diff options
| author | Simo Sorce <idra@samba.org> | 2008-02-01 14:24:31 -0500 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2008-02-01 14:24:31 -0500 |
| commit | 2fffc9a1b1fe2a1490e867bb38462e50c282d2b3 (patch) | |
| tree | 428e09c9b35138db8b7ca7161c659a71aa129d29 /source3/utils | |
| parent | 93a3c5b3f9927973b4ad1496f593ea147052d1e1 (diff) | |
| parent | b708005a7106db26d7df689b887b419c9f2ea41c (diff) | |
| download | samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.tar.gz samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.tar.bz2 samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.zip | |
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net.c | 62 | ||||
| -rw-r--r-- | source3/utils/net.h | 2 | ||||
| -rw-r--r-- | source3/utils/net_ads.c | 37 | ||||
| -rw-r--r-- | source3/utils/net_conf.c | 816 | ||||
| -rw-r--r-- | source3/utils/net_dns.c | 44 | ||||
| -rw-r--r-- | source3/utils/net_dom.c | 59 | ||||
| -rw-r--r-- | source3/utils/net_domain.c | 75 | ||||
| -rw-r--r-- | source3/utils/net_help.c | 1 | ||||
| -rw-r--r-- | source3/utils/net_lookup.c | 2 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 589 | ||||
| -rw-r--r-- | source3/utils/net_rpc_audit.c | 182 | ||||
| -rw-r--r-- | source3/utils/net_rpc_join.c | 61 | ||||
| -rw-r--r-- | source3/utils/net_rpc_rights.c | 6 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 12 | ||||
| -rw-r--r-- | source3/utils/net_rpc_sh_acct.c | 14 | ||||
| -rw-r--r-- | source3/utils/net_sam.c | 2 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 423 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 201 | ||||
| -rw-r--r-- | source3/utils/smbcacls.c | 37 | ||||
| -rw-r--r-- | source3/utils/smbcontrol.c | 57 | ||||
| -rw-r--r-- | source3/utils/smbcquotas.c | 35 | ||||
| -rw-r--r-- | source3/utils/smbfilter.c | 28 | ||||
| -rw-r--r-- | source3/utils/smbget.c | 12 |
23 files changed, 1520 insertions, 1237 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index bf70d08d8b..586ea2fdb6 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -88,6 +88,7 @@ int opt_testmode = False; int opt_have_ip = False; struct sockaddr_storage opt_dest_ip; +bool smb_encrypt; extern bool AllowDebugChange; @@ -178,9 +179,7 @@ NTSTATUS connect_to_service(struct cli_state **c, service_name, service_type, opt_user_name, opt_workgroup, opt_password, 0, Undefined, NULL); - if (NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } else { + if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); /* Display a nicer message depending on the result */ @@ -196,9 +195,40 @@ NTSTATUS connect_to_service(struct cli_state **c, if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED)) d_fprintf(stderr, "The account was disabled.\n"); - return nt_status; } + + if (smb_encrypt) { + nt_status = cli_force_encryption(*c, + opt_user_name, + opt_password, + opt_workgroup); + + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { + d_printf("Encryption required and " + "server that doesn't support " + "UNIX extensions - failing connect\n"); + } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) { + d_printf("Encryption required and " + "can't get UNIX CIFS extensions " + "version from server.\n"); + } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) { + d_printf("Encryption required and " + "share %s doesn't support " + "encryption.\n", service_name); + } else if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("Encryption required and " + "setup failed with error %s.\n", + nt_errstr(nt_status)); + } + + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(*c); + *c = NULL; + } + } + + return nt_status; } /**************************************************************************** @@ -287,12 +317,24 @@ NTSTATUS connect_to_ipc_krb5(struct cli_state **c, SAFE_FREE(user_and_realm); - if (NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } else { + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status))); return nt_status; } + + if (smb_encrypt) { + nt_status = cli_cm_force_encryption(*c, + user_and_realm, + opt_password, + opt_workgroup, + "IPC$"); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(*c); + *c = NULL; + } + } + + return nt_status; } /** @@ -988,6 +1030,7 @@ static struct functable net_func[] = { {"port", 'p', POPT_ARG_INT, &opt_port}, {"myname", 'n', POPT_ARG_STRING, &opt_requester_name}, {"server", 'S', POPT_ARG_STRING, &opt_host}, + {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, {"container", 'c', POPT_ARG_STRING, &opt_container}, {"comment", 'C', POPT_ARG_STRING, &opt_comment}, {"maxusers", 'M', POPT_ARG_INT, &opt_maxusers}, @@ -1010,7 +1053,7 @@ static struct functable net_func[] = { {"acls", 0, POPT_ARG_NONE, &opt_acls}, {"attrs", 0, POPT_ARG_NONE, &opt_attrs}, {"timestamps", 0, POPT_ARG_NONE, &opt_timestamps}, - {"exclude", 'e', POPT_ARG_STRING, &opt_exclude}, + {"exclude", 'X', POPT_ARG_STRING, &opt_exclude}, {"destination", 0, POPT_ARG_STRING, &opt_destination}, {"tallocreport", 0, POPT_ARG_NONE, &do_talloc_report}, @@ -1037,6 +1080,9 @@ static struct functable net_func[] = { net_help(argc, argv); exit(0); break; + case 'e': + smb_encrypt=true; + break; case 'I': if (!interpret_string_addr(&opt_dest_ip, poptGetOptArg(pc), 0)) { diff --git a/source3/utils/net.h b/source3/utils/net.h index 2ffa4d77b1..3a4b1da7b0 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -42,7 +42,7 @@ struct rpc_sh_ctx { struct cli_state *cli; DOM_SID *domain_sid; - char *domain_name; + const char *domain_name; const char *whoami; const char *thiscmd; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 141031dacb..732ba8d8b6 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -817,7 +817,7 @@ static int net_ads_leave(int argc, const char **argv) struct cli_state *cli = NULL; TALLOC_CTX *ctx; DOM_SID *dom_sid = NULL; - char *short_domain_name = NULL; + const char *short_domain_name = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -961,7 +961,8 @@ static NTSTATUS check_ads_config( void ) ********************************************************************/ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct sockaddr_storage *pss, char **domain, + struct sockaddr_storage *pss, + const char **domain, DOM_SID **dom_sid, const char *password) { @@ -1255,7 +1256,6 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) ADS_STATUS status; fstring salt; char *std_salt; - LDAPMessage *res = NULL; const char *machine_name = global_myname(); status = ads_domain_func_level( ads, &domain_func ); @@ -1278,24 +1278,11 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { char *upn; - int count; - - status = ads_find_machine_acct(ads, &res, machine_name); - if (!ADS_ERR_OK(status)) { - return False; - } - - if ( (count = ads_count_replies(ads, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return False; - } - upn = ads_pull_string(ads, ctx, res, "userPrincipalName"); + upn = ads_get_upn(ads, ctx, machine_name); if ( upn ) { fstrcpy( salt, upn ); } - - ads_msgfree(ads, res); } return kerberos_secrets_store_des_salt( salt ); @@ -1308,14 +1295,13 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) #if defined(WITH_DNS_UPDATES) #include "dns.h" DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, - const char *pszHostName, - const struct in_addr *iplist, int num_addrs ); - + const char *pszDomainName, const char *pszHostName, + const struct sockaddr_storage *sslist, + size_t num_addrs ); static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, const char *machine_name, - const struct in_addr *addrs, + const struct sockaddr_storage *addrs, int num_addrs) { struct dns_rr_ns *nameservers = NULL; @@ -1404,7 +1390,7 @@ done: static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) { int num_addrs; - struct in_addr *iplist = NULL; + struct sockaddr_storage *iplist = NULL; fstring machine_name; NTSTATUS status; @@ -1460,8 +1446,7 @@ int net_ads_join(int argc, const char **argv) ADS_STRUCT *ads = NULL; ADS_STATUS status; NTSTATUS nt_status; - char *machine_account = NULL; - char *short_domain_name = NULL; + const char *short_domain_name = NULL; char *tmp_password, *password; TALLOC_CTX *ctx = NULL; DOM_SID *domain_sid = NULL; @@ -1698,7 +1683,6 @@ int net_ads_join(int argc, const char **argv) d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); - SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); @@ -1708,7 +1692,6 @@ fail: /* issue an overall failure message at the end. */ d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status)); - SAFE_FREE(machine_account); TALLOC_FREE( ctx ); ads_destroy(&ads); diff --git a/source3/utils/net_conf.c b/source3/utils/net_conf.c index 16b372ca72..26ed41b2a0 100644 --- a/source3/utils/net_conf.c +++ b/source3/utils/net_conf.c @@ -2,7 +2,7 @@ * Samba Unix/Linux SMB client library * Distributed SMB/CIFS Server Management Utility * Local configuration interface - * Copyright (C) Michael Adam 2007 + * Copyright (C) Michael Adam 2007-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,17 +19,23 @@ */ /* - * This is an interface to the configuration stored inside the - * samba registry. In the future there might be support for other - * configuration backends as well. + * This is an interface to Samba's configuration as made available + * by the libnet_conf interface (source/libnet/libnet_conf.c). + * + * This currently supports local interaction with the configuration + * stored in the registry. But other backends and remote access via + * rpc might get implemented in the future. */ #include "includes.h" #include "utils/net.h" +#include "libnet/libnet.h" -/* +/********************************************************************** + * * usage functions - */ + * + **********************************************************************/ static int net_conf_list_usage(int argc, const char **argv) { @@ -42,9 +48,9 @@ static int net_conf_import_usage(int argc, const char**argv) d_printf("USAGE: net conf import [--test|-T] <filename> " "[<servicename>]\n" "\t[--test|-T] testmode - do not act, just print " - "what would be done\n" + "what would be done\n" "\t<servicename> only import service <servicename>, " - "ignore the rest\n"); + "ignore the rest\n"); return -1; } @@ -105,356 +111,16 @@ static int net_conf_delparm_usage(int argc, const char **argv) } -/* +/********************************************************************** + * * Helper functions - */ - -static char *format_value(TALLOC_CTX *mem_ctx, struct registry_value *value) -{ - char *result = NULL; - - /* what if mem_ctx = NULL? */ - - switch (value->type) { - case REG_DWORD: - result = talloc_asprintf(mem_ctx, "%d", value->v.dword); - break; - case REG_SZ: - case REG_EXPAND_SZ: - result = talloc_asprintf(mem_ctx, "%s", value->v.sz.str); - break; - case REG_MULTI_SZ: { - uint32 j; - for (j = 0; j < value->v.multi_sz.num_strings; j++) { - result = talloc_asprintf(mem_ctx, "\"%s\" ", - value->v.multi_sz.strings[j]); - } - break; - } - case REG_BINARY: - result = talloc_asprintf(mem_ctx, "binary (%d bytes)", - (int)value->v.binary.length); - break; - default: - result = talloc_asprintf(mem_ctx, "<unprintable>"); - break; - } - return result; -} - -/* - * add a value to a key. - */ -static WERROR reg_setvalue_internal(struct registry_key *key, - const char *valname, - const char *valstr) -{ - struct registry_value val; - WERROR werr = WERR_OK; - char *subkeyname; - const char *canon_valname; - const char *canon_valstr; - - if (!lp_canonicalize_parameter_with_value(valname, valstr, - &canon_valname, - &canon_valstr)) - { - if (canon_valname == NULL) { - d_fprintf(stderr, "invalid parameter '%s' given\n", - valname); - } else { - d_fprintf(stderr, "invalid value '%s' given for " - "parameter '%s'\n", valstr, valname); - } - werr = WERR_INVALID_PARAM; - goto done; - } - - ZERO_STRUCT(val); - - val.type = REG_SZ; - val.v.sz.str = CONST_DISCARD(char *, canon_valstr); - val.v.sz.len = strlen(canon_valstr) + 1; - - if (registry_smbconf_valname_forbidden(canon_valname)) { - d_fprintf(stderr, "Parameter '%s' not allowed in registry.\n", - canon_valname); - werr = WERR_INVALID_PARAM; - goto done; - } - - subkeyname = strrchr_m(key->key->name, '\\'); - if ((subkeyname == NULL) || (*(subkeyname +1) == '\0')) { - d_fprintf(stderr, "Invalid registry key '%s' given as " - "smbconf section.\n", key->key->name); - werr = WERR_INVALID_PARAM; - goto done; - } - subkeyname++; - if (!strequal(subkeyname, GLOBAL_NAME) && - lp_parameter_is_global(valname)) - { - d_fprintf(stderr, "Global paramter '%s' not allowed in " - "service definition ('%s').\n", canon_valname, - subkeyname); - werr = WERR_INVALID_PARAM; - goto done; - } - - werr = reg_setvalue(key, canon_valname, &val); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, - "Error adding value '%s' to " - "key '%s': %s\n", - canon_valname, key->key->name, dos_errstr(werr)); - } - -done: - return werr; -} - -/* - * Open a subkey of KEY_SMBCONF (i.e a service) - * - variant without error output (q = quiet)- - */ -static WERROR smbconf_open_path_q(TALLOC_CTX *ctx, const char *subkeyname, - uint32 desired_access, - struct registry_key **key) -{ - WERROR werr = WERR_OK; - char *path = NULL; - NT_USER_TOKEN *token; - - if (!(token = registry_create_admin_token(ctx))) { - DEBUG(1, ("Error creating admin token\n")); - goto done; - } - - if (subkeyname == NULL) { - path = talloc_strdup(ctx, KEY_SMBCONF); - } else { - path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, subkeyname); - } - - werr = reg_open_path(ctx, path, desired_access, - token, key); - -done: - TALLOC_FREE(path); - return werr; -} - -/* - * Open a subkey of KEY_SMBCONF (i.e a service) - * - variant with error output - - */ -static WERROR smbconf_open_path(TALLOC_CTX *ctx, const char *subkeyname, - uint32 desired_access, - struct registry_key **key) -{ - WERROR werr = WERR_OK; - - werr = smbconf_open_path_q(ctx, subkeyname, desired_access, key); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error opening registry path '%s\\%s': %s\n", - KEY_SMBCONF, - (subkeyname == NULL) ? "" : subkeyname, - dos_errstr(werr)); - } - - return werr; -} - -/* - * open the base key KEY_SMBCONF - */ -static WERROR smbconf_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, - struct registry_key **key) -{ - return smbconf_open_path(ctx, NULL, desired_access, key); -} - -/* - * delete a subkey of KEY_SMBCONF - */ -static WERROR reg_delkey_internal(TALLOC_CTX *ctx, const char *keyname) -{ - WERROR werr = WERR_OK; - struct registry_key *key = NULL; - - werr = smbconf_open_basepath(ctx, REG_KEY_WRITE, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_deletekey_recursive(key, key, keyname); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error deleting registry key %s\\%s: %s\n", - KEY_SMBCONF, keyname, dos_errstr(werr)); - } - -done: - TALLOC_FREE(key); - return werr; -} - -/* - * create a subkey of KEY_SMBCONF - */ -static WERROR reg_createkey_internal(TALLOC_CTX *ctx, - const char * subkeyname, - struct registry_key **newkey) -{ - WERROR werr = WERR_OK; - struct registry_key *create_parent = NULL; - TALLOC_CTX *create_ctx; - enum winreg_CreateAction action = REG_ACTION_NONE; - - /* create a new talloc ctx for creation. it will hold - * the intermediate parent key (SMBCONF) for creation - * and will be destroyed when leaving this function... */ - if (!