2 Samba Unix/Linux SMB client library
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
6 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "../utils/net.h"
28 int net_ads_usage(int argc, const char **argv)
31 "\nnet ads join <org_unit>"\
32 "\n\tjoins the local machine to a ADS realm\n"\
34 "\n\tremoves the local machine from a ADS realm\n"\
36 "\n\ttests that an exiting join is OK\n"\
38 "\n\tlist, add, or delete users in the realm\n"\
40 "\n\tlist, add, or delete groups in the realm\n"\
42 "\n\tshows some info on the server\n"\
44 "\n\tdump the machine account details to stdout\n"
46 "\n\tperform a CLDAP search on the server\n"
47 "\nnet ads password <username@realm> <password> -Uadmin_username@realm%%admin_pass"\
48 "\n\tchange a user's password using an admin account"\
49 "\n\t(note: use realm in UPPERCASE, prompts if password is obmitted)\n"\
50 "\nnet ads changetrustpw"\
51 "\n\tchange the trust account password of this machine in the AD tree\n"\
52 "\nnet ads printer [info | publish | remove] <printername> <servername>"\
53 "\n\t lookup, add, or remove directory entry for a printer\n"\
55 "\n\tperform a raw LDAP search and dump the results\n"
57 "\n\tperform a raw LDAP search and dump attributes of a particular DN\n"
64 this implements the CLDAP based netlogon lookup requests
65 for finding the domain controller of a ADS domain
67 static int net_ads_lookup(int argc, const char **argv)
71 ads = ads_init(NULL, opt_target_workgroup, opt_host);
73 ads->auth.flags |= ADS_AUTH_NO_BIND;
78 if (!ads || !ads->config.realm) {
79 d_printf("Didn't find the cldap server!\n");
83 return ads_cldap_netlogon(ads);
88 static int net_ads_info(int argc, const char **argv)
92 ads = ads_init(NULL, opt_target_workgroup, opt_host);
95 ads->auth.flags |= ADS_AUTH_NO_BIND;
100 if (!ads || !ads->config.realm) {
101 d_printf("Didn't find the ldap server!\n");
105 d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip));
106 d_printf("LDAP server name: %s\n", ads->config.ldap_server_name);
107 d_printf("Realm: %s\n", ads->config.realm);
108 d_printf("Bind Path: %s\n", ads->config.bind_path);
109 d_printf("LDAP port: %d\n", ads->ldap_port);
110 d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
112 d_printf("KDC server: %s\n", ads->auth.kdc_server );
113 d_printf("Server time offset: %d\n", ads->auth.time_offset );
118 static void use_in_memory_ccache(void) {
119 /* Use in-memory credentials cache so we do not interfere with
120 * existing credentials */
121 setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
124 static ADS_STRUCT *ads_startup(void)
128 BOOL need_password = False;
129 BOOL second_time = False;
132 /* lp_realm() should be handled by a command line param,
133 However, the join requires that realm be set in smb.conf
134 and compares our realm with the remote server's so this is
135 ok until someone needs more flexibility */
137 ads = ads_init(lp_realm(), opt_target_workgroup, opt_host);
139 if (!opt_user_name) {
140 opt_user_name = "administrator";
143 if (opt_user_specified) {
144 need_password = True;
148 if (!opt_password && need_password && !opt_machine_pass) {
150 asprintf(&prompt,"%s password: ", opt_user_name);
151 opt_password = getpass(prompt);
156 use_in_memory_ccache();
157 ads->auth.password = smb_xstrdup(opt_password);
160 ads->auth.user_name = smb_xstrdup(opt_user_name);
163 * If the username is of the form "name@realm",
164 * extract the realm and convert to upper case.
165 * This is only used to establish the connection.
167 if ((cp = strchr(ads->auth.user_name, '@'))!=0) {
169 ads->auth.realm = smb_xstrdup(cp);
170 strupper_m(ads->auth.realm);
173 status = ads_connect(ads);
175 if (!ADS_ERR_OK(status)) {
176 if (!need_password && !second_time) {
177 need_password = True;
181 DEBUG(1,("ads_connect: %s\n", ads_errstr(status)));
190 Check to see if connection can be made via ads.
191 ads_startup() stores the password in opt_password if it needs to so
192 that rpc or rap can use it without re-prompting.
