search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-net: move out some prototypes to net_dns.h.
[Samba/bb.git] / source3 / utils / net_ads.c
blobffb79991ded39d06df5fe8d446b479d294678f78
1 /*
2 Samba Unix/Linux SMB client library
3 net ads commands
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
6 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
7 Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org)
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "utils/net.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "librpc/gen_ndr/ndr_krb5pac.h"
27 #include "../librpc/gen_ndr/ndr_spoolss.h"
28 #include "nsswitch/libwbclient/wbclient.h"
29 #include "ads.h"
30 #include "libads/cldap.h"
31 #include "../lib/addns/dnsquery.h"
32 #include "../libds/common/flags.h"
33 #include "librpc/gen_ndr/libnet_join.h"
34 #include "libnet/libnet_join.h"
35 #include "smb_krb5.h"
36 #include "secrets.h"
37 #include "krb5_env.h"
38 #include "../libcli/security/security.h"
39 #include "libsmb/libsmb.h"
40 #include "lib/param/loadparm.h"
41 #include "utils/net_dns.h"
42
43 #ifdef HAVE_ADS
44
45 /* when we do not have sufficient input parameters to contact a remote domain
46 * we always fall back to our own realm - Guenther*/
47
48 static const char *assume_own_realm(struct net_context *c)
49 {
50 if (!c->opt_host && strequal(lp_workgroup(), c->opt_target_workgroup)) {
51 return lp_realm();
52 }
53
54 return NULL;
55 }
56
57 /*
58 do a cldap netlogon query
59 */
60 static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
61 {
62 char addr[INET6_ADDRSTRLEN];
63 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
64
65 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
66
67 if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
68 d_fprintf(stderr, _("CLDAP query failed!\n"));
69 return -1;
70 }
71
72 d_printf(_("Information for Domain Controller: %s\n\n"),
73 addr);
74
75 d_printf(_("Response Type: "));
76 switch (reply.command) {
77 case LOGON_SAM_LOGON_USER_UNKNOWN_EX:
78 d_printf("LOGON_SAM_LOGON_USER_UNKNOWN_EX\n");
79 break;
80 case LOGON_SAM_LOGON_RESPONSE_EX:
81 d_printf("LOGON_SAM_LOGON_RESPONSE_EX\n");
82 break;
83 default:
84 d_printf("0x%x\n", reply.command);
85 break;
86 }
87
88 d_printf(_("GUID: %s\n"), GUID_string(talloc_tos(),&reply.domain_uuid));
89
90 d_printf(_("Flags:\n"
91 "\tIs a PDC: %s\n"
92 "\tIs a GC of the forest: %s\n"
93 "\tIs an LDAP server: %s\n"
94 "\tSupports DS: %s\n"
95 "\tIs running a KDC: %s\n"
96 "\tIs running time services: %s\n"
97 "\tIs the closest DC: %s\n"
98 "\tIs writable: %s\n"
99 "\tHas a hardware clock: %s\n"
100 "\tIs a non-domain NC serviced by LDAP server: %s\n"
101 "\tIs NT6 DC that has some secrets: %s\n"
102 "\tIs NT6 DC that has all secrets: %s\n"),
103 (reply.server_type & NBT_SERVER_PDC) ? _("yes") : _("no"),
104 (reply.server_type & NBT_SERVER_GC) ? _("yes") : _("no"),
105 (reply.server_type & NBT_SERVER_LDAP) ? _("yes") : _("no"),
106 (reply.server_type & NBT_SERVER_DS) ? _("yes") : _("no"),
107 (reply.server_type & NBT_SERVER_KDC) ? _("yes") : _("no"),
108 (reply.server_type & NBT_SERVER_TIMESERV) ? _("yes") : _("no"),
109 (reply.server_type & NBT_SERVER_CLOSEST) ? _("yes") : _("no"),
110 (reply.server_type & NBT_SERVER_WRITABLE) ? _("yes") : _("no"),
111 (reply.server_type & NBT_SERVER_GOOD_TIMESERV) ? _("yes") : _("no"),
112 (reply.server_type & NBT_SERVER_NDNC) ? _("yes") : _("no"),
113 (reply.server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) ? _("yes") : _("no"),
114 (reply.server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) ? _("yes") : _("no"));
115
116
117 printf(_("Forest:\t\t\t%s\n"), reply.forest);
118 printf(_("Domain:\t\t\t%s\n"), reply.dns_domain);
119 printf(_("Domain Controller:\t%s\n"), reply.pdc_dns_name);
120
121 printf(_("Pre-Win2k Domain:\t%s\n"), reply.domain_name);
122 printf(_("Pre-Win2k Hostname:\t%s\n"), reply.pdc_name);
123
124 if (*reply.user_name) printf(_("User name:\t%s\n"), reply.user_name);
125
126 printf(_("Server Site Name :\t\t%s\n"), reply.server_site);
127 printf(_("Client Site Name :\t\t%s\n"), reply.client_site);
128
129 d_printf(_("NT Version: %d\n"), reply.nt_version);
130 d_printf(_("LMNT Token: %.2x\n"), reply.lmnt_token);
131 d_printf(_("LM20 Token: %.2x\n"), reply.lm20_token);
132
133 return 0;
134 }
135
136 /*
137 this implements the CLDAP based netlogon lookup requests
138 for finding the domain controller of a ADS domain
139 */
140 static int net_ads_lookup(struct net_context *c, int argc, const char **argv)
141 {
142 ADS_STRUCT *ads;
143 int ret;
144
145 if (c->display_usage) {
146 d_printf("%s\n"
147 "net ads lookup\n"
148 " %s",
149 _("Usage:"),
150 _("Find the ADS DC using CLDAP lookup.\n"));
151 return 0;
152 }
153
154 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
155 d_fprintf(stderr, _("Didn't find the cldap server!\n"));
156 ads_destroy(&ads);
157 return -1;
158 }
159
160 if (!ads->config.realm) {
161 ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
162 ads->ldap.port = 389;
163 }
164
165 ret = net_ads_cldap_netlogon(c, ads);
166 ads_destroy(&ads);
167 return ret;
168 }
169
170
171
172 static int net_ads_info(struct net_context *c, int argc, const char **argv)
173 {
174 ADS_STRUCT *ads;
175 char addr[INET6_ADDRSTRLEN];
176
177 if (c->display_usage) {
178 d_printf("%s\n"
179 "net ads info\n"
180 " %s",
181 _("Usage:"),
182 _("Display information about an Active Directory "
183 "server.\n"));
184 return 0;
185 }
186
187 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
188 d_fprintf(stderr, _("Didn't find the ldap server!\n"));
189 return -1;
190 }
191
192 if (!ads || !ads->config.realm) {
193 d_fprintf(stderr, _("Didn't find the ldap server!\n"));
194 ads_destroy(&ads);
195 return -1;
196 }
197
198 /* Try to set the server's current time since we didn't do a full
199 TCP LDAP session initially */
200
201 if ( !ADS_ERR_OK(ads_current_time( ads )) ) {
202 d_fprintf( stderr, _("Failed to get server's current time!\n"));
203 }
204
205 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
206
207 d_printf(_("LDAP server: %s\n"), addr);
208 d_printf(_("LDAP server name: %s\n"), ads->config.ldap_server_name);
209 d_printf(_("Realm: %s\n"), ads->config.realm);
210 d_printf(_("Bind Path: %s\n"), ads->config.bind_path);
211 d_printf(_("LDAP port: %d\n"), ads->ldap.port);
212 d_printf(_("Server time: %s\n"),
213 http_timestring(talloc_tos(), ads->config.current_time));
214
215 d_printf(_("KDC server: %s\n"), ads->auth.kdc_server );
216 d_printf(_("Server time offset: %d\n"), ads->auth.time_offset );
217
218 ads_destroy(&ads);
219 return 0;
220 }
221
222 static void use_in_memory_ccache(void) {
223 /* Use in-memory credentials cache so we do not interfere with
224 * existing credentials */
225 setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
226 }
227
228 static ADS_STATUS ads_startup_int(struct net_context *c, bool only_own_domain,
229 uint32 auth_flags, ADS_STRUCT **ads_ret)
230 {
231 ADS_STRUCT *ads = NULL;
232 ADS_STATUS status;
233 bool need_password = false;
234 bool second_time = false;
235 char *cp;
236 const char *realm = NULL;
237 bool tried_closest_dc = false;
238
239 /* lp_realm() should be handled by a command line param,
240 However, the join requires that realm be set in smb.conf
241 and compares our realm with the remote server's so this is
242 ok until someone needs more flexibility */
243
244 *ads_ret = NULL;
245
246 retry_connect:
247 if (only_own_domain) {
248 realm = lp_realm();
249 } else {
250 realm = assume_own_realm(c);
251 }
252
253 ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
254
255 if (!c->opt_user_name) {
256 c->opt_user_name = "administrator";
257 }
258
259 if (c->opt_user_specified) {
260 need_password = true;
261 }
262
263 retry:
264 if (!c->opt_password && need_password && !c->opt_machine_pass) {
265 c->opt_password = net_prompt_pass(c, c->opt_user_name);
266 if (!c->opt_password) {
267 ads_destroy(&ads);
268 return ADS_ERROR(LDAP_NO_MEMORY);
269 }
270 }
271
272 if (c->opt_password) {
273 use_in_memory_ccache();
274 SAFE_FREE(ads->auth.password);
275 ads->auth.password = smb_xstrdup(c->opt_password);
276 }
277
278 ads->auth.flags |= auth_flags;
279 SAFE_FREE(ads->auth.user_name);
280 ads->auth.user_name = smb_xstrdup(c->opt_user_name);
281
282 /*
283 * If the username is of the form "name@realm",
284 * extract the realm and convert to upper case.
285 * This is only used to establish the connection.
286 */
287 if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
288 *cp++ = '\0';
289 SAFE_FREE(ads->auth.realm);
290 ads->auth.realm = smb_xstrdup(cp);
291 if (!strupper_m(ads->auth.realm)) {
292 ads_destroy(&ads);
293 return ADS_ERROR(LDAP_NO_MEMORY);
294 }
295 }
296
297 status = ads_connect(ads);
298
299 if (!ADS_ERR_OK(status)) {
300
301 if (NT_STATUS_EQUAL(ads_ntstatus(status),
302 NT_STATUS_NO_LOGON_SERVERS)) {
303 DEBUG(0,("ads_connect: %s\n", ads_errstr(status)));
304 ads_destroy(&ads);
305 return status;
306 }
307
308 if (!need_password && !second_time && !(auth_flags & ADS_AUTH_NO_BIND)) {
309 need_password = true;
310 second_time = true;
311 goto retry;
312 } else {
313 ads_destroy(&ads);
314 return status;
315 }
316 }
317
318 /* when contacting our own domain, make sure we use the closest DC.
319 * This is done by reconnecting to ADS because only the first call to
320 * ads_connect will give us our own sitename */
321
322 if ((only_own_domain || !c->opt_host) && !tried_closest_dc) {
323
324 tried_closest_dc = true; /* avoid loop */
325
326 if (!ads_closest_dc(ads)) {
327
328 namecache_delete(ads->server.realm, 0x1C);
329 namecache_delete(ads->server.workgroup, 0x1C);
330
331 ads_destroy(&ads);
332 ads = NULL;
333
334 goto retry_connect;
335 }
336 }
337
338 *ads_ret = ads;
339 return status;
340 }
341
342 ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
343 {
344 return ads_startup_int(c, only_own_domain, 0, ads);
345 }
346
347 ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
348 {
349 return ads_startup_int(c, only_own_domain, ADS_AUTH_NO_BIND, ads);
350 }
351
352 /*
353 Check to see if connection can be made via ads.
354 ads_startup() stores the password in opt_password if it needs to so
355 that rpc or rap can use it without re-prompting.
