#include "includes.h"
#include "utils/net.h"
+#include "libsmb/namequery.h"
#include "rpc_client/cli_pipe.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/init_lsa.h"
#include "../libcli/security/security.h"
#include "libsmb/libsmb.h"
-#include "libsmb/clirap.h"
+#include "clirap2.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "passdb.h"
#include "../libcli/smb/smbXcli_base.h"
+#include "libsmb/dsgetdcname.h"
static int net_mode_share;
static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask);
* @brief RPC based subcommands for the 'net' utility.
*
* This file should contain much of the functionality that used to
- * be found in rpcclient, execpt that the commands should change
- * less often, and the fucntionality should be sane (the user is not
+ * be found in rpcclient, except that the commands should change
+ * less often, and the functionality should be sane (the user is not
* expected to know a rid/sid before they conduct an operation etc.)
*
* @todo Perhaps eventually these should be split out into a number
}
} else {
if (conn_flags & NET_FLAGS_SEAL) {
- nt_status = cli_rpc_pipe_open_generic_auth(
+ struct cli_credentials *creds = NULL;
+
+ creds = net_context_creds(c, mem_ctx);
+ if (creds == NULL) {
+ DBG_ERR("net_rpc_ntlm_creds() failed\n");
+ nt_status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ nt_status = cli_rpc_pipe_open_with_creds(
cli, table,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
- CRED_DONT_USE_KERBEROS,
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
smbXcli_conn_remote_name(cli->conn),
- lp_workgroup(), c->opt_user_name,
- c->opt_password, &pipe_hnd);
+ creds, &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, table,
DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
} else {
ret = 0;
- DEBUG(5, ("rpc command function succedded\n"));
+ DEBUG(5, ("rpc command function succeeded\n"));
}
if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
}
/**
- * Force a change of the trust acccount password.
+ * Force a change of the trust account password.
*
* All parameters are provided by the run_rpc_command function, except for
* argc, argv which are passed through.
}
/**
- * Force a change of the trust acccount password.
+ * Force a change of the trust account password.
*
* @param argc Standard main() style argc.
* @param argv Standard main() style argv. Initial components are already
int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
{
+ int conn_flags = NET_FLAGS_PDC;
+
+ if (!c->opt_user_specified && !c->opt_kerberos) {
+ conn_flags |= NET_FLAGS_ANONYMOUS;
+ }
+
if (c->display_usage) {
d_printf( "%s\n"
"net rpc changetrustpw\n"
}
return run_rpc_command(c, NULL, &ndr_table_netlogon,
- NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ conn_flags,
rpc_changetrustpw_internals,
argc, argv);
}
* the message to be displayed when oldjoin was explicitly
* requested, but not when it was implied by "net rpc join".
*
- * This uses 'machinename' as the inital password, and changes it.
+ * This uses 'machinename' as the initial password, and changes it.
*
* The password should be created with 'server manager' or equiv first.
*
}
/*
- check what type of join - if the user want's to join as
+ check what type of join - if the user wants to join as
a BDC, the server must agree that we are a BDC.
*/
if (argc >= 0) {
}
/*
- check what type of join - if the user want's to join as
+ check what type of join - if the user wants to join as
a BDC, the server must agree that we are a BDC.
