search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tevent: expose tevent_context_init_ops
[Samba/gebeck_regimport.git] / source3 / utils / net_ads.c
blob998ccb8c3b530af6b8b3699a21bc2838b4c580fe
1 /*
2 Samba Unix/Linux SMB client library
3 net ads commands
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
6 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
7 Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org)
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "utils/net.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "librpc/gen_ndr/ndr_krb5pac.h"
27 #include "../librpc/gen_ndr/ndr_spoolss.h"
28 #include "nsswitch/libwbclient/wbclient.h"
29 #include "ads.h"
30 #include "libads/cldap.h"
31 #include "../lib/addns/dnsquery.h"
32 #include "../libds/common/flags.h"
33 #include "librpc/gen_ndr/libnet_join.h"
34 #include "libnet/libnet_join.h"
35 #include "smb_krb5.h"
36 #include "secrets.h"
37 #include "krb5_env.h"
38 #include "../libcli/security/security.h"
39 #include "libsmb/libsmb.h"
40
41 #ifdef HAVE_ADS
42
43 /* when we do not have sufficient input parameters to contact a remote domain
44 * we always fall back to our own realm - Guenther*/
45
46 static const char *assume_own_realm(struct net_context *c)
47 {
48 if (!c->opt_host && strequal(lp_workgroup(), c->opt_target_workgroup)) {
49 return lp_realm();
50 }
51
52 return NULL;
53 }
54
55 /*
56 do a cldap netlogon query
57 */
58 static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
59 {
60 char addr[INET6_ADDRSTRLEN];
61 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
62
63 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
64
65 if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
66 d_fprintf(stderr, _("CLDAP query failed!\n"));
67 return -1;
68 }
69
70 d_printf(_("Information for Domain Controller: %s\n\n"),
71 addr);
72
73 d_printf(_("Response Type: "));
74 switch (reply.command) {
75 case LOGON_SAM_LOGON_USER_UNKNOWN_EX:
76 d_printf("LOGON_SAM_LOGON_USER_UNKNOWN_EX\n");
77 break;
78 case LOGON_SAM_LOGON_RESPONSE_EX:
79 d_printf("LOGON_SAM_LOGON_RESPONSE_EX\n");
80 break;
81 default:
82 d_printf("0x%x\n", reply.command);
83 break;
84 }
85
86 d_printf(_("GUID: %s\n"), GUID_string(talloc_tos(),&reply.domain_uuid));
87
88 d_printf(_("Flags:\n"
89 "\tIs a PDC: %s\n"
90 "\tIs a GC of the forest: %s\n"
91 "\tIs an LDAP server: %s\n"
92 "\tSupports DS: %s\n"
93 "\tIs running a KDC: %s\n"
94 "\tIs running time services: %s\n"
95 "\tIs the closest DC: %s\n"
96 "\tIs writable: %s\n"
97 "\tHas a hardware clock: %s\n"
98 "\tIs a non-domain NC serviced by LDAP server: %s\n"
99 "\tIs NT6 DC that has some secrets: %s\n"
100 "\tIs NT6 DC that has all secrets: %s\n"),
101 (reply.server_type & NBT_SERVER_PDC) ? _("yes") : _("no"),
102 (reply.server_type & NBT_SERVER_GC) ? _("yes") : _("no"),
103 (reply.server_type & NBT_SERVER_LDAP) ? _("yes") : _("no"),
104 (reply.server_type & NBT_SERVER_DS) ? _("yes") : _("no"),
105 (reply.server_type & NBT_SERVER_KDC) ? _("yes") : _("no"),
106 (reply.server_type & NBT_SERVER_TIMESERV) ? _("yes") : _("no"),
107 (reply.server_type & NBT_SERVER_CLOSEST) ? _("yes") : _("no"),
108 (reply.server_type & NBT_SERVER_WRITABLE) ? _("yes") : _("no"),
109 (reply.server_type & NBT_SERVER_GOOD_TIMESERV) ? _("yes") : _("no"),
110 (reply.server_type & NBT_SERVER_NDNC) ? _("yes") : _("no"),
111 (reply.server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) ? _("yes") : _("no"),
112 (reply.server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) ? _("yes") : _("no"));
113
114
115 printf(_("Forest:\t\t\t%s\n"), reply.forest);
116 printf(_("Domain:\t\t\t%s\n"), reply.dns_domain);
117 printf(_("Domain Controller:\t%s\n"), reply.pdc_dns_name);
118
119 printf(_("Pre-Win2k Domain:\t%s\n"), reply.domain_name);
120 printf(_("Pre-Win2k Hostname:\t%s\n"), reply.pdc_name);
121
122 if (*reply.user_name) printf(_("User name:\t%s\n"), reply.user_name);
123
124 printf(_("Server Site Name :\t\t%s\n"), reply.server_site);
125 printf(_("Client Site Name :\t\t%s\n"), reply.client_site);
126
127 d_printf(_("NT Version: %d\n"), reply.nt_version);
128 d_printf(_("LMNT Token: %.2x\n"), reply.lmnt_token);
129 d_printf(_("LM20 Token: %.2x\n"), reply.lm20_token);
130
131 return 0;
132 }
133
134 /*
135 this implements the CLDAP based netlogon lookup requests
136 for finding the domain controller of a ADS domain
137 */
138 static int net_ads_lookup(struct net_context *c, int argc, const char **argv)
139 {
140 ADS_STRUCT *ads;
141 int ret;
142
143 if (c->display_usage) {
144 d_printf("%s\n"
145 "net ads lookup\n"
146 " %s",
147 _("Usage:"),
148 _("Find the ADS DC using CLDAP lookup.\n"));
149 return 0;
150 }
151
152 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
153 d_fprintf(stderr, _("Didn't find the cldap server!\n"));
154 ads_destroy(&ads);
155 return -1;
156 }
157
158 if (!ads->config.realm) {
159 ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
160 ads->ldap.port = 389;
161 }
162
163 ret = net_ads_cldap_netlogon(c, ads);
164 ads_destroy(&ads);
165 return ret;
166 }
167
168
169
170 static int net_ads_info(struct net_context *c, int argc, const char **argv)
171 {
172 ADS_STRUCT *ads;
173 char addr[INET6_ADDRSTRLEN];
174
175 if (c->display_usage) {
176 d_printf("%s\n"
177 "net ads info\n"
178 " %s",
179 _("Usage:"),
180 _("Display information about an Active Directory "
181 "server.\n"));
182 return 0;
183 }
184
185 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
186 d_fprintf(stderr, _("Didn't find the ldap server!\n"));
187 return -1;
188 }
189
190 if (!ads || !ads->config.realm) {
191 d_fprintf(stderr, _("Didn't find the ldap server!\n"));
192 ads_destroy(&ads);
193 return -1;
194 }
195
196 /* Try to set the server's current time since we didn't do a full
197 TCP LDAP session initially */
198
199 if ( !ADS_ERR_OK(ads_current_time( ads )) ) {
200 d_fprintf( stderr, _("Failed to get server's current time!\n"));
201 }
202
203 print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
204
205 d_printf(_("LDAP server: %s\n"), addr);
206 d_printf(_("LDAP server name: %s\n"), ads->config.ldap_server_name);
207 d_printf(_("Realm: %s\n"), ads->config.realm);
208 d_printf(_("Bind Path: %s\n"), ads->config.bind_path);
209 d_printf(_("LDAP port: %d\n"), ads->ldap.port);
210 d_printf(_("Server time: %s\n"),
211 http_timestring(talloc_tos(), ads->config.current_time));
212
213 d_printf(_("KDC server: %s\n"), ads->auth.kdc_server );
214 d_printf(_("Server time offset: %d\n"), ads->auth.time_offset );
215
216 ads_destroy(&ads);
217 return 0;
218 }
219
220 static void use_in_memory_ccache(void) {
221 /* Use in-memory credentials cache so we do not interfere with
222 * existing credentials */
223 setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
224 }
225
226 static ADS_STATUS ads_startup_int(struct net_context *c, bool only_own_domain,
227 uint32 auth_flags, ADS_STRUCT **ads_ret)
228 {
229 ADS_STRUCT *ads = NULL;
230 ADS_STATUS status;
231 bool need_password = false;
232 bool second_time = false;
233 char *cp;
234 const char *realm = NULL;
235 bool tried_closest_dc = false;
236
237 /* lp_realm() should be handled by a command line param,
238 However, the join requires that realm be set in smb.conf
239 and compares our realm with the remote server's so this is
240 ok until someone needs more flexibility */
241
242 *ads_ret = NULL;
243
244 retry_connect:
245 if (only_own_domain) {
246 realm = lp_realm();
247 } else {
248 realm = assume_own_realm(c);
249 }
250
251 ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
252
253 if (!c->opt_user_name) {
254 c->opt_user_name = "administrator";
255 }
256
257 if (c->opt_user_specified) {
258 need_password = true;
259 }
260
261 retry:
262 if (!c->opt_password && need_password && !c->opt_machine_pass) {
263 c->opt_password = net_prompt_pass(c, c->opt_user_name);
264 if (!c->opt_password) {
265 ads_destroy(&ads);
266 return ADS_ERROR(LDAP_NO_MEMORY);
267 }
268 }
269
270 if (c->opt_password) {
271 use_in_memory_ccache();
272 SAFE_FREE(ads->auth.password);
273 ads->auth.password = smb_xstrdup(c->opt_password);
274 }
275
276 ads->auth.flags |= auth_flags;
277 SAFE_FREE(ads->auth.user_name);
278 ads->auth.user_name = smb_xstrdup(c->opt_user_name);
279
280 /*
281 * If the username is of the form "name@realm",
282 * extract the realm and convert to upper case.
283 * This is only used to establish the connection.
284 */
285 if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
286 *cp++ = '\0';
287 SAFE_FREE(ads->auth.realm);
288 ads->auth.realm = smb_xstrdup(cp);
289 strupper_m(ads->auth.realm);
290 }
291
292 status = ads_connect(ads);
293
294 if (!ADS_ERR_OK(status)) {
295
296 if (NT_STATUS_EQUAL(ads_ntstatus(status),
297 NT_STATUS_NO_LOGON_SERVERS)) {
298 DEBUG(0,("ads_connect: %s\n", ads_errstr(status)));
299 ads_destroy(&ads);
300 return status;
301 }
302
303 if (!need_password && !second_time && !(auth_flags & ADS_AUTH_NO_BIND)) {
304 need_password = true;
305 second_time = true;
306 goto retry;
307 } else {
308 ads_destroy(&ads);
309 return status;
310 }
311 }
312
313 /* when contacting our own domain, make sure we use the closest DC.
314 * This is done by reconnecting to ADS because only the first call to
315 * ads_connect will give us our own sitename */
316
317 if ((only_own_domain || !c->opt_host) && !tried_closest_dc) {
318
319 tried_closest_dc = true; /* avoid loop */
320
321 if (!ads_closest_dc(ads)) {
322
323 namecache_delete(ads->server.realm, 0x1C);
324 namecache_delete(ads->server.workgroup, 0x1C);
325
326 ads_destroy(&ads);
327 ads = NULL;
328
329 goto retry_connect;
330 }
331 }
332
333 *ads_ret = ads;
334 return status;
335 }
336
337 ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
338 {
339 return ads_startup_int(c, only_own_domain, 0, ads);
340 }
341
342 ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads)
343 {
344 return ads_startup_int(c, only_own_domain, ADS_AUTH_NO_BIND, ads);
345 }
346
347 /*
348 Check to see if connection can be made via ads.
349 ads_startup() stores the password in opt_password if it needs to so
350 that rpc or rap can use it without re-prompting.
