Distributed SMB/CIFS Server Management Utility
Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
- Copyright (C) 2004 Guenther Deschner (gd@samba.org)
+ Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
Copyright (C) 2005 Jeremy Allison (jra@samba.org)
Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
struct rpc_pipe_client *lsa_pipe;
POLICY_HND pol;
NTSTATUS result = NT_STATUS_OK;
- uint32 info_class = 5;
-
+ union lsa_PolicyInformation *info = NULL;
+
lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
if (!lsa_pipe) {
d_fprintf(stderr, "Could not initialise lsa pipe\n");
return result;
}
- result = rpccli_lsa_query_info_policy(lsa_pipe, mem_ctx, &pol,
- info_class, domain_name,
- domain_sid);
+ result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "lsaquery failed: %s\n",
nt_errstr(result));
return result;
}
+ *domain_name = info->account_domain.name.string;
+ *domain_sid = info->account_domain.sid;
+
rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
- cli_rpc_pipe_close(lsa_pipe);
+ TALLOC_FREE(lsa_pipe);
return NT_STATUS_OK;
}
if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
if (pipe_hnd) {
- cli_rpc_pipe_close(pipe_hnd);
+ TALLOC_FREE(pipe_hnd);
}
}
* @param argc Standard main() style argv. Initial components are already
* stripped
*
- * Main 'net_rpc_join()' (where the admain username/password is used) is
+ * Main 'net_rpc_join()' (where the admin username/password is used) is
* in net_rpc_join.c
* Try to just change the password, but if that doesn't work, use/prompt
* for a username/password.
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
fstring sid_str;
sid_to_fstring(sid_str, domain_sid);
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
goto done;
}
- ZERO_STRUCT(ctr);
- result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
- 2, &ctr);
+ result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 2,
+ &info);
if (NT_STATUS_IS_OK(result)) {
- TALLOC_CTX *ctx = talloc_init("rpc_info_internals");
- d_printf("Domain Name: %s\n", unistr2_to_ascii_talloc(ctx, &ctr.info.inf2.uni_domain));
+ d_printf("Domain Name: %s\n", info->info2.domain_name.string);
d_printf("Domain SID: %s\n", sid_str);
- d_printf("Sequence number: %llu\n", (unsigned long long)ctr.info.inf2.seq_num);
- d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs);
- d_printf("Num domain groups: %u\n", ctr.info.inf2.num_domain_grps);
- d_printf("Num local groups: %u\n", ctr.info.inf2.num_local_grps);
- talloc_destroy(ctx);
+ d_printf("Sequence number: %llu\n",
+ (unsigned long long)info->info2.sequence_num);
+ d_printf("Num users: %u\n", info->info2.num_users);
+ d_printf("Num domain groups: %u\n", info->info2.num_groups);
+ d_printf("Num local groups: %u\n", info->info2.num_aliases);
}
done:
return net_help_user(argc, argv);
}
-/**
- * Add a new user to a remote RPC server
- *
- * All parameters are provided by the run_rpc_command function, except for
- * argc, argv which are passes through.
- *
- * @param domain_sid The domain sid acquired from the remote server
- * @param cli A cli_state connected to the server.
- * @param mem_ctx Talloc context, destoyed on completion of the function.
- * @param argc Standard main() style argc
- * @param argv Standard main() style argv. Initial components are already
- * stripped
- *
- * @return Normal NTSTATUS return.
- **/
-
-static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
- const char *domain_name,
- struct cli_state *cli,
- struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
-{
-
- POLICY_HND connect_pol, domain_pol, user_pol;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- const char *acct_name;
- uint32 acb_info;
- uint32 access_mask, user_rid;
-
- if (argc < 1) {
- d_printf("User must be specified\n");
- rpc_user_usage(argc, argv);
- return NT_STATUS_OK;
- }
-
- acct_name = argv[0];
-
- /* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Create domain user */
-
- acb_info = ACB_NORMAL;
- access_mask = 0xe005000b;
-
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, access_mask,
- &user_pol, &user_rid);
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- if (argc == 2) {
-
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_24 p24;
- uchar pwbuf[516];
-
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &acct_name,
- &num_rids, &user_rids,
- &name_types);
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Set password on account */
-
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p24);
-
- encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
-
- init_sam_user_info24(&p24, (char *)pwbuf,24);
-
- ctr.switch_value = 24;
- ctr.info.id24 = &p24;
-
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24,
- &cli->user_session_key, &ctr);
-
- if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to set password for user %s - %s\n",
- acct_name, nt_errstr(result));
-
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
-
- if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to delete user %s - %s\n",
- acct_name, nt_errstr(result));
- return result;
- }
- }
-
- }
- done:
- if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to add user '%s' with %s.\n",
- acct_name, nt_errstr(result));
- } else {
- d_printf("Added user '%s'.\n", acct_name);
- }
- return result;
-}
-
/**
* Add a new user to a remote RPC server
*
static int rpc_user_add(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_add_internals,
- argc, argv);
-}
-
-/**
- * Delete a user from a remote RPC server
- *
- * All parameters are provided by the run_rpc_command function, except for
- * argc, argv which are passes through.
- *
- * @param domain_sid The domain sid acquired from the remote server
- * @param cli A cli_state connected to the server.
- * @param mem_ctx Talloc context, destoyed on completion of the function.
- * @param argc Standard main() style argc
- * @param argv Standard main() style argv. Initial components are already
- * stripped
- *
- * @return Normal NTSTATUS return.
- **/
-
-static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
- const char *domain_name,
- struct cli_state *cli,
- struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- int argc,
- const char **argv)
-{
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- POLICY_HND connect_pol, domain_pol, user_pol;
- const char *acct_name;
+ NET_API_STATUS status;
+ struct USER_INFO_1 info1;
+ uint32_t parm_error = 0;
if (argc < 1) {
d_printf("User must be specified\n");
rpc_user_usage(argc, argv);
- return NT_STATUS_OK;
- }
-
- acct_name = argv[0];
-
- /* Get sam policy and domain handles */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
+ return 0;
}
- /* Get handle on user */
-
- {
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
-
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &acct_name,
- &num_rids, &user_rids,
- &name_types);
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ ZERO_STRUCT(info1);
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
+ info1.usri1_name = argv[0];
+ if (argc == 2) {
+ info1.usri1_password = argv[1];
}
- /* Delete user */
-
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ status = NetUserAdd(opt_host, 1, (uint8_t *)&info1, &parm_error);
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
+ if (status != 0) {
+ d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
+ argv[0], libnetapi_get_error_string(NULL, status));
+ return -1;
+ } else {
+ d_printf("Added user '%s'.\n", argv[0]);
}
- done:
- if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to delete user '%s' with %s.\n",
- acct_name, nt_errstr(result));
- } else {
- d_printf("Deleted user '%s'.\n", acct_name);
- }
-
- return result;
+ return 0;
}
/**
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 info_level = 7;
const char *old_name, *new_name;
- uint32 *user_rid;
- uint32 flags = 0x000003e8; /* Unknown */
- uint32 num_rids, *name_types;
- uint32 num_names = 1;
- const char **names;
- SAM_USERINFO_CTR *user_ctr;
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_7 info7;
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
+ union samr_UserInfo *info = NULL;
if (argc != 2) {
d_printf("Old and new username must be specified\n");
old_name = argv[0];
new_name = argv[1];
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(user_ctr);
-
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
+
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
- names[0] = old_name;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, num_names, names,
- &num_rids, &user_rid, &name_types);
+ init_lsa_String(&lsa_acct_name, old_name);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Open domain user */
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Query user info */
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
- info_level, &user_ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ info_level,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- ctr.switch_value = info_level;
- ctr.info.id7 = &info7;
-
- init_sam_user_info7(&info7, new_name);
+ init_samr_user_info7(&info->info7, new_name);
/* Set new name */
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol,
- info_level, &cli->user_session_key, &ctr);
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ info_level,
+ info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
static int rpc_user_delete(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_del_internals,
- argc, argv);
+ NET_API_STATUS status;
+
+ if (argc < 1) {
+ d_printf("User must be specified\n");
+ rpc_user_usage(argc, argv);
+ return 0;
+ }
+
+ status = NetUserDel(opt_host, argv[0]);
+
+ if (status != 0) {
+ d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
+ argv[0],
+ libnetapi_get_error_string(NULL, status));
+ return -1;
+ } else {
+ d_printf("Deleted user '%s'.\n", argv[0]);
+ }
+
+ return 0;
}
/**
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND connect_pol, domain_pol, user_pol;
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_24 p24;
uchar pwbuf[516];
const char *user;
const char *new_password;
char *prompt = NULL;
+ union samr_UserInfo info;
