#include "includes.h"
#include "utils/net.h"
+#include "libsmb/namequery.h"
#include "rpc_client/cli_pipe.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/init_lsa.h"
#include "../libcli/security/security.h"
#include "libsmb/libsmb.h"
-#include "libsmb/clirap.h"
+#include "clirap2.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "passdb.h"
#include "../libcli/smb/smbXcli_base.h"
+#include "libsmb/dsgetdcname.h"
static int net_mode_share;
static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask);
* @brief RPC based subcommands for the 'net' utility.
*
* This file should contain much of the functionality that used to
- * be found in rpcclient, execpt that the commands should change
- * less often, and the fucntionality should be sane (the user is not
+ * be found in rpcclient, except that the commands should change
+ * less often, and the functionality should be sane (the user is not
* expected to know a rid/sid before they conduct an operation etc.)
*
* @todo Perhaps eventually these should be split out into a number
&& (ndr_syntax_id_equal(&table->syntax_id,
&ndr_table_netlogon.syntax_id))) {
/* Always try and create an schannel netlogon pipe. */
+ TALLOC_FREE(c->netlogon_creds);
nt_status = cli_rpc_pipe_open_schannel(
- cli, table, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
- &pipe_hnd);
+ cli, c->msg_ctx, table, NCACN_NP,
+ domain_name,
+ &pipe_hnd, c, &c->netlogon_creds);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
nt_errstr(nt_status) ));
}
} else {
if (conn_flags & NET_FLAGS_SEAL) {
- nt_status = cli_rpc_pipe_open_generic_auth(
+ struct cli_credentials *creds = NULL;
+
+ creds = net_context_creds(c, mem_ctx);
+ if (creds == NULL) {
+ DBG_ERR("net_rpc_ntlm_creds() failed\n");
+ nt_status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ nt_status = cli_rpc_pipe_open_with_creds(
cli, table,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
smbXcli_conn_remote_name(cli->conn),
- lp_workgroup(), c->opt_user_name,
- c->opt_password, &pipe_hnd);
+ creds, &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, table,
DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
} else {
ret = 0;
- DEBUG(5, ("rpc command function succedded\n"));
+ DEBUG(5, ("rpc command function succeeded\n"));
}
if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
}
/**
- * Force a change of the trust acccount password.
+ * Force a change of the trust account password.
*
* All parameters are provided by the run_rpc_command function, except for
* argc, argv which are passed through.
const char **argv)
{
NTSTATUS status;
+ const char *dcname = NULL;
+
+ if (cli == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
- status = trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
+ dcname = smbXcli_conn_remote_name(cli->conn);
+
+ status = trust_pw_change(c->netlogon_creds,
+ c->msg_ctx,
+ pipe_hnd->binding_handle,
+ c->opt_target_workgroup,
+ dcname,
+ true); /* force */
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Failed to change machine account password: %s\n"),
nt_errstr(status));
}
/**
- * Force a change of the trust acccount password.
+ * Force a change of the trust account password.
*
* @param argc Standard main() style argc.
* @param argv Standard main() style argv. Initial components are already
int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
{
+ int conn_flags = NET_FLAGS_PDC;
+
+ if (!c->opt_user_specified && !c->opt_kerberos) {
+ conn_flags |= NET_FLAGS_ANONYMOUS;
+ }
+
if (c->display_usage) {
d_printf( "%s\n"
"net rpc changetrustpw\n"
}
return run_rpc_command(c, NULL, &ndr_table_netlogon,
- NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ conn_flags,
rpc_changetrustpw_internals,
argc, argv);
}
* the message to be displayed when oldjoin was explicitly
* requested, but not when it was implied by "net rpc join".
*
- * This uses 'machinename' as the inital password, and changes it.
+ * This uses 'machinename' as the initial password, and changes it.
*
* The password should be created with 'server manager' or equiv first.
*
}
/*
- check what type of join - if the user want's to join as
+ check what type of join - if the user wants to join as
a BDC, the server must agree that we are a BDC.
