search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
build:dist: call build-manpages-nogit for make dist and package generated files
[Samba/gebeck_regimport.git] / source3 / utils / net_ads.c
blobb1d55f10b039ecbc77e016e12b697cc5546f9526
1 /*
2 Samba Unix/Linux SMB client library
3 net ads commands
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
6 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
7 Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org)
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "utils/net.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "librpc/gen_ndr/ndr_krb5pac.h"
27 #include "../librpc/gen_ndr/ndr_spoolss.h"
28 #include "nsswitch/libwbclient/wbclient.h"
29 #include "ads.h"
30 #include "libads/cldap.h"
31 #include "../lib/addns/dnsquery.h"
32 #include "../libds/common/flags.h"
33 #include "librpc/gen_ndr/libnet_join.h"
34 #include "libnet/libnet_join.h"
35 #include "smb_krb5.h"
36 #include "secrets.h"
37 #include "krb5_env.h"
38 #include "../libcli/security/security.h"
39 #include "libsmb/libsmb.h"
40 #include "lib/param/loadparm.h"
41
42 #ifdef HAVE_ADS
43
44 /* when we do not have sufficient input parameters to contact a remote domain
45 * we always fall back to our own realm - Guenther*/
46
47 static const char *assume_own_realm(struct net_context *c)
48 {
49 if (!c->opt_host && strequal(lp_workgroup(), c->opt_target_workgroup)) {
50 return lp_realm();
51 }
52
53 return NULL;
54 }
55
56 /*
57 do a cldap netlogon query
58 */
59 static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
60 {
61 char addr[INET6_ADDRSTRLEN];
62 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
63
64 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
65
66 if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
67 d_fprintf(stderr, _("CLDAP query failed!\n"));
68 return -1;
69 }
70
71 d_printf(_("Information for Domain Controller: %s\n\n"),
72 addr);
73
74 d_printf(_("Response Type: "));
75 switch (reply.command) {
76 case LOGON_SAM_LOGON_USER_UNKNOWN_EX:
77 d_printf("LOGON_SAM_LOGON_USER_UNKNOWN_EX\n");
78 break;
79 case LOGON_SAM_LOGON_RESPONSE_EX:
80 d_printf("LOGON_SAM_LOGON_RESPONSE_EX\n");
81 break;
82 default:
83 d_printf("0x%x\n", reply.command);
84 break;
85 }
86
87 d_printf(_("GUID: %s\n"), GUID_string(talloc_tos(),&reply.domain_uuid));
88
89 d_printf(_("Flags:\n"
90 "\tIs a PDC: %s\n"
91 "\tIs a GC of the forest: %s\n"
92 "\tIs an LDAP server: %s\n"
93 "\tSupports DS: %s\n"
94 "\tIs running a KDC: %s\n"
95 "\tIs running time services: %s\n"
96 "\tIs the closest DC: %s\n"
97 "\tIs writable: %s\n"
98 "\tHas a hardware clock: %s\n"
99 "\tIs a non-domain NC serviced by LDAP server: %s\n"
100 "\tIs NT6 DC that has some secrets: %s\n"
101 "\tIs NT6 DC that has all secrets: %s\n"),
102 (reply.server_type & NBT_SERVER_PDC) ? _("yes") : _("no"),
103 (reply.server_type & NBT_SERVER_GC) ? _("yes") : _("no"),
104 (reply.server_type & NBT_SERVER_LDAP) ? _("yes") : _("no"),
105 (reply.server_type & NBT_SERVER_DS) ? _("yes") : _("no"),
106 (reply.server_type & NBT_SERVER_KDC) ? _("yes") : _("no"),
107 (reply.server_type & NBT_SERVER_TIMESERV) ? _("yes") : _("no"),
108 (reply.server_type & NBT_SERVER_CLOSEST) ? _("yes") : _("no"),
109 (reply.server_type & NBT_SERVER_WRITABLE) ? _("yes") : _("no"),
110 (reply.server_type & NBT_SERVER_GOOD_TIMESERV) ? _("yes") : _("no"),
111 (reply.server_type & NBT_SERVER_NDNC) ? _("yes") : _("no"),
112 (reply.server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) ? _("yes") : _("no"),
113 (reply.server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) ? _("yes") : _("no"));
114
115
116 printf(_("Forest:\t\t\t%s\n"), reply.forest);
117 printf(_("Domain:\t\t\t%s\n"), reply.dns_domain);
118 printf(_("Domain Controller:\t%s\n"), reply.pdc_dns_name);
119
120 printf(_("Pre-Win2k Domain:\t%s\n"), reply.domain_name);
121 printf(_("Pre-Win2k Hostname:\t%s\n"), reply.pdc_name);
122
123 if (*reply.user_name) printf(_("User name:\t%s\n"), reply.user_name);
124
125 printf(_("Server Site Name :\t\t%s\n"), reply.server_site);
126 printf(_("Client Site Name :\t\t%s\n"), reply.client_site);
127
128 d_printf(_("NT Version: %d\n"), reply.nt_version);
129 d_printf(_("LMNT Token: %.2x\n"), reply.lmnt_token);
130 d_printf(_("LM20 Token: %.2x\n"), reply.lm20_token);
131
132 return 0;
133 }
134
135 /*
136 this implements the CLDAP based netlogon lookup requests
137 for finding the domain controller of a ADS domain
138 */
139 static int net_ads_lookup(struct net_context *c, int argc, const char **argv)
140 {
141 ADS_STRUCT *ads;
142 int ret;
143
144 if (c->display_usage) {
145 d_printf("%s\n"
146 "net ads lookup\n"
147 " %s",
148 _("Usage:"),
149 _("Find the ADS DC using CLDAP lookup.\n"));
150 return 0;
151 }
152
153 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
154 d_fprintf(stderr, _("Didn't find the cldap server!\n"));
155 ads_destroy(&ads);
156 return -1;
157 }
158
159 if (!ads->config.realm) {
160 ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
161 ads->ldap.port = 389;
162 }
163
164 ret = net_ads_cldap_netlogon(c, ads);
165 ads_destroy(&ads);
166 return ret;
167 }
168
169
170
171 static int net_ads_info(struct net_context *c, int argc, const char **argv)
172 {
173 ADS_STRUCT *ads;
174 char addr[INET6_ADDRSTRLEN];
175
176 if (c->display_usage) {
177 d_printf("%s\n"
178 "net ads info\n"
179 " %s",
180 _("Usage:"),
181 _("Display information about an Active Directory "
182 "server.\n"));
183 return 0;
184 }
185
186 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
187 d_fprintf(stderr, _("Didn't find the ldap server!\n"));
188 return -1;
189 }
190
191 if (!ads || !ads->config.realm) {
192 d_fprintf(stderr, _("Didn't find the ldap server!\n"));
193 ads_destroy(&ads);
194 return -1;
195 }
196
197 /* Try to set the server's current time since we didn't do a full
198 TCP LDAP session initially */
199
200 if ( !ADS_ERR_OK(ads_current_time( ads )) ) {
201 d_fprintf( stderr, _("Failed to get server's current time!\n"));
202 }
203
204 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
205
206 d_printf(_("LDAP server: %s\n"), addr);
207 d_printf(_("LDAP server name: %s\n"), ads->config.ldap_server_name);
208 d_printf(_("Realm: %s\n"), ads->config.realm);
209 d_printf(_("Bind Path: %s\n"), ads->config.bind_path);
210 d_printf(_("LDAP port: %d\n"), ads->ldap.port);
211 d_printf(_("Server time: %s\n"),
212 http_timestring(talloc_tos(), ads->config.current_time));
213
214 d_printf(_("KDC server: %s\n"), ads->auth.kdc_server );
215 d_printf(_("Server time offset: %d\n"), ads->auth.time_offset );
216
217 ads_destroy(&ads);
218 return 0;
219 }
220
221 static void use_in_memory_ccache(void) {
222 /* Use in-memory credentials cache so we do not interfere with
223 * existing credentials */
224 setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
225 }
226
227 static ADS_STATUS ads_startup_int(struct net_context *c, bool only_own_domain,
228 uint32 auth_flags, ADS_STRUCT **ads_ret)
229 {
230 ADS_STRUCT *ads = NULL;
231 ADS_STATUS status;
232 bool need_password = false;
233 bool second_time = false;
234 char *cp;
235 const char *realm = NULL;
236 bool tried_closest_dc = false;
237
238 /* lp_realm() should be handled by a command line param,
239 However, the join requires that realm be set in smb.conf
240 and compares our realm with the remote server's so this is
241 ok until someone needs more flexibility */
242
243 *ads_ret = NULL;
244
245 retry_connect:
246 if (only_own_domain) {
247 realm = lp_realm();
248 } else {
249 realm = assume_own_realm(c);
250 }
251
252 ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
253
254 if (!c->opt_user_name) {
255 c->opt_user_name = "administrator";
256 }
257
258 if (c->opt_user_specified) {
259 need_password = true;
260 }
261
262 retry:
263 if (!c->opt_password && need_password && !c->opt_machine_pass) {
264 c->opt_password = net_prompt_pass(c, c->opt_user_name);
265 if (!c->opt_password) {
266 ads_destroy(&ads);
267 return ADS_ERROR(LDAP_NO_MEMORY);
268 }
269 }
270
271 if (c->opt_password) {
272 use_in_memory_ccache();
273 SAFE_FREE(ads->auth.password);
274 ads->auth.password = smb_xstrdup(c->opt_password);
275 }
276
277 ads->auth.flags |= auth_flags;
278 SAFE_FREE(ads->auth.user_name);
279 ads->auth.user_name = smb_xstrdup(c->opt_user_name);
280
281 /*
282 * If the username is of the form "name@realm",
283 * extract the realm and convert to upper case.
284 * This is only used to establish the connection.
285 */
286 if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
287 *cp++ = '\0';
288 SAFE_FREE(ads->auth.realm);
289 ads->auth.realm = smb_xstrdup(cp);
290 if (!strupper_m(ads->auth.realm)) {
291 ads_destroy(&ads);
292 return ADS_ERROR(LDAP_NO_MEMORY);
293 }
294 }
295
296 status = ads_connect(ads);
297
298 if (!ADS_ERR_OK(status)) {
299
300 if (NT_STATUS_EQUAL(ads_ntstatus(status),
301 NT_STATUS_NO_LOGON_SERVERS)) {
302 DEBUG(0,("ads_connect: %s\n", ads_errstr(status)));
303 ads_destroy(&ads);
304 return status;
305 }
306
307 if (!need_password && !second_time && !(auth_flags & ADS_AUTH_NO_BIND)) {
308 need_password = true;
309 second_time = true;
310 goto retry;
311 } else {
312 ads_destroy(&ads);
313 return status;
314 }
315 }
316
317 /* when contacting our own domain, make sure we use the closest DC.
318 * This is done by reconnecting to ADS because only the first call to
319 * ads_connect will give us our own sitename */
320
321 if ((only_own_domain || !c->opt_host) && !tried_closest_dc) {
322
323 tried_closest_dc = true; /* avoid loop */
324
325 if (!ads_closest_dc(ads)) {
326
327 namecache_delete(ads->server.realm, 0x1C);
328 namecache_delete(ads->server.workgroup, 0x1C);
329
330 ads_destroy(&ads);
331 ads = NULL;
332
333 goto retry_connect;
334 }
335 }
336
337 *ads_ret = ads;
338 return status;
339 }
340
341 ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
342 {
343 return ads_startup_int(c, only_own_domain, 0, ads);
344 }
345
346 ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
347 {
348 return ads_startup_int(c, only_own_domain, ADS_AUTH_NO_BIND, ads);
349 }
350
351 /*
352 Check to see if connection can be made via ads.
353 ads_startup() stores the password in opt_password if it needs to so
354 that rpc or rap can use it without re-prompting.