194 int net_ads_check(void)
206 determine the netbios workgroup name for a domain
208 static int net_ads_workgroup(int argc, const char **argv)
212 const char *workgroup;
214 if (!(ads = ads_startup())) return -1;
216 if (!(ctx = talloc_init("net_ads_workgroup"))) {
220 if (!ADS_ERR_OK(ads_workgroup_name(ads, ctx, &workgroup))) {
221 d_printf("Failed to find workgroup for realm '%s'\n",
227 d_printf("Workgroup: %s\n", workgroup);
236 static BOOL usergrp_display(char *field, void **values, void *data_area)
238 char **disp_fields = (char **) data_area;
240 if (!field) { /* must be end of record */
241 if (!strchr_m(disp_fields[0], '$')) {
243 d_printf("%-21.21s %s\n",
244 disp_fields[0], disp_fields[1]);
246 d_printf("%s\n", disp_fields[0]);
248 SAFE_FREE(disp_fields[0]);
249 SAFE_FREE(disp_fields[1]);
252 if (!values) /* must be new field, indicate string field */
254 if (StrCaseCmp(field, "sAMAccountName") == 0) {
255 disp_fields[0] = strdup((char *) values[0]);
257 if (StrCaseCmp(field, "description") == 0)
258 disp_fields[1] = strdup((char *) values[0]);
262 static int net_ads_user_usage(int argc, const char **argv)
264 return net_help_user(argc, argv);
267 static int ads_user_add(int argc, const char **argv)
275 if (argc < 1) return net_ads_user_usage(argc, argv);
277 if (!(ads = ads_startup())) return -1;
279 status = ads_find_user_acct(ads, &res, argv[0]);
281 if (!ADS_ERR_OK(status)) {
282 d_printf("ads_user_add: %s\n", ads_errstr(status));
286 if (ads_count_replies(ads, res)) {
287 d_printf("ads_user_add: User %s already exists\n", argv[0]);
291 status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment);
293 if (!ADS_ERR_OK(status)) {
294 d_printf("Could not add user %s: %s\n", argv[0],
299 /* if no password is to be set, we're done */
301 d_printf("User %s added\n", argv[0]);
306 /* try setting the password */
307 asprintf(&upn, "%s@%s", argv[0], ads->config.realm);
308 status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1],
309 ads->auth.time_offset);
311 if (ADS_ERR_OK(status)) {
312 d_printf("User %s added\n", argv[0]);
317 /* password didn't set, delete account */
318 d_printf("Could not add user %s. Error setting password %s\n",
319 argv[0], ads_errstr(status));
320 ads_msgfree(ads, res);
321 status=ads_find_user_acct(ads, &res, argv[0]);
322 if (ADS_ERR_OK(status)) {
323 userdn = ads_get_dn(ads, res);
324 ads_del_dn(ads, userdn);
325 ads_memfree(ads, userdn);
330 ads_msgfree(ads, res);
335 static int ads_user_info(int argc, const char **argv)
340 const char *attrs[] = {"memberOf", NULL};
341 char *searchstring=NULL;
343 char *escaped_user = escape_ldap_string_alloc(argv[0]);
345 if (argc < 1) return net_ads_user_usage(argc, argv);
347 if (!(ads = ads_startup())) return -1;
350 d_printf("ads_user_info: failed to escape user %s\n", argv[0]);
354 asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user);
355 rc = ads_search(ads, &res, searchstring, attrs);
356 safe_free(searchstring);
358 if (!ADS_ERR_OK(rc)) {
359 d_printf("ads_search: %s\n", ads_errstr(rc));
363 grouplist = ldap_get_values(ads->ld, res, "memberOf");
368 for (i=0;grouplist[i];i++) {
369 groupname = ldap_explode_dn(grouplist[i], 1);
370 d_printf("%s\n", groupname[0]);
371 ldap_value_free(groupname);
373 ldap_value_free(grouplist);
376 ads_msgfree(ads, res);
382 static int ads_user_delete(int argc, const char **argv)
389 if (argc < 1) return net_ads_user_usage(argc, argv);
391 if (!(ads = ads_startup())) return -1;
393 rc = ads_find_user_acct(ads, &res, argv[0]);
394 if (!ADS_ERR_OK(rc)) {
