X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=source3%2Futils%2Fnet_rpc.c;h=7c5e1e115adf9dc492e5eb90109f294d62132d74;hb=7f863642dbb5d88361bc937d80ffd7ea8e771e84;hp=592885ac7c4d93b942c1654e651d0a1ae932e7c8;hpb=ed6b8deea79e1b3eaef12e8091ea8609e85c4c6c;p=mat%2Fsamba.git diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 592885ac7c..7c5e1e115a 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -37,12 +37,15 @@ #include "secrets.h" #include "lib/netapi/netapi.h" #include "lib/netapi/netapi_net.h" +#include "librpc/gen_ndr/libnet_join.h" +#include "libnet/libnet_join.h" #include "rpc_client/init_lsa.h" #include "../libcli/security/security.h" #include "libsmb/libsmb.h" #include "libsmb/clirap.h" #include "nsswitch/libwbclient/wbclient.h" #include "passdb.h" +#include "../libcli/smb/smbXcli_base.h" static int net_mode_share; static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -81,7 +84,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, union lsa_PolicyInformation *info = NULL; struct dcerpc_binding_handle *b; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not initialise lsa pipe\n")); @@ -141,7 +144,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, int run_rpc_command(struct net_context *c, struct cli_state *cli_arg, - const struct ndr_syntax_id *interface, + const struct ndr_interface_table *table, int conn_flags, rpc_command_fn fn, int argc, @@ -186,11 +189,11 @@ int run_rpc_command(struct net_context *c, if (!(conn_flags & NET_FLAGS_NO_PIPE)) { if (lp_client_schannel() - && (ndr_syntax_id_equal(interface, + && (ndr_syntax_id_equal(&table->syntax_id, &ndr_table_netlogon.syntax_id))) { /* Always try and create an schannel netlogon pipe. */ nt_status = cli_rpc_pipe_open_schannel( - cli, interface, NCACN_NP, + cli, table, NCACN_NP, DCERPC_AUTH_LEVEL_PRIVACY, domain_name, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { @@ -200,22 +203,23 @@ int run_rpc_command(struct net_context *c, } } else { if (conn_flags & NET_FLAGS_SEAL) { - nt_status = cli_rpc_pipe_open_ntlmssp( - cli, interface, + nt_status = cli_rpc_pipe_open_generic_auth( + cli, table, (conn_flags & NET_FLAGS_TCP) ? NCACN_IP_TCP : NCACN_NP, + DCERPC_AUTH_TYPE_NTLMSSP, DCERPC_AUTH_LEVEL_PRIVACY, + smbXcli_conn_remote_name(cli->conn), lp_workgroup(), c->opt_user_name, c->opt_password, &pipe_hnd); } else { nt_status = cli_rpc_pipe_open_noauth( - cli, interface, + cli, table, &pipe_hnd); } if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise pipe %s. Error was %s\n", - get_pipe_name_from_syntax( - talloc_tos(), interface), + table->name, nt_errstr(nt_status) )); goto fail; } @@ -305,55 +309,53 @@ int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, + return run_rpc_command(c, NULL, &ndr_table_netlogon, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_changetrustpw_internals, argc, argv); } /** - * Join a domain, the old way. + * Join a domain, the old way. This function exists to allow + * the message to be displayed when oldjoin was explicitly + * requested, but not when it was implied by "net rpc join". * * This uses 'machinename' as the inital password, and changes it. * * The password should be created with 'server manager' or equiv first. * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passed through. - * - * @param domain_sid The domain sid acquired from the remote server. - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already * stripped. * - * @return Normal NTSTATUS return. + * @return A shell status integer (0 for success). **/ -static NTSTATUS rpc_oldjoin_internals(struct net_context *c, - const struct dom_sid *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) +static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) { + struct libnet_JoinCtx *r = NULL; + TALLOC_CTX *mem_ctx; + WERROR werr; + const char *domain = lp_workgroup(); /* FIXME */ + bool modify_config = lp_config_backend_is_registry(); + enum netr_SchannelType sec_chan_type; + char *pw = NULL; - fstring trust_passwd; - unsigned char orig_trust_passwd_hash[16]; - NTSTATUS result; - enum netr_SchannelType sec_channel_type; + if (c->display_usage) { + d_printf("Usage:\n" + "net rpc oldjoin\n" + " Join a domain the old way\n"); + return 0; + } - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, - &pipe_hnd); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. " - "error was %s\n", - cli_state_remote_name(cli), - nt_errstr(result) )); - return result; + mem_ctx = talloc_init("net_rpc_oldjoin"); + if (!mem_ctx) { + return -1; + } + + werr = libnet_init_JoinCtx(mem_ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; } /* @@ -361,90 +363,255 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c, a BDC, the server must agree that we are a BDC. */ if (argc >= 0) { - sec_channel_type = get_sec_channel_type(argv[0]); + sec_chan_type = get_sec_channel_type(argv[0]); } else { - sec_channel_type = get_sec_channel_type(NULL); + sec_chan_type = get_sec_channel_type(NULL); } - fstrcpy(trust_passwd, lp_netbios_name()); - strlower_m(trust_passwd); + if (!c->msg_ctx) { + d_fprintf(stderr, _("Could not initialise message context. " + "Try running as root\n")); + werr = WERR_ACCESS_DENIED; + goto fail; + } - /* - * Machine names can be 15 characters, but the max length on - * a password is 14. --jerry - */ + pw = talloc_strndup(r, lp_netbios_name(), 14); + if (pw == NULL) { + werr = WERR_NOMEM; + goto fail; + } - trust_passwd[14] = '\0'; + r->in.msg_ctx = c->msg_ctx; + r->in.domain_name = domain; + r->in.secure_channel_type = sec_chan_type; + r->in.dc_name = c->opt_host; + r->in.admin_account = ""; + r->in.admin_password = strlower_talloc(r, pw); + if (r->in.admin_password == NULL) { + werr = WERR_NOMEM; + goto fail; + } + r->in.debug = true; + r->in.modify_config = modify_config; + r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_JOIN_UNSECURE | + WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED; - E_md4hash(trust_passwd, orig_trust_passwd_hash); + werr = libnet_Join(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; + } - result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup, - lp_netbios_name(), - orig_trust_passwd_hash, - sec_channel_type); + /* Check the short name of the domain */ - if (NT_STATUS_IS_OK(result)) - printf(_("Joined domain %s.\n"), c->opt_target_workgroup); + if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) { + d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); + d_printf("You should set \"workgroup = %s\" in %s.\n", + r->out.netbios_domain_name, get_dyn_CONFIGFILE()); + } + d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); - if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) { - DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup)); - result = NT_STATUS_UNSUCCESSFUL; + if (r->out.dns_domain_name) { + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); + } else { + d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, + r->out.netbios_domain_name); } - return result; + TALLOC_FREE(mem_ctx); + + return 0; + +fail: + if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) { + goto cleanup; + } + + /* issue an overall failure message at the end. */ + d_fprintf(stderr, _("Failed to join domain: %s\n"), + r && r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); + +cleanup: + TALLOC_FREE(mem_ctx); + + return -1; } /** - * Join a domain, the old way. + * check that a join is OK * - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. + * @return A shell status integer (0 for success) * - * @return A shell status integer (0 for success). **/ - -static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv) +int net_rpc_testjoin(struct net_context *c, int argc, const char **argv) { - return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, - NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, - rpc_oldjoin_internals, - argc, argv); + NTSTATUS status; + TALLOC_CTX *mem_ctx; + const char *domain = c->opt_target_workgroup; + const char *dc = c->opt_host; + + if (c->display_usage) { + d_printf("Usage\n" + "net rpc testjoin\n" + " Test if a join is OK\n"); + return 0; + } + + mem_ctx = talloc_init("net_rpc_testjoin"); + if (!mem_ctx) { + return -1; + } + + if (!dc) { + struct netr_DsRGetDCNameInfo *info; + + if (!c->msg_ctx) { + d_fprintf(stderr, _("Could not initialise message context. " + "Try running as root\n")); + talloc_destroy(mem_ctx); + return -1; + } + + status = dsgetdcname(mem_ctx, + c->msg_ctx, + domain, + NULL, + NULL, + DS_RETURN_DNS_NAME, + &info); + if (!NT_STATUS_IS_OK(status)) { + talloc_destroy(mem_ctx); + return -1; + } + + dc = strip_hostname(info->dc_unc); + } + + /* Display success or failure */ + status = libnet_join_ok(c->opt_workgroup, lp_netbios_name(), dc, + c->opt_kerberos); + if (!NT_STATUS_IS_OK(status)) { + fprintf(stderr,"Join to domain '%s' is not valid: %s\n", + domain, nt_errstr(status)); + talloc_destroy(mem_ctx); + return -1; + } + + printf("Join to '%s' is OK\n",domain); + talloc_destroy(mem_ctx); + + return 0; } /** - * Join a domain, the old way. This function exists to allow - * the message to be displayed when oldjoin was explicitly - * requested, but not when it was implied by "net rpc join". + * Join a domain using the administrator username and password * - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. + * @param argc Standard main() style argc + * @param argc Standard main() style argv. Initial components are already + * stripped. Currently not used. + * @return A shell status integer (0 for success) * - * @return A shell status integer (0 for success). **/ -static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) +static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) { - int rc = -1; + struct libnet_JoinCtx *r = NULL; + TALLOC_CTX *mem_ctx; + WERROR werr; + const char *domain = lp_workgroup(); /* FIXME */ + bool modify_config = lp_config_backend_is_registry(); + enum netr_SchannelType sec_chan_type; if (c->display_usage) { - d_printf( "%s\n" - "net rpc oldjoin\n" - " %s\n", - _("Usage:"), - _("Join a domain the old way")); + d_printf("Usage:\n" + "net