/*
Unix SMB/Netbios implementation.
- Version 1.9.
- NT Domain Authentication SMB / MSRPC client
- Copyright (C) Andrew Tridgell 1994-1997
- Copyright (C) Luke Kenneth Casson Leighton 1996-1997
-
+ Version 2.2
+ RPC pipe client
+
+ Copyright (C) Tim Potter 2000
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include "includes.h"
+static NTSTATUS cmd_netlogon_logon_ctrl2(struct cli_state *cli, int argc,
+ char **argv)
+{
+ uint32 query_level = 1;
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
+ if (argc > 1) {
+ printf("Usage: %s\n", argv[0]);
+ return NT_STATUS_OK;
+ }
-#include "includes.h"
-#include "nterr.h"
+ if (!(mem_ctx = talloc_init())) {
+ DEBUG(0,("cmd_srvsvc_srv_query_info: talloc_init failed\n"));
+ goto done;
+ }
-extern int DEBUGLEVEL;
+ /* Initialise RPC connection */
-#define DEBUG_TESTING
+ if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
+ DEBUG(0, ("Could not initialize srvsvc pipe!\n"));
+ goto done;
+ }
-extern struct cli_state *smb_cli;
+ result = cli_netlogon_logon_ctrl2(cli, mem_ctx, query_level);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
-extern FILE* out_hnd;
-extern pstring global_myname;
+ /* Display results */
+ done:
+ return result;
+}
-/****************************************************************************
-experimental nt login.
-****************************************************************************/
-void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_netlogon_logon_ctrl(struct cli_state *cli, int argc,
+ char **argv)
{
- uint16 nt_pipe_fnum;
#if 0
- extern BOOL global_machine_password_needs_changing;
+ uint32 query_level = 1;
#endif
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring nt_user_name;
- fstring password;
- BOOL res = True;
- char *nt_password;
- unsigned char trust_passwd[16];
+ if (argc > 1) {
+ printf("Usage: %s\n", argv[0]);
+ return NT_STATUS_OK;
+ }
-#if 0
- /* machine account passwords */
- pstring new_mach_pwd;
+ if (!(mem_ctx = talloc_init())) {
+ DEBUG(0,("cmd_srvsvc_srv_query_info: talloc_init failed\n"));
+ goto done;
+ }
- /* initialisation */
- new_mach_pwd[0] = 0;
-#endif
+ /* Initialise RPC connection */
- argc--;
- argv++;
-
- if (argc < 1)
- {
- fstrcpy(nt_user_name, smb_cli->user_name);
- if (nt_user_name[0] == 0)
- {
- report(out_hnd,"ntlogin: must specify username with anonymous connection\n");
- return;
- }
+ if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
+ DEBUG(0, ("Could not initialize netlogon pipe!\n"));
+ goto done;
}
- else
- {
- fstrcpy(nt_user_name, argv[0]);
+
+#if 0
+ result = cli_netlogon_logon_ctrl(cli, mem_ctx, query_level);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
}
+#endif
- argc--;
- argv++;
+ /* Display results */
- if (argc < 2)
- {
- nt_password = argv[0];
- }
- else
- {
- nt_password = getpass("Enter NT Login password:");
- }
+ done:
+ return result;
+}
- DEBUG(5,("do_nt_login_test: username %s\n", nt_user_name));
+/* Display sam synchronisation information */
- res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, info->myhostname) : False;
+static void display_sam_sync(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas,
+ SAM_DELTA_CTR *deltas)
+{
+ fstring name;
+ uint32 i, j;
+
+ for (i = 0; i < num_deltas; i++) {
+ switch (hdr_deltas[i].type) {
+ case SAM_DELTA_DOMAIN_INFO:
+ unistr2_to_ascii(name,
+ &deltas[i].domain_info.uni_dom_name,
+ sizeof(name) - 1);
+ DEBUG(0, ("Domain: %s\n", name));
+ break;
+ case SAM_DELTA_GROUP_INFO:
+ unistr2_to_ascii(name,
+ &deltas[i].group_info.uni_grp_name,
+ sizeof(name) - 1);
+ DEBUG(0, ("Group: %s\n", name));
+ break;
+ case SAM_DELTA_ACCOUNT_INFO:
+ unistr2_to_ascii(name,
+ &deltas[i].account_info.uni_acct_name,
+ sizeof(name) - 1);
+ DEBUG(0, ("Account: %s\n", name));
+ break;
+ case SAM_DELTA_ALIAS_INFO:
+ unistr2_to_ascii(name,
+ &deltas[i].alias_info.uni_als_name,
+ sizeof(name) - 1);
+ DEBUG(0, ("Alias: %s\n", name));
