Univention Bugzilla – Attachment 3913 Details for
Bug 24989
Maschinenpasswort beim samba-tool domain join übergeben.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
9 Patches aus dem samba4 git, die samba-tool um diese Option erweitern
domain_join_machinepass.patch (text/plain), 15.91 KB, created by
Arvid Requate
on 2011-11-29 12:55:22 CET
(
hide
)
Description:
9 Patches aus dem samba4 git, die samba-tool um diese Option erweitern
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2011-11-29 12:55:22 CET
Size:
15.91 KB
patch
obsolete
>From 5baa44345f6b6fbf4c922f5bc60484517794da2d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 16 Nov 2011 15:28:20 +0100 >Subject: [PATCH] s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member() > >metze >--- > source4/libnet/libnet_join.c | 3 +-- > 1 files changed, 1 insertions(+), 2 deletions(-) > >diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c >index a1124fd..0ed14a5 100644 >--- a/source4/libnet/libnet_join.c >+++ b/source4/libnet/libnet_join.c >@@ -909,7 +909,7 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx, > return NT_STATUS_NO_MEMORY; > } > >- r2 = talloc(tmp_mem, struct libnet_JoinDomain); >+ r2 = talloc_zero(tmp_mem, struct libnet_JoinDomain); > if (!r2) { > r->out.error_string = NULL; > talloc_free(tmp_mem); >@@ -939,7 +939,6 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx, > /* > * join the domain > */ >- ZERO_STRUCTP(r2); > r2->in.domain_name = r->in.domain_name; > r2->in.account_name = account_name; > r2->in.netbios_name = netbios_name; >-- >1.7.0.4 > >From 17646071503f166eab31721edab9138141449db1 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 16 Nov 2011 15:29:03 +0100 >Subject: [PATCH] s4:torture/rpc: use talloc_zero() in torture_join_domain() > >metze >--- > source4/torture/rpc/testjoin.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c >index 48408ed..eb49b8e 100644 >--- a/source4/torture/rpc/testjoin.c >+++ b/source4/torture/rpc/testjoin.c >@@ -430,10 +430,10 @@ _PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx, > struct samr_SetUserInfo s; > union samr_UserInfo u; > >- tj = talloc(tctx, struct test_join); >+ tj = talloc_zero(tctx, struct test_join); > if (!tj) return NULL; > >- libnet_r = talloc(tj, struct libnet_JoinDomain); >+ libnet_r = talloc_zero(tj, struct libnet_JoinDomain); > if (!libnet_r) { > talloc_free(tj); > return NULL; >-- >1.7.0.4 > >From 677f5246f16c7c2dd4b0006202b2c7ec9f8c3520 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 16 Nov 2011 15:30:48 +0100 >Subject: [PATCH] s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in py_net_join_member() > >metze >--- > source4/libnet/py_net.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > >diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c >index cf37ccc..4754eb5 100644 >--- a/source4/libnet/py_net.c >+++ b/source4/libnet/py_net.c >@@ -51,6 +51,8 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec > TALLOC_CTX *mem_ctx; > const char *kwnames[] = { "domain_name", "netbios_name", "level", NULL }; > >+ ZERO_STRUCT(r); >+ > if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi:Join", discard_const_p(char *, kwnames), > &r.in.domain_name, &r.in.netbios_name, > &_level)) { >-- >1.7.0.4 > >From fe69c589e8f3196f2f478adf611bc78a0ea66f50 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 16 Nov 2011 13:06:19 +0100 >Subject: [PATCH] s4:libnet: make it possible to join with a given machine password > >metze >--- > source4/libnet/libnet_join.c | 18 ++++++++++++++---- > source4/libnet/libnet_join.h | 2 ++ > 2 files changed, 16 insertions(+), 4 deletions(-) > >diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c >index 0ed14a5..0977403 100644 >--- a/source4/libnet/libnet_join.c >+++ b/source4/libnet/libnet_join.c >@@ -821,10 +821,19 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru > if (NT_STATUS_IS_OK(status)) { > policy_min_pw_len = pwp.out.info->min_password_length; > } >- >- /* Grab a password of that minimum length */ >- >- password_str = generate_random_password(tmp_ctx, MAX(8, policy_min_pw_len), 255); >+ >+ if (r->in.account_pass != NULL) { >+ password_str = talloc_strdup(tmp_ctx, r->in.account_pass); >+ } else { >+ /* Grab a password of that minimum length */ >+ password_str = generate_random_password(tmp_ctx, >+ MAX(8, policy_min_pw_len), 255); >+ } >+ if (!password_str) { >+ r->out.error_string = NULL; >+ talloc_free(tmp_ctx); >+ return NT_STATUS_NO_MEMORY; >+ } > > /* set full_name and reset flags */ > ZERO_STRUCT(u_info21); >@@ -945,6 +954,7 @@ NTSTATUS libnet_Join_member(struct libnet_context *ctx, > r2->in.level = LIBNET_JOINDOMAIN_AUTOMATIC; > r2->in.acct_type = acct_type; > r2->in.recreate_account = false; >+ r2->in.account_pass = r->in.account_pass; > status = libnet_JoinDomain(ctx, r2, r2); > if (!NT_STATUS_IS_OK(status)) { > r->out.error_string = talloc_steal(mem_ctx, r2->out.error_string); >diff --git a/source4/libnet/libnet_join.h