rpc join\n" + " Join a domain the new way\n"); return 0; } - rc = net_rpc_perform_oldjoin(c, argc, argv); + mem_ctx = talloc_init("net_rpc_join_newstyle"); + if (!mem_ctx) { + return -1; + } - if (rc) { - d_fprintf(stderr, _("Failed to join domain\n")); + werr = libnet_init_JoinCtx(mem_ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; } - return rc; + /* + check what type of join - if the user want's to join as + a BDC, the server must agree that we are a BDC. + */ + if (argc >= 0) { + sec_chan_type = get_sec_channel_type(argv[0]); + } else { + sec_chan_type = get_sec_channel_type(NULL); + } + + if (!c->msg_ctx) { + d_fprintf(stderr, _("Could not initialise message context. " + "Try running as root\n")); + werr = WERR_ACCESS_DENIED; + goto fail; + } + + r->in.msg_ctx = c->msg_ctx; + r->in.domain_name = domain; + r->in.secure_channel_type = sec_chan_type; + r->in.dc_name = c->opt_host; + r->in.admin_account = c->opt_user_name; + r->in.admin_password = net_prompt_pass(c, c->opt_user_name); + r->in.debug = true; + r->in.use_kerberos = c->opt_kerberos; + r->in.modify_config = modify_config; + r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | + WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; + + werr = libnet_Join(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto fail; + } + + /* Check the short name of the domain */ + + if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) { + d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); + d_printf("You should set \"workgroup = %s\" in %s.\n", + r->out.netbios_domain_name, get_dyn_CONFIGFILE()); + } + + d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); + + if (r->out.dns_domain_name) { + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); + } else { + d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name, + r->out.netbios_domain_name); + } + + TALLOC_FREE(mem_ctx); + + return 0; + +fail: + /* issue an overall failure message at the end. */ + d_printf("Failed to join domain: %s\n", + r && r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); + + TALLOC_FREE(mem_ctx); + + return -1; } /** @@ -461,6 +628,8 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) int net_rpc_join(struct net_context *c, int argc, const char **argv) { + int ret; + if (c->display_usage) { d_printf("%s\n%s", _("Usage:"), @@ -488,8 +657,12 @@ int net_rpc_join(struct net_context *c, int argc, const char **argv) return -1; } - if ((net_rpc_perform_oldjoin(c, argc, argv) == 0)) + c->opt_flags |= NET_FLAGS_EXPECT_FALLBACK; + ret = net_rpc_oldjoin(c, argc, argv); + c->opt_flags &= ~NET_FLAGS_EXPECT_FALLBACK; + if (ret == 0) { return 0; + } return net_rpc_join_newstyle(c, argc, argv); } @@ -607,7 +780,7 @@ int net_rpc_info(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, + return run_rpc_command(c, NULL, &ndr_table_samr, NET_FLAGS_PDC, rpc_info_internals, argc, argv); } @@ -675,7 +848,7 @@ int net_rpc_getsid(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, + return run_rpc_command(c, NULL, &ndr_table_samr, conn_flags, rpc_getsid_internals, argc, argv); @@ -884,13 +1057,20 @@ static int rpc_user_password(struct net_context *c, int argc, const char **argv) if (argv[1]) { u1003.usri1003_password = argv[1]; } else { + char pwd[256] = {0}; ret = asprintf(&prompt, _("Enter new password for %s:"), argv[0]); if (ret == -1) { return -1; } - u1003.usri1003_password = talloc_strdup(c, getpass(prompt)); + + ret = samba_getpass(prompt, pwd, sizeof(pwd), false, false); SAFE_FREE(prompt); + if (ret < 0) { + return -1; + } + + u1003.usri1003_password = talloc_strdup(c, pwd); if (u1003.usri1003_password == NULL) { return -1; } @@ -1162,7 +1342,7 @@ static NTSTATUS rpc_sh_handle_user(struct net_context *c, ZERO_STRUCT(domain_pol); ZERO_STRUCT(user_pol); - status = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd), + status = net_rpc_lookup_name(c, mem_ctx, ctx->cli, argv[0], NULL, NULL, &sid, &type); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not lookup %s: %s\n"), argv[0], @@ -1486,34 +1666,34 @@ struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c, { static struct rpc_sh_cmd cmds[] = { - { "fullname", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit, + { "fullname", NULL, &ndr_table_samr, rpc_sh_user_str_edit, N_("Show/Set a user's full name") }, - { "homedir", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit, + { "homedir", NULL, &ndr_table_samr, rpc_sh_user_str_edit, N_("Show/Set a user's home directory") }, - { "homedrive", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit, + { "homedrive", NULL, &ndr_table_samr, rpc_sh_user_str_edit, N_("Show/Set a user's home drive") }, - { "logonscript", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit, + { "logonscript", NULL, &ndr_table_samr, rpc_sh_user_str_edit, N_("Show/Set a user's logon script") }, - { "profilepath", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit, + { "profilepath", NULL, &ndr_table_samr, rpc_sh_user_str_edit, N_("Show/Set a user's profile