356 */
357 static int net_ads_check_int(const char *realm, const char *workgroup, const char *host)
358 {
359 ADS_STRUCT *ads;
360 ADS_STATUS status;
361
362 if ( (ads = ads_init( realm, workgroup, host )) == NULL ) {
363 return -1;
364 }
365
366 ads->auth.flags |= ADS_AUTH_NO_BIND;
367
368 status = ads_connect(ads);
369 if ( !ADS_ERR_OK(status) ) {
370 return -1;
371 }
372
373 ads_destroy(&ads);
374 return 0;
375 }
376
377 int net_ads_check_our_domain(struct net_context *c)
378 {
379 return net_ads_check_int(lp_realm(), lp_workgroup(), NULL);
380 }
381
382 int net_ads_check(struct net_context *c)
383 {
384 return net_ads_check_int(NULL, c->opt_workgroup, c->opt_host);
385 }
386
387 /*
388 determine the netbios workgroup name for a domain
389 */
390 static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
391 {
392 ADS_STRUCT *ads;
393 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
394
395 if (c->display_usage) {
396 d_printf ("%s\n"
397 "net ads workgroup\n"
398 " %s\n",
399 _("Usage:"),
400 _("Print the workgroup name"));
401 return 0;
402 }
403
404 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
405 d_fprintf(stderr, _("Didn't find the cldap server!\n"));
406 return -1;
407 }
408
409 if (!ads->config.realm) {
410 ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
411 ads->ldap.port = 389;
412 }
413
414 if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
415 d_fprintf(stderr, _("CLDAP query failed!\n"));
416 ads_destroy(&ads);
417 return -1;
418 }
419
420 d_printf(_("Workgroup: %s\n"), reply.domain_name);
421
422 ads_destroy(&ads);
423
424 return 0;
425 }
426
427
428
429 static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *data_area)
430 {
431 char **disp_fields = (char **) data_area;
432
433 if (!field) { /* must be end of record */
434 if (disp_fields[0]) {
435 if (!strchr_m(disp_fields[0], '$')) {
436 if (disp_fields[1])
437 d_printf("%-21.21s %s\n",
438 disp_fields[0], disp_fields[1]);
439 else
440 d_printf("%s\n", disp_fields[0]);
441 }
442 }
443 SAFE_FREE(disp_fields[0]);
444 SAFE_FREE(disp_fields[1]);
445 return true;
446 }
447 if (!values) /* must be new field, indicate string field */
448 return true;
449 if (strcasecmp_m(field, "sAMAccountName") == 0) {
450 disp_fields[0] = SMB_STRDUP((char *) values[0]);
451 }
452 if (strcasecmp_m(field, "description") == 0)
453 disp_fields[1] = SMB_STRDUP((char *) values[0]);
454 return true;
455 }
456
457 static int net_ads_user_usage(struct net_context *c, int argc, const char **argv)
458 {
459 return net_user_usage(c, argc, argv);
460 }
461
462 static int ads_user_add(struct net_context *c, int argc, const char **argv)
463 {
464 ADS_STRUCT *ads;
465 ADS_STATUS status;
466 char *upn, *userdn;
467 LDAPMessage *res=NULL;
468 int rc = -1;
469 char *ou_str = NULL;
470
471 if (argc < 1 || c->display_usage)
472 return net_ads_user_usage(c, argc, argv);
473
474 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
475 return -1;
476 }
477
478 status = ads_find_user_acct(ads, &res, argv[0]);
479
480 if (!ADS_ERR_OK(status)) {
481 d_fprintf(stderr, _("ads_user_add: %s\n"), ads_errstr(status));
482 goto done;
483 }
484
485 if (ads_count_replies(ads, res)) {
486 d_fprintf(stderr, _("ads_user_add: User %s already exists\n"),
487 argv[0]);
488 goto done;
489 }
490
491 if (c->opt_container) {
492 ou_str = SMB_STRDUP(c->opt_container);
493 } else {
494 ou_str = ads_default_ou_string(ads, DS_GUID_USERS_CONTAINER);
495 }
496
497 status = ads_add_user_acct(ads, argv[0], ou_str, c->opt_comment);
498
499 if (!ADS_ERR_OK(status)) {
500 d_fprintf(stderr, _("Could not add user %s: %s\n"), argv[0],
501 ads_errstr(status));
502 goto done;
503 }
504
505 /* if no password is to be set, we're done */
506 if (argc == 1) {
507 d_printf(_("User %s added\n"), argv[0]);
508 rc = 0;
509 goto done;
510 }
511
512 /* try setting the password */
513 if (asprintf(&upn, "%s@%s", argv[0], ads->config.realm) == -1) {
514 goto done;
515 }
516 status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1],
517 ads->auth.time_offset);
518 SAFE_FREE(upn);
519 if (ADS_ERR_OK(status)) {
520 d_printf(_("User %s added\n"), argv[0]);
521 rc = 0;
522 goto done;
523 }
524
525 /* password didn't set, delete account */
526 d_fprintf(stderr, _("Could not add user %s. "
527 "Error setting password %s\n"),
528 argv[0], ads_errstr(status));
529 ads_msgfree(ads, res);
530 status=ads_find_user_acct(ads, &res, argv[0]);
531 if (ADS_ERR_OK(status)) {
532 userdn = ads_get_dn(ads, talloc_tos(), res);
533 ads_del_dn(ads, userdn);
534 TALLOC_FREE(userdn);
535 }
536
537 done:
538 if (res)
539 ads_msgfree(ads, res);
540 ads_destroy(&ads);
541 SAFE_FREE(ou_str);
542 return rc;
543 }
544
545 static int ads_user_info(struct net_context *c, int argc, const char **argv)
546 {
547 ADS_STRUCT *ads = NULL;
548 ADS_STATUS rc;
549 LDAPMessage *res = NULL;
550 TALLOC_CTX *frame;
551 int ret = 0;
552 wbcErr wbc_status;
553 const char *attrs[] = {"memberOf", "primaryGroupID", NULL};
554 char *searchstring=NULL;
555 char **grouplist;
556 char *primary_group;
557 char *escaped_user;
558 struct dom_sid primary_group_sid;
559 uint32_t group_rid;
560 enum wbcSidType type;
561
562 if (argc < 1 || c->display_usage) {
563 return net_ads_user_usage(c, argc, argv);
564 }
565
566 frame = talloc_new(talloc_tos());
567 if (frame == NULL) {
568 return -1;
569 }
570
571 escaped_user = escape_ldap_string(frame, argv[0]);
572 if (!escaped_user) {
573 d_fprintf(stderr,
574 _("ads_user_info: failed to escape user %s\n"),
575 argv[0]);
576 return -1;
577 }
578
579 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
580 ret = -1;
581 goto error;
582 }
583
584 if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
585 ret =-1;
586 goto error;
587 }
588 rc = ads_search(ads, &res, searchstring, attrs);
589 SAFE_FREE(searchstring);
590
591 if (!ADS_ERR_OK(rc)) {
592 d_fprintf(stderr, _("ads_search: %s\n"), ads_errstr(rc));
593 ret = -1;
594 goto error;
595 }
596
597 if (!ads_pull_uint32(ads, res, "primaryGroupID", &group_rid)) {
598 d_fprintf(stderr, _("ads_pull_uint32 failed\n"));
599 ret = -1;
600 goto error;
601 }
602
603 rc = ads_domain_sid(ads, &primary_group_sid);
604 if (!ADS_ERR_OK(rc)) {
605 d_fprintf(stderr, _("ads_domain_sid: %s\n"), ads_errstr(rc));
606 ret = -1;
607 goto error;
608 }
609
610 sid_append_rid(&primary_group_sid, group_rid);
611
612 wbc_status = wbcLookupSid((struct wbcDomainSid *)&primary_group_sid,
613 NULL, /* don't look up domain */
614 &primary_group,
615 &type);
616 if (!WBC_ERROR_IS_OK(wbc_status)) {
617 d_fprintf(stderr, "wbcLookupSid: %s\n",
618 wbcErrorString(wbc_status));
619 ret = -1;
620 goto error;
621 }
622
623 d_printf("%s\n", primary_group);
624
625 wbcFreeMemory(primary_group);
626
627 grouplist = ldap_get_values((LDAP *)ads->ldap.ld,
628 (LDAPMessage *)res, "memberOf");
629
630 if (grouplist) {
631 int i;
632 char **groupname;
633 for (i=0;grouplist[i];i++) {
634 groupname = ldap_explode_dn(grouplist[i], 1);
635 d_printf("%s\n", groupname[0]);
636 ldap_value_free(groupname);
637 }
638 ldap_value_free(grouplist);
639 }
640
641 error:
642 if (res) ads_msgfree(ads, res);
643 if (ads) ads_destroy(&ads);
644 TALLOC_FREE(frame);
645 return ret;
646 }
647
648 static int ads_user_delete(struct net_context *c, int argc, const char **argv)
649 {
650 ADS_STRUCT *ads;
651 ADS_STATUS rc;
652 LDAPMessage *res = NULL;
653 char *userdn;
654
655 if (argc < 1) {
656 return net_ads_user_usage(c, argc, argv);
657 }
658
659 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
660 return -1;
661 }
662
663 rc = ads_find_user_acct(ads, &res, argv[0]);
664 if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) {
665 d_printf(_("User %s does not exist.\n"), argv[0]);
666 ads_msgfree(ads, res);
667 ads_destroy(&ads);
668 return -1;
669 }
670 userdn = ads_get_dn(ads, talloc_tos(), res);
671 ads_msgfree(ads, res);
672 rc = ads_del_dn(ads, userdn);
673 TALLOC_FREE(userdn);
674 if (ADS_ERR_OK(rc)) {
675 d_printf(_("User %s deleted\n"), argv[0]);
676 ads_destroy(&ads);
677 return 0;
678 }
679 d_fprintf(stderr, _("Error deleting user %s: %s\n"), argv[0],
680 ads_errstr(rc));
681 ads_destroy(&ads);
682 return -1;
683 }
684
685 int net_ads_user(struct net_context *c, int argc, const char **argv)
686 {
687 struct functable func[] = {
688 {
689 "add",
690 ads_user_add,
691 NET_TRANSPORT_ADS,
692 N_("Add an AD user"),
693 N_("net ads user add\n"
694 " Add an AD user")
695 },
696 {
697 "info",
698 ads_user_info,
699 NET_TRANSPORT_ADS,
700 N_("Display information about an AD user"),
701 N_("net ads user info\n"
702 " Display information about an AD user")
703 },
704 {
705 "delete",
706 ads_user_delete,
707 NET_TRANSPORT_ADS,
708 N_("Delete an AD user"),
709 N_("net ads user delete\n"
710 " Delete an AD user")
711 },
712 {NULL, NULL, 0, NULL, NULL}
713 };
714 ADS_STRUCT *ads;
715 ADS_STATUS rc;
716 const char *shortattrs[] = {"sAMAccountName", NULL};
717 const char *longattrs[] = {"sAMAccountName", "description", NULL};
718 char *disp_fields[2] = {NULL, NULL};
719