*/
if (argc >= 0) {
pw = talloc_strndup(r, lp_netbios_name(), 14);
if (pw == NULL) {
- werr = WERR_NOMEM;
+ werr = WERR_NOT_ENOUGH_MEMORY;
goto fail;
}
r->in.admin_account = "";
r->in.admin_password = strlower_talloc(r, pw);
if (r->in.admin_password == NULL) {
- werr = WERR_NOMEM;
+ werr = WERR_NOT_ENOUGH_MEMORY;
goto fail;
}
r->in.debug = true;
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
fail:
+ if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) {
+ goto cleanup;
+ }
+
/* issue an overall failure message at the end. */
d_fprintf(stderr, _("Failed to join domain: %s\n"),
r && r->out.error_string ? r->out.error_string :
get_friendly_werror_msg(werr));
+cleanup:
TALLOC_FREE(mem_ctx);
return -1;
}
/* Display success or failure */
- status = libnet_join_ok(c->opt_workgroup, lp_netbios_name(), dc,
+ status = libnet_join_ok(c->msg_ctx,
+ c->opt_workgroup,
+ dc,
c->opt_kerberos);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,"Join to domain '%s' is not valid: %s\n",
*
**/
-int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
+static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
{
struct libnet_JoinCtx *r = NULL;
TALLOC_CTX *mem_ctx;
}
/*
- check what type of join - if the user want's to join as
+ check what type of join - if the user wants to join as
a BDC, the server must agree that we are a BDC.
*/
if (argc >= 0) {
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
int net_rpc_join(struct net_context *c, int argc, const char **argv)
{
+ int ret;
+
if (c->display_usage) {
d_printf("%s\n%s",
_("Usage:"),
return -1;
}
- if ((net_rpc_oldjoin(c, argc, argv) == 0))
+ c->opt_flags |= NET_FLAGS_EXPECT_FALLBACK;
+ ret = net_rpc_oldjoin(c, argc, argv);
+ c->opt_flags &= ~NET_FLAGS_EXPECT_FALLBACK;
+ if (ret == 0) {
return 0;
+ }
return net_rpc_join_newstyle(c, argc, argv);
}
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
union samr_DomainInfo *info = NULL;
- fstring sid_str;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- sid_to_fstring(sid_str, domain_sid);
-
/* Get sam policy handle */
status = dcerpc_samr_Connect2(b, mem_ctx,
pipe_hnd->desthost,
}
status = result;
if (NT_STATUS_IS_OK(result)) {
+ struct dom_sid_buf sid_str;
+
d_printf(_("Domain Name: %s\n"),
info->general.domain_name.string);
- d_printf(_("Domain SID: %s\n"), sid_str);
+ d_printf(_("Domain SID: %s\n"),
+ dom_sid_str_buf(domain_sid, &sid_str));
d_printf(_("Sequence number: %llu\n"),
(unsigned long long)info->general.sequence_num);
d_printf(_("Num users: %u\n"), info->general.num_users);
int argc,
const char **argv)
{
- fstring sid_str;
+ struct dom_sid_buf sid_str;
- sid_to_fstring(sid_str, domain_sid);
d_printf(_("Storing SID %s for Domain %s in secrets.tdb\n"),
- sid_str, domain_name);
+ dom_sid_str_buf(domain_sid, &sid_str),
+ domain_name);
if (!secrets_store_domain_sid(domain_name, domain_sid)) {
DEBUG(0,("Can't store domain SID\n"));
{
int conn_flags = NET_FLAGS_PDC;
- if (!c->opt_user_specified) {
+ if (!c->opt_user_specified && !c->opt_kerberos) {
conn_flags |= NET_FLAGS_ANONYMOUS;
}
struct policy_handle connect_pol, domain_pol, user_pol;
NTSTATUS status, result;
struct dom_sid sid;
- uint32 rid;
+ uint32_t rid;
enum lsa_SidType type;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
ZERO_STRUCT(domain_pol);
ZERO_STRUCT(user_pol);
- status = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
+ status = net_rpc_lookup_name(c, mem_ctx, ctx->cli,
argv[0], NULL, NULL, &sid, &type);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Could not lookup %s: %s\n"), argv[0],
NTSTATUS status, result;
const char *username;
const char *oldval = "unknown";
- uint32 oldflags, newflags;
+ uint32_t oldflags, newflags;
bool newval;
union samr_UserInfo *info = NULL;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
goto done;
}
+ if (group_rids.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
