Distributed SMB/CIFS Server Management Utility
Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
- Copyright (C) 2004 Guenther Deschner (gd@samba.org)
+ Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
Copyright (C) 2005 Jeremy Allison (jra@samba.org)
Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
#include "utils/net.h"
static int net_mode_share;
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
/**
* @file net_rpc.c
**/
NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- DOM_SID **domain_sid, char **domain_name)
+ DOM_SID **domain_sid,
+ const char **domain_name)
{
struct rpc_pipe_client *lsa_pipe;
POLICY_HND pol;
NTSTATUS result = NT_STATUS_OK;
- uint32 info_class = 5;
-
+ union lsa_PolicyInformation *info = NULL;
+
lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
if (!lsa_pipe) {
d_fprintf(stderr, "Could not initialise lsa pipe\n");
return result;
}
- result = rpccli_lsa_query_info_policy(lsa_pipe, mem_ctx, &pol,
- info_class, domain_name,
- domain_sid);
+ result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "lsaquery failed: %s\n",
nt_errstr(result));
return result;
}
+ *domain_name = info->account_domain.name.string;
+ *domain_sid = info->account_domain.sid;
+
rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
cli_rpc_pipe_close(lsa_pipe);
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
DOM_SID *domain_sid;
- char *domain_name;
+ const char *domain_name;
/* make use of cli_state handed over as an argument, if possible */
if (!cli_arg) {
* @param argc Standard main() style argv. Initial components are already
* stripped
*
- * Main 'net_rpc_join()' (where the admain username/password is used) is
+ * Main 'net_rpc_join()' (where the admin username/password is used) is
* in net_rpc_join.c
* Try to just change the password, but if that doesn't work, use/prompt
* for a username/password.
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
fstring sid_str;
- sid_to_string(sid_str, domain_sid);
+ sid_to_fstring(sid_str, domain_sid);
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
goto done;
}
- ZERO_STRUCT(ctr);
- result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
- 2, &ctr);
+ result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 2,
+ &info);
if (NT_STATUS_IS_OK(result)) {
- TALLOC_CTX *ctx = talloc_init("rpc_info_internals");
- d_printf("Domain Name: %s\n", unistr2_tdup(ctx, &ctr.info.inf2.uni_domain));
+ d_printf("Domain Name: %s\n", info->info2.domain_name.string);
d_printf("Domain SID: %s\n", sid_str);
- d_printf("Sequence number: %llu\n", (unsigned long long)ctr.info.inf2.seq_num);
- d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs);
- d_printf("Num domain groups: %u\n", ctr.info.inf2.num_domain_grps);
- d_printf("Num local groups: %u\n", ctr.info.inf2.num_local_grps);
- talloc_destroy(ctx);
+ d_printf("Sequence number: %llu\n",
+ (unsigned long long)info->info2.sequence_num);
+ d_printf("Num users: %u\n", info->info2.num_users);
+ d_printf("Num domain groups: %u\n", info->info2.num_groups);
+ d_printf("Num local groups: %u\n", info->info2.num_aliases);
}
done:
{
fstring sid_str;
- sid_to_string(sid_str, domain_sid);
+ sid_to_fstring(sid_str, domain_sid);
d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
sid_str, domain_name);
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags, user_rid;
+ uint32_t access_granted = 0;
+ struct samr_Ids user_rids, name_types;
if (argc < 1) {
d_printf("User must be specified\n");
}
acct_name = argv[0];
+ init_lsa_String(&lsa_acct_name, acct_name);
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Create domain user */
acb_info = ACB_NORMAL;
- unknown = 0xe005000b; /* No idea what this is - a permission mask? */
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
- &user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
if (argc == 2) {
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_24 p24;
+ union samr_UserInfo info;
uchar pwbuf[516];
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &acct_name,
- &num_rids, &user_rids,
- &name_types);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Set password on account */
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p24);
-
encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
- init_sam_user_info24(&p24, (char *)pwbuf,24);
+ init_samr_user_info24(&info.info24, pwbuf, 24);
- ctr.switch_value = 24;
- ctr.info.id24 = &p24;
+ SamOEMhashBlob(info.info24.password.data, 516,
+ &cli->user_session_key);
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24,
- &cli->user_session_key, &ctr);
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ 24,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Failed to set password for user %s - %s\n",
acct_name, nt_errstr(result));
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Failed to delete user %s - %s\n",
}
done:
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to add user %s - %s\n", acct_name,
- nt_errstr(result));
+ d_fprintf(stderr, "Failed to add user '%s' with %s.\n",
+ acct_name, nt_errstr(result));
} else {
- d_printf("Added user %s\n", acct_name);
+ d_printf("Added user '%s'.\n", acct_name);
}
return result;
}
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND connect_pol, domain_pol, user_pol;
+ const char *acct_name;
if (argc < 1) {
d_printf("User must be specified\n");
rpc_user_usage(argc, argv);
return NT_STATUS_OK;
}
+
+ acct_name = argv[0];
+
/* Get sam policy and domain handles */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Get handle on user */
{
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
+
+ init_lsa_String(&lsa_acct_name, acct_name);
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &argv[0],
- &num_rids, &user_rids,
- &name_types);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Delete user */
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- /* Display results */
+ done:
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to delete user account - %s\n", nt_errstr(result));
- } else {
- d_printf("Deleted user account\n");
- }
+ d_fprintf(stderr, "Failed to delete user '%s' with %s.\n",
+ acct_name, nt_errstr(result));
+ } else {
+ d_printf("Deleted user '%s'.\n", acct_name);
+ }
- done:
return result;
}
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 info_level = 7;
const char *old_name, *new_name;
- uint32 *user_rid;
- uint32 flags = 0x000003e8; /* Unknown */
- uint32 num_rids, *name_types;
- uint32 num_names = 1;
- const char **names;
- SAM_USERINFO_CTR *user_ctr;
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_7 info7;
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
+ union samr_UserInfo *info = NULL;
if (argc != 2) {
d_printf("Old and new username must be specified\n");
old_name = argv[0];
new_name = argv[1];
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(user_ctr);
-
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
+
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
- names[0] = old_name;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, num_names, names,
- &num_rids, &user_rid, &name_types);
+ init_lsa_String(&lsa_acct_name, old_name);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Open domain user */
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Query user info */
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
- info_level, &user_ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ info_level,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- ctr.switch_value = info_level;
- ctr.info.id7 = &info7;
-
- init_sam_user_info7(&info7, new_name);
+ init_samr_user_info7(&info->info7, new_name);
/* Set new name */
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol,
- info_level, &cli->user_session_key, &ctr);
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ info_level,
+ info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND connect_pol, domain_pol, user_pol;
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_24 p24;
uchar pwbuf[516];
const char *user;
const char *new_password;
char *prompt = NULL;
+ union samr_UserInfo info;
if (argc < 1) {
d_printf("User must be specified\n");
/* Get sam policy and domain handles */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Get handle on user */
{
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &user,
- &num_rids, &user_rids,
- &name_types);
+ init_lsa_String(&lsa_acct_name, user);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Set password on account */
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p24);
-
encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
- init_sam_user_info24(&p24, (char *)pwbuf,24);
+ init_samr_user_info24(&info.info24, pwbuf, 24);
- ctr.switch_value = 24;
- ctr.info.id24 = &p24;
+ SamOEMhashBlob(info.info24.password.data, 516,
+ &cli->user_session_key);
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24,
- &cli->user_session_key, &ctr);
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ 24,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
{
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 *rids, num_rids, *name_types, num_names;
- uint32 flags = 0x000003e8; /* Unknown */
int i;
- char **names;
- DOM_GID *user_gids;
+ struct samr_RidWithAttributeArray *rid_array = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids types;
+ uint32_t *lrids = NULL;
+ struct samr_Ids rids, name_types;
+ struct lsa_String lsa_acct_name;
+
if (argc < 1) {
d_printf("User must be specified\n");
return NT_STATUS_OK;
}
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get handle on user */
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &argv[0],
- &num_rids, &rids, &name_types);
+ init_lsa_String(&lsa_acct_name, argv[0]);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) goto done;
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
- result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol,
- &num_rids, &user_gids);
+ result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
+ &user_pol,
+ &rid_array);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Look up rids */
- if (num_rids) {
- if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
+ if (rid_array->count) {
+ if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
- for (i = 0; i < num_rids; i++)
- rids[i] = user_gids[i].g_rid;
+ for (i = 0; i < rid_array->count; i++)
+ lrids[i] = rid_array->rids[i].rid;
- result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, &domain_pol,
- num_rids, rids,
- &num_names, &names, &name_types);
+ result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
+ &domain_pol,
+ rid_array->count,
+ lrids,
+ &names,
+ &types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Display results */
