#include "rpc_client/init_lsa.h"
#include "../libcli/security/security.h"
#include "libsmb/libsmb.h"
-#include "libsmb/clirap.h"
+#include "clirap2.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "passdb.h"
#include "../libcli/smb/smbXcli_base.h"
}
} else {
if (conn_flags & NET_FLAGS_SEAL) {
- nt_status = cli_rpc_pipe_open_generic_auth(
+ struct cli_credentials *creds = NULL;
+
+ creds = net_context_creds(c, mem_ctx);
+ if (creds == NULL) {
+ DBG_ERR("net_rpc_ntlm_creds() failed\n");
+ nt_status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ nt_status = cli_rpc_pipe_open_with_creds(
cli, table,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
- CRED_DONT_USE_KERBEROS,
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
smbXcli_conn_remote_name(cli->conn),
- lp_workgroup(), c->opt_user_name,
- c->opt_password, &pipe_hnd);
+ creds, &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, table,
DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
} else {
ret = 0;
- DEBUG(5, ("rpc command function succedded\n"));
+ DEBUG(5, ("rpc command function succeeded\n"));
}
if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
{
+ int conn_flags = NET_FLAGS_PDC;
+
+ if (!c->opt_user_specified && !c->opt_kerberos) {
+ conn_flags |= NET_FLAGS_ANONYMOUS;
+ }
+
if (c->display_usage) {
d_printf( "%s\n"
"net rpc changetrustpw\n"
}
return run_rpc_command(c, NULL, &ndr_table_netlogon,
- NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ conn_flags,
rpc_changetrustpw_internals,
argc, argv);
}
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
union samr_DomainInfo *info = NULL;
- fstring sid_str;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- sid_to_fstring(sid_str, domain_sid);
-
/* Get sam policy handle */
status = dcerpc_samr_Connect2(b, mem_ctx,
pipe_hnd->desthost,
}
status = result;
if (NT_STATUS_IS_OK(result)) {
+ struct dom_sid_buf sid_str;
+
d_printf(_("Domain Name: %s\n"),
info->general.domain_name.string);
- d_printf(_("Domain SID: %s\n"), sid_str);
+ d_printf(_("Domain SID: %s\n"),
+ dom_sid_str_buf(domain_sid, &sid_str));
d_printf(_("Sequence number: %llu\n"),
(unsigned long long)info->general.sequence_num);
d_printf(_("Num users: %u\n"), info->general.num_users);
int argc,
const char **argv)
{
- fstring sid_str;
+ struct dom_sid_buf sid_str;
- sid_to_fstring(sid_str, domain_sid);
d_printf(_("Storing SID %s for Domain %s in secrets.tdb\n"),
- sid_str, domain_name);
+ dom_sid_str_buf(domain_sid, &sid_str),
+ domain_name);
if (!secrets_store_domain_sid(domain_name, domain_sid)) {
DEBUG(0,("Can't store domain SID\n"));
{
int conn_flags = NET_FLAGS_PDC;
- if (!c->opt_user_specified) {
+ if (!c->opt_user_specified && !c->opt_kerberos) {
conn_flags |= NET_FLAGS_ANONYMOUS;
}
struct samr_Ids types;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- fstring sid_str;
- sid_to_fstring(sid_str, domain_sid);
-
status = dcerpc_samr_OpenGroup(b, mem_ctx,
domain_pol,
MAXIMUM_ALLOWED_ACCESS,
for (i = 0; i < this_time; i++) {
if (c->opt_long_list_entries) {
- printf("%s-%d %s\\%s %d\n", sid_str,
- group_rids[i], domain_name,
+ struct dom_sid sid;
+ struct dom_sid_buf sid_str;
+
+ sid_compose(&sid, domain_sid, group_rids[i]);
+
+ printf("%s %s\\%s %d\n",
+ dom_sid_str_buf(&sid, &sid_str),
+ domain_name,
names.names[i].string,
SID_NAME_USER);
} else {
}
for (i = 0; i < num_members; i++) {
- fstring sid_str;
- sid_to_fstring(sid_str, &alias_sids[i]);
+ struct dom_sid_buf sid_str;
+ dom_sid_str_buf(&alias_sids[i], &sid_str);
if (c->opt_long_list_entries) {
- printf("%s %s\\%s %d\n", sid_str,
+ printf("%s %s\\%s %d\n", sid_str.buf,
domains[i] ? domains[i] : _("*unknown*"),
names[i] ? names[i] : _("*unknown*"), types[i]);
} else {
if (domains[i])
printf("%s\\%s\n", domains[i], names[i]);
else
- printf("%s\n", sid_str);
+ printf("%s\n", sid_str.buf);
}
}
}
/**
- * sync files, can be called recursivly to list files
+ * sync files, can be called recursively to list files
* and then call copy_fn for each file
*
* @param cp_clistate pointer to the copy_clistate we work with
if (alias.num_members > 0) {
alias.members = SMB_MALLOC_ARRAY(struct dom_sid, alias.num_members);
+ if (alias.members == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
for (j = 0; j < alias.num_members; j++)