if (argc < 1) {
d_printf("User must be specified\n");
/* Get sam policy and domain handles */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Get handle on user */
{
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &user,
- &num_rids, &user_rids,
- &name_types);
+ init_lsa_String(&lsa_acct_name, user);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Set password on account */
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p24);
-
encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
- init_sam_user_info24(&p24, (char *)pwbuf,24);
+ init_samr_user_info24(&info.info24, pwbuf, 24);
- ctr.switch_value = 24;
- ctr.info.id24 = &p24;
+ SamOEMhashBlob(info.info24.password.data, 516,
+ &cli->user_session_key);
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24,
- &cli->user_session_key, &ctr);
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ 24,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
{
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 *rids, num_rids, *name_types, num_names;
- uint32 flags = 0x000003e8; /* Unknown */
int i;
- char **names;
- DOM_GID *user_gids;
+ struct samr_RidWithAttributeArray *rid_array = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids types;
+ uint32_t *lrids = NULL;
+ struct samr_Ids rids, name_types;
+ struct lsa_String lsa_acct_name;
+
if (argc < 1) {
d_printf("User must be specified\n");
return NT_STATUS_OK;
}
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get handle on user */
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &argv[0],
- &num_rids, &rids, &name_types);
+ init_lsa_String(&lsa_acct_name, argv[0]);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) goto done;
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
- result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol,
- &num_rids, &user_gids);
+ result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
+ &user_pol,
+ &rid_array);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Look up rids */
- if (num_rids) {
- if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
+ if (rid_array->count) {
+ if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
- for (i = 0; i < num_rids; i++)
- rids[i] = user_gids[i].g_rid;
+ for (i = 0; i < rid_array->count; i++)
+ lrids[i] = rid_array->rids[i].rid;
- result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, &domain_pol,
- num_rids, rids,
- &num_names, &names, &name_types);
+ result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
+ &domain_pol,
+ rid_array->count,
+ lrids,
+ &names,
+ &types);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* Display results */
- for (i = 0; i < num_names; i++)
- printf("%s\n", names[i]);
+ for (i = 0; i < names.count; i++)
+ printf("%s\n", names.names[i].string);
}
done:
return result;
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx=0, num_entries, i, loop_count = 0;
- SAM_DISPINFO_CTR ctr;
- SAM_DISPINFO_1 info1;
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Query domain users */
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(info1);
- ctr.sam.info1 = &info1;
if (opt_long_list_entries)
d_printf("\nUser name Comment"\
"\n-----------------------------\n");
do {
- fstring user, desc;
+ const char *user = NULL;
+ const char *desc = NULL;
uint32 max_entries, max_size;
+ uint32_t total_size, returned_size;
+ union samr_DispInfo info;
get_query_dispinfo_params(
loop_count, &max_entries, &max_size);
- result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, 1, &num_entries,
- max_entries, max_size, &ctr);
+ result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ start_idx,
+ max_entries,
+ max_size,
+ &total_size,
+ &returned_size,
+ &info);
loop_count++;
+ start_idx += info.info1.count;
+ num_entries = info.info1.count;
for (i = 0; i < num_entries; i++) {
- unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user));
- if (opt_long_list_entries)
- unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc));
-
+ user = info.info1.entries[i].account_name.string;
+ if (opt_long_list_entries)
+ desc = info.info1.entries[i].description.string;
if (opt_long_list_entries)
printf("%-21.21s %s\n", user, desc);
else
int net_rpc_user(int argc, const char **argv)
{
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+
struct functable func[] = {
{"add", rpc_user_add},
{"info", rpc_user_info},
{"rename", rpc_user_rename},
{NULL, NULL}
};
-
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return -1;
+ }
+ libnetapi_set_username(ctx, opt_user_name);
+ libnetapi_set_password(ctx, opt_password);
+
if (argc == 0) {
return run_rpc_command(NULL,PI_SAMR, 0,
rpc_user_list_internals,
TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv))
-
{
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- result = rpccli_samr_connect(pipe_hnd, mem_ctx,
- MAXIMUM_ALLOWED_ACCESS, &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- ctx->domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ ctx->domain_sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rid, &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
done:
if (is_valid_policy_hnd(&user_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
if (is_valid_policy_hnd(&domain_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
}
if (is_valid_policy_hnd(&connect_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
}
return result;
}
static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv)
{
NTSTATUS result;
- SAM_USERINFO_CTR *ctr;
- SAM_USER_INFO_21 *info;
+ union samr_UserInfo *info = NULL;
if (argc != 0) {
d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
- 21, &ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- info = ctr->info.id21;
-
- d_printf("user rid: %d, group rid: %d\n", info->user_rid,
- info->group_rid);
+ d_printf("user rid: %d, group rid: %d\n",
+ info->info21.rid,
+ info->info21.primary_gid);
return result;
}
#define FETCHSTR(name, rec) \
do { if (strequal(ctx->thiscmd, name)) { \
- oldval = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_##rec); } \
+ oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
} while (0);
#define SETSTR(name, rec, flag) \
do { if (strequal(ctx->thiscmd, name)) { \
- init_unistr2(&usr->uni_##rec, argv[0], UNI_STR_TERMINATE); \
- init_uni_hdr(&usr->hdr_##rec, &usr->uni_##rec); \
- usr->fields_present |= ACCT_##flag; } \
+ init_lsa_String(&(info->info21.rec), argv[0]); \
+ info->info21.fields_present |= SAMR_FIELD_##flag; } \
} while (0);
static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv)
{
NTSTATUS result;
- SAM_USERINFO_CTR *ctr;
- SAM_USER_INFO_21 *usr;
const char *username;
const char *oldval = "";
+ union samr_UserInfo *info = NULL;
if (argc > 1) {
d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
- 21, &ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- usr = ctr->info.id21;
-
- username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name);
+ username = talloc_strdup(mem_ctx, info->info21.account_name.string);
FETCHSTR("fullname", full_name);
- FETCHSTR("homedir", home_dir);
- FETCHSTR("homedrive", dir_drive);
+ FETCHSTR("homedir", home_directory);
+ FETCHSTR("homedrive", home_drive);
FETCHSTR("logonscript", logon_script);
FETCHSTR("profilepath", profile_path);
- FETCHSTR("description", acct_desc);
+ FETCHSTR("description", description);
if (argc == 0) {
d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
goto done;
}
- ZERO_STRUCTP(usr);
-
if (strcmp(argv[0], "NULL") == 0) {
argv[0] = "";
}
+ ZERO_STRUCT(info->info21);
+
SETSTR("fullname", full_name, FULL_NAME);
- SETSTR("homedir", home_dir, HOME_DIR);
- SETSTR("homedrive", dir_drive, HOME_DRIVE);
+ SETSTR("homedir", home_directory, HOME_DIRECTORY);
+ SETSTR("homedrive", home_drive, HOME_DRIVE);
SETSTR("logonscript", logon_script, LOGON_SCRIPT);
- SETSTR("profilepath", profile_path, PROFILE);
- SETSTR("description", acct_desc, DESCRIPTION);
+ SETSTR("profilepath", profile_path, PROFILE_PATH);
+ SETSTR("description", description, DESCRIPTION);
- result = rpccli_samr_set_userinfo2(
- pipe_hnd, mem_ctx, user_hnd, 21,
- &pipe_hnd->cli->user_session_key, ctr);
+ result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ info);
d_printf("Set %s's %s from [%s] to [%s]\n", username,
ctx->thiscmd, oldval, argv[0]);
static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
struct rpc_sh_ctx *ctx,
struct rpc_pipe_client *pipe_hnd,
- const POLICY_HND *user_hnd,
+ POLICY_HND *user_hnd,
int argc, const char **argv)
{
NTSTATUS result;
- SAM_USERINFO_CTR *ctr;
- SAM_USER_INFO_21 *usr;
const char *username;
const char *oldval = "unknown";
uint32 oldflags, newflags;
bool newval;
+ union samr_UserInfo *info = NULL;
if ((argc > 1) ||
((argc == 1) && !strequal(argv[0], "yes") &&
newval = strequal(argv[0], "yes");
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
- 21, &ctr);
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- usr = ctr->info.id21;
-
- username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name);
- oldflags = usr->acb_info;
- newflags = usr->acb_info;
+ username = talloc_strdup(mem_ctx, info->info21.account_name.string);
+ oldflags = info->info21.acct_flags;
+ newflags = info->info21.acct_flags;
HANDLEFLG("disabled", DISABLED);
HANDLEFLG("pwnotreq", PWNOTREQ);
goto done;
}
- ZERO_STRUCTP(usr);
+ ZERO_STRUCT(info->info21);
- usr->acb_info = newflags;
- usr->fields_present = ACCT_FLAGS;
+ info->info21.acct_flags = newflags;
+ info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
- result = rpccli_samr_set_userinfo2(
- pipe_hnd, mem_ctx, user_hnd, 21,
- &pipe_hnd->cli->user_session_key, ctr);
+ result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ user_hnd,
+ 21,
+ info);
if (NT_STATUS_IS_OK(result)) {
d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
bool group_is_primary = False;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- uint32 *group_rids, num_rids, *name_types, num_members,
- *group_attrs, group_rid;
- uint32 flags = 0x000003e8; /* Unknown */
+ uint32_t group_rid;
+ struct samr_RidTypeArray *rids = NULL;
/* char **names; */
int i;
/* DOM_GID *user_gids; */
- SAM_USERINFO_CTR *user_ctr;
- fstring temp;
