diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-03-05 19:42:15 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-03-05 19:42:15 +0100 |
| commit | 63036a6f3380652c0cb54627bdeabcd212fa2f8c (patch) | |
| tree | 90194f23cb1e6ca483e7773233c326a9b705f85f /source3/utils | |
| parent | d41d580c600e3228ff8fee5c16c47580f661a240 (diff) | |
| parent | 932c287a406048759fa1ac4bf86e29d96991ded1 (diff) | |
| download | samba-63036a6f3380652c0cb54627bdeabcd212fa2f8c.tar.gz samba-63036a6f3380652c0cb54627bdeabcd212fa2f8c.tar.bz2 samba-63036a6f3380652c0cb54627bdeabcd212fa2f8c.zip | |
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 3482cd9b0e81bbc801f1cec33fca82fc45a3ddef)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net_ads.c | 655 | ||||
| -rw-r--r-- | source3/utils/net_dom.c | 4 | ||||
| -rw-r--r-- | source3/utils/net_domain.c | 386 | ||||
| -rw-r--r-- | source3/utils/net_lookup.c | 7 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 27 | ||||
| -rw-r--r-- | source3/utils/net_rpc_audit.c | 2 | ||||
| -rw-r--r-- | source3/utils/net_rpc_join.c | 1 | ||||
| -rw-r--r-- | source3/utils/net_rpc_rights.c | 129 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 951 | ||||
| -rw-r--r-- | source3/utils/net_rpc_service.c | 369 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 4 | ||||
| -rw-r--r-- | source3/utils/smbcontrol.c | 2 |
12 files changed, 999 insertions, 1538 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 732ba8d8b6..46e0a2591b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,6 +23,8 @@ #include "includes.h" #include "utils/net.h" +#include "libnet/libnet.h" + #ifdef HAVE_ADS int net_ads_usage(int argc, const char **argv) @@ -810,76 +812,65 @@ static int net_ads_status(int argc, const char **argv) static int net_ads_leave(int argc, const char **argv) { - ADS_STRUCT *ads = NULL; - ADS_STATUS adsret; - NTSTATUS status; - int ret = -1; - struct cli_state *cli = NULL; TALLOC_CTX *ctx; - DOM_SID *dom_sid = NULL; - const char *short_domain_name = NULL; - - if (!secrets_init()) { - DEBUG(1,("Failed to initialise secrets database\n")); - return -1; - } + struct libnet_UnjoinCtx *r = NULL; + WERROR werr; if (!(ctx = talloc_init("net_ads_leave"))) { d_fprintf(stderr, "Could not initialise talloc context.\n"); return -1; } - /* The finds a DC and takes care of getting the - user creds if necessary */ + use_in_memory_ccache(); - if (!ADS_ERR_OK(ads_startup(True, &ads))) { + werr = libnet_init_UnjoinCtx(ctx, &r); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Could not initialise unjoin context.\n"); return -1; } - /* make RPC calls here */ + r->in.debug = opt_verbose; + r->in.dc_name = opt_host; + r->in.domain_name = lp_realm(); + r->in.admin_account = opt_user_name; + r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; - if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ss, - ads->config.ldap_server_name)) ) - { + werr = libnet_Unjoin(ctx, r); + if (!W_ERROR_IS_OK(werr)) { + d_printf("Failed to leave domain: %s\n", + r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); goto done; } - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) { + if (W_ERROR_IS_OK(werr)) { + d_printf("Deleted account for '%s' in realm '%s'\n", + r->in.machine_name, r->out.dns_domain_name); goto done; } - saf_delete( short_domain_name ); - - status = netdom_leave_domain(ctx, cli, dom_sid); - - /* Try and delete it via LDAP - the old way we used to. */ - - adsret = ads_leave_realm(ads, global_myname()); - if (ADS_ERR_OK(adsret)) { - d_printf("Deleted account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - ret = 0; - } else { - /* We couldn't delete it - see if the disable succeeded. */ - if (NT_STATUS_IS_OK(status)) { - d_printf("Disabled account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - ret = 0; - } else { - d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - } + /* We couldn't delete it - see if the disable succeeded. */ + if (r->out.disabled_machine_account) { + d_printf("Disabled account for '%s' in realm '%s'\n", + r->in.machine_name, r->out.dns_domain_name); + werr = WERR_OK; + goto done; } -done: + d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", + r->in.machine_name, r->out.dns_domain_name); - if ( cli ) - cli_shutdown(cli); + done: + TALLOC_FREE(r); + TALLOC_FREE(ctx); - ads_destroy(&ads); - TALLOC_FREE( ctx ); + if (W_ERROR_IS_OK(werr)) { + return 0; + } - return ret; + return -1; } static NTSTATUS net_ads_join_ok(void) @@ -957,338 +948,6 @@ static NTSTATUS check_ads_config( void ) } /******************************************************************* - Do the domain join - ********************************************************************/ - -static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct sockaddr_storage *pss, - const char **domain, - DOM_SID **dom_sid, - const char *password) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct cli_state *cli = NULL; - - ret = connect_to_ipc_krb5(&cli, pss, servername); - if ( !NT_STATUS_IS_OK(ret) ) { - goto done; - } - - ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid ); - if ( !NT_STATUS_IS_OK(ret) ) { - goto done; - } - - /* cli->server_domain is not filled in when using krb5 - session setups */ - - saf_store( *domain, cli->desthost ); - - ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD ); - -done: - if ( cli ) - cli_shutdown(cli); - - return ret; -} - -/******************************************************************* - Set a machines dNSHostName and servicePrincipalName attributes - ********************************************************************/ - -static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) -{ - ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *new_dn; - ADS_MODLIST mods; - const char *servicePrincipalName[3] = {NULL, NULL, NULL}; - char *psp; - fstring my_fqdn; - LDAPMessage *res = NULL; - char *dn_string = NULL; - const char *machine_name = global_myname(); - int count; - - if ( !machine_name ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Find our DN */ - - status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) - return status; - - if ( (count = ads_count_replies(ads_s, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); - } - - if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { - DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); - goto done; - } - - new_dn = talloc_strdup(ctx, dn_string); - ads_memfree(ads_s, dn_string); - if (!new_dn) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Windows only creates HOST/shortname & HOST/fqdn. */ - - if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) ) - goto done; - strupper_m(psp); - servicePrincipalName[0] = psp; - - name_to_fqdn(my_fqdn, machine_name); - strlower_m(my_fqdn); - if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) ) - goto done; - servicePrincipalName[1] = psp; - - if (!(mods = ads_init_mods(ctx))) { - goto done; - } - - /* fields of primary importance */ - - ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn); - ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); - - status = ads_gen_mod(ads_s, new_dn, mods); - -done: - ads_msgfree(ads_s, res); - - return status; -} - -/******************************************************************* - Set a machines dNSHostName and servicePrincipalName attributes - ********************************************************************/ - -static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *upn ) -{ - ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *new_dn; - ADS_MODLIST mods; - LDAPMessage *res = NULL; - char *dn_string = NULL; - const char *machine_name = global_myname(); - int count; - - if ( !machine_name ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Find our DN */ - - status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) - return status; - - if ( (count = ads_count_replies(ads_s, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); - } - - if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { - DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); - goto done; - } - - new_dn = talloc_strdup(ctx, dn_string); - ads_memfree(ads_s, dn_string); - if (!new_dn) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* now do the mods */ - - if (!(mods = ads_init_mods(ctx))) { - goto done; - } - - /* fields of primary importance */ - - ads_mod_str(ctx, &mods, "userPrincipalName", upn); - - status = ads_gen_mod(ads_s, new_dn, mods); - -done: - ads_msgfree(ads_s, res); - - return status; -} - -/******************************************************************* - Set a machines dNSHostName and servicePrincipalName attributes - ********************************************************************/ - -static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, - const char *os_name, const char *os_version ) -{ - ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *new_dn; - ADS_MODLIST mods; - LDAPMessage *res = NULL; - char *dn_string = NULL; - const char *machine_name = global_myname(); - int count; - char *os_sp = NULL; - - if ( !os_name || !os_version ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* Find our DN */ - - status = ads_find_machine_acct(ads_s, &res, machine_name); - if (!ADS_ERR_OK(status)) - return status; - - if ( (count = ads_count_replies(ads_s, res)) != 1 ) { - DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count)); - return ADS_ERROR(LDAP_NO_MEMORY); - } - - if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { - DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n")); - goto done; - } - - new_dn = talloc_strdup(ctx, dn_string); - ads_memfree(ads_s, dn_string); - if (!new_dn) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - /* now do the mods */ - - if (!(mods = ads_init_mods(ctx))) { - goto done; - } - - os_sp = talloc_asprintf( ctx, "Samba %s", SAMBA_VERSION_STRING ); - - /* fields of primary importance */ - - ads_mod_str(ctx, &mods, "operatingSystem", os_name); - ads_mod_str(ctx, &mods, "operatingSystemVersion", os_version); - if ( os_sp ) - ads_mod_str(ctx, &mods, "operatingSystemServicePack", os_sp); - - status = ads_gen_mod(ads_s, new_dn, mods); - -done: - ads_msgfree(ads_s, res); - TALLOC_FREE( os_sp ); - - return status; -} - -/******************************************************************* - join a domain using ADS (LDAP mods) - ********************************************************************/ - -static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) -{ - ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); - char *ou_str = NULL; - char *dn = NULL; - LDAPMessage *res = NULL; - bool moved; - - ou_str = ads_ou_string(ads, ou); - if (asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path) == -1) { - rc = ADS_ERROR(LDAP_NO_MEMORY); - goto done; - } - - rc = ads_search_dn(ads, &res, dn, NULL); - if (!ADS_ERR_OK(rc)) { - d_fprintf(stderr, "The specified OU does not exist.\n"); - goto done; - } - - /* Attempt to create the machine account and bail if this fails. - Assume that the admin wants exactly what they requested */ - - rc = ads_create_machine_acct( ads, global_myname(), dn ); - if (ADS_ERR_OK(rc)) { - DEBUG(1, ("machine account created\n")); - goto done; - } - if ( !(rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS) ) { - DEBUG(1, ("machine account creation failed\n")); - goto done; - } - - rc = ads_move_machine_acct(ads, global_myname(), dn, &moved); - if (!ADS_ERR_OK(rc)) { - DEBUG(1, ("failure to locate/move pre-existing machine account\n")); - goto done; - } - - if (moved) { - d_printf("The machine account was moved into the specified OU.\n"); - } else { - d_printf("The machine account already exists in the specified OU.\n"); - } - -done: - ads_msgfree(ads, res); - SAFE_FREE( ou_str ); - SAFE_FREE( dn ); - - return rc; -} - -/************************************************************************ - ************************************************************************/ - -static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads ) -{ - uint32 domain_func; - ADS_STATUS status; - fstring salt; - char *std_salt; - const char *machine_name = global_myname(); - - status = ads_domain_func_level( ads, &domain_func ); - if ( !ADS_ERR_OK(status) ) { - DEBUG(2,("Failed to determine domain functional level!\n")); - return False; - } - - /* go ahead and setup the default salt */ - - if ( (std_salt = kerberos_standard_des_salt()) == NULL ) { - d_fprintf(stderr, "net_derive_salting_principal: failed to obtain stanard DES salt\n"); - return False; - } - - fstrcpy( salt, std_salt ); - SAFE_FREE( std_salt ); - - /* if it's a Windows functional domain, we have to look for the UPN */ - - if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) { - char *upn; - - upn = ads_get_upn(ads, ctx, machine_name); - if ( upn ) { - fstrcpy( salt, upn ); - } - } - - return kerberos_secrets_store_des_salt( salt ); -} - -/******************************************************************* Send a DNS update request *******************************************************************/ @@ -1443,50 +1102,35 @@ static int net_ads_join_usage(int argc, const char **argv) int net_ads_join(int argc, const char **argv) { - ADS_STRUCT *ads = NULL; - ADS_STATUS status; NTSTATUS nt_status; - const char *short_domain_name = NULL; - char *tmp_password, *password; TALLOC_CTX *ctx = NULL; - DOM_SID *domain_sid = NULL; + struct libnet_JoinCtx *r = NULL; + const char *domain = lp_realm(); + WERROR werr = WERR_SETUP_NOT_JOINED; bool createupn = False; const char *machineupn = NULL; const char *create_in_ou = NULL; int i; - fstring dc_name; - struct sockaddr_storage dcss; const char *os_name = NULL; const char *os_version = NULL; nt_status = check_ads_config(); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Invalid configuration. Exiting....