X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=blobdiff_plain;f=source%2Futils%2Fnet_rpc.c;h=f6f0c4054caf63a32732802a03dbde923339e97d;hp=4db09676d8e3e65c75cd077e3dcc8a9d0b92325d;hb=99fc3283c4ecc791f5a242bd1983b4352ce3e6cf;hpb=cfc6e7a2e657ee55364b739d9fe0093e4f7c8b27 diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 4db09676d8e..f6f0c4054ca 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -3,7 +3,7 @@ Distributed SMB/CIFS Server Management Utility Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org) Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) - Copyright (C) 2004 Guenther Deschner (gd@samba.org) + Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org) Copyright (C) 2005 Jeremy Allison (jra@samba.org) Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org) @@ -51,13 +51,14 @@ static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); **/ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, - DOM_SID **domain_sid, char **domain_name) + DOM_SID **domain_sid, + const char **domain_name) { struct rpc_pipe_client *lsa_pipe; POLICY_HND pol; NTSTATUS result = NT_STATUS_OK; - uint32 info_class = 5; - + union lsa_PolicyInformation *info = NULL; + lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result); if (!lsa_pipe) { d_fprintf(stderr, "Could not initialise lsa pipe\n"); @@ -73,17 +74,21 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } - result = rpccli_lsa_query_info_policy(lsa_pipe, mem_ctx, &pol, - info_class, domain_name, - domain_sid); + result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, + &pol, + LSA_POLICY_INFO_ACCOUNT_DOMAIN, + &info); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "lsaquery failed: %s\n", nt_errstr(result)); return result; } + *domain_name = info->account_domain.name.string; + *domain_sid = info->account_domain.sid; + rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol); - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return NT_STATUS_OK; } @@ -112,7 +117,7 @@ int run_rpc_command(struct cli_state *cli_arg, TALLOC_CTX *mem_ctx; NTSTATUS nt_status; DOM_SID *domain_sid; - char *domain_name; + const char *domain_name; /* make use of cli_state handed over as an argument, if possible */ if (!cli_arg) { @@ -180,7 +185,7 @@ int run_rpc_command(struct cli_state *cli_arg, if (!(conn_flags & NET_FLAGS_NO_PIPE)) { if (pipe_hnd) { - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); } } @@ -387,7 +392,7 @@ static int rpc_join_usage(int argc, const char **argv) * @param argc Standard main() style argv. Initial components are already * stripped * - * Main 'net_rpc_join()' (where the admain username/password is used) is + * Main 'net_rpc_join()' (where the admin username/password is used) is * in net_rpc_join.c * Try to just change the password, but if that doesn't work, use/prompt * for a username/password. @@ -439,40 +444,44 @@ NTSTATUS rpc_info_internals(const DOM_SID *domain_sid, { POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - SAM_UNK_CTR ctr; + union samr_DomainInfo *info = NULL; fstring sid_str; - sid_to_string(sid_str, domain_sid); + sid_to_fstring(sid_str, domain_sid); - /* Get sam policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + /* Get sam policy handle */ + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result)); goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result)); goto done; } - ZERO_STRUCT(ctr); - result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol, - 2, &ctr); + result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx, + &domain_pol, + 2, + &info); if (NT_STATUS_IS_OK(result)) { - TALLOC_CTX *ctx = talloc_init("rpc_info_internals"); - d_printf("Domain Name: %s\n", unistr2_to_ascii_talloc(ctx, &ctr.info.inf2.uni_domain)); + d_printf("Domain Name: %s\n", info->info2.domain_name.string); d_printf("Domain SID: %s\n", sid_str); - d_printf("Sequence number: %llu\n", (unsigned long long)ctr.info.inf2.seq_num); - d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs); - d_printf("Num domain groups: %u\n", ctr.info.inf2.num_domain_grps); - d_printf("Num local groups: %u\n", ctr.info.inf2.num_local_grps); - talloc_destroy(ctx); + d_printf("Sequence number: %llu\n", + (unsigned long long)info->info2.sequence_num); + d_printf("Num users: %u\n", info->info2.num_users); + d_printf("Num domain groups: %u\n", info->info2.num_groups); + d_printf("Num local groups: %u\n", info->info2.num_aliases); } done: @@ -519,7 +528,7 @@ static NTSTATUS rpc_getsid_internals(const DOM_SID *domain_sid, { fstring sid_str; - sid_to_string(sid_str, domain_sid); + sid_to_fstring(sid_str, domain_sid); d_printf("Storing SID %s for Domain %s in secrets.tdb\n", sid_str, domain_name); @@ -559,137 +568,6 @@ static int rpc_user_usage(int argc, const char **argv) return net_help_user(argc, argv); } -/** - * Add a new user to a remote RPC server - * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. - * - * @param domain_sid The domain sid acquired from the remote server - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. - * @param argc Standard main() style argc - * @param argv Standard main() style argv. Initial components are already - * stripped - * - * @return Normal NTSTATUS return. - **/ - -static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - - POLICY_HND connect_pol, domain_pol, user_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - const char *acct_name; - uint32 acb_info; - uint32 access_mask, user_rid; - - if (argc < 1) { - d_printf("User must be specified\n"); - rpc_user_usage(argc, argv); - return NT_STATUS_OK; - } - - acct_name = argv[0]; - - /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Create domain user */ - - acb_info = ACB_NORMAL; - access_mask = 0xe005000b; - - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, access_mask, - &user_pol, &user_rid); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - if (argc == 2) { - - uint32 *user_rids, num_rids, *name_types; - uint32 flags = 0x000003e8; /* Unknown */ - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; - uchar pwbuf[516]; - - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, 1, &acct_name, - &num_rids, &user_rids, - &name_types); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Set password on account */ - - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - - encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); - - init_sam_user_info24(&p24, (char *)pwbuf,24); - - ctr.switch_value = 24; - ctr.info.id24 = &p24; - - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr); - - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to set password for user %s - %s\n", - acct_name, nt_errstr(result)); - - result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to delete user %s - %s\n", - acct_name, nt_errstr(result)); - return result; - } - } - - } - done: - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to add user %s - %s\n", acct_name, - nt_errstr(result)); - } else { - d_printf("Added user %s\n", acct_name); - } - return result; -} - /** * Add a new user to a remote RPC server * @@ -702,100 +580,34 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, static int rpc_user_add(int argc, const char **argv) { - return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_add_internals, - argc, argv); -} - -/** - * Delete a user from a remote RPC server - * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. - * - * @param domain_sid The domain sid acquired from the remote server - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. - * @param argc Standard main() style argc - * @param argv Standard main() style argv. Initial components are already - * stripped - * - * @return Normal NTSTATUS return. - **/ - -static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) -{ - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_pol, domain_pol, user_pol; + NET_API_STATUS status; + struct USER_INFO_1 info1; + uint32_t parm_error = 0; if (argc < 1) { d_printf("User must be specified\n"); rpc_user_usage(argc, argv); - return NT_STATUS_OK; - } - /* Get sam policy and domain handles */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; + return 0; } - /* Get handle on user */ - - { - uint32 *user_rids, num_rids, *name_types; - uint32 flags = 0x000003e8; /* Unknown */ - - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, 1, &argv[0], - &num_rids, &user_rids, - &name_types); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + ZERO_STRUCT(info1); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } + info1.usri1_name = argv[0]; + if (argc == 2) { + info1.usri1_password = argv[1]; } - /* Delete user */ - - result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol); + status = NetUserAdd(opt_host, 1, (uint8_t *)&info1, &parm_error); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Display results */ - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to delete user account - %s\n", nt_errstr(result)); + if (status != 0) { + d_fprintf(stderr, "Failed to add user '%s' with: %s.\n", + argv[0], libnetapi_get_error_string(NULL, status)); + return -1; } else { - d_printf("Deleted user account\n"); + d_printf("Added user '%s'.\n", argv[0]); } - done: - return result; + return 0; } /** @@ -826,14 +638,9 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 7; const char *old_name, *new_name; - uint32 *user_rid; - uint32 flags = 0x000003e8; /* Unknown */ - uint32 num_rids, *name_types; - uint32 num_names = 1; - const char **names; - SAM_USERINFO_CTR *user_ctr; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_7 info7; + struct samr_Ids user_rids, name_types; + struct lsa_String lsa_acct_name; + union samr_UserInfo *info = NULL; if (argc != 2) { d_printf("Old and new username must be specified\n"); @@ -844,62 +651,68 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, old_name = argv[0]; new_name = argv[1]; - ZERO_STRUCT(ctr); - ZERO_STRUCT(user_ctr); - /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + if (!NT_STATUS_IS_OK(result)) { goto done; } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - names[0] = old_name; - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, num_names, names, - &num_rids, &user_rid, &name_types); + init_lsa_String(&lsa_acct_name, old_name); + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &user_rids, + &name_types); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Open domain user */ - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids.ids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Query user info */ - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, - info_level, &user_ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + &user_pol, + info_level, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - ctr.switch_value = info_level; - ctr.info.id7 = &info7; - - init_sam_user_info7(&info7, new_name); + init_samr_user_info7(&info->info7, new_name); /* Set new name */ - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, - info_level, &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + info_level, + info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -943,8 +756,26 @@ static int rpc_user_rename(int argc, const char **argv) static int rpc_user_delete(int argc, const char **argv) { - return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_del_internals, - argc, argv); + NET_API_STATUS status; + + if (argc < 1) { + d_printf("User must be specified\n"); + rpc_user_usage(argc, argv); + return 0; + } + + status = NetUserDel(opt_host, argv[0]); + + if (status != 0) { + d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n", + argv[0], + libnetapi_get_error_string(NULL, status)); + return -1; + } else { + d_printf("Deleted user '%s'.