#include "includes.h"
#include "../utils/net.h"
-extern pstring global_myname;
-
/**
* @file net_rpc.c
*
goto error;
}
- if (!(mem_ctx=talloc_init()))
+ if (!(mem_ctx=talloc_init("net_get_remote_domain_sid")))
{
DEBUG(0,("net_get_remote_domain_sid: talloc_init returned NULL!\n"));
goto error;
}
- if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
+ if (!cli_nt_session_open (cli, PI_LSARPC)) {
fprintf(stderr, "could not initialise lsa pipe\n");
goto error;
}
* @return A shell status integer (0 for success)
*/
-static int run_rpc_command(struct cli_state *cli_arg, const char *pipe_name, int conn_flags,
+static int run_rpc_command(struct cli_state *cli_arg, const int pipe_idx, int conn_flags,
rpc_command_fn fn,
int argc, const char **argv)
{
/* Create mem_ctx */
- if (!(mem_ctx = talloc_init())) {
+ if (!(mem_ctx = talloc_init("run_rpc_command"))) {
DEBUG(0, ("talloc_init() failed\n"));
cli_shutdown(cli);
return -1;
}
- if (!cli_nt_session_open(cli, pipe_name)) {
- DEBUG(0, ("Could not initialise %s pipe\n", pipe_name));
+ if (!cli_nt_session_open(cli, pipe_idx)) {
+ DEBUG(0, ("Could not initialise pipe\n"));
}
nt_status = fn(domain_sid, cli, mem_ctx, argc, argv);
* @return A shell status integer (0 for success)
**/
-static int rpc_changetrustpw(int argc, const char **argv)
+int net_rpc_changetrustpw(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_changetrustpw_internals,
+ return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_changetrustpw_internals,
argc, argv);
}
*
* This uses 'machinename' as the inital password, and changes it.
*
- * The password should be created with 'server manager' or eqiv first.
+ * The password should be created with 'server manager' or equiv first.
*
* All parameters are provided by the run_rpc_command function, except for
* argc, argv which are passes through.
* @return Normal NTSTATUS return.
**/
-static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv) {
+static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, const char **argv) {
- extern pstring global_myname;
fstring trust_passwd;
unsigned char orig_trust_passwd_hash[16];
NTSTATUS result;
- fstrcpy(trust_passwd, global_myname);
+ fstrcpy(trust_passwd, global_myname());
strlower(trust_passwd);
/*
E_md4hash(trust_passwd, orig_trust_passwd_hash);
- result = trust_pw_change_and_store_it(cli, mem_ctx, orig_trust_passwd_hash);
+ result = trust_pw_change_and_store_it(cli, mem_ctx, opt_target_workgroup,
+ orig_trust_passwd_hash,
+ SEC_CHAN_WKSTA);
+
+ /* SEC_CHAN_WKSTA specified specifically, as you cannot use this
+ to join a BDC to the domain (MS won't allow it, and is *really*
+ insecure) */
if (NT_STATUS_IS_OK(result))
- printf("Joined domain %s.\n",lp_workgroup());
+ printf("Joined domain %s.\n",opt_target_workgroup);
+
+
+ if (!secrets_store_domain_sid(opt_target_workgroup, domain_sid)) {
+ DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup));
+ result = NT_STATUS_UNSUCCESSFUL;
+ }
return result;
}
static int net_rpc_join_oldstyle(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_join_oldstyle_internals,
+ uint32 sec_channel_type;
+ /* check what type of join */
+ if (argc >= 0) {
+ sec_channel_type = get_sec_channel_type(argv[0]);
+ } else {
+ sec_channel_type = get_sec_channel_type(NULL);
+ }
+
+ if (sec_channel_type != SEC_CHAN_WKSTA)
+ return 1;
+
+ return run_rpc_command(NULL, PI_NETLOGON,
+ NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ rpc_join_oldstyle_internals,
+ argc, argv);
+}
+
+/**
+ * Join a domain, the old way.
+ *
+ * @param argc Standard main() style argc
+ * @param argc Standard main() style argv. Initial components are already
+ * stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int net_rpc_oldjoin(int argc, const char **argv)
+{
+ return run_rpc_command(NULL, PI_NETLOGON,
+ NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ rpc_join_oldstyle_internals,
argc, argv);
}
static int rpc_join_usage(int argc, const char **argv)
{
- d_printf("net rpc join -U <username>[%%password] [options]\n"\
+ d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
"\t to join a domain with admin username & password\n"\
- "\t\t password will be prompted if none is specified\n");
- d_printf("net rpc join [options except -U]\n"\
- "\t to join a domain created in server manager\n\n\n");
+ "\t\t password will be prompted if needed and none is specified\n"\
+ "\t <type> can be (default MEMBER)\n"\
+ "\t\t BDC - Join as a BDC\n"\
+ "\t\t PDC - Join as a PDC\n"\
+ "\t\t MEMBER - Join as a MEMBER server\n");
net_common_flags_usage(argc, argv);
return -1;
* Main 'net_rpc_join()' (where the admain username/password is used) is
* in net_rpc_join.c
* Assume if a -U is specified, it's the new style, otherwise it's the
- * old style
+ * old style. If 'oldstyle' is specfied explicity, do it and don't prompt.
