) { goto done; } @@ -863,7 +864,7 @@ static int net_ads_leave(int argc, const char **argv) done: - if ( cli ) + if ( cli ) cli_shutdown(cli); ads_destroy(&ads); @@ -904,7 +905,7 @@ int net_ads_testjoin(int argc, const char **argv) /* Display success or failure */ status = net_ads_join_ok(); if (!NT_STATUS_IS_OK(status)) { - fprintf(stderr,"Join to domain is not valid: %s\n", + fprintf(stderr,"Join to domain is not valid: %s\n", get_friendly_nt_error_msg(status)); return -1; } @@ -942,7 +943,7 @@ static NTSTATUS check_ads_config( void ) /* This is a good bet for failure of secrets_init ... */ return NT_STATUS_ACCESS_DENIED; } - + return NT_STATUS_OK; } @@ -950,9 +951,9 @@ static NTSTATUS check_ads_config( void ) Do the domain join ********************************************************************/ -static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct in_addr *ip, char **domain, - DOM_SID **dom_sid, +static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, + struct in_addr *ip, char **domain, + DOM_SID **dom_sid, const char *password) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -962,13 +963,13 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, if ( !NT_STATUS_IS_OK(ret) ) { goto done; } - + ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid ); if ( !NT_STATUS_IS_OK(ret) ) { goto done; } - /* cli->server_domain is not filled in when using krb5 + /* cli->server_domain is not filled in when using krb5 session setups */ saf_store( *domain, cli->desthost ); @@ -976,7 +977,7 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD ); done: - if ( cli ) + if ( cli ) cli_shutdown(cli); return ret; @@ -998,27 +999,27 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) char *dn_string = NULL; const char *machine_name = global_myname(); int count; - + if ( !machine_name ) { return ADS_ERROR(LDAP_NO_MEMORY); } - + /* Find our DN */ - + status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) + if (!ADS_ERR_OK(status)) return status; - + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_MEMORY); } - + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); goto done; } - + new_dn = talloc_strdup(ctx, dn_string); ads_memfree(ads_s, dn_string); if (!new_dn) { @@ -1026,24 +1027,24 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) } /* Windows only creates HOST/shortname & HOST/fqdn. */ - - if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) ) + + if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) ) goto done; strupper_m(psp); servicePrincipalName[0] = psp; name_to_fqdn(my_fqdn, machine_name); strlower_m(my_fqdn); - if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) ) + if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) ) goto done; servicePrincipalName[1] = psp; - + if (!(mods = ads_init_mods(ctx))) { goto done; } - + /* fields of primary importance */ - + ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); @@ -1051,7 +1052,7 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) done: ads_msgfree(ads_s, res); - + return status; } @@ -1068,48 +1069,48 @@ static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *dn_string = NULL; const char *machine_name = global_myname(); int count; - + if ( !machine_name ) { return ADS_ERROR(LDAP_NO_MEMORY); } - + /* Find our DN */ - + status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) + if (!ADS_ERR_OK(status)) return status; - + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_MEMORY); } - + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); goto done; } - + new_dn = talloc_strdup(ctx, dn_string); ads_memfree(ads_s, dn_string); if (!new_dn) { return ADS_ERROR(LDAP_NO_MEMORY); } - + /* now do the mods */ - + if (!(mods = ads_init_mods(ctx))) { goto done; } - + /* fields of primary importance */ - + ads_mod_str(ctx, &mods, "userPrincipalName", upn); status = ads_gen_mod(ads_s, new_dn, mods); done: ads_msgfree(ads_s, res); - + return status; } @@ -1117,7 +1118,7 @@ done: Set a machines dNSHostName and servicePrincipalName attributes ********************************************************************/ -static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, +static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *os_name, const char *os_version ) { ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); @@ -1128,43 +1129,43 @@ static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *machine_name = global_myname(); int count; char *os_sp = NULL; - + if ( !os_name || !os_version ) { return ADS_ERROR(LDAP_NO_MEMORY); } - + /* Find our DN */ - + status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) + if (!ADS_ERR_OK(status)) return status; - + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_MEMORY); } - + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); goto done; } - + new_dn = talloc_strdup(ctx, dn_string); ads_memfree(ads_s, dn_string); if (!new_dn) { return ADS_ERROR(LDAP_NO_MEMORY); } - + /* now do the mods */ - + if (!(mods = ads_init_mods(ctx))) { goto done; } os_sp = talloc_asprintf( ctx, "Samba %s", SAMBA_VERSION_STRING ); - + /* fields of primary importance */ - + ads_mod_str(ctx, &mods, "operatingSystem", os_name); ads_mod_str(ctx, &mods, "operatingSystemVersion", os_version); if ( os_sp ) @@ -1174,8 +1175,8 @@ static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, done: ads_msgfree(ads_s, res); - TALLOC_FREE( os_sp ); - + TALLOC_FREE( os_sp ); + return status; } @@ -1263,28 +1264,28 @@ static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) fstrcpy( salt, std_salt ); SAFE_FREE( std_salt ); - + /* if it's a Windows functional domain, we have to look for the UPN */ - - if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { + + if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { char *upn; int count; - + status = ads_find_machine_acct(ads, &res, machine_name); if (!ADS_ERR_OK(status)) { return False; } - + if ( (count = ads_count_replies(ads, res)) != 1 ) { DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); return False; } - + upn = ads_pull_string(ads, ctx, res, "userPrincipalName"); if ( upn ) { fstrcpy( salt, upn ); } - + ads_msgfree(ads, res); } @@ -1313,8 +1314,8 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; DNS_ERROR dns_err; fstring dns_server; - const char *dnsdomain = NULL; - char *root_domain = NULL; + const char *dnsdomain = NULL; + char *root_domain = NULL; if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) { d_printf("No DNS domain configured for %s. " @@ -1327,23 +1328,23 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, status = ads_dns_lookup_ns( ctx, dnsdomain, &nameservers, &ns_count ); if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { /* Child domains often do not have NS records. Look - for the NS record for the forest root domain + for the NS record for the forest root domain (rootDomainNamingContext in therootDSE) */ const char *rootname_attrs[] = { "rootDomainNamingContext", NULL }; LDAPMessage *msg = NULL; char *root_dn; ADS_STATUS ads_status; - + if ( !ads->ldap.ld ) { ads_status = ads_connect( ads ); if ( !ADS_ERR_OK(ads_status) ) { DEBUG(0,("net_update_dns_internal: Failed to connect to our DC!\n")); - goto done; - } + goto done; + } } - - ads_status = ads_do_search(ads, "", LDAP_SCOPE_BASE, + + ads_status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", rootname_attrs, &msg); if (!ADS_ERR_OK(ads_status)) { goto done; @@ -1351,7 +1352,7 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, root_dn = ads_pull_string(ads, ctx, msg, "rootDomainNamingContext"); if ( !root_dn ) { - ads_msgfree( ads, msg ); + ads_msgfree( ads, msg ); goto done; } @@ -1363,15 +1364,15 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, /* try again for NS servers */ status = ads_dns_lookup_ns( ctx, root_domain, &nameservers, &ns_count ); - - if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { + + if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { DEBUG(3,("net_ads_join: Failed to find name server for the %s " "realm\n", ads->config.realm)); goto done; } - dnsdomain = root_domain; - + dnsdomain = root_domain; + } /* Now perform the dns update - we'll try non-secure and if we fail, @@ -1387,7 +1388,7 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, done: SAFE_FREE( root_domain ); - + return status; } @@ -1420,22 +1421,22 @@ static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) /******************************************************************* - utility function to parse an integer parameter from + utility function to parse an integer parameter from "parameter = value" **********************************************************/ static char* get_string_param( const char* param ) { char *p; - + if ( (p = strchr( param, '=' )) == NULL ) return NULL; - + return (p+1); } /******************************************************************* ********************************************************************/ - + static int net_ads_join_usage(int argc, const char **argv) { d_printf("net ads join [options]\n"); @@ -1458,7 +1459,7 @@ static int net_ads_join_usage(int argc, const char **argv) /******************************************************************* ********************************************************************/ - + int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads = NULL; @@ -1477,7 +1478,7 @@ int net_ads_join(int argc, const char **argv) struct in_addr dcip; const char *os_name = NULL; const char *os_version = NULL; - + nt_status = check_ads_config(); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); @@ -1497,8 +1498,8 @@ int net_ads_join(int argc, const char **argv) if (strcmp(ads->config.realm, lp_realm()) != 0) { d_fprintf(stderr, "realm of remote server (%s) and realm in %s " - "(%s) DO NOT match. Aborting join\n", ads->config.realm, - dyn_CONFIGFILE, lp_realm()); + "(%s) DO NOT match. Aborting join\n", + ads->config.realm, dyn_CONFIGFILE, lp_realm()); nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } @@ -1510,7 +1511,7 @@ int net_ads_join(int argc, const char **argv) } /* process additional command line args */ - + for ( i=0; iconfig.ldap_server_name, + + nt_status = net_join_domain(ctx, ads->config.ldap_server_name, &ads->ldap.ip, &short_domain_name, &domain_sid, password); if ( !NT_STATUS_IS_OK(nt_status) ) { - DEBUG(1, ("call of net_join_domain failed: %s\n", + DEBUG(1, ("call of net_join_domain failed: %s\n", get_friendly_nt_error_msg(nt_status))); goto fail; } /* Check the short name of the domain */ - + if ( !strequal(lp_workgroup(), short_domain_name) ) { d_printf("The workgroup in %s does not match the short\n", dyn_CONFIGFILE); d_printf("domain name obtained from the server.\n"); d_printf("Using the name [%s] from the server.\n", short_domain_name); - d_printf("You should set \"workgroup = %s\" in %s.\n", + d_printf("You should set \"workgroup = %s\" in %s.\n", short_domain_name, dyn_CONFIGFILE); } - + d_printf("Using short domain name -- %s\n", short_domain_name); /* HACK ALERT! Store the sid and password under both the lp_workgroup() value from smb.conf and the string returned from the server. The former is neede to bootstrap winbindd's first connection to the DC to get the real short domain name --jerry */ - + if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1) || (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) ) { @@ -1607,29 +1608,29 @@ int net_ads_join(int argc, const char **argv) "Failed to verify membership in domain: %s!\n", nt_errstr(nt_status)); goto fail; - } + } /* create the dNSHostName & servicePrincipalName values */ - + status = net_set_machine_spn( ctx, ads ); if ( !ADS_ERR_OK(status) ) { d_fprintf(stderr, "Failed to set servicePrincipalNames. Please ensure that\n"); d_fprintf(stderr, "the DNS domain of this server matches the AD domain,\n"); d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n"); - + /* Disable the machine account in AD. Better to fail than to leave a confused admin. */ - + if ( net_ads_leave( 0, NULL ) != 0 ) { d_fprintf( stderr, "Failed to disable machine account in AD. Please do so manually.\n"); } - + /* clear out the machine password */ - - netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); + + netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); netdom_store_machine_account( short_domain_name, domain_sid, "" ); - + nt_status = ads_ntstatus(status); goto fail; } @@ -1641,14 +1642,14 @@ int net_ads_join(int argc, const char **argv) if ( createupn ) { pstring upn; - + /* default to using the short UPN name */ if ( !machineupn ) { snprintf( upn, sizeof(upn), "host/%s@%s", global_myname(), ads->config.realm ); machineupn = upn; } - + status = net_set_machine_upn( ctx, ads, machineupn ); if ( !ADS_ERR_OK(status) ) { d_fprintf(stderr, "Failed to set userPrincipalName. Are you a Domain Admin?\n"); @@ -1673,10 +1674,10 @@ int net_ads_join(int argc, const char **argv) #if defined(WITH_DNS_UPDATES) /* We enter this block with user creds */ - ads_kdestroy( NULL ); + ads_kdestroy( NULL ); ads_destroy(&ads); ads = NULL; - + if ( (ads = ads_init( lp_realm(), NULL, NULL )) != NULL ) { /* kinit with the machine password */ @@ -1687,11 +1688,11 @@ int net_ads_join(int argc, const char **argv) ads->auth.realm = SMB_STRDUP( lp_realm() ); ads_kinit_password( ads ); } - + if ( !ads || !NT_STATUS_IS_OK(net_update_dns( ctx, ads )) ) { d_fprintf( stderr, "DNS update failed!\n" ); } - + /* exit from this block using machine creds */ #endif @@ -1700,7 +1701,7 @@ int net_ads_join(int argc, const char **argv) SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); - + return 0; fail: @@ -1717,7 +1718,7 @@ fail: /******************************************************************* ********************************************************************/ - + static int net_ads_dns_usage(int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) @@ -1734,18 +1735,18 @@ static int net_ads_dns_usage(int argc, const char **argv) /******************************************************************* ********************************************************************/ - + static int net_ads_dns_register(int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) ADS_STRUCT *ads; ADS_STATUS status; TALLOC_CTX *ctx; - + #ifdef DEVELOPER talloc_enable_leak_report(); #endif - + if (argc > 0) { d_fprintf(stderr, "net ads dns register\n"); return -1; @@ -1763,18 +1764,18 @@ static int net_ads_dns_register(int argc, const char **argv) return -1; } - if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads)) ) { + if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads)) ) { d_fprintf( stderr, "DNS update failed!\n" ); ads_destroy( &ads ); TALLOC_FREE( ctx ); return -1; } - + d_fprintf( stderr, "Successfully registered hostname with DNS\n" ); ads_destroy(&ads); TALLOC_FREE( ctx ); - + return 0; #else d_fprintf(stderr, "DNS update support not enabled at compile time!\n"); @@ -1790,7 +1791,7 @@ static int net_ads_dns_gethostbyname(int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) DNS_ERROR err; - + #ifdef DEVELOPER talloc_enable_leak_report(); #endif @@ -1900,7 +1901,7 @@ static int net_ads_printer_info(int argc, const char **argv) rc = ads_find_printer_on_server(ads, &res, printername, servername); if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "Server '%s' not found: %s\n", + d_fprintf(stderr, "Server '%s' not found: %s\n", servername, ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); @@ -1945,7 +1946,7 @@ static int net_ads_printer_publish(int argc, const char **argv) talloc_destroy(mem_ctx); return net_ads_printer_usage(argc, argv); } - + printername = argv[0]; if (argc == 2) { @@ -1953,17 +1954,17 @@ static int net_ads_printer_publish(int argc, const char **argv) } else { servername = global_myname(); } - + /* Get printer data from SPOOLSS */ resolve_name(servername, &server_ip, 0x20); - nt_status = cli_full_connection(&cli, global_myname(), servername, + nt_status = cli_full_connection(&cli, global_myname(), servername, &server_ip, 0, - "IPC$", "IPC", + "IPC$", "IPC", opt_user_name, opt_workgroup, - opt_password ? opt_password : "", - CLI_FULL_CONNECTION_USE_KERBEROS, + opt_password ? opt_password : "", + CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); if (NT_STATUS_IS_ERR(nt_status)) { @@ -2031,12 +2032,12 @@ static int net_ads_printer_publish(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; } - + d_printf("published printer\n"); SAFE_FREE(prt_dn); ads_destroy(&ads); talloc_destroy(mem_ctx); - + return 0; } @@ -2102,7 +2103,7 @@ static int net_ads_printer(int argc, const char **argv) {"REMOVE", net_ads_printer_remove}, {NULL, NULL} }; - + return net_run_function(argc, argv, func, net_ads_printer_usage); } @@ -2134,7 +2135,7 @@ static int net_ads_password(int argc, const char **argv) user = c; } - use_in_memory_ccache(); + use_in_memory_ccache(); c = strchr_m(auth_principal, '@'); if (c) { realm = ++c; @@ -2142,7 +2143,7 @@ static int net_ads_password(int argc, const char **argv) realm = lp_realm(); } - /* use the realm so we can eventually change passwords for users + /* use the realm so we can eventually change passwords for users in realms other than default */ if (!(ads = ads_init(realm, opt_workgroup, opt_host))) { return -1; @@ -2151,7 +2152,7 @@ static int net_ads_password(int argc, const char **argv) /* we don't actually need a full connect, but it's the easy way to fill in the KDC's addresss */ ads_connect(ads); - + if (!ads || !ads->config.realm) { d_fprintf(stderr, "Didn't find the kerberos server!\n"); return -1; @@ -2165,7 +2166,7 @@ static int net_ads_password(int argc, const char **argv) free(prompt); } - ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, + ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, user, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret)); @@ -2180,7 +2181,7 @@ static int net_ads_password(int argc, const char **argv) } int net_ads_changetrustpw(int argc, const char **argv) -{ +{ ADS_STRUCT *ads; char *host_principal; fstring my_name; @@ -2212,7 +2213,7 @@ int net_ads_changetrustpw(int argc, const char **argv) SAFE_FREE(host_principal); return -1; } - + d_printf("Password change for principal %s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { @@ -2274,7 +2275,7 @@ static int net_ads_search(int argc, const char **argv) d_fprintf(stderr, "search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; - } + } d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); @@ -2328,14 +2329,14 @@ static int net_ads_dn(int argc, const char **argv) dn = argv[0]; attrs = (argv + 1); - rc = ads_do_search_all(ads, dn, + rc = ads_do_search_all(ads, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(rc)) { d_fprintf(stderr, "search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; - } + } d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); @@ -2399,7 +2400,7 @@ static int net_ads_sid(int argc, const char **argv) d_fprintf(stderr, "search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; - } + } d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); @@ -2666,7 +2667,7 @@ int net_ads(int argc, const char **argv) {"HELP", net_ads_help}, {NULL, NULL} }; - + return net_run_function(argc, argv, func, net_ads_usage); } -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/utils/net_ads.