(create_ctx = talloc_new(ctx))) { - werr = WERR_NOMEM; - goto done; - } - - werr = smbconf_open_basepath(create_ctx, REG_KEY_WRITE, &create_parent); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_createkey(ctx, create_parent, subkeyname, - REG_KEY_WRITE, newkey, &action); - if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) { - d_fprintf(stderr, "Key '%s' already exists.\n", subkeyname); - werr = WERR_ALREADY_EXISTS; - } - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error creating key %s: %s\n", - subkeyname, dos_errstr(werr)); - } - -done: - TALLOC_FREE(create_ctx); - return werr; -} + * + **********************************************************************/ -/* - * check if a subkey of KEY_SMBCONF of a given name exists +/** + * This formats an in-memory smbconf parameter to a string. + * The result string is allocated with talloc. */ -static bool smbconf_key_exists(TALLOC_CTX *ctx, const char *subkeyname) -{ - bool ret = False; - WERROR werr = WERR_OK; - TALLOC_CTX *mem_ctx; - struct registry_key *key; - - if (!(mem_ctx = talloc_new(ctx))) { - d_fprintf(stderr, "ERROR: Out of memory...!\n"); - goto done; - } - - werr = smbconf_open_path_q(mem_ctx, subkeyname, REG_KEY_READ, &key); - if (W_ERROR_IS_OK(werr)) { - ret = True; - } - -done: - TALLOC_FREE(mem_ctx); - return ret; -} - -static bool smbconf_value_exists(TALLOC_CTX *ctx, struct registry_key *key, - const char *param) -{ - bool ret = False; - WERROR werr = WERR_OK; - struct registry_value *value = NULL; - - werr = reg_queryvalue(ctx, key, param, &value); - if (W_ERROR_IS_OK(werr)) { - ret = True; - } - - TALLOC_FREE(value); - return ret; -} - -static WERROR list_values(TALLOC_CTX *ctx, struct registry_key *key) -{ - WERROR werr = WERR_OK; - uint32 idx = 0; - struct registry_value *valvalue = NULL; - char *valname = NULL; - - for (idx = 0; - W_ERROR_IS_OK(werr = reg_enumvalue(ctx, key, idx, &valname, - &valvalue)); - idx++) - { - d_printf("\t%s = %s\n", valname, format_value(ctx, valvalue)); - } - if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { - d_fprintf(stderr, "Error enumerating values: %s\n", - dos_errstr(werr)); - goto done; - } - werr = WERR_OK; - -done: - return werr; -} - -static WERROR drop_smbconf_internal(TALLOC_CTX *ctx) -{ - char *path, *p; - WERROR werr = WERR_OK; - NT_USER_TOKEN *token; - struct registry_key *parent_key = NULL; - struct registry_key *new_key = NULL; - TALLOC_CTX* tmp_ctx = NULL; - enum winreg_CreateAction action; - - tmp_ctx = talloc_new(ctx); - if (tmp_ctx == NULL) { - werr = WERR_NOMEM; - goto done; - } - - if (!(token = registry_create_admin_token(tmp_ctx))) { - /* what is the appropriate error code here? */ - werr = WERR_CAN_NOT_COMPLETE; - goto done; - } - - path = talloc_strdup(tmp_ctx, KEY_SMBCONF); - if (path == NULL) { - d_fprintf(stderr, "ERROR: out of memory!\n"); - werr = WERR_NOMEM; - goto done; - } - p = strrchr(path, '\\'); - *p = '\0'; - werr = reg_open_path(tmp_ctx, path, REG_KEY_WRITE, token, &parent_key); - - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_deletekey_recursive(tmp_ctx, parent_key, p+1); - - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_createkey(tmp_ctx, parent_key, p+1, REG_KEY_WRITE, - &new_key, &action); - -done: - TALLOC_FREE(tmp_ctx); - return werr; -} - static char *parm_valstr(TALLOC_CTX *ctx, struct parm_struct *parm, struct share_params *share) { @@ -481,14 +147,14 @@ static char *parm_valstr(TALLOC_CTX *ctx, struct parm_struct *parm, valstr = talloc_asprintf(ctx, "%s", BOOLSTR(!*(bool *)ptr)); break; case P_ENUM: - for (i = 0; parm->enum_list[i].name; i++) { - if (*(int *)ptr == parm->enum_list[i].value) + for (i = 0; parm->enum_list[i].name; i++) { + if (*(int *)ptr == parm->enum_list[i].value) { valstr = talloc_asprintf(ctx, "%s", - parm->enum_list[i].name); - break; - } - } + parm->enum_list[i].name); + break; + } + } break; case P_OCTAL: { char *o = octal_string(*(int *)ptr); @@ -529,14 +195,18 @@ static char *parm_valstr(TALLOC_CTX *ctx, struct parm_struct *parm, return valstr; } +/** + * This functions imports a configuration that has previously + * been loaded with lp_load() to registry. + */ static int import_process_service(TALLOC_CTX *ctx, + struct libnet_conf_ctx *conf_ctx, struct share_params *share) { int ret = -1; struct parm_struct *parm; int pnum = 0; const char *servicename; - struct registry_key *key; WERROR werr; char *valstr = NULL; TALLOC_CTX *tmp_ctx = NULL; @@ -553,13 +223,13 @@ static int import_process_service(TALLOC_CTX *ctx, if (opt_testmode) { d_printf("[%s]\n", servicename); } else { - if (smbconf_key_exists(tmp_ctx, servicename)) { - werr = reg_delkey_internal(tmp_ctx, servicename); + if (libnet_conf_share_exists(conf_ctx, servicename)) { + werr = libnet_conf_delete_share(conf_ctx, servicename); if (!W_ERROR_IS_OK(werr)) { goto done; } } - werr = reg_createkey_internal(tmp_ctx, servicename, &key); + werr = libnet_conf_create_share(conf_ctx, servicename); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -567,9 +237,11 @@ static int import_process_service(TALLOC_CTX *ctx, while ((parm = lp_next_parameter(share->service, &pnum, 0))) { - if ((share->service < 0 && parm->p_class == P_LOCAL) + if ((share->service < 0) && (parm->p_class == P_LOCAL) && !(parm->flags & FLAG_GLOBAL)) + { continue; + } valstr = parm_valstr(tmp_ctx, parm, share); @@ -577,9 +249,15 @@ static int import_process_service(TALLOC_CTX *ctx, if (opt_testmode) { d_printf("\t%s = %s\n", parm->label, valstr); } else { - werr = reg_setvalue_internal(key, parm->label, - valstr); + werr = libnet_conf_set_parameter(conf_ctx, + servicename, + parm->label, + valstr); if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, + "Error setting parameter '%s'" + ": %s\n", parm->label, + dos_errstr(werr)); goto done; } } @@ -597,7 +275,10 @@ done: return ret; } -/* return True iff there are nondefault globals */ +/** + * Return true iff there are nondefault globals in the + * currently loaded configuration. + */ static bool globals_exist(void) { int i = 0; @@ -605,25 +286,31 @@ static bool globals_exist(void) while ((parm = lp_next_parameter(GLOBAL_SECTION_SNUM, &i, 0)) != NULL) { if (parm->type != P_SEP) { - return True; + return true; } } - return False; + return false; } -/* - * the conf functions - */ -int net_conf_list(int argc, const char **argv) +/********************************************************************** + * + * the main conf functions + * + **********************************************************************/ + +static int net_conf_list(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { WERROR werr = WERR_OK; int ret = -1; TALLOC_CTX *ctx; - struct registry_key *base_key = NULL; - struct registry_key *sub_key = NULL; - uint32 idx_key = 0; - char *subkey_name = NULL; + uint32_t num_shares; + char **share_names; + uint32_t *num_params; + char ***param_names; + char ***param_values; + uint32_t share_count, param_count; ctx = talloc_init("list"); @@ -632,54 +319,25 @@ int net_conf_list(int argc, const char **argv) goto done; } - werr = smbconf_open_basepath(ctx, REG_KEY_READ, &base_key); + werr = libnet_conf_get_config(ctx, conf_ctx, &num_shares, &share_names, + &num_params, ¶m_names, ¶m_values); if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error getting config: %s\n", + dos_errstr(werr)); goto done; } - if (smbconf_key_exists(ctx, GLOBAL_NAME)) { - werr = reg_openkey(ctx, base_key, GLOBAL_NAME, - REG_KEY_READ, &sub_key); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error opening subkey '%s' : %s\n", - subkey_name, dos_errstr(werr)); - goto done; - } - d_printf("[%s]\n", GLOBAL_NAME); - if (!W_ERROR_IS_OK(list_values(ctx, sub_key))) { - goto done; - } - d_printf("\n"); - } - - for (idx_key = 0; - W_ERROR_IS_OK(werr = reg_enumkey(ctx, base_key, idx_key, - &subkey_name, NULL)); - idx_key++) - { - if (strequal(subkey_name, GLOBAL_NAME)) { - continue; - } - d_printf("[%s]\n", subkey_name); - - werr = reg_openkey(ctx, base_key, subkey_name, - REG_KEY_READ, &sub_key); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, - "Error opening subkey '%s': %s\n", - subkey_name, dos_errstr(werr)); - goto done; - } - if (!W_ERROR_IS_OK(list_values(ctx, sub_key))) { - goto done; + for (share_count = 0; share_count < num_shares; share_count++) { + d_printf("[%s]\n", share_names[share_count]); + for (param_count = 0; param_count < num_params[share_count]; + param_count++) + { + d_printf("\t%s = %s\n", + param_names[share_count][param_count], + param_values[share_count][param_count]); } d_printf("\n"); } - if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { - d_fprintf(stderr, "Error enumerating subkeys: %s\n", - dos_errstr(werr)); - goto done; - } ret = 0; @@ -688,12 +346,13 @@ done: return ret; } -int net_conf_import(int argc, const char **argv) +static int net_conf_import(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; const char *filename = NULL; const char *servicename = NULL; - bool service_found = False; + bool service_found = false; TALLOC_CTX *ctx; struct share_iterator *shares; struct share_params *share; @@ -717,10 +376,10 @@ int net_conf_import(int argc, const char **argv) filename)); if (!lp_load(filename, - False, /* global_only */ - True, /* save_defaults */ - False, /* add_ipc */ - True)) /* initialize_globals */ + false, /* global_only */ + true, /* save_defaults */ + false, /* add_ipc */ + true)) /* initialize_globals */ { d_fprintf(stderr, "Error parsing configuration file.\n"); goto done; @@ -734,8 +393,8 @@ int net_conf_import(int argc, const char **argv) if (((servicename == NULL) && globals_exist()) || strequal(servicename, GLOBAL_NAME)) { - service_found = True; - if (import_process_service(ctx, &global_share) != 0) { + service_found = true; + if (import_process_service(ctx, conf_ctx, &global_share) != 0) { goto done; } } @@ -753,8 +412,8 @@ int net_conf_import(int argc, const char **argv) if ((servicename == NULL) || strequal(servicename, lp_servicename(share->service))) { - service_found = True; - if (import_process_service(ctx, share)!= 0) { + service_found = true; + if (import_process_service(ctx, conf_ctx, share)!= 0) { goto done; } } @@ -774,13 +433,13 @@ done: return ret; } -int net_conf_listshares(int argc, const char **argv) +static int net_conf_listshares(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { WERROR werr = WERR_OK; int ret = -1; - struct registry_key *key; - uint32 idx = 0; - char *subkey_name = NULL; + uint32_t count, num_shares = 0; + char **share_names = NULL; TALLOC_CTX *ctx; ctx = talloc_init("listshares"); @@ -790,22 +449,15 @@ int net_conf_listshares(int argc, const char **argv) goto done; } - werr = smbconf_open_basepath(ctx, SEC_RIGHTS_ENUM_SUBKEYS, &key); + werr = libnet_conf_get_share_names(ctx, conf_ctx, &num_shares, + &share_names); if (!W_ERROR_IS_OK(werr)) { goto done; } - for (idx = 0; - W_ERROR_IS_OK(werr = reg_enumkey(ctx, key, idx, - &subkey_name, NULL)); - idx++) + for (count = 0; count < num_shares; count++) { - d_printf("%s\n", subkey_name); - } - if (! W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { - d_fprintf(stderr, "Error enumerating subkeys: %s\n", - dos_errstr(werr)); - goto done; + d_printf("%s\n", share_names[count]); } ret = 0; @@ -815,7 +467,8 @@ done: return ret; } -int net_conf_drop(int argc, const char **argv) +static int net_conf_drop(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; WERROR werr; @@ -825,7 +478,7 @@ int net_conf_drop(int argc, const char **argv) goto done; } - werr = drop_smbconf_internal(NULL); + werr = libnet_conf_drop(conf_ctx); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "Error deleting configuration: %s\n", dos_errstr(werr)); @@ -838,12 +491,17 @@ done: return ret; } -int net_conf_showshare(int argc, const char **argv) +static int net_conf_showshare(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; WERROR werr = WERR_OK; - struct registry_key *key = NULL; + const char *sharename = NULL; TALLOC_CTX *ctx; + uint32_t num_params; + uint32_t count; + char **param_names; + char **param_values; ctx = talloc_init("showshare"); @@ -852,15 +510,21 @@ int net_conf_showshare(int argc, const char **argv) goto done; } - werr = smbconf_open_path(ctx, argv[0], REG_KEY_READ, &key); + sharename = argv[0]; + + werr = libnet_conf_get_share(ctx, conf_ctx, sharename, &num_params, + ¶m_names, ¶m_values); if (!W_ERROR_IS_OK(werr)) { + d_printf("error getting share parameters: %s\n", + dos_errstr(werr)); goto done; } - d_printf("[%s]\n", argv[0]); + d_printf("[%s]\n", sharename); - if (!W_ERROR_IS_OK(list_values(ctx, key))) { - goto done; + for (count = 0; count < num_params; count++) { + d_printf("\t%s = %s\n", param_names[count], + param_values[count]); } ret = 0; @@ -870,11 +534,17 @@ done: return ret; } -int net_conf_addshare(int argc, const char **argv) +/** + * Add a share, with a couple of standard parameters, partly optional. + * + * This is a high level utility function of the net conf utility, + * not a direct frontend to the libnet_conf API. + */ +static int net_conf_addshare(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; WERROR werr = WERR_OK; - struct registry_key *newkey = NULL; char *sharename = NULL; const char *path = NULL; const char *comment = NULL; @@ -926,7 +596,6 @@ int net_conf_addshare(int argc, const char **argv) net_conf_addshare_usage(argc, argv); goto done; } - case 2: path = argv[1]; sharename = strdup_lower(argv[0]); @@ -960,6 +629,12 @@ int net_conf_addshare(int argc, const char **argv) goto done; } + if (libnet_conf_share_exists(conf_ctx, sharename)) { + d_fprintf(stderr, "ERROR: share %s already exists.