355 */
356 static int net_ads_check_int(const char *realm, const char *workgroup, const char *host)
357 {
358 ADS_STRUCT *ads;
359 ADS_STATUS status;
360
361 if ( (ads = ads_init( realm, workgroup, host )) == NULL ) {
362 return -1;
363 }
364
365 ads->auth.flags |= ADS_AUTH_NO_BIND;
366
367 status = ads_connect(ads);
368 if ( !ADS_ERR_OK(status) ) {
369 return -1;
370 }
371
372 ads_destroy(&ads);
373 return 0;
374 }
375
376 int net_ads_check_our_domain(struct net_context *c)
377 {
378 return net_ads_check_int(lp_realm(), lp_workgroup(), NULL);
379 }
380
381 int net_ads_check(struct net_context *c)
382 {
383 return net_ads_check_int(NULL, c->opt_workgroup, c->opt_host);
384 }
385
386 /*
387 determine the netbios workgroup name for a domain
388 */
389 static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
390 {
391 ADS_STRUCT *ads;
392 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
393
394 if (c->display_usage) {
395 d_printf ("%s\n"
396 "net ads workgroup\n"
397 " %s\n",
398 _("Usage:"),
399 _("Print the workgroup name"));
400 return 0;
401 }
402
403 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
404 d_fprintf(stderr, _("Didn't find the cldap server!\n"));
405 return -1;
406 }
407
408 if (!ads->config.realm) {
409 ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
410 ads->ldap.port = 389;
411 }
412
413 if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
414 d_fprintf(stderr, _("CLDAP query failed!\n"));
415 ads_destroy(&ads);
416 return -1;
417 }
418
419 d_printf(_("Workgroup: %s\n"), reply.domain_name);
420
421 ads_destroy(&ads);
422
423 return 0;
424 }
425
426
427
428 static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *data_area)
429 {
430 char **disp_fields = (char **) data_area;
431
432 if (!field) { /* must be end of record */
433 if (disp_fields[0]) {
434 if (!strchr_m(disp_fields[0], '$')) {
435 if (disp_fields[1])
436 d_printf("%-21.21s %s\n",
437 disp_fields[0], disp_fields[1]);
438 else
439 d_printf("%s\n", disp_fields[0]);
440 }
441 }
442 SAFE_FREE(disp_fields[0]);
443 SAFE_FREE(disp_fields[1]);
444 return true;
445 }
446 if (!values) /* must be new field, indicate string field */
447 return true;
448 if (strcasecmp_m(field, "sAMAccountName") == 0) {
449 disp_fields[0] = SMB_STRDUP((char *) values[0]);
450 }
451 if (strcasecmp_m(field, "description") == 0)
452 disp_fields[1] = SMB_STRDUP((char *) values[0]);
453 return true;
454 }
455
456 static int net_ads_user_usage(struct net_context *c, int argc, const char **argv)
457 {
458 return net_user_usage(c, argc, argv);
459 }
460
461 static int ads_user_add(struct net_context *c, int argc, const char **argv)
462 {
463 ADS_STRUCT *ads;
464 ADS_STATUS status;
465 char *upn, *userdn;
466 LDAPMessage *res=NULL;
467 int rc = -1;
468 char *ou_str = NULL;
469
470 if (argc < 1 || c->display_usage)
471 return net_ads_user_usage(c, argc, argv);
472
473 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
474 return -1;
475 }
476
477 status = ads_find_user_acct(ads, &res, argv[0]);
478
479 if (!ADS_ERR_OK(status)) {
480 d_fprintf(stderr, _("ads_user_add: %s\n"), ads_errstr(status));
481 goto done;
482 }
483
484 if (ads_count_replies(ads, res)) {
485 d_fprintf(stderr, _("ads_user_add: User %s already exists\n"),
486 argv[0]);
487 goto done;
488 }
489
490 if (c->opt_container) {
491 ou_str = SMB_STRDUP(c->opt_container);
492 } else {
493 ou_str = ads_default_ou_string(ads, DS_GUID_USERS_CONTAINER);
494 }
495
496 status = ads_add_user_acct(ads, argv[0], ou_str, c->opt_comment);
497
498 if (!ADS_ERR_OK(status)) {
499 d_fprintf(stderr, _("Could not add user %s: %s\n"), argv[0],
500 ads_errstr(status));
501 goto done;
502 }
503
504 /* if no password is to be set, we're done */
505 if (argc == 1) {
506 d_printf(_("User %s added\n"), argv[0]);
507 rc = 0;
508 goto done;
509 }
510
511 /* try setting the password */
512 if (asprintf(&upn, "%s@%s", argv[0], ads->config.realm) == -1) {
513 goto done;
514 }
515 status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1],
516 ads->auth.time_offset);
517 SAFE_FREE(upn);
518 if (ADS_ERR_OK(status)) {
519 d_printf(_("User %s added\n"), argv[0]);
520 rc = 0;
521 goto done;
522 }
523
524 /* password didn't set, delete account */
525 d_fprintf(stderr, _("Could not add user %s. "
526 "Error setting password %s\n"),
527 argv[0], ads_errstr(status));
528 ads_msgfree(ads, res);
529 status=ads_find_user_acct(ads, &res, argv[0]);
530 if (ADS_ERR_OK(status)) {
531 userdn = ads_get_dn(ads, talloc_tos(), res);
532 ads_del_dn(ads, userdn);
533 TALLOC_FREE(userdn);
534 }
535
536 done:
537 if (res)
538 ads_msgfree(ads, res);
539 ads_destroy(&ads);
540 SAFE_FREE(ou_str);
541 return rc;
542 }
543
544 static int ads_user_info(struct net_context *c, int argc, const char **argv)
545 {
546 ADS_STRUCT *ads = NULL;
547 ADS_STATUS rc;
548 LDAPMessage *res = NULL;
549 TALLOC_CTX *frame;
550 int ret = 0;
551 wbcErr wbc_status;
552 const char *attrs[] = {"memberOf", "primaryGroupID", NULL};
553 char *searchstring=NULL;
554 char **grouplist;
555 char *primary_group;
556 char *escaped_user;
557 struct dom_sid primary_group_sid;
558 uint32_t group_rid;
559 enum wbcSidType type;
560
561 if (argc < 1 || c->display_usage) {
562 return net_ads_user_usage(c, argc, argv);
563 }
564
565 frame = talloc_new(talloc_tos());
566 if (frame == NULL) {
567 return -1;
568 }
569
570 escaped_user = escape_ldap_string(frame, argv[0]);
571 if (!escaped_user) {
572 d_fprintf(stderr,
573 _("ads_user_info: failed to escape user %s\n"),
574 argv[0]);
575 return -1;
576 }
577
578 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
579 ret = -1;
580 goto error;
581 }
582
583 if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
584 ret =-1;
585 goto error;
586 }
587 rc = ads_search(ads, &res, searchstring, attrs);
588 SAFE_FREE(searchstring);
589
590 if (!ADS_ERR_OK(rc)) {
591 d_fprintf(stderr, _("ads_search: %s\n"), ads_errstr(rc));
592 ret = -1;
593 goto error;
594 }
595
596 if (!ads_pull_uint32(ads, res, "primaryGroupID", &group_rid)) {
597 d_fprintf(stderr, _("ads_pull_uint32 failed\n"));
598 ret = -1;
599 goto error;
600 }
601
602 rc = ads_domain_sid(ads, &primary_group_sid);
603 if (!ADS_ERR_OK(rc)) {
604 d_fprintf(stderr, _("ads_domain_sid: %s\n"), ads_errstr(rc));
605 ret = -1;
606 goto error;
607 }
608
609 sid_append_rid(&primary_group_sid, group_rid);
610
611 wbc_status = wbcLookupSid((struct wbcDomainSid *)&primary_group_sid,
612 NULL, /* don't look up domain */
613 &primary_group,
614 &type);
615 if (!WBC_ERROR_IS_OK(wbc_status)) {
616 d_fprintf(stderr, "wbcLookupSid: %s\n",
617 wbcErrorString(wbc_status));
618 ret = -1;
619 goto error;
620 }
621
622 d_printf("%s\n", primary_group);
623
624 wbcFreeMemory(primary_group);
625
626 grouplist = ldap_get_values((LDAP *)ads->ldap.ld,
627 (LDAPMessage *)res, "memberOf");
628
629 if (grouplist) {
630 int i;
631 char **groupname;
632 for (i=0;grouplist[i];i++) {
633 groupname = ldap_explode_dn(grouplist[i], 1);
634 d_printf("%s\n", groupname[0]);
635 ldap_value_free(groupname);
636 }
637 ldap_value_free(grouplist);
638 }
639
640 error:
641 if (res) ads_msgfree(ads, res);
642 if (ads) ads_destroy(&ads);
643 TALLOC_FREE(frame);
644 return ret;
645 }
646
647 static int ads_user_delete(struct net_context *c, int argc, const char **argv)
648 {
649 ADS_STRUCT *ads;
650 ADS_STATUS rc;
651 LDAPMessage *res = NULL;
652 char *userdn;
653
654 if (argc < 1) {
655 return net_ads_user_usage(c, argc, argv);
656 }
657
658 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
659 return -1;
660 }
661
662 rc = ads_find_user_acct(ads, &res, argv[0]);
663 if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) {
664 d_printf(_("User %s does not exist.\n"), argv[0]);
665 ads_msgfree(ads, res);
666 ads_destroy(&ads);
667 return -1;
668 }
669 userdn = ads_get_dn(ads, talloc_tos(), res);
670 ads_msgfree(ads, res);
671 rc = ads_del_dn(ads, userdn);
672 TALLOC_FREE(userdn);
673 if (ADS_ERR_OK(rc)) {
674 d_printf(_("User %s deleted\n"), argv[0]);
675 ads_destroy(&ads);
676 return 0;
677 }
678 d_fprintf(stderr, _("Error deleting user %s: %s\n"), argv[0],
679 ads_errstr(rc));
680 ads_destroy(&ads);
681 return -1;
682 }
683
684 int net_ads_user(struct net_context *c, int argc, const char **argv)
685 {
686 struct functable func[] = {
687 {
688 "add",
689 ads_user_add,
690 NET_TRANSPORT_ADS,
691 N_("Add an AD user"),
692 N_("net ads user add\n"
693 " Add an AD user")
694 },
695 {
696 "info",
697 ads_user_info,
698 NET_TRANSPORT_ADS,
699 N_("Display information about an AD user"),
700 N_("net ads user info\n"
701 " Display information about an AD user")
702 },
703 {
704 "delete",
705 ads_user_delete,
706 NET_TRANSPORT_ADS,
707 N_("Delete an AD user"),
708 N_("net ads user delete\n"
709 " Delete an AD user")
710 },
711 {NULL, NULL, 0, NULL, NULL}
712 };
713 ADS_STRUCT *ads;
714 ADS_STATUS rc;
715 const char *shortattrs[] = {"sAMAccountName", NULL};
716 const char *longattrs[] = {"sAMAccountName", "description", NULL};
717 char *disp_fields[2] = {NULL, NULL};
718
719 if (argc == 0) {