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 08623d6834..bfbcbbde49 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -208,15 +208,15 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -static ADS_STATUS ads_startup_int(BOOL only_own_domain, uint32 auth_flags, ADS_STRUCT **ads_ret) +static ADS_STATUS ads_startup_int(bool only_own_domain, uint32 auth_flags, ADS_STRUCT **ads_ret) { ADS_STRUCT *ads = NULL; ADS_STATUS status; - BOOL need_password = False; - BOOL second_time = False; + bool need_password = False; + bool second_time = False; char *cp; const char *realm = NULL; - BOOL tried_closest_dc = False; + bool tried_closest_dc = False; /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf @@ -318,12 +318,12 @@ retry: return status; } -ADS_STATUS ads_startup(BOOL only_own_domain, ADS_STRUCT **ads) +ADS_STATUS ads_startup(bool only_own_domain, ADS_STRUCT **ads) { return ads_startup_int(only_own_domain, 0, ads); } -ADS_STATUS ads_startup_nobind(BOOL only_own_domain, ADS_STRUCT **ads) +ADS_STATUS ads_startup_nobind(bool only_own_domain, ADS_STRUCT **ads) { return ads_startup_int(only_own_domain, ADS_AUTH_NO_BIND, ads); } @@ -395,7 +395,7 @@ static int net_ads_workgroup(int argc, const char **argv) -static BOOL usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *data_area) +static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; @@ -1190,7 +1190,7 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) char *ou_str = NULL; char *dn = NULL; LDAPMessage *res = NULL; - BOOL moved; + bool moved; ou_str = ads_ou_string(ads, ou); if (asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path) == -1) { @@ -1240,7 +1240,7 @@ done: /************************************************************************ ************************************************************************/ -static BOOL net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) +static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) { uint32 domain_func; ADS_STATUS status; @@ -1470,7 +1470,7 @@ int net_ads_join(int argc, const char **argv) char *tmp_password, *password; TALLOC_CTX *ctx = NULL; DOM_SID *domain_sid = NULL; - BOOL createupn = False; + bool createupn = False; const char *machineupn = NULL; const char *create_in_ou = NULL; int i; -- cgit From f88b7a076be74a29a3bf876b4e2705f4a1ecf42b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Oct 2007 14:16:54 -0700 Subject: This is a large patch (sorry). Migrate from struct in_addr to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd) --- source3/utils/net_ads.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index bfbcbbde49..81b13ba76e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -78,15 +78,17 @@ static const char *assume_own_realm(void) */ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) { + char addr[INET6_ADDRSTRLEN]; struct cldap_netlogon_reply reply; - if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap.ip), ads->server.realm, &reply ) ) { + print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); + if ( !ads_cldap_netlogon(addr, ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } d_printf("Information for Domain Controller: %s\n\n", - inet_ntoa(ads->ldap.ip)); + addr); d_printf("Response Type: "); switch (reply.type) { @@ -144,7 +146,6 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) return 0; } - /* this implements the CLDAP based netlogon lookup requests for finding the domain controller of a ADS domain @@ -171,6 +172,7 @@ static int net_ads_lookup(int argc, const char **argv) static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; + char addr[INET6_ADDRSTRLEN]; if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { d_fprintf(stderr, "Didn't find the ldap server!\n"); @@ -189,7 +191,9 @@ static int net_ads_info(int argc, const char **argv) d_fprintf( stderr, "Failed to get server's current time!\n"); } - d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap.ip)); + print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); + + d_printf("LDAP server: %s\n", addr); d_printf("LDAP server name: %s\n", ads->config.ldap_server_name); d_printf("Realm: %s\n", ads->config.realm); d_printf("Bind Path: %s\n", ads->config.bind_path); @@ -369,6 +373,7 @@ int net_ads_check(void) static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; + char addr[INET6_ADDRSTRLEN]; struct cldap_netlogon_reply reply; if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { @@ -381,7 +386,8 @@ static int net_ads_workgroup(int argc, const char **argv) ads->ldap.port = 389; } - if ( !ads_cldap_netlogon( inet_ntoa(ads->ldap.ip), ads->server.realm, &reply ) ) { + print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); + if ( !ads_cldap_netlogon(addr, ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } @@ -829,7 +835,7 @@ static int net_ads_leave(int argc, const char **argv) /* make RPC calls here */ - if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ip, + if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ss, ads->config.ldap_server_name)) ) { goto done; @@ -952,14 +958,14 @@ static NTSTATUS check_ads_config( void ) ********************************************************************/ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct in_addr *ip, char **domain, + struct sockaddr_storage *pss, char **domain, DOM_SID **dom_sid, const char *password) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; struct cli_state *cli = NULL; - ret = connect_to_ipc_krb5(&cli, ip, servername); + ret = connect_to_ipc_krb5(&cli, pss, servername); if ( !NT_STATUS_IS_OK(ret) ) { goto done; } @@ -1475,7 +1481,7 @@ int net_ads_join(int argc, const char **argv) const char *create_in_ou = NULL; int i; fstring dc_name; - struct in_addr dcip; + struct sockaddr_storage dcss; const char *os_name = NULL; const char *os_version = NULL; @@ -1487,7 +1493,7 @@ int net_ads_join(int argc, const char **argv) /* find a DC to initialize the server affinity cache */ - get_dc_name( lp_workgroup(), lp_realm(), dc_name, &dcip ); + get_dc_name( lp_workgroup(), lp_realm(), dc_name, &dcss ); status = ads_startup(True, &ads); if (!ADS_ERR_OK(status)) { @@ -1566,7 +1572,7 @@ int net_ads_join(int argc, const char **argv) password = talloc_strdup(ctx, tmp_password); nt_status = net_join_domain(ctx, ads->config.ldap_server_name, - &ads->ldap.ip, &short_domain_name, &domain_sid, password); + &ads->ldap.ss, &short_domain_name, &domain_sid, password); if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(1, ("call of net_join_domain failed: %s\n", get_friendly_nt_error_msg(nt_status))); @@ -1602,7 +1608,7 @@ int net_ads_join(int argc, const char **argv) /* Verify that everything is ok */ nt_status = net_rpc_join_ok(short_domain_name, - ads->config.ldap_server_name, &ads->ldap.ip); + ads->config.ldap_server_name, &ads->ldap.ss); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Failed to verify membership in domain: %s!\n", @@ -1929,7 +1935,7 @@ static int net_ads_printer_publish(int argc, const char **argv) const char *servername, *printername; struct cli_state *cli; struct rpc_pipe_client *pipe_hnd; - struct in_addr server_ip; + struct sockaddr_storage server_ss; NTSTATUS nt_status; TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); @@ -1957,10 +1963,10 @@ static int net_ads_printer_publish(int argc, const char **argv) /* Get printer data from SPOOLSS */ - resolve_name(servername, &server_ip, 0x20); + resolve_name(servername, &server_ss, 0x20); nt_status = cli_full_connection(&cli, global_myname(), servername, - &server_ip, 0, + &server_ss, 0, "IPC$", "IPC", opt_user_name, opt_workgroup, opt_password ? opt_password : "", -- cgit From 1011b32678c7b32472a909b9f515698947d2a389 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 25 Nov 2007 10:10:52 +0100 Subject: Remove some statics (This used to be commit 1fab16ffb888cd4ec18e52d9da33976a67a5d104) --- source3/utils/net_ads.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 81b13ba76e..ac8f794354 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -80,6 +80,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) { char addr[INET6_ADDRSTRLEN]; struct cldap_netlogon_reply reply; + struct GUID tmp_guid; print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); if ( !ads_cldap_netlogon(addr, ads->server.realm, &reply ) ) { @@ -102,8 +103,10 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("0x%x\n", reply.type); break; } - d_printf("GUID: %s\n", - smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + + smb_uuid_unpack(reply.guid, &tmp_guid); + d_printf("GUID: %s\n", smb_uuid_string(talloc_tos(), tmp_guid)); + d_printf("Flags:\n" "\tIs a PDC: %s\n" "\tIs a GC of the forest: %s\n" -- cgit From 4b9f336a62cd4992956a68c8a17764a3f768b3f1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 30 Nov 2007 18:47:25 +0100 Subject: Move param helper routines to one place. Guenther (This used to be commit 6bf2c8038c4bc7a52b7f260209ade0bdeb95c685) --- source3/utils/net_ads.c | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ac8f794354..d54b817d15 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1429,20 +1429,6 @@ static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) #endif -/******************************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static char* get_string_param( const char* param ) -{ - char *p; - - if ( (p = strchr( param, '=' )) == NULL ) - return NULL; - - return (p+1); -} - /******************************************************************* ********************************************************************/ -- cgit From de7fd585b11413113304334dd75ba6a207ec69eb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 4 Dec 2007 16:56:18 -0800 Subject: The usual !pstring... Jeremy. (This used to be commit b676262a781363e7be49b21817668a53cca75c2d) --- source3/utils/net_ads.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d54b817d15..37a02200f5 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1636,12 +1636,17 @@ int net_ads_join(int argc, const char **argv) } if ( createupn ) { - pstring upn; + char *upn; /* default to using the short UPN name */ - if ( !machineupn ) { - snprintf( upn, sizeof(upn), "host/%s@%s", global_myname(), - ads->config.realm ); + if (!machineupn ) { + upn = talloc_asprintf(ctx, + "host/%s@%s", global_myname(), + ads->config.realm ); + if (!upn) { + nt_status = NT_STATUS_NO_MEMORY; + goto fail; + } machineupn = upn; } -- cgit From 7faee02d0d351c5c039e8f1be7e82ce3a93cbe96 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Dec 2007 11:30:37 -0800 Subject: Remove the char[1024] strings from dynconfig. Replace them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05) --- source3/utils/net_ads.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 37a02200f5..141031dacb 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -943,7 +943,7 @@ static NTSTATUS check_ads_config( void ) if ( lp_security() == SEC_ADS && !*lp_realm()) { d_fprintf(stderr, "realm must be set in in %s for ADS " - "join to succeed.\n", dyn_CONFIGFILE); + "join to succeed.\n", get_dyn_CONFIGFILE()); return NT_STATUS_INVALID_PARAMETER; } @@ -1494,7 +1494,7 @@ int net_ads_join(int argc, const char **argv) if (strcmp(ads->config.realm, lp_realm()) != 0) { d_fprintf(stderr, "realm of remote server (%s) and realm in %s " "(%s) DO NOT match. Aborting join\n", - ads->config.realm, dyn_CONFIGFILE, lp_realm()); + ads->config.realm, get_dyn_CONFIGFILE(), lp_realm()); nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } @@ -1571,11 +1571,11 @@ int net_ads_join(int argc, const char **argv) /* Check the short name of the domain */ if ( !strequal(lp_workgroup(), short_domain_name) ) { - d_printf("The workgroup in %s does not match the short\n", dyn_CONFIGFILE); + d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); d_printf("domain name obtained from the server.\n"); d_printf("Using the name [%s] from the server.\n", short_domain_name); d_printf("You should set \"workgroup = %s\" in %s.\n", - short_domain_name, dyn_CONFIGFILE); + short_domain_name, get_dyn_CONFIGFILE()); } d_printf("Using short domain name -- %s\n", short_domain_name); -- cgit From 62c91987d902d4dfe27023ff2ec2fb73e602105b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 14:06:18 +0100 Subject: Use ads_get_upn() in net_derive_salting_principal(). Guenther (This used to be commit a3b348b113f248d2eccffd6073560619a97a2976) --- source3/utils/net_ads.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 141031dacb..310af82beb 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1255,7 +1255,6 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) ADS_STATUS status; fstring salt; char *std_salt; - LDAPMessage *res = NULL; const char *machine_name = global_myname(); status = ads_domain_func_level( ads, &domain_func ); @@ -1278,24 +1277,11 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { char *upn; - int count; - - status = ads_find_machine_acct(ads, &res, machine_name); - if (!ADS_ERR_OK(status)) { - return False; - } - if ( (count = ads_count_replies(ads, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return False; - } - - upn = ads_pull_string(ads, ctx, res, "userPrincipalName"); + upn = ads_get_upn(ads, ctx, machine_name); if ( upn ) { fstrcpy( salt, upn ); } - - ads_msgfree(ads, res); } return kerberos_secrets_store_des_salt( salt ); -- cgit From 83b1751615ef3892d44c7826228fbb3b0826d2b2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 10 Jan 2008 11:13:23 +0100 Subject: Remove unused string. Guenther (This used to be commit 88d6683872f4bb9c3074280f385f73c7af9de784) --- source3/utils/net_ads.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 310af82beb..80f6ba9001 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1446,7 +1446,6 @@ int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS status; NTSTATUS nt_status; - char *machine_account = NULL; char *short_domain_name = NULL; char *tmp_password, *password; TALLOC_CTX *ctx = NULL; @@ -1684,7 +1683,6 @@ int net_ads_join(int argc, const char **argv) d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); - SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); @@ -1694,7 +1692,6 @@ fail: /* issue an overall failure message at the end. */ d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status)); - SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); -- cgit From 2b144283300cee03e76f405d2739bc2a4cb021b8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 Jan 2008 22:38:16 +0100 Subject: Fix some warnings -- Jeremy, please check (This used to be commit b66ac8567c16f2c35fceceba2f858d5503620309) --- source3/utils/net_ads.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 80f6ba9001..0a9020bcfd 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1294,14 +1294,13 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) #if defined(WITH_DNS_UPDATES) #include "dns.h" DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, - const char *pszHostName, - const struct in_addr *iplist, int num_addrs ); - + const char *pszDomainName, const char *pszHostName, + const struct sockaddr_storage *sslist, + size_t num_addrs ); static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, const char *machine_name, - const struct in_addr *addrs, + const struct sockaddr_storage *addrs, int num_addrs) { struct dns_rr_ns *nameservers = NULL; @@ -1390,7 +1389,7 @@ done: static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) { int num_addrs; - struct in_addr *iplist = NULL; + struct sockaddr_storage *iplist = NULL; fstring machine_name; NTSTATUS status; -- cgit From c920764b1960f86482a24d4b4462664b07d4f1a9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 16:40:02 +0100 Subject: Apply const to rpccli_lsa_query_info_policy() and rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95) --- source3/utils/net_ads.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 0a9020bcfd..732ba8d8b6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -817,7 +817,7 @@ static int net_ads_leave(int argc, const char **argv) struct cli_state *cli = NULL; TALLOC_CTX *ctx; DOM_SID *dom_sid = NULL; - char *short_domain_name = NULL; + const char *short_domain_name = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -961,7 +961,8 @@ static NTSTATUS check_ads_config( void ) ********************************************************************/ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct sockaddr_storage *pss, char **domain, + struct sockaddr_storage *pss, + const char **domain, DOM_SID **dom_sid, const char *password) { @@ -1445,7 +1446,7 @@ int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS status; NTSTATUS nt_status; - char *short_domain_name = NULL; + const char *short_domain_name = NULL; char *tmp_password, *password; TALLOC_CTX *ctx = NULL; DOM_SID *domain_sid = NULL; -- cgit From 965774fa8f78a6b0f3306d356fd0d17a2a8943df Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sun, 17 Feb 2008 02:01:30 +0100 Subject: Fix some more callers of PAC_DATA. Guenther (This used to be commit ea609d1b0e82d7c366dd73013228003136264b64) --- source3/utils/net_ads.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 732ba8d8b6..fb644ba55e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2519,8 +2519,8 @@ static int net_ads_kerberos_renew(int argc, const char **argv) static int net_ads_kerberos_pac(int argc, const char **argv) { - PAC_DATA *pac = NULL; - PAC_LOGON_INFO *info = NULL; + struct PAC_DATA *pac = NULL; + struct PAC_LOGON_INFO *info = NULL; TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; int ret = -1; @@ -2551,7 +2551,9 @@ static int net_ads_kerberos_pac(int argc, const char **argv) info = get_logon_info_from_pac(pac); if (info) { - dump_pac_logon_info(0, info); + const char *s; + s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info); + d_printf("The Pac: %s\n", s); } ret = 0; -- cgit From c3ef76593b106e2c35c9c422cd9a216f0039ebf2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 10:52:37 +0100 Subject: Some cosmetics for net_derive_salting_principal(). Guenther (This used to be commit 6f8e83b43085c038bb8fb2500319fed1daf6e4e4) --- source3/utils/net_ads.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index fb644ba55e..199804f3aa 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1277,9 +1277,7 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) /* if it's a Windows functional domain, we have to look for the UPN */ if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { - char *upn; - - upn = ads_get_upn(ads, ctx, machine_name); + char *upn = ads_get_upn(ads, ctx, machine_name); if ( upn ) { fstrcpy( salt, upn ); } -- cgit From 42e301570b1d14e311b1db5f5afc59a4c6f89d17 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:55:36 +0100 Subject: Use libnet_Unjoin() for "net ads leave". Guenther (This used to be commit 11a19e88e208e09d7590370f2e68aa1df5c89e31) --- source3/utils/net_ads.c | 84 ++++++++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 47 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 199804f3aa..8cf76ecbb6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,6 +23,8 @@ #include "includes.h" #include "utils/net.h" +#include "libnet/libnet.h" + #ifdef HAVE_ADS int net_ads_usage(int argc, const char **argv) @@ -810,76 +812,64 @@ static int net_ads_status(int argc, const char **argv) static int net_ads_leave(int argc, const char **argv) { - ADS_STRUCT *ads = NULL; - ADS_STATUS adsret; - NTSTATUS status; - int ret = -1; - struct cli_state *cli = NULL; TALLOC_CTX *ctx; - DOM_SID *dom_sid = NULL; - const char *short_domain_name = NULL; - - if (!secrets_init()) { - DEBUG(1,("Failed to initialise secrets database\n")); - return -1; - } + struct libnet_UnjoinCtx *r = NULL; + WERROR werr; if (!(ctx = talloc_init("net_ads_leave"))) { d_fprintf(stderr, "Could not initialise talloc context.\n"); return -1; } - /* The finds a DC and takes care of getting the - user creds if necessary */ + use_in_memory_ccache(); - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + werr = libnet_init_UnjoinCtx(ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Could not initialise unjoin context.