diff options
author | Ralph Boehme <slow@samba.org> | 2022-11-22 14:40:07 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2022-12-21 19:10:35 +0000 |
commit | 52cdf1d93a24a6e5cbdf4e23a28e05971ea5adc3 (patch) | |
tree | 373f43d28931bea70b4f1de5a960da04c394bbd7 | |
parent | 682216aa29eda70885c7756927ebfbe88d655aa4 (diff) | |
download | samba-52cdf1d93a24a6e5cbdf4e23a28e05971ea5adc3.tar.gz |
wbinfo: Add --change-secret-at=dcname
Add WHATSNEW.txt entry and update wbinfo man page.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | WHATSNEW.txt | 6 | ||||
-rw-r--r-- | docs-xml/manpages/wbinfo.1.xml | 8 | ||||
-rw-r--r-- | nsswitch/wbinfo.c | 53 |
3 files changed, 66 insertions, 1 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 94ced206dbb..4a40b7147dd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -74,7 +74,13 @@ disable colour output. See https://no-color.org/ for a description of this variable. `samba-tool --color=always` will use colour regardless of NO_COLOR. +New wbinfo option --change-secret-at +------------------------------------ +The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER> +which forces the trust account password to be changed at a specified domain +controller. If the specified domain controller cannot be contacted the +password change fails rather than trying other DCs. REMOVED FEATURES diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml index ddd1e27e02b..0426a0454c6 100644 --- a/docs-xml/manpages/wbinfo.1.xml +++ b/docs-xml/manpages/wbinfo.1.xml @@ -144,6 +144,14 @@ </varlistentry> <varlistentry> + <term>--change-secret-at <replaceable>domain-controller</replaceable></term> + <listitem><para>Change the trust account password at a specific + domain controller. Fails if the specificied domain controller + cannot be contacted. + </para></listitem> + </varlistentry> + + <varlistentry> <term>--ccache-save <replaceable>username%password</replaceable></term> <listitem><para>Store user and password for ccache. </para></listitem> diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 55b9e268c39..de54373afe8 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -849,6 +849,43 @@ static bool wbinfo_change_secret(const char *domain) return true; } +/* Change trust account password chose Domain Controller */ + +static bool wbinfo_change_secret_at(const char *domain, + const char *domain_controller) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcAuthErrorInfo *error = NULL; + const char *domain_name; + + if (domain) { + domain_name = domain; + } else { + domain_name = get_winbind_domain(); + } + + wbc_status = wbcChangeTrustCredentialsAt( + domain_name, domain_controller, &error); + + d_printf("changing the trust secret for domain %s via RPC calls %s\n", + domain_name, + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); + + if (wbc_status == WBC_ERR_AUTH_ERROR) { + d_fprintf(stderr, "wbcChangeTrustCredentials(%s): " + "error code was %s (0x%x)\n", + domain_name, error->nt_string, error->nt_status); + wbcFreeMemory(error); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { + d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: " + "%s\n", wbcErrorString(wbc_status)); + return false; + } + + return true; +} + /* Check DC connection */ static bool wbinfo_ping_dc(const char *domain) @@ -2291,7 +2328,8 @@ enum { OPT_LOGOFF_USER, OPT_LOGOFF_UID, OPT_LANMAN, - OPT_KRB5CCNAME + OPT_KRB5CCNAME, + OPT_CHANGE_SECRET_AT }; int main(int argc, const char **argv, char **envp) @@ -2508,6 +2546,13 @@ int main(int argc, const char **argv, char **envp) .descrip = "Change shared secret", }, { + .longName = "change-secret-at", + .shortName = 0, + .argInfo = POPT_ARG_STRING, + .arg = &string_arg, + .val = OPT_CHANGE_SECRET_AT, + .descrip = "Change shared secret at Domain Controler" }, + { .longName = "ping-dc", .shortName = 'P', .argInfo = POPT_ARG_NONE, @@ -3034,6 +3079,12 @@ int main(int argc, const char **argv, char **envp) goto done; } break; + case OPT_CHANGE_SECRET_AT: + if (!wbinfo_change_secret_at(opt_domain_name, string_arg)) { + d_fprintf(stderr, "Could not change secret\n"); + goto done; + } + break; case 'P': if (!wbinfo_ping_dc(opt_domain_name)) { goto done; |