From c0784106a839c2686e01c75472bae2e7d9071c8b Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 1 Feb 2018 14:26:22 +0100 Subject: [PATCH 9/9] make Samba data tool configurable Allow to specify an alternative path to Samba's net utility at configure time and at run time. https://bugs.freedesktop.org/show_bug.cgi?id=100118 Reviewed-by: Jakub Hrozek --- configure.ac | 13 ++++++++++++ doc/adcli.xml | 21 ++++++++++++++++++- doc/samba_data_tool_path.xml.in | 1 + library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++------- library/adenroll.h | 5 +++++ tools/computer.c | 16 ++++++++++++++ 7 files changed, 95 insertions(+), 8 deletions(-) create mode 100644 doc/samba_data_tool_path.xml.in diff --git a/configure.ac b/configure.ac index fe86638..68877c7 100644 --- a/configure.ac +++ b/configure.ac @@ -291,6 +291,18 @@ else AC_DEFINE_UNQUOTED(BIN_ECHO, "$BIN_ECHO", [path to echo, used in unit test]) fi +AC_MSG_CHECKING([where is Samba's net utility]) +AC_ARG_WITH([samba_data_tool], + AC_HELP_STRING([--with-samba-data-tool=/path], + [Path to Samba's net utility]), + [], + [with_samba_data_tool=/usr/bin/net]) +AC_MSG_RESULT([$with_samba_data_tool]) + +AC_DEFINE_UNQUOTED(SAMBA_DATA_TOOL, "$with_samba_data_tool", + [Path to Samba's net utility]) + +AC_SUBST(SAMBA_DATA_TOOL, [$with_samba_data_tool]) # --------------------------------------------------------------------- ADCLI_LT_RELEASE=$ADCLI_CURRENT:$ADCLI_REVISION:$ADCLI_AGE @@ -300,6 +312,7 @@ AC_CONFIG_FILES([Makefile build/Makefile doc/Makefile doc/version.xml + doc/samba_data_tool_path.xml library/Makefile tools/Makefile ]) diff --git a/doc/adcli.xml b/doc/adcli.xml index fbc6c63..c2b7760 100644 --- a/doc/adcli.xml +++ b/doc/adcli.xml @@ -1,6 +1,9 @@ + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" +[ + +]> @@ -307,6 +310,14 @@ Password for Administrator: smb.conf5 for details. + + + If Samba's net + cannot be found at + &samba_data_tool; this option can + be used to specific an alternative location with the + help of an absolute path. + @@ -412,6 +423,14 @@ $ adcli update --login-ccache=/tmp/krbcc_123 smb.conf5 for details. + + + If Samba's net + cannot be found at + &samba_data_tool; this option can + be used to specific an alternative location with the + help of an absolute path. + diff --git a/doc/samba_data_tool_path.xml.in b/doc/samba_data_tool_path.xml.in new file mode 100644 index 0000000..a667c57 --- /dev/null +++ b/doc/samba_data_tool_path.xml.in @@ -0,0 +1 @@ +@SAMBA_DATA_TOOL@ diff --git a/library/adenroll.c b/library/adenroll.c index 6b1aae5..d64c2c0 100644 --- a/library/adenroll.c +++ b/library/adenroll.c @@ -42,6 +42,10 @@ #include #include +#ifndef SAMBA_DATA_TOOL +#define SAMBA_DATA_TOOL "/usr/bin/net" +#endif + static krb5_enctype v60_later_enctypes[] = { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, @@ -100,6 +104,7 @@ struct _adcli_enroll { int keytab_enctypes_explicit; unsigned int computer_password_lifetime; int computer_password_lifetime_explicit; + char *samba_data_tool; }; static adcli_result @@ -1537,26 +1542,33 @@ static adcli_result update_samba_data (adcli_enroll *enroll) { int ret; - char *argv_pw[] = { "/usr/bin/net", "changesecretpw", "-i", "-f", NULL }; - char *argv_sid[] = { "/usr/bin/net", "setdomainsid", NULL, NULL }; + char *argv_pw[] = { NULL, "changesecretpw", "-i", "-f", NULL }; + char *argv_sid[] = { NULL, "setdomainsid", NULL, NULL }; + + argv_pw[0] = (char *) adcli_enroll_get_samba_data_tool (enroll); + if (argv_pw[0] ==NULL) { + _adcli_err ("Samba data tool not available."); + return ADCLI_ERR_FAIL; + } + argv_sid[0] = argv_pw[0]; - _adcli_info ("Trying to set Samba secret.\n"); + _adcli_info ("Trying to set Samba secret."); ret = _adcli_call_external_program (argv_pw[0], argv_pw, enroll->computer_password, NULL, NULL); if (ret != ADCLI_SUCCESS) { - _adcli_err ("Failed to set Samba computer account password.\n"); + _adcli_err ("Failed to set Samba computer account password."); } argv_sid[2] = (char *) adcli_conn_get_domain_sid (enroll->conn); if (argv_sid[2] == NULL) { - _adcli_err ("Domain SID not available.