\n"); return -1; } - /* make RPC calls here */ + r->in.debug = opt_verbose; + r->in.dc_name = opt_host; + r->in.domain_name = lp_realm(); + r->in.admin_account = opt_user_name; + r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; - if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ss, - ads->config.ldap_server_name)) ) - { + werr = libnet_Unjoin(ctx, r); + if (!W_ERROR_IS_OK(werr)) { + d_printf("%s: %s\n", get_friendly_werror_msg(werr), + r->out.error_string ? r->out.error_string : ""); goto done; } - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) { + if (W_ERROR_IS_OK(werr)) { + d_printf("Deleted account for '%s' in realm '%s'\n", + r->in.machine_name, r->out.dns_domain_name); goto done; } - saf_delete( short_domain_name ); - - status = netdom_leave_domain(ctx, cli, dom_sid); - - /* Try and delete it via LDAP - the old way we used to. */ - - adsret = ads_leave_realm(ads, global_myname()); - if (ADS_ERR_OK(adsret)) { - d_printf("Deleted account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - ret = 0; - } else { - /* We couldn't delete it - see if the disable succeeded. */ - if (NT_STATUS_IS_OK(status)) { - d_printf("Disabled account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - ret = 0; - } else { - d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - } + /* We couldn't delete it - see if the disable succeeded. */ + if (r->out.disabled_machine_account) { + d_printf("Disabled account for '%s' in realm '%s'\n", + r->in.machine_name, r->out.dns_domain_name); + werr = WERR_OK; + goto done; } -done: + d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", + r->in.machine_name, r->out.dns_domain_name); - if ( cli ) - cli_shutdown(cli); + done: + TALLOC_FREE(r); + TALLOC_FREE(ctx); - ads_destroy(&ads); - TALLOC_FREE( ctx ); + if (W_ERROR_IS_OK(werr)) { + return 0; + } - return ret; + return -1; } static NTSTATUS net_ads_join_ok(void) -- cgit From bbe6d400e7bbc0089c8158a49a5d8d0b5717125f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 13:04:30 +0100 Subject: Re-arrange dns update block during "net ads join" a little. Guenther (This used to be commit 5d30e9f9fef98de7764ae53d3cbe659b78ae9fce) --- source3/utils/net_ads.c | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8cf76ecbb6..daddbfae73 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1645,34 +1645,36 @@ int net_ads_join(int argc, const char **argv) DEBUG(1,("Error creating host keytab!\n")); } -#if defined(WITH_DNS_UPDATES) - /* We enter this block with user creds */ + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); + ads_kdestroy( NULL ); ads_destroy(&ads); - ads = NULL; - if ( (ads = ads_init( lp_realm(), NULL, NULL )) != NULL ) { - /* kinit with the machine password */ +#if defined(WITH_DNS_UPDATES) + { + /* We enter this block with user creds */ + ADS_STRUCT *ads_dns = NULL; + + if ( (ads_dns = ads_init( lp_realm(), NULL, NULL )) != NULL ) { + /* kinit with the machine password */ + + use_in_memory_ccache(); + asprintf( &ads_dns->auth.user_name, "%s$", global_myname() ); + ads_dns->auth.password = secrets_fetch_machine_password( + lp_workgroup(), NULL, NULL ); + ads_dns->auth.realm = SMB_STRDUP( lp_realm() ); + ads_kinit_password( ads_dns ); + } - use_in_memory_ccache(); - asprintf( &ads->auth.user_name, "%s$", global_myname() ); - ads->auth.password = secrets_fetch_machine_password( - lp_workgroup(), NULL, NULL ); - ads->auth.realm = SMB_STRDUP( lp_realm() ); - ads_kinit_password( ads ); - } + if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns )) ) { + d_fprintf( stderr, "DNS update failed!\n" ); + } - if ( !ads || !NT_STATUS_IS_OK(net_update_dns( ctx, ads )) ) { - d_fprintf( stderr, "DNS update failed!\n" ); + /* exit from this block using machine creds */ + ads_destroy(&ads_dns); } - - /* exit from this block using machine creds */ #endif - - d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); - TALLOC_FREE( ctx ); - ads_destroy(&ads); return 0; -- cgit From 4d55efe4ab2fed0205d5ce7ffa111b89e0d04c73 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 14:08:32 +0100 Subject: Nicen error output in net_ads_leave. Guenther (This used to be commit b0d1db95e5d7590f9c67be7bf5cb78adfee16635) --- source3/utils/net_ads.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index daddbfae73..c69b816586 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -839,8 +839,9 @@ static int net_ads_leave(int argc, const char **argv) werr = libnet_Unjoin(ctx, r); if (!W_ERROR_IS_OK(werr)) { - d_printf("%s: %s\n", get_friendly_werror_msg(werr), - r->out.error_string ? r->out.error_string : ""); + d_printf("Failed to leave domain: %s\n", + r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); goto done; } -- cgit From e5775b4faed78e18353de8fb528615e29b44422d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 14:18:03 +0100 Subject: Use libnet_Join() for "net ads join". Guenther (This used to be commit 9a7a2777e4ea1a2b5d7c800af8522b38cf22c511) --- source3/utils/net_ads.c | 183 +++++++++--------------------------------------- 1 file changed, 33 insertions(+), 150 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c69b816586..b87920a20f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1432,19 +1432,15 @@ static int net_ads_join_usage(int argc, const char **argv) int net_ads_join(int argc, const char **argv) { - ADS_STRUCT *ads = NULL; - ADS_STATUS status; NTSTATUS nt_status; - const char *short_domain_name = NULL; - char *tmp_password, *password; TALLOC_CTX *ctx = NULL; - DOM_SID *domain_sid = NULL; + struct libnet_JoinCtx *r; + const char *domain = lp_realm(); + WERROR werr; bool createupn = False; const char *machineupn = NULL; const char *create_in_ou = NULL; int i; - fstring dc_name; - struct sockaddr_storage dcss; const char *os_name = NULL; const char *os_version = NULL; @@ -1454,22 +1450,11 @@ int net_ads_join(int argc, const char **argv) goto fail; } - /* find a DC to initialize the server affinity cache */ - - get_dc_name( lp_workgroup(), lp_realm(), dc_name, &dcss ); - - status = ads_startup(True, &ads); - if (!ADS_ERR_OK(status)) { - DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); - nt_status = ads_ntstatus(status); - goto fail; - } + use_in_memory_ccache(); - if (strcmp(ads->config.realm, lp_realm()) != 0) { - d_fprintf(stderr, "realm of remote server (%s) and realm in %s " - "(%s) DO NOT match. Aborting join\n", - ads->config.realm, get_dyn_CONFIGFILE(), lp_realm()); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = libnet_init_JoinCtx(ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + nt_status = werror_to_ntstatus(werr); goto fail; } @@ -1508,148 +1493,45 @@ int net_ads_join(int argc, const char **argv) } } else { - d_fprintf(stderr, "Bad option: %s\n", argv[i]); - nt_status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - } - - /* If we were given an OU, try to create the machine in - the OU account first and then do the normal RPC join */ - - if ( create_in_ou ) { - status = net_precreate_machine_acct( ads, create_in_ou ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf( stderr, "Failed to pre-create the machine object " - "in OU %s.\n", create_in_ou); - DEBUG(1, ("error calling net_precreate_machine_acct: %s\n", - ads_errstr(status))); - nt_status = ads_ntstatus(status); - goto fail; + domain = argv[i]; } } /* Do the domain join here */ - tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - password = talloc_strdup(ctx, tmp_password); + r->in.domain_name = domain; + r->in.create_upn = createupn; + r->in.upn = machineupn; + r->in.account_ou = create_in_ou; + r->in.os_name = os_name; + r->in.os_version = os_version; + r->in.dc_name = opt_host; + r->in.admin_account = opt_user_name; + r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.debug = opt_verbose; + r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | + WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; - nt_status = net_join_domain(ctx, ads->config.ldap_server_name, - &ads->ldap.ss, &short_domain_name, &domain_sid, password); - if ( !NT_STATUS_IS_OK(nt_status) ) { - DEBUG(1, ("call of net_join_domain failed: %s\n", - get_friendly_nt_error_msg(nt_status))); + werr = libnet_Join(ctx, r); + if (!W_ERROR_IS_OK(werr)) { goto fail; } /* Check the short name of the domain */ - if ( !strequal(lp_workgroup(), short_domain_name) ) { + if (!strequal(lp_workgroup(), r->out.netbios_domain_name)) { d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); d_printf("domain name obtained from the server.\n"); - d_printf("Using the name [%s] from the server.\n", short_domain_name); + d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); d_printf("You should set \"workgroup = %s\" in %s.\n", - short_domain_name, get_dyn_CONFIGFILE()); - } - - d_printf("Using short domain name -- %s\n", short_domain_name); - - /* HACK ALERT! Store the sid and password under both the lp_workgroup() - value from smb.conf and the string returned from the server. The former is - neede to bootstrap winbindd's first connection to the DC to get the real - short domain name --jerry */ - - if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1) - || (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) ) - { - /* issue an internal error here for now. - * everything else would mean changing tdb routines. */ - nt_status = NT_STATUS_INTERNAL_ERROR; - goto fail; - } - - /* Verify that everything is ok */ - - nt_status = net_rpc_join_ok(short_domain_name, - ads->config.ldap_server_name, &ads->ldap.ss); - if (!NT_STATUS_IS_OK(nt_status)) { - d_fprintf(stderr, - "Failed to verify membership in domain: %s!\n", - nt_errstr(nt_status)); - goto fail; + r->out.netbios_domain_name, get_dyn_CONFIGFILE()); } - /* create the dNSHostName & servicePrincipalName values */ + d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); - status = net_set_machine_spn( ctx, ads ); - if ( !ADS_ERR_OK(status) ) { - - d_fprintf(stderr, "Failed to set servicePrincipalNames. Please ensure that\n"); - d_fprintf(stderr, "the DNS domain of this server matches the AD domain,\n"); - d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n"); - - /* Disable the machine account in AD. Better to fail than to leave - a confused admin. */ - - if ( net_ads_leave( 0, NULL ) != 0 ) { - d_fprintf( stderr, "Failed to disable machine account in AD. Please do so manually.\n"); - } - - /* clear out the machine password */ - - netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); - netdom_store_machine_account( short_domain_name, domain_sid, "" ); - - nt_status = ads_ntstatus(status); - goto fail; - } - - if ( !net_derive_salting_principal( ctx, ads ) ) { - DEBUG(1,("Failed to determine salting principal\n")); - goto fail; - } - - if ( createupn ) { - char *upn; - - /* default to using the short UPN name */ - if (!machineupn ) { - upn = talloc_asprintf(ctx, - "host/%s@%s", global_myname(), - ads->config.realm ); - if (!upn) { - nt_status = NT_STATUS_NO_MEMORY; - goto fail; - } - machineupn = upn; - } - - status = net_set_machine_upn( ctx, ads, machineupn ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf(stderr, "Failed to set userPrincipalName. Are you a Domain Admin?\n"); - } - } - - /* Try to set the operatingSystem attributes if asked */ - - if ( os_name && os_version ) { - status = net_set_os_attributes( ctx, ads, os_name, os_version ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf(stderr, "Failed to set operatingSystem attributes. " - "Are you a Domain Admin?\n"); - } - } - - /* Now build the keytab, using the same ADS connection */ - - if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { - DEBUG(1,("Error creating host keytab!\n")); - } - - d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); - - ads_kdestroy( NULL ); - ads_destroy(&ads); + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); #if defined(WITH_DNS_UPDATES) { @@ -1675,16 +1557,17 @@ int net_ads_join(int argc, const char **argv) ads_destroy(&ads_dns); } #endif + TALLOC_FREE(r); TALLOC_FREE( ctx ); return 0; fail: /* issue an overall failure message at the end. */ - d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status)); - + d_printf("Failed to join domain: %s\n", + r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); TALLOC_FREE( ctx ); - ads_destroy(&ads); return -1; -- cgit From 642f46dcf9717c274bb93abc20cf19a8a757ecae Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 14:29:44 +0100 Subject: Some fixes for net ads join (uninitialized vars). Guenther (This used to be commit 735235e32bf41a7564ce2d585c1dae187b00bf6b) --- source3/utils/net_ads.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b87920a20f..345665d62e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1434,9 +1434,9 @@ int net_ads_join(int argc, const char **argv) { NTSTATUS nt_status; TALLOC_CTX *ctx = NULL; - struct libnet_JoinCtx *r; + struct libnet_JoinCtx *r = NULL; const char *domain = lp_realm(); - WERROR werr; + WERROR werr = WERR_SETUP_NOT_JOINED; bool createupn = False; const char *machineupn = NULL; const char *create_in_ou = NULL; @@ -1447,6 +1447,7 @@ int net_ads_join(int argc, const char **argv) nt_status = check_ads_config(); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); + werr = ntstatus_to_werror(nt_status); goto fail; } @@ -1454,13 +1455,12 @@ int net_ads_join(int argc, const char **argv) werr = libnet_init_JoinCtx(ctx, &r); if (!W_ERROR_IS_OK(werr)) { - nt_status = werror_to_ntstatus(werr); goto fail; } if (!(ctx = talloc_init("net_ads_join"))) { d_fprintf(stderr, "Could not initialise talloc context.\n"); - nt_status = NT_STATUS_NO_MEMORY; + werr = WERR_NOMEM; goto fail; } @@ -1474,21 +1474,21 @@ int net_ads_join(int argc, const char **argv) else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) { if ( (create_in_ou = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a valid OU path.\n"); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = WERR_INVALID_PARAM; goto fail; } } else if ( !StrnCaseCmp(argv[i], "osName", strlen("osName")) ) { if ( (os_name = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a operating system name.\n"); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = WERR_INVALID_PARAM; goto fail; } } else if ( !StrnCaseCmp(argv[i], "osVer", strlen("osVer")) ) { if ( (os_version = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a valid operating system version.\n"); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = WERR_INVALID_PARAM; goto fail; } } @@ -1565,12 +1565,11 @@ int net_ads_join(int argc, const char **argv) fail: /* issue an overall failure message at the end. */ d_printf("Failed to join domain: %s\n", - r->out.error_string ? r->out.error_string : + r && r->out.error_string ? r->out.error_string : get_friendly_werror_msg(werr)); TALLOC_FREE( ctx ); return -1; - } /******************************************************************* -- cgit From 27310f0768f734f68f4c48d6b2c2cc441a0a434c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 19:54:35 +0100 Subject: Remove original copy of now redundant join code. Jerry, I checked this very carefully that nothing got lost. The only thing I need to re-add still is the normalized DN handling for account precreation in "net ads join". Guenther (This used to be commit a5c6347644f2aa138a8e67ffe6c167847df941d0) --- source3/utils/net_ads.c | 330 ------------------------------------------------ 1 file changed, 330 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 345665d62e..9358a4f184 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -947,336 +947,6 @@ static NTSTATUS check_ads_config( void ) return NT_STATUS_OK; } -/******************************************************************* - Do the domain join - ********************************************************************/ - -static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct sockaddr_storage *pss, - const char **domain, - DOM_SID **dom_sid, - const char *password) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct cli_state *cli = NULL; - - ret = connect_to_ipc_krb5(&cli, pss, servername); - if ( !NT_STATUS_IS_OK(ret) ) { - goto done; - } - - ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid ); - if ( !NT_STATUS_IS_OK(ret) ) { - goto done; - } - - /* cli->server_domain is not filled in when using krb5 - session setups */ - - saf_store( *domain, cli->desthost ); - - ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD ); - -done: - if ( cli ) - cli_shutdown(cli); - - return ret; -} - -/******************************************************************* - Set a machines dNSHostName and servicePrincipalName attributes - ********************************************************************/ - -static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) -{ - ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *new_dn; - ADS_MODLIST mods; - const char *servicePrincipalName[3] = {NULL, NULL, NULL}; - char *psp; - fstring my_fqdn; - LDAPMessage *res = NULL; - char *dn_string = NULL; - const char *machine_name = global_myname(); - int count; - - if ( !machine_name ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Find our DN */ - - status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) - return status; - - if ( (count = ads_count_replies(ads_s, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); - } - - if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { - DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); - goto done; - } - - new_dn = talloc_strdup(ctx, dn_string); - ads_memfree(ads_s, dn_string); - if (!new_dn) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Windows only creates HOST/shortname & HOST/fqdn. */ - - if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) ) - goto done; - strupper_m(psp); - servicePrincipalName[0] = psp; - - name_to_fqdn(my_fqdn, machine_name); - strlower_m(my_fqdn); - if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) ) - goto done; - servicePrincipalName[1] = psp; - - if (!(mods = ads_init_mods(ctx))) { - goto done; - } - - /* fields of primary importance */ - - ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); - ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); - - status = ads_gen_mod(ads_s, new_dn, mods); - -done: - ads_msgfree(ads_s, res); - - return status; -} - -/******************************************************************* - Set a machines dNSHostName and servicePrincipalName attributes - ********************************************************************/ - -static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *upn ) -{ - ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *new_dn; - ADS_MODLIST mods; - LDAPMessage *res = NULL; - char *dn_string = NULL; - const char *machine_name = global_myname(); - int count; - - if ( !machine_name ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Find our DN */ - - status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) - return status; - - if ( (count = ads_count_replies(ads_s, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); - } - - if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { - DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); - goto done; - } - - new_dn = talloc_strdup(ctx, dn_string); - ads_memfree(ads_s, dn_string); - if (!new_dn) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* now do the mods */ - - if (!