#include "includes.h"
#include "rpcclient.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "../librpc/gen_ndr/ndr_netlogon_c.h"
+#include "rpc_client/cli_netlogon.h"
+#include "secrets.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
static WERROR cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
union netr_CONTROL_DATA_INFORMATION data;
union netr_CONTROL_QUERY_INFORMATION query;
const char *domain = lp_workgroup();
-
- if (argc > 5) {
+ struct dcerpc_binding_handle *b = cli->binding_handle;
+ int i;
+#define fn_code_level(x, item) { x, #x, #item }
+ struct {
+ enum netr_LogonControlCode code;
+ const char *name;
+ const char *argument;
+ } supported_levels[] = {
+ fn_code_level(NETLOGON_CONTROL_REDISCOVER, domain),
+ fn_code_level(NETLOGON_CONTROL_TC_QUERY, domain),
+ fn_code_level(NETLOGON_CONTROL_TRANSPORT_NOTIFY, domain),
+ fn_code_level(NETLOGON_CONTROL_FIND_USER, user),
+ fn_code_level(NETLOGON_CONTROL_CHANGE_PASSWORD, domain),
+ fn_code_level(NETLOGON_CONTROL_TC_VERIFY, domain),
+ fn_code_level(NETLOGON_CONTROL_SET_DBFLAG, debug_level),
+ {0, 0, 0}
+ };
+#undef fn_code_level
+ if ((argc > 5) || (argc < 2)) {
fprintf(stderr, "Usage: %s <logon_server> <function_code> "
- "<level> <domain>\n", argv[0]);
+ "<level:1..4> <argument>\n", argv[0]);
+ fprintf(stderr, "Supported combinations:\n");
+ fprintf(stderr, "function_code\targument\n");
+ for(i=0; supported_levels[i].code; i++) {
+ fprintf(stderr, "%7d\t\t%s\t(%s)\n",
+ supported_levels[i].code,
+ supported_levels[i].argument,
+ supported_levels[i].name);
+ }
return WERR_OK;
}
switch (function_code) {
case NETLOGON_CONTROL_REDISCOVER:
case NETLOGON_CONTROL_TC_QUERY:
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ case NETLOGON_CONTROL_TC_VERIFY:
data.domain = domain;
break;
+ case NETLOGON_CONTROL_FIND_USER:
+ data.user = domain;
+ break;
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ data.debug_level = atoi(domain);
default:
break;
}
- status = rpccli_netr_LogonControl2(cli, mem_ctx,
+ status = dcerpc_netr_LogonControl2(b, mem_ctx,
logon_server,
function_code,
level,
WERROR werr;
NTSTATUS status;
int old_timeout;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc != 2) {
fprintf(stderr, "Usage: %s domainname\n", argv[0]);
old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
rpccli_set_timeout(cli, MAX(old_timeout, 30000)); /* At least 30 sec */
- status = rpccli_netr_GetAnyDCName(cli, mem_ctx,
+ status = dcerpc_netr_GetAnyDCName(b, mem_ctx,
cli->desthost,
argv[1],
&dcname,
NTSTATUS status;
WERROR werr;
int old_timeout;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc != 2) {
fprintf(stderr, "Usage: %s domainname\n", argv[0]);
old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
- status = rpccli_netr_GetDcName(cli, mem_ctx,
+ status = dcerpc_netr_GetDcName(b, mem_ctx,
cli->desthost,
argv[1],
&dcname,
struct GUID domain_guid = GUID_zero();
struct GUID site_guid = GUID_zero();
struct netr_DsRGetDCNameInfo *info = NULL;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 2) {
fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
if (argc >= 5)
sscanf(argv[4], "%x", &flags);
- debug_dsdcinfo_flags(1,flags);
-
- result = rpccli_netr_DsRGetDCName(cli, mem_ctx,
+ result = dcerpc_netr_DsRGetDCName(b, mem_ctx,
server_name,
domain_name,
&domain_guid,
flags,
&info,
&werr);
+ if (!NT_STATUS_IS_OK(result)) {
+ return ntstatus_to_werror(result);
+ }
if (W_ERROR_IS_OK(werr)) {
d_printf("DsGetDcName gave: %s\n",
}
printf("rpccli_netlogon_dsr_getdcname returned %s\n",
- dos_errstr(werr));
+ win_errstr(werr));
return werr;
}
const char *site_name = NULL;
struct GUID domain_guid = GUID_zero();
struct netr_DsRGetDCNameInfo *info = NULL;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 2) {
fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
sscanf(argv[4], "%x", &flags);
}
- debug_dsdcinfo_flags(1,flags);
-
- status = rpccli_netr_DsRGetDCNameEx(cli, mem_ctx,
+ status = dcerpc_netr_DsRGetDCNameEx(b, mem_ctx,
server_name,
domain_name,
&domain_guid,
const char *site_name = NULL;
struct GUID domain_guid = GUID_zero();
struct netr_DsRGetDCNameInfo *info = NULL;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 2) {
fprintf(stderr, "Usage: %s [client_account] [acb_mask] "
sscanf(argv[6], "%x", &flags);
}
- debug_dsdcinfo_flags(1,flags);
-
- status = rpccli_netr_DsRGetDCNameEx2(cli, mem_ctx,
+ status = dcerpc_netr_DsRGetDCNameEx2(b, mem_ctx,
server_name,
client_account,
mask,
WERROR werr;
NTSTATUS status;