395 DEBUG(0, ("User %s does not exist\n", argv[0]));
398 userdn = ads_get_dn(ads, res);
399 ads_msgfree(ads, res);
400 rc = ads_del_dn(ads, userdn);
401 ads_memfree(ads, userdn);
402 if (!ADS_ERR_OK(rc)) {
403 d_printf("User %s deleted\n", argv[0]);
406 d_printf("Error deleting user %s: %s\n", argv[0],
411 int net_ads_user(int argc, const char **argv)
413 struct functable func[] = {
414 {"ADD", ads_user_add},
415 {"INFO", ads_user_info},
416 {"DELETE", ads_user_delete},
421 const char *shortattrs[] = {"sAMAccountName", NULL};
422 const char *longattrs[] = {"sAMAccountName", "description", NULL};
423 char *disp_fields[2] = {NULL, NULL};
426 if (!(ads = ads_startup())) return -1;
428 if (opt_long_list_entries)
429 d_printf("\nUser name Comment"\
430 "\n-----------------------------\n");
432 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
434 "(objectclass=user)",
435 opt_long_list_entries ? longattrs :
436 shortattrs, usergrp_display,
442 return net_run_function(argc, argv, func, net_ads_user_usage);
445 static int net_ads_group_usage(int argc, const char **argv)
447 return net_help_group(argc, argv);
450 static int ads_group_add(int argc, const char **argv)
457 if (argc < 1) return net_ads_group_usage(argc, argv);
459 if (!(ads = ads_startup())) return -1;
461 status = ads_find_user_acct(ads, &res, argv[0]);
463 if (!ADS_ERR_OK(status)) {
464 d_printf("ads_group_add: %s\n", ads_errstr(status));
468 if (ads_count_replies(ads, res)) {
469 d_printf("ads_group_add: Group %s already exists\n", argv[0]);
470 ads_msgfree(ads, res);
474 status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment);
476 if (ADS_ERR_OK(status)) {
477 d_printf("Group %s added\n", argv[0]);
480 d_printf("Could not add group %s: %s\n", argv[0],
486 ads_msgfree(ads, res);
491 static int ads_group_delete(int argc, const char **argv)
498 if (argc < 1) return net_ads_group_usage(argc, argv);
500 if (!(ads = ads_startup())) return -1;
502 rc = ads_find_user_acct(ads, &res, argv[0]);
503 if (!ADS_ERR_OK(rc)) {
504 DEBUG(0, ("Group %s does not exist\n", argv[0]));
507 groupdn = ads_get_dn(ads, res);
508 ads_msgfree(ads, res);
509 rc = ads_del_dn(ads, groupdn);
510 ads_memfree(ads, groupdn);
511 if (!ADS_ERR_OK(rc)) {
512 d_printf("Group %s deleted\n", argv[0]);
515 d_printf("Error deleting group %s: %s\n", argv[0],
520 int net_ads_group(int argc, const char **argv)
522 struct functable func[] = {
523 {"ADD", ads_group_add},
524 {"DELETE", ads_group_delete},
529 const char *shortattrs[] = {"sAMAccountName", NULL};
530 const char *longattrs[] = {"sAMAccountName", "description", NULL};
531 char *disp_fields[2] = {NULL, NULL};
534 if (!(ads = ads_startup())) return -1;
536 if (opt_long_list_entries)
537 d_printf("\nGroup name Comment"\
538 "\n-----------------------------\n");
539 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
541 "(objectclass=group)",
542 opt_long_list_entries ? longattrs :
543 shortattrs, usergrp_display,
549 return net_run_function(argc, argv, func, net_ads_group_usage);
552 static int net_ads_status(int argc, const char **argv)
558 if (!(ads = ads_startup())) return -1;
560 rc = ads_find_machine_acct(ads, &res, global_myname());
561 if (!ADS_ERR_OK(rc)) {
562 d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc));
566 if (ads_count_replies(ads, res) == 0) {
567 d_printf("No machine account for '%s' found\n", global_myname());
576 static int net_ads_leave(int argc, const char **argv)
578 ADS_STRUCT *ads = NULL;
581 if (!secrets_init()) {
582 DEBUG(1,("Failed to initialise secrets database\n"));
