goto failure;
}
+ ret = json_add_bool(&flagsobj, "Runs on Windows 2012R2 or later",
+ reply->server_type & NBT_SERVER_DS_9);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Runs on Windows 2016 or later",
+ reply->server_type & NBT_SERVER_DS_10);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Has a DNS name",
+ reply->server_type & NBT_SERVER_HAS_DNS_NAME);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Is a default NC",
+ reply->server_type & NBT_SERVER_IS_DEFAULT_NC);
+ if (ret != 0) {
+ goto failure;
+ }
+
+ ret = json_add_bool(&flagsobj, "Is the forest root",
+ reply->server_type & NBT_SERVER_FOREST_ROOT);
+ if (ret != 0) {
+ goto failure;
+ }
+
ret = json_add_string(&jsobj, "Forest", reply->forest);
if (ret != 0) {
goto failure;
"\tIs NT6 DC that has some secrets: %s\n"
"\tIs NT6 DC that has all secrets: %s\n"
"\tRuns Active Directory Web Services: %s\n"
- "\tRuns on Windows 2012 or later: %s\n"),
+ "\tRuns on Windows 2012 or later: %s\n"
+ "\tRuns on Windows 2012R2 or later: %s\n"
+ "\tRuns on Windows 2016 or later: %s\n"
+ "\tHas a DNS name: %s\n"
+ "\tIs a default NC: %s\n"
+ "\tIs the forest root: %s\n"),
(reply.server_type & NBT_SERVER_PDC) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_GC) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_LDAP) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) ? _("yes") : _("no"),
(reply.server_type & NBT_SERVER_ADS_WEB_SERVICE) ? _("yes") : _("no"),
- (reply.server_type & NBT_SERVER_DS_8) ? _("yes") : _("no"));
+ (reply.server_type & NBT_SERVER_DS_8) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_DS_9) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_DS_10) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_HAS_DNS_NAME) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_IS_DEFAULT_NC) ? _("yes") : _("no"),
+ (reply.server_type & NBT_SERVER_FOREST_ROOT) ? _("yes") : _("no"));
printf(_("Forest: %s\n"), reply.forest);
if (c->opt_password) {
use_in_memory_ccache();
- TALLOC_FREE(ads->auth.password);
+ ADS_TALLOC_CONST_FREE(ads->auth.password);
ads->auth.password = talloc_strdup(ads, c->opt_password);
if (ads->auth.password == NULL) {
TALLOC_FREE(ads);
}
}
- TALLOC_FREE(ads->auth.user_name);
+ ADS_TALLOC_CONST_FREE(ads->auth.user_name);
ads->auth.user_name = talloc_strdup(ads, c->opt_user_name);
if (ads->auth.user_name == NULL) {
TALLOC_FREE(ads);
*/
if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
*cp++ = '\0';
- TALLOC_FREE(ads->auth.realm);
+ ADS_TALLOC_CONST_FREE(ads->auth.realm);
ads->auth.realm = talloc_asprintf_strupper_m(ads, "%s", cp);
if (ads->auth.realm == NULL) {
TALLOC_FREE(ads);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- }
+ } else if (ads->auth.realm == NULL) {
+ const char *c_realm = cli_credentials_get_realm(c->creds);
+
+ if (c_realm != NULL) {
+ ads->auth.realm = talloc_strdup(ads, c_realm);
+ if (ads->auth.realm == NULL) {
+ TALLOC_FREE(ads);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+ }
status = ads_connect(ads);
return -1;
}
+ net_warn_member_options();
+
status = ads_startup(c, true, tmp_ctx, &ads);
if (!ADS_ERR_OK(status)) {
goto out;
return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
+ net_warn_member_options();
+
net_use_krb_machine_account(c);
get_dc_name(lp_workgroup(), lp_realm(), dc_name, &dcip);
return -1;
}
+ net_warn_member_options();
+
/* Display success or failure */
status = net_ads_join_ok(c);
if (!ADS_ERR_OK(status)) {
