The branch, master has been updated
via b94b7a2 selftest/Samba4: pass '--machinepass' to 'samba-tool domain
join'
via f9f261c s4:python: add --machinepass option to 'samba-tool domain
join'
via 4edbc71 s4:python/samba/join.py: add optional 'machinepass'
parameter to join_*()
via 948f091 s4:python/samba/join.py: add optional 'machinepass'
parameter to class dc_join
via f8fbc41 s4:py_net: add optional 'machinepass' parameter to
py_net_join_member()
via fe69c58 s4:libnet: make it possible to join with a given machine
password
via 677f524 s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member
in py_net_join_member()
via 1764607 s4:torture/rpc: use talloc_zero() in torture_join_domain()
via 5baa443 s4:libnet: use talloc_zero(struct libnet_JoinDomain) in
libnet_Join_member()
from 2bff209 s4-samba-tool: Add --principal argument to samba-tool
domain exportkeytab
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b94b7a2fe106702dfd6bf039d70c10f6858d7954
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 28 19:34:52 2011 +0100
selftest/Samba4: pass '--machinepass' to 'samba-tool domain join'
metze
Autobuild-User: Stefan Metzmacher <me...@samba.org>
Autobuild-Date: Tue Nov 29 11:00:42 CET 2011 on sn-devel-104
commit f9f261cb6090aa26357d4949008763b098122902
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 16 15:32:47 2011 +0100
s4:python: add --machinepass option to 'samba-tool domain join'
metze
commit 4edbc719e5aa63b617f170b51382592dd57aa7b7
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 28 20:03:11 2011 +0100
s4:python/samba/join.py: add optional 'machinepass' parameter to join_*()
metze
commit 948f091a22a5e2bd348d2840e0fdff1d9c9baca7
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 28 20:03:11 2011 +0100
s4:python/samba/join.py: add optional 'machinepass' parameter to class
dc_join
metze
commit f8fbc4163b3f3e02bf15fb495b2d2b721a67162b
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 28 19:49:54 2011 +0100
s4:py_net: add optional 'machinepass' parameter to py_net_join_member()
metze
commit fe69c589e8f3196f2f478adf611bc78a0ea66f50
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 16 13:06:19 2011 +0100
s4:libnet: make it possible to join with a given machine password
metze
commit 677f5246f16c7c2dd4b0006202b2c7ec9f8c3520
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 16 15:30:48 2011 +0100
s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in
py_net_join_member()
metze
commit 17646071503f166eab31721edab9138141449db1
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 16 15:29:03 2011 +0100
s4:torture/rpc: use talloc_zero() in torture_join_domain()
metze
commit 5baa44345f6b6fbf4c922f5bc60484517794da2d
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 16 15:28:20 2011 +0100
s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member()
metze
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba4.pm | 4 +++
source4/libnet/libnet_join.c | 21 +++++++++++++-----
source4/libnet/libnet_join.h | 2 +
source4/libnet/py_net.c | 9 +++++--
source4/scripting/python/samba/join.py | 26 +++++++++++++++-------
source4/scripting/python/samba/netcmd/domain.py | 16 +++++++++----
source4/torture/rpc/testjoin.c | 4 +-
7 files changed, 58 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index d515089..9419921 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -869,6 +869,7 @@ sub provision_member($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM}
member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -937,6 +938,7 @@ sub provision_rpc_proxy($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM}
member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1021,6 +1023,7 @@ sub provision_vampire_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM}
DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}
--domain-critical-only";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1083,6 +1086,7 @@ sub provision_subdom_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm}
subdomain ";
$cmd .= "--parent-domain=$dcvars->{REALM}