587 net_use_machine_password();
590 if (!(ads = ads_startup())) {
594 rc = ads_leave_realm(ads, global_myname());
595 if (!ADS_ERR_OK(rc)) {
596 d_printf("Failed to delete host '%s' from the '%s' realm.\n",
597 global_myname(), ads->config.realm);
601 d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm);
606 static int net_ads_join_ok(void)
608 ADS_STRUCT *ads = NULL;
610 if (!secrets_init()) {
611 DEBUG(1,("Failed to initialise secrets database\n"));
615 net_use_machine_password();
617 if (!(ads = ads_startup())) {
626 check that an existing join is OK
628 int net_ads_testjoin(int argc, const char **argv)
630 use_in_memory_ccache();
632 /* Display success or failure */
633 if (net_ads_join_ok() != 0) {
634 fprintf(stderr,"Join to domain is not valid\n");
638 printf("Join is OK\n");
643 join a domain using ADS
645 int net_ads_join(int argc, const char **argv)
650 char *machine_account = NULL;
652 const char *org_unit = "Computers";
657 uint32 sec_channel_type = SEC_CHAN_WKSTA;
658 uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT;
659 const char *short_domain_name = NULL;
660 TALLOC_CTX *ctx = NULL;
662 if (argc > 0) org_unit = argv[0];
664 if (!secrets_init()) {
665 DEBUG(1,("Failed to initialise secrets database\n"));
669 tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
670 password = strdup(tmp_password);
672 if (!(ads = ads_startup())) return -1;
675 d_printf("realm must be set in in smb.conf for ADS join to succeed.\n");
679 if (strcmp(ads->config.realm, lp_realm()) != 0) {
680 d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm());
684 ou_str = ads_ou_string(org_unit);
685 asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path);
688 rc = ads_search_dn(ads, &res, dn, NULL);
689 ads_msgfree(ads, res);
691 if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) {
692 d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n",
698 if (!ADS_ERR_OK(rc)) {
699 d_printf("ads_join_realm: %s\n", ads_errstr(rc));
703 rc = ads_join_realm(ads, global_myname(), account_type, org_unit);
704 if (!ADS_ERR_OK(rc)) {
705 d_printf("ads_join_realm: %s\n", ads_errstr(rc));
709 rc = ads_domain_sid(ads, &dom_sid);
710 if (!ADS_ERR_OK(rc)) {
711 d_printf("ads_domain_sid: %s\n", ads_errstr(rc));
715 if (asprintf(&machine_account, "%s$", global_myname()) == -1) {
716 d_printf("asprintf failed\n");
720 rc = ads_set_machine_password(ads, machine_account, password);
721 if (!ADS_ERR_OK(rc)) {
722 d_printf("ads_set_machine_password: %s\n", ads_errstr(rc));
726 /* make sure we get the right workgroup */
728 if ( !(ctx = talloc_init("net ads join")) ) {
729 d_printf("talloc_init() failed!\n");
733 rc = ads_workgroup_name(ads, ctx, &short_domain_name);
734 if ( ADS_ERR_OK(rc) ) {
735 if ( !strequal(lp_workgroup(), short_domain_name) ) {
736 d_printf("The workgroup in smb.conf does not match the short\n");
737 d_printf("domain name obtained from the server.\n");
738 d_printf("Using the name [%s] from the server.\n", short_domain_name);
739 d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
743 short_domain_name = lp_workgroup();
745 d_printf("Using short domain name -- %s\n", short_domain_name);
747 /* HACK ALRET! Store the sid and password under bother the lp_workgroup()
748 value from smb.conf and the string returned from the server. The former is
749 neede to bootstrap winbindd's first connection to the DC to get the real
750 short domain name --jerry */
752 if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) {
753 DEBUG(1,("Failed to save domain sid\n"));