\n"); + werr = ntstatus_to_werror(nt_status); goto fail; } - /* find a DC to initialize the server affinity cache */ - - get_dc_name( lp_workgroup(), lp_realm(), dc_name, &dcss ); - - status = ads_startup(True, &ads); - if (!ADS_ERR_OK(status)) { - DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); - nt_status = ads_ntstatus(status); + if (!(ctx = talloc_init("net_ads_join"))) { + d_fprintf(stderr, "Could not initialise talloc context.\n"); + werr = WERR_NOMEM; goto fail; } - if (strcmp(ads->config.realm, lp_realm()) != 0) { - d_fprintf(stderr, "realm of remote server (%s) and realm in %s " - "(%s) DO NOT match. Aborting join\n", - ads->config.realm, get_dyn_CONFIGFILE(), lp_realm()); - nt_status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } + use_in_memory_ccache(); - if (!(ctx = talloc_init("net_ads_join"))) { - d_fprintf(stderr, "Could not initialise talloc context.\n"); - nt_status = NT_STATUS_NO_MEMORY; + werr = libnet_init_JoinCtx(ctx, &r); + if (!W_ERROR_IS_OK(werr)) { goto fail; } @@ -1500,203 +1144,102 @@ int net_ads_join(int argc, const char **argv) else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) { if ( (create_in_ou = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a valid OU path.\n"); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = WERR_INVALID_PARAM; goto fail; } } else if ( !StrnCaseCmp(argv[i], "osName", strlen("osName")) ) { if ( (os_name = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a operating system name.\n"); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = WERR_INVALID_PARAM; goto fail; } } else if ( !StrnCaseCmp(argv[i], "osVer", strlen("osVer")) ) { if ( (os_version = get_string_param(argv[i])) == NULL ) { d_fprintf(stderr, "Please supply a valid operating system version.\n"); - nt_status = NT_STATUS_INVALID_PARAMETER; + werr = WERR_INVALID_PARAM; goto fail; } } else { - d_fprintf(stderr, "Bad option: %s\n", argv[i]); - nt_status = NT_STATUS_INVALID_PARAMETER; - goto fail; - } - } - - /* If we were given an OU, try to create the machine in - the OU account first and then do the normal RPC join */ - - if ( create_in_ou ) { - status = net_precreate_machine_acct( ads, create_in_ou ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf( stderr, "Failed to pre-create the machine object " - "in OU %s.\n", create_in_ou); - DEBUG(1, ("error calling net_precreate_machine_acct: %s\n", - ads_errstr(status))); - nt_status = ads_ntstatus(status); - goto fail; + domain = argv[i]; } } /* Do the domain join here */ - tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - password = talloc_strdup(ctx, tmp_password); - - nt_status = net_join_domain(ctx, ads->config.ldap_server_name, - &ads->ldap.ss, &short_domain_name, &domain_sid, password); - if ( !NT_STATUS_IS_OK(nt_status) ) { - DEBUG(1, ("call of net_join_domain failed: %s\n", - get_friendly_nt_error_msg(nt_status))); + r->in.domain_name = domain; + r->in.create_upn = createupn; + r->in.upn = machineupn; + r->in.account_ou = create_in_ou; + r->in.os_name = os_name; + r->in.os_version = os_version; + r->in.dc_name = opt_host; + r->in.admin_account = opt_user_name; + r->in.admin_password = net_prompt_pass(opt_user_name); + r->in.debug = opt_verbose; + r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | + WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; + + werr = libnet_Join(ctx, r); + if (!W_ERROR_IS_OK(werr)) { goto fail; } /* Check the short name of the domain */ - if ( !strequal(lp_workgroup(), short_domain_name) ) { + if (!strequal(lp_workgroup(), r->out.netbios_domain_name)) { d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE()); d_printf("domain name obtained from the server.\n"); - d_printf("Using the name [%s] from the server.\n", short_domain_name); + d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name); d_printf("You should set \"workgroup = %s\" in %s.\n", - short_domain_name, get_dyn_CONFIGFILE()); + r->out.netbios_domain_name, get_dyn_CONFIGFILE()); } - d_printf("Using short domain name -- %s\n", short_domain_name); + d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name); - /* HACK ALERT! Store the sid and password under both the lp_workgroup() - value from smb.conf and the string returned from the server. The former is - neede to bootstrap winbindd's first connection to the DC to get the real - short domain name --jerry */ + d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name, + r->out.dns_domain_name); - if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1) - || (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) ) +#if defined(WITH_DNS_UPDATES) { - /* issue an internal error here for now. - * everything else would mean changing tdb routines. */ - nt_status = NT_STATUS_INTERNAL_ERROR; - goto fail; - } - - /* Verify that everything is ok */ - - nt_status = net_rpc_join_ok(short_domain_name, - ads->config.ldap_server_name, &ads->ldap.ss); - if (!NT_STATUS_IS_OK(nt_status)) { - d_fprintf(stderr, - "Failed to verify membership in domain: %s!\n", - nt_errstr(nt_status)); - goto fail; - } - - /* create the dNSHostName & servicePrincipalName values */ - - status = net_set_machine_spn( ctx, ads ); - if ( !ADS_ERR_OK(status) ) { - - d_fprintf(stderr, "Failed to set servicePrincipalNames. Please ensure that\n"); - d_fprintf(stderr, "the DNS domain of this server matches the AD domain,\n"); - d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n"); - - /* Disable the machine account in AD. Better to fail than to leave - a confused admin. */ - - if ( net_ads_leave( 0, NULL ) != 0 ) { - d_fprintf( stderr, "Failed to disable machine account in AD. Please do so manually.\n"); - } - - /* clear out the machine password */ - - netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); - netdom_store_machine_account( short_domain_name, domain_sid, "" ); - - nt_status = ads_ntstatus(status); - goto fail; - } - - if ( !net_derive_salting_principal( ctx, ads ) ) { - DEBUG(1,("Failed to determine salting principal\n")); - goto fail; - } - - if ( createupn ) { - char *upn; - - /* default to using the short UPN name */ - if (!machineupn ) { - upn = talloc_asprintf(ctx, - "host/%s@%s", global_myname(), - ads->config.realm ); - if (!upn) { - nt_status = NT_STATUS_NO_MEMORY; - goto fail; - } - machineupn = upn; - } - - status = net_set_machine_upn( ctx, ads, machineupn ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf(stderr, "Failed to set userPrincipalName. Are you a Domain Admin?\n"); + /* We enter this block with user creds */ + ADS_STRUCT *ads_dns = NULL; + + if ( (ads_dns = ads_init( lp_realm(), NULL, NULL )) != NULL ) { + /* kinit with the machine password */ + + use_in_memory_ccache(); + asprintf( &ads_dns->auth.user_name, "%s$", global_myname() ); + ads_dns->auth.password = secrets_fetch_machine_password( + lp_workgroup(), NULL, NULL ); + ads_dns->auth.realm = SMB_STRDUP( lp_realm() ); + ads_kinit_password( ads_dns ); } - } - - /* Try to set the operatingSystem attributes if asked */ - if ( os_name && os_version ) { - status = net_set_os_attributes( ctx, ads, os_name, os_version ); - if ( !ADS_ERR_OK(status) ) { - d_fprintf(stderr, "Failed to set operatingSystem attributes. " - "Are you a Domain Admin?\n"); + if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns )) ) { + d_fprintf( stderr, "DNS update failed!\n" ); } - } - - /* Now build the keytab, using the same ADS connection */ - if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { - DEBUG(1,("Error creating host keytab!\n")); + /* exit from this block using machine creds */ + ads_destroy(&ads_dns); } - -#if defined(WITH_DNS_UPDATES) - /* We enter this block with user creds */ - ads_kdestroy( NULL ); - ads_destroy(&ads); - ads = NULL; - - if ( (ads = ads_init( lp_realm(), NULL, NULL )) != NULL ) { - /* kinit with the machine password */ - - use_in_memory_ccache(); - asprintf( &ads->auth.user_name, "%s$", global_myname() ); - ads->auth.password = secrets_fetch_machine_password( - lp_workgroup(), NULL, NULL ); - ads->auth.realm = SMB_STRDUP( lp_realm() ); - ads_kinit_password( ads ); - } - - if ( !ads || !NT_STATUS_IS_OK(net_update_dns( ctx, ads )) ) { - d_fprintf( stderr, "DNS update failed!\n" ); - } - - /* exit from this block using machine creds */ #endif - - d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); - + TALLOC_FREE(r); TALLOC_FREE( ctx ); - ads_destroy(&ads); return 0; fail: /* issue an overall failure message at the end. */ - d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status)); - + d_printf("Failed to join domain: %s\n", + r && r->out.error_string ? r->out.error_string : + get_friendly_werror_msg(werr)); TALLOC_FREE( ctx ); - ads_destroy(&ads); return -1; - } /******************************************************************* @@ -2519,8 +2062,8 @@ static int net_ads_kerberos_renew(int argc, const char **argv) static int net_ads_kerberos_pac(int argc, const char **argv) { - PAC_DATA *pac = NULL; - PAC_LOGON_INFO *info = NULL; + struct PAC_DATA *pac = NULL; + struct PAC_LOGON_INFO *info = NULL; TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; int ret = -1; @@ -2551,7 +2094,9 @@ static int net_ads_kerberos_pac(int argc, const char **argv) info = get_logon_info_from_pac(pac); if (info) { - dump_pac_logon_info(0, info); + const char *s; + s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info); + d_printf("The Pac: %s\n", s); } ret = 0; diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c index 30993ae2fa..e88bbdb276 100644 --- a/source3/utils/net_dom.c +++ b/source3/utils/net_dom.c @@ -101,7 +101,7 @@ static int net_dom_unjoin(int argc, const char **argv) status = NetUnjoinDomain(server_name, account, password, unjoin_flags); if (status != 0) { printf("Failed to unjoin domain: %s\n", - libnetapi_errstr(status)); + libnetapi_get_error_string(ctx, status)); goto done; } @@ -215,7 +215,7 @@ static int net_dom_join(int argc, const char **argv) Account, password, join_flags); if (status != 0) { printf("Failed to join domain: %s\n", - libnetapi_errstr(status)); + libnetapi_get_error_string(ctx, status)); goto done; } diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c deleted file mode 100644 index 90d28b5e6e..0000000000 --- a/source3/utils/net_domain.c +++ /dev/null @@ -1,386 +0,0 @@ -/* - Samba Unix/Linux SMB client library - net ads commands - Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) - Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) - Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) - Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "utils/net.h" - -/* Macro for checking RPC error codes to make things more readable */ - -#define CHECK_RPC_ERR(rpc, msg) \ - if (!NT_STATUS_IS_OK(result = rpc)) { \ - DEBUG(0, (msg ": %s\n", nt_errstr(result))); \ - goto done; \ - } - -#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \ - if (!NT_STATUS_IS_OK(result = rpc)) { \ - DEBUG(0, debug_args); \ - goto done; \ - } - -/******************************************************************* - Leave an AD domain. Windows XP disables the machine account. - We'll try the same. The old code would do an LDAP delete. - That only worked using the machine creds because added the machine - with full control to the computer object's ACL. -*******************************************************************/ - -NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, - DOM_SID *dom_sid ) -{ - struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND sam_pol, domain_pol, user_pol; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *acct_name; - uint32 user_rid; - struct lsa_String lsa_acct_name; - struct samr_Ids user_rids; - struct samr_Ids name_types; - union samr_UserInfo *info = NULL; - - /* Open the domain */ - - if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) { - DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", - nt_errstr(status) )); - return status; - } - - status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &sam_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - - status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - dom_sid, - &domain_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - /* Create domain user */ - - acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); - strlower_m(acct_name); - - init_lsa_String(&lsa_acct_name, acct_name); - - status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - if ( name_types.ids[0] != SID_NAME_USER) { - DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0])); - return NT_STATUS_INVALID_WORKSTATION; - } - - user_rid = user_rids.ids[0]; - - /* Open handle on user */ - - status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - user_rid, - &user_pol); - if ( !NT_STATUS_IS_OK(status) ) { - goto done; - } - - /* Get user info */ - - status = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, - &user_pol, - 16, - &info); - if ( !NT_STATUS_IS_OK(status) ) { - rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); - goto done; - } - - /* now disable and setuser info */ - - info->info16.acct_flags |= ACB_DISABLED; - - status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, - &user_pol, - 16, - info); - - rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); - -done: - rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); - rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); - - cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ - - return status; -} - -/******************************************************************* - Store the machine password and domain SID - ********************************************************************/ - -int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *pw ) -{ - if (!secrets_store_domain_sid(domain, sid)) { - DEBUG(1,("Failed to save domain sid\n")); - return -1; - } - - if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) { - DEBUG(1,("Failed to save machine password\n")); - return -1; - } - - return 0; -} - -/******************************************************************* - ********************************************************************/ - -NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, - const char **domain, DOM_SID **sid ) -{ - struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND lsa_pol; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - union lsa_PolicyInformation *info = NULL; - - if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) { - DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", - nt_errstr(status) )); - return status; - } - - status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, - &lsa_pol, - LSA_POLICY_INFO_ACCOUNT_DOMAIN, - &info); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - *domain = info->account_domain.name.string; - *sid = info->account_domain.sid; - - rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); - cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ - - /* Bail out if domain didn't get set. */ - if (!domain) { - DEBUG(0, ("Could not get domain name.