351 */
352 static int net_ads_check_int(const char *realm, const char *workgroup, const char *host)
353 {
354 ADS_STRUCT *ads;
355 ADS_STATUS status;
356
357 if ( (ads = ads_init( realm, workgroup, host )) == NULL ) {
358 return -1;
359 }
360
361 ads->auth.flags |= ADS_AUTH_NO_BIND;
362
363 status = ads_connect(ads);
364 if ( !ADS_ERR_OK(status) ) {
365 return -1;
366 }
367
368 ads_destroy(&ads);
369 return 0;
370 }
371
372 int net_ads_check_our_domain(struct net_context *c)
373 {
374 return net_ads_check_int(lp_realm(), lp_workgroup(), NULL);
375 }
376
377 int net_ads_check(struct net_context *c)
378 {
379 return net_ads_check_int(NULL, c->opt_workgroup, c->opt_host);
380 }
381
382 /*
383 determine the netbios workgroup name for a domain
384 */
385 static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
386 {
387 ADS_STRUCT *ads;
388 struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
389
390 if (c->display_usage) {
391 d_printf ("%s\n"
392 "net ads workgroup\n"
393 " %s\n",
394 _("Usage:"),
395 _("Print the workgroup name"));
396 return 0;
397 }
398
399 if (!ADS_ERR_OK(ads_startup_nobind(c, false, &ads))) {
400 d_fprintf(stderr, _("Didn't find the cldap server!\n"));
401 return -1;
402 }
403
404 if (!ads->config.realm) {
405 ads->config.realm = discard_const_p(char, c->opt_target_workgroup);
406 ads->ldap.port = 389;
407 }
408
409 if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
410 d_fprintf(stderr, _("CLDAP query failed!\n"));
411 ads_destroy(&ads);
412 return -1;
413 }
414
415 d_printf(_("Workgroup: %s\n"), reply.domain_name);
416
417 ads_destroy(&ads);
418
419 return 0;
420 }
421
422
423
424 static bool usergrp_display(ADS_STRUCT *ads, char *field, void **values, void *data_area)
425 {
426 char **disp_fields = (char **) data_area;
427
428 if (!field) { /* must be end of record */
429 if (disp_fields[0]) {
430 if (!strchr_m(disp_fields[0], '$')) {
431 if (disp_fields[1])
432 d_printf("%-21.21s %s\n",
433 disp_fields[0], disp_fields[1]);
434 else
435 d_printf("%s\n", disp_fields[0]);
436 }
437 }
438 SAFE_FREE(disp_fields[0]);
439 SAFE_FREE(disp_fields[1]);
440 return true;
441 }
442 if (!values) /* must be new field, indicate string field */
443 return true;
444 if (strcasecmp_m(field, "sAMAccountName") == 0) {
445 disp_fields[0] = SMB_STRDUP((char *) values[0]);
446 }
447 if (strcasecmp_m(field, "description") == 0)
448 disp_fields[1] = SMB_STRDUP((char *) values[0]);
449 return true;
450 }
451
452 static int net_ads_user_usage(struct net_context *c, int argc, const char **argv)
453 {
454 return net_user_usage(c, argc, argv);
455 }
456
457 static int ads_user_add(struct net_context *c, int argc, const char **argv)
458 {
459 ADS_STRUCT *ads;
460 ADS_STATUS status;
461 char *upn, *userdn;
462 LDAPMessage *res=NULL;
463 int rc = -1;
464 char *ou_str = NULL;
465
466 if (argc < 1 || c->display_usage)
467 return net_ads_user_usage(c, argc, argv);
468
469 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
470 return -1;
471 }
472
473 status = ads_find_user_acct(ads, &res, argv[0]);
474
475 if (!ADS_ERR_OK(status)) {
476 d_fprintf(stderr, _("ads_user_add: %s\n"), ads_errstr(status));
477 goto done;
478 }
479
480 if (ads_count_replies(ads, res)) {
481 d_fprintf(stderr, _("ads_user_add: User %s already exists\n"),
482 argv[0]);
483 goto done;
484 }
485
486 if (c->opt_container) {
487 ou_str = SMB_STRDUP(c->opt_container);
488 } else {
489 ou_str = ads_default_ou_string(ads, DS_GUID_USERS_CONTAINER);
490 }
491
492 status = ads_add_user_acct(ads, argv[0], ou_str, c->opt_comment);
493
494 if (!ADS_ERR_OK(status)) {
495 d_fprintf(stderr, _("Could not add user %s: %s\n"), argv[0],
496 ads_errstr(status));
497 goto done;
498 }
499
500 /* if no password is to be set, we're done */
501 if (argc == 1) {
502 d_printf(_("User %s added\n"), argv[0]);
503 rc = 0;
504 goto done;
505 }
506
507 /* try setting the password */
508 if (asprintf(&upn, "%s@%s", argv[0], ads->config.realm) == -1) {
509 goto done;
510 }
511 status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1],
512 ads->auth.time_offset);
513 SAFE_FREE(upn);
514 if (ADS_ERR_OK(status)) {
515 d_printf(_("User %s added\n"), argv[0]);
516 rc = 0;
517 goto done;
518 }
519
520 /* password didn't set, delete account */
521 d_fprintf(stderr, _("Could not add user %s. "
522 "Error setting password %s\n"),
523 argv[0], ads_errstr(status));
524 ads_msgfree(ads, res);
525 status=ads_find_user_acct(ads, &res, argv[0]);
526 if (ADS_ERR_OK(status)) {
527 userdn = ads_get_dn(ads, talloc_tos(), res);
528 ads_del_dn(ads, userdn);
529 TALLOC_FREE(userdn);
530 }
531
532 done:
533 if (res)
534 ads_msgfree(ads, res);
535 ads_destroy(&ads);
536 SAFE_FREE(ou_str);
537 return rc;
538 }
539
540 static int ads_user_info(struct net_context *c, int argc, const char **argv)
541 {
542 ADS_STRUCT *ads = NULL;
543 ADS_STATUS rc;
544 LDAPMessage *res = NULL;
545 TALLOC_CTX *frame;
546 int ret = 0;
547 wbcErr wbc_status;
548 const char *attrs[] = {"memberOf", "primaryGroupID", NULL};
549 char *searchstring=NULL;
550 char **grouplist;
551 char *primary_group;
552 char *escaped_user;
553 struct dom_sid primary_group_sid;
554 uint32_t group_rid;
555 enum wbcSidType type;
556
557 if (argc < 1 || c->display_usage) {
558 return net_ads_user_usage(c, argc, argv);
559 }
560
561 frame = talloc_new(talloc_tos());
562 if (frame == NULL) {
563 return -1;
564 }
565
566 escaped_user = escape_ldap_string(frame, argv[0]);
567 if (!escaped_user) {
568 d_fprintf(stderr,
569 _("ads_user_info: failed to escape user %s\n"),
570 argv[0]);
571 return -1;
572 }
573
574 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
575 ret = -1;
576 goto error;
577 }
578
579 if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
580 ret =-1;
581 goto error;
582 }
583 rc = ads_search(ads, &res, searchstring, attrs);
584 SAFE_FREE(searchstring);
585
586 if (!ADS_ERR_OK(rc)) {
587 d_fprintf(stderr, _("ads_search: %s\n"), ads_errstr(rc));
588 ret = -1;
589 goto error;
590 }
591
592 if (!ads_pull_uint32(ads, res, "primaryGroupID", &group_rid)) {
593 d_fprintf(stderr, _("ads_pull_uint32 failed\n"));
594 ret = -1;
595 goto error;
596 }
597
598 rc = ads_domain_sid(ads, &primary_group_sid);
599 if (!ADS_ERR_OK(rc)) {
600 d_fprintf(stderr, _("ads_domain_sid: %s\n"), ads_errstr(rc));
601 ret = -1;
602 goto error;
603 }
604
605 sid_append_rid(&primary_group_sid, group_rid);
606
607 wbc_status = wbcLookupSid((struct wbcDomainSid *)&primary_group_sid,
608 NULL, /* don't look up domain */
609 &primary_group,
610 &type);
611 if (!WBC_ERROR_IS_OK(wbc_status)) {
612 d_fprintf(stderr, "wbcLookupSid: %s\n",
613 wbcErrorString(wbc_status));
614 ret = -1;
615 goto error;
616 }
617
618 d_printf("%s\n", primary_group);
619
620 wbcFreeMemory(primary_group);
621
622 grouplist = ldap_get_values((LDAP *)ads->ldap.ld,
623 (LDAPMessage *)res, "memberOf");
624
625 if (grouplist) {
626 int i;
627 char **groupname;
628 for (i=0;grouplist[i];i++) {
629 groupname = ldap_explode_dn(grouplist[i], 1);
630 d_printf("%s\n", groupname[0]);
631 ldap_value_free(groupname);
632 }
633 ldap_value_free(grouplist);
634 }
635
636 error:
637 if (res) ads_msgfree(ads, res);
638 if (ads) ads_destroy(&ads);
639 TALLOC_FREE(frame);
640 return ret;
641 }
642
643 static int ads_user_delete(struct net_context *c, int argc, const char **argv)
644 {
645 ADS_STRUCT *ads;
646 ADS_STATUS rc;
647 LDAPMessage *res = NULL;
648 char *userdn;
649
650 if (argc < 1) {
651 return net_ads_user_usage(c, argc, argv);
652 }
653
654 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
655 return -1;
656 }
657
658 rc = ads_find_user_acct(ads, &res, argv[0]);
659 if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) {
660 d_printf(_("User %s does not exist.\n"), argv[0]);
661 ads_msgfree(ads, res);
662 ads_destroy(&ads);
663 return -1;
664 }
665 userdn = ads_get_dn(ads, talloc_tos(), res);
666 ads_msgfree(ads, res);
667 rc = ads_del_dn(ads, userdn);
668 TALLOC_FREE(userdn);
669 if (ADS_ERR_OK(rc)) {
670 d_printf(_("User %s deleted\n"), argv[0]);
671 ads_destroy(&ads);
672 return 0;
673 }
674 d_fprintf(stderr, _("Error deleting user %s: %s\n"), argv[0],
675 ads_errstr(rc));
676 ads_destroy(&ads);
677 return -1;
678 }
679
680 int net_ads_user(struct net_context *c, int argc, const char **argv)
681 {
682 struct functable func[] = {
683 {
684 "add",
685 ads_user_add,
686 NET_TRANSPORT_ADS,
687 N_("Add an AD user"),
688 N_("net ads user add\n"
689 " Add an AD user")
690 },
691 {
692 "info",
693 ads_user_info,
694 NET_TRANSPORT_ADS,
695 N_("Display information about an AD user"),
696 N_("net ads user info\n"
697 " Display information about an AD user")
698 },
699 {
700 "delete",
701 ads_user_delete,
702 NET_TRANSPORT_ADS,
703 N_("Delete an AD user"),
704 N_("net ads user delete\n"
705 " Delete an AD user")
706 },
707 {NULL, NULL, 0, NULL, NULL}
708 };
709 ADS_STRUCT *ads;
710 ADS_STATUS rc;
711 const char *shortattrs[] = {"sAMAccountName", NULL};
712 const char *longattrs[] = {"sAMAccountName", "description", NULL};
