2 * Unix SMB/CIFS implementation.
3 * Helper routines for net
4 * Copyright (C) Volker Lendecke 2006
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "utils/net.h"
24 NTSTATUS net_rpc_lookup_name(struct net_context *c,
25 TALLOC_CTX *mem_ctx, struct cli_state *cli,
26 const char *name, const char **ret_domain,
27 const char **ret_name, DOM_SID *ret_sid,
28 enum lsa_SidType *ret_type)
30 struct rpc_pipe_client *lsa_pipe;
32 NTSTATUS result = NT_STATUS_OK;
33 const char **dom_names;
35 enum lsa_SidType *types;
39 lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
40 if (lsa_pipe == NULL) {
41 d_fprintf(stderr, "Could not initialise lsa pipe\n");
45 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
46 SEC_RIGHTS_MAXIMUM_ALLOWED,
48 if (!NT_STATUS_IS_OK(result)) {
49 d_fprintf(stderr, "open_policy failed: %s\n",
54 result = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1,
55 &name, &dom_names, 1, &sids, &types);
57 if (!NT_STATUS_IS_OK(result)) {
58 /* This can happen easily, don't log an error */
62 if (ret_domain != NULL) {
63 *ret_domain = dom_names[0];
65 if (ret_name != NULL) {
66 *ret_name = talloc_strdup(mem_ctx, name);
68 if (ret_sid != NULL) {
69 sid_copy(ret_sid, &sids[0]);
71 if (ret_type != NULL) {
76 if (is_valid_policy_hnd(&pol)) {
77 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
79 TALLOC_FREE(lsa_pipe);
84 /****************************************************************************
85 Connect to \\server\service.
86 ****************************************************************************/
88 NTSTATUS connect_to_service(struct net_context *c,
89 struct cli_state **cli_ctx,
90 struct sockaddr_storage *server_ss,
91 const char *server_name,
92 const char *service_name,
93 const char *service_type)
97 c->opt_password = net_prompt_pass(c, c->opt_user_name);
98 if (!c->opt_password) {
99 return NT_STATUS_NO_MEMORY;
102 nt_status = cli_full_connection(cli_ctx, NULL, server_name,
103 server_ss, c->opt_port,
104 service_name, service_type,
105 c->opt_user_name, c->opt_workgroup,
106 c->opt_password, 0, Undefined, NULL);
107 if (!NT_STATUS_IS_OK(nt_status)) {
108 d_fprintf(stderr, "Could not connect to server %s\n", server_name);
110 /* Display a nicer message depending on the result */
112 if (NT_STATUS_V(nt_status) ==
113 NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
114 d_fprintf(stderr, "The username or password was not correct.\n");
116 if (NT_STATUS_V(nt_status) ==
117 NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
118 d_fprintf(stderr, "The account was locked out.\n");
120 if (NT_STATUS_V(nt_status) ==
121 NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
122 d_fprintf(stderr, "The account was disabled.\n");
126 if (c->smb_encrypt) {
127 nt_status = cli_force_encryption(*cli_ctx,
132 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
133 d_printf("Encryption required and "
134 "server that doesn't support "
135 "UNIX extensions - failing connect\n");
136 } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) {
137 d_printf("Encryption required and "
138 "can't get UNIX CIFS extensions "
139 "version from server.\n");
140 } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
141 d_printf("Encryption required and "
142 "share %s doesn't support "
143 "encryption.\n", service_name);
144 } else if (!NT_STATUS_IS_OK(nt_status)) {
145 d_printf("Encryption required and "
146 "setup failed with error %s.\n",
147 nt_errstr(nt_status));
150 if (!NT_STATUS_IS_OK(nt_status)) {
151 cli_shutdown(*cli_ctx);
159 /****************************************************************************
160 Connect to \\server\ipc$.
161 ****************************************************************************/
163 NTSTATUS connect_to_ipc(struct net_context *c,
164 struct cli_state **cli_ctx,
165 struct sockaddr_storage *server_ss,
166 const char *server_name)
168 return connect_to_service(c, cli_ctx, server_ss, server_name, "IPC$",
172 /****************************************************************************
173 Connect to \\server\ipc$ anonymously.
174 ****************************************************************************/
176 NTSTATUS connect_to_ipc_anonymous(struct net_context *c,
177 struct cli_state **cli_ctx,
178 struct sockaddr_storage *server_ss,
179 const char *server_name)
183 nt_status = cli_full_connection(cli_ctx, c->opt_requester_name,
184 server_name, server_ss, c->opt_port,
187 "", 0, Undefined, NULL);
189 if (NT_STATUS_IS_OK(nt_status)) {
192 DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status)));
197 /****************************************************************************