(mods = ads_init_mods(ctx))) { - goto done; - } - - /* fields of primary importance */ - - ads_mod_str(ctx, &mods, "userPrincipalName", upn); - - status = ads_gen_mod(ads_s, new_dn, mods); - -done: - ads_msgfree(ads_s, res); - - return status; -} - -/******************************************************************* - Set a machines dNSHostName and servicePrincipalName attributes - ********************************************************************/ - -static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, - const char *os_name, const char *os_version ) -{ - ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *new_dn; - ADS_MODLIST mods; - LDAPMessage *res = NULL; - char *dn_string = NULL; - const char *machine_name = global_myname(); - int count; - char *os_sp = NULL; - - if ( !os_name || !os_version ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Find our DN */ - - status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) - return status; - - if ( (count = ads_count_replies(ads_s, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); - } - - if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { - DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); - goto done; - } - - new_dn = talloc_strdup(ctx, dn_string); - ads_memfree(ads_s, dn_string); - if (!new_dn) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* now do the mods */ - - if (!(mods = ads_init_mods(ctx))) { - goto done; - } - - os_sp = talloc_asprintf( ctx, "Samba %s", SAMBA_VERSION_STRING ); - - /* fields of primary importance */ - - ads_mod_str(ctx, &mods, "operatingSystem", os_name); - ads_mod_str(ctx, &mods, "operatingSystemVersion", os_version); - if ( os_sp ) - ads_mod_str(ctx, &mods, "operatingSystemServicePack", os_sp); - - status = ads_gen_mod(ads_s, new_dn, mods); - -done: - ads_msgfree(ads_s, res); - TALLOC_FREE( os_sp ); - - return status; -} - -/******************************************************************* - join a domain using ADS (LDAP mods) - ********************************************************************/ - -static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) -{ - ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); - char *ou_str = NULL; - char *dn = NULL; - LDAPMessage *res = NULL; - bool moved; - - ou_str = ads_ou_string(ads, ou); - if (asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path) == -1) { - rc = ADS_ERROR(LDAP_NO_MEMORY); - goto done; - } - - rc = ads_search_dn(ads, &res, dn, NULL); - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "The specified OU does not exist.\n"); - goto done; - } - - /* Attempt to create the machine account and bail if this fails. - Assume that the admin wants exactly what they requested */ - - rc = ads_create_machine_acct( ads, global_myname(), dn ); - if (ADS_ERR_OK(rc)) { - DEBUG(1, ("machine account created\n")); - goto done; - } - if ( !(rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS) ) { - DEBUG(1, ("machine account creation failed\n")); - goto done; - } - - rc = ads_move_machine_acct(ads, global_myname(), dn, &moved); - if (!ADS_ERR_OK(rc)) { - DEBUG(1, ("failure to locate/move pre-existing machine account\n")); - goto done; - } - - if (moved) { - d_printf("The machine account was moved into the specified OU.\n"); - } else { - d_printf("The machine account already exists in the specified OU.\n"); - } - -done: - ads_msgfree(ads, res); - SAFE_FREE( ou_str ); - SAFE_FREE( dn ); - - return rc; -} - -/************************************************************************ - ************************************************************************/ - -static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) -{ - uint32 domain_func; - ADS_STATUS status; - fstring salt; - char *std_salt; - const char *machine_name = global_myname(); - - status = ads_domain_func_level( ads, &domain_func ); - if ( !ADS_ERR_OK(status) ) { - DEBUG(2,("Failed to determine domain functional level!\n")); - return False; - } - - /* go ahead and setup the default salt */ - - if ( (std_salt = kerberos_standard_des_salt()) == NULL ) { - d_fprintf(stderr, "net_derive_salting_principal: failed to obtain stanard DES salt\n"); - return False; - } - - fstrcpy( salt, std_salt ); - SAFE_FREE( std_salt ); - - /* if it's a Windows functional domain, we have to look for the UPN */ - - if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { - char *upn = ads_get_upn(ads, ctx, machine_name); - if ( upn ) { - fstrcpy( salt, upn ); - } - } - - return kerberos_secrets_store_des_salt( salt ); -} - /******************************************************************* Send a DNS update request *******************************************************************/ -- cgit From f7b4485fbeabe40b73dd066f6b643a7a5ffee5cd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Mar 2008 11:04:36 +0100 Subject: Move talloc_init to the right place in "net ads join". Guenther (This used to be commit 8cd07c1fa8f435f7ff3dc79c195da9324fb2452f) --- source3/utils/net_ads.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9358a4f184..46e0a2591b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1121,6 +1121,12 @@ int net_ads_join(int argc, const char **argv) goto fail; } + if (!(ctx = talloc_init("net_ads_join"))) { + d_fprintf(stderr, "Could not initialise talloc context.\n"); + werr = WERR_NOMEM; + goto fail; + } + use_in_memory_ccache(); werr = libnet_init_JoinCtx(ctx, &r); @@ -1128,12 +1134,6 @@ int net_ads_join(int argc, const char **argv) goto fail; } - if (!(ctx = talloc_init("net_ads_join"))) { - d_fprintf(stderr, "Could not initialise talloc context.\n"); - werr = WERR_NOMEM; - goto fail; - } - /* process additional command line args */ for ( i=0; i Date: Fri, 7 Mar 2008 18:18:35 +0100 Subject: Enable libnetjoin debugging for now but avoid printing passwords. The gen_ndr needs proper fixing still. Guenther (This used to be commit 966d7244d7765d285a7026b97e6093fd1f8d83ce) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 46e0a2591b..e9750db83a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -829,7 +829,7 @@ static int net_ads_leave(int argc, const char **argv) return -1; } - r->in.debug = opt_verbose; + r->in.debug = true; r->in.dc_name = opt_host; r->in.domain_name = lp_realm(); r->in.admin_account = opt_user_name; @@ -1178,7 +1178,7 @@ int net_ads_join(int argc, const char **argv) r->in.dc_name = opt_host; r->in.admin_account = opt_user_name; r->in.admin_password = net_prompt_pass(opt_user_name); - r->in.debug = opt_verbose; + r->in.debug = true; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; -- cgit From 7af3ebdac05fbc99d03f89a21868311cc247d8a2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Mar 2008 17:53:05 +0100 Subject: Fix Coverity ID 480 (This used to be commit 45677e8694f0e383baa65712faec6a565ec0ce5c) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e9750db83a..28ae7d7ced 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1679,7 +1679,7 @@ static int net_ads_password(int argc, const char **argv) fill in the KDC's addresss */ ads_connect(ads); - if (!ads || !ads->config.realm) { + if (!ads->config.realm) { d_fprintf(stderr, "Didn't find the kerberos server!\n"); return -1; } -- cgit From fffb304fecdd26fd4410fc077afd43ff927407e8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 15:47:30 +0200 Subject: net: the success of secrets_init is checked by libnetjoin now. Guenther (This used to be commit 0a6a5d082426ca82accf18fffa7740683a42cac1) --- source3/utils/net_ads.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 28ae7d7ced..9c8d1fbb1f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -938,12 +938,6 @@ static NTSTATUS check_ads_config( void ) return NT_STATUS_INVALID_PARAMETER; } - if (!secrets_init()) { - DEBUG(1,("Failed to initialise secrets database\n")); - /* This is a good bet for failure of secrets_init ... */ - return NT_STATUS_ACCESS_DENIED; - } - return NT_STATUS_OK; } -- cgit From bc65d9678274d5d1c2f0179955c6d2cfdf20c752 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 16:13:52 +0200 Subject: net: use WERROR for check_ads_config(). Guenther (This used to be commit 9176057986be63c7ebebb56f7daabbc3883802c5) --- source3/utils/net_ads.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 9c8d1fbb1f..a6712b7172 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -918,27 +918,27 @@ int net_ads_testjoin(int argc, const char **argv) Simple configu checks before beginning the join ********************************************************************/ -static NTSTATUS check_ads_config( void ) +static WERROR check_ads_config( void ) { if (lp_server_role() != ROLE_DOMAIN_MEMBER ) { d_printf("Host is not configured as a member server.\n"); - return NT_STATUS_INVALID_DOMAIN_ROLE; + return WERR_INVALID_DOMAIN_ROLE; } if (strlen(global_myname()) > 15) { d_printf("Our netbios name can be at most 15 chars long, " "\"%s\" is %u chars long\n", global_myname(), (unsigned int)strlen(global_myname())); - return NT_STATUS_NAME_TOO_LONG; + return WERR_INVALID_COMPUTER_NAME; } if ( lp_security() == SEC_ADS && !*lp_realm()) { d_fprintf(stderr, "realm must be set in in %s for ADS " "join to succeed.\n", get_dyn_CONFIGFILE()); - return NT_STATUS_INVALID_PARAMETER; + return WERR_INVALID_PARAM; } - return NT_STATUS_OK; + return WERR_OK; } /******************************************************************* @@ -1096,7 +1096,6 @@ static int net_ads_join_usage(int argc, const char **argv) int net_ads_join(int argc, const char **argv) { - NTSTATUS nt_status; TALLOC_CTX *ctx = NULL; struct libnet_JoinCtx *r = NULL; const char *domain = lp_realm(); @@ -1108,10 +1107,9 @@ int net_ads_join(int argc, const char **argv) const char *os_name = NULL; const char *os_version = NULL; - nt_status = check_ads_config(); - if (!NT_STATUS_IS_OK(nt_status)) { + werr = check_ads_config(); + if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); - werr = ntstatus_to_werror(nt_status); goto fail; } -- cgit From 113b94faf165994e694c8713d43b990d729b5129 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 16:16:25 +0200 Subject: net: exit early in net_ads_join() if the domain is not set. Guenther (This used to be commit 8331fbe735e2bec386ab8fc1645dc371d45d3063) --- source3/utils/net_ads.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a6712b7172..b4814521aa 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1159,6 +1159,12 @@ int net_ads_join(int argc, const char **argv) } } + if (!*domain) { + d_fprintf(stderr, "Please supply a valid domain name\n"); + werr = WERR_INVALID_PARAM; + goto fail; + } + /* Do the domain join here */ r->in.domain_name = domain; -- cgit From 4122dabbf9ffce5b2353a25e16794e9d6d38228d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 22:58:38 +0200 Subject: net: abort when lp_realm is not set in net_ads_leave(). Guenther (This used to be commit 53735edcbb059e73c51ae17d4ff75d2a4dee53e5) --- source3/utils/net_ads.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b4814521aa..50e5b3752b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -816,6 +816,11 @@ static int net_ads_leave(int argc, const char **argv) struct libnet_UnjoinCtx *r = NULL; WERROR werr; + if (!*lp_realm()) { + d_fprintf(stderr, "No realm set, are we joined ?\n"); + return -1; + } + if (!(ctx = talloc_init("net_ads_leave"))) { d_fprintf(stderr, "Could not initialise talloc context.\n"); return -1; -- cgit From ae1e1085a1c6e2a3f1a2821cd22a6caed63d3b05 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 23:07:55 +0200 Subject: libnetjoin/net: Fix lp_config_backend_is_registry() handling. Thanks obnox, now we can net ads join and net ads leave with zero configuration changes if "config backend = registry". Guenther (This used to be commit 9003881773de787a51ceadcdc2cb1e95f6979763) --- source3/utils/net_ads.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 50e5b3752b..88051ec4a1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -839,6 +839,7 @@ static int net_ads_leave(int argc, const char **argv) r->in.domain_name = lp_realm(); r->in.admin_account = opt_user_name; r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.modify_config = lp_config_backend_is_registry(); r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; @@ -1111,11 +1112,15 @@ int net_ads_join(int argc, const char **argv) int i; const char *os_name = NULL; const char *os_version = NULL; + bool modify_config = lp_config_backend_is_registry(); - werr = check_ads_config(); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Invalid configuration. Exiting....\n"); - goto fail; + if (!modify_config) { + + werr = check_ads_config(); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Invalid configuration. Exiting....\n"); + goto fail; + } } if (!(ctx = talloc_init("net_ads_join"))) { @@ -1182,6 +1187,7 @@ int net_ads_join(int argc, const char **argv) r->in.admin_account = opt_user_name; r->in.admin_password = net_prompt_pass(opt_user_name); r->in.debug = true; + r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; @@ -1217,8 +1223,8 @@ int net_ads_join(int argc, const char **argv) use_in_memory_ccache(); asprintf( &ads_dns->auth.user_name, "%s$", global_myname() ); ads_dns->auth.password = secrets_fetch_machine_password( - lp_workgroup(), NULL, NULL ); - ads_dns->auth.realm = SMB_STRDUP( lp_realm() ); + r->out.netbios_domain_name, NULL, NULL ); + ads_dns->auth.realm = SMB_STRDUP( r->out.dns_domain_name ); ads_kinit_password( ads_dns ); } -- cgit From 6f4b7fcf9777aa72ad587b8664b078c5dcb8d11f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 17 Apr 2008 00:06:00 +0200 Subject: net: Be more tolerant while joining. Guenther (This used to be commit 70b7b331d9e2d915e6209fca5900f41fae4866fd) --- source3/utils/net_ads.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 88051ec4a1..c8bfc2630c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1199,7 +1199,7 @@ int net_ads_join(int argc, const char **argv) /* Check the short name of the domain */ - if (!strequal(lp_workgroup(), r->out.netbios_domain_name)) { + if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) { d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); d_printf("domain name obtained from the server.\n"); d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); @@ -1209,11 +1209,16 @@ int net_ads_join(int argc, const char **argv) d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); - d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, - r->out.dns_domain_name); + if (r->out.dns_domain_name) { + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); + } else { + d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, + r->out.netbios_domain_name); + } #if defined(WITH_DNS_UPDATES) - { + if (r->out.domain_is_ad) { /* We enter this block with user creds */ ADS_STRUCT *ads_dns = NULL; -- cgit From ba98dd4989db16028a2690d382ab178524ce765b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 21 Apr 2008 19:26:32 +0200 Subject: libads: Use libnbt for CLDAP reply parsing. Guenther (This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70) --- source3/utils/net_ads.c | 45 +++++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 24 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c8bfc2630c..af55430fac 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -81,8 +81,7 @@ static const char *assume_own_realm(void) static int net_ads_cldap_netlogon(ADS_STRUCT *ads) { char addr[INET6_ADDRSTRLEN]; - struct cldap_netlogon_reply reply; - struct GUID tmp_guid; + struct nbt_cldap_netlogon_5 reply; print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); if ( !ads_cldap_netlogon(addr, ads->server.realm, &reply ) ) { @@ -106,8 +105,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) break; } - smb_uuid_unpack(reply.guid, &tmp_guid); - d_printf("GUID: %s\n", smb_uuid_string(talloc_tos(), tmp_guid)); + d_printf("GUID: %s\n", smb_uuid_string(talloc_tos(), reply.domain_uuid)); d_printf("Flags:\n" "\tIs a PDC: %s\n" @@ -120,31 +118,30 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) "\tIs writable: %s\n" "\tHas a hardware clock: %s\n" "\tIs a non-domain NC serviced by LDAP server: %s\n", - (reply.flags & ADS_PDC) ? "yes" : "no", - (reply.flags & ADS_GC) ? "yes" : "no", - (reply.flags & ADS_LDAP) ? "yes" : "no", - (reply.flags & ADS_DS) ? "yes" : "no", - (reply.flags & ADS_KDC) ? "yes" : "no", - (reply.flags & ADS_TIMESERV) ? "yes" : "no", - (reply.flags & ADS_CLOSEST) ? "yes" : "no", - (reply.flags & ADS_WRITABLE) ? "yes" : "no", - (reply.flags & ADS_GOOD_TIMESERV) ? "yes" : "no", - (reply.flags & ADS_NDNC) ? "yes" : "no"); + (reply.server_type & ADS_PDC) ? "yes" : "no", + (reply.server_type & ADS_GC) ? "yes" : "no", + (reply.server_type & ADS_LDAP) ? "yes" : "no", + (reply.server_type & ADS_DS) ? "yes" : "no", + (reply.server_type & ADS_KDC) ? "yes" : "no", + (reply.server_type & ADS_TIMESERV) ? "yes" : "no", + (reply.server_type & ADS_CLOSEST) ? "yes" : "no", + (reply.server_type & ADS_WRITABLE) ? "yes" : "no", + (reply.server_type & ADS_GOOD_TIMESERV) ? "yes" : "no", + (reply.server_type & ADS_NDNC) ? "yes" : "no"); printf("Forest:\t\t\t%s\n", reply.forest); - printf("Domain:\t\t\t%s\n", reply.domain); - printf("Domain Controller:\t%s\n", reply.hostname); + printf("Domain:\t\t\t%s\n", reply.dns_domain); + printf("Domain Controller:\t%s\n", reply.pdc_dns_name); - printf("Pre-Win2k Domain:\t%s\n", reply.netbios_domain); - printf("Pre-Win2k Hostname:\t%s\n", reply.netbios_hostname); + printf("Pre-Win2k Domain:\t%s\n", reply.domain); + printf("Pre-Win2k Hostname:\t%s\n", reply.pdc_name); - if (*reply.unk) printf("Unk:\t\t\t%s\n", reply.unk); if (*reply.user_name) printf("User name:\t%s\n", reply.user_name); - printf("Server Site Name :\t\t%s\n", reply.server_site_name); - printf("Client Site Name :\t\t%s\n", reply.client_site_name); + printf("Server Site Name :\t\t%s\n", reply.server_site); + printf("Client Site Name :\t\t%s\n", reply.client_site); - d_printf("NT Version: %d\n", reply.version); + d_printf("NT Version: %d\n", reply.nt_version); d_printf("LMNT Token: %.2x\n", reply.lmnt_token); d_printf("LM20 Token: %.2x\n", reply.lm20_token); @@ -379,7 +376,7 @@ static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; char addr[INET6_ADDRSTRLEN]; - struct cldap_netlogon_reply reply; + struct nbt_cldap_netlogon_5 reply; if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); @@ -397,7 +394,7 @@ static int net_ads_workgroup(int argc, const char **argv) return -1; } - d_printf("Workgroup: %s\n", reply.netbios_domain); + d_printf("Workgroup: %s\n", reply.domain); ads_destroy(&ads); -- cgit From 1dd7ab38e7f7b5dae46cef4567957c71d6b5cc23 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 21 Apr 2008 19:47:13 +0200 Subject: cldap: add talloc context to ads_cldap_netlogon(). Guenther (This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index af55430fac..dbdd3e3c59 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -84,7 +84,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) struct nbt_cldap_netlogon_5 reply; print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - if ( !ads_cldap_netlogon(addr, ads->server.realm, &reply ) ) { + if ( !ads_cldap_netlogon(talloc_tos(), addr, ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } @@ -389,7 +389,7 @@ static int net_ads_workgroup(int argc, const char **argv) } print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - if ( !ads_cldap_netlogon(addr, ads->server.realm, &reply ) ) { + if ( !ads_cldap_netlogon(talloc_tos(), addr, ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } -- cgit From bcbac69d1a38e128ffe8b763ac027d6eab33dcec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 21 Apr 2008 19:59:27 +0200 Subject: cldap: avoid duplicate definitions so remove ads_cldap.h. Guenther (This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199) --- source3/utils/net_ads.