\n", + sharename); + goto done; + } + /* validate path */ if (path[0] != '/') { @@ -989,43 +664,63 @@ int net_conf_addshare(int argc, const char **argv) * create the share */ - werr = reg_createkey_internal(NULL, argv[0], &newkey); + werr = libnet_conf_create_share(conf_ctx, sharename); if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error creating share %s: %s\n", + sharename, dos_errstr(werr)); goto done; } - /* add config params as values */ + /* + * fill the share with parameters + */ - werr = reg_setvalue_internal(newkey, "path", path); - if (!W_ERROR_IS_OK(werr)) + werr = libnet_conf_set_parameter(conf_ctx, sharename, "path", path); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error setting parameter %s: %s\n", + "path", dos_errstr(werr)); goto done; + } if (comment != NULL) { - werr = reg_setvalue_internal(newkey, "comment", comment); - if (!W_ERROR_IS_OK(werr)) + werr = libnet_conf_set_parameter(conf_ctx, sharename, "comment", + comment); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error setting parameter %s: %s\n", + "comment", dos_errstr(werr)); goto done; + } } - werr = reg_setvalue_internal(newkey, "guest ok", guest_ok); - if (!W_ERROR_IS_OK(werr)) + werr = libnet_conf_set_parameter(conf_ctx, sharename, "guest ok", + guest_ok); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error setting parameter %s: %s\n", + "'guest ok'", dos_errstr(werr)); goto done; + } - werr = reg_setvalue_internal(newkey, "writeable", writeable); - if (!W_ERROR_IS_OK(werr)) + werr = libnet_conf_set_parameter(conf_ctx, sharename, "writeable", + writeable); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error setting parameter %s: %s\n", + "writeable", dos_errstr(werr)); goto done; + } ret = 0; done: - TALLOC_FREE(newkey); SAFE_FREE(sharename); return ret; } -int net_conf_delshare(int argc, const char **argv) +static int net_conf_delshare(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; const char *sharename = NULL; + WERROR werr = WERR_OK; if (argc != 1) { net_conf_delshare_usage(argc, argv); @@ -1033,24 +728,26 @@ int net_conf_delshare(int argc, const char **argv) } sharename = argv[0]; - if (W_ERROR_IS_OK(reg_delkey_internal(NULL, sharename))) { - ret = 0; + werr = libnet_conf_delete_share(conf_ctx, sharename); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error deleting share %s: %s\n", + sharename, dos_errstr(werr)); + goto done; } + + ret = 0; done: return ret; } -static int net_conf_setparm(int argc, const char **argv) +static int net_conf_setparm(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; WERROR werr = WERR_OK; - struct registry_key *key = NULL; char *service = NULL; char *param = NULL; const char *value_str = NULL; - TALLOC_CTX *ctx; - - ctx = talloc_init("setparm"); if (argc != 3) { net_conf_setparm_usage(argc, argv); @@ -1060,39 +757,39 @@ static int net_conf_setparm(int argc, const char **argv) param = strdup_lower(argv[1]); value_str = argv[2]; - if (!smbconf_key_exists(ctx, service)) { - werr = reg_createkey_internal(ctx, service, &key); - } else { - werr = smbconf_open_path(ctx, service, REG_KEY_READ, &key); - } - if (!W_ERROR_IS_OK(werr)) { - goto done; + if (!libnet_conf_share_exists(conf_ctx, service)) { + werr = libnet_conf_create_share(conf_ctx, service); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error creating share '%s': %s\n", + service, dos_errstr(werr)); + goto done; + } } - werr = reg_setvalue_internal(key, param, value_str); + werr = libnet_conf_set_parameter(conf_ctx, service, param, value_str); + if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "Error setting value '%s': %s\n", param, dos_errstr(werr)); goto done; } - ret = 0; done: SAFE_FREE(service); - TALLOC_FREE(ctx); + SAFE_FREE(param); return ret; } -static int net_conf_getparm(int argc, const char **argv) +static int net_conf_getparm(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; WERROR werr = WERR_OK; - struct registry_key *key = NULL; char *service = NULL; char *param = NULL; - struct registry_value *value = NULL; + char *valstr = NULL; TALLOC_CTX *ctx; ctx = talloc_init("getparm"); @@ -1104,26 +801,25 @@ static int net_conf_getparm(int argc, const char **argv) service = strdup_lower(argv[0]); param = strdup_lower(argv[1]); - if (!smbconf_key_exists(ctx, service)) { + werr = libnet_conf_get_parameter(ctx, conf_ctx, service, param, &valstr); + + if (W_ERROR_EQUAL(werr, WERR_NO_SUCH_SERVICE)) { d_fprintf(stderr, - "ERROR: given service '%s' does not exist.\n", + "Error: given service '%s' does not exist.\n", service); goto done; - } - - werr = smbconf_open_path(ctx, service, REG_KEY_READ, &key); - if (!W_ERROR_IS_OK(werr)) { + } else if (W_ERROR_EQUAL(werr, WERR_INVALID_PARAM)) { + d_fprintf(stderr, + "Error: given parameter '%s' is not set.\n", + param); goto done; - } - - werr = reg_queryvalue(ctx, key, param, &value); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error querying value '%s': %s.\n", + } else if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error getting value '%s': %s.\n", param, dos_errstr(werr)); goto done; } - d_printf("%s\n", format_value(ctx, value)); + d_printf("%s\n", valstr); ret = 0; done: @@ -1133,16 +829,13 @@ done: return ret; } -static int net_conf_delparm(int argc, const char **argv) +static int net_conf_delparm(struct libnet_conf_ctx *conf_ctx, + int argc, const char **argv) { int ret = -1; WERROR werr = WERR_OK; - struct registry_key *key = NULL; char *service = NULL; char *param = NULL; - TALLOC_CTX *ctx; - - ctx = talloc_init("delparm"); if (argc != 2) { net_conf_delparm_usage(argc, argv); @@ -1151,26 +844,19 @@ static int net_conf_delparm(int argc, const char **argv) service = strdup_lower(argv[0]); param = strdup_lower(argv[1]); - if (!smbconf_key_exists(ctx, service)) { + werr = libnet_conf_delete_parameter(conf_ctx, service, param); + + if (W_ERROR_EQUAL(werr, WERR_NO_SUCH_SERVICE)) { d_fprintf(stderr, "Error: given service '%s' does not exist.\n", service); goto done; - } - - werr = smbconf_open_path(ctx, service, REG_KEY_READ, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - if (!smbconf_value_exists(ctx, key, param)) { + } else if (W_ERROR_EQUAL(werr, WERR_INVALID_PARAM)) { d_fprintf(stderr, "Error: given parameter '%s' is not set.\n", param); goto done; - } - werr = reg_deletevalue(key, param); - if (!W_ERROR_IS_OK(werr)) { + } else if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "Error deleting value '%s': %s.\n", param, dos_errstr(werr)); goto done; @@ -1179,31 +865,105 @@ static int net_conf_delparm(int argc, const char **argv) ret = 0; done: + SAFE_FREE(service); + SAFE_FREE(param); + return ret; +} + + +/********************************************************************** + * + * Wrapper and net_conf_run_function mechanism. + * + **********************************************************************/ + +/** + * Wrapper function to call the main conf functions. + * The wrapper calls handles opening and closing of the + * configuration. + */ +static int net_conf_wrap_function(int (*fn)(struct libnet_conf_ctx *, + int, const char **), + int argc, const char **argv) +{ + WERROR werr; + TALLOC_CTX *mem_ctx = talloc_stackframe(); + struct libnet_conf_ctx *conf_ctx; + int ret = -1; + + werr = libnet_conf_open(mem_ctx, &conf_ctx); + + if (!W_ERROR_IS_OK(werr)) { + return -1; + } + + ret = fn(conf_ctx, argc, argv); + + libnet_conf_close(conf_ctx); + return ret; } /* + * We need a functable struct of our own, because the + * functions are called through a wrapper that handles + * the opening and closing of the configuration, and so on. + */ +struct conf_functable { + const char *funcname; + int (*fn)(struct libnet_conf_ctx *ctx, int argc, const char **argv); + const char *helptext; +}; + +/** + * This imitates net_run_function2 but calls the main functions + * through the wrapper net_conf_wrap_function(). + */ +static int net_conf_run_function(int argc, const char **argv, + const char *whoami, + struct conf_functable *table) +{ + int i; + + if (argc != 0) { + for (i=0; table[i].funcname; i++) { + if (StrCaseCmp(argv[0], table[i].funcname) == 0) + return net_conf_wrap_function(table[i].fn, + argc-1, + argv+1); + } + } + + for (i=0; table[i].funcname; i++) { + d_printf("%s %-15s %s\n", whoami, table[i].funcname, + table[i].helptext); + } + + return -1; +} + +/* * Entry-point for all the CONF functions. */ int net_conf(int argc, const char **argv) { int ret = -1; - struct functable2 func[] = { + struct conf_functable func_table[] = { {"list", net_conf_list, "Dump the complete configuration in smb.conf like format."}, {"import", net_conf_import, "Import configuration from file in smb.conf format."}, {"listshares", net_conf_listshares, - "List the registry shares."}, + "List the share names."}, {"drop", net_conf_drop, - "Delete the complete configuration from registry."}, + "Delete the complete configuration."}, {"showshare", net_conf_showshare, - "Show the definition of a registry share."}, + "Show the definition of a share."}, {"addshare", net_conf_addshare, - "Create a new registry share."}, + "Create a new share."}, {"delshare", net_conf_delshare, - "Delete a registry share."}, + "Delete a share."}, {"setparm", net_conf_setparm, "Store a parameter."}, {"getparm", net_conf_getparm, @@ -1213,16 +973,8 @@ int net_conf(int argc, const char **argv) {NULL, NULL, NULL} }; - if (!registry_init_regdb()) { - d_fprintf(stderr, "Error initializing the registry!\n"); - goto done; - } - - ret = net_run_function2(argc, argv, "net conf", func); + ret = net_conf_run_function(argc, argv, "net conf", func_table); - regdb_close(); - -done: return ret; } diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 8b82a96892..fb6644d6b2 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -32,14 +32,15 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, - const struct in_addr *iplist, size_t num_addrs ); + const struct sockaddr_storage *sslist, + size_t num_addrs ); /********************************************************************* *********************************************************************/ DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, - const struct in_addr *iplist, size_t num_addrs ) + const struct sockaddr_storage *sslist, size_t num_addrs ) { DNS_ERROR err; struct dns_connection *conn; @@ -47,7 +48,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, OM_uint32 minor; struct dns_update_request *req, *resp; - if ( (num_addrs <= 0) || !iplist ) { + if ( (num_addrs <= 0) || !sslist ) { return ERROR_DNS_INVALID_PARAMETER; } @@ -65,7 +66,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, */ err = dns_create_probe(mem_ctx, pszDomainName, pszHostName, - num_addrs, iplist, &req); + num_addrs, sslist, &req); if (!ERR_DNS_IS_OK(err)) goto error; err = dns_update_transaction(mem_ctx, conn, req, &resp); @@ -81,7 +82,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, */ err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, - iplist, num_addrs, &req); + sslist, num_addrs, &req); if (!ERR_DNS_IS_OK(err)) goto error; err = dns_update_transaction(mem_ctx, conn, req, &resp); @@ -141,33 +142,42 @@ error: /********************************************************************* *********************************************************************/ -int get_my_ip_address( struct in_addr **ips ) +int get_my_ip_address( struct sockaddr_storage **pp_ss ) + { struct iface_struct nics[MAX_INTERFACES]; int i, n; - struct in_addr *list; + struct sockaddr_storage *list = NULL; int count = 0; /* find the first non-loopback address from our list of interfaces */ n = get_interfaces(nics, MAX_INTERFACES); - - if ( (list = SMB_MALLOC_ARRAY( struct in_addr, n )) == NULL ) { + + if (n <= 0) { + return -1; + } + + if ( (list = SMB_MALLOC_ARRAY( struct sockaddr_storage, n )) == NULL ) { return -1; } for ( i=0; i<n; i++ ) { + if (is_loopback_addr(&nics[i].ip)) { + continue; + } +#if defined(HAVE_IPV6) if ((nics[i].ip.ss_family == AF_INET)) { - struct in_addr ifip; - - ifip = ((const struct sockaddr_in *)&nics[i].ip)->sin_addr; - - if (!is_loopback_ip_v4(ifip)) { - memcpy(&list[count++], &ifip, sizeof(struct in_addr)); - } + memcpy(&list[count++], &nics[i].ip, + sizeof(struct sockaddr_storage)); + } else +#endif + if (nics[i].ip.ss_family == AF_INET) { + memcpy(&list[count++], &nics[i].ip, + sizeof(struct sockaddr_storage)); } } - *ips = list; + *pp_ss = list; return count; } diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c index fd386c95a8..30993ae2fa 100644 --- a/source3/utils/net_dom.c +++ b/source3/utils/net_dom.c @@ -19,7 +19,7 @@ #include "includes.h" #include "utils/net.h" -#include "lib/netapi/joindomain.h" +#include "lib/netapi/netapi.h" static int net_dom_usage(int argc, const char **argv) { @@ -43,6 +43,7 @@ int net_help_dom(int argc, const char **argv) static int net_dom_unjoin(int argc, const char **argv) { + struct libnetapi_ctx *ctx = NULL; const char *server_name = NULL; const char *account = NULL; const char *password = NULL; @@ -50,8 +51,8 @@ static int net_dom_unjoin(int argc, const char **argv) WKSSVC_JOIN_FLAGS_JOIN_TYPE; struct cli_state *cli = NULL; bool reboot = false; - NTSTATUS status; - WERROR werr; + NTSTATUS ntstatus; + NET_API_STATUS status; int ret = -1; int i; @@ -82,17 +83,25 @@ static int net_dom_unjoin(int argc, const char **argv) } if (reboot) { - status = net_make_ipc_connection_ex(opt_workgroup, server_name, - NULL, 0, &cli); - if (!NT_STATUS_IS_OK(status)) { + ntstatus = net_make_ipc_connection_ex(opt_workgroup, server_name, + NULL, 0, &cli); + if (!NT_STATUS_IS_OK(ntstatus)) { return -1; } } - werr = NetUnjoinDomain(server_name, account, password, unjoin_flags); - if (!W_ERROR_IS_OK(werr)) { + status = libnetapi_init(&ctx); + if (status != 0) { + return -1; + } + + libnetapi_set_username(ctx, opt_user_name); + libnetapi_set_password(ctx, opt_password); + + status = NetUnjoinDomain(server_name, account, password, unjoin_flags); + if (status != 0) { printf("Failed to unjoin domain: %s\n", - get_friendly_nt_error_msg(werror_to_ntstatus(werr))); + libnetapi_errstr(status)); goto done; } @@ -121,11 +130,13 @@ static int net_dom_unjoin(int argc, const char **argv) cli_shutdown(cli); } + /* libnetapi_free(ctx); */ return ret; } static int net_dom_join(int argc, const char **argv) { + struct libnetapi_ctx *ctx = NULL; const char *server_name = NULL; const char *domain_name = NULL; const char *account_ou = NULL; @@ -135,8 +146,8 @@ static int net_dom_join(int argc, const char **argv) WKSSVC_JOIN_FLAGS_JOIN_TYPE; struct cli_state *cli = NULL; bool reboot = false; - NTSTATUS status; - WERROR werr; + NTSTATUS ntstatus; + NET_API_STATUS status; int ret = -1; int i; @@ -183,21 +194,28 @@ static int net_dom_join(int argc, const char **argv) } if (reboot) { - status = net_make_ipc_connection_ex(opt_workgroup, server_name, - NULL, 0, &cli); - if (!NT_STATUS_IS_OK(status)) { + ntstatus = net_make_ipc_connection_ex(opt_workgroup, server_name, + NULL, 0, &cli); + if (!NT_STATUS_IS_OK(ntstatus)) { return -1; } } /* check if domain is a domain or a workgroup */ - werr = NetJoinDomain(server_name, domain_name, account_ou, - Account, password, join_flags); - if (!W_ERROR_IS_OK(werr)) { - printf("Failed to join domain: %s (WERROR: %s)\n", - get_friendly_nt_error_msg(werror_to_ntstatus(werr)), - dos_errstr(werr)); + status = libnetapi_init(&ctx); + if (status != 0) { + return -1; + } + + libnetapi_set_username(ctx, opt_user_name); + libnetapi_set_password(ctx, opt_password); + + status = NetJoinDomain(server_name, domain_name, account_ou, + Account, password, join_flags); + if (status != 0) { + printf("Failed to join domain: %s\n", + libnetapi_errstr(status)); goto done; } @@ -226,6 +244,7 @@ static int net_dom_join(int argc, const char **argv) cli_shutdown(cli); } + /* libnetapi_free(ctx); */ return ret; } diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index 3f1908e242..74b35d0d66 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -37,6 +37,11 @@ goto done; \ } +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + /******************************************************************* Leave an AD domain. Windows XP disables the machine account. We'll try the same. The old code would do an LDAP delete. @@ -71,9 +76,12 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, if ( !NT_STATUS_IS_OK(status) ) return status; - - status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol); + + status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + dom_sid, + &domain_pol); if ( !NT_STATUS_IS_OK(status) ) return status; @@ -98,8 +106,11 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, /* Open handle on user */ - status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); + status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, + &user_pol); if ( !NT_STATUS_IS_OK(status) ) { goto done; } @@ -108,7 +119,7 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, 16, &qctr); if ( !NT_STATUS_IS_OK(status) ) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); goto done; } @@ -123,11 +134,11 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, &cli->user_session_key, &ctr); - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); done: - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); - rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ @@ -157,7 +168,7 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char * ********************************************************************/ NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, - char **domain, DOM_SID **sid ) + const char **domain, DOM_SID **sid ) { struct rpc_pipe_client *pipe_hnd = NULL; POLICY_HND lsa_pol; @@ -204,10 +215,12 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; const char *const_acct_name; + struct lsa_String lsa_acct_name; uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; uint32 acb_info = ACB_WSTRUST; + uint32 acct_flags; uint32 fields_present; uchar pwbuf[532]; SAM_USERINFO_CTR ctr; @@ -217,6 +230,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, uchar md5buffer[16]; DATA_BLOB digested_session_key; uchar md4_trust_password[16]; + uint32_t access_granted = 0; /* Open the domain */ @@ -231,9 +245,12 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, if ( !NT_STATUS_IS_OK(status) ) return status; - - status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol); + + status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + dom_sid, + &domain_pol); if ( !NT_STATUS_IS_OK(status) ) return status; @@ -243,10 +260,25 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, strlower_m(acct_name); const_acct_name = acct_name; - /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + init_lsa_String(&lsa_acct_name, acct_name); - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, 0xe005000b, &user_pol, &user_rid); + /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + + DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); + + status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if ( !NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) @@ -266,7 +298,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, /* We *must* do this.... don't ask... */ if (NT_STATUS_IS_OK(status)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, @@ -284,8 +316,11 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, /* Open handle on user */ - status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); + status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, + &user_pol); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -336,7 +371,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, return status; } - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ return status; diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 2cb601f917..908be0512a 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -48,6 +48,7 @@ int net_common_flags_usage(int argc, const char **argv) d_printf("\t-l or --long\t\t\tDisplay full information\n"); d_printf("\t-V or --version\t\t\tPrint samba version information\n"); d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n"); + d_printf("\t-e or --encrypt\t\tEncrypt SMB transport (UNIX extended servers only)\n"); return -1; } diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c index 20298faa29..8c01b5b4ba 100644 --- a/source3/utils/net_lookup.c +++ b/source3/utils/net_lookup.c @@ -401,7 +401,7 @@ static int net_lookup_dsgetdcname(int argc, const char **argv) site_name = sitename_fetch(domain_name); } - status = DsGetDcName(mem_ctx, NULL, domain_name, NULL, site_name, + status = dsgetdcname(mem_ctx, domain_name, NULL, site_name, flags, &info); if (!NT_STATUS_IS_OK(status)) { d_printf("failed with: %s\n", nt_errstr(status)); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index ab0cc73e49..7091063817 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -23,6 +23,11 @@ #include "includes.h" #include "utils/net.h" +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -51,7 +56,8 @@ static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); **/ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, - DOM_SID **domain_sid, char **domain_name) + DOM_SID **domain_sid, + const char **domain_name) { struct rpc_pipe_client *lsa_pipe; POLICY_HND pol; @@ -112,7 +118,7 @@ int run_rpc_command(struct cli_state *cli_arg, TALLOC_CTX *mem_ctx; NTSTATUS nt_status; DOM_SID *domain_sid; - char *domain_name; + const char *domain_name; /* make use of cli_state handed over as an argument, if possible */ if (!cli_arg) { @@ -451,11 +457,13 @@ NTSTATUS rpc_info_internals(const DOM_SID *domain_sid, d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result)); goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result)); goto done; @@ -586,8 +594,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; const char *acct_name; + struct lsa_String lsa_acct_name; uint32 acb_info; - uint32 access_mask, user_rid; + uint32 acct_flags, user_rid; + uint32_t access_granted = 0; if (argc < 1) { d_printf("User must be specified\n"); @@ -596,6 +606,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, } acct_name = argv[0]; + init_lsa_String(&lsa_acct_name, acct_name); /* Get sam policy handle */ @@ -606,10 +617,12 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -617,11 +630,21 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, /* Create domain user */ acb_info = ACB_NORMAL; - access_mask = 0xe005000b; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, access_mask, - &user_pol, &user_rid); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -643,9 +666,11 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -670,7 +695,8 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, d_fprintf(stderr, "Failed to set password for user %s - %s\n", acct_name, nt_errstr(result)); - result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol); + result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to delete user %s - %s\n", @@ -682,10 +708,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, } done: if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to add user %s - %s\n", acct_name, - nt_errstr(result)); + d_fprintf(stderr, "Failed to add user '%s' with %s.\n", + acct_name, nt_errstr(result)); } else { - d_printf("Added user %s\n", acct_name); + d_printf("Added user '%s'.\n", acct_name); } return result; } @@ -732,12 +758,16 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND connect_pol, domain_pol, user_pol; + const char *acct_name; if (argc < 1) { d_printf("User must be specified\n"); rpc_user_usage(argc, argv); return NT_STATUS_OK; } + + acct_name = argv[0]; + /* Get sam policy and domain handles */ result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, @@ -747,9 +777,11 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, goto done; } - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -762,7 +794,7 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, uint32 flags = 0x000003e8; /* Unknown */ result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, - flags, 1, &argv[0], + flags, 1, &acct_name, &num_rids, &user_rids, &name_types); @@ -770,9 +802,11 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -781,20 +815,21 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, /* Delete user */ - result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol); + result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - /* Display results */ + done: if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to delete user account - %s\n", nt_errstr(result)); - } else { - d_printf("Deleted user account\n"); - } + d_fprintf(stderr, "Failed to delete user '%s' with %s.\n", + acct_name, nt_errstr(result)); + } else { + d_printf("Deleted user '%s'.\n", acct_name); + } - done: return result; } @@ -856,10 +891,12 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -877,8 +914,11 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, } /* Open domain user */ - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rid[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1005,9 +1045,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, goto done; } - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1028,9 +1070,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1123,10 +1167,12 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) goto done; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Get handle on user */ @@ -1137,9 +1183,11 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol, @@ -1230,10 +1278,12 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid, } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1374,16 +1424,20 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, goto done; } - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - ctx->domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + ctx->domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rid, &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1392,13 +1446,13 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, done: if (is_valid_policy_hnd(&user_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } if (is_valid_policy_hnd(&domain_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); } if (is_valid_policy_hnd(&connect_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); } return result; } @@ -1738,11 +1792,13 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, d_fprintf(stderr, "Request samr_connect failed\n"); goto done; } - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); - + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); + if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Request open_domain failed\n"); goto done; @@ -1761,9 +1817,11 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, switch (name_types[0]) { case SID_NAME_DOM_GRP: - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rids[0], &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rids[0], + &group_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Request open_group failed"); goto done; @@ -1788,9 +1846,11 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, /* Check if group is anyone's primary group */ for (i = 0; i < num_members; i++) { - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rids[i], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rids[i], + &user_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]); @@ -1815,7 +1875,7 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, group_is_primary = True; } - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } if (group_is_primary) { @@ -1842,21 +1902,25 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid, } } - result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol); + result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx, + &group_pol); break; /* removing a local group is easier... */ case SID_NAME_ALIAS: - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rids[0], &group_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rids[0], + &group_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Request open_alias failed\n"); goto done; } - - result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol); + + result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx, + &group_pol); break; default: d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n", @@ -1896,6 +1960,8 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, group_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; GROUP_INFO_CTR group_info; + struct lsa_String grp_name; + uint32_t rid = 0; if (argc != 1) { d_printf("Group name must be specified\n"); @@ -1903,6 +1969,8 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; } + init_lsa_String(&grp_name, argv[0]); + /* Get sam policy handle */ result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, @@ -1910,17 +1978,22 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) goto done; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Create the group */ - result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol, - argv[0], MAXIMUM_ALLOWED_ACCESS, - &group_pol); + result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx, + &domain_pol, + &grp_name, + MAXIMUM_ALLOWED_ACCESS, + &group_pol, + &rid); if (!NT_STATUS_IS_OK(result)) goto done; if (strlen(opt_comment) == 0) goto done; @@ -1953,6 +2026,8 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, alias_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; ALIAS_INFO_CTR alias_info; + struct lsa_String alias_name; + uint32_t rid = 0; if (argc != 1) { d_printf("Alias name must be specified\n"); @@ -1960,6 +2035,8 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; } + init_lsa_String(&alias_name, argv[0]); + /* Get sam policy handle */ result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, @@ -1967,16 +2044,22 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) goto done; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Create the group */ - result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol, - argv[0], &alias_pol); + result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx, + &domain_pol, + &alias_name, + MAXIMUM_ALLOWED_ACCESS, + &alias_pol, + &rid); if (!NT_STATUS_IS_OK(result)) goto done; if (strlen(opt_comment) == 0) goto done; @@ -2093,11 +2176,13 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result)) { return result; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -2111,9 +2196,11 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, goto done; } - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -2122,7 +2209,7 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]); done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2161,18 +2248,22 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - alias_rid, &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + alias_rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) { return result; @@ -2185,7 +2276,7 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd, } done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2272,11 +2363,13 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd, &connect_pol); if (!NT_STATUS_IS_OK(result)) return result; - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -2289,9 +2382,11 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd, goto done; } - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + group_rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -2299,7 +2394,7 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd, result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]); done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2337,18 +2432,22 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - alias_rid, &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + alias_rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -2359,7 +2458,7 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd, return result; done: - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); return result; } @@ -2478,10 +2577,12 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -2554,15 +2655,15 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, POLICY_HND alias_pol; ALIAS_INFO_CTR ctr; - if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx, - &domain_pol, - 