+ break;
+ case SAM_DELTA_ALIAS_MEM: {
+ SAM_ALIAS_MEM_INFO *alias = &deltas[i].als_mem_info;
+
+ for (j = 0; j < alias->num_members; j++) {
+ fstring sid_str;
+
+ sid_to_string(sid_str, &alias->sids[j].sid);
+
+ DEBUG(0, ("%s\n", sid_str));
+ }
+ break;
+ }
+ case SAM_DELTA_GROUP_MEM: {
+ SAM_GROUP_MEM_INFO *group = &deltas[i].grp_mem_info;
+
+ for (j = 0; j < group->num_members; j++)
+ DEBUG(0, ("rid 0x%x, attrib 0x%08x\n",
+ group->rids[j], group->attribs[j]));
+ break;
+ }
+ case SAM_DELTA_SAM_STAMP: {
+ SAM_DELTA_STAMP *stamp = &deltas[i].stamp;
+
+ DEBUG(0, ("sam sequence update: 0x%04x\n",
+ stamp->seqnum));
+ break;
+ }
+ default:
+ DEBUG(0, ("unknown delta type 0x%02x\n",
+ hdr_deltas[i].type));
+ break;
+ }
+ }
+}
-#if 0
- /* check whether the user wants to change their machine password */
- res = res ? trust_account_check(info->dest_ip, info->dest_host,
- info->myhostname, smb_cli->domain,
- info->mach_acct, new_mach_pwd) : False;
-#endif
- /* open NETLOGON session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
+/* Perform sam synchronisation */
- res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum,
- smb_cli->mach_acct, global_myname,
- trust_passwd, SEC_CHAN_WKSTA) == 0x0 : False;
+static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, int argc,
+ char **argv)
+{
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ unsigned char trust_passwd[16];
+ TALLOC_CTX *mem_ctx;
+ uint32 database_id = 0, num_deltas;
+ SAM_DELTA_HDR *hdr_deltas;
+ SAM_DELTA_CTR *deltas;
+
+ if (argc > 2) {
+ printf("Usage: %s [database_id]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2)
+ database_id = atoi(argv[1]);
+
+ if (!secrets_init()) {
+ DEBUG(0, ("Unable to initialise secrets database\n"));
+ return result;
+ }
+
+ if (!(mem_ctx = talloc_init())) {
+ DEBUG(0,("talloc_init failed\n"));
+ return result;
+ }
-#if 0
- /* change the machine password? */
- if (global_machine_password_needs_changing)
- {
- unsigned char new_trust_passwd[16];
- generate_random_buffer(new_trust_passwd, 16, True);
- res = res ? cli_nt_srv_pwset(smb_cli, nt_pipe_fnum, new_trust_passwd, SEC_CHAN_WKSTA) : False;
-
- if (res)
- {
- global_machine_password_needs_changing = !set_trust_account_password(new_trust_passwd);
- }
-
- memset(new_trust_passwd, 0, 16);
+ /* Initialise RPC connection */
+
+ if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
+ DEBUG(0, ("Could not initialize netlogon pipe!\n"));
+ goto done;
}
-#endif
- memset(trust_passwd, 0, 16);
+ /* Initialise session credentials */
+
+ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd,
+ NULL)) {
+ DEBUG(0, ("could not fetch trust account password\n"));
+ goto done;
+ }
+
+ result = cli_nt_setup_creds(cli, trust_passwd);
- /* do an NT login */
- res = res ? cli_nt_login_interactive(smb_cli, nt_pipe_fnum,
- smb_cli->domain, nt_user_name,
- getuid(), nt_password,
- &info->dom.ctr, &info->dom.user_info3) : False;
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0, ("Error initialising session creds\n"));
+ goto done;
+ }
- /*** clear out the password ***/
- memset(password, 0, sizeof(password));
+ /* Synchronise sam database */
- /* ok! you're logged in! do anything you like, then... */
+ result = cli_netlogon_sam_sync(cli, mem_ctx, database_id,
+ &num_deltas, &hdr_deltas, &deltas);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
- /* do an NT logout */
- res = res ? cli_nt_logoff(smb_cli, nt_pipe_fnum, &info->dom.ctr) : False;
+ /* Display results */
- /* close the session */
- cli_nt_session_close(smb_cli, nt_pipe_fnum);
+ display_sam_sync(num_deltas, hdr_deltas, deltas);
- report(out_hnd,"cmd_nt_login: login (%s) test succeeded: %s\n",
- nt_user_name, BOOLSTR(res));
+ done:
+ cli_nt_session_close(cli);
+ talloc_destroy(mem_ctx);
+
+ return result;
}
-/****************************************************************************
-experimental nt login.