+
+ struct samr_Ids group_rids, name_types;
+ struct lsa_String lsa_acct_name;
+ union samr_UserInfo *info = NULL;
if (argc < 1) {
d_printf("specify group\n");
return NT_STATUS_OK; /* ok? */
}
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Request samr_connect failed\n");
+ d_fprintf(stderr, "Request samr_Connect2 failed\n");
goto done;
}
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
-
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
+
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_domain failed\n");
goto done;
}
-
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &argv[0],
- &num_rids, &group_rids,
- &name_types);
+ init_lsa_String(&lsa_acct_name, argv[0]);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &group_rids,
+ &name_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
goto done;
}
- switch (name_types[0])
+ switch (name_types.ids[0])
{
case SID_NAME_DOM_GRP:
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[0], &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids.ids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_group failed");
goto done;
}
-
- group_rid = group_rids[0];
-
- result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
- &num_members, &group_rids,
- &group_attrs);
-
+
+ group_rid = group_rids.ids[0];
+
+ result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ &rids);
+
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
goto done;
if (opt_verbose) {
d_printf("Domain Group %s (rid: %d) has %d members\n",
- argv[0],group_rid,num_members);
+ argv[0],group_rid, rids->count);
}
/* Check if group is anyone's primary group */
- for (i = 0; i < num_members; i++)
+ for (i = 0; i < rids->count; i++)
{
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[i], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids->rids[i],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]);
+ d_fprintf(stderr, "Unable to open group member %d\n",
+ rids->rids[i]);
goto done;
}
-
- ZERO_STRUCT(user_ctr);
- result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
- 21, &user_ctr);
-
+ result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ 21,
+ &info);
+
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",group_rids[i]);
+ d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
+ rids->rids[i]);
goto done;
}
-
- if (user_ctr->info.id21->group_rid == group_rid) {
- unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name,
- sizeof(temp));
- if (opt_verbose)
- d_printf("Group is primary group of %s\n",temp);
+
+ if (info->info21.primary_gid == group_rid) {
+ if (opt_verbose) {
+ d_printf("Group is primary group of %s\n",
+ info->info21.account_name.string);
+ }
group_is_primary = True;
}
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
if (group_is_primary) {
}
/* remove all group members */
- for (i = 0; i < num_members; i++)
+ for (i = 0; i < rids->count; i++)
{
if (opt_verbose)
- d_printf("Remove group member %d...",group_rids[i]);
- result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, group_rids[i]);
+ d_printf("Remove group member %d...",
+ rids->rids[i]);
+ result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ rids->rids[i]);
if (NT_STATUS_IS_OK(result)) {
if (opt_verbose)
}
}
- result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol);
+ result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
+ &group_pol);
break;
/* removing a local group is easier... */
case SID_NAME_ALIAS:
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[0], &group_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids.ids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_alias failed\n");
goto done;
}
-
- result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol);
+
+ result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
+ &group_pol);
break;
default:
d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
- argv[0],sid_type_lookup(name_types[0]));
+ argv[0],sid_type_lookup(name_types.ids[0]));
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (NT_STATUS_IS_OK(result)) {
if (opt_verbose)
- d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types[0]),argv[0]);
+ d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
} else {
d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
get_friendly_nt_error_msg(result));
{
POLICY_HND connect_pol, domain_pol, group_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- GROUP_INFO_CTR group_info;
+ union samr_GroupInfo group_info;
+ struct lsa_String grp_name;
+ uint32_t rid = 0;
if (argc != 1) {
d_printf("Group name must be specified\n");
return NT_STATUS_OK;
}
+ init_lsa_String(&grp_name, argv[0]);
+
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Create the group */
- result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol,
- argv[0], MAXIMUM_ALLOWED_ACCESS,
- &group_pol);
+ result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &grp_name,
+ MAXIMUM_ALLOWED_ACCESS,
+ &group_pol,
+ &rid);
if (!NT_STATUS_IS_OK(result)) goto done;
if (strlen(opt_comment) == 0) goto done;
/* We've got a comment to set */
- group_info.switch_value1 = 4;
- init_samr_group_info4(&group_info.group.info4, opt_comment);
+ init_lsa_String(&group_info.description, opt_comment);
- result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &group_info);
+ result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
+ &group_pol,
+ 4,
+ &group_info);
if (!NT_STATUS_IS_OK(result)) goto done;
done:
{
POLICY_HND connect_pol, domain_pol, alias_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- ALIAS_INFO_CTR alias_info;
+ union samr_AliasInfo alias_info;
+ struct lsa_String alias_name;
+ uint32_t rid = 0;
if (argc != 1) {
d_printf("Alias name must be specified\n");
return NT_STATUS_OK;
}
+ init_lsa_String(&alias_name, argv[0]);
+
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Create the group */
- result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol,
- argv[0], &alias_pol);
+ result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &alias_name,
+ MAXIMUM_ALLOWED_ACCESS,
+ &alias_pol,
+ &rid);
if (!NT_STATUS_IS_OK(result)) goto done;
if (strlen(opt_comment) == 0) goto done;
/* We've got a comment to set */
- alias_info.level = 3;
- init_samr_alias_info3(&alias_info.alias.info3, opt_comment);
+ init_lsa_String(&alias_info.description, opt_comment);
+
+ result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
+ &alias_pol,
+ 3,
+ &alias_info);
- result = rpccli_samr_set_aliasinfo(pipe_hnd, mem_ctx, &alias_pol, &alias_info);
if (!NT_STATUS_IS_OK(result)) goto done;
done:
done:
if (pipe_hnd) {
- cli_rpc_pipe_close(pipe_hnd);
+ TALLOC_FREE(pipe_hnd);
}
if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
uint32 group_rid;
POLICY_HND group_pol;
- uint32 num_rids;
- uint32 *rids = NULL;
- uint32 *rid_types = NULL;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
DOM_SID sid;
return NT_STATUS_UNSUCCESSFUL;
}
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, &member,
- &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, member);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not lookup up group member %s\n", member);
goto done;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
+ result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ rids.ids[0],
+ 0x0005); /* unknown flags */
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
return result;
}
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- alias_rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ alias_rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- result = rpccli_samr_add_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
+ result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &member_sid);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
uint32 group_rid;
POLICY_HND group_pol;
- uint32 num_rids;
- uint32 *rids = NULL;
- uint32 *rid_types = NULL;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
DOM_SID sid;
if (!sid_split_rid(&sid, &group_rid))
return NT_STATUS_UNSUCCESSFUL;
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, &member,
- &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, member);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not lookup up group member %s\n", member);
goto done;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
+ result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ rids.ids[0]);
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
return result;
}
- /* Get sam policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ /* Get sam policy handle */
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- alias_rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ alias_rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_del_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
+ result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &member_sid);
if (!NT_STATUS_IS_OK(result))
return result;
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
- struct acct_info *groups;
+ struct samr_SamArray *groups = NULL;
bool global = False;
bool local = False;
bool builtin = False;
}
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
d_printf("\nGroup name Comment"\
"\n-----------------------------\n");
do {
- SAM_DISPINFO_CTR ctr;
- SAM_DISPINFO_3 info3;
- uint32 max_size;
-
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(info3);
- ctr.sam.info3 = &info3;
+ uint32_t max_size, total_size, returned_size;
+ union samr_DispInfo info;
if (!global) break;
get_query_dispinfo_params(
loop_count, &max_entries, &max_size);
- result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, 3, &num_entries,
- max_entries, max_size, &ctr);
+ result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 3,
+ start_idx,
+ max_entries,
+ max_size,
+ &total_size,
+ &returned_size,
+ &info);
+ num_entries = info.info3.count;
+ start_idx += info.info3.count;
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
-
+
for (i = 0; i < num_entries; i++) {
- fstring group, desc;
+ const char *group = NULL;
+ const char *desc = NULL;
+
+ group = info.info3.entries[i].account_name.string;
+ desc = info.info3.entries[i].description.string;
- unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group));
- unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc));
-
if (opt_long_list_entries)
printf("%-21.21s %-50.50s\n",
group, desc);
do {
if (!local) break;
- /* The max_size field in cli_samr_enum_als_groups is more like
- * an account_control field with indiviual bits what to
- * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get
- * everything. I'm too lazy (sorry) to get this through to
- * rpc_parse/ etc. Volker */
-
- result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, 0xffff,
- &groups, &num_entries);
-
+ result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &start_idx,
+ &groups,
+ 0xffff,
+ &num_entries);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
-
+
for (i = 0; i < num_entries; i++) {
- char *description = NULL;
+ const char *description = NULL;
if (opt_long_list_entries) {
POLICY_HND alias_pol;
- ALIAS_INFO_CTR ctr;
-
- if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
- &domain_pol,
- 0x8,
- groups[i].rid,
- &alias_pol))) &&
- (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
- &alias_pol, 3,
- &ctr))) &&
- (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+ union samr_AliasInfo *info = NULL;
+
+ if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 0x8,
+ groups->entries[i].idx,
+ &alias_pol))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
+ &alias_pol,
+ 3,
+ &info))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
&alias_pol)))) {
- description = unistr2_to_ascii_talloc(mem_ctx,
- ctr.alias.info3.description.string);
+ description = info->description.string;
}
}
-
+
if (description != NULL) {
- printf("%-21.21s %-50.50s\n",
- groups[i].acct_name,
+ printf("%-21.21s %-50.50s\n",
+ groups->entries[i].name.string,
description);
} else {
- printf("%s\n", groups[i].acct_name);
+ printf("%s\n", groups->entries[i].name.string);
}
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
/* Get builtin policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &global_sid_Builtin, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
do {
if (!builtin) break;
- result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, max_entries,
- &groups, &num_entries);
-
+ result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &start_idx,
+ &groups,
+ max_entries,
+ &num_entries);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
-
+
for (i = 0; i < num_entries; i++) {
- char *description = NULL;
+ const char *description = NULL;
if (opt_long_list_entries) {
POLICY_HND alias_pol;
- ALIAS_INFO_CTR ctr;
-
- if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
- &domain_pol,
- 0x8,
- groups[i].rid,
- &alias_pol))) &&
- (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
- &alias_pol, 3,
- &ctr))) &&
- (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+ union samr_AliasInfo *info = NULL;
+
+ if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 0x8,
+ groups->entries[i].idx,
+ &alias_pol))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
+ &alias_pol,
+ 3,
+ &info))) &&
+ (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
&alias_pol)))) {
- description = unistr2_to_ascii_talloc(mem_ctx,
- ctr.alias.info3.description.string);
+ description = info->description.string;
}
}
-
+
if (description != NULL) {
- printf("%-21.21s %-50.50s\n",
- groups[i].acct_name,
+ printf("%-21.21s %-50.50s\n",
+ groups->entries[i].name.string,
description);
} else {
- printf("%s\n", groups[i].acct_name);
+ printf("%s\n", groups->entries[i].name.string);
}
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
{
NTSTATUS result;
POLICY_HND group_pol;
- uint32 num_members, *group_rids, *group_attrs;
- uint32 num_names;
- char **names;
- uint32 *name_types;
+ uint32 num_members, *group_rids;
int i;
+ struct samr_RidTypeArray *rids = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids types;
fstring sid_str;
sid_to_fstring(sid_str, domain_sid);
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
- &num_members, &group_rids,
- &group_attrs);
+ result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
+ &group_pol,
+ &rids);
if (!NT_STATUS_IS_OK(result))
return result;
+ num_members = rids->count;
+ group_rids = rids->rids;
+
while (num_members > 0) {
int this_time = 512;
if (num_members < this_time)
this_time = num_members;
- result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol,
- this_time, group_rids,
- &num_names, &names, &name_types);
+ result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
+ domain_pol,
+ this_time,
+ group_rids,
+ &names,
+ &types);
if (!NT_STATUS_IS_OK(result))
return result;
if (opt_long_list_entries) {
printf("%s-%d %s\\%s %d\n", sid_str,
- group_rids[i], domain_name, names[i],
+ group_rids[i], domain_name,
+ names.names[i].string,
SID_NAME_USER);
} else {
- printf("%s\\%s\n", domain_name, names[i]);
+ printf("%s\\%s\n", domain_name,
+ names.names[i].string);
}
}
char **names;
enum lsa_SidType *types;
int i;
+ struct lsa_SidArray sid_array;
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,
- MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol,
- &num_members, &alias_sids);
+ result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &sid_array);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't list alias members\n");
return result;
}
+ num_members = sid_array.num_sids;
+
if (num_members == 0) {
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't open LSA policy handle\n");
- cli_rpc_pipe_close(lsa_pipe);
+ TALLOC_FREE(lsa_pipe);
return result;
}
+ alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
+ if (!alias_sids) {
+ d_fprintf(stderr, "Out of memory\n");
+ TALLOC_FREE(lsa_pipe);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_members; i++) {
+ sid_copy(&alias_sids[i], sid_array.sids[i].sid);
+ }
+
result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
alias_sids,
&domains, &names, &types);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
d_fprintf(stderr, "Couldn't lookup SIDs\n");
- cli_rpc_pipe_close(lsa_pipe);
+ TALLOC_FREE(lsa_pipe);
return result;
}
}
}
- cli_rpc_pipe_close(lsa_pipe);
+ TALLOC_FREE(lsa_pipe);
return NT_STATUS_OK;
}
{
NTSTATUS result;
POLICY_HND connect_pol, domain_pol;
- uint32 num_rids, *rids, *rid_types;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, argv, &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
DOM_SID sid_Builtin;
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
- string_to_sid(&sid_Builtin, "S-1-5-32");
+ sid_copy(&sid_Builtin, &global_sid_Builtin);
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid_Builtin, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid_Builtin,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
return result;
}
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, argv, &num_rids,
- &rids, &rid_types);
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
}
}
- if (num_rids != 1) {
+ if (rids.count != 1) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
return result;
}
- if (rid_types[0] == SID_NAME_DOM_GRP) {
+ if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
domain_sid, &domain_pol,
- rids[0]);
+ rids.ids[0]);
}
- if (rid_types[0] == SID_NAME_ALIAS) {
+ if (rid_types.ids[0] == SID_NAME_ALIAS) {
return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
- rids[0]);
+ rids.ids[0]);
}
return NT_STATUS_NO_SUCH_GROUP;
{
NTSTATUS result;
POLICY_HND connect_pol, domain_pol, group_pol;
- uint32 num_rids, *rids, *rid_types;
- GROUP_INFO_CTR ctr;
+ union samr_GroupInfo group_info;
+ struct samr_Ids rids, rid_types;
+ struct lsa_String lsa_acct_name;
if (argc != 2) {
d_printf("Usage: 'net rpc group rename group newname'\n");
}
/* Get sam policy handle */
-
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
- 1, argv, &num_rids, &rids, &rid_types);
+ init_lsa_String(&lsa_acct_name, argv[0]);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &rids,
+ &rid_types);
- if (num_rids != 1) {
+ if (rids.count != 1) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
return result;
}
- if (rid_types[0] != SID_NAME_DOM_GRP) {
+ if (rid_types.ids[0] != SID_NAME_DOM_GRP) {
d_fprintf(stderr, "Can only rename domain groups\n");
return NT_STATUS_UNSUCCESSFUL;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rids[0], &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids.ids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
- ZERO_STRUCT(ctr);
-
- ctr.switch_value1 = 2;
- init_samr_group_info2(&ctr.group.info2, argv[1]);
+ init_lsa_String(&group_info.name, argv[1]);
- result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr);
+ result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
+ &group_pol,
+ 2,
+ &group_info);
if (!NT_STATUS_IS_OK(result))
return result;
const char **argv)
{
WERROR result;
+ NTSTATUS status;
char *sharename;
char *path;
uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
uint32 num_users=0, perms=0;
char *password=NULL; /* don't allow a share password */
uint32 level = 2;
+ union srvsvc_NetShareInfo info;
+ struct srvsvc_NetShareInfo2 info2;
+ uint32_t parm_error = 0;
if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
return NT_STATUS_NO_MEMORY;
return NT_STATUS_UNSUCCESSFUL;
*path++ = '\0';
- result = rpccli_srvsvc_net_share_add(pipe_hnd, mem_ctx, sharename, type,
- opt_comment, perms, opt_maxusers,
- num_users, path, password,
- level, NULL);
- return werror_to_ntstatus(result);
+ info2.name = sharename;
+ info2.type = type;
+ info2.comment = opt_comment;
+ info2.permissions = perms;
+ info2.max_users = opt_maxusers;
+ info2.current_users = num_users;
+ info2.path = path;
+ info2.password = password;
+
+ info.info2 = &info2;
+
+ status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ level,
+ &info,
+ &parm_error,
+ &result);
+ return status;
}
static int rpc_share_add(int argc, const char **argv)
{
WERROR result;
- result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]);
- return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ argv[0],
+ 0,
+ &result);
}
/**
*
* @param info1 pointer to SRV_SHARE_INFO_1 to format
**/
-
