2 Unix SMB/CIFS implementation.
5 Copyright (C) Guenther Deschner 2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
23 #include "../librpc/gen_ndr/ndr_drsuapi_c.h"
25 static WERROR cracknames(struct rpc_pipe_client *cli,
27 struct policy_handle *bind_handle,
28 enum drsuapi_DsNameFormat format_offered,
29 enum drsuapi_DsNameFormat format_desired,
32 union drsuapi_DsNameCtr *ctr)
38 union drsuapi_DsNameRequest req;
40 struct drsuapi_DsNameString *names;
41 struct dcerpc_binding_handle *b = cli->binding_handle;
43 names = talloc_zero_array(mem_ctx, struct drsuapi_DsNameString, argc);
44 W_ERROR_HAVE_NO_MEMORY(names);
46 for (i=0; i<argc; i++) {
47 names[i].str = argv[i];
50 req.req1.codepage = 1252; /* german */
51 req.req1.language = 0x00000407; /* german */
52 req.req1.count = argc;
53 req.req1.names = names;
54 req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
55 req.req1.format_offered = format_offered;
56 req.req1.format_desired = format_desired;
58 status = dcerpc_drsuapi_DsCrackNames(b, mem_ctx,
65 if (!NT_STATUS_IS_OK(status)) {
66 return ntstatus_to_werror(status);
69 if (!W_ERROR_IS_OK(werr)) {
76 static WERROR cmd_drsuapi_cracknames(struct rpc_pipe_client *cli,
77 TALLOC_CTX *mem_ctx, int argc,
84 struct GUID bind_guid;
85 struct policy_handle bind_handle;
86 struct dcerpc_binding_handle *b = cli->binding_handle;
88 union drsuapi_DsNameCtr ctr;
91 printf("usage: %s name\n", argv[0]);
95 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
97 status = dcerpc_drsuapi_DsBind(b, mem_ctx,
103 if (!NT_STATUS_IS_OK(status)) {
104 return ntstatus_to_werror(status);
107 if (!W_ERROR_IS_OK(werr)) {
111 werr = cracknames(cli, mem_ctx,
113 DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
114 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
119 if (!W_ERROR_IS_OK(werr)) {
123 for (i=0; i < ctr.ctr1->count; i++) {
124 printf("status: %d\n",
125 ctr.ctr1->array[i].status);
126 printf("dns_domain_name: %s\n",
127 ctr.ctr1->array[i].dns_domain_name);
128 printf("result_name: %s\n",
129 ctr.ctr1->array[i].result_name);
133 if (is_valid_policy_hnd(&bind_handle)) {
135 dcerpc_drsuapi_DsUnbind(b, mem_ctx, &bind_handle, &_werr);
141 static void display_domain_controller_info_01(struct drsuapi_DsGetDCConnection01 *r)
143 printf("client_ip_address:\t%s\n", r->client_ip_address);
144 printf("unknown2:\t%d\n", r->unknown2);
145 printf("connection_time:\t%d\n", r->connection_time);
146 printf("unknown4:\t%d\n", r->unknown4);
147 printf("unknown5:\t%d\n", r->unknown5);
148 printf("unknown6:\t%d\n", r->unknown6);
149 printf("client_account:\t%s\n", r->client_account);
152 static void display_domain_controller_info_1(struct drsuapi_DsGetDCInfo1 *r)
154 printf("netbios_name:\t%s\n", r->netbios_name);
155 printf("dns_name:\t%s\n", r->dns_name);
156 printf("site_name:\t%s\n", r->site_name);
157 printf("computer_dn:\t%s\n", r->computer_dn);
158 printf("server_dn:\t%s\n", r->server_dn);
159 printf("is_pdc:\t\t%s\n", r->is_pdc ? "true" : "false");
160 printf("is_enabled:\t%s\n", r->is_enabled ? "true" : "false");
163 static void display_domain_controller_info_2(struct drsuapi_DsGetDCInfo2 *r)
165 printf("netbios_name:\t%s\n", r->netbios_name);
166 printf("dns_name:\t%s\n", r->dns_name);
167 printf("site_name:\t%s\n", r->site_name);
168 printf("site_dn:\t%s\n", r->site_dn);
169 printf("computer_dn:\t%s\n", r->computer_dn);
170 printf("server_dn:\t%s\n", r->server_dn);
171 printf("ntds_dn:\t%s\n", r->ntds_dn);
172 printf("is_pdc:\t\t%s\n", r->is_pdc ? "true" : "false");
173 printf("is_enabled:\t%s\n", r->is_enabled ? "true" : "false");
174 printf("is_gc:\t\t%s\n", r->is_gc ? "true" : "false");
175 printf("site_guid:\t%s\n", GUID_string(talloc_tos(), &r->site_guid));
176 printf("computer_guid:\t%s\n", GUID_string(talloc_tos(), &r->computer_guid));
177 printf("server_guid:\t%s\n", GUID_string(talloc_tos(), &r->server_guid));