720 if (c->display_usage) {
721 d_printf( "%s\n"
722 "net ads user\n"
723 " %s\n",
724 _("Usage:"),
725 _("List AD users"));
726 net_display_usage_from_functable(func);
727 return 0;
728 }
729
730 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
731 return -1;
732 }
733
734 if (c->opt_long_list_entries)
735 d_printf(_("\nUser name Comment"
736 "\n-----------------------------\n"));
737
738 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
739 LDAP_SCOPE_SUBTREE,
740 "(objectCategory=user)",
741 c->opt_long_list_entries ? longattrs :
742 shortattrs, usergrp_display,
743 disp_fields);
744 ads_destroy(&ads);
745 return ADS_ERR_OK(rc) ? 0 : -1;
746 }
747
748 return net_run_function(c, argc, argv, "net ads user", func);
749 }
750
751 static int net_ads_group_usage(struct net_context *c, int argc, const char **argv)
752 {
753 return net_group_usage(c, argc, argv);
754 }
755
756 static int ads_group_add(struct net_context *c, int argc, const char **argv)
757 {
758 ADS_STRUCT *ads;
759 ADS_STATUS status;
760 LDAPMessage *res=NULL;
761 int rc = -1;
762 char *ou_str = NULL;
763
764 if (argc < 1 || c->display_usage) {
765 return net_ads_group_usage(c, argc, argv);
766 }
767
768 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
769 return -1;
770 }
771
772 status = ads_find_user_acct(ads, &res, argv[0]);
773
774 if (!ADS_ERR_OK(status)) {
775 d_fprintf(stderr, _("ads_group_add: %s\n"), ads_errstr(status));
776 goto done;
777 }
778
779 if (ads_count_replies(ads, res)) {
780 d_fprintf(stderr, _("ads_group_add: Group %s already exists\n"), argv[0]);
781 goto done;
782 }
783
784 if (c->opt_container) {
785 ou_str = SMB_STRDUP(c->opt_container);
786 } else {
787 ou_str = ads_default_ou_string(ads, DS_GUID_USERS_CONTAINER);
788 }
789
790 status = ads_add_group_acct(ads, argv[0], ou_str, c->opt_comment);
791
792 if (ADS_ERR_OK(status)) {
793 d_printf(_("Group %s added\n"), argv[0]);
794 rc = 0;
795 } else {
796 d_fprintf(stderr, _("Could not add group %s: %s\n"), argv[0],
797 ads_errstr(status));
798 }
799
800 done:
801 if (res)
802 ads_msgfree(ads, res);
803 ads_destroy(&ads);
804 SAFE_FREE(ou_str);
805 return rc;
806 }
807
808 static int ads_group_delete(struct net_context *c, int argc, const char **argv)
809 {
810 ADS_STRUCT *ads;
811 ADS_STATUS rc;
812 LDAPMessage *res = NULL;
813 char *groupdn;
814
815 if (argc < 1 || c->display_usage) {
816 return net_ads_group_usage(c, argc, argv);
817 }
818
819 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
820 return -1;
821 }
822
823 rc = ads_find_user_acct(ads, &res, argv[0]);
824 if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) {
825 d_printf(_("Group %s does not exist.\n"), argv[0]);
826 ads_msgfree(ads, res);
827 ads_destroy(&ads);
828 return -1;
829 }
830 groupdn = ads_get_dn(ads, talloc_tos(), res);
831 ads_msgfree(ads, res);
832 rc = ads_del_dn(ads, groupdn);
833 TALLOC_FREE(groupdn);
834 if (ADS_ERR_OK(rc)) {
835 d_printf(_("Group %s deleted\n"), argv[0]);
836 ads_destroy(&ads);
837 return 0;
838 }
839 d_fprintf(stderr, _("Error deleting group %s: %s\n"), argv[0],
840 ads_errstr(rc));
841 ads_destroy(&ads);
842 return -1;
843 }
844
845 int net_ads_group(struct net_context *c, int argc, const char **argv)
846 {
847 struct functable func[] = {
848 {
849 "add",
850 ads_group_add,
851 NET_TRANSPORT_ADS,
852 N_("Add an AD group"),
853 N_("net ads group add\n"
854 " Add an AD group")
855 },
856 {
857 "delete",
858 ads_group_delete,
859 NET_TRANSPORT_ADS,
860 N_("Delete an AD group"),
861 N_("net ads group delete\n"
862 " Delete an AD group")
863 },
864 {NULL, NULL, 0, NULL, NULL}
865 };
866 ADS_STRUCT *ads;
867 ADS_STATUS rc;
868 const char *shortattrs[] = {"sAMAccountName", NULL};
869 const char *longattrs[] = {"sAMAccountName", "description", NULL};
870 char *disp_fields[2] = {NULL, NULL};
871
872 if (argc == 0) {
873 if (c->display_usage) {
874 d_printf( "%s\n"
875 "net ads group\n"
876 " %s\n",
877 _("Usage:"),
878 _("List AD groups"));
879 net_display_usage_from_functable(func);
880 return 0;
881 }
882
883 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
884 return -1;
885 }
886
887 if (c->opt_long_list_entries)
888 d_printf(_("\nGroup name Comment"
889 "\n-----------------------------\n"));
890 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
891 LDAP_SCOPE_SUBTREE,
892 "(objectCategory=group)",
893 c->opt_long_list_entries ? longattrs :
894 shortattrs, usergrp_display,
895 disp_fields);
896
897 ads_destroy(&ads);
898 return ADS_ERR_OK(rc) ? 0 : -1;
899 }
900 return net_run_function(c, argc, argv, "net ads group", func);
901 }
902
903 static int net_ads_status(struct net_context *c, int argc, const char **argv)
904 {
905 ADS_STRUCT *ads;
906 ADS_STATUS rc;
907 LDAPMessage *res;
908
909 if (c->display_usage) {
910 d_printf( "%s\n"
911 "net ads status\n"
912 " %s\n",
913 _("Usage:"),
914 _("Display machine account details"));
915 return 0;
916 }
917
918 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
919 return -1;
920 }
921
922 rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
923 if (!ADS_ERR_OK(rc)) {
924 d_fprintf(stderr, _("ads_find_machine_acct: %s\n"), ads_errstr(rc));
925 ads_destroy(&ads);
926 return -1;
927 }
928
929 if (ads_count_replies(ads, res) == 0) {
930 d_fprintf(stderr, _("No machine account for '%s' found\n"), lp_netbios_name());
931 ads_destroy(&ads);
932 return -1;
933 }
934
935 ads_dump(ads, res);
936 ads_destroy(&ads);
937 return 0;
938 }
939
940 /*******************************************************************
941 Leave an AD domain. Windows XP disables the machine account.
942 We'll try the same. The old code would do an LDAP delete.
943 That only worked using the machine creds because added the machine
944 with full control to the computer object's ACL.
945 *******************************************************************/
946
947 static int net_ads_leave(struct net_context *c, int argc, const char **argv)
948 {
949 TALLOC_CTX *ctx;
950 struct libnet_UnjoinCtx *r = NULL;
951 WERROR werr;
952
953 if (c->display_usage) {
954 d_printf( "%s\n"
955 "net ads leave\n"
956 " %s\n",
957 _("Usage:"),
958 _("Leave an AD domain"));
959 return 0;
960 }
961
962 if (!*lp_realm()) {
963 d_fprintf(stderr, _("No realm set, are we joined ?\n"));
964 return -1;
965 }
966
967 if (!(ctx = talloc_init("net_ads_leave"))) {
968 d_fprintf(stderr, _("Could not initialise talloc context.\n"));
969 return -1;
970 }
971
972 if (!c->opt_kerberos) {
973 use_in_memory_ccache();
974 }
975
976 if (!c->msg_ctx) {
977 d_fprintf(stderr, _("Could not initialise message context. "
978 "Try running as root\n"));
979 return -1;
980 }
981
982 werr = libnet_init_UnjoinCtx(ctx, &r);
983 if (!W_ERROR_IS_OK(werr)) {
984 d_fprintf(stderr, _("Could not initialise unjoin context.\n"));
985 return -1;
986 }
987
988 r->in.debug = true;
989 r->in.use_kerberos = c->opt_kerberos;
990 r->in.dc_name = c->opt_host;
991 r->in.domain_name = lp_realm();
992 r->in.admin_account = c->opt_user_name;
993 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
994 r->in.modify_config = lp_config_backend_is_registry();
995
996 /* Try to delete it, but if that fails, disable it. The
997 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE really means "disable */
998 r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
999 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
1000 r->in.delete_machine_account = true;
1001 r->in.msg_ctx = c->msg_ctx;
1002
1003 werr = libnet_Unjoin(ctx, r);
1004 if (!W_ERROR_IS_OK(werr)) {
1005 d_printf(_("Failed to leave domain: %s\n"),
1006 r->out.error_string ? r->out.error_string :
1007 get_friendly_werror_msg(werr));
1008 goto done;
1009 }
1010
1011 if (r->out.deleted_machine_account) {
1012 d_printf(_("Deleted account for '%s' in realm '%s'\n"),
1013 r->in.machine_name, r->out.dns_domain_name);
1014 goto done;
1015 }
1016
1017 /* We couldn't delete it - see if the disable succeeded. */
1018 if (r->out.disabled_machine_account) {
1019 d_printf(_("Disabled account for '%s' in realm '%s'\n"),
1020 r->in.machine_name, r->out.dns_domain_name);
1021 werr = WERR_OK;
1022 goto done;
1023 }
1024
1025 /* Based on what we requested, we shouldn't get here, but if
1026 we did, it means the secrets were removed, and therefore
1027 we have left the domain */
1028 d_fprintf(stderr, _("Machine '%s' Left domain '%s'\n"),
1029 r->in.machine_name, r->out.dns_domain_name);
1030
1031 done:
1032 TALLOC_FREE(r);
1033 TALLOC_FREE(ctx);
1034
1035 if (W_ERROR_IS_OK(werr)) {
1036 return 0;
1037 }
1038
1039 return -1;
1040 }
1041
1042 static NTSTATUS net_ads_join_ok(struct net_context *c)
1043 {
1044 ADS_STRUCT *ads = NULL;
1045 ADS_STATUS status;
1046 fstring dc_name;
1047 struct sockaddr_storage dcip;
1048
1049 if (!secrets_init()) {
1050 DEBUG(1,("Failed to initialise secrets database\n"));
1051 return NT_STATUS_ACCESS_DENIED;
1052 }
1053
1054 net_use_krb_machine_account(c);
1055
1056 get_dc_name(lp_workgroup(), lp_realm(), dc_name, &dcip);
1057
1058 status = ads_startup(c, true, &ads);
1059 if (!ADS_ERR_OK(status)) {
