goto failure;
}
+ ret = json_add_bool(&flagsobj, "Runs on Windows 2012R2 or later",
+ reply->server_type & NBT_SERVER_DS_9);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Runs on Windows 2016 or later",
+ reply->server_type & NBT_SERVER_DS_10);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Has a DNS name",
+ reply->server_type & NBT_SERVER_HAS_DNS_NAME);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Is a default NC",
+ reply->server_type & NBT_SERVER_IS_DEFAULT_NC);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Is the forest root",
+ reply->server_type & NBT_SERVER_FOREST_ROOT);
+ if (ret != 0) {
+ goto failure;
+ }
+
ret = json_add_string(&jsobj, "Forest", reply->forest);
if (ret != 0) {
goto failure;
"\tIs NT6 DC that has some secrets: %s\n"
"\tIs NT6 DC that has all secrets: %s\n"
"\tRuns Active Directory Web Services: %s\n"
- "\tRuns on Windows 2012 or later: %s\n"),
+ "\tRuns on Windows 2012 or later: %s\n"
+ "\tRuns on Windows 2012R2 or later: %s\n"
+ "\tRuns on Windows 2016 or later: %s\n"
+ "\tHas a DNS name: %s\n"
+ "\tIs a default NC: %s\n"
+ "\tIs the forest root: %s\n"),
(reply.server_type & NBT_SERVER_PDC) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_GC) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_LDAP) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_ADS_WEB_SERVICE) ? _("yes") : _("no"),
- (reply.server_type & NBT_SERVER_DS_8) ? _("yes") : _("no"));
+ (reply.server_type & NBT_SERVER_DS_8) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_DS_9) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_DS_10) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_HAS_DNS_NAME) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_IS_DEFAULT_NC) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_FOREST_ROOT) ? _("yes") : _("no"));
printf(_("Forest: %s\n"), reply.forest);
_("Usage:"),
_("Find the ADS DC using CLDAP lookup.\n"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
status = ads_startup_nobind(c, false, tmp_ctx, &ads);
}
if (!ads->config.realm) {
- ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
+ ads->config.realm = talloc_strdup(ads, c->opt_target_workgroup);
+ if (ads->config.realm == NULL) {
+ d_fprintf(stderr, _("Out of memory\n"));
+ goto out;
+ }
ads->ldap.port = 389;
}
ret = net_ads_cldap_netlogon(c, ads);
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("Display information about an Active Directory "
"server.\n"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
status = ads_startup_nobind(c, false, tmp_ctx, &ads);
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
-static ADS_STATUS ads_startup_int(struct net_context *c, bool only_own_domain,
- uint32_t auth_flags, ADS_STRUCT **ads_ret)
+static ADS_STATUS ads_startup_int(struct net_context *c,
+ bool only_own_domain,
+ uint32_t auth_flags,
+ TALLOC_CTX *mem_ctx,
+ ADS_STRUCT **ads_ret)
{
ADS_STRUCT *ads = NULL;
ADS_STATUS status;
realm = assume_own_realm(c);
}
- ads = ads_init(realm,
- c->opt_target_workgroup,
- c->opt_host,