**/
int net_rpc_join(int argc, const char **argv)
* display info about a rpc domain
*
* All parameters are provided by the run_rpc_command function, except for
- * argc, argv which are passes through.
+ * argc, argv which are passed through.
*
* @param domain_sid The domain sid acquired from the remote server
* @param cli A cli_state connected to the server.
result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
2, &ctr);
if (NT_STATUS_IS_OK(result)) {
- TALLOC_CTX *ctx = talloc_init();
+ TALLOC_CTX *ctx = talloc_init("rpc_info_internals");
d_printf("Domain Name: %s\n", unistr2_tdup(ctx, &ctr.info.inf2.uni_domain));
d_printf("Domain SID: %s\n", sid_str);
d_printf("Sequence number: %u\n", ctr.info.inf2.seq_num);
**/
int net_rpc_info(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
rpc_info_internals,
argc, argv);
}
d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
sid_str, lp_workgroup());
- if (!secrets_store_domain_sid(global_myname, domain_sid)) {
+ if (!secrets_store_domain_sid(global_myname(), domain_sid)) {
DEBUG(0,("Can't store domain SID\n"));
return NT_STATUS_UNSUCCESSFUL;
}
**/
int net_rpc_getsid(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+ return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
rpc_getsid_internals,
argc, argv);
}
static int rpc_user_add(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_SAMR, 0, rpc_user_add_internals,
+ return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_add_internals,
argc, argv);
}
static int rpc_user_delete(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_SAMR, 0, rpc_user_del_internals,
+ return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_del_internals,
argc, argv);
}
static int rpc_user_info(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_SAMR, 0, rpc_user_info_internals,
+ return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
argc, argv);
}
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 start_idx=0, max_entries=250, num_entries, i;
+ uint32 start_idx=0, num_entries, i, loop_count = 0;
SAM_DISPINFO_CTR ctr;
SAM_DISPINFO_1 info1;
"\n-----------------------------\n");
do {
fstring user, desc;
+ uint32 max_entries, max_size;
+
+ get_query_dispinfo_params(
+ loop_count, &max_entries, &max_size);
+
result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
&start_idx, 1, &num_entries,
- max_entries, &ctr);
+ max_entries, max_size, &ctr);
+ loop_count++;
+
for (i = 0; i < num_entries; i++) {
unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user)-1);
if (opt_long_list_entries)
if (opt_long_list_entries) {
} else {
}
- return run_rpc_command(NULL,PIPE_SAMR, 0,
+ return run_rpc_command(NULL,PI_SAMR, 0,
rpc_user_list_internals,
argc, argv);
}
if (opt_long_list_entries) {
} else {
}
- return run_rpc_command(NULL, PIPE_SAMR, 0,
+ return run_rpc_command(NULL, PI_SAMR, 0,
rpc_group_list_internals,
argc, argv);
}
DEBUG(1,("Sharename or path not specified on add\n"));
return rpc_share_usage(argc, argv);
}
- return run_rpc_command(NULL, PIPE_SRVSVC, 0,
+ return run_rpc_command(NULL, PI_SRVSVC, 0,
rpc_share_add_internals,
argc, argv);
}
DEBUG(1,("Sharename not specified on delete\n"));
return rpc_share_usage(argc, argv);
}
- return run_rpc_command(NULL, PIPE_SRVSVC, 0,
+ return run_rpc_command(NULL, PI_SRVSVC, 0,
rpc_share_del_internals,
argc, argv);
}
};
if (argc == 0)
- return run_rpc_command(NULL, PIPE_SRVSVC, 0,
+ return run_rpc_command(NULL, PI_SRVSVC, 0,
rpc_share_list_internals,
argc, argv);
return(rpc_file_usage(argc, argv));
}
- return run_rpc_command(NULL, PIPE_SRVSVC, 0,
+ return run_rpc_command(NULL, PI_SRVSVC, 0,
rpc_file_close_internals,
argc, argv);
}
return(rpc_file_usage(argc, argv));
}
- return run_rpc_command(NULL, PIPE_SRVSVC, 0,
+ return run_rpc_command(NULL, PI_SRVSVC, 0,
rpc_file_list_internals,
argc, argv);
}
};
if (argc == 0)
- return run_rpc_command(NULL, PIPE_SRVSVC, 0,
+ return run_rpc_command(NULL, PI_SRVSVC, 0,
rpc_file_list_internals,
argc, argv);