b/source4/libnet/libnet_join.h >index 6acf374..89f4d29 100644 >--- a/source4/libnet/libnet_join.h >+++ b/source4/libnet/libnet_join.h >@@ -43,6 +43,7 @@ struct libnet_JoinDomain { > enum libnet_JoinDomain_level level; > uint32_t acct_type; > bool recreate_account; >+ const char *account_pass; > } in; > > struct { >@@ -68,6 +69,7 @@ struct libnet_Join_member { > const char *domain_name; > const char *netbios_name; > enum libnet_Join_level level; >+ const char *account_pass; > } in; > > struct { >-- >1.7.0.4 > >From f8fbc4163b3f3e02bf15fb495b2d2b721a67162b Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 28 Nov 2011 19:49:54 +0100 >Subject: [PATCH] s4:py_net: add optional 'machinepass' parameter to py_net_join_member() > >metze >--- > source4/libnet/py_net.c | 7 ++++--- > 1 files changed, 4 insertions(+), 3 deletions(-) > >diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c >index 4754eb5..c710680 100644 >--- a/source4/libnet/py_net.c >+++ b/source4/libnet/py_net.c >@@ -49,13 +49,14 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec > NTSTATUS status; > PyObject *result; > TALLOC_CTX *mem_ctx; >- const char *kwnames[] = { "domain_name", "netbios_name", "level", NULL }; >+ const char *kwnames[] = { "domain_name", "netbios_name", "level", "machinepass", NULL }; > > ZERO_STRUCT(r); > >- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi:Join", discard_const_p(char *, kwnames), >+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join", discard_const_p(char *, kwnames), > &r.in.domain_name, &r.in.netbios_name, >- &_level)) { >+ &_level, >+ &r.in.account_pass)) { > return NULL; > } > r.in.level = _level; >-- >1.7.0.4 > >From 948f091a22a5e2bd348d2840e0fdff1d9c9baca7 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 28 Nov 2011 20:03:11 +0100 >Subject: [PATCH] s4:python/samba/join.py: add optional 'machinepass' parameter to class dc_join > >metze >--- > source4/scripting/python/samba/join.py | 8 ++++++-- > 1 files changed, 6 insertions(+), 2 deletions(-) > >diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py >index 3f1abe2..bd91e62 100644 >--- a/source4/scripting/python/samba/join.py >+++ b/source4/scripting/python/samba/join.py >@@ -48,7 +48,8 @@ class dc_join(object): > '''perform a DC join''' > > def __init__(ctx, server=None, creds=None, lp=None, site=None, >- netbios_name=None, targetdir=None, domain=None): >+ netbios_name=None, targetdir=None, domain=None, >+ machinepass=None): > ctx.creds = creds > ctx.lp = lp > ctx.site = site >@@ -90,7 +91,10 @@ class dc_join(object): > ctx.dc_dnsHostName = ctx.get_dnsHostName() > ctx.behavior_version = ctx.get_behavior_version() > >- ctx.acct_pass = samba.generate_random_password(32, 40) >+ if machinepass is not None: >+ ctx.acct_pass = machinepass >+ else: >+ ctx.acct_pass = samba.generate_random_password(32, 40) > > # work out the DNs of all the objects we will be adding > ctx.server_dn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (ctx.myname, ctx.site, ctx.config_dn) >-- >1.7.0.4 > >From 4edbc719e5aa63b617f170b51382592dd57aa7b7 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 28 Nov 2011 20:03:11 +0100 >Subject: [PATCH] s4:python/samba/join.py: add optional 'machinepass' parameter to join_*() > >metze >--- > source4/scripting/python/samba/join.py | 18 ++++++++++++------ > 1 files changed, 12 insertions(+), 6 deletions(-) > >diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py >index bd91e62..5f546a1 100644 >--- a/source4/scripting/python/samba/join.py >+++ b/source4/scripting/python/samba/join.py >@@ -860,10 +860,12 @@ class dc_join(object): > > > def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, >- targetdir=None, domain=None, domain_critical_only=False): >+ targetdir=None, domain=None, domain_critical_only=False, >+ machinepass=None): > """join as a RODC""" > >- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain) >+ ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, >+ machinepass) > > lp.set("workgroup", ctx.domain_name) > print("workgroup is %s" % ctx.domain_name) >@@ -912,9 +914,11 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, > > > def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, >- targetdir=None, domain=None, domain_critical_only=False): >+ targetdir=None, domain=None, domain_critical_only=False, >+ machinepass=None): > """join as a DC""" >- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain) >+ ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, >+ machinepass) > > lp.set("workgroup", ctx.domain_name) > print("workgroup is %s" % ctx.domain_name) >@@ -940,9 +944,11 @@ def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, > print "Joined domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid) > > def join_subdomain(server=None, creds=None, lp=None, site=None, netbios_name=None, >- targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None): >+ targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None, >+ machinepass=None): > """join as a DC""" >- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain) >+ ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain, >+ machinepass) > ctx.subdomain = True > ctx.parent_domain_name = ctx.domain_name > ctx.domain_name = netbios_domain >-- >1.7.0.4 > >From f9f261cb6090aa26357d4949008763b098122902 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 16 Nov 2011 15:32:47 +0100 >Subject: [PATCH] s4:python: add --machinepass option to 'samba-tool domain join' > >metze >--- > source4/scripting/python/samba/netcmd/domain.py | 16 +++++++++++----- > 1 files changed, 11 insertions(+), 5 deletions(-) > >diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py >index 88d0d70..bd73b6c 100644 >--- a/source4/scripting/python/samba/netcmd/domain.py >+++ b/source4/scripting/python/samba/netcmd/domain.py >@@ -115,13 +115,15 @@ class cmd_domain_join(Command): > Option("--domain-critical-only", > help="only replicate critical domain objects", > action="store_true"), >+ Option("--machinepass", type=str, metavar="PASSWORD", >+ help="choose machine password (otherwise random)") > ] > > takes_args = ["domain", "role?"] > > def run(self, domain, role=None, sambaopts=None, credopts=None, > versionopts=None, server=None, site=None, targetdir=None, >- domain_critical_only=False, parent_domain=None): >+ domain_critical_only=False, parent_domain=None, machinepass=None): > lp = sambaopts.get_loadparm() > creds = credopts.get_credentials(lp) > net = Net(creds, lp, server=credopts.ipaddress) >@@ -137,26 +139,30 @@ class cmd_domain_join(Command): > if role is None or role == "MEMBER": > (join_password, sid, domain_name) = net.join_member(domain, > netbios_name, >- LIBNET_JOIN_AUTOMATIC) >+ LIBNET_JOIN_AUTOMATIC, >+ machinepass=machinepass) > > self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid)) > return > elif role == "DC": > join_DC(server=server, creds=creds, lp=lp, domain=domain, > site=site, netbios_name=netbios_name, targetdir=targetdir, >- domain_critical_only=domain_critical_only) >+ domain_critical_only=domain_critical_only, >+ machinepass=machinepass) > return > elif role == "RODC": > join_RODC(server=server, creds=creds, lp=lp, domain=domain, > site=site, netbios_name=netbios_name, targetdir=targetdir, >- domain_critical_only=domain_critical_only) >+ domain_critical_only=domain_critical_only, >+ machinepass=machinepass) > return > elif role == "SUBDOMAIN": > netbios_domain = lp.get("workgroup") > if parent_domain is None: > parent_domain = ".".join(domain.split(".")[1:]) > join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain, parent_domain=parent_domain, >- site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir) >+ site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir, >+ machinepass=machinepass) > return > else: > raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role) >-- >1.7.0.4 > >From b94b7a2fe106702dfd6bf039d70c10f6858d7954 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 28 Nov 2011 19:34:52 +0100 >Subject: [PATCH] selftest/Samba4: pass '--machinepass' to 'samba-tool domain join' > >metze > >Autobuild-User: Stefan Metzmacher <metze@samba.org> >Autobuild-Date: Tue Nov 29 11:00:42 CET 2011 on sn-devel-104 >--- > selftest/target/Samba4.pm | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index d515089..9419921 100644 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -869,6 +869,7 @@ sub provision_member($$$) > $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; > $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; > $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; >+ $cmd .= " --machinepass=machine$ret->{password}"; > > unless (system($cmd) == 0) { > warn("Join failed\n$cmd"); >@@ -937,6 +938,7 @@ sub provision_rpc_proxy($$$) > $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; > $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member"; > $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; >+ $cmd .= " --machinepass=machine$ret->{password}"; > > unless (system($cmd) == 0) { > warn("Join failed\n$cmd"); >@@ -1021,6 +1023,7 @@ sub provision_vampire_dc($$$) > $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; > $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; > $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only"; >+ $cmd .= " --machinepass=machine$ret->{password}"; > > unless (system($cmd) == 0) { > warn("Join failed\n$cmd"); >@@ -1083,6 +1086,7 @@ sub provision_subdom_dc($$$) > $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; > $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain "; > $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}"; >+ $cmd .= " --machinepass=machine$ret->{password}"; > > unless (system($cmd) == 0) { > warn("Join failed\n$cmd"); >-- >1.7.0.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3913">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 24989
: 3913