-U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index a1124fd..0977403 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -821,10 +821,19 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx,
TALLOC_CTX *mem_ctx, stru
if (NT_STATUS_IS_OK(status)) {
policy_min_pw_len = pwp.out.info->min_password_length;
}
-
- /* Grab a password of that minimum length */
-
- password_str = generate_random_password(tmp_ctx, MAX(8,
policy_min_pw_len), 255);
+
+ if (r->in.account_pass != NULL) {
+ password_str = talloc_strdup(tmp_ctx, r->in.account_pass);
+ } else {
+ /* Grab a password of that minimum length */
+ password_str = generate_random_password(tmp_ctx,
+ MAX(8, policy_min_pw_len), 255);
+ }
+ if (!password_str) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
/* set full_name and reset flags */
ZERO_STRUCT(u_info21);
@@ -909,7 +918,7 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx,
return NT_STATUS_NO_MEMORY;
}
- r2 = talloc(tmp_mem, struct libnet_JoinDomain);
+ r2 = talloc_zero(tmp_mem, struct libnet_JoinDomain);
if (!r2) {
r->out.error_string = NULL;
talloc_free(tmp_mem);
@@ -939,13 +948,13 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx,
/*
* join the domain
*/
- ZERO_STRUCTP(r2);
r2->in.domain_name = r->in.domain_name;
r2->in.account_name = account_name;
r2->in.netbios_name = netbios_name;
r2->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
r2->in.acct_type = acct_type;
r2->in.recreate_account = false;
+ r2->in.account_pass = r->in.account_pass;
status = libnet_JoinDomain(ctx, r2, r2);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_steal(mem_ctx,
r2->out.error_string);
diff --git a/source4/libnet/libnet_join.h b/source4/libnet/libnet_join.h
index 6acf374..89f4d29 100644
--- a/source4/libnet/libnet_join.h
+++ b/source4/libnet/libnet_join.h
@@ -43,6 +43,7 @@ struct libnet_JoinDomain {
enum libnet_JoinDomain_level level;
uint32_t acct_type;
bool recreate_account;
+ const char *account_pass;
} in;
struct {
@@ -68,6 +69,7 @@ struct libnet_Join_member {
const char *domain_name;
const char *netbios_name;
enum libnet_Join_level level;
+ const char *account_pass;
} in;
struct {
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index cf37ccc..c710680 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -49,11 +49,14 @@ static PyObject *py_net_join_member(py_net_Object *self,
PyObject *args, PyObjec
NTSTATUS status;
PyObject *result;
TALLOC_CTX *mem_ctx;
- const char *kwnames[] = { "domain_name", "netbios_name", "level", NULL
};
+ const char *kwnames[] = { "domain_name", "netbios_name", "level",
"machinepass", NULL };
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi:Join",
discard_const_p(char *, kwnames),
+ ZERO_STRUCT(r);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join",
discard_const_p(char *, kwnames),
&r.in.domain_name, &r.in.netbios_name,
- &_level)) {
+ &_level,
+ &r.in.account_pass)) {
return NULL;
}
r.in.level = _level;
diff --git a/source4/scripting/python/samba/join.py
b/source4/scripting/python/samba/join.py
index 3f1abe2..5f546a1 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -48,7 +48,8 @@ class dc_join(object):
'''perform a DC join'''
def __init__(ctx, server=None, creds=None, lp=None, site=None,
- netbios_name=None, targetdir=None, domain=None):
+ netbios_name=None, targetdir=None, domain=None,
+ machinepass=None):
ctx.creds = creds
ctx.lp = lp
ctx.site = site
@@ -90,7 +91,10 @@ class dc_join(object):
ctx.dc_dnsHostName = ctx.get_dnsHostName()
ctx.behavior_version = ctx.get_behavior_version()
- ctx.acct_pass = samba.generate_random_password(32, 40)
+ if machinepass is not None:
+ ctx.acct_pass = machinepass
+ else:
+ ctx.acct_pass = samba.generate_random_password(32, 40)
# work out the DNs of all the objects we will be adding
ctx.server_dn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (ctx.myname,
ctx.site, ctx.config_dn)
@@ -856,10 +860,12 @@ class dc_join(object):
def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
- targetdir=None, domain=None, domain_critical_only=False):
+ targetdir=None, domain=None, domain_critical_only=False,
+ machinepass=None):
"""join as a RODC"""
- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain)
+ ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
+ machinepass)
lp.set("workgroup", ctx.domain_name)
print("workgroup is %s" % ctx.domain_name)
@@ -908,9 +914,11 @@ def join_RODC(server=None, creds=None, lp=None, site=None,
netbios_name=None,
def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
- targetdir=None, domain=None, domain_critical_only=False):
+ targetdir=None, domain=None, domain_critical_only=False,
+ machinepass=None):
"""join as a DC"""
- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain)
+ ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
+ machinepass)
lp.set("workgroup", ctx.domain_name)
print("workgroup is %s" % ctx.domain_name)
@@ -936,9 +944,11 @@ def join_DC(server=None, creds=None, lp=None, site=None,
netbios_name=None,
print "Joined domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid)
def join_subdomain(server=None, creds=None, lp=None, site=None,
netbios_name=None,
- targetdir=None, parent_domain=None, dnsdomain=None,
netbios_domain=None):
+ targetdir=None, parent_domain=None, dnsdomain=None,
netbios_domain=None,
+ machinepass=None):
"""join as a DC"""
- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir,
parent_domain)
+ ctx = dc_join(server, creds, lp, site, netbios_name, targetdir,
parent_domain,
+ machinepass)
ctx.subdomain = True
ctx.parent_domain_name = ctx.domain_name
ctx.domain_name = netbios_domain
diff --git a/source4/scripting/python/samba/netcmd/domain.py
b/source4/scripting/python/samba/netcmd/domain.py
index 88d0d70..bd73b6c 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -115,13 +115,15 @@ class cmd_domain_join(Command):
Option("--domain-critical-only",
help="only replicate critical domain objects",
action="store_true"),
+ Option("--machinepass", type=str, metavar="PASSWORD",
+ help="choose machine password (otherwise random)")
]
takes_args = ["domain", "role?"]
def run(self, domain, role=None, sambaopts=None, credopts=None,
versionopts=None, server=None, site=None, targetdir=None,
- domain_critical_only=False, parent_domain=None):
+ domain_critical_only=False, parent_domain=None, machinepass=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -137,26 +139,30 @@ class cmd_domain_join(Command):
if role is None or role == "MEMBER":
(join_password, sid, domain_name) = net.join_member(domain,
netbios_name,
-
LIBNET_JOIN_AUTOMATIC)
+
LIBNET_JOIN_AUTOMATIC,
+
machinepass=machinepass)
self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid))
return
elif role == "DC":
join_DC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
- domain_critical_only=domain_critical_only)
+ domain_critical_only=domain_critical_only,
+ machinepass=machinepass)
return
elif role == "RODC":
join_RODC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name,
targetdir=targetdir,
- domain_critical_only=domain_critical_only)
+ domain_critical_only=domain_critical_only,
+ machinepass=machinepass)
return
elif role == "SUBDOMAIN":
netbios_domain = lp.get("workgroup")
if parent_domain is None:
parent_domain = ".".join(domain.split(".")[1:])
join_subdomain(server=server, creds=creds, lp=lp,
dnsdomain=domain, parent_domain=parent_domain,
- site=site, netbios_name=netbios_name,
netbios_domain=netbios_domain, targetdir=targetdir)
+ site=site, netbios_name=netbios_name,
netbios_domain=netbios_domain, targetdir=targetdir,
+ machinepass=machinepass)
return
else:
raise CommandError("Invalid role '%s' (possible values: MEMBER,
DC, RODC, SUBDOMAIN)" % role)
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 48408ed..eb49b8e 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -430,10 +430,10 @@ _PUBLIC_ struct test_join *torture_join_domain(struct
torture_context *tctx,
struct samr_SetUserInfo s;
union samr_UserInfo u;
- tj = talloc(tctx, struct test_join);
+ tj = talloc_zero(tctx, struct test_join);
if (!tj) return NULL;
- libnet_r = talloc(tj, struct libnet_JoinDomain);
+ libnet_r = talloc_zero(tj, struct libnet_JoinDomain);
if (!libnet_r) {
talloc_free(tj);
return NULL;
--
Samba Shared Repository