\n", argv[0]); + } + + return 0; } /** @@ -973,12 +804,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND connect_pol, domain_pol, user_pol; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; uchar pwbuf[516]; const char *user; const char *new_password; char *prompt = NULL; + union samr_UserInfo info; if (argc < 1) { d_printf("User must be specified\n"); @@ -998,16 +828,20 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, /* Get sam policy and domain handles */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1016,21 +850,26 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, /* Get handle on user */ { - uint32 *user_rids, num_rids, *name_types; - uint32 flags = 0x000003e8; /* Unknown */ + struct samr_Ids user_rids, name_types; + struct lsa_String lsa_acct_name; - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, 1, &user, - &num_rids, &user_rids, - &name_types); + init_lsa_String(&lsa_acct_name, user); + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &user_rids, + &name_types); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids.ids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1039,18 +878,17 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, /* Set password on account */ - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - encode_pw_buffer(pwbuf, new_password, STR_UNICODE); - init_sam_user_info24(&p24, (char *)pwbuf,24); + init_samr_user_info24(&info.info24, pwbuf, 24); - ctr.switch_value = 24; - ctr.info.id24 = &p24; + SamOEMhashBlob(info.info24.password.data, 516, + &cli->user_session_key); - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 24, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1105,11 +943,14 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid, { POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 *rids, num_rids, *name_types, num_names; - uint32 flags = 0x000003e8; /* Unknown */ int i; - char **names; - DOM_GID *user_gids; + struct samr_RidWithAttributeArray *rid_array = NULL; + struct lsa_Strings names; + struct samr_Ids types; + uint32_t *lrids = NULL; + struct samr_Ids rids, name_types; + struct lsa_String lsa_acct_name; + if (argc < 1) { d_printf("User must be specified\n"); @@ -1117,50 +958,65 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; } /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Get handle on user */ - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, 1, &argv[0], - &num_rids, &rids, &name_types); + init_lsa_String(&lsa_acct_name, argv[0]); + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &name_types); if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rids.ids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol, - &num_rids, &user_gids); + result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx, + &user_pol, + &rid_array); if (!NT_STATUS_IS_OK(result)) goto done; /* Look up rids */ - if (num_rids) { - if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) { + if (rid_array->count) { + if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) { result = NT_STATUS_NO_MEMORY; goto done; } - for (i = 0; i < num_rids; i++) - rids[i] = user_gids[i].g_rid; + for (i = 0; i < rid_array->count; i++) + lrids[i] = rid_array->rids[i].rid; - result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, &domain_pol, - num_rids, rids, - &num_names, &names, &name_types); + result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx, + &domain_pol, + rid_array->count, + lrids, + &names, + &types); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1168,8 +1024,8 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid, /* Display results */ - for (i = 0; i < num_names; i++) - printf("%s\n", names[i]); + for (i = 0; i < names.count; i++) + printf("%s\n", names.names[i].string); } done: return result; @@ -1218,50 +1074,59 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx=0, num_entries, i, loop_count = 0; - SAM_DISPINFO_CTR ctr; - SAM_DISPINFO_1 info1; /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Query domain users */ - ZERO_STRUCT(ctr); - ZERO_STRUCT(info1); - ctr.sam.info1 = &info1; if (opt_long_list_entries) d_printf("\nUser name Comment"\ "\n-----------------------------\n"); do { - fstring user, desc; + const char *user = NULL; + const char *desc = NULL; uint32 max_entries, max_size; + uint32_t total_size, returned_size; + union samr_DispInfo info; get_query_dispinfo_params( loop_count, &max_entries, &max_size); - result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, 1, &num_entries, - max_entries, max_size, &ctr); + result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx, + &domain_pol, + 1, + start_idx, + max_entries, + max_size, + &total_size, + &returned_size, + &info); loop_count++; + start_idx += info.info1.count; + num_entries = info.info1.count; for (i = 0; i < num_entries; i++) { - unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user)); - if (opt_long_list_entries) - unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)); - + user = info.info1.entries[i].account_name.string; + if (opt_long_list_entries) + desc = info.info1.entries[i].description.string; if (opt_long_list_entries) printf("%-21.21s %s\n", user, desc); else @@ -1282,6 +1147,9 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid, int net_rpc_user(int argc, const char **argv) { + struct libnetapi_ctx *ctx = NULL; + NET_API_STATUS status; + struct functable func[] = { {"add", rpc_user_add}, {"info", rpc_user_info}, @@ -1290,7 +1158,14 @@ int net_rpc_user(int argc, const char **argv) {"rename", rpc_user_rename}, {NULL, NULL} }; - + + status = libnetapi_init(&ctx); + if (status != 0) { + return -1; + } + libnetapi_set_username(ctx, opt_user_name); + libnetapi_set_password(ctx, opt_password); + if (argc == 0) { return run_rpc_command(NULL,PI_SAMR, 0, rpc_user_list_internals, @@ -1328,9 +1203,8 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv)) - { POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; @@ -1368,22 +1242,28 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, goto done; } - result = rpccli_samr_connect(pipe_hnd, mem_ctx, - MAXIMUM_ALLOWED_ACCESS, &connect_pol); + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - ctx->domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + ctx->domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rid, &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1392,13 +1272,13 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, done: if (is_valid_policy_hnd(&user_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } if (is_valid_policy_hnd(&domain_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); } if (is_valid_policy_hnd(&connect_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); } return result; } @@ -1406,28 +1286,28 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; - SAM_USERINFO_CTR *ctr; - SAM_USER_INFO_21 *info; + union samr_UserInfo *info = NULL; if (argc != 0) { d_fprintf(stderr, "usage: %s show \n", ctx->whoami); return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd, - 21, &ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + &info); if (!NT_STATUS_IS_OK(result)) { return result; } - info = ctr->info.id21; - - d_printf("user rid: %d, group rid: %d\n", info->user_rid, - info->group_rid); + d_printf("user rid: %d, group rid: %d\n", + info->info21.rid, + info->info21.primary_gid); return result; } @@ -1443,27 +1323,25 @@ static NTSTATUS rpc_sh_user_show(TALLOC_CTX *mem_ctx, #define FETCHSTR(name, rec) \ do { if (strequal(ctx->thiscmd, name)) { \ - oldval = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_##rec); } \ + oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \ } while (0); #define SETSTR(name, rec, flag) \ do { if (strequal(ctx->thiscmd, name)) { \ - init_unistr2(&usr->uni_##rec, argv[0], UNI_STR_TERMINATE); \ - init_uni_hdr(&usr->hdr_##rec, &usr->uni_##rec); \ - usr->fields_present |= ACCT_##flag; } \ + init_lsa_String(&(info->info21.rec), argv[0]); \ + info->info21.fields_present |= SAMR_FIELD_##flag; } \ } while (0); static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; - SAM_USERINFO_CTR *ctr; - SAM_USER_INFO_21 *usr; const char *username; const char *oldval = ""; + union samr_UserInfo *info = NULL; if (argc > 1) { d_fprintf(stderr, "usage: %s [new value|NULL]\n", @@ -1471,44 +1349,45 @@ static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd, - 21, &ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + &info); if (!NT_STATUS_IS_OK(result)) { return result; } - usr = ctr->info.id21; - - username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name); + username = talloc_strdup(mem_ctx, info->info21.account_name.string); FETCHSTR("fullname", full_name); - FETCHSTR("homedir", home_dir); - FETCHSTR("homedrive", dir_drive); + FETCHSTR("homedir", home_directory); + FETCHSTR("homedrive", home_drive); FETCHSTR("logonscript", logon_script); FETCHSTR("profilepath", profile_path); - FETCHSTR("description", acct_desc); + FETCHSTR("description", description); if (argc == 0) { d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval); goto done; } - ZERO_STRUCTP(usr); - if (strcmp(argv[0], "NULL") == 0) { argv[0] = ""; } + ZERO_STRUCT(info->info21); + SETSTR("fullname", full_name, FULL_NAME); - SETSTR("homedir", home_dir, HOME_DIR); - SETSTR("homedrive", dir_drive, HOME_DRIVE); + SETSTR("homedir", home_directory, HOME_DIRECTORY); + SETSTR("homedrive", home_drive, HOME_DRIVE); SETSTR("logonscript", logon_script, LOGON_SCRIPT); - SETSTR("profilepath", profile_path, PROFILE); - SETSTR("description", acct_desc, DESCRIPTION); + SETSTR("profilepath", profile_path, PROFILE_PATH); + SETSTR("description", description, DESCRIPTION); - result = rpccli_samr_set_userinfo2( - pipe_hnd, mem_ctx, user_hnd, 21, - &pipe_hnd->cli->user_session_key, ctr); + result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + info); d_printf("Set %s's %s from [%s] to [%s]\n", username, ctx->thiscmd, oldval, argv[0]); @@ -1539,16 +1418,15 @@ static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; - SAM_USERINFO_CTR *ctr; - SAM_USER_INFO_21 *usr; const char *username; const char *oldval = "unknown"; uint32 oldflags, newflags; bool newval; + union samr_UserInfo *info = NULL; if ((argc > 1) || ((argc == 1) && !strequal(argv[0], "yes") && @@ -1560,17 +1438,17 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, newval = strequal(argv[0], "yes"); - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd, - 21, &ctr); + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + &info); if (!NT_STATUS_IS_OK(result)) { return result; } - usr = ctr->info.id21; - - username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name); - oldflags = usr->acb_info; - newflags = usr->acb_info; + username = talloc_strdup(mem_ctx, info->info21.account_name.string); + oldflags = info->info21.acct_flags; + newflags = info->info21.acct_flags; HANDLEFLG("disabled", DISABLED); HANDLEFLG("pwnotreq", PWNOTREQ); @@ -1582,14 +1460,15 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, goto done; } - ZERO_STRUCTP(usr); + ZERO_STRUCT(info->info21); - usr->acb_info = newflags; - usr->fields_present = ACCT_FLAGS; + info->info21.acct_flags = newflags; + info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS; - result = rpccli_samr_set_userinfo2( - pipe_hnd, mem_ctx, user_hnd, 21, - &pipe_hnd->cli->user_session_key, ctr); + result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, + user_hnd, + 21, + info); if (NT_STATUS_IS_OK(result)) { d_printf("Set %s's %s flag from [%s] to [%s]\n", username, @@ -1715,15 +1594,15 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, group_pol, user_pol; bool group_is_primary = False; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - uint32 *group_rids, num_rids, *name_types, num_members, - *group_attrs, group_rid; - uint32 flags = 0x000003e8; /* Unknown */ + uint32_t group_rid; + struct samr_RidTypeArray *rids = NULL; /* char **names; */ int i; /* DOM_GID *user_gids; */ - SAM_USERINFO_CTR *user_ctr; - fstring temp; + + struct samr_Ids group_rids, name_types; + struct lsa_String lsa_acct_name; + union samr_UserInfo *info = NULL; if (argc < 1) { d_printf("specify group\n"); @@ -1731,50 +1610,59 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; /* ok? */ } - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Request samr_connect failed\n"); + d_fprintf(stderr, "Request samr_Connect2 failed\n"); goto done; } - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); - + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); + if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Request open_domain failed\n"); goto done; } - - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, 1, &argv[0], - &num_rids, &group_rids, - &name_types); + init_lsa_String(&lsa_acct_name, argv[0]); + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &group_rids, + &name_types); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]); goto done; } - switch (name_types[0]) + switch (name_types.ids[0]) { case SID_NAME_DOM_GRP: - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rids[0], &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rids.ids[0], + &group_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Request open_group failed"); goto done; } - - group_rid = group_rids[0]; - - result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol, - &num_members, &group_rids, - &group_attrs); - + + group_rid = group_rids.ids[0]; + + result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx, + &group_pol, + &rids); + if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Unable to query group members of %s",argv[0]); goto done; @@ -1782,40 +1670,44 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, if (opt_verbose) { d_printf("Domain Group %s (rid: %d) has %d members\n", - argv[0],group_rid,num_members); + argv[0],group_rid, rids->count); } /* Check if group is anyone's primary group */ - for (i = 0; i < num_members; i++) + for (i = 0; i < rids->count; i++) { - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rids[i], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rids->rids[i], + &user_pol); if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]); + d_fprintf(stderr, "Unable to open group member %d\n", + rids->rids[i]); goto done; } - - ZERO_STRUCT(user_ctr); - result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, - 21, &user_ctr); - + result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + &user_pol, + 21, + &info); + if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",group_rids[i]); + d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n", + rids->rids[i]); goto done; } - - if (user_ctr->info.id21->group_rid == group_rid) { - unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name, - sizeof(temp)); - if (opt_verbose) - d_printf("Group is primary group of %s\n",temp); + + if (info->info21.primary_gid == group_rid) { + if (opt_verbose) { + d_printf("Group is primary group of %s\n", + info->info21.account_name.string); + } group_is_primary = True; } - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } if (group_is_primary) { @@ -1826,11 +1718,14 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, } /* remove all group members */ - for (i = 0; i < num_members; i++) + for (i = 0; i < rids->count; i++) { if (opt_verbose) - d_printf("Remove group member %d...",group_rids[i]); - result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, group_rids[i]); + d_printf("Remove group member %d...", + rids->rids[i]); + result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx, + &group_pol, + rids->rids[i]); if (NT_STATUS_IS_OK(result)) { if (opt_verbose) @@ -1842,25 +1737,29 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, } } - result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol); + result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx, + &group_pol); break; /* removing a local group is easier... */ case SID_NAME_ALIAS: - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rids[0], &group_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rids.ids[0], + &group_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Request open_alias failed\n"); goto done; } - - result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol); + + result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx, + &group_pol); break; default: d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n", - argv[0],sid_type_lookup(name_types[0])); + argv[0],sid_type_lookup(name_types.ids[0])); result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1868,7 +1767,7 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, if (NT_STATUS_IS_OK(result)) { if (opt_verbose) - d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types[0]),argv[0]); + d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]); } else { d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0], get_friendly_nt_error_msg(result)); @@ -1895,7 +1794,9 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, { POLICY_HND connect_pol, domain_pol, group_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - GROUP_INFO_CTR group_info; + union samr_GroupInfo group_info; + struct lsa_String grp_name; + uint32_t rid = 0; if (argc != 1) { d_printf("Group name must be specified\n"); @@ -1903,34 +1804,45 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; } + init_lsa_String(&grp_name, argv[0]); + /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Create the group */ - result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol, - argv[0], MAXIMUM_ALLOWED_ACCESS, - &group_pol); + result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx, + &domain_pol, + &grp_name, + MAXIMUM_ALLOWED_ACCESS, + &group_pol, + &rid); if (!NT_STATUS_IS_OK(result)) goto done; if (strlen(opt_comment) == 0) goto done; /* We've got a comment to set */ - group_info.switch_value1 = 4; - init_samr_group_info4(&group_info.group.info4, opt_comment); + init_lsa_String(&group_info.description, opt_comment); - result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &group_info); + result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx, + &group_pol, + 4, + &group_info); if (!NT_STATUS_IS_OK(result)) goto done; done: @@ -1952,7 +1864,9 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid, { POLICY_HND connect_pol, domain_pol, alias_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - ALIAS_INFO_CTR alias_info; + union samr_AliasInfo alias_info; + struct lsa_String alias_name; + uint32_t rid = 0; if (argc != 1) { d_printf("Alias name must be specified\n"); @@ -1960,33 +1874,46 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; } + init_lsa_String(&alias_name, argv[0]); + /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Create the group */ - result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol, - argv[0], &alias_pol); + result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx, + &domain_pol, + &alias_name, + MAXIMUM_ALLOWED_ACCESS, + &alias_pol, + &rid); if (!NT_STATUS_IS_OK(result)) goto done; if (strlen(opt_comment) == 0) goto done; /* We've got a comment to set */ - alias_info.level = 3; - init_samr_alias_info3(&alias_info.alias.info3, opt_comment); + init_lsa_String(&alias_info.description, opt_comment); + + result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx, + &alias_pol, + 3, + &alias_info); - result = rpccli_samr_set_aliasinfo(pipe_hnd, mem_ctx, &alias_pol, &alias_info); if (!NT_STATUS_IS_OK(result)) goto done; done: @@ -2046,7 +1973,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli, done: if (pipe_hnd) { - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); } if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) { @@ -2075,9 +2002,8 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, uint32 group_rid; POLICY_HND group_pol; - uint32 num_rids; - uint32 *rids = NULL; - uint32 *rid_types = NULL; + struct samr_Ids rids, rid_types; + struct lsa_String lsa_acct_name; DOM_SID sid; @@ -2087,42 +2013,56 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, return NT_STATUS_UNSUCCESSFUL; } - /* Get sam policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + /* Get sam policy handle */ + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { return result; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { return result; } - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000, - 1, &member, - &num_rids, &rids, &rid_types); + init_lsa_String(&lsa_acct_name, member); + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &rid_types); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not lookup up group member %s\n", member); goto done; } - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]); + result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx, + &group_pol, + rids.ids[0], + 0x0005); /* unknown flags */ done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2155,37 +2095,45 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd, return result; } - /* Get sam policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + /* Get sam policy handle */ + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - alias_rid, &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + alias_rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) { return result; } - result = rpccli_samr_add_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid); + result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx, + &alias_pol, + &member_sid); if (!NT_STATUS_IS_OK(result)) { return result; } done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2256,9 +2204,8 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd, uint32 group_rid; POLICY_HND group_pol; - uint32 num_rids; - uint32 *rids = NULL; - uint32 *rid_types = NULL; + struct samr_Ids rids, rid_types; + struct lsa_String lsa_acct_name; DOM_SID sid; @@ -2267,39 +2214,51 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd, if (!sid_split_rid(&sid, &group_rid)) return NT_STATUS_UNSUCCESSFUL; - /* Get sam policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + /* Get sam policy handle */ + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) return result; - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000, - 1, &member, - &num_rids, &rids, &rid_types); + init_lsa_String(&lsa_acct_name, member); + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &rid_types); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not lookup up group member %s\n", member); goto done; } - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]); + result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx, + &group_pol, + rids.ids[0]); done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2331,35 +2290,43 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd, return result; } - /* Get sam policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + /* Get sam policy handle */ + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - alias_rid, &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + alias_rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_del_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid); + result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx, + &alias_pol, + &member_sid); if (!NT_STATUS_IS_OK(result)) return result; done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2447,7 +2414,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0; - struct acct_info *groups; + struct samr_SamArray *groups = NULL; bool global = False; bool local = False; bool builtin = False; @@ -2470,18 +2437,22 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, } /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -2491,34 +2462,38 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); do { - SAM_DISPINFO_CTR ctr; - SAM_DISPINFO_3 info3; - uint32 max_size; - - ZERO_STRUCT(ctr); - ZERO_STRUCT(info3); - ctr.sam.info3 = &info3; + uint32_t max_size, total_size, returned_size; + union samr_DispInfo info; if (!global) break; get_query_dispinfo_params( loop_count, &max_entries, &max_size); - result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, 3, &num_entries, - max_entries, max_size, &ctr); + result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx, + &domain_pol, + 3, + start_idx, + max_entries, + max_size, + &total_size, + &returned_size, + &info); + num_entries = info.info3.count; + start_idx += info.info3.count; if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break; - + for (i = 0; i < num_entries; i++) { - fstring group, desc; + const char *group = NULL; + const char *desc = NULL; + + group = info.info3.entries[i].account_name.string; + desc = info.info3.entries[i].description.string; - unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group)); - unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc)); - if (opt_long_list_entries) printf("%-21.21s %-50.50s\n", group, desc); @@ -2531,59 +2506,57 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, do { if (!local) break; - /* The max_size field in cli_samr_enum_als_groups is more like - * an account_control field with indiviual bits what to - * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get - * everything. I'm too lazy (sorry) to get this through to - * rpc_parse/ etc. Volker */ - - result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, 0xffff, - &groups, &num_entries); - + result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx, + &domain_pol, + &start_idx, + &groups, + 0xffff, + &num_entries); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break; - + for (i = 0; i < num_entries; i++) { - char *description = NULL; + const char *description = NULL; if (opt_long_list_entries) { POLICY_HND alias_pol; - ALIAS_INFO_CTR ctr; - - if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx, - &domain_pol, - 0x8, - groups[i].rid, - &alias_pol))) && - (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx, - &alias_pol, 3, - &ctr))) && - (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx, + union samr_AliasInfo *info = NULL; + + if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + 0x8, + groups->entries[i].idx, + &alias_pol))) && + (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx, + &alias_pol, + 3, + &info))) && + (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol)))) { - description = unistr2_to_ascii_talloc(mem_ctx, - ctr.alias.info3.description.string); + description = info->description.string; } } - + if (description != NULL) { - printf("%-21.21s %-50.50s\n", - groups[i].acct_name, + printf("%-21.21s %-50.50s\n", + groups->entries[i].name.string, description); } else { - printf("%s\n", groups[i].acct_name); + printf("%s\n", groups->entries[i].name.string); } } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); /* Get builtin policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &global_sid_Builtin, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -2592,44 +2565,46 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, do { if (!builtin) break; - result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, max_entries, - &groups, &num_entries); - + result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx, + &domain_pol, + &start_idx, + &groups, + max_entries, + &num_entries); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break; - + for (i = 0; i < num_entries; i++) { - char *description = NULL; + const char *description = NULL; if (opt_long_list_entries) { POLICY_HND alias_pol; - ALIAS_INFO_CTR ctr; - - if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx, - &domain_pol, - 0x8, - groups[i].rid, - &alias_pol))) && - (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx, - &alias_pol, 3, - &ctr))) && - (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx, + union samr_AliasInfo *info = NULL; + + if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + 0x8, + groups->entries[i].idx, + &alias_pol))) && + (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx, + &alias_pol, + 3, + &info))) && + (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol)))) { - description = unistr2_to_ascii_talloc(mem_ctx, - ctr.alias.info3.description.string); + description = info->description.string; } } - + if (description != NULL) { - printf("%-21.21s %-50.50s\n", - groups[i].acct_name, + printf("%-21.21s %-50.50s\n", + groups->entries[i].name.string, description); } else { - printf("%s\n", groups[i].acct_name); + printf("%s\n", groups->entries[i].name.string); } } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); @@ -2654,38 +2629,46 @@ static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd, { NTSTATUS result; POLICY_HND group_pol; - uint32 num_members, *group_rids, *group_attrs; - uint32 num_names; - char **names; - uint32 *name_types; + uint32 num_members, *group_rids; int i; + struct samr_RidTypeArray *rids = NULL; + struct lsa_Strings names; + struct samr_Ids types; fstring sid_str; - sid_to_string(sid_str, domain_sid); + sid_to_fstring(sid_str, domain_sid); - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rid, &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol, - &num_members, &group_rids, - &group_attrs); + result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx, + &group_pol, + &rids); if (!NT_STATUS_IS_OK(result)) return result; + num_members = rids->count; + group_rids = rids->rids; + while (num_members > 0) { int this_time = 512; if (num_members < this_time) this_time = num_members; - result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol, - this_time, group_rids, - &num_names, &names, &name_types); + result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx, + domain_pol, + this_time, + group_rids, + &names, + &types); if (!NT_STATUS_IS_OK(result)) return result; @@ -2697,10 +2680,12 @@ static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd, if (opt_long_list_entries) { printf("%s-%d %s\\%s %d\n", sid_str, - group_rids[i], domain_name, names[i], + group_rids[i], domain_name, + names.names[i].string, SID_NAME_USER); } else { - printf("%s\\%s\n", domain_name, names[i]); + printf("%s\\%s\n", domain_name, + names.names[i].string); } } @@ -2725,21 +2710,28 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd, char **names; enum lsa_SidType *types; int i; + struct lsa_SidArray sid_array; - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol, - MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol, - &num_members, &alias_sids); + result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx, + &alias_pol, + &sid_array); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Couldn't list alias members\n"); return result; } + num_members = sid_array.num_sids; + if (num_members == 0) { return NT_STATUS_OK; } @@ -2756,10 +2748,21 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Couldn't open LSA policy handle\n"); - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return result; } + alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); + if (!alias_sids) { + d_fprintf(stderr, "Out of memory\n"); + TALLOC_FREE(lsa_pipe); + return NT_STATUS_NO_MEMORY; + } + + for (i=0; idesthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) return result; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000, - 1, argv, &num_rids, &rids, &rid_types); + init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */ + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &rid_types); if (!NT_STATUS_IS_OK(result)) { @@ -2829,22 +2843,27 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, DOM_SID sid_Builtin; - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); - string_to_sid(&sid_Builtin, "S-1-5-32"); + sid_copy(&sid_Builtin, &global_sid_Builtin); - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid_Builtin, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid_Builtin, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Couldn't find group %s\n", argv[0]); return result; } - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000, - 1, argv, &num_rids, - &rids, &rid_types); + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &rid_types); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Couldn't find group %s\n", argv[0]); @@ -2852,20 +2871,20 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, } } - if (num_rids != 1) { + if (rids.count != 1) { d_fprintf(stderr, "Couldn't find group %s\n", argv[0]); return result; } - if (rid_types[0] == SID_NAME_DOM_GRP) { + if (rid_types.ids[0] == SID_NAME_DOM_GRP) { return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name, domain_sid, &domain_pol, - rids[0]); + rids.ids[0]); } - if (rid_types[0] == SID_NAME_ALIAS) { + if (rid_types.ids[0] == SID_NAME_ALIAS) { return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol, - rids[0]); + rids.ids[0]); } return NT_STATUS_NO_SUCH_GROUP; @@ -2892,8 +2911,9 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid, { NTSTATUS result; POLICY_HND connect_pol, domain_pol, group_pol; - uint32 num_rids, *rids, *rid_types; - GROUP_INFO_CTR ctr; + union samr_GroupInfo group_info; + struct samr_Ids rids, rid_types; + struct lsa_String lsa_acct_name; if (argc != 2) { d_printf("Usage: 'net rpc group rename group newname'\n"); @@ -2901,48 +2921,60 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid, } /* Get sam policy handle */ - - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) return result; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000, - 1, argv, &num_rids, &rids, &rid_types); + init_lsa_String(&lsa_acct_name, argv[0]); + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &rid_types); - if (num_rids != 1) { + if (rids.count != 1) { d_fprintf(stderr, "Couldn't find group %s\n", argv[0]); return result; } - if (rid_types[0] != SID_NAME_DOM_GRP) { + if (rid_types.ids[0] != SID_NAME_DOM_GRP) { d_fprintf(stderr, "Can only rename domain groups\n"); return NT_STATUS_UNSUCCESSFUL; } - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rids[0], &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rids.ids[0], + &group_pol); if (!NT_STATUS_IS_OK(result)) return result; - ZERO_STRUCT(ctr); - - ctr.switch_value1 = 2; - init_samr_group_info2(&ctr.group.info2, argv[1]); + init_lsa_String(&group_info.name, argv[1]); - result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr); + result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx, + &group_pol, + 2, + &group_info); if (!NT_STATUS_IS_OK(result)) return result; @@ -3020,12 +3052,16 @@ static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid, const char **argv) { WERROR result; + NTSTATUS status; char *sharename; char *path; uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */ uint32 num_users=0, perms=0; char *password=NULL; /* don't allow a share password */ uint32 level = 2; + union srvsvc_NetShareInfo info; + struct srvsvc_NetShareInfo2 info2; + uint32_t parm_error = 0; if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) { return NT_STATUS_NO_MEMORY; @@ -3036,11 +3072,24 @@ static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid, return NT_STATUS_UNSUCCESSFUL; *path++ = '\0'; - result = rpccli_srvsvc_net_share_add(pipe_hnd, mem_ctx, sharename, type, - opt_comment, perms, opt_maxusers, - num_users, path, password, - level, NULL); - return