- for (i = 0; i < num_names; i++)
- printf("%s\n", names[i]);
+ for (i = 0; i < names.count; i++)
+ printf("%s\n", names.names[i].string);
}
done:
return result;
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx=0, num_entries, i, loop_count = 0;
- SAM_DISPINFO_CTR ctr;
- SAM_DISPINFO_1 info1;
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Query domain users */
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(info1);
- ctr.sam.info1 = &info1;
if (opt_long_list_entries)
d_printf("\nUser name Comment"\
"\n-----------------------------\n");
do {
- fstring user, desc;
+ const char *user = NULL;
+ const char *desc = NULL;
uint32 max_entries, max_size;
+ uint32_t total_size, returned_size;
+ union samr_DispInfo info;
get_query_dispinfo_params(
loop_count, &max_entries, &max_size);
- result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, 1, &num_entries,
- max_entries, max_size, &ctr);
+ result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ start_idx,
+ max_entries,
+ max_size,
+ &total_size,
+ &returned_size,
+ &info);
loop_count++;
+ start_idx += info.info1.count;
+ num_entries = info.info1.count;
for (i = 0; i < num_entries; i++) {
- unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user));
- if (opt_long_list_entries)
- unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc));
-
+ user = info.info1.entries[i].account_name.string;
+ if (opt_long_list_entries)
+ desc = info.info1.entries[i].description.string;
if (opt_long_list_entries)
printf("%-21.21s %s\n", user, desc);
else
TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv))
-
{
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- result = rpccli_samr_connect(pipe_hnd, mem_ctx,
- MAXIMUM_ALLOWED_ACCESS, &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- ctx->domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ ctx->domain_sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rid, &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
done:
if (is_valid_policy_hnd(&user_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
if (is_valid_policy_hnd(&domain_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
}
if (is_valid_policy_hnd(&connect_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
}
return result;
}
static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv)
{
NTSTATUS result;
- SAM_USERINFO_CTR *ctr;
- SAM_USER_INFO_21 *info;
+ union samr_UserInfo *info = NULL;
if (argc != 0) {
d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
- 21, &ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- info = ctr->info.id21;
-
- d_printf("user rid: %d, group rid: %d\n", info->user_rid,
- info->group_rid);
+ d_printf("user rid: %d, group rid: %d\n",
+ info->info21.rid,
+ info->info21.primary_gid);
return result;
}
#define FETCHSTR(name, rec) \
do { if (strequal(ctx->thiscmd, name)) { \
- oldval = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_##rec); } \
+ oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
} while (0);
#define SETSTR(name, rec, flag) \
do { if (strequal(ctx->thiscmd, name)) { \
- init_unistr2(&usr->uni_##rec, argv[0], UNI_STR_TERMINATE); \
- init_uni_hdr(&usr->hdr_##rec, &usr->uni_##rec); \
- usr->fields_present |= ACCT_##flag; } \
+ init_lsa_String(&(info->info21.rec), argv[0]); \
+ info->info21.fields_present |= SAMR_FIELD_##flag; } \
} while (0);
static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv)
{
NTSTATUS result;
- SAM_USERINFO_CTR *ctr;
- SAM_USER_INFO_21 *usr;
const char *username;
const char *oldval = "";
+ union samr_UserInfo *info = NULL;
if (argc > 1) {
d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
- 21, &ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- usr = ctr->info.id21;
-
- username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name);
+ username = talloc_strdup(mem_ctx, info->info21.account_name.string);
FETCHSTR("fullname", full_name);
- FETCHSTR("homedir", home_dir);
- FETCHSTR("homedrive", dir_drive);
+ FETCHSTR("homedir", home_directory);
+ FETCHSTR("homedrive", home_drive);
FETCHSTR("logonscript", logon_script);
FETCHSTR("profilepath", profile_path);
- FETCHSTR("description", acct_desc);
+ FETCHSTR("description", description);
if (argc == 0) {
d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
goto done;
}
- ZERO_STRUCTP(usr);
-
if (strcmp(argv[0], "NULL") == 0) {
argv[0] = "";
}
+ ZERO_STRUCT(info->info21);
+
SETSTR("fullname", full_name, FULL_NAME);
- SETSTR("homedir", home_dir, HOME_DIR);
- SETSTR("homedrive", dir_drive, HOME_DRIVE);
+ SETSTR("homedir", home_directory, HOME_DIRECTORY);
+ SETSTR("homedrive", home_drive, HOME_DRIVE);
SETSTR("logonscript", logon_script, LOGON_SCRIPT);
- SETSTR("profilepath", profile_path, PROFILE);
- SETSTR("description", acct_desc, DESCRIPTION);
+ SETSTR("profilepath", profile_path, PROFILE_PATH);
+ SETSTR("description", description, DESCRIPTION);
- result = rpccli_samr_set_userinfo2(
- pipe_hnd, mem_ctx, user_hnd, 21,
- &pipe_hnd->cli->user_session_key, ctr);
+ result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ info);
d_printf("Set %s's %s from [%s] to [%s]\n", username,
ctx->thiscmd, oldval, argv[0]);
static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv)
{
NTSTATUS result;
- SAM_USERINFO_CTR *ctr;
- SAM_USER_INFO_21 *usr;
const char *username;
const char *oldval = "unknown";
uint32 oldflags, newflags;
- BOOL newval;
+ bool newval;
+ union samr_UserInfo *info = NULL;
if ((argc > 1) ||
((argc == 1) && !strequal(argv[0], "yes") &&
newval = strequal(argv[0], "yes");
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
- 21, &ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- usr = ctr->info.id21;
-
- username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name);
- oldflags = usr->acb_info;
- newflags = usr->acb_info;
+ username = talloc_strdup(mem_ctx, info->info21.account_name.string);
+ oldflags = info->info21.acct_flags;
+ newflags = info->info21.acct_flags;
HANDLEFLG("disabled", DISABLED);
HANDLEFLG("pwnotreq", PWNOTREQ);
goto done;
}
- ZERO_STRUCTP(usr);
+ ZERO_STRUCT(info->info21);
- usr->acb_info = newflags;
- usr->fields_present = ACCT_FLAGS;
+ info->info21.acct_flags = newflags;
+ info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
- result = rpccli_samr_set_userinfo2(
- pipe_hnd, mem_ctx, user_hnd, 21,
- &pipe_hnd->cli->user_session_key, ctr);
+ result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ info);
if (NT_STATUS_IS_OK(result)) {
d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
const char **argv)
{
POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
- BOOL group_is_primary = False;
+ bool group_is_primary = False;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- uint32 *group_rids, num_rids, *name_types, num_members,
- *group_attrs, group_rid;
- uint32 flags = 0x000003e8; /* Unknown */
+ uint32_t group_rid;
+ struct samr_RidTypeArray *rids = NULL;
/* char **names; */
int i;
/* DOM_GID *user_gids; */
- SAM_USERINFO_CTR *user_ctr;
- fstring temp;
+
+ struct samr_Ids group_rids, name_types;
+ struct lsa_String lsa_acct_name;
+ union samr_UserInfo *info = NULL;
if (argc < 1) {
d_printf("specify group\n");
return NT_STATUS_OK; /* ok? */
}
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Request samr_connect failed\n");
+ d_fprintf(stderr, "Request samr_Connect2 failed\n");
goto done;
}
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
-
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
+
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_domain failed\n");
goto done;
}
-
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &argv[0],
- &num_rids, &group_rids,
- &name_types);
+ init_lsa_String(&lsa_acct_name, argv[0]);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &group_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
goto done;
}
- switch (name_types[0])
+ switch (name_types.ids[0])
{
case SID_NAME_DOM_GRP:
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[0], &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids.ids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_group failed");
goto done;
}
-
- group_rid = group_rids[0];
-
- result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
- &num_members, &group_rids,
- &group_attrs);
-
+
+ group_rid = group_rids.ids[0];
+
+ result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ &rids);
+
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
goto done;
if (opt_verbose) {
d_printf("Domain Group %s (rid: %d) has %d members\n",
- argv[0],group_rid,num_members);
+ argv[0],group_rid, rids->count);
}
/* Check if group is anyone's primary group */
- for (i = 0; i < num_members; i++)
+ for (i = 0; i < rids->count; i++)
{
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[i], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids->rids[i],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]);
+ d_fprintf(stderr, "Unable to open group member %d\n",
+ rids->rids[i]);
goto done;
}
-
- ZERO_STRUCT(user_ctr);
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
- 21, &user_ctr);
-
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ 21,
+ &info);
+
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",group_rids[i]);
+ d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
+ rids->rids[i]);
goto done;
}
-
- if (user_ctr->info.id21->group_rid == group_rid) {
- unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name,
- sizeof(temp));
- if (opt_verbose)
- d_printf("Group is primary group of %s\n",temp);
+
+ if (info->info21.primary_gid == group_rid) {
+ if (opt_verbose) {
+ d_printf("Group is primary group of %s\n",
+ info->info21.account_name.string);
+ }
group_is_primary = True;
}
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
if (group_is_primary) {
}
/* remove all group members */
- for (i = 0; i < num_members; i++)
+ for (i = 0; i < rids->count; i++)
{
if (opt_verbose)
- d_printf("Remove group member %d...",group_rids[i]);
- result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, group_rids[i]);
+ d_printf("Remove group member %d...",
+ rids->rids[i]);
+ result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ rids->rids[i]);
if (NT_STATUS_IS_OK(result)) {
if (opt_verbose)
}
}
- result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol);
+ result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
+ &group_pol);
break;
/* removing a local group is easier... */
case SID_NAME_ALIAS:
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[0], &group_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids.ids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_alias failed\n");
goto done;
}
-
- result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol);
+