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index dbdd3e3c59..3df9e2cff0 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -118,16 +118,16 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) "\tIs writable: %s\n" "\tHas a hardware clock: %s\n" "\tIs a non-domain NC serviced by LDAP server: %s\n", - (reply.server_type & ADS_PDC) ? "yes" : "no", - (reply.server_type & ADS_GC) ? "yes" : "no", - (reply.server_type & ADS_LDAP) ? "yes" : "no", - (reply.server_type & ADS_DS) ? "yes" : "no", - (reply.server_type & ADS_KDC) ? "yes" : "no", - (reply.server_type & ADS_TIMESERV) ? "yes" : "no", - (reply.server_type & ADS_CLOSEST) ? "yes" : "no", - (reply.server_type & ADS_WRITABLE) ? "yes" : "no", - (reply.server_type & ADS_GOOD_TIMESERV) ? "yes" : "no", - (reply.server_type & ADS_NDNC) ? "yes" : "no"); + (reply.server_type & NBT_SERVER_PDC) ? "yes" : "no", + (reply.server_type & NBT_SERVER_GC) ? "yes" : "no", + (reply.server_type & NBT_SERVER_LDAP) ? "yes" : "no", + (reply.server_type & NBT_SERVER_DS) ? "yes" : "no", + (reply.server_type & NBT_SERVER_KDC) ? "yes" : "no", + (reply.server_type & NBT_SERVER_TIMESERV) ? "yes" : "no", + (reply.server_type & NBT_SERVER_CLOSEST) ? "yes" : "no", + (reply.server_type & NBT_SERVER_WRITABLE) ? "yes" : "no", + (reply.server_type & NBT_SERVER_GOOD_TIMESERV) ? "yes" : "no", + (reply.server_type & DS_SERVER_NDNC) ? "yes" : "no"); printf("Forest:\t\t\t%s\n", reply.forest); printf("Domain:\t\t\t%s\n", reply.dns_domain); -- cgit From cdd9913c4a7d254ab3ef677737493f9f540272c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 7 May 2008 15:49:09 +0200 Subject: cldap: let ads_cldap_netlogon() return all possible cldap replies. Guenther (This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3df9e2cff0..bf34880177 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -84,7 +84,7 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) struct nbt_cldap_netlogon_5 reply; print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - if ( !ads_cldap_netlogon(talloc_tos(), addr, ads->server.realm, &reply ) ) { + if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } @@ -389,7 +389,7 @@ static int net_ads_workgroup(int argc, const char **argv) } print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - if ( !ads_cldap_netlogon(talloc_tos(), addr, ads->server.realm, &reply ) ) { + if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) { d_fprintf(stderr, "CLDAP query failed!\n"); return -1; } -- cgit From f5769109447d8da0f09b102d444a816ad97a00dc Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 9 May 2008 23:22:12 +0200 Subject: net: Remove globals (This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e) --- source3/utils/net_ads.c | 351 ++++++++++++++++++++++++------------------------ 1 file changed, 176 insertions(+), 175 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index bf34880177..5b84eb5522 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -27,7 +27,7 @@ #ifdef HAVE_ADS -int net_ads_usage(int argc, const char **argv) +int net_ads_usage(struct net_context *c, int argc, const char **argv) { d_printf("join [createupn[=principal]] [createcomputer=]\n"); d_printf(" Join the local machine to a ADS realm\n"); @@ -66,9 +66,9 @@ int net_ads_usage(int argc, const char **argv) /* when we do not have sufficient input parameters to contact a remote domain * we always fall back to our own realm - Guenther*/ -static const char *assume_own_realm(void) +static const char *assume_own_realm(struct net_context *c) { - if (!opt_host && strequal(lp_workgroup(), opt_target_workgroup)) { + if (!c->opt_host && strequal(lp_workgroup(), c->opt_target_workgroup)) { return lp_realm(); } @@ -78,7 +78,7 @@ static const char *assume_own_realm(void) /* do a cldap netlogon query */ -static int net_ads_cldap_netlogon(ADS_STRUCT *ads) +static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads) { char addr[INET6_ADDRSTRLEN]; struct nbt_cldap_netlogon_5 reply; @@ -152,31 +152,31 @@ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) this implements the CLDAP based netlogon lookup requests for finding the domain controller of a ADS domain */ -static int net_ads_lookup(int argc, const char **argv) +static int net_ads_lookup(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; - if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { + if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { - ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); + ads->config.realm = CONST_DISCARD(char *, c->opt_target_workgroup); ads->ldap.port = 389; } - return net_ads_cldap_netlogon(ads); + return net_ads_cldap_netlogon(c, ads); } -static int net_ads_info(int argc, const char **argv) +static int net_ads_info(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; char addr[INET6_ADDRSTRLEN]; - if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { + if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) { d_fprintf(stderr, "Didn't find the ldap server!\n"); return -1; } @@ -214,7 +214,8 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1); } -static ADS_STATUS ads_startup_int(bool only_own_domain, uint32 auth_flags, ADS_STRUCT **ads_ret) +static ADS_STATUS ads_startup_int(struct net_context *c, bool only_own_domain, + uint32 auth_flags, ADS_STRUCT **ads_ret) { ADS_STRUCT *ads = NULL; ADS_STATUS status; @@ -235,37 +236,37 @@ retry_connect: if (only_own_domain) { realm = lp_realm(); } else { - realm = assume_own_realm(); + realm = assume_own_realm(c); } - ads = ads_init(realm, opt_target_workgroup, opt_host); + ads = ads_init(realm, c->opt_target_workgroup, c->opt_host); - if (!opt_user_name) { - opt_user_name = "administrator"; + if (!c->opt_user_name) { + c->opt_user_name = "administrator"; } - if (opt_user_specified) { + if (c->opt_user_specified) { need_password = True; } retry: - if (!opt_password && need_password && !opt_machine_pass) { - opt_password = net_prompt_pass(opt_user_name); - if (!opt_password) { + if (!c->opt_password && need_password && !c->opt_machine_pass) { + c->opt_password = net_prompt_pass(c, c->opt_user_name); + if (!c->opt_password) { ads_destroy(&ads); return ADS_ERROR(LDAP_NO_MEMORY); } } - if (opt_password) { + if (c->opt_password) { use_in_memory_ccache(); SAFE_FREE(ads->auth.password); - ads->auth.password = smb_xstrdup(opt_password); + ads->auth.password = smb_xstrdup(c->opt_password); } ads->auth.flags |= auth_flags; SAFE_FREE(ads->auth.user_name); - ads->auth.user_name = smb_xstrdup(opt_user_name); + ads->auth.user_name = smb_xstrdup(c->opt_user_name); /* * If the username is of the form "name@realm", @@ -304,7 +305,7 @@ retry: * This is done by reconnecting to ADS because only the first call to * ads_connect will give us our own sitename */ - if ((only_own_domain || !opt_host) && !tried_closest_dc) { + if ((only_own_domain || !c->opt_host) && !tried_closest_dc) { tried_closest_dc = True; /* avoid loop */ @@ -324,14 +325,14 @@ retry: return status; } -ADS_STATUS ads_startup(bool only_own_domain, ADS_STRUCT **ads) +ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads) { - return ads_startup_int(only_own_domain, 0, ads); + return ads_startup_int(c, only_own_domain, 0, ads); } -ADS_STATUS ads_startup_nobind(bool only_own_domain, ADS_STRUCT **ads) +ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads) { - return ads_startup_int(only_own_domain, ADS_AUTH_NO_BIND, ads); + return ads_startup_int(c, only_own_domain, ADS_AUTH_NO_BIND, ads); } /* @@ -359,32 +360,32 @@ static int net_ads_check_int(const char *realm, const char *workgroup, const cha return 0; } -int net_ads_check_our_domain(void) +int net_ads_check_our_domain(struct net_context *c) { return net_ads_check_int(lp_realm(), lp_workgroup(), NULL); } -int net_ads_check(void) +int net_ads_check(struct net_context *c) { - return net_ads_check_int(NULL, opt_workgroup, opt_host); + return net_ads_check_int(NULL, c->opt_workgroup, c->opt_host); } /* determine the netbios workgroup name for a domain */ -static int net_ads_workgroup(int argc, const char **argv) +static int net_ads_workgroup(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; char addr[INET6_ADDRSTRLEN]; struct nbt_cldap_netlogon_5 reply; - if (!ADS_ERR_OK(ads_startup_nobind(False, &ads))) { + if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; } if (!ads->config.realm) { - ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); + ads->config.realm = CONST_DISCARD(char *, c->opt_target_workgroup); ads->ldap.port = 389; } @@ -431,12 +432,12 @@ static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *d return True; } -static int net_ads_user_usage(int argc, const char **argv) +static int net_ads_user_usage(struct net_context *c, int argc, const char **argv) { - return net_help_user(argc, argv); + return net_help_user(c, argc, argv); } -static int ads_user_add(int argc, const char **argv) +static int ads_user_add(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; @@ -445,9 +446,9 @@ static int ads_user_add(int argc, const char **argv) int rc = -1; char *ou_str = NULL; - if (argc < 1) return net_ads_user_usage(argc, argv); + if (argc < 1) return net_ads_user_usage(c, argc, argv); - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -463,13 +464,13 @@ static int ads_user_add(int argc, const char **argv) goto done; } - if (opt_container) { - ou_str = SMB_STRDUP(opt_container); + if (c->opt_container) { + ou_str = SMB_STRDUP(c->opt_container); } else { ou_str = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); } - status = ads_add_user_acct(ads, argv[0], ou_str, opt_comment); + status = ads_add_user_acct(ads, argv[0], ou_str, c->opt_comment); if (!ADS_ERR_OK(status)) { d_fprintf(stderr, "Could not add user %s: %s\n", argv[0], @@ -514,7 +515,7 @@ static int ads_user_add(int argc, const char **argv) return rc; } -static int ads_user_info(int argc, const char **argv) +static int ads_user_info(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -525,7 +526,7 @@ static int ads_user_info(int argc, const char **argv) char *escaped_user; if (argc < 1) { - return net_ads_user_usage(argc, argv); + return net_ads_user_usage(c, argc, argv); } escaped_user = escape_ldap_string_alloc(argv[0]); @@ -535,7 +536,7 @@ static int ads_user_info(int argc, const char **argv) return -1; } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { SAFE_FREE(escaped_user); return -1; } @@ -571,7 +572,7 @@ static int ads_user_info(int argc, const char **argv) return 0; } -static int ads_user_delete(int argc, const char **argv) +static int ads_user_delete(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -579,10 +580,10 @@ static int ads_user_delete(int argc, const char **argv) char *userdn; if (argc < 1) { - return net_ads_user_usage(argc, argv); + return net_ads_user_usage(c, argc, argv); } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -608,7 +609,7 @@ static int ads_user_delete(int argc, const char **argv) return -1; } -int net_ads_user(int argc, const char **argv) +int net_ads_user(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"ADD", ads_user_add}, @@ -623,33 +624,33 @@ int net_ads_user(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } - if (opt_long_list_entries) + if (c->opt_long_list_entries) d_printf("\nUser name Comment"\ "\n-----------------------------\n"); rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, "(objectCategory=user)", - opt_long_list_entries ? longattrs : + c->opt_long_list_entries ? longattrs : shortattrs, usergrp_display, disp_fields); ads_destroy(&ads); return ADS_ERR_OK(rc) ? 0 : -1; } - return net_run_function(argc, argv, func, net_ads_user_usage); + return net_run_function(c, argc, argv, func, net_ads_user_usage); } -static int net_ads_group_usage(int argc, const char **argv) +static int net_ads_group_usage(struct net_context *c, int argc, const char **argv) { - return net_help_group(argc, argv); + return net_help_group(c, argc, argv); } -static int ads_group_add(int argc, const char **argv) +static int ads_group_add(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; @@ -658,10 +659,10 @@ static int ads_group_add(int argc, const char **argv) char *ou_str = NULL; if (argc < 1) { - return net_ads_group_usage(argc, argv); + return net_ads_group_usage(c, argc, argv); } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -677,13 +678,13 @@ static int ads_group_add(int argc, const char **argv) goto done; } - if (opt_container) { - ou_str = SMB_STRDUP(opt_container); + if (c->opt_container) { + ou_str = SMB_STRDUP(c->opt_container); } else { ou_str = ads_default_ou_string(ads, WELL_KNOWN_GUID_USERS); } - status = ads_add_group_acct(ads, argv[0], ou_str, opt_comment); + status = ads_add_group_acct(ads, argv[0], ou_str, c->opt_comment); if (ADS_ERR_OK(status)) { d_printf("Group %s added\n", argv[0]); @@ -701,7 +702,7 @@ static int ads_group_add(int argc, const char **argv) return rc; } -static int ads_group_delete(int argc, const char **argv) +static int ads_group_delete(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -709,10 +710,10 @@ static int ads_group_delete(int argc, const char **argv) char *groupdn; if (argc < 1) { - return net_ads_group_usage(argc, argv); + return net_ads_group_usage(c, argc, argv); } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -738,7 +739,7 @@ static int ads_group_delete(int argc, const char **argv) return -1; } -int net_ads_group(int argc, const char **argv) +int net_ads_group(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"ADD", ads_group_add}, @@ -752,33 +753,33 @@ int net_ads_group(int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } - if (opt_long_list_entries) + if (c->opt_long_list_entries) d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, "(objectCategory=group)", - opt_long_list_entries ? longattrs : + c->opt_long_list_entries ? longattrs : shortattrs, usergrp_display, disp_fields); ads_destroy(&ads); return ADS_ERR_OK(rc) ? 0 : -1; } - return net_run_function(argc, argv, func, net_ads_group_usage); + return net_run_function(c, argc, argv, func, net_ads_group_usage); } -static int net_ads_status(int argc, const char **argv) +static int net_ads_status(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; LDAPMessage *res; - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } @@ -807,7 +808,7 @@ static int net_ads_status(int argc, const char **argv) with full control to the computer object's ACL. *******************************************************************/ -static int net_ads_leave(int argc, const char **argv) +static int net_ads_leave(struct net_context *c, int argc, const char **argv) { TALLOC_CTX *ctx; struct libnet_UnjoinCtx *r = NULL; @@ -832,10 +833,10 @@ static int net_ads_leave(int argc, const char **argv) } r->in.debug = true; - r->in.dc_name = opt_host; + r->in.dc_name = c->opt_host; r->in.domain_name = lp_realm(); - r->in.admin_account = opt_user_name; - r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.admin_account = c->opt_user_name; + r->in.admin_password = net_prompt_pass(c, c->opt_user_name); r->in.modify_config = lp_config_backend_is_registry(); r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; @@ -876,7 +877,7 @@ static int net_ads_leave(int argc, const char **argv) return -1; } -static NTSTATUS net_ads_join_ok(void) +static NTSTATUS net_ads_join_ok(struct net_context *c) { ADS_STRUCT *ads = NULL; ADS_STATUS status; @@ -886,9 +887,9 @@ static NTSTATUS net_ads_join_ok(void) return NT_STATUS_ACCESS_DENIED; } - net_use_krb_machine_account(); + net_use_krb_machine_account(c); - status = ads_startup(True, &ads); + status = ads_startup(c, true, &ads); if (!ADS_ERR_OK(status)) { return ads_ntstatus(status); } @@ -900,13 +901,13 @@ static NTSTATUS net_ads_join_ok(void) /* check that an existing join is OK */ -int net_ads_testjoin(int argc, const char **argv) +int net_ads_testjoin(struct net_context *c, int argc, const char **argv) { NTSTATUS status; use_in_memory_ccache(); /* Display success or failure */ - status = net_ads_join_ok(); + status = net_ads_join_ok(c); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr,"Join to domain is not valid: %s\n", get_friendly_nt_error_msg(status)); @@ -1074,7 +1075,7 @@ static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) /******************************************************************* ********************************************************************/ -static int net_ads_join_usage(int argc, const char **argv) +static int net_ads_join_usage(struct net_context *c, int argc, const char **argv) { d_printf("net ads join [options]\n"); d_printf("Valid options:\n"); @@ -1097,7 +1098,7 @@ static int net_ads_join_usage(int argc, const char **argv) /******************************************************************* ********************************************************************/ -int net_ads_join(int argc, const char **argv) +int net_ads_join(struct net_context *c, int argc, const char **argv) { TALLOC_CTX *ctx = NULL; struct libnet_JoinCtx *r = NULL; @@ -1180,9 +1181,9 @@ int net_ads_join(int argc, const char **argv) r->in.account_ou = create_in_ou; r->in.os_name = os_name; r->in.os_version = os_version; - r->in.dc_name = opt_host; - r->in.admin_account = opt_user_name; - r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.dc_name = c->opt_host; + r->in.admin_account = c->opt_user_name; + r->in.admin_password = net_prompt_pass(c, c->opt_user_name); r->in.debug = true; r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | @@ -1256,7 +1257,7 @@ fail: /******************************************************************* ********************************************************************/ -static int net_ads_dns_usage(int argc, const char **argv) +static int net_ads_dns_usage(struct net_context *c, int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) d_printf("net ads dns \n"); @@ -1273,7 +1274,7 @@ static int net_ads_dns_usage(int argc, const char **argv) /******************************************************************* ********************************************************************/ -static int net_ads_dns_register(int argc, const char **argv) +static int net_ads_dns_register(struct net_context *c, int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) ADS_STRUCT *ads; @@ -1324,7 +1325,7 @@ static int net_ads_dns_register(int argc, const char **argv) DNS_ERROR do_gethostbyname(const char *server, const char *host); #endif -static int net_ads_dns_gethostbyname(int argc, const char **argv) +static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) DNS_ERROR err; @@ -1346,7 +1347,7 @@ static int net_ads_dns_gethostbyname(int argc, const char **argv) return 0; } -static int net_ads_dns(int argc, const char *argv[]) +static int net_ads_dns(struct net_context *c, int argc, const char *argv[]) { struct functable func[] = { {"REGISTER", net_ads_dns_register}, @@ -1354,13 +1355,13 @@ static int net_ads_dns(int argc, const char *argv[]) {NULL, NULL} }; - return net_run_function(argc, argv, func, net_ads_dns_usage); + return net_run_function(c, argc, argv, func, net_ads_dns_usage); } /******************************************************************* ********************************************************************/ -int net_ads_printer_usage(int argc, const char **argv) +int net_ads_printer_usage(struct net_context *c, int argc, const char **argv) { d_printf( "\nnet ads printer search " @@ -1380,13 +1381,13 @@ int net_ads_printer_usage(int argc, const char **argv) /******************************************************************* ********************************************************************/ -static int net_ads_printer_search(int argc, const char **argv) +static int net_ads_printer_search(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; LDAPMessage *res = NULL; - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1412,14 +1413,14 @@ static int