werror_to_ntstatus(result); + info2.name = sharename; + info2.type = type; + info2.comment = opt_comment; + info2.permissions = perms; + info2.max_users = opt_maxusers; + info2.current_users = num_users; + info2.path = path; + info2.password = password; + + info.info2 = &info2; + + status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + level, + &info, + &parm_error, + &result); + return status; } static int rpc_share_add(int argc, const char **argv) @@ -3079,8 +3128,11 @@ static NTSTATUS rpc_share_del_internals(const DOM_SID *domain_sid, { WERROR result; - result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]); - return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + 0, + &result); } /** @@ -3109,165 +3161,104 @@ static int rpc_share_delete(int argc, const char **argv) * * @param info1 pointer to SRV_SHARE_INFO_1 to format **/ - -static void display_share_info_1(SRV_SHARE_INFO_1 *info1) -{ - fstring netname = "", remark = ""; - - rpcstr_pull_unistr2_fstring(netname, &info1->info_1_str.uni_netname); - rpcstr_pull_unistr2_fstring(remark, &info1->info_1_str.uni_remark); +static void display_share_info_1(struct srvsvc_NetShareInfo1 *r) +{ if (opt_long_list_entries) { d_printf("%-12s %-8.8s %-50s\n", - netname, share_type[info1->info_1.type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)], remark); + r->name, + share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)], + r->comment); } else { - d_printf("%s\n", netname); + d_printf("%s\n", r->name); } - } static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - uint32 level, - int argc, - const char **argv, - SRV_SHARE_INFO_CTR *ctr) + TALLOC_CTX *mem_ctx, + uint32 level, + int argc, + const char **argv, + struct srvsvc_NetShareInfoCtr *info_ctr) { WERROR result; - SRV_SHARE_INFO info; + NTSTATUS status; + union srvsvc_NetShareInfo info; /* no specific share requested, enumerate all */ if (argc == 0) { - ENUM_HND hnd; - uint32 preferred_len = 0xffffffff; + uint32_t preferred_len = 0xffffffff; + uint32_t total_entries = 0; + uint32_t resume_handle = 0; - init_enum_hnd(&hnd, 0); + info_ctr->level = level; - return rpccli_srvsvc_net_share_enum(pipe_hnd, mem_ctx, level, ctr, - preferred_len, &hnd); + status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + info_ctr, + preferred_len, + &total_entries, + &resume_handle, + &result); + return result; } /* request just one share */ - result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, argv[0], level, &info); - - if (!W_ERROR_IS_OK(result)) + status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + level, + &info, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { goto done; + } /* construct ctr */ - ZERO_STRUCTP(ctr); + ZERO_STRUCTP(info_ctr); - ctr->info_level = ctr->switch_value = level; - ctr->ptr_share_info = ctr->ptr_entries = 1; - ctr->num_entries = ctr->num_entries2 = 1; + info_ctr->level = level; switch (level) { case 1: { - char *s; - SRV_SHARE_INFO_1 *info1; - - ctr->share.info1 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_1, 1); - if (ctr->share.info1 == NULL) { - result = WERR_NOMEM; - goto done; - } - info1 = ctr->share.info1; - - memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1)); - - /* Copy pointer crap */ + struct srvsvc_NetShareCtr1 *ctr1; - memcpy(&info1->info_1, &info.share.info1.info_1, sizeof(SH_INFO_1)); + ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1); + W_ERROR_HAVE_NO_MEMORY(ctr1); - /* Duplicate strings */ + ctr1->count = 1; + ctr1->array = info.info1; - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_netname); - if (s) - init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_remark); - if (s) - init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE); + info_ctr->ctr.ctr1 = ctr1; } case 2: { - char *s; - SRV_SHARE_INFO_2 *info2; - - ctr->share.info2 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_2, 1); - if (ctr->share.info2 == NULL) { - result = WERR_NOMEM; - goto done; - } - info2 = ctr->share.info2; - - memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2)); - - /* Copy pointer crap */ - - memcpy(&info2->info_2, &info.share.info2.info_2, sizeof(SH_INFO_2)); - - /* Duplicate strings */ - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_netname); - if (s) - init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE); + struct srvsvc_NetShareCtr2 *ctr2; - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_remark); - if (s) - init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE); + ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2); + W_ERROR_HAVE_NO_MEMORY(ctr2); - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_path); - if (s) - init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE); + ctr2->count = 1; + ctr2->array = info.info2; - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_passwd); - if (s) - init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE); + info_ctr->ctr.ctr2 = ctr2; } case 502: { - char *s; - SRV_SHARE_INFO_502 *info502; + struct srvsvc_NetShareCtr502 *ctr502; - ctr->share.info502 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_502, 1); - if (ctr->share.info502 == NULL) { - result = WERR_NOMEM; - goto done; - } - info502 = ctr->share.info502; - - memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502)); - - /* Copy pointer crap */ - - memcpy(&info502->info_502, &info.share.info502.info_502, sizeof(SH_INFO_502)); - - /* Duplicate strings */ - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_netname); - if (s) - init_unistr2(&info502->info_502_str.uni_netname, s, UNI_STR_TERMINATE); - - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_remark); - if (s) - init_unistr2(&info502->info_502_str.uni_remark, s, UNI_STR_TERMINATE); + ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502); + W_ERROR_HAVE_NO_MEMORY(ctr502); - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_path); - if (s) - init_unistr2(&info502->info_502_str.uni_path, s, UNI_STR_TERMINATE); + ctr502->count = 1; + ctr502->array = info.info502; - s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_passwd); - if (s) - init_unistr2(&info502->info_502_str.uni_passwd, s, UNI_STR_TERMINATE); - - info502->info_502_str.sd = dup_sec_desc(mem_ctx, info.share.info502.info_502_str.sd); - + info_ctr->ctr.ctr502 = ctr502; } - } /* switch */ - done: return result; } @@ -3296,11 +3287,18 @@ static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid, int argc, const char **argv) { - SRV_SHARE_INFO_CTR ctr; + struct srvsvc_NetShareInfoCtr info_ctr; + struct srvsvc_NetShareCtr1 ctr1; WERROR result; uint32 i, level = 1; - result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr); + ZERO_STRUCT(info_ctr); + ZERO_STRUCT(ctr1); + + info_ctr.level = 1; + info_ctr.ctr.ctr1 = &ctr1; + + result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr); if (!W_ERROR_IS_OK(result)) goto done; @@ -3312,8 +3310,8 @@ static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid, "\nShare name Type Description\n"\ "---------- ---- -----------\n"); } - for (i = 0; i < ctr.num_entries; i++) - display_share_info_1(&ctr.share.info1[i]); + for (i = 0; i < info_ctr.ctr.ctr1->count; i++) + display_share_info_1(&info_ctr.ctr.ctr1->array[i]); done: return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -3342,7 +3340,7 @@ static bool check_share_availability(struct cli_state *cli, const char *netname) return True; } -static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 type) +static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type) { /* only support disk shares */ if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) { @@ -3365,14 +3363,14 @@ static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 ty } /** - * Migrate shares from a remote RPC server to the local RPC srever + * Migrate shares from a remote RPC server to the local RPC server * * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. + * argc, argv which are passed through. * * @param domain_sid The domain sid acquired from the remote server * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. + * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc * @param argv Standard main() style argv. Initial components are already * stripped @@ -3390,13 +3388,12 @@ static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid, { WERROR result; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SRV_SHARE_INFO_CTR ctr_src; - uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */ - char *password = NULL; /* don't allow a share password */ + struct srvsvc_NetShareInfoCtr ctr_src; uint32 i; struct rpc_pipe_client *srvsvc_pipe = NULL; struct cli_state *cli_dst = NULL; uint32 level = 502; /* includes secdesc */ + uint32_t parm_error = 0; result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src); if (!W_ERROR_IS_OK(result)) @@ -3408,40 +3405,39 @@ static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid, return nt_status; - for (i = 0; i < ctr_src.num_entries; i++) { + for (i = 0; i < ctr_src.ctr.ctr502->count; i++) { + + union srvsvc_NetShareInfo info; + struct srvsvc_NetShareInfo502 info502 = + ctr_src.ctr.ctr502->array[i]; - fstring netname = "", remark = "", path = ""; /* reset error-code */ nt_status = NT_STATUS_UNSUCCESSFUL; - rpcstr_pull_unistr2_fstring( - netname, &ctr_src.share.info502[i].info_502_str.uni_netname); - rpcstr_pull_unistr2_fstring( - remark, &ctr_src.share.info502[i].info_502_str.uni_remark); - rpcstr_pull_unistr2_fstring( - path, &ctr_src.share.info502[i].info_502_str.uni_path); - - if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type)) + if (!check_share_sanity(cli, info502.name, info502.type)) continue; /* finally add the share on the dst server */ printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n", - netname, path, remark); - - result = rpccli_srvsvc_net_share_add(srvsvc_pipe, mem_ctx, netname, type, remark, - ctr_src.share.info502[i].info_502.perms, - ctr_src.share.info502[i].info_502.max_uses, - ctr_src.share.info502[i].info_502.num_uses, - path, password, level, - NULL); - + info502.name, info502.path, info502.comment); + + info.info502 = &info502; + + nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx, + srvsvc_pipe->desthost, + 502, + &info, + &parm_error, + &result); + if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) { - printf(" [%s] does already exist\n", netname); + printf(" [%s] does already exist\n", + info502.name); continue; } - if (!W_ERROR_IS_OK(result)) { + if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) { printf("cannot add share: %s\n", dos_errstr(result)); goto done; } @@ -3675,7 +3671,7 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, { WERROR result; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SRV_SHARE_INFO_CTR ctr_src; + struct srvsvc_NetShareInfoCtr ctr_src; uint32 i; uint32 level = 502; struct copy_clistate cp_clistate; @@ -3691,19 +3687,17 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, if (!W_ERROR_IS_OK(result)) goto done; - for (i = 0; i < ctr_src.num_entries; i++) { - - fstring netname = ""; + for (i = 0; i < ctr_src.ctr.ctr502->count; i++) { - rpcstr_pull_unistr2_fstring( - netname, &ctr_src.share.info502[i].info_502_str.uni_netname); + struct srvsvc_NetShareInfo502 info502 = + ctr_src.ctr.ctr502->array[i]; - if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type)) + if (!check_share_sanity(cli, info502.name, info502.type)) continue; /* one might not want to mirror whole discs :) */ - if (strequal(netname, "print$") || netname[1] == '$') { - d_printf("skipping [%s]: builtin/hidden share\n", netname); + if (strequal(info502.name, "print$") || info502.name[1] == '$') { + d_printf("skipping [%s]: builtin/hidden share\n", info502.name); continue; } @@ -3717,7 +3711,7 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, break; } printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n", - netname, + info502.name, opt_acls ? "including" : "without", opt_attrs ? "including" : "without", opt_timestamps ? "(preserving timestamps)" : ""); @@ -3731,7 +3725,7 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, /* open share source */ nt_status = connect_to_service(&cp_clistate.cli_share_src, &cli->dest_ss, cli->desthost, - netname, "A:"); + info502.name, "A:"); if (!NT_STATUS_IS_OK(nt_status)) goto done; @@ -3740,21 +3734,21 @@ static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid, if (net_mode_share == NET_MODE_SHARE_MIGRATE) { /* open share destination */ nt_status = connect_to_service(&cp_clistate.cli_share_dst, - NULL, dst, netname, "A:"); + NULL, dst, info502.name, "A:"); if (!NT_STATUS_IS_OK(nt_status)) goto done; got_dst_share = True; } - if (!copy_top_level_perms(&cp_clistate, netname)) { - d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", netname); + if (!copy_top_level_perms(&cp_clistate, info502.name)) { + d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; } if (!sync_files(&cp_clistate, mask)) { - d_fprintf(stderr, "could not handle files for share: %s\n", netname); + d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -3813,12 +3807,13 @@ static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid, { WERROR result; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SRV_SHARE_INFO_CTR ctr_src; - SRV_SHARE_INFO info; + struct srvsvc_NetShareInfoCtr ctr_src; + union srvsvc_NetShareInfo info; uint32 i; struct rpc_pipe_client *srvsvc_pipe = NULL; struct cli_state *cli_dst = NULL; uint32 level = 502; /* includes secdesc */ + uint32_t parm_error = 0; result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src); @@ -3831,41 +3826,35 @@ static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid, return nt_status; - for (i = 0; i < ctr_src.num_entries; i++) { + for (i = 0; i < ctr_src.ctr.ctr502->count; i++) { + + struct srvsvc_NetShareInfo502 info502 = + ctr_src.ctr.ctr502->array[i]; - fstring netname = "", remark = "", path = ""; /* reset error-code */ nt_status = NT_STATUS_UNSUCCESSFUL; - rpcstr_pull_unistr2_fstring( - netname, &ctr_src.share.info502[i].info_502_str.uni_netname); - rpcstr_pull_unistr2_fstring( - remark, &ctr_src.share.info502[i].info_502_str.uni_remark); - rpcstr_pull_unistr2_fstring( - path, &ctr_src.share.info502[i].info_502_str.uni_path); - - if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type)) + if (!check_share_sanity(cli, info502.name, info502.type)) continue; printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n", - netname, path, remark); + info502.name, info502.path, info502.comment); if (opt_verbose) - display_sec_desc(ctr_src.share.info502[i].info_502_str.sd); - - /* init info */ - ZERO_STRUCT(info); - - info.switch_value = level; - info.ptr_share_ctr = 1; + display_sec_desc(info502.sd_buf.sd); /* FIXME: shouldn't we be able to just set the security descriptor ? */ - info.share.info502 = ctr_src.share.info502[i]; + info.info502 = &info502; /* finally modify the share on the dst server */ - result = rpccli_srvsvc_net_share_set_info(srvsvc_pipe, mem_ctx, netname, level, &info); - - if (!W_ERROR_IS_OK(result)) { + nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx, + srvsvc_pipe->desthost, + info502.name, + level, + &info, + &parm_error, + &result); + if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) { printf("cannot set share-acl: %s\n", dos_errstr(result)); goto done; } @@ -3995,15 +3984,17 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, const DOM_SID *domain_sid) { uint32 start_idx, max_entries, num_entries, i; - struct acct_info *groups; + struct samr_SamArray *groups = NULL; NTSTATUS result; POLICY_HND domain_pol; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -4011,32 +4002,36 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, max_entries = 250; do { - result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol, - &start_idx, max_entries, - &groups, &num_entries); - + result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx, + &domain_pol, + &start_idx, + &groups, + max_entries, + &num_entries); for (i = 0; i < num_entries; i++) { POLICY_HND alias_pol; struct full_alias alias; - DOM_SID *members; + struct lsa_SidArray sid_array; int j; - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - groups[i].rid, - &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + groups->entries[i].idx, + &alias_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, - &alias_pol, - &alias.num_members, - &members); + result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx, + &alias_pol, + &sid_array); if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol); + alias.num_members = sid_array.num_sids; + + result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -4047,11 +4042,11 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, for (j = 0; j < alias.num_members; j++) sid_copy(&alias.members[j], - &members[j]); + sid_array.sids[j].sid); } sid_copy(&alias.sid, domain_sid); - sid_append_rid(&alias.sid, groups[i].rid); + sid_append_rid(&alias.sid, groups->entries[i].idx); push_alias(mem_ctx, &alias); } @@ -4060,7 +4055,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, result = NT_STATUS_OK; done: - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); return result; } @@ -4145,8 +4140,10 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid, NTSTATUS result; POLICY_HND connect_pol; - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -4160,7 +4157,7 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid, result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol, domain_sid); - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); done: return result; } @@ -4224,7 +4221,7 @@ static void dump_user_token(struct user_token *token) d_printf("%s\n", token->name); for (i=0; itoken.num_sids; i++) { - d_printf(" %s\n", sid_string_static(&token->token.user_sids[i])); + d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i])); } } @@ -4269,85 +4266,84 @@ static void collect_alias_memberships(NT_USER_TOKEN *token) static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token) { - struct winbindd_request request; - struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + enum wbcSidType type; fstring full_name; - NSS_STATUS result; - + struct wbcDomainSid wsid; + char *sid_str = NULL; DOM_SID user_sid; - - int i; + uint32_t num_groups; + gid_t *groups = NULL; + uint32_t i; fstr_sprintf(full_name, "%s%c%s", domain, *lp_winbind_separator(), user); /* First let's find out the user sid */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); + wbc_status = wbcLookupName(domain, user, &wsid, &type); - fstrcpy(request.data.name.dom_name, domain); - fstrcpy(request.data.name.name, user); - - result = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not find %s: %s\n", + full_name, wbcErrorString(wbc_status))); + return false; + } - if (result != NSS_STATUS_SUCCESS) { - DEBUG(1, ("winbind could not find %s\n", full_name)); - return False; + wbc_status = wbcSidToString(&wsid, &sid_str); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; } - if (response.data.sid.type != SID_NAME_USER) { + if (type != SID_NAME_USER) { + wbcFreeMemory(sid_str); DEBUG(1, ("%s is not a user\n", full_name)); - return False; + return false; } - string_to_sid(&user_sid, response.data.sid.sid); + string_to_sid(&user_sid, sid_str); + wbcFreeMemory(sid_str); + sid_str = NULL; init_user_token(token, &user_sid); /* And now the groups winbind knows about */ - ZERO_STRUCT(response); - - fstrcpy(request.data.username, full_name); - - result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response); - - if (result != NSS_STATUS_SUCCESS) { - DEBUG(1, ("winbind could not get groups of %s\n", full_name)); - return False; + wbc_status = wbcGetGroups(full_name, &num_groups, &groups); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not get groups of %s: %s\n", + full_name, wbcErrorString(wbc_status))); + return false; } - for (i = 0; i < response.data.num_entries; i++) { - gid_t gid = ((gid_t *)response.extra_data.data)[i]; + for (i = 0; i < num_groups; i++) { + gid_t gid = groups[i]; DOM_SID sid; - struct winbindd_request sidrequest; - struct winbindd_response sidresponse; - - ZERO_STRUCT(sidrequest); - ZERO_STRUCT(sidresponse); - - sidrequest.data.gid = gid; - - result = winbindd_request_response(WINBINDD_GID_TO_SID, - &sidrequest, &sidresponse); + wbc_status = wbcGidToSid(gid, &wsid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not find SID of gid %d: %s\n", + gid, wbcErrorString(wbc_status))); + wbcFreeMemory(groups); + return false; + } - if (result != NSS_STATUS_SUCCESS) { - DEBUG(1, ("winbind could not find SID of gid %d\n", - gid)); - return False; + wbc_status = wbcSidToString(&wsid, &sid_str); + if (!WBC_ERROR_IS_OK(wbc_status)) { + wbcFreeMemory(groups); + return false; } - DEBUG(3, (" %s\n", sidresponse.data.sid.sid)); + DEBUG(3, (" %s\n", sid_str)); + + string_to_sid(&sid, sid_str); + wbcFreeMemory(sid_str); + sid_str = NULL; - string_to_sid(&sid, sidresponse.data.sid.sid); add_sid_to_token(token, &sid); } + wbcFreeMemory(groups); - SAFE_FREE(response.extra_data.data); - - return True; + return true; } /** @@ -4356,11 +4352,9 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens) { - struct winbindd_request request; - struct winbindd_response response; - const char *extra_data; - char *name; - int i; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + uint32_t i, num_users; + const char **users; struct user_token *result; TALLOC_CTX *frame = NULL; @@ -4368,58 +4362,43 @@ static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens) (opt_target_workgroup == NULL)) { d_fprintf(stderr, "winbind use default domain = yes set, " "please specify a workgroup\n"); - return False; + return false; } /* Send request to winbind daemon */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Look through extra data */ - - if (!response.extra_data.data) - return False; - - extra_data = (const char *)response.extra_data.data; - *num_tokens = 0; - - frame = talloc_stackframe(); - while(next_token_talloc(frame, &extra_data, &name, ",")) { - *num_tokens += 1; + wbc_status = wbcListUsers(NULL, &num_users, &users); + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(1, ("winbind could not list users: %s\n", + wbcErrorString(wbc_status))); + return false; } - result = SMB_MALLOC_ARRAY(struct user_token, *num_tokens); + result = SMB_MALLOC_ARRAY(struct user_token, num_users); if (result == NULL) { DEBUG(1, ("Could not malloc sid array\n")); - TALLOC_FREE(frame); - return False; + wbcFreeMemory(users); + return false; } - extra_data = (const char *)response.extra_data.data; - i=0; - - while(next_token_talloc(frame, &extra_data, &name, ",")) { + frame = talloc_stackframe(); + for (i=0; i < num_users; i++) { fstring domain, user; char *p; - fstrcpy(result[i].name, name); + fstrcpy(result[i].name, users[i]); - p = strchr(name, *lp_winbind_separator()); + p = strchr(users[i], *lp_winbind_separator()); - DEBUG(3, ("%s\n", name)); + DEBUG(3, ("%s\n", users[i])); if (p == NULL) { fstrcpy(domain, opt_target_workgroup); - fstrcpy(user, name); + fstrcpy(user, users[i]); } else { *p++ = '\0'; - fstrcpy(domain, name); + fstrcpy(domain, users[i]); strupper_m(domain); fstrcpy(user, p); } @@ -4428,11 +4407,12 @@ static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens) i+=1; } TALLOC_FREE(frame); - SAFE_FREE(response.extra_data.data); + wbcFreeMemory(users); + *num_tokens = num_users; *user_tokens = result; - return True; + return