+ result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
+ &group_pol);
break;
default:
d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
- argv[0],sid_type_lookup(name_types[0]));
+ argv[0],sid_type_lookup(name_types.ids[0]));
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (NT_STATUS_IS_OK(result)) {
if (opt_verbose)
- d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types[0]),argv[0]);
+ d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
} else {
d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
get_friendly_nt_error_msg(result));
{
POLICY_HND connect_pol, domain_pol, group_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- GROUP_INFO_CTR group_info;
+ union samr_GroupInfo group_info;
+ struct lsa_String grp_name;
+ uint32_t rid = 0;
if (argc != 1) {
d_printf("Group name must be specified\n");
return NT_STATUS_OK;
}
+ init_lsa_String(&grp_name, argv[0]);
+
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Create the group */
- result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol,
- argv[0], MAXIMUM_ALLOWED_ACCESS,
- &group_pol);
+ result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &grp_name,
+ MAXIMUM_ALLOWED_ACCESS,
+ &group_pol,
+ &rid);
if (!NT_STATUS_IS_OK(result)) goto done;
if (strlen(opt_comment) == 0) goto done;
/* We've got a comment to set */
- group_info.switch_value1 = 4;
- init_samr_group_info4(&group_info.group.info4, opt_comment);
+ init_lsa_String(&group_info.description, opt_comment);
- result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &group_info);
+ result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
+ &group_pol,
+ 4,
+ &group_info);
if (!NT_STATUS_IS_OK(result)) goto done;
done:
{
POLICY_HND connect_pol, domain_pol, alias_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- ALIAS_INFO_CTR alias_info;
+ union samr_AliasInfo alias_info;
+ struct lsa_String alias_name;
+ uint32_t rid = 0;
if (argc != 1) {
d_printf("Alias name must be specified\n");
return NT_STATUS_OK;
}
+ init_lsa_String(&alias_name, argv[0]);
+
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Create the group */
- result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol,
- argv[0], &alias_pol);
+ result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &alias_name,
+ MAXIMUM_ALLOWED_ACCESS,
+ &alias_pol,
+ &rid);
if (!NT_STATUS_IS_OK(result)) goto done;
if (strlen(opt_comment) == 0) goto done;
/* We've got a comment to set */
- alias_info.level = 3;
- init_samr_alias_info3(&alias_info.alias.info3, opt_comment);
+ init_lsa_String(&alias_info.description, opt_comment);
+
+ result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
+ &alias_pol,
+ 3,
+ &alias_info);
- result = rpccli_samr_set_aliasinfo(pipe_hnd, mem_ctx, &alias_pol, &alias_info);
if (!NT_STATUS_IS_OK(result)) goto done;
done:
uint32 group_rid;
POLICY_HND group_pol;
- uint32 num_rids;
- uint32 *rids = NULL;
- uint32 *rid_types = NULL;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
DOM_SID sid;
return NT_STATUS_UNSUCCESSFUL;
}
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, &member,
- &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, member);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not lookup up group member %s\n", member);
goto done;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
+ result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ rids.ids[0],
+ 0x0005); /* unknown flags */
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
return result;
}
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- alias_rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ alias_rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- result = rpccli_samr_add_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
+ result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &member_sid);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
uint32 group_rid;
POLICY_HND group_pol;
- uint32 num_rids;
- uint32 *rids = NULL;
- uint32 *rid_types = NULL;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
DOM_SID sid;
if (!sid_split_rid(&sid, &group_rid))
return NT_STATUS_UNSUCCESSFUL;
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, &member,
- &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, member);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not lookup up group member %s\n", member);
goto done;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
+ result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ rids.ids[0]);
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
return result;
}
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- alias_rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ alias_rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_del_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
+ result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &member_sid);
if (!NT_STATUS_IS_OK(result))
return result;
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
- struct acct_info *groups;
- BOOL global = False;
- BOOL local = False;
- BOOL builtin = False;
+ struct samr_SamArray *groups = NULL;
+ bool global = False;
+ bool local = False;
+ bool builtin = False;
if (argc == 0) {
global = True;
}
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
d_printf("\nGroup name Comment"\
"\n-----------------------------\n");
do {
- SAM_DISPINFO_CTR ctr;
- SAM_DISPINFO_3 info3;
- uint32 max_size;
-
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(info3);
- ctr.sam.info3 = &info3;
+ uint32_t max_size, total_size, returned_size;
+ union samr_DispInfo info;
if (!global) break;
get_query_dispinfo_params(
loop_count, &max_entries, &max_size);
- result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, 3, &num_entries,
- max_entries, max_size, &ctr);
+ result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 3,
+ start_idx,
+ max_entries,
+ max_size,
+ &total_size,
+ &returned_size,
+ &info);
+ num_entries = info.info3.count;
+ start_idx += info.info3.count;
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
-
+
for (i = 0; i < num_entries; i++) {
- fstring group, desc;
+ const char *group = NULL;
+ const char *desc = NULL;
+
+ group = info.info3.entries[i].account_name.string;
+ desc = info.info3.entries[i].description.string;
- unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group));
- unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc));
-
if (opt_long_list_entries)
printf("%-21.21s %-50.50s\n",
group, desc);
do {
if (!local) break;
- /* The max_size field in cli_samr_enum_als_groups is more like
- * an account_control field with indiviual bits what to
- * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get
- * everything. I'm too lazy (sorry) to get this through to
- * rpc_parse/ etc. Volker */
-
- result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, 0xffff,
- &groups, &num_entries);
-
+ result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &start_idx,
+ &groups,
+ 0xffff,
+ &num_entries);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
-
+
for (i = 0; i < num_entries; i++) {
- char *description = NULL;
+ const char *description = NULL;
if (opt_long_list_entries) {
POLICY_HND alias_pol;
- ALIAS_INFO_CTR ctr;
-
- if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
- &domain_pol,
- 0x8,
- groups[i].rid,
- &alias_pol))) &&
- (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
- &alias_pol, 3,
- &ctr))) &&
- (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+ union samr_AliasInfo *info = NULL;
+
+ if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 0x8,
+ groups->entries[i].idx,
+ &alias_pol))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
+ &alias_pol,
+ 3,
+ &info))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
&alias_pol)))) {
- description = unistr2_tdup(mem_ctx,
- ctr.alias.info3.description.string);
+ description = info->description.string;
}
}
-
+
if (description != NULL) {
- printf("%-21.21s %-50.50s\n",
- groups[i].acct_name,
+ printf("%-21.21s %-50.50s\n",
+ groups->entries[i].name.string,
description);
} else {
- printf("%s\n", groups[i].acct_name);
+ printf("%s\n", groups->entries[i].name.string);
}
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
/* Get builtin policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &global_sid_Builtin, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
do {
if (!builtin) break;
- result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, max_entries,
- &groups, &num_entries);
-
+ result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &start_idx,
+ &groups,
+ max_entries,
+ &num_entries);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
-
+
for (i = 0; i < num_entries; i++) {
- char *description = NULL;
+ const char *description = NULL;
if (opt_long_list_entries) {
POLICY_HND alias_pol;
- ALIAS_INFO_CTR ctr;
-
- if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
- &domain_pol,
- 0x8,
- groups[i].rid,
- &alias_pol))) &&
- (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
- &alias_pol, 3,
- &ctr))) &&
- (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+ union samr_AliasInfo *info = NULL;
+
+ if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 0x8,
+ groups->entries[i].idx,
+ &alias_pol))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
+ &alias_pol,
+ 3,
+ &info))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
&alias_pol)))) {
- description = unistr2_tdup(mem_ctx,
- ctr.alias.info3.description.string);
+ description = info->description.string;
}
}
-
+
if (description != NULL) {
- printf("%-21.21s %-50.50s\n",
- groups[i].acct_name,
+ printf("%-21.21s %-50.50s\n",
+ groups->entries[i].name.string,
description);
} else {
- printf("%s\n", groups[i].acct_name);
+ printf("%s\n", groups->entries[i].name.string);
}
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
{
NTSTATUS result;
POLICY_HND group_pol;
- uint32 num_members, *group_rids, *group_attrs;
- uint32 num_names;
- char **names;
- uint32 *name_types;
+ uint32 num_members, *group_rids;
int i;
+ struct samr_RidTypeArray *rids = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids types;
fstring sid_str;
- sid_to_string(sid_str, domain_sid);
+ sid_to_fstring(sid_str, domain_sid);
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
- &num_members, &group_rids,
- &group_attrs);
+ result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ &rids);
if (!NT_STATUS_IS_OK(result))
return result;
+ num_members = rids->count;
+ group_rids = rids->rids;
+
while (num_members > 0) {
int this_time = 512;
if (num_members < this_time)
this_time = num_members;
- result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol,
- this_time, group_rids,
- &num_names, &names, &name_types);