path") }, - { "description", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit, + { "description", NULL, &ndr_table_samr, rpc_sh_user_str_edit, N_("Show/Set a user's description") }, - { "disabled", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit, + { "disabled", NULL, &ndr_table_samr, rpc_sh_user_flag_edit, N_("Show/Set whether a user is disabled") }, - { "autolock", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit, + { "autolock", NULL, &ndr_table_samr, rpc_sh_user_flag_edit, N_("Show/Set whether a user locked out") }, - { "pwnotreq", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit, + { "pwnotreq", NULL, &ndr_table_samr, rpc_sh_user_flag_edit, N_("Show/Set whether a user does not need a password") }, - { "pwnoexp", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit, + { "pwnoexp", NULL, &ndr_table_samr, rpc_sh_user_flag_edit, N_("Show/Set whether a user's password does not expire") }, { NULL, NULL, 0, NULL, NULL } @@ -1528,13 +1708,13 @@ struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c, { static struct rpc_sh_cmd cmds[] = { - { "list", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_list, + { "list", NULL, &ndr_table_samr, rpc_sh_user_list, N_("List available users") }, - { "info", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_info, + { "info", NULL, &ndr_table_samr, rpc_sh_user_info, N_("List the domain groups a user is member of") }, - { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_show, + { "show", NULL, &ndr_table_samr, rpc_sh_user_show, N_("Show info about a user") }, { "edit", net_rpc_user_edit_cmds, 0, NULL, @@ -1856,7 +2036,7 @@ static NTSTATUS rpc_group_delete_internals(struct net_context *c, static int rpc_group_delete(struct net_context *c, int argc, const char **argv) { - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_group_delete_internals, argc,argv); } @@ -1947,7 +2127,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli, NTSTATUS status, result; struct dcerpc_binding_handle *b; - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -2096,9 +2276,10 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, } static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - const struct dom_sid *alias_sid, - const char *member) + struct cli_state *cli, + TALLOC_CTX *mem_ctx, + const struct dom_sid *alias_sid, + const char *member) { struct policy_handle connect_pol, domain_pol; NTSTATUS status, result; @@ -2117,7 +2298,7 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd, return NT_STATUS_UNSUCCESSFUL; } - result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx, + result = get_sid_from_name(cli, mem_ctx, member, &member_sid, &member_type); if (!NT_STATUS_IS_OK(result)) { @@ -2224,7 +2405,7 @@ static NTSTATUS rpc_group_addmem_internals(struct net_context *c, } if (group_type == SID_NAME_ALIAS) { - NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx, + NTSTATUS result = rpc_add_aliasmem(pipe_hnd, cli, mem_ctx, &group_sid, argv[1]); if (!NT_STATUS_IS_OK(result)) { @@ -2242,7 +2423,7 @@ static NTSTATUS rpc_group_addmem_internals(struct net_context *c, static int rpc_group_addmem(struct net_context *c, int argc, const char **argv) { - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_group_addmem_internals, argc, argv); } @@ -2348,9 +2529,10 @@ static NTSTATUS rpc_del_groupmem(struct net_context *c, } static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - const struct dom_sid *alias_sid, - const char *member) + struct cli_state *cli, + TALLOC_CTX *mem_ctx, + const struct dom_sid *alias_sid, + const char *member) { struct policy_handle connect_pol, domain_pol; NTSTATUS status, result; @@ -2368,7 +2550,7 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd, if (!sid_split_rid(&sid, &alias_rid)) return NT_STATUS_UNSUCCESSFUL; - result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx, + result = get_sid_from_name(cli, mem_ctx, member, &member_sid, &member_type); if (!NT_STATUS_IS_OK(result)) { @@ -2477,7 +2659,7 @@ static NTSTATUS rpc_group_delmem_internals(struct net_context *c, } if (group_type == SID_NAME_ALIAS) { - NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx, + NTSTATUS result = rpc_del_aliasmem(pipe_hnd, cli, mem_ctx, &group_sid, argv[1]); if (!NT_STATUS_IS_OK(result)) { @@ -2495,7 +2677,7 @@ static NTSTATUS rpc_group_delmem_internals(struct net_context *c, static int rpc_group_delmem(struct net_context *c, int argc, const char **argv) { - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_group_delmem_internals, argc, argv); } @@ -2794,7 +2976,7 @@ static NTSTATUS rpc_group_list_internals(struct net_context *c, static int rpc_group_list(struct net_context *c, int argc, const char **argv) { - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_group_list_internals, argc, argv); } @@ -2890,10 +3072,11 @@ static NTSTATUS rpc_list_group_members(struct net_context *c, } static NTSTATUS rpc_list_alias_members(struct net_context *c, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - struct policy_handle *domain_pol, - uint32 rid) + struct rpc_pipe_client *pipe_hnd, + struct cli_state *cli, + TALLOC_CTX *mem_ctx, + struct policy_handle *domain_pol, + uint32 rid) { NTSTATUS result, status; struct rpc_pipe_client *lsa_pipe; @@ -2939,8 +3122,8 @@ static NTSTATUS rpc_list_alias_members(struct net_context *c, return NT_STATUS_OK; } - result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd), - &ndr_table_lsarpc.syntax_id, + result = cli_rpc_pipe_open_noauth(cli, + &ndr_table_lsarpc, &lsa_pipe); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"), @@ -3111,7 +3294,7 @@ static NTSTATUS rpc_group_members_internals(struct net_context *c, } if (rid_types.ids[0] == SID_NAME_ALIAS) { - return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol, + return rpc_list_alias_members(c, pipe_hnd, cli, mem_ctx, &domain_pol, rids.ids[0]); } @@ -3124,7 +3307,7 @@ static int rpc_group_members(struct net_context *c, int argc, const char **argv) return rpc_group_usage(c, argc, argv); } - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_group_members_internals, argc, argv); } @@ -3259,7 +3442,7 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_group_list_internals, argc, argv); } @@ -3527,7 +3710,7 @@ static bool check_share_availability(struct cli_state *cli, const char *netname) { NTSTATUS status; - status = cli_tcon_andx(cli, netname, "A:", "", 0); + status = cli_tree_connect(cli, netname, "A:", "", 0); if (!NT_STATUS_IS_OK(status)) { d_printf(_("skipping [%s]: not a file share.\n"), netname); return false; @@ -3608,7 +3791,7 @@ static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c, /* connect destination PI_SRVSVC */ nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, - &ndr_table_srvsvc.syntax_id); + &ndr_table_srvsvc); if (!NT_STATUS_IS_OK(nt_status)) return nt_status; @@ -3697,7 +3880,7 @@ static int rpc_share_migrate_shares(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_migrate_shares_internals, argc, argv); } @@ -3764,8 +3947,12 @@ static NTSTATUS copy_fn(const char *mnt, struct file_info *f, } /* search below that directory */ - strlcpy(new_mask, dir, sizeof(new_mask)); - strlcat(new_mask, "\\*", sizeof(new_mask)); + if (strlcpy(new_mask, dir, sizeof(new_mask)) >= sizeof(new_mask)) { + return NT_STATUS_NO_MEMORY; + } + if (strlcat(new_mask, "\\*", sizeof(new_mask)) >= sizeof(new_mask)) { + return NT_STATUS_NO_MEMORY; + } old_dir = local_state->cwd; local_state->cwd = dir; @@ -3976,8 +4163,8 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, /* open share source */ nt_status = connect_to_service(c, &cp_clistate.cli_share_src, - cli_state_remote_sockaddr(cli), - cli_state_remote_name(cli), + smbXcli_conn_remote_sockaddr(cli->conn), + smbXcli_conn_remote_name(cli->conn), info502.name, "A:"); if (!NT_STATUS_IS_OK(nt_status)) goto done; @@ -4041,7 +4228,7 @@ static int rpc_share_migrate_files(struct net_context *c, int argc, const char * return -1; } - return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_migrate_files_internals, argc, argv); } @@ -4090,7 +4277,7 @@ static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c, /* connect destination PI_SRVSVC */ nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, - &ndr_table_srvsvc.syntax_id); + &ndr_table_srvsvc); if (!NT_STATUS_IS_OK(nt_status)) return nt_status; @@ -4176,7 +4363,7 @@ static int rpc_share_migrate_security(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_migrate_security_internals, argc, argv); } @@ -4214,17 +4401,17 @@ static int rpc_share_migrate_all(struct net_context *c, int argc, /* order is important. we don't want to be locked out by the share-acl * before copying files - gd */ - ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + ret = run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_migrate_shares_internals, argc, argv); if (ret) return ret; - ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + ret = run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_migrate_files_internals, argc, argv); if (ret) return ret; - return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_migrate_security_internals, argc, argv); } @@ -4472,7 +4659,7 @@ static NTSTATUS rpc_aliaslist_dump(struct net_context *c, for (j=0; jnum_members; j++) DEBUG(1, ("%s\\%s (%d); ", - domains[j] ? domains[j] : "*unknown*", + domains[j] ? domains[j] : "*unknown*", names[j] ? names[j] : "*unknown*",types[j])); DEBUG(1, ("\n")); } @@ -4669,6 +4856,7 @@ static bool get_user_sids(const char *domain, const char *user, struct security_ for (i = 0; i < num_groups; i++) { gid_t gid = groups[i]; struct dom_sid sid; + bool ok; wbc_status = wbcGidToSid(gid, &wsid); if (!WBC_ERROR_IS_OK(wbc_status)) { @@ -4682,7 +4870,12 @@ static bool get_user_sids(const char *domain, const char *user, struct security_ DEBUG(3, (" %s\n", sid_str)); - string_to_sid(&sid, sid_str); + ok = string_to_sid(&sid, sid_str); + if (!ok) { + DEBUG(1, ("Failed to convert string to SID\n")); + wbcFreeMemory(groups); + return false; + } add_sid_to_token(token, &sid); } wbcFreeMemory(groups); @@ -4744,7 +4937,11 @@ static bool get_user_tokens(struct