true; } static bool get_user_tokens_from_file(FILE *f, @@ -4502,20 +4482,25 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, SEC_DESC *root_sd = NULL; struct cli_state *cli = pipe_hnd->cli; int i; - SRV_SHARE_INFO info; + union srvsvc_NetShareInfo info; WERROR result; + NTSTATUS status; uint16 cnum; - result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, netname, - 502, &info); + status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + netname, + 502, + &info, + &result); - if (!W_ERROR_IS_OK(result)) { + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { DEBUG(1, ("Coult not query secdesc for share %s\n", netname)); return; } - share_sd = info.share.info502.info_502_str.sd; + share_sd = info.info502->sd_buf.sd; if (share_sd == NULL) { DEBUG(1, ("Got no secdesc for share %s\n", netname)); @@ -4535,7 +4520,6 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, for (i=0; i 3)) { d_fprintf(stderr, "usage: %s [comment]\n", @@ -4807,12 +4795,25 @@ static NTSTATUS rpc_sh_share_add(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_srvsvc_net_share_add( - pipe_hnd, mem_ctx, argv[0], STYPE_DISKTREE, - (argc == 3) ? argv[2] : "", - 0, 0, 0, argv[1], NULL, 2, NULL); - - return werror_to_ntstatus(result); + info2.name = argv[0]; + info2.type = STYPE_DISKTREE; + info2.comment = (argc == 3) ? argv[2] : ""; + info2.permissions = 0; + info2.max_users = 0; + info2.current_users = 0; + info2.path = argv[1]; + info2.password = NULL; + + info.info2 = &info2; + + status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + 2, + &info, + &parm_err, + &result); + + return status; } static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx, @@ -4821,14 +4822,20 @@ static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx, int argc, const char **argv) { WERROR result; + NTSTATUS status; if (argc != 1) { d_fprintf(stderr, "usage: %s \n", ctx->whoami); return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]); - return werror_to_ntstatus(result); + status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + 0, + &result); + + return status; } static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx, @@ -4836,34 +4843,29 @@ static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_hnd, int argc, const char **argv) { - SRV_SHARE_INFO info; - SRV_SHARE_INFO_2 *info2 = &info.share.info2; + union srvsvc_NetShareInfo info; WERROR result; + NTSTATUS status; if (argc != 1) { d_fprintf(stderr, "usage: %s \n", ctx->whoami); return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_srvsvc_net_share_get_info( - pipe_hnd, mem_ctx, argv[0], 2, &info); - if (!W_ERROR_IS_OK(result)) { + status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + argv[0], + 2, + &info, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { goto done; } - d_printf("Name: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_netname)); - d_printf("Comment: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_remark)); - - d_printf("Path: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_path)); - d_printf("Password: %s\n", - rpcstr_pull_unistr2_talloc(mem_ctx, - &info2->info_2_str.uni_passwd)); + d_printf("Name: %s\n", info.info2->name); + d_printf("Comment: %s\n", info.info2->comment); + d_printf("Path: %s\n", info.info2->path); + d_printf("Password: %s\n", info.info2->password); done: return werror_to_ntstatus(result); @@ -4923,7 +4925,7 @@ static NTSTATUS rpc_file_close_internals(const DOM_SID *domain_sid, const char **argv) { return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, atoi(argv[0]), NULL); } @@ -4951,19 +4953,13 @@ static int rpc_file_close(int argc, const char **argv) /** * Formatted print of open file info * - * @param info3 FILE_INFO_3 contents - * @param str3 strings for FILE_INFO_3 + * @param r struct srvsvc_NetFileInfo3 contents **/ -static void display_file_info_3( FILE_INFO_3 *info3 ) +static void display_file_info_3(struct srvsvc_NetFileInfo3 *r) { - fstring user = "", path = ""; - - rpcstr_pull_unistr2_fstring(user, info3->user); - rpcstr_pull_unistr2_fstring(path, info3->path); - d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n", - info3->id, user, info3->perms, info3->num_locks, path); + r->fid, r->user, r->permissions, r->num_locks, r->path); } /** @@ -4990,22 +4986,36 @@ static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid, int argc, const char **argv) { - SRV_FILE_INFO_CTR ctr; + struct srvsvc_NetFileInfoCtr info_ctr; + struct srvsvc_NetFileCtr3 ctr3; WERROR result; - ENUM_HND hnd; + NTSTATUS status; uint32 preferred_len = 0xffffffff, i; const char *username=NULL; - - init_enum_hnd(&hnd, 0); + uint32_t total_entries = 0; + uint32_t resume_handle = 0; /* if argc > 0, must be user command */ if (argc > 0) username = smb_xstrdup(argv[0]); - - result = rpccli_srvsvc_net_file_enum(pipe_hnd, - mem_ctx, 3, username, &ctr, preferred_len, &hnd); - if (!W_ERROR_IS_OK(result)) + ZERO_STRUCT(info_ctr); + ZERO_STRUCT(ctr3); + + info_ctr.level = 3; + info_ctr.ctr.ctr3 = &ctr3; + + status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + NULL, + username, + &info_ctr, + preferred_len, + &total_entries, + &resume_handle, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) goto done; /* Display results */ @@ -5014,8 +5024,8 @@ static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid, "\nEnumerating open files on remote server:\n\n"\ "\nFileId Opened by Perms Locks Path"\ "\n------ --------- ----- ----- ---- \n"); - for (i = 0; i < ctr.num_entries; i++) - display_file_info_3(&ctr.file.info3[i]); + for (i = 0; i < total_entries; i++) + display_file_info_3(&info_ctr.ctr.ctr3->array[i]); done: return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -5335,8 +5345,12 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; + struct lsa_String lsa_acct_name; uint32 acb_info; - uint32 unknown, user_rid; + uint32 acct_flags=0; + uint32 user_rid; + uint32_t access_granted = 0; + union samr_UserInfo info; if (argc != 2) { d_printf("Usage: net rpc trustdom add \n"); @@ -5346,71 +5360,92 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, /* * Make valid trusting domain account (ie. uppercased and with '$' appended) */ - + if (asprintf(&acct_name, "%s$", argv[0]) < 0) { return NT_STATUS_NO_MEMORY; } strupper_m(acct_name); + init_lsa_String(&lsa_acct_name, acct_name); + /* Get samr policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Create trusting domain's account */ - acb_info = ACB_NORMAL; - unknown = 0xe00500b0; /* No idea what this is - a permission mask? - mimir: yes, most probably it is */ - - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, unknown, - &user_pol, &user_rid); + acb_info = ACB_NORMAL; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (!NT_STATUS_IS_OK(result)) { goto done; } { - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_23 p23; NTTIME notime; - char nostr[] = ""; - LOGON_HRS hrs; + struct samr_LogonHours hours; + struct lsa_BinaryString parameters; + const int units_per_week = 168; uchar pwbuf[516]; encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); - ZERO_STRUCT(ctr); - ZERO_STRUCT(p23); ZERO_STRUCT(notime); - hrs.max_len = 1260; - hrs.offset = 0; - hrs.len = 21; - memset(hrs.hours, 0xFF, sizeof(hrs.hours)); - acb_info = ACB_DOMTRUST; - - init_sam_user_info23A(&p23, ¬ime, ¬ime, ¬ime, - ¬ime, ¬ime, ¬ime, - nostr, nostr, nostr, nostr, nostr, - nostr, nostr, nostr, nostr, nostr, - 0, 0, acb_info, ACCT_FLAGS, 168, &hrs, - 0, 0, (char *)pwbuf); - ctr.switch_value = 23; - ctr.info.id23 = &p23; - p23.passmustchange = 0; - - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23, - &cli->user_session_key, &ctr); + ZERO_STRUCT(hours); + ZERO_STRUCT(parameters); + + hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week); + if (!hours.bits) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + hours.units_per_week = units_per_week; + memset(hours.bits, 0xFF, units_per_week); + + init_samr_user_info23(&info.info23, + notime, notime, notime, + notime, notime, notime, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, ¶meters, + 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + hours, + 0, 0, 0, 0, 0, 0, 0, + pwbuf, 24); + + SamOEMhashBlob(info.info23.password.data, 516, + &cli->user_session_key); + + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 23, + &info); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("Could not set trust account password: %s\n", @@ -5471,10 +5506,9 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; - const char **names; DOM_SID trust_acct_sid; - uint32 *user_rids, num_rids, *name_types; - uint32 flags = 0x000003e8; /* Unknown */ + struct samr_Ids user_rids, name_types; + struct lsa_String lsa_acct_name; if (argc != 1) { d_printf("Usage: net rpc trustdom del \n"); @@ -5491,38 +5525,43 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, strupper_m(acct_name); - if ((names = TALLOC_ARRAY(mem_ctx, const char *, 1)) == NULL) { - return NT_STATUS_NO_MEMORY; - } - names[0] = acct_name; - - /* Get samr policy handle */ - result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, - &connect_pol); + result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, flags, 1, - names, &num_rids, - &user_rids, &name_types); - + init_lsa_String(&lsa_acct_name, acct_name); + + result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &user_rids, + &name_types); + if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids.ids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -5530,22 +5569,23 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, /* append the rid to the domain sid */ sid_copy(&trust_acct_sid, domain_sid); - if (!sid_append_rid(&trust_acct_sid, user_rids[0])) { + if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) { goto done; } /* remove the sid */ - result = rpccli_samr_remove_sid_foreign_domain(pipe_hnd, mem_ctx, &user_pol, - &trust_acct_sid); - + result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx, + &user_pol, + &trust_acct_sid); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Delete user */ - result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol); + result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -5580,7 +5620,49 @@ static int rpc_trustdom_del(int argc, const char **argv) return -1; } } - + +static NTSTATUS rpc_trustdom_get_pdc(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + const char *domain_name) +{ + char *dc_name = NULL; + const char *buffer = NULL; + struct rpc_pipe_client *netr; + NTSTATUS status; + + /* Use NetServerEnum2 */ + + if (cli_get_pdc_name(cli, domain_name, &dc_name)) { + SAFE_FREE(dc_name); + return NT_STATUS_OK; + } + + DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\ + for domain %s\n", domain_name)); + + /* Try netr_GetDcName */ + + netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &status); + if (!netr) { + return status; + } + + status = rpccli_netr_GetDcName(netr, mem_ctx, + cli->desthost, + domain_name, + &buffer, + NULL); + TALLOC_FREE(netr); + + if (NT_STATUS_IS_OK(status)) { + return status; + } + + DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\ + for domain %s\n", domain_name)); + + return status; +} /** * Establish trust relationship to a trusting domain. @@ -5603,10 +5685,9 @@ static int rpc_trustdom_establish(int argc, const char **argv) DOM_SID *domain_sid; char* domain_name; - char* domain_name_pol; char* acct_name; fstring pdc_name; - char *dc_name; + union lsa_PolicyInformation *info = NULL; /* * Connect to \\server\ipc$ as 'our domain' account with password @@ -5666,18 +5747,6 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } - /* - * Use NetServerEnum2 to make sure we're talking to a proper server - */ - - if (!cli_get_pdc_name(cli, domain_name, &dc_name)) { - DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\ - for domain %s\n", domain_name)); - cli_shutdown(cli); - return -1; - } - SAFE_FREE(dc_name); - if (!