+ result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
+ domain_pol,
+ this_time,
+ group_rids,
+ &names,
+ &types);
if (!NT_STATUS_IS_OK(result))
return result;
if (opt_long_list_entries) {
printf("%s-%d %s\\%s %d\n", sid_str,
- group_rids[i], domain_name, names[i],
+ group_rids[i], domain_name,
+ names.names[i].string,
SID_NAME_USER);
} else {
- printf("%s\\%s\n", domain_name, names[i]);
+ printf("%s\\%s\n", domain_name,
+ names.names[i].string);
}
}
char **names;
enum lsa_SidType *types;
int i;
+ struct lsa_SidArray sid_array;
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,
- MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol,
- &num_members, &alias_sids);
+ result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &sid_array);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't list alias members\n");
return result;
}
+ num_members = sid_array.num_sids;
+
if (num_members == 0) {
return NT_STATUS_OK;
}
return result;
}
+ alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
+ if (!alias_sids) {
+ d_fprintf(stderr, "Out of memory\n");
+ cli_rpc_pipe_close(lsa_pipe);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_members; i++) {
+ sid_copy(&alias_sids[i], sid_array.sids[i].sid);
+ }
+
result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
alias_sids,
&domains, &names, &types);
for (i = 0; i < num_members; i++) {
fstring sid_str;
- sid_to_string(sid_str, &alias_sids[i]);
+ sid_to_fstring(sid_str, &alias_sids[i]);
if (opt_long_list_entries) {
printf("%s %s\\%s %d\n", sid_str,
{
NTSTATUS result;
POLICY_HND connect_pol, domain_pol;
- uint32 num_rids, *rids, *rid_types;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, argv, &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
DOM_SID sid_Builtin;
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
- string_to_sid(&sid_Builtin, "S-1-5-32");
+ sid_copy(&sid_Builtin, &global_sid_Builtin);
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid_Builtin, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid_Builtin,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
return result;
}
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, argv, &num_rids,
- &rids, &rid_types);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
}
}
- if (num_rids != 1) {
+ if (rids.count != 1) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
return result;
}
- if (rid_types[0] == SID_NAME_DOM_GRP) {
+ if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
domain_sid, &domain_pol,
- rids[0]);
+ rids.ids[0]);
}
- if (rid_types[0] == SID_NAME_ALIAS) {
+ if (rid_types.ids[0] == SID_NAME_ALIAS) {
return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
- rids[0]);
+ rids.ids[0]);
}
return NT_STATUS_NO_SUCH_GROUP;
{
NTSTATUS result;
POLICY_HND connect_pol, domain_pol, group_pol;
- uint32 num_rids, *rids, *rid_types;
- GROUP_INFO_CTR ctr;
+ union samr_GroupInfo group_info;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
if (argc != 2) {
d_printf("Usage: 'net rpc group rename group newname'\n");
}
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, argv, &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, argv[0]);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
- if (num_rids != 1) {
+ if (rids.count != 1) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
return result;
}
- if (rid_types[0] != SID_NAME_DOM_GRP) {
+ if (rid_types.ids[0] != SID_NAME_DOM_GRP) {
d_fprintf(stderr, "Can only rename domain groups\n");
return NT_STATUS_UNSUCCESSFUL;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rids[0], &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids.ids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- ZERO_STRUCT(ctr);
+ init_lsa_String(&group_info.name, argv[1]);
- ctr.switch_value1 = 2;
- init_samr_group_info2(&ctr.group.info2, argv[1]);
-
- result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr);
+ result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
+ &group_pol,
+ 2,
+ &group_info);
if (!NT_STATUS_IS_OK(result))
return result;
TALLOC_CTX *mem_ctx,int argc,
const char **argv)
{
- NTSTATUS result;
+ WERROR result;
+ NTSTATUS status;
char *sharename;
char *path;
uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
uint32 num_users=0, perms=0;
char *password=NULL; /* don't allow a share password */
uint32 level = 2;
- uint32 parm_error;
union srvsvc_NetShareInfo info;
struct srvsvc_NetShareInfo2 info2;
+ uint32_t parm_error = 0;
if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
return NT_STATUS_NO_MEMORY;
return NT_STATUS_UNSUCCESSFUL;
*path++ = '\0';
+ info2.name = sharename;
+ info2.type = type;
+ info2.comment = opt_comment;
+ info2.permissions = perms;
+ info2.max_users = opt_maxusers;
+ info2.current_users = num_users;
+ info2.path = path;
+ info2.password = password;
+
info.info2 = &info2;
- info2.type = type;
- info2.comment = opt_comment;
- info2.permissions = perms;
- info2.max_users = opt_maxusers;
- info2.current_users = num_users;
- info2.path = path;
- info2.password = password;
- info2.name = sharename;
-
- result = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx, NULL, level,
- info, &parm_error);
- return result;
+ status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ level,
+ &info,
+ &parm_error,
+ &result);
+ return status;
}
static int rpc_share_add(int argc, const char **argv)
int argc,
const char **argv)
{
- return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx, NULL, argv[0], 0);
+ WERROR result;
+
+ return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ argv[0],
+ 0,
+ &result);
}
/**
/**
* Formatted print of share info
*
- * @param info1 pointer to struct srvsvc_NetShareInfo1 to format
+ * @param info1 pointer to SRV_SHARE_INFO_1 to format
**/
-
-static void display_share_info_1(struct srvsvc_NetShareInfo1 *info1)
+
+static void display_share_info_1(struct srvsvc_NetShareInfo1 *r)
{
if (opt_long_list_entries) {
d_printf("%-12s %-8.8s %-50s\n",
- info1->name, share_type[info1->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
- info1->comment ? info1->comment : "");
+ r->name,
+ share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
+ r->comment);
} else {
- d_printf("%s\n", info1->name);
+ d_printf("%s\n", r->name);
}
-
}
-static NTSTATUS get_share_info(struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- uint32 level,
- int argc,
- const char **argv,
- union srvsvc_NetShareCtr *ctr,
- uint32 *numentries)
+static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
+ TALLOC_CTX *mem_ctx,
+ uint32 level,
+ int argc,
+ const char **argv,
+ struct srvsvc_NetShareInfoCtr *info_ctr)
{
- union srvsvc_NetShareInfo info;
+ WERROR result;
NTSTATUS status;
-
- switch(level) {
- case 1:
- if (!(ctr->ctr1 = TALLOC_ZERO_P(
- mem_ctx, struct srvsvc_NetShareCtr1))) {
- return NT_STATUS_NO_MEMORY;
- }
- break;
- case 502:
- if (!(ctr->ctr502 = TALLOC_ZERO_P(
- mem_ctx, struct srvsvc_NetShareCtr502))) {
- return NT_STATUS_NO_MEMORY;
- }
- break;
- default:
- return NT_STATUS_INVALID_LEVEL;
- break;
- }
+ union srvsvc_NetShareInfo info;
/* no specific share requested, enumerate all */
if (argc == 0) {
- uint32 hnd = 0;
- return rpccli_srvsvc_NetShareEnum(pipe_hnd, mem_ctx, NULL,
- &level, ctr, 0xffffffff,
- numentries, &hnd);
+ uint32_t preferred_len = 0xffffffff;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+
+ info_ctr->level = level;
+
+ status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ info_ctr,
+ preferred_len,
+ &total_entries,
+ &resume_handle,
+ &result);
+ return result;
}
/* request just one share */
- status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, NULL,
- argv[0], level, &info);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ argv[0],
+ level,
+ &info,
+ &result);
+
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
+ goto done;
}
- *numentries = 1;
+ /* construct ctr */
+ ZERO_STRUCTP(info_ctr);
+
+ info_ctr->level = level;
- switch(level) {
+ switch (level) {
case 1:
- ctr->ctr1->count = 1;
- ctr->ctr1->array = info.info1;
- break;
- case 502:
- ctr->ctr501->count = 1;
- ctr->ctr502->array = info.info502;
- break;
- default:
- return NT_STATUS_INTERNAL_ERROR;
- break;
+ {
+ struct srvsvc_NetShareCtr1 *ctr1;
+
+ ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
+ W_ERROR_HAVE_NO_MEMORY(ctr1);
+
+ ctr1->count = 1;
+ ctr1->array = info.info1;
+
+ info_ctr->ctr.ctr1 = ctr1;
}
+ case 2:
+ {
+ struct srvsvc_NetShareCtr2 *ctr2;
- return NT_STATUS_OK;
+ ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
+ W_ERROR_HAVE_NO_MEMORY(ctr2);
+
+ ctr2->count = 1;
+ ctr2->array = info.info2;
+
+ info_ctr->ctr.ctr2 = ctr2;
+ }
+ case 502:
+ {
+ struct srvsvc_NetShareCtr502 *ctr502;
+
+ ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
+ W_ERROR_HAVE_NO_MEMORY(ctr502);
+
+ ctr502->count = 1;
+ ctr502->array = info.info502;
+
+ info_ctr->ctr.ctr502 = ctr502;
+ }
+ } /* switch */
+done:
+ return result;
}
/**
int argc,
const char **argv)
{
- union srvsvc_NetShareCtr ctr;
- NTSTATUS result;
+ struct srvsvc_NetShareInfoCtr info_ctr;
+ struct srvsvc_NetShareCtr1 ctr1;
+ WERROR result;
uint32 i, level = 1;
- uint32 numentries;
- result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr,
- &numentries);
- if (!NT_STATUS_IS_OK(result))
+ ZERO_STRUCT(info_ctr);
+ ZERO_STRUCT(ctr1);
+
+ info_ctr.level = 1;
+ info_ctr.ctr.ctr1 = &ctr1;
+
+ result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr);
+ if (!W_ERROR_IS_OK(result))
goto done;
/* Display results */
"\nShare name Type Description\n"\
"---------- ---- -----------\n");
}
- for (i = 0; i < numentries; i++)
- display_share_info_1(&ctr.ctr1->array[i]);
+ for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
+ display_share_info_1(&info_ctr.ctr.ctr1->array[i]);
done:
- return NT_STATUS_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
/***
return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_list_internals, argc, argv);
}
-static BOOL check_share_availability(struct cli_state *cli, const char *netname)
+static bool check_share_availability(struct cli_state *cli, const char *netname)
{
if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
d_printf("skipping [%s]: not a file share.\n", netname);
return True;
}
-static BOOL check_share_sanity(struct cli_state *cli, const char *netname, uint32 type)
+static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type)
{
/* only support disk shares */
if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
}
/**
- * Migrate shares from a remote RPC server to the local RPC srever
+ * Migrate shares from a remote RPC server to the local RPC server
*
* All parameters are provided by the run_rpc_command function, except for
- * argc, argv which are passes through.
