From c090131e4f912f6f6c4f79eb40fbe500eb31c171 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 30 Jan 2018 18:24:15 +0100 Subject: [PATCH 14/23] tools: store Samba data if requested Use Samba's net utility to add the machine account password and the domain SID to the Samba configuration. https://bugs.freedesktop.org/show_bug.cgi?id=100118 Reviewed-by: Jakub Hrozek --- library/adenroll.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/library/adenroll.c b/library/adenroll.c index bb970d1..20731cd 100644 --- a/library/adenroll.c +++ b/library/adenroll.c @@ -1533,6 +1533,36 @@ update_keytab_for_principals (adcli_enroll *enroll) return ADCLI_SUCCESS; } +static adcli_result +update_samba_data (adcli_enroll *enroll) +{ + int ret; + char *argv_pw[] = { "/usr/bin/net", "changesecretpw", "-i", "-f", NULL }; + char *argv_sid[] = { "/usr/bin/net", "setdomainsid", NULL, NULL }; + + _adcli_info ("Trying to set Samba secret.\n"); + ret = _adcli_call_external_program (argv_pw[0], argv_pw, + enroll->computer_password, NULL, NULL); + if (ret != ADCLI_SUCCESS) { + _adcli_err ("Failed to set Samba computer account password.\n"); + } + + argv_sid[2] = (char *) adcli_conn_get_domain_sid (enroll->conn); + if (argv_sid[2] == NULL) { + _adcli_err ("Domain SID not available.\n"); + } else { + _adcli_info ("Trying to set domain SID %s for Samba.\n", + argv_sid[2]); + ret = _adcli_call_external_program (argv_sid[0], argv_sid, + NULL, NULL, NULL); + if (ret != ADCLI_SUCCESS) { + _adcli_err ("Failed to set Samba domain SID.\n"); + } + } + + return ret; +} + static void enroll_clear_state (adcli_enroll *enroll) { @@ -1687,6 +1717,15 @@ enroll_join_or_update_tasks (adcli_enroll *enroll, update_computer_account (enroll); update_service_principals (enroll); + if ( (flags & ADCLI_ENROLL_ADD_SAMBA_DATA) && ! (flags & ADCLI_ENROLL_PASSWORD_VALID)) { + res = update_samba_data (enroll); + if (res != ADCLI_SUCCESS) { + _adcli_info ("Failed to add Samba specific data, smbd " + "or winbindd might not work as " + "expected.\n"); + } + } + if (flags & ADCLI_ENROLL_NO_KEYTAB) return ADCLI_SUCCESS; -- 2.14.4