(mem_ctx = talloc_init("establishing trust relationship to " "domain %s", domain_name))) { DEBUG(0, ("talloc_init() failed\n")); @@ -5685,6 +5754,15 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } + /* Make sure we're talking to a proper server */ + + nt_status = rpc_trustdom_get_pdc(cli, mem_ctx, domain_name); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } + /* * Call LsaOpenPolicy and LsaQueryInfo */ @@ -5708,10 +5786,11 @@ static int rpc_trustdom_establish(int argc, const char **argv) } /* Querying info level 5 */ - - nt_status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &connect_hnd, - 5 /* info level */, - &domain_name_pol, &domain_sid); + + nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &connect_hnd, + LSA_POLICY_INFO_ACCOUNT_DOMAIN, + &info); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); @@ -5720,6 +5799,8 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } + domain_sid = info->account_domain.sid; + /* There should be actually query info level 3 (following nt serv behaviour), but I still don't know if it's _really_ necessary */ @@ -5818,7 +5899,7 @@ static NTSTATUS rpc_query_domain_sid(const DOM_SID *domain_sid, const char **argv) { fstring str_sid; - sid_to_string(str_sid, domain_sid); + sid_to_fstring(str_sid, domain_sid); d_printf("%s\n", str_sid); return NT_STATUS_OK; } @@ -5829,7 +5910,7 @@ static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name) int pad_len, col_len = 20; /* convert sid into ascii string */ - sid_to_string(ascii_sid, dom_sid); + sid_to_fstring(ascii_sid, dom_sid); /* calculate padding space for d_printf to look nicer */ pad_len = col_len - strlen(trusted_dom_name); @@ -5846,24 +5927,26 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, const char *trusted_dom_name) { NTSTATUS nt_status; - LSA_TRUSTED_DOMAIN_INFO *info; + union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; DATA_BLOB data; - nt_status = rpccli_lsa_query_trusted_domain_info_by_sid(pipe_hnd, mem_ctx, pol, 4, &dom_sid, &info); - + nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx, + pol, + &dom_sid, + LSA_TRUSTED_DOMAIN_INFO_PASSWORD, + &info); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0,("Could not query trusted domain info. Error was %s\n", nt_errstr(nt_status))); goto done; } - data = data_blob(NULL, info->password.password.length); + data = data_blob(info->password.password->data, + info->password.password->length); - memcpy(data.data, info->password.password.data, info->password.password.length); - data.length = info->password.password.length; - - cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, &data); + cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, + &data); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n")); @@ -5878,8 +5961,9 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, } #ifdef DEBUG_PASSWORD - DEBUG(100,("sucessfully vampired trusted domain [%s], sid: [%s], password: [%s]\n", - trusted_dom_name, sid_string_static(&dom_sid), cleartextpwd)); + DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], " + "password: [%s]\n", trusted_dom_name, + sid_string_dbg(&dom_sid), cleartextpwd)); #endif done: @@ -5899,14 +5983,13 @@ static int rpc_trustdom_vampire(int argc, const char **argv) const char *domain_name = NULL; DOM_SID *queried_dom_sid; POLICY_HND connect_hnd; + union lsa_PolicyInformation *info = NULL; /* trusted domains listing variables */ - unsigned int num_domains, enum_ctx = 0; + unsigned int enum_ctx = 0; int i; - DOM_SID *domain_sids; - char **trusted_dom_names; + struct lsa_DomainList dom_list; fstring pdc_name; - char *dummy; /* * Listing trusted domains (stored in secrets.tdb, if local) @@ -5957,9 +6040,10 @@ static int rpc_trustdom_vampire(int argc, const char **argv) }; /* query info level 5 to obtain sid of a domain being queried */ - nt_status = rpccli_lsa_query_info_policy( - pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */, - &dummy, &queried_dom_sid); + nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &connect_hnd, + LSA_POLICY_INFO_ACCOUNT_DOMAIN, + &info); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", @@ -5969,6 +6053,8 @@ static int rpc_trustdom_vampire(int argc, const char **argv) return -1; } + queried_dom_sid = info->account_domain.sid; + /* * Keep calling LsaEnumTrustdom over opened pipe until * the end of enumeration is reached @@ -5977,10 +6063,11 @@ static int rpc_trustdom_vampire(int argc, const char **argv) d_printf("Vampire trusted domains:\n\n"); do { - nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx, - &num_domains, - &trusted_dom_names, &domain_sids); - + nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx, + &connect_hnd, + &enum_ctx, + &dom_list, + (uint32_t)-1); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); @@ -5988,13 +6075,15 @@ static int rpc_trustdom_vampire(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - - for (i = 0; i < num_domains; i++) { - print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]); + for (i = 0; i < dom_list.count; i++) { + + print_trusted_domain(dom_list.domains[i].sid, + dom_list.domains[i].name.string); nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd, - domain_sids[i], trusted_dom_names[i]); + *dom_list.domains[i].sid, + dom_list.domains[i].name.string); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(cli); talloc_destroy(mem_ctx); @@ -6006,7 +6095,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) * in case of no trusted domains say something rather * than just display blank line */ - if (!num_domains) d_printf("none\n"); + if (!dom_list.count) d_printf("none\n"); } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); @@ -6039,20 +6128,18 @@ static int rpc_trustdom_list(int argc, const char **argv) fstring padding; int ascii_dom_name_len; POLICY_HND connect_hnd; - + union lsa_PolicyInformation *info = NULL; + /* trusted domains listing variables */ unsigned int num_domains, enum_ctx = 0; int i, pad_len, col_len = 20; - DOM_SID *domain_sids; - char **trusted_dom_names; + struct lsa_DomainList dom_list; fstring pdc_name; - char *dummy; - + /* trusting domains listing variables */ POLICY_HND domain_hnd; - char **trusting_dom_names; - uint32 *trusting_dom_rids; - + struct samr_SamArray *trusts = NULL; + /* * Listing trusted domains (stored in secrets.tdb, if local) */ @@ -6102,9 +6189,10 @@ static int rpc_trustdom_list(int argc, const char **argv) }; /* query info level 5 to obtain sid of a domain being queried */ - nt_status = rpccli_lsa_query_info_policy( - pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */, - &dummy, &queried_dom_sid); + nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &connect_hnd, + LSA_POLICY_INFO_ACCOUNT_DOMAIN, + &info); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", @@ -6113,7 +6201,9 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; } - + + queried_dom_sid = info->account_domain.sid; + /* * Keep calling LsaEnumTrustdom over opened pipe until * the end of enumeration is reached @@ -6122,10 +6212,11 @@ static int rpc_trustdom_list(int argc, const char **argv) d_printf("Trusted domains list:\n\n"); do { - nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx, - &num_domains, - &trusted_dom_names, &domain_sids); - + nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx, + &connect_hnd, + &enum_ctx, + &dom_list, + (uint32_t)-1); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); @@ -6133,16 +6224,17 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - - for (i = 0; i < num_domains; i++) { - print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]); + + for (i = 0; i < dom_list.count; i++) { + print_trusted_domain(dom_list.domains[i].sid, + dom_list.domains[i].name.string); }; - + /* * in case of no trusted domains say something rather * than just display blank line */ - if (!num_domains) d_printf("none\n"); + if (!dom_list.count) d_printf("none\n"); } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); @@ -6156,7 +6248,7 @@ static int rpc_trustdom_list(int argc, const char **argv) return -1; }; - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); /* * Listing trusting domains (stored in passdb backend, if local) @@ -6174,10 +6266,12 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - - /* SamrConnect */ - nt_status = rpccli_samr_connect(pipe_hnd, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN, - &connect_hnd); + + /* SamrConnect2 */ + nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->desthost, + SA_RIGHT_SAM_OPEN_DOMAIN, + &connect_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n", nt_errstr(nt_status))); @@ -6185,12 +6279,14 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - + /* SamrOpenDomain - we have to open domain policy handle in order to be able to enumerate accounts*/ - nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd, - SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, - queried_dom_sid, &domain_hnd); + nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_hnd, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + queried_dom_sid, + &domain_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open domain object. Error was %s\n", nt_errstr(nt_status))); @@ -6205,11 +6301,14 @@ static int rpc_trustdom_list(int argc, const char **argv) enum_ctx = 0; /* reset enumeration context from last enumeration */ do { - - nt_status = rpccli_samr_enum_dom_users(pipe_hnd, mem_ctx, &domain_hnd, - &enum_ctx, ACB_DOMTRUST, 0xffff, - &trusting_dom_names, &trusting_dom_rids, - &num_domains); + + nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx, + &domain_hnd, + &enum_ctx, + ACB_DOMTRUST, + &trusts, + 0xffff, + &num_domains); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n", nt_errstr(nt_status))); @@ -6217,9 +6316,11 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - + for (i = 0; i < num_domains; i++) { + char *str = CONST_DISCARD(char *, trusts->entries[i].name.string); + /* * get each single domain's sid (do we _really_ need this ?): * 1) connect to domain's pdc @@ -6227,22 +6328,22 @@ static int rpc_trustdom_list(int argc, const char **argv) */ /* get rid of '$' tail */ - ascii_dom_name_len = strlen(trusting_dom_names[i]); + ascii_dom_name_len = strlen(str); if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN) - trusting_dom_names[i][ascii_dom_name_len - 1] = '\0'; - + str[ascii_dom_name_len - 1] = '\0'; + /* calculate padding space for d_printf to look nicer */ - pad_len = col_len - strlen(trusting_dom_names[i]); + pad_len = col_len - strlen(str); padding[pad_len] = 0; do padding[--pad_len] = ' '; while (pad_len); /* set opt_* variables to remote domain */ - strupper_m(trusting_dom_names[i]); - opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]); + strupper_m(str); + opt_workgroup = talloc_strdup(mem_ctx, str); opt_target_workgroup = opt_workgroup; - - d_printf("%s%s", trusting_dom_names[i], padding); - + + d_printf("%s%s", str, padding); + /* connect to remote domain controller */ nt_status = net_make_ipc_connection( NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS, @@ -6266,12 +6367,12 @@ static int rpc_trustdom_list(int argc, const char **argv) } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); /* close opened samr and domain policy handles */ - nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd); + nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name)); }; - nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd); + nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name)); };