From: Andrew Bartlett Date: Mon, 3 Feb 2020 03:45:45 +0000 (+1300) Subject: source4/scripting/bin: Swap machine account password scripts X-Git-Tag: ldb-2.1.1~156 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3b385d59634927a4ddbfa7885ac5f2e004f4e03;p=thirdparty%2Fsamba.git source4/scripting/bin: Swap machine account password scripts I regularly get requests for my simple script to print the password from the secrets.tdb (or secrets.ldb on the AD DC). This removes the old script that only reads the secrets.ldb. Neither new nor old script has tests, however it seems better to have it in the tree where it can be found rather that me digging it out of my outbound e-mail. Originally posted here: https://lists.samba.org/archive/samba/2017-November/212362.html Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- diff --git a/selftest/knownfail.d/usage b/selftest/knownfail.d/usage index 3e54f80a2de..47a5783f6de 100644 --- a/selftest/knownfail.d/usage +++ b/selftest/knownfail.d/usage @@ -11,7 +11,6 @@ samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_ctdb_etcd_lock.no samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_depfilter_py.none. samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_dns_hub_py.none. samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_gen_hresult_py.none. -samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_mymachinepw.none. samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_repl_cleartext_pwd_py.none. samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_run_py.none. samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_run_py_.none. @@ -21,6 +20,7 @@ samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_tests_py_.none. samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_waf.none. samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_chgtdcpass.none. samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_findprovisionusnranges.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_machineaccountpw.none. samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_rebuildextendeddn.none. samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_renamedc.none. samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_repl_cleartext_pwd_py.none. diff --git a/source4/scripting/bin/machineaccountpw b/source4/scripting/bin/machineaccountpw new file mode 100755 index 00000000000..eab773ec7c0 --- /dev/null +++ b/source4/scripting/bin/machineaccountpw @@ -0,0 +1,42 @@ +#!/usr/bin/env python3 +import optparse +import sys + +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") + + +import samba +from samba import getopt as options +from samba import NTSTATUSError +from samba.credentials import Credentials +parser = optparse.OptionParser("machineaccountpw") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +opts, args = parser.parse_args() + +if len(args) != 0: + parser.print_usage() + sys.exit(1) + +try: + lp_ctx = sambaopts.get_loadparm() +except RuntimeError as error: + print("Unable to load smb.conf %s: %s" % (sambaopts.get_loadparm_path(), + error), + file=sys.stderr) + sys.exit(1) + +creds = Credentials() + +creds.guess(lp_ctx) +try: + creds.set_machine_account(lp_ctx) +except NTSTATUSError as error: + print("Failed to find a stored machine account credential on this system: %s" \ + % error.args[1], + file=sys.stderr) + sys.exit(1) + +print(creds.get_password()) diff --git a/source4/scripting/bin/mymachinepw b/source4/scripting/bin/mymachinepw deleted file mode 100755 index 5ad9c7e96dc..00000000000 --- a/source4/scripting/bin/mymachinepw +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env python3 - -# Unix SMB/CIFS implementation. -# Copyright (C) Volker Lendecke 2008 -# Copyright (C) Stefan Metzmacher 2008 -# -# Extract our own machine pw from secrets.ldb -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -import samba.param as param, ldb, sys, getopt - -optlist, args = getopt.getopt(sys.argv[1:], "s:") - -conf = param.LoadParm() -loaded = False - -for o, v in optlist: - if o == "-s": - if not conf.load(v): - print(v + " not found") - print("\nUsage: mymachinepw [-s SMBCONF]") - sys.exit(1) - loaded = True - -if not loaded: - conf.load_default() - -path=conf.get("private dir") + "/secrets.ldb" -netbios=conf.get("netbios name") - -secrets = ldb.Ldb(path) - -search = ("(&(objectclass=primaryDomain)(samaccountname=" + - netbios + "$))") - -msg = secrets.search(expression=search, attrs=['secret']) - -if not msg: - print("Error:") - print("Password for host[%s] not found in path[%s]." % (netbios, path)) - print("You may want to pass the smb.conf location via the -s option.") - print() - print("Usage: mymachinepw [-s SMBCONF]") - sys.exit(1) - -password=msg[0]['secret'][0] - -print(password) -sys.exit(0)