*/
if (argc >= 0) {
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
union samr_DomainInfo *info = NULL;
- fstring sid_str;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- sid_to_fstring(sid_str, domain_sid);
-
/* Get sam policy handle */
status = dcerpc_samr_Connect2(b, mem_ctx,
pipe_hnd->desthost,
}
status = result;
if (NT_STATUS_IS_OK(result)) {
+ struct dom_sid_buf sid_str;
+
d_printf(_("Domain Name: %s\n"),
info->general.domain_name.string);
- d_printf(_("Domain SID: %s\n"), sid_str);
+ d_printf(_("Domain SID: %s\n"),
+ dom_sid_str_buf(domain_sid, &sid_str));
d_printf(_("Sequence number: %llu\n"),
(unsigned long long)info->general.sequence_num);
d_printf(_("Num users: %u\n"), info->general.num_users);
int argc,
const char **argv)
{
- fstring sid_str;
+ struct dom_sid_buf sid_str;
- sid_to_fstring(sid_str, domain_sid);
d_printf(_("Storing SID %s for Domain %s in secrets.tdb\n"),
- sid_str, domain_name);
+ dom_sid_str_buf(domain_sid, &sid_str),
+ domain_name);
if (!secrets_store_domain_sid(domain_name, domain_sid)) {
DEBUG(0,("Can't store domain SID\n"));
{
int conn_flags = NET_FLAGS_PDC;
- if (!c->opt_user_specified) {
+ if (!c->opt_user_specified && !c->opt_kerberos) {
conn_flags |= NET_FLAGS_ANONYMOUS;
}
struct samr_Ids types;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- fstring sid_str;
- sid_to_fstring(sid_str, domain_sid);
-
status = dcerpc_samr_OpenGroup(b, mem_ctx,
domain_pol,
MAXIMUM_ALLOWED_ACCESS,
for (i = 0; i < this_time; i++) {
if (c->opt_long_list_entries) {
- printf("%s-%d %s\\%s %d\n", sid_str,
- group_rids[i], domain_name,
+ struct dom_sid sid;
+ struct dom_sid_buf sid_str;
+
+ sid_compose(&sid, domain_sid, group_rids[i]);
+
+ printf("%s %s\\%s %d\n",
+ dom_sid_str_buf(&sid, &sid_str),
+ domain_name,
names.names[i].string,
SID_NAME_USER);
} else {
}
for (i = 0; i < num_members; i++) {
- fstring sid_str;
- sid_to_fstring(sid_str, &alias_sids[i]);
+ struct dom_sid_buf sid_str;
+ dom_sid_str_buf(&alias_sids[i], &sid_str);
if (c->opt_long_list_entries) {
- printf("%s %s\\%s %d\n", sid_str,
+ printf("%s %s\\%s %d\n", sid_str.buf,
domains[i] ? domains[i] : _("*unknown*"),
names[i] ? names[i] : _("*unknown*"), types[i]);
} else {
if (domains[i])
printf("%s\\%s\n", domains[i], names[i]);
else
- printf("%s\n", sid_str);
+ printf("%s\n", sid_str.buf);
}
}
}
/**
- * sync files, can be called recursivly to list files
+ * sync files, can be called recursively to list files
* and then call copy_fn for each file
*
* @param cp_clistate pointer to the copy_clistate we work with
if (alias.num_members > 0) {
alias.members = SMB_MALLOC_ARRAY(struct dom_sid, alias.num_members);
+ if (alias.members == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
for (j = 0; j < alias.num_members; j++)
sid_copy(&alias.members[j],
d_printf("%s\n", token->name);
for (i=0; i<token->token.num_sids; i++) {
- d_printf(" %s\n", sid_string_tos(&token->token.sids[i]));
+ struct dom_sid_buf buf;
+ d_printf(" %s\n",
+ dom_sid_str_buf(&token->token.sids[i], &buf));
}
}
int i;
for (i=0; i<alias->num_members; i++) {
- if (dom_sid_compare(sid, &alias->members[i]) == 0)
+ if (dom_sid_equal(sid, &alias->members[i])) {
return true;
+ }
}
return false;
if (argc == 0) {
f = stdin;
} else {
- f = fopen(argv[0], "r");
+ if (strequal(argv[0], "-")) {
+ f = stdin;
+ } else {
+ f = fopen(argv[0], "r");
+ }
+ argv++;
+ argc--;
}
if (f == NULL) {
b = pipe_hnd->binding_handle;
+ if (argc != 0) {
+ /* Show results only for shares listed on the command line. */
+ while (*argv) {
+ const char *netname = *argv++;
+ d_printf("%s\n", netname);
+ show_userlist(pipe_hnd, cli, mem_ctx, netname,
+ num_tokens, tokens);
+ }
+ goto done;
+ }
+
/* Issue the NetShareEnum RPC call and retrieve the response */
nt_status = dcerpc_srvsvc_NetShareEnumAll(b,
talloc_tos(),
"allowedusers",
rpc_share_allowedusers,
NET_TRANSPORT_RPC,
- N_("Modify allowed users"),
+ N_("List allowed users"),
N_("net rpc share allowedusers\n"
- " Modify allowed users")
+ " List allowed users")
},
{
"migrate",
unsigned int orig_timeout;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