178 printf("ntds_guid:\t%s\n", GUID_string(talloc_tos(), &r->ntds_guid));
181 static void display_domain_controller_info_3(struct drsuapi_DsGetDCInfo3 *r)
183 printf("netbios_name:\t%s\n", r->netbios_name);
184 printf("dns_name:\t%s\n", r->dns_name);
185 printf("site_name:\t%s\n", r->site_name);
186 printf("site_dn:\t%s\n", r->site_dn);
187 printf("computer_dn:\t%s\n", r->computer_dn);
188 printf("server_dn:\t%s\n", r->server_dn);
189 printf("ntds_dn:\t%s\n", r->ntds_dn);
190 printf("is_pdc:\t\t%s\n", r->is_pdc ? "true" : "false");
191 printf("is_enabled:\t%s\n", r->is_enabled ? "true" : "false");
192 printf("is_gc:\t\t%s\n", r->is_gc ? "true" : "false");
193 printf("is_rodc:\t%s\n", r->is_rodc ? "true" : "false");
194 printf("site_guid:\t%s\n", GUID_string(talloc_tos(), &r->site_guid));
195 printf("computer_guid:\t%s\n", GUID_string(talloc_tos(), &r->computer_guid));
196 printf("server_guid:\t%s\n", GUID_string(talloc_tos(), &r->server_guid));
197 printf("ntds_guid:\t%s\n", GUID_string(talloc_tos(), &r->ntds_guid));
200 static void display_domain_controller_info(int32_t level,
201 union drsuapi_DsGetDCInfoCtr *ctr)
206 case DRSUAPI_DC_CONNECTION_CTR_01:
207 for (i=0; i<ctr->ctr01.count; i++) {
208 printf("----------\n");
209 display_domain_controller_info_01(&ctr->ctr01.array[i]);
212 case DRSUAPI_DC_INFO_CTR_1:
213 for (i=0; i<ctr->ctr1.count; i++) {
214 printf("----------\n");
215 display_domain_controller_info_1(&ctr->ctr1.array[i]);
218 case DRSUAPI_DC_INFO_CTR_2:
219 for (i=0; i<ctr->ctr2.count; i++) {
220 printf("----------\n");
221 display_domain_controller_info_2(&ctr->ctr2.array[i]);
224 case DRSUAPI_DC_INFO_CTR_3:
225 for (i=0; i<ctr->ctr3.count; i++) {
226 printf("----------\n");
227 display_domain_controller_info_3(&ctr->ctr3.array[i]);
235 static WERROR cmd_drsuapi_getdcinfo(struct rpc_pipe_client *cli,
236 TALLOC_CTX *mem_ctx, int argc,
242 struct GUID bind_guid;
243 struct policy_handle bind_handle;
244 struct dcerpc_binding_handle *b = cli->binding_handle;
246 const char *domain = NULL;
249 union drsuapi_DsGetDCInfoRequest req;
250 union drsuapi_DsGetDCInfoCtr ctr;
253 printf("usage: %s domain [level]\n", argv[0]);
259 level = atoi(argv[2]);
262 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
264 status = dcerpc_drsuapi_DsBind(b, mem_ctx,
270 if (!NT_STATUS_IS_OK(status)) {
271 return ntstatus_to_werror(status);
274 if (!W_ERROR_IS_OK(werr)) {
278 req.req1.domain_name = domain;
279 req.req1.level = level;
281 status = dcerpc_drsuapi_DsGetDomainControllerInfo(b, mem_ctx,
288 if (!NT_STATUS_IS_OK(status)) {
289 werr = ntstatus_to_werror(status);
293 if (!W_ERROR_IS_OK(werr)) {
297 display_domain_controller_info(level_out, &ctr);
299 if (is_valid_policy_hnd(&bind_handle)) {
301 dcerpc_drsuapi_DsUnbind(b, mem_ctx, &bind_handle, &_werr);
307 static WERROR cmd_drsuapi_writeaccountspn(struct rpc_pipe_client *cli,
308 TALLOC_CTX *mem_ctx, int argc,
314 struct GUID bind_guid;
315 struct policy_handle bind_handle;
316 struct dcerpc_binding_handle *b = cli->binding_handle;
317 struct drsuapi_DsNameString *spn_names = NULL;
321 union drsuapi_DsWriteAccountSpnRequest req;
322 union drsuapi_DsWriteAccountSpnResult result;
325 printf("usage: %s [add|replace|delete] dn [spn_names]+\n", argv[0]);
329 req.req1.unknown1 = 0; /* Unused, must be 0 */
330 req.req1.object_dn = argv[2];
331 req.req1.count = argc - 3;
333 if (strcmp(argv[1], "add") == 0) {
334 req.req1.operation = DRSUAPI_DS_SPN_OPERATION_ADD;
335 } else if (strcmp(argv[1], "replace") == 0) {
336 req.req1.operation = DRSUAPI_DS_SPN_OPERATION_REPLACE;
337 } else if (strcmp(argv[1], "delete") == 0) {
338 req.req1.operation = DRSUAPI_DS_SPN_OPERATION_DELETE;
340 printf("usage: %s [add|replace|delete] dn [spn_names]+\n", argv[0]);
344 spn_names = talloc_zero_array(mem_ctx,
345 struct drsuapi_DsNameString,
347 W_ERROR_HAVE_NO_MEMORY(spn_names);
349 for (i=0; i<req.req1.count; i++) {
350 spn_names[i].str = argv[i + 3];