net_context *c, int *num_tokens, } else { *p++ = '\0'; fstrcpy(domain, users[i]); - strupper_m(domain); + if (!strupper_m(domain)) { + DEBUG(1, ("strupper_m %s failed\n", domain)); + wbcFreeMemory(users); + return false; + } fstrcpy(user, p); } @@ -4806,12 +5003,14 @@ static bool get_user_tokens_from_file(FILE *f, token = &((*tokens)[*num_tokens-1]); - strlcpy(token->name, line, sizeof(token->name)); + if (strlcpy(token->name, line, sizeof(token->name)) >= sizeof(token->name)) { + return false; + } token->token.num_sids = 0; token->token.sids = NULL; continue; } - + return false; } @@ -4821,15 +5020,15 @@ static bool get_user_tokens_from_file(FILE *f, */ static void show_userlist(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - const char *netname, - int num_tokens, - struct user_token *tokens) + struct cli_state *cli, + TALLOC_CTX *mem_ctx, + const char *netname, + int num_tokens, + struct user_token *tokens) { uint16_t fnum; struct security_descriptor *share_sd = NULL; struct security_descriptor *root_sd = NULL; - struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd); int i; union srvsvc_NetShareInfo info; WERROR result; @@ -4858,7 +5057,7 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, cnum = cli_state_get_tid(cli); - if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, netname, "A:", "", 0))) { + if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", "", 0))) { return; } @@ -4901,30 +5100,8 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, cli_close(cli, fnum); cli_tdis(cli); cli_state_set_tid(cli, cnum); - - return; -} - -struct share_list { - int num_shares; - char **shares; -}; - -static void collect_share(const char *name, uint32 m, - const char *comment, void *state) -{ - struct share_list *share_list = (struct share_list *)state; - - if (m != STYPE_DISKTREE) - return; - share_list->num_shares += 1; - share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares); - if (!share_list->shares) { - share_list->num_shares = 0; - return; - } - share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name); + return; } /** @@ -4952,16 +5129,21 @@ static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c, int argc, const char **argv) { - int ret; bool r; - uint32 i; FILE *f; + NTSTATUS nt_status = NT_STATUS_OK; + uint32_t total_entries = 0; + uint32_t resume_handle = 0; + uint32_t preferred_len = 0xffffffff; + uint32_t i; + struct dcerpc_binding_handle *b = NULL; + struct srvsvc_NetShareInfoCtr info_ctr; + struct srvsvc_NetShareCtr1 ctr1; + WERROR result; struct user_token *tokens = NULL; int num_tokens = 0; - struct share_list share_list; - if (argc == 0) { f = stdin; } else { @@ -4986,26 +5168,51 @@ static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c, for (i=0; ibinding_handle; + + /* Issue the NetShareEnum RPC call and retrieve the response */ + nt_status = dcerpc_srvsvc_NetShareEnumAll(b, + talloc_tos(), + pipe_hnd->desthost, + &info_ctr, + preferred_len, + &total_entries, + &resume_handle, + &result); + + /* Was it successful? */ + if (!NT_STATUS_IS_OK(nt_status)) { + /* Nope. Go clean up. */ + goto done; + } + + if (!W_ERROR_IS_OK(result)) { + /* Nope. Go clean up. */ + nt_status = werror_to_ntstatus(result); + goto done; + } + + if (total_entries == 0) { goto done; } - for (i = 0; i < share_list.num_shares; i++) { - char *netname = share_list.shares[i]; + /* For each returned entry... */ + for (i = 0; i < info_ctr.ctr.ctr1->count; i++) { + const char *netname = info_ctr.ctr.ctr1->array[i].name; - if (netname[strlen(netname)-1] == '$') + if (info_ctr.ctr.ctr1->array[i].type != STYPE_DISKTREE) { continue; + } d_printf("%s\n", netname); - show_userlist(pipe_hnd, mem_ctx, netname, + show_userlist(pipe_hnd, cli, mem_ctx, netname, num_tokens, tokens); } done: @@ -5013,9 +5220,8 @@ static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c, free_user_token(&tokens[i].token); } SAFE_FREE(tokens); - SAFE_FREE(share_list.shares); - return NT_STATUS_OK; + return nt_status; } static int rpc_share_allowedusers(struct net_context *c, int argc, @@ -5032,19 +5238,19 @@ static int rpc_share_allowedusers(struct net_context *c, int argc, return 0; } - result = run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + result = run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_aliaslist_internals, argc, argv); if (result != 0) return result; - result = run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0, + result = run_rpc_command(c, NULL, &ndr_table_lsarpc, 0, rpc_aliaslist_dump, argc, argv); if (result != 0) return result; - return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0, rpc_share_allowedusers_internals, argc, argv); } @@ -5062,7 +5268,7 @@ int net_usersidlist(struct net_context *c, int argc, const char **argv) if (!get_user_tokens(c, &num_tokens, &tokens)) { DEBUG(0, ("Could not get the user/sid list\n")); - return 0; + return -1; } for (i=0; ibinding_handle; + DATA_BLOB session_key = data_blob_null; if (argc != 2) { d_printf("%s\n%s", @@ -5785,10 +5993,20 