757 if (!secrets_store_machine_password(password, lp_workgroup(), sec_channel_type)) {
758 DEBUG(1,("Failed to save machine password\n"));
762 if (!secrets_store_domain_sid(short_domain_name, &dom_sid)) {
763 DEBUG(1,("Failed to save domain sid\n"));
767 if (!secrets_store_machine_password(password, short_domain_name, sec_channel_type)) {
768 DEBUG(1,("Failed to save machine password\n"));
772 d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm);
775 SAFE_FREE(machine_account);
781 int net_ads_printer_usage(int argc, const char **argv)
784 "\nnet ads printer search <printer>"
785 "\n\tsearch for a printer in the directory"
786 "\nnet ads printer info <printer> <server>"
787 "\n\tlookup info in directory for printer on server"
788 "\n\t(note: printer defaults to \"*\", server defaults to local)\n"
789 "\nnet ads printer publish <printername>"
790 "\n\tpublish printer in directory"
791 "\n\t(note: printer name is required)\n"
792 "\nnet ads printer remove <printername>"
793 "\n\tremove printer from directory"
794 "\n\t(note: printer name is required)\n");
798 static int net_ads_printer_search(int argc, const char **argv)
804 if (!(ads = ads_startup()))
807 rc = ads_find_printers(ads, &res);
809 if (!ADS_ERR_OK(rc)) {
810 d_printf("ads_find_printer: %s\n", ads_errstr(rc));
811 ads_msgfree(ads, res);
815 if (ads_count_replies(ads, res) == 0) {
816 d_printf("No results found\n");
817 ads_msgfree(ads, res);
822 ads_msgfree(ads, res);
827 static int net_ads_printer_info(int argc, const char **argv)
831 const char *servername, *printername;
834 if (!(ads = ads_startup())) return -1;
837 printername = argv[0];
842 servername = argv[1];
844 servername = global_myname();
846 rc = ads_find_printer_on_server(ads, &res, printername, servername);
848 if (!ADS_ERR_OK(rc)) {
849 d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc));
850 ads_msgfree(ads, res);
854 if (ads_count_replies(ads, res) == 0) {
855 d_printf("Printer '%s' not found\n", printername);
856 ads_msgfree(ads, res);
861 ads_msgfree(ads, res);
866 void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len)
871 static int net_ads_printer_publish(int argc, const char **argv)
875 const char *servername, *printername;
876 struct cli_state *cli;
877 struct in_addr server_ip;
879 TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish");
880 ADS_MODLIST mods = ads_init_mods(mem_ctx);
881 char *prt_dn, *srv_dn, **srv_cn;
884 if (!(ads = ads_startup())) return -1;
887 return net_ads_printer_usage(argc, argv);
889 printername = argv[0];
892 servername = argv[1];
894 servername = global_myname();
896 /* Get printer data from SPOOLSS */
898 resolve_name(servername, &server_ip, 0x20);
900 nt_status = cli_full_connection(&cli, global_myname(), servername,
903 opt_user_name, opt_workgroup,
904 opt_password ? opt_password : "",
905 CLI_FULL_CONNECTION_USE_KERBEROS,
908 if (NT_STATUS_IS_ERR(nt_status)) {
909 d_printf("Unable to open a connnection to %s to obtain data "
910 "for %s\n", servername, printername);
914 /* Publish on AD server */
916 ads_find_machine_acct(ads, &res, servername);
918 if (ads_count_replies(ads, res) == 0) {
919 d_printf("Could not find machine account for server %s\n",
924 srv_dn = ldap_get_dn(ads->ld, res);
925 srv_cn = ldap_explode_dn(srv_dn, 1);
927 asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn);
929 cli_nt_session_open(cli, PI_SPOOLSS);
930 get_remote_printer_publishing_data(cli, mem_ctx, &mods, printername);
932 rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods);
933 if (!ADS_ERR_OK(rc)) {
