#include "includes.h"
#include "utils/net.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
#ifdef HAVE_ADS
static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
{
char addr[INET6_ADDRSTRLEN];
- struct nbt_cldap_netlogon_5 reply;
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
addr);
d_printf("Response Type: ");
- switch (reply.type) {
- case SAMLOGON_AD_UNK_R:
- d_printf("SAMLOGON\n");
+ switch (reply.command) {
+ case LOGON_SAM_LOGON_USER_UNKNOWN_EX:
+ d_printf("LOGON_SAM_LOGON_USER_UNKNOWN_EX\n");
break;
- case SAMLOGON_AD_R:
- d_printf("SAMLOGON_USER\n");
+ case LOGON_SAM_LOGON_RESPONSE_EX:
+ d_printf("LOGON_SAM_LOGON_RESPONSE_EX\n");
break;
default:
- d_printf("0x%x\n", reply.type);
+ d_printf("0x%x\n", reply.command);
break;
}
- d_printf("GUID: %s\n", smb_uuid_string(talloc_tos(), reply.domain_uuid));
+ d_printf("GUID: %s\n", GUID_string(talloc_tos(), &reply.domain_uuid));
d_printf("Flags:\n"
"\tIs a PDC: %s\n"
d_printf("Realm: %s\n", ads->config.realm);
d_printf("Bind Path: %s\n", ads->config.bind_path);
d_printf("LDAP port: %d\n", ads->ldap.port);
- d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
+ d_printf("Server time: %s\n",
+ http_timestring(talloc_tos(), ads->config.current_time));
d_printf("KDC server: %s\n", ads->auth.kdc_server );
d_printf("Server time offset: %d\n", ads->auth.time_offset );
tried_closest_dc = true; /* avoid loop */
- if (!ads->config.tried_closest_dc) {
+ if (!ads_closest_dc(ads)) {
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);
{
ADS_STRUCT *ads;
char addr[INET6_ADDRSTRLEN];
- struct nbt_cldap_netlogon_5 reply;
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
if (c->display_usage) {
d_printf("Usage:\n"
}
/* try setting the password */
- asprintf(&upn, "%s@%s", argv[0], ads->config.realm);
+ if (asprintf(&upn, "%s@%s", argv[0], ads->config.realm) == -1) {
+ goto done;
+ }
status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1],
ads->auth.time_offset);
- safe_free(upn);
+ SAFE_FREE(upn);
if (ADS_ERR_OK(status)) {
d_printf("User %s added\n", argv[0]);
rc = 0;
return -1;
}
- asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user);
+ if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
+ SAFE_FREE(escaped_user);
+ return -1;
+ }
rc = ads_search(ads, &res, searchstring, attrs);
- safe_free(searchstring);
+ SAFE_FREE(searchstring);
if (!ADS_ERR_OK(rc)) {
d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc));
d_printf("Our netbios name can be at most 15 chars long, "
"\"%s\" is %u chars long\n", global_myname(),
(unsigned int)strlen(global_myname()));
- return WERR_INVALID_COMPUTER_NAME;
+ return WERR_INVALID_COMPUTERNAME;
}
if ( lp_security() == SEC_ADS && !*lp_realm()) {
/* kinit with the machine password */
use_in_memory_ccache();
- asprintf( &ads_dns->auth.user_name, "%s$", global_myname() );
+ if (asprintf( &ads_dns->auth.user_name, "%s$", global_myname()) == -1) {
+ goto fail;
+ }
ads_dns->auth.password = secrets_fetch_machine_password(
r->out.netbios_domain_name, NULL, NULL );
ads_dns->auth.realm = SMB_STRDUP( r->out.dns_domain_name );
return -1;
}
- asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn);
+ if (asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn_escaped, printername_escaped, srv_dn) == -1) {
+ SAFE_FREE(srv_cn_escaped);
+ SAFE_FREE(printername_escaped);
+ d_fprintf(stderr, "Internal error, out of memory!");
+ ads_destroy(&ads);
+ talloc_destroy(mem_ctx);
+ return -1;
+ }
SAFE_FREE(srv_cn_escaped);
SAFE_FREE(printername_escaped);
user = argv[0];
if (!strchr_m(user, '@')) {
- asprintf(&chr, "%s@%s", argv[0], lp_realm());
+ if (asprintf(&chr, "%s@%s", argv[0], lp_realm()) == -1) {
+ return -1;
+ }
user = chr;
}
if (argv[1]) {
new_password = (char *)argv[1];
} else {
- asprintf(&prompt, "Enter new password for %s:", user);
+ if (asprintf(&prompt, "Enter new password for %s:", user) == -1) {
+ return -1;
+ }
new_password = getpass(prompt);
free(prompt);
}
fstrcpy(my_name, global_myname());
strlower_m(my_name);
- asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm);
+ if (asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm) == -1) {
+ ads_destroy(&ads);
+ return -1;
+ }
d_printf("Changing password for principal: %s\n", host_principal);
ret = ads_change_trust_account_password(ads, host_principal);