198 Return malloced user@realm for krb5 login.
199 ****************************************************************************/
201 static char *get_user_and_realm(const char *username)
203 char *user_and_realm = NULL;
208 if (strchr_m(username, '@')) {
209 user_and_realm = SMB_STRDUP(username);
211 if (asprintf(&user_and_realm, "%s@%s", username, lp_realm()) == -1) {
212 user_and_realm = NULL;
215 return user_and_realm;
218 /****************************************************************************
219 Connect to \\server\ipc$ using KRB5.
220 ****************************************************************************/
222 NTSTATUS connect_to_ipc_krb5(struct net_context *c,
223 struct cli_state **cli_ctx,
224 struct sockaddr_storage *server_ss,
225 const char *server_name)
228 char *user_and_realm = NULL;
230 /* FIXME: Should get existing kerberos ticket if possible. */
231 c->opt_password = net_prompt_pass(c, c->opt_user_name);
232 if (!c->opt_password) {
233 return NT_STATUS_NO_MEMORY;
236 user_and_realm = get_user_and_realm(c->opt_user_name);
237 if (!user_and_realm) {
238 return NT_STATUS_NO_MEMORY;
241 nt_status = cli_full_connection(cli_ctx, NULL, server_name,
242 server_ss, c->opt_port,
244 user_and_realm, c->opt_workgroup,
246 CLI_FULL_CONNECTION_USE_KERBEROS,
249 SAFE_FREE(user_and_realm);
251 if (!NT_STATUS_IS_OK(nt_status)) {
252 DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
256 if (c->smb_encrypt) {
257 nt_status = cli_cm_force_encryption(*cli_ctx,
262 if (!NT_STATUS_IS_OK(nt_status)) {
263 cli_shutdown(*cli_ctx);
272 * Connect a server and open a given pipe
274 * @param cli_dst A cli_state
275 * @param pipe The pipe to open
276 * @param got_pipe boolean that stores if we got a pipe
278 * @return Normal NTSTATUS return.
280 NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
281 struct rpc_pipe_client **pp_pipe_hnd, int pipe_num)
284 char *server_name = SMB_STRDUP("127.0.0.1");
285 struct cli_state *cli_tmp = NULL;
286 struct rpc_pipe_client *pipe_hnd = NULL;
288 if (server_name == NULL) {
289 return NT_STATUS_NO_MEMORY;
292 if (c->opt_destination) {
293 SAFE_FREE(server_name);
294 if ((server_name = SMB_STRDUP(c->opt_destination)) == NULL) {
295 return NT_STATUS_NO_MEMORY;
299 /* make a connection to a named pipe */
300 nt_status = connect_to_ipc(c, &cli_tmp, NULL, server_name);
301 if (!NT_STATUS_IS_OK(nt_status)) {
302 SAFE_FREE(server_name);
306 pipe_hnd = cli_rpc_pipe_open_noauth(cli_tmp, pipe_num, &nt_status);
308 DEBUG(0, ("couldn't not initialize pipe\n"));
309 cli_shutdown(cli_tmp);
310 SAFE_FREE(server_name);
315 *pp_pipe_hnd = pipe_hnd;
316 SAFE_FREE(server_name);
321 /****************************************************************************
322 Use the local machine account (krb) and password for this session.
323 ****************************************************************************/
325 int net_use_krb_machine_account(struct net_context *c)
327 char *user_name = NULL;
329 if (!secrets_init()) {
330 d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
334 c->opt_password = secrets_fetch_machine_password(
335 c->opt_target_workgroup, NULL, NULL);
336 if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
339 c->opt_user_name = user_name;
343 /****************************************************************************