720 if (argc == 0) {
721 if (c->display_usage) {
722 d_printf( "%s\n"
723 "net ads user\n"
724 " %s\n",
725 _("Usage:"),
726 _("List AD users"));
727 net_display_usage_from_functable(func);
728 return 0;
729 }
730
731 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
732 return -1;
733 }
734
735 if (c->opt_long_list_entries)
736 d_printf(_("\nUser name Comment"
737 "\n-----------------------------\n"));
738
739 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
740 LDAP_SCOPE_SUBTREE,
741 "(objectCategory=user)",
742 c->opt_long_list_entries ? longattrs :
743 shortattrs, usergrp_display,
744 disp_fields);
745 ads_destroy(&ads);
746 return ADS_ERR_OK(rc) ? 0 : -1;
747 }
748
749 return net_run_function(c, argc, argv, "net ads user", func);
750 }
751
752 static int net_ads_group_usage(struct net_context *c, int argc, const char **argv)
753 {
754 return net_group_usage(c, argc, argv);
755 }
756
757 static int ads_group_add(struct net_context *c, int argc, const char **argv)
758 {
759 ADS_STRUCT *ads;
760 ADS_STATUS status;
761 LDAPMessage *res=NULL;
762 int rc = -1;
763 char *ou_str = NULL;
764
765 if (argc < 1 || c->display_usage) {
766 return net_ads_group_usage(c, argc, argv);
767 }
768
769 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
770 return -1;
771 }
772
773 status = ads_find_user_acct(ads, &res, argv[0]);
774
775 if (!ADS_ERR_OK(status)) {
776 d_fprintf(stderr, _("ads_group_add: %s\n"), ads_errstr(status));
777 goto done;
778 }
779
780 if (ads_count_replies(ads, res)) {
781 d_fprintf(stderr, _("ads_group_add: Group %s already exists\n"), argv[0]);
782 goto done;
783 }
784
785 if (c->opt_container) {
786 ou_str = SMB_STRDUP(c->opt_container);
787 } else {
788 ou_str = ads_default_ou_string(ads, DS_GUID_USERS_CONTAINER);
789 }
790
791 status = ads_add_group_acct(ads, argv[0], ou_str, c->opt_comment);
792
793 if (ADS_ERR_OK(status)) {
794 d_printf(_("Group %s added\n"), argv[0]);
795 rc = 0;
796 } else {
797 d_fprintf(stderr, _("Could not add group %s: %s\n"), argv[0],
798 ads_errstr(status));
799 }
800
801 done:
802 if (res)
803 ads_msgfree(ads, res);
804 ads_destroy(&ads);
805 SAFE_FREE(ou_str);
806 return rc;
807 }
808
809 static int ads_group_delete(struct net_context *c, int argc, const char **argv)
810 {
811 ADS_STRUCT *ads;
812 ADS_STATUS rc;
813 LDAPMessage *res = NULL;
814 char *groupdn;
815
816 if (argc < 1 || c->display_usage) {
817 return net_ads_group_usage(c, argc, argv);
818 }
819
820 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
821 return -1;
822 }
823
824 rc = ads_find_user_acct(ads, &res, argv[0]);
825 if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) {
826 d_printf(_("Group %s does not exist.\n"), argv[0]);
827 ads_msgfree(ads, res);
828 ads_destroy(&ads);
829 return -1;
830 }
831 groupdn = ads_get_dn(ads, talloc_tos(), res);
832 ads_msgfree(ads, res);
833 rc = ads_del_dn(ads, groupdn);
834 TALLOC_FREE(groupdn);
835 if (ADS_ERR_OK(rc)) {
836 d_printf(_("Group %s deleted\n"), argv[0]);
837 ads_destroy(&ads);
838 return 0;
839 }
840 d_fprintf(stderr, _("Error deleting group %s: %s\n"), argv[0],
841 ads_errstr(rc));
842 ads_destroy(&ads);
843 return -1;
844 }
845
846 int net_ads_group(struct net_context *c, int argc, const char **argv)
847 {
848 struct functable func[] = {
849 {
850 "add",
851 ads_group_add,
852 NET_TRANSPORT_ADS,
853 N_("Add an AD group"),
854 N_("net ads group add\n"
855 " Add an AD group")
856 },
857 {
858 "delete",
859 ads_group_delete,
860 NET_TRANSPORT_ADS,
861 N_("Delete an AD group"),
862 N_("net ads group delete\n"
863 " Delete an AD group")
864 },
865 {NULL, NULL, 0, NULL, NULL}
866 };
867 ADS_STRUCT *ads;
868 ADS_STATUS rc;
869 const char *shortattrs[] = {"sAMAccountName", NULL};
870 const char *longattrs[] = {"sAMAccountName", "description", NULL};
871 char *disp_fields[2] = {NULL, NULL};
872
873 if (argc == 0) {
874 if (c->display_usage) {
875 d_printf( "%s\n"
876 "net ads group\n"
877 " %s\n",
878 _("Usage:"),
879 _("List AD groups"));
880 net_display_usage_from_functable(func);
881 return 0;
882 }
883
884 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
885 return -1;
886 }
887
888 if (c->opt_long_list_entries)
889 d_printf(_("\nGroup name Comment"
890 "\n-----------------------------\n"));
891 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
892 LDAP_SCOPE_SUBTREE,
893 "(objectCategory=group)",
894 c->opt_long_list_entries ? longattrs :
895 shortattrs, usergrp_display,
896 disp_fields);
897
898 ads_destroy(&ads);
899 return ADS_ERR_OK(rc) ? 0 : -1;
900 }
901 return net_run_function(c, argc, argv, "net ads group", func);
902 }
903
904 static int net_ads_status(struct net_context *c, int argc, const char **argv)
905 {
906 ADS_STRUCT *ads;
907 ADS_STATUS rc;
908 LDAPMessage *res;
909
910 if (c->display_usage) {
911 d_printf( "%s\n"
912 "net ads status\n"
913 " %s\n",
914 _("Usage:"),
915 _("Display machine account details"));
916 return 0;
917 }
918
919 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
920 return -1;
921 }
922
923 rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
924 if (!ADS_ERR_OK(rc)) {
925 d_fprintf(stderr, _("ads_find_machine_acct: %s\n"), ads_errstr(rc));
926 ads_destroy(&ads);
927 return -1;
928 }
929
930 if (ads_count_replies(ads, res) == 0) {
931 d_fprintf(stderr, _("No machine account for '%s' found\n"), lp_netbios_name());
932 ads_destroy(&ads);
933 return -1;
934 }
935
936 ads_dump(ads, res);
937 ads_destroy(&ads);
938 return 0;
939 }
940
941 /*******************************************************************
942 Leave an AD domain. Windows XP disables the machine account.
943 We'll try the same. The old code would do an LDAP delete.
944 That only worked using the machine creds because added the machine
945 with full control to the computer object's ACL.
946 *******************************************************************/
947
948 static int net_ads_leave(struct net_context *c, int argc, const char **argv)
949 {
950 TALLOC_CTX *ctx;
951 struct libnet_UnjoinCtx *r = NULL;
952 WERROR werr;
953
954 if (c->display_usage) {
955 d_printf( "%s\n"
956 "net ads leave\n"
957 " %s\n",
958 _("Usage:"),
959 _("Leave an AD domain"));
960 return 0;
961 }
962
963 if (!*lp_realm()) {
964 d_fprintf(stderr, _("No realm set, are we joined ?\n"));
965 return -1;
966 }
967
968 if (!(ctx = talloc_init("net_ads_leave"))) {
969 d_fprintf(stderr, _("Could not initialise talloc context.\n"));
970 return -1;
971 }
972
973 if (!c->opt_kerberos) {
974 use_in_memory_ccache();
975 }
976
977 if (!c->msg_ctx) {
978 d_fprintf(stderr, _("Could not initialise message context. "
979 "Try running as root\n"));
980 return -1;
981 }
982
983 werr = libnet_init_UnjoinCtx(ctx, &r);
984 if (!W_ERROR_IS_OK(werr)) {
985 d_fprintf(stderr, _("Could not initialise unjoin context.\n"));
986 return -1;
987 }
988
989 r->in.debug = true;
990 r->in.use_kerberos = c->opt_kerberos;
991 r->in.dc_name = c->opt_host;
992 r->in.domain_name = lp_realm();
993 r->in.admin_account = c->opt_user_name;
994 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
995 r->in.modify_config = lp_config_backend_is_registry();
996
997 /* Try to delete it, but if that fails, disable it. The
998 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE really means "disable */
999 r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
1000 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
1001 r->in.delete_machine_account = true;
1002 r->in.msg_ctx = c->msg_ctx;
1003
1004 werr = libnet_Unjoin(ctx, r);
1005 if (!W_ERROR_IS_OK(werr)) {
1006 d_printf(_("Failed to leave domain: %s\n"),
1007 r->out.error_string ? r->out.error_string :
1008 get_friendly_werror_msg(werr));
1009 goto done;
1010 }
1011
1012 if (r->out.deleted_machine_account) {
1013 d_printf(_("Deleted account for '%s' in realm '%s'\n"),
1014 r->in.machine_name, r->out.dns_domain_name);
1015 goto done;
1016 }
1017
1018 /* We couldn't delete it - see if the disable succeeded. */
1019 if (r->out.disabled_machine_account) {
1020 d_printf(_("Disabled account for '%s' in realm '%s'\n"),
1021 r->in.machine_name, r->out.dns_domain_name);
1022 werr = WERR_OK;
1023 goto done;
1024 }
1025
1026 /* Based on what we requested, we shouldn't get here, but if
1027 we did, it means the secrets were removed, and therefore
1028 we have left the domain */
1029 d_fprintf(stderr, _("Machine '%s' Left domain '%s'\n"),
1030 r->in.machine_name, r->out.dns_domain_name);
1031
1032 done:
1033 TALLOC_FREE(r);
1034 TALLOC_FREE(ctx);
1035
1036 if (W_ERROR_IS_OK(werr)) {
1037 return 0;
1038 }
1039
1040 return -1;
1041 }
1042
1043 static NTSTATUS net_ads_join_ok(struct net_context *c)
1044 {
1045 ADS_STRUCT *ads = NULL;
1046 ADS_STATUS status;
1047 fstring dc_name;
1048 struct sockaddr_storage dcip;
1049
1050 if (!secrets_init()) {
1051 DEBUG(1,("Failed to initialise secrets database\n"));
1052 return NT_STATUS_ACCESS_DENIED;
1053 }
1054
1055 net_use_krb_machine_account(c);
1056
1057 get_dc_name(lp_workgroup(), lp_realm(), dc_name, &dcip);
1058
1059 status = ads_startup(c, true, &ads);