713 char *disp_fields[2] = {NULL, NULL};
714
715 if (argc == 0) {
716 if (c->display_usage) {
717 d_printf( "%s\n"
718 "net ads user\n"
719 " %s\n",
720 _("Usage:"),
721 _("List AD users"));
722 net_display_usage_from_functable(func);
723 return 0;
724 }
725
726 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
727 return -1;
728 }
729
730 if (c->opt_long_list_entries)
731 d_printf(_("\nUser name Comment"
732 "\n-----------------------------\n"));
733
734 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
735 LDAP_SCOPE_SUBTREE,
736 "(objectCategory=user)",
737 c->opt_long_list_entries ? longattrs :
738 shortattrs, usergrp_display,
739 disp_fields);
740 ads_destroy(&ads);
741 return ADS_ERR_OK(rc) ? 0 : -1;
742 }
743
744 return net_run_function(c, argc, argv, "net ads user", func);
745 }
746
747 static int net_ads_group_usage(struct net_context *c, int argc, const char **argv)
748 {
749 return net_group_usage(c, argc, argv);
750 }
751
752 static int ads_group_add(struct net_context *c, int argc, const char **argv)
753 {
754 ADS_STRUCT *ads;
755 ADS_STATUS status;
756 LDAPMessage *res=NULL;
757 int rc = -1;
758 char *ou_str = NULL;
759
760 if (argc < 1 || c->display_usage) {
761 return net_ads_group_usage(c, argc, argv);
762 }
763
764 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
765 return -1;
766 }
767
768 status = ads_find_user_acct(ads, &res, argv[0]);
769
770 if (!ADS_ERR_OK(status)) {
771 d_fprintf(stderr, _("ads_group_add: %s\n"), ads_errstr(status));
772 goto done;
773 }
774
775 if (ads_count_replies(ads, res)) {
776 d_fprintf(stderr, _("ads_group_add: Group %s already exists\n"), argv[0]);
777 goto done;
778 }
779
780 if (c->opt_container) {
781 ou_str = SMB_STRDUP(c->opt_container);
782 } else {
783 ou_str = ads_default_ou_string(ads, DS_GUID_USERS_CONTAINER);
784 }
785
786 status = ads_add_group_acct(ads, argv[0], ou_str, c->opt_comment);
787
788 if (ADS_ERR_OK(status)) {
789 d_printf(_("Group %s added\n"), argv[0]);
790 rc = 0;
791 } else {
792 d_fprintf(stderr, _("Could not add group %s: %s\n"), argv[0],
793 ads_errstr(status));
794 }
795
796 done:
797 if (res)
798 ads_msgfree(ads, res);
799 ads_destroy(&ads);
800 SAFE_FREE(ou_str);
801 return rc;
802 }
803
804 static int ads_group_delete(struct net_context *c, int argc, const char **argv)
805 {
806 ADS_STRUCT *ads;
807 ADS_STATUS rc;
808 LDAPMessage *res = NULL;
809 char *groupdn;
810
811 if (argc < 1 || c->display_usage) {
812 return net_ads_group_usage(c, argc, argv);
813 }
814
815 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
816 return -1;
817 }
818
819 rc = ads_find_user_acct(ads, &res, argv[0]);
820 if (!ADS_ERR_OK(rc) || ads_count_replies(ads, res) != 1) {
821 d_printf(_("Group %s does not exist.\n"), argv[0]);
822 ads_msgfree(ads, res);
823 ads_destroy(&ads);
824 return -1;
825 }
826 groupdn = ads_get_dn(ads, talloc_tos(), res);
827 ads_msgfree(ads, res);
828 rc = ads_del_dn(ads, groupdn);
829 TALLOC_FREE(groupdn);
830 if (ADS_ERR_OK(rc)) {
831 d_printf(_("Group %s deleted\n"), argv[0]);
832 ads_destroy(&ads);
833 return 0;
834 }
835 d_fprintf(stderr, _("Error deleting group %s: %s\n"), argv[0],
836 ads_errstr(rc));
837 ads_destroy(&ads);
838 return -1;
839 }
840
841 int net_ads_group(struct net_context *c, int argc, const char **argv)
842 {
843 struct functable func[] = {
844 {
845 "add",
846 ads_group_add,
847 NET_TRANSPORT_ADS,
848 N_("Add an AD group"),
849 N_("net ads group add\n"
850 " Add an AD group")
851 },
852 {
853 "delete",
854 ads_group_delete,
855 NET_TRANSPORT_ADS,
856 N_("Delete an AD group"),
857 N_("net ads group delete\n"
858 " Delete an AD group")
859 },
860 {NULL, NULL, 0, NULL, NULL}
861 };
862 ADS_STRUCT *ads;
863 ADS_STATUS rc;
864 const char *shortattrs[] = {"sAMAccountName", NULL};
865 const char *longattrs[] = {"sAMAccountName", "description", NULL};
866 char *disp_fields[2] = {NULL, NULL};
867
868 if (argc == 0) {
869 if (c->display_usage) {
870 d_printf( "%s\n"
871 "net ads group\n"
872 " %s\n",
873 _("Usage:"),
874 _("List AD groups"));
875 net_display_usage_from_functable(func);
876 return 0;
877 }
878
879 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
880 return -1;
881 }
882
883 if (c->opt_long_list_entries)
884 d_printf(_("\nGroup name Comment"
885 "\n-----------------------------\n"));
886 rc = ads_do_search_all_fn(ads, ads->config.bind_path,
887 LDAP_SCOPE_SUBTREE,
888 "(objectCategory=group)",
889 c->opt_long_list_entries ? longattrs :
890 shortattrs, usergrp_display,
891 disp_fields);
892
893 ads_destroy(&ads);
894 return ADS_ERR_OK(rc) ? 0 : -1;
895 }
896 return net_run_function(c, argc, argv, "net ads group", func);
897 }
898
899 static int net_ads_status(struct net_context *c, int argc, const char **argv)
900 {
901 ADS_STRUCT *ads;
902 ADS_STATUS rc;
903 LDAPMessage *res;
904
905 if (c->display_usage) {
906 d_printf( "%s\n"
907 "net ads status\n"
908 " %s\n",
909 _("Usage:"),
910 _("Display machine account details"));
911 return 0;
912 }
913
914 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
915 return -1;
916 }
917
918 rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
919 if (!ADS_ERR_OK(rc)) {
920 d_fprintf(stderr, _("ads_find_machine_acct: %s\n"), ads_errstr(rc));
921 ads_destroy(&ads);
922 return -1;
923 }
924
925 if (ads_count_replies(ads, res) == 0) {
926 d_fprintf(stderr, _("No machine account for '%s' found\n"), lp_netbios_name());
927 ads_destroy(&ads);
928 return -1;
929 }
930
931 ads_dump(ads, res);
932 ads_destroy(&ads);
933 return 0;
934 }
935
936 /*******************************************************************
937 Leave an AD domain. Windows XP disables the machine account.
938 We'll try the same. The old code would do an LDAP delete.
939 That only worked using the machine creds because added the machine
940 with full control to the computer object's ACL.
941 *******************************************************************/
942
943 static int net_ads_leave(struct net_context *c, int argc, const char **argv)
944 {
945 TALLOC_CTX *ctx;
946 struct libnet_UnjoinCtx *r = NULL;
947 WERROR werr;
948
949 if (c->display_usage) {
950 d_printf( "%s\n"
951 "net ads leave\n"
952 " %s\n",
953 _("Usage:"),
954 _("Leave an AD domain"));
955 return 0;
956 }
957
958 if (!*lp_realm()) {
959 d_fprintf(stderr, _("No realm set, are we joined ?\n"));
960 return -1;
961 }
962
963 if (!(ctx = talloc_init("net_ads_leave"))) {
964 d_fprintf(stderr, _("Could not initialise talloc context.\n"));
965 return -1;
966 }
967
968 if (!c->opt_kerberos) {
969 use_in_memory_ccache();
970 }
971
972 if (!c->msg_ctx) {
973 d_fprintf(stderr, _("Could not initialise message context. "
974 "Try running as root\n"));
975 return -1;
976 }
977
978 werr = libnet_init_UnjoinCtx(ctx, &r);
979 if (!W_ERROR_IS_OK(werr)) {
980 d_fprintf(stderr, _("Could not initialise unjoin context.\n"));
981 return -1;
982 }
983
984 r->in.debug = true;
985 r->in.use_kerberos = c->opt_kerberos;
986 r->in.dc_name = c->opt_host;
987 r->in.domain_name = lp_realm();
988 r->in.admin_account = c->opt_user_name;
989 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
990 r->in.modify_config = lp_config_backend_is_registry();
991
992 /* Try to delete it, but if that fails, disable it. The
993 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE really means "disable */
994 r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
995 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
996 r->in.delete_machine_account = true;
997 r->in.msg_ctx = c->msg_ctx;
998
999 werr = libnet_Unjoin(ctx, r);
1000 if (!W_ERROR_IS_OK(werr)) {
1001 d_printf(_("Failed to leave domain: %s\n"),
1002 r->out.error_string ? r->out.error_string :
1003 get_friendly_werror_msg(werr));
1004 goto done;
1005 }
1006
1007 if (r->out.deleted_machine_account) {
1008 d_printf(_("Deleted account for '%s' in realm '%s'\n"),
1009 r->in.machine_name, r->out.dns_domain_name);
1010 goto done;
1011 }
1012
1013 /* We couldn't delete it - see if the disable succeeded. */
1014 if (r->out.disabled_machine_account) {
1015 d_printf(_("Disabled account for '%s' in realm '%s'\n"),
1016 r->in.machine_name, r->out.dns_domain_name);
1017 werr = WERR_OK;
1018 goto done;
1019 }
1020
1021 /* Based on what we requested, we shouldn't get here, but if
1022 we did, it means the secrets were removed, and therefore
1023 we have left the domain */
1024 d_fprintf(stderr, _("Machine '%s' Left domain '%s'\n"),
1025 r->in.machine_name, r->out.dns_domain_name);
1026
1027 done:
1028 TALLOC_FREE(r);
1029 TALLOC_FREE(ctx);
1030
1031 if (W_ERROR_IS_OK(werr)) {
1032 return 0;
1033 }
1034
1035 return -1;
1036 }
1037
1038 static NTSTATUS net_ads_join_ok(struct net_context *c)
1039 {
1040 ADS_STRUCT *ads = NULL;
1041 ADS_STATUS status;
1042 fstring dc_name;
1043 struct sockaddr_storage dcip;
1044
1045 if (!secrets_init()) {
1046 DEBUG(1,("Failed to initialise secrets database\n"));
1047 return NT_STATUS_ACCESS_DENIED;
1048 }
1049
1050 net_use_krb_machine_account(c);
1051
1052 get_dc_name(lp_workgroup(), lp_realm(), dc_name, &dcip);
1053