const char *sitename = NULL;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc != 2) {
fprintf(stderr, "Usage: %s computername\n", argv[0]);
return WERR_OK;
}
- status = rpccli_netr_DsRGetSiteName(cli, mem_ctx,
+ status = dcerpc_netr_DsRGetSiteName(b, mem_ctx,
argv[1],
&sitename,
&werr);
enum netr_LogonControlCode function_code = 1;
uint32_t level = 1;
union netr_CONTROL_QUERY_INFORMATION info;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc > 4) {
fprintf(stderr, "Usage: %s <logon_server> <function_code> "
level = atoi(argv[3]);
}
- status = rpccli_netr_LogonControl(cli, mem_ctx,
+ status = dcerpc_netr_LogonControl(b, mem_ctx,
logon_server,
function_code,
level,
break;
case NETR_DELTA_DELETE_GROUP:
printf("Delete Group: %d\n",
- u.delete_account.unknown);
+ id.rid);
break;
case NETR_DELTA_RENAME_GROUP:
printf("Rename Group: %s -> %s\n",
break;
case NETR_DELTA_DELETE_ALIAS:
printf("Delete Alias: %d\n",
- r->delta_enum[i].delta_id_union.rid);
+ id.rid);
break;
case NETR_DELTA_RENAME_ALIAS:
printf("Rename alias: %s -> %s\n",
}
break;
case NETR_DELTA_POLICY:
- printf("Policy\n");
+ printf("Policy: %s\n",
+ sid_string_dbg(id.sid));
break;
case NETR_DELTA_TRUSTED_DOMAIN:
printf("Trusted Domain: %s\n",
u.trusted_domain->domain_name.string);
break;
case NETR_DELTA_DELETE_TRUST:
- printf("Delete Trust: %d\n",
- u.delete_trust.unknown);
+ printf("Delete Trust: %s\n",
+ sid_string_dbg(id.sid));
break;
case NETR_DELTA_ACCOUNT:
- printf("Account\n");
+ printf("Account: %s\n",
+ sid_string_dbg(id.sid));
break;
case NETR_DELTA_DELETE_ACCOUNT:
- printf("Delete Account: %d\n",
- u.delete_account.unknown);
+ printf("Delete Account: %s\n",
+ sid_string_dbg(id.sid));
break;
case NETR_DELTA_SECRET:
- printf("Secret\n");
+ printf("Secret: %s\n",
+ id.name);
break;
case NETR_DELTA_DELETE_SECRET:
- printf("Delete Secret: %d\n",
- u.delete_secret.unknown);
+ printf("Delete Secret: %s\n",
+ id.name);
break;
case NETR_DELTA_DELETE_GROUP2:
printf("Delete Group2: %s\n",
const char **argv)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS status;
const char *logon_server = cli->desthost;
- const char *computername = global_myname();
+ const char *computername = lp_netbios_name();
struct netr_Authenticator credential;
struct netr_Authenticator return_authenticator;
enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
uint16_t restart_state = 0;
uint32_t sync_context = 0;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc > 2) {
fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
do {
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+ struct netlogon_creds_CredentialState *creds = NULL;
- netlogon_creds_client_step(cli->dc, &credential);
+ status = netlogon_creds_cli_lock(cli->netlogon_creds,
+ mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- result = rpccli_netr_DatabaseSync2(cli, mem_ctx,
+ netlogon_creds_client_authenticator(creds, &credential);
+
+ status = dcerpc_netr_DatabaseSync2(b, mem_ctx,
logon_server,
computername,
&credential,
restart_state,
&sync_context,
&delta_enum_array,
- 0xffff);
+ 0xffff,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(creds);
+ return status;
+ }
/* Check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc,
+ if (!netlogon_creds_client_check(creds,
&return_authenticator.cred)) {
DEBUG(0,("credentials chain check failed\n"));
+ TALLOC_FREE(creds);
return NT_STATUS_ACCESS_DENIED;
}
+ TALLOC_FREE(creds);
if (NT_STATUS_IS_ERR(result)) {
break;
const char **argv)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS status;
uint32_t tmp;
const char *logon_server = cli->desthost;
- const char *computername = global_myname();
+ const char *computername = lp_netbios_name();
struct netr_Authenticator credential;
struct netr_Authenticator return_authenticator;
enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
uint64_t sequence_num;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc != 3) {
fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]);
do {
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+ struct netlogon_creds_CredentialState *creds = NULL;
- netlogon_creds_client_step(cli->dc, &credential);
+ status = netlogon_creds_cli_lock(cli->netlogon_creds,
+ mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ netlogon_creds_client_authenticator(creds, &credential);
- result = rpccli_netr_DatabaseDeltas(cli, mem_ctx,
+ status = dcerpc_netr_DatabaseDeltas(b, mem_ctx,
logon_server,
computername,
&credential,
database_id,
&sequence_num,
&delta_enum_array,
- 0xffff);
+ 0xffff,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(creds);
