summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRalph Boehme <slow@samba.org>2022-11-22 14:40:07 +0100
committerJeremy Allison <jra@samba.org>2022-12-21 19:10:35 +0000
commit52cdf1d93a24a6e5cbdf4e23a28e05971ea5adc3 (patch)
tree373f43d28931bea70b4f1de5a960da04c394bbd7
parent682216aa29eda70885c7756927ebfbe88d655aa4 (diff)
downloadsamba-52cdf1d93a24a6e5cbdf4e23a28e05971ea5adc3.tar.gz
wbinfo: Add --change-secret-at=dcname
Add WHATSNEW.txt entry and update wbinfo man page. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat
-rw-r--r--WHATSNEW.txt6
-rw-r--r--docs-xml/manpages/wbinfo.1.xml8
-rw-r--r--nsswitch/wbinfo.c53
3 files changed, 66 insertions, 1 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 94ced206dbb..4a40b7147dd 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -74,7 +74,13 @@ disable colour output. See https://no-color.org/ for a description of
this variable. `samba-tool --color=always` will use colour regardless
of NO_COLOR.
+New wbinfo option --change-secret-at
+------------------------------------
+The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
+which forces the trust account password to be changed at a specified domain
+controller. If the specified domain controller cannot be contacted the
+password change fails rather than trying other DCs.
REMOVED FEATURES
diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
index ddd1e27e02b..0426a0454c6 100644
--- a/docs-xml/manpages/wbinfo.1.xml
+++ b/docs-xml/manpages/wbinfo.1.xml
@@ -144,6 +144,14 @@
</varlistentry>
<varlistentry>
+ <term>--change-secret-at <replaceable>domain-controller</replaceable></term>
+ <listitem><para>Change the trust account password at a specific
+ domain controller. Fails if the specificied domain controller
+ cannot be contacted.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>--ccache-save <replaceable>username%password</replaceable></term>
<listitem><para>Store user and password for ccache.
</para></listitem>
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 55b9e268c39..de54373afe8 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -849,6 +849,43 @@ static bool wbinfo_change_secret(const char *domain)
return true;
}
+/* Change trust account password chose Domain Controller */
+
+static bool wbinfo_change_secret_at(const char *domain,
+ const char *domain_controller)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcAuthErrorInfo *error = NULL;
+ const char *domain_name;
+
+ if (domain) {
+ domain_name = domain;
+ } else {
+ domain_name = get_winbind_domain();
+ }
+
+ wbc_status = wbcChangeTrustCredentialsAt(
+ domain_name, domain_controller, &error);
+
+ d_printf("changing the trust secret for domain %s via RPC calls %s\n",
+ domain_name,
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ if (wbc_status == WBC_ERR_AUTH_ERROR) {
+ d_fprintf(stderr, "wbcChangeTrustCredentials(%s): "
+ "error code was %s (0x%x)\n",
+ domain_name, error->nt_string, error->nt_status);
+ wbcFreeMemory(error);
+ }
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
+ "%s\n", wbcErrorString(wbc_status));
+ return false;
+ }
+
+ return true;
+}
+
/* Check DC connection */
static bool wbinfo_ping_dc(const char *domain)
@@ -2291,7 +2328,8 @@ enum {
OPT_LOGOFF_USER,
OPT_LOGOFF_UID,
OPT_LANMAN,
- OPT_KRB5CCNAME
+ OPT_KRB5CCNAME,
+ OPT_CHANGE_SECRET_AT
};
int main(int argc, const char **argv, char **envp)
@@ -2508,6 +2546,13 @@ int main(int argc, const char **argv, char **envp)
.descrip = "Change shared secret",
},
{
+ .longName = "change-secret-at",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &string_arg,
+ .val = OPT_CHANGE_SECRET_AT,
+ .descrip = "Change shared secret at Domain Controler" },
+ {
.longName = "ping-dc",
.shortName = 'P',
.argInfo = POPT_ARG_NONE,
@@ -3034,6 +3079,12 @@ int main(int argc, const char **argv, char **envp)
goto done;
}
break;
+ case OPT_CHANGE_SECRET_AT:
+ if (!wbinfo_change_secret_at(opt_domain_name, string_arg)) {
+ d_fprintf(stderr, "Could not change secret\n");
+ goto done;
+ }
+ break;
case 'P':
if (!wbinfo_ping_dc(opt_domain_name)) {
goto done;
View Lorry Controller Status