switch (name_types.ids[0])
{
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 group_rid;
+ uint32_t group_rid;
struct policy_handle group_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
member);
goto done;
}
+ if (rids.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+ if (rid_types.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
status = dcerpc_samr_OpenGroup(b, mem_ctx,
&domain_pol,
}
static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *alias_sid,
- const char *member)
+ struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *alias_sid,
+ const char *member)
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 alias_rid;
+ uint32_t alias_rid;
struct policy_handle alias_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
return NT_STATUS_UNSUCCESSFUL;
}
- result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
+ result = get_sid_from_name(cli, mem_ctx,
member, &member_sid, &member_type);
if (!NT_STATUS_IS_OK(result)) {
}
if (group_type == SID_NAME_ALIAS) {
- NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
+ NTSTATUS result = rpc_add_aliasmem(pipe_hnd, cli, mem_ctx,
&group_sid, argv[1]);
if (!NT_STATUS_IS_OK(result)) {
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 group_rid;
+ uint32_t group_rid;
struct policy_handle group_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
member);
goto done;
}
+ if (rids.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+ if (rid_types.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
status = dcerpc_samr_OpenGroup(b, mem_ctx,
&domain_pol,
}
static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *alias_sid,
- const char *member)
+ struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *alias_sid,
+ const char *member)
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 alias_rid;
+ uint32_t alias_rid;
struct policy_handle alias_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
if (!sid_split_rid(&sid, &alias_rid))
return NT_STATUS_UNSUCCESSFUL;
- result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
+ result = get_sid_from_name(cli, mem_ctx,
member, &member_sid, &member_type);
if (!NT_STATUS_IS_OK(result)) {
}
if (group_type == SID_NAME_ALIAS) {
- NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
+ NTSTATUS result = rpc_del_aliasmem(pipe_hnd, cli, mem_ctx,
&group_sid, argv[1]);
if (!NT_STATUS_IS_OK(result)) {
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
+ uint32_t start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
struct samr_SamArray *groups = NULL;
bool global = false;
bool local = false;
const char *domain_name,
const struct dom_sid *domain_sid,
struct policy_handle *domain_pol,
- uint32 rid)
+ uint32_t rid)
{
NTSTATUS result, status;
struct policy_handle group_pol;
- uint32 num_members, *group_rids;
+ uint32_t num_members, *group_rids;
int i;
struct samr_RidAttrArray *rids = NULL;
struct lsa_Strings names;
struct samr_Ids types;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- fstring sid_str;
- sid_to_fstring(sid_str, domain_sid);
-
status = dcerpc_samr_OpenGroup(b, mem_ctx,
domain_pol,
MAXIMUM_ALLOWED_ACCESS,
if (!NT_STATUS_IS_OK(result)) {
return result;
}
-
+ if (names.count != this_time) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (types.count != this_time) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
/* We only have users as members, but make the output
the same as the output of alias members */
for (i = 0; i < this_time; i++) {
if (c->opt_long_list_entries) {
- printf("%s-%d %s\\%s %d\n", sid_str,
- group_rids[i], domain_name,
+ struct dom_sid sid;
+ struct dom_sid_buf sid_str;
+
+ sid_compose(&sid, domain_sid, group_rids[i]);
+
+ printf("%s %s\\%s %d\n",
+ dom_sid_str_buf(&sid, &sid_str),
+ domain_name,
names.names[i].string,
SID_NAME_USER);
} else {
}
static NTSTATUS rpc_list_alias_members(struct net_context *c,
- struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *domain_pol,
- uint32 rid)
+ struct rpc_pipe_client *pipe_hnd,
+ struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *domain_pol,
+ uint32_t rid)
{
NTSTATUS result, status;
struct rpc_pipe_client *lsa_pipe;
struct policy_handle alias_pol, lsa_pol;
- uint32 num_members;
+ uint32_t num_members;
struct dom_sid *alias_sids;
char **domains;
char **names;
return NT_STATUS_OK;
}
- result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
+ result = cli_rpc_pipe_open_noauth(cli,
&ndr_table_lsarpc,
&lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
}
for (i = 0; i < num_members; i++) {
- fstring sid_str;
- sid_to_fstring(sid_str, &alias_sids[i]);
+ struct dom_sid_buf sid_str;
+ dom_sid_str_buf(&alias_sids[i], &sid_str);
if (c->opt_long_list_entries) {
- printf("%s %s\\%s %d\n", sid_str,
+ printf("%s %s\\%s %d\n", sid_str.buf,
domains[i] ? domains[i] : _("*unknown*"),
names[i] ? names[i] : _("*unknown*"), types[i]);
} else {
if (domains[i])
printf("%s\\%s\n", domains[i], names[i]);
else
- printf("%s\n", sid_str);
+ printf("%s\n", sid_str.buf);
}
}
if (rids.count != 1) {
d_fprintf(stderr, _("Couldn't find group %s\n"),
argv[0]);
- return result;
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
+ if (rid_types.count != 1) {
+ d_fprintf(stderr, _("Couldn't find group %s\n"),
+ argv[0]);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
}
if (rid_types.ids[0] == SID_NAME_ALIAS) {
- return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
+ return rpc_list_alias_members(c, pipe_hnd, cli, mem_ctx, &domain_pol,
rids.ids[0]);
}
NET_API_STATUS status;
char *sharename;
char *path;
- uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
- uint32 num_users=0, perms=0;
+ uint32_t type = STYPE_DISKTREE; /* only allow disk shares to be added */
+ uint32_t num_users=0, perms=0;
char *password=NULL; /* don't allow a share password */
struct SHARE_INFO_2 i2;
uint32_t parm_error = 0;
static WERROR get_share_info(struct net_context *c,
struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
- uint32 level,
+ uint32_t level,
int argc,
const char **argv,
struct srvsvc_NetShareInfoCtr *info_ctr)
{
NTSTATUS status;
- status = cli_tree_connect(cli, netname, "A:", "", 0);
+ status = cli_tree_connect(cli, netname, "A:", NULL);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("skipping [%s]: not a file share.\n"), netname);
return false;
}
static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
- const char *netname, uint32 type)
+ const char *netname, uint32_t type)
{
/* only support disk shares */
if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct srvsvc_NetShareInfoCtr ctr_src;
- uint32 i;
+ uint32_t i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
- uint32 level = 502; /* includes secdesc */
+ uint32_t level = 502; /* includes secdesc */
uint32_t parm_error = 0;
struct dcerpc_binding_handle *b;
}
/**
- * sync files, can be called recursivly to list files
+ * sync files, can be called recursively to list files
* and then call copy_fn for each file
*
* @param cp_clistate pointer to the copy_clistate we work with
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct srvsvc_NetShareInfoCtr ctr_src;
- uint32 i;
- uint32 level = 502;
+ uint32_t i;
+ uint32_t level = 502;
struct copy_clistate cp_clistate;
bool got_src_share = false;
bool got_dst_share = false;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct srvsvc_NetShareInfoCtr ctr_src;
union srvsvc_NetShareInfo info;
- uint32 i;
+ uint32_t i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
- uint32 level = 502; /* includes secdesc */
+ uint32_t level = 502; /* includes secdesc */
uint32_t parm_error = 0;
struct dcerpc_binding_handle *b;
struct full_alias {
struct dom_sid sid;
- uint32 num_members;
+ uint32_t num_members;
struct dom_sid *members;
};
/*
* Add an alias to the static list.
