s4-net: Convert machinepw command to python.

source4/scripting/python/samba/netcmd/__init__.py

@@ -155,3 +155,5 @@ from samba.netcmd.user import cmd_user
 commands["user"] = cmd_user()
 from samba.netcmd.vampire import cmd_vampire
 commands["vampire"] = cmd_vampire()
+from samba.netcmd.machinepw import cmd_machinepw
+commands["machinepw"] = cmd_machinepw()

source4/scripting/python/samba/netcmd/join.py

@@ -0,0 +1,59 @@
+#!/usr/bin/python
+#
+# joins
+# 
+# Copyright Jelmer Vernooij 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.getopt as options
+
+from samba.net import Net, LIBNET_JOIN_AUTOMATIC
+from samba.netcmd import Command, CommandError
+from samba.dcerpc.netr import SEC_CHAN_WKSTA, SEC_CHAN_BDC
+
+
+class cmd_join(Command):
+    """Joins domain as either member or backup domain controller."""
+
+    synopsis = "%prog join <domain> [BDC | MEMBER] [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "versionopts": options.VersionOptions,
+        "credopts": options.CredentialsOptions,
+    }
+
+    takes_args = ["domain", "role?"]
+
+    def run(self, domain, role=None, sambaopts=None, credopts=None,
+            versionopts=None):
+        lp = sambaopts.get_loadparm()
+        creds = credopts.get_credentials(lp)
+        net = Net(creds, lp)
+        
+        if role is None:
+            secure_channel_type = SEC_CHAN_WKSTA
+        elif role == "BDC":
+            secure_channel_type = SEC_CHAN_BDC
+        elif role == "MEMBER":
+            secure_channel_type = SEC_CHAN_WKSTA
+        else:
+            raise CommandError("Invalid role %s (possible values: MEMBER, BDC)" % role)
+
+        (join_password, sid, domain_name) = net.join(domain,
+            lp.get("netbios name"), SEC_CHAN_WKSTA, LIBNET_JOIN_AUTOMATIC)
+
+        self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid))

source4/scripting/python/samba/netcmd/machinepw.py

@@ -0,0 +1,53 @@
+#!/usr/bin/python
+#
+# Machine passwords
+# Copyright Jelmer Vernooij 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.getopt as options
+
+from samba import Ldb
+from samba.auth import system_session
+from samba.netcmd import Command, CommandError
+
+
+class cmd_machinepw(Command):
+    """Get a machine password out of our SAM."""
+
+    synopsis = "%prog machinepw <accountname>"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "versionopts": options.VersionOptions,
+        "credopts": options.CredentialsOptions,
+    }
+
+    takes_args = ["secret"]
+
+    def run(self, secret, sambaopts=None, credopts=None, versionopts=None):
+        lp = sambaopts.get_loadparm()
+        creds = credopts.get_credentials(lp)
+        url = lp.get("secrets database")
+        secretsdb = Ldb(url=url, session_info=system_session(),
+            credentials=creds, lp=lp)
+        
+        result = secretsdb.search(attrs=["secret"], 
+            expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret)
+
+        if len(result) != 1:
+            raise CommandError("search returned %d records, expected 1" % len(result))
+
+        self.outf.write("%s\n" % result[0]["secret"])

source4/scripting/python/samba/netcmd/vampire.py

@@ -50,66 +50,3 @@ class cmd_vampire(Command):
         net = Net(creds, lp)
         (domain_name, domain_sid) = net.vampire(domain=domain, target_dir=target_dir)
         self.outf.write("Vampired domain %s (%s)\n" % (domain_name, domain_sid))
-
-
-class cmd_samdump_keytab(Command):
-    """Dumps kerberos keys of a domain into a keytab."""
-
-    synopsis = "%prog samdump keytab [options] <keytab>"
-
-    takes_optiongroups = {
-        "sambaopts": options.SambaOptions,
-        "credopts": options.CredentialsOptions,
-        "versionopts": options.VersionOptions,
-        }
-
-    takes_args = ["keytab"]
-
-    def run(self, keytab, credopts=None, sambaopts=None, versionopts=None):
-        lp = sambaopts.get_loadparm()
-        creds = credopts.get_credentials(lp)
-        net = Net(creds, lp)
-        net.samdump_keytab(keytab)
-
-
-class cmd_samsync_ldb(Command):
-    """Synchronise into the local ldb the SAM of a domain."""
-
-    synopsis = "%prog samsync"
-
-    takes_optiongroups = {
-        "sambaopts": options.SambaOptions,
-        "credopts": options.CredentialsOptions,
-        "versionopts": options.VersionOptions,
-        }
-
-    def run(self, credopts=None, sambaopts=None, versionopts=None):
-        lp = sambaopts.get_loadparm()
-        creds = credopts.get_credentials(lp)
-        net = Net(creds, lp)
-        net.samdump()
-
-
-class cmd_samsync(SuperCommand):
-
-    commands = {
-        "ldb": cmd_samsync_ldb()
-        }
-
-
-class cmd_samdump(Command):
-    """Dump the sam database."""
-
-    synopsis = "%prog samdump"
-
-    takes_optiongroups = {
-        "sambaopts": options.SambaOptions,
-        "credopts": options.CredentialsOptions,
-        "versionopts": options.VersionOptions,
-        }
-
-    def run(self, credopts=None, sambaopts=None, versionopts=None):
-        lp = sambaopts.get_loadparm()
-        creds = credopts.get_credentials(lp)
-        net = Net(creds, lp)
-        net.samdump()

