X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source%2Futils%2Fnet_rpc.c;h=f6f0c4054caf63a32732802a03dbde923339e97d;hb=99fc3283c4ecc791f5a242bd1983b4352ce3e6cf;hp=2ad4a2bc169869d0cb0ee7316fd5bf4fde03f984;hpb=599bb7e4707ae37f022a2f4edf918adcbfa110c2;p=kai%2Fsamba.git diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 2ad4a2bc169..f6f0c4054ca 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -3,7 +3,7 @@ Distributed SMB/CIFS Server Management Utility Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org) Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) - Copyright (C) 2004 Guenther Deschner (gd@samba.org) + Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org) Copyright (C) 2005 Jeremy Allison (jra@samba.org) Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org) @@ -23,11 +23,6 @@ #include "includes.h" #include "utils/net.h" -static void init_lsa_String(struct lsa_String *name, const char *s) -{ - name->string = s; -} - static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -93,7 +88,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, *domain_sid = info->account_domain.sid; rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol); - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return NT_STATUS_OK; } @@ -190,7 +185,7 @@ int run_rpc_command(struct cli_state *cli_arg, if (!(conn_flags & NET_FLAGS_NO_PIPE)) { if (pipe_hnd) { - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); } } @@ -456,7 +451,7 @@ NTSTATUS rpc_info_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -573,158 +568,6 @@ static int rpc_user_usage(int argc, const char **argv) return net_help_user(argc, argv); } -/** - * Add a new user to a remote RPC server - * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. - * - * @param domain_sid The domain sid acquired from the remote server - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. - * @param argc Standard main() style argc - * @param argv Standard main() style argv. Initial components are already - * stripped - * - * @return Normal NTSTATUS return. - **/ - -static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - - POLICY_HND connect_pol, domain_pol, user_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - const char *acct_name; - struct lsa_String lsa_acct_name; - uint32 acb_info; - uint32 acct_flags, user_rid; - uint32_t access_granted = 0; - struct samr_Ids user_rids, name_types; - - if (argc < 1) { - d_printf("User must be specified\n"); - rpc_user_usage(argc, argv); - return NT_STATUS_OK; - } - - acct_name = argv[0]; - init_lsa_String(&lsa_acct_name, acct_name); - - /* Get sam policy handle */ - - result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, - MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Get domain policy handle */ - - result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, domain_sid), - &domain_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Create domain user */ - - acb_info = ACB_NORMAL; - acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | - SEC_STD_WRITE_DAC | SEC_STD_DELETE | - SAMR_USER_ACCESS_SET_PASSWORD | - SAMR_USER_ACCESS_GET_ATTRIBUTES | - SAMR_USER_ACCESS_SET_ATTRIBUTES; - - result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, - &domain_pol, - &lsa_acct_name, - acb_info, - acct_flags, - &user_pol, - &access_granted, - &user_rid); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - if (argc == 2) { - - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; - uchar pwbuf[516]; - - result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids.ids[0], - &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Set password on account */ - - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - - encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); - - init_sam_user_info24(&p24, (char *)pwbuf,24); - - ctr.switch_value = 24; - ctr.info.id24 = &p24; - - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr); - - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to set password for user %s - %s\n", - acct_name, nt_errstr(result)); - - result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, - &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to delete user %s - %s\n", - acct_name, nt_errstr(result)); - return result; - } - } - - } - done: - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to add user '%s' with %s.\n", - acct_name, nt_errstr(result)); - } else { - d_printf("Added user '%s'.\n", acct_name); - } - return result; -} - /** * Add a new user to a remote RPC server * @@ -737,115 +580,34 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, static int rpc_user_add(int argc, const char **argv) { - return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_add_internals, - argc, argv); -} - -/** - * Delete a user from a remote RPC server - * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. - * - * @param domain_sid The domain sid acquired from the remote server - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. - * @param argc Standard main() style argc - * @param argv Standard main() style argv. Initial components are already - * stripped - * - * @return Normal NTSTATUS return. - **/ - -static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) -{ - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_pol, domain_pol, user_pol; - const char *acct_name; + NET_API_STATUS status; + struct USER_INFO_1 info1; + uint32_t parm_error = 0; if (argc < 1) { d_printf("User must be specified\n"); rpc_user_usage(argc, argv); - return NT_STATUS_OK; - } - - acct_name = argv[0]; - - /* Get sam policy and domain handles */ - - result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, - MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, domain_sid), - &domain_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; + return 0; } - /* Get handle on user */ - - { - struct samr_Ids user_rids, name_types; - struct lsa_String lsa_acct_name; - - init_lsa_String(&lsa_acct_name, acct_name); - - result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids.ids[0], - &user_pol); + ZERO_STRUCT(info1); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } + info1.usri1_name = argv[0]; + if (argc == 2) { + info1.usri1_password = argv[1]; } - /* Delete user */ + status = NetUserAdd(opt_host, 1, (uint8_t *)&info1, &parm_error); - result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, - &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; + if (status != 0) { + d_fprintf(stderr, "Failed to add user '%s' with: %s.\n", + argv[0], libnetapi_get_error_string(NULL, status)); + return -1; + } else { + d_printf("Added user '%s'.\n", argv[0]); } - done: - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to delete user '%s' with %s.\n", - acct_name, nt_errstr(result)); - } else { - d_printf("Deleted user '%s'.