1060 if (!ADS_ERR_OK(status)) {
1061 return ads_ntstatus(status);
1062 }
1063
1064 ads_destroy(&ads);
1065 return NT_STATUS_OK;
1066 }
1067
1068 /*
1069 check that an existing join is OK
1070 */
1071 int net_ads_testjoin(struct net_context *c, int argc, const char **argv)
1072 {
1073 NTSTATUS status;
1074 use_in_memory_ccache();
1075
1076 if (c->display_usage) {
1077 d_printf( "%s\n"
1078 "net ads testjoin\n"
1079 " %s\n",
1080 _("Usage:"),
1081 _("Test if the existing join is ok"));
1082 return 0;
1083 }
1084
1085 /* Display success or failure */
1086 status = net_ads_join_ok(c);
1087 if (!NT_STATUS_IS_OK(status)) {
1088 fprintf(stderr, _("Join to domain is not valid: %s\n"),
1089 get_friendly_nt_error_msg(status));
1090 return -1;
1091 }
1092
1093 printf(_("Join is OK\n"));
1094 return 0;
1095 }
1096
1097 /*******************************************************************
1098 Simple configu checks before beginning the join
1099 ********************************************************************/
1100
1101 static WERROR check_ads_config( void )
1102 {
1103 if (lp_server_role() != ROLE_DOMAIN_MEMBER ) {
1104 d_printf(_("Host is not configured as a member server.\n"));
1105 return WERR_INVALID_DOMAIN_ROLE;
1106 }
1107
1108 if (strlen(lp_netbios_name()) > 15) {
1109 d_printf(_("Our netbios name can be at most 15 chars long, "
1110 "\"%s\" is %u chars long\n"), lp_netbios_name(),
1111 (unsigned int)strlen(lp_netbios_name()));
1112 return WERR_INVALID_COMPUTERNAME;
1113 }
1114
1115 if ( lp_security() == SEC_ADS && !*lp_realm()) {
1116 d_fprintf(stderr, _("realm must be set in in %s for ADS "
1117 "join to succeed.\n"), get_dyn_CONFIGFILE());
1118 return WERR_INVALID_PARAM;
1119 }
1120
1121 return WERR_OK;
1122 }
1123
1124 /*******************************************************************
1125 Send a DNS update request
1126 *******************************************************************/
1127
1128 #if defined(WITH_DNS_UPDATES)
1129 #include "../lib/addns/dns.h"
1130
1131 static NTSTATUS net_update_dns_internal(struct net_context *c,
1132 TALLOC_CTX *ctx, ADS_STRUCT *ads,
1133 const char *machine_name,
1134 const struct sockaddr_storage *addrs,
1135 int num_addrs)
1136 {
1137 struct dns_rr_ns *nameservers = NULL;
1138 int ns_count = 0, i;
1139 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1140 DNS_ERROR dns_err;
1141 fstring dns_server;
1142 const char *dns_hosts_file;
1143 const char *dnsdomain = NULL;
1144 char *root_domain = NULL;
1145
1146 if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) {
1147 d_printf(_("No DNS domain configured for %s. "
1148 "Unable to perform DNS Update.\n"), machine_name);
1149 status = NT_STATUS_INVALID_PARAMETER;
1150 goto done;
1151 }
1152 dnsdomain++;
1153
1154 dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
1155 status = ads_dns_lookup_ns(ctx, dns_hosts_file,
1156 dnsdomain, &nameservers, &ns_count);
1157 if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
1158 /* Child domains often do not have NS records. Look
1159 for the NS record for the forest root domain
1160 (rootDomainNamingContext in therootDSE) */
1161
1162 const char *rootname_attrs[] = { "rootDomainNamingContext", NULL };
1163 LDAPMessage *msg = NULL;
1164 char *root_dn;
1165 ADS_STATUS ads_status;
1166
1167 if ( !ads->ldap.ld ) {
1168 ads_status = ads_connect( ads );
1169 if ( !ADS_ERR_OK(ads_status) ) {
1170 DEBUG(0,("net_update_dns_internal: Failed to connect to our DC!\n"));
1171 goto done;
1172 }
1173 }
1174
1175 ads_status = ads_do_search(ads, "", LDAP_SCOPE_BASE,
1176 "(objectclass=*)", rootname_attrs, &msg);
1177 if (!ADS_ERR_OK(ads_status)) {
1178 goto done;
1179 }
1180
1181 root_dn = ads_pull_string(ads, ctx, msg, "rootDomainNamingContext");
1182 if ( !root_dn ) {
1183 ads_msgfree( ads, msg );
1184 goto done;
1185 }
1186
1187 root_domain = ads_build_domain( root_dn );
1188
1189 /* cleanup */
1190 ads_msgfree( ads, msg );
1191
1192 /* try again for NS servers */
1193
1194 status = ads_dns_lookup_ns(ctx, dns_hosts_file, root_domain,
1195 &nameservers, &ns_count);
1196
1197 if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
1198 DEBUG(3,("net_ads_join: Failed to find name server for the %s "
1199 "realm\n", ads->config.realm));
1200 goto done;
1201 }
1202
1203 dnsdomain = root_domain;
1204
1205 }
1206
1207 for (i=0; i < ns_count; i++) {
1208
1209 status = NT_STATUS_UNSUCCESSFUL;
1210
1211 /* Now perform the dns update - we'll try non-secure and if we fail,
1212 we'll follow it up with a secure update */
1213
1214 fstrcpy( dns_server, nameservers[i].hostname );
1215
1216 dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs);
1217 if (ERR_DNS_IS_OK(dns_err)) {
1218 status = NT_STATUS_OK;
1219 goto done;
1220 }
1221
1222 if (ERR_DNS_EQUAL(dns_err, ERROR_DNS_INVALID_NAME_SERVER) ||
1223 ERR_DNS_EQUAL(dns_err, ERROR_DNS_CONNECTION_FAILED) ||
1224 ERR_DNS_EQUAL(dns_err, ERROR_DNS_SOCKET_ERROR)) {
1225 DEBUG(1,("retrying DNS update with next nameserver after receiving %s\n",
1226 dns_errstr(dns_err)));
1227 continue;
1228 }
1229
1230 d_printf(_("DNS Update for %s failed: %s\n"),
1231 machine_name, dns_errstr(dns_err));
1232 status = NT_STATUS_UNSUCCESSFUL;
1233 goto done;
1234 }
1235
1236 done:
1237
1238 SAFE_FREE( root_domain );
1239
1240 return status;
1241 }
1242
1243 static NTSTATUS net_update_dns_ext(struct net_context *c,
1244 TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
1245 const char *hostname,
1246 struct sockaddr_storage *iplist,
1247 int num_addrs)
1248 {
1249 struct sockaddr_storage *iplist_alloc = NULL;
1250 fstring machine_name;
1251 NTSTATUS status;
1252
1253 if (hostname) {
1254 fstrcpy(machine_name, hostname);
1255 } else {
1256 name_to_fqdn( machine_name, lp_netbios_name() );
1257 }
1258 if (!strlower_m( machine_name )) {
1259 return NT_STATUS_INVALID_PARAMETER;
1260 }
1261
1262 if (num_addrs == 0 || iplist == NULL) {
1263 /*
1264 * Get our ip address
1265 * (not the 127.0.0.x address but a real ip address)
1266 */
1267 num_addrs = get_my_ip_address(&iplist_alloc);
1268 if ( num_addrs <= 0 ) {
1269 DEBUG(4, ("net_update_dns_ext: Failed to find my "
1270 "non-loopback IP addresses!\n"));
1271 return NT_STATUS_INVALID_PARAMETER;
1272 }
1273 iplist = iplist_alloc;
1274 }
1275
1276 status = net_update_dns_internal(c, mem_ctx, ads, machine_name,
1277 iplist, num_addrs);
1278
1279 SAFE_FREE(iplist_alloc);
1280 return status;
1281 }
1282
1283 static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
1284 {
1285 NTSTATUS status;
1286
1287 status = net_update_dns_ext(c, mem_ctx, ads, hostname, NULL, 0);
1288 return status;
1289 }
1290 #endif
1291
1292
1293 /*******************************************************************
1294 ********************************************************************/
1295
1296 static int net_ads_join_usage(struct net_context *c, int argc, const char **argv)
1297 {
1298 d_printf(_("net ads join [options]\n"
1299 "Valid options:\n"));
1300 d_printf(_(" createupn[=UPN] Set the userPrincipalName attribute during the join.\n"
1301 " The deault UPN is in the form host/netbiosname@REALM.\n"));
1302 d_printf(_(" createcomputer=OU Precreate the computer account in a specific OU.\n"
1303 " The OU string read from top to bottom without RDNs and delimited by a '/'.\n"
1304 " E.g. \"createcomputer=Computers/Servers/Unix\"\n"
1305 " NB: A backslash '\\' is used as escape at multiple levels and may\n"
1306 " need to be doubled or even quadrupled. It is not used as a separator.\n"));
1307 d_printf(_(" osName=string Set the operatingSystem attribute during the join.\n"));
1308 d_printf(_(" osVer=string Set the operatingSystemVersion attribute during the join.\n"
1309 " NB: osName and osVer must be specified together for either to take effect.\n"
1310 " Also, the operatingSystemService attribute is also set when along with\n"
1311 " the two other attributes.\n"));
1312
1313 return -1;
1314 }
1315
1316
1317 static void _net_ads_join_dns_updates(struct net_context *c, TALLOC_CTX *ctx, struct libnet_JoinCtx *r)
1318 {
1319 #if defined(WITH_DNS_UPDATES)
1320 ADS_STRUCT *ads_dns = NULL;
1321 int ret;
1322 NTSTATUS status;
1323
1324 /*
1325 * In a clustered environment, don't do dynamic dns updates:
1326 * Registering the set of ip addresses that are assigned to
1327 * the interfaces of the node that performs the join does usually
1328 * not have the desired effect, since the local interfaces do not
1329 * carry the complete set of the cluster's public IP addresses.
1330 * And it can also contain internal addresses that should not
1331 * be visible to the outside at all.
1332 * In order to do dns updates in a clustererd setup, use
1333 * net ads dns register.
1334 */
1335 if (lp_clustering()) {
1336 d_fprintf(stderr, _("Not doing automatic DNS update in a "
1337 "clustered setup.\n"));
1338 return;
1339 }
1340
1341 if (!r->out.domain_is_ad) {
1342 return;
1343 }
1344
1345 /*
1346 * We enter this block with user creds.
1347 * kinit with the machine password to do dns update.