\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -/******************************************************************* - Do the domain join - ********************************************************************/ - -NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, - DOM_SID *dom_sid, const char *clear_pw, - enum netdom_domain_t dom_type ) -{ - struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND sam_pol, domain_pol, user_pol; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *acct_name; - struct lsa_String lsa_acct_name; - uint32 user_rid; - uint32 acb_info = ACB_WSTRUST; - uint32 acct_flags; - uchar pwbuf[532]; - struct MD5Context md5ctx; - uchar md5buffer[16]; - DATA_BLOB digested_session_key; - uchar md4_trust_password[16]; - uint32_t access_granted = 0; - struct samr_Ids user_rids; - struct samr_Ids name_types; - union samr_UserInfo info; - - /* Open the domain */ - - if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) { - DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n", - nt_errstr(status) )); - return status; - } - - status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &sam_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - - status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - dom_sid, - &domain_pol); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - /* Create domain user */ - - acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); - strlower_m(acct_name); - - init_lsa_String(&lsa_acct_name, acct_name); - - /* Don't try to set any acb_info flags other than ACB_WSTRUST */ - acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | - SEC_STD_WRITE_DAC | SEC_STD_DELETE | - SAMR_USER_ACCESS_SET_PASSWORD | - SAMR_USER_ACCESS_GET_ATTRIBUTES | - SAMR_USER_ACCESS_SET_ATTRIBUTES; - - DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); - - status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, - &domain_pol, - &lsa_acct_name, - acb_info, - acct_flags, - &user_pol, - &access_granted, - &user_rid); - - if ( !NT_STATUS_IS_OK(status) - && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) - { - d_fprintf(stderr, "Creation of workstation account failed\n"); - - /* If NT_STATUS_ACCESS_DENIED then we have a valid - username/password combo but the user does not have - administrator access. */ - - if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) - d_fprintf(stderr, "User specified does not have administrator privileges\n"); - - return status; - } - - /* We *must* do this.... don't ask... */ - - if (NT_STATUS_IS_OK(status)) { - rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); - } - - status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types); - if ( !NT_STATUS_IS_OK(status) ) - return status; - - if ( name_types.ids[0] != SID_NAME_USER) { - DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0])); - return NT_STATUS_INVALID_WORKSTATION; - } - - user_rid = user_rids.ids[0]; - - /* Open handle on user */ - - status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - user_rid, - &user_pol); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* Create a random machine account password and generate the hash */ - - E_md4hash(clear_pw, md4_trust_password); - encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE); - - generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer)); - digested_session_key = data_blob_talloc(mem_ctx, 0, 16); - - MD5Init(&md5ctx); - MD5Update(&md5ctx, md5buffer, sizeof(md5buffer)); - MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length); - MD5Final(digested_session_key.data, &md5ctx); - - SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); - memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer)); - - /* Fill in the additional account flags now */ - - acb_info |= ACB_PWNOEXP; - if ( dom_type == ND_TYPE_AD ) { -#if !defined(ENCTYPE_ARCFOUR_HMAC) - acb_info |= ACB_USE_DES_KEY_ONLY; -#endif - ;; - } - - /* Set password and account flags on machine account */ - ZERO_STRUCT(info.info25); - info.info25.info.fields_present = ACCT_NT_PWD_SET | - ACCT_LM_PWD_SET | - SAMR_FIELD_ACCT_FLAGS; - info.info25.info.acct_flags = acb_info; - memcpy(&info.info25.password.data, pwbuf, sizeof(pwbuf)); - - - status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, - &user_pol, - 25, - &info); - - if ( !NT_STATUS_IS_OK(status) ) { - d_fprintf( stderr, "Failed to set password for machine account (%s)\n", - nt_errstr(status)); - return status; - } - - rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); - cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ - - return status; -} - diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c index 8c01b5b4ba..e5d83bc891 100644 --- a/source3/utils/net_lookup.c +++ b/source3/utils/net_lookup.c @@ -366,8 +366,9 @@ static int net_lookup_dsgetdcname(int argc, const char **argv) const char *domain_name = NULL; char *site_name = NULL; uint32_t flags = 0; - struct DS_DOMAIN_CONTROLLER_INFO *info = NULL; + struct netr_DsRGetDCNameInfo *info = NULL; TALLOC_CTX *mem_ctx; + char *s = NULL; if (argc < 1 || argc > 3) { d_printf("usage: net lookup dsgetdcname " @@ -410,7 +411,9 @@ static int net_lookup_dsgetdcname(int argc, const char **argv) return -1; } - display_ds_domain_controller_info(mem_ctx, info); + s = NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info); + printf("%s\n", s); + TALLOC_FREE(s); SAFE_FREE(site_name); TALLOC_FREE(mem_ctx); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3767138601..f7fadb9520 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -3,7 +3,7 @@ Distributed SMB/CIFS Server Management Utility Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org) Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) - Copyright (C) 2004 Guenther Deschner (gd@samba.org) + Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org) Copyright (C) 2005 Jeremy Allison (jra@samba.org) Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org) @@ -1406,9 +1406,8 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv)) - { POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; @@ -1490,7 +1489,7 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; @@ -1502,7 +1501,7 @@ static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx, } result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, - CONST_DISCARD(struct policy_handle *, user_hnd), + user_hnd, 21, &info); if (!NT_STATUS_IS_OK(result)) { @@ -1539,7 +1538,7 @@ do { if (strequal(ctx->thiscmd, name)) { \ static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; @@ -1554,7 +1553,7 @@ static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, } result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, - CONST_DISCARD(struct policy_handle *, user_hnd), + user_hnd, 21, &info); if (!NT_STATUS_IS_OK(result)) { @@ -1589,7 +1588,7 @@ static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx, SETSTR("description", description, DESCRIPTION); result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, - CONST_DISCARD(struct policy_handle *, user_hnd), + user_hnd, 21, info); @@ -1622,7 +1621,7 @@ static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, struct rpc_pipe_client *pipe_hnd, - const POLICY_HND *user_hnd, + POLICY_HND *user_hnd, int argc, const char **argv) { NTSTATUS result; @@ -1643,7 +1642,7 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, newval = strequal(argv[0], "yes"); result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, - CONST_DISCARD(struct policy_handle *, user_hnd), + user_hnd, 21, &info); if (!NT_STATUS_IS_OK(result)) { @@ -1670,7 +1669,7 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx, info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS; result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, - CONST_DISCARD(struct policy_handle *, user_hnd), + user_hnd, 21, info); @@ -3601,14 +3600,14 @@ static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 ty } /** - * Migrate shares from a remote RPC server to the local RPC srever + * Migrate shares from a remote RPC server to the local RPC server * * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passes through. + * argc, argv which are passed through. * * @param domain_sid The domain sid acquired from the remote server * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destoyed on completion of the function. + * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc * @param argv Standard main() style argv. Initial components are already * stripped diff --git a/source3/utils/net_rpc_audit.c b/source3/utils/net_rpc_audit.c index 7c2a5b33ca..a846395bb8 100644 --- a/source3/utils/net_rpc_audit.c +++ b/source3/utils/net_rpc_audit.c @@ -1,7 +1,7 @@ /* Samba Unix/Linux SMB client library Distributed SMB/CIFS Server Management Utility - Copyright (C) 2006 Guenther Deschner + Copyright (C) 2006,2008 Guenther Deschner This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index f08dc66d3c..8259ec46e6 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -3,6 +3,7 @@ Distributed SMB/CIFS Server Management Utility Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org) Copyright (C) Tim Potter 2001 + Copyright (C) 2008 Guenther Deschner This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c index de6e14ebad..7857dbcbaf 100644 --- a/source3/utils/net_rpc_rights.c +++ b/source3/utils/net_rpc_rights.c @@ -2,6 +2,7 @@ Samba Unix/Linux SMB client library Distributed SMB/CIFS Server Management Utility Copyright (C) Gerald (Jerry) Carter 2004 + Copyright (C) Guenther Deschner 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -152,22 +153,24 @@ static NTSTATUS check_privilege_for_user(struct rpc_pipe_client *pipe_hnd, const char *right) { NTSTATUS result; - uint32 count; - char **rights; + struct lsa_RightSet rights; int i; - result = rpccli_lsa_enum_account_rights(pipe_hnd, ctx, pol, sid, &count, &rights); + result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx, + pol, + sid, + &rights); if (!NT_STATUS_IS_OK(result)) { return result; } - if (count == 0) { + if (rights.count == 0) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - - for (i = 0; i < count; i++) { - if (StrCaseCmp(rights[i], right) == 0) { + + for (i = 0; i < rights.count; i++) { + if (StrCaseCmp(rights.names[i].string, right) == 0) { return NT_STATUS_OK; } } @@ -184,20 +187,23 @@ static NTSTATUS enum_privileges_for_user(struct rpc_pipe_client *pipe_hnd, DOM_SID *sid ) { NTSTATUS result; - uint32 count; - char **rights; + struct lsa_RightSet rights; int i; - result = rpccli_lsa_enum_account_rights(pipe_hnd, ctx, pol, sid, &count, &rights); + result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx, + pol, + sid, + &rights); if (!NT_STATUS_IS_OK(result)) return result; - if ( count == 0 ) + if (rights.count == 0) { d_printf("No privileges assigned\n"); - - for (i = 0; i < count; i++) { - printf("%s\n", rights[i]); + } + + for (i = 0; i < rights.count; i++) { + printf("%s\n", rights.names[i].string); } return NT_STATUS_OK; @@ -214,24 +220,27 @@ static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd, NTSTATUS result; uint32 enum_context=0; uint32 pref_max_length=0x1000; - DOM_SID *sids = NULL; - uint32 count=0; + struct lsa_SidArray sid_array; int i; fstring name; - result = rpccli_lsa_enum_sids(pipe_hnd, ctx, pol, &enum_context, - pref_max_length, &count, &sids); + result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx, + pol, + &enum_context, + &sid_array, + pref_max_length); if (!NT_STATUS_IS_OK(result)) return result; d_printf("%s:\n", privilege); - for ( i=0; i<count; i++ ) { - - - result = check_privilege_for_user( pipe_hnd, ctx, pol, &sids[i], privilege); - + for ( i=0; i<sid_array.num_sids; i++ ) { + + result = check_privilege_for_user(pipe_hnd, ctx, pol, + sid_array.sids[i].sid, + privilege); + if ( ! NT_STATUS_IS_OK(result)) { if ( ! NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { return result; @@ -241,9 +250,9 @@ static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd, /* try to convert the SID to a name. Fall back to printing the raw SID if necessary */ - result = sid_to_name( pipe_hnd, ctx, &sids[i], name ); + result = sid_to_name( pipe_hnd, ctx, sid_array.sids[i].sid, name ); if ( !NT_STATUS_IS_OK (result) ) - sid_to_fstring(name, &sids[i]); + sid_to_fstring(name, sid_array.sids[i].sid); d_printf(" %s\n", name); } @@ -261,30 +270,32 @@ static NTSTATUS enum_privileges_for_accounts(struct rpc_pipe_client *pipe_hnd, NTSTATUS result; uint32 enum_context=0; uint32 pref_max_length=0x1000; - DOM_SID *sids; - uint32 count=0; + struct lsa_SidArray sid_array; int i; fstring name; - result = rpccli_lsa_enum_sids(pipe_hnd, ctx, pol, &enum_context, - pref_max_length, &count, &sids); + result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx, + pol, + &enum_context, + &sid_array, + pref_max_length); if (!NT_STATUS_IS_OK(result)) return result; - - for ( i=0; i<count; i++ ) { - + + for ( i=0; i<sid_array.num_sids; i++ ) { + /* try to convert the SID to a name. Fall back to printing the raw SID if necessary */ - - result = sid_to_name(pipe_hnd, ctx, &sids[i], name ); + + result = sid_to_name(pipe_hnd, ctx, sid_array.sids[i].sid, name); if ( !NT_STATUS_IS_OK (result) ) - sid_to_fstring(name, &sids[i]); - + sid_to_fstring(name, sid_array.sids[i].sid); + d_printf("%s\n", name); - - result = enum_privileges_for_user(pipe_hnd, ctx, pol, &sids[i] ); - + + result = enum_privileges_for_user(pipe_hnd, ctx, pol, + sid_array.sids[i].sid); if ( !NT_STATUS_IS_OK(result) ) return result; @@ -426,6 +437,8 @@ static NTSTATUS rpc_rights_grant_internal(const DOM_SID *domain_sid, { POLICY_HND dom_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct lsa_RightSet rights; + int i; DOM_SID sid; @@ -445,8 +458,21 @@ static NTSTATUS rpc_rights_grant_internal(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_lsa_add_account_rights(pipe_hnd, mem_ctx, &dom_pol, sid, - argc-1, argv+1); + rights.count = argc-1; + rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge, + rights.count); + if (!rights.names) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<argc-1; i++) { + init_lsa_StringLarge(&rights.names[i], argv[i+1]); + } + + result = rpccli_lsa_AddAccountRights(pipe_hnd, mem_ctx, + &dom_pol, + &sid, + &rights); if (!NT_STATUS_IS_OK(result)) goto done; @@ -477,8 +503,9 @@ static NTSTATUS rpc_rights_revoke_internal(const DOM_SID *domain_sid, { POLICY_HND dom_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - + struct lsa_RightSet rights; DOM_SID sid; + int i; if (argc < 2 ) { d_printf("Usage: net rpc rights revoke <name|SID> <rights...>\n"); @@ -496,8 +523,22 @@ static NTSTATUS rpc_rights_revoke_internal(const DOM_SID *domain_sid, if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_lsa_remove_account_rights(pipe_hnd, mem_ctx, &dom_pol, sid, - False, argc-1, argv+1); + rights.count = argc-1; + rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge, + rights.count); + if (!rights.names) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<argc-1; i++) { + init_lsa_StringLarge(&rights.names[i], argv[i+1]); + } + + result = rpccli_lsa_RemoveAccountRights(pipe_hnd, mem_ctx, + &dom_pol, + &sid, + false, + &rights); if (!NT_STATUS_IS_OK(result)) goto done; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e1f0cd3751..775270a69b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. dump the remote SAM using rpc samsync operations @@ -7,17 +7,18 @@ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005 Modified by Volker Lendecke 2002 Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -31,57 +32,62 @@ static uint32 ldif_uid = 999; /* Keep track of ldap initialization */ static int init_ldap = 1; -static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) +static void display_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) { int i; d_printf("Group mem %u: ", rid); - for (i=0;i<g->num_members;i++) { - d_printf("%u ", g->rids[i]); + for (i=0; i< r->num_rids; i++) { + d_printf("%u ", r->rids[i]); } d_printf("\n"); } -static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) +static void display_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r) { - d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); - d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid); + d_printf("Alias '%s' ", r->alias_name.string); + d_printf("desc='%s' rid=%u\n", r->description.string, r->rid); } -static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) +static void display_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r) { int i; d_printf("Alias rid %u: ", rid); - for (i=0;i<a->num_members;i++) { - d_printf("%s ", sid_string_tos(&a->sids[i].sid)); + for (i=0; i< r->sids.num_sids; i++) { + d_printf("%s ", sid_string_tos(r->sids.sids[i].sid)); } d_printf("\n"); } -static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) +static void display_account_info(uint32_t rid, + struct netr_DELTA_USER *r) { fstring hex_nt_passwd, hex_lm_passwd; uchar lm_passwd[16], nt_passwd[16]; static uchar zero_buf[16]; /* Decode hashes from password hash (if they are not NULL) */ - - if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - - printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), - a->user_rid, hex_lm_passwd, hex_nt_passwd, - pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + + printf("%s:%d:%s:%s:%s:LCT-0\n", + r->account_name.string, + r->rid, hex_lm_passwd, hex_nt_passwd, + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) @@ -91,102 +97,201 @@ static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) return nt_time_to_unix_abs(&nttime); } -static void display_domain_info(SAM_DOMAIN_INFO *a) +static void display_domain_info(struct netr_DELTA_DOMAIN *r) { time_t u_logout; - u_logout = uint64s_nt_time_to_unix_abs(&a->force_logoff); + u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time); - d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); + d_printf("Domain name: %s\n", r->domain_name.string); - d_printf("Minimal Password Length: %d\n", a->min_pwd_len); - d_printf("Password History Length: %d\n", a->pwd_history_len); + d_printf("Minimal Password Length: %d\n", r->min_password_length); + d_printf("Password History Length: %d\n", r->password_history_length); d_printf("Force Logoff: %d\n", (int)u_logout); - d_printf("Max Password Age: %s\n", display_time(a->max_pwd_age)); - d_printf("Min Password Age: %s\n", display_time(a->min_pwd_age)); + d_printf("Max Password Age: %s\n", display_time(r->max_password_age)); + d_printf("Min Password Age: %s\n", display_time(r->min_password_age)); +#if 0 + /* FIXME - gd */ d_printf("Lockout Time: %s\n", display_time(a->account_lockout.lockout_duration)); d_printf("Lockout Reset Time: %s\n", display_time(a->account_lockout.reset_count)); - d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); - d_printf("User must logon to change password: %d\n", a->logon_chgpass); +#endif + d_printf("User must logon to change password: %d\n", r->logon_to_chgpass); } -static void display_group_info(uint32 rid, SAM_GROUP_INFO *a) +static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) { - d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name)); - d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid); + d_printf("Group '%s' ", r->group_name.string); + d_printf("desc='%s', rid=%u\n", r->description.string, rid); } -static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +static void display_sam_entry(struct netr_DELTA_ENUM *r) { - switch (hdr_delta->type) { - case SAM_DELTA_ACCOUNT_INFO: - display_account_info(hdr_delta->target_rid, &delta->account_info); + union netr_DELTA_UNION u = r->delta_union; + union netr_DELTA_ID_UNION id = r->delta_id_union; + + switch (r->delta_type) { + case NETR_DELTA_DOMAIN: + display_domain_info(u.domain); + break; + case NETR_DELTA_GROUP: + display_group_info(id.rid, u.group); + break; +#if 0 + case NETR_DELTA_DELETE_GROUP: + printf("Delete Group: %d\n", + u.delete_account.unknown); + break; + case NETR_DELTA_RENAME_GROUP: + printf("Rename Group: %s -> %s\n", + u.rename_group->OldName.string, + u.rename_group->NewName.string); break; - case SAM_DELTA_GROUP_MEM: - display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info); +#endif + case NETR_DELTA_USER: + display_account_info(id.rid, u.user); break; - case SAM_DELTA_ALIAS_INFO: - display_alias_info(hdr_delta->target_rid, &delta->alias_info); +#if 0 + case NETR_DELTA_DELETE_USER: + printf("Delete User: %d\n", + id.rid); break; - case SAM_DELTA_ALIAS_MEM: - display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info); + case NETR_DELTA_RENAME_USER: + printf("Rename user: %s -> %s\n", + u.rename_user->OldName.string, + u.rename_user->NewName.string); break; - case SAM_DELTA_DOMAIN_INFO: - display_domain_info(&delta->domain_info); +#endif + case NETR_DELTA_GROUP_MEMBER: + display_group_mem_info(id.rid, u.group_member); break; - case SAM_DELTA_GROUP_INFO: - display_group_info(hdr_delta->target_rid, &delta->group_info); + case NETR_DELTA_ALIAS: + display_alias_info(id.rid, u.alias); break; - /* The following types are recognised but not handled */ - case SAM_DELTA_RENAME_GROUP: - d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); +#if 0 + case NETR_DELTA_DELETE_ALIAS: + printf("Delete Alias: %d\n", + id.rid); break; - case SAM_DELTA_RENAME_USER: - d_printf("SAM_DELTA_RENAME_USER not handled\n"); + case NETR_DELTA_RENAME_ALIAS: + printf("Rename alias: %s -> %s\n", + u.rename_alias->OldName.string, + u.rename_alias->NewName.string); break; - case SAM_DELTA_RENAME_ALIAS: - d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); +#endif + case NETR_DELTA_ALIAS_MEMBER: + display_alias_mem(id.rid, u.alias_member); + break; +#if 0 + case NETR_DELTA_POLICY: + printf("Policy\n"); break; - case SAM_DELTA_POLICY_INFO: - d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + case NETR_DELTA_TRUSTED_DOMAIN: + printf("Trusted Domain: %s\n", + u.trusted_domain->domain_name.string); break; - case SAM_DELTA_TRUST_DOMS: - d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + case NETR_DELTA_DELETE_TRUST: + printf("Delete Trust: %d\n", + u.delete_trust.unknown); break; - case SAM_DELTA_PRIVS_INFO: - d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + case NETR_DELTA_ACCOUNT: + printf("Account\n"); break; - case SAM_DELTA_SECRET_INFO: - d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + case NETR_DELTA_DELETE_ACCOUNT: + printf("Delete Account: %d\n", + u.delete_account.unknown); break; - case SAM_DELTA_DELETE_GROUP: - d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + case NETR_DELTA_SECRET: + printf("Secret\n"); break; - case SAM_DELTA_DELETE_USER: - d_printf("SAM_DELTA_DELETE_USER not handled\n"); + case NETR_DELTA_DELETE_SECRET: + printf("Delete Secret: %d\n", + u.delete_secret.unknown); + break; + case NETR_DELTA_DELETE_GROUP2: + printf("Delete Group2: %s\n", + u.delete_group->account_name); + break; + case NETR_DELTA_DELETE_USER2: + printf("Delete User2: %s\n", + u.delete_user->account_name); + break; + case NETR_DELTA_MODIFY_COUNT: + printf("sam sequence update: 0x%016llx\n", + (unsigned long long) *u.modified_count); + break; +#endif + /* The following types are recognised but not handled */ + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); break; - case SAM_DELTA_MODIFIED_COUNT: - d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); + break; + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); + break; + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); + break; + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); + break; + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); + break; + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); + break; + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); + break; + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); + break; + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); + break; + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; default: - d_printf("Unknown delta record type %d\n", hdr_delta->type); + printf("unknown delta type 0x%02x\n", + r->delta_type); break; } } static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) { - uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint32 num_deltas; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (!(mem_ctx = talloc_init("dump_database"))) { return; @@ -208,29 +313,52 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, - sync_context, - &num_deltas, &hdr_deltas, &deltas); - if (!NT_STATUS_IS_OK(result)) + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return; + } + + if (NT_STATUS_IS_ERR(result)) { break; + } - for (i = 0; i < num_deltas; i++) { - display_sam_entry(&hdr_deltas[i], &deltas[i]); + /* Display results */ + for (i = 0; i < delta_enum_array->num_deltas; i++) { + display_sam_entry(&delta_enum_array->delta_enum[i]); } - sync_context += 1; + + TALLOC_FREE(delta_enum_array); + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, - const char *domain_name, +NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, - const char **argv) + const char **argv) { #if 0 /* net_rpc.c now always tries to create an schannel pipe.. */ @@ -277,7 +405,8 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, (!