353 req.req1.spn_names = spn_names;
355 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
357 status = dcerpc_drsuapi_DsBind(b, mem_ctx,
363 if (!NT_STATUS_IS_OK(status)) {
364 return ntstatus_to_werror(status);
367 if (!W_ERROR_IS_OK(werr)) {
371 status = dcerpc_drsuapi_DsWriteAccountSpn(b, mem_ctx,
379 if (!NT_STATUS_IS_OK(status)) {
380 werr = ntstatus_to_werror(status);
384 if (!W_ERROR_IS_OK(werr)) {
389 if (is_valid_policy_hnd(&bind_handle)) {
391 dcerpc_drsuapi_DsUnbind(b, mem_ctx, &bind_handle, &_werr);
397 static WERROR cmd_drsuapi_getncchanges(struct rpc_pipe_client *cli,
398 TALLOC_CTX *mem_ctx, int argc,
404 struct policy_handle bind_handle;
405 struct dcerpc_binding_handle *b = cli->binding_handle;
407 struct GUID bind_guid;
408 struct drsuapi_DsBindInfoCtr bind_info;
409 struct drsuapi_DsBindInfo28 info28;
411 const char *nc_dn = NULL;
413 DATA_BLOB session_key;
417 uint32_t level_out = 0;
418 union drsuapi_DsGetNCChangesRequest req;
419 union drsuapi_DsGetNCChangesCtr ctr;
420 struct drsuapi_DsReplicaObjectIdentifier nc;
422 struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
423 struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
424 uint32_t out_level = 0;
427 uint32_t supported_extensions = 0;
428 uint32_t replica_flags = DRSUAPI_DRS_WRIT_REP |
429 DRSUAPI_DRS_INIT_SYNC |
430 DRSUAPI_DRS_PER_SYNC |
431 DRSUAPI_DRS_GET_ANC |
432 DRSUAPI_DRS_NEVER_SYNCED;
435 printf("usage: %s [naming_context_or_object_dn [single]]\n", argv[0]);
444 if (strequal(argv[2], "single")) {
447 printf("warning: ignoring unknown argument '%s'\n",
456 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
458 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
459 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
460 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
461 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
462 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
463 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
464 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
465 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
466 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
467 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
468 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
469 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
470 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
471 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
472 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
473 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
474 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
475 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
476 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
477 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
478 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
479 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
480 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
481 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
482 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
483 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
484 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
485 info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
486 info28.site_guid = GUID_zero();
488 info28.repl_epoch = 0;
490 bind_info.length = 28;
491 bind_info.info.info28 = info28;
493 status = dcerpc_drsuapi_DsBind(b, mem_ctx,
499 if (!NT_STATUS_IS_OK(status)) {
500 return ntstatus_to_werror(status);
503 if (!W_ERROR_IS_OK(werr)) {
507 if (bind_info.length == 24) {
508 supported_extensions = bind_info.info.info24.supported_extensions;
509 } else if (bind_info.length == 28) {
510 supported_extensions = bind_info.info.info28.supported_extensions;
511 } else if (bind_info.length == 32) {
512 supported_extensions = bind_info.info.info32.supported_extensions;
513 } else if (bind_info.length == 48) {