1348 */
1349
1350 ads_dns = ads_init(lp_realm(), NULL, r->in.dc_name);
1351
1352 if (ads_dns == NULL) {
1353 d_fprintf(stderr, _("DNS update failed: out of memory!\n"));
1354 goto done;
1355 }
1356
1357 use_in_memory_ccache();
1358
1359 ret = asprintf(&ads_dns->auth.user_name, "%s$", lp_netbios_name());
1360 if (ret == -1) {
1361 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1362 goto done;
1363 }
1364
1365 ads_dns->auth.password = secrets_fetch_machine_password(
1366 r->out.netbios_domain_name, NULL, NULL);
1367 if (ads_dns->auth.password == NULL) {
1368 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1369 goto done;
1370 }
1371
1372 ads_dns->auth.realm = SMB_STRDUP(r->out.dns_domain_name);
1373 if (ads_dns->auth.realm == NULL) {
1374 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1375 goto done;
1376 }
1377
1378 if (!strupper_m(ads_dns->auth.realm)) {
1379 d_fprintf(stderr, _("strupper_m %s failed\n"), ads_dns->auth.realm);
1380 goto done;
1381 }
1382
1383 ret = ads_kinit_password(ads_dns);
1384 if (ret != 0) {
1385 d_fprintf(stderr,
1386 _("DNS update failed: kinit failed: %s\n"),
1387 error_message(ret));
1388 goto done;
1389 }
1390
1391 status = net_update_dns(c, ctx, ads_dns, NULL);
1392 if (!NT_STATUS_IS_OK(status)) {
1393 d_fprintf( stderr, _("DNS update failed: %s\n"),
1394 nt_errstr(status));
1395 }
1396
1397 done:
1398 ads_destroy(&ads_dns);
1399 #endif
1400
1401 return;
1402 }
1403
1404
1405 int net_ads_join(struct net_context *c, int argc, const char **argv)
1406 {
1407 TALLOC_CTX *ctx = NULL;
1408 struct libnet_JoinCtx *r = NULL;
1409 const char *domain = lp_realm();
1410 WERROR werr = WERR_SETUP_NOT_JOINED;
1411 bool createupn = false;
1412 const char *machineupn = NULL;
1413 const char *create_in_ou = NULL;
1414 int i;
1415 const char *os_name = NULL;
1416 const char *os_version = NULL;
1417 bool modify_config = lp_config_backend_is_registry();
1418
1419 if (c->display_usage)
1420 return net_ads_join_usage(c, argc, argv);
1421
1422 if (!modify_config) {
1423
1424 werr = check_ads_config();
1425 if (!W_ERROR_IS_OK(werr)) {
1426 d_fprintf(stderr, _("Invalid configuration. Exiting....\n"));
1427 goto fail;
1428 }
1429 }
1430
1431 if (!(ctx = talloc_init("net_ads_join"))) {
1432 d_fprintf(stderr, _("Could not initialise talloc context.\n"));
1433 werr = WERR_NOMEM;
1434 goto fail;
1435 }
1436
1437 if (!c->opt_kerberos) {
1438 use_in_memory_ccache();
1439 }
1440
1441 werr = libnet_init_JoinCtx(ctx, &r);
1442 if (!W_ERROR_IS_OK(werr)) {
1443 goto fail;
1444 }
1445
1446 /* process additional command line args */
1447
1448 for ( i=0; i<argc; i++ ) {
1449 if ( !strncasecmp_m(argv[i], "createupn", strlen("createupn")) ) {
1450 createupn = true;
1451 machineupn = get_string_param(argv[i]);
1452 }
1453 else if ( !strncasecmp_m(argv[i], "createcomputer", strlen("createcomputer")) ) {
1454 if ( (create_in_ou = get_string_param(argv[i])) == NULL ) {
1455 d_fprintf(stderr, _("Please supply a valid OU path.\n"));
1456 werr = WERR_INVALID_PARAM;
1457 goto fail;
1458 }
1459 }
1460 else if ( !strncasecmp_m(argv[i], "osName", strlen("osName")) ) {
1461 if ( (os_name = get_string_param(argv[i])) == NULL ) {
1462 d_fprintf(stderr, _("Please supply a operating system name.\n"));
1463 werr = WERR_INVALID_PARAM;
1464 goto fail;
1465 }
1466 }
1467 else if ( !strncasecmp_m(argv[i], "osVer", strlen("osVer")) ) {
1468 if ( (os_version = get_string_param(argv[i])) == NULL ) {
1469 d_fprintf(stderr, _("Please supply a valid operating system version.\n"));
1470 werr = WERR_INVALID_PARAM;
1471 goto fail;
1472 }
1473 }
1474 else {
1475 domain = argv[i];
1476 }
1477 }
1478
1479 if (!*domain) {
1480 d_fprintf(stderr, _("Please supply a valid domain name\n"));
1481 werr = WERR_INVALID_PARAM;
1482 goto fail;
1483 }
1484
1485 if (!c->msg_ctx) {
1486 d_fprintf(stderr, _("Could not initialise message context. "
1487 "Try running as root\n"));
1488 werr = WERR_ACCESS_DENIED;
1489 goto fail;
1490 }
1491
1492 /* Do the domain join here */
1493
1494 r->in.domain_name = domain;
1495 r->in.create_upn = createupn;
1496 r->in.upn = machineupn;
1497 r->in.account_ou = create_in_ou;
1498 r->in.os_name = os_name;
1499 r->in.os_version = os_version;
1500 r->in.dc_name = c->opt_host;
1501 r->in.admin_account = c->opt_user_name;
1502 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
1503 r->in.debug = true;
1504 r->in.use_kerberos = c->opt_kerberos;
1505 r->in.modify_config = modify_config;
1506 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
1507 WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
1508 WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
1509 r->in.msg_ctx = c->msg_ctx;
1510
1511 werr = libnet_Join(ctx, r);
1512 if (W_ERROR_EQUAL(werr, WERR_DCNOTFOUND) &&
1513 strequal(domain, lp_realm())) {
1514 r->in.domain_name = lp_workgroup();
1515 werr = libnet_Join(ctx, r);
1516 }
1517 if (!W_ERROR_IS_OK(werr)) {
1518 goto fail;
1519 }
1520
1521 /* Check the short name of the domain */
1522
1523 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
1524 d_printf(_("The workgroup in %s does not match the short\n"
1525 "domain name obtained from the server.\n"
1526 "Using the name [%s] from the server.\n"
1527 "You should set \"workgroup = %s\" in %s.\n"),
1528 get_dyn_CONFIGFILE(), r->out.netbios_domain_name,
1529 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
1530 }
1531
1532 d_printf(_("Using short domain name -- %s\n"), r->out.netbios_domain_name);
1533
1534 if (r->out.dns_domain_name) {
1535 d_printf(_("Joined '%s' to realm '%s'\n"), r->in.machine_name,
1536 r->out.dns_domain_name);
1537 } else {
1538 d_printf(_("Joined '%s' to domain '%s'\n"), r->in.machine_name,
1539 r->out.netbios_domain_name);
1540 }
1541
1542 /*
1543 * We try doing the dns update (if it was compiled in).
1544 * If the dns update fails, we still consider the join
1545 * operation as succeeded if we came this far.
1546 */
1547 _net_ads_join_dns_updates(c, ctx, r);
1548
1549 TALLOC_FREE(r);
1550 TALLOC_FREE( ctx );
1551
1552 return 0;
1553
1554 fail:
1555 /* issue an overall failure message at the end. */
1556 d_printf(_("Failed to join domain: %s\n"),
1557 r && r->out.error_string ? r->out.error_string :
1558 get_friendly_werror_msg(werr));
1559 TALLOC_FREE( ctx );
1560
1561 return -1;
1562 }
1563
1564 /*******************************************************************
1565 ********************************************************************/
1566
1567 static int net_ads_dns_register(struct net_context *c, int argc, const char **argv)
1568 {
1569 #if defined(WITH_DNS_UPDATES)
1570 ADS_STRUCT *ads;
1571 ADS_STATUS status;
1572 NTSTATUS ntstatus;
1573 TALLOC_CTX *ctx;
1574 const char *hostname = NULL;
1575 const char **addrs_list = NULL;
1576 struct sockaddr_storage *addrs = NULL;
1577 int num_addrs = 0;
1578 int count;
1579
1580 #ifdef DEVELOPER
1581 talloc_enable_leak_report();
1582 #endif
1583
1584 if (argc <= 1 && lp_clustering() && lp_cluster_addresses() == NULL) {
1585 d_fprintf(stderr, _("Refusing DNS updates with automatic "
1586 "detection of addresses in a clustered "
1587 "setup.\n"));
1588 c->display_usage = true;
1589 }
1590
1591 if (c->display_usage) {
1592 d_printf( "%s\n"
1593 "net ads dns register [hostname [IP [IP...]]]\n"
1594 " %s\n",
1595 _("Usage:"),
1596 _("Register hostname with DNS\n"));
1597 return -1;
1598 }
1599
1600 if (!(ctx = talloc_init("net_ads_dns"))) {
1601 d_fprintf(stderr, _("Could not initialise talloc context\n"));
1602 return -1;
1603 }
1604
1605 if (argc >= 1) {
1606 hostname = argv[0];
1607 }
1608
1609 if (argc > 1) {
1610 num_addrs = argc - 1;
1611 addrs_list = &argv[1];
1612 } else if (lp_clustering()) {
1613 addrs_list = lp_cluster_addresses();
1614 num_addrs = str_list_length(addrs_list);
1615 }
1616
1617 if (num_addrs > 0) {
1618 addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs);
1619 if (addrs == NULL) {
1620 d_fprintf(stderr, _("Error allocating memory!\n"));
1621 talloc_free(ctx);
1622 return -1;
1623 }
1624 }
1625
1626 for (count = 0; count < num_addrs; count++) {
1627 if (!interpret_string_addr(&addrs[count], addrs_list[count], 0)) {
1628 d_fprintf(stderr, "%s '%s'.\n",
1629 _("Cannot interpret address"),
1630 addrs_list[count]);
1631 talloc_free(ctx);
1632 return -1;
1633 }
1634 }
1635
1636 status = ads_startup(c, true, &ads);
1637 if ( !ADS_ERR_OK(status) ) {
1638 DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
1639 TALLOC_FREE(ctx);
1640 return -1;
1641 }
1642
1643 ntstatus = net_update_dns_ext(c, ctx, ads, hostname, addrs, num_addrs);
1644 if (!NT_STATUS_IS_OK(ntstatus)) {
1645 d_fprintf( stderr, _("DNS update failed!\n") );
1646 ads_destroy( &ads );
1647 TALLOC_FREE( ctx );
1648 return -1;
1649 }
1650
1651 d_fprintf( stderr, _("Successfully registered hostname with DNS\n") );
1652
1653 ads_destroy(&ads);
1654 TALLOC_FREE( ctx );
1655
1656 return 0;
1657 #else
1658 d_fprintf(stderr,
1659 _("DNS update support not enabled at compile time!\n"));
1660 return -1;
1661 #endif
1662 }
1663
1664 static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv)
1665 {
1666 #if defined(WITH_DNS_UPDATES)
1667 DNS_ERROR err;
1668
1669 #ifdef DEVELOPER
1670 talloc_enable_leak_report();
1671 #endif
1672
1673 if (argc != 2 || c->display_usage) {
1674 d_printf( "%s\n"
1675 " %s\n"
1676 " %s\n",
1677 _("Usage:"),
1678 _("net ads dns gethostbyname <server> <name>\n"),
1679 _(" Look up hostname from the AD\n"
1680 " server\tName server to use\n"
1681 " name\tName to look up\n"));
1682 return -1;
1683 }
1684
1685 err = do_gethostbyname(argv[0], argv[1]);
1686
1687 d_printf(_("do_gethostbyname returned %s (%d)\n"),
1688 dns_errstr(err), ERROR_DNS_V(err));
1689 #endif
1690 return 0;
1691 }
1692
1693 static int net_ads_dns(struct net_context *c, int argc, const char *argv[])
1694 {
1695 struct functable func[] = {
1696 {
1697 "register",
1698 net_ads_dns_register,
1699 NET_TRANSPORT_ADS,
1700 N_("Add host dns entry to AD"),
1701 N_("net ads dns register\n"
1702 " Add host dns entry to AD")
1703 },
1704 {
1705 "gethostbyname",
1706 net_ads_dns_gethostbyname,
1707 NET_TRANSPORT_ADS,
1708 N_("Look up host"),
