#include "includes.h"
#include "utils/net.h"
+#include "libsmb/namequery.h"
#include "rpc_client/cli_pipe.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "passdb.h"
#include "../libcli/smb/smbXcli_base.h"
+#include "libsmb/dsgetdcname.h"
static int net_mode_share;
static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask);
* @brief RPC based subcommands for the 'net' utility.
*
* This file should contain much of the functionality that used to
- * be found in rpcclient, execpt that the commands should change
- * less often, and the fucntionality should be sane (the user is not
+ * be found in rpcclient, except that the commands should change
+ * less often, and the functionality should be sane (the user is not
* expected to know a rid/sid before they conduct an operation etc.)
*
* @todo Perhaps eventually these should be split out into a number
TALLOC_FREE(c->netlogon_creds);
nt_status = cli_rpc_pipe_open_schannel(
cli, c->msg_ctx, table, NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
+ domain_name,
&pipe_hnd, c, &c->netlogon_creds);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
cli, table,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
+ CRED_DONT_USE_KERBEROS,
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
smbXcli_conn_remote_name(cli->conn),
}
/**
- * Force a change of the trust acccount password.
+ * Force a change of the trust account password.
*
* All parameters are provided by the run_rpc_command function, except for
* argc, argv which are passed through.
const char **argv)
{
NTSTATUS status;
+ const char *dcname = NULL;
+
+ if (cli == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ dcname = smbXcli_conn_remote_name(cli->conn);
status = trust_pw_change(c->netlogon_creds,
c->msg_ctx,
pipe_hnd->binding_handle,
c->opt_target_workgroup,
+ dcname,
true); /* force */
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Failed to change machine account password: %s\n"),
}
/**
- * Force a change of the trust acccount password.
+ * Force a change of the trust account password.
*
* @param argc Standard main() style argc.
* @param argv Standard main() style argv. Initial components are already
* the message to be displayed when oldjoin was explicitly
* requested, but not when it was implied by "net rpc join".
*
- * This uses 'machinename' as the inital password, and changes it.
+ * This uses 'machinename' as the initial password, and changes it.
*
* The password should be created with 'server manager' or equiv first.
*
}
/*
- check what type of join - if the user want's to join as
+ check what type of join - if the user wants to join as
a BDC, the server must agree that we are a BDC.
*/
if (argc >= 0) {
pw = talloc_strndup(r, lp_netbios_name(), 14);
if (pw == NULL) {
- werr = WERR_NOMEM;
+ werr = WERR_NOT_ENOUGH_MEMORY;
goto fail;
}
r->in.admin_account = "";
r->in.admin_password = strlower_talloc(r, pw);
if (r->in.admin_password == NULL) {
- werr = WERR_NOMEM;
+ werr = WERR_NOT_ENOUGH_MEMORY;
goto fail;
}
r->in.debug = true;
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
}
/*
- check what type of join - if the user want's to join as
+ check what type of join - if the user wants to join as
a BDC, the server must agree that we are a BDC.
