#include "includes.h"
#include "rpcclient.h"
+#include "../libcli/auth/libcli_auth.h"
static WERROR cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
}
printf("rpccli_netlogon_dsr_getdcname returned %s\n",
- dos_errstr(werr));
+ win_errstr(werr));
return werr;
}
do {
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
- netlogon_creds_client_step(cli->dc, &credential);
+ netlogon_creds_client_authenticator(cli->dc, &credential);
result = rpccli_netr_DatabaseSync2(cli, mem_ctx,
logon_server,
do {
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
- netlogon_creds_client_step(cli->dc, &credential);
+ netlogon_creds_client_authenticator(cli->dc, &credential);
result = rpccli_netr_DatabaseDeltas(cli, mem_ctx,
logon_server,
const char **argv)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- int logon_type = NET_LOGON_TYPE;
+ int logon_type = NetlogonNetworkInformation;
const char *username, *password;
int auth_level = 2;
uint32 logon_param = 0;
return werr;
}
+static WERROR cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ WERROR werr = WERR_GENERAL_FAILURE;
+ const char *server_name = cli->desthost;
+ struct DcSitesCtr *ctr = NULL;
+
+ if (argc < 1 || argc > 3) {
+ fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
+ return WERR_OK;
+ }
+
+ if (argc >= 2) {
+ server_name = argv[1];
+ }
+
+ status = rpccli_netr_DsrGetDcSiteCoverageW(cli, mem_ctx,
+ server_name,
+ &ctr,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (W_ERROR_IS_OK(werr) && ctr->num_sites) {
+ int i;
+ printf("sites covered by this DC: %d\n", ctr->num_sites);
+ for (i=0; i<ctr->num_sites; i++) {
+ printf("%s\n", ctr->sites[i].string);
+ }
+ }
+ done:
+ return werr;
+}
+
+static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ const char *server_name = cli->desthost;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ struct netr_Authenticator clnt_creds, srv_cred;
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+ unsigned char trust_passwd_hash[16];
+ uint32_t sec_channel_type = 0;
+ struct netr_ChangeLogEntry e;
+ uint32_t rid = 500;
+
+ if (argc > 2) {
+ fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ sscanf(argv[1], "%d", &rid);
+ }
+
+ if (!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_passwd_hash,
+ NULL, &sec_channel_type)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ status = rpccli_netlogon_setup_creds(cli,
+ server_name, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
+
+ ZERO_STRUCT(e);
+
+ e.object_rid = rid;
+ e.db_index = SAM_DATABASE_DOMAIN;
+ e.delta_type = NETR_DELTA_USER;
+
+ status = rpccli_netr_DatabaseRedo(cli, mem_ctx,
+ server_name,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ e,
+ 0, /* is calculated automatically */
+ &delta_enum_array);
+
+ if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return status;
+}
+
+static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ struct netr_Authenticator credential;
+ struct netr_Authenticator return_authenticator;
+ union netr_Capabilities capabilities;
+ uint32_t level = 1;
+
+ if (argc > 2) {
+ fprintf(stderr, "Usage: %s <level>\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ level = atoi(argv[1]);
+ }
+
+ ZERO_STRUCT(return_authenticator);
+
+ netlogon_creds_client_authenticator(cli->dc, &credential);
+
+ status = rpccli_netr_LogonGetCapabilities(cli, mem_ctx,
+ cli->desthost,
+ global_myname(),
+ &credential,
+ &return_authenticator,
+ level,
+ &capabilities);
+
+ if (!netlogon_creds_client_check(cli->dc,
+ &return_authenticator.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ printf("capabilities: 0x%08x\n", capabilities.server_capabilities);
+
+ return status;
+}
/* List of commands exported by this module */
{ "NETLOGON" },
- { "logonctrl2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl2, PI_NETLOGON, NULL, "Logon Control 2", "" },
- { "getanydcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getanydcname, PI_NETLOGON, NULL, "Get trusted DC name", "" },
- { "getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcname, PI_NETLOGON, NULL, "Get trusted PDC name", "" },
- { "dsr_getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcname, PI_NETLOGON, NULL, "Get trusted DC name", "" },
- { "dsr_getdcnameex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex, PI_NETLOGON, NULL, "Get trusted DC name", "" },
- { "dsr_getdcnameex2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex2, PI_NETLOGON, NULL, "Get trusted DC name", "" },
- { "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, PI_NETLOGON, NULL, "Get sitename", "" },
- { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, PI_NETLOGON, NULL, "Get Forest Trust Info", "" },
- { "logonctrl", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, PI_NETLOGON, NULL, "Logon Control", "" },
- { "samsync", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync, NULL, PI_NETLOGON, NULL, "Sam Synchronisation", "" },
- { "samdeltas", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas, NULL, PI_NETLOGON, NULL, "Query Sam Deltas", "" },
- { "samlogon", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon, NULL, PI_NETLOGON, NULL, "Sam Logon", "" },
- { "change_trust_pw", RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw, NULL, PI_NETLOGON, NULL, "Change Trust Account Password", "" },
- { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, PI_NETLOGON, NULL, "Get trust rid", "" },
- { "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, "Enumerate trusted domains", "" },
- { "dsenumdomtrusts", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, "Enumerate all trusted domains in an AD forest", "" },
- { "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, PI_NETLOGON, NULL, "Deregister DNS records", "" },
- { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, PI_NETLOGON, NULL, "Enumerate trusted domains", "" },
- { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, PI_NETLOGON, NULL, "Enumerate trusted domains", "" },
+ { "logonctrl2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl2, &ndr_table_netlogon.syntax_id, NULL, "Logon Control 2", "" },
+ { "getanydcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getanydcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
+ { "getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted PDC name", "" },
+ { "dsr_getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
+ { "dsr_getdcnameex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
+ { "dsr_getdcnameex2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex2, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name", "" },
+ { "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, &ndr_table_netlogon.syntax_id, NULL, "Get sitename", "" },
+ { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, &ndr_table_netlogon.syntax_id, NULL, "Get Forest Trust Info", "" },
+ { "logonctrl", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, &ndr_table_netlogon.syntax_id, NULL, "Logon Control", "" },
+ { "samsync", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync, NULL, &ndr_table_netlogon.syntax_id, NULL, "Sam Synchronisation", "" },
+ { "samdeltas", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas, NULL, &ndr_table_netlogon.syntax_id, NULL, "Query Sam Deltas", "" },
+ { "samlogon", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon, NULL, &ndr_table_netlogon.syntax_id, NULL, "Sam Logon", "" },
+ { "change_trust_pw", RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw, NULL, &ndr_table_netlogon.syntax_id, NULL, "Change Trust Account Password", "" },
+ { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, &ndr_table_netlogon.syntax_id, NULL, "Get trust rid", "" },
+ { "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" },
+ { "dsenumdomtrusts", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon.syntax_id, NULL, "Enumerate all trusted domains in an AD forest", "" },
+ { "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, &ndr_table_netlogon.syntax_id, NULL, "Deregister DNS records", "" },
+ { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" },
+ { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" },
+ { "getdcsitecoverage", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcsitecoverage, &ndr_table_netlogon.syntax_id, NULL, "Get the Site-Coverage from a DC", "" },
+ { "database_redo", RPC_RTYPE_NTSTATUS, cmd_netlogon_database_redo, NULL, &ndr_table_netlogon.syntax_id, NULL, "Replicate single object from a DC", "" },
+ { "capabilities", RPC_RTYPE_NTSTATUS, cmd_netlogon_capabilities, NULL, &ndr_table_netlogon.syntax_id, NULL, "Return Capabilities", "" },
{ NULL }
};