1709 N_("net ads dns gethostbyname\n"
1710 " Look up host")
1711 },
1712 {NULL, NULL, 0, NULL, NULL}
1713 };
1714
1715 return net_run_function(c, argc, argv, "net ads dns", func);
1716 }
1717
1718 /*******************************************************************
1719 ********************************************************************/
1720
1721 int net_ads_printer_usage(struct net_context *c, int argc, const char **argv)
1722 {
1723 d_printf(_(
1724 "\nnet ads printer search <printer>"
1725 "\n\tsearch for a printer in the directory\n"
1726 "\nnet ads printer info <printer> <server>"
1727 "\n\tlookup info in directory for printer on server"
1728 "\n\t(note: printer defaults to \"*\", server defaults to local)\n"
1729 "\nnet ads printer publish <printername>"
1730 "\n\tpublish printer in directory"
1731 "\n\t(note: printer name is required)\n"
1732 "\nnet ads printer remove <printername>"
1733 "\n\tremove printer from directory"
1734 "\n\t(note: printer name is required)\n"));
1735 return -1;
1736 }
1737
1738 /*******************************************************************
1739 ********************************************************************/
1740
1741 static int net_ads_printer_search(struct net_context *c, int argc, const char **argv)
1742 {
1743 ADS_STRUCT *ads;
1744 ADS_STATUS rc;
1745 LDAPMessage *res = NULL;
1746
1747 if (c->display_usage) {
1748 d_printf( "%s\n"
1749 "net ads printer search\n"
1750 " %s\n",
1751 _("Usage:"),
1752 _("List printers in the AD"));
1753 return 0;
1754 }
1755
1756 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
1757 return -1;
1758 }
1759
1760 rc = ads_find_printers(ads, &res);
1761
1762 if (!ADS_ERR_OK(rc)) {
1763 d_fprintf(stderr, _("ads_find_printer: %s\n"), ads_errstr(rc));
1764 ads_msgfree(ads, res);
1765 ads_destroy(&ads);
1766 return -1;
1767 }
1768
1769 if (ads_count_replies(ads, res) == 0) {
1770 d_fprintf(stderr, _("No results found\n"));
1771 ads_msgfree(ads, res);
1772 ads_destroy(&ads);
1773 return -1;
1774 }
1775
1776 ads_dump(ads, res);
1777 ads_msgfree(ads, res);
1778 ads_destroy(&ads);
1779 return 0;
1780 }
1781
1782 static int net_ads_printer_info(struct net_context *c, int argc, const char **argv)
1783 {
1784 ADS_STRUCT *ads;
1785 ADS_STATUS rc;
1786 const char *servername, *printername;
1787 LDAPMessage *res = NULL;
1788
1789 if (c->display_usage) {
1790 d_printf("%s\n%s",
1791 _("Usage:"),
1792 _("net ads printer info [printername [servername]]\n"
1793 " Display printer info from AD\n"
1794 " printername\tPrinter name or wildcard\n"
1795 " servername\tName of the print server\n"));
1796 return 0;
1797 }
1798
1799 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
1800 return -1;
1801 }
1802
1803 if (argc > 0) {
1804 printername = argv[0];
1805 } else {
1806 printername = "*";
1807 }
1808
1809 if (argc > 1) {
1810 servername = argv[1];
1811 } else {
1812 servername = lp_netbios_name();
1813 }
1814
1815 rc = ads_find_printer_on_server(ads, &res, printername, servername);
1816
1817 if (!ADS_ERR_OK(rc)) {
1818 d_fprintf(stderr, _("Server '%s' not found: %s\n"),
1819 servername, ads_errstr(rc));
1820 ads_msgfree(ads, res);
1821 ads_destroy(&ads);
1822 return -1;
1823 }
1824
1825 if (ads_count_replies(ads, res) == 0) {
1826 d_fprintf(stderr, _("Printer '%s' not found\n"), printername);
1827 ads_msgfree(ads, res);
1828 ads_destroy(&ads);
1829 return -1;
1830 }
1831
1832 ads_dump(ads, res);
1833 ads_msgfree(ads, res);
1834 ads_destroy(&ads);
1835
1836 return 0;
1837 }
1838
1839 static int net_ads_printer_publish(struct net_context *c, int argc, const char **argv)
1840 {
1841 ADS_STRUCT *ads;
1842 ADS_STATUS rc;
1843 const char *servername, *printername;
1844 struct cli_state *cli = NULL;
1845 struct rpc_pipe_client *pipe_hnd = NULL;
1846 struct sockaddr_storage server_ss;
1847 NTSTATUS nt_status;
1848 TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish");
1849 ADS_MODLIST mods = ads_init_mods(mem_ctx);
1850 char *prt_dn, *srv_dn, **srv_cn;
1851 char *srv_cn_escaped = NULL, *printername_escaped = NULL;
1852 LDAPMessage *res = NULL;
1853
1854 if (argc < 1 || c->display_usage) {
1855 d_printf("%s\n%s",
1856 _("Usage:"),
1857 _("net ads printer publish <printername> [servername]\n"
1858 " Publish printer in AD\n"
1859 " printername\tName of the printer\n"
1860 " servername\tName of the print server\n"));
1861 talloc_destroy(mem_ctx);
1862 return -1;
1863 }
1864
1865 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
1866 talloc_destroy(mem_ctx);
1867 return -1;
1868 }
1869
1870 printername = argv[0];
1871
1872 if (argc == 2) {
1873 servername = argv[1];
1874 } else {
1875 servername = lp_netbios_name();
1876 }
1877
1878 /* Get printer data from SPOOLSS */
1879
1880 resolve_name(servername, &server_ss, 0x20, false);
1881
1882 nt_status = cli_full_connection(&cli, lp_netbios_name(), servername,
1883 &server_ss, 0,
1884 "IPC$", "IPC",
1885 c->opt_user_name, c->opt_workgroup,
1886 c->opt_password ? c->opt_password : "",
1887 CLI_FULL_CONNECTION_USE_KERBEROS,
1888 SMB_SIGNING_DEFAULT);
1889
1890 if (NT_STATUS_IS_ERR(nt_status)) {
1891 d_fprintf(stderr, _("Unable to open a connection to %s to "
1892 "obtain data for %s\n"),
1893 servername, printername);
1894 ads_destroy(&ads);
1895 talloc_destroy(mem_ctx);
1896 return -1;
1897 }
1898
1899 /* Publish on AD server */
1900
1901 ads_find_machine_acct(ads, &res, servername);
1902
1903 if (ads_count_replies(ads, res) == 0) {
1904 d_fprintf(stderr, _("Could not find machine account for server "
1905 "%s\n"),
1906 servername);
1907 ads_destroy(&ads);
1908 talloc_destroy(mem_ctx);
1909 return -1;
1910 }
1911
1912 srv_dn = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
1913 srv_cn = ldap_explode_dn(srv_dn, 1);
1914
1915 srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn[0]);
1916 printername_escaped = escape_rdn_val_string_alloc(printername);
1917 if (!srv_cn_escaped || !printername_escaped) {
1918 SAFE_FREE(srv_cn_escaped);
1919 SAFE_FREE(printername_escaped);
1920 d_fprintf(stderr, _("Internal error, out of memory!"));
1921 ads_destroy(&ads);
1922 talloc_destroy(mem_ctx);
1923 return -1;
1924 }
1925
1926 if (asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn) == -1) {
1927 SAFE_FREE(srv_cn_escaped);
1928 SAFE_FREE(printername_escaped);
1929 d_fprintf(stderr, _("Internal error, out of memory!"));
1930 ads_destroy(&ads);
1931 talloc_destroy(mem_ctx);
1932 return -1;
1933 }
1934
1935 SAFE_FREE(srv_cn_escaped);
1936 SAFE_FREE(printername_escaped);
1937
1938 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss.syntax_id, &pipe_hnd);
1939 if (!NT_STATUS_IS_OK(nt_status)) {
1940 d_fprintf(stderr, _("Unable to open a connection to the spoolss pipe on %s\n"),
1941 servername);
1942 SAFE_FREE(prt_dn);
1943 ads_destroy(&ads);
1944 talloc_destroy(mem_ctx);
1945 return -1;
1946 }
1947
1948 if (!W_ERROR_IS_OK(get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods,
1949 printername))) {
1950 SAFE_FREE(prt_dn);
1951 ads_destroy(&ads);
1952 talloc_destroy(mem_ctx);
1953 return -1;
1954 }
1955
1956 rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods);
1957 if (!ADS_ERR_OK(rc)) {
1958 d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc));
1959 SAFE_FREE(prt_dn);
1960 ads_destroy(&ads);
1961 talloc_destroy(mem_ctx);
1962 return -1;
1963 }
1964
1965 d_printf("published printer\n");
1966 SAFE_FREE(prt_dn);
1967 ads_destroy(&ads);
1968 talloc_destroy(mem_ctx);
1969
1970 return 0;
1971 }
1972
1973 static int net_ads_printer_remove(struct net_context *c, int argc, const char **argv)
1974 {
1975 ADS_STRUCT *ads;
1976 ADS_STATUS rc;
1977 const char *servername;
1978 char *prt_dn;
1979 LDAPMessage *res = NULL;
1980
1981 if (argc < 1 || c->display_usage) {
1982 d_printf("%s\n%s",
1983 _("Usage:"),
1984 _("net ads printer remove <printername> [servername]\n"
1985 " Remove a printer from the AD\n"
1986 " printername\tName of the printer\n"
1987 " servername\tName of the print server\n"));
1988 return -1;
1989 }
1990
1991 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
1992 return -1;
1993 }
1994
1995 if (argc > 1) {
1996 servername = argv[1];
1997 } else {
1998 servername = lp_netbios_name();
1999 }
2000
2001 rc = ads_find_printer_on_server(ads, &res, argv[0], servername);
2002
2003 if (!ADS_ERR_OK(rc)) {
2004 d_fprintf(stderr, _("ads_find_printer_on_server: %s\n"), ads_errstr(rc));
2005 ads_msgfree(ads, res);
2006 ads_destroy(&ads);
2007 return -1;
2008 }
2009
2010 if (ads_count_replies(ads, res) == 0) {
2011 d_fprintf(stderr, _("Printer '%s' not found\n"), argv[1]);
2012 ads_msgfree(ads, res);
2013 ads_destroy(&ads);
2014 return -1;
2015 }
2016
2017 prt_dn = ads_get_dn(ads, talloc_tos(), res);
2018 ads_msgfree(ads, res);
2019 rc = ads_del_dn(ads, prt_dn);
2020 TALLOC_FREE(prt_dn);
2021
2022 if (!ADS_ERR_OK(rc)) {
2023 d_fprintf(stderr, _("ads_del_dn: %s\n"), ads_errstr(rc));
2024 ads_destroy(&ads);
2025 return -1;
2026 }
2027
2028 ads_destroy(&ads);
2029 return 0;
2030 }
2031
2032 static int net_ads_printer(struct net_context *c, int argc, const char **argv)
2033 {
2034 struct functable func[] = {
2035 {
2036 "search",
2037 net_ads_printer_search,
2038 NET_TRANSPORT_ADS,
2039 N_("Search for a printer"),
2040 N_("net ads printer search\n"
2041 " Search for a printer")
2042 },
2043 {
2044 "info",
2045 net_ads_printer_info,
2046 NET_TRANSPORT_ADS,
2047 N_("Display printer information"),
2048 N_("net ads printer info\n"
2049 " Display printer information")
2050 },
2051 {
2052 "publish",
2053 net_ads_printer_publish,
2054 NET_TRANSPORT_ADS,
2055 N_("Publish a printer"),
2056 N_("net ads printer publish\n"
2057 " Publish a printer")
2058 },
2059 {
2060 "remove",
2061 net_ads_printer_remove,
2062 NET_TRANSPORT_ADS,
2063 N_("Delete a printer"),
2064 N_("net ads printer remove\n"
2065 " Delete a printer")
2066 },
2067 {NULL, NULL, 0, NULL, NULL}
2068 };
2069
2070 return net_run_function(c, argc, argv, "net ads printer", func);
2071 }
2072
2073
2074 static int net_ads_password(struct net_context *c, int argc, const char **argv)
2075 {
2076 ADS_STRUCT *ads;
2077 const char *auth_principal = c->opt_user_name;
