Beispiel #1
0
static int net_changesecretpw(struct net_context *c, int argc,
			      const char **argv)
{
        char *trust_pw;
        enum netr_SchannelType sec_channel_type = SEC_CHAN_WKSTA;

	if(c->opt_force) {
		if (c->opt_stdin) {
			set_line_buffering(stdin);
			set_line_buffering(stdout);
			set_line_buffering(stderr);
		}

		trust_pw = get_pass(_("Enter machine password: "******"Unable to write the machine account password in the secrets database"));
			    return 1;
		}
		else {
		    d_printf(_("Modified trust account password in secrets database\n"));
		}
	}
	else {
		d_printf(_("Machine account password change requires the -f flag.\n"
			   "Do NOT use this function unless you know what it does!\n"
		           "This function will change the ADS Domain member "
			   "machine account password in the secrets.tdb file!\n"));
	}

        return 0;
}
Beispiel #2
0
static int process_options(int argc, char **argv, int local_flags)
{
	int ch;
	pstring configfile;
	pstrcpy(configfile, dyn_CONFIGFILE);

	local_flags |= LOCAL_SET_PASSWORD;

	ZERO_STRUCT(user_name);

	user_name[0] = '\0';

	while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
		switch(ch) {
		case 'L':
#if !defined(DEVELOPER)
			if (getuid() != 0) {
				fprintf(stderr, "smbpasswd -L can only be used by root.\n");
				exit(1);
			}
#endif
			local_flags |= LOCAL_AM_ROOT;
			break;
		case 'c':
			pstrcpy(configfile,optarg);
			break;
		case 'a':
			local_flags |= LOCAL_ADD_USER;
			break;
		case 'x':
			local_flags |= LOCAL_DELETE_USER;
			local_flags &= ~LOCAL_SET_PASSWORD;
			break;
		case 'd':
			local_flags |= LOCAL_DISABLE_USER;
			local_flags &= ~LOCAL_SET_PASSWORD;
			break;
		case 'e':
			local_flags |= LOCAL_ENABLE_USER;
			local_flags &= ~LOCAL_SET_PASSWORD;
			break;
		case 'm':
			local_flags |= LOCAL_TRUST_ACCOUNT;
			break;
		case 'i':
			local_flags |= LOCAL_INTERDOM_ACCOUNT;
			break;
		case 'j':
			d_printf("See 'net join' for this functionality\n");
			exit(1);
			break;
		case 'n':
			local_flags |= LOCAL_SET_NO_PASSWORD;
			local_flags &= ~LOCAL_SET_PASSWORD;
			new_passwd = smb_xstrdup("NO PASSWORD");
			break;
		case 'r':
			remote_machine = optarg;
			break;
		case 's':
			set_line_buffering(stdin);
			set_line_buffering(stdout);
			set_line_buffering(stderr);
			stdin_passwd_get = True;
			break;
		case 'w':
			local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
			fstrcpy(ldap_secret, optarg);
			break;
		case 'R':
			lp_set_name_resolve_order(optarg);
			break;
		case 'D':
			DEBUGLEVEL = atoi(optarg);
			break;
		case 'U': {
			got_username = True;
			fstrcpy(user_name, optarg);
			break;
		case 'W':
			local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
			*ldap_secret = '\0';
			break;
		}
		case 'h':
		default:
			usage();
		}
	}
	
	argc -= optind;
	argv += optind;

	switch(argc) {
	case 0:
		if (!got_username)
			fstrcpy(user_name, "");
		break;
	case 1:
		if (!(local_flags & LOCAL_AM_ROOT)) {
			usage();
		} else {
			if (got_username) {
				usage();
			} else {
				fstrcpy(user_name, argv[0]);
			}
		}
		break;
	default:
		usage();
	}

	if (!lp_load(configfile,True,False,False,True)) {
		fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
			configfile);
		exit(1);
	}

	return local_flags;
}
Beispiel #3
0
/*******************************************************************
 Process command line options
 ******************************************************************/
static void process_options(int argc, char **argv, BOOL amroot)
{
	int ch;
	DOM_SID dom_sid;
	fstring sid_str;

	user_name[0] = '\0';