0x8, - groups[i].rid, - &alias_pol))) && + if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + 0x8, + groups[i].rid, + &alias_pol))) && (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx, &alias_pol, 3, &ctr))) && - (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx, + (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol)))) { description = unistr2_to_ascii_talloc(mem_ctx, ctr.alias.info3.description.string); @@ -2578,12 +2679,14 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, } } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); /* Get builtin policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &global_sid_Builtin, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -2609,15 +2712,15 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, POLICY_HND alias_pol; ALIAS_INFO_CTR ctr; - if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx, - &domain_pol, - 0x8, - groups[i].rid, - &alias_pol))) && + if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + 0x8, + groups[i].rid, + &alias_pol))) && (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx, &alias_pol, 3, &ctr))) && - (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx, + (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol)))) { description = unistr2_to_ascii_talloc(mem_ctx, ctr.alias.info3.description.string); @@ -2663,9 +2766,11 @@ static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd, fstring sid_str; sid_to_fstring(sid_str, domain_sid); - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rid, &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -2726,8 +2831,11 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd, enum lsa_SidType *types; int i; - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol, - MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -2812,10 +2920,12 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, return result; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -2829,13 +2939,15 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, DOM_SID sid_Builtin; - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); string_to_sid(&sid_Builtin, "S-1-5-32"); - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &sid_Builtin, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &sid_Builtin, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Couldn't find group %s\n", argv[0]); @@ -2909,10 +3021,12 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid, return result; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -2930,9 +3044,11 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid, return NT_STATUS_UNSUCCESSFUL; } - result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rids[0], &group_pol); + result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rids[0], + &group_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -4000,10 +4116,12 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, POLICY_HND domain_pol; /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -4022,10 +4140,11 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, DOM_SID *members; int j; - result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - groups[i].rid, - &alias_pol); + result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + groups[i].rid, + &alias_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -4036,7 +4155,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol); + result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -4060,7 +4179,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd, result = NT_STATUS_OK; done: - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); return result; } @@ -4160,7 +4279,7 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid, result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol, domain_sid); - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); done: return result; } @@ -5335,8 +5454,11 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; + struct lsa_String lsa_acct_name; uint32 acb_info; - uint32 unknown, user_rid; + uint32 acct_flags=0; + uint32 user_rid; + uint32_t access_granted = 0; if (argc != 2) { d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n"); @@ -5346,36 +5468,48 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, /* * Make valid trusting domain account (ie. uppercased and with '$' appended) */ - + if (asprintf(&acct_name, "%s$", argv[0]) < 0) { return NT_STATUS_NO_MEMORY; } strupper_m(acct_name); + init_lsa_String(&lsa_acct_name, acct_name); + /* Get samr policy handle */ result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Create trusting domain's account */ - acb_info = ACB_NORMAL; - unknown = 0xe00500b0; /* No idea what this is - a permission mask? - mimir: yes, most probably it is */ - - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, unknown, - &user_pol, &user_rid); + acb_info = ACB_NORMAL; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -5503,11 +5637,13 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) { goto done; } - + /* Get domain policy handle */ - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - domain_sid, &domain_pol); + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + CONST_DISCARD(struct dom_sid2 *, domain_sid), + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -5520,9 +5656,11 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, goto done; } - result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids[0], &user_pol); + result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids[0], + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -5545,7 +5683,8 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, /* Delete user */ - result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol); + result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -5603,7 +5742,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) DOM_SID *domain_sid; char* domain_name; - char* domain_name_pol; + const char* domain_name_pol; char* acct_name; fstring pdc_name; char *dc_name; @@ -5846,24 +5985,30 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, const char *trusted_dom_name) { NTSTATUS nt_status; - LSA_TRUSTED_DOMAIN_INFO *info; + union lsa_TrustedDomainInfo info; char *cleartextpwd = NULL; DATA_BLOB data; - nt_status = rpccli_lsa_query_trusted_domain_info_by_sid(pipe_hnd, mem_ctx, pol, 4, &dom_sid, &info); - + nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx, + pol, + &dom_sid, + LSA_TRUSTED_DOMAIN_INFO_PASSWORD, + &info); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0,("Could not query trusted domain info. Error was %s\n", nt_errstr(nt_status))); goto done; } - data = data_blob(NULL, info->password.password.length); + data = data_blob(NULL, info.password.password->length); - memcpy(data.data, info->password.password.data, info->password.password.length); - data.length = info->password.password.length; - - cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, &data); + memcpy(data.data, + info.password.password->data, + info.password.password->length); + data.length = info.password.password->length; + + cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, + &data); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n")); @@ -5907,7 +6052,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) DOM_SID *domain_sids; char **trusted_dom_names; fstring pdc_name; - char *dummy; + const char *dummy; /* * Listing trusted domains (stored in secrets.tdb, if local) @@ -6047,7 +6192,7 @@ static int rpc_trustdom_list(int argc, const char **argv) DOM_SID *domain_sids; char **trusted_dom_names; fstring pdc_name; - char *dummy; + const char *dummy; /* trusting domains listing variables */ POLICY_HND domain_hnd; @@ -6186,12 +6331,14 @@ static int rpc_trustdom_list(int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; - + /* SamrOpenDomain - we have to open domain policy handle in order to be able to enumerate accounts*/ - nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd, - SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, - queried_dom_sid, &domain_hnd); + nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_hnd, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + queried_dom_sid, + &domain_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open domain object. Error was %s\n", nt_errstr(nt_status))); @@ -6267,12 +6414,12 @@ static int rpc_trustdom_list(int argc, const char **argv) } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); /* close opened samr and domain policy handles */ - nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd); + nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name)); }; - nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd); + nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name)); }; diff --git a/source3/utils/net_rpc_audit.c b/source3/utils/net_rpc_audit.c index b7fda2b8e3..50bd555f16 100644 --- a/source3/utils/net_rpc_audit.c +++ b/source3/utils/net_rpc_audit.c @@ -1,21 +1,21 @@ -/* - Samba Unix/Linux SMB client library - Distributed SMB/CIFS Server Management Utility +/* + Samba Unix/Linux SMB client library + Distributed SMB/CIFS Server Management Utility Copyright (C) 2006 Guenther Deschner This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ - + #include "includes.h" #include "utils/net.h" @@ -54,29 +54,26 @@ static void print_auditing_category(const char *policy, const char *value) pad_len = col_len - strlen(policy); padding[pad_len] = 0; do padding[--pad_len] = ' '; while (pad_len > 0); - + d_printf("\t%s%s%s\n", policy, padding, value); } - /******************************************************************** ********************************************************************/ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - LSA_INFO_CTR dom; + union lsa_PolicyInformation info; int i; - - uint32 info_class = 2; - uint32 audit_category; + uint32_t audit_category; if (argc < 1 || argc > 2) { d_printf("insufficient arguments\n"); @@ -89,7 +86,7 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid, return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); @@ -97,15 +94,16 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid, goto done; } - result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, - info_class, - &dom); + result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - for (i=0; i < dom.info.id2.count1; i++) { + for (i=0; i < info.audit_events.count; i++) { const char *val = NULL, *policy = NULL; @@ -113,14 +111,15 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid, continue; } - val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]); + val = audit_policy_str(mem_ctx, info.audit_events.settings[i]); policy = audit_description_str(i); print_auditing_category(policy, val); } done: if (!NT_STATUS_IS_OK(result)) { - d_printf("failed to get auditing policy: %s\n", nt_errstr(result)); + d_printf("failed to get auditing policy: %s\n", + nt_errstr(result)); } return result; @@ -130,19 +129,17 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid, ********************************************************************/ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - LSA_INFO_CTR dom; - - uint32 info_class = 2; - uint32 audit_policy, audit_category; + union lsa_PolicyInformation info; + uint32_t audit_policy, audit_category; if (argc < 2 || argc > 3) { d_printf("insufficient arguments\n"); @@ -170,7 +167,7 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid, return NT_STATUS_INVALID_PARAMETER; } - result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); @@ -178,29 +175,32 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid, goto done; } - result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, - info_class, - &dom); + result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - dom.info.id2.auditsettings[audit_category] = audit_policy; + info.audit_events.settings[audit_category] = audit_policy; + + result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); - result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol, - info_class, - dom); if (!NT_STATUS_IS_OK(result)) { goto done; } - result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, - info_class, - &dom); - + result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); { - const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]); + const char *val = audit_policy_str(mem_ctx, info.audit_events.settings[audit_category]); const char *policy = audit_description_str(audit_category); print_auditing_category(policy, val); } @@ -209,11 +209,14 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) { d_printf("failed to set audit policy: %s\n", nt_errstr(result)); } - + return result; } -static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd, +/******************************************************************** +********************************************************************/ + +static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv, @@ -221,11 +224,9 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd, { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - LSA_INFO_CTR dom; - - uint32 info_class = 2; + union lsa_PolicyInformation info; - result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); @@ -233,19 +234,20 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd, goto done; } - result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, - info_class, - &dom); - + result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - dom.info.id2.auditing_enabled = enable; + info.audit_events.auditing_mode = enable; - result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol, - info_class, - dom); + result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -253,59 +255,60 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd, done: if (!NT_STATUS_IS_OK(result)) { - d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable", - nt_errstr(result)); + d_printf("failed to %s audit policy: %s\n", + enable ? "enable":"disable", nt_errstr(result)); } return result; } + /******************************************************************** ********************************************************************/ static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv) { - return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False); + return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, + false); } /******************************************************************** ********************************************************************/ static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv) { - return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True); + return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, + true); } /******************************************************************** ********************************************************************/ static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - LSA_INFO_CTR dom; + union lsa_PolicyInformation info; int i; - uint32 info_class = 2; - - result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); @@ -313,53 +316,52 @@ static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid, goto done; } - result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, - info_class, - &dom); - + result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &pol, + LSA_POLICY_INFO_AUDIT_EVENTS, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } printf("Auditing:\t\t"); - switch (dom.info.id2.auditing_enabled) { - case True: + switch (info.audit_events.auditing_mode) { + case true: printf("Enabled"); break; - case False: + case false: printf("Disabled"); break; default: - printf("unknown (%d)", dom.info.id2.auditing_enabled); + printf("unknown (%d)", info.audit_events.auditing_mode); break; } printf("\n"); - printf("Auditing categories:\t%d\n", dom.info.id2.count1); + printf("Auditing categories:\t%d\n", info.audit_events.count); printf("Auditing settings:\n"); - for (i=0; i < dom.info.id2.count1; i++) { - const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]); + for (i=0; i < info.audit_events.count; i++) { + const char *val = audit_policy_str(mem_ctx, info.audit_events.settings[i]); const char *policy = audit_description_str(i); print_auditing_category(policy, val); } done: if (!NT_STATUS_IS_OK(result)) { - d_printf("failed to list auditing policies: %s\n", nt_errstr(result)); + d_printf("failed to list auditing policies: %s\n", + nt_errstr(result)); } return result; } - - /******************************************************************** ********************************************************************/ static int rpc_audit_get(int argc, const char **argv) { - return run_rpc_command(NULL, PI_LSARPC, 0, + return run_rpc_command(NULL, PI_LSARPC, 0, rpc_audit_get_internal, argc, argv); } @@ -368,7 +370,7 @@ static int rpc_audit_get(int argc, const char **argv) static int rpc_audit_set(int argc, const char **argv) { - return run_rpc_command(NULL, PI_LSARPC, 0, + return run_rpc_command(NULL, PI_LSARPC, 0, rpc_audit_set_internal, argc, argv); } @@ -377,7 +379,7 @@ static int rpc_audit_set(int argc, const char **argv) static int rpc_audit_enable(int argc, const char **argv) { - return run_rpc_command(NULL, PI_LSARPC, 0, + return run_rpc_command(NULL, PI_LSARPC, 0, rpc_audit_enable_internal, argc, argv); } @@ -386,7 +388,7 @@ static int rpc_audit_enable(int argc, const char **argv) static int rpc_audit_disable(int argc, const char **argv) { - return run_rpc_command(NULL, PI_LSARPC, 0, + return run_rpc_command(NULL, PI_LSARPC, 0, rpc_audit_disable_internal, argc, argv); } @@ -395,14 +397,14 @@ static int rpc_audit_disable(int argc, const char **argv) static int rpc_audit_list(int argc, const char **argv) { - return run_rpc_command(NULL, PI_LSARPC, 0, + return run_rpc_command(NULL, PI_LSARPC, 0, rpc_audit_list_internal, argc, argv); } /******************************************************************** ********************************************************************/ -int net_rpc_audit(int argc, const char **argv) +int net_rpc_audit(int argc, const char **argv) { struct functable func[] = { {"get", rpc_audit_get}, @@ -412,9 +414,9 @@ int net_rpc_audit(int argc, const char **argv) {"list", rpc_audit_list}, {NULL, NULL} }; - + if (argc) return net_run_function(argc, argv, func, net_help_audit); - + return net_help_audit(argc, argv); } diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 0c25a53365..27819bb6ab 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -34,6 +34,12 @@ goto done; \ } +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + + /** * confirm that a domain join is still valid * @@ -45,7 +51,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server, { enum security_types sec; unsigned int conn_flags = NET_FLAGS_PDC; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; struct rpc_pipe_client *netlogon_pipe = NULL; @@ -132,7 +138,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; @@ -155,11 +161,14 @@ int net_rpc_join_newstyle(int argc, const char **argv) NTSTATUS result; int retval = 1; - char *domain = NULL; + const char *domain = NULL; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; char *acct_name; const char *const_acct_name; + struct lsa_String lsa_acct_name; + uint32 acct_flags=0; + uint32_t access_granted = 0; /* check what type of join */ if (argc >= 0) { @@ -235,10 +244,12 @@ int net_rpc_join_newstyle(int argc, const char **argv) &sam_pol), "could not connect to SAM database"); - - CHECK_RPC_ERR(rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - domain_sid, &domain_pol), + + CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + domain_sid, + &domain_pol), "could not open domain"); /* Create domain user */ @@ -249,10 +260,24 @@ int net_rpc_join_newstyle(int argc, const char **argv) strlower_m(acct_name); const_acct_name = acct_name; - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, - 0xe005000b, &user_pol, - &user_rid); + init_lsa_String(&lsa_acct_name, acct_name); + + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + + DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); + + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) { @@ -271,7 +296,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) /* We *must* do this.... don't ask... */ if (NT_STATUS_IS_OK(result)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } CHECK_RPC_ERR_DEBUG(rpccli_samr_lookup_names(pipe_hnd, mem_ctx, @@ -292,9 +317,11 @@ int net_rpc_join_newstyle(int argc, const char **argv) /* Open handle on user */ CHECK_RPC_ERR_DEBUG( - rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - user_rid, &user_pol), + rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, + &user_pol), ("could not re-open existing user %s: %s\n", acct_name, nt_errstr(result))); @@ -344,7 +371,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) result = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, &cli->user_session_key, &ctr); - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ /* Now check the whole process from top-to-bottom */ @@ -413,7 +440,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) /* Now store the secret in the secrets database */ - strupper_m(domain); + strupper_m(CONST_DISCARD(char *, domain)); if (!secrets_store_domain_sid(domain, domain_sid)) { DEBUG(0, ("error storing domain sid for %s\n", domain)); diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c index 23be8859e0..5f222b8c7e 100644 --- a/source3/utils/net_rpc_rights.c +++ b/source3/utils/net_rpc_rights.c @@ -28,9 +28,9 @@ static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd, fstring name) { POLICY_HND pol; - enum lsa_SidType *sid_types; + enum lsa_SidType *sid_types = NULL; NTSTATUS result; - char **domains, **names; + char **domains = NULL, **names = NULL; result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); @@ -202,7 +202,7 @@ static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd, NTSTATUS result; uint32 enum_context=0; uint32 pref_max_length=0x1000; - DOM_SID *sids; + DOM_SID *sids = NULL; uint32 count=0; int i; fstring name; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ca3279ee3a..e1f0cd3751 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, @@ -365,7 +365,8 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d old_string = pdb_get_munged_dial(account); mung.length = delta->hdr_parameters.uni_str_len; mung.data = (uint8 *) delta->uni_parameters.buffer; - newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? NULL : + base64_encode_data_blob(talloc_tos(), mung); if (STRING_CHANGED_NC(old_string, newstr)) pdb_set_munged_dial(account, newstr, PDB_CHANGED); @@ -486,7 +487,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return NT_STATUS_NO_MEMORY; } - if (!(passwd = Get_Pwnam(account))) { + if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { /* Create appropriate user */ if (delta->acb_info & ACB_NORMAL) { add_script = talloc_strdup(sam_account, @@ -525,7 +526,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } /* try and find the possible unix account again */ - if ( !(passwd = Get_Pwnam(account)) ) { + if ( !(passwd = Get_Pwnam_alloc(sam_account, account)) ) { d_fprintf(stderr, "Could not create posix account info for '%s'\n", account); nt_ret = NT_STATUS_NO_SUCH_USER; goto done; @@ -1422,12 +1423,11 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, base64_blob.data = (unsigned char *)value; base64_blob.length = strlen(value); - base64 = base64_encode_data_blob(base64_blob); + base64 = base64_encode_data_blob(value, base64_blob); SMB_ASSERT(base64 != NULL); res = fprintf(add_fd, "%s:: %s\n", attr_name, base64); TALLOC_FREE(value); - TALLOC_FREE(base64); return res; } diff --git a/source3/utils/net_rpc_sh_acct.c b/source3/utils/net_rpc_sh_acct.c index ac0ffca1f3..12da031d4b 100644 --- a/source3/utils/net_rpc_sh_acct.c +++ b/source3/utils/net_rpc_sh_acct.c @@ -54,10 +54,12 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx, } /* Get domain policy handle */ - - result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - ctx->domain_sid, &domain_pol); + + result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + ctx->domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -118,10 +120,10 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx, done: if (is_valid_policy_hnd(&domain_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); } if (is_valid_policy_hnd(&connect_pol)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol); } return result; diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index bd1f6cd686..52f8f911e1 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1135,7 +1135,7 @@ static int net_sam_do_list(int argc, const char **argv, } } - search->search_end(search); + pdb_search_destroy(search); return 0; } diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 7e2771c900..a3a403d7bd 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1,23 +1,24 @@ -/* +/* Unix SMB/CIFS implementation. Winbind status program. Copyright (C) Tim Potter 2000-2003 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004 - Copyright (C) Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it> 2000 + Copyright (C) Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it> 2000 Copyright (C) Robert O'Callahan 2006 (added cached credential code). + Copyright (C) Kai Blin <kai@samba.org> 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -28,7 +29,8 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -#define SQUID_BUFFER_SIZE 2010 +#define INITIAL_BUFFER_SIZE 300 +#define MAX_BUFFER_SIZE 630000 enum stdio_helper_mode { SQUID_2_4_BASIC, @@ -42,28 +44,56 @@ enum stdio_helper_mode { NUM_HELPER_MODES }; -typedef void (*stdio_helper_function)(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length); +enum ntlm_auth_cli_state { + CLIENT_INITIAL = 0, + CLIENT_RESPONSE, + CLIENT_FINISHED, + CLIENT_ERROR +}; + +enum ntlm_auth_svr_state { + SERVER_INITIAL = 0, + SERVER_CHALLENGE, + SERVER_FINISHED, + SERVER_ERROR +}; + +struct ntlm_auth_state { + TALLOC_CTX *mem_ctx; + enum stdio_helper_mode helper_mode; + enum ntlm_auth_cli_state cli_state; + enum ntlm_auth_svr_state svr_state; + struct ntlmssp_state *ntlmssp_state; + uint32_t neg_flags; + char *want_feature_list; + bool have_session_key; + DATA_BLOB session_key; + DATA_BLOB initial_message; +}; + +typedef void (*stdio_helper_function)(struct ntlm_auth_state *state, char *buf, + int length); -static void manage_squid_basic_request (enum stdio_helper_mode stdio_helper_mode, +static void manage_squid_basic_request (struct ntlm_auth_state *state, char *buf, int length); -static void manage_squid_ntlmssp_request (enum stdio_helper_mode stdio_helper_mode, - char *buf, int length); +static void manage_squid_ntlmssp_request (struct ntlm_auth_state *state, + char *buf, int length); -static void manage_client_ntlmssp_request (enum stdio_helper_mode stdio_helper_mode, - char *buf, int length); +static void manage_client_ntlmssp_request (struct ntlm_auth_state *state, + char *buf, int length); -static void manage_gss_spnego_request (enum stdio_helper_mode stdio_helper_mode, - char *buf, int length); +static void manage_gss_spnego_request (struct ntlm_auth_state *state, + char *buf, int length); -static void manage_gss_spnego_client_request (enum stdio_helper_mode stdio_helper_mode, - char *buf, int length); +static void manage_gss_spnego_client_request (struct ntlm_auth_state *state, + char *buf, int length); -static void manage_ntlm_server_1_request (enum stdio_helper_mode stdio_helper_mode, - char *buf, int length); +static void manage_ntlm_server_1_request (struct ntlm_auth_state *state, + char *buf, int length); -static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_mode, char *buf, int length); +static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state, + char *buf, int length); static const struct { enum stdio_helper_mode mode; @@ -123,7 +153,7 @@ static char winbind_separator(void) d_printf("winbind separator was NULL!\n"); return *lp_winbind_separator(); } - + return sep; } @@ -679,14 +709,9 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m return NT_STATUS_MORE_PROCESSING_REQUIRED; } -static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length) +static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, + char *buf, int length) { - static NTLMSSP_STATE *ntlmssp_state = NULL; - static char* want_feature_list = NULL; - static uint32 neg_flags = 0; - static bool have_session_key = False; - static DATA_BLOB session_key; DATA_BLOB request, reply; NTSTATUS nt_status; @@ -699,8 +724,9 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod if (strlen(buf) > 3) { if(strncmp(buf, "SF ", 3) == 0){ DEBUG(10, ("Setting flags to negotioate\n")); - SAFE_FREE(want_feature_list); - want_feature_list = SMB_STRNDUP(buf+3, strlen(buf)-3); + TALLOC_FREE(state->want_feature_list); + state->want_feature_list = talloc_strdup(state->mem_ctx, + buf+3); x_fprintf(x_stdout, "OK\n"); return; } @@ -710,9 +736,11 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod } if ((strncmp(buf, "PW ", 3) == 0)) { - /* The calling application wants us to use a local password (rather than winbindd) */ + /* The calling application wants us to use a local password + * (rather than winbindd) */ - opt_password = SMB_STRNDUP((const char *)request.data, request.length); + opt_password = SMB_STRNDUP((const char *)request.data, + request.length); if (opt_password == NULL) { DEBUG(1, ("Out of memory\n")); @@ -727,25 +755,33 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod } if (strncmp(buf, "YR", 2) == 0) { - if (ntlmssp_state) - ntlmssp_end(&ntlmssp_state); + if (state->ntlmssp_state) + ntlmssp_end(&state->ntlmssp_state); + state->svr_state = SERVER_INITIAL; } else if (strncmp(buf, "KK", 2) == 0) { - + /* No special preprocessing required */ } else if (strncmp(buf, "GF", 2) == 0) { DEBUG(10, ("Requested negotiated NTLMSSP flags\n")); - x_fprintf(x_stdout, "GF 0x%08lx\n", have_session_key?neg_flags:0l); + + if (state->svr_state == SERVER_FINISHED) { + x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags); + } + else { + x_fprintf(x_stdout, "BH\n"); + } data_blob_free(&request); return; } else if (strncmp(buf, "GK", 2) == 0) { DEBUG(10, ("Requested NTLMSSP session key\n")); - if(have_session_key) { - char *key64 = base64_encode_data_blob(session_key); + if(state->have_session_key) { + char *key64 = base64_encode_data_blob(state->mem_ctx, + state->session_key); x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>"); TALLOC_FREE(key64); } else { x_fprintf(x_stdout, "BH\n"); } - + data_blob_free(&request); return; } else { @@ -754,65 +790,62 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod return; } - if (!ntlmssp_state) { - if (!NT_STATUS_IS_OK(nt_status = ntlm_auth_start_ntlmssp_server(&ntlmssp_state))) { + if (!state->ntlmssp_state) { + nt_status = ntlm_auth_start_ntlmssp_server( + &state->ntlmssp_state); + if (!NT_STATUS_IS_OK(nt_status)) { x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status)); return; } - ntlmssp_want_feature_list(ntlmssp_state, want_feature_list); + ntlmssp_want_feature_list(state->ntlmssp_state, + state->want_feature_list); } DEBUG(10, ("got NTLMSSP packet:\n")); dump_data(10, request.data, request.length); - nt_status = ntlmssp_update(ntlmssp_state, request, &reply); - + nt_status = ntlmssp_update(state->ntlmssp_state, request, &reply); + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - char *reply_base64 = base64_encode_data_blob(reply); + char *reply_base64 = base64_encode_data_blob(state->mem_ctx, + reply); x_fprintf(x_stdout, "TT %s\n", reply_base64); TALLOC_FREE(reply_base64); data_blob_free(&reply); + state->svr_state = SERVER_CHALLENGE; DEBUG(10, ("NTLMSSP challenge\n")); } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) { x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status)); DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status))); - ntlmssp_end(&ntlmssp_state); + ntlmssp_end(&state->ntlmssp_state); } else if (!NT_STATUS_IS_OK(nt_status)) { x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status)); DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status))); } else { - x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context); + x_fprintf(x_stdout, "AF %s\n", + (char *)state->ntlmssp_state->auth_context); DEBUG(10, ("NTLMSSP OK!