934 d_printf("ads_publish_printer: %s\n", ads_errstr(rc));
938 d_printf("published printer\n");
943 static int net_ads_printer_remove(int argc, const char **argv)
947 const char *servername;
951 if (!(ads = ads_startup())) return -1;
954 return net_ads_printer_usage(argc, argv);
957 servername = argv[1];
959 servername = global_myname();
961 rc = ads_find_printer_on_server(ads, &res, argv[0], servername);
963 if (!ADS_ERR_OK(rc)) {
964 d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc));
965 ads_msgfree(ads, res);
969 if (ads_count_replies(ads, res) == 0) {
970 d_printf("Printer '%s' not found\n", argv[1]);
971 ads_msgfree(ads, res);
975 prt_dn = ads_get_dn(ads, res);
976 ads_msgfree(ads, res);
977 rc = ads_del_dn(ads, prt_dn);
978 ads_memfree(ads, prt_dn);
980 if (!ADS_ERR_OK(rc)) {
981 d_printf("ads_del_dn: %s\n", ads_errstr(rc));
988 static int net_ads_printer(int argc, const char **argv)
990 struct functable func[] = {
991 {"SEARCH", net_ads_printer_search},
992 {"INFO", net_ads_printer_info},
993 {"PUBLISH", net_ads_printer_publish},
994 {"REMOVE", net_ads_printer_remove},
998 return net_run_function(argc, argv, func, net_ads_printer_usage);
1002 static int net_ads_password(int argc, const char **argv)
1005 const char *auth_principal = opt_user_name;
1006 const char *auth_password = opt_password;
1008 char *new_password = NULL;
1013 if (opt_user_name == NULL || opt_password == NULL) {
1014 d_printf("You must supply an administrator username/password\n");
1020 d_printf("ERROR: You must say which username to change password for\n");
1025 if (!strchr(user, '@')) {
1026 asprintf(&c, "%s@%s", argv[0], lp_realm());
1030 use_in_memory_ccache();
1031 c = strchr(auth_principal, '@');
1038 /* use the realm so we can eventually change passwords for users
1039 in realms other than default */
1040 if (!(ads = ads_init(realm, NULL, NULL))) return -1;
1042 /* we don't actually need a full connect, but it's the easy way to
1043 fill in the KDC's addresss */
1046 if (!ads || !ads->config.realm) {
1047 d_printf("Didn't find the kerberos server!\n");
1052 new_password = (char *)argv[1];
1054 asprintf(&prompt, "Enter new password for %s:", user);
1055 new_password = getpass(prompt);
1059 ret = kerberos_set_password(ads->auth.kdc_server, auth_principal,
1060 auth_password, user, new_password, ads->auth.time_offset);
1061 if (!ADS_ERR_OK(ret)) {
1062 d_printf("Password change failed :-( ...\n");
1067 d_printf("Password change for %s completed.\n", user);
1074 int net_ads_changetrustpw(int argc, const char **argv)
1077 char *host_principal;
1081 if (!secrets_init()) {
1082 DEBUG(1,("Failed to initialise secrets database\n"));
1086 net_use_machine_password();
1088 use_in_memory_ccache();
1090 if (!(ads = ads_startup())) {
1094 hostname = strdup(global_myname());
1095 strlower_m(hostname);
1096 asprintf(&host_principal, "%s@%s", hostname, ads->config.realm);
1097 SAFE_FREE(hostname);
1098 d_printf("Changing password for principal: HOST/%s\n", host_principal);
1100 ret = ads_change_trust_account_password(ads, host_principal);
1102 if (!ADS_ERR_OK(ret)) {
1103 d_printf("Password change failed :-( ...\n");
1105 SAFE_FREE(host_principal);
1109 d_printf("Password change for principal HOST/%s succeeded.\n", host_principal);
1111 SAFE_FREE(host_principal);
1117 help for net ads search
1119 static int net_ads_search_usage(int argc, const char **argv)
1122 "\nnet ads search <expression> <attributes...>\n"\
1123 "\nperform a raw LDAP search on a ADS server and dump the results\n"\