+ * argc, argv which are passed through.
*
* @param domain_sid The domain sid acquired from the remote server
* @param cli A cli_state connected to the server.
- * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param mem_ctx Talloc context, destroyed on completion of the function.
* @param argc Standard main() style argc
* @param argv Standard main() style argv. Initial components are already
* stripped
int argc,
const char **argv)
{
- NTSTATUS result;
+ WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- union srvsvc_NetShareCtr ctr_src;
+ struct srvsvc_NetShareInfoCtr ctr_src;
uint32 i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
uint32 level = 502; /* includes secdesc */
- uint32 numentries;
+ uint32_t parm_error = 0;
- result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src,
- &numentries);
- if (!NT_STATUS_IS_OK(result))
+ result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
+ if (!W_ERROR_IS_OK(result))
goto done;
/* connect destination PI_SRVSVC */
return nt_status;
- for (i = 0; i < numentries; i++) {
- uint32 parm_error = 0;
+ for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
+
union srvsvc_NetShareInfo info;
+ struct srvsvc_NetShareInfo502 info502 =
+ ctr_src.ctr.ctr502->array[i];
/* reset error-code */
nt_status = NT_STATUS_UNSUCCESSFUL;
- if (!check_share_sanity(cli, ctr_src.ctr502->array[i].name,
- ctr_src.ctr502->array[i].type))
-
+ if (!check_share_sanity(cli, info502.name, info502.type))
continue;
/* finally add the share on the dst server */
printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
- ctr_src.ctr502->array[i].name,
- ctr_src.ctr502->array[i].path,
- ctr_src.ctr502->array[i].comment);
+ info502.name, info502.path, info502.comment);
- info.info502 = &ctr_src.ctr502->array[i];
+ info.info502 = &info502;
- result = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx, NULL,
- 502, info, &parm_error);
-
- if (NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_COLLISION)) {
- printf(" [%s] does already exist\n", ctr_src.ctr502->array[i].name);
+ nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
+ srvsvc_pipe->cli->desthost,
+ 502,
+ &info,
+ &parm_error,
+ &result);
+
+ if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
+ printf(" [%s] does already exist\n",
+ info502.name);
continue;
}
- if (!NT_STATUS_IS_OK(result)) {
- printf("cannot add share: %s\n", nt_errstr(result));
+ if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
+ printf("cannot add share: %s\n", dos_errstr(result));
goto done;
}
*
* @return Boolean result
**/
-BOOL sync_files(struct copy_clistate *cp_clistate, pstring mask)
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
{
struct cli_state *targetcli;
- pstring targetpath;
+ char *targetpath = NULL;
DEBUG(3,("calling cli_list with mask: %s\n", mask));
- if ( !cli_resolve_path( "", cp_clistate->cli_share_src, mask, &targetcli, targetpath ) ) {
+ if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
+ mask, &targetcli, &targetpath ) ) {
d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
mask, cli_errstr(cp_clistate->cli_share_src));
return False;
* Should set up ACL inheritance.
**/
-BOOL copy_top_level_perms(struct copy_clistate *cp_clistate,
+bool copy_top_level_perms(struct copy_clistate *cp_clistate,
const char *sharename)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
int argc,
const char **argv)
{
- NTSTATUS result;
+ WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- union srvsvc_NetShareCtr ctr_src;
+ struct srvsvc_NetShareInfoCtr ctr_src;
uint32 i;
uint32 level = 502;
struct copy_clistate cp_clistate;
- BOOL got_src_share = False;
- BOOL got_dst_share = False;
- pstring mask = "\\*";
+ bool got_src_share = False;
+ bool got_dst_share = False;
+ const char *mask = "\\*";
char *dst = NULL;
- uint32 numentries;
dst = SMB_STRDUP(opt_destination?opt_destination:"127.0.0.1");
- result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src,
- &numentries);
+ result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
- if (!NT_STATUS_IS_OK(result))
+ if (!W_ERROR_IS_OK(result))
goto done;
- for (i = 0; i < numentries; i++) {
- if (!check_share_sanity(cli, ctr_src.ctr502->array[i].name,
- ctr_src.ctr502->array[i].type))
+ for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
+
+ struct srvsvc_NetShareInfo502 info502 =
+ ctr_src.ctr.ctr502->array[i];
+
+ if (!check_share_sanity(cli, info502.name, info502.type))
continue;
/* one might not want to mirror whole discs :) */
- if (strequal(ctr_src.ctr502->array[i].name, "print$") || ctr_src.ctr502->array[i].name[1] == '$') {
- d_printf("skipping [%s]: builtin/hidden share\n", ctr_src.ctr502->array[i].name);
+ if (strequal(info502.name, "print$") || info502.name[1] == '$') {
+ d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
continue;
}
break;
}
printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
- ctr_src.ctr502->array[i].name,
+ info502.name,
opt_acls ? "including" : "without",
opt_attrs ? "including" : "without",
opt_timestamps ? "(preserving timestamps)" : "");
/* open share source */
nt_status = connect_to_service(&cp_clistate.cli_share_src,
- &cli->dest_ip, cli->desthost,
- ctr_src.ctr502->array[i].name, "A:");
+ &cli->dest_ss, cli->desthost,
+ info502.name, "A:");
if (!NT_STATUS_IS_OK(nt_status))
goto done;
if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
/* open share destination */
nt_status = connect_to_service(&cp_clistate.cli_share_dst,
- NULL, dst, ctr_src.ctr502->array[i].name, "A:");
+ NULL, dst, info502.name, "A:");
if (!NT_STATUS_IS_OK(nt_status))
goto done;
got_dst_share = True;
}
- if (!copy_top_level_perms(&cp_clistate, ctr_src.ctr502->array[i].name)) {
- d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", ctr_src.ctr502->array[i].name);
+ if (!copy_top_level_perms(&cp_clistate, info502.name)) {
+ d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (!sync_files(&cp_clistate, mask)) {
- d_fprintf(stderr, "could not handle files for share: %s\n",
- ctr_src.ctr502->array[i].name);
+ d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
}
int argc,
const char **argv)
{
- NTSTATUS result;
+ WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- union srvsvc_NetShareCtr ctr_src;
+ struct srvsvc_NetShareInfoCtr ctr_src;
union srvsvc_NetShareInfo info;
uint32 i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
uint32 level = 502; /* includes secdesc */
- uint32 numentries;
- uint32 parm_error = 0;
+ uint32_t parm_error = 0;
- result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src,
- &numentries);
+ result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
- if (!NT_STATUS_IS_OK(result))
+ if (!W_ERROR_IS_OK(result))
goto done;
/* connect destination PI_SRVSVC */
return nt_status;
- for (i = 0; i < numentries; i++) {
+ for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
+
+ struct srvsvc_NetShareInfo502 info502 =
+ ctr_src.ctr.ctr502->array[i];
+
/* reset error-code */
nt_status = NT_STATUS_UNSUCCESSFUL;
- if (!check_share_sanity(cli, ctr_src.ctr502->array[i].name, ctr_src.ctr502->array[i].type))
+ if (!check_share_sanity(cli, info502.name, info502.type))
continue;
printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
- ctr_src.ctr502->array[i].name,
- ctr_src.ctr502->array[i].path,
- ctr_src.ctr502->array[i].comment);
+ info502.name, info502.path, info502.comment);
if (opt_verbose)
- display_sec_desc(ctr_src.ctr502->array[i].sd);
+ display_sec_desc(info502.sd);
- /* init info */
- ZERO_STRUCT(info);
+ /* FIXME: shouldn't we be able to just set the security descriptor ? */
+ info.info502 = &info502;
/* finally modify the share on the dst server */
- result = rpccli_srvsvc_NetShareSetInfo(
- srvsvc_pipe, mem_ctx, NULL, argv[0], level, info,
- &parm_error);
-
- if (!NT_STATUS_IS_OK(result)) {
- printf("cannot set share-acl: %s\n", nt_errstr(result));
+ nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
+ srvsvc_pipe->cli->desthost,
+ info502.name,
+ level,
+ &info,
+ &parm_error,
+ &result);
+ if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
+ printf("cannot set share-acl: %s\n", dos_errstr(result));
goto done;
}
const DOM_SID *domain_sid)
{
uint32 start_idx, max_entries, num_entries, i;
- struct acct_info *groups;
+ struct samr_SamArray *groups = NULL;
NTSTATUS result;
POLICY_HND domain_pol;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
max_entries = 250;
do {
- result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, max_entries,
- &groups, &num_entries);
-
+ result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &start_idx,
+ &groups,
+ max_entries,
+ &num_entries);
for (i = 0; i < num_entries; i++) {
POLICY_HND alias_pol;
struct full_alias alias;
- DOM_SID *members;
+ struct lsa_SidArray sid_array;
int j;
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- groups[i].rid,
