diff options
author | Andrew Tridgell <tridge@samba.org> | 2002-07-15 10:35:28 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2002-07-15 10:35:28 +0000 |
commit | e90b65284812aaa5ff9e9935ce9bbad7791cbbcd (patch) | |
tree | 9e744d1dc2f93934a4b49166a37383d3cb2b2139 /source3/utils/net_ads.c | |
parent | ec167dc9cc0ec2ee461837c25a371d2981744208 (diff) | |
download | samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.gz samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.xz samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.zip |
updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
Diffstat (limited to 'source3/utils/net_ads.c')
-rw-r--r-- | source3/utils/net_ads.c | 269 |
1 files changed, 229 insertions, 40 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 68fa89ea35d..fa3eac6bd39 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -33,20 +33,22 @@ int net_ads_usage(int argc, const char **argv) "\nnet ads leave"\ "\n\tremoves the local machine from a ADS realm\n"\ "\nnet ads user"\ -"\n\tlist users in the realm\n"\ +"\n\tlist, add, or delete users in the realm\n"\ "\nnet ads group"\ -"\n\tlist groups in the realm\n"\ +"\n\tlist, add, or delete groups in the realm\n"\ "\nnet ads info"\ "\n\tshows some info on the server\n"\ "\nnet ads status"\ "\n\tdump the machine account details to stdout\n" "\nnet ads password <username@realm> -Uadmin_username@realm%%admin_pass"\ -"\n\tchange a user's password using an admin account" -"\n\t(note: use realm in UPPERCASE)\n" -"\nnet ads chostpass" -"\n\tchange the trust account password of this machine in the AD tree\n" -"\nnet ads printer [info | publish | remove] <printername> <servername>" -"\n\t lookup, add, or remove directory entry for a printer\n" +"\n\tchange a user's password using an admin account"\ +"\n\t(note: use realm in UPPERCASE)\n"\ +"\nnet ads chostpass"\ +"\n\tchange the trust account password of this machine in the AD tree\n"\ +"\nnet ads printer [info | publish | remove] <printername> <servername>"\ +"\n\t lookup, add, or remove directory entry for a printer\n"\ +"\nnet ads search"\ +"\n\tperform a raw LDAP search and dump the results\n" ); return -1; } @@ -56,7 +58,7 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host, NULL, NULL); ads_connect(ads); if (!ads) { @@ -81,7 +83,7 @@ static ADS_STRUCT *ads_startup(void) BOOL need_password = False; BOOL second_time = False; - ads = ads_init(NULL, opt_host, NULL, NULL); + ads = ads_init(NULL, NULL, opt_host, NULL, NULL); if (!opt_user_name) { opt_user_name = "administrator"; @@ -135,27 +137,30 @@ int net_ads_check(void) } -static void usergrp_display(char *field, void **values, void *data_area) +static BOOL usergrp_display(char *field, void **values, void *data_area) { char **disp_fields = (char **) data_area; if (!field) { /* must be end of record */ if (!strchr_m(disp_fields[0], '$')) { if (disp_fields[1]) - printf("%-21.21s %-50.50s\n", + d_printf("%-21.21s %-50.50s\n", disp_fields[0], disp_fields[1]); else - printf("%-21.21s\n", disp_fields[0]); + d_printf("%s\n", disp_fields[0]); } SAFE_FREE(disp_fields[0]); SAFE_FREE(disp_fields[1]); - return; + return True; } + if (!values) /* must be new field, indicate string field */ + return True; if (StrCaseCmp(field, "sAMAccountName") == 0) { - disp_fields[0] = strdup(((struct berval *) values[0])->bv_val); + disp_fields[0] = strdup((char *) values[0]); } if (StrCaseCmp(field, "description") == 0) - disp_fields[1] = strdup(((struct berval *) values[0])->bv_val); + disp_fields[1] = strdup((char *) values[0]); + return True; /* always strings here */ } static int net_ads_user_usage(int argc, const char **argv) @@ -167,6 +172,7 @@ static int ads_user_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; + char *upn, *userdn; void *res=NULL; int rc = -1; @@ -183,18 +189,43 @@ static int ads_user_add(int argc, const char **argv) if (ads_count_replies(ads, res)) { d_printf("ads_user_add: User %s already exists\n", argv[0]); - ads_msgfree(ads, res); goto done; } status = ads_add_user_acct(ads, argv[0], opt_comment); + if (!ADS_ERR_OK(status)) { + d_printf("Could not add user %s: %s\n", argv[0], + ads_errstr(status)); + goto done; + } + + /* if no password is to be set, we're done */ + if (argc == 1) { + d_printf("User %s