+ return status;
+ }
/* Check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc,
+ if (!netlogon_creds_client_check(creds,
&return_authenticator.cred)) {
DEBUG(0,("credentials chain check failed\n"));
+ TALLOC_FREE(creds);
return NT_STATUS_ACCESS_DENIED;
}
+ TALLOC_FREE(creds);
if (NT_STATUS_IS_ERR(result)) {
break;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
int logon_type = NetlogonNetworkInformation;
const char *username, *password;
- int auth_level = 2;
+ uint16_t validation_level = 3;
uint32 logon_param = 0;
const char *workstation = NULL;
sscanf(argv[4], "%i", &logon_type);
if (argc >= 6)
- sscanf(argv[5], "%i", &auth_level);
+ validation_level = atoi(argv[5]);
if (argc == 7)
sscanf(argv[6], "%x", &logon_param);
/* Perform the sam logon */
- result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, logon_type);
+ result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type);
if (!NT_STATUS_IS_OK(result))
goto done;
const char *server_name = cli->desthost;
const char *domain_name = lp_workgroup();
uint32_t rid = 0;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 1 || argc > 3) {
fprintf(stderr, "Usage: %s <server_name> <domain_name>\n",
domain_name = argv[2];
}
- status = rpccli_netr_LogonGetTrustRid(cli, mem_ctx,
+ status = dcerpc_netr_LogonGetTrustRid(b, mem_ctx,
server_name,
domain_name,
&rid,
&werr);
if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
goto done;
}
const char *server_name = cli->desthost;
uint32_t trust_flags = NETR_TRUST_FLAG_IN_FOREST;
struct netr_DomainTrustList trusts;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 1 || argc > 3) {
fprintf(stderr, "Usage: %s <server_name> <trust_flags>\n",
sscanf(argv[2], "%x", &trust_flags);
}
- status = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+ status = dcerpc_netr_DsrEnumerateDomainTrusts(b, mem_ctx,
server_name,
trust_flags,
&trusts,
&werr);
if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
goto done;
}
const char *server_name = cli->desthost;
const char *domain = lp_workgroup();
const char *dns_host = NULL;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 1 || argc > 4) {
fprintf(stderr, "Usage: %s <server_name> <domain_name> "
dns_host = argv[3];
}
- status = rpccli_netr_DsrDeregisterDNSHostRecords(cli, mem_ctx,
+ status = dcerpc_netr_DsrDeregisterDNSHostRecords(b, mem_ctx,
server_name,
domain,
NULL,
dns_host,
&werr);
if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
goto done;
}
const char *trusted_domain_name = NULL;
struct lsa_ForestTrustInformation *info = NULL;
uint32_t flags = 0;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 1 || argc > 4) {
fprintf(stderr, "Usage: %s <server_name> <trusted_domain_name> "
sscanf(argv[3], "%x", &flags);
}
- status = rpccli_netr_DsRGetForestTrustInformation(cli, mem_ctx,
+ status = dcerpc_netr_DsRGetForestTrustInformation(b, mem_ctx,
server_name,
trusted_domain_name,
flags,
&info,
&werr);
if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
goto done;
}
return werr;
}
-static WERROR cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx, int argc,
- const char **argv)
+static NTSTATUS cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
{
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- WERROR werr = WERR_GENERAL_FAILURE;
+ NTSTATUS result;
const char *server_name = cli->desthost;
struct netr_Blob blob;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 1 || argc > 3) {
fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
- return WERR_OK;
+ return NT_STATUS_OK;
}
if (argc >= 2) {
server_name = argv[1];
}
- status = rpccli_netr_NetrEnumerateTrustedDomains(cli, mem_ctx,
+ status = dcerpc_netr_NetrEnumerateTrustedDomains(b, mem_ctx,
server_name,
&blob,
- &werr);
+ &result);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- if (W_ERROR_IS_OK(werr)) {
- printf("success\n");
- dump_data(1, blob.data, blob.length);
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
}
+
+ printf("success\n");
+ dump_data(1, blob.data, blob.length);
done:
- return werr;
+ return status;
}
static WERROR cmd_netlogon_enumtrusteddomainsex(struct rpc_pipe_client *cli,
WERROR werr = WERR_GENERAL_FAILURE;
const char *server_name = cli->desthost;
struct netr_DomainTrustList list;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 1 || argc > 3) {
fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
server_name = argv[1];
}
- status = rpccli_netr_NetrEnumerateTrustedDomainsEx(cli, mem_ctx,
+ status = dcerpc_netr_NetrEnumerateTrustedDomainsEx(b, mem_ctx,