- ADS_SASL_PLAIN);
+ ads = ads_init(mem_ctx,
+ realm,
+ c->opt_target_workgroup,
+ c->opt_host,
+ ADS_SASL_PLAIN);
+ if (ads == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
if (!c->opt_user_name) {
c->opt_user_name = "administrator";
if (!c->opt_password && need_password && !c->opt_machine_pass) {
c->opt_password = net_prompt_pass(c, c->opt_user_name);
if (!c->opt_password) {
- ads_destroy(&ads);
+ TALLOC_FREE(ads);
return ADS_ERROR(LDAP_NO_MEMORY);
}
}
if (c->opt_password) {
use_in_memory_ccache();
- SAFE_FREE(ads->auth.password);
- ads->auth.password = smb_xstrdup(c->opt_password);
+ ADS_TALLOC_CONST_FREE(ads->auth.password);
+ ads->auth.password = talloc_strdup(ads, c->opt_password);
+ if (ads->auth.password == NULL) {
+ TALLOC_FREE(ads);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
}
- SAFE_FREE(ads->auth.user_name);
- ads->auth.user_name = smb_xstrdup(c->opt_user_name);
+ ADS_TALLOC_CONST_FREE(ads->auth.user_name);
+ ads->auth.user_name = talloc_strdup(ads, c->opt_user_name);
+ if (ads->auth.user_name == NULL) {
+ TALLOC_FREE(ads);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
ads->auth.flags |= auth_flags;
*/
if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
*cp++ = '\0';
- SAFE_FREE(ads->auth.realm);
- ads->auth.realm = smb_xstrdup(cp);
- if (!strupper_m(ads->auth.realm)) {
- ads_destroy(&ads);
+ ADS_TALLOC_CONST_FREE(ads->auth.realm);
+ ads->auth.realm = talloc_asprintf_strupper_m(ads, "%s", cp);
+ if (ads->auth.realm == NULL) {
+ TALLOC_FREE(ads);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- }
+ } else if (ads->auth.realm == NULL) {
+ const char *c_realm = cli_credentials_get_realm(c->creds);
+
+ if (c_realm != NULL) {
+ ads->auth.realm = talloc_strdup(ads, c_realm);
+ if (ads->auth.realm == NULL) {
+ TALLOC_FREE(ads);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+ }
status = ads_connect(ads);
if (NT_STATUS_EQUAL(ads_ntstatus(status),
NT_STATUS_NO_LOGON_SERVERS)) {
DEBUG(0,("ads_connect: %s\n", ads_errstr(status)));
- ads_destroy(&ads);
+ TALLOC_FREE(ads);
return status;
}
second_time = true;
goto retry;
} else {
- ads_destroy(&ads);
+ TALLOC_FREE(ads);
return status;
}
}
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);
- ads_destroy(&ads);
- ads = NULL;
+ TALLOC_FREE(ads);
goto retry_connect;
}
}
- *ads_ret = ads;
+ *ads_ret = talloc_move(mem_ctx, &ads);
return status;
}
-ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
+ADS_STATUS ads_startup(struct net_context *c,
+ bool only_own_domain,
+ TALLOC_CTX *mem_ctx,
+ ADS_STRUCT **ads)
{
- return ads_startup_int(c, only_own_domain, 0, ads);
+ return ads_startup_int(c, only_own_domain, 0, mem_ctx, ads);
}
ADS_STATUS ads_startup_nobind(struct net_context *c,
TALLOC_CTX *mem_ctx,
ADS_STRUCT **ads)
{
- return ads_startup_int(c, only_own_domain, ADS_AUTH_NO_BIND, ads);
+ return ads_startup_int(c,
+ only_own_domain,
+ ADS_AUTH_NO_BIND,
+ mem_ctx,
+ ads);
}
/*
ads_startup() stores the password in opt_password if it needs to so
that rpc or rap can use it without re-prompting.