-static void display_share_info_1(SRV_SHARE_INFO_1 *info1)
-{
- fstring netname = "", remark = "";
-
- rpcstr_pull_unistr2_fstring(netname, &info1->info_1_str.uni_netname);
- rpcstr_pull_unistr2_fstring(remark, &info1->info_1_str.uni_remark);
+static void display_share_info_1(struct srvsvc_NetShareInfo1 *r)
+{
if (opt_long_list_entries) {
d_printf("%-12s %-8.8s %-50s\n",
- netname, share_type[info1->info_1.type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)], remark);
+ r->name,
+ share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
+ r->comment);
} else {
- d_printf("%s\n", netname);
+ d_printf("%s\n", r->name);
}
-
}
static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
- uint32 level,
- int argc,
- const char **argv,
- SRV_SHARE_INFO_CTR *ctr)
+ TALLOC_CTX *mem_ctx,
+ uint32 level,
+ int argc,
+ const char **argv,
+ struct srvsvc_NetShareInfoCtr *info_ctr)
{
WERROR result;
- SRV_SHARE_INFO info;
+ NTSTATUS status;
+ union srvsvc_NetShareInfo info;
/* no specific share requested, enumerate all */
if (argc == 0) {
- ENUM_HND hnd;
- uint32 preferred_len = 0xffffffff;
+ uint32_t preferred_len = 0xffffffff;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
- init_enum_hnd(&hnd, 0);
+ info_ctr->level = level;
- return rpccli_srvsvc_net_share_enum(pipe_hnd, mem_ctx, level, ctr,
- preferred_len, &hnd);
+ status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ info_ctr,
+ preferred_len,
+ &total_entries,
+ &resume_handle,
+ &result);
+ return result;
}
/* request just one share */
- result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, argv[0], level, &info);
-
- if (!W_ERROR_IS_OK(result))
+ status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ argv[0],
+ level,
+ &info,
+ &result);
+
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
goto done;
+ }
/* construct ctr */
- ZERO_STRUCTP(ctr);
+ ZERO_STRUCTP(info_ctr);
- ctr->info_level = ctr->switch_value = level;
- ctr->ptr_share_info = ctr->ptr_entries = 1;
- ctr->num_entries = ctr->num_entries2 = 1;
+ info_ctr->level = level;
switch (level) {
case 1:
{
- char *s;
- SRV_SHARE_INFO_1 *info1;
-
- ctr->share.info1 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_1, 1);
- if (ctr->share.info1 == NULL) {
- result = WERR_NOMEM;
- goto done;
- }
- info1 = ctr->share.info1;
-
- memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1));
-
- /* Copy pointer crap */
+ struct srvsvc_NetShareCtr1 *ctr1;
- memcpy(&info1->info_1, &info.share.info1.info_1, sizeof(SH_INFO_1));
+ ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
+ W_ERROR_HAVE_NO_MEMORY(ctr1);
- /* Duplicate strings */
+ ctr1->count = 1;
+ ctr1->array = info.info1;
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_netname);
- if (s)
- init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE);
-
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_remark);
- if (s)
- init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE);
+ info_ctr->ctr.ctr1 = ctr1;
}
case 2:
{
- char *s;
- SRV_SHARE_INFO_2 *info2;
-
- ctr->share.info2 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_2, 1);
- if (ctr->share.info2 == NULL) {
- result = WERR_NOMEM;
- goto done;
- }
- info2 = ctr->share.info2;
-
- memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2));
-
- /* Copy pointer crap */
-
- memcpy(&info2->info_2, &info.share.info2.info_2, sizeof(SH_INFO_2));
-
- /* Duplicate strings */
-
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_netname);
- if (s)
- init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE);
+ struct srvsvc_NetShareCtr2 *ctr2;
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_remark);
- if (s)
- init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE);
+ ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
+ W_ERROR_HAVE_NO_MEMORY(ctr2);
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_path);
- if (s)
- init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE);
+ ctr2->count = 1;
+ ctr2->array = info.info2;
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_passwd);
- if (s)
- init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE);
+ info_ctr->ctr.ctr2 = ctr2;
}
case 502:
{
- char *s;
- SRV_SHARE_INFO_502 *info502;
+ struct srvsvc_NetShareCtr502 *ctr502;
- ctr->share.info502 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_502, 1);
- if (ctr->share.info502 == NULL) {
- result = WERR_NOMEM;
- goto done;
- }
- info502 = ctr->share.info502;
-
- memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502));
-
- /* Copy pointer crap */
-
- memcpy(&info502->info_502, &info.share.info502.info_502, sizeof(SH_INFO_502));
-
- /* Duplicate strings */
-
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_netname);
- if (s)
- init_unistr2(&info502->info_502_str.uni_netname, s, UNI_STR_TERMINATE);
-
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_remark);
- if (s)
- init_unistr2(&info502->info_502_str.uni_remark, s, UNI_STR_TERMINATE);
+ ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
+ W_ERROR_HAVE_NO_MEMORY(ctr502);
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_path);
- if (s)
- init_unistr2(&info502->info_502_str.uni_path, s, UNI_STR_TERMINATE);
+ ctr502->count = 1;
+ ctr502->array = info.info502;
- s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_passwd);
- if (s)
- init_unistr2(&info502->info_502_str.uni_passwd, s, UNI_STR_TERMINATE);
-
- info502->info_502_str.sd = dup_sec_desc(mem_ctx, info.share.info502.info_502_str.sd);
-
+ info_ctr->ctr.ctr502 = ctr502;
}
-
} /* switch */
-
done:
return result;
}
int argc,
const char **argv)
{
- SRV_SHARE_INFO_CTR ctr;
+ struct srvsvc_NetShareInfoCtr info_ctr;
+ struct srvsvc_NetShareCtr1 ctr1;
WERROR result;
uint32 i, level = 1;
- result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr);
+ ZERO_STRUCT(info_ctr);
+ ZERO_STRUCT(ctr1);
+
+ info_ctr.level = 1;
+ info_ctr.ctr.ctr1 = &ctr1;
+
+ result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr);
if (!W_ERROR_IS_OK(result))
goto done;
"\nShare name Type Description\n"\
"---------- ---- -----------\n");
}
- for (i = 0; i < ctr.num_entries; i++)
- display_share_info_1(&ctr.share.info1[i]);
+ for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
+ display_share_info_1(&info_ctr.ctr.ctr1->array[i]);
done:
return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
return True;
}
-static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 type)
+static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type)
{
/* only support disk shares */
if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
}
/**
- * Migrate shares from a remote RPC server to the local RPC srever
+ * Migrate shares from a remote RPC server to the local RPC server
*
* All parameters are provided by the run_rpc_command function, except for
- * argc, argv which are passes through.
+ * argc, argv which are passed through.
*
* @param domain_sid The domain sid acquired from the remote server
* @param cli A cli_state connected to the server.
- * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param mem_ctx Talloc context, destroyed on completion of the function.
* @param argc Standard main() style argc
* @param argv Standard main() style argv. Initial components are already
* stripped
{
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SRV_SHARE_INFO_CTR ctr_src;
- uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
- char *password = NULL; /* don't allow a share password */
+ struct srvsvc_NetShareInfoCtr ctr_src;
uint32 i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
uint32 level = 502; /* includes secdesc */
+ uint32_t parm_error = 0;
result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
if (!W_ERROR_IS_OK(result))
return nt_status;
- for (i = 0; i < ctr_src.num_entries; i++) {
+ for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
+
+ union srvsvc_NetShareInfo info;
+ struct srvsvc_NetShareInfo502 info502 =
+ ctr_src.ctr.ctr502->array[i];
- fstring netname = "", remark = "", path = "";
/* reset error-code */
nt_status = NT_STATUS_UNSUCCESSFUL;
- rpcstr_pull_unistr2_fstring(
- netname, &ctr_src.share.info502[i].info_502_str.uni_netname);
- rpcstr_pull_unistr2_fstring(
- remark, &ctr_src.share.info502[i].info_502_str.uni_remark);
- rpcstr_pull_unistr2_fstring(
- path, &ctr_src.share.info502[i].info_502_str.uni_path);
-
- if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type))
+ if (!check_share_sanity(cli, info502.name, info502.type))
continue;
/* finally add the share on the dst server */
printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
- netname, path, remark);
-
- result = rpccli_srvsvc_net_share_add(srvsvc_pipe, mem_ctx, netname, type, remark,
- ctr_src.share.info502[i].info_502.perms,
- ctr_src.share.info502[i].info_502.max_uses,
- ctr_src.share.info502[i].info_502.num_uses,
- path, password, level,
- NULL);
-
+ info502.name, info502.path, info502.comment);
+
+ info.info502 = &info502;
+
+ nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
+ srvsvc_pipe->desthost,
+ 502,
+ &info,
+ &parm_error,
+ &result);
+
if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
- printf(" [%s] does already exist\n", netname);
+ printf(" [%s] does already exist\n",
+ info502.name);
continue;
}
- if (!W_ERROR_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
printf("cannot add share: %s\n", dos_errstr(result));
goto done;
}
{
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SRV_SHARE_INFO_CTR ctr_src;
+ struct srvsvc_NetShareInfoCtr ctr_src;
uint32 i;
uint32 level = 502;
struct copy_clistate cp_clistate;
if (!W_ERROR_IS_OK(result))
goto done;
- for (i = 0; i < ctr_src.num_entries; i++) {
-
- fstring netname = "";
+ for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
- rpcstr_pull_unistr2_fstring(
- netname, &ctr_src.share.info502[i].info_502_str.uni_netname);
+ struct srvsvc_NetShareInfo502 info502 =
+ ctr_src.ctr.ctr502->array[i];
- if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type))
+ if (!check_share_sanity(cli, info502.name, info502.type))
continue;
/* one might not want to mirror whole discs :) */
- if (strequal(netname, "print$") || netname[1] == '$') {