1060 return ads_ntstatus(status);
1061 }
1062
1063 ads_destroy(&ads);
1064 return NT_STATUS_OK;
1065 }
1066
1067 /*
1068 check that an existing join is OK
1069 */
1070 int net_ads_testjoin(struct net_context *c, int argc, const char **argv)
1071 {
1072 NTSTATUS status;
1073 use_in_memory_ccache();
1074
1075 if (c->display_usage) {
1076 d_printf( "%s\n"
1077 "net ads testjoin\n"
1078 " %s\n",
1079 _("Usage:"),
1080 _("Test if the existing join is ok"));
1081 return 0;
1082 }
1083
1084 /* Display success or failure */
1085 status = net_ads_join_ok(c);
1086 if (!NT_STATUS_IS_OK(status)) {
1087 fprintf(stderr, _("Join to domain is not valid: %s\n"),
1088 get_friendly_nt_error_msg(status));
1089 return -1;
1090 }
1091
1092 printf(_("Join is OK\n"));
1093 return 0;
1094 }
1095
1096 /*******************************************************************
1097 Simple configu checks before beginning the join
1098 ********************************************************************/
1099
1100 static WERROR check_ads_config( void )
1101 {
1102 if (lp_server_role() != ROLE_DOMAIN_MEMBER ) {
1103 d_printf(_("Host is not configured as a member server.\n"));
1104 return WERR_INVALID_DOMAIN_ROLE;
1105 }
1106
1107 if (strlen(lp_netbios_name()) > 15) {
1108 d_printf(_("Our netbios name can be at most 15 chars long, "
1109 "\"%s\" is %u chars long\n"), lp_netbios_name(),
1110 (unsigned int)strlen(lp_netbios_name()));
1111 return WERR_INVALID_COMPUTERNAME;
1112 }
1113
1114 if ( lp_security() == SEC_ADS && !*lp_realm()) {
1115 d_fprintf(stderr, _("realm must be set in in %s for ADS "
1116 "join to succeed.\n"), get_dyn_CONFIGFILE());
1117 return WERR_INVALID_PARAM;
1118 }
1119
1120 return WERR_OK;
1121 }
1122
1123 /*******************************************************************
1124 Send a DNS update request
1125 *******************************************************************/
1126
1127 #if defined(WITH_DNS_UPDATES)
1128 #include "../lib/addns/dns.h"
1129 DNS_ERROR DoDNSUpdate(char *pszServerName,
1130 const char *pszDomainName, const char *pszHostName,
1131 const struct sockaddr_storage *sslist,
1132 size_t num_addrs );
1133
1134 static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads,
1135 const char *machine_name,
1136 const struct sockaddr_storage *addrs,
1137 int num_addrs)
1138 {
1139 struct dns_rr_ns *nameservers = NULL;
1140 int ns_count = 0, i;
1141 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1142 DNS_ERROR dns_err;
1143 fstring dns_server;
1144 const char *dns_hosts_file;
1145 const char *dnsdomain = NULL;
1146 char *root_domain = NULL;
1147
1148 if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) {
1149 d_printf(_("No DNS domain configured for %s. "
1150 "Unable to perform DNS Update.\n"), machine_name);
1151 status = NT_STATUS_INVALID_PARAMETER;
1152 goto done;
1153 }
1154 dnsdomain++;
1155
1156 dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
1157 status = ads_dns_lookup_ns(ctx, dns_hosts_file,
1158 dnsdomain, &nameservers, &ns_count);
1159 if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
1160 /* Child domains often do not have NS records. Look
1161 for the NS record for the forest root domain
1162 (rootDomainNamingContext in therootDSE) */
1163
1164 const char *rootname_attrs[] = { "rootDomainNamingContext", NULL };
1165 LDAPMessage *msg = NULL;
1166 char *root_dn;
1167 ADS_STATUS ads_status;
1168
1169 if ( !ads->ldap.ld ) {
1170 ads_status = ads_connect( ads );
1171 if ( !ADS_ERR_OK(ads_status) ) {
1172 DEBUG(0,("net_update_dns_internal: Failed to connect to our DC!\n"));
1173 goto done;
1174 }
1175 }
1176
1177 ads_status = ads_do_search(ads, "", LDAP_SCOPE_BASE,
1178 "(objectclass=*)", rootname_attrs, &msg);
1179 if (!ADS_ERR_OK(ads_status)) {
1180 goto done;
1181 }
1182
1183 root_dn = ads_pull_string(ads, ctx, msg, "rootDomainNamingContext");
1184 if ( !root_dn ) {
1185 ads_msgfree( ads, msg );
1186 goto done;
1187 }
1188
1189 root_domain = ads_build_domain( root_dn );
1190
1191 /* cleanup */
1192 ads_msgfree( ads, msg );
1193
1194 /* try again for NS servers */
1195
1196 status = ads_dns_lookup_ns(ctx, dns_hosts_file, root_domain,
1197 &nameservers, &ns_count);
1198
1199 if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
1200 DEBUG(3,("net_ads_join: Failed to find name server for the %s "
1201 "realm\n", ads->config.realm));
1202 goto done;
1203 }
1204
1205 dnsdomain = root_domain;
1206
1207 }
1208
1209 for (i=0; i < ns_count; i++) {
1210
1211 status = NT_STATUS_UNSUCCESSFUL;
1212
1213 /* Now perform the dns update - we'll try non-secure and if we fail,
1214 we'll follow it up with a secure update */
1215
1216 fstrcpy( dns_server, nameservers[i].hostname );
1217
1218 dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs);
1219 if (ERR_DNS_IS_OK(dns_err)) {
1220 status = NT_STATUS_OK;
1221 goto done;
1222 }
1223
1224 if (ERR_DNS_EQUAL(dns_err, ERROR_DNS_INVALID_NAME_SERVER) ||
1225 ERR_DNS_EQUAL(dns_err, ERROR_DNS_CONNECTION_FAILED) ||
1226 ERR_DNS_EQUAL(dns_err, ERROR_DNS_SOCKET_ERROR)) {
1227 DEBUG(1,("retrying DNS update with next nameserver after receiving %s\n",
1228 dns_errstr(dns_err)));
1229 continue;
1230 }
1231
1232 d_printf(_("DNS Update for %s failed: %s\n"),
1233 machine_name, dns_errstr(dns_err));
1234 status = NT_STATUS_UNSUCCESSFUL;
1235 goto done;
1236 }
1237
1238 done:
1239
1240 SAFE_FREE( root_domain );
1241
1242 return status;
1243 }
1244
1245 static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
1246 const char *hostname,
1247 struct sockaddr_storage *iplist,
1248 int num_addrs)
1249 {
1250 struct sockaddr_storage *iplist_alloc = NULL;
1251 fstring machine_name;
1252 NTSTATUS status;
1253
1254 if (hostname) {
1255 fstrcpy(machine_name, hostname);
1256 } else {
1257 name_to_fqdn( machine_name, lp_netbios_name() );
1258 }
1259 if (!strlower_m( machine_name )) {
1260 return NT_STATUS_INVALID_PARAMETER;
1261 }
1262
1263 if (num_addrs == 0 || iplist == NULL) {
1264 /*
1265 * Get our ip address
1266 * (not the 127.0.0.x address but a real ip address)
1267 */
1268 num_addrs = get_my_ip_address(&iplist_alloc);
1269 if ( num_addrs <= 0 ) {
1270 DEBUG(4, ("net_update_dns_ext: Failed to find my "
1271 "non-loopback IP addresses!\n"));
1272 return NT_STATUS_INVALID_PARAMETER;
1273 }
1274 iplist = iplist_alloc;
1275 }
1276
1277 status = net_update_dns_internal(mem_ctx, ads, machine_name,
1278 iplist, num_addrs);
1279
1280 SAFE_FREE(iplist_alloc);
1281 return status;
1282 }
1283
1284 static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
1285 {
1286 NTSTATUS status;
1287
1288 status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0);
1289 return status;
1290 }
1291 #endif
1292
1293
1294 /*******************************************************************
1295 ********************************************************************/
1296
1297 static int net_ads_join_usage(struct net_context *c, int argc, const char **argv)
1298 {
1299 d_printf(_("net ads join [options]\n"
1300 "Valid options:\n"));
1301 d_printf(_(" createupn[=UPN] Set the userPrincipalName attribute during the join.\n"
1302 " The deault UPN is in the form host/netbiosname@REALM.\n"));
1303 d_printf(_(" createcomputer=OU Precreate the computer account in a specific OU.\n"
1304 " The OU string read from top to bottom without RDNs and delimited by a '/'.\n"
1305 " E.g. \"createcomputer=Computers/Servers/Unix\"\n"
1306 " NB: A backslash '\\' is used as escape at multiple levels and may\n"
1307 " need to be doubled or even quadrupled. It is not used as a separator.\n"));
1308 d_printf(_(" osName=string Set the operatingSystem attribute during the join.\n"));
1309 d_printf(_(" osVer=string Set the operatingSystemVersion attribute during the join.\n"
1310 " NB: osName and osVer must be specified together for either to take effect.\n"
1311 " Also, the operatingSystemService attribute is also set when along with\n"
1312 " the two other attributes.\n"));
1313
1314 return -1;
1315 }
1316
1317
1318 static void _net_ads_join_dns_updates(TALLOC_CTX *ctx, struct libnet_JoinCtx *r)
1319 {
1320 #if defined(WITH_DNS_UPDATES)
1321 ADS_STRUCT *ads_dns = NULL;
1322 int ret;
1323 NTSTATUS status;
1324
1325 /*
1326 * In a clustered environment, don't do dynamic dns updates:
1327 * Registering the set of ip addresses that are assigned to
1328 * the interfaces of the node that performs the join does usually
1329 * not have the desired effect, since the local interfaces do not
1330 * carry the complete set of the cluster's public IP addresses.
1331 * And it can also contain internal addresses that should not
1332 * be visible to the outside at all.
1333 * In order to do dns updates in a clustererd setup, use
1334 * net ads dns register.
1335 */
1336 if (lp_clustering()) {
1337 d_fprintf(stderr, _("Not doing automatic DNS update in a "
1338 "clustered setup.\n"));
1339 return;
1340 }
1341
1342 if (!r->out.domain_is_ad) {
1343 return;
1344 }
1345
1346 /*
1347 * We enter this block with user creds.
1348 * kinit with the machine password to do dns update.