1054 status = ads_startup(c, true, &ads);
1055 if (!ADS_ERR_OK(status)) {
1056 return ads_ntstatus(status);
1057 }
1058
1059 ads_destroy(&ads);
1060 return NT_STATUS_OK;
1061 }
1062
1063 /*
1064 check that an existing join is OK
1065 */
1066 int net_ads_testjoin(struct net_context *c, int argc, const char **argv)
1067 {
1068 NTSTATUS status;
1069 use_in_memory_ccache();
1070
1071 if (c->display_usage) {
1072 d_printf( "%s\n"
1073 "net ads testjoin\n"
1074 " %s\n",
1075 _("Usage:"),
1076 _("Test if the existing join is ok"));
1077 return 0;
1078 }
1079
1080 /* Display success or failure */
1081 status = net_ads_join_ok(c);
1082 if (!NT_STATUS_IS_OK(status)) {
1083 fprintf(stderr, _("Join to domain is not valid: %s\n"),
1084 get_friendly_nt_error_msg(status));
1085 return -1;
1086 }
1087
1088 printf(_("Join is OK\n"));
1089 return 0;
1090 }
1091
1092 /*******************************************************************
1093 Simple configu checks before beginning the join
1094 ********************************************************************/
1095
1096 static WERROR check_ads_config( void )
1097 {
1098 if (lp_server_role() != ROLE_DOMAIN_MEMBER ) {
1099 d_printf(_("Host is not configured as a member server.\n"));
1100 return WERR_INVALID_DOMAIN_ROLE;
1101 }
1102
1103 if (strlen(lp_netbios_name()) > 15) {
1104 d_printf(_("Our netbios name can be at most 15 chars long, "
1105 "\"%s\" is %u chars long\n"), lp_netbios_name(),
1106 (unsigned int)strlen(lp_netbios_name()));
1107 return WERR_INVALID_COMPUTERNAME;
1108 }
1109
1110 if ( lp_security() == SEC_ADS && !*lp_realm()) {
1111 d_fprintf(stderr, _("realm must be set in in %s for ADS "
1112 "join to succeed.\n"), get_dyn_CONFIGFILE());
1113 return WERR_INVALID_PARAM;
1114 }
1115
1116 return WERR_OK;
1117 }
1118
1119 /*******************************************************************
1120 Send a DNS update request
1121 *******************************************************************/
1122
1123 #if defined(WITH_DNS_UPDATES)
1124 #include "../lib/addns/dns.h"
1125 DNS_ERROR DoDNSUpdate(char *pszServerName,
1126 const char *pszDomainName, const char *pszHostName,
1127 const struct sockaddr_storage *sslist,
1128 size_t num_addrs );
1129
1130 static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads,
1131 const char *machine_name,
1132 const struct sockaddr_storage *addrs,
1133 int num_addrs)
1134 {
1135 struct dns_rr_ns *nameservers = NULL;
1136 int ns_count = 0, i;
1137 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1138 DNS_ERROR dns_err;
1139 fstring dns_server;
1140 const char *dns_hosts_file;
1141 const char *dnsdomain = NULL;
1142 char *root_domain = NULL;
1143
1144 if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) {
1145 d_printf(_("No DNS domain configured for %s. "
1146 "Unable to perform DNS Update.\n"), machine_name);
1147 status = NT_STATUS_INVALID_PARAMETER;
1148 goto done;
1149 }
1150 dnsdomain++;
1151
1152 dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
1153 status = ads_dns_lookup_ns(ctx, dns_hosts_file,
1154 dnsdomain, &nameservers, &ns_count);
1155 if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
1156 /* Child domains often do not have NS records. Look
1157 for the NS record for the forest root domain
1158 (rootDomainNamingContext in therootDSE) */
1159
1160 const char *rootname_attrs[] = { "rootDomainNamingContext", NULL };
1161 LDAPMessage *msg = NULL;
1162 char *root_dn;
1163 ADS_STATUS ads_status;
1164
1165 if ( !ads->ldap.ld ) {
1166 ads_status = ads_connect( ads );
1167 if ( !ADS_ERR_OK(ads_status) ) {
1168 DEBUG(0,("net_update_dns_internal: Failed to connect to our DC!\n"));
1169 goto done;
1170 }
1171 }
1172
1173 ads_status = ads_do_search(ads, "", LDAP_SCOPE_BASE,
1174 "(objectclass=*)", rootname_attrs, &msg);
1175 if (!ADS_ERR_OK(ads_status)) {
1176 goto done;
1177 }
1178
1179 root_dn = ads_pull_string(ads, ctx, msg, "rootDomainNamingContext");
1180 if ( !root_dn ) {
1181 ads_msgfree( ads, msg );
1182 goto done;
1183 }
1184
1185 root_domain = ads_build_domain( root_dn );
1186
1187 /* cleanup */
1188 ads_msgfree( ads, msg );
1189
1190 /* try again for NS servers */
1191
1192 status = ads_dns_lookup_ns(ctx, dns_hosts_file, root_domain,
1193 &nameservers, &ns_count);
1194
1195 if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
1196 DEBUG(3,("net_ads_join: Failed to find name server for the %s "
1197 "realm\n", ads->config.realm));
1198 goto done;
1199 }
1200
1201 dnsdomain = root_domain;
1202
1203 }
1204
1205 for (i=0; i < ns_count; i++) {
1206
1207 status = NT_STATUS_UNSUCCESSFUL;
1208
1209 /* Now perform the dns update - we'll try non-secure and if we fail,
1210 we'll follow it up with a secure update */
1211
1212 fstrcpy( dns_server, nameservers[i].hostname );
1213
1214 dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs);
1215 if (ERR_DNS_IS_OK(dns_err)) {
1216 status = NT_STATUS_OK;
1217 goto done;
1218 }
1219
1220 if (ERR_DNS_EQUAL(dns_err, ERROR_DNS_INVALID_NAME_SERVER) ||
1221 ERR_DNS_EQUAL(dns_err, ERROR_DNS_CONNECTION_FAILED) ||
1222 ERR_DNS_EQUAL(dns_err, ERROR_DNS_SOCKET_ERROR)) {
1223 DEBUG(1,("retrying DNS update with next nameserver after receiving %s\n",
1224 dns_errstr(dns_err)));
1225 continue;
1226 }
1227
1228 d_printf(_("DNS Update for %s failed: %s\n"),
1229 machine_name, dns_errstr(dns_err));
1230 status = NT_STATUS_UNSUCCESSFUL;
1231 goto done;
1232 }
1233
1234 done:
1235
1236 SAFE_FREE( root_domain );
1237
1238 return status;
1239 }
1240
1241 static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
1242 const char *hostname,
1243 struct sockaddr_storage *iplist,
1244 int num_addrs)
1245 {
1246 struct sockaddr_storage *iplist_alloc = NULL;
1247 fstring machine_name;
1248 NTSTATUS status;
1249
1250 if (hostname) {
1251 fstrcpy(machine_name, hostname);
1252 } else {
1253 name_to_fqdn( machine_name, lp_netbios_name() );
1254 }
1255 strlower_m( machine_name );
1256
1257 if (num_addrs == 0 || iplist == NULL) {
1258 /*
1259 * Get our ip address
1260 * (not the 127.0.0.x address but a real ip address)
1261 */
1262 num_addrs = get_my_ip_address(&iplist_alloc);
1263 if ( num_addrs <= 0 ) {
1264 DEBUG(4, ("net_update_dns_ext: Failed to find my "
1265 "non-loopback IP addresses!\n"));
1266 return NT_STATUS_INVALID_PARAMETER;
1267 }
1268 iplist = iplist_alloc;
1269 }
1270
1271 status = net_update_dns_internal(mem_ctx, ads, machine_name,
1272 iplist, num_addrs);
1273
1274 SAFE_FREE(iplist_alloc);
1275 return status;
1276 }
1277
1278 static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
1279 {
1280 NTSTATUS status;
1281
1282 status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0);
1283 return status;
1284 }
1285 #endif
1286
1287
1288 /*******************************************************************
1289 ********************************************************************/
1290
1291 static int net_ads_join_usage(struct net_context *c, int argc, const char **argv)
1292 {
1293 d_printf(_("net ads join [options]\n"
1294 "Valid options:\n"));
1295 d_printf(_(" createupn[=UPN] Set the userPrincipalName attribute during the join.\n"
1296 " The deault UPN is in the form host/netbiosname@REALM.\n"));
1297 d_printf(_(" createcomputer=OU Precreate the computer account in a specific OU.\n"
1298 " The OU string read from top to bottom without RDNs and delimited by a '/'.\n"
1299 " E.g. \"createcomputer=Computers/Servers/Unix\"\n"
1300 " NB: A backslash '\\' is used as escape at multiple levels and may\n"
1301 " need to be doubled or even quadrupled. It is not used as a separator.\n"));
1302 d_printf(_(" osName=string Set the operatingSystem attribute during the join.\n"));
1303 d_printf(_(" osVer=string Set the operatingSystemVersion attribute during the join.\n"
1304 " NB: osName and osVer must be specified together for either to take effect.\n"
1305 " Also, the operatingSystemService attribute is also set when along with\n"
1306 " the two other attributes.\n"));
1307
1308 return -1;
1309 }
1310
1311
1312 static void _net_ads_join_dns_updates(TALLOC_CTX *ctx, struct libnet_JoinCtx *r)
1313 {
1314 #if defined(WITH_DNS_UPDATES)
1315 ADS_STRUCT *ads_dns = NULL;
1316 int ret;
1317 NTSTATUS status;
1318
1319 /*
1320 * In a clustered environment, don't do dynamic dns updates:
1321 * Registering the set of ip addresses that are assigned to
1322 * the interfaces of the node that performs the join does usually
1323 * not have the desired effect, since the local interfaces do not
1324 * carry the complete set of the cluster's public IP addresses.
1325 * And it can also contain internal addresses that should not
1326 * be visible to the outside at all.
1327 * In order to do dns updates in a clustererd setup, use
1328 * net ads dns register.
1329 */
1330 if (lp_clustering()) {
1331 d_fprintf(stderr, _("Not doing automatic DNS update in a "
1332 "clustered setup.\n"));
1333 return;
1334 }
1335
1336 if (!r->out.domain_is_ad) {
1337 return;
1338 }
1339
1340 /*
1341 * We enter this block with user creds.
1342 * kinit with the machine password to do dns update.
