static int net_changesecretpw(struct net_context *c, int argc,
const char **argv)
{
char *trust_pw;
enum netr_SchannelType sec_channel_type = SEC_CHAN_WKSTA;
if(c->opt_force) {
if (c->opt_stdin) {
set_line_buffering(stdin);
set_line_buffering(stdout);
set_line_buffering(stderr);
}
trust_pw = get_pass(_("Enter machine password: "******"Unable to write the machine account password in the secrets database"));
return 1;
}
else {
d_printf(_("Modified trust account password in secrets database\n"));
}
}
else {
d_printf(_("Machine account password change requires the -f flag.\n"
"Do NOT use this function unless you know what it does!\n"
"This function will change the ADS Domain member "
"machine account password in the secrets.tdb file!\n"));
}
return 0;
}
static int process_options(int argc, char **argv, int local_flags)
{
int ch;
pstring configfile;
pstrcpy(configfile, dyn_CONFIGFILE);
local_flags |= LOCAL_SET_PASSWORD;
ZERO_STRUCT(user_name);
user_name[0] = '\0';
while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
switch(ch) {
case 'L':
#if !defined(DEVELOPER)
if (getuid() != 0) {
fprintf(stderr, "smbpasswd -L can only be used by root.\n");
exit(1);
}
#endif
local_flags |= LOCAL_AM_ROOT;
break;
case 'c':
pstrcpy(configfile,optarg);
break;
case 'a':
local_flags |= LOCAL_ADD_USER;
break;
case 'x':
local_flags |= LOCAL_DELETE_USER;
local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'd':
local_flags |= LOCAL_DISABLE_USER;
local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'e':
local_flags |= LOCAL_ENABLE_USER;
local_flags &= ~LOCAL_SET_PASSWORD;
break;
case 'm':
local_flags |= LOCAL_TRUST_ACCOUNT;
break;
case 'i':
local_flags |= LOCAL_INTERDOM_ACCOUNT;
break;
case 'j':
d_printf("See 'net join' for this functionality\n");
exit(1);
break;
case 'n':
local_flags |= LOCAL_SET_NO_PASSWORD;
local_flags &= ~LOCAL_SET_PASSWORD;
new_passwd = smb_xstrdup("NO PASSWORD");
break;
case 'r':
remote_machine = optarg;
break;
case 's':
set_line_buffering(stdin);
set_line_buffering(stdout);
set_line_buffering(stderr);
stdin_passwd_get = True;
break;
case 'w':
local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
fstrcpy(ldap_secret, optarg);
break;
case 'R':
lp_set_name_resolve_order(optarg);
break;
case 'D':
DEBUGLEVEL = atoi(optarg);
break;
case 'U': {
got_username = True;
fstrcpy(user_name, optarg);
break;
case 'W':
local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
*ldap_secret = '\0';
break;
}
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
switch(argc) {
case 0:
if (!got_username)
fstrcpy(user_name, "");
break;
case 1:
if (!(local_flags & LOCAL_AM_ROOT)) {
usage();
} else {
if (got_username) {
usage();
} else {
fstrcpy(user_name, argv[0]);
}
}
break;
default:
usage();
}
if (!lp_load(configfile,True,False,False,True)) {
fprintf(stderr, "Can't load %s - run testparm to debug it\n",
configfile);
exit(1);
}
return local_flags;
}
/*******************************************************************
Process command line options
******************************************************************/
static void process_options(int argc, char **argv, BOOL amroot)
{
int ch;
DOM_SID dom_sid;
fstring sid_str;
user_name[0] = '\0';
while ((ch = getopt(argc, argv, "c:axdehmnj:t:r:sw:R:D:U:LSW:X:")) != EOF) {
switch(ch) {
case 'L':
local_mode = amroot = True;
break;
case 'c':
pstrcpy(servicesf,optarg);
break;
case 'a':
if (!amroot) goto bad_args;
local_flags |= LOCAL_ADD_USER;