\n", acct_name); - } - - return result; + return 0; } /** @@ -876,11 +638,9 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 7; const char *old_name, *new_name; - SAM_USERINFO_CTR *user_ctr; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_7 info7; struct samr_Ids user_rids, name_types; struct lsa_String lsa_acct_name; + union samr_UserInfo *info = NULL; if (argc != 2) { d_printf("Old and new username must be specified\n"); @@ -891,13 +651,10 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, old_name = argv[0]; new_name = argv[1]; - ZERO_STRUCT(ctr); - ZERO_STRUCT(user_ctr); - /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -940,21 +697,22 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, } /* Query user info */ - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, - info_level, &user_ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + &user_pol, + info_level, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - ctr.switch_value = info_level; - ctr.info.id7 = &info7; - - init_sam_user_info7(&info7, new_name); + init_samr_user_info7(&info->info7, new_name); /* Set new name */ - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, - info_level, &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + info_level, + info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -998,8 +756,26 @@ static int rpc_user_rename(int argc, const char **argv) static int rpc_user_delete(int argc, const char **argv) { - return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_del_internals, - argc, argv); + NET_API_STATUS status; + + if (argc < 1) { + d_printf("User must be specified\n"); + rpc_user_usage(argc, argv); + return 0; + } + + status = NetUserDel(opt_host, argv[0]); + + if (status != 0) { + d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n", + argv[0], + libnetapi_get_error_string(NULL, status)); + return -1; + } else { + d_printf("Deleted user '%s'.\n", argv[0]); + } + + return 0; } /** @@ -1028,12 +804,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND connect_pol, domain_pol, user_pol; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; uchar pwbuf[516]; const char *user; const char *new_password; char *prompt = NULL; + union samr_UserInfo info; if (argc < 1) { d_printf("User must be specified\n"); @@ -1054,7 +829,7 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, /* Get sam policy and domain handles */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -1103,18 +878,17 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, /* Set password on account */ - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - encode_pw_buffer(pwbuf, new_password, STR_UNICODE); - init_sam_user_info24(&p24, (char *)pwbuf,24); + init_samr_user_info24(&info.info24, pwbuf, 24); - ctr.switch_value = 24; - ctr.info.id24 = &p24; + SamOEMhashBlob(info.info24.password.data, 516, + &cli->user_session_key); - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 24, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1186,7 +960,7 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1304,7 +1078,7 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -1373,6 +1147,9 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid, int net_rpc_user(int argc, const char **argv) { + struct libnetapi_ctx *ctx = NULL; + NET_API_STATUS status; + struct functable func[] = { {"add", rpc_user_add}, {"info", rpc_user_info}, @@ -1381,7 +1158,14 @@ int net_rpc_user(int argc, const char **argv) {"rename", rpc_user_rename}, {NULL, NULL} }; - + + status = libnetapi_init(&ctx); + if (status != 0) { + return -1; + } + libnetapi_set_username(ctx, opt_user_name); + libnetapi_set_password(ctx, opt_password); + if (argc == 0) { return run_rpc_command(NULL,PI_SAMR, 0, rpc_user_list_internals, @@ -1419,9 +1203,8 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv)) - { POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; @@ -1460,7 +1243,7 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, } result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -1503,28 +1286,28 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; - SAM_USERINFO_CTR *ctr; - SAM_USER_INFO_21 *info; + union samr_UserInfo *info = NULL; if (argc != 0) { d_fprintf(stderr, "usage: %s show \n", ctx->whoami); return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd, - 21, &ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + &info); if (!NT_STATUS_IS_OK(result)) { return result; } - info = ctr->info.id21; - - d_printf("user rid: %d, group rid: %d\n", info->user_rid, - info->group_rid); + d_printf("user rid: %d, group rid: %d\n", + info->info21.rid, + info->info21.primary_gid); return result; } @@ -1540,27 +1323,25 @@ static NTSTATUS rpc_sh_user_show(TALLOC_CTX *mem_ctx, #define FETCHSTR(name, rec) \ do { if (strequal(ctx->thiscmd, name)) { \ - oldval = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_##rec); } \ + oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \ } while (0); #define SETSTR(name, rec, flag) \ do { if (strequal(ctx->thiscmd, name)) { \ - init_unistr2(&usr->uni_##rec, argv[0], UNI_STR_TERMINATE); \ - init_uni_hdr(&usr->hdr_##rec, &usr->uni_##rec); \ - usr->fields_present |= SAMR_FIELD_##flag; } \ + init_lsa_String(&(info->info21.rec), argv[0]); \ + info->info21.fields_present |= SAMR_FIELD_##flag; } \ } while (0); static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; - SAM_USERINFO_CTR *ctr; - SAM_USER_INFO_21 *usr; const char *username; const char *oldval = ""; + union samr_UserInfo *info = NULL; if (argc > 1) { d_fprintf(stderr, "usage: %s [new value|NULL]\n", @@ -1568,44 +1349,45 @@ static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd, - 21, &ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + &info); if (!NT_STATUS_IS_OK(result)) { return result; } - usr = ctr->info.id21; - - username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name); + username = talloc_strdup(mem_ctx, info->info21.account_name.string); FETCHSTR("fullname", full_name); - FETCHSTR("homedir", home_dir); - FETCHSTR("homedrive", dir_drive); + FETCHSTR("homedir", home_directory); + FETCHSTR("homedrive", home_drive); FETCHSTR("logonscript", logon_script); FETCHSTR("profilepath", profile_path); - FETCHSTR("description", acct_desc); + FETCHSTR("description", description); if (argc == 0) { d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval); goto done; } - ZERO_STRUCTP(usr); - if (strcmp(argv[0], "NULL") == 0) { argv[0] = ""; } + ZERO_STRUCT(info->info21); + SETSTR("fullname", full_name, FULL_NAME); - SETSTR("homedir", home_dir, HOME_DIRECTORY); - SETSTR("homedrive", dir_drive, HOME_DRIVE); + SETSTR("homedir", home_directory, HOME_DIRECTORY); + SETSTR("homedrive", home_drive, HOME_DRIVE); SETSTR("logonscript", logon_script, LOGON_SCRIPT); SETSTR("profilepath", profile_path, PROFILE_PATH); - SETSTR("description", acct_desc, DESCRIPTION); + SETSTR("description", description, DESCRIPTION); - result = rpccli_samr_set_userinfo2( - pipe_hnd, mem_ctx, user_hnd, 21, - &pipe_hnd->cli->user_session_key, ctr); + result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + info); d_printf("Set %s's %s from [%s] to [%s]\n", username, ctx->thiscmd, oldval, argv[0]); @@ -1636,16 +1418,15 @@ static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; - SAM_USERINFO_CTR *ctr; - SAM_USER_INFO_21 *usr; const char *username; const char *oldval = "unknown"; uint32 oldflags, newflags; bool newval; + union samr_UserInfo *info = NULL; if ((argc > 1) || ((argc == 1) && !strequal(argv[0], "yes") && @@ -1657,17 +1438,17 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, newval = strequal(argv[0], "yes"); - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd, - 21, &ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + &info); if (!NT_STATUS_IS_OK(result)) { return result; } - usr = ctr->info.id21; - - username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name); - oldflags = usr->acb_info; - newflags = usr->acb_info; + username = talloc_strdup(mem_ctx, info->info21.account_name.string); + oldflags = info->info21.acct_flags; + newflags = info->info21.acct_flags; HANDLEFLG("disabled", DISABLED); HANDLEFLG("pwnotreq", PWNOTREQ); @@ -1679,14 +1460,15 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, goto