return net_ads_join_usage(c, argc, argv);
}
+ net_warn_member_options();
+
if (!modify_config) {
werr = check_ads_config();
if (!W_ERROR_IS_OK(werr)) {
if (c->display_usage) {
d_printf( "%s\n"
- "net ads dns register [hostname [IP [IP...]]]\n"
+ "net ads dns register [hostname [IP [IP...]]] "
+ "[--force] [--dns-ttl TTL]\n"
" %s\n",
_("Usage:"),
_("Register hostname with DNS\n"));
"net ads dns unregister [hostname]\n"
" %s\n",
_("Usage:"),
- _("Remove all IP Address entires for a given\n"
+ _("Remove all IP Address entries for a given\n"
" hostname from the Active Directory server.\n"));
TALLOC_FREE(tmp_ctx);
return -1;
}
/* we don't actually need a full connect, but it's the easy way to
- fill in the KDC's addresss */
+ fill in the KDC's address */
ads_connect(ads);
if (!ads->config.realm) {
goto out;
}
+ net_warn_member_options();
+
net_use_krb_machine_account(c);
use_in_memory_ccache();
return -1;
}
+ net_warn_member_options();
+
d_printf(_("Processing principals to add...\n"));
if (!c->opt_user_specified && c->opt_password == NULL) {
return net_ads_keytab_add(c, argc, argv, true);
}
+static int net_ads_keytab_delete(struct net_context *c,
+ int argc,
+ const char **argv)
+{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ ADS_STRUCT *ads = NULL;
+ ADS_STATUS status;
+ int i;
+ int ret = -1;
+
+ if (c->display_usage) {
+ d_printf("%s\n%s",
+ _("Usage:"),
+ _("net ads keytab delete <principal> [principal ...]\n"
+ " Remove entries for service principal, "
+ " from the keytab file only."
+ " Remove principals from local keytab\n"
+ " principal\tKerberos principal to remove from "
+ "keytab\n"));
+ TALLOC_FREE(tmp_ctx);
+ return -1;
+ }
+
+ d_printf(_("Processing principals to delete...\n"));
+
+ if (!c->opt_user_specified && c->opt_password == NULL) {
+ net_use_krb_machine_account(c);
+ }
+
+ status = ads_startup(c, true, tmp_ctx, &ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
+ }
+
+ for (ret = 0, i = 0; i < argc; i++) {
+ ret |= ads_keytab_delete_entry(ads, argv[i]);
+ }
+out:
+ TALLOC_FREE(tmp_ctx);
+ return ret;
+}
+
static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv)
{
TALLOC_CTX *tmp_ctx = talloc_stackframe();
return -1;
}
+ net_warn_member_options();
+
if (!c->opt_user_specified && c->opt_password == NULL) {
net_use_krb_machine_account(c);
}
N_("net ads keytab add\n"
" Add a service principal, updates keytab file only.")
},
+ {
+ "delete",
+ net_ads_keytab_delete,
+ NET_TRANSPORT_ADS,
+ N_("Delete a service principal"),
+ N_("net ads keytab delete\n"
+ " Remove entries for service principal, from the keytab file only.")
+ },
{
"add_update_ads",
net_ads_keytab_add_update_ads,
printf("[%s] 0x%08x AES256-CTS-HMAC-SHA1-96\n",
enctypes & ENC_HMAC_SHA1_96_AES256 ? "X" : " ",
ENC_HMAC_SHA1_96_AES256);
+ printf("[%s] 0x%08x AES256-CTS-HMAC-SHA1-96-SK\n",
+ enctypes & ENC_HMAC_SHA1_96_AES256_SK ? "X" : " ",
+ ENC_HMAC_SHA1_96_AES256_SK);
+ printf("[%s] 0x%08x RESOURCE-SID-COMPRESSION-DISABLED\n",
+ enctypes & KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED ? "X" : " ",
+ KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED);
}
static int net_ads_enctypes_list(struct net_context *c, int argc, const char **argv)
goto done;
}
- etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ etype_list = 0;
+ etype_list |= ENC_RC4_HMAC_MD5;
etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
if (argv[1] != NULL) {
sscanf(argv[1], "%i", &etype_list);