- d_printf("skipping [%s]: builtin/hidden share\n", netname);
+ if (strequal(info502.name, "print$") || info502.name[1] == '$') {
+ d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
continue;
}
break;
}
printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
- netname,
+ info502.name,
opt_acls ? "including" : "without",
opt_attrs ? "including" : "without",
opt_timestamps ? "(preserving timestamps)" : "");
/* open share source */
nt_status = connect_to_service(&cp_clistate.cli_share_src,
&cli->dest_ss, cli->desthost,
- netname, "A:");
+ info502.name, "A:");
if (!NT_STATUS_IS_OK(nt_status))
goto done;
if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
/* open share destination */
nt_status = connect_to_service(&cp_clistate.cli_share_dst,
- NULL, dst, netname, "A:");
+ NULL, dst, info502.name, "A:");
if (!NT_STATUS_IS_OK(nt_status))
goto done;
got_dst_share = True;
}
- if (!copy_top_level_perms(&cp_clistate, netname)) {
- d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", netname);
+ if (!copy_top_level_perms(&cp_clistate, info502.name)) {
+ d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (!sync_files(&cp_clistate, mask)) {
- d_fprintf(stderr, "could not handle files for share: %s\n", netname);
+ d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
}
{
WERROR result;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SRV_SHARE_INFO_CTR ctr_src;
- SRV_SHARE_INFO info;
+ struct srvsvc_NetShareInfoCtr ctr_src;
+ union srvsvc_NetShareInfo info;
uint32 i;
struct rpc_pipe_client *srvsvc_pipe = NULL;
struct cli_state *cli_dst = NULL;
uint32 level = 502; /* includes secdesc */
+ uint32_t parm_error = 0;
result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
return nt_status;
- for (i = 0; i < ctr_src.num_entries; i++) {
+ for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
+
+ struct srvsvc_NetShareInfo502 info502 =
+ ctr_src.ctr.ctr502->array[i];
- fstring netname = "", remark = "", path = "";
/* reset error-code */
nt_status = NT_STATUS_UNSUCCESSFUL;
- rpcstr_pull_unistr2_fstring(
- netname, &ctr_src.share.info502[i].info_502_str.uni_netname);
- rpcstr_pull_unistr2_fstring(
- remark, &ctr_src.share.info502[i].info_502_str.uni_remark);
- rpcstr_pull_unistr2_fstring(
- path, &ctr_src.share.info502[i].info_502_str.uni_path);
-
- if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type))
+ if (!check_share_sanity(cli, info502.name, info502.type))
continue;
printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
- netname, path, remark);
+ info502.name, info502.path, info502.comment);
if (opt_verbose)
- display_sec_desc(ctr_src.share.info502[i].info_502_str.sd);
-
- /* init info */
- ZERO_STRUCT(info);
-
- info.switch_value = level;
- info.ptr_share_ctr = 1;
+ display_sec_desc(info502.sd_buf.sd);
/* FIXME: shouldn't we be able to just set the security descriptor ? */
- info.share.info502 = ctr_src.share.info502[i];
+ info.info502 = &info502;
/* finally modify the share on the dst server */
- result = rpccli_srvsvc_net_share_set_info(srvsvc_pipe, mem_ctx, netname, level, &info);
-
- if (!W_ERROR_IS_OK(result)) {
+ nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
+ srvsvc_pipe->desthost,
+ info502.name,
+ level,
+ &info,
+ &parm_error,
+ &result);
+ if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
printf("cannot set share-acl: %s\n", dos_errstr(result));
goto done;
}
const DOM_SID *domain_sid)
{
uint32 start_idx, max_entries, num_entries, i;
- struct acct_info *groups;
+ struct samr_SamArray *groups = NULL;
NTSTATUS result;
POLICY_HND domain_pol;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
max_entries = 250;
do {
- result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
- &start_idx, max_entries,
- &groups, &num_entries);
-
+ result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &start_idx,
+ &groups,
+ max_entries,
+ &num_entries);
for (i = 0; i < num_entries; i++) {
POLICY_HND alias_pol;
struct full_alias alias;
- DOM_SID *members;
+ struct lsa_SidArray sid_array;
int j;
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- groups[i].rid,
- &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ groups->entries[i].idx,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx,
- &alias_pol,
- &alias.num_members,
- &members);
+ result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
+ &alias_pol,
+ &sid_array);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol);
+ alias.num_members = sid_array.num_sids;
+
+ result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
for (j = 0; j < alias.num_members; j++)
sid_copy(&alias.members[j],
- &members[j]);
+ sid_array.sids[j].sid);
}
sid_copy(&alias.sid, domain_sid);
- sid_append_rid(&alias.sid, groups[i].rid);
+ sid_append_rid(&alias.sid, groups->entries[i].idx);
push_alias(mem_ctx, &alias);
}
result = NT_STATUS_OK;
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
return result;
}
NTSTATUS result;
POLICY_HND connect_pol;
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
domain_sid);
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
done:
return result;
}
static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
{
- struct winbindd_request request;
- struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ enum wbcSidType type;
fstring full_name;
- NSS_STATUS result;
-
+ struct wbcDomainSid wsid;
+ char *sid_str = NULL;
DOM_SID user_sid;
-
- int i;
+ uint32_t num_groups;
+ gid_t *groups = NULL;
+ uint32_t i;
fstr_sprintf(full_name, "%s%c%s",
domain, *lp_winbind_separator(), user);
/* First let's find out the user sid */
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ wbc_status = wbcLookupName(domain, user, &wsid, &type);
- fstrcpy(request.data.name.dom_name, domain);
- fstrcpy(request.data.name.name, user);
-
- result = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ DEBUG(1, ("winbind could not find %s: %s\n",
+ full_name, wbcErrorString(wbc_status)));
+ return false;
+ }
- if (result != NSS_STATUS_SUCCESS) {
- DEBUG(1, ("winbind could not find %s\n", full_name));
- return False;
+ wbc_status = wbcSidToString(&wsid, &sid_str);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ return false;
}
- if (response.data.sid.type != SID_NAME_USER) {
+ if (type != SID_NAME_USER) {
+ wbcFreeMemory(sid_str);
DEBUG(1, ("%s is not a user\n", full_name));
- return False;
+ return false;
}
- string_to_sid(&user_sid, response.data.sid.sid);
+ string_to_sid(&user_sid, sid_str);
+ wbcFreeMemory(sid_str);
+ sid_str = NULL;
init_user_token(token, &user_sid);
/* And now the groups winbind knows about */
- ZERO_STRUCT(response);
-
- fstrcpy(request.data.username, full_name);
-
- result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
-
- if (result != NSS_STATUS_SUCCESS) {
- DEBUG(1, ("winbind could not get groups of %s\n", full_name));
- return False;
+ wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ DEBUG(1, ("winbind could not get groups of %s: %s\n",
+ full_name, wbcErrorString(wbc_status)));
+ return false;
}
- for (i = 0; i < response.data.num_entries; i++) {
- gid_t gid = ((gid_t *)response.extra_data.data)[i];
+ for (i = 0; i < num_groups; i++) {
+ gid_t gid = groups[i];
DOM_SID sid;
- struct winbindd_request sidrequest;
- struct winbindd_response sidresponse;
-
- ZERO_STRUCT(sidrequest);
- ZERO_STRUCT(sidresponse);
-
- sidrequest.data.gid = gid;
-
- result = winbindd_request_response(WINBINDD_GID_TO_SID,
- &sidrequest, &sidresponse);
+ wbc_status = wbcGidToSid(gid, &wsid);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
+ gid, wbcErrorString(wbc_status)));
+ wbcFreeMemory(groups);
+ return false;
+ }
- if (result != NSS_STATUS_SUCCESS) {
- DEBUG(1, ("winbind could not find SID of gid %d\n",
- gid));
- return False;
+ wbc_status = wbcSidToString(&wsid, &sid_str);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ wbcFreeMemory(groups);
+ return false;
}
- DEBUG(3, (" %s\n", sidresponse.data.sid.sid));
+ DEBUG(3, (" %s\n", sid_str));
+
+ string_to_sid(&sid, sid_str);
+ wbcFreeMemory(sid_str);
+ sid_str = NULL;
- string_to_sid(&sid, sidresponse.data.sid.sid);
add_sid_to_token(token, &sid);
}
+ wbcFreeMemory(groups);
- SAFE_FREE(response.extra_data.data);
-
- return True;
+ return true;
}
/**
static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens)
{
- struct winbindd_request request;
- struct winbindd_response response;
- const char *extra_data;
- char *name;
- int i;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ uint32_t i, num_users;
+ const char **users;
struct user_token *result;
TALLOC_CTX *frame = NULL;
(opt_target_workgroup == NULL)) {
d_fprintf(stderr, "winbind use default domain = yes set, "
"please specify a workgroup\n");
- return False;
+ return false;
}
/* Send request to winbind daemon */
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return False;
-
- /* Look through extra data */
-
- if (!response.extra_data.data)
- return False;
-
- extra_data = (const char *)response.extra_data.data;
- *num_tokens = 0;
-
- frame = talloc_stackframe();
- while(next_token_talloc(frame, &extra_data, &name, ",")) {
- *num_tokens += 1;
+ wbc_status = wbcListUsers(NULL, &num_users, &users);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ DEBUG(1, ("winbind could not list users: %s\n",
+ wbcErrorString(wbc_status)));
+ return false;
}
- result = SMB_MALLOC_ARRAY(struct user_token, *num_tokens);
+ result = SMB_MALLOC_ARRAY(struct user_token, num_users);
if (result == NULL) {
DEBUG(1, ("Could not malloc sid array\n"));
- TALLOC_FREE(frame);
- return False;
+ wbcFreeMemory(users);
+ return false;
}
- extra_data = (const char *)response.extra_data.data;
- i=0;
-
- while(next_token_talloc(frame, &extra_data, &name, ",")) {
+ frame = talloc_stackframe();
+ for (i=0; i < num_users; i++) {
fstring domain, user;
char *p;
- fstrcpy(result[i].name, name);
+ fstrcpy(result[i].name, users[i]);
- p = strchr(name, *lp_winbind_separator());
+ p = strchr(users[i], *lp_winbind_separator());
- DEBUG(3, ("%s\n", name));
+ DEBUG(3, ("%s\n", users[i]));
if (p == NULL) {
fstrcpy(domain, opt_target_workgroup);
- fstrcpy(user, name);
+ fstrcpy(user, users[i]);