added\n", argv[0]); + rc = 0; + goto done; + } + + /* try setting the password */ + asprintf(&upn, "%s@%s", argv[0], ads->realm); + status = krb5_set_password(ads->kdc_server, upn, argv[1]); + safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); rc = 0; - } else { - d_printf("Could not add user %s: %s\n", argv[0], - ads_errstr(status)); + goto done; + } + + /* password didn't set, delete account */ + d_printf("Could not add user %s. Error setting password %s\n", + argv[0], ads_errstr(status)); + ads_msgfree(ads, res); + status=ads_find_user_acct(ads, &res, argv[0]); + if (ADS_ERR_OK(status)) { + userdn = ads_get_dn(ads, res); + ads_del_dn(ads, userdn); + ads_memfree(ads, userdn); } done: @@ -233,7 +264,7 @@ static int ads_user_info(int argc, const char **argv) char **groupname; for (i=0;grouplist[i];i++) { groupname = ldap_explode_dn(grouplist[i], 1); - printf("%s\n", groupname[0]); + d_printf("%s\n", groupname[0]); ldap_value_free(groupname); } ldap_value_free(grouplist); @@ -308,26 +339,111 @@ int net_ads_user(int argc, const char **argv) return net_run_function(argc, argv, func, net_ads_user_usage); } -static int net_ads_group(int argc, const char **argv) +static int net_ads_group_usage(int argc, const char **argv) +{ + return net_help_group(argc, argv); +} + +static int ads_group_add(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS status; + void *res=NULL; + int rc = -1; + + if (argc < 1) return net_ads_group_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + status = ads_find_user_acct(ads, &res, argv[0]); + + if (!ADS_ERR_OK(status)) { + d_printf("ads_group_add: %s\n", ads_errstr(status)); + goto done; + } + + if (ads_count_replies(ads, res)) { + d_printf("ads_group_add: Group %s already exists\n", argv[0]); + ads_msgfree(ads, res); + goto done; + } + + status = ads_add_group_acct(ads, argv[0], opt_comment); + + if (ADS_ERR_OK(status)) { + d_printf("Group %s added\n", argv[0]); + rc = 0; + } else { + d_printf("Could not add group %s: %s\n", argv[0], + ads_errstr(status)); + } + + done: + if (res) + ads_msgfree(ads, res); + ads_destroy(&ads); + return rc; +} + +static int ads_group_delete(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + void *res; + char *groupdn; + + if (argc < 1) return net_ads_group_usage(argc, argv); + + if (!(ads = ads_startup())) return -1; + + rc = ads_find_user_acct(ads, &res, argv[0]); + if (!ADS_ERR_OK(rc)) { + DEBUG(0, ("Group %s does not exist\n", argv[0])); + return -1; + } + groupdn = ads_get_dn(ads, res); + ads_msgfree(ads, res); + rc = ads_del_dn(ads, groupdn); + ads_memfree(ads, groupdn); + if (!ADS_ERR_OK(rc)) { + d_printf("Group %s deleted\n", argv[0]); + return 0; + } + d_printf("Error deleting group %s: %s\n", argv[0], + ads_errstr(rc)); + return -1; +} + +int net_ads_group(int argc, const char **argv) { + struct functable func[] = { + {"ADD", ads_group_add}, + {"DELETE", ads_group_delete}, + {NULL, NULL} + }; ADS_STRUCT *ads; ADS_STATUS rc; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; char *disp_fields[2] = {NULL, NULL}; - if (!(ads = ads_startup())) return -1; + if (argc == 0) { + if (!(ads = ads_startup())) return -1; - if (opt_long_list_entries) - d_printf("\nGroup name Comment"\ - "\n-----------------------------\n"); - rc = ads_do_search_all_fn(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, - "(objectclass=group)", opt_long_list_entries - ? longattrs : shortattrs, usergrp_display, - disp_fields); + if (opt_long_list_entries) + d_printf("\nGroup name Comment"\ + "\n-----------------------------\n"); + rc = ads_do_search_all_fn(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=group)", + opt_long_list_entries ? longattrs : + shortattrs, usergrp_display, + disp_fields); - ads_destroy(&ads); - return 0; + ads_destroy(&ads); + return 0; + } + return net_run_function(argc, argv, func, net_ads_group_usage); } static int net_ads_status(int argc, const char **argv) @@ -485,7 +601,7 @@ static int net_ads_printer_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; - char *servername, *printername; + const char *servername, *printername; extern pstring global_myname; void *res = NULL; @@ -521,6 +637,11 @@ static int net_ads_printer_info(int argc, const char **argv) return 0; } +void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len) +{ + return; +} + static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; @@ -528,6 +649,7 @@ static int net_ads_printer_publish(int argc, const char **argv) char *uncname, *servername; ADS_PRINTER_ENTRY prt; extern pstring global_myname; + char *ports[2] = {"Samba", NULL}; /* these const strings are only here as an example. The attributes @@ -536,7 +658,6 @@ static int net_ads_printer_publish(int argc, const char **argv) const char *bins[] = {"Tray 21", NULL}; const char *media[] = {"Letter", NULL}; const char *orients[] = {"PORTRAIT", NULL}; - const char *ports[] = {"Samba", NULL}; if (!