net: Print time of last password change in 'net ads info'

This is useful for debugging overwritten machine accounts, e.g. a
second machine is joined to a domain with the same name as the
first one.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 28553fcadc87f78f8bd2b81dc7c1dd3396eb526b..a0f59affc7e815a4ba10404666dfd3cf40445685 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -177,6 +177,7 @@ static int net_ads_info(struct net_context *c, int argc, const char **argv)
 {
        ADS_STRUCT *ads;
        char addr[INET6_ADDRSTRLEN];
+       time_t pass_time;
 
        if (c->display_usage) {
                d_printf("%s\n"
@@ -206,6 +207,8 @@ static int net_ads_info(struct net_context *c, int argc, const char **argv)
                d_fprintf( stderr, _("Failed to get server's current time!\n"));
        }
 
+       pass_time = secrets_fetch_pass_last_set_time(ads->server.workgroup);
+
        print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
 
        d_printf(_("LDAP server: %s\n"), addr);
@@ -219,6 +222,9 @@ static int net_ads_info(struct net_context *c, int argc, const char **argv)
        d_printf(_("KDC server: %s\n"), ads->auth.kdc_server );
        d_printf(_("Server time offset: %d\n"), ads->auth.time_offset );
 
+       d_printf(_("Last machine account password change: %s\n"),
+                http_timestring(talloc_tos(), pass_time));
+
        ads_destroy(&ads);
        return 0;
 }