*/
if (argc >= 0) {
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
struct policy_handle connect_pol, domain_pol, user_pol;
NTSTATUS status, result;
struct dom_sid sid;
- uint32 rid;
+ uint32_t rid;
enum lsa_SidType type;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
NTSTATUS status, result;
const char *username;
const char *oldval = "unknown";
- uint32 oldflags, newflags;
+ uint32_t oldflags, newflags;
bool newval;
union samr_UserInfo *info = NULL;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 group_rid;
+ uint32_t group_rid;
struct policy_handle group_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 alias_rid;
+ uint32_t alias_rid;
struct policy_handle alias_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 group_rid;
+ uint32_t group_rid;
struct policy_handle group_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 alias_rid;
+ uint32_t alias_rid;
struct policy_handle alias_pol;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
{
struct policy_handle connect_pol, domain_pol;
NTSTATUS status, result;
- uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
+ uint32_t start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
struct samr_SamArray *groups = NULL;
bool global = false;
bool local = false;
const char *domain_name,
const struct dom_sid *domain_sid,
struct policy_handle *domain_pol,
- uint32 rid)
+ uint32_t rid)
{
NTSTATUS result, status;
struct policy_handle group_pol;
- uint32 num_members, *group_rids;
+ uint32_t num_members, *group_rids;
int i;
struct samr_RidAttrArray *rids = NULL;
struct lsa_Strings names;
struct cli_state *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *domain_pol,
- uint32 rid)
+ uint32_t rid)
{
NTSTATUS result, status;
struct rpc_pipe_client *lsa_pipe;
struct policy_handle alias_pol, lsa_pol;
- uint32 num_members;
+ uint32_t num_members;
struct dom_sid *alias_sids;
char **domains;
char **names;
NET_API_STATUS status;
char *sharename;
char *path;
- uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
- uint32 num_users=0, perms=0;
+ uint32_t type = STYPE_DISKTREE; /* only allow disk shares to be added */
+ uint32_t num_users=0, perms=0;
char *password=NULL; /* don't allow a share password */
struct SHARE_INFO_2 i2;
uint32_t parm_error = 0;
static WERROR get_share_info(struct net_context *c,
struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
- uint32 level,
+ uint32_t level,
int argc,
const char **argv,
struct srvsvc_NetShareInfoCtr *info_ctr)
{
NTSTATUS status;
- status = cli_tree_connect(cli, netname, "A:", "", 0);
+ status = cli_tree_connect(cli, netname, "A:", NULL);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("skipping [%s]: not a file share.\n"), netname);
return false;
}
static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
- const char *netname, uint32 type)
+ const char *netname, uint32_t type)
{
/* only support disk shares */
if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct srvsvc_NetShareInfoCtr ctr_src;
- uint32 i;
+ uint32_t i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
- uint32 level = 502; /* includes secdesc */
+ uint32_t level = 502; /* includes secdesc */
uint32_t parm_error = 0;
struct dcerpc_binding_handle *b;
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct srvsvc_NetShareInfoCtr ctr_src;
- uint32 i;
- uint32 level = 502;
+ uint32_t i;
+ uint32_t level = 502;
struct copy_clistate cp_clistate;
bool got_src_share = false;
bool got_dst_share = false;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct srvsvc_NetShareInfoCtr ctr_src;
union srvsvc_NetShareInfo info;
- uint32 i;
+ uint32_t i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
- uint32 level = 502; /* includes secdesc */
+ uint32_t level = 502; /* includes secdesc */
uint32_t parm_error = 0;
struct dcerpc_binding_handle *b;
struct full_alias {
struct dom_sid sid;
- uint32 num_members;
+ uint32_t num_members;
struct dom_sid *members;
};
/*
* Add an alias to the static list.