done; } - ZERO_STRUCTP(usr); + ZERO_STRUCT(info->info21); - usr->acb_info = newflags; - usr->fields_present = SAMR_FIELD_ACCT_FLAGS; + info->info21.acct_flags = newflags; + info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS; - result = rpccli_samr_set_userinfo2( - pipe_hnd, mem_ctx, user_hnd, 21, - &pipe_hnd->cli->user_session_key, ctr); + result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + info); if (NT_STATUS_IS_OK(result)) { d_printf("Set %s's %s flag from [%s] to [%s]\n", username, @@ -1817,12 +1599,10 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, /* char **names; */ int i; /* DOM_GID *user_gids; */ - SAM_USERINFO_CTR *user_ctr; - fstring temp; struct samr_Ids group_rids, name_types; struct lsa_String lsa_acct_name; - + union samr_UserInfo *info = NULL; if (argc < 1) { d_printf("specify group\n"); @@ -1831,7 +1611,7 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, } result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -1907,23 +1687,23 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, rids->rids[i]); goto done; } - - ZERO_STRUCT(user_ctr); - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, - 21, &user_ctr); - + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + &user_pol, + 21, + &info); + if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n", rids->rids[i]); goto done; } - - if (user_ctr->info.id21->group_rid == group_rid) { - unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name, - sizeof(temp)); - if (opt_verbose) - d_printf("Group is primary group of %s\n",temp); + + if (info->info21.primary_gid == group_rid) { + if (opt_verbose) { + d_printf("Group is primary group of %s\n", + info->info21.account_name.string); + } group_is_primary = True; } @@ -2029,7 +1809,7 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -2099,7 +1879,7 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -2193,7 +1973,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli, done: if (pipe_hnd) { - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); } if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) { @@ -2235,7 +2015,7 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -2317,7 +2097,7 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -2436,7 +2216,7 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) @@ -2512,7 +2292,7 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -2634,7 +2414,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0; - struct acct_info *groups; + struct samr_SamArray *groups = NULL; bool global = False; bool local = False; bool builtin = False; @@ -2659,7 +2439,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -2726,14 +2506,16 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, do { if (!local) break; - result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, 0xffff, - &groups, &num_entries); - + result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx, + &domain_pol, + &start_idx, + &groups, + 0xffff, + &num_entries); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break; - + for (i = 0; i < num_entries; i++) { const char *description = NULL; @@ -2746,7 +2528,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, &domain_pol, 0x8, - groups[i].rid, + groups->entries[i].idx, &alias_pol))) && (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx, &alias_pol, @@ -2757,13 +2539,13 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, description = info->description.string; } } - + if (description != NULL) { - printf("%-21.21s %-50.50s\n", - groups[i].acct_name, + printf("%-21.21s %-50.50s\n", + groups->entries[i].name.string, description); } else { - printf("%s\n", groups[i].acct_name); + printf("%s\n", groups->entries[i].name.string); } } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); @@ -2783,14 +2565,16 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, do { if (!builtin) break; - result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, max_entries, - &groups, &num_entries); - + result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx, + &domain_pol, + &start_idx, + &groups, + max_entries, + &num_entries); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break; - + for (i = 0; i < num_entries; i++) { const char *description = NULL; @@ -2803,7 +2587,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, &domain_pol, 0x8, - groups[i].rid, + groups->entries[i].idx, &alias_pol))) && (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx, &alias_pol, @@ -2814,13 +2598,13 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, description = info->description.string; } } - + if (description != NULL) { - printf("%-21.21s %-50.50s\n", - groups[i].acct_name, + printf("%-21.21s %-50.50s\n", + groups->entries[i].name.string, description); } else { - printf("%s\n", groups[i].acct_name); + printf("%s\n", groups->entries[i].name.string); } } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); @@ -2964,14 +2748,14 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Couldn't open LSA policy handle\n"); - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return result; } alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); if (!alias_sids) { d_fprintf(stderr, "Out of memory\n"); - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return NT_STATUS_NO_MEMORY; } @@ -2986,7 +2770,7 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { d_fprintf(stderr, "Couldn't lookup SIDs\n"); - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return result; } @@ -3006,7 +2790,7 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd, } } - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return NT_STATUS_OK; } @@ -3026,7 +2810,7 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -3061,7 +2845,7 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); - string_to_sid(&sid_Builtin, "S-1-5-32"); + sid_copy(&sid_Builtin, &global_sid_Builtin); result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, &connect_pol, @@ -3139,7 +2923,7 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid, /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -3268,12 +3052,16 @@ static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid, const char **argv) { WERROR result; + NTSTATUS status; char *sharename; char *path; uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */ uint32 num_users=0, perms=0; char *password=NULL; /* don't allow a share password */ uint32 level = 2; + union srvsvc_NetShareInfo info; + struct srvsvc_NetShareInfo2 info2; + uint32_t parm_error = 0; if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) { return NT_STATUS_NO_MEMORY; @@ -3284,11 +3072,24 @@ static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid, return NT_STATUS_UNSUCCESSFUL; *path++ = '\0'; - result = rpccli_srvsvc_net_share_add(pipe_hnd, mem_ctx, sharename, type, - opt_comment, perms, opt_maxusers, - num_users, path, password, - level, NULL); - return werror_to_ntstatus(result); + info2.name = sharename; + info2.type = type; + info2.comment = opt_comment; + info2.permissions = perms; + info2.max_users = opt_maxusers; + info2.current_users = num_users; + info2.path = path; + info2.password = password; + + info.info2 = &info2; + + status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + level, + &info, + &parm_error, + &result); + return status; } static int rpc_share_add(int argc, const char **argv) @@ -3327,8 +3128,11 @@ static NTSTATUS rpc_share_del_internals(const DOM_SID *domain_sid, { WERROR