- &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ groups->entries[i].idx,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx,
- &alias_pol,
- &alias.num_members,
- &members);
+ result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &sid_array);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol);
+ alias.num_members = sid_array.num_sids;
+
+ result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
for (j = 0; j < alias.num_members; j++)
sid_copy(&alias.members[j],
- &members[j]);
+ sid_array.sids[j].sid);
}
sid_copy(&alias.sid, domain_sid);
- sid_append_rid(&alias.sid, groups[i].rid);
+ sid_append_rid(&alias.sid, groups->entries[i].idx);
push_alias(mem_ctx, &alias);
}
result = NT_STATUS_OK;
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
return result;
}
NTSTATUS result;
POLICY_HND connect_pol;
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
domain_sid);
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
done:
return result;
}
SAFE_FREE(token->user_sids);
}
-static BOOL is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
+static bool is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
{
int i;
d_printf("%s\n", token->name);
for (i=0; i<token->token.num_sids; i++) {
- d_printf(" %s\n", sid_string_static(&token->token.user_sids[i]));
+ d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
}
}
-static BOOL is_alias_member(DOM_SID *sid, struct full_alias *alias)
+static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
{
int i;
}
}
-static BOOL get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
+static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
{
struct winbindd_request request;
struct winbindd_response response;
return False;
}
- string_to_sid(&user_sid, response.data.sid.sid);
+ if (!string_to_sid(&user_sid, response.data.sid.sid)) {
+ DEBUG(1, ("Could not convert string '%s' to SID\n", response.data.sid.sid));
+ return False;
+ }
init_user_token(token, &user_sid);
* Get a list of all user tokens we want to look at
**/
-static BOOL get_user_tokens(int *num_tokens, struct user_token **user_tokens)
+static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens)
{
struct winbindd_request request;
struct winbindd_response response;
const char *extra_data;
- fstring name;
+ char *name;
int i;
struct user_token *result;
+ TALLOC_CTX *frame = NULL;
if (lp_winbind_use_default_domain() &&
(opt_target_workgroup == NULL)) {
ZERO_STRUCT(request);
ZERO_STRUCT(response);
-
+
if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
extra_data = (const char *)response.extra_data.data;
*num_tokens = 0;
- while(next_token(&extra_data, name, ",", sizeof(fstring))) {
+ frame = talloc_stackframe();
+ while(next_token_talloc(frame, &extra_data, &name, ",")) {
*num_tokens += 1;
}
if (result == NULL) {
DEBUG(1, ("Could not malloc sid array\n"));
+ TALLOC_FREE(frame);
return False;
}
extra_data = (const char *)response.extra_data.data;
i=0;
- while(next_token(&extra_data, name, ",", sizeof(fstring))) {
-
+ while(next_token_talloc(frame, &extra_data, &name, ",")) {
fstring domain, user;
char *p;
get_user_sids(domain, user, &(result[i].token));
i+=1;
}
-
+ TALLOC_FREE(frame);
SAFE_FREE(response.extra_data.data);
*user_tokens = result;
return True;
}
-static BOOL get_user_tokens_from_file(FILE *f,
+static bool get_user_tokens_from_file(FILE *f,
int *num_tokens,
struct user_token **tokens)
{
struct cli_state *cli = pipe_hnd->cli;
int i;
union srvsvc_NetShareInfo info;
- NTSTATUS result;
+ WERROR result;
+ NTSTATUS status;
uint16 cnum;
- result = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, NULL, netname,
- 502, &info);
+ status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ netname,
+ 502,
+ &info,
+ &result);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
DEBUG(1, ("Coult not query secdesc for share %s\n",
netname));
return;
for (i=0; i<num_tokens; i++) {
uint32 acc_granted;
- NTSTATUS status;
if (share_sd != NULL) {
if (!se_access_check(share_sd, &tokens[i].token,
const char **argv)
{
int ret;
- BOOL r;
- uint32 hnd;
+ bool r;
+ ENUM_HND hnd;
uint32 i;
FILE *f;
for (i=0; i<num_tokens; i++)
collect_alias_memberships(&tokens[i].token);
- hnd = 0;
+ init_enum_hnd(&hnd, 0);
+
share_list.num_shares = 0;
share_list.shares = NULL;
struct rpc_pipe_client *pipe_hnd,
int argc, const char **argv)
{
+ WERROR result;
+ NTSTATUS status;
+ uint32_t parm_err = 0;
union srvsvc_NetShareInfo info;
struct srvsvc_NetShareInfo2 info2;
- NTSTATUS result;
- uint32 parm_error = 0;
if ((argc < 2) || (argc > 3)) {
d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
return NT_STATUS_INVALID_PARAMETER;
}
+ info2.name = argv[0];
+ info2.type = STYPE_DISKTREE;
+ info2.comment = (argc == 3) ? argv[2] : "";
+ info2.permissions = 0;
+ info2.max_users = 0;
+ info2.current_users = 0;
+ info2.path = argv[1];
+ info2.password = NULL;
+
info.info2 = &info2;
- info2.name = argv[0];
- info2.type = STYPE_DISKTREE;
- info2.comment = (argc == 3) ? argv[2] : "";
- result = rpccli_srvsvc_NetShareAdd(
- pipe_hnd, mem_ctx, NULL, 2, info, &parm_error);
-
- return result;
+ status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ 2,
+ &info,
+ &parm_err,
+ &result);
+
+ return status;
}
static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *pipe_hnd,
int argc, const char **argv)
{
- NTSTATUS result;
+ WERROR result;
+ NTSTATUS status;
if (argc != 1) {
d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx, NULL, argv[0], 0);
- return result;
+ status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ argv[0],
+ 0,
+ &result);
+
+ return status;
}
static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
union srvsvc_NetShareInfo info;
- NTSTATUS result;
+ WERROR result;
+ NTSTATUS status;
if (argc != 1) {
d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_srvsvc_NetShareGetInfo(
- pipe_hnd, mem_ctx, NULL, argv[0], 2, &info);
- if (!NT_STATUS_IS_OK(result)) {
+ status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ argv[0],
+ 2,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
goto done;
}
d_printf("Password: %s\n", info.info2->password);
done:
- return result;
+ return werror_to_ntstatus(result);
}
struct rpc_sh_cmd *net_rpc_share_cmds(TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
- NTSTATUS result;
- result = rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx, NULL, atoi(argv[0]));
- return NT_STATUS_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ atoi(argv[0]), NULL);
}
/**
/**
* Formatted print of open file info
*
- * @param info3 FILE_INFO_3 contents
- * @param str3 strings for FILE_INFO_3
+ * @param r struct srvsvc_NetFileInfo3 contents
**/
-static void display_file_info_3( struct srvsvc_NetFileInfo3 *info3 )
+static void display_file_info_3(struct srvsvc_NetFileInfo3 *r)
{
d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
- info3->fid, info3->user, info3->permissions, info3->num_locks, info3->path);
+ r->fid, r->user, r->permissions, r->num_locks, r->path);
}
/**
int argc,
const char **argv)
{
+ struct srvsvc_NetFileInfoCtr info_ctr;
struct srvsvc_NetFileCtr3 ctr3;
- union srvsvc_NetFileCtr ctr;
- NTSTATUS result;
- uint32 hnd;
+ WERROR result;
+ NTSTATUS status;
uint32 preferred_len = 0xffffffff, i;
const char *username=NULL;
- uint32 level = 3;
- uint32 numentries;
-
- hnd = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
/* if argc > 0, must be user command */
if (argc > 0)
username = smb_xstrdup(argv[0]);
- ctr.ctr3 = &ctr3;
-
- result = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx, NULL, NULL,
- username, &level, &ctr,
- preferred_len, &numentries, &hnd);
+ ZERO_STRUCT(info_ctr);
+ ZERO_STRUCT(ctr3);
- if (!NT_STATUS_IS_OK(result))
+ info_ctr.level = 3;
+ info_ctr.ctr.ctr3 = &ctr3;
+
+ status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ NULL,
+ username,
+ &info_ctr,
+ preferred_len,
+ &total_entries,
+ &resume_handle,
+ &result);
+
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result))
goto done;
/* Display results */
"\nEnumerating open files on remote server:\n\n"\
"\nFileId Opened by Perms Locks Path"\
"\n------ --------- ----- ----- ---- \n");
- for (i = 0; i < numentries; i++)
- display_file_info_3(&ctr.ctr3->array[i]);
+ for (i = 0; i < total_entries; i++)
+ display_file_info_3(&info_ctr.ctr.ctr3->array[i]);
done:
- return NT_STATUS_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
/**
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL);
+ result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
if (NT_STATUS_IS_OK(result)) {
d_printf("\nShutdown successfully aborted\n");
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL);
+ result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
if (NT_STATUS_IS_OK(result)) {
d_printf("\nShutdown successfully aborted\n");
* @return Normal NTSTATUS return.