1349 */
1350
1351 ads_dns = ads_init(lp_realm(), NULL, r->in.dc_name);
1352
1353 if (ads_dns == NULL) {
1354 d_fprintf(stderr, _("DNS update failed: out of memory!\n"));
1355 goto done;
1356 }
1357
1358 use_in_memory_ccache();
1359
1360 ret = asprintf(&ads_dns->auth.user_name, "%s$", lp_netbios_name());
1361 if (ret == -1) {
1362 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1363 goto done;
1364 }
1365
1366 ads_dns->auth.password = secrets_fetch_machine_password(
1367 r->out.netbios_domain_name, NULL, NULL);
1368 if (ads_dns->auth.password == NULL) {
1369 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1370 goto done;
1371 }
1372
1373 ads_dns->auth.realm = SMB_STRDUP(r->out.dns_domain_name);
1374 if (ads_dns->auth.realm == NULL) {
1375 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1376 goto done;
1377 }
1378
1379 if (!strupper_m(ads_dns->auth.realm)) {
1380 d_fprintf(stderr, _("strupper_m %s failed\n"), ads_dns->auth.realm);
1381 goto done;
1382 }
1383
1384 ret = ads_kinit_password(ads_dns);
1385 if (ret != 0) {
1386 d_fprintf(stderr,
1387 _("DNS update failed: kinit failed: %s\n"),
1388 error_message(ret));
1389 goto done;
1390 }
1391
1392 status = net_update_dns(ctx, ads_dns, NULL);
1393 if (!NT_STATUS_IS_OK(status)) {
1394 d_fprintf( stderr, _("DNS update failed: %s\n"),
1395 nt_errstr(status));
1396 }
1397
1398 done:
1399 ads_destroy(&ads_dns);
1400 #endif
1401
1402 return;
1403 }
1404
1405
1406 int net_ads_join(struct net_context *c, int argc, const char **argv)
1407 {
1408 TALLOC_CTX *ctx = NULL;
1409 struct libnet_JoinCtx *r = NULL;
1410 const char *domain = lp_realm();
1411 WERROR werr = WERR_SETUP_NOT_JOINED;
1412 bool createupn = false;
1413 const char *machineupn = NULL;
1414 const char *create_in_ou = NULL;
1415 int i;
1416 const char *os_name = NULL;
1417 const char *os_version = NULL;
1418 bool modify_config = lp_config_backend_is_registry();
1419
1420 if (c->display_usage)
1421 return net_ads_join_usage(c, argc, argv);
1422
1423 if (!modify_config) {
1424
1425 werr = check_ads_config();
1426 if (!W_ERROR_IS_OK(werr)) {
1427 d_fprintf(stderr, _("Invalid configuration. Exiting....\n"));
1428 goto fail;
1429 }
1430 }
1431
1432 if (!(ctx = talloc_init("net_ads_join"))) {
1433 d_fprintf(stderr, _("Could not initialise talloc context.\n"));
1434 werr = WERR_NOMEM;
1435 goto fail;
1436 }
1437
1438 if (!c->opt_kerberos) {
1439 use_in_memory_ccache();
1440 }
1441
1442 werr = libnet_init_JoinCtx(ctx, &r);
1443 if (!W_ERROR_IS_OK(werr)) {
1444 goto fail;
1445 }
1446
1447 /* process additional command line args */
1448
1449 for ( i=0; i<argc; i++ ) {
1450 if ( !strncasecmp_m(argv[i], "createupn", strlen("createupn")) ) {
1451 createupn = true;
1452 machineupn = get_string_param(argv[i]);
1453 }
1454 else if ( !strncasecmp_m(argv[i], "createcomputer", strlen("createcomputer")) ) {
1455 if ( (create_in_ou = get_string_param(argv[i])) == NULL ) {
1456 d_fprintf(stderr, _("Please supply a valid OU path.\n"));
1457 werr = WERR_INVALID_PARAM;
1458 goto fail;
1459 }
1460 }
1461 else if ( !strncasecmp_m(argv[i], "osName", strlen("osName")) ) {
1462 if ( (os_name = get_string_param(argv[i])) == NULL ) {
1463 d_fprintf(stderr, _("Please supply a operating system name.\n"));
1464 werr = WERR_INVALID_PARAM;
1465 goto fail;
1466 }
1467 }
1468 else if ( !strncasecmp_m(argv[i], "osVer", strlen("osVer")) ) {
1469 if ( (os_version = get_string_param(argv[i])) == NULL ) {
1470 d_fprintf(stderr, _("Please supply a valid operating system version.\n"));
1471 werr = WERR_INVALID_PARAM;
1472 goto fail;
1473 }
1474 }
1475 else {
1476 domain = argv[i];
1477 }
1478 }
1479
1480 if (!*domain) {
1481 d_fprintf(stderr, _("Please supply a valid domain name\n"));
1482 werr = WERR_INVALID_PARAM;
1483 goto fail;
1484 }
1485
1486 if (!c->msg_ctx) {
1487 d_fprintf(stderr, _("Could not initialise message context. "
1488 "Try running as root\n"));
1489 werr = WERR_ACCESS_DENIED;
1490 goto fail;
1491 }
1492
1493 /* Do the domain join here */
1494
1495 r->in.domain_name = domain;
1496 r->in.create_upn = createupn;
1497 r->in.upn = machineupn;
1498 r->in.account_ou = create_in_ou;
1499 r->in.os_name = os_name;
1500 r->in.os_version = os_version;
1501 r->in.dc_name = c->opt_host;
1502 r->in.admin_account = c->opt_user_name;
1503 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
1504 r->in.debug = true;
1505 r->in.use_kerberos = c->opt_kerberos;
1506 r->in.modify_config = modify_config;
1507 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
1508 WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
1509 WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
1510 r->in.msg_ctx = c->msg_ctx;
1511
1512 werr = libnet_Join(ctx, r);
1513 if (W_ERROR_EQUAL(werr, WERR_DCNOTFOUND) &&
1514 strequal(domain, lp_realm())) {
1515 r->in.domain_name = lp_workgroup();
1516 werr = libnet_Join(ctx, r);
1517 }
1518 if (!W_ERROR_IS_OK(werr)) {
1519 goto fail;
1520 }
1521
1522 /* Check the short name of the domain */
1523
1524 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
1525 d_printf(_("The workgroup in %s does not match the short\n"
1526 "domain name obtained from the server.\n"
1527 "Using the name [%s] from the server.\n"
1528 "You should set \"workgroup = %s\" in %s.\n"),
1529 get_dyn_CONFIGFILE(), r->out.netbios_domain_name,
1530 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
1531 }
1532
1533 d_printf(_("Using short domain name -- %s\n"), r->out.netbios_domain_name);
1534
1535 if (r->out.dns_domain_name) {
1536 d_printf(_("Joined '%s' to realm '%s'\n"), r->in.machine_name,
1537 r->out.dns_domain_name);
1538 } else {
1539 d_printf(_("Joined '%s' to domain '%s'\n"), r->in.machine_name,
1540 r->out.netbios_domain_name);
1541 }
1542
1543 /*
1544 * We try doing the dns update (if it was compiled in).
1545 * If the dns update fails, we still consider the join
1546 * operation as succeeded if we came this far.
1547 */
1548 _net_ads_join_dns_updates(ctx, r);
1549
1550 TALLOC_FREE(r);
1551 TALLOC_FREE( ctx );
1552
1553 return 0;
1554
1555 fail:
1556 /* issue an overall failure message at the end. */
1557 d_printf(_("Failed to join domain: %s\n"),
1558 r && r->out.error_string ? r->out.error_string :
1559 get_friendly_werror_msg(werr));
1560 TALLOC_FREE( ctx );
1561
1562 return -1;
1563 }
1564
1565 /*******************************************************************
1566 ********************************************************************/
1567
1568 static int net_ads_dns_register(struct net_context *c, int argc, const char **argv)
1569 {
1570 #if defined(WITH_DNS_UPDATES)
1571 ADS_STRUCT *ads;
1572 ADS_STATUS status;
1573 NTSTATUS ntstatus;
1574 TALLOC_CTX *ctx;
1575 const char *hostname = NULL;
1576 const char **addrs_list = NULL;
1577 struct sockaddr_storage *addrs = NULL;
1578 int num_addrs = 0;
1579 int count;
1580
1581 #ifdef DEVELOPER
1582 talloc_enable_leak_report();
1583 #endif
1584
1585 if (argc <= 1 && lp_clustering() && lp_cluster_addresses() == NULL) {
1586 d_fprintf(stderr, _("Refusing DNS updates with automatic "
1587 "detection of addresses in a clustered "
1588 "setup.\n"));
1589 c->display_usage = true;
1590 }
1591
1592 if (c->display_usage) {
1593 d_printf( "%s\n"
1594 "net ads dns register [hostname [IP [IP...]]]\n"
1595 " %s\n",
1596 _("Usage:"),
1597 _("Register hostname with DNS\n"));
1598 return -1;
1599 }
1600
1601 if (!(ctx = talloc_init("net_ads_dns"))) {
1602 d_fprintf(stderr, _("Could not initialise talloc context\n"));
1603 return -1;
1604 }
1605
1606 if (argc >= 1) {
1607 hostname = argv[0];
1608 }
1609
1610 if (argc > 1) {
1611 num_addrs = argc - 1;
1612 addrs_list = &argv[1];
1613 } else if (lp_clustering()) {
1614 addrs_list = lp_cluster_addresses();
1615 num_addrs = str_list_length(addrs_list);
1616 }
1617
1618 if (num_addrs > 0) {
1619 addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs);
1620 if (addrs == NULL) {
1621 d_fprintf(stderr, _("Error allocating memory!\n"));
1622 talloc_free(ctx);
1623 return -1;
1624 }
1625 }
1626
1627 for (count = 0; count < num_addrs; count++) {
1628 if (!interpret_string_addr(&addrs[count], addrs_list[count], 0)) {
1629 d_fprintf(stderr, "%s '%s'.\n",
1630 _("Cannot interpret address"),
1631 addrs_list[count]);
1632 talloc_free(ctx);
1633 return -1;
1634 }
1635 }
1636
1637 status = ads_startup(c, true, &ads);
1638 if ( !ADS_ERR_OK(status) ) {
1639 DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
1640 TALLOC_FREE(ctx);
1641 return -1;
1642 }
1643
1644 ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs);
1645 if (!NT_STATUS_IS_OK(ntstatus)) {
1646 d_fprintf( stderr, _("DNS update failed!\n") );
1647 ads_destroy( &ads );
1648 TALLOC_FREE( ctx );
1649 return -1;
1650 }
1651
1652 d_fprintf( stderr, _("Successfully registered hostname with DNS\n") );
1653
1654 ads_destroy(&ads);
1655 TALLOC_FREE( ctx );
1656
1657 return 0;
1658 #else
1659 d_fprintf(stderr,
1660 _("DNS update support not enabled at compile time!\n"));
1661 return -1;
1662 #endif
1663 }
1664
1665 #if defined(WITH_DNS_UPDATES)
1666 DNS_ERROR do_gethostbyname(const char *server, const char *host);
1667 #endif
1668
1669 static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv)
1670 {
1671 #if defined(WITH_DNS_UPDATES)
1672 DNS_ERROR err;
1673
1674 #ifdef DEVELOPER
1675 talloc_enable_leak_report();
1676 #endif
1677
1678 if (argc != 2 || c->display_usage) {
1679 d_printf( "%s\n"
1680 " %s\n"
1681 " %s\n",
1682 _("Usage:"),
1683 _("net ads dns gethostbyname <server> <name>\n"),
1684 _(" Look up hostname from the AD\n"
1685 " server\tName server to use\n"
1686 " name\tName to look up\n"));
1687 return -1;
1688 }
1689
1690 err = do_gethostbyname(argv[0], argv[1]);
1691
1692 d_printf(_("do_gethostbyname returned %s (%d)\n"),
1693 dns_errstr(err), ERROR_DNS_V(err));
1694 #endif
1695 return 0;
1696 }
1697
1698 static int net_ads_dns(struct net_context *c, int argc, const char *argv[])
1699 {
1700 struct functable func[] = {
1701 {
1702 "register",
1703 net_ads_dns_register,
1704 NET_TRANSPORT_ADS,
1705 N_("Add host dns entry to AD"),
1706 N_("net ads dns register\n"
1707 " Add host dns entry to AD")
1708 },
1709 {
1710 "gethostbyname",