*/
-static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
+static void push_alias(struct full_alias *alias)
{
- if (server_aliases == NULL)
- server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
+ size_t array_size;
+
+ if (server_aliases == NULL) {
+ server_aliases = talloc_array(NULL, struct full_alias, 100);
+ if (server_aliases == NULL) {
+ smb_panic("talloc_array failed");
+ }
+ }
+
+ array_size = talloc_array_length(server_aliases);
+ if (array_size == num_server_aliases) {
+ server_aliases = talloc_realloc(NULL, server_aliases,
+ struct full_alias, array_size + 100);
+ if (server_aliases == NULL) {
+ smb_panic("talloc_realloc failed");
+ }
+ }
server_aliases[num_server_aliases] = *alias;
num_server_aliases += 1;
struct policy_handle *connect_pol,
const struct dom_sid *domain_sid)
{
- uint32 start_idx, max_entries, num_entries, i;
+ uint32_t start_idx, max_entries, num_entries, i;
struct samr_SamArray *groups = NULL;
NTSTATUS result, status;
struct policy_handle domain_pol;
if (alias.num_members > 0) {
alias.members = SMB_MALLOC_ARRAY(struct dom_sid, alias.num_members);
+ if (alias.members == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
for (j = 0; j < alias.num_members; j++)
sid_copy(&alias.members[j],
sid_compose(&alias.sid, domain_sid,
groups->entries[i].idx);
- push_alias(mem_ctx, &alias);
+ push_alias(&alias);
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
d_printf("%s\n", token->name);
for (i=0; i<token->token.num_sids; i++) {
- d_printf(" %s\n", sid_string_tos(&token->token.sids[i]));
+ struct dom_sid_buf buf;
+ d_printf(" %s\n",
+ dom_sid_str_buf(&token->token.sids[i], &buf));
}
}
int i;
for (i=0; i<alias->num_members; i++) {
- if (dom_sid_compare(sid, &alias->members[i]) == 0)
+ if (dom_sid_equal(sid, &alias->members[i])) {
return true;
+ }
}
return false;
*/
static void show_userlist(struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- const char *netname,
- int num_tokens,
- struct user_token *tokens)
+ struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ const char *netname,
+ int num_tokens,
+ struct user_token *tokens)
{
uint16_t fnum;
struct security_descriptor *share_sd = NULL;
struct security_descriptor *root_sd = NULL;
- struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
int i;
union srvsvc_NetShareInfo info;
WERROR result;
NTSTATUS status;
- uint16 cnum;
+ struct smbXcli_tcon *orig_tcon = NULL;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
&result);
if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
- DEBUG(1, ("Coult not query secdesc for share %s\n",
+ DEBUG(1, ("Could not query secdesc for share %s\n",
netname));
return;
}
netname));
}
- cnum = cli_state_get_tid(cli);
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ return;
+ }
+ }
- if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", "", 0))) {
+ if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", NULL))) {
+ cli_state_restore_tcon(cli, orig_tcon);
return;
}
if (!NT_STATUS_IS_OK(cli_ntcreate(cli, "\\", 0, READ_CONTROL_ACCESS, 0,
- FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OPEN, 0x0, 0x0, &fnum, NULL))) {
cli_query_secdesc(cli, fnum, mem_ctx, &root_sd);
}
for (i=0; i<num_tokens; i++) {
- uint32 acc_granted;
+ uint32_t acc_granted;
if (share_sd != NULL) {
status = se_access_check(share_sd, &tokens[i].token,
if (fnum != (uint16_t)-1)
cli_close(cli, fnum);
cli_tdis(cli);
- cli_state_set_tid(cli, cnum);
+ cli_state_restore_tcon(cli, orig_tcon);
return;
}
if (argc == 0) {
f = stdin;
} else {
- f = fopen(argv[0], "r");
