port latest changes from SAMBA_3_0 tree

(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)

3 files changed, 58 insertions, 52 deletions

diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c
index 4c2f52e291..721bd59ba0 100644
--- a/source3/rpcclient/cmd_ds.c
+++ b/source3/rpcclient/cmd_ds.c
@@ -47,13 +47,33 @@ static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli,
 	return result;
 }
 
+static NTSTATUS cmd_ds_enum_domain_trusts(struct cli_state *cli, 
+				     TALLOC_CTX *mem_ctx, int argc, 
+				     const char **argv) 
+{
+	NTSTATUS 		result;
+	uint32 			flags = 0x1;
+	DS_DOMAIN_TRUSTS	 *trusts = NULL;
+	int 			num_domains = 0;
+	
+	result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags, 
+		&trusts, &num_domains );
+	
+	printf( "%d domains returned\n", num_domains );
+	
+	SAFE_FREE( trusts );
+	
+	return result;
+}
+
 /* List of commands exported by this module */
 
 struct cmd_set ds_commands[] = {
 
 	{ "LSARPC-DS" },
 
-	{ "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
+	{ "dsroledominfo",   RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
+	{ "dsenumdomtrusts", RPC_RTYPE_NTSTATUS, cmd_ds_enum_domain_trusts,       NULL, PI_NETLOGON,  "Enumerate all trusted domains in an AD forest", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 40d01d0f5a..722d66621a 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -125,7 +125,7 @@ static const char *display_time(NTTIME nttime)
 	mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
 	secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
 
-	snprintf(string, sizeof(string)-1, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
+	fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
 	return (string);
 }
 
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index af021962f5..831d2beaa4 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -37,21 +37,6 @@ static struct cmd_list {
 	struct cmd_set *cmd_set;
 } *cmd_list;
 
-/*****************************************************************************
- stubb functions
-****************************************************************************/
-
-void become_root( void )
-{
-        return;
-}
-
-void unbecome_root( void )
-{
-        return;
-}
-
-
 /****************************************************************************
 handle completion of commands for readline
 ****************************************************************************/
@@ -370,66 +355,64 @@ static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 			     int argc, const char **argv)
 {
+	NTSTATUS ret;
 	uchar trust_password[16];
 	uint32 sec_channel_type;
-	uint32 neg_flags = 0x000001ff;
-	NTSTATUS result;
 	static uchar zeros[16];
 
+	if (argc == 2) {
+		strhex_to_str(cli->auth_info.sess_key,
+			      strlen(argv[1]), 
+			      argv[1]);
+		memcpy(cli->sess_key, cli->auth_info.sess_key, sizeof(cli->sess_key));
+
+		cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
+		cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
+		cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
+
+		return NT_STATUS_OK;
+	}
+
 	/* Cleanup */
 
-	if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0) 
-	    && (cli->saved_netlogon_pipe_fnum != 0)) {
+	if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0)) {
 		if (cli->pipe_auth_flags == (AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
+			/* already in this mode nothing to do */
 			return NT_STATUS_OK;
 		} else {
-			/* still have session, just need to use it again */
+			/* schannel is setup, just need to use it again */
 			cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
 			cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
 			cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
 			if (cli->nt_pipe_fnum != 0)
 				cli_nt_session_close(cli);
+			return NT_STATUS_OK;
 		}
 	}
 	
 	if (cli->nt_pipe_fnum != 0)
 		cli_nt_session_close(cli);
 
-	cli->pipe_auth_flags = 0;
-	
+	cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
+	cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
+	cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
+
 	if (!secrets_fetch_trust_account_password(lp_workgroup(),
 						  trust_password,
 						  NULL, &sec_channel_type)) {
 		return NT_STATUS_UNSUCCESSFUL;
 	}
-	
-	if (!cli_nt_session_open(cli, PI_NETLOGON)) {
-		DEBUG(0, ("Could not initialise %s\n",
-			  get_pipe_name_from_index(PI_NETLOGON)));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	neg_flags |= NETLOGON_NEG_SCHANNEL;
 
-	result = cli_nt_setup_creds(cli, sec_channel_type, trust_password,
-				    &neg_flags, 2);
-
-	if (!NT_STATUS_IS_OK(result)) {
-		ZERO_STRUCT(cli->auth_info.sess_key);
-		cli->pipe_auth_flags = 0;
-		return result;
+	ret = cli_nt_setup_netsec(cli, sec_channel_type, trust_password);
+	if (NT_STATUS_IS_OK(ret)) {
+		char *hex_session_key;
+		hex_encode(cli->auth_info.sess_key,
+			   sizeof(cli->auth_info.sess_key),
+			   &hex_session_key);
+		printf("Got Session key: %s\n", hex_session_key);
+		SAFE_FREE(hex_session_key);
 	}
-
-	memcpy(cli->auth_info.sess_key, cli->sess_key,
-	       sizeof(cli->auth_info.sess_key));
-
-	cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
-
-	cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
-	cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
-	cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
-
-	return NT_STATUS_OK; 
+	return ret;
 }
 
 /* Built in rpcclient commands */
@@ -536,7 +519,9 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 		}
 	}
 
-	if ((cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
+	/* some of the DsXXX commands use the netlogon pipe */
+
+	if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
 		uint32 neg_flags = 0x000001ff;
 		uint32 sec_channel_type;
 	
@@ -741,7 +726,8 @@ out_free:
 					opt_ipaddr ? &server_ip : NULL, 0,
 					"IPC$", "IPC",  
 					cmdline_auth_info.username, lp_workgroup(),
-					cmdline_auth_info.password, 0, NULL);
+					cmdline_auth_info.password, 0,
+					cmdline_auth_info.signing_state,NULL);
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0,("Cannot connect to server.  Error was %s\n", nt_errstr(nt_status)));