1711 net_ads_dns_gethostbyname,
1712 NET_TRANSPORT_ADS,
1713 N_("Look up host"),
1714 N_("net ads dns gethostbyname\n"
1715 " Look up host")
1716 },
1717 {NULL, NULL, 0, NULL, NULL}
1718 };
1719
1720 return net_run_function(c, argc, argv, "net ads dns", func);
1721 }
1722
1723 /*******************************************************************
1724 ********************************************************************/
1725
1726 int net_ads_printer_usage(struct net_context *c, int argc, const char **argv)
1727 {
1728 d_printf(_(
1729 "\nnet ads printer search <printer>"
1730 "\n\tsearch for a printer in the directory\n"
1731 "\nnet ads printer info <printer> <server>"
1732 "\n\tlookup info in directory for printer on server"
1733 "\n\t(note: printer defaults to \"*\", server defaults to local)\n"
1734 "\nnet ads printer publish <printername>"
1735 "\n\tpublish printer in directory"
1736 "\n\t(note: printer name is required)\n"
1737 "\nnet ads printer remove <printername>"
1738 "\n\tremove printer from directory"
1739 "\n\t(note: printer name is required)\n"));
1740 return -1;
1741 }
1742
1743 /*******************************************************************
1744 ********************************************************************/
1745
1746 static int net_ads_printer_search(struct net_context *c, int argc, const char **argv)
1747 {
1748 ADS_STRUCT *ads;
1749 ADS_STATUS rc;
1750 LDAPMessage *res = NULL;
1751
1752 if (c->display_usage) {
1753 d_printf( "%s\n"
1754 "net ads printer search\n"
1755 " %s\n",
1756 _("Usage:"),
1757 _("List printers in the AD"));
1758 return 0;
1759 }
1760
1761 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
1762 return -1;
1763 }
1764
1765 rc = ads_find_printers(ads, &res);
1766
1767 if (!ADS_ERR_OK(rc)) {
1768 d_fprintf(stderr, _("ads_find_printer: %s\n"), ads_errstr(rc));
1769 ads_msgfree(ads, res);
1770 ads_destroy(&ads);
1771 return -1;
1772 }
1773
1774 if (ads_count_replies(ads, res) == 0) {
1775 d_fprintf(stderr, _("No results found\n"));
1776 ads_msgfree(ads, res);
1777 ads_destroy(&ads);
1778 return -1;
1779 }
1780
1781 ads_dump(ads, res);
1782 ads_msgfree(ads, res);
1783 ads_destroy(&ads);
1784 return 0;
1785 }
1786
1787 static int net_ads_printer_info(struct net_context *c, int argc, const char **argv)
1788 {
1789 ADS_STRUCT *ads;
1790 ADS_STATUS rc;
1791 const char *servername, *printername;
1792 LDAPMessage *res = NULL;
1793
1794 if (c->display_usage) {
1795 d_printf("%s\n%s",
1796 _("Usage:"),
1797 _("net ads printer info [printername [servername]]\n"
1798 " Display printer info from AD\n"
1799 " printername\tPrinter name or wildcard\n"
1800 " servername\tName of the print server\n"));
1801 return 0;
1802 }
1803
1804 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
1805 return -1;
1806 }
1807
1808 if (argc > 0) {
1809 printername = argv[0];
1810 } else {
1811 printername = "*";
1812 }
1813
1814 if (argc > 1) {
1815 servername = argv[1];
1816 } else {
1817 servername = lp_netbios_name();
1818 }
1819
1820 rc = ads_find_printer_on_server(ads, &res, printername, servername);
1821
1822 if (!ADS_ERR_OK(rc)) {
1823 d_fprintf(stderr, _("Server '%s' not found: %s\n"),
1824 servername, ads_errstr(rc));
1825 ads_msgfree(ads, res);
1826 ads_destroy(&ads);
1827 return -1;
1828 }
1829
1830 if (ads_count_replies(ads, res) == 0) {
1831 d_fprintf(stderr, _("Printer '%s' not found\n"), printername);
1832 ads_msgfree(ads, res);
1833 ads_destroy(&ads);
1834 return -1;
1835 }
1836
1837 ads_dump(ads, res);
1838 ads_msgfree(ads, res);
1839 ads_destroy(&ads);
1840
1841 return 0;
1842 }
1843
1844 static int net_ads_printer_publish(struct net_context *c, int argc, const char **argv)
1845 {
1846 ADS_STRUCT *ads;
1847 ADS_STATUS rc;
1848 const char *servername, *printername;
1849 struct cli_state *cli = NULL;
1850 struct rpc_pipe_client *pipe_hnd = NULL;
1851 struct sockaddr_storage server_ss;
1852 NTSTATUS nt_status;
1853 TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish");
1854 ADS_MODLIST mods = ads_init_mods(mem_ctx);
1855 char *prt_dn, *srv_dn, **srv_cn;
1856 char *srv_cn_escaped = NULL, *printername_escaped = NULL;
1857 LDAPMessage *res = NULL;
1858
1859 if (argc < 1 || c->display_usage) {
1860 d_printf("%s\n%s",
1861 _("Usage:"),
1862 _("net ads printer publish <printername> [servername]\n"
1863 " Publish printer in AD\n"
1864 " printername\tName of the printer\n"
1865 " servername\tName of the print server\n"));
1866 talloc_destroy(mem_ctx);
1867 return -1;
1868 }
1869
1870 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
1871 talloc_destroy(mem_ctx);
1872 return -1;
1873 }
1874
1875 printername = argv[0];
1876
1877 if (argc == 2) {
1878 servername = argv[1];
1879 } else {
1880 servername = lp_netbios_name();
1881 }
1882
1883 /* Get printer data from SPOOLSS */
1884
1885 resolve_name(servername, &server_ss, 0x20, false);
1886
1887 nt_status = cli_full_connection(&cli, lp_netbios_name(), servername,
1888 &server_ss, 0,
1889 "IPC$", "IPC",
1890 c->opt_user_name, c->opt_workgroup,
1891 c->opt_password ? c->opt_password : "",
1892 CLI_FULL_CONNECTION_USE_KERBEROS,
1893 SMB_SIGNING_DEFAULT);
1894
1895 if (NT_STATUS_IS_ERR(nt_status)) {
1896 d_fprintf(stderr, _("Unable to open a connection to %s to "
1897 "obtain data for %s\n"),
1898 servername, printername);
1899 ads_destroy(&ads);
1900 talloc_destroy(mem_ctx);
1901 return -1;
1902 }
1903
1904 /* Publish on AD server */
1905
1906 ads_find_machine_acct(ads, &res, servername);
1907
1908 if (ads_count_replies(ads, res) == 0) {
1909 d_fprintf(stderr, _("Could not find machine account for server "
1910 "%s\n"),
1911 servername);
1912 ads_destroy(&ads);
1913 talloc_destroy(mem_ctx);
1914 return -1;
1915 }
1916
1917 srv_dn = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
1918 srv_cn = ldap_explode_dn(srv_dn, 1);
1919
1920 srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn[0]);
1921 printername_escaped = escape_rdn_val_string_alloc(printername);
1922 if (!srv_cn_escaped || !printername_escaped) {
1923 SAFE_FREE(srv_cn_escaped);
1924 SAFE_FREE(printername_escaped);
1925 d_fprintf(stderr, _("Internal error, out of memory!"));
1926 ads_destroy(&ads);
1927 talloc_destroy(mem_ctx);
1928 return -1;
1929 }
1930
1931 if (asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn) == -1) {
1932 SAFE_FREE(srv_cn_escaped);
1933 SAFE_FREE(printername_escaped);
1934 d_fprintf(stderr, _("Internal error, out of memory!"));
1935 ads_destroy(&ads);
1936 talloc_destroy(mem_ctx);
1937 return -1;
1938 }
1939
1940 SAFE_FREE(srv_cn_escaped);
1941 SAFE_FREE(printername_escaped);
1942
1943 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss.syntax_id, &pipe_hnd);
1944 if (!NT_STATUS_IS_OK(nt_status)) {
1945 d_fprintf(stderr, _("Unable to open a connection to the spoolss pipe on %s\n"),
1946 servername);
1947 SAFE_FREE(prt_dn);
1948 ads_destroy(&ads);
1949 talloc_destroy(mem_ctx);
1950 return -1;
1951 }
1952
1953 if (!W_ERROR_IS_OK(get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods,
1954 printername))) {
1955 SAFE_FREE(prt_dn);
1956 ads_destroy(&ads);
1957 talloc_destroy(mem_ctx);
1958 return -1;
1959 }
1960
1961 rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods);
1962 if (!ADS_ERR_OK(rc)) {
1963 d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc));
1964 SAFE_FREE(prt_dn);
1965 ads_destroy(&ads);
1966 talloc_destroy(mem_ctx);
1967 return -1;
1968 }
1969
1970 d_printf("published printer\n");
1971 SAFE_FREE(prt_dn);
1972 ads_destroy(&ads);
1973 talloc_destroy(mem_ctx);
1974
1975 return 0;
1976 }
1977
1978 static int net_ads_printer_remove(struct net_context *c, int argc, const char **argv)
1979 {
1980 ADS_STRUCT *ads;
1981 ADS_STATUS rc;
1982 const char *servername;
1983 char *prt_dn;
1984 LDAPMessage *res = NULL;
1985
1986 if (argc < 1 || c->display_usage) {
1987 d_printf("%s\n%s",
1988 _("Usage:"),
1989 _("net ads printer remove <printername> [servername]\n"
1990 " Remove a printer from the AD\n"
1991 " printername\tName of the printer\n"
1992 " servername\tName of the print server\n"));
1993 return -1;
1994 }
1995
1996 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
1997 return -1;
1998 }
1999
2000 if (argc > 1) {
2001 servername = argv[1];
2002 } else {
2003 servername = lp_netbios_name();
2004 }
2005
2006 rc = ads_find_printer_on_server(ads, &res, argv[0], servername);
2007
2008 if (!ADS_ERR_OK(rc)) {
2009 d_fprintf(stderr, _("ads_find_printer_on_server: %s\n"), ads_errstr(rc));
2010 ads_msgfree(ads, res);
2011 ads_destroy(&ads);
2012 return -1;
2013 }
2014
2015 if (ads_count_replies(ads, res) == 0) {
2016 d_fprintf(stderr, _("Printer '%s' not found\n"), argv[1]);
2017 ads_msgfree(ads, res);
2018 ads_destroy(&ads);
2019 return -1;
2020 }
2021
2022 prt_dn = ads_get_dn(ads, talloc_tos(), res);
2023 ads_msgfree(ads, res);
2024 rc = ads_del_dn(ads, prt_dn);
2025 TALLOC_FREE(prt_dn);
2026
2027 if (!ADS_ERR_OK(rc)) {
2028 d_fprintf(stderr, _("ads_del_dn: %s\n"), ads_errstr(rc));
2029 ads_destroy(&ads);
2030 return -1;
2031 }
2032
2033 ads_destroy(&ads);
2034 return 0;
2035 }
2036
2037 static int net_ads_printer(struct net_context *c, int argc, const char **argv)
2038 {
2039 struct functable func[] = {
2040 {
2041 "search",
2042 net_ads_printer_search,
2043 NET_TRANSPORT_ADS,
2044 N_("Search for a printer"),
2045 N_("net ads printer search\n"
2046 " Search for a printer")
2047 },
2048 {
2049 "info",
2050 net_ads_printer_info,
2051 NET_TRANSPORT_ADS,
2052 N_("Display printer information"),
2053 N_("net ads printer info\n"
2054 " Display printer information")
2055 },
2056 {
2057 "publish",
2058 net_ads_printer_publish,
2059 NET_TRANSPORT_ADS,
2060 N_("Publish a printer"),
2061 N_("net ads printer publish\n"
2062 " Publish a printer")
2063 },
2064 {
2065 "remove",
2066 net_ads_printer_remove,
2067 NET_TRANSPORT_ADS,
2068 N_("Delete a printer"),
2069 N_("net ads printer remove\n"
2070 " Delete a printer")
2071 },
2072 {NULL, NULL, 0, NULL, NULL}
2073 };
2074
2075 return net_run_function(c, argc, argv, "net ads printer", func);
2076 }
2077
2078
2079 static int net_ads_password(struct net_context *c, int argc, const char **argv)
2080 {
2081 ADS_STRUCT *ads;