1343 */
1344
1345 ads_dns = ads_init(lp_realm(), NULL, r->in.dc_name);
1346
1347 if (ads_dns == NULL) {
1348 d_fprintf(stderr, _("DNS update failed: out of memory!\n"));
1349 goto done;
1350 }
1351
1352 use_in_memory_ccache();
1353
1354 ret = asprintf(&ads_dns->auth.user_name, "%s$", lp_netbios_name());
1355 if (ret == -1) {
1356 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1357 goto done;
1358 }
1359
1360 ads_dns->auth.password = secrets_fetch_machine_password(
1361 r->out.netbios_domain_name, NULL, NULL);
1362 if (ads_dns->auth.password == NULL) {
1363 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1364 goto done;
1365 }
1366
1367 ads_dns->auth.realm = SMB_STRDUP(r->out.dns_domain_name);
1368 if (ads_dns->auth.realm == NULL) {
1369 d_fprintf(stderr, _("DNS update failed: out of memory\n"));
1370 goto done;
1371 }
1372
1373 strupper_m(ads_dns->auth.realm);
1374
1375 ret = ads_kinit_password(ads_dns);
1376 if (ret != 0) {
1377 d_fprintf(stderr,
1378 _("DNS update failed: kinit failed: %s\n"),
1379 error_message(ret));
1380 goto done;
1381 }
1382
1383 status = net_update_dns(ctx, ads_dns, NULL);
1384 if (!NT_STATUS_IS_OK(status)) {
1385 d_fprintf( stderr, _("DNS update failed: %s\n"),
1386 nt_errstr(status));
1387 }
1388
1389 done:
1390 ads_destroy(&ads_dns);
1391 #endif
1392
1393 return;
1394 }
1395
1396
1397 int net_ads_join(struct net_context *c, int argc, const char **argv)
1398 {
1399 TALLOC_CTX *ctx = NULL;
1400 struct libnet_JoinCtx *r = NULL;
1401 const char *domain = lp_realm();
1402 WERROR werr = WERR_SETUP_NOT_JOINED;
1403 bool createupn = false;
1404 const char *machineupn = NULL;
1405 const char *create_in_ou = NULL;
1406 int i;
1407 const char *os_name = NULL;
1408 const char *os_version = NULL;
1409 bool modify_config = lp_config_backend_is_registry();
1410
1411 if (c->display_usage)
1412 return net_ads_join_usage(c, argc, argv);
1413
1414 if (!modify_config) {
1415
1416 werr = check_ads_config();
1417 if (!W_ERROR_IS_OK(werr)) {
1418 d_fprintf(stderr, _("Invalid configuration. Exiting....\n"));
1419 goto fail;
1420 }
1421 }
1422
1423 if (!(ctx = talloc_init("net_ads_join"))) {
1424 d_fprintf(stderr, _("Could not initialise talloc context.\n"));
1425 werr = WERR_NOMEM;
1426 goto fail;
1427 }
1428
1429 if (!c->opt_kerberos) {
1430 use_in_memory_ccache();
1431 }
1432
1433 werr = libnet_init_JoinCtx(ctx, &r);
1434 if (!W_ERROR_IS_OK(werr)) {
1435 goto fail;
1436 }
1437
1438 /* process additional command line args */
1439
1440 for ( i=0; i<argc; i++ ) {
1441 if ( !strncasecmp_m(argv[i], "createupn", strlen("createupn")) ) {
1442 createupn = true;
1443 machineupn = get_string_param(argv[i]);
1444 }
1445 else if ( !strncasecmp_m(argv[i], "createcomputer", strlen("createcomputer")) ) {
1446 if ( (create_in_ou = get_string_param(argv[i])) == NULL ) {
1447 d_fprintf(stderr, _("Please supply a valid OU path.\n"));
1448 werr = WERR_INVALID_PARAM;
1449 goto fail;
1450 }
1451 }
1452 else if ( !strncasecmp_m(argv[i], "osName", strlen("osName")) ) {
1453 if ( (os_name = get_string_param(argv[i])) == NULL ) {
1454 d_fprintf(stderr, _("Please supply a operating system name.\n"));
1455 werr = WERR_INVALID_PARAM;
1456 goto fail;
1457 }
1458 }
1459 else if ( !strncasecmp_m(argv[i], "osVer", strlen("osVer")) ) {
1460 if ( (os_version = get_string_param(argv[i])) == NULL ) {
1461 d_fprintf(stderr, _("Please supply a valid operating system version.\n"));
1462 werr = WERR_INVALID_PARAM;
1463 goto fail;
1464 }
1465 }
1466 else {
1467 domain = argv[i];
1468 }
1469 }
1470
1471 if (!*domain) {
1472 d_fprintf(stderr, _("Please supply a valid domain name\n"));
1473 werr = WERR_INVALID_PARAM;
1474 goto fail;
1475 }
1476
1477 if (!c->msg_ctx) {
1478 d_fprintf(stderr, _("Could not initialise message context. "
1479 "Try running as root\n"));
1480 werr = WERR_ACCESS_DENIED;
1481 goto fail;
1482 }
1483
1484 /* Do the domain join here */
1485
1486 r->in.domain_name = domain;
1487 r->in.create_upn = createupn;
1488 r->in.upn = machineupn;
1489 r->in.account_ou = create_in_ou;
1490 r->in.os_name = os_name;
1491 r->in.os_version = os_version;
1492 r->in.dc_name = c->opt_host;
1493 r->in.admin_account = c->opt_user_name;
1494 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
1495 r->in.debug = true;
1496 r->in.use_kerberos = c->opt_kerberos;
1497 r->in.modify_config = modify_config;
1498 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
1499 WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
1500 WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
1501 r->in.msg_ctx = c->msg_ctx;
1502
1503 werr = libnet_Join(ctx, r);
1504 if (W_ERROR_EQUAL(werr, WERR_DCNOTFOUND) &&
1505 strequal(domain, lp_realm())) {
1506 r->in.domain_name = lp_workgroup();
1507 werr = libnet_Join(ctx, r);
1508 }
1509 if (!W_ERROR_IS_OK(werr)) {
1510 goto fail;
1511 }
1512
1513 /* Check the short name of the domain */
1514
1515 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
1516 d_printf(_("The workgroup in %s does not match the short\n"
1517 "domain name obtained from the server.\n"
1518 "Using the name [%s] from the server.\n"
1519 "You should set \"workgroup = %s\" in %s.\n"),
1520 get_dyn_CONFIGFILE(), r->out.netbios_domain_name,
1521 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
1522 }
1523
1524 d_printf(_("Using short domain name -- %s\n"), r->out.netbios_domain_name);
1525
1526 if (r->out.dns_domain_name) {
1527 d_printf(_("Joined '%s' to realm '%s'\n"), r->in.machine_name,
1528 r->out.dns_domain_name);
1529 } else {
1530 d_printf(_("Joined '%s' to domain '%s'\n"), r->in.machine_name,
1531 r->out.netbios_domain_name);
1532 }
1533
1534 /*
1535 * We try doing the dns update (if it was compiled in).
1536 * If the dns update fails, we still consider the join
1537 * operation as succeeded if we came this far.
1538 */
1539 _net_ads_join_dns_updates(ctx, r);
1540
1541 TALLOC_FREE(r);
1542 TALLOC_FREE( ctx );
1543
1544 return 0;
1545
1546 fail:
1547 /* issue an overall failure message at the end. */
1548 d_printf(_("Failed to join domain: %s\n"),
1549 r && r->out.error_string ? r->out.error_string :
1550 get_friendly_werror_msg(werr));
1551 TALLOC_FREE( ctx );
1552
1553 return -1;
1554 }
1555
1556 /*******************************************************************
1557 ********************************************************************/
1558
1559 static int net_ads_dns_register(struct net_context *c, int argc, const char **argv)
1560 {
1561 #if defined(WITH_DNS_UPDATES)
1562 ADS_STRUCT *ads;
1563 ADS_STATUS status;
1564 NTSTATUS ntstatus;
1565 TALLOC_CTX *ctx;
1566 const char *hostname = NULL;
1567 const char **addrs_list = NULL;
1568 struct sockaddr_storage *addrs = NULL;
1569 int num_addrs = 0;
1570 int count;
1571
1572 #ifdef DEVELOPER
1573 talloc_enable_leak_report();
1574 #endif
1575
1576 if (argc <= 1 && lp_clustering() && lp_cluster_addresses() == NULL) {
1577 d_fprintf(stderr, _("Refusing DNS updates with automatic "
1578 "detection of addresses in a clustered "
1579 "setup.\n"));
1580 c->display_usage = true;
1581 }
1582
1583 if (c->display_usage) {
1584 d_printf( "%s\n"
1585 "net ads dns register [hostname [IP [IP...]]]\n"
1586 " %s\n",
1587 _("Usage:"),
1588 _("Register hostname with DNS\n"));
1589 return -1;
1590 }
1591
1592 if (!(ctx = talloc_init("net_ads_dns"))) {
1593 d_fprintf(stderr, _("Could not initialise talloc context\n"));
1594 return -1;
1595 }
1596
1597 if (argc >= 1) {
1598 hostname = argv[0];
1599 }
1600
1601 if (argc > 1) {
1602 num_addrs = argc - 1;
1603 addrs_list = &argv[1];
1604 } else if (lp_clustering()) {
1605 addrs_list = lp_cluster_addresses();
1606 num_addrs = str_list_length(addrs_list);
1607 }
1608
1609 if (num_addrs > 0) {
1610 addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs);
1611 if (addrs == NULL) {
1612 d_fprintf(stderr, _("Error allocating memory!\n"));
1613 talloc_free(ctx);
1614 return -1;
1615 }
1616 }
1617
1618 for (count = 0; count < num_addrs; count++) {
1619 if (!interpret_string_addr(&addrs[count], addrs_list[count], 0)) {
1620 d_fprintf(stderr, "%s '%s'.\n",
1621 _("Cannot interpret address"),
1622 addrs_list[count]);
1623 talloc_free(ctx);
1624 return -1;
1625 }
1626 }
1627
1628 status = ads_startup(c, true, &ads);
1629 if ( !ADS_ERR_OK(status) ) {
1630 DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
1631 TALLOC_FREE(ctx);
1632 return -1;
1633 }
1634
1635 ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs);
1636 if (!NT_STATUS_IS_OK(ntstatus)) {
1637 d_fprintf( stderr, _("DNS update failed!\n") );
1638 ads_destroy( &ads );
1639 TALLOC_FREE( ctx );
1640 return -1;
1641 }
1642
1643 d_fprintf( stderr, _("Successfully registered hostname with DNS\n") );
1644
1645 ads_destroy(&ads);
1646 TALLOC_FREE( ctx );
1647
1648 return 0;
1649 #else
1650 d_fprintf(stderr,
1651 _("DNS update support not enabled at compile time!\n"));
1652 return -1;
1653 #endif
1654 }
1655
1656 #if defined(WITH_DNS_UPDATES)
1657 DNS_ERROR do_gethostbyname(const char *server, const char *host);
1658 #endif
1659
1660 static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv)
1661 {
1662 #if defined(WITH_DNS_UPDATES)
1663 DNS_ERROR err;
1664
1665 #ifdef DEVELOPER
1666 talloc_enable_leak_report();
1667 #endif
1668
1669 if (argc != 2 || c->display_usage) {
1670 d_printf( "%s\n"
1671 " %s\n"
1672 " %s\n",
1673 _("Usage:"),
1674 _("net ads dns gethostbyname <server> <name>\n"),
1675 _(" Look up hostname from the AD\n"
1676 " server\tName server to use\n"
1677 " name\tName to look up\n"));
1678 return -1;
1679 }
1680
1681 err = do_gethostbyname(argv[0], argv[1]);
1682
1683 d_printf(_("do_gethostbyname returned %s (%d)\n"),
1684 dns_errstr(err), ERROR_DNS_V(err));
1685 #endif
1686 return 0;
1687 }
1688
1689 static int net_ads_dns(struct net_context *c, int argc, const char *argv[])
1690 {
1691 struct functable func[] = {
1692 {
1693 "register",
1694 net_ads_dns_register,
1695 NET_TRANSPORT_ADS,
1696 N_("Add host dns entry to AD"),
1697 N_("net ads dns register\n"
1698 " Add host dns entry to AD")
1699 },
1700 {
1701 "gethostbyname",
1702 net_ads_dns_gethostbyname,
1703 NET_TRANSPORT_ADS,