1124 "The expression is a standard LDAP search expression, and the\n"\
1125 "attributes are a list of LDAP fields to show in the results\n\n"\
1126 "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n"
1128 net_common_flags_usage(argc, argv);
1134 general ADS search function. Useful in diagnosing problems in ADS
1136 static int net_ads_search(int argc, const char **argv)
1140 const char *ldap_exp;
1145 return net_ads_search_usage(argc, argv);
1148 if (!(ads = ads_startup())) {
1155 rc = ads_do_search_all(ads, ads->config.bind_path,
1157 ldap_exp, attrs, &res);
1158 if (!ADS_ERR_OK(rc)) {
1159 d_printf("search failed: %s\n", ads_errstr(rc));
1163 d_printf("Got %d replies\n\n", ads_count_replies(ads, res));
1165 /* dump the results */
1168 ads_msgfree(ads, res);
1176 help for net ads search
1178 static int net_ads_dn_usage(int argc, const char **argv)
1181 "\nnet ads dn <dn> <attributes...>\n"\
1182 "\nperform a raw LDAP search on a ADS server and dump the results\n"\
1183 "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"\
1184 "to show in the results\n\n"\
1185 "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n"
1187 net_common_flags_usage(argc, argv);
1193 general ADS search function. Useful in diagnosing problems in ADS
1195 static int net_ads_dn(int argc, const char **argv)
1204 return net_ads_dn_usage(argc, argv);
1207 if (!(ads = ads_startup())) {
1214 rc = ads_do_search_all(ads, dn,
1216 "(objectclass=*)", attrs, &res);
1217 if (!ADS_ERR_OK(rc)) {
1218 d_printf("search failed: %s\n", ads_errstr(rc));
1222 d_printf("Got %d replies\n\n", ads_count_replies(ads, res));
1224 /* dump the results */
1227 ads_msgfree(ads, res);
1234 int net_ads_help(int argc, const char **argv)
1236 struct functable func[] = {
1237 {"USER", net_ads_user_usage},
1238 {"GROUP", net_ads_group_usage},
1239 {"PRINTER", net_ads_printer_usage},
1240 {"SEARCH", net_ads_search_usage},
1242 {"INFO", net_ads_info},
1243 {"JOIN", net_ads_join},
1244 {"LEAVE", net_ads_leave},
1245 {"STATUS", net_ads_status},
1246 {"PASSWORD", net_ads_password},
1247 {"CHANGETRUSTPW", net_ads_changetrustpw},
1252 return net_run_function(argc, argv, func, net_ads_usage);
1255 int net_ads(int argc, const char **argv)
1257 struct functable func[] = {
1258 {"INFO", net_ads_info},
1259 {"JOIN", net_ads_join},
1260 {"TESTJOIN", net_ads_testjoin},
1261 {"LEAVE", net_ads_leave},
1262 {"STATUS", net_ads_status},
1263 {"USER", net_ads_user},
1264 {"GROUP", net_ads_group},
1265 {"PASSWORD", net_ads_password},
1266 {"CHANGETRUSTPW", net_ads_changetrustpw},
1267 {"PRINTER", net_ads_printer},
1268 {"SEARCH", net_ads_search},
1270 {"WORKGROUP", net_ads_workgroup},
1271 {"LOOKUP", net_ads_lookup},
1272 {"HELP", net_ads_help},
1276 return net_run_function(argc, argv, func, net_ads_usage);
1281 static int net_ads_noads(void)
1283 d_printf("ADS support not compiled in\n");
1287 int net_ads_usage(int argc, const char **argv)
1289 return net_ads_noads();
1292 int net_ads_help(int argc, const char **argv)
1294 return net_ads_noads();
1297 int net_ads_changetrustpw(int argc, const char **argv)
1299 return net_ads_noads();
1302 int net_ads_join(int argc, const char **argv)
1304 return net_ads_noads();
1307 int net_ads_user(int argc, const char **argv)
1309 return net_ads_noads();
1312 int net_ads_group(int argc, const char **argv)
1314 return net_ads_noads();
1317 /* this one shouldn't display a message */
1318 int net_ads_check(void)
1323 int net_ads(int argc, const char **argv)
1325 return net_ads_usage(argc, argv);
git.samba.org / samba.git / blob