result; - result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]); - return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + 0, + &result); } /** @@ -3357,165 +3161,104 @@ static int rpc_share_delete(int argc, const char **argv) * * @param info1 pointer to SRV_SHARE_INFO_1 to format **/ - -static void display_share_info_1(SRV_SHARE_INFO_1 *info1) -{ - fstring netname = "", remark = ""; - - rpcstr_pull_unistr2_fstring(netname, &info1->info_1_str.uni_netname); - rpcstr_pull_unistr2_fstring(remark, &info1->info_1_str.uni_remark); +static void display_share_info_1(struct srvsvc_NetShareInfo1 *r) +{ if (opt_long_list_entries) { d_printf("%-12s %-8.8s %-50s\n", - netname, share_type[info1->info_1.type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)], remark); + r->name, + share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)], + r->comment); } else { - d_printf("%s\n", netname); + d_printf("%s\n", r->name); } - } static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - uint32 level, - int argc, - const char **argv, - SRV_SHARE_INFO_CTR *ctr) + TALLOC_CTX *mem_ctx, + uint32 level, + int argc, + const char **argv, + struct srvsvc_NetShareInfoCtr *info_ctr) { WERROR result; - SRV_SHARE_INFO info; + NTSTATUS status; + union srvsvc_NetShareInfo info; /* no specific share requested, enumerate all */ if (argc == 0) { - ENUM_HND hnd; - uint32 preferred_len = 0xffffffff; + uint32_t preferred_len = 0xffffffff; + uint32_t total_entries = 0; + uint32_t resume_handle = 0; - init_enum_hnd(&hnd, 0); + info_ctr->level = level; - return rpccli_srvsvc_net_share_enum(pipe_hnd, mem_ctx, level, ctr, - preferred_len, &hnd); + status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + info_ctr, + preferred_len, + &total_entries, + &resume_handle, + &result); + return result; } /* request just one share */ - result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, argv[0], level, &info); - - if (!W_ERROR_IS_OK(result)) + status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + level, + &info, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { goto done; + } /* construct ctr */ - ZERO_STRUCTP(ctr); + ZERO_STRUCTP(info_ctr); - ctr->info_level = ctr->switch_value = level; - ctr->ptr_share_info = ctr->ptr_entries = 1; - ctr->num_entries = ctr->num_entries2 = 1; + info_ctr->level = level; switch (level) { case 1: { - char *s; - SRV_SHARE_INFO_1 *info1; - - ctr->share.info1 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_1, 1); - if (ctr->share.info1 == NULL) { - result = WERR_NOMEM; - goto done; - } - info1 = ctr->share.info1; - - memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1)); - - /* Copy pointer crap */ + struct srvsvc_NetShareCtr1 *ctr1; - memcpy(&info1->info_1, &info.share.info1.info_1, sizeof(SH_INFO_1)); + ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1); + W_ERROR_HAVE_NO_MEMORY(ctr1); - /* Duplicate strings */ + ctr1->count = 1; + ctr1->array = info.info1; - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_netname); - if (s) - init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_remark); - if (s) - init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE); + info_ctr->ctr.ctr1 = ctr1; } case 2: { - char *s; - SRV_SHARE_INFO_2 *info2; - - ctr->share.info2 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_2, 1); - if (ctr->share.info2 == NULL) { - result = WERR_NOMEM; - goto done; - } - info2 = ctr->share.info2; - - memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2)); - - /* Copy pointer crap */ + struct srvsvc_NetShareCtr2 *ctr2; - memcpy(&info2->info_2, &info.share.info2.info_2, sizeof(SH_INFO_2)); + ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2); + W_ERROR_HAVE_NO_MEMORY(ctr2); - /* Duplicate strings */ + ctr2->count = 1; + ctr2->array = info.info2; - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_netname); - if (s) - init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_remark); - if (s) - init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_path); - if (s) - init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_passwd); - if (s) - init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE); + info_ctr->ctr.ctr2 = ctr2; } case 502: { - char *s; - SRV_SHARE_INFO_502 *info502; - - ctr->share.info502 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_502, 1); - if (ctr->share.info502 == NULL) { - result = WERR_NOMEM; - goto done; - } - info502 = ctr->share.info502; - - memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502)); + struct srvsvc_NetShareCtr502 *ctr502; - /* Copy pointer crap */ + ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502); + W_ERROR_HAVE_NO_MEMORY(ctr502); - memcpy(&info502->info_502, &info.share.info502.info_502, sizeof(SH_INFO_502)); + ctr502->count = 1; + ctr502->array = info.info502; - /* Duplicate strings */ - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_netname); - if (s) - init_unistr2(&info502->info_502_str.uni_netname, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_remark); - if (s) - init_unistr2(&info502->info_502_str.uni_remark, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_path); - if (s) - init_unistr2(&info502->info_502_str.uni_path, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_passwd); - if (s) - init_unistr2(&info502->info_502_str.uni_passwd, s, UNI_STR_TERMINATE); - - info502->info_502_str.sd = dup_sec_desc(mem_ctx, info.share.info502.info_502_str.sd); - + info_ctr->ctr.ctr502 = ctr502; } - } /* switch */ - done: return result; } @@ -3544,11 +3287,18 @@ static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid, int argc, const char **argv) { - SRV_SHARE_INFO_CTR ctr; + struct srvsvc_NetShareInfoCtr info_ctr; + struct srvsvc_NetShareCtr1 ctr1; WERROR result; uint32 i, level = 1; - result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr); + ZERO_STRUCT(info_ctr); + ZERO_STRUCT(ctr1); + + info_ctr.level = 1; + info_ctr.ctr.ctr1 = &ctr1; + + result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr); if (!W_ERROR_IS_OK(result)) goto done; @@ -3560,8 +3310,8 @@ static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid, "\nShare name Type Description\n"\ "---------- ---- -----------\n"); } - for (i = 0; i < ctr.num_entries; i++) - display_share_info_1(&ctr.share.info1[i]); + for (i = 0; i < info_ctr.ctr.ctr1->count; i++) + display_share_info_1(&info_ctr.ctr.ctr1->array[i]); done: return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -3590,7 +3340,7 @@ static bool check_share_availability(struct cli_state *cli, const char *netname) return True; } -static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 type) +static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type) { /* only support disk shares */ if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) { @@ -3613,14 +3363,14 @@ static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 ty } /** - * Migrate shares from a remote RPC server to the local RPC srever + * Migrate shares from a remote RPC server to the local RPC server * * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. + * argc, argv which are passed through. * * @param domain_sid The domain sid acquired from the remote server * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. + * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc * @param argv Standard main() style argv. Initial components are already * stripped @@ -3638,13 +3388,12 @@ static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid, { WERROR result; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SRV_SHARE_INFO_CTR