sid_copy(&alias.members[j],
d_printf("%s\n", token->name);
for (i=0; i<token->token.num_sids; i++) {
- d_printf(" %s\n", sid_string_tos(&token->token.sids[i]));
+ struct dom_sid_buf buf;
+ d_printf(" %s\n",
+ dom_sid_str_buf(&token->token.sids[i], &buf));
}
}
int i;
for (i=0; i<alias->num_members; i++) {
- if (dom_sid_compare(sid, &alias->members[i]) == 0)
+ if (dom_sid_equal(sid, &alias->members[i])) {
return true;
+ }
}
return false;
unsigned int orig_timeout;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
DATA_BLOB session_key = data_blob_null;
+ TALLOC_CTX *frame = NULL;
if (argc != 2) {
d_printf("%s\n%s",
return NT_STATUS_INVALID_PARAMETER;
}
+ frame = talloc_stackframe();
+
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
}
if (!strupper_m(acct_name)) {
- SAFE_FREE(acct_name);
- return NT_STATUS_INVALID_PARAMETER;
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
}
init_lsa_String(&lsa_acct_name, acct_name);
- status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
+ status = cli_get_session_key(frame, pipe_hnd, &session_key);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
nt_errstr(status)));
}
/* Get samr policy handle */
- status = dcerpc_samr_Connect2(b, mem_ctx,
+ status = dcerpc_samr_Connect2(b, frame,
pipe_hnd->desthost,
MAXIMUM_ALLOWED_ACCESS,
&connect_pol,
}
/* Get domain policy handle */
- status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ status = dcerpc_samr_OpenDomain(b, frame,
&connect_pol,
MAXIMUM_ALLOWED_ACCESS,
discard_const_p(struct dom_sid2, domain_sid),
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
- status = dcerpc_samr_CreateUser2(b, mem_ctx,
+ status = dcerpc_samr_CreateUser2(b, frame,
&domain_pol,
&lsa_acct_name,
acb_info,
ZERO_STRUCT(info.info23);
- init_samr_CryptPassword(argv[1],
- &session_key,
- &crypt_pwd);
+ status = init_samr_CryptPassword(argv[1],
+ &session_key,
+ &crypt_pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
SAMR_FIELD_NT_PASSWORD_PRESENT;
info.info23.info.acct_flags = ACB_DOMTRUST;
info.info23.password = crypt_pwd;
- status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ status = dcerpc_samr_SetUserInfo2(b, frame,
&user_pol,
23,
&info,
}
}
+ status = NT_STATUS_OK;
done:
SAFE_FREE(acct_name);
data_blob_clear_free(&session_key);
+ TALLOC_FREE(frame);
return status;
}
};
c->opt_user_name = acct_name;
+ c->opt_user_specified = true;
/* find the domain controller */
if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
int argc,
const char **argv)
{
- fstring str_sid;
- if (!sid_to_fstring(str_sid, domain_sid)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- d_printf("%s\n", str_sid);
+ struct dom_sid_buf sid_str;
+ d_printf("%s\n", dom_sid_str_buf(domain_sid, &sid_str));
return NT_STATUS_OK;
}
static void print_trusted_domain(struct dom_sid *dom_sid, const char *trusted_dom_name)
{
- fstring ascii_sid;
+ struct dom_sid_buf sid_str;
- /* convert sid into ascii string */
- sid_to_fstring(ascii_sid, dom_sid);
-
- d_printf("%-20s%s\n", trusted_dom_name, ascii_sid);
+ d_printf("%-20s%s\n",
+ trusted_dom_name,
+ dom_sid_str_buf(dom_sid, &sid_str));
}
static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
- "password: [%s]\n", trusted_dom_name,
- sid_string_dbg(&dom_sid), cleartextpwd));
+ {
+ struct dom_sid_buf buf;
+ DEBUG(100,("successfully vampired trusted domain [%s], "
+ "sid: [%s], password: [%s]\n",
+ trusted_dom_name,
+ dom_sid_str_buf(&dom_sid, &buf),
+ cleartextpwd));
+ }
#endif
done:
lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
0, &cli);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ DBG_ERR("NetBIOS support disabled, unable to connect\n");
+ }
return false;
}
- status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
- PROTOCOL_NT1);
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ lp_client_min_protocol(),
+ lp_client_max_protocol());
if (!NT_STATUS_IS_OK(status))
goto done;
if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1)
"security",
rpc_printer_migrate_security,
NET_TRANSPORT_RPC,
- N_("Mirgate printer ACLs to local server"),
+ N_("Migrate printer ACLs to local server"),
N_("net rpc printer migrate security\n"
- " Mirgate printer ACLs to local server")
+ " Migrate printer ACLs to local server")
},
{
"settings",