*/
-static int net_ads_check_int(const char *realm, const char *workgroup, const char *host)
+static int net_ads_check_int(struct net_context *c,
+ const char *realm,
+ const char *workgroup,
+ const char *host)
{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
ADS_STRUCT *ads;
ADS_STATUS status;
+ int ret = -1;
- ads = ads_init(realm, workgroup, host, ADS_SASL_PLAIN);
- if (ads == NULL ) {
- return -1;
+ ads = ads_init(tmp_ctx, realm, workgroup, host, ADS_SASL_PLAIN);
+ if (ads == NULL) {
+ goto out;
}
ads->auth.flags |= ADS_AUTH_NO_BIND;
status = ads_connect(ads);
if ( !ADS_ERR_OK(status) ) {
- return -1;
+ goto out;
}
- ads_destroy(&ads);
- return 0;
+ ret = 0;
+out:
+ TALLOC_FREE(tmp_ctx);
+ return ret;
}
int net_ads_check_our_domain(struct net_context *c)
{
- return net_ads_check_int(lp_realm(), lp_workgroup(), NULL);
+ return net_ads_check_int(c, lp_realm(), lp_workgroup(), NULL);
}
int net_ads_check(struct net_context *c)
{
- return net_ads_check_int(NULL, c->opt_workgroup, c->opt_host);
+ return net_ads_check_int(c, NULL, c->opt_workgroup, c->opt_host);
}
/*
_("Usage:"),
_("Print the workgroup name"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
status = ads_startup_nobind(c, false, tmp_ctx, &ads);
}
if (!ads->config.realm) {
- ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
+ ads->config.realm = talloc_strdup(ads, c->opt_target_workgroup);
+ if (ads->config.realm == NULL) {
+ d_fprintf(stderr, _("Out of memory\n"));
+ goto out;
+ }
ads->ldap.port = 389;
}
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
return net_ads_user_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto done;
}
done:
ads_msgfree(ads, res);
- ads_destroy(&ads);
SAFE_FREE(ou_str);
TALLOC_FREE(tmp_ctx);
return rc;
goto out;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
return net_ads_user_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("List AD users"));
net_display_usage_from_functable(func);
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
return net_ads_group_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
SAFE_FREE(ou_str);
TALLOC_FREE(tmp_ctx);
return ret;
return net_ads_group_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("List AD groups"));
net_display_usage_from_functable(func);
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("Usage:"),
_("Display machine account details"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
- status = ads_startup(c, true, &ads);
+ net_warn_member_options();
+
+ status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("Usage:"),
_("Leave an AD domain"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
if (!*lp_realm()) {
return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
+ net_warn_member_options();
+
net_use_krb_machine_account(c);
get_dc_name(lp_workgroup(), lp_realm(), dc_name, &dcip);
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
status = ADS_ERROR_NT(NT_STATUS_OK);
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return status;
}
" %s\n",
_("Usage:"),
_("Test if the existing join is ok"));
- return 0;
+ return -1;
}
+ net_warn_member_options();
+
/* Display success or failure */
status = net_ads_join_ok(c);
if (!ADS_ERR_OK(status)) {
return net_ads_join_usage(c, argc, argv);
}
+ net_warn_member_options();
+
if (!modify_config) {
werr = check_ads_config();
if (!W_ERROR_IS_OK(werr)) {
if (c->display_usage) {
d_printf( "%s\n"
- "net ads dns register [hostname [IP [IP...]]]\n"
+ "net ads dns register [hostname [IP [IP...]]] "
+ "[--force] [--dns-ttl TTL]\n"
" %s\n",
_("Usage:"),
_("Register hostname with DNS\n"));
}
}
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if ( !ADS_ERR_OK(status) ) {
DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
goto out;
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
"net ads dns unregister [hostname]\n"
" %s\n",
_("Usage:"),
- _("Remove all IP Address entires for a given\n"
+ _("Remove all IP Address entries for a given\n"
" hostname from the Active Directory server.\n"));
TALLOC_FREE(tmp_ctx);
return -1;
/* Get the hostname for un-registering */
hostname = argv[0];
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if ( !ADS_ERR_OK(status) ) {
DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
goto out;
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
_("Usage:"),
_("List printers in the AD"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
" printername\tPrinter name or wildcard\n"
" servername\tName of the print server\n"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
goto out;
}
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
- ads_destroy(&ads);
talloc_destroy(tmp_ctx);
