The branch, master has been updated via b94b7a2 selftest/Samba4: pass '--machinepass' to 'samba-tool domain join' via f9f261c s4:python: add --machinepass option to 'samba-tool domain join' via 4edbc71 s4:python/samba/join.py: add optional 'machinepass' parameter to join_*() via 948f091 s4:python/samba/join.py: add optional 'machinepass' parameter to class dc_join via f8fbc41 s4:py_net: add optional 'machinepass' parameter to py_net_join_member() via fe69c58 s4:libnet: make it possible to join with a given machine password via 677f524 s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in py_net_join_member() via 1764607 s4:torture/rpc: use talloc_zero() in torture_join_domain() via 5baa443 s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member() from 2bff209 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b94b7a2fe106702dfd6bf039d70c10f6858d7954 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Nov 28 19:34:52 2011 +0100 selftest/Samba4: pass '--machinepass' to 'samba-tool domain join' metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Tue Nov 29 11:00:42 CET 2011 on sn-devel-104 commit f9f261cb6090aa26357d4949008763b098122902 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Nov 16 15:32:47 2011 +0100 s4:python: add --machinepass option to 'samba-tool domain join' metze commit 4edbc719e5aa63b617f170b51382592dd57aa7b7 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Nov 28 20:03:11 2011 +0100 s4:python/samba/join.py: add optional 'machinepass' parameter to join_*() metze commit 948f091a22a5e2bd348d2840e0fdff1d9c9baca7 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Nov 28 20:03:11 2011 +0100 s4:python/samba/join.py: add optional 'machinepass' parameter to class dc_join metze commit f8fbc4163b3f3e02bf15fb495b2d2b721a67162b Author: Stefan Metzmacher <me...@samba.org> Date: Mon Nov 28 19:49:54 2011 +0100 s4:py_net: add optional 'machinepass' parameter to py_net_join_member() metze commit fe69c589e8f3196f2f478adf611bc78a0ea66f50 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Nov 16 13:06:19 2011 +0100 s4:libnet: make it possible to join with a given machine password metze commit 677f5246f16c7c2dd4b0006202b2c7ec9f8c3520 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Nov 16 15:30:48 2011 +0100 s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in py_net_join_member() metze commit 17646071503f166eab31721edab9138141449db1 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Nov 16 15:29:03 2011 +0100 s4:torture/rpc: use talloc_zero() in torture_join_domain() metze commit 5baa44345f6b6fbf4c922f5bc60484517794da2d Author: Stefan Metzmacher <me...@samba.org> Date: Wed Nov 16 15:28:20 2011 +0100 s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member() metze ----------------------------------------------------------------------- Summary of changes: selftest/target/Samba4.pm | 4 +++ source4/libnet/libnet_join.c | 21 +++++++++++++----- source4/libnet/libnet_join.h | 2 + source4/libnet/py_net.c | 9 +++++-- source4/scripting/python/samba/join.py | 26 +++++++++++++++------- source4/scripting/python/samba/netcmd/domain.py | 16 +++++++++---- source4/torture/rpc/testjoin.c | 4 +- 7 files changed, 58 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index d515089..9419921 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -869,6 +869,7 @@ sub provision_member($$$) $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{password}"; unless (system($cmd) == 0) { warn("Join failed\n$cmd"); @@ -937,6 +938,7 @@ sub provision_rpc_proxy($$$) $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{password}"; unless (system($cmd) == 0) { warn("Join failed\n$cmd"); @@ -1021,6 +1023,7 @@ sub provision_vampire_dc($$$) $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only"; + $cmd .= " --machinepass=machine$ret->{password}"; unless (system($cmd) == 0) { warn("Join failed\n$cmd"); @@ -1083,6 +1086,7 @@ sub provision_subdom_dc($$$) $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain "; $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{password}"; unless (system($cmd) == 0) { warn("Join failed\n$cmd"); diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index a1124fd..0977403 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -821,10 +821,19 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru if (NT_STATUS_IS_OK(status)) { policy_min_pw_len = pwp.out.info->min_password_length; } - - /* Grab a password of that minimum length */ - - password_str = generate_random_password(tmp_ctx, MAX(8, policy_min_pw_len), 255); + + if (r->in.account_pass != NULL) { + password_str = talloc_strdup(tmp_ctx, r->in.account_pass); + } else { + /* Grab a password of that minimum length */ + password_str = generate_random_password(tmp_ctx, + MAX(8, policy_min_pw_len), 255); + } + if (!password_str) { + r->out.error_string = NULL; + talloc_free(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } /* set full_name and reset flags */ ZERO_STRUCT(u_info21); @@ -909,7 +918,7 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx, return NT_STATUS_NO_MEMORY; } - r2 = talloc(tmp_mem, struct libnet_JoinDomain); + r2 = talloc_zero(tmp_mem, struct libnet_JoinDomain); if (!r2) { r->out.error_string = NULL; talloc_free(tmp_mem); @@ -939,13 +948,13 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx, /* * join the domain */ - ZERO_STRUCTP(r2); r2->in.domain_name = r->in.domain_name; r2->in.account_name = account_name; r2->in.netbios_name = netbios_name; r2->in.level = LIBNET_JOINDOMAIN_AUTOMATIC; r2->in.acct_type = acct_type; r2->in.recreate_account = false; + r2->in.account_pass = r->in.account_pass; status = libnet_JoinDomain(ctx, r2, r2); if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_steal(mem_ctx, r2->out.error_string); diff --git a/source4/libnet/libnet_join.h b/source4/libnet/libnet_join.h index 6acf374..89f4d29 100644 --- a/source4/libnet/libnet_join.h +++ b/source4/libnet/libnet_join.h @@ -43,6 +43,7 @@ struct libnet_JoinDomain { enum libnet_JoinDomain_level level; uint32_t