\n")); - - if(have_session_key) - data_blob_free(&session_key); - session_key = data_blob(ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - neg_flags = ntlmssp_state->neg_flags; - have_session_key = True; + + if(state->have_session_key) + data_blob_free(&state->session_key); + state->session_key = data_blob( + state->ntlmssp_state->session_key.data, + state->ntlmssp_state->session_key.length); + state->neg_flags = state->ntlmssp_state->neg_flags; + state->have_session_key = true; + state->svr_state = SERVER_FINISHED; } data_blob_free(&request); } -static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length) +static void manage_client_ntlmssp_request(struct ntlm_auth_state *state, + char *buf, int length) { - /* The statics here are *HORRIBLE* and this entire concept - needs to be rewritten. Essentially it's using these statics - as the state in a state machine. BLEEEGH ! JRA. */ - - static NTLMSSP_STATE *ntlmssp_state = NULL; - static DATA_BLOB initial_message; - static char* want_feature_list = NULL; - static uint32 neg_flags = 0; - static bool have_session_key = False; - static DATA_BLOB session_key; DATA_BLOB request, reply; NTSTATUS nt_status; - bool first = False; - + if (!opt_username || !*opt_username) { x_fprintf(x_stderr, "username must be specified!\n\n"); exit(1); @@ -827,8 +860,9 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo if (strlen(buf) > 3) { if(strncmp(buf, "SF ", 3) == 0) { DEBUG(10, ("Looking for flags to negotiate\n")); - SAFE_FREE(want_feature_list); - want_feature_list = SMB_STRNDUP(buf+3, strlen(buf)-3); + talloc_free(state->want_feature_list); + state->want_feature_list = talloc_strdup(state->mem_ctx, + buf+3); x_fprintf(x_stdout, "OK\n"); return; } @@ -840,7 +874,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo if (strncmp(buf, "PW ", 3) == 0) { /* We asked for a password and obviously got it :-) */ - opt_password = SMB_STRNDUP((const char *)request.data, request.length); + opt_password = SMB_STRNDUP((const char *)request.data, + request.length); if (opt_password == NULL) { DEBUG(1, ("Out of memory\n")); @@ -854,8 +889,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo return; } - if (!ntlmssp_state && use_cached_creds) { - /* check whether credentials are usable. */ + if (!state->ntlmssp_state && use_cached_creds) { + /* check whether cached credentials are usable. */ DATA_BLOB empty_blob = data_blob_null; nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL); @@ -866,30 +901,39 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo } if (opt_password == NULL && !use_cached_creds) { - /* Request a password from the calling process. After - sending it, the calling process should retry asking for the negotiate. */ - + sending it, the calling process should retry asking for the + negotiate. */ + DEBUG(10, ("Requesting password\n")); x_fprintf(x_stdout, "PW\n"); return; } if (strncmp(buf, "YR", 2) == 0) { - if (ntlmssp_state) - ntlmssp_end(&ntlmssp_state); + if (state->ntlmssp_state) + ntlmssp_end(&state->ntlmssp_state); + state->cli_state = CLIENT_INITIAL; } else if (strncmp(buf, "TT", 2) == 0) { - + /* No special preprocessing required */ } else if (strncmp(buf, "GF", 2) == 0) { DEBUG(10, ("Requested negotiated NTLMSSP flags\n")); - x_fprintf(x_stdout, "GF 0x%08lx\n", have_session_key?neg_flags:0l); + + if(state->cli_state == CLIENT_FINISHED) { + x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags); + } + else { + x_fprintf(x_stdout, "BH\n"); + } + data_blob_free(&request); return; } else if (strncmp(buf, "GK", 2) == 0 ) { DEBUG(10, ("Requested session key\n")); - if(have_session_key) { - char *key64 = base64_encode_data_blob(session_key); + if(state->cli_state == CLIENT_FINISHED) { + char *key64 = base64_encode_data_blob(state->mem_ctx, + state->session_key); x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>"); TALLOC_FREE(key64); } @@ -905,67 +949,75 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo return; } - if (!ntlmssp_state) { - if (!NT_STATUS_IS_OK(nt_status = ntlm_auth_start_ntlmssp_client(&ntlmssp_state))) { + if (!state->ntlmssp_state) { + nt_status = ntlm_auth_start_ntlmssp_client( + &state->ntlmssp_state); + if (!NT_STATUS_IS_OK(nt_status)) { x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status)); return; } - ntlmssp_want_feature_list(ntlmssp_state, want_feature_list); - first = True; - initial_message = data_blob_null; + ntlmssp_want_feature_list(state->ntlmssp_state, + state->want_feature_list); + state->initial_message = data_blob_null; } DEBUG(10, ("got NTLMSSP packet:\n")); dump_data(10, request.data, request.length); - if (use_cached_creds && !opt_password && !first) { - nt_status = do_ccache_ntlm_auth(initial_message, request, &reply); + if (use_cached_creds && !opt_password && + (state->cli_state == CLIENT_RESPONSE)) { + nt_status = do_ccache_ntlm_auth(state->initial_message, request, + &reply); } else { - nt_status = ntlmssp_update(ntlmssp_state, request, &reply); + nt_status = ntlmssp_update(state->ntlmssp_state, request, + &reply); } - + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - char *reply_base64 = base64_encode_data_blob(reply); - if (first) { + char *reply_base64 = base64_encode_data_blob(state->mem_ctx, + reply); + if (state->cli_state == CLIENT_INITIAL) { x_fprintf(x_stdout, "YR %s\n", reply_base64); - } else { - x_fprintf(x_stdout, "KK %s\n", reply_base64); - } - TALLOC_FREE(reply_base64); - if (first) { - initial_message = reply; + state->initial_message = reply; + state->cli_state = CLIENT_RESPONSE; } else { + x_fprintf(x_stdout, "KK %s\n", reply_base64); data_blob_free(&reply); } + TALLOC_FREE(reply_base64); DEBUG(10, ("NTLMSSP challenge\n")); } else if (NT_STATUS_IS_OK(nt_status)) { - char *reply_base64 = base64_encode_data_blob(reply); + char *reply_base64 = base64_encode_data_blob(talloc_tos(), + reply); x_fprintf(x_stdout, "AF %s\n", reply_base64); TALLOC_FREE(reply_base64); - if(have_session_key) - data_blob_free(&session_key); + if(state->have_session_key) + data_blob_free(&state->session_key); - session_key = data_blob(ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - neg_flags = ntlmssp_state->neg_flags; - have_session_key = True; + state->session_key = data_blob( + state->ntlmssp_state->session_key.data, + state->ntlmssp_state->session_key.length); + state->neg_flags = state->ntlmssp_state->neg_flags; + state->have_session_key = true; DEBUG(10, ("NTLMSSP OK!\n")); - if (ntlmssp_state) - ntlmssp_end(&ntlmssp_state); + state->cli_state = CLIENT_FINISHED; + if (state->ntlmssp_state) + ntlmssp_end(&state->ntlmssp_state); } else { x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status)); DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status))); - if (ntlmssp_state) - ntlmssp_end(&ntlmssp_state); + state->cli_state = CLIENT_ERROR; + if (state->ntlmssp_state) + ntlmssp_end(&state->ntlmssp_state); } data_blob_free(&request); } -static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length) +static void manage_squid_basic_request(struct ntlm_auth_state *state, + char *buf, int length) { char *user, *pass; user=buf; @@ -979,7 +1031,7 @@ static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode, *pass='\0'; pass++; - if (stdio_helper_mode == SQUID_2_5_BASIC) { + if (state->helper_mode == SQUID_2_5_BASIC) { rfc1738_unescape(user); rfc1738_unescape(pass); } @@ -1039,7 +1091,7 @@ static void offer_gss_spnego_mechs(void) { return; } - reply_base64 = base64_encode_data_blob(token); + reply_base64 = base64_encode_data_blob(talloc_tos(), token); x_fprintf(x_stdout, "TT %s *\n", reply_base64); TALLOC_FREE(reply_base64); @@ -1048,8 +1100,8 @@ static void offer_gss_spnego_mechs(void) { return; } -static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length) +static void manage_gss_spnego_request(struct ntlm_auth_state *state, + char *buf, int length) { static NTLMSSP_STATE *ntlmssp_state = NULL; SPNEGO_DATA request, response; @@ -1163,6 +1215,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, char *principal; DATA_BLOB ap_rep; DATA_BLOB session_key; + PAC_DATA *pac_data = NULL; if ( request.negTokenInit.mechToken.data == NULL ) { DEBUG(1, ("Client did not provide Kerberos data\n")); @@ -1177,7 +1230,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, status = ads_verify_ticket(mem_ctx, lp_realm(), 0, &request.negTokenInit.mechToken, - &principal, NULL, &ap_rep, + &principal, &pac_data, &ap_rep, &session_key, True); talloc_destroy(mem_ctx); @@ -1275,7 +1328,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, return; } - reply_base64 = base64_encode_data_blob(token); + reply_base64 = base64_encode_data_blob(talloc_tos(), token); x_fprintf(x_stdout, "%s %s %s\n", reply_code, reply_base64, reply_argument); @@ -1342,7 +1395,7 @@ static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego) write_spnego_data(&to_server, &spnego); data_blob_free(&spnego.negTokenInit.mechToken); - to_server_base64 = base64_encode_data_blob(to_server); + to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server); data_blob_free(&to_server); x_fprintf(x_stdout, "KK %s\n", to_server_base64); TALLOC_FREE(to_server_base64); @@ -1400,7 +1453,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) write_spnego_data(&to_server, &spnego); data_blob_free(&request); - to_server_base64 = base64_encode_data_blob(to_server); + to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server); data_blob_free(&to_server); x_fprintf(x_stdout, "KK %s\n", to_server_base64); TALLOC_FREE(to_server_base64); @@ -1489,7 +1542,7 @@ static bool manage_client_krb5_init(SPNEGO_DATA spnego) return False; } - reply_base64 = base64_encode_data_blob(to_server); + reply_base64 = base64_encode_data_blob(talloc_tos(), to_server); x_fprintf(x_stdout, "KK %s *\n", reply_base64); TALLOC_FREE(reply_base64); @@ -1521,8 +1574,8 @@ static void manage_client_krb5_targ(SPNEGO_DATA spnego) #endif -static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length) +static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, + char *buf, int length) { DATA_BLOB request; SPNEGO_DATA spnego; @@ -1659,8 +1712,8 @@ static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper return; } -static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mode, - char *buf, int length) +static void manage_ntlm_server_1_request(struct ntlm_auth_state *state, + char *buf, int length) { char *request, *parameter; static DATA_BLOB challenge; @@ -1852,7 +1905,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod } } -static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_mode, char *buf, int length) +static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state, + char *buf, int length) { char *request, *parameter; static DATA_BLOB new_nt_pswd; @@ -2062,57 +2116,93 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_ } } -static void manage_squid_request(enum stdio_helper_mode helper_mode, stdio_helper_function fn) +static void manage_squid_request(struct ntlm_auth_state *state, + stdio_helper_function fn) { - char buf[SQUID_BUFFER_SIZE+1]; - int length; + char *buf; + char tmp[INITIAL_BUFFER_SIZE+1]; + int length, buf_size = 0; char *c; - static bool err; - /* this is not a typo - x_fgets doesn't work too well under squid */ - if (fgets(buf, sizeof(buf)-1, stdin) == NULL) { - if (ferror(stdin)) { - DEBUG(1, ("fgets() failed! dying..... errno=%d (%s)\n", ferror(stdin), - strerror(ferror(stdin)))); - - exit(1); /* BIIG buffer */ - } - exit(0); - } - - c=(char *)memchr(buf,'\n',sizeof(buf)-1); - if (c) { - *c = '\0'; - length = c-buf; - } else { - err = 1; - return; - } - if (err) { - DEBUG(2, ("Oversized message\n")); + buf = talloc_strdup(state->mem_ctx, ""); + if (!buf) { + DEBUG(0, ("Failed to allocate input buffer.\n")); x_fprintf(x_stderr, "ERR\n"); - err = 0; - return; + exit(1); } + do { + + /* this is not a typo - x_fgets doesn't work too well under + * squid */ + if (fgets(tmp, sizeof(tmp)-1, stdin) == NULL) { + if (ferror(stdin)) { + DEBUG(1, ("fgets() failed! dying..... errno=%d " + "(%s)\n", ferror(stdin), + strerror(ferror(stdin)))); + + exit(1); + } + exit(0); + } + + buf = talloc_strdup_append_buffer(buf, tmp); + buf_size += INITIAL_BUFFER_SIZE; + + if (buf_size > MAX_BUFFER_SIZE) { + DEBUG(2, ("Oversized message\n")); + x_fprintf(x_stderr, "ERR\n"); + talloc_free(buf); + return; + } + + c = strchr(buf, '\n'); + } while (c == NULL); + + *c = '\0'; + length = c-buf; + DEBUG(10, ("Got '%s' from squid (length: %d).