} else {
*p++ = '\0';
- fstrcpy(domain, name);
+ fstrcpy(domain, users[i]);
strupper_m(domain);
fstrcpy(user, p);
}
i+=1;
}
TALLOC_FREE(frame);
- SAFE_FREE(response.extra_data.data);
+ wbcFreeMemory(users);
+ *num_tokens = num_users;
*user_tokens = result;
- return True;
+ return true;
}
static bool get_user_tokens_from_file(FILE *f,
SEC_DESC *root_sd = NULL;
struct cli_state *cli = pipe_hnd->cli;
int i;
- SRV_SHARE_INFO info;
+ union srvsvc_NetShareInfo info;
WERROR result;
+ NTSTATUS status;
uint16 cnum;
- result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, netname,
- 502, &info);
+ status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ netname,
+ 502,
+ &info,
+ &result);
- if (!W_ERROR_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
DEBUG(1, ("Coult not query secdesc for share %s\n",
netname));
return;
}
- share_sd = info.share.info502.info_502_str.sd;
+ share_sd = info.info502->sd_buf.sd;
if (share_sd == NULL) {
DEBUG(1, ("Got no secdesc for share %s\n",
netname));
for (i=0; i<num_tokens; i++) {
uint32 acc_granted;
- NTSTATUS status;
if (share_sd != NULL) {
if (!se_access_check(share_sd, &tokens[i].token,
int argc, const char **argv)
{
WERROR result;
+ NTSTATUS status;
+ uint32_t parm_err = 0;
+ union srvsvc_NetShareInfo info;
+ struct srvsvc_NetShareInfo2 info2;
if ((argc < 2) || (argc > 3)) {
d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_srvsvc_net_share_add(
- pipe_hnd, mem_ctx, argv[0], STYPE_DISKTREE,
- (argc == 3) ? argv[2] : "",
- 0, 0, 0, argv[1], NULL, 2, NULL);
-
- return werror_to_ntstatus(result);
+ info2.name = argv[0];
+ info2.type = STYPE_DISKTREE;
+ info2.comment = (argc == 3) ? argv[2] : "";
+ info2.permissions = 0;
+ info2.max_users = 0;
+ info2.current_users = 0;
+ info2.path = argv[1];
+ info2.password = NULL;
+
+ info.info2 = &info2;
+
+ status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ 2,
+ &info,
+ &parm_err,
+ &result);
+
+ return status;
}
static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
WERROR result;
+ NTSTATUS status;
if (argc != 1) {
d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]);
- return werror_to_ntstatus(result);
+ status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ argv[0],
+ 0,
+ &result);
+
+ return status;
}
static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *pipe_hnd,
int argc, const char **argv)
{
- SRV_SHARE_INFO info;
- SRV_SHARE_INFO_2 *info2 = &info.share.info2;
+ union srvsvc_NetShareInfo info;
WERROR result;
+ NTSTATUS status;
if (argc != 1) {
d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_srvsvc_net_share_get_info(
- pipe_hnd, mem_ctx, argv[0], 2, &info);
- if (!W_ERROR_IS_OK(result)) {
+ status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ argv[0],
+ 2,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
goto done;
}
- d_printf("Name: %s\n",
- rpcstr_pull_unistr2_talloc(mem_ctx,
- &info2->info_2_str.uni_netname));
- d_printf("Comment: %s\n",
- rpcstr_pull_unistr2_talloc(mem_ctx,
- &info2->info_2_str.uni_remark));
-
- d_printf("Path: %s\n",
- rpcstr_pull_unistr2_talloc(mem_ctx,
- &info2->info_2_str.uni_path));
- d_printf("Password: %s\n",
- rpcstr_pull_unistr2_talloc(mem_ctx,
- &info2->info_2_str.uni_passwd));
+ d_printf("Name: %s\n", info.info2->name);
+ d_printf("Comment: %s\n", info.info2->comment);
+ d_printf("Path: %s\n", info.info2->path);
+ d_printf("Password: %s\n", info.info2->password);
done:
return werror_to_ntstatus(result);
const char **argv)
{
return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx,
- pipe_hnd->cli->desthost,
+ pipe_hnd->desthost,
atoi(argv[0]), NULL);
}
/**
* Formatted print of open file info
*
- * @param info3 FILE_INFO_3 contents
- * @param str3 strings for FILE_INFO_3
+ * @param r struct srvsvc_NetFileInfo3 contents
**/
-static void display_file_info_3( FILE_INFO_3 *info3 )
+static void display_file_info_3(struct srvsvc_NetFileInfo3 *r)
{
- fstring user = "", path = "";
-
- rpcstr_pull_unistr2_fstring(user, info3->user);
- rpcstr_pull_unistr2_fstring(path, info3->path);
-
d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
- info3->id, user, info3->perms, info3->num_locks, path);
+ r->fid, r->user, r->permissions, r->num_locks, r->path);
}
/**
int argc,
const char **argv)
{
- SRV_FILE_INFO_CTR ctr;
+ struct srvsvc_NetFileInfoCtr info_ctr;
+ struct srvsvc_NetFileCtr3 ctr3;
WERROR result;
- ENUM_HND hnd;
+ NTSTATUS status;
uint32 preferred_len = 0xffffffff, i;
const char *username=NULL;
-
- init_enum_hnd(&hnd, 0);
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
/* if argc > 0, must be user command */
if (argc > 0)
username = smb_xstrdup(argv[0]);
-
- result = rpccli_srvsvc_net_file_enum(pipe_hnd,
- mem_ctx, 3, username, &ctr, preferred_len, &hnd);
- if (!W_ERROR_IS_OK(result))
+ ZERO_STRUCT(info_ctr);
+ ZERO_STRUCT(ctr3);
+
+ info_ctr.level = 3;
+ info_ctr.ctr.ctr3 = &ctr3;
+
+ status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ NULL,
+ username,
+ &info_ctr,
+ preferred_len,
+ &total_entries,
+ &resume_handle,
+ &result);
+
+ if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result))
goto done;
/* Display results */
"\nEnumerating open files on remote server:\n\n"\
"\nFileId Opened by Perms Locks Path"\
"\n------ --------- ----- ----- ---- \n");
- for (i = 0; i < ctr.num_entries; i++)
- display_file_info_3(&ctr.file.info3[i]);
+ for (i = 0; i < total_entries; i++)
+ display_file_info_3(&info_ctr.ctr.ctr3->array[i]);
done:
return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
+ uint32_t access_granted = 0;
+ union samr_UserInfo info;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
-
+
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
return NT_STATUS_NO_MEMORY;
}
strupper_m(acct_name);
+ init_lsa_String(&lsa_acct_name, acct_name);
+
/* Get samr policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Create trusting domain's account */
- acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
-
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
- &user_pol, &user_rid);
+ acb_info = ACB_NORMAL;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
{
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_23 p23;
NTTIME notime;
- char nostr[] = "";
- LOGON_HRS hrs;
+ struct samr_LogonHours hours;
+ struct lsa_BinaryString parameters;
+ const int units_per_week = 168;
uchar pwbuf[516];
encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p23);
ZERO_STRUCT(notime);
- hrs.max_len = 1260;
- hrs.offset = 0;
- hrs.len = 21;
- memset(hrs.hours, 0xFF, sizeof(hrs.hours));
- acb_info = ACB_DOMTRUST;
-
- init_sam_user_info23A(&p23, ¬ime, ¬ime, ¬ime,
- ¬ime, ¬ime, ¬ime,
- nostr, nostr, nostr, nostr, nostr,
- nostr, nostr, nostr, nostr, nostr,
- 0, 0, acb_info, ACCT_FLAGS, 168, &hrs,
- 0, 0, (char *)pwbuf);
- ctr.switch_value = 23;
- ctr.info.id23 = &p23;
- p23.passmustchange = 0;
-
- result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23,
- &cli->user_session_key, &ctr);
+ ZERO_STRUCT(hours);
+ ZERO_STRUCT(parameters);
+
+ hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
+ if (!hours.bits) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ hours.units_per_week = units_per_week;
+ memset(hours.bits, 0xFF, units_per_week);
+
+ init_samr_user_info23(&info.info23,
+ notime, notime, notime,
+ notime, notime, notime,
+ NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, ¶meters,
+ 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
+ hours,
+ 0, 0, 0, 0, 0, 0, 0,
+ pwbuf, 24);
+
+ SamOEMhashBlob(info.info23.password.data, 516,
+ &cli->user_session_key);
+
+ result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ 23,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("Could not set trust account password: %s\n",
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
- const char **names;
DOM_SID trust_acct_sid;
- uint32 *user_rids, num_rids, *name_types;
- uint32 flags = 0x000003e8; /* Unknown */
+ struct samr_Ids user_rids, name_types;
+ struct lsa_String lsa_acct_name;
if (argc != 1) {
d_printf("Usage: net rpc trustdom del <domain_name>\n");
strupper_m(acct_name);
- if ((names = TALLOC_ARRAY(mem_ctx, const char *, 1)) == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- names[0] = acct_name;
-
-
/* Get samr policy handle */
- result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
- &connect_pol);
+ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, flags, 1,
- names, &num_rids,
- &user_rids, &name_types);
-
+ init_lsa_String(&lsa_acct_name, acct_name);
+
+ result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
+
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids.ids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
/* append the rid to the domain sid */
sid_copy(&trust_acct_sid, domain_sid);
- if (!sid_append_rid(&trust_acct_sid, user_rids[0])) {
+ if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
goto done;
}
/* remove the sid */
- result = rpccli_samr_remove_sid_foreign_domain(pipe_hnd, mem_ctx, &user_pol,
- &trust_acct_sid);
-
+ result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
+ &user_pol,
+ &trust_acct_sid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Delete user */
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
return -1;
}
}
-
+
+static NTSTATUS rpc_trustdom_get_pdc(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ const char *domain_name)
+{
+ char *dc_name = NULL;
+ const char *buffer = NULL;
+ struct rpc_pipe_client *netr;
+ NTSTATUS status;
+
+ /* Use NetServerEnum2 */
+
+ if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
+ SAFE_FREE(dc_name);
+ return NT_STATUS_OK;
+ }
+
+ DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
+ for domain %s\n", domain_name));
+
+ /* Try netr_GetDcName */
+
+ netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &status);
+ if (!netr) {
+ return status;
+ }
+
+ status = rpccli_netr_GetDcName(netr, mem_ctx,
+ cli->desthost,
+ domain_name,
+ &buffer,
+ NULL);
+ TALLOC_FREE(netr);
+
+ if (NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
+ for domain %s\n", domain_name));
+
+ return status;
+}
/**
* Establish trust relationship to a trusting domain.