return ret;
return -1;
}
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
" Change password for user\n"
" username\tName of user to change password for\n"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
if (auth_principal == NULL || auth_password == NULL) {
/* use the realm so we can eventually change passwords for users
in realms other than default */
- ads = ads_init(realm, c->opt_workgroup, c->opt_host, ADS_SASL_PLAIN);
+ ads = ads_init(tmp_ctx,
+ realm,
+ c->opt_workgroup,
+ c->opt_host,
+ ADS_SASL_PLAIN);
if (ads == NULL) {
goto out;
}
/* we don't actually need a full connect, but it's the easy way to
- fill in the KDC's addresss */
+ fill in the KDC's address */
ads_connect(ads);
if (!ads->config.realm) {
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("Usage:"),
_("Change the machine account's trust password"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
if (!secrets_init()) {
goto out;
}
+ net_warn_member_options();
+
net_use_krb_machine_account(c);
use_in_memory_ccache();
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
return net_ads_search_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
return net_ads_dn_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
return net_ads_sid_usage(c, argc, argv);
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = 0;
out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
_("Usage:"),
_("Delete the whole keytab"));
TALLOC_FREE(tmp_ctx);
- return 0;
+ return -1;
}
if (!c->opt_user_specified && c->opt_password == NULL) {
net_use_krb_machine_account(c);
}
- status = ads_startup(c, true, &ads);
+ status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
}
ret = ads_keytab_flush(ads);
out:
- ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
const char **argv,
bool update_ads)
{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
int i;
- int ret = 0;
- ADS_STRUCT *ads;
+ int ret = -1;
if (c->display_usage) {
d_printf("%s\n%s",
" Add principals to local keytab\n"
" principal\tKerberos principal to add to "
"keytab\n"));
- return 0;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
+ net_warn_member_options();
+
d_printf(_("Processing principals to add...\n"));
if (!c->opt_user_specified && c->opt_password == NULL) {
net_use_krb_machine_account(c);
}
- if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
- return -1;
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
}
- for (i = 0; i < argc; i++) {
+
+ for (ret = 0, i = 0; i < argc; i++) {
ret |= ads_keytab_add_entry(ads, argv[i], update_ads);
}
- ads_destroy(&ads);
+out:
+ TALLOC_FREE(tmp_ctx);
return ret;
}
return net_ads_keytab_add(c, argc, argv, true);
}
+static int net_ads_keytab_delete(struct net_context *c,
+ int argc,
+ const char **argv)
+{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
+ int i;
+ int ret = -1;
+
+ if (c->display_usage) {
+ d_printf("%s\n%s",
+ _("Usage:"),
+ _("net ads keytab delete <principal> [principal ...]\n"
+ " Remove entries for service principal, "
+ " from the keytab file only."
+ " Remove principals from local keytab\n"
+ " principal\tKerberos principal to remove from "
+ "keytab\n"));
+ TALLOC_FREE(tmp_ctx);
+ return -1;
+ }
+
+ d_printf(_("Processing principals to delete...\n"));
+
+ if (!c->opt_user_specified && c->opt_password == NULL) {
+ net_use_krb_machine_account(c);
+ }
+
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
+ }
+
+ for (ret = 0, i = 0; i < argc; i++) {
+ ret |= ads_keytab_delete_entry(ads, argv[i]);
+ }
+out:
+ TALLOC_FREE(tmp_ctx);
+ return ret;
+}
+
static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv)
{
- ADS_STRUCT *ads;
- int ret;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
+ int ret = -1;
if (c->display_usage) {
d_printf( "%s\n"
" %s\n",
_("Usage:"),
_("Create new default keytab"));
- return 0;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
+ net_warn_member_options();
+
if (!c->opt_user_specified && c->opt_password == NULL) {
net_use_krb_machine_account(c);
}
- if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
- return -1;
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
}
+
ret = ads_keytab_create_default(ads);
- ads_destroy(&ads);
+out:
+ TALLOC_FREE(tmp_ctx);
return ret;
}
_("net ads keytab list [keytab]\n"
" List a local keytab\n"
" keytab\tKeytab to list\n"));
- return 0;
+ return -1;
}
if (argc >= 1) {
N_("net ads keytab add\n"
" Add a service principal, updates keytab file only.")
},
+ {
+ "delete",
+ net_ads_keytab_delete,
+ NET_TRANSPORT_ADS,
+ N_("Delete a service principal"),
+ N_("net ads keytab delete\n"
+ " Remove entries for service principal, from the keytab file only.")