-****************************************************************************/
-void cmd_netlogon_domain_test(struct client_info *info, int argc, char *argv[])
+/* Perform sam delta synchronisation */
+
+static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, int argc,
+ char **argv)
{
- uint16 nt_pipe_fnum;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ unsigned char trust_passwd[16];
+ TALLOC_CTX *mem_ctx = NULL;
+ uint32 database_id, num_deltas, tmp;
+ SAM_DELTA_HDR *hdr_deltas;
+ SAM_DELTA_CTR *deltas;
+ UINT64_S seqnum;
+
+ if (argc != 3) {
+ printf("Usage: %s database_id seqnum\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ database_id = atoi(argv[1]);
+ tmp = atoi(argv[2]);
+
+ seqnum.low = tmp & 0xffff;
+ seqnum.high = 0;
+
+ if (!secrets_init()) {
+ DEBUG(0, ("Unable to initialise secrets database\n"));
+ goto done;
+ }
+
+ if (!(mem_ctx = talloc_init())) {
+ DEBUG(0,("talloc_init failed\n"));
+ goto done;
+ }
- char *nt_trust_dom;
- BOOL res = True;
- unsigned char trust_passwd[16];
- fstring inter_dom_acct;
+ /* Initialise RPC connection */
- if (argc < 2)
- {
- report(out_hnd,"domtest: must specify domain name\n");
- return;
+ if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
+ DEBUG(0, ("Could not initialize netlogon pipe!\n"));
+ goto done;
}
- nt_trust_dom = argv[1];
+ /* Initialise session credentials */
- DEBUG(5,("do_nt_login_test: domain %s\n", nt_trust_dom));
+ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd,
+ NULL)) {
+ DEBUG(0, ("could not fetch trust account password\n"));
+ goto done;
+ }
- fstrcpy(inter_dom_acct, nt_trust_dom);
- fstrcat(inter_dom_acct, "$");
+ result = cli_nt_setup_creds(cli, trust_passwd);
- res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, nt_trust_dom) : False;
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0, ("Error initialising session creds\n"));
+ goto done;
+ }
- /* open NETLOGON session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
+ /* Synchronise sam database */
- res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, inter_dom_acct,
- global_myname, trust_passwd,
- SEC_CHAN_DOMAIN) == 0x0 : False;
+ result = cli_netlogon_sam_deltas(cli, mem_ctx, database_id,
+ seqnum, &num_deltas,
+ &hdr_deltas, &deltas);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
- memset(trust_passwd, 0, 16);
+ /* Display results */
- /* close the session */
- cli_nt_session_close(smb_cli, nt_pipe_fnum);
+ display_sam_sync(num_deltas, hdr_deltas, deltas);
+
+ done:
+ cli_nt_session_close(cli);
+ talloc_destroy(mem_ctx);
- report(out_hnd,"cmd_nt_login: credentials (%s) test succeeded: %s\n",
- nt_trust_dom, BOOLSTR(res));
+ return result;
}
-/****************************************************************************
-experimental SAM synchronisation.
-****************************************************************************/
-void cmd_sam_sync(struct client_info *info, int argc, char *argv[])
-{
- SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS];
- SAM_DELTA_CTR deltas[MAX_SAM_DELTAS];
- uint32 num;
- uchar trust_passwd[16];
- extern pstring global_myname;
-
- if (!trust_get_passwd(trust_passwd, smb_cli->domain, global_myname))
- {
- report(out_hnd, "cmd_sam_sync: no trust account password\n");
- return;
- }
+/* List of commands exported by this module */
- if (do_sam_sync(smb_cli, trust_passwd,
- smb_cli->mach_acct, global_myname,
- hdr_deltas, deltas, &num))
- {
- display_sam_sync(out_hnd, ACTION_HEADER , hdr_deltas, deltas, num);
- display_sam_sync(out_hnd, ACTION_ENUMERATE, hdr_deltas, deltas, num);
- display_sam_sync(out_hnd, ACTION_FOOTER , hdr_deltas, deltas, num);
- }
-}
+struct cmd_set netlogon_commands[] = {
+
+ { "NETLOGON" },
+
+ { "logonctrl2", cmd_netlogon_logon_ctrl2, "Logon Control 2", "" },
+ { "logonctrl", cmd_netlogon_logon_ctrl, "Logon Control", "" },
+ { "samsync", cmd_netlogon_sam_sync, "Sam Synchronisation", "" },
+ { "samdeltas", cmd_netlogon_sam_deltas, "Query Sam Deltas", "" },
+
+ { NULL }
+};