2082 const char *auth_principal = c->opt_user_name;
2083 const char *auth_password = c->opt_password;
2084 const char *realm = NULL;
2085 const char *new_password = NULL;
2086 char *chr, *prompt;
2087 const char *user;
2088 ADS_STATUS ret;
2089
2090 if (c->display_usage) {
2091 d_printf("%s\n%s",
2092 _("Usage:"),
2093 _("net ads password <username>\n"
2094 " Change password for user\n"
2095 " username\tName of user to change password for\n"));
2096 return 0;
2097 }
2098
2099 if (c->opt_user_name == NULL || c->opt_password == NULL) {
2100 d_fprintf(stderr, _("You must supply an administrator "
2101 "username/password\n"));
2102 return -1;
2103 }
2104
2105 if (argc < 1) {
2106 d_fprintf(stderr, _("ERROR: You must say which username to "
2107 "change password for\n"));
2108 return -1;
2109 }
2110
2111 user = argv[0];
2112 if (!strchr_m(user, '@')) {
2113 if (asprintf(&chr, "%s@%s", argv[0], lp_realm()) == -1) {
2114 return -1;
2115 }
2116 user = chr;
2117 }
2118
2119 use_in_memory_ccache();
2120 chr = strchr_m(auth_principal, '@');
2121 if (chr) {
2122 realm = ++chr;
2123 } else {
2124 realm = lp_realm();
2125 }
2126
2127 /* use the realm so we can eventually change passwords for users
2128 in realms other than default */
2129 if (!(ads = ads_init(realm, c->opt_workgroup, c->opt_host))) {
2130 return -1;
2131 }
2132
2133 /* we don't actually need a full connect, but it's the easy way to
2134 fill in the KDC's addresss */
2135 ads_connect(ads);
2136
2137 if (!ads->config.realm) {
2138 d_fprintf(stderr, _("Didn't find the kerberos server!\n"));
2139 ads_destroy(&ads);
2140 return -1;
2141 }
2142
2143 if (argv[1]) {
2144 new_password = (const char *)argv[1];
2145 } else {
2146 if (asprintf(&prompt, _("Enter new password for %s:"), user) == -1) {
2147 return -1;
2148 }
2149 new_password = getpass(prompt);
2150 free(prompt);
2151 }
2152
2153 ret = kerberos_set_password(ads->auth.kdc_server, auth_principal,
2154 auth_password, user, new_password, ads->auth.time_offset);
2155 if (!ADS_ERR_OK(ret)) {
2156 d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
2157 ads_destroy(&ads);
2158 return -1;
2159 }
2160
2161 d_printf(_("Password change for %s completed.\n"), user);
2162 ads_destroy(&ads);
2163
2164 return 0;
2165 }
2166
2167 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
2168 {
2169 ADS_STRUCT *ads;
2170 char *host_principal;
2171 fstring my_name;
2172 ADS_STATUS ret;
2173
2174 if (c->display_usage) {
2175 d_printf( "%s\n"
2176 "net ads changetrustpw\n"
2177 " %s\n",
2178 _("Usage:"),
2179 _("Change the machine account's trust password"));
2180 return 0;
2181 }
2182
2183 if (!secrets_init()) {
2184 DEBUG(1,("Failed to initialise secrets database\n"));
2185 return -1;
2186 }
2187
2188 net_use_krb_machine_account(c);
2189
2190 use_in_memory_ccache();
2191
2192 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2193 return -1;
2194 }
2195
2196 fstrcpy(my_name, lp_netbios_name());
2197 if (!strlower_m(my_name)) {
2198 ads_destroy(&ads);
2199 return -1;
2200 }
2201
2202 if (asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm) == -1) {
2203 ads_destroy(&ads);
2204 return -1;
2205 }
2206 d_printf(_("Changing password for principal: %s\n"), host_principal);
2207
2208 ret = ads_change_trust_account_password(ads, host_principal);
2209
2210 if (!ADS_ERR_OK(ret)) {
2211 d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
2212 ads_destroy(&ads);
2213 SAFE_FREE(host_principal);
2214 return -1;
2215 }
2216
2217 d_printf(_("Password change for principal %s succeeded.\n"), host_principal);
2218
2219 if (USE_SYSTEM_KEYTAB) {
2220 d_printf(_("Attempting to update system keytab with new password.\n"));
2221 if (ads_keytab_create_default(ads)) {
2222 d_printf(_("Failed to update system keytab.\n"));
2223 }
2224 }
2225
2226 ads_destroy(&ads);
2227 SAFE_FREE(host_principal);
2228
2229 return 0;
2230 }
2231
2232 /*
2233 help for net ads search
2234 */
2235 static int net_ads_search_usage(struct net_context *c, int argc, const char **argv)
2236 {
2237 d_printf(_(
2238 "\nnet ads search <expression> <attributes...>\n"
2239 "\nPerform a raw LDAP search on a ADS server and dump the results.\n"
2240 "The expression is a standard LDAP search expression, and the\n"
2241 "attributes are a list of LDAP fields to show in the results.\n\n"
2242 "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n"
2243 ));
2244 net_common_flags_usage(c, argc, argv);
2245 return -1;
2246 }
2247
2248
2249 /*
2250 general ADS search function. Useful in diagnosing problems in ADS
2251 */
2252 static int net_ads_search(struct net_context *c, int argc, const char **argv)
2253 {
2254 ADS_STRUCT *ads;
2255 ADS_STATUS rc;
2256 const char *ldap_exp;
2257 const char **attrs;
2258 LDAPMessage *res = NULL;
2259
2260 if (argc < 1 || c->display_usage) {
2261 return net_ads_search_usage(c, argc, argv);
2262 }
2263
2264 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2265 return -1;
2266 }
2267
2268 ldap_exp = argv[0];
2269 attrs = (argv + 1);
2270
2271 rc = ads_do_search_retry(ads, ads->config.bind_path,
2272 LDAP_SCOPE_SUBTREE,
2273 ldap_exp, attrs, &res);
2274 if (!ADS_ERR_OK(rc)) {
2275 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2276 ads_destroy(&ads);
2277 return -1;
2278 }
2279
2280 d_printf(_("Got %d replies\n\n"), ads_count_replies(ads, res));
2281
2282 /* dump the results */
2283 ads_dump(ads, res);
2284
2285 ads_msgfree(ads, res);
2286 ads_destroy(&ads);
2287
2288 return 0;
2289 }
2290
2291
2292 /*
2293 help for net ads search
2294 */
2295 static int net_ads_dn_usage(struct net_context *c, int argc, const char **argv)
2296 {
2297 d_printf(_(
2298 "\nnet ads dn <dn> <attributes...>\n"
2299 "\nperform a raw LDAP search on a ADS server and dump the results\n"
2300 "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"
2301 "to show in the results\n\n"
2302 "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n"
2303 "Note: the DN must be provided properly escaped. See RFC 4514 for details\n\n"
2304 ));
2305 net_common_flags_usage(c, argc, argv);
2306 return -1;
2307 }
2308
2309
2310 /*
2311 general ADS search function. Useful in diagnosing problems in ADS
2312 */
2313 static int net_ads_dn(struct net_context *c, int argc, const char **argv)
2314 {
2315 ADS_STRUCT *ads;
2316 ADS_STATUS rc;
2317 const char *dn;
2318 const char **attrs;
2319 LDAPMessage *res = NULL;
2320
2321 if (argc < 1 || c->display_usage) {
2322 return net_ads_dn_usage(c, argc, argv);
2323 }
2324
2325 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2326 return -1;
2327 }
2328
2329 dn = argv[0];
2330 attrs = (argv + 1);
2331
2332 rc = ads_do_search_all(ads, dn,
2333 LDAP_SCOPE_BASE,
2334 "(objectclass=*)", attrs, &res);
2335 if (!ADS_ERR_OK(rc)) {
2336 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2337 ads_destroy(&ads);
2338 return -1;
2339 }
2340
2341 d_printf("Got %d replies\n\n", ads_count_replies(ads, res));
2342
2343 /* dump the results */
2344 ads_dump(ads, res);
2345
2346 ads_msgfree(ads, res);
2347 ads_destroy(&ads);
2348
2349 return 0;
2350 }
2351
2352 /*
2353 help for net ads sid search
2354 */
2355 static int net_ads_sid_usage(struct net_context *c, int argc, const char **argv)
2356 {
2357 d_printf(_(
2358 "\nnet ads sid <sid> <attributes...>\n"
2359 "\nperform a raw LDAP search on a ADS server and dump the results\n"
2360 "The SID is in string format, and the attributes are a list of LDAP fields \n"
2361 "to show in the results\n\n"
2362 "Example: net ads sid 'S-1-5-32' distinguishedName\n\n"
2363 ));
2364 net_common_flags_usage(c, argc, argv);
2365 return -1;
2366 }
2367
2368
2369 /*
2370 general ADS search function. Useful in diagnosing problems in ADS
2371 */
2372 static int net_ads_sid(struct net_context *c, int argc, const char **argv)
2373 {
2374 ADS_STRUCT *ads;
2375 ADS_STATUS rc;
2376 const char *sid_string;
2377 const char **attrs;
2378 LDAPMessage *res = NULL;
2379 struct dom_sid sid;
2380
2381 if (argc < 1 || c->display_usage) {
2382 return net_ads_sid_usage(c, argc, argv);
2383 }
2384
2385 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2386 return -1;
2387 }
2388
2389 sid_string = argv[0];
2390 attrs = (argv + 1);
2391
2392 if (!string_to_sid(&sid, sid_string)) {
2393 d_fprintf(stderr, _("could not convert sid\n"));
2394 ads_destroy(&ads);
2395 return -1;
2396 }
2397
2398 rc = ads_search_retry_sid(ads, &res, &sid, attrs);
2399 if (!ADS_ERR_OK(rc)) {
2400 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2401 ads_destroy(&ads);
2402 return -1;
2403 }
2404
2405 d_printf(_("Got %d replies\n\n"), ads_count_replies(ads, res));
2406
2407 /* dump the results */
2408 ads_dump(ads, res);
2409
2410 ads_msgfree(ads, res);
2411 ads_destroy(&ads);
2412
2413 return 0;
2414 }
2415
2416 static int net_ads_keytab_flush(struct net_context *c, int argc, const char **argv)
2417 {
2418 int ret;
2419 ADS_STRUCT *ads;
2420
2421 if (c->display_usage) {
2422 d_printf( "%s\n"
2423 "net ads keytab flush\n"
2424 " %s\n",
2425 _("Usage:"),
2426 _("Delete the whole keytab"));
2427 return 0;
2428 }
2429
2430 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2431 return -1;
2432 }
2433 ret = ads_keytab_flush(ads);
2434 ads_destroy(&ads);
2435 return ret;
2436 }
2437
2438 static int net_ads_keytab_add(struct net_context *c, int argc, const char **argv)
2439 {
2440 int i;
2441 int ret = 0;
2442 ADS_STRUCT *ads;
2443
2444 if (c->display_usage) {
2445 d_printf("%s\n%s",
2446 _("Usage:"),
2447 _("net ads keytab add <principal> [principal ...]\n"
2448 " Add principals to local keytab\n"
2449 " principal\tKerberos principal to add to "
2450 "keytab\n"));
2451 return 0;
2452 }
2453
2454 d_printf(_("Processing principals to add...\n"));
2455 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2456 return -1;
2457 }
2458 for (i = 0; i < argc; i++) {
2459 ret |= ads_keytab_add_entry(ads, argv[i]);
2460 }
2461 ads_destroy(&ads);
2462 return ret;
2463 }
2464
2465 static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv)
2466 {
2467 ADS_STRUCT *ads;
2468 int ret;
2469
2470 if (c->display_usage) {
2471 d_printf( "%s\n"
2472 "net ads keytab create\n"
2473 " %s\n",
2474 _("Usage:"),
2475 _("Create new default keytab"));