(s1) && (s2)) ||\ ((s1) && (s2) && (strcmp((s1), (s2)) != 0)) -static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *delta) +static NTSTATUS sam_account_from_delta(struct samu *account, + struct netr_DELTA_USER *r) { const char *old_string, *new_string; time_t unix_time, stored_time; @@ -287,15 +416,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ - if (delta->hdr_acct_name.buffer) { + if (r->account_name.string) { old_string = pdb_get_nt_username(account); - new_string = unistr2_static(&delta->uni_acct_name); + new_string = r->account_name.string; if (STRING_CHANGED) { pdb_set_nt_username(account, new_string, PDB_CHANGED); - } - + /* Unix username is the same - for sanity */ old_string = pdb_get_username( account ); if (STRING_CHANGED) { @@ -303,68 +431,68 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d } } - if (delta->hdr_full_name.buffer) { + if (r->full_name.string) { old_string = pdb_get_fullname(account); - new_string = unistr2_static(&delta->uni_full_name); + new_string = r->full_name.string; if (STRING_CHANGED) pdb_set_fullname(account, new_string, PDB_CHANGED); } - if (delta->hdr_home_dir.buffer) { + if (r->home_directory.string) { old_string = pdb_get_homedir(account); - new_string = unistr2_static(&delta->uni_home_dir); + new_string = r->home_directory.string; if (STRING_CHANGED) pdb_set_homedir(account, new_string, PDB_CHANGED); } - if (delta->hdr_dir_drive.buffer) { + if (r->home_drive.string) { old_string = pdb_get_dir_drive(account); - new_string = unistr2_static(&delta->uni_dir_drive); + new_string = r->home_drive.string; if (STRING_CHANGED) pdb_set_dir_drive(account, new_string, PDB_CHANGED); } - if (delta->hdr_logon_script.buffer) { + if (r->logon_script.string) { old_string = pdb_get_logon_script(account); - new_string = unistr2_static(&delta->uni_logon_script); + new_string = r->logon_script.string; if (STRING_CHANGED) pdb_set_logon_script(account, new_string, PDB_CHANGED); } - if (delta->hdr_acct_desc.buffer) { + if (r->description.string) { old_string = pdb_get_acct_desc(account); - new_string = unistr2_static(&delta->uni_acct_desc); + new_string = r->description.string; if (STRING_CHANGED) pdb_set_acct_desc(account, new_string, PDB_CHANGED); } - if (delta->hdr_workstations.buffer) { + if (r->workstations.string) { old_string = pdb_get_workstations(account); - new_string = unistr2_static(&delta->uni_workstations); + new_string = r->workstations.string; if (STRING_CHANGED) pdb_set_workstations(account, new_string, PDB_CHANGED); } - if (delta->hdr_profile.buffer) { + if (r->profile_path.string) { old_string = pdb_get_profile_path(account); - new_string = unistr2_static(&delta->uni_profile); + new_string = r->profile_path.string; if (STRING_CHANGED) pdb_set_profile_path(account, new_string, PDB_CHANGED); } - if (delta->hdr_parameters.buffer) { + if (r->parameters.string) { DATA_BLOB mung; char *newstr; old_string = pdb_get_munged_dial(account); - mung.length = delta->hdr_parameters.uni_str_len; - mung.data = (uint8 *) delta->uni_parameters.buffer; + mung.length = r->parameters.length; + mung.data = (uint8 *) r->parameters.string; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); @@ -374,57 +502,59 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d } /* User and group sid */ - if (pdb_get_user_rid(account) != delta->user_rid) - pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); - if (pdb_get_group_rid(account) != delta->group_rid) - pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); + if (pdb_get_user_rid(account) != r->rid) + pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED); + if (pdb_get_group_rid(account) != r->primary_gid) + pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED); /* Logon and password information */ - if (!nt_time_is_zero(&delta->logon_time)) { - unix_time = nt_time_to_unix(delta->logon_time); + if (!nt_time_is_zero(&r->last_logon)) { + unix_time = nt_time_to_unix(r->last_logon); stored_time = pdb_get_logon_time(account); if (stored_time != unix_time) pdb_set_logon_time(account, unix_time, PDB_CHANGED); } - if (!nt_time_is_zero(&delta->logoff_time)) { - unix_time = nt_time_to_unix(delta->logoff_time); + if (!nt_time_is_zero(&r->last_logoff)) { + unix_time = nt_time_to_unix(r->last_logoff); stored_time = pdb_get_logoff_time(account); if (stored_time != unix_time) pdb_set_logoff_time(account, unix_time,PDB_CHANGED); } /* Logon Divs */ - if (pdb_get_logon_divs(account) != delta->logon_divs) - pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); + if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week) + pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED); +#if 0 + /* no idea what to do with this one - gd */ /* Max Logon Hours */ if (delta->unknown1 != pdb_get_unknown_6(account)) { pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); } - +#endif /* Logon Hours Len */ - if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) { - pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED); + if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) { + pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED); } /* Logon Hours */ - if (delta->buf_logon_hrs.buffer) { + if (r->logon_hours.bits) { char oldstr[44], newstr[44]; pdb_sethexhours(oldstr, pdb_get_hours(account)); - pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer); + pdb_sethexhours(newstr, r->logon_hours.bits); if (!strequal(oldstr, newstr)) - pdb_set_hours(account, (const uint8 *)delta->buf_logon_hrs.buffer, PDB_CHANGED); + pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED); } - if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) - pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED); + if (pdb_get_bad_password_count(account) != r->bad_password_count) + pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED); - if (pdb_get_logon_count(account) != delta->logon_count) - pdb_set_logon_count(account, delta->logon_count, PDB_CHANGED); + if (pdb_get_logon_count(account) != r->logon_count) + pdb_set_logon_count(account, r->logon_count, PDB_CHANGED); - if (!nt_time_is_zero(&delta->pwd_last_set_time)) { - unix_time = nt_time_to_unix(delta->pwd_last_set_time); + if (!nt_time_is_zero(&r->last_password_change)) { + unix_time = nt_time_to_unix(r->last_password_change); stored_time = pdb_get_pass_last_set_time(account); if (stored_time != unix_time) pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); @@ -433,42 +563,41 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED); } -#if 0 -/* No kickoff time in the delta? */ - if (!nt_time_is_zero(&delta->kickoff_time)) { - unix_time = nt_time_to_unix(&delta->kickoff_time); + if (!nt_time_is_zero(&r->acct_expiry)) { + unix_time = nt_time_to_unix(r->acct_expiry); stored_time = pdb_get_kickoff_time(account); if (stored_time != unix_time) pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); } -#endif - /* Decode hashes from password hash - Note that win2000 may send us all zeros for the hashes if it doesn't + /* Decode hashes from password hash + Note that win2000 may send us all zeros for the hashes if it doesn't think this channel is secure enough - don't set the passwords at all in that case */ - if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); } - if (memcmp(delta->pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); } /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED); pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); return NT_STATUS_OK; } -static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) +static NTSTATUS fetch_account_info(uint32_t rid, + struct netr_DELTA_USER *r) { + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; char *add_script = NULL; @@ -480,7 +609,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) struct passwd *passwd; fstring sid_string; - fstrcpy(account, unistr2_static(&delta->uni_acct_name)); + fstrcpy(account, r->account_name.string); d_printf("Creating account: %s\n", account); if ( !(sam_account = samu_new( NULL )) ) { @@ -489,17 +618,17 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { /* Create appropriate user */ - if (delta->acb_info & ACB_NORMAL) { + if (r->acct_flags & ACB_NORMAL) { add_script = talloc_strdup(sam_account, lp_adduser_script()); - } else if ( (delta->acb_info & ACB_WSTRUST) || - (delta->acb_info & ACB_SVRTRUST) || - (delta->acb_info & ACB_DOMTRUST) ) { + } else if ( (r->acct_flags & ACB_WSTRUST) || + (r->acct_flags & ACB_SVRTRUST) || + (r->acct_flags & ACB_DOMTRUST) ) { add_script = talloc_strdup(sam_account, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", - pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN))); + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN))); nt_ret = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -534,30 +663,30 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } sid_copy(&user_sid, get_global_sam_sid()); - sid_append_rid(&user_sid, delta->user_rid); + sid_append_rid(&user_sid, r->rid); DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), account)); if (!pdb_getsampwsid(sam_account, &user_sid)) { - sam_account_from_delta(sam_account, delta); - DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } } else { - sam_account_from_delta(sam_account, delta); - DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); TALLOC_FREE(sam_account); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } } @@ -573,7 +702,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { if (map.gid != passwd->pw_gid) { if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", + DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); @@ -582,7 +711,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } if ( !passwd ) { - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); } @@ -591,7 +720,8 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return nt_ret; } -static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) +static NTSTATUS fetch_group_info(uint32_t rid, + struct netr_DELTA_GROUP *r) { fstring name; fstring comment; @@ -601,8 +731,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) GROUP_MAP map; bool insert = True; - unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)); - unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)); + fstrcpy(name, r->group_name.string); + fstrcpy(comment, r->description.string); /* add the group to the mapping table */ sid_copy(&group_sid, get_global_sam_sid()); @@ -620,14 +750,14 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - + /* No appropriate group found, create one */ - + d_printf("Creating unix group: '%s'\n", name); - + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; - + if ((grp = getgrnam(name)) == NULL) return NT_STATUS_ACCESS_DENIED; } @@ -637,7 +767,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) map.sid = group_sid; map.sid_name_use = SID_NAME_DOM_GRP; fstrcpy(map.nt_name, name); - if (delta->hdr_grp_desc.buffer) { + if (r->description.string) { fstrcpy(map.comment, comment); } else { fstrcpy(map.comment, ""); @@ -651,7 +781,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) return NT_STATUS_OK; } -static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) +static NTSTATUS fetch_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) { int i; TALLOC_CTX *t = NULL; @@ -661,7 +792,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) GROUP_MAP map; struct group *grp; - if (delta->num_members == 0) { + if (r->num_rids == 0) { return NT_STATUS_OK; } @@ -685,8 +816,8 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - if (delta->num_members) { - if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { + if (r->num_rids) { + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, r->num_rids)) == NULL) { DEBUG(0, ("talloc failed\n")); talloc_free(t); return NT_STATUS_NO_MEMORY; @@ -695,7 +826,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) nt_members = NULL; } - for (i=0; i<delta->num_members; i++) { + for (i=0; i < r->num_rids; i++) { struct samu *member = NULL; DOM_SID member_sid; @@ -705,11 +836,11 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) } sid_copy(&member_sid, get_global_sam_sid()); - sid_append_rid(&member_sid, delta->rids[i]); + sid_append_rid(&member_sid, r->rids[i]); if (!pdb_getsampwsid(member, &member_sid)) { DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", - delta->rids[i], sid_string_tos(&member_sid), grp->gr_name)); + r->rids[i], sid_string_tos(&member_sid), grp->gr_name)); TALLOC_FREE(member); continue; } @@ -719,7 +850,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) TALLOC_FREE(member); continue; } - + d_printf("%s,", pdb_get_username(member)); nt_members[i] = talloc_strdup(t, pdb_get_username(member)); TALLOC_FREE(member); @@ -731,7 +862,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) while (*unix_members) { bool is_nt_member = False; - for (i=0; i<delta->num_members; i++) { + for (i=0; i < r->num_rids; i++) { if (nt_members[i] == NULL) { /* This was a primary group */ continue; @@ -751,7 +882,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) unix_members += 1; } - for (i=0; i<delta->num_members; i++) { + for (i=0; i < r->num_rids; i++) { bool is_unix_member = False; if (nt_members[i] == NULL) { @@ -776,12 +907,13 