**/
-static NTSTATUS rpc_init_shutdown_internals(const DOM_SID *domain_sid,
+NTSTATUS rpc_init_shutdown_internals(const DOM_SID *domain_sid,
const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
/* create an entry */
result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
- &msg_string, timeout, opt_force, opt_reboot);
+ &msg_string, timeout, opt_force, opt_reboot, NULL);
if (NT_STATUS_IS_OK(result)) {
d_printf("\nShutdown of remote machine succeeded\n");
* @return Normal NTSTATUS return.
**/
-static NTSTATUS rpc_reg_shutdown_internals(const DOM_SID *domain_sid,
+NTSTATUS rpc_reg_shutdown_internals(const DOM_SID *domain_sid,
const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
struct initshutdown_String msg_string;
struct initshutdown_String_sub s;
NTSTATUS result;
+ WERROR werr;
if (opt_comment) {
msg = opt_comment;
/* create an entry */
result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
- &msg_string, timeout, opt_force, opt_reboot);
+ &msg_string, timeout, opt_force, opt_reboot, &werr);
if (NT_STATUS_IS_OK(result)) {
d_printf("\nShutdown of remote machine succeeded\n");
} else {
d_fprintf(stderr, "\nShutdown of remote machine failed\n");
- if ( W_ERROR_EQUAL(ntstatus_to_werror(result),WERR_MACHINE_LOCKED) )
+ if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
else
- d_fprintf(stderr, "\nresult was: %s\n", nt_errstr(result));
+ d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
}
return result;
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
+ uint32_t access_granted = 0;
+ union samr_UserInfo info;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
-
+
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
return NT_STATUS_NO_MEMORY;
}
strupper_m(acct_name);
+ init_lsa_String(&lsa_acct_name, acct_name);
+
/* Get samr policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Create trusting domain's account */
- acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
-
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
- &user_pol, &user_rid);
+ acb_info = ACB_NORMAL;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
{
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_23 p23;
NTTIME notime;
- char nostr[] = "";
- LOGON_HRS hrs;
+ struct samr_LogonHours hours;
+ const int units_per_week = 168;
uchar pwbuf[516];
encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p23);
ZERO_STRUCT(notime);
- hrs.max_len = 1260;
- hrs.offset = 0;
- hrs.len = 21;
- memset(hrs.hours, 0xFF, sizeof(hrs.hours));
- acb_info = ACB_DOMTRUST;
-
- init_sam_user_info23A(&p23, ¬ime, ¬ime, ¬ime,
- ¬ime, ¬ime, ¬ime,
- nostr, nostr, nostr, nostr, nostr,
- nostr, nostr, nostr, nostr, nostr,
- 0, 0, acb_info, ACCT_FLAGS, 168, &hrs,
- 0, 0, (char *)pwbuf);
- ctr.switch_value = 23;
- ctr.info.id23 = &p23;
- p23.passmustchange = 0;
-
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23,
- &cli->user_session_key, &ctr);
+
+ ZERO_STRUCT(hours);
+ hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
+ if (!hours.bits) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ hours.units_per_week = units_per_week;
+ memset(hours.bits, 0xFF, units_per_week);
+
+ init_samr_user_info23(&info.info23,
+ notime, notime, notime,
+ notime, notime, notime,
+ NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
+ hours,
+ 0, 0, 0, 0, 0, 0, 0,
+ pwbuf, 24);
+
+ SamOEMhashBlob(info.info23.password.data, 516,
+ &cli->user_session_key);
+
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ 23,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("Could not set trust account password: %s\n",
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
- const char **names;
DOM_SID trust_acct_sid;
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
if (argc != 1) {
d_printf("Usage: net rpc trustdom del <domain_name>\n");
strupper_m(acct_name);
- if ((names = TALLOC_ARRAY(mem_ctx, const char *, 1)) == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- names[0] = acct_name;
-
-
/* Get samr policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, flags, 1,
- names, &num_rids,
- &user_rids, &name_types);
-
+ init_lsa_String(&lsa_acct_name, acct_name);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
+
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* append the rid to the domain sid */
sid_copy(&trust_acct_sid, domain_sid);
- if (!sid_append_rid(&trust_acct_sid, user_rids[0])) {
+ if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
goto done;
}
/* remove the sid */
- result = rpccli_samr_remove_sid_foreign_domain(pipe_hnd, mem_ctx, &user_pol,
- &trust_acct_sid);
-
+ result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
+ &user_pol,
+ &trust_acct_sid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Delete user */
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
static int rpc_trustdom_establish(int argc, const char **argv)
{
struct cli_state *cli = NULL;
- struct in_addr server_ip;
+ struct sockaddr_storage server_ss;
struct rpc_pipe_client *pipe_hnd = NULL;
POLICY_HND connect_hnd;
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
DOM_SID *domain_sid;
-
+
char* domain_name;
- char* domain_name_pol;
char* acct_name;
fstring pdc_name;
+ char *dc_name;
+ union lsa_PolicyInformation *info = NULL;
/*
* Connect to \\server\ipc$ as 'our domain' account with password
/* account name used at first is our domain's name with '$' */
asprintf(&acct_name, "%s$", lp_workgroup());
strupper_m(acct_name);
-
+
/*
* opt_workgroup will be used by connection functions further,
* hence it should be set to remote domain name instead of ours
if (opt_workgroup) {
opt_workgroup = smb_xstrdup(domain_name);
};
-
+
opt_user_name = acct_name;
/* find the domain controller */
- if (!net_find_pdc(&server_ip, pdc_name, domain_name)) {
+ if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
return -1;
}
/* connect to ipc$ as username/password */
- nt_status = connect_to_ipc(&cli, &server_ip, pdc_name);
+ nt_status = connect_to_ipc(&cli, &server_ss, pdc_name);
if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
/* Is it trusting domain account for sure ? */
/* store who we connected to */
saf_store( domain_name, pdc_name );
-
+
/*
* Connect to \\server\ipc$ again (this time anonymously)
*/
-
- nt_status = connect_to_ipc_anonymous(&cli, &server_ip, (char*)pdc_name);
-
+
+ nt_status = connect_to_ipc_anonymous(&cli, &server_ss, (char*)pdc_name);
+
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
domain_name, nt_errstr(nt_status)));
/*
* Use NetServerEnum2 to make sure we're talking to a proper server
*/
-
- if (!cli_get_pdc_name(cli, domain_name, (char*)pdc_name)) {
+
+ if (!cli_get_pdc_name(cli, domain_name, &dc_name)) {
DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\
for domain %s\n", domain_name));
cli_shutdown(cli);
return -1;
}
+ SAFE_FREE(dc_name);
if (!(mem_ctx = talloc_init("establishing trust relationship to "
"domain %s", domain_name))) {
}
/* Querying info level 5 */
-
- nt_status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &connect_hnd,
- 5 /* info level */,
- &domain_name_pol, &domain_sid);
+
+ nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
return -1;
}
+ domain_sid = info->account_domain.sid;
+
/* There should be actually query info level 3 (following nt serv behaviour),
but I still don't know if it's _really_ necessary */
const char **argv)
{
fstring str_sid;
- sid_to_string(str_sid, domain_sid);
+ sid_to_fstring(str_sid, domain_sid);
d_printf("%s\n", str_sid);
return NT_STATUS_OK;
}
int pad_len, col_len = 20;
/* convert sid into ascii string */
- sid_to_string(ascii_sid, dom_sid);
+ sid_to_fstring(ascii_sid, dom_sid);
/* calculate padding space for d_printf to look nicer */
pad_len = col_len - strlen(trusted_dom_name);
const char *trusted_dom_name)
{
NTSTATUS nt_status;
- LSA_TRUSTED_DOMAIN_INFO *info;
+ union lsa_TrustedDomainInfo info;
char *cleartextpwd = NULL;
DATA_BLOB data;
- nt_status = rpccli_lsa_query_trusted_domain_info_by_sid(pipe_hnd, mem_ctx, pol, 4, &dom_sid, &info);
-
+ nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
+ pol,
+ &dom_sid,
+ LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0,("Could not query trusted domain info. Error was %s\n",
nt_errstr(nt_status)));
goto done;
}
- data = data_blob(NULL, info->password.password.length);