source4/utils/net/net.c

@@ -200,7 +200,6 @@ static const struct net_functable net_functable[] = {
 	{"join", "join a domain\n", net_join, net_join_usage},
 	{"samdump", "dump the sam of a domain\n", net_samdump, net_samdump_usage},
 	{"samsync", "synchronise into the local ldb the sam of an NT4 domain\n", net_samsync_ldb, net_samsync_ldb_usage},
-	{"machinepw", "Get a machine password out of our SAM\n", net_machinepw, net_machinepw_usage},
 	{"drs", "Implements functionality offered by repadmin.exe utility in Windows\n", net_drs, net_drs_usage},
 	{NULL, NULL, NULL, NULL}
 };

source4/utils/net/net_machinepw.c

@@ -1,91 +0,0 @@
-/*
-   Samba Unix/Linux SMB client library
-   Distributed SMB/CIFS Server Management Utility
-
-   Copyright (C) 2008 Volker Lendecke
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "lib/events/events.h"
-#include "utils/net/net.h"
-#include "libnet/libnet.h"
-#include "libcli/security/security.h"
-#include "param/secrets.h"
-#include "param/param.h"
-#include "lib/util/util_ldb.h"
-
-int net_machinepw_usage(struct net_context *ctx, int argc, const char **argv)
-{
-	d_printf("net machinepw <accountname>\n");
-	return -1;
-}
-
-int net_machinepw(struct net_context *ctx, int argc, const char **argv)
-{
-	struct ldb_context *secrets;
-	TALLOC_CTX *mem_ctx;
-	struct tevent_context *ev;
-	struct ldb_message **msgs;
-	int num_records;
-	const char *attrs[] = { "secret", NULL };
-	const char *secret;
-
-	if (argc != 1) {
-		net_machinepw_usage(ctx, argc, argv);
-		return -1;
-	}
-
-	mem_ctx = talloc_new(ctx);
-	if (mem_ctx == NULL) {
-		d_fprintf(stderr, "talloc_new failed\n");
-		return -1;
-	}
-
-	ev = event_context_init(mem_ctx);
-	if (ev == NULL) {
-		d_fprintf(stderr, "event_context_init failed\n");
-		goto fail;
-	}
-
-	secrets = secrets_db_connect(mem_ctx, ev, ctx->lp_ctx);
-	if (secrets == NULL) {
-		d_fprintf(stderr, "secrets_db_connect failed\n");
-		goto fail;
-	}
-
-	num_records = gendb_search(secrets, mem_ctx, NULL, &msgs, attrs,
-				   "(&(objectclass=primaryDomain)"
-				   "(samaccountname=%s))", argv[0]);
-	if (num_records != 1) {
-		d_fprintf(stderr, "gendb_search returned %d records, "
-			  "expected 1\n", num_records);
-		goto fail;
-	}
-
-	secret = ldb_msg_find_attr_as_string(msgs[0], "secret", NULL);
-	if (secret == NULL) {
-		d_fprintf(stderr, "machine account contains no secret\n");
-		goto fail;
-	}
-
-	printf("%s\n", secret);
-	talloc_free(mem_ctx);
-	return 0;
-
- fail:
-	talloc_free(mem_ctx);
-	return -1;
-}

source4/utils/net/wscript_build

@@ -10,7 +10,7 @@ bld.SAMBA_MODULE('net_drs',
 
 
 bld.SAMBA_BINARY('net',
-	source='net.c net_machinepw.c net_password.c net_join.c net_vampire.c',
+	source='net.c net_password.c net_join.c net_vampire.c',
 	autoproto='net_proto.h',
 	installdir='BINDIR',
 	deps='LIBSAMBA-HOSTCONFIG LIBSAMBA-UTIL LIBSAMBA-NET popt POPT_SAMBA POPT_CREDENTIALS net_drs',