net_ads_printer_search(int argc, const char **argv) return 0; } -static int net_ads_printer_info(int argc, const char **argv) +static int net_ads_printer_info(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; const char *servername, *printername; LDAPMessage *res = NULL; - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1459,7 +1460,7 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } -static int net_ads_printer_publish(int argc, const char **argv) +static int net_ads_printer_publish(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -1474,14 +1475,14 @@ static int net_ads_printer_publish(int argc, const char **argv) char *srv_cn_escaped = NULL, *printername_escaped = NULL; LDAPMessage *res = NULL; - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { talloc_destroy(mem_ctx); return -1; } if (argc < 1) { talloc_destroy(mem_ctx); - return net_ads_printer_usage(argc, argv); + return net_ads_printer_usage(c, argc, argv); } printername = argv[0]; @@ -1499,8 +1500,8 @@ static int net_ads_printer_publish(int argc, const char **argv) nt_status = cli_full_connection(&cli, global_myname(), servername, &server_ss, 0, "IPC$", "IPC", - opt_user_name, opt_workgroup, - opt_password ? opt_password : "", + c->opt_user_name, c->opt_workgroup, + c->opt_password ? c->opt_password : "", CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -1578,7 +1579,7 @@ static int net_ads_printer_publish(int argc, const char **argv) return 0; } -static int net_ads_printer_remove(int argc, const char **argv) +static int net_ads_printer_remove(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -1586,12 +1587,12 @@ static int net_ads_printer_remove(int argc, const char **argv) char *prt_dn; LDAPMessage *res = NULL; - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } if (argc < 1) { - return net_ads_printer_usage(argc, argv); + return net_ads_printer_usage(c, argc, argv); } if (argc > 1) { @@ -1631,7 +1632,7 @@ static int net_ads_printer_remove(int argc, const char **argv) return 0; } -static int net_ads_printer(int argc, const char **argv) +static int net_ads_printer(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"SEARCH", net_ads_printer_search}, @@ -1641,22 +1642,22 @@ static int net_ads_printer(int argc, const char **argv) {NULL, NULL} }; - return net_run_function(argc, argv, func, net_ads_printer_usage); + return net_run_function(c, argc, argv, func, net_ads_printer_usage); } -static int net_ads_password(int argc, const char **argv) +static int net_ads_password(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; - const char *auth_principal = opt_user_name; - const char *auth_password = opt_password; + const char *auth_principal = c->opt_user_name; + const char *auth_password = c->opt_password; char *realm = NULL; char *new_password = NULL; - char *c, *prompt; + char *chr, *prompt; const char *user; ADS_STATUS ret; - if (opt_user_name == NULL || opt_password == NULL) { + if (c->opt_user_name == NULL || c->opt_password == NULL) { d_fprintf(stderr, "You must supply an administrator username/password\n"); return -1; } @@ -1668,21 +1669,21 @@ static int net_ads_password(int argc, const char **argv) user = argv[0]; if (!strchr_m(user, '@')) { - asprintf(&c, "%s@%s", argv[0], lp_realm()); - user = c; + asprintf(&chr, "%s@%s", argv[0], lp_realm()); + user = chr; } use_in_memory_ccache(); - c = strchr_m(auth_principal, '@'); - if (c) { - realm = ++c; + chr = strchr_m(auth_principal, '@'); + if (chr) { + realm = ++chr; } else { realm = lp_realm(); } /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, opt_workgroup, opt_host))) { + if (!(ads = ads_init(realm, c->opt_workgroup, c->opt_host))) { return -1; } @@ -1717,7 +1718,7 @@ static int net_ads_password(int argc, const char **argv) return 0; } -int net_ads_changetrustpw(int argc, const char **argv) +int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; char *host_principal; @@ -1729,11 +1730,11 @@ int net_ads_changetrustpw(int argc, const char **argv) return -1; } - net_use_krb_machine_account(); + net_use_krb_machine_account(c); use_in_memory_ccache(); - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } @@ -1769,7 +1770,7 @@ int net_ads_changetrustpw(int argc, const char **argv) /* help for net ads search */ -static int net_ads_search_usage(int argc, const char **argv) +static int net_ads_search_usage(struct net_context *c, int argc, const char **argv) { d_printf( "\nnet ads search \n"\ @@ -1778,7 +1779,7 @@ static int net_ads_search_usage(int argc, const char **argv) "attributes are a list of LDAP fields to show in the results\n\n"\ "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n" ); - net_common_flags_usage(argc, argv); + net_common_flags_usage(c, argc, argv); return -1; } @@ -1786,7 +1787,7 @@ static int net_ads_search_usage(int argc, const char **argv) /* general ADS search function. Useful in diagnosing problems in ADS */ -static int net_ads_search(int argc, const char **argv) +static int net_ads_search(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -1795,10 +1796,10 @@ static int net_ads_search(int argc, const char **argv) LDAPMessage *res = NULL; if (argc < 1) { - return net_ads_search_usage(argc, argv); + return net_ads_search_usage(c, argc, argv); } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1829,7 +1830,7 @@ static int net_ads_search(int argc, const char **argv) /* help for net ads search */ -static int net_ads_dn_usage(int argc, const char **argv) +static int net_ads_dn_usage(struct net_context *c, int argc, const char **argv) { d_printf( "\nnet ads dn \n"\ @@ -1839,7 +1840,7 @@ static int net_ads_dn_usage(int argc, const char **argv) "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n" "Note: the DN must be provided properly escaped. See RFC 4514 for details\n\n" ); - net_common_flags_usage(argc, argv); + net_common_flags_usage(c, argc, argv); return -1; } @@ -1847,7 +1848,7 @@ static int net_ads_dn_usage(int argc, const char **argv) /* general ADS search function. Useful in diagnosing problems in ADS */ -static int net_ads_dn(int argc, const char **argv) +static int net_ads_dn(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -1856,10 +1857,10 @@ static int net_ads_dn(int argc, const char **argv) LDAPMessage *res = NULL; if (argc < 1) { - return net_ads_dn_usage(argc, argv); + return net_ads_dn_usage(c, argc, argv); } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1889,7 +1890,7 @@ static int net_ads_dn(int argc, const char **argv) /* help for net ads sid search */ -static int net_ads_sid_usage(int argc, const char **argv) +static int net_ads_sid_usage(struct net_context *c, int argc, const char **argv) { d_printf( "\nnet ads sid \n"\ @@ -1898,7 +1899,7 @@ static int net_ads_sid_usage(int argc, const char **argv) "to show in the results\n\n"\ "Example: net ads sid 'S-1-5-32' distinguishedName\n\n" ); - net_common_flags_usage(argc, argv); + net_common_flags_usage(c, argc, argv); return -1; } @@ -1906,7 +1907,7 @@ static int net_ads_sid_usage(int argc, const char **argv) /* general ADS search function. Useful in diagnosing problems in ADS */ -static int net_ads_sid(int argc, const char **argv) +static int net_ads_sid(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; @@ -1916,10 +1917,10 @@ static int net_ads_sid(int argc, const char **argv) DOM_SID sid; if (argc < 1) { - return net_ads_sid_usage(argc, argv); + return net_ads_sid_usage(c, argc, argv); } - if (!ADS_ERR_OK(ads_startup(False, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1951,7 +1952,7 @@ static int net_ads_sid(int argc, const char **argv) } -static int net_ads_keytab_usage(int argc, const char **argv) +static int net_ads_keytab_usage(struct net_context *c, int argc, const char **argv) { d_printf( "net ads keytab \n"\ @@ -1973,12 +1974,12 @@ static int net_ads_keytab_usage(int argc, const char **argv) return -1; } -static int net_ads_keytab_flush(int argc, const char **argv) +static int net_ads_keytab_flush(struct net_context *c, int argc, const char **argv) { int ret; ADS_STRUCT *ads; - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } ret = ads_keytab_flush(ads); @@ -1986,14 +1987,14 @@ static int net_ads_keytab_flush(int argc, const char **argv) return ret; } -static int net_ads_keytab_add(int argc, const char **argv) +static int net_ads_keytab_add(struct net_context *c, int argc, const char **argv) { int i; int ret = 0; ADS_STRUCT *ads; d_printf("Processing principals to add...\n"); - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } for (i = 0; i < argc; i++) { @@ -2003,12 +2004,12 @@ static int net_ads_keytab_add(int argc, const char **argv) return ret; } -static int net_ads_keytab_create(int argc, const char **argv) +static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; int ret; - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } ret = ads_keytab_create_default(ads); @@ -2016,7 +2017,7 @@ static int net_ads_keytab_create(int argc, const char **argv) return ret; } -static int net_ads_keytab_list(int argc, const char **argv) +static int net_ads_keytab_list(struct net_context *c, int argc, const char **argv) { const char *keytab = NULL; @@ -2028,7 +2029,7 @@ static int net_ads_keytab_list(int argc, const char **argv) } -int net_ads_keytab(int argc, const char **argv) +int net_ads_keytab(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"ADD", net_ads_keytab_add}, @@ -2044,10 +2045,10 @@ int net_ads_keytab(int argc, const char **argv) use keytab functions.\n"); } - return net_run_function(argc, argv, func, net_ads_keytab_usage); + return net_run_function(c, argc, argv, func, net_ads_keytab_usage); } -static int net_ads_kerberos_usage(int argc, const char **argv) +static int net_ads_kerberos_usage(struct net_context *c, int argc, const char **argv) { d_printf( "net ads kerberos \n"\ @@ -2061,7 +2062,7 @@ static int net_ads_kerberos_usage(int argc, const char **argv) return -1; } -static int net_ads_kerberos_renew(int argc, const char **argv) +static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv) { int ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL); if (ret) { @@ -2071,7 +2072,7 @@ static int net_ads_kerberos_renew(int argc, const char **argv) return ret; } -static int net_ads_kerberos_pac(int argc, const char **argv) +static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv) { struct PAC_DATA *pac = NULL; struct PAC_LOGON_INFO *info = NULL; @@ -2084,17 +2085,17 @@ static int net_ads_kerberos_pac(int argc, const char **argv) goto out; } - opt_password = net_prompt_pass(opt_user_name); + c->opt_password = net_prompt_pass(c, c->opt_user_name); status = kerberos_return_pac(mem_ctx, - opt_user_name, - opt_password, + c->opt_user_name, + c->opt_password, 0, NULL, NULL, NULL, - True, - True, + true, + true, 2592000, /* one month */ &pac); if (!NT_STATUS_IS_OK(status)) { @@ -2116,7 +2117,7 @@ static int net_ads_kerberos_pac(int argc, const char **argv) return ret; } -static int net_ads_kerberos_kinit(int argc, const char **argv) +static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv) { TALLOC_CTX *mem_ctx = NULL; int ret = -1; @@ -2127,16 +2128,16 @@ static int net_ads_kerberos_kinit(int argc, const char **argv) goto out; } - opt_password = net_prompt_pass(opt_user_name); + c->opt_password = net_prompt_pass(c, c->opt_user_name); - ret = kerberos_kinit_password_ext(opt_user_name, - opt_password, + ret = kerberos_kinit_password_ext(c->opt_user_name, + c->opt_password, 0, NULL, NULL, NULL, - True, - True, + true, + true, 2592000, /* one month */ &status); if (ret) { @@ -2147,7 +2148,7 @@ static int net_ads_kerberos_kinit(int argc, const char **argv) return ret; } -int net_ads_kerberos(int argc, const char **argv) +int net_ads_kerberos(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"KINIT", net_ads_kerberos_kinit}, @@ -2157,11 +2158,11 @@ int net_ads_kerberos(int argc, const char **argv) {NULL, NULL} }; - return net_run_function(argc, argv, func, net_ads_kerberos_usage); + return net_run_function(c, argc, argv, func, net_ads_kerberos_usage); } -int net_ads_help(int argc, const char **argv) +int net_ads_help(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"USER", net_ads_user_usage}, @@ -2178,10 +2179,10 @@ int net_ads_help(int argc, const char **argv) {NULL, NULL} }; - return net_run_function(argc, argv, func, net_ads_usage); + return net_run_function(c, argc, argv, func, net_ads_usage); } -int net_ads(int argc, const char **argv) +int net_ads(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"INFO", net_ads_info}, @@ -2207,7 +2208,7 @@ int net_ads(int argc, const char **argv) {NULL, NULL} }; - return net_run_function(argc, argv, func, net_ads_usage); + return net_run_function(c, argc, argv, func, net_ads_usage); } #else @@ -2218,60 +2219,60 @@ static int net_ads_noads(void) return -1; } -int net_ads_keytab(int argc, const char **argv) +int net_ads_keytab(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_kerberos(int argc, const char **argv) +int net_ads_kerberos(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_usage(int argc, const char **argv) +int net_ads_usage(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_help(int argc, const char **argv) +int net_ads_help(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_changetrustpw(int argc, const char **argv) +int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_join(int argc, const char **argv) +int net_ads_join(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_user(int argc, const char **argv) +int net_ads_user(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } -int net_ads_group(int argc, const char **argv) +int net_ads_group(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); } /* this one shouldn't display a message */ -int net_ads_check(void) +int net_ads_check(struct net_context *c) { return -1; } -int net_ads_check_our_domain(void) +int net_ads_check_our_domain(struct net_context *c) { return -1; } -int net_ads(int argc, const char **argv) +int net_ads(struct net_context *c, int argc, const char **argv) { - return net_ads_usage(argc, argv); + return net_ads_usage(c, argc, argv); } #endif /* WITH_ADS */ -- cgit From 232853d70084cb88afd3c06bf5fe19f912e8541a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 10 May 2008 10:58:23 +0200 Subject: Fix the build with DNS_UPDATES (This used to be commit 6c9500c290fe0d6d71d4c33eb265906ce3a1d9f3) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5b84eb5522..8efc64fa8c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1295,7 +1295,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar return -1; } - status = ads_startup(True, &ads); + status = ads_startup(c, True, &ads); if ( !ADS_ERR_OK(status) ) { DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); TALLOC_FREE(ctx); -- cgit From ed08bd3e83366eb6e117ca46ef9282666f86366d Mon Sep 17 00:00:00 2001 From: coffeedude Date: Mon, 12 May 2008 17:33:01 -0500 Subject: net ads: Upper case he realm name when calling kinit() using machine creds. Needed fix for the DNS Update option as part of "net ads join" (This used to be commit aebae0b71b427838fdc6344d69d6dea87a5dd58b) --- source3/utils/net_ads.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8efc64fa8c..77d1629714 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1228,6 +1228,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) ads_dns->auth.password = secrets_fetch_machine_password( r->out.netbios_domain_name, NULL, NULL ); ads_dns->auth.realm = SMB_STRDUP( r->out.dns_domain_name ); + strupper_m(ads_dns->auth.realm ); ads_kinit_password( ads_dns ); } -- cgit From 16938883e6fcae7601eb6343177aa2d56dd2136e Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 12 May 2008 11:53:23 +0200 Subject: net: Use true/false instead of True/False. (This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a) --- source3/utils/net_ads.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 77d1629714..d1480961b4 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -219,11 +219,11 @@ static ADS_STATUS ads_startup_int(struct net_context *c, bool only_own_domain, { ADS_STRUCT *ads = NULL; ADS_STATUS status; - bool need_password = False; - bool second_time = False; + bool need_password = false; + bool second_time = false; char *cp; const char *realm = NULL; - bool tried_closest_dc = False; + bool tried_closest_dc = false; /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf @@ -246,7 +246,7 @@ retry_connect: } if (c->opt_user_specified) { - need_password = True; + need_password = true; } retry: @@ -292,8 +292,8 @@ retry: } if (!need_password && !second_time && !(auth_flags & ADS_AUTH_NO_BIND)) { - need_password = True; - second_time = True; + need_password = true; + second_time = true; goto retry; } else { ads_destroy(&ads); @@ -307,7 +307,7 @@ retry: if ((only_own_domain || !c->opt_host) && !tried_closest_dc) { - tried_closest_dc = True; /* avoid loop */ + tried_closest_dc = true; /* avoid loop */ if (!ads->config.tried_closest_dc) { @@ -420,16 +420,16 @@ static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *d } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); - return True; + return true; } if (!values) /* must be new field, indicate string field */ - return True; + return true; if (StrCaseCmp(field, "sAMAccountName") == 0) { disp_fields[0] = SMB_STRDUP((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) disp_fields[1] = SMB_STRDUP((char *) values[0]); - return True; + return true; } static int net_ads_user_usage(struct net_context *c, int argc, const char **argv) @@ -1104,7 +1104,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) struct libnet_JoinCtx *r = NULL; const char *domain = lp_realm(); WERROR werr = WERR_SETUP_NOT_JOINED; - bool createupn = False; + bool createupn = false; const char *machineupn = NULL; const char *create_in_ou = NULL; int i; @@ -1138,7 +1138,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) for ( i=0; i Date: Tue, 13 May 2008 12:51:09 +0200 Subject: net: Split out "net user" (This used to be commit 4ca08a5acc90c77d56f8f3e38443f23f43f034e8) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d1480961b4..2c1d72c720 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -434,7 +434,7 @@ static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *d static int net_ads_user_usage(struct net_context *c, int argc, const char **argv) { - return net_help_user(c, argc, argv); + return net_user_usage(c, argc, argv); } static int ads_user_add(struct net_context *c, int argc, const char **argv) -- cgit From 007f0e19dc4c6afc2d5f97d7f89932d4eff7d354 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 13 May 2008 13:44:28 +0200 Subject: net: Split out "net group" (This used to be commit 3ddd9c09e3b51df01ac34a9a1537e8954d2b1167) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2c1d72c720..40bbdad0c6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -647,7 +647,7 @@ int net_ads_user(struct net_context *c, int argc, const char **argv) static int net_ads_group_usage(struct net_context *c, int argc, const char **argv) { - return net_help_group(c, argc, argv); + return net_group_usage(c, argc, argv); } static int ads_group_add(struct net_context *c, int argc, const char **argv) -- cgit From 0210f7af917d0e4ea1f16f9c6e767b8fe817c095 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 15 May 2008 10:14:41 +0200 Subject: net: The top level help function for net cmd is always net_cmd_usage (This used to be commit f7d0903a58b0b0fc248a613937a101f15baa5311) --- source3/utils/net_ads.