DATA_BLOB session_key = data_blob_null;
+ TALLOC_CTX *frame = NULL;
if (argc != 2) {
d_printf("%s\n%s",
return NT_STATUS_INVALID_PARAMETER;
}
+ frame = talloc_stackframe();
+
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
}
if (!strupper_m(acct_name)) {
- SAFE_FREE(acct_name);
- return NT_STATUS_INVALID_PARAMETER;
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
}
init_lsa_String(&lsa_acct_name, acct_name);
- status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
+ status = cli_get_session_key(frame, pipe_hnd, &session_key);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
nt_errstr(status)));
}
/* Get samr policy handle */
- status = dcerpc_samr_Connect2(b, mem_ctx,
+ status = dcerpc_samr_Connect2(b, frame,
pipe_hnd->desthost,
MAXIMUM_ALLOWED_ACCESS,
&connect_pol,
}
/* Get domain policy handle */
- status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ status = dcerpc_samr_OpenDomain(b, frame,
&connect_pol,
MAXIMUM_ALLOWED_ACCESS,
discard_const_p(struct dom_sid2, domain_sid),
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
- status = dcerpc_samr_CreateUser2(b, mem_ctx,
+ status = dcerpc_samr_CreateUser2(b, frame,
&domain_pol,
&lsa_acct_name,
acb_info,
ZERO_STRUCT(info.info23);
- init_samr_CryptPassword(argv[1],
- &session_key,
- &crypt_pwd);
+ status = init_samr_CryptPassword(argv[1],
+ &session_key,
+ &crypt_pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
SAMR_FIELD_NT_PASSWORD_PRESENT;
info.info23.info.acct_flags = ACB_DOMTRUST;
info.info23.password = crypt_pwd;
- status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ status = dcerpc_samr_SetUserInfo2(b, frame,
&user_pol,
23,
&info,
}
}
+ status = NT_STATUS_OK;
done:
SAFE_FREE(acct_name);
data_blob_clear_free(&session_key);
+ TALLOC_FREE(frame);
return status;
}
};
c->opt_user_name = acct_name;
+ c->opt_user_specified = true;
/* find the domain controller */
if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
int argc,
const char **argv)
{
- fstring str_sid;
- if (!sid_to_fstring(str_sid, domain_sid)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- d_printf("%s\n", str_sid);
+ struct dom_sid_buf sid_str;
+ d_printf("%s\n", dom_sid_str_buf(domain_sid, &sid_str));
return NT_STATUS_OK;
}
static void print_trusted_domain(struct dom_sid *dom_sid, const char *trusted_dom_name)
{
- fstring ascii_sid;
-
- /* convert sid into ascii string */
- sid_to_fstring(ascii_sid, dom_sid);
+ struct dom_sid_buf sid_str;
- d_printf("%-20s%s\n", trusted_dom_name, ascii_sid);
+ d_printf("%-20s%s\n",
+ trusted_dom_name,
+ dom_sid_str_buf(dom_sid, &sid_str));
}
static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
- "password: [%s]\n", trusted_dom_name,
- sid_string_dbg(&dom_sid), cleartextpwd));
+ {
+ struct dom_sid_buf buf;
+ DEBUG(100,("successfully vampired trusted domain [%s], "
+ "sid: [%s], password: [%s]\n",
+ trusted_dom_name,
+ dom_sid_str_buf(&dom_sid, &buf),
+ cleartextpwd));
+ }
#endif
done:
lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
0, &cli);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ DBG_ERR("NetBIOS support disabled, unable to connect\n");
+ }
return false;
}
- status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
- PROTOCOL_NT1);
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ lp_client_min_protocol(),
+ lp_client_max_protocol());
if (!NT_STATUS_IS_OK(status))
goto done;
if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1)
static int rpc_vampire(struct net_context *c, int argc, const char **argv)
{
struct functable func[] = {
- {
- "ldif",
- rpc_vampire_ldif,
- NET_TRANSPORT_RPC,
- N_("Dump remote SAM database to ldif"),
- N_("net rpc vampire ldif\n"
- " Dump remote SAM database to LDIF file or "
- "stdout")
- },
{
"keytab",
rpc_vampire_keytab,
"security",
rpc_printer_migrate_security,
NET_TRANSPORT_RPC,
- N_("Mirgate printer ACLs to local server"),
+ N_("Migrate printer ACLs to local server"),
N_("net rpc printer migrate security\n"
- " Mirgate printer ACLs to local server")
+ " Migrate printer ACLs to local server")
},
{
"settings",