static int rpc_shutdown_abort(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_WINREG, 0, rpc_shutdown_abort_internals,
+ return run_rpc_command(NULL, PI_WINREG, 0, rpc_shutdown_abort_internals,
argc, argv);
}
int argc, const char **argv)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- char *msg = "This machine will be shutdown shortly";
+ const char *msg = "This machine will be shutdown shortly";
uint32 timeout = 20;
- uint16 flgs = 0;
- BOOL reboot = opt_reboot;
- BOOL force = opt_force;
#if 0
poptContext pc;
int rc;
return NT_STATUS_INVALID_PARAMETER;
}
#endif
- if (reboot) {
- flgs |= REG_REBOOT_ON_SHUTDOWN;
- }
- if (force) {
- flgs |= REG_FORCE_SHUTDOWN;
- }
if (opt_comment) {
msg = opt_comment;
}
}
/* create an entry */
- result = cli_reg_shutdown(cli, mem_ctx, msg, timeout, flgs);
+ result = cli_reg_shutdown(cli, mem_ctx, msg, timeout, opt_reboot, opt_force);
if (NT_STATUS_IS_OK(result))
DEBUG(5,("Shutdown of remote machine succeeded\n"));
static int rpc_shutdown(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_WINREG, 0, rpc_shutdown_internals,
+ return run_rpc_command(NULL, PI_WINREG, 0, rpc_shutdown_internals,
argc, argv);
}
static int rpc_trustdom_add(int argc, const char **argv)
{
- return run_rpc_command(NULL, PIPE_SAMR, 0, rpc_trustdom_add_internals,
+ return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_add_internals,
argc, argv);
}
* @return Integer status (0 means success)
**/
-extern char *opt_user_name;
-extern char *opt_password;
-extern char *opt_workgroup;
-
static int rpc_trustdom_establish(int argc, const char **argv)
{
struct cli_state *cli;
domain_name = smb_xstrdup(argv[0]);
strupper(domain_name);
+
+ /* account name used at first is our domain's name with '$' */
+ asprintf(&acct_name, "%s$", lp_workgroup());
+ strupper(acct_name);
/*
* opt_workgroup will be used by connection functions further,
* hence it should be set to remote domain name instead of ours
*/
if (opt_workgroup) {
- SAFE_FREE(opt_workgroup);
opt_workgroup = smb_xstrdup(domain_name);
};
- asprintf(&acct_name, "%s$", lp_workgroup());
- strupper(acct_name);
-
opt_user_name = acct_name;
/* find the domain controller */
* note: It is now used only to get unicode domain name
*/
- if (!cli_nt_session_open(cli, PIPE_WKSSVC)) {
+ if (!cli_nt_session_open(cli, PI_WKSSVC)) {
DEBUG(0, ("Couldn't not initialise wkssvc pipe\n"));
return -1;
}
- if (!(mem_ctx = talloc_init_named("establishing trust relationship to domain %s",
+ if (!(mem_ctx = talloc_init("establishing trust relationship to domain %s",
domain_name))) {
DEBUG(0, ("talloc_init() failed\n"));
cli_shutdown(cli);
* Call LsaOpenPolicy and LsaQueryInfo
*/
- if (!(mem_ctx = talloc_init())) {
+ if (!(mem_ctx = talloc_init("rpc_trustdom_establish"))) {
DEBUG(0, ("talloc_init() failed\n"));
cli_shutdown(cli);
return -1;
}
- if (!cli_nt_session_open(cli, PIPE_LSARPC)) {
+ if (!cli_nt_session_open(cli, PI_LSARPC)) {
DEBUG(0, ("Could not initialise lsa pipe\n"));
cli_shutdown(cli);
return -1;
};
-extern char* opt_workgroup;
-extern char* opt_target_worgroup;
-extern char* opt_host;
-extern char* opt_password;
-
static int rpc_trustdom_list(int argc, const char **argv)
{
/* common variables */
TALLOC_CTX* mem_ctx;
struct cli_state *cli, *remote_cli;
NTSTATUS nt_status;
- char *domain_name = NULL;
+ const char *domain_name = NULL;
DOM_SID queried_dom_sid;
fstring ascii_sid, padding;
int ascii_dom_name_len;
int num_domains, i, pad_len, col_len = 20;
DOM_SID *domain_sids;
char **trusted_dom_names;
- fstring pdc_name;
+ fstring pdc_name, dummy;
/* trusting domains listing variables */
POLICY_HND domain_hnd;
* Listing trusted domains (stored in secrets.tdb, if local)
*/
- mem_ctx = talloc_init_named("trust relationships listing");
+ mem_ctx = talloc_init("trust relationships listing");
/*
* set domain and pdc name to local samba server (default)
* or to remote one given in command line
*/
- strupper(opt_workgroup);
- if (strcmp(opt_workgroup, lp_workgroup())) {