\n",buf,length)); if (buf[0] == '\0') { DEBUG(2, ("Invalid Request\n")); x_fprintf(x_stderr, "ERR\n"); + talloc_free(buf); return; } - - fn(helper_mode, buf, length); + + fn(state, buf, length); + talloc_free(buf); } static void squid_stream(enum stdio_helper_mode stdio_mode, stdio_helper_function fn) { + TALLOC_CTX *mem_ctx; + struct ntlm_auth_state *state; + /* initialize FDescs */ x_setbuf(x_stdout, NULL); x_setbuf(x_stderr, NULL); + + mem_ctx = talloc_init("ntlm_auth"); + if (!mem_ctx) { + DEBUG(0, ("squid_stream: Failed to create talloc context\n")); + x_fprintf(x_stderr, "ERR\n"); + exit(1); + } + + state = talloc_zero(mem_ctx, struct ntlm_auth_state); + if (!state) { + DEBUG(0, ("squid_stream: Failed to talloc ntlm_auth_state\n")); + x_fprintf(x_stderr, "ERR\n"); + exit(1); + } + + state->mem_ctx = mem_ctx; + state->helper_mode = stdio_mode; + while(1) { - manage_squid_request(stdio_mode, fn); + manage_squid_request(state, fn); } } @@ -2232,7 +2322,8 @@ enum { { "use-cached-creds", 0, POPT_ARG_NONE, &use_cached_creds, OPT_USE_CACHED_CREDS, "Use cached credentials if no password is given"}, { "diagnostics", 0, POPT_ARG_NONE, &diagnostics, OPT_DIAGNOSTICS, "Perform diagnostics on the authentictaion chain"}, { "require-membership-of", 0, POPT_ARG_STRING, &require_membership_of, OPT_REQUIRE_MEMBERSHIP, "Require that a user be a member of this group (either name or SID) for authentication to succeed" }, - POPT_COMMON_SAMBA + POPT_COMMON_CONFIGFILE + POPT_COMMON_VERSION POPT_TABLEEND }; @@ -2240,14 +2331,6 @@ enum { load_case_tables(); dbf = x_stderr; - - /* Samba client initialisation */ - - if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) { - d_fprintf(stderr, "ntlm_auth: error opening config file %s. Error was %s\n", - get_dyn_CONFIGFILE(), strerror(errno)); - exit(1); - } /* Parse options */ @@ -2260,6 +2343,18 @@ enum { return 1; } + while((opt = poptGetNextOpt(pc)) != -1) { + /* Get generic config options like --configfile */ + } + + poptFreeContext(pc); + + if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) { + d_fprintf(stderr, "ntlm_auth: error opening config file %s. Error was %s\n", + get_dyn_CONFIGFILE(), strerror(errno)); + exit(1); + } + pc = poptGetContext(NULL, argc, (const char **)argv, long_options, POPT_CONTEXT_KEEP_FIRST); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 6884783396..e1d6709073 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -61,69 +61,85 @@ static int export_database (struct pdb_methods *in, struct pdb_methods *out, const char *username) { - struct samu *user = NULL; NTSTATUS status; + struct pdb_search *u_search; + struct samr_displayentry userentry; DEBUG(3, ("export_database: username=\"%s\"\n", username ? username : "(NULL)")); - status = in->setsampwent(in, 0, 0); - if ( NT_STATUS_IS_ERR(status) ) { - fprintf(stderr, "Unable to set account database iterator for %s!\n", - in->name); + u_search = pdb_search_init(PDB_USER_SEARCH); + if (u_search == NULL) { + DEBUG(0, ("pdb_search_init failed\n")); return 1; } - if ( ( user = samu_new( NULL ) ) == NULL ) { - fprintf(stderr, "export_database: Memory allocation failure!\n"); + if (!in->search_users(in, u_search, 0)) { + DEBUG(0, ("Could not start searching users\n")); + pdb_search_destroy(u_search); return 1; } - while ( NT_STATUS_IS_OK(in->getsampwent(in, user)) ) - { - DEBUG(4, ("Processing account %s\n", user->username)); + while (u_search->next_entry(u_search, &userentry)) { + struct samu *user; + struct samu *account; + DOM_SID user_sid; - /* If we don't have a specific user or if we do and - the login name matches */ + DEBUG(4, ("Processing account %s\n", userentry.account_name)); - if ( !username || (strcmp(username, user->username) == 0)) { - struct samu *account; + if ((username != NULL) + && (strcmp(username, userentry.account_name) != 0)) { + /* + * ignore unwanted users + */ + continue; + } - if ( (account = samu_new( NULL )) == NULL ) { - fprintf(stderr, "export_database: Memory allocation failure!\n"); - TALLOC_FREE( user ); - in->endsampwent( in ); - return 1; - } + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("talloc failed\n")); + break; + } - printf("Importing account for %s...", user->username); - if ( !NT_STATUS_IS_OK(out->getsampwnam( out, account, user->username )) ) { - status = out->add_sam_account(out, user); - } else { - status = out->update_sam_account( out, user ); - } + sid_compose(&user_sid, get_global_sam_sid(), userentry.rid); - if ( NT_STATUS_IS_OK(status) ) { - printf( "ok\n"); - } else { - printf( "failed\n"); - } + status = in->getsampwsid(in, user, &user_sid); - TALLOC_FREE( account ); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2, ("getsampwsid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(user); + continue; } - /* clean up and get ready for another run */ + account = samu_new(NULL); + if (account == NULL) { + fprintf(stderr, "export_database: Memory allocation " + "failure!\n"); + TALLOC_FREE( user ); + pdb_search_destroy(u_search); + return 1; + } - TALLOC_FREE( user ); + printf("Importing account for %s...", user->username); + status = out->getsampwnam(out, account, user->username); - if ( ( user = samu_new( NULL ) ) == NULL ) { - fprintf(stderr, "export_database: Memory allocation failure!\n"); - return 1; + if (NT_STATUS_IS_OK(status)) { + status = out->update_sam_account( out, user ); + } else { + status = out->add_sam_account(out, user); + } + + if ( NT_STATUS_IS_OK(status) ) { + printf( "ok\n"); + } else { + printf( "failed\n"); } - } - TALLOC_FREE( user ); + TALLOC_FREE( account ); + TALLOC_FREE( user ); + } - in->endsampwent(in); + pdb_search_destroy(u_search); return 0; } @@ -326,33 +342,50 @@ static int print_user_info (struct pdb_methods *in, const char *username, bool v **********************************************************/ static int print_users_list (struct pdb_methods *in, bool verbosity, bool smbpwdstyle) { - struct samu *sam_pwent=NULL; - bool check; - - check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0)); - if (!check) { + struct pdb_search *u_search; + struct samr_displayentry userentry; + + u_search = pdb_search_init(PDB_USER_SEARCH); + if (u_search == NULL) { + DEBUG(0, ("pdb_search_init failed\n")); return 1; } - check = True; - if ( (sam_pwent = samu_new( NULL )) == NULL ) { + if (!in->search_users(in, u_search, 0)) { + DEBUG(0, ("Could not start searching users\n")); + pdb_search_destroy(u_search); return 1; } - while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) { + while (u_search->next_entry(u_search, &userentry)) { + struct samu *sam_pwent; + DOM_SID user_sid; + NTSTATUS status; + + sam_pwent = samu_new(talloc_tos()); + if (sam_pwent == NULL) { + DEBUG(0, ("talloc failed\n")); + break; + } + + sid_compose(&user_sid, get_global_sam_sid(), userentry.rid); + + status = in->getsampwsid(in, sam_pwent, &user_sid); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2, ("getsampwsid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(sam_pwent); + continue; + } + if (verbosity) printf ("---------------\n"); print_sam_info (sam_pwent, verbosity, smbpwdstyle); TALLOC_FREE(sam_pwent); - - if ( (sam_pwent = samu_new( NULL )) == NULL ) { - check = False; - } } - if (check) - TALLOC_FREE(sam_pwent); - - in->endsampwent(in); + pdb_search_destroy(u_search); + return 0; } @@ -361,38 +394,50 @@ static int print_users_list (struct pdb_methods *in, bool verbosity, bool smbpwd **********************************************************/ static int fix_users_list (struct pdb_methods *in) { - struct samu *sam_pwent=NULL; - bool check; - - check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0)); - if (!check) { + struct pdb_search *u_search; + struct samr_displayentry userentry; + + u_search = pdb_search_init(PDB_USER_SEARCH); + if (u_search == NULL) { + DEBUG(0, ("pdb_search_init failed\n")); return 1; } - check = True; - if ( (sam_pwent = samu_new( NULL )) == NULL ) { + if (!in->search_users(in, u_search, 0)) { + DEBUG(0, ("Could not start searching users\n")); + pdb_search_destroy(u_search); return 1; } - while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) { - printf("Updating record for user %s\n", pdb_get_username(sam_pwent)); - - if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { - printf("Update of user %s failed!\n", pdb_get_username(sam_pwent)); + while (u_search->next_entry(u_search, &userentry)) { + struct samu *sam_pwent; + DOM_SID user_sid; + NTSTATUS status; + + sam_pwent = samu_new(talloc_tos()); + if (sam_pwent == NULL) { + DEBUG(0, ("talloc failed\n")); + break; } - TALLOC_FREE(sam_pwent); - if ( (sam_pwent = samu_new( NULL )) == NULL ) { - check = False; + + sid_compose(&user_sid, get_global_sam_sid(), userentry.rid); + + status = in->getsampwsid(in, sam_pwent, &user_sid); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2, ("getsampwsid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(sam_pwent); + continue; } - if (!check) { - fprintf(stderr, "Failed to initialise new struct samu structure (out of memory?)\n"); + + if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { + printf("Update of user %s failed!\n", + pdb_get_username(sam_pwent)); } - - } - if (check) TALLOC_FREE(sam_pwent); - - in->endsampwent(in); + } + pdb_search_destroy(u_search); return 0; } diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 958f8e255e..134f561760 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -822,7 +822,7 @@ static int cacl_set(struct cli_state *cli, char *filename, *******************************************************/ static struct cli_state *connect_one(const char *server, const char *share) { - struct cli_state *c; + struct cli_state *c = NULL; struct sockaddr_storage ss; NTSTATUS nt_status; zero_addr(&ss); @@ -834,20 +834,33 @@ static struct cli_state *connect_one(const char *server, const char *share) } } - if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server, - &ss, 0, - share, "?????", - get_cmdline_auth_info_username(), - lp_workgroup(), - get_cmdline_auth_info_password(), - 0, - get_cmdline_auth_info_signing_state(), - NULL))) { - return c; - } else { + nt_status = cli_full_connection(&c, global_myname(), server, + &ss, 0, + share, "?????", + get_cmdline_auth_info_username(), + lp_workgroup(), + get_cmdline_auth_info_password(), + get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, + get_cmdline_auth_info_signing_state(), + NULL); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } + + if (get_cmdline_auth_info_smb_encrypt()) { + nt_status = cli_cm_force_encryption(c, + get_cmdline_auth_info_username(), + get_cmdline_auth_info_password(), + lp_workgroup(), + share); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(c); + c = NULL; + } + } + + return c; } /**************************************************************************** diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c index fe0c22911e..76036bfdde 100644 --- a/source3/utils/smbcontrol.c +++ b/source3/utils/smbcontrol.c @@ -1008,6 +1008,62 @@ static bool do_dump_event_list(struct messaging_context *msg_ctx, return send_message(msg_ctx, pid, MSG_DUMP_EVENT_LIST, NULL, 0); } +static bool do_winbind_dump_domain_list(struct messaging_context *msg_ctx, + const struct server_id pid, + const int argc, const char **argv) +{ + const char *domain = NULL; + int domain_len = 0; + struct server_id myid; + uint8_t *buf = NULL; + int buf_len = 0; + + myid = pid_to_procid(sys_getpid()); + + if (argc < 1 || argc > 2) { + fprintf(stderr, "Usage: smbcontrol <dest> dump_domain_list " + "<domain>\n"); + return false; + } + + if (argc == 2) { + domain = argv[1]; + domain_len = strlen(argv[1]) + 1; + } + + messaging_register(msg_ctx, NULL, MSG_WINBIND_DUMP_DOMAIN_LIST, + print_pid_string_cb); + + buf_len = sizeof(myid)+domain_len; + buf = SMB_MALLOC(buf_len); + if (!buf) { + return false; + } + + memcpy(buf, &myid, sizeof(myid)); + memcpy(&buf[sizeof(myid)], domain, domain_len); + + if (!send_message(msg_ctx, pid, MSG_WINBIND_DUMP_DOMAIN_LIST, + buf, buf_len)) + { + SAFE_FREE(buf); + return false; + } + + wait_replies(msg_ctx, procid_to_pid(&pid) == 0); + + /* No replies were received within the timeout period */ + + SAFE_FREE(buf); + if (num_replies == 0) { + printf("No replies received\n"); + } + + messaging_deregister(msg_ctx, MSG_WINBIND_DUMP_DOMAIN_LIST, NULL); + + return num_replies; +} + static void winbind_validate_cache_cb(struct messaging_context *msg, void *private_data, uint32_t msg_type, @@ -1150,6 +1206,7 @@ static const struct { { "dump-event-list", do_dump_event_list, "Dump event list"}, { "validate-cache" , do_winbind_validate_cache, "Validate winbind's credential cache" }, + { "dump-domain-list", do_winbind_dump_domain_list, "Dump winbind domain list"}, { "noop", do_noop, "Do nothing" }, { NULL } }; diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index e6aa5e86cf..508a2dc8ca 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -380,20 +380,33 @@ static struct cli_state *connect_one(const char *share) } } - if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server, - &ss, 0, - share, "?????", - get_cmdline_auth_info_username(), - lp_workgroup(), - get_cmdline_auth_info_password(), - 0, - get_cmdline_auth_info_signing_state(), - NULL))) { - return c; - } else { + nt_status = cli_full_connection(&c, global_myname(), server, + &ss, 0, + share, "?????", + get_cmdline_auth_info_username(), + lp_workgroup(), + get_cmdline_auth_info_password(), + 0, + get_cmdline_auth_info_signing_state(), + NULL); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } + + if (get_cmdline_auth_info_smb_encrypt()) { + nt_status = cli_cm_force_encryption(c, + get_cmdline_auth_info_username(), + get_cmdline_auth_info_password(), + lp_workgroup(), + share); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(c); + return NULL; + } + } + + return c; } /**************************************************************************** diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c index 912d575c60..8db969722a 100644 --- a/source3/utils/smbfilter.c +++ b/source3/utils/smbfilter.c @@ -114,6 +114,30 @@ static void filter_request(char *buf) } +/**************************************************************************** + Send an smb to a fd. +****************************************************************************/ + +static bool send_smb(int fd, char *buffer) +{ + size_t len; + size_t nwritten=0; + ssize_t ret; + + len = smb_len(buffer) + 4; + + while (nwritten < len) { + ret = write_data(fd,buffer+nwritten,len - nwritten); + if (ret <= 0) { + DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n", + (int)len,(int)ret, strerror(errno) )); + return false; + } + nwritten += ret; + } + + return true; +} static void filter_child(int c, struct sockaddr_storage *dest_ss) { @@ -145,7 +169,7 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss) if (num <= 0) continue; if (c != -1 && FD_ISSET(c, &fds)) { - if (!receive_smb(c, packet, 0, NULL)) { + if (!receive_smb_raw(c, packet, 0, 0, NULL)) { d_printf("client closed connection\n"); exit(0); } @@ -156,7 +180,7 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss) } } if (s != -1 && FD_ISSET(s, &fds)) { - if (!receive_smb(s, packet, 0, NULL)) { + if (!receive_smb_raw(s, packet, 0, 0, NULL)) { d_printf("server closed connection\n"); exit(0); } diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c index ac662e6ace..63b7f48626 100644 --- a/source3/utils/smbget.c +++ b/source3/utils/smbget.c @@ -521,9 +521,11 @@ int main(int argc, const char **argv) int c = 0; const char *file = NULL; char *rcfile = NULL; + bool smb_encrypt = false; TALLOC_CTX *frame = talloc_stackframe(); struct poptOption long_options[] = { {"guest", 'a', POPT_ARG_NONE, NULL, 'a', "Work as user guest" }, + {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, {"resume", 'r', POPT_ARG_NONE, &_resume, 0, "Automatically resume aborted files" }, {"recursive", 'R', POPT_ARG_NONE, &_recursive, 0, "Recursively download files" }, {"username", 'u', POPT_ARG_STRING, &username, 'u', "Username to use" }, @@ -568,6 +570,9 @@ int main(int argc, const char **argv) case 'a': username = ""; password = ""; break; + case 'e': + smb_encrypt = true; + break; } } @@ -586,6 +591,13 @@ int main(int argc, const char **argv) return 1; } + if (smb_encrypt) { + SMBCCTX *smb_ctx = smbc_set_context(NULL); + smbc_option_set(smb_ctx, + CONST_DISCARD(char *, "smb_encrypt_level"), + "require"); + } + columns = get_num_cols(); total_start_time = time(NULL); |