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, return NT_STATUS_NO_MEMORY; } - strupper_m(acct_name); + if (!strupper_m(acct_name)) { + SAFE_FREE(acct_name); + return NT_STATUS_INVALID_PARAMETER; + } init_lsa_String(&lsa_acct_name, acct_name); + status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n", + nt_errstr(status))); + goto done; + } + /* Get samr policy handle */ status = dcerpc_samr_Connect2(b, mem_ctx, pipe_hnd->desthost, @@ -5859,7 +6077,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, ZERO_STRUCT(info.info23); init_samr_CryptPassword(argv[1], - &cli->user_session_key, + &session_key, &crypt_pwd); info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS | @@ -5886,6 +6104,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, done: SAFE_FREE(acct_name); + data_blob_clear_free(&session_key); return status; } @@ -5901,7 +6120,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv) { if (argc > 0 && !c->display_usage) { - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_trustdom_add_internals, argc, argv); } else { d_printf("%s\n%s", @@ -5961,7 +6180,10 @@ static NTSTATUS rpc_trustdom_del_internals(struct net_context *c, if (acct_name == NULL) return NT_STATUS_NO_MEMORY; - strupper_m(acct_name); + if (!strupper_m(acct_name)) { + TALLOC_FREE(acct_name); + return NT_STATUS_INVALID_PARAMETER; + } /* Get samr policy handle */ status = dcerpc_samr_Connect2(b, mem_ctx, @@ -6104,7 +6326,7 @@ static NTSTATUS rpc_trustdom_del_internals(struct net_context *c, static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv) { if (argc > 0 && !c->display_usage) { - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_samr, 0, rpc_trustdom_del_internals, argc, argv); } else { d_printf("%s\n%s", @@ -6138,7 +6360,7 @@ static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c, /* Try netr_GetDcName */ - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, &netr); if (!NT_STATUS_IS_OK(status)) { return status; @@ -6207,13 +6429,20 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, } domain_name = smb_xstrdup(argv[0]); - strupper_m(domain_name); + if (!strupper_m(domain_name)) { + SAFE_FREE(domain_name); + return -1; + } /* account name used at first is our domain's name with '$' */ if (asprintf(&acct_name, "%s$", lp_workgroup()) == -1) { return -1; } - strupper_m(acct_name); + if (!strupper_m(acct_name)) { + SAFE_FREE(domain_name); + SAFE_FREE(acct_name); + return -1; + } /* * opt_workgroup will be used by connection functions further, @@ -6278,7 +6507,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Call LsaOpenPolicy and LsaQueryInfo */ - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) )); @@ -6385,7 +6614,10 @@ static int rpc_trustdom_revoke(struct net_context *c, int argc, /* generate upper cased domain name */ domain_name = smb_xstrdup(argv[0]); - strupper_m(domain_name); + if (!strupper_m(domain_name)) { + SAFE_FREE(domain_name); + return -1; + } /* delete password of the trust */ if (!pdb_del_trusteddom_pw(domain_name)) { @@ -6436,8 +6668,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, NTSTATUS nt_status, result; union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; - uint8_t session_key[16]; - DATA_BLOB session_key_blob; + DATA_BLOB session_key; DATA_BLOB data = data_blob_null; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; @@ -6462,13 +6693,14 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, data = data_blob(info->password.password->data, info->password.password->length); - if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) { - DEBUG(0, ("Could not retrieve password hash\n")); + nt_status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(nt_status))); goto done; } - session_key_blob = data_blob_const(session_key, sizeof(session_key)); - cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob); + cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key); + data_blob_free(&session_key); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n")); @@ -6552,7 +6784,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, return -1; }; - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", @@ -6632,7 +6864,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, print_trusted_domain(dom_list.domains[i].sid, dom_list.domains[i].name.string); - nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd, + nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd, *dom_list.domains[i].sid, dom_list.domains[i].name.string); if (!NT_STATUS_IS_OK(nt_status)) { @@ -6730,7 +6962,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) return -1; }; - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", @@ -6751,7 +6983,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - + /* query info level 5 to obtain sid of a domain being queried */ nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &connect_hnd, @@ -6834,19 +7066,19 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - + TALLOC_FREE(pipe_hnd); /* * Listing trusting domains (stored in passdb backend, if local) */ - + d_printf(_("\nTrusting