ctr_src; - uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */ - char *password = NULL; /* don't allow a share password */ + struct srvsvc_NetShareInfoCtr ctr_src; uint32 i; struct rpc_pipe_client *srvsvc_pipe = NULL; struct cli_state *cli_dst = NULL; uint32 level = 502; /* includes secdesc */ + uint32_t parm_error = 0; result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src); if (!W_ERROR_IS_OK(result)) @@ -3656,40 +3405,39 @@ static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid, return nt_status; - for (i = 0; i < ctr_src.num_entries; i++) { + for (i = 0; i < ctr_src.ctr.ctr502->count; i++) { + + union srvsvc_NetShareInfo info; + struct srvsvc_NetShareInfo502 info502 = + ctr_src.ctr.ctr502->array[i]; - fstring netname = "", remark = "", path = ""; /* reset error-code */ nt_status = NT_STATUS_UNSUCCESSFUL; - rpcstr_pull_unistr2_fstring( - netname, &ctr_src.share.info502[i].info_502_str.uni_netname); - rpcstr_pull_unistr2_fstring( - remark, &ctr_src.share.info502[i].info_502_str.uni_remark); - rpcstr_pull_unistr2_fstring( - path, &ctr_src.share.info502[i].info_502_str.uni_path); - - if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type)) + if (!check_share_sanity(cli, info502.name, info502.type)) continue; /* finally add the share on the dst server */ printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n", - netname, path, remark); - - result = rpccli_srvsvc_net_share_add(srvsvc_pipe, mem_ctx, netname, type, remark, - ctr_src.share.info502[i].info_502.perms, - ctr_src.share.info502[i].info_502.max_uses, - ctr_src.share.info502[i].info_502.num_uses, - path, password, level, - NULL); - + info502.name, info502.path, info502.comment); + + info.info502 = &info502; + + nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx, + srvsvc_pipe->desthost, + 502, + &info, + &parm_error, + &result); + if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) { - printf(" [%s] does already exist\n", netname); + printf(" [%s] does already exist\n", + info502.name); continue; } - if (!W_ERROR_IS_OK(result)) { + if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) { printf("cannot add share: %s\n", dos_errstr(result)); goto done; } @@ -3923,7 +3671,7 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, { WERROR result; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SRV_SHARE_INFO_CTR ctr_src; + struct srvsvc_NetShareInfoCtr ctr_src; uint32 i; uint32 level = 502; struct copy_clistate cp_clistate; @@ -3939,19 +3687,17 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, if (!W_ERROR_IS_OK(result)) goto done; - for (i = 0; i < ctr_src.num_entries; i++) { - - fstring netname = ""; + for (i = 0; i < ctr_src.ctr.ctr502->count; i++) { - rpcstr_pull_unistr2_fstring( - netname, &ctr_src.share.info502[i].info_502_str.uni_netname); + struct srvsvc_NetShareInfo502 info502 = + ctr_src.ctr.ctr502->array[i]; - if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type)) + if (!check_share_sanity(cli, info502.name, info502.type)) continue; /* one might not want to mirror whole discs :) */ - if (strequal(netname, "print$") || netname[1] == '$') { - d_printf("skipping [%s]: builtin/hidden share\n", netname); + if (strequal(info502.name, "print$") || info502.name[1] == '$') { + d_printf("skipping [%s]: builtin/hidden share\n", info502.name); continue; } @@ -3965,7 +3711,7 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, break; } printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n", - netname, + info502.name, opt_acls ? "including" : "without", opt_attrs ? "including" : "without", opt_timestamps ? "(preserving timestamps)" : ""); @@ -3979,7 +3725,7 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, /* open share source */ nt_status = connect_to_service(&cp_clistate.cli_share_src, &cli->dest_ss, cli->desthost, - netname, "A:"); + info502.name, "A:"); if (!NT_STATUS_IS_OK(nt_status)) goto done; @@ -3988,21 +3734,21 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, if (net_mode_share == NET_MODE_SHARE_MIGRATE) { /* open share destination */ nt_status = connect_to_service(&cp_clistate.cli_share_dst, - NULL, dst, netname, "A:"); + NULL, dst, info502.name, "A:"); if (!NT_STATUS_IS_OK(nt_status)) goto done; got_dst_share = True; } - if (!copy_top_level_perms(&cp_clistate, netname)) { - d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", netname); + if (!copy_top_level_perms(&cp_clistate, info502.name)) { + d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; } if (!sync_files(&cp_clistate, mask)) { - d_fprintf(stderr, "could not handle files for share: %s\n", netname); + d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -4061,12 +3807,13 @@ static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid, { WERROR result; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SRV_SHARE_INFO_CTR ctr_src; - SRV_SHARE_INFO info; + struct srvsvc_NetShareInfoCtr ctr_src; + union srvsvc_NetShareInfo info; uint32 i; struct rpc_pipe_client *srvsvc_pipe = NULL; struct cli_state *cli_dst = NULL; uint32 level = 502; /* includes secdesc */ + uint32_t parm_error = 0; result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src); @@ -4079,41 +3826,35 @@ static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid, return nt_status; - for (i = 0; i < ctr_src.num_entries; i++) { + for (i = 0; i < ctr_src.ctr.ctr502->count; i++) { + + struct srvsvc_NetShareInfo502 info502 = + ctr_src.ctr.ctr502->array[i]; - fstring netname = "", remark = "", path = ""; /* reset error-code */ nt_status = NT_STATUS_UNSUCCESSFUL; - rpcstr_pull_unistr2_fstring( - netname, &ctr_src.share.info502[i].info_502_str.uni_netname); - rpcstr_pull_unistr2_fstring( - remark, &ctr_src.share.info502[i].info_502_str.uni_remark); - rpcstr_pull_unistr2_fstring( - path, &ctr_src.share.info502[i].info_502_str.uni_path); - - if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type)) + if (!check_share_sanity(cli, info502.name, info502.type)) continue; printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n", - netname, path, remark); + info502.name, info502.path, info502.comment); if (opt_verbose) - display_sec_desc(ctr_src.share.info502[i].info_502_str.sd); - - /* init info */ - ZERO_STRUCT(info); - - info.switch_value = level; - info.ptr_share_ctr = 1; + display_sec_desc(info502.sd_buf.sd); /* FIXME: shouldn't we be able to just set the security descriptor ? */ - info.share.info502 = ctr_src.share.info502[i]; + info.info502 = &info502; /* finally modify the share on the dst server */ - result = rpccli_srvsvc_net_share_set_info(srvsvc_pipe, mem_ctx, netname, level, &info); - - if (!W_ERROR_IS_OK(result)) { + nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx, + srvsvc_pipe->desthost, + info502.name, + level, + &info, + &parm_error, + &result); + if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) { printf("cannot set share-acl: %s\n", dos_errstr(result)); goto done; } @@ -4243,7 +3984,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, const DOM_SID *domain_sid) { uint32 start_idx, max_entries, num_entries, i; - struct acct_info *groups; + struct samr_SamArray *groups = NULL; NTSTATUS result; POLICY_HND domain_pol; @@ -4261,10 +4002,12 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, max_entries = 250; do { - result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, max_entries, - &groups, &num_entries); - + result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx, + &domain_pol, + &start_idx, + &groups, + max_entries, + &num_entries); for (i = 0; i < num_entries; i++) { POLICY_HND