+ },
{
"add_update_ads",
net_ads_keytab_add_update_ads,
" %s\n",
_("Usage:"),
_("Renew TGT from existing credential cache"));
- return 0;
+ return -1;
}
ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL);
static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
{
- TALLOC_CTX *mem_ctx = NULL;
int ret = -1;
NTSTATUS status;
" %s\n",
_("Usage:"),
_("Get Ticket Granting Ticket (TGT) for the user"));
- return 0;
- }
-
- mem_ctx = talloc_init("net_ads_kerberos_kinit");
- if (!mem_ctx) {
- goto out;
+ return -1;
}
c->opt_password = net_prompt_pass(c, c->opt_user_name);
d_printf(_("failed to kinit password: %s\n"),
nt_errstr(status));
}
- out:
return ret;
}
return net_run_function(c, argc, argv, "net ads kerberos", func);
}
-static int net_ads_setspn_list(struct net_context *c, int argc, const char **argv)
+static int net_ads_setspn_list(struct net_context *c,
+ int argc,
+ const char **argv)
{
- int ret = 0;
- bool ok = false;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
+ bool ok = false;
+ int ret = -1;
+
if (c->display_usage) {
d_printf("%s\n%s",
_("Usage:"),
_("net ads setspn list <machinename>\n"));
- ret = 0;
- goto done;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
- if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
- ret = -1;
- goto done;
+
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
}
+
if (argc) {
ok = ads_setspn_list(ads, argv[0]);
} else {
ok = ads_setspn_list(ads, lp_netbios_name());
}
- if (!ok) {
- ret = -1;
- }
-done:
- if (ads) {
- ads_destroy(&ads);
- }
+
+ ret = ok ? 0 : -1;
+out:
+ TALLOC_FREE(tmp_ctx);
return ret;
}
static int net_ads_setspn_add(struct net_context *c, int argc, const char **argv)
{
- int ret = 0;
- bool ok = false;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
+ bool ok = false;
+ int ret = -1;
+
if (c->display_usage || argc < 1) {
d_printf("%s\n%s",
_("Usage:"),
_("net ads setspn add <machinename> SPN\n"));
- ret = 0;
- goto done;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
- if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
- ret = -1;
- goto done;
+
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
}
+
if (argc > 1) {
ok = ads_setspn_add(ads, argv[0], argv[1]);
} else {
ok = ads_setspn_add(ads, lp_netbios_name(), argv[0]);
}
- if (!ok) {
- ret = -1;
- }
-done:
- if (ads) {
- ads_destroy(&ads);
- }
+
+ ret = ok ? 0 : -1;
+out:
+ TALLOC_FREE(tmp_ctx);
return ret;
}
static int net_ads_setspn_delete(struct net_context *c, int argc, const char **argv)
{
- int ret = 0;
- bool ok = false;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
+ bool ok = false;
+ int ret = -1;
+
if (c->display_usage || argc < 1) {
d_printf("%s\n%s",
_("Usage:"),
_("net ads setspn delete <machinename> SPN\n"));
- ret = 0;
- goto done;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
- if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
- ret = -1;
- goto done;
+
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
}
+
if (argc > 1) {
ok = ads_setspn_delete(ads, argv[0], argv[1]);
} else {
ok = ads_setspn_delete(ads, lp_netbios_name(), argv[0]);
}
- if (!ok) {
- ret = -1;
- }
-done:
- if (ads) {
- ads_destroy(&ads);
- }
+
+ ret = ok ? 0 : -1;
+out:
+ TALLOC_FREE(tmp_ctx);
return ret;
}
printf("[%s] 0x%08x AES256-CTS-HMAC-SHA1-96\n",
enctypes & ENC_HMAC_SHA1_96_AES256 ? "X" : " ",
ENC_HMAC_SHA1_96_AES256);
+ printf("[%s] 0x%08x AES256-CTS-HMAC-SHA1-96-SK\n",
+ enctypes & ENC_HMAC_SHA1_96_AES256_SK ? "X" : " ",
+ ENC_HMAC_SHA1_96_AES256_SK);
+ printf("[%s] 0x%08x RESOURCE-SID-COMPRESSION-DISABLED\n",
+ enctypes & KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED ? "X" : " ",
+ KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED);
}