*/
-static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
+static void push_alias(struct full_alias *alias)
{
- if (server_aliases == NULL)
- server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
+ size_t array_size;
+
+ if (server_aliases == NULL) {
+ server_aliases = talloc_array(NULL, struct full_alias, 100);
+ if (server_aliases == NULL) {
+ smb_panic("talloc_array failed");
+ }
+ }
+
+ array_size = talloc_array_length(server_aliases);
+ if (array_size == num_server_aliases) {
+ server_aliases = talloc_realloc(NULL, server_aliases,
+ struct full_alias, array_size + 100);
+ if (server_aliases == NULL) {
+ smb_panic("talloc_realloc failed");
+ }
+ }
server_aliases[num_server_aliases] = *alias;
num_server_aliases += 1;
struct policy_handle *connect_pol,
const struct dom_sid *domain_sid)
{
- uint32 start_idx, max_entries, num_entries, i;
+ uint32_t start_idx, max_entries, num_entries, i;
struct samr_SamArray *groups = NULL;
NTSTATUS result, status;
struct policy_handle domain_pol;
sid_compose(&alias.sid, domain_sid,
groups->entries[i].idx);
- push_alias(mem_ctx, &alias);
+ push_alias(&alias);
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
union srvsvc_NetShareInfo info;
WERROR result;
NTSTATUS status;
- uint16 cnum;
+ struct smbXcli_tcon *orig_tcon = NULL;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
&result);
if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
- DEBUG(1, ("Coult not query secdesc for share %s\n",
+ DEBUG(1, ("Could not query secdesc for share %s\n",
netname));
return;
}
netname));
}
- cnum = cli_state_get_tid(cli);
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ return;
+ }
+ }
- if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", "", 0))) {
+ if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", NULL))) {
+ cli_state_restore_tcon(cli, orig_tcon);
return;
}
}
for (i=0; i<num_tokens; i++) {
- uint32 acc_granted;
+ uint32_t acc_granted;
if (share_sd != NULL) {
status = se_access_check(share_sd, &tokens[i].token,
if (fnum != (uint16_t)-1)
cli_close(cli, fnum);
cli_tdis(cli);
- cli_state_set_tid(cli, cnum);
+ cli_state_restore_tcon(cli, orig_tcon);
return;
}
free_user_token(&tokens[i].token);
}
SAFE_FREE(tokens);
+ TALLOC_FREE(server_aliases);
return nt_status;
}
static int rpc_file_user(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- uint32 preferred_len = 0xffffffff, i;
+ uint32_t preferred_len = 0xffffffff, i;
char *username=NULL;
uint32_t total_entries = 0;
uint32_t entries_read = 0;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
WERROR result;
const char *msg = N_("This machine will be shutdown shortly");
- uint32 timeout = 20;
+ uint32_t timeout = 20;
struct lsa_StringLarge msg_string;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
const char **argv)
{
const char *msg = N_("This machine will be shutdown shortly");
- uint32 timeout = 20;
+ uint32_t timeout = 20;
struct lsa_StringLarge msg_string;
NTSTATUS result;
WERROR werr;
NTSTATUS status, result;
char *acct_name;
struct lsa_String lsa_acct_name;
- uint32 acb_info;
- uint32 acct_flags=0;
- uint32 user_rid;
+ uint32_t acb_info;
+ uint32_t acct_flags=0;
+ uint32_t user_rid;
uint32_t access_granted = 0;
union samr_UserInfo info;
unsigned int orig_timeout;
return false;
status = cli_connect_nb(server_name, &server_ss, 0, 0x20,
- lp_netbios_name(), SMB_SIGNING_DEFAULT,
+ lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
0, &cli);
if (!NT_STATUS_IS_OK(status)) {
return false;
return ret;
}
-/* dump sam database via samsync rpc calls */
-static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
- if (c->display_usage) {
- d_printf( "%s\n"
- "net rpc samdump\n"
- " %s\n",
- _("Usage:"),
- _("Dump remote SAM database"));
- return 0;
- }
-
- return run_rpc_command(c, NULL, &ndr_table_netlogon,
- NET_FLAGS_ANONYMOUS,
- rpc_samdump_internals, argc, argv);
-}
-
/* syncronise sam database via samsync rpc calls */
static int rpc_vampire(struct net_context *c, int argc, const char **argv)
{
struct functable func[] = {
- {
- "ldif",
- rpc_vampire_ldif,
- NET_TRANSPORT_RPC,
- N_("Dump remote SAM database to ldif"),
- N_("net rpc vampire ldif\n"
- " Dump remote SAM database to LDIF file or "
- "stdout")
- },
{
"keytab",
rpc_vampire_keytab,
N_("net rpc shutdown\n"
" Shutdown a remote server")
},
- {
- "samdump",
- rpc_samdump,
- NET_TRANSPORT_RPC,
- N_("Dump SAM data of remote NT PDC"),
- N_("net rpc samdump\n"
- " Dump SAM data of remote NT PDC")
- },
{
"vampire",
rpc_vampire,