alias_pol; @@ -4275,7 +4018,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, &domain_pol, MAXIMUM_ALLOWED_ACCESS, - groups[i].rid, + groups->entries[i].idx, &alias_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -4303,7 +4046,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, } sid_copy(&alias.sid, domain_sid); - sid_append_rid(&alias.sid, groups[i].rid); + sid_append_rid(&alias.sid, groups->entries[i].idx); push_alias(mem_ctx, &alias); } @@ -4398,7 +4141,7 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol; result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -4523,85 +4266,84 @@ static void collect_alias_memberships(NT_USER_TOKEN *token) static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token) { - struct winbindd_request request; - struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + enum wbcSidType type; fstring full_name; - NSS_STATUS result; - + struct wbcDomainSid wsid; + char *sid_str = NULL; DOM_SID user_sid; - - int i; + uint32_t num_groups; + gid_t *groups = NULL; + uint32_t i; fstr_sprintf(full_name, "%s%c%s", domain, *lp_winbind_separator(), user); /* First let's find out the user sid */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); + wbc_status = wbcLookupName(domain, user, &wsid, &type); - fstrcpy(request.data.name.dom_name, domain); - fstrcpy(request.data.name.name, user); - - result = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not find %s: %s\n", + full_name, wbcErrorString(wbc_status))); + return false; + } - if (result != NSS_STATUS_SUCCESS) { - DEBUG(1, ("winbind could not find %s\n", full_name)); - return False; + wbc_status = wbcSidToString(&wsid, &sid_str); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; } - if (response.data.sid.type != SID_NAME_USER) { + if (type != SID_NAME_USER) { + wbcFreeMemory(sid_str); DEBUG(1, ("%s is not a user\n", full_name)); - return False; + return false; } - string_to_sid(&user_sid, response.data.sid.sid); + string_to_sid(&user_sid, sid_str); + wbcFreeMemory(sid_str); + sid_str = NULL; init_user_token(token, &user_sid); /* And now the groups winbind knows about */ - ZERO_STRUCT(response); - - fstrcpy(request.data.username, full_name); - - result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response); - - if (result != NSS_STATUS_SUCCESS) { - DEBUG(1, ("winbind could not get groups of %s\n", full_name)); - return False; + wbc_status = wbcGetGroups(full_name, &num_groups, &groups); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not get groups of %s: %s\n", + full_name, wbcErrorString(wbc_status))); + return false; } - for (i = 0; i < response.data.num_entries; i++) { - gid_t gid = ((gid_t *)response.extra_data.data)[i]; + for (i = 0; i < num_groups; i++) { + gid_t gid = groups[i]; DOM_SID sid; - struct winbindd_request sidrequest; - struct winbindd_response sidresponse; - - ZERO_STRUCT(sidrequest); - ZERO_STRUCT(sidresponse); - - sidrequest.data.gid = gid; - - result = winbindd_request_response(WINBINDD_GID_TO_SID, - &sidrequest, &sidresponse); + wbc_status = wbcGidToSid(gid, &wsid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not find SID of gid %d: %s\n", + gid, wbcErrorString(wbc_status))); + wbcFreeMemory(groups); + return false; + } - if (result != NSS_STATUS_SUCCESS) { - DEBUG(1, ("winbind could not find SID of gid %d\n", - gid)); - return False; + wbc_status = wbcSidToString(&wsid, &sid_str); + if (!WBC_ERROR_IS_OK(wbc_status)) { + wbcFreeMemory(groups); + return false; } - DEBUG(3, (" %s\n", sidresponse.data.sid.sid)); + DEBUG(3, (" %s\n", sid_str)); + + string_to_sid(&sid, sid_str); + wbcFreeMemory(sid_str); + sid_str = NULL; - string_to_sid(&sid, sidresponse.data.sid.sid); add_sid_to_token(token, &sid); } + wbcFreeMemory(groups); - SAFE_FREE(response.extra_data.data); - - return True; + return true; } /** @@ -4610,11 +4352,9 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens) { - struct winbindd_request request; - struct winbindd_response response; - const char *extra_data; - char *name; - int i; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + uint32_t i, num_users; + const char **users; struct user_token *result; TALLOC_CTX *frame = NULL; @@ -4622,58 +4362,43 @@ static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens) (opt_target_workgroup == NULL)) { d_fprintf(stderr, "winbind use default domain = yes set, " "please specify a workgroup\n"); - return False; + return false; } /* Send request to winbind daemon */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Look through extra data */ - - if (!response.extra_data.data) - return False; - - extra_data = (const char *)response.extra_data.data; - *num_tokens = 0; - - frame = talloc_stackframe(); - while(next_token_talloc(frame, &extra_data, &name, ",")) { - *num_tokens += 1; + wbc_status = wbcListUsers(NULL, &num_users, &users); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not list users: %s\n", + wbcErrorString(wbc_status))); + return false; } - result = SMB_MALLOC_ARRAY(struct user_token, *num_tokens); + result = SMB_MALLOC_ARRAY(struct user_token, num_users); if (result == NULL) { DEBUG(1, ("Could not malloc sid array\n")); - TALLOC_FREE(frame); - return False; + wbcFreeMemory(users); + return false; } - extra_data = (const char *)response.extra_data.data; - i=0; - - while(next_token_talloc(frame, &extra_data, &name, ",")) { + frame = talloc_stackframe(); + for (i=0; i < num_users; i++) { fstring domain, user; char *p; - fstrcpy(result[i].name, name); + fstrcpy(result[i].name, users[i]); - p = strchr(name, *lp_winbind_separator()); + p = strchr(users[i], *lp_winbind_separator()); - DEBUG(3, ("%s\n", name)); + DEBUG(3, ("%s\n", users[i])); if (p == NULL) { fstrcpy(domain, opt_target_workgroup); - fstrcpy(user, name); + fstrcpy(user, users[i]); } else { *p++ = '\0'; - fstrcpy(domain, name); + fstrcpy(domain, users[i]); strupper_m(domain); fstrcpy(user, p); } @@ -4682,11 +4407,12 @@ static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens) i+=1; } TALLOC_FREE(frame); - SAFE_FREE(response.extra_data.data); + wbcFreeMemory(users); + *num_tokens = num_users; *user_tokens = result; - return True; + return true; } static bool get_user_tokens_from_file(FILE *f, @@ -4756,20 +4482,25 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, SEC_DESC *root_sd = NULL; struct cli_state *cli = pipe_hnd->cli; int i; - SRV_SHARE_INFO info; + union srvsvc_NetShareInfo info; WERROR result; + NTSTATUS status; uint16 cnum; - result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, netname, - 502, &info); + status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + netname, + 502, + &info, + &result); - if (!W_ERROR_IS_OK(result)) { + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { DEBUG(1, ("Coult not query secdesc for share %s\n", netname)); return; } - share_sd = info.share.info502.info_502_str.sd; + share_sd = info.info502->sd_buf.sd; if (share_sd == NULL) { DEBUG(1, ("Got no secdesc for share %s\n", netname)); @@ -4789,7 +4520,6 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, for (i=0; i 3)) { d_fprintf(stderr, "usage: %s [comment]\n", @@ -5061,12 +4795,25 @@ static NTSTATUS rpc_sh_share_add(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_srvsvc_net_share_add( - pipe_hnd, mem_ctx, argv[0], STYPE_DISKTREE, - (argc == 3) ? argv[2] : "", - 0, 0, 0, argv[1], NULL, 2, NULL); - - return werror_to_ntstatus(result); + info2.name = argv[0]; + info2.type = STYPE_DISKTREE; + info2.comment = (argc == 3) ? argv[2] : ""; + info2.permissions = 0; + info2.max_users = 0; + info2.current_users = 0; + info2.path = argv[1]; + info2.password = NULL; + + info.info2 = &info2; + + status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + 2, + &info, + &parm_err, + &result); + + return status; } static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx, @@ -5075,14 +4822,20 @@ static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx, int argc, const char **argv) { WERROR result; + NTSTATUS status; if (argc != 1) { d_fprintf(stderr, "usage: %s \n", ctx->whoami); return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]); - return werror_to_ntstatus(result); + status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + 0, + &result); + + return status; } static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx, @@ -5090,34 +4843,29 @@ static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_hnd, int argc, const char **argv) { - SRV_SHARE_INFO info; - SRV_SHARE_INFO_2 *info2 = &info.share.info2; + union srvsvc_NetShareInfo info; WERROR result; + NTSTATUS status; if (argc != 1) { d_fprintf(stderr, "usage: %s \n", ctx->whoami); return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_srvsvc_net_share_get_info( - pipe_hnd, mem_ctx, argv[0], 2, &info); - if (!W_ERROR_IS_OK(result)) { + status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + 2, + &info, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { goto done; } - d_printf("Name: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_netname)); - d_printf("Comment: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_remark)); - - d_printf("Path: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_path)); - d_printf("Password: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_passwd)); + d_printf("Name: %s\n", info.info2->name); + d_printf("Comment: %s\n", info.info2->comment); + d_printf("Path: %s\n", info.info2->path); + d_printf("Password: %s\n", info.info2->password); done: return werror_to_ntstatus(result); @@ -5177,7 +4925,7 @@ static NTSTATUS rpc_file_close_internals(const DOM_SID *domain_sid, const char **argv) { return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, atoi(argv[0]), NULL); } @@ -5205,19 +4953,13 @@ static int rpc_file_close(int argc, const char **argv) /** * Formatted print of open file info * - * @param info3 FILE_INFO_3 contents - * @param str3 strings for FILE_INFO_3 + * @param r struct srvsvc_NetFileInfo3 contents **/ -static void display_file_info_3( FILE_INFO_3 *info3 ) +static void display_file_info_3(struct srvsvc_NetFileInfo3 *r) { - fstring user = "", path = ""; - - rpcstr_pull_unistr2_fstring(user, info3->user); - rpcstr_pull_unistr2_fstring(path, info3->path); - d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n", - info3->id, user, info3->perms, info3->num_locks, path); + r->fid, r->user, r->permissions, r->num_locks, r->path); } /** @@ -5244,22 +4986,36 @@ static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid, int argc, const char **argv) { - SRV_FILE_INFO_CTR ctr; + struct srvsvc_NetFileInfoCtr info_ctr; + struct srvsvc_NetFileCtr3 ctr3; WERROR result; - ENUM_HND hnd; + NTSTATUS status; uint32 preferred_len = 0xffffffff, i; const char *username=NULL; - - init_enum_hnd(&hnd, 0); + uint32_t total_entries = 0; + uint32_t resume_handle = 0; /* if argc > 0, must be user command */ if (argc > 0) username = smb_xstrdup(argv[0]); - - result = rpccli_srvsvc_net_file_enum(pipe_hnd, - mem_ctx, 3, username, &ctr, preferred_len, &hnd); - if (!W_ERROR_IS_OK(result)) + ZERO_STRUCT(info_ctr); + ZERO_STRUCT(ctr3); + + info_ctr.level = 3; + info_ctr.ctr.ctr3 = &ctr3; + + status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + NULL, + username, + &info_ctr, + preferred_len, + &total_entries, + &resume_handle, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) goto done; /* Display results */ @@ -5268,8 +5024,8 @@ static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid, "\nEnumerating open files on remote server:\n\n"\ "\nFileId Opened by Perms Locks Path"\ "\n------ --------- ----- ----- ---- \n"); - for (i = 0; i < ctr.num_entries; i++) - display_file_info_3(&ctr.file.info3[i]); + for (i = 0; i < total_entries; i++) + display_file_info_3(&info_ctr.ctr.ctr3->array[i]); done: return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -5594,6 +5350,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, uint32 acct_flags=0; uint32 user_rid; uint32_t access_granted = 0; + union samr_UserInfo info; if (argc != 2) { d_printf("Usage: net rpc trustdom add \n"); @@ -5614,7 +5371,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, /* Get samr policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -5652,36 +5409,43 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, } { - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_23 p23; NTTIME notime; - char nostr[] = ""; - LOGON_HRS hrs; + struct samr_LogonHours hours; + struct lsa_BinaryString parameters; + const int units_per_week = 168; uchar pwbuf[516]; encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); - ZERO_STRUCT(ctr); - ZERO_STRUCT(p23); ZERO_STRUCT(notime); - hrs.max_len = 1260; - hrs.offset = 0; - hrs.len = 21; - memset(hrs.hours, 0xFF, sizeof(hrs.hours)); - acb_info = ACB_DOMTRUST; - - init_sam_user_info23A(&p23, ¬ime, ¬ime, ¬ime, - ¬ime, ¬ime, ¬ime, - nostr, nostr, nostr, nostr, nostr, - nostr, nostr, nostr, nostr, nostr, - 0, 0, acb_info, SAMR_FIELD_ACCT_FLAGS, 168, &hrs, - 0, 0, (char *)pwbuf); - ctr.switch_value = 23; - ctr.info.id23 = &p23; - p23.passmustchange = 0; - - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23, - &cli->user_session_key, &ctr); + ZERO_STRUCT(hours); + ZERO_STRUCT(parameters); + + hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week); + if (!hours.bits) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + hours.units_per_week = units_per_week; + memset(hours.bits, 0xFF, units_per_week); + + init_samr_user_info23(&info.info23, + notime, notime, notime, + notime, notime, notime, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, ¶meters, + 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + hours, + 0, 0, 0, 0, 0, 0, 0, + pwbuf, 24); + + SamOEMhashBlob(info.info23.password.data, 516, + &cli->user_session_key); + + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 23, + &info); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("Could not set trust account password: %s\n", @@ -5763,7 +5527,7 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, /* Get samr policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { @@ -5856,7 +5620,49 @@ static int rpc_trustdom_del(int argc, const char **argv) return -1; } } - + +static NTSTATUS rpc_trustdom_get_pdc(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + const char *domain_name) +{ + char *dc_name = NULL; + const char *buffer = NULL; + struct rpc_pipe_client *netr; + NTSTATUS status; + + /* Use NetServerEnum2 */ + + if (cli_get_pdc_name(cli, domain_name, &dc_name)) { + SAFE_FREE(dc_name); + return NT_STATUS_OK; + } + + DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\ + for domain %s\n", domain_name)); + + /* Try netr_GetDcName */ + + netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &status); + if (!netr) { + return status; + } + + status = rpccli_netr_GetDcName(netr, mem_ctx, + cli->desthost, + domain_name, + &buffer, + NULL); + TALLOC_FREE(netr); + + if (NT_STATUS_IS_OK(status)) { + return status; + } + + DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\ + for domain %s\n", domain_name)); + + return status; +} /** * Establish trust relationship to a trusting domain. @@ -5881,7 +5687,6 @@ static int rpc_trustdom_establish(int argc, const char **argv) char* domain_name; char* acct_name; fstring pdc_name; - char *dc_name; union lsa_PolicyInformation *info = NULL; /* @@ -5942,18 +5747,6 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } - /* - * Use NetServerEnum2 to make sure we're talking to a proper server - */ - - if (!cli_get_pdc_name(cli, domain_name, &dc_name)) { - DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\ - for domain %s\n", domain_name)); - cli_shutdown(cli); - return -1; - } - SAFE_FREE(dc_name); - if (!