+ if (strequal(argv[0], "-")) {
+ f = stdin;
+ } else {
+ f = fopen(argv[0], "r");
+ }
+ argv++;
+ argc--;
}
if (f == NULL) {
b = pipe_hnd->binding_handle;
+ if (argc != 0) {
+ /* Show results only for shares listed on the command line. */
+ while (*argv) {
+ const char *netname = *argv++;
+ d_printf("%s\n", netname);
+ show_userlist(pipe_hnd, cli, mem_ctx, netname,
+ num_tokens, tokens);
+ }
+ goto done;
+ }
+
/* Issue the NetShareEnum RPC call and retrieve the response */
nt_status = dcerpc_srvsvc_NetShareEnumAll(b,
talloc_tos(),
d_printf("%s\n", netname);
- show_userlist(pipe_hnd, mem_ctx, netname,
+ show_userlist(pipe_hnd, cli, mem_ctx, netname,
num_tokens, tokens);
}
done:
free_user_token(&tokens[i].token);
}
SAFE_FREE(tokens);
+ TALLOC_FREE(server_aliases);
return nt_status;
}
"allowedusers",
rpc_share_allowedusers,
NET_TRANSPORT_RPC,
- N_("Modify allowed users"),
+ N_("List allowed users"),
N_("net rpc share allowedusers\n"
- " Modify allowed users")
+ " List allowed users")
},
{
"migrate",
static int rpc_file_user(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- uint32 preferred_len = 0xffffffff, i;
+ uint32_t preferred_len = 0xffffffff, i;
char *username=NULL;
uint32_t total_entries = 0;
uint32_t entries_read = 0;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
WERROR result;
const char *msg = N_("This machine will be shutdown shortly");
- uint32 timeout = 20;
+ uint32_t timeout = 20;
struct lsa_StringLarge msg_string;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
const char **argv)
{
const char *msg = N_("This machine will be shutdown shortly");
- uint32 timeout = 20;
+ uint32_t timeout = 20;
struct lsa_StringLarge msg_string;
NTSTATUS result;
WERROR werr;
NTSTATUS status, result;
char *acct_name;
struct lsa_String lsa_acct_name;
- uint32 acb_info;
- uint32 acct_flags=0;
- uint32 user_rid;
+ uint32_t acb_info;
+ uint32_t acct_flags=0;
+ uint32_t user_rid;
uint32_t access_granted = 0;
union samr_UserInfo info;
unsigned int orig_timeout;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
DATA_BLOB session_key = data_blob_null;
+ TALLOC_CTX *frame = NULL;
if (argc != 2) {
d_printf("%s\n%s",
return NT_STATUS_INVALID_PARAMETER;
}
+ frame = talloc_stackframe();
+
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
}
if (!strupper_m(acct_name)) {
- SAFE_FREE(acct_name);
- return NT_STATUS_INVALID_PARAMETER;
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
}
init_lsa_String(&lsa_acct_name, acct_name);
- status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
+ status = cli_get_session_key(frame, pipe_hnd, &session_key);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
nt_errstr(status)));
}
/* Get samr policy handle */
- status = dcerpc_samr_Connect2(b, mem_ctx,
+ status = dcerpc_samr_Connect2(b, frame,
pipe_hnd->desthost,
MAXIMUM_ALLOWED_ACCESS,
&connect_pol,
}
/* Get domain policy handle */
- status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ status = dcerpc_samr_OpenDomain(b, frame,
&connect_pol,
MAXIMUM_ALLOWED_ACCESS,
discard_const_p(struct dom_sid2, domain_sid),
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
- status = dcerpc_samr_CreateUser2(b, mem_ctx,
+ status = dcerpc_samr_CreateUser2(b, frame,
&domain_pol,
&lsa_acct_name,
acb_info,
ZERO_STRUCT(info.info23);
- init_samr_CryptPassword(argv[1],
- &session_key,
- &crypt_pwd);
+ status = init_samr_CryptPassword(argv[1],
+ &session_key,
+ &crypt_pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
SAMR_FIELD_NT_PASSWORD_PRESENT;
info.info23.info.acct_flags = ACB_DOMTRUST;