2476 return 0;
2477 }
2478
2479 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2480 return -1;
2481 }
2482 ret = ads_keytab_create_default(ads);
2483 ads_destroy(&ads);
2484 return ret;
2485 }
2486
2487 static int net_ads_keytab_list(struct net_context *c, int argc, const char **argv)
2488 {
2489 const char *keytab = NULL;
2490
2491 if (c->display_usage) {
2492 d_printf("%s\n%s",
2493 _("Usage:"),
2494 _("net ads keytab list [keytab]\n"
2495 " List a local keytab\n"
2496 " keytab\tKeytab to list\n"));
2497 return 0;
2498 }
2499
2500 if (argc >= 1) {
2501 keytab = argv[0];
2502 }
2503
2504 return ads_keytab_list(keytab);
2505 }
2506
2507
2508 int net_ads_keytab(struct net_context *c, int argc, const char **argv)
2509 {
2510 struct functable func[] = {
2511 {
2512 "add",
2513 net_ads_keytab_add,
2514 NET_TRANSPORT_ADS,
2515 N_("Add a service principal"),
2516 N_("net ads keytab add\n"
2517 " Add a service principal")
2518 },
2519 {
2520 "create",
2521 net_ads_keytab_create,
2522 NET_TRANSPORT_ADS,
2523 N_("Create a fresh keytab"),
2524 N_("net ads keytab create\n"
2525 " Create a fresh keytab")
2526 },
2527 {
2528 "flush",
2529 net_ads_keytab_flush,
2530 NET_TRANSPORT_ADS,
2531 N_("Remove all keytab entries"),
2532 N_("net ads keytab flush\n"
2533 " Remove all keytab entries")
2534 },
2535 {
2536 "list",
2537 net_ads_keytab_list,
2538 NET_TRANSPORT_ADS,
2539 N_("List a keytab"),
2540 N_("net ads keytab list\n"
2541 " List a keytab")
2542 },
2543 {NULL, NULL, 0, NULL, NULL}
2544 };
2545
2546 if (!USE_KERBEROS_KEYTAB) {
2547 d_printf(_("\nWarning: \"kerberos method\" must be set to a "
2548 "keytab method to use keytab functions.\n"));
2549 }
2550
2551 return net_run_function(c, argc, argv, "net ads keytab", func);
2552 }
2553
2554 static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv)
2555 {
2556 int ret = -1;
2557
2558 if (c->display_usage) {
2559 d_printf( "%s\n"
2560 "net ads kerberos renew\n"
2561 " %s\n",
2562 _("Usage:"),
2563 _("Renew TGT from existing credential cache"));
2564 return 0;
2565 }
2566
2567 ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL);
2568 if (ret) {
2569 d_printf(_("failed to renew kerberos ticket: %s\n"),
2570 error_message(ret));
2571 }
2572 return ret;
2573 }
2574
2575 static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
2576 {
2577 struct PAC_LOGON_INFO *info = NULL;
2578 TALLOC_CTX *mem_ctx = NULL;
2579 NTSTATUS status;
2580 int ret = -1;
2581 const char *impersonate_princ_s = NULL;
2582
2583 if (c->display_usage) {
2584 d_printf( "%s\n"
2585 "net ads kerberos pac\n"
2586 " %s\n",
2587 _("Usage:"),
2588 _("Dump the Kerberos PAC"));
2589 return 0;
2590 }
2591
2592 mem_ctx = talloc_init("net_ads_kerberos_pac");
2593 if (!mem_ctx) {
2594 goto out;
2595 }
2596
2597 if (argc > 0) {
2598 impersonate_princ_s = argv[0];
2599 }
2600
2601 c->opt_password = net_prompt_pass(c, c->opt_user_name);
2602
2603 status = kerberos_return_pac(mem_ctx,
2604 c->opt_user_name,
2605 c->opt_password,
2606 0,
2607 NULL,
2608 NULL,
2609 NULL,
2610 true,
2611 true,
2612 2592000, /* one month */
2613 impersonate_princ_s,
2614 &info);
2615 if (!NT_STATUS_IS_OK(status)) {
2616 d_printf(_("failed to query kerberos PAC: %s\n"),
2617 nt_errstr(status));
2618 goto out;
2619 }
2620
2621 if (info) {
2622 const char *s;
2623 s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
2624 d_printf(_("The Pac: %s\n"), s);
2625 }
2626
2627 ret = 0;
2628 out:
2629 TALLOC_FREE(mem_ctx);
2630 return ret;
2631 }
2632
2633 static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
2634 {
2635 TALLOC_CTX *mem_ctx = NULL;
2636 int ret = -1;
2637 NTSTATUS status;
2638
2639 if (c->display_usage) {
2640 d_printf( "%s\n"
2641 "net ads kerberos kinit\n"
2642 " %s\n",
2643 _("Usage:"),
2644 _("Get Ticket Granting Ticket (TGT) for the user"));
2645 return 0;
2646 }
2647
2648 mem_ctx = talloc_init("net_ads_kerberos_kinit");
2649 if (!mem_ctx) {
2650 goto out;
2651 }
2652
2653 c->opt_password = net_prompt_pass(c, c->opt_user_name);
2654
2655 ret = kerberos_kinit_password_ext(c->opt_user_name,
2656 c->opt_password,
2657 0,
2658 NULL,
2659 NULL,
2660 NULL,
2661 true,
2662 true,
2663 2592000, /* one month */
2664 &status);
2665 if (ret) {
2666 d_printf(_("failed to kinit password: %s\n"),
2667 nt_errstr(status));
2668 }
2669 out:
2670 return ret;
2671 }
2672
2673 int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
2674 {
2675 struct functable func[] = {
2676 {
2677 "kinit",
2678 net_ads_kerberos_kinit,
2679 NET_TRANSPORT_ADS,
2680 N_("Retrieve Ticket Granting Ticket (TGT)"),
2681 N_("net ads kerberos kinit\n"
2682 " Receive Ticket Granting Ticket (TGT)")
2683 },
2684 {
2685 "renew",
2686 net_ads_kerberos_renew,
2687 NET_TRANSPORT_ADS,
2688 N_("Renew Ticket Granting Ticket from credential cache"),
2689 N_("net ads kerberos renew\n"
2690 " Renew Ticket Granting Ticket (TGT) from "
2691 "credential cache")
2692 },
2693 {
2694 "pac",
2695 net_ads_kerberos_pac,
2696 NET_TRANSPORT_ADS,
2697 N_("Dump Kerberos PAC"),
2698 N_("net ads kerberos pac\n"
2699 " Dump Kerberos PAC")
2700 },
2701 {NULL, NULL, 0, NULL, NULL}
2702 };
2703
2704 return net_run_function(c, argc, argv, "net ads kerberos", func);
2705 }
2706
2707 int net_ads(struct net_context *c, int argc, const char **argv)
2708 {
2709 struct functable func[] = {
2710 {
2711 "info",
2712 net_ads_info,
2713 NET_TRANSPORT_ADS,
2714 N_("Display details on remote ADS server"),
2715 N_("net ads info\n"
2716 " Display details on remote ADS server")
2717 },
2718 {
2719 "join",
2720 net_ads_join,
2721 NET_TRANSPORT_ADS,
2722 N_("Join the local machine to ADS realm"),
2723 N_("net ads join\n"
2724 " Join the local machine to ADS realm")
2725 },
2726 {
2727 "testjoin",
2728 net_ads_testjoin,
2729 NET_TRANSPORT_ADS,
2730 N_("Validate machine account"),
2731 N_("net ads testjoin\n"
2732 " Validate machine account")
2733 },
2734 {
2735 "leave",
2736 net_ads_leave,
2737 NET_TRANSPORT_ADS,
2738 N_("Remove the local machine from ADS"),
2739 N_("net ads leave\n"
2740 " Remove the local machine from ADS")
2741 },
2742 {
2743 "status",
2744 net_ads_status,
2745 NET_TRANSPORT_ADS,
2746 N_("Display machine account details"),
2747 N_("net ads status\n"
2748 " Display machine account details")
2749 },
2750 {
2751 "user",
2752 net_ads_user,
2753 NET_TRANSPORT_ADS,
2754 N_("List/modify users"),
2755 N_("net ads user\n"
2756 " List/modify users")
2757 },
2758 {
2759 "group",
2760 net_ads_group,
2761 NET_TRANSPORT_ADS,
2762 N_("List/modify groups"),
2763 N_("net ads group\n"
2764 " List/modify groups")
2765 },
2766 {
2767 "dns",
2768 net_ads_dns,
2769 NET_TRANSPORT_ADS,
2770 N_("Issue dynamic DNS update"),
2771 N_("net ads dns\n"
2772 " Issue dynamic DNS update")
2773 },
2774 {
2775 "password",
2776 net_ads_password,
2777 NET_TRANSPORT_ADS,
2778 N_("Change user passwords"),
2779 N_("net ads password\n"
2780 " Change user passwords")
2781 },
2782 {
2783 "changetrustpw",
2784 net_ads_changetrustpw,
2785 NET_TRANSPORT_ADS,
2786 N_("Change trust account password"),
2787 N_("net ads changetrustpw\n"
2788 " Change trust account password")
2789 },
2790 {
2791 "printer",
2792 net_ads_printer,
2793 NET_TRANSPORT_ADS,
2794 N_("List/modify printer entries"),
2795 N_("net ads printer\n"
2796 " List/modify printer entries")
2797 },
2798 {
2799 "search",
2800 net_ads_search,
2801 NET_TRANSPORT_ADS,
2802 N_("Issue LDAP search using filter"),
2803 N_("net ads search\n"
2804 " Issue LDAP search using filter")
2805 },
2806 {
2807 "dn",
2808 net_ads_dn,
2809 NET_TRANSPORT_ADS,
2810 N_("Issue LDAP search by DN"),
2811 N_("net ads dn\n"
2812 " Issue LDAP search by DN")
2813 },
2814 {
2815 "sid",
2816 net_ads_sid,
2817 NET_TRANSPORT_ADS,
2818 N_("Issue LDAP search by SID"),
2819 N_("net ads sid\n"
2820 " Issue LDAP search by SID")
2821 },
2822 {
2823 "workgroup",
2824 net_ads_workgroup,
2825 NET_TRANSPORT_ADS,
2826 N_("Display workgroup name"),
2827 N_("net ads workgroup\n"
2828 " Display the workgroup name")
2829 },
2830 {
2831 "lookup",
2832 net_ads_lookup,
2833 NET_TRANSPORT_ADS,
2834 N_("Perfom CLDAP query on DC"),
2835 N_("net ads lookup\n"
2836 " Find the ADS DC using CLDAP lookups")
2837 },
2838 {
2839 "keytab",
2840 net_ads_keytab,
2841 NET_TRANSPORT_ADS,
2842 N_("Manage local keytab file"),
2843 N_("net ads keytab\n"
2844 " Manage local keytab file")
2845 },
2846 {
2847 "gpo",
2848 net_ads_gpo,
2849 NET_TRANSPORT_ADS,
2850 N_("Manage group policy objects"),
2851 N_("net ads gpo\n"
2852 " Manage group policy objects")
2853 },
2854 {
2855 "kerberos",
2856 net_ads_kerberos,
2857 NET_TRANSPORT_ADS,
2858 N_("Manage kerberos keytab"),
2859 N_("net ads kerberos\n"
2860 " Manage kerberos keytab")
2861 },
2862 {NULL, NULL, 0, NULL, NULL}
2863 };
2864
2865 return net_run_function(c, argc, argv, "net ads", func);
2866 }
2867
2868 #else
2869
2870 static int net_ads_noads(void)
2871 {
2872 d_fprintf(stderr, _("ADS support not compiled in\n"));
2873 return -1;
2874 }
2875
2876 int net_ads_keytab(struct net_context *c, int argc, const char **argv)
2877 {
2878 return net_ads_noads();
2879 }
2880
2881 int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
2882 {
2883 return net_ads_noads();
2884 }
2885
2886 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
2887 {
2888 return net_ads_noads();
2889 }
2890
2891 int net_ads_join(struct net_context *c, int argc, const char **argv)
2892 {
2893 return net_ads_noads();
2894 }
2895
2896 int net_ads_user(struct net_context *c, int argc, const char **argv)
2897 {
2898 return net_ads_noads();
2899 }
2900
2901 int net_ads_group(struct net_context *c, int argc, const char **argv)
2902 {
2903 return net_ads_noads();
2904 }
2905
2906 int net_ads_gpo(struct net_context *c, int argc, const char **argv)
2907 {
2908 return net_ads_noads();
2909 }
2910
2911 /* this one shouldn't display a message */
2912 int net_ads_check(struct net_context *c)
2913 {
2914 return -1;
2915 }
2916
2917 int net_ads_check_our_domain(struct net_context *c)
2918 {
2919 return -1;
2920 }
2921
2922 int net_ads(struct net_context *c, int argc, const char **argv)
2923 {
2924 return net_ads_noads();
2925 }
2926
2927 #endif /* HAVE_ADS */
reg import