(mem_ctx = talloc_init("establishing trust relationship to " "domain %s", domain_name))) { DEBUG(0, ("talloc_init() failed\n")); @@ -5961,6 +5754,15 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } + /* Make sure we're talking to a proper server */ + + nt_status = rpc_trustdom_get_pdc(cli, mem_ctx, domain_name); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } + /* * Call LsaOpenPolicy and LsaQueryInfo */ @@ -6125,7 +5927,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, const char *trusted_dom_name) { NTSTATUS nt_status; - union lsa_TrustedDomainInfo info; + union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; DATA_BLOB data; @@ -6140,12 +5942,8 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, goto done; } - data = data_blob(NULL, info.password.password->length); - - memcpy(data.data, - info.password.password->data, - info.password.password->length); - data.length = info.password.password->length; + data = data_blob(info->password.password->data, + info->password.password->length); cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, &data); @@ -6163,7 +5961,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, } #ifdef DEBUG_PASSWORD - DEBUG(100,("sucessfully vampired trusted domain [%s], sid: [%s], " + DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], " "password: [%s]\n", trusted_dom_name, sid_string_dbg(&dom_sid), cleartextpwd)); #endif @@ -6188,10 +5986,9 @@ static int rpc_trustdom_vampire(int argc, const char **argv) union lsa_PolicyInformation *info = NULL; /* trusted domains listing variables */ - unsigned int num_domains, enum_ctx = 0; + unsigned int enum_ctx = 0; int i; - DOM_SID *domain_sids; - char **trusted_dom_names; + struct lsa_DomainList dom_list; fstring pdc_name; /* @@ -6266,10 +6063,11 @@ static int rpc_trustdom_vampire(int argc, const char **argv) d_printf("Vampire trusted domains:\n\n"); do { - nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx, - &num_domains, - &trusted_dom_names, &domain_sids); - + nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx, + &connect_hnd, + &enum_ctx, + &dom_list, + (uint32_t)-1); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); @@ -6277,13 +6075,15 @@ static int rpc_trustdom_vampire(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - - for (i = 0; i < num_domains; i++) { - print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]); + for (i = 0; i < dom_list.count; i++) { + + print_trusted_domain(dom_list.domains[i].sid, + dom_list.domains[i].name.string); nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd, - domain_sids[i], trusted_dom_names[i]); + *dom_list.domains[i].sid, + dom_list.domains[i].name.string); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(cli); talloc_destroy(mem_ctx); @@ -6295,7 +6095,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) * in case of no trusted domains say something rather * than just display blank line */ - if (!num_domains) d_printf("none\n"); + if (!dom_list.count) d_printf("none\n"); } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); @@ -6333,15 +6133,13 @@ static int rpc_trustdom_list(int argc, const char **argv) /* trusted domains listing variables */ unsigned int num_domains, enum_ctx = 0; int i, pad_len, col_len = 20; - DOM_SID *domain_sids; - char **trusted_dom_names; + struct lsa_DomainList dom_list; fstring pdc_name; /* trusting domains listing variables */ POLICY_HND domain_hnd; - char **trusting_dom_names; - uint32 *trusting_dom_rids; - + struct samr_SamArray *trusts = NULL; + /* * Listing trusted domains (stored in secrets.tdb, if local) */ @@ -6414,10 +6212,11 @@ static int rpc_trustdom_list(int argc, const char **argv) d_printf("Trusted domains list:\n\n"); do { - nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx, - &num_domains, - &trusted_dom_names, &domain_sids); - + nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx, + &connect_hnd, + &enum_ctx, + &dom_list, + (uint32_t)-1); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); @@ -6425,16 +6224,17 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - - for (i = 0; i < num_domains; i++) { - print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]); + + for (i = 0; i < dom_list.count; i++) { + print_trusted_domain(dom_list.domains[i].sid, + dom_list.domains[i].name.string); }; - + /* * in case of no trusted domains say something rather * than just display blank line */ - if (!num_domains) d_printf("none\n"); + if (!dom_list.count) d_printf("none\n"); } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); @@ -6448,7 +6248,7 @@ static int rpc_trustdom_list(int argc, const char **argv) return -1; }; - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); /* * Listing trusting domains (stored in passdb backend, if local) @@ -6469,7 +6269,7 @@ static int rpc_trustdom_list(int argc, const char **argv) /* SamrConnect2 */ nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, SA_RIGHT_SAM_OPEN_DOMAIN, &connect_hnd); if (!NT_STATUS_IS_OK(nt_status)) { @@ -6501,11 +6301,14 @@ static int rpc_trustdom_list(int argc, const char **argv) enum_ctx = 0; /* reset enumeration context from last enumeration */ do { - - nt_status = rpccli_samr_enum_dom_users(pipe_hnd, mem_ctx, &domain_hnd, - &enum_ctx, ACB_DOMTRUST, 0xffff, - &trusting_dom_names, &trusting_dom_rids, - &num_domains); + + nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx, + &domain_hnd, + &enum_ctx, + ACB_DOMTRUST, + &trusts, + 0xffff, + &num_domains); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n", nt_errstr(nt_status))); @@ -6513,9 +6316,11 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - + for (i = 0; i < num_domains; i++) { + char *str = CONST_DISCARD(char *, trusts->entries[i].name.string); + /* * get each single domain's sid (do we _really_ need this ?): * 1) connect to domain's pdc @@ -6523,22 +6328,22 @@ static int rpc_trustdom_list(int argc, const char **argv) */ /* get rid of '$' tail */ - ascii_dom_name_len = strlen(trusting_dom_names[i]); + ascii_dom_name_len = strlen(str); if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN) - trusting_dom_names[i][ascii_dom_name_len - 1] = '\0'; - + str[ascii_dom_name_len - 1] = '\0'; + /* calculate padding space for d_printf to look nicer */ - pad_len = col_len - strlen(trusting_dom_names[i]); + pad_len = col_len - strlen(str); padding[pad_len] = 0; do padding[--pad_len] = ' '; while (pad_len); /* set opt_* variables to remote domain */ - strupper_m(trusting_dom_names[i]); - opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]); + strupper_m(str); + opt_workgroup = talloc_strdup(mem_ctx, str); opt_target_workgroup = opt_workgroup; - - d_printf("%s%s", trusting_dom_names[i], padding); - + + d_printf("%s%s", str, padding); + /* connect to remote domain controller */ nt_status = net_make_ipc_connection( NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,