break;
case 'x':
if (!amroot) goto bad_args;
local_flags |= LOCAL_DELETE_USER;
new_passwd = strdup_x("XXXXXX");
break;
case 'd':
if (!amroot) goto bad_args;
local_flags |= LOCAL_DISABLE_USER;
new_passwd = strdup_x("XXXXXX");
break;
case 'e':
if (!amroot) goto bad_args;
local_flags |= LOCAL_ENABLE_USER;
break;
case 'm':
if (!amroot) goto bad_args;
local_flags |= LOCAL_TRUST_ACCOUNT;
break;
case 'n':
if (!amroot) goto bad_args;
local_flags |= LOCAL_SET_NO_PASSWORD;
new_passwd = strdup_x("NO PASSWORD");
break;
case 'j':
if (!amroot) goto bad_args;
new_domain = optarg;
strupper(new_domain);
joining_domain = True;
break;
case 't':
if (!amroot) goto bad_args;
new_domain = optarg;
strupper(new_domain);
changing_trust_pw = True;
break;
case 'r':
remote_machine = optarg;
break;
case 'S':
if (!amroot) goto bad_args;
local_flags |= LOCAL_GET_DOM_SID;
break;
case 's':
set_line_buffering(stdin);
set_line_buffering(stdout);
set_line_buffering(stderr);
stdin_passwd_get = True;
break;
case 'w':
if (!amroot) goto bad_args;
#ifdef WITH_LDAP_SAM
local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
fstrcpy(ldap_secret, optarg);
break;
#else
printf("-w not available unless configured --with-ldapsam\n");
goto bad_args;
#endif
case 'R':
if (!amroot) goto bad_args;
lp_set_name_resolve_order(optarg);
break;
case 'D':
DEBUGLEVEL = atoi(optarg);
break;
case 'U': {
char *lp;
got_username = True;
fstrcpy(user_name, optarg);
if ((lp = strchr(user_name, '%'))) {
*lp = 0;
fstrcpy(user_password, lp + 1);
got_pass = True;
memset(strchr(optarg, '%') + 1, 'X',
strlen(user_password));
}
}
break;
case 'W': /* Take the SID on the command line and make it ours */
if (!lp_load(servicesf,True,False,False)) {
fprintf(stderr, "Can't load %s - run testparm to debug it\n",
servicesf);
exit(1);
}
if (!string_to_sid(&dom_sid, optarg)) {
fprintf(stderr, "Invalid SID: %s\n", optarg);
exit(1);
}
if (!secrets_init()) {
fprintf(stderr, "Unable to open secrets database!\n");
exit(1);
}
if (!secrets_store_domain_sid(global_myname, &dom_sid)) {
fprintf(stderr, "Unable to write the new SID %s as the server SID for %s\n", optarg, global_myname);
exit(1);
}
/*
* Now, write it to the workgroup as well, to make
* things consistent. This is a risk however.
*/
if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) {
fprintf(stderr, "Unable to write the new SID %s as the domain SID for %s\n", optarg, lp_workgroup());
exit(1);
}
exit(0);
break;
case 'X': /* Extract the SID for a domain from secrets */
if (!lp_load(servicesf,True,False,False)) {
fprintf(stderr, "Can't load %s - run testparm to debug it\n",
servicesf);
exit(1);
}
if (!secrets_init()) {
fprintf(stderr, "Unable to open secrets database!\n");
exit(1);
}
if (secrets_fetch_domain_sid(optarg, &dom_sid)) {
sid_to_string(sid_str, &dom_sid);
printf("SID for domain %s is: %s\n", optarg, sid_str);
exit(0);
}
else {
fprintf(stderr, "Could not retrieve SID for domain: %s\n", optarg);
exit(1);
}
break;
case 'h':
default:
bad_args:
usage();
}
}
argc -= optind;
argv += optind;
if (joining_domain && (argc != 0))
usage();
switch(argc) {
case 0:
if (!got_username)
fstrcpy(user_name, "");
break;
case 1:
if (!amroot == 1) {
new_passwd = argv[0];
break;
}
if (got_username)
usage();
fstrcpy(user_name, argv[0]);
break;
case 2:
if (!amroot || got_username || got_pass)
usage();
fstrcpy(user_name, argv[0]);
new_passwd = strdup_x(argv[1]);
break;
default:
usage();
}
}