acct_type; bool recreate_account; + const char *account_pass; } in; struct { @@ -68,6 +69,7 @@ struct libnet_Join_member { const char *domain_name; const char *netbios_name; enum libnet_Join_level level; + const char *account_pass; } in; struct { diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c index cf37ccc..c710680 100644 --- a/source4/libnet/py_net.c +++ b/source4/libnet/py_net.c @@ -49,11 +49,14 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec NTSTATUS status; PyObject *result; TALLOC_CTX *mem_ctx; - const char *kwnames[] = { "domain_name", "netbios_name", "level", NULL }; + const char *kwnames[] = { "domain_name", "netbios_name", "level", "machinepass", NULL }; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi:Join", discard_const_p(char *, kwnames), + ZERO_STRUCT(r); + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join", discard_const_p(char *, kwnames), &r.in.domain_name, &r.in.netbios_name, - &_level)) { + &_level, + &r.in.account_pass)) { return NULL; } r.in.level = _level; diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 3f1abe2..5f546a1 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -48,7 +48,8 @@ class dc_join(object): '''perform a DC join''' def __init__(ctx, server=None, creds=None, lp=None, site=None, - netbios_name=None, targetdir=None, domain=None): + netbios_name=None, targetdir=None, domain=None, + machinepass=None): ctx.creds = creds ctx.lp = lp ctx.site = site @@ -90,7 +91,10 @@ class dc_join(object): ctx.dc_dnsHostName = ctx.get_dnsHostName() ctx.behavior_version = ctx.get_behavior_version() - ctx.acct_pass = samba.generate_random_password(32, 40) + if machinepass is not None: + ctx.acct_pass = machinepass + else: + ctx.acct_pass = samba.generate_random_password(32, 40) # work out the DNs of all the objects we will be adding ctx.server_dn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (ctx.myname, ctx.site, ctx.config_dn) @@ -856,10 +860,12 @@ class dc_join(object): def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, - targetdir=None, domain=None, domain_critical_only=False): + targetdir=None, domain=None, domain_critical_only=False, + machinepass=None): """join as a RODC""" - ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain) + ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, + machinepass) lp.set("workgroup", ctx.domain_name) print("workgroup is %s" % ctx.domain_name) @@ -908,9 +914,11 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, - targetdir=None, domain=None, domain_critical_only=False): + targetdir=None, domain=None, domain_critical_only=False, + machinepass=None): """join as a DC""" - ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain) + ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, + machinepass) lp.set("workgroup", ctx.domain_name) print("workgroup is %s" % ctx.domain_name) @@ -936,9 +944,11 @@ def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, print "Joined domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid) def join_subdomain(server=None, creds=None, lp=None, site=None, netbios_name=None, - targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None): + targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None, + machinepass=None): """join as a DC""" - ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain) + ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain, + machinepass) ctx.subdomain = True ctx.parent_domain_name = ctx.domain_name ctx.domain_name = netbios_domain diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 88d0d70..bd73b6c 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -115,13 +115,15 @@ class cmd_domain_join(Command): Option("--domain-critical-only", help="only replicate critical domain objects", action="store_true"), + Option("--machinepass", type=str, metavar="PASSWORD", + help="choose machine password (otherwise random)") ] takes_args = ["domain", "role?"] def run(self, domain, role=None, sambaopts=None, credopts=None, versionopts=None, server=None, site=None, targetdir=None, - domain_critical_only=False, parent_domain=None): + domain_critical_only=False, parent_domain=None, machinepass=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) net = Net(creds, lp, server=credopts.ipaddress) @@ -137,26 +139,30 @@ class cmd_domain_join(Command): if role is None or role == "MEMBER": (join_password, sid, domain_name) = net.join_member(domain, netbios_name, - LIBNET_JOIN_AUTOMATIC) + LIBNET_JOIN_AUTOMATIC, + machinepass=machinepass) self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid)) return elif role == "DC": join_DC(server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, - domain_critical_only=domain_critical_only) + domain_critical_only=domain_critical_only, + machinepass=machinepass) return elif role == "RODC": join_RODC(server=server, creds=creds, lp=lp, domain=domain, site=site, netbios_name=netbios_name, targetdir=targetdir, - domain_critical_only=domain_critical_only) + domain_critical_only=domain_critical_only, + machinepass=machinepass) return elif role == "SUBDOMAIN": netbios_domain = lp.get("workgroup") if parent_domain is None: parent_domain = ".".join(domain.split(".")[1:]) join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain, parent_domain=parent_domain, - site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir) + site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir, + machinepass=machinepass) return else: raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role) diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 48408ed..eb49b8e 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -430,10 +430,10 @@ _PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx, struct samr_SetUserInfo s; union samr_UserInfo u; - tj = talloc(tctx, struct test_join); + tj = talloc_zero(tctx, struct test_join); if (!tj) return NULL; - libnet_r = talloc(tj, struct libnet_JoinDomain); + libnet_r = talloc_zero(tj, struct libnet_JoinDomain); if (!libnet_r) { talloc_free(tj); return NULL; -- Samba Shared Repository