+ data = data_blob(NULL, info.password.password->length);
- memcpy(data.data, info->password.password.data, info->password.password.length);
- data.length = info->password.password.length;
-
- cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, &data);
+ memcpy(data.data,
+ info.password.password->data,
+ info.password.password->length);
+ data.length = info.password.password->length;
+
+ cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password,
+ &data);
if (cleartextpwd == NULL) {
DEBUG(0,("retrieved NULL password\n"));
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("sucessfully vampired trusted domain [%s], sid: [%s], password: [%s]\n",
- trusted_dom_name, sid_string_static(&dom_sid), cleartextpwd));
+ DEBUG(100,("sucessfully vampired trusted domain [%s], sid: [%s], "
+ "password: [%s]\n", trusted_dom_name,
+ sid_string_dbg(&dom_sid), cleartextpwd));
#endif
done:
const char *domain_name = NULL;
DOM_SID *queried_dom_sid;
POLICY_HND connect_hnd;
+ union lsa_PolicyInformation *info = NULL;
/* trusted domains listing variables */
- unsigned int num_domains, enum_ctx = 0;
+ unsigned int enum_ctx = 0;
int i;
- DOM_SID *domain_sids;
- char **trusted_dom_names;
+ struct lsa_DomainList dom_list;
fstring pdc_name;
- char *dummy;
/*
* Listing trusted domains (stored in secrets.tdb, if local)
};
/* query info level 5 to obtain sid of a domain being queried */
- nt_status = rpccli_lsa_query_info_policy(
- pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */,
- &dummy, &queried_dom_sid);
+ nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
return -1;
}
+ queried_dom_sid = info->account_domain.sid;
+
/*
* Keep calling LsaEnumTrustdom over opened pipe until
* the end of enumeration is reached
d_printf("Vampire trusted domains:\n\n");
do {
- nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
- &num_domains,
- &trusted_dom_names, &domain_sids);
-
+ nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ &enum_ctx,
+ &dom_list,
+ (uint32_t)-1);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
- for (i = 0; i < num_domains; i++) {
- print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
+ for (i = 0; i < dom_list.count; i++) {
+
+ print_trusted_domain(dom_list.domains[i].sid,
+ dom_list.domains[i].name.string);
nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
- domain_sids[i], trusted_dom_names[i]);
+ *dom_list.domains[i].sid,
+ dom_list.domains[i].name.string);
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(cli);
talloc_destroy(mem_ctx);
* in case of no trusted domains say something rather
* than just display blank line
*/
- if (!num_domains) d_printf("none\n");
+ if (!dom_list.count) d_printf("none\n");
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
fstring padding;
int ascii_dom_name_len;
POLICY_HND connect_hnd;
-
+ union lsa_PolicyInformation *info = NULL;
+
/* trusted domains listing variables */
unsigned int num_domains, enum_ctx = 0;
int i, pad_len, col_len = 20;
- DOM_SID *domain_sids;
- char **trusted_dom_names;
+ struct lsa_DomainList dom_list;
fstring pdc_name;
- char *dummy;
-
+
/* trusting domains listing variables */
POLICY_HND domain_hnd;
- char **trusting_dom_names;
- uint32 *trusting_dom_rids;
-
+ struct samr_SamArray *trusts = NULL;
+
/*
* Listing trusted domains (stored in secrets.tdb, if local)
*/
};
/* query info level 5 to obtain sid of a domain being queried */
- nt_status = rpccli_lsa_query_info_policy(
- pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */,
- &dummy, &queried_dom_sid);
+ nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
talloc_destroy(mem_ctx);
return -1;
}
-
+
+ queried_dom_sid = info->account_domain.sid;
+
/*
* Keep calling LsaEnumTrustdom over opened pipe until
* the end of enumeration is reached
d_printf("Trusted domains list:\n\n");
do {
- nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
- &num_domains,
- &trusted_dom_names, &domain_sids);
-
+ nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ &enum_ctx,
+ &dom_list,
+ (uint32_t)-1);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
- for (i = 0; i < num_domains; i++) {
- print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
+
+ for (i = 0; i < dom_list.count; i++) {
+ print_trusted_domain(dom_list.domains[i].sid,
+ dom_list.domains[i].name.string);
};
-
+
/*
* in case of no trusted domains say something rather
* than just display blank line
*/
- if (!num_domains) d_printf("none\n");
+ if (!dom_list.count) d_printf("none\n");
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
talloc_destroy(mem_ctx);
return -1;
};
-
- /* SamrConnect */
- nt_status = rpccli_samr_connect(pipe_hnd, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
- &connect_hnd);
+
+ /* SamrConnect2 */
+ nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->cli->desthost,
+ SA_RIGHT_SAM_OPEN_DOMAIN,
+ &connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
+
/* SamrOpenDomain - we have to open domain policy handle in order to be
able to enumerate accounts*/
- nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
- queried_dom_sid, &domain_hnd);
+ nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ queried_dom_sid,
+ &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
nt_errstr(nt_status)));
enum_ctx = 0; /* reset enumeration context from last enumeration */
do {
-
- nt_status = rpccli_samr_enum_dom_users(pipe_hnd, mem_ctx, &domain_hnd,
- &enum_ctx, ACB_DOMTRUST, 0xffff,
- &trusting_dom_names, &trusting_dom_rids,
- &num_domains);
+
+ nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
+ &domain_hnd,
+ &enum_ctx,
+ ACB_DOMTRUST,
+ &trusts,
+ 0xffff,
+ &num_domains);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
+
for (i = 0; i < num_domains; i++) {
+ char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
+
/*
* get each single domain's sid (do we _really_ need this ?):
* 1) connect to domain's pdc
*/
/* get rid of '$' tail */
- ascii_dom_name_len = strlen(trusting_dom_names[i]);
+ ascii_dom_name_len = strlen(str);
if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
- trusting_dom_names[i][ascii_dom_name_len - 1] = '\0';
-
+ str[ascii_dom_name_len - 1] = '\0';
+
/* calculate padding space for d_printf to look nicer */
- pad_len = col_len - strlen(trusting_dom_names[i]);
+ pad_len = col_len - strlen(str);
padding[pad_len] = 0;
do padding[--pad_len] = ' '; while (pad_len);
/* set opt_* variables to remote domain */
- strupper_m(trusting_dom_names[i]);
- opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]);
+ strupper_m(str);
+ opt_workgroup = talloc_strdup(mem_ctx, str);
opt_target_workgroup = opt_workgroup;
-
- d_printf("%s%s", trusting_dom_names[i], padding);
-
+
+ d_printf("%s%s", str, padding);
+
/* connect to remote domain controller */
nt_status = net_make_ipc_connection(
NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
/* close opened samr and domain policy handles */
- nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd);
+ nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
};
- nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd);
+ nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
};
* Check if a server will take rpc commands
* @param flags Type of server to connect to (PDC, DMB, localhost)
* if the host is not explicitly specified
- * @return BOOL (true means rpc supported)
+ * @return bool (true means rpc supported)
*/
-BOOL net_rpc_check(unsigned flags)
+bool net_rpc_check(unsigned flags)
{
struct cli_state *cli;
- BOOL ret = False;
- struct in_addr server_ip;
+ bool ret = False;
+ struct sockaddr_storage server_ss;
char *server_name = NULL;
NTSTATUS status;
/* flags (i.e. server type) may depend on command */
- if (!net_find_server(NULL, flags, &server_ip, &server_name))
+ if (!net_find_server(NULL, flags, &server_ss, &server_name))
return False;
if ((cli = cli_initialise()) == NULL) {
return False;
}
- status = cli_connect(cli, server_name, &server_ip);
+ status = cli_connect(cli, server_name, &server_ss);
if (!NT_STATUS_IS_OK(status))
goto done;
- if (!attempt_netbios_session_request(&cli, global_myname(),
- server_name, &server_ip))
+ if (!attempt_netbios_session_request(&cli, global_myname(),
+ server_name, &server_ss))
goto done;
if (!cli_negprot(cli))
goto done;
git.samba.org / samba.git / blobdiff