344 Use the machine account name and password for this session.
345 ****************************************************************************/
347 int net_use_machine_account(struct net_context *c)
349 char *user_name = NULL;
351 if (!secrets_init()) {
352 d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
356 c->opt_password = secrets_fetch_machine_password(
357 c->opt_target_workgroup, NULL, NULL);
358 if (asprintf(&user_name, "%s$", global_myname()) == -1) {
361 c->opt_user_name = user_name;
365 bool net_find_server(struct net_context *c,
368 struct sockaddr_storage *server_ss,
371 const char *d = domain ? domain : c->opt_target_workgroup;
374 *server_name = SMB_STRDUP(c->opt_host);
377 if (c->opt_have_ip) {
378 *server_ss = c->opt_dest_ip;
380 char addr[INET6_ADDRSTRLEN];
381 print_sockaddr(addr, sizeof(addr), &c->opt_dest_ip);
382 *server_name = SMB_STRDUP(addr);
384 } else if (*server_name) {
385 /* resolve the IP address */
386 if (!resolve_name(*server_name, server_ss, 0x20)) {
387 DEBUG(1,("Unable to resolve server name\n"));
390 } else if (flags & NET_FLAGS_PDC) {
392 struct sockaddr_storage pdc_ss;
394 if (!get_pdc_ip(d, &pdc_ss)) {
395 DEBUG(1,("Unable to resolve PDC server address\n"));
399 if (is_zero_addr(&pdc_ss)) {
403 if (!name_status_find(d, 0x1b, 0x20, &pdc_ss, dc_name)) {
407 *server_name = SMB_STRDUP(dc_name);
409 } else if (flags & NET_FLAGS_DMB) {
410 struct sockaddr_storage msbrow_ss;
411 char addr[INET6_ADDRSTRLEN];
413 /* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
414 if (!resolve_name(d, &msbrow_ss, 0x1B)) {
415 DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
418 *server_ss = msbrow_ss;
419 print_sockaddr(addr, sizeof(addr), server_ss);
420 *server_name = SMB_STRDUP(addr);
421 } else if (flags & NET_FLAGS_MASTER) {
422 struct sockaddr_storage brow_ss;
423 char addr[INET6_ADDRSTRLEN];
424 if (!resolve_name(d, &brow_ss, 0x1D)) {
425 /* go looking for workgroups */
426 DEBUG(1,("Unable to resolve master browser via name lookup\n"));
429 *server_ss = brow_ss;
430 print_sockaddr(addr, sizeof(addr), server_ss);
431 *server_name = SMB_STRDUP(addr);
432 } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
433 if (!interpret_string_addr(server_ss,
434 "127.0.0.1", AI_NUMERICHOST)) {
435 DEBUG(1,("Unable to resolve 127.0.0.1\n"));
438 *server_name = SMB_STRDUP("127.0.0.1");
442 DEBUG(1,("no server to connect to\n"));
449 bool net_find_pdc(struct sockaddr_storage *server_ss,
451 const char *domain_name)
453 if (!get_pdc_ip(domain_name, server_ss)) {
456 if (is_zero_addr(server_ss)) {
460 if (!name_status_find(domain_name, 0x1b, 0x20, server_ss, server_name)) {
467 NTSTATUS net_make_ipc_connection(struct net_context *c, unsigned flags,
468 struct cli_state **pcli)
470 return net_make_ipc_connection_ex(c, NULL, NULL, NULL, flags, pcli);
473 NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
475 struct sockaddr_storage *pss,
476 unsigned flags, struct cli_state **pcli)
478 char *server_name = NULL;
479 struct sockaddr_storage server_ss;
480 struct cli_state *cli = NULL;
483 if ( !server || !pss ) {
484 if (!net_find_server(c, domain, flags, &server_ss,
486 d_fprintf(stderr, "Unable to find a suitable server\n");
487 nt_status = NT_STATUS_UNSUCCESSFUL;
491 server_name = SMB_STRDUP( server );
495 if (flags & NET_FLAGS_ANONYMOUS) {
496 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
499 nt_status = connect_to_ipc(c, &cli, &server_ss,
503 /* store the server in the affinity cache if it was a PDC */
505 if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
506 saf_store( cli->server_domain, cli->desthost );
508 SAFE_FREE(server_name);
509 if (!NT_STATUS_IS_OK(nt_status)) {
510 d_fprintf(stderr, "Connection failed: %s\n",
511 nt_errstr(nt_status));
522 /****************************************************************************
523 ****************************************************************************/
525 const char *net_prompt_pass(struct net_context *c, const char *user)
528 const char *pass = NULL;
530 if (c->opt_password) {
531 return c->opt_password;
534 if (c->opt_machine_pass) {
538 asprintf(&prompt, "Enter %s's password:", user);
543 pass = getpass(prompt);
549 int net_run_function(struct net_context *c, int argc, const char **argv,
550 const char *whoami, struct functable *table)
555 for (i=0; table[i].funcname != NULL; i++) {
556 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
557 return table[i].fn(c, argc-1, argv+1);
561 if (c->display_usage == false) {
562 d_fprintf(stderr, "Invalid command: %s %s\n", whoami,
563 (argc > 0)?argv[0]:"");
565 d_printf("Usage:\n");
566 for (i=0; table[i].funcname != NULL; i++) {
567 if(c->display_usage == false)
568 d_printf("%s %-15s %s\n", whoami, table[i].funcname,
569 table[i].description);
571 d_printf("%s\n", table[i].usage);
574 return c->display_usage?0:-1;
577 void net_display_usage_from_functable(struct functable *table)
580 for (i=0; table[i].funcname != NULL; i++) {
581 d_printf("%s\n", table[i].usage);
git.samba.org / ira / wip.git / blob