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) smb_add_user_group(grp->gr_name, nt_members[i]); } } - + talloc_destroy(t); return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, +static NTSTATUS fetch_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r, DOM_SID dom_sid) { fstring name; @@ -792,8 +924,8 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, GROUP_MAP map; bool insert = True; - unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)); - unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)); + fstrcpy(name, r->alias_name.string); + fstrcpy(comment, r->description.string); /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); @@ -838,24 +970,33 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) +static NTSTATUS fetch_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r, + DOM_SID dom_sid) { return NT_STATUS_OK; } -static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) +static NTSTATUS fetch_domain_info(uint32_t rid, + struct netr_DELTA_DOMAIN *r) { - time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; + time_t u_max_age, u_min_age, u_logout; +#if 0 + /* FIXME: gd */ + time_t u_lockoutreset, u_lockouttime; +#endif NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char *domname; + const char *domname; - u_max_age = uint64s_nt_time_to_unix_abs(&delta->max_pwd_age); - u_min_age = uint64s_nt_time_to_unix_abs(&delta->min_pwd_age); - u_logout = uint64s_nt_time_to_unix_abs(&delta->force_logoff); + u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age); + u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); + u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); +#if 0 + /* FIXME: gd */ u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); - - domname = unistr2_to_ascii_talloc(talloc_tos(), &delta->uni_dom_name); +#endif + domname = r->domain_name.string; if (!domname) { return NT_STATUS_NO_MEMORY; } @@ -867,10 +1008,12 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, + r->password_history_length)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, + r->min_password_length)) return nt_status; if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) @@ -881,7 +1024,8 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - +#if 0 +/* FIXME: gd */ if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; @@ -893,88 +1037,111 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; +#endif - if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + r->logon_to_chgpass)) return nt_status; return NT_STATUS_OK; } - -static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, - DOM_SID dom_sid) +static void fetch_sam_entry(struct netr_DELTA_ENUM *r, DOM_SID dom_sid) { - switch(hdr_delta->type) { - case SAM_DELTA_ACCOUNT_INFO: - fetch_account_info(hdr_delta->target_rid, - &delta->account_info); + switch(r->delta_type) { + case NETR_DELTA_USER: + fetch_account_info(r->delta_id_union.rid, + r->delta_union.user); break; - case SAM_DELTA_GROUP_INFO: - fetch_group_info(hdr_delta->target_rid, - &delta->group_info); + case NETR_DELTA_GROUP: + fetch_group_info(r->delta_id_union.rid, + r->delta_union.group); break; - case SAM_DELTA_GROUP_MEM: - fetch_group_mem_info(hdr_delta->target_rid, - &delta->grp_mem_info); + case NETR_DELTA_GROUP_MEMBER: + fetch_group_mem_info(r->delta_id_union.rid, + r->delta_union.group_member); break; - case SAM_DELTA_ALIAS_INFO: - fetch_alias_info(hdr_delta->target_rid, - &delta->alias_info, dom_sid); + case NETR_DELTA_ALIAS: + fetch_alias_info(r->delta_id_union.rid, + r->delta_union.alias, + dom_sid); break; - case SAM_DELTA_ALIAS_MEM: - fetch_alias_mem(hdr_delta->target_rid, - &delta->als_mem_info, dom_sid); + case NETR_DELTA_ALIAS_MEMBER: + fetch_alias_mem(r->delta_id_union.rid, + r->delta_union.alias_member, + dom_sid); break; - case SAM_DELTA_DOMAIN_INFO: - fetch_domain_info(hdr_delta->target_rid, - &delta->domain_info); + case NETR_DELTA_DOMAIN: + fetch_domain_info(r->delta_id_union.rid, + r->delta_union.domain); break; /* The following types are recognised but not handled */ - case SAM_DELTA_RENAME_GROUP: - d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); + break; + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); + break; + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); + break; + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); break; - case SAM_DELTA_RENAME_USER: - d_printf("SAM_DELTA_RENAME_USER not handled\n"); + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); break; - case SAM_DELTA_RENAME_ALIAS: - d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); break; - case SAM_DELTA_POLICY_INFO: - d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); break; - case SAM_DELTA_TRUST_DOMS: - d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); break; - case SAM_DELTA_PRIVS_INFO: - d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); break; - case SAM_DELTA_SECRET_INFO: - d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); break; - case SAM_DELTA_DELETE_GROUP: - d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); break; - case SAM_DELTA_DELETE_USER: - d_printf("SAM_DELTA_DELETE_USER not handled\n"); + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); break; - case SAM_DELTA_MODIFIED_COUNT: - d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); + break; + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; default: - d_printf("Unknown delta record type %d\n", hdr_delta->type); + d_printf("Unknown delta record type %d\n", r->delta_type); break; } } static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, DOM_SID dom_sid) { - uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint32 num_deltas; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (!(mem_ctx = talloc_init("fetch_database"))) return NT_STATUS_NO_MEMORY; @@ -995,20 +1162,36 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, - &hdr_deltas, &deltas); - - if (NT_STATUS_IS_OK(result) || - NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - for (i = 0; i < num_deltas; i++) { - fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); - } - } else - return result; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (NT_STATUS_IS_ERR(result)) { + break; + } + + for (i = 0; i < delta_enum_array->num_deltas; i++) { + fetch_sam_entry(&delta_enum_array->delta_enum[i], dom_sid); + } - sync_context += 1; } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); @@ -1016,7 +1199,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, return result; } -static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char +static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char *builtin_sid, FILE *add_fd) { const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; @@ -1048,7 +1231,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch SAFE_FREE(suffix_attr); return NT_STATUS_NO_MEMORY; } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Users entity */ if (*user_suffix && strcmp(user_suffix, suffix)) { user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); @@ -1067,7 +1250,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch SAFE_FREE(user_attr); return NT_STATUS_NO_MEMORY; } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Groups entity */ if (*group_suffix && strcmp(group_suffix, suffix)) { group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1079,7 +1262,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Computers entity */ machine_suffix = lp_ldap_machine_suffix(); if (machine_suffix == NULL) { @@ -1103,7 +1286,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the IdMap entity */ idmap_suffix = lp_ldap_idmap_suffix(); if (idmap_suffix == NULL) { @@ -1139,7 +1322,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Admins entity */ + /* Write the Domain Admins entity */ fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, @@ -1156,7 +1339,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Users entity */ + /* Write the Domain Users entity */ fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, @@ -1172,7 +1355,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Guests entity */ + /* Write the Domain Guests entity */ fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, @@ -1273,7 +1456,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch return NT_STATUS_OK; } -static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, +static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, const char *suffix, const char *builtin_sid) { char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1431,7 +1614,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, return res; } -static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, +static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix) { fstring groupname; @@ -1439,9 +1622,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the group name */ - unistr2_to_ascii(groupname, - &delta->group_info.uni_grp_name, - sizeof(groupname)); + fstrcpy(groupname, r->group_name.string); /* Set up the group type (always 2 for group info) */ grouptype = 2; @@ -1463,7 +1644,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma } /* Map the group rid, gid, and dn */ - g_rid = delta->group_info.gid.g_rid; + g_rid = r->rid; groupmap->rid = g_rid; groupmap->gidNumber = ldif_gid; snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), @@ -1491,7 +1672,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma return NT_STATUS_OK; } -static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, +static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *add_fd, @@ -1511,21 +1692,18 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, int i; /* Get the username */ - unistr2_to_ascii(username, - &(delta->account_info.uni_acct_name), - sizeof(username)); + fstrcpy(username, r->account_name.string); /* Get the rid */ - rid = delta->account_info.user_rid; + rid = r->rid; /* Map the rid and username for group member info later */ accountmap->rid = rid; snprintf(accountmap->cn, sizeof(accountmap->cn), "%s", username); /* Get the home directory */ - if (delta->account_info.acb_info & ACB_NORMAL) { - unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), - sizeof(homedir)); + if (r->acct_flags & ACB_NORMAL) { + fstrcpy(homedir, r->home_directory.string); if (!*homedir) { snprintf(homedir, sizeof(homedir), "/home/%s", username); } else { @@ -1538,60 +1716,48 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, } /* Get the logon script */ - unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), - sizeof(logonscript)); + fstrcpy(logonscript, r->logon_script.string); /* Get the home drive */ - unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), - sizeof(homedrive)); + fstrcpy(homedrive, r->home_drive.string); /* Get the home path */ - unistr2_to_ascii(homepath, &(delta->account_info.uni_home_dir), - sizeof(homepath)); + fstrcpy(homepath, r->home_directory.string); /* Get the description */ - unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), - sizeof(description)); + fstrcpy(description, r->description.string); /* Get the display name */ - unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name), - sizeof(fullname)); + fstrcpy(fullname, r->full_name.string); /* Get the profile path */ - unistr2_to_ascii(profilepath, &(delta->account_info.uni_profile), - sizeof(profilepath)); + fstrcpy(profilepath, r->profile_path.string); /* Get lm and nt password data */ - if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->account_info.user_rid, - delta->account_info.pass.buf_lm_pwd, - lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, - delta->account_info.acb_info); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(delta->account_info.pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->account_info.user_rid, - delta->account_info.pass.buf_nt_pwd, - nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, - delta->account_info.acb_info); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - unix_time = nt_time_to_unix(delta->account_info.pwd_last_set_time); + unix_time = nt_time_to_unix(r->last_password_change); /* Increment the uid for the new user */ ldif_uid++; /* Set up group id and sambaSID for the user */ - group_rid = delta->account_info.group_rid; + group_rid = r->primary_gid; for (i=0; i<alloced; i++) { if (groupmap[i].rid == group_rid) break; } if (i == alloced){ - DEBUG(1, ("Could not find rid %d in groupmap array\n", + DEBUG(1, ("Could not find rid %d in groupmap array\n", group_rid)); return NT_STATUS_UNSUCCESSFUL; } @@ -1599,7 +1765,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, snprintf(sambaSID, sizeof(sambaSID), groupmap[i].sambaSID); /* Set up sambaAcctFlags */ - flags = pdb_encode_acct_ctrl(delta->account_info.acb_info, + flags = pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN); /* Add the user to the temporary add ldif file */ @@ -1626,8 +1792,8 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive); if (*logonscript) fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript); - fprintf(add_fd, "loginShell: %s\n", - ((delta->account_info.acb_info & ACB_NORMAL) ? + fprintf(add_fd, "loginShell: %s\n", + ((r->acct_flags & ACB_NORMAL) ? "/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); if (*description) @@ -1651,10 +1817,10 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, +static NTSTATUS fetch_alias_info_to_ldif(struct netr_DELTA_ALIAS *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, - char *suffix, + char *suffix, unsigned db_type) { fstring aliasname, description; @@ -1662,12 +1828,10 