domains list:\n\n")); /* * Open \PIPE\samr and get needed policy handles */ - nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status))); @@ -6954,7 +7186,11 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) str[ascii_dom_name_len - 1] = '\0'; /* set opt_* variables to remote domain */ - strupper_m(str); + if (!strupper_m(str)) { + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } c->opt_workgroup = talloc_strdup(mem_ctx, str); c->opt_target_workgroup = c->opt_workgroup; @@ -6968,7 +7204,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) /* query for domain's sid */ if (run_rpc_command( c, remote_cli, - &ndr_table_lsarpc.syntax_id, 0, + &ndr_table_lsarpc, 0, rpc_query_domain_sid, argc, argv)) d_printf(_("strange - couldn't get domain's sid\n")); @@ -7092,14 +7328,16 @@ bool net_rpc_check(struct net_context *c, unsigned flags) return false; status = cli_connect_nb(server_name, &server_ss, 0, 0x20, - lp_netbios_name(), Undefined, &cli); + lp_netbios_name(), SMB_SIGNING_DEFAULT, + 0, &cli); if (!NT_STATUS_IS_OK(status)) { return false; } - status = cli_negprot(cli); + status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE, + PROTOCOL_NT1); if (!NT_STATUS_IS_OK(status)) goto done; - if (cli_state_protocol(cli) < PROTOCOL_NT1) + if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) goto done; ret = true; @@ -7119,7 +7357,7 @@ static int rpc_samdump(struct net_context *c, int argc, const char **argv) { return 0; } - return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, + return run_rpc_command(c, NULL, &ndr_table_netlogon, NET_FLAGS_ANONYMOUS, rpc_samdump_internals, argc, argv); } @@ -7208,30 +7446,30 @@ static int rpc_printer_migrate_all(struct net_context *c, int argc, return -1; } - ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_printers_internals, argc, argv); if (ret) return ret; - ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_drivers_internals, argc, argv); if (ret) return ret; - ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_forms_internals, argc, argv); if (ret) return ret; - ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_settings_internals, argc, argv); if (ret) return ret; - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_security_internals, argc, argv); @@ -7264,7 +7502,7 @@ static int rpc_printer_migrate_drivers(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_drivers_internals, argc, argv); } @@ -7296,7 +7534,7 @@ static int rpc_printer_migrate_forms(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_forms_internals, argc, argv); } @@ -7328,7 +7566,7 @@ static int rpc_printer_migrate_printers(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_printers_internals, argc, argv); } @@ -7360,7 +7598,7 @@ static int rpc_printer_migrate_security(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_security_internals, argc, argv); } @@ -7393,7 +7631,7 @@ static int rpc_printer_migrate_settings(struct net_context *c, int argc, return -1; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_migrate_settings_internals, argc, argv); } @@ -7491,7 +7729,7 @@ static int rpc_printer_list(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_list_internals, argc, argv); } @@ -7518,7 +7756,7 @@ static int rpc_printer_driver_list(struct net_context *c, int argc, return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_driver_list_internals, argc, argv); } @@ -7545,7 +7783,7 @@ static int rpc_printer_publish_publish(struct net_context *c, int argc, return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_publish_publish_internals, argc, argv); } @@ -7571,7 +7809,7 @@ static int rpc_printer_publish_update(struct net_context *c, int argc, const cha return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_publish_update_internals, argc, argv); } @@ -7598,7 +7836,7 @@ static int rpc_printer_publish_unpublish(struct net_context *c, int argc, return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_publish_unpublish_internals, argc, argv); } @@ -7625,7 +7863,7 @@ static int rpc_printer_publish_list(struct net_context *c, int argc, return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_publish_list_internals, argc, argv); } @@ -7691,7 +7929,7 @@ static int rpc_printer_publish(struct net_context *c, int argc, net_display_usage_from_functable(func); return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_publish_list_internals, argc, argv); } @@ -7794,7 +8032,7 @@ int net_rpc_printer(struct net_context *c, int argc, const char **argv) net_display_usage_from_functable(func); return 0; } - return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0, + return run_rpc_command(c, NULL, &ndr_table_spoolss, 0, rpc_printer_list_internals, argc, argv); } @@ -8001,6 +8239,14 @@ int net_rpc(struct net_context *c, int argc, const char **argv) N_("net rpc trust\n" " Manage trusts") }, + { + "conf", + net_rpc_conf, + NET_TRANSPORT_RPC, + N_("Configure a remote samba server"), + N_("net rpc conf\n" + " Configure a remote samba server") + }, {NULL, NULL, 0, NULL, NULL} };