2078 const char *auth_password = c->opt_password;
2079 const char *realm = NULL;
2080 const char *new_password = NULL;
2081 char *chr, *prompt;
2082 const char *user;
2083 ADS_STATUS ret;
2084
2085 if (c->display_usage) {
2086 d_printf("%s\n%s",
2087 _("Usage:"),
2088 _("net ads password <username>\n"
2089 " Change password for user\n"
2090 " username\tName of user to change password for\n"));
2091 return 0;
2092 }
2093
2094 if (c->opt_user_name == NULL || c->opt_password == NULL) {
2095 d_fprintf(stderr, _("You must supply an administrator "
2096 "username/password\n"));
2097 return -1;
2098 }
2099
2100 if (argc < 1) {
2101 d_fprintf(stderr, _("ERROR: You must say which username to "
2102 "change password for\n"));
2103 return -1;
2104 }
2105
2106 user = argv[0];
2107 if (!strchr_m(user, '@')) {
2108 if (asprintf(&chr, "%s@%s", argv[0], lp_realm()) == -1) {
2109 return -1;
2110 }
2111 user = chr;
2112 }
2113
2114 use_in_memory_ccache();
2115 chr = strchr_m(auth_principal, '@');
2116 if (chr) {
2117 realm = ++chr;
2118 } else {
2119 realm = lp_realm();
2120 }
2121
2122 /* use the realm so we can eventually change passwords for users
2123 in realms other than default */
2124 if (!(ads = ads_init(realm, c->opt_workgroup, c->opt_host))) {
2125 return -1;
2126 }
2127
2128 /* we don't actually need a full connect, but it's the easy way to
2129 fill in the KDC's addresss */
2130 ads_connect(ads);
2131
2132 if (!ads->config.realm) {
2133 d_fprintf(stderr, _("Didn't find the kerberos server!\n"));
2134 ads_destroy(&ads);
2135 return -1;
2136 }
2137
2138 if (argv[1]) {
2139 new_password = (const char *)argv[1];
2140 } else {
2141 if (asprintf(&prompt, _("Enter new password for %s:"), user) == -1) {
2142 return -1;
2143 }
2144 new_password = getpass(prompt);
2145 free(prompt);
2146 }
2147
2148 ret = kerberos_set_password(ads->auth.kdc_server, auth_principal,
2149 auth_password, user, new_password, ads->auth.time_offset);
2150 if (!ADS_ERR_OK(ret)) {
2151 d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
2152 ads_destroy(&ads);
2153 return -1;
2154 }
2155
2156 d_printf(_("Password change for %s completed.\n"), user);
2157 ads_destroy(&ads);
2158
2159 return 0;
2160 }
2161
2162 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
2163 {
2164 ADS_STRUCT *ads;
2165 char *host_principal;
2166 fstring my_name;
2167 ADS_STATUS ret;
2168
2169 if (c->display_usage) {
2170 d_printf( "%s\n"
2171 "net ads changetrustpw\n"
2172 " %s\n",
2173 _("Usage:"),
2174 _("Change the machine account's trust password"));
2175 return 0;
2176 }
2177
2178 if (!secrets_init()) {
2179 DEBUG(1,("Failed to initialise secrets database\n"));
2180 return -1;
2181 }
2182
2183 net_use_krb_machine_account(c);
2184
2185 use_in_memory_ccache();
2186
2187 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2188 return -1;
2189 }
2190
2191 fstrcpy(my_name, lp_netbios_name());
2192 if (!strlower_m(my_name)) {
2193 ads_destroy(&ads);
2194 return -1;
2195 }
2196
2197 if (asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm) == -1) {
2198 ads_destroy(&ads);
2199 return -1;
2200 }
2201 d_printf(_("Changing password for principal: %s\n"), host_principal);
2202
2203 ret = ads_change_trust_account_password(ads, host_principal);
2204
2205 if (!ADS_ERR_OK(ret)) {
2206 d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
2207 ads_destroy(&ads);
2208 SAFE_FREE(host_principal);
2209 return -1;
2210 }
2211
2212 d_printf(_("Password change for principal %s succeeded.\n"), host_principal);
2213
2214 if (USE_SYSTEM_KEYTAB) {
2215 d_printf(_("Attempting to update system keytab with new password.\n"));
2216 if (ads_keytab_create_default(ads)) {
2217 d_printf(_("Failed to update system keytab.\n"));
2218 }
2219 }
2220
2221 ads_destroy(&ads);
2222 SAFE_FREE(host_principal);
2223
2224 return 0;
2225 }
2226
2227 /*
2228 help for net ads search
2229 */
2230 static int net_ads_search_usage(struct net_context *c, int argc, const char **argv)
2231 {
2232 d_printf(_(
2233 "\nnet ads search <expression> <attributes...>\n"
2234 "\nPerform a raw LDAP search on a ADS server and dump the results.\n"
2235 "The expression is a standard LDAP search expression, and the\n"
2236 "attributes are a list of LDAP fields to show in the results.\n\n"
2237 "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n"
2238 ));
2239 net_common_flags_usage(c, argc, argv);
2240 return -1;
2241 }
2242
2243
2244 /*
2245 general ADS search function. Useful in diagnosing problems in ADS
2246 */
2247 static int net_ads_search(struct net_context *c, int argc, const char **argv)
2248 {
2249 ADS_STRUCT *ads;
2250 ADS_STATUS rc;
2251 const char *ldap_exp;
2252 const char **attrs;
2253 LDAPMessage *res = NULL;
2254
2255 if (argc < 1 || c->display_usage) {
2256 return net_ads_search_usage(c, argc, argv);
2257 }
2258
2259 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2260 return -1;
2261 }
2262
2263 ldap_exp = argv[0];
2264 attrs = (argv + 1);
2265
2266 rc = ads_do_search_retry(ads, ads->config.bind_path,
2267 LDAP_SCOPE_SUBTREE,
2268 ldap_exp, attrs, &res);
2269 if (!ADS_ERR_OK(rc)) {
2270 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2271 ads_destroy(&ads);
2272 return -1;
2273 }
2274
2275 d_printf(_("Got %d replies\n\n"), ads_count_replies(ads, res));
2276
2277 /* dump the results */
2278 ads_dump(ads, res);
2279
2280 ads_msgfree(ads, res);
2281 ads_destroy(&ads);
2282
2283 return 0;
2284 }
2285
2286
2287 /*
2288 help for net ads search
2289 */
2290 static int net_ads_dn_usage(struct net_context *c, int argc, const char **argv)
2291 {
2292 d_printf(_(
2293 "\nnet ads dn <dn> <attributes...>\n"
2294 "\nperform a raw LDAP search on a ADS server and dump the results\n"
2295 "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"
2296 "to show in the results\n\n"
2297 "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n"
2298 "Note: the DN must be provided properly escaped. See RFC 4514 for details\n\n"
2299 ));
2300 net_common_flags_usage(c, argc, argv);
2301 return -1;
2302 }
2303
2304
2305 /*
2306 general ADS search function. Useful in diagnosing problems in ADS
2307 */
2308 static int net_ads_dn(struct net_context *c, int argc, const char **argv)
2309 {
2310 ADS_STRUCT *ads;
2311 ADS_STATUS rc;
2312 const char *dn;
2313 const char **attrs;
2314 LDAPMessage *res = NULL;
2315
2316 if (argc < 1 || c->display_usage) {
2317 return net_ads_dn_usage(c, argc, argv);
2318 }
2319
2320 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2321 return -1;
2322 }
2323
2324 dn = argv[0];
2325 attrs = (argv + 1);
2326
2327 rc = ads_do_search_all(ads, dn,
2328 LDAP_SCOPE_BASE,
2329 "(objectclass=*)", attrs, &res);
2330 if (!ADS_ERR_OK(rc)) {
2331 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2332 ads_destroy(&ads);
2333 return -1;
2334 }
2335
2336 d_printf("Got %d replies\n\n", ads_count_replies(ads, res));
2337
2338 /* dump the results */
2339 ads_dump(ads, res);
2340
2341 ads_msgfree(ads, res);
2342 ads_destroy(&ads);
2343
2344 return 0;
2345 }
2346
2347 /*
2348 help for net ads sid search
2349 */
2350 static int net_ads_sid_usage(struct net_context *c, int argc, const char **argv)
2351 {
2352 d_printf(_(
2353 "\nnet ads sid <sid> <attributes...>\n"
2354 "\nperform a raw LDAP search on a ADS server and dump the results\n"
2355 "The SID is in string format, and the attributes are a list of LDAP fields \n"
2356 "to show in the results\n\n"
2357 "Example: net ads sid 'S-1-5-32' distinguishedName\n\n"
2358 ));
2359 net_common_flags_usage(c, argc, argv);
2360 return -1;
2361 }
2362
2363
2364 /*
2365 general ADS search function. Useful in diagnosing problems in ADS
2366 */
2367 static int net_ads_sid(struct net_context *c, int argc, const char **argv)
2368 {
2369 ADS_STRUCT *ads;
2370 ADS_STATUS rc;
2371 const char *sid_string;
2372 const char **attrs;
2373 LDAPMessage *res = NULL;
2374 struct dom_sid sid;
2375
2376 if (argc < 1 || c->display_usage) {
2377 return net_ads_sid_usage(c, argc, argv);
2378 }
2379
2380 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2381 return -1;
2382 }
2383
2384 sid_string = argv[0];
2385 attrs = (argv + 1);
2386
2387 if (!string_to_sid(&sid, sid_string)) {
2388 d_fprintf(stderr, _("could not convert sid\n"));
2389 ads_destroy(&ads);
2390 return -1;
2391 }
2392
2393 rc = ads_search_retry_sid(ads, &res, &sid, attrs);
2394 if (!ADS_ERR_OK(rc)) {
2395 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2396 ads_destroy(&ads);
2397 return -1;
2398 }
2399
2400 d_printf(_("Got %d replies\n\n"), ads_count_replies(ads, res));
2401
2402 /* dump the results */
2403 ads_dump(ads, res);
2404
2405 ads_msgfree(ads, res);
2406 ads_destroy(&ads);
2407
2408 return 0;
2409 }
2410
2411 static int net_ads_keytab_flush(struct net_context *c, int argc, const char **argv)
2412 {
2413 int ret;
2414 ADS_STRUCT *ads;
2415
2416 if (c->display_usage) {
2417 d_printf( "%s\n"
2418 "net ads keytab flush\n"
2419 " %s\n",
2420 _("Usage:"),
2421 _("Delete the whole keytab"));
2422 return 0;
2423 }
2424
2425 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2426 return -1;
2427 }
2428 ret = ads_keytab_flush(ads);
2429 ads_destroy(&ads);
2430 return ret;
2431 }
2432
2433 static int net_ads_keytab_add(struct net_context *c, int argc, const char **argv)
2434 {
2435 int i;
2436 int ret = 0;
2437 ADS_STRUCT *ads;
2438
2439 if (c->display_usage) {
2440 d_printf("%s\n%s",
2441 _("Usage:"),
2442 _("net ads keytab add <principal> [principal ...]\n"
2443 " Add principals to local keytab\n"
2444 " principal\tKerberos principal to add to "
2445 "keytab\n"));
2446 return 0;
2447 }
2448
2449 d_printf(_("Processing principals to add...\n"));
2450 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2451 return -1;
2452 }
2453 for (i = 0; i < argc; i++) {
2454 ret |= ads_keytab_add_entry(ads, argv[i]);
2455 }
2456 ads_destroy(&ads);
2457 return ret;
2458 }
2459
2460 static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv)
2461 {
2462 ADS_STRUCT *ads;
2463 int ret;
2464
2465 if (c->display_usage) {
2466 d_printf( "%s\n"
2467 "net ads keytab create\n"
2468 " %s\n",
2469 _("Usage:"),
2470 _("Create new default keytab"));
2471 return 0;