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the alias name */ - unistr2_to_ascii(aliasname, &(delta->alias_info.uni_als_name), - sizeof(aliasname)); + fstrcpy(aliasname, r->alias_name.string); /* Get the alias description */ - unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc), - sizeof(description)); + fstrcpy(description, r->description.string); /* Set up the group type */ switch (db_type) { @@ -1684,7 +1848,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, /* These groups are entered by populate_ldap_for_ldif - Note that populate creates a group called Relicators, + Note that populate creates a group called Relicators, but NT returns a group called Replicator */ if (strcmp(aliasname, "Domain Admins") == 0 || @@ -1703,7 +1867,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, } /* Map the group rid and gid */ - g_rid = delta->group_info.gid.g_rid; + g_rid = r->rid; groupmap->gidNumber = ldif_gid; snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), "%s-%d", sid, g_rid); @@ -1730,8 +1894,8 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, - SAM_DELTA_HDR *hdr_delta, +static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, + uint32_t id_rid, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *mod_fd, int alloced) @@ -1741,8 +1905,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, int i, j, k; /* Get the dn for the group */ - if (delta->grp_mem_info.num_members > 0) { - group_rid = hdr_delta->target_rid; + if (r->num_rids > 0) { + group_rid = id_rid; for (j=0; j<alloced; j++) { if (groupmap[j].rid == group_rid) break; } @@ -1755,8 +1919,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, fprintf(mod_fd, "dn: %s\n", group_dn); /* Get the cn for each member */ - for (i=0; i<delta->grp_mem_info.num_members; i++) { - rid = delta->grp_mem_info.rids[i]; + for (i=0; i < r->num_rids; i++) { + rid = r->rids[i]; for (k=0; k<alloced; k++) { if (accountmap[k].rid == rid) break; } @@ -1786,15 +1950,19 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, const char *add_template = "/tmp/add.ldif.XXXXXX"; const char *mod_template = "/tmp/mod.ldif.XXXXXX"; fstring sid, domainname; - uint32 sync_context = 0; NTSTATUS ret = NT_STATUS_OK, result; int k; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; uint32 num_deltas; FILE *add_file = NULL, *mod_file = NULL, *ldif_file = NULL; int num_alloced = 0, g_index = 0, a_index = 0; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; /* Set up array for mapping accounts to groups */ /* Array element is the group rid */ @@ -1802,7 +1970,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Set up array for mapping account rid's to cn's */ /* Array element is the account rid */ - ACCOUNTMAP *accountmap = NULL; + ACCOUNTMAP *accountmap = NULL; if (!(mem_ctx = talloc_init("fetch_database"))) { return NT_STATUS_NO_MEMORY; @@ -1838,7 +2006,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, DEBUG(1, ("Could not open %s\n", mod_name)); ret = NT_STATUS_UNSUCCESSFUL; goto done; - } + } /* Get the sid */ sid_to_fstring(sid, &dom_sid); @@ -1894,23 +2062,41 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, d_fprintf(stderr, "Fetching PRIVS databases\n"); break; default: - d_fprintf(stderr, - "Fetching unknown database type %u\n", + d_fprintf(stderr, + "Fetching unknown database type %u\n", db_type ); break; } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, &hdr_deltas, - &deltas); - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - ret = NT_STATUS_OK; - goto done; /* is this correct? jmcd */ + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; } + if (NT_STATUS_IS_ERR(result)) { + break; + } + + num_deltas = delta_enum_array->num_deltas; + /* Re-allocate memory for groupmap and accountmap arrays */ groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, num_deltas+num_alloced); @@ -1923,7 +2109,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, } /* Initialize the new records */ - memset(&groupmap[num_alloced], 0, + memset(&groupmap[num_alloced], 0, sizeof(GROUPMAP)*num_deltas); memset(&accountmap[num_alloced], 0, sizeof(ACCOUNTMAP)*num_deltas); @@ -1933,73 +2119,60 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Loop through the deltas */ for (k=0; k<num_deltas; k++) { - switch(hdr_deltas[k].type) { - case SAM_DELTA_DOMAIN_INFO: + + union netr_DELTA_UNION u = + delta_enum_array->delta_enum[k].delta_union; + union netr_DELTA_ID_UNION id = + delta_enum_array->delta_enum[k].delta_id_union; + + switch(delta_enum_array->delta_enum[k].delta_type) { + case NETR_DELTA_DOMAIN: /* Is this case needed? */ - unistr2_to_ascii( - domainname, - &deltas[k].domain_info.uni_dom_name, - sizeof(domainname)); + fstrcpy(domainname, + u.domain->domain_name.string); break; - case SAM_DELTA_GROUP_INFO: + case NETR_DELTA_GROUP: fetch_group_info_to_ldif( - &deltas[k], &groupmap[g_index], + u.group, + &groupmap[g_index], add_file, sid, suffix); g_index++; break; - case SAM_DELTA_ACCOUNT_INFO: + case NETR_DELTA_USER: fetch_account_info_to_ldif( - &deltas[k], groupmap, + u.user, groupmap, &accountmap[a_index], add_file, sid, suffix, num_alloced); a_index++; break; - case SAM_DELTA_ALIAS_INFO: + case NETR_DELTA_ALIAS: fetch_alias_info_to_ldif( - &deltas[k], &groupmap[g_index], + u.alias, &groupmap[g_index], add_file, sid, suffix, db_type); g_index++; break; - case SAM_DELTA_GROUP_MEM: + case NETR_DELTA_GROUP_MEMBER: fetch_groupmem_info_to_ldif( - &deltas[k], &hdr_deltas[k], - groupmap, accountmap, + u.group_member, id.rid, + groupmap, accountmap, mod_file, num_alloced); break; - case SAM_DELTA_ALIAS_MEM: - break; - case SAM_DELTA_POLICY_INFO: - break; - case SAM_DELTA_PRIVS_INFO: - break; - case SAM_DELTA_TRUST_DOMS: - /* Implemented but broken */ - break; - case SAM_DELTA_SECRET_INFO: - /* Implemented but broken */ - break; - case SAM_DELTA_RENAME_GROUP: - /* Not yet implemented */ - break; - case SAM_DELTA_RENAME_USER: - /* Not yet implemented */ - break; - case SAM_DELTA_RENAME_ALIAS: - /* Not yet implemented */ - break; - case SAM_DELTA_DELETE_GROUP: - /* Not yet implemented */ - break; - case SAM_DELTA_DELETE_USER: - /* Not yet implemented */ - break; - case SAM_DELTA_MODIFIED_COUNT: - break; + case NETR_DELTA_ALIAS_MEMBER: + case NETR_DELTA_POLICY: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_SECRET: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_MODIFY_COUNT: default: break; } /* end of switch */ @@ -2065,7 +2238,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, DEBUG(1,("unlink(%s) failed, error was (%s)\n", mod_name, strerror(errno))); } - + if (ldif_file && (ldif_file != stdout)) { fclose(ldif_file); } @@ -2079,15 +2252,15 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, return ret; } -/** +/** * Basic usage function for 'net rpc vampire' * @param argc Standard main() style argc * @param argc Standard main() style argv. Initial components are already * stripped **/ -int rpc_vampire_usage(int argc, const char **argv) -{ +int rpc_vampire_usage(int argc, const char **argv) +{ d_printf("net rpc vampire [ldif [<ldif-filename>] [options]\n" "\t to pull accounts from a remote PDC where we are a BDC\n" "\t\t no args puts accounts in local passdb from smb.conf\n" @@ -2100,13 +2273,13 @@ int rpc_vampire_usage(int argc, const char **argv) /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, - const char *domain_name, +NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, - const char **argv) + const char **argv) { NTSTATUS result; fstring my_dom_sid_str; @@ -2120,7 +2293,7 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, "workgroup=%s\n\n in your smb.conf?\n", domain_name, get_global_sam_name(), - sid_to_fstring(my_dom_sid_str, + sid_to_fstring(my_dom_sid_str, get_global_sam_sid()), domain_name, sid_to_fstring(rem_dom_sid_str, domain_sid), diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c index a70ecf3c72..242d653017 100644 --- a/source3/utils/net_rpc_service.c +++ b/source3/utils/net_rpc_service.c @@ -1,30 +1,33 @@ -/* - Samba Unix/Linux SMB client library - Distributed SMB/CIFS Server Management Utility +/* + Samba Unix/Linux SMB client library + Distributed SMB/CIFS Server Management Utility Copyright (C) Gerald (Jerry) Carter 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ - + #include "includes.h" #include "utils/net.h" +#define CLI_SERVER_NAME_SLASH(_ctx, _p, _cli) \ + _p = talloc_asprintf(_ctx, "\\\\%s", _cli->cli->desthost); + /******************************************************************** ********************************************************************/ static WERROR query_service_state(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, POLICY_HND *hSCM, const char *service, uint32 *state ) @@ -32,24 +35,32 @@ static WERROR query_service_state(struct rpc_pipe_client *pipe_hnd, POLICY_HND hService; SERVICE_STATUS service_status; WERROR result = WERR_GENERAL_FAILURE; - + NTSTATUS status; + /* now cycle until the status is actually 'watch_state' */ - - result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, hSCM, &hService, - service, SC_RIGHT_SVC_QUERY_STATUS ); - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx, + hSCM, + service, + SC_RIGHT_SVC_QUERY_STATUS, + &hService, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Failed to open service. [%s]\n", dos_errstr(result)); return result; } - result = rpccli_svcctl_query_status(pipe_hnd, mem_ctx, &hService, &service_status ); - if ( W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_QueryServiceStatus(pipe_hnd, mem_ctx, + &hService, + &service_status, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { *state = service_status.state; } - + rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL); - + return result; } @@ -57,17 +68,17 @@ static WERROR query_service_state(struct rpc_pipe_client *pipe_hnd, ********************************************************************/ static WERROR watch_service_state(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, POLICY_HND *hSCM, - const char *service, + const char *service, uint32 watch_state, uint32 *final_state ) { uint32 i; uint32 state = 0; WERROR result = WERR_GENERAL_FAILURE; - - + + i = 0; while ( (state != watch_state ) && i<30 ) { /* get the status */ @@ -76,15 +87,15 @@ static WERROR watch_service_state(struct rpc_pipe_client *pipe_hnd, if ( !W_ERROR_IS_OK(result) ) { break; } - + d_printf("."); i++; sys_usleep( 100 ); } d_printf("\n"); - + *final_state = state; - + return result; } @@ -92,155 +103,187 @@ static WERROR watch_service_state(struct rpc_pipe_client *pipe_hnd, ********************************************************************/ static WERROR control_service(struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, POLICY_HND *hSCM, - const char *service, + const char *service, uint32 control, uint32 watch_state ) { POLICY_HND hService; WERROR result = WERR_GENERAL_FAILURE; + NTSTATUS status; SERVICE_STATUS service_status; uint32 state = 0; - + /* Open the Service */ - - result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, hSCM, &hService, - service, (SC_RIGHT_SVC_STOP|SC_RIGHT_SVC_PAUSE_CONTINUE) ); - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx, + hSCM, + service, + (SC_RIGHT_SVC_STOP|SC_RIGHT_SVC_PAUSE_CONTINUE), + &hService, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Failed to open service. [%s]\n", dos_errstr(result)); goto done; } - + /* get the status */ - result = rpccli_svcctl_control_service(pipe_hnd, mem_ctx, &hService, - control, &service_status ); - - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_ControlService(pipe_hnd, mem_ctx, + &hService, + control, + &service_status, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Control service request failed. [%s]\n", dos_errstr(result)); goto done; } - + /* loop -- checking the state until we are where we want to be */ - + result = watch_service_state(pipe_hnd, mem_ctx, hSCM, service, watch_state, &state ); - + d_printf("%s service is %s.\n", service, svc_status_string(state)); -done: +done: rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL); - + return result; -} +} /******************************************************************** ********************************************************************/ static NTSTATUS rpc_service_list_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv ) { POLICY_HND hSCM; ENUM_SERVICES_STATUS *services; WERROR result = WERR_GENERAL_FAILURE; + NTSTATUS status; fstring servicename; fstring displayname; uint32 num_services = 0; + const char *server_name; int i; - + if (argc != 0 ) { d_printf("Usage: net rpc service list\n"); return NT_STATUS_OK; } - result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE ); - if ( !W_ERROR_IS_OK(result) ) { + CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd); + NT_STATUS_HAVE_NO_MEMORY(server_name); + + status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx, + server_name, + NULL, + SC_RIGHT_MGR_ENUMERATE_SERVICE, + &hSCM, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { d_fprintf(stderr, "Failed to open Service Control Manager. [%s]\n", dos_errstr(result)); return werror_to_ntstatus(result); } - + result = rpccli_svcctl_enumerate_services(pipe_hnd, mem_ctx, &hSCM, SVCCTL_TYPE_WIN32, SVCCTL_STATE_ALL, &num_services, &services ); - + if ( !