1704 N_("Look up host"),
1705 N_("net ads dns gethostbyname\n"
1706 " Look up host")
1707 },
1708 {NULL, NULL, 0, NULL, NULL}
1709 };
1710
1711 return net_run_function(c, argc, argv, "net ads dns", func);
1712 }
1713
1714 /*******************************************************************
1715 ********************************************************************/
1716
1717 int net_ads_printer_usage(struct net_context *c, int argc, const char **argv)
1718 {
1719 d_printf(_(
1720 "\nnet ads printer search <printer>"
1721 "\n\tsearch for a printer in the directory\n"
1722 "\nnet ads printer info <printer> <server>"
1723 "\n\tlookup info in directory for printer on server"
1724 "\n\t(note: printer defaults to \"*\", server defaults to local)\n"
1725 "\nnet ads printer publish <printername>"
1726 "\n\tpublish printer in directory"
1727 "\n\t(note: printer name is required)\n"
1728 "\nnet ads printer remove <printername>"
1729 "\n\tremove printer from directory"
1730 "\n\t(note: printer name is required)\n"));
1731 return -1;
1732 }
1733
1734 /*******************************************************************
1735 ********************************************************************/
1736
1737 static int net_ads_printer_search(struct net_context *c, int argc, const char **argv)
1738 {
1739 ADS_STRUCT *ads;
1740 ADS_STATUS rc;
1741 LDAPMessage *res = NULL;
1742
1743 if (c->display_usage) {
1744 d_printf( "%s\n"
1745 "net ads printer search\n"
1746 " %s\n",
1747 _("Usage:"),
1748 _("List printers in the AD"));
1749 return 0;
1750 }
1751
1752 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
1753 return -1;
1754 }
1755
1756 rc = ads_find_printers(ads, &res);
1757
1758 if (!ADS_ERR_OK(rc)) {
1759 d_fprintf(stderr, _("ads_find_printer: %s\n"), ads_errstr(rc));
1760 ads_msgfree(ads, res);
1761 ads_destroy(&ads);
1762 return -1;
1763 }
1764
1765 if (ads_count_replies(ads, res) == 0) {
1766 d_fprintf(stderr, _("No results found\n"));
1767 ads_msgfree(ads, res);
1768 ads_destroy(&ads);
1769 return -1;
1770 }
1771
1772 ads_dump(ads, res);
1773 ads_msgfree(ads, res);
1774 ads_destroy(&ads);
1775 return 0;
1776 }
1777
1778 static int net_ads_printer_info(struct net_context *c, int argc, const char **argv)
1779 {
1780 ADS_STRUCT *ads;
1781 ADS_STATUS rc;
1782 const char *servername, *printername;
1783 LDAPMessage *res = NULL;
1784
1785 if (c->display_usage) {
1786 d_printf("%s\n%s",
1787 _("Usage:"),
1788 _("net ads printer info [printername [servername]]\n"
1789 " Display printer info from AD\n"
1790 " printername\tPrinter name or wildcard\n"
1791 " servername\tName of the print server\n"));
1792 return 0;
1793 }
1794
1795 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
1796 return -1;
1797 }
1798
1799 if (argc > 0) {
1800 printername = argv[0];
1801 } else {
1802 printername = "*";
1803 }
1804
1805 if (argc > 1) {
1806 servername = argv[1];
1807 } else {
1808 servername = lp_netbios_name();
1809 }
1810
1811 rc = ads_find_printer_on_server(ads, &res, printername, servername);
1812
1813 if (!ADS_ERR_OK(rc)) {
1814 d_fprintf(stderr, _("Server '%s' not found: %s\n"),
1815 servername, ads_errstr(rc));
1816 ads_msgfree(ads, res);
1817 ads_destroy(&ads);
1818 return -1;
1819 }
1820
1821 if (ads_count_replies(ads, res) == 0) {
1822 d_fprintf(stderr, _("Printer '%s' not found\n"), printername);
1823 ads_msgfree(ads, res);
1824 ads_destroy(&ads);
1825 return -1;
1826 }
1827
1828 ads_dump(ads, res);
1829 ads_msgfree(ads, res);
1830 ads_destroy(&ads);
1831
1832 return 0;
1833 }
1834
1835 static int net_ads_printer_publish(struct net_context *c, int argc, const char **argv)
1836 {
1837 ADS_STRUCT *ads;
1838 ADS_STATUS rc;
1839 const char *servername, *printername;
1840 struct cli_state *cli = NULL;
1841 struct rpc_pipe_client *pipe_hnd = NULL;
1842 struct sockaddr_storage server_ss;
1843 NTSTATUS nt_status;
1844 TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish");
1845 ADS_MODLIST mods = ads_init_mods(mem_ctx);
1846 char *prt_dn, *srv_dn, **srv_cn;
1847 char *srv_cn_escaped = NULL, *printername_escaped = NULL;
1848 LDAPMessage *res = NULL;
1849
1850 if (argc < 1 || c->display_usage) {
1851 d_printf("%s\n%s",
1852 _("Usage:"),
1853 _("net ads printer publish <printername> [servername]\n"
1854 " Publish printer in AD\n"
1855 " printername\tName of the printer\n"
1856 " servername\tName of the print server\n"));
1857 talloc_destroy(mem_ctx);
1858 return -1;
1859 }
1860
1861 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
1862 talloc_destroy(mem_ctx);
1863 return -1;
1864 }
1865
1866 printername = argv[0];
1867
1868 if (argc == 2) {
1869 servername = argv[1];
1870 } else {
1871 servername = lp_netbios_name();
1872 }
1873
1874 /* Get printer data from SPOOLSS */
1875
1876 resolve_name(servername, &server_ss, 0x20, false);
1877
1878 nt_status = cli_full_connection(&cli, lp_netbios_name(), servername,
1879 &server_ss, 0,
1880 "IPC$", "IPC",
1881 c->opt_user_name, c->opt_workgroup,
1882 c->opt_password ? c->opt_password : "",
1883 CLI_FULL_CONNECTION_USE_KERBEROS,
1884 SMB_SIGNING_DEFAULT);
1885
1886 if (NT_STATUS_IS_ERR(nt_status)) {
1887 d_fprintf(stderr, _("Unable to open a connection to %s to "
1888 "obtain data for %s\n"),
1889 servername, printername);
1890 ads_destroy(&ads);
1891 talloc_destroy(mem_ctx);
1892 return -1;
1893 }
1894
1895 /* Publish on AD server */
1896
1897 ads_find_machine_acct(ads, &res, servername);
1898
1899 if (ads_count_replies(ads, res) == 0) {
1900 d_fprintf(stderr, _("Could not find machine account for server "
1901 "%s\n"),
1902 servername);
1903 ads_destroy(&ads);
1904 talloc_destroy(mem_ctx);
1905 return -1;
1906 }
1907
1908 srv_dn = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
1909 srv_cn = ldap_explode_dn(srv_dn, 1);
1910
1911 srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn[0]);
1912 printername_escaped = escape_rdn_val_string_alloc(printername);
1913 if (!srv_cn_escaped || !printername_escaped) {
1914 SAFE_FREE(srv_cn_escaped);
1915 SAFE_FREE(printername_escaped);
1916 d_fprintf(stderr, _("Internal error, out of memory!"));
1917 ads_destroy(&ads);
1918 talloc_destroy(mem_ctx);
1919 return -1;
1920 }
1921
1922 if (asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn) == -1) {
1923 SAFE_FREE(srv_cn_escaped);
1924 SAFE_FREE(printername_escaped);
1925 d_fprintf(stderr, _("Internal error, out of memory!"));
1926 ads_destroy(&ads);
1927 talloc_destroy(mem_ctx);
1928 return -1;
1929 }
1930
1931 SAFE_FREE(srv_cn_escaped);
1932 SAFE_FREE(printername_escaped);
1933
1934 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_spoolss.syntax_id, &pipe_hnd);
1935 if (!NT_STATUS_IS_OK(nt_status)) {
1936 d_fprintf(stderr, _("Unable to open a connection to the spoolss pipe on %s\n"),
1937 servername);
1938 SAFE_FREE(prt_dn);
1939 ads_destroy(&ads);
1940 talloc_destroy(mem_ctx);
1941 return -1;
1942 }
1943
1944 if (!W_ERROR_IS_OK(get_remote_printer_publishing_data(pipe_hnd, mem_ctx, &mods,
1945 printername))) {
1946 SAFE_FREE(prt_dn);
1947 ads_destroy(&ads);
1948 talloc_destroy(mem_ctx);
1949 return -1;
1950 }
1951
1952 rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods);
1953 if (!ADS_ERR_OK(rc)) {
1954 d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc));
1955 SAFE_FREE(prt_dn);
1956 ads_destroy(&ads);
1957 talloc_destroy(mem_ctx);
1958 return -1;
1959 }
1960
1961 d_printf("published printer\n");
1962 SAFE_FREE(prt_dn);
1963 ads_destroy(&ads);
1964 talloc_destroy(mem_ctx);
1965
1966 return 0;
1967 }
1968
1969 static int net_ads_printer_remove(struct net_context *c, int argc, const char **argv)
1970 {
1971 ADS_STRUCT *ads;
1972 ADS_STATUS rc;
1973 const char *servername;
1974 char *prt_dn;
1975 LDAPMessage *res = NULL;
1976
1977 if (argc < 1 || c->display_usage) {
1978 d_printf("%s\n%s",
1979 _("Usage:"),
1980 _("net ads printer remove <printername> [servername]\n"
1981 " Remove a printer from the AD\n"
1982 " printername\tName of the printer\n"
1983 " servername\tName of the print server\n"));
1984 return -1;
1985 }
1986
1987 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
1988 return -1;
1989 }
1990
1991 if (argc > 1) {
1992 servername = argv[1];
1993 } else {
1994 servername = lp_netbios_name();
1995 }
1996
1997 rc = ads_find_printer_on_server(ads, &res, argv[0], servername);
1998
1999 if (!ADS_ERR_OK(rc)) {
2000 d_fprintf(stderr, _("ads_find_printer_on_server: %s\n"), ads_errstr(rc));
2001 ads_msgfree(ads, res);
2002 ads_destroy(&ads);
2003 return -1;
2004 }
2005
2006 if (ads_count_replies(ads, res) == 0) {
2007 d_fprintf(stderr, _("Printer '%s' not found\n"), argv[1]);
2008 ads_msgfree(ads, res);
2009 ads_destroy(&ads);
2010 return -1;
2011 }
2012
2013 prt_dn = ads_get_dn(ads, talloc_tos(), res);
2014 ads_msgfree(ads, res);
2015 rc = ads_del_dn(ads, prt_dn);
2016 TALLOC_FREE(prt_dn);
2017
2018 if (!ADS_ERR_OK(rc)) {
2019 d_fprintf(stderr, _("ads_del_dn: %s\n"), ads_errstr(rc));
2020 ads_destroy(&ads);
2021 return -1;
2022 }
2023
2024 ads_destroy(&ads);
2025 return 0;
2026 }
2027
2028 static int net_ads_printer(struct net_context *c, int argc, const char **argv)
2029 {
2030 struct functable func[] = {
2031 {
2032 "search",
2033 net_ads_printer_search,
2034 NET_TRANSPORT_ADS,
2035 N_("Search for a printer"),
2036 N_("net ads printer search\n"
2037 " Search for a printer")
2038 },
2039 {
2040 "info",
2041 net_ads_printer_info,
2042 NET_TRANSPORT_ADS,
2043 N_("Display printer information"),
2044 N_("net ads printer info\n"
2045 " Display printer information")
2046 },
2047 {
2048 "publish",
2049 net_ads_printer_publish,
2050 NET_TRANSPORT_ADS,
2051 N_("Publish a printer"),
2052 N_("net ads printer publish\n"
2053 " Publish a printer")
2054 },
2055 {
2056 "remove",
2057 net_ads_printer_remove,
2058 NET_TRANSPORT_ADS,
2059 N_("Delete a printer"),
2060 N_("net ads printer remove\n"
2061 " Delete a printer")
2062 },
2063 {NULL, NULL, 0, NULL, NULL}
2064 };
2065
2066 return net_run_function(c, argc, argv, "net ads printer", func);
2067 }
2068
2069
2070 static int net_ads_password(struct net_context *c, int argc, const char **argv)
2071 {
2072 ADS_STRUCT *ads;
2073 const char *auth_principal = c->opt_user_name;