514 supported_extensions = bind_info.info.info48.supported_extensions;
515 } else if (bind_info.length == 52) {
516 supported_extensions = bind_info.info.info52.supported_extensions;
521 union drsuapi_DsNameCtr crack_ctr;
524 name = talloc_asprintf(mem_ctx, "%s\\", lp_workgroup());
525 W_ERROR_HAVE_NO_MEMORY(name);
527 werr = cracknames(cli, mem_ctx,
529 DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
530 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
534 if (!W_ERROR_IS_OK(werr)) {
538 if (crack_ctr.ctr1->count != 1) {
539 return WERR_NO_SUCH_DOMAIN;
542 if (crack_ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
543 return WERR_NO_SUCH_DOMAIN;
546 nc_dn = talloc_strdup(mem_ctx, crack_ctr.ctr1->array[0].result_name);
547 W_ERROR_HAVE_NO_MEMORY(nc_dn);
549 printf("using: %s\n", nc_dn);
553 nc.guid = GUID_zero();
554 nc.sid = (struct dom_sid) {0};
556 if (supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
558 req.req8.naming_context = &nc;
559 req.req8.replica_flags = replica_flags;
560 req.req8.max_object_count = 402;
561 req.req8.max_ndr_size = 402116;
563 req.req8.extended_op = DRSUAPI_EXOP_REPL_OBJ;
567 req.req5.naming_context = &nc;
568 req.req5.replica_flags = replica_flags;
569 req.req5.max_object_count = 402;
570 req.req5.max_ndr_size = 402116;
572 req.req5.extended_op = DRSUAPI_EXOP_REPL_OBJ;
579 DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
580 (long long)req.req8.highwatermark.tmp_highest_usn,
581 (long long)req.req8.highwatermark.highest_usn));
584 status = dcerpc_drsuapi_DsGetNCChanges(b, mem_ctx,
591 if (!NT_STATUS_IS_OK(status)) {
592 werr = ntstatus_to_werror(status);
593 printf("Failed to get NC Changes: %s",
594 get_friendly_nt_error_msg(status));
598 if (!W_ERROR_IS_OK(werr)) {
599 printf("Failed to get NC Changes: %s",
600 get_friendly_werror_msg(werr));
604 if (level_out == 1) {
607 } else if (level_out == 2 && ctr.ctr2.mszip1.ts) {
609 ctr1 = &ctr.ctr2.mszip1.ts->ctr1;
612 status = cli_get_session_key(mem_ctx, cli, &session_key);
613 if (!NT_STATUS_IS_OK(status)) {
614 printf("Failed to get Session Key: %s",
616 return ntstatus_to_werror(status);
619 if (out_level == 1) {
620 DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
621 (long long)ctr1->new_highwatermark.tmp_highest_usn,
622 (long long)ctr1->new_highwatermark.highest_usn));
624 libnet_dssync_decrypt_attributes(mem_ctx,
628 if (ctr1->more_data) {
629 req.req5.highwatermark = ctr1->new_highwatermark;
634 if (level_out == 6) {
637 } else if (level_out == 7
638 && ctr.ctr7.level == 6
639 && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP
640 && ctr.ctr7.ctr.mszip6.ts) {
642 ctr6 = &ctr.ctr7.ctr.mszip6.ts->ctr6;
643 } else if (level_out == 7
644 && ctr.ctr7.level == 6
645 && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_XPRESS
646 && ctr.ctr7.ctr.xpress6.ts) {
648 ctr6 = &ctr.ctr7.ctr.xpress6.ts->ctr6;
651 if (out_level == 6) {
652 DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
653 (long long)ctr6->new_highwatermark.tmp_highest_usn,
654 (long long)ctr6->new_highwatermark.highest_usn));
656 libnet_dssync_decrypt_attributes(mem_ctx,
660 if (ctr6->more_data) {
661 req.req8.highwatermark = ctr6->new_highwatermark;
673 /* List of commands exported by this module */
675 struct cmd_set drsuapi_commands[] = {
678 { "dscracknames", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_cracknames, &ndr_table_drsuapi, NULL, "Crack Name", "" },
679 { "dsgetdcinfo", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_getdcinfo, &ndr_table_drsuapi, NULL, "Get Domain Controller Info", "" },
680 { "dsgetncchanges", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_getncchanges, &ndr_table_drsuapi, NULL, "Get NC Changes", "" },
681 { "dswriteaccountspn", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_writeaccountspn, &ndr_table_drsuapi, NULL, "Write Account SPN", "" },
git.samba.org / samba.git / blob