DOM_SID *domain_sid;
char* domain_name;
- const char* domain_name_pol;
char* acct_name;
fstring pdc_name;
- char *dc_name;
+ union lsa_PolicyInformation *info = NULL;
/*
* Connect to \\server\ipc$ as 'our domain' account with password
return -1;
}
- /*
- * Use NetServerEnum2 to make sure we're talking to a proper server
- */
-
- if (!cli_get_pdc_name(cli, domain_name, &dc_name)) {
- DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\
- for domain %s\n", domain_name));
- cli_shutdown(cli);
- return -1;
- }
- SAFE_FREE(dc_name);
-
if (!(mem_ctx = talloc_init("establishing trust relationship to "
"domain %s", domain_name))) {
DEBUG(0, ("talloc_init() failed\n"));
return -1;
}
+ /* Make sure we're talking to a proper server */
+
+ nt_status = rpc_trustdom_get_pdc(cli, mem_ctx, domain_name);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
+ return -1;
+ }
+
/*
* Call LsaOpenPolicy and LsaQueryInfo
*/
}
/* Querying info level 5 */
-
- nt_status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &connect_hnd,
- 5 /* info level */,
- &domain_name_pol, &domain_sid);
+
+ nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
return -1;
}
+ domain_sid = info->account_domain.sid;
+
/* There should be actually query info level 3 (following nt serv behaviour),
but I still don't know if it's _really_ necessary */
const char *trusted_dom_name)
{
NTSTATUS nt_status;
- union lsa_TrustedDomainInfo info;
+ union lsa_TrustedDomainInfo *info = NULL;
char *cleartextpwd = NULL;
DATA_BLOB data;
goto done;
}
- data = data_blob(NULL, info.password.password->length);
-
- memcpy(data.data,
- info.password.password->data,
- info.password.password->length);
- data.length = info.password.password->length;
+ data = data_blob(info->password.password->data,
+ info->password.password->length);
cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password,
&data);
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("sucessfully vampired trusted domain [%s], sid: [%s], "
+ DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
"password: [%s]\n", trusted_dom_name,
sid_string_dbg(&dom_sid), cleartextpwd));
#endif
const char *domain_name = NULL;
DOM_SID *queried_dom_sid;
POLICY_HND connect_hnd;
+ union lsa_PolicyInformation *info = NULL;
/* trusted domains listing variables */
- unsigned int num_domains, enum_ctx = 0;
+ unsigned int enum_ctx = 0;
int i;
- DOM_SID *domain_sids;
- char **trusted_dom_names;
+ struct lsa_DomainList dom_list;
fstring pdc_name;
- const char *dummy;
/*
* Listing trusted domains (stored in secrets.tdb, if local)
};
/* query info level 5 to obtain sid of a domain being queried */
- nt_status = rpccli_lsa_query_info_policy(
- pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */,
- &dummy, &queried_dom_sid);
+ nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
return -1;
}
+ queried_dom_sid = info->account_domain.sid;
+
/*
* Keep calling LsaEnumTrustdom over opened pipe until
* the end of enumeration is reached
d_printf("Vampire trusted domains:\n\n");
do {
- nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
- &num_domains,
- &trusted_dom_names, &domain_sids);
-
+ nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ &enum_ctx,
+ &dom_list,
+ (uint32_t)-1);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
- for (i = 0; i < num_domains; i++) {
- print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
+ for (i = 0; i < dom_list.count; i++) {
+
+ print_trusted_domain(dom_list.domains[i].sid,
+ dom_list.domains[i].name.string);
nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
- domain_sids[i], trusted_dom_names[i]);
+ *dom_list.domains[i].sid,
+ dom_list.domains[i].name.string);
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(cli);
talloc_destroy(mem_ctx);
* in case of no trusted domains say something rather
* than just display blank line
*/
- if (!num_domains) d_printf("none\n");
+ if (!dom_list.count) d_printf("none\n");
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
fstring padding;
int ascii_dom_name_len;
POLICY_HND connect_hnd;
-
+ union lsa_PolicyInformation *info = NULL;
+
/* trusted domains listing variables */
unsigned int num_domains, enum_ctx = 0;
int i, pad_len, col_len = 20;
- DOM_SID *domain_sids;
- char **trusted_dom_names;
+ struct lsa_DomainList dom_list;
fstring pdc_name;
- const char *dummy;
-
+
/* trusting domains listing variables */
POLICY_HND domain_hnd;
- char **trusting_dom_names;
- uint32 *trusting_dom_rids;
-
+ struct samr_SamArray *trusts = NULL;
+
/*
* Listing trusted domains (stored in secrets.tdb, if local)
*/
};
/* query info level 5 to obtain sid of a domain being queried */
- nt_status = rpccli_lsa_query_info_policy(
- pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */,
- &dummy, &queried_dom_sid);
+ nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
talloc_destroy(mem_ctx);
return -1;
}
-
+
+ queried_dom_sid = info->account_domain.sid;
+
/*
* Keep calling LsaEnumTrustdom over opened pipe until
* the end of enumeration is reached
d_printf("Trusted domains list:\n\n");
do {
- nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
- &num_domains,
- &trusted_dom_names, &domain_sids);
-
+ nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ &enum_ctx,
+ &dom_list,
+ (uint32_t)-1);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
- for (i = 0; i < num_domains; i++) {
- print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
+
+ for (i = 0; i < dom_list.count; i++) {
+ print_trusted_domain(dom_list.domains[i].sid,
+ dom_list.domains[i].name.string);
};
-
+
/*
* in case of no trusted domains say something rather
* than just display blank line
*/
- if (!num_domains) d_printf("none\n");
+ if (!dom_list.count) d_printf("none\n");
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
return -1;
};
- cli_rpc_pipe_close(pipe_hnd);
+ TALLOC_FREE(pipe_hnd);
/*
* Listing trusting domains (stored in passdb backend, if local)
talloc_destroy(mem_ctx);
return -1;
};
-
- /* SamrConnect */
- nt_status = rpccli_samr_connect(pipe_hnd, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
- &connect_hnd);
+
+ /* SamrConnect2 */
+ nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+ pipe_hnd->desthost,
+ SA_RIGHT_SAM_OPEN_DOMAIN,
+ &connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
+
/* SamrOpenDomain - we have to open domain policy handle in order to be
able to enumerate accounts*/
- nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
- queried_dom_sid, &domain_hnd);
+ nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ queried_dom_sid,
+ &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
nt_errstr(nt_status)));
enum_ctx = 0; /* reset enumeration context from last enumeration */
do {
-
- nt_status = rpccli_samr_enum_dom_users(pipe_hnd, mem_ctx, &domain_hnd,
- &enum_ctx, ACB_DOMTRUST, 0xffff,
- &trusting_dom_names, &trusting_dom_rids,
- &num_domains);
+
+ nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
+ &domain_hnd,
+ &enum_ctx,
+ ACB_DOMTRUST,
+ &trusts,
+ 0xffff,
+ &num_domains);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
nt_errstr(nt_status)));
talloc_destroy(mem_ctx);
return -1;
};
-
+
for (i = 0; i < num_domains; i++) {
+ char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
+
/*
* get each single domain's sid (do we _really_ need this ?):
* 1) connect to domain's pdc
*/
/* get rid of '$' tail */
- ascii_dom_name_len = strlen(trusting_dom_names[i]);
+ ascii_dom_name_len = strlen(str);
if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
- trusting_dom_names[i][ascii_dom_name_len - 1] = '\0';
-
+ str[ascii_dom_name_len - 1] = '\0';
+
/* calculate padding space for d_printf to look nicer */
- pad_len = col_len - strlen(trusting_dom_names[i]);
+ pad_len = col_len - strlen(str);
padding[pad_len] = 0;
do padding[--pad_len] = ' '; while (pad_len);
/* set opt_* variables to remote domain */
- strupper_m(trusting_dom_names[i]);
- opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]);
+ strupper_m(str);
+ opt_workgroup = talloc_strdup(mem_ctx, str);
opt_target_workgroup = opt_workgroup;
-
- d_printf("%s%s", trusting_dom_names[i], padding);
-
+
+ d_printf("%s%s", str, padding);
+
/* connect to remote domain controller */
nt_status = net_make_ipc_connection(
NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
/* close opened samr and domain policy handles */
- nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd);
+ nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
};
- nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd);
+ nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
};
git.samba.org / kai / samba.git / blobdiff