2074 const char *auth_password = c->opt_password;
2075 const char *realm = NULL;
2076 const char *new_password = NULL;
2077 char *chr, *prompt;
2078 const char *user;
2079 ADS_STATUS ret;
2080
2081 if (c->display_usage) {
2082 d_printf("%s\n%s",
2083 _("Usage:"),
2084 _("net ads password <username>\n"
2085 " Change password for user\n"
2086 " username\tName of user to change password for\n"));
2087 return 0;
2088 }
2089
2090 if (c->opt_user_name == NULL || c->opt_password == NULL) {
2091 d_fprintf(stderr, _("You must supply an administrator "
2092 "username/password\n"));
2093 return -1;
2094 }
2095
2096 if (argc < 1) {
2097 d_fprintf(stderr, _("ERROR: You must say which username to "
2098 "change password for\n"));
2099 return -1;
2100 }
2101
2102 user = argv[0];
2103 if (!strchr_m(user, '@')) {
2104 if (asprintf(&chr, "%s@%s", argv[0], lp_realm()) == -1) {
2105 return -1;
2106 }
2107 user = chr;
2108 }
2109
2110 use_in_memory_ccache();
2111 chr = strchr_m(auth_principal, '@');
2112 if (chr) {
2113 realm = ++chr;
2114 } else {
2115 realm = lp_realm();
2116 }
2117
2118 /* use the realm so we can eventually change passwords for users
2119 in realms other than default */
2120 if (!(ads = ads_init(realm, c->opt_workgroup, c->opt_host))) {
2121 return -1;
2122 }
2123
2124 /* we don't actually need a full connect, but it's the easy way to
2125 fill in the KDC's addresss */
2126 ads_connect(ads);
2127
2128 if (!ads->config.realm) {
2129 d_fprintf(stderr, _("Didn't find the kerberos server!\n"));
2130 ads_destroy(&ads);
2131 return -1;
2132 }
2133
2134 if (argv[1]) {
2135 new_password = (const char *)argv[1];
2136 } else {
2137 if (asprintf(&prompt, _("Enter new password for %s:"), user) == -1) {
2138 return -1;
2139 }
2140 new_password = getpass(prompt);
2141 free(prompt);
2142 }
2143
2144 ret = kerberos_set_password(ads->auth.kdc_server, auth_principal,
2145 auth_password, user, new_password, ads->auth.time_offset);
2146 if (!ADS_ERR_OK(ret)) {
2147 d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
2148 ads_destroy(&ads);
2149 return -1;
2150 }
2151
2152 d_printf(_("Password change for %s completed.\n"), user);
2153 ads_destroy(&ads);
2154
2155 return 0;
2156 }
2157
2158 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
2159 {
2160 ADS_STRUCT *ads;
2161 char *host_principal;
2162 fstring my_name;
2163 ADS_STATUS ret;
2164
2165 if (c->display_usage) {
2166 d_printf( "%s\n"
2167 "net ads changetrustpw\n"
2168 " %s\n",
2169 _("Usage:"),
2170 _("Change the machine account's trust password"));
2171 return 0;
2172 }
2173
2174 if (!secrets_init()) {
2175 DEBUG(1,("Failed to initialise secrets database\n"));
2176 return -1;
2177 }
2178
2179 net_use_krb_machine_account(c);
2180
2181 use_in_memory_ccache();
2182
2183 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2184 return -1;
2185 }
2186
2187 fstrcpy(my_name, lp_netbios_name());
2188 strlower_m(my_name);
2189 if (asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm) == -1) {
2190 ads_destroy(&ads);
2191 return -1;
2192 }
2193 d_printf(_("Changing password for principal: %s\n"), host_principal);
2194
2195 ret = ads_change_trust_account_password(ads, host_principal);
2196
2197 if (!ADS_ERR_OK(ret)) {
2198 d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
2199 ads_destroy(&ads);
2200 SAFE_FREE(host_principal);
2201 return -1;
2202 }
2203
2204 d_printf(_("Password change for principal %s succeeded.\n"), host_principal);
2205
2206 if (USE_SYSTEM_KEYTAB) {
2207 d_printf(_("Attempting to update system keytab with new password.\n"));
2208 if (ads_keytab_create_default(ads)) {
2209 d_printf(_("Failed to update system keytab.\n"));
2210 }
2211 }
2212
2213 ads_destroy(&ads);
2214 SAFE_FREE(host_principal);
2215
2216 return 0;
2217 }
2218
2219 /*
2220 help for net ads search
2221 */
2222 static int net_ads_search_usage(struct net_context *c, int argc, const char **argv)
2223 {
2224 d_printf(_(
2225 "\nnet ads search <expression> <attributes...>\n"
2226 "\nPerform a raw LDAP search on a ADS server and dump the results.\n"
2227 "The expression is a standard LDAP search expression, and the\n"
2228 "attributes are a list of LDAP fields to show in the results.\n\n"
2229 "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n"
2230 ));
2231 net_common_flags_usage(c, argc, argv);
2232 return -1;
2233 }
2234
2235
2236 /*
2237 general ADS search function. Useful in diagnosing problems in ADS
2238 */
2239 static int net_ads_search(struct net_context *c, int argc, const char **argv)
2240 {
2241 ADS_STRUCT *ads;
2242 ADS_STATUS rc;
2243 const char *ldap_exp;
2244 const char **attrs;
2245 LDAPMessage *res = NULL;
2246
2247 if (argc < 1 || c->display_usage) {
2248 return net_ads_search_usage(c, argc, argv);
2249 }
2250
2251 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2252 return -1;
2253 }
2254
2255 ldap_exp = argv[0];
2256 attrs = (argv + 1);
2257
2258 rc = ads_do_search_retry(ads, ads->config.bind_path,
2259 LDAP_SCOPE_SUBTREE,
2260 ldap_exp, attrs, &res);
2261 if (!ADS_ERR_OK(rc)) {
2262 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2263 ads_destroy(&ads);
2264 return -1;
2265 }
2266
2267 d_printf(_("Got %d replies\n\n"), ads_count_replies(ads, res));
2268
2269 /* dump the results */
2270 ads_dump(ads, res);
2271
2272 ads_msgfree(ads, res);
2273 ads_destroy(&ads);
2274
2275 return 0;
2276 }
2277
2278
2279 /*
2280 help for net ads search
2281 */
2282 static int net_ads_dn_usage(struct net_context *c, int argc, const char **argv)
2283 {
2284 d_printf(_(
2285 "\nnet ads dn <dn> <attributes...>\n"
2286 "\nperform a raw LDAP search on a ADS server and dump the results\n"
2287 "The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"
2288 "to show in the results\n\n"
2289 "Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n"
2290 "Note: the DN must be provided properly escaped. See RFC 4514 for details\n\n"
2291 ));
2292 net_common_flags_usage(c, argc, argv);
2293 return -1;
2294 }
2295
2296
2297 /*
2298 general ADS search function. Useful in diagnosing problems in ADS
2299 */
2300 static int net_ads_dn(struct net_context *c, int argc, const char **argv)
2301 {
2302 ADS_STRUCT *ads;
2303 ADS_STATUS rc;
2304 const char *dn;
2305 const char **attrs;
2306 LDAPMessage *res = NULL;
2307
2308 if (argc < 1 || c->display_usage) {
2309 return net_ads_dn_usage(c, argc, argv);
2310 }
2311
2312 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2313 return -1;
2314 }
2315
2316 dn = argv[0];
2317 attrs = (argv + 1);
2318
2319 rc = ads_do_search_all(ads, dn,
2320 LDAP_SCOPE_BASE,
2321 "(objectclass=*)", attrs, &res);
2322 if (!ADS_ERR_OK(rc)) {
2323 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2324 ads_destroy(&ads);
2325 return -1;
2326 }
2327
2328 d_printf("Got %d replies\n\n", ads_count_replies(ads, res));
2329
2330 /* dump the results */
2331 ads_dump(ads, res);
2332
2333 ads_msgfree(ads, res);
2334 ads_destroy(&ads);
2335
2336 return 0;
2337 }
2338
2339 /*
2340 help for net ads sid search
2341 */
2342 static int net_ads_sid_usage(struct net_context *c, int argc, const char **argv)
2343 {
2344 d_printf(_(
2345 "\nnet ads sid <sid> <attributes...>\n"
2346 "\nperform a raw LDAP search on a ADS server and dump the results\n"
2347 "The SID is in string format, and the attributes are a list of LDAP fields \n"
2348 "to show in the results\n\n"
2349 "Example: net ads sid 'S-1-5-32' distinguishedName\n\n"
2350 ));
2351 net_common_flags_usage(c, argc, argv);
2352 return -1;
2353 }
2354
2355
2356 /*
2357 general ADS search function. Useful in diagnosing problems in ADS
2358 */
2359 static int net_ads_sid(struct net_context *c, int argc, const char **argv)
2360 {
2361 ADS_STRUCT *ads;
2362 ADS_STATUS rc;
2363 const char *sid_string;
2364 const char **attrs;
2365 LDAPMessage *res = NULL;
2366 struct dom_sid sid;
2367
2368 if (argc < 1 || c->display_usage) {
2369 return net_ads_sid_usage(c, argc, argv);
2370 }
2371
2372 if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
2373 return -1;
2374 }
2375
2376 sid_string = argv[0];
2377 attrs = (argv + 1);
2378
2379 if (!string_to_sid(&sid, sid_string)) {
2380 d_fprintf(stderr, _("could not convert sid\n"));
2381 ads_destroy(&ads);
2382 return -1;
2383 }
2384
2385 rc = ads_search_retry_sid(ads, &res, &sid, attrs);
2386 if (!ADS_ERR_OK(rc)) {
2387 d_fprintf(stderr, _("search failed: %s\n"), ads_errstr(rc));
2388 ads_destroy(&ads);
2389 return -1;
2390 }
2391
2392 d_printf(_("Got %d replies\n\n"), ads_count_replies(ads, res));
2393
2394 /* dump the results */
2395 ads_dump(ads, res);
2396
2397 ads_msgfree(ads, res);
2398 ads_destroy(&ads);
2399
2400 return 0;
2401 }
2402
2403 static int net_ads_keytab_flush(struct net_context *c, int argc, const char **argv)
2404 {
2405 int ret;
2406 ADS_STRUCT *ads;
2407
2408 if (c->display_usage) {
2409 d_printf( "%s\n"
2410 "net ads keytab flush\n"
2411 " %s\n",
2412 _("Usage:"),
2413 _("Delete the whole keytab"));
2414 return 0;
2415 }
2416
2417 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2418 return -1;
2419 }
2420 ret = ads_keytab_flush(ads);
2421 ads_destroy(&ads);
2422 return ret;
2423 }
2424
2425 static int net_ads_keytab_add(struct net_context *c, int argc, const char **argv)
2426 {
2427 int i;
2428 int ret = 0;
2429 ADS_STRUCT *ads;
2430
2431 if (c->display_usage) {
2432 d_printf("%s\n%s",
2433 _("Usage:"),
2434 _("net ads keytab add <principal> [principal ...]\n"
2435 " Add principals to local keytab\n"
2436 " principal\tKerberos principal to add to "
2437 "keytab\n"));
2438 return 0;
2439 }
2440
2441 d_printf(_("Processing principals to add...\n"));
2442 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2443 return -1;
2444 }
2445 for (i = 0; i < argc; i++) {
2446 ret |= ads_keytab_add_entry(ads, argv[i]);
2447 }
2448 ads_destroy(&ads);
2449 return ret;
2450 }
2451
2452 static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv)
2453 {
2454 ADS_STRUCT *ads;
2455 int ret;
2456
2457 if (c->display_usage) {
2458 d_printf( "%s\n"
2459 "net ads keytab create\n"
2460 " %s\n",
2461 _("Usage:"),
2462 _("Create new default keytab"));
2463 return 0;
2464 }
2465