info.info23.password = crypt_pwd;
- status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ status = dcerpc_samr_SetUserInfo2(b, frame,
&user_pol,
23,
&info,
}
}
+ status = NT_STATUS_OK;
done:
SAFE_FREE(acct_name);
data_blob_clear_free(&session_key);
+ TALLOC_FREE(frame);
return status;
}
acct_name, nt_errstr(result) );
goto done;
}
+ if (user_rids.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
status = dcerpc_samr_OpenUser(b, mem_ctx,
&domain_pol,
};
c->opt_user_name = acct_name;
+ c->opt_user_specified = true;
/* find the domain controller */
if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
int argc,
const char **argv)
{
- fstring str_sid;
- if (!sid_to_fstring(str_sid, domain_sid)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- d_printf("%s\n", str_sid);
+ struct dom_sid_buf sid_str;
+ d_printf("%s\n", dom_sid_str_buf(domain_sid, &sid_str));
return NT_STATUS_OK;
}
static void print_trusted_domain(struct dom_sid *dom_sid, const char *trusted_dom_name)
{
- fstring ascii_sid;
+ struct dom_sid_buf sid_str;
- /* convert sid into ascii string */
- sid_to_fstring(ascii_sid, dom_sid);
-
- d_printf("%-20s%s\n", trusted_dom_name, ascii_sid);
+ d_printf("%-20s%s\n",
+ trusted_dom_name,
+ dom_sid_str_buf(dom_sid, &sid_str));
}
static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
- "password: [%s]\n", trusted_dom_name,
- sid_string_dbg(&dom_sid), cleartextpwd));
+ {
+ struct dom_sid_buf buf;
+ DEBUG(100,("successfully vampired trusted domain [%s], "
+ "sid: [%s], password: [%s]\n",
+ trusted_dom_name,
+ dom_sid_str_buf(&dom_sid, &buf),
+ cleartextpwd));
+ }
#endif
done:
return false;
status = cli_connect_nb(server_name, &server_ss, 0, 0x20,
- lp_netbios_name(), SMB_SIGNING_DEFAULT,
+ lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
0, &cli);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ DBG_ERR("NetBIOS support disabled, unable to connect\n");
+ }
return false;
}
- status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
- PROTOCOL_NT1);
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ lp_client_min_protocol(),
+ lp_client_max_protocol());
if (!NT_STATUS_IS_OK(status))
goto done;
if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1)
return ret;
}
-/* dump sam database via samsync rpc calls */
-static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
- if (c->display_usage) {
- d_printf( "%s\n"
- "net rpc samdump\n"
- " %s\n",
- _("Usage:"),
- _("Dump remote SAM database"));
- return 0;
- }
-
- return run_rpc_command(c, NULL, &ndr_table_netlogon,
- NET_FLAGS_ANONYMOUS,
- rpc_samdump_internals, argc, argv);
-}
-
/* syncronise sam database via samsync rpc calls */
static int rpc_vampire(struct net_context *c, int argc, const char **argv)
{
struct functable func[] = {
- {
- "ldif",
- rpc_vampire_ldif,
- NET_TRANSPORT_RPC,
- N_("Dump remote SAM database to ldif"),
- N_("net rpc vampire ldif\n"
- " Dump remote SAM database to LDIF file or "
- "stdout")
- },
{
"keytab",
rpc_vampire_keytab,
"security",
rpc_printer_migrate_security,
NET_TRANSPORT_RPC,
- N_("Mirgate printer ACLs to local server"),
+ N_("Migrate printer ACLs to local server"),
N_("net rpc printer migrate security\n"
- " Mirgate printer ACLs to local server")
+ " Migrate printer ACLs to local server")
},
{
"settings",
N_("net rpc shutdown\n"
" Shutdown a remote server")
},
- {
- "samdump",
- rpc_samdump,
- NET_TRANSPORT_RPC,
- N_("Dump SAM data of remote NT PDC"),
- N_("net rpc samdump\n"
- " Dump SAM data of remote NT PDC")
- },
{
"vampire",
rpc_vampire,