\n"); + _adcli_err ("Domain SID not available."); } else { - _adcli_info ("Trying to set domain SID %s for Samba.\n", + _adcli_info ("Trying to set domain SID %s for Samba.", argv_sid[2]); ret = _adcli_call_external_program (argv_sid[0], argv_sid, NULL, NULL, NULL); if (ret != ADCLI_SUCCESS) { - _adcli_err ("Failed to set Samba domain SID.\n"); + _adcli_err ("Failed to set Samba domain SID."); } } @@ -1951,6 +1963,9 @@ adcli_enroll_new (adcli_conn *conn) enroll->os_name = strdup (value); return_val_if_fail (enroll->os_name != NULL, NULL); + enroll->samba_data_tool = strdup (SAMBA_DATA_TOOL); + return_val_if_fail (enroll->samba_data_tool != NULL, NULL); + return enroll; } @@ -1978,6 +1993,7 @@ enroll_free (adcli_enroll *enroll) free (enroll->os_name); free (enroll->os_version); free (enroll->os_service_pack); + free (enroll->samba_data_tool); free (enroll->user_principal); _adcli_strv_free (enroll->service_names); @@ -2343,3 +2359,19 @@ adcli_enroll_set_computer_password_lifetime (adcli_enroll *enroll, enroll->computer_password_lifetime_explicit = 1; } + +void +adcli_enroll_set_samba_data_tool (adcli_enroll *enroll, const char *value) +{ + return_if_fail (enroll != NULL); + if (value != NULL && value[0] != '\0') { + _adcli_str_set (&enroll->samba_data_tool, value); + } +} + +const char * +adcli_enroll_get_samba_data_tool (adcli_enroll *enroll) +{ + return_val_if_fail (enroll != NULL, NULL); + return enroll->samba_data_tool; +} diff --git a/library/adenroll.h b/library/adenroll.h index 32c9764..31ca0bc 100644 --- a/library/adenroll.h +++ b/library/adenroll.h @@ -141,4 +141,9 @@ const char * adcli_enroll_get_os_service_pack (adcli_enroll *enroll); void adcli_enroll_set_os_service_pack (adcli_enroll *enroll, const char *value); +void adcli_enroll_set_samba_data_tool (adcli_enroll *enroll, + const char *value); + +const char * adcli_enroll_get_samba_data_tool (adcli_enroll *enroll); + #endif /* ADENROLL_H_ */ diff --git a/tools/computer.c b/tools/computer.c index fc646f2..f86548b 100644 --- a/tools/computer.c +++ b/tools/computer.c @@ -30,6 +30,7 @@ #include #include #include +#include static void dump_details (adcli_conn *conn, @@ -107,6 +108,7 @@ typedef enum { opt_user_principal, opt_computer_password_lifetime, opt_add_samba_data, + opt_samba_data_tool, } Option; static adcli_tool_desc common_usages[] = { @@ -145,6 +147,7 @@ static adcli_tool_desc common_usages[] = { "successful join" }, { opt_add_samba_data, "add domain SID and computer account password\n" "to the Samba specific configuration database" }, + { opt_samba_data_tool, "Absolute path to the tool used for add-samba-data" }, { opt_verbose, "show verbose progress and failure messages", }, { 0 }, }; @@ -160,6 +163,7 @@ parse_option (Option opt, static int stdin_password = 0; char *endptr; unsigned int lifetime; + int ret; switch (opt) { case opt_login_ccache: @@ -265,6 +269,16 @@ parse_option (Option opt, adcli_enroll_set_computer_password_lifetime (enroll, lifetime); return; + case opt_samba_data_tool: + errno = 0; + ret = access (optarg, X_OK); + if (ret != 0) { + ret = errno; + errx (EUSAGE, "Failed to access tool to add Samba data: %s", strerror (ret)); + } else { + adcli_enroll_set_samba_data_tool (enroll, optarg); + } + return; case opt_verbose: return; @@ -331,6 +345,7 @@ adcli_tool_computer_join (adcli_conn *conn, { "show-details", no_argument, NULL, opt_show_details }, { "show-password", no_argument, NULL, opt_show_password }, { "add-samba-data", no_argument, NULL, opt_add_samba_data }, + { "samba-data-tool", no_argument, NULL, opt_samba_data_tool }, { "verbose", no_argument, NULL, opt_verbose }, { "help", no_argument, NULL, 'h' }, { 0 }, @@ -434,6 +449,7 @@ adcli_tool_computer_update (adcli_conn *conn, { "show-details", no_argument, NULL, opt_show_details }, { "show-password", no_argument, NULL, opt_show_password }, { "add-samba-data", no_argument, NULL, opt_add_samba_data }, + { "samba-data-tool", no_argument, NULL, opt_samba_data_tool }, { "verbose", no_argument, NULL, opt_verbose }, { "help", no_argument, NULL, 'h' }, { 0 }, -- 2.14.4