2466 if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
2467 return -1;
2468 }
2469 ret = ads_keytab_create_default(ads);
2470 ads_destroy(&ads);
2471 return ret;
2472 }
2473
2474 static int net_ads_keytab_list(struct net_context *c, int argc, const char **argv)
2475 {
2476 const char *keytab = NULL;
2477
2478 if (c->display_usage) {
2479 d_printf("%s\n%s",
2480 _("Usage:"),
2481 _("net ads keytab list [keytab]\n"
2482 " List a local keytab\n"
2483 " keytab\tKeytab to list\n"));
2484 return 0;
2485 }
2486
2487 if (argc >= 1) {
2488 keytab = argv[0];
2489 }
2490
2491 return ads_keytab_list(keytab);
2492 }
2493
2494
2495 int net_ads_keytab(struct net_context *c, int argc, const char **argv)
2496 {
2497 struct functable func[] = {
2498 {
2499 "add",
2500 net_ads_keytab_add,
2501 NET_TRANSPORT_ADS,
2502 N_("Add a service principal"),
2503 N_("net ads keytab add\n"
2504 " Add a service principal")
2505 },
2506 {
2507 "create",
2508 net_ads_keytab_create,
2509 NET_TRANSPORT_ADS,
2510 N_("Create a fresh keytab"),
2511 N_("net ads keytab create\n"
2512 " Create a fresh keytab")
2513 },
2514 {
2515 "flush",
2516 net_ads_keytab_flush,
2517 NET_TRANSPORT_ADS,
2518 N_("Remove all keytab entries"),
2519 N_("net ads keytab flush\n"
2520 " Remove all keytab entries")
2521 },
2522 {
2523 "list",
2524 net_ads_keytab_list,
2525 NET_TRANSPORT_ADS,
2526 N_("List a keytab"),
2527 N_("net ads keytab list\n"
2528 " List a keytab")
2529 },
2530 {NULL, NULL, 0, NULL, NULL}
2531 };
2532
2533 if (!USE_KERBEROS_KEYTAB) {
2534 d_printf(_("\nWarning: \"kerberos method\" must be set to a "
2535 "keytab method to use keytab functions.\n"));
2536 }
2537
2538 return net_run_function(c, argc, argv, "net ads keytab", func);
2539 }
2540
2541 static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **argv)
2542 {
2543 int ret = -1;
2544
2545 if (c->display_usage) {
2546 d_printf( "%s\n"
2547 "net ads kerberos renew\n"
2548 " %s\n",
2549 _("Usage:"),
2550 _("Renew TGT from existing credential cache"));
2551 return 0;
2552 }
2553
2554 ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL);
2555 if (ret) {
2556 d_printf(_("failed to renew kerberos ticket: %s\n"),
2557 error_message(ret));
2558 }
2559 return ret;
2560 }
2561
2562 static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
2563 {
2564 struct PAC_LOGON_INFO *info = NULL;
2565 TALLOC_CTX *mem_ctx = NULL;
2566 NTSTATUS status;
2567 int ret = -1;
2568 const char *impersonate_princ_s = NULL;
2569
2570 if (c->display_usage) {
2571 d_printf( "%s\n"
2572 "net ads kerberos pac\n"
2573 " %s\n",
2574 _("Usage:"),
2575 _("Dump the Kerberos PAC"));
2576 return 0;
2577 }
2578
2579 mem_ctx = talloc_init("net_ads_kerberos_pac");
2580 if (!mem_ctx) {
2581 goto out;
2582 }
2583
2584 if (argc > 0) {
2585 impersonate_princ_s = argv[0];
2586 }
2587
2588 c->opt_password = net_prompt_pass(c, c->opt_user_name);
2589
2590 status = kerberos_return_pac(mem_ctx,
2591 c->opt_user_name,
2592 c->opt_password,
2593 0,
2594 NULL,
2595 NULL,
2596 NULL,
2597 true,
2598 true,
2599 2592000, /* one month */
2600 impersonate_princ_s,
2601 &info);
2602 if (!NT_STATUS_IS_OK(status)) {
2603 d_printf(_("failed to query kerberos PAC: %s\n"),
2604 nt_errstr(status));
2605 goto out;
2606 }
2607
2608 if (info) {
2609 const char *s;
2610 s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
2611 d_printf(_("The Pac: %s\n"), s);
2612 }
2613
2614 ret = 0;
2615 out:
2616 TALLOC_FREE(mem_ctx);
2617 return ret;
2618 }
2619
2620 static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
2621 {
2622 TALLOC_CTX *mem_ctx = NULL;
2623 int ret = -1;
2624 NTSTATUS status;
2625
2626 if (c->display_usage) {
2627 d_printf( "%s\n"
2628 "net ads kerberos kinit\n"
2629 " %s\n",
2630 _("Usage:"),
2631 _("Get Ticket Granting Ticket (TGT) for the user"));
2632 return 0;
2633 }
2634
2635 mem_ctx = talloc_init("net_ads_kerberos_kinit");
2636 if (!mem_ctx) {
2637 goto out;
2638 }
2639
2640 c->opt_password = net_prompt_pass(c, c->opt_user_name);
2641
2642 ret = kerberos_kinit_password_ext(c->opt_user_name,
2643 c->opt_password,
2644 0,
2645 NULL,
2646 NULL,
2647 NULL,
2648 true,
2649 true,
2650 2592000, /* one month */
2651 &status);
2652 if (ret) {
2653 d_printf(_("failed to kinit password: %s\n"),
2654 nt_errstr(status));
2655 }
2656 out:
2657 return ret;
2658 }
2659
2660 int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
2661 {
2662 struct functable func[] = {
2663 {
2664 "kinit",
2665 net_ads_kerberos_kinit,
2666 NET_TRANSPORT_ADS,
2667 N_("Retrieve Ticket Granting Ticket (TGT)"),
2668 N_("net ads kerberos kinit\n"
2669 " Receive Ticket Granting Ticket (TGT)")
2670 },
2671 {
2672 "renew",
2673 net_ads_kerberos_renew,
2674 NET_TRANSPORT_ADS,
2675 N_("Renew Ticket Granting Ticket from credential cache"),
2676 N_("net ads kerberos renew\n"
2677 " Renew Ticket Granting Ticket (TGT) from "
2678 "credential cache")
2679 },
2680 {
2681 "pac",
2682 net_ads_kerberos_pac,
2683 NET_TRANSPORT_ADS,
2684 N_("Dump Kerberos PAC"),
2685 N_("net ads kerberos pac\n"
2686 " Dump Kerberos PAC")
2687 },
2688 {NULL, NULL, 0, NULL, NULL}
2689 };
2690
2691 return net_run_function(c, argc, argv, "net ads kerberos", func);
2692 }
2693
2694 int net_ads(struct net_context *c, int argc, const char **argv)
2695 {
2696 struct functable func[] = {
2697 {
2698 "info",
2699 net_ads_info,
2700 NET_TRANSPORT_ADS,
2701 N_("Display details on remote ADS server"),
2702 N_("net ads info\n"
2703 " Display details on remote ADS server")
2704 },
2705 {
2706 "join",
2707 net_ads_join,
2708 NET_TRANSPORT_ADS,
2709 N_("Join the local machine to ADS realm"),
2710 N_("net ads join\n"
2711 " Join the local machine to ADS realm")
2712 },
2713 {
2714 "testjoin",
2715 net_ads_testjoin,
2716 NET_TRANSPORT_ADS,
2717 N_("Validate machine account"),
2718 N_("net ads testjoin\n"
2719 " Validate machine account")
2720 },
2721 {
2722 "leave",
2723 net_ads_leave,
2724 NET_TRANSPORT_ADS,
2725 N_("Remove the local machine from ADS"),
2726 N_("net ads leave\n"
2727 " Remove the local machine from ADS")
2728 },
2729 {
2730 "status",
2731 net_ads_status,
2732 NET_TRANSPORT_ADS,
2733 N_("Display machine account details"),
2734 N_("net ads status\n"
2735 " Display machine account details")
2736 },
2737 {
2738 "user",
2739 net_ads_user,
2740 NET_TRANSPORT_ADS,
2741 N_("List/modify users"),
2742 N_("net ads user\n"
2743 " List/modify users")
2744 },
2745 {
2746 "group",
2747 net_ads_group,
2748 NET_TRANSPORT_ADS,
2749 N_("List/modify groups"),
2750 N_("net ads group\n"
2751 " List/modify groups")
2752 },
2753 {
2754 "dns",
2755 net_ads_dns,
2756 NET_TRANSPORT_ADS,
2757 N_("Issue dynamic DNS update"),
2758 N_("net ads dns\n"
2759 " Issue dynamic DNS update")
2760 },
2761 {
2762 "password",
2763 net_ads_password,
2764 NET_TRANSPORT_ADS,
2765 N_("Change user passwords"),
2766 N_("net ads password\n"
2767 " Change user passwords")
2768 },
2769 {
2770 "changetrustpw",
2771 net_ads_changetrustpw,
2772 NET_TRANSPORT_ADS,
2773 N_("Change trust account password"),
2774 N_("net ads changetrustpw\n"
2775 " Change trust account password")
2776 },
2777 {
2778 "printer",
2779 net_ads_printer,
2780 NET_TRANSPORT_ADS,
2781 N_("List/modify printer entries"),
2782 N_("net ads printer\n"
2783 " List/modify printer entries")
2784 },
2785 {
2786 "search",
2787 net_ads_search,
2788 NET_TRANSPORT_ADS,
2789 N_("Issue LDAP search using filter"),
2790 N_("net ads search\n"
2791 " Issue LDAP search using filter")
2792 },
2793 {
2794 "dn",
2795 net_ads_dn,
2796 NET_TRANSPORT_ADS,
2797 N_("Issue LDAP search by DN"),
2798 N_("net ads dn\n"
2799 " Issue LDAP search by DN")
2800 },
2801 {
2802 "sid",
2803 net_ads_sid,
2804 NET_TRANSPORT_ADS,
2805 N_("Issue LDAP search by SID"),
2806 N_("net ads sid\n"
2807 " Issue LDAP search by SID")
2808 },
2809 {
2810 "workgroup",
2811 net_ads_workgroup,
2812 NET_TRANSPORT_ADS,
2813 N_("Display workgroup name"),
2814 N_("net ads workgroup\n"
2815 " Display the workgroup name")
2816 },
2817 {
2818 "lookup",
2819 net_ads_lookup,
2820 NET_TRANSPORT_ADS,
2821 N_("Perfom CLDAP query on DC"),
2822 N_("net ads lookup\n"
2823 " Find the ADS DC using CLDAP lookups")
2824 },
2825 {
2826 "keytab",
2827 net_ads_keytab,
2828 NET_TRANSPORT_ADS,
2829 N_("Manage local keytab file"),
2830 N_("net ads keytab\n"
2831 " Manage local keytab file")
2832 },
2833 {
2834 "gpo",
2835 net_ads_gpo,
2836 NET_TRANSPORT_ADS,
2837 N_("Manage group policy objects"),
2838 N_("net ads gpo\n"
2839 " Manage group policy objects")
2840 },
2841 {
2842 "kerberos",
2843 net_ads_kerberos,
2844 NET_TRANSPORT_ADS,
2845 N_("Manage kerberos keytab"),
2846 N_("net ads kerberos\n"
2847 " Manage kerberos keytab")
2848 },
2849 {NULL, NULL, 0, NULL, NULL}
2850 };
2851
2852 return net_run_function(c, argc, argv, "net ads", func);
2853 }
2854
2855 #else
2856
2857 static int net_ads_noads(void)
2858 {
2859 d_fprintf(stderr, _("ADS support not compiled in\n"));
2860 return -1;
2861 }
2862
2863 int net_ads_keytab(struct net_context *c, int argc, const char **argv)
2864 {
2865 return net_ads_noads();
2866 }
2867
2868 int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
2869 {
2870 return net_ads_noads();
2871 }
2872
2873 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
2874 {
2875 return net_ads_noads();
2876 }
2877
2878 int net_ads_join(struct net_context *c, int argc, const char **argv)
2879 {
2880 return net_ads_noads();
2881 }
2882
2883 int net_ads_user(struct net_context *c, int argc, const char **argv)
2884 {
2885 return net_ads_noads();
2886 }
2887
2888 int net_ads_group(struct net_context *c, int argc, const char **argv)
2889 {
2890 return net_ads_noads();
2891 }
2892
2893 int net_ads_gpo(struct net_context *c, int argc, const char **argv)
2894 {
2895 return net_ads_noads();
2896 }
2897
2898 /* this one shouldn't display a message */
2899 int net_ads_check(struct net_context *c)
2900 {
2901 return -1;
2902 }
2903
2904 int net_ads_check_our_domain(struct net_context *c)
2905 {
2906 return -1;
2907 }
2908
2909 int net_ads(struct net_context *c, int argc, const char **argv)
2910 {
2911 return net_ads_noads();
2912 }
2913
2914 #endif /* HAVE_ADS */
reg import