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 40bbdad0c6..8053b24051 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -27,7 +27,7 @@ #ifdef HAVE_ADS -int net_ads_usage(struct net_context *c, int argc, const char **argv) +int net_ads_help(struct net_context *c, int argc, const char **argv) { d_printf("join [createupn[=principal]] [createcomputer=]\n"); d_printf(" Join the local machine to a ADS realm\n"); @@ -2163,7 +2163,7 @@ int net_ads_kerberos(struct net_context *c, int argc, const char **argv) } -int net_ads_help(struct net_context *c, int argc, const char **argv) +int net_ads_usage(struct net_context *c, int argc, const char **argv) { struct functable func[] = { {"USER", net_ads_user_usage}, @@ -2180,7 +2180,7 @@ int net_ads_help(struct net_context *c, int argc, const char **argv) {NULL, NULL} }; - return net_run_function(c, argc, argv, func, net_ads_usage); + return net_run_function(c, argc, argv, func, net_ads_help); } int net_ads(struct net_context *c, int argc, const char **argv) @@ -2209,7 +2209,7 @@ int net_ads(struct net_context *c, int argc, const char **argv) {NULL, NULL} }; - return net_run_function(c, argc, argv, func, net_ads_usage); + return net_run_function(c, argc, argv, func, net_ads_help); } #else -- cgit From d7772433bf96b04fff36f70fb621e6b27ae4b81c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 4 Jun 2008 01:30:37 +0200 Subject: net: print NBT_SERVER_X_SECRET_DOMAIN_6 flags in "net ads lookup". Guenther (This used to be commit 420390ba0ef6b45f18a8fd37974b1fbee0bd1502) --- source3/utils/net_ads.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8053b24051..db2021ff7b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -117,7 +117,9 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads) "\tIs the closest DC: %s\n" "\tIs writable: %s\n" "\tHas a hardware clock: %s\n" - "\tIs a non-domain NC serviced by LDAP server: %s\n", + "\tIs a non-domain NC serviced by LDAP server: %s\n" + "\tIs NT6 DC that has some secrets: %s\n" + "\tIs NT6 DC that has all secrets: %s\n", (reply.server_type & NBT_SERVER_PDC) ? "yes" : "no", (reply.server_type & NBT_SERVER_GC) ? "yes" : "no", (reply.server_type & NBT_SERVER_LDAP) ? "yes" : "no", @@ -127,7 +129,10 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads) (reply.server_type & NBT_SERVER_CLOSEST) ? "yes" : "no", (reply.server_type & NBT_SERVER_WRITABLE) ? "yes" : "no", (reply.server_type & NBT_SERVER_GOOD_TIMESERV) ? "yes" : "no", - (reply.server_type & DS_SERVER_NDNC) ? "yes" : "no"); + (reply.server_type & NBT_SERVER_NDNC) ? "yes" : "no", + (reply.server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) ? "yes" : "no", + (reply.server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) ? "yes" : "no"); + printf("Forest:\t\t\t%s\n", reply.forest); printf("Domain:\t\t\t%s\n", reply.dns_domain); -- cgit From 54bc155736b9b20746d73808b037c0df50b048fb Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 20 May 2008 13:35:04 +0200 Subject: net: Make "net ads" use functable3 (This used to be commit 64e3dc63966ecf216b354263e4bd5dfd1491abcc) --- source3/utils/net_ads.c | 726 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 512 insertions(+), 214 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index db2021ff7b..a71ba5b1d2 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -27,42 +27,6 @@ #ifdef HAVE_ADS -int net_ads_help(struct net_context *c, int argc, const char **argv) -{ - d_printf("join [createupn[=principal]] [createcomputer=]\n"); - d_printf(" Join the local machine to a ADS realm\n"); - d_printf("leave\n"); - d_printf(" Remove the local machine from a ADS realm\n"); - d_printf("testjoin\n"); - d_printf(" Validates the machine account in the domain\n"); - d_printf("user\n"); - d_printf(" List, add, or delete users in the realm\n"); - d_printf("group\n"); - d_printf(" List, add, or delete groups in the realm\n"); - d_printf("info\n"); - d_printf(" Displays details regarding a specific AD server\n"); - d_printf("status\n"); - d_printf(" Display details regarding the machine's account in AD\n"); - d_printf("lookup\n"); - d_printf(" Performs CLDAP query of AD domain controllers\n"); - d_printf("password -Uadmin_username@realm%%admin_pass\n"); - d_printf(" Change a user's password using an admin account\n"); - d_printf(" (note: use realm in UPPERCASE, prompts if password is obmitted)\n"); - d_printf("changetrustpw\n"); - d_printf(" Change the trust account password of this machine in the AD tree\n"); - d_printf("printer [info | publish | remove] \n"); - d_printf(" Lookup, add, or remove directory entry for a printer\n"); - d_printf("{search,dn,sid}\n"); - d_printf(" Issue LDAP search queries using a general filter, by DN, or by SID\n"); - d_printf("keytab\n"); - d_printf(" Manage a local keytab file based on the machine account in AD\n"); - d_printf("dns\n"); - d_printf(" Issue a dynamic DNS update request the server's hostname\n"); - d_printf(" (using the machine credentials)\n"); - - return -1; -} - /* when we do not have sufficient input parameters to contact a remote domain * we always fall back to our own realm - Guenther*/ @@ -161,6 +125,13 @@ static int net_ads_lookup(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads lookup\n" + " Find the ADS DC using CLDAP lookup.\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; @@ -181,6 +152,14 @@ static int net_ads_info(struct net_context *c, int argc, const char **argv) ADS_STRUCT *ads; char addr[INET6_ADDRSTRLEN]; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads info\n" + " Display information about an Active Directory " + "server.\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) { d_fprintf(stderr, "Didn't find the ldap server!\n"); return -1; @@ -384,6 +363,13 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv) char addr[INET6_ADDRSTRLEN]; struct nbt_cldap_netlogon_5 reply; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads workgroup\n" + " Print the workgroup name\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; @@ -451,7 +437,8 @@ static int ads_user_add(struct net_context *c, int argc, const char **argv) int rc = -1; char *ou_str = NULL; - if (argc < 1) return net_ads_user_usage(c, argc, argv); + if (argc < 1 || c->display_usage) + return net_ads_user_usage(c, argc, argv); if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; @@ -530,7 +517,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv) char **grouplist; char *escaped_user; - if (argc < 1) { + if (argc < 1 || c->display_usage) { return net_ads_user_usage(c, argc, argv); } @@ -616,11 +603,32 @@ static int ads_user_delete(struct net_context *c, int argc, const char **argv) int net_ads_user(struct net_context *c, int argc, const char **argv) { - struct functable func[] = { - {"ADD", ads_user_add}, - {"INFO", ads_user_info}, - {"DELETE", ads_user_delete}, - {NULL, NULL} + struct functable3 func[] = { + { + "add", + ads_user_add, + NET_TRANSPORT_ADS, + "Add an AD user", + "net ads user add\n" + " Add an AD user" + }, + { + "info", + ads_user_info, + NET_TRANSPORT_ADS, + "Display information about an AD user", + "net ads user info\n" + " Display information about an AD user" + }, + { + "delete", + ads_user_delete, + NET_TRANSPORT_ADS, + "Delete an AD user", + "net ads user delete\n" + " Delete an AD user" + }, + {NULL, NULL, 0, NULL, NULL} }; ADS_STRUCT *ads; ADS_STATUS rc; @@ -629,12 +637,20 @@ int net_ads_user(struct net_context *c, int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { + if (c->display_usage) { + d_printf("Usage:\n"); + d_printf("net ads user\n" + " List AD users\n"); + net_display_usage_from_functable(func); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } if (c->opt_long_list_entries) - d_printf("\nUser name Comment"\ + d_printf("\nUser name Comment" "\n-----------------------------\n"); rc = ads_do_search_all_fn(ads, ads->config.bind_path, @@ -647,7 +663,7 @@ int net_ads_user(struct net_context *c, int argc, const char **argv) return ADS_ERR_OK(rc) ? 0 : -1; } - return net_run_function(c, argc, argv, func, net_ads_user_usage); + return net_run_function3(c, argc, argv, "net ads user", func); } static int net_ads_group_usage(struct net_context *c, int argc, const char **argv) @@ -663,7 +679,7 @@ static int ads_group_add(struct net_context *c, int argc, const char **argv) int rc = -1; char *ou_str = NULL; - if (argc < 1) { + if (argc < 1 || c->display_usage) { return net_ads_group_usage(c, argc, argv); } @@ -714,7 +730,7 @@ static int ads_group_delete(struct net_context *c, int argc, const char **argv) LDAPMessage *res = NULL; char *groupdn; - if (argc < 1) { + if (argc < 1 || c->display_usage) { return net_ads_group_usage(c, argc, argv); } @@ -746,10 +762,24 @@ static int ads_group_delete(struct net_context *c, int argc, const char **argv) int net_ads_group(struct net_context *c, int argc, const char **argv) { - struct functable func[] = { - {"ADD", ads_group_add}, - {"DELETE", ads_group_delete}, - {NULL, NULL} + struct functable3 func[] = { + { + "add", + ads_group_add, + NET_TRANSPORT_ADS, + "Add an AD group", + "net ads group add\n" + " Add an AD group" + }, + { + "delete", + ads_group_delete, + NET_TRANSPORT_ADS, + "Delete an AD group", + "net ads group delete\n" + " Delete an AD group" + }, + {NULL, NULL, 0, NULL, NULL} }; ADS_STRUCT *ads; ADS_STATUS rc; @@ -758,12 +788,20 @@ int net_ads_group(struct net_context *c, int argc, const char **argv) char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { + if (c->display_usage) { + d_printf("Usage:\n"); + d_printf("net ads group\n" + " List AD groups\n"); + net_display_usage_from_functable(func); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } if (c->opt_long_list_entries) - d_printf("\nGroup name Comment"\ + d_printf("\nGroup name Comment" "\n-----------------------------\n"); rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, @@ -775,7 +813,7 @@ int net_ads_group(struct net_context *c, int argc, const char **argv) ads_destroy(&ads); return ADS_ERR_OK(rc) ? 0 : -1; } - return net_run_function(c, argc, argv, func, net_ads_group_usage); + return net_run_function3(c, argc, argv, "net ads group", func); } static int net_ads_status(struct net_context *c, int argc, const char **argv) @@ -784,6 +822,13 @@ static int net_ads_status(struct net_context *c, int argc, const char **argv) ADS_STATUS rc; LDAPMessage *res; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads status\n" + " Display machine account details\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } @@ -819,6 +864,13 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) struct libnet_UnjoinCtx *r = NULL; WERROR werr; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads leave\n" + " Leave an AD domain\n"); + return 0; + } + if (!*lp_realm()) { d_fprintf(stderr, "No realm set, are we joined ?\n"); return -1; @@ -911,6 +963,13 @@ int net_ads_testjoin(struct net_context *c, int argc, const char **argv) NTSTATUS status; use_in_memory_ccache(); + if (c->display_usage) { + d_printf("Usage:\n" + "net ads testjoin\n" + " Test if the existing join is ok\n"); + return 0; + } + /* Display success or failure */ status = net_ads_join_ok(c); if (!NT_STATUS_IS_OK(status)) { @@ -1117,6 +1176,9 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) const char *os_version = NULL; bool modify_config = lp_config_backend_is_registry(); + if (c->display_usage) + return net_ads_join_usage(c, argc, argv); + if (!modify_config) { werr = check_ads_config(); @@ -1260,23 +1322,6 @@ fail: return -1; } -/******************************************************************* - ********************************************************************/ - -static int net_ads_dns_usage(struct net_context *c, int argc, const char **argv) -{ -#if defined(WITH_DNS_UPDATES) - d_printf("net ads dns \n"); - d_printf("Valid commands:\n"); - d_printf(" register Issue a dynamic DNS update request for our hostname\n"); - - return 0; -#else - d_fprintf(stderr, "DNS update support not enabled at compile time!\n"); - return -1; -#endif -} - /******************************************************************* ********************************************************************/ @@ -1291,8 +1336,10 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar talloc_enable_leak_report(); #endif - if (argc > 0) { - d_fprintf(stderr, "net ads dns register\n"); + if (argc > 0 || c->display_usage) { + d_printf("Usage:\n" + "net ads dns register\n" + " Register hostname with DNS\n"); return -1; } @@ -1340,9 +1387,12 @@ static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char talloc_enable_leak_report(); #endif - if (argc != 2) { - d_fprintf(stderr, "net ads dns gethostbyname " - "\n"); + if (argc != 2 || c->display_usage) { + d_printf("Usage:\n" + "net ads dns gethostbyname \n" + " Look up hostname from the AD\n" + " server\tName server to use\n" + " name\tName to look up\n"); return -1; } @@ -1355,13 +1405,27 @@ static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char static int net_ads_dns(struct net_context *c, int argc, const char *argv[]) { - struct functable func[] = { - {"REGISTER", net_ads_dns_register}, - {"GETHOSTBYNAME", net_ads_dns_gethostbyname}, - {NULL, NULL} + struct functable3 func[] = { + { + "register", + net_ads_dns_register, + NET_TRANSPORT_ADS, + "Add host dns entry to AD", + "net ads dns register\n" + " Add host dns entry to AD" + }, + { + "gethostbyname", + net_ads_dns_gethostbyname, + NET_TRANSPORT_ADS, + "Look up host", + "net ads dns gethostbyname\n" + " Look up host" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function(c, argc, argv, func, net_ads_dns_usage); + return net_run_function3(c, argc, argv, "net ads dns", func); } /******************************************************************* @@ -1393,6 +1457,13 @@ static int net_ads_printer_search(struct net_context *c, int argc, const char ** ADS_STATUS rc; LDAPMessage *res = NULL; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads printer search\n" + " List printers in the AD\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1426,6 +1497,15 @@ static int net_ads_printer_info(struct net_context *c, int argc, const char **ar const char *servername, *printername; LDAPMessage *res = NULL; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads printer info [printername [servername]]\n" + " Display printer info from AD\n" + " printername\tPrinter name or wildcard\n" + " servername\tName of the print server\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { return -1; } @@ -1481,14 +1561,19 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * char *srv_cn_escaped = NULL, *printername_escaped = NULL; LDAPMessage *res = NULL; - if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { + if (argc < 1 || c->display_usage) { + d_printf("Usage:\n" + "net ads printer publish [servername]\n" + " Publish printer in AD\n" + " printername\tName of the printer\n" + " servername\tName of the print server\n"); talloc_destroy(mem_ctx); return -1; } - if (argc < 1) { + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { talloc_destroy(mem_ctx); - return net_ads_printer_usage(c, argc, argv); + return -1; } printername = argv[0]; @@ -1593,12 +1678,17 @@ static int net_ads_printer_remove(struct net_context *c, int argc, const char ** char *prt_dn; LDAPMessage *res = NULL; - if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { + if (argc < 1 || c->display_usage) { + d_printf("Usage:\n" + "net ads printer remove [servername]\n" + " Remove a printer from the AD\n" + " printername\tName of the printer\n" + " servername\tName of the print server\n"); return -1; } - if (argc < 1) { - return net_ads_printer_usage(c, argc, argv); + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { + return -1; } if (argc > 1) { @@ -1640,15 +1730,43 @@ static int net_ads_printer_remove(struct net_context *c, int argc, const char ** static int net_ads_printer(struct net_context *c, int argc, const char **argv) { - struct functable func[] = { - {"SEARCH", net_ads_printer_search}, - {"INFO", net_ads_printer_info}, - {"PUBLISH", net_ads_printer_publish}, - {"REMOVE", net_ads_printer_remove}, - {NULL, NULL} + struct functable3 func[] = { + { + "search", + net_ads_printer_search, + NET_TRANSPORT_ADS, + "Search for a printer", + "net ads printer search\n" + " Search for a printer" + }, + { + "info", + net_ads_printer_info, + NET_TRANSPORT_ADS, + "Display printer information", + "net ads printer info\n" + " Display printer information" + }, + { + "publish", + net_ads_printer_publish, + NET_TRANSPORT_ADS, + "Publish a printer", + "net ads printer publish\n" + " Publish a printer" + }, + { + "remove", + net_ads_printer_remove, + NET_TRANSPORT_ADS, + "Delete a printer", + "net ads printer remove\n" + " Delete a printer" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function(c, argc, argv, func, net_ads_printer_usage); + return net_run_function3(c, argc, argv, "net ads printer", func); } @@ -1663,6 +1781,14 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv) const char *user; ADS_STATUS ret; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads password \n" + " Change password for user\n" + " username\tName of user to change password for\n"); + return 0; + } + if (c->opt_user_name == NULL || c->opt_password == NULL) { d_fprintf(stderr, "You must supply an administrator username/password\n"); return -1; @@ -1731,6 +1857,13 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) fstring my_name; ADS_STATUS ret; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads changetrustpw\n" + " Change the machine account's trust password\n"); + return 0; + } + if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; @@ -1779,10 +1912,10 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) static int net_ads_search_usage(struct net_context *c, int argc, const char **argv) { d_printf( - "\nnet ads search \n"\ - "\nperform a raw LDAP search on a ADS server and dump the results\n"\ - "The expression is a standard LDAP search expression, and the\n"\ - "attributes are a list of LDAP fields to show in the results\n\n"\ + "\nnet ads search \n" + "\nperform a raw LDAP search on a ADS server and dump the results\n" + "The expression is a standard LDAP search expression, and the\n" + "attributes are a list of LDAP fields to show in the results\n\n" "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n" ); net_common_flags_usage(c, argc, argv); @@ -1801,7 +1934,7 @@ static int net_ads_search(struct net_context *c, int argc, const char **argv) const char **attrs; LDAPMessage *res = NULL; - if (argc < 1) { + if (argc < 1 || c->display_usage) { return net_ads_search_usage(c, argc, argv); } @@ -1839,10 +1972,10 @@ static int net_ads_search(struct net_context *c, int argc, const char **argv) static int net_ads_dn_usage(struct net_context *c, int argc, const char **argv) { d_printf( - "\nnet ads dn \n"\ - "\nperform a raw LDAP search on a ADS server and dump the results\n"\ - "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"\ - "to show in the results\n\n"\ + "\nnet ads dn \n" + "\nperform a raw LDAP search on a ADS server and dump the results\n" + "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n" + "to show in the results\n\n" "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n" "Note: the DN must be provided properly escaped. See RFC 4514 for details\n\n" ); @@ -1862,7 +1995,7 @@ static int net_ads_dn(struct net_context *c, int argc, const char **argv) const char **attrs; LDAPMessage *res = NULL; - if (argc < 1) { + if (argc < 1 || c->display_usage) { return net_ads_dn_usage(c, argc, argv); } @@ -1899,10 +2032,10 @@ static int net_ads_dn(struct net_context *c, int argc, const char **argv) static int net_ads_sid_usage(struct net_context *c, int argc, const char **argv) { d_printf( - "\nnet ads sid \n"\ - "\nperform a raw LDAP search on a ADS server and dump the results\n"\ - "The SID is in string format, and the attributes are a list of LDAP fields \n"\ - "to show in the results\n\n"\ + "\nnet ads sid \n" + "\nperform a raw LDAP search on a ADS server and dump the results\n" + "The SID is in string format, and the attributes are a list of LDAP fields \n" + "to show in the results\n\n" "Example: net ads sid 'S-1-5-32' distinguishedName\n\n" ); net_common_flags_usage(c, argc, argv); @@ -1922,7 +2055,7 @@ static int net_ads_sid(struct net_context *c, int argc, const char **argv) LDAPMessage *res = NULL; DOM_SID sid; - if (argc < 1) { + if (argc < 1 || c->display_usage) { return net_ads_sid_usage(c, argc, argv); } @@ -1957,34 +2090,18 @@ static int net_ads_sid(struct net_context *c, int argc, const char **argv) return 0; } - -static int net_ads_keytab_usage(struct net_context *c, int argc, const char **argv) -{ - d_printf( - "net ads keytab \n"\ -" can be either:\n"\ -" ADD Adds new service principal\n"\ -" CREATE Creates a fresh keytab\n"\ -" FLUSH Flushes out all keytab entries\n"\ -" HELP Prints this help message\n"\ -" LIST List the keytab\n"\ -"The ADD and LIST command will take arguments, the other commands\n"\ -"will not take any arguments. The arguments given to ADD\n"\ -"should be a list of principals to add. For example, \n"\ -" net ads keytab add srv1 srv2\n"\ -"will add principals for the services srv1 and srv2 to the\n"\ -"system's keytab.