2472 }
2473
2474 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2475 return -1;
2476 }
2477 ret = ads_keytab_create_default(ads);
2478 ads_destroy(&ads);
2479 return ret;
2480 }
2481
2482 static int net_ads_keytab_list(struct net_context *c, int argc, const char **argv)
2483 {
2484 const char *keytab = NULL;
2485
2486 if (c->display_usage) {
2487 d_printf("%s\n%s",
2488 _("Usage:"),
2489 _("net ads keytab list [keytab]\n"
2490 " List a local keytab\n"
2491 " keytab\tKeytab to list\n"));
2492 return 0;
2493 }
2494
2495 if (argc >= 1) {
2496 keytab = argv[0];
2497 }
2498
2499 return ads_keytab_list(keytab);
2500 }
2501
2502
2503 int net_ads_keytab(struct net_context *c, int argc, const char **argv)
2504 {
2505 struct functable func[] = {
2506 {
2507 "add",
2508 net_ads_keytab_add,
2509 NET_TRANSPORT_ADS,
2510 N_("Add a service principal"),
2511 N_("net ads keytab add\n"
2512 " Add a service principal")
2513 },
2514 {
2515 "create",
2516 net_ads_keytab_create,
2517 NET_TRANSPORT_ADS,
2518 N_("Create a fresh keytab"),
2519 N_("net ads keytab create\n"
2520 " Create a fresh keytab")
2521 },
2522 {
2523 "flush",
2524 net_ads_keytab_flush,
2525 NET_TRANSPORT_ADS,
2526 N_("Remove all keytab entries"),
2527 N_("net ads keytab flush\n"
2528 " Remove all keytab entries")
2529 },
2530 {
2531 "list",
2532 net_ads_keytab_list,
2533 NET_TRANSPORT_ADS,
2534 N_("List a keytab"),
2535 N_("net ads keytab list\n"
2536 " List a keytab")
2537 },
2538 {NULL, NULL, 0, NULL, NULL}
2539 };
2540
2541 if (!USE_KERBEROS_KEYTAB) {
2542 d_printf(_("\nWarning: \"kerberos method\" must be set to a "
2543 "keytab method to use keytab functions.\n"));
2544 }
2545
2546 return net_run_function(c, argc, argv, "net ads keytab", func);
2547 }
2548
2549 static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv)
2550 {
2551 int ret = -1;
2552
2553 if (c->display_usage) {
2554 d_printf( "%s\n"
2555 "net ads kerberos renew\n"
2556 " %s\n",
2557 _("Usage:"),
2558 _("Renew TGT from existing credential cache"));
2559 return 0;
2560 }
2561
2562 ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL);
2563 if (ret) {
2564 d_printf(_("failed to renew kerberos ticket: %s\n"),
2565 error_message(ret));
2566 }
2567 return ret;
2568 }
2569
2570 static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
2571 {
2572 struct PAC_LOGON_INFO *info = NULL;
2573 TALLOC_CTX *mem_ctx = NULL;
2574 NTSTATUS status;
2575 int ret = -1;
2576 const char *impersonate_princ_s = NULL;
2577
2578 if (c->display_usage) {
2579 d_printf( "%s\n"
2580 "net ads kerberos pac\n"
2581 " %s\n",
2582 _("Usage:"),
2583 _("Dump the Kerberos PAC"));
2584 return 0;
2585 }
2586
2587 mem_ctx = talloc_init("net_ads_kerberos_pac");
2588 if (!mem_ctx) {
2589 goto out;
2590 }
2591
2592 if (argc > 0) {
2593 impersonate_princ_s = argv[0];
2594 }
2595
2596 c->opt_password = net_prompt_pass(c, c->opt_user_name);
2597
2598 status = kerberos_return_pac(mem_ctx,
2599 c->opt_user_name,
2600 c->opt_password,
2601 0,
2602 NULL,
2603 NULL,
2604 NULL,
2605 true,
2606 true,
2607 2592000, /* one month */
2608 impersonate_princ_s,
2609 &info);
2610 if (!NT_STATUS_IS_OK(status)) {
2611 d_printf(_("failed to query kerberos PAC: %s\n"),
2612 nt_errstr(status));
2613 goto out;
2614 }
2615
2616 if (info) {
2617 const char *s;
2618 s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
2619 d_printf(_("The Pac: %s\n"), s);
2620 }
2621
2622 ret = 0;
2623 out:
2624 TALLOC_FREE(mem_ctx);
2625 return ret;
2626 }
2627
2628 static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
2629 {
2630 TALLOC_CTX *mem_ctx = NULL;
2631 int ret = -1;
2632 NTSTATUS status;
2633
2634 if (c->display_usage) {
2635 d_printf( "%s\n"
2636 "net ads kerberos kinit\n"
2637 " %s\n",
2638 _("Usage:"),
2639 _("Get Ticket Granting Ticket (TGT) for the user"));
2640 return 0;
2641 }
2642
2643 mem_ctx = talloc_init("net_ads_kerberos_kinit");
2644 if (!mem_ctx) {
2645 goto out;
2646 }
2647
2648 c->opt_password = net_prompt_pass(c, c->opt_user_name);
2649
2650 ret = kerberos_kinit_password_ext(c->opt_user_name,
2651 c->opt_password,
2652 0,
2653 NULL,
2654 NULL,
2655 NULL,
2656 true,
2657 true,
2658 2592000, /* one month */
2659 &status);
2660 if (ret) {
2661 d_printf(_("failed to kinit password: %s\n"),
2662 nt_errstr(status));
2663 }
2664 out:
2665 return ret;
2666 }
2667
2668 int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
2669 {
2670 struct functable func[] = {
2671 {
2672 "kinit",
2673 net_ads_kerberos_kinit,
2674 NET_TRANSPORT_ADS,
2675 N_("Retrieve Ticket Granting Ticket (TGT)"),
2676 N_("net ads kerberos kinit\n"
2677 " Receive Ticket Granting Ticket (TGT)")
2678 },
2679 {
2680 "renew",
2681 net_ads_kerberos_renew,
2682 NET_TRANSPORT_ADS,
2683 N_("Renew Ticket Granting Ticket from credential cache"),
2684 N_("net ads kerberos renew\n"
2685 " Renew Ticket Granting Ticket (TGT) from "
2686 "credential cache")
2687 },
2688 {
2689 "pac",
2690 net_ads_kerberos_pac,
2691 NET_TRANSPORT_ADS,
2692 N_("Dump Kerberos PAC"),
2693 N_("net ads kerberos pac\n"
2694 " Dump Kerberos PAC")
2695 },
2696 {NULL, NULL, 0, NULL, NULL}
2697 };
2698
2699 return net_run_function(c, argc, argv, "net ads kerberos", func);
2700 }
2701
2702 int net_ads(struct net_context *c, int argc, const char **argv)
2703 {
2704 struct functable func[] = {
2705 {
2706 "info",
2707 net_ads_info,
2708 NET_TRANSPORT_ADS,
2709 N_("Display details on remote ADS server"),
2710 N_("net ads info\n"
2711 " Display details on remote ADS server")
2712 },
2713 {
2714 "join",
2715 net_ads_join,
2716 NET_TRANSPORT_ADS,
2717 N_("Join the local machine to ADS realm"),
2718 N_("net ads join\n"
2719 " Join the local machine to ADS realm")
2720 },
2721 {
2722 "testjoin",
2723 net_ads_testjoin,
2724 NET_TRANSPORT_ADS,
2725 N_("Validate machine account"),
2726 N_("net ads testjoin\n"
2727 " Validate machine account")
2728 },
2729 {
2730 "leave",
2731 net_ads_leave,
2732 NET_TRANSPORT_ADS,
2733 N_("Remove the local machine from ADS"),
2734 N_("net ads leave\n"
2735 " Remove the local machine from ADS")
2736 },
2737 {
2738 "status",
2739 net_ads_status,
2740 NET_TRANSPORT_ADS,
2741 N_("Display machine account details"),
2742 N_("net ads status\n"
2743 " Display machine account details")
2744 },
2745 {
2746 "user",
2747 net_ads_user,
2748 NET_TRANSPORT_ADS,
2749 N_("List/modify users"),
2750 N_("net ads user\n"
2751 " List/modify users")
2752 },
2753 {
2754 "group",
2755 net_ads_group,
2756 NET_TRANSPORT_ADS,
2757 N_("List/modify groups"),
2758 N_("net ads group\n"
2759 " List/modify groups")
2760 },
2761 {
2762 "dns",
2763 net_ads_dns,
2764 NET_TRANSPORT_ADS,
2765 N_("Issue dynamic DNS update"),
2766 N_("net ads dns\n"
2767 " Issue dynamic DNS update")
2768 },
2769 {
2770 "password",
2771 net_ads_password,
2772 NET_TRANSPORT_ADS,
2773 N_("Change user passwords"),
2774 N_("net ads password\n"
2775 " Change user passwords")
2776 },
2777 {
2778 "changetrustpw",
2779 net_ads_changetrustpw,
2780 NET_TRANSPORT_ADS,
2781 N_("Change trust account password"),
2782 N_("net ads changetrustpw\n"
2783 " Change trust account password")
2784 },
2785 {
2786 "printer",
2787 net_ads_printer,
2788 NET_TRANSPORT_ADS,
2789 N_("List/modify printer entries"),
2790 N_("net ads printer\n"
2791 " List/modify printer entries")
2792 },
2793 {
2794 "search",
2795 net_ads_search,
2796 NET_TRANSPORT_ADS,
2797 N_("Issue LDAP search using filter"),
2798 N_("net ads search\n"
2799 " Issue LDAP search using filter")
2800 },
2801 {
2802 "dn",
2803 net_ads_dn,
2804 NET_TRANSPORT_ADS,
2805 N_("Issue LDAP search by DN"),
2806 N_("net ads dn\n"
2807 " Issue LDAP search by DN")
2808 },
2809 {
2810 "sid",
2811 net_ads_sid,
2812 NET_TRANSPORT_ADS,
2813 N_("Issue LDAP search by SID"),
2814 N_("net ads sid\n"
2815 " Issue LDAP search by SID")
2816 },
2817 {
2818 "workgroup",
2819 net_ads_workgroup,
2820 NET_TRANSPORT_ADS,
2821 N_("Display workgroup name"),
2822 N_("net ads workgroup\n"
2823 " Display the workgroup name")
2824 },
2825 {
2826 "lookup",
2827 net_ads_lookup,
2828 NET_TRANSPORT_ADS,
2829 N_("Perfom CLDAP query on DC"),
2830 N_("net ads lookup\n"
2831 " Find the ADS DC using CLDAP lookups")
2832 },
2833 {
2834 "keytab",
2835 net_ads_keytab,
2836 NET_TRANSPORT_ADS,
2837 N_("Manage local keytab file"),
2838 N_("net ads keytab\n"
2839 " Manage local keytab file")
2840 },
2841 {
2842 "gpo",
2843 net_ads_gpo,
2844 NET_TRANSPORT_ADS,
2845 N_("Manage group policy objects"),
2846 N_("net ads gpo\n"
2847 " Manage group policy objects")
2848 },
2849 {
2850 "kerberos",
2851 net_ads_kerberos,
2852 NET_TRANSPORT_ADS,
2853 N_("Manage kerberos keytab"),
2854 N_("net ads kerberos\n"
2855 " Manage kerberos keytab")
2856 },
2857 {NULL, NULL, 0, NULL, NULL}
2858 };
2859
2860 return net_run_function(c, argc, argv, "net ads", func);
2861 }
2862
2863 #else
2864
2865 static int net_ads_noads(void)
2866 {
2867 d_fprintf(stderr, _("ADS support not compiled in\n"));
2868 return -1;
2869 }
2870
2871 int net_ads_keytab(struct net_context *c, int argc, const char **argv)
2872 {
2873 return net_ads_noads();
2874 }
2875
2876 int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
2877 {
2878 return net_ads_noads();
2879 }
2880
2881 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
2882 {
2883 return net_ads_noads();
2884 }
2885
2886 int net_ads_join(struct net_context *c, int argc, const char **argv)
2887 {
2888 return net_ads_noads();
2889 }
2890
2891 int net_ads_user(struct net_context *c, int argc, const char **argv)
2892 {
2893 return net_ads_noads();
2894 }
2895
2896 int net_ads_group(struct net_context *c, int argc, const char **argv)
2897 {
2898 return net_ads_noads();
2899 }
2900
2901 int net_ads_gpo(struct net_context *c, int argc, const char **argv)
2902 {
2903 return net_ads_noads();
2904 }
2905
2906 /* this one shouldn't display a message */
2907 int net_ads_check(struct net_context *c)
2908 {
2909 return -1;
2910 }
2911
2912 int net_ads_check_our_domain(struct net_context *c)
2913 {
2914 return -1;
2915 }
2916
2917 int net_ads(struct net_context *c, int argc, const char **argv)
2918 {
2919 return net_ads_noads();
2920 }
2921
2922 #endif /* HAVE_ADS */