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Failed to enumerate services. [%s]\n", dos_errstr(result)); goto done; } - + if ( num_services == 0 ) d_printf("No services returned\n"); - + for ( i=0; i<num_services; i++ ) { rpcstr_pull( servicename, services[i].servicename.buffer, sizeof(servicename), -1, STR_TERMINATE ); rpcstr_pull( displayname, services[i].displayname.buffer, sizeof(displayname), -1, STR_TERMINATE ); - + d_printf("%-20s \"%s\"\n", servicename, displayname); } -done: +done: rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL); - + return werror_to_ntstatus(result); -} +} /******************************************************************** ********************************************************************/ static NTSTATUS rpc_service_status_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv ) { POLICY_HND hSCM, hService; WERROR result = WERR_GENERAL_FAILURE; - fstring servicename; + NTSTATUS status; SERVICE_STATUS service_status; SERVICE_CONFIG config; fstring ascii_string; - + const char *server_name; + if (argc != 1 ) { d_printf("Usage: net rpc service status <service>\n"); return NT_STATUS_OK; } - fstrcpy( servicename, argv[0] ); - /* Open the Service Control Manager */ - - result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE ); - if ( !W_ERROR_IS_OK(result) ) { + CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd); + NT_STATUS_HAVE_NO_MEMORY(server_name); + + status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx, + server_name, + NULL, + SC_RIGHT_MGR_ENUMERATE_SERVICE, + &hSCM, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { d_fprintf(stderr, "Failed to open Service Control Manager. [%s]\n", dos_errstr(result)); return werror_to_ntstatus(result); } - + /* Open the Service */ - - result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, &hSCM, &hService, servicename, - (SC_RIGHT_SVC_QUERY_STATUS|SC_RIGHT_SVC_QUERY_CONFIG) ); - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx, + &hSCM, + argv[0], + (SC_RIGHT_SVC_QUERY_STATUS|SC_RIGHT_SVC_QUERY_CONFIG), + &hService, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Failed to open service. [%s]\n", dos_errstr(result)); goto done; } - + /* get the status */ - result = rpccli_svcctl_query_status(pipe_hnd, mem_ctx, &hService, &service_status ); - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_QueryServiceStatus(pipe_hnd, mem_ctx, + &hService, + &service_status, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Query status request failed. [%s]\n", dos_errstr(result)); goto done; } - - d_printf("%s service is %s.\n", servicename, svc_status_string(service_status.state)); + + d_printf("%s service is %s.\n", argv[0], svc_status_string(service_status.state)); /* get the config */ @@ -284,28 +327,30 @@ static NTSTATUS rpc_service_status_internal(const DOM_SID *domain_sid, d_printf("\tDisplay Name = %s\n", ascii_string); } -done: +done: rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL); rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL); return werror_to_ntstatus(result); -} +} /******************************************************************** ********************************************************************/ static NTSTATUS rpc_service_stop_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv ) { POLICY_HND hSCM; WERROR result = WERR_GENERAL_FAILURE; + NTSTATUS status; fstring servicename; - + const char *server_name; + if (argc != 1 ) { d_printf("Usage: net rpc service status <service>\n"); return NT_STATUS_OK; @@ -314,36 +359,45 @@ static NTSTATUS rpc_service_stop_internal(const DOM_SID *domain_sid, fstrcpy( servicename, argv[0] ); /* Open the Service Control Manager */ - - result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE ); - if ( !W_ERROR_IS_OK(result) ) { + CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd); + NT_STATUS_HAVE_NO_MEMORY(server_name); + + status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx, + server_name, + NULL, + SC_RIGHT_MGR_ENUMERATE_SERVICE, + &hSCM, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { d_fprintf(stderr, "Failed to open Service Control Manager. [%s]\n", dos_errstr(result)); return werror_to_ntstatus(result); } - - result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, + + result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, SVCCTL_CONTROL_STOP, SVCCTL_STOPPED ); - + rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL); - + return werror_to_ntstatus(result); -} +} /******************************************************************** ********************************************************************/ static NTSTATUS rpc_service_pause_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv ) { POLICY_HND hSCM; WERROR result = WERR_GENERAL_FAILURE; + NTSTATUS status; fstring servicename; - + const char *server_name; + if (argc != 1 ) { d_printf("Usage: net rpc service status <service>\n"); return NT_STATUS_OK; @@ -352,36 +406,45 @@ static NTSTATUS rpc_service_pause_internal(const DOM_SID *domain_sid, fstrcpy( servicename, argv[0] ); /* Open the Service Control Manager */ - - result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE ); - if ( !W_ERROR_IS_OK(result) ) { + CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd); + NT_STATUS_HAVE_NO_MEMORY(server_name); + + status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx, + server_name, + NULL, + SC_RIGHT_MGR_ENUMERATE_SERVICE, + &hSCM, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { d_fprintf(stderr, "Failed to open Service Control Manager. [%s]\n", dos_errstr(result)); return werror_to_ntstatus(result); } - - result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, + + result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, SVCCTL_CONTROL_PAUSE, SVCCTL_PAUSED ); - + rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL); - + return werror_to_ntstatus(result); -} +} /******************************************************************** ********************************************************************/ static NTSTATUS rpc_service_resume_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv ) { POLICY_HND hSCM; WERROR result = WERR_GENERAL_FAILURE; + NTSTATUS status; fstring servicename; - + const char *server_name; + if (argc != 1 ) { d_printf("Usage: net rpc service status <service>\n"); return NT_STATUS_OK; @@ -390,78 +453,100 @@ static NTSTATUS rpc_service_resume_internal(const DOM_SID *domain_sid, fstrcpy( servicename, argv[0] ); /* Open the Service Control Manager */ - - result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE ); - if ( !W_ERROR_IS_OK(result) ) { + CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd); + NT_STATUS_HAVE_NO_MEMORY(server_name); + + status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx, + server_name, + NULL, + SC_RIGHT_MGR_ENUMERATE_SERVICE, + &hSCM, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { d_fprintf(stderr, "Failed to open Service Control Manager. [%s]\n", dos_errstr(result)); return werror_to_ntstatus(result); } - - result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, + + result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, SVCCTL_CONTROL_CONTINUE, SVCCTL_RUNNING ); - + rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL); - + return werror_to_ntstatus(result); -} +} /******************************************************************** ********************************************************************/ static NTSTATUS rpc_service_start_internal(const DOM_SID *domain_sid, - const char *domain_name, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, const char **argv ) { POLICY_HND hSCM, hService; WERROR result = WERR_GENERAL_FAILURE; - fstring servicename; + NTSTATUS status; uint32 state = 0; - + const char *server_name; + if (argc != 1 ) { d_printf("Usage: net rpc service status <service>\n"); return NT_STATUS_OK; } - fstrcpy( servicename, argv[0] ); - /* Open the Service Control Manager */ - - result = rpccli_svcctl_open_scm( pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE ); - if ( !W_ERROR_IS_OK(result) ) { + CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd); + NT_STATUS_HAVE_NO_MEMORY(server_name); + + status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx, + server_name, + NULL, + SC_RIGHT_MGR_ENUMERATE_SERVICE, + &hSCM, + &result); + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { d_fprintf(stderr, "Failed to open Service Control Manager. [%s]\n", dos_errstr(result)); return werror_to_ntstatus(result); } - + /* Open the Service */ - - result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, &hSCM, &hService, - servicename, SC_RIGHT_SVC_START ); - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx, + &hSCM, + argv[0], + SC_RIGHT_SVC_START, + &hService, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Failed to open service. [%s]\n", dos_errstr(result)); goto done; } - + /* get the status */ - result = rpccli_svcctl_start_service(pipe_hnd, mem_ctx, &hService, NULL, 0 ); - if ( !W_ERROR_IS_OK(result) ) { + status = rpccli_svcctl_StartServiceW(pipe_hnd, mem_ctx, + &hService, + 0, + NULL, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) { d_fprintf(stderr, "Query status request failed. [%s]\n", dos_errstr(result)); goto done; } - - result = watch_service_state(pipe_hnd, mem_ctx, &hSCM, servicename, SVCCTL_RUNNING, &state ); - + + result = watch_service_state(pipe_hnd, mem_ctx, &hSCM, argv[0], SVCCTL_RUNNING, &state ); + if ( W_ERROR_IS_OK(result) && (state == SVCCTL_RUNNING) ) - d_printf("Successfully started service: %s\n", servicename ); + d_printf("Successfully started service: %s\n", argv[0] ); else - d_fprintf(stderr, "Failed to start service: %s [%s]\n", servicename, dos_errstr(result) ); - -done: + d_fprintf(stderr, "Failed to start service: %s [%s]\n", argv[0], dos_errstr(result) ); + +done: rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL); rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL); @@ -473,7 +558,7 @@ done: static int rpc_service_list( int argc, const char **argv ) { - return run_rpc_command( NULL, PI_SVCCTL, 0, + return run_rpc_command( NULL, PI_SVCCTL, 0, rpc_service_list_internal, argc, argv ); } @@ -482,7 +567,7 @@ static int rpc_service_list( int argc, const char **argv ) static int rpc_service_start( int argc, const char **argv ) { - return run_rpc_command( NULL, PI_SVCCTL, 0, + return run_rpc_command( NULL, PI_SVCCTL, 0, rpc_service_start_internal, argc, argv ); } @@ -491,7 +576,7 @@ static int rpc_service_start( int argc, const char **argv ) static int rpc_service_stop( int argc, const char **argv ) { - return run_rpc_command( NULL, PI_SVCCTL, 0, + return run_rpc_command( NULL, PI_SVCCTL, 0, rpc_service_stop_internal, argc, argv ); } @@ -500,7 +585,7 @@ static int rpc_service_stop( int argc, const char **argv ) static int rpc_service_resume( int argc, const char **argv ) { - return run_rpc_command( NULL, PI_SVCCTL, 0, + return run_rpc_command( NULL, PI_SVCCTL, 0, rpc_service_resume_internal, argc, argv ); } @@ -509,7 +594,7 @@ static int rpc_service_resume( int argc, const char **argv ) static int rpc_service_pause( int argc, const char **argv ) { - return run_rpc_command( NULL, PI_SVCCTL, 0, + return run_rpc_command( NULL, PI_SVCCTL, 0, rpc_service_pause_internal, argc, argv ); } @@ -518,7 +603,7 @@ static int rpc_service_pause( int argc, const char **argv ) static int rpc_service_status( int argc, const char **argv ) { - return run_rpc_command( NULL, PI_SVCCTL, 0, + return run_rpc_command( NULL, PI_SVCCTL, 0, rpc_service_status_internal, argc, argv ); } @@ -533,14 +618,14 @@ static int net_help_service( int argc, const char **argv ) d_printf("net rpc service pause <service> Pause a service\n"); d_printf("net rpc service resume <service> Resume a paused service\n"); d_printf("net rpc service status <service> View the current status of a service\n"); - + return -1; } /******************************************************************** ********************************************************************/ -int net_rpc_service(int argc, const char **argv) +int net_rpc_service(int argc, const char **argv) { struct functable func[] = { {"list", rpc_service_list}, @@ -551,9 +636,9 @@ int net_rpc_service(int argc, const char **argv) {"status", rpc_service_status}, {NULL, NULL} }; - + if ( argc ) return net_run_function( argc, argv, func, net_help_service ); - + return net_help_service( argc, argv ); } diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index a3a403d7bd..df2bf9753b 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -418,7 +418,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username, } if (flags & WBFLAG_PAM_UNIX_NAME) { - *unix_name = SMB_STRDUP((char *)response.extra_data.data); + *unix_name = SMB_STRDUP(response.data.auth.unix_username); if (!*unix_name) { winbindd_free_response(&response); return NT_STATUS_NO_MEMORY; @@ -1215,7 +1215,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, char *principal; DATA_BLOB ap_rep; DATA_BLOB session_key; - PAC_DATA *pac_data = NULL; + struct PAC_DATA *pac_data = NULL; if ( request.negTokenInit.mechToken.data == NULL ) { DEBUG(1, ("Client did not provide Kerberos data\n")); diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c index 76036bfdde..db2eefe1e2 100644 --- a/source3/utils/smbcontrol.c +++ b/source3/utils/smbcontrol.c @@ -1035,7 +1035,7 @@ static bool do_winbind_dump_domain_list(struct messaging_context *msg_ctx, print_pid_string_cb); buf_len = sizeof(myid)+domain_len; - buf = SMB_MALLOC(buf_len); + buf = SMB_MALLOC_ARRAY(uint8_t, buf_len); if (!buf) { return false; } |