server_name,
&list,
&werr);
if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
goto done;
}
return werr;
}
+static WERROR cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ WERROR werr = WERR_GENERAL_FAILURE;
+ const char *server_name = cli->desthost;
+ struct DcSitesCtr *ctr = NULL;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
+
+ if (argc < 1 || argc > 3) {
+ fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
+ return WERR_OK;
+ }
+
+ if (argc >= 2) {
+ server_name = argv[1];
+ }
+
+ status = dcerpc_netr_DsrGetDcSiteCoverageW(b, mem_ctx,
+ server_name,
+ &ctr,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (W_ERROR_IS_OK(werr) && ctr->num_sites) {
+ int i;
+ printf("sites covered by this DC: %d\n", ctr->num_sites);
+ for (i=0; i<ctr->num_sites; i++) {
+ printf("%s\n", ctr->sites[i].string);
+ }
+ }
+ done:
+ return werr;
+}
+
+static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS result;
+ const char *server_name = cli->desthost;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
+ NETLOGON_NEG_SUPPORTS_AES;
+ struct netr_Authenticator clnt_creds, srv_cred;
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+ unsigned char trust_passwd_hash[16];
+ enum netr_SchannelType sec_channel_type = 0;
+ struct netr_ChangeLogEntry e;
+ uint32_t rid = 500;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
+ struct netlogon_creds_CredentialState *creds = NULL;
+
+ if (argc > 2) {
+ fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ sscanf(argv[1], "%d", &rid);
+ }
+
+ if (!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_passwd_hash,
+ NULL, &sec_channel_type)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ status = rpccli_netlogon_setup_creds(cli,
+ server_name, /* server name */
+ lp_workgroup(), /* domain */
+ lp_netbios_name(), /* client name */
+ lp_netbios_name(), /* machine account name */
+ trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = netlogon_creds_cli_lock(cli->netlogon_creds,
+ mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ netlogon_creds_client_authenticator(creds, &clnt_creds);
+
+ ZERO_STRUCT(e);
+
+ e.object_rid = rid;
+ e.db_index = SAM_DATABASE_DOMAIN;
+ e.delta_type = NETR_DELTA_USER;
+
+ status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
+ server_name,
+ lp_netbios_name(),
+ &clnt_creds,
+ &srv_cred,
+ e,
+ 0, /* is calculated automatically */
+ &delta_enum_array,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(creds);
+ return status;
+ }
+
+ if (!netlogon_creds_client_check(creds, &srv_cred.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ TALLOC_FREE(creds);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ TALLOC_FREE(creds);
+
+ return result;
+}
+
+static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS result;
+ struct netr_Authenticator credential;
+ struct netr_Authenticator return_authenticator;
+ union netr_Capabilities capabilities;
+ uint32_t level = 1;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
+ struct netlogon_creds_CredentialState *creds = NULL;
+
+ if (argc > 2) {
+ fprintf(stderr, "Usage: %s <level>\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ level = atoi(argv[1]);
+ }
+
+ ZERO_STRUCT(return_authenticator);
+
+ status = netlogon_creds_cli_lock(cli->netlogon_creds,
+ mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ netlogon_creds_client_authenticator(creds, &credential);
+
+ status = dcerpc_netr_LogonGetCapabilities(b, mem_ctx,
+ cli->desthost,
+ lp_netbios_name(),
+ &credential,
+ &return_authenticator,
+ level,
+ &capabilities,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(creds);
+ return status;
+ }
+
+ if (!netlogon_creds_client_check(creds,
+ &return_authenticator.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ TALLOC_FREE(creds);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ TALLOC_FREE(creds);
+
+ printf("capabilities: 0x%08x\n", capabilities.server_capabilities);
+
+ return result;
+}
/* List of commands exported by this module */
{ "NETLOGON" },
- { "logonctrl2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl2, &ndr_table_netlogon.syntax_id, NULL, "Logon Control 2", "" },
- { "getanydcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getanydcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
- { "getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted PDC name", "" },
- { "dsr_getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
- { "dsr_getdcnameex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