\n"\ -"The LIST command takes a keytabname.\n"\ -"\n" - ); - return -1; -} - static int net_ads_keytab_flush(struct net_context *c, int argc, const char **argv) { int ret; ADS_STRUCT *ads; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads keytab flush\n" + " Delete the whole keytab\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } @@ -1999,6 +2116,15 @@ static int net_ads_keytab_add(struct net_context *c, int argc, const char **argv int ret = 0; ADS_STRUCT *ads; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads keytab add [principal ...]\n" + " Add principals to local keytab\n" + " principal\tKerberos principal to add to " + "keytab\n"); + return 0; + } + d_printf("Processing principals to add...\n"); if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; @@ -2015,6 +2141,13 @@ static int net_ads_keytab_create(struct net_context *c, int argc, const char **a ADS_STRUCT *ads; int ret; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads keytab create\n" + " Create new default keytab\n"); + return 0; + } + if (!ADS_ERR_OK(ads_startup(c, true, &ads))) { return -1; } @@ -2027,6 +2160,14 @@ static int net_ads_keytab_list(struct net_context *c, int argc, const char **arg { const char *keytab = NULL; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads keytab list [keytab]\n" + " List a local keytab\n" + " keytab\tKeytab to list\n"); + return 0; + } + if (argc >= 1) { keytab = argv[0]; } @@ -2037,13 +2178,40 @@ static int net_ads_keytab_list(struct net_context *c, int argc, const char **arg int net_ads_keytab(struct net_context *c, int argc, const char **argv) { - struct functable func[] = { - {"ADD", net_ads_keytab_add}, - {"CREATE", net_ads_keytab_create}, - {"FLUSH", net_ads_keytab_flush}, - {"HELP", net_ads_keytab_usage}, - {"LIST", net_ads_keytab_list}, - {NULL, NULL} + struct functable3 func[] = { + { + "add", + net_ads_keytab_add, + NET_TRANSPORT_ADS, + "Add a service principal", + "net ads keytab add\n" + " Add a service principal" + }, + { + "create", + net_ads_keytab_create, + NET_TRANSPORT_ADS, + "Create a fresh keytab", + "net ads keytab create\n" + " Create a fresh keytab" + }, + { + "flush", + net_ads_keytab_flush, + NET_TRANSPORT_ADS, + "Remove all keytab entries", + "net ads keytab flush\n" + " Remove all keytab entries" + }, + { + "list", + net_ads_keytab_list, + NET_TRANSPORT_ADS, + "List a keytab", + "net ads keytab list\n" + " List a keytab" + }, + {NULL, NULL, 0, NULL, NULL} }; if (!lp_use_kerberos_keytab()) { @@ -2051,26 +2219,21 @@ int net_ads_keytab(struct net_context *c, int argc, const char **argv) use keytab functions.\n"); } - return net_run_function(c, argc, argv, func, net_ads_keytab_usage); + return net_run_function3(c, argc, argv, "net ads keytab", func); } -static int net_ads_kerberos_usage(struct net_context *c, int argc, const char **argv) +static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv) { - d_printf( - "net ads kerberos \n"\ - " can be either:\n"\ - " RENEW Renew TGT from existing credential cache\n"\ - " PAC Dumps the Kerberos PAC\n"\ - " KINIT Retrieve Ticket Granting Ticket (TGT)\n"\ - "\n" - ); + int ret = -1; - return -1; -} + if (c->display_usage) { + d_printf("Usage:\n" + "net ads kerberos renew\n" + " Renew TGT from existing credential cache\n"); + return 0; + } -static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv) -{ - int ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL); + ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL); if (ret) { d_printf("failed to renew kerberos ticket: %s\n", error_message(ret)); @@ -2086,6 +2249,13 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar NTSTATUS status; int ret = -1; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads kerberos pac\n" + " Dump the Kerberos PAC\n"); + return 0; + } + mem_ctx = talloc_init("net_ads_kerberos_pac"); if (!mem_ctx) { goto out; @@ -2129,6 +2299,13 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** int ret = -1; NTSTATUS status; + if (c->display_usage) { + d_printf("Usage:\n" + "net ads kerberos kinit\n" + " Get Ticket Granting Ticket (TGT) for the user\n"); + return 0; + } + mem_ctx = talloc_init("net_ads_kerberos_kinit"); if (!mem_ctx) { goto out; @@ -2156,65 +2333,196 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** int net_ads_kerberos(struct net_context *c, int argc, const char **argv) { - struct functable func[] = { - {"KINIT", net_ads_kerberos_kinit}, - {"RENEW", net_ads_kerberos_renew}, - {"PAC", net_ads_kerberos_pac}, - {"HELP", net_ads_kerberos_usage}, - {NULL, NULL} + struct functable3 func[] = { + { + "kinit", + net_ads_kerberos_kinit, + NET_TRANSPORT_ADS, + "Retrieve Ticket Granting Ticket (TGT)", + "net ads kerberos kinit\n" + " Receive Ticket Granting Ticket (TGT)" + }, + { + "renew", + net_ads_kerberos_renew, + NET_TRANSPORT_ADS, + "Renew Ticket Granting Ticket from credential cache" + "net ads kerberos renew\n" + " Renew Ticket Granting Ticket from credential cache" + }, + { + "pac", + net_ads_kerberos_pac, + NET_TRANSPORT_ADS, + "Dump Kerberos PAC", + "net ads kerberos pac\n" + " Dump Kerberos PAC" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function(c, argc, argv, func, net_ads_kerberos_usage); -} - - -int net_ads_usage(struct net_context *c, int argc, const char **argv) -{ - struct functable func[] = { - {"USER", net_ads_user_usage}, - {"GROUP", net_ads_group_usage}, - {"PRINTER", net_ads_printer_usage}, - {"SEARCH", net_ads_search_usage}, - {"INFO", net_ads_info}, - {"JOIN", net_ads_join_usage}, - {"DNS", net_ads_dns_usage}, - {"LEAVE", net_ads_leave}, - {"STATUS", net_ads_status}, - {"PASSWORD", net_ads_password}, - {"CHANGETRUSTPW", net_ads_changetrustpw}, - {NULL, NULL} - }; - - return net_run_function(c, argc, argv, func, net_ads_help); + return net_run_function3(c, argc, argv, "net ads kerberos", func); } int net_ads(struct net_context *c, int argc, const char **argv) { - struct functable func[] = { - {"INFO", net_ads_info}, - {"JOIN", net_ads_join}, - {"TESTJOIN", net_ads_testjoin}, - {"LEAVE", net_ads_leave}, - {"STATUS", net_ads_status}, - {"USER", net_ads_user}, - {"GROUP", net_ads_group}, - {"DNS", net_ads_dns}, - {"PASSWORD", net_ads_password}, - {"CHANGETRUSTPW", net_ads_changetrustpw}, - {"PRINTER", net_ads_printer}, - {"SEARCH", net_ads_search}, - {"DN", net_ads_dn}, - {"SID", net_ads_sid}, - {"WORKGROUP", net_ads_workgroup}, - {"LOOKUP", net_ads_lookup}, - {"KEYTAB", net_ads_keytab}, - {"GPO", net_ads_gpo}, - {"KERBEROS", net_ads_kerberos}, - {"HELP", net_ads_help}, - {NULL, NULL} + struct functable3 func[] = { + { + "info", + net_ads_info, + NET_TRANSPORT_ADS, + "Display details on remote ADS server", + "net ads info\n" + " Display details on remote ADS server" + }, + { + "join", + net_ads_join, + NET_TRANSPORT_ADS, + "Join the local machine to ADS realm", + "net ads join\n" + " Join the local machine to ADS realm" + }, + { + "testjoin", + net_ads_testjoin, + NET_TRANSPORT_ADS, + "Validate machine account", + "net ads testjoin\n" + " Validate machine account" + }, + { + "leave", + net_ads_leave, + NET_TRANSPORT_ADS, + "Remove the local machine from ADS", + "net ads leave\n" + " Remove the local machine from ADS" + }, + { + "status", + net_ads_status, + NET_TRANSPORT_ADS, + "Display machine account details", + "net ads status\n" + " Display machine account details" + }, + { + "user", + net_ads_user, + NET_TRANSPORT_ADS, + "List/modify users", + "net ads user\n" + " List/modify users" + }, + { + "group", + net_ads_group, + NET_TRANSPORT_ADS, + "List/modify groups", + "net ads group\n" + " List/modify groups" + }, + { + "dns", + net_ads_dns, + NET_TRANSPORT_ADS, + "Issue dynamic DNS update", + "net ads dns\n" + " Issue dynamic DNS update" + }, + { + "password", + net_ads_password, + NET_TRANSPORT_ADS, + "Change user passwords", + "net ads password\n" + " Change user passwords" + }, + { + "changetrustpw", + net_ads_changetrustpw, + NET_TRANSPORT_ADS, + "Change trust account password", + "net ads changetrustpw\n" + " Change trust account password" + }, + { + "printer", + net_ads_printer, + NET_TRANSPORT_ADS, + "List/modify printer entries", + "net ads printer\n" + " List/modify printer entries" + }, + { + "search", + net_ads_search, + NET_TRANSPORT_ADS, + "Issue LDAP search using filter", + "net ads search\n" + " Issue LDAP search using filter" + }, + { + "dn", + net_ads_dn, + NET_TRANSPORT_ADS, + "Issue LDAP search by DN", + "net ads dn\n" + " Issue LDAP search by DN" + }, + { + "sid", + net_ads_sid, + NET_TRANSPORT_ADS, + "Issue LDAP search by SID", + "net ads sid\n" + " Issue LDAP search by SID" + }, + { + "workgroup", + net_ads_workgroup, + NET_TRANSPORT_ADS, + "Display workgroup name", + "net ads workgroup\n" + " Display the workgroup name" + }, + { + "lookup", + net_ads_lookup, + NET_TRANSPORT_ADS, + "Perfom CLDAP query on DC", + "net ads lookup\n" + " Find the ADS DC using CLDAP lookups" + }, + { + "keytab", + net_ads_keytab, + NET_TRANSPORT_ADS, + "Manage local keytab file", + "net ads keytab\n" + " Manage local keytab file" + }, + { + "gpo", + net_ads_gpo, + NET_TRANSPORT_ADS, + "Manage group policy objects", + "net ads gpo\n" + " Manage group policy objects" + }, + { + "kerberos", + net_ads_kerberos, + NET_TRANSPORT_ADS, + "Manage kerberos keytab", + "net ads kerberos\n" + " Manage kerberos keytab" + }, + {NULL, NULL, 0, NULL, NULL} }; - return net_run_function(c, argc, argv, func, net_ads_help); + return net_run_function3(c, argc, argv, "net ads", func); } #else @@ -2235,16 +2543,6 @@ int net_ads_kerberos(struct net_context *c, int argc, const char **argv) return net_ads_noads(); } -int net_ads_usage(struct net_context *c, int argc, const char **argv) -{ - return net_ads_noads(); -} - -int net_ads_help(struct net_context *c, int argc, const char **argv) -{ - return net_ads_noads(); -} - int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) { return net_ads_noads(); -- cgit From 255bdb26025a5025bc60637dd924f6ec71c49ee5 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sat, 7 Jun 2008 02:25:08 +0200 Subject: net: Rename functable3 to functable, get rid of old functables (This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07) --- source3/utils/net_ads.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a71ba5b1d2..f945bfaafb 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -603,7 +603,7 @@ static int ads_user_delete(struct net_context *c, int argc, const char **argv) int net_ads_user(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "add", ads_user_add, @@ -663,7 +663,7 @@ int net_ads_user(struct net_context *c, int argc, const char **argv) return ADS_ERR_OK(rc) ? 0 : -1; } - return net_run_function3(c, argc, argv, "net ads user", func); + return net_run_function(c, argc, argv, "net ads user", func); } static int net_ads_group_usage(struct net_context *c, int argc, const char **argv) @@ -762,7 +762,7 @@ static int ads_group_delete(struct net_context *c, int argc, const char **argv) int net_ads_group(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "add", ads_group_add, @@ -813,7 +813,7 @@ int net_ads_group(struct net_context *c, int argc, const char **argv) ads_destroy(&ads); return ADS_ERR_OK(rc) ? 0 : -1; } - return net_run_function3(c, argc, argv, "net ads group", func); + return net_run_function(c, argc, argv, "net ads group", func); } static int net_ads_status(struct net_context *c, int argc, const char **argv) @@ -1405,7 +1405,7 @@ static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char static int net_ads_dns(struct net_context *c, int argc, const char *argv[]) { - struct functable3 func[] = { + struct functable func[] = { { "register", net_ads_dns_register, @@ -1425,7 +1425,7 @@ static int net_ads_dns(struct net_context *c, int argc, const char *argv[]) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net ads dns", func); + return net_run_function(c, argc, argv, "net ads dns", func); } /******************************************************************* @@ -1730,7 +1730,7 @@ static int net_ads_printer_remove(struct net_context *c, int argc, const char ** static int net_ads_printer(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "search", net_ads_printer_search, @@ -1766,7 +1766,7 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net ads printer", func); + return net_run_function(c, argc, argv, "net ads printer", func); } @@ -2178,7 +2178,7 @@ static int net_ads_keytab_list(struct net_context *c, int argc, const char **arg int net_ads_keytab(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "add", net_ads_keytab_add, @@ -2219,7 +2219,7 @@ int net_ads_keytab(struct net_context *c, int argc, const char **argv) use keytab functions.\n"); } - return net_run_function3(c, argc, argv, "net ads keytab", func); + return net_run_function(c, argc, argv, "net ads keytab", func); } static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv) @@ -2333,7 +2333,7 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** int net_ads_kerberos(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "kinit", net_ads_kerberos_kinit, @@ -2361,12 +2361,12 @@ int net_ads_kerberos(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net ads kerberos", func); + return net_run_function(c, argc, argv, "net ads kerberos", func); } int net_ads(struct net_context *c, int argc, const char **argv) { - struct functable3 func[] = { + struct functable func[] = { { "info", net_ads_info, @@ -2522,7 +2522,7 @@ int net_ads(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - return net_run_function3(c, argc, argv, "net ads", func); + return net_run_function(c, argc, argv, "net ads", func); } #else -- cgit From 8f1f62af28c1e6a8b9617216f97d231ee6de85e5 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 12 Jun 2008 11:50:09 +0200 Subject: net: Fix net_ads.c build for the HAVE_ADS == 0 case. Thanks to Karolin for catching this one. (This used to be commit 7f52998f5461ed7d976faa2254464336dcf73c02) --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index f945bfaafb..8c39fa955f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2576,7 +2576,7 @@ int net_ads_check_our_domain(struct net_context *c) int net_ads(struct net_context *c, int argc, const char **argv) { - return net_ads_usage(c, argc, argv); + return net_ads_noads(); } #endif /* WITH_ADS */ -- cgit From 6ce0c8517256fec9ac9fc7d3f5f9a0f361020ea3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 12:20:01 +0200 Subject: net: Fix bug #5542 (samsync contains empty passwords). Guenther (cherry picked from commit 1a22e975dd1255f3557c1cd873d877aa35822afc) (This used to be commit ad8392cf7c817ee29a03bc6f515bf1cc18a29eda) --- source3/utils/net_ads.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8c39fa955f..c0d04acd0b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,8 +23,6 @@ #include "includes.h" #include "utils/net.h" -#include "libnet/libnet.h" - #ifdef HAVE_ADS /* when we do not have sufficient input parameters to contact a remote domain -- cgit From 7c451b9b89de4fd3243e081551504d2efc6ade2f Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Tue, 24 Jun 2008 15:55:30 +0200 Subject: net ads: Fix typos. Karolin (This used to be commit 63c1a5146e25e05678d2bef95286add5c95a5f38) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c0d04acd0b..4d37e2bf8d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1911,9 +1911,9 @@ static int net_ads_search_usage(struct net_context *c, int argc, const char **ar { d_printf( "\nnet ads search \n" - "\nperform a raw LDAP search on a ADS server and dump the results\n" + "\nPerform a raw LDAP search on a ADS server and dump the results.\n" "The expression is a standard LDAP search expression, and the\n" - "attributes are a list of LDAP fields to show in the results\n\n" + "attributes are a list of LDAP fields to show in the results.\n\n" "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n" ); net_common_flags_usage(c, argc, argv); -- cgit From 1335da2a7cc639310e5d389e8e8dbe67c4e7ca25 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 11:04:31 +0200 Subject: Refactoring: Change calling conventions for cli_rpc_pipe_open_noauth Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779) --- source3/utils/net_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 4d37e2bf8d..934ac1da1e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1633,8 +1633,8 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * SAFE_FREE(srv_cn_escaped); SAFE_FREE(printername_escaped); - pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SPOOLSS, &nt_status); - if (!pipe_hnd) { + nt_status = cli_rpc_pipe_open_noauth(cli, &syntax_spoolss, &pipe_hnd); + if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Unable to open a connnection to the spoolss pipe on %s\n", servername); SAFE_FREE(prt_dn); -- cgit From 5bea31aa3c6a1e66496d6bb596b96977ba01457f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 21:38:21 +0200 Subject: libnetjoin: support kerberized joining/unjoing (fix #5416). Guenther (This used to be commit da6e0f4f375aa533c4c765891c960070478972eb) --- source3/utils/net_ads.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_ads.c') diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 934ac1da1e..7dbe518c3d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -879,7 +879,9 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - use_in_memory_ccache(); + if (!c->opt_kerberos) { + use_in_memory_ccache(); + } werr = libnet_init_UnjoinCtx(ctx, &r); if (!W_ERROR_IS_OK(werr)) { @@ -888,6 +890,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) } r->in.debug = true; + r->in.use_kerberos = c->opt_kerberos; r->in.dc_name = c->opt_host; r->in.domain_name = lp_realm(); r->in.admin_account = c->opt_user_name; @@ -1192,7 +1195,9 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) goto fail; } - use_in_memory_ccache(); + if (!c->opt_kerberos) { + use_in_memory_ccache(); + } werr = libnet_init_JoinCtx(ctx, &r); if (!W_ERROR_IS_OK(werr)) { @@ -1250,6 +1255,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) r->in.admin_account = c->opt_user_name; r->in.admin_password = net_prompt_pass(c, c->opt_user_name); r->in.debug = true; + r->in.use_kerberos = c->opt_kerberos; r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | -- cgit