+
+ if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
domain_name = opt_workgroup;
- if (opt_target_workgroup) SAFE_FREE(opt_target_workgroup);
opt_target_workgroup = opt_workgroup;
} else {
- safe_strcpy(pdc_name, global_myname, FSTRING_LEN);
+ fstrcpy(pdc_name, global_myname());
domain_name = talloc_strdup(mem_ctx, lp_workgroup());
- if (opt_target_workgroup) SAFE_FREE(opt_target_workgroup);
opt_target_workgroup = domain_name;
};
return -1;
};
- if (!cli_nt_session_open(cli, PIPE_LSARPC)) {
+ if (!cli_nt_session_open(cli, PI_LSARPC)) {
DEBUG(0, ("Could not initialise lsa pipe\n"));
return -1;
};
};
/* query info level 5 to obtain sid of a domain being queried */
- nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd,
- 5 /* info level */, domain_name, &queried_dom_sid);
+ nt_status = cli_lsa_query_info_policy(
+ cli, mem_ctx, &connect_hnd, 5 /* info level */,
+ dummy, &queried_dom_sid);
+
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
/*
* Open \PIPE\samr and get needed policy handles
*/
- if (!cli_nt_session_open(cli, PIPE_SAMR)) {
+ if (!cli_nt_session_open(cli, PI_SAMR)) {
DEBUG(0, ("Could not initialise samr pipe\n"));
return -1;
};
/* SamrConnect */
- nt_status = cli_samr_connect(cli, mem_ctx, SAMR_ACCESS_OPEN_DOMAIN,
+ nt_status = cli_samr_connect(cli, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
&connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
/* SamrOpenDomain - we have to open domain policy handle in order to be
able to enumerate accounts*/
nt_status = cli_samr_open_domain(cli, mem_ctx, &connect_hnd,
- DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
&queried_dom_sid, &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
/* set opt_* variables to remote domain */
strupper(trusting_dom_names[i]);
opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]);
- if (opt_target_workgroup) SAFE_FREE(opt_target_workgroup);
opt_target_workgroup = opt_workgroup;
d_printf("%s%s", trusting_dom_names[i], padding);
remote_cli = net_make_ipc_connection(NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS);
if (remote_cli) {
/* query for domain's sid */
- if (run_rpc_command(remote_cli, PIPE_LSARPC, 0, rpc_query_domain_sid, argc, argv))
+ if (run_rpc_command(remote_cli, PI_LSARPC, 0, rpc_query_domain_sid, argc, argv))
d_printf("couldn't get domain's sid\n");
cli_shutdown(remote_cli);
if (!cli_connect(&cli, server_name, &server_ip))
goto done;
- if (!attempt_netbios_session_request(&cli, global_myname,
+ if (!attempt_netbios_session_request(&cli, global_myname(),
server_name, &server_ip))
goto done;
if (!cli_negprot(&cli))
{
d_printf(" net rpc info \t\t\tshow basic info about a domain \n");
d_printf(" net rpc join \t\t\tto join a domain \n");
+ d_printf(" net rpc oldjoin \t\t\tto join a domain created in server manager\n\n\n");
d_printf(" net rpc testjoin \t\ttests that a join is valid\n");
d_printf(" net rpc user \t\t\tto add, delete and list users\n");
d_printf(" net rpc group \t\tto list groups\n");
d_printf(" net rpc file \t\t\tto list open files\n");
d_printf(" net rpc changetrustpw \tto change the trust account password\n");
d_printf(" net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
+ d_printf(" net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
+ d_printf(" net rpc samdump \t\tdiplay an NT PDC's users, groups and other data\n");
d_printf(" net rpc trustdom \t\tto create trusting domain's account\n"
"\t\t\t\t\tor establish trust\n");
d_printf(" net rpc abortshutdown \tto abort the shutdown of a remote server\n");
struct functable func[] = {
{"info", net_rpc_info},
{"join", net_rpc_join},
+ {"oldjoin", net_rpc_oldjoin},
{"testjoin", net_rpc_testjoin},
{"user", net_rpc_user},
{"group", net_rpc_group},
{"share", net_rpc_share},
{"file", net_rpc_file},
- {"changetrustpw", rpc_changetrustpw},
+ {"changetrustpw", net_rpc_changetrustpw},
{"trustdom", rpc_trustdom},
{"abortshutdown", rpc_shutdown_abort},
{"shutdown", rpc_shutdown},