	while ((ch = getopt(argc, argv, "c:axdehmnj:t:r:sw:R:D:U:LSW:X:")) != EOF) {
		switch(ch) {
		case 'L':
			local_mode = amroot = True;
			break;
		case 'c':
			pstrcpy(servicesf,optarg);
			break;
		case 'a':
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_ADD_USER;
			break;
		case 'x':
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_DELETE_USER;
			new_passwd = strdup_x("XXXXXX");
			break;
		case 'd':
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_DISABLE_USER;
			new_passwd = strdup_x("XXXXXX");
			break;
		case 'e':
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_ENABLE_USER;
			break;
		case 'm':
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_TRUST_ACCOUNT;
			break;
		case 'n':
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_SET_NO_PASSWORD;
			new_passwd = strdup_x("NO PASSWORD");
			break;
		case 'j':
			if (!amroot) goto bad_args;
			new_domain = optarg;
			strupper(new_domain);
			joining_domain = True;
			break;
                case 't':
                        if (!amroot) goto bad_args;
                        new_domain = optarg;
                        strupper(new_domain);
			changing_trust_pw = True;
                        break;
		case 'r':
			remote_machine = optarg;
			break;
		case 'S': 
			if (!amroot) goto bad_args;
			local_flags |= LOCAL_GET_DOM_SID;
			break;
		case 's':
			set_line_buffering(stdin);
			set_line_buffering(stdout);
			set_line_buffering(stderr);
			stdin_passwd_get = True;
			break;
		case 'w':
			if (!amroot) goto bad_args;
#ifdef WITH_LDAP_SAM
			local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
			fstrcpy(ldap_secret, optarg);
			break;
#else
			printf("-w not available unless configured --with-ldapsam\n");
			goto bad_args;
#endif			
		case 'R':
			if (!amroot) goto bad_args;
			lp_set_name_resolve_order(optarg);
			break;
		case 'D':
			DEBUGLEVEL = atoi(optarg);
			break;
		case 'U': {
			char *lp;

			got_username = True;
			fstrcpy(user_name, optarg);

			if ((lp = strchr(user_name, '%'))) {
				*lp = 0;
				fstrcpy(user_password, lp + 1);
				got_pass = True;
				memset(strchr(optarg, '%') + 1, 'X',
				       strlen(user_password));
			}

		}
		break;

		case 'W': /* Take the SID on the command line and make it ours */
			if (!lp_load(servicesf,True,False,False)) {
				fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
					servicesf);
				exit(1);
			}

			if (!string_to_sid(&dom_sid, optarg)) {
				fprintf(stderr, "Invalid SID: %s\n", optarg);
				exit(1);
			}
		  	if (!secrets_init()) {
				fprintf(stderr, "Unable to open secrets database!\n");
				exit(1);	
		  	}
			if (!secrets_store_domain_sid(global_myname, &dom_sid)) {
				fprintf(stderr, "Unable to write the new SID %s as the server SID for %s\n", optarg, global_myname);
				exit(1);
			}
			/*
			 * Now, write it to the workgroup as well, to make
			 * things consistent. This is a risk however.
			 */
			if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) {
				fprintf(stderr, "Unable to write the new SID %s as the domain SID for %s\n", optarg, lp_workgroup());
				exit(1);
			}

	        	exit(0);	
		break;
	
		case 'X': /* Extract the SID for a domain from secrets */
			if (!lp_load(servicesf,True,False,False)) {
				fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
					servicesf);
				exit(1);
			}
		  if (!secrets_init()) {
			fprintf(stderr, "Unable to open secrets database!\n");
			exit(1);
		  }
		  if (secrets_fetch_domain_sid(optarg, &dom_sid)) {
		    sid_to_string(sid_str, &dom_sid);
		    printf("SID for domain %s is: %s\n", optarg, sid_str);
		    exit(0);
		  }
		  else {
		    fprintf(stderr, "Could not retrieve SID for domain: %s\n", optarg);
		    exit(1);
		  }
		  break;
		case 'h':
		default:
bad_args:
			usage();
		}
	}
	
	argc -= optind;
	argv += optind;

	if (joining_domain && (argc != 0))
		usage();

	switch(argc) {
	case 0:
		if (!got_username)
			fstrcpy(user_name, "");
		break;
	case 1:
		if (!amroot == 1) {
			new_passwd = argv[0];
			break;
		}
		if (got_username)
			usage();
		fstrcpy(user_name, argv[0]);
		break;
	case 2:
		if (!amroot || got_username || got_pass)
			usage();
		fstrcpy(user_name, argv[0]);
		new_passwd = strdup_x(argv[1]);
		break;
	default:
		usage();
	}

}