static int net_ads_enctypes_list(struct net_context *c, int argc, const char **argv)
{
- int ret = -1;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
ADS_STATUS status;
ADS_STRUCT *ads = NULL;
LDAPMessage *res = NULL;
const char *str = NULL;
+ int ret = -1;
if (c->display_usage || (argc < 1)) {
d_printf( "%s\n"
" %s\n",
_("Usage:"),
_("List supported enctypes"));
- return 0;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
- printf("startup failed\n");
- return ret;
+ goto out;
}
ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, &str);
if (ret) {
- goto done;
+ goto out;
}
net_ads_enctype_dump_enctypes(argv[0], str);
ret = 0;
- done:
+ out:
ads_msgfree(ads, res);
- ads_destroy(&ads);
-
+ TALLOC_FREE(tmp_ctx);
return ret;
}
static int net_ads_enctypes_set(struct net_context *c, int argc, const char **argv)
{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
int ret = -1;
ADS_STATUS status;
- ADS_STRUCT *ads;
+ ADS_STRUCT *ads = NULL;
LDAPMessage *res = NULL;
- const char *etype_list_str;
- const char *dn;
- ADS_MODLIST mods;
+ const char *etype_list_str = NULL;
+ const char *dn = NULL;
+ ADS_MODLIST mods = NULL;
uint32_t etype_list;
- const char *str;
+ const char *str = NULL;
if (c->display_usage || argc < 1) {
d_printf( "%s\n"
" %s\n",
_("Usage:"),
_("Set supported enctypes"));
- return 0;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
- printf("startup failed\n");
- return ret;
+ goto done;
}
ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, NULL);
goto done;
}
- dn = ads_get_dn(ads, c, res);
+ dn = ads_get_dn(ads, tmp_ctx, res);
if (dn == NULL) {
goto done;
}
- etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ etype_list = 0;
+ etype_list |= ENC_RC4_HMAC_MD5;
etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
if (argv[1] != NULL) {
sscanf(argv[1], "%i", &etype_list);
}
- etype_list_str = talloc_asprintf(c, "%d", etype_list);
+ etype_list_str = talloc_asprintf(tmp_ctx, "%d", etype_list);
if (!etype_list_str) {
goto done;
}
- mods = ads_init_mods(c);
+ mods = ads_init_mods(tmp_ctx);
if (!mods) {
goto done;
}
- status = ads_mod_str(c, &mods, "msDS-SupportedEncryptionTypes",
+ status = ads_mod_str(tmp_ctx, &mods, "msDS-SupportedEncryptionTypes",
etype_list_str);
if (!ADS_ERR_OK(status)) {
goto done;
}
ads_msgfree(ads, res);
+ res = NULL;
ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, &str);
if (ret) {
ret = 0;
done:
ads_msgfree(ads, res);
- ads_destroy(&ads);
-
+ TALLOC_FREE(tmp_ctx);
return ret;
}
static int net_ads_enctypes_delete(struct net_context *c, int argc, const char **argv)
{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
int ret = -1;
ADS_STATUS status;
- ADS_STRUCT *ads;
+ ADS_STRUCT *ads = NULL;
LDAPMessage *res = NULL;
- const char *dn;
- ADS_MODLIST mods;
+ const char *dn = NULL;
+ ADS_MODLIST mods = NULL;
if (c->display_usage || argc < 1) {
d_printf( "%s\n"
" %s\n",
_("Usage:"),
_("Delete supported enctypes"));
- return 0;
+ TALLOC_FREE(tmp_ctx);
+ return -1;
}
- status = ads_startup(c, false, &ads);
+ status = ads_startup(c, false, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
- printf("startup failed\n");
- return ret;
+ goto done;
}
ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, NULL);
goto done;
}
- dn = ads_get_dn(ads, c, res);
+ dn = ads_get_dn(ads, tmp_ctx, res);
if (dn == NULL) {
goto done;
}
- mods = ads_init_mods(c);
+ mods = ads_init_mods(tmp_ctx);
if (!mods) {
goto done;
}
- status = ads_mod_str(c, &mods, "msDS-SupportedEncryptionTypes", NULL);
+ status = ads_mod_str(tmp_ctx, &mods, "msDS-SupportedEncryptionTypes", NULL);
if (!ADS_ERR_OK(status)) {
goto done;
}
done:
ads_msgfree(ads, res);
- ads_destroy(&ads);
+ TALLOC_FREE(tmp_ctx);
return ret;
}