(ads = ads_startup())) return -1; @@ -545,6 +666,9 @@ static int net_ads_printer_publish(int argc, const char **argv) memset(&prt, 0, sizeof(ADS_PRINTER_ENTRY)); + /* we don't sue the servername or unc name provided by + get_a_printer, because the server name might be + localhost or an ip address */ prt.printerName = argv[0]; asprintf(&servername, "%s.%s", global_myname, ads->realm); prt.serverName = servername; @@ -557,7 +681,7 @@ static int net_ads_printer_publish(int argc, const char **argv) prt.printOrientationsSupported = (char **) orients; prt.portName = (char **) ports; prt.printSpooling = "PrintAfterSpooled"; - + rc = ads_add_printer(ads, &prt); if (!ADS_ERR_OK(rc)) { d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); @@ -650,7 +774,7 @@ static int net_ads_password(int argc, const char **argv) /* use the realm so we can eventually change passwords for users in realms other than default */ - if (!(ads = ads_init(realm, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init(realm, NULL, NULL, NULL, NULL))) return -1; asprintf(&prompt, "Enter new password for %s:", argv[0]); @@ -681,8 +805,7 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) char *hostname; ADS_STATUS ret; - - if (!(ads = ads_init(NULL, NULL, NULL, NULL))) return -1; + if (!(ads = ads_init_simple())) return -1; hostname = strdup(global_myname); strlower(hostname); @@ -706,19 +829,79 @@ static int net_ads_change_localhost_pass(int argc, const char **argv) return 0; } +/* + help for net ads search +*/ +static int net_ads_search_usage(int argc, const char **argv) +{ + d_printf( + "\nnet ads search <expression> <attributes...>\n"\ + "\nperform a raw LDAP search on a ADS server and dump the results\n"\ + "The expression is a standard LDAP search expression, and the\n"\ + "attributes are a list of LDAP fields to show in the results\n\n"\ + "Example: net ads search '(objectCategory=group)' sAMAccountName\n\n" + ); + net_common_flags_usage(argc, argv); + return -1; +} + + +/* + general ADS search function. Useful in diagnosing problems in ADS +*/ +static int net_ads_search(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS rc; + const char *exp; + const char **attrs; + void *res = NULL; + + if (argc < 1) { + return net_ads_search_usage(argc, argv); + } + + if (!(ads = ads_startup())) { + return -1; + } + + exp = argv[0]; + attrs = (argv + 1); + + rc = ads_do_search_all(ads, ads->bind_path, + LDAP_SCOPE_SUBTREE, + exp, attrs, &res); + if (!ADS_ERR_OK(rc)) { + d_printf("search failed: %s\n", ads_errstr(rc)); + return -1; + } + + d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); + + /* dump the results */ + ads_dump(ads, res); + + ads_msgfree(ads, res); + ads_destroy(&ads); + + return 0; +} + + int net_ads_help(int argc, const char **argv) { struct functable func[] = { {"USER", net_ads_user_usage}, + {"GROUP", net_ads_group_usage}, + {"PRINTER", net_ads_printer_usage}, + {"SEARCH", net_ads_search_usage}, #if 0 {"INFO", net_ads_info}, {"JOIN", net_ads_join}, {"LEAVE", net_ads_leave}, {"STATUS", net_ads_status}, - {"GROUP", net_ads_group}, {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, - {"PRINTER", net_ads_printer}, #endif {NULL, NULL} }; @@ -738,6 +921,7 @@ int net_ads(int argc, const char **argv) {"PASSWORD", net_ads_password}, {"CHOSTPASS", net_ads_change_localhost_pass}, {"PRINTER", net_ads_printer}, + {"SEARCH", net_ads_search}, {"HELP", net_ads_help}, {NULL, NULL} }; @@ -773,6 +957,11 @@ int net_ads_user(int argc, const char **argv) return net_ads_noads(); } +int net_ads_group(int argc, const char **argv) +{ + return net_ads_noads(); +} + /* this one shouldn't display a message */ int net_ads_check(void) { |