- { "dsr_getdcnameex2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex2, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
- { "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, &ndr_table_netlogon.syntax_id, NULL, "Get sitename", "" },
- { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, &ndr_table_netlogon.syntax_id, NULL, "Get Forest Trust Info", "" },
- { "logonctrl", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, &ndr_table_netlogon.syntax_id, NULL, "Logon Control", "" },
- { "samsync", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync, NULL, &ndr_table_netlogon.syntax_id, NULL, "Sam Synchronisation", "" },
- { "samdeltas", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas, NULL, &ndr_table_netlogon.syntax_id, NULL, "Query Sam Deltas", "" },
- { "samlogon", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon, NULL, &ndr_table_netlogon.syntax_id, NULL, "Sam Logon", "" },
- { "change_trust_pw", RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw, NULL, &ndr_table_netlogon.syntax_id, NULL, "Change Trust Account Password", "" },
- { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, &ndr_table_netlogon.syntax_id, NULL, "Get trust rid", "" },
- { "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" },
- { "dsenumdomtrusts", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon.syntax_id, NULL, "Enumerate all trusted domains in an AD forest", "" },
- { "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, &ndr_table_netlogon.syntax_id, NULL, "Deregister DNS records", "" },
- { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" },
- { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" },
+ { "logonctrl2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl2, &ndr_table_netlogon, NULL, "Logon Control 2", "" },
+ { "getanydcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getanydcname, &ndr_table_netlogon, NULL, "Get trusted DC name", "" },
+ { "getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcname, &ndr_table_netlogon, NULL, "Get trusted PDC name", "" },
+ { "dsr_getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcname, &ndr_table_netlogon, NULL, "Get trusted DC name", "" },
+ { "dsr_getdcnameex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex, &ndr_table_netlogon, NULL, "Get trusted DC name", "" },
+ { "dsr_getdcnameex2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex2, &ndr_table_netlogon, NULL, "Get trusted DC name", "" },
+ { "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, &ndr_table_netlogon, NULL, "Get sitename", "" },
+ { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, &ndr_table_netlogon, NULL, "Get Forest Trust Info", "" },
+ { "logonctrl", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, &ndr_table_netlogon, NULL, "Logon Control", "" },
+ { "samsync", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync, NULL, &ndr_table_netlogon, NULL, "Sam Synchronisation", "" },
+ { "samdeltas", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas, NULL, &ndr_table_netlogon, NULL, "Query Sam Deltas", "" },
+ { "samlogon", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon, NULL, &ndr_table_netlogon, NULL, "Sam Logon", "" },
+ { "change_trust_pw", RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw, NULL, &ndr_table_netlogon, NULL, "Change Trust Account Password", "" },
+ { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, &ndr_table_netlogon, NULL, "Get trust rid", "" },
+ { "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon, NULL, "Enumerate trusted domains", "" },
+ { "dsenumdomtrusts", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon, NULL, "Enumerate all trusted domains in an AD forest", "" },
+ { "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, &ndr_table_netlogon, NULL, "Deregister DNS records", "" },
+ { "netrenumtrusteddomains", RPC_RTYPE_NTSTATUS, cmd_netlogon_enumtrusteddomains, NULL, &ndr_table_netlogon, NULL, "Enumerate trusted domains", "" },
+ { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon, NULL, "Enumerate trusted domains", "" },
+ { "getdcsitecoverage", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcsitecoverage, &ndr_table_netlogon, NULL, "Get the Site-Coverage from a DC", "" },
+ { "database_redo", RPC_RTYPE_NTSTATUS, cmd_netlogon_database_redo, NULL, &ndr_table_netlogon, NULL, "Replicate single object from a DC", "" },
+ { "capabilities", RPC_RTYPE_NTSTATUS, cmd_netlogon_capabilities, NULL, &ndr_table_netlogon, NULL, "Return Capabilities", "" },
{ NULL }
};