summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_ds.h46
-rw-r--r--source3/rpc_client/cli_ds.c55
-rw-r--r--source3/rpc_parse/parse_ds.c187
-rw-r--r--source3/rpcclient/cmd_ds.c18
-rw-r--r--source3/rpcclient/rpcclient.c4
5 files changed, 303 insertions, 7 deletions
diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h
index c01d10554e..22b2430595 100644
--- a/source3/include/rpc_ds.h
+++ b/source3/include/rpc_ds.h
@@ -28,6 +28,10 @@
#define DS_GETPRIMDOMINFO 0x00
+/* Opcodes available on PIPE_NETLOGON */
+
+#define DS_ENUM_DOM_TRUSTS 0x28
+
/* macros for RPC's */
@@ -85,7 +89,49 @@ typedef struct
NTSTATUS status;
} DS_R_GETPRIMDOMINFO;
+typedef struct {
+ /* static portion of structure */
+ uint32 netbios_ptr;
+ uint32 dns_ptr;
+ uint32 flags;
+ uint32 parent_index;
+ uint32 trust_type;
+ uint32 trust_attributes;
+ uint32 sid_ptr;
+ GUID guid;
+
+ UNISTR2 netbios_domain;
+ UNISTR2 dns_domain;
+ DOM_SID2 sid;
+
+} DS_DOMAIN_TRUSTS;
+
+typedef struct {
+
+ uint32 ptr;
+ uint32 max_count;
+ DS_DOMAIN_TRUSTS *trusts;
+
+} DS_DOMAIN_TRUSTS_CTR;
+
+/* DS_Q_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() request */
+typedef struct
+{
+ uint32 server_ptr;
+ UNISTR2 server;
+ uint32 flags;
+
+} DS_Q_ENUM_DOM_TRUSTS;
+
+/* DS_R_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() response */
+typedef struct
+{
+ uint32 num_domains;
+ DS_DOMAIN_TRUSTS_CTR domains;
+
+ NTSTATUS status;
+} DS_R_ENUM_DOM_TRUSTS;
#endif /* _RPC_DS_H */
diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c
index f0edeca000..e73a0b795a 100644
--- a/source3/rpc_client/cli_ds.c
+++ b/source3/rpc_client/cli_ds.c
@@ -22,6 +22,10 @@
/* implementations of client side DsXXX() functions */
+/********************************************************************
+ Get information about the server and directory services
+********************************************************************/
+
NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
uint16 level, DS_DOMINFO_CTR *ctr)
{
@@ -40,7 +44,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
q.level = level;
- if (!ds_io_q_getprimdominfo("", &q, &qbuf, 0)
+ if (!ds_io_q_getprimdominfo("", &qbuf, 0, &q)
|| !rpc_api_pipe_req(cli, DS_GETPRIMDOMINFO, &qbuf, &rbuf)) {
result = NT_STATUS_UNSUCCESSFUL;
goto done;
@@ -48,7 +52,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
/* Unmarshall response */
- if (!ds_io_r_getprimdominfo("", &r, &rbuf, 0)) {
+ if (!ds_io_r_getprimdominfo("", &rbuf, 0, &r)) {
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
@@ -71,3 +75,50 @@ done:
return result;
}
+
+/********************************************************************
+ Enumerate trusted domains in an AD forest
+********************************************************************/
+
+NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ const char *server, uint32 flags,
+ DS_DOMAIN_TRUSTS **trusts, uint32 *num_domains)
+{
+ prs_struct qbuf, rbuf;
+ DS_Q_ENUM_DOM_TRUSTS q;
+ DS_R_ENUM_DOM_TRUSTS r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ init_q_ds_enum_domain_trusts( &q, server, flags );
+
+ if (!ds_io_q_enum_domain_trusts("", &qbuf, 0, &q)
+ || !rpc_api_pipe_req(cli, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!ds_io_r_enum_domain_trusts("", &rbuf, 0, &r)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ result = r.status;
+
+done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result;
+}
+
+
diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c
index ab07631831..8edd38226b 100644
--- a/source3/rpc_parse/parse_ds.c
+++ b/source3/rpc_parse/parse_ds.c
@@ -1,7 +1,8 @@
/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
- * Copyright (C) Gerald Carter 2002
+
+ * Copyright (C) Gerald Carter 2002-2003
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -20,6 +21,9 @@
#include "includes.h"
+/************************************************************************
+************************************************************************/
+
static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic)
{
DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
@@ -68,7 +72,10 @@ static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSR
}
-BOOL ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_struct *ps, int depth)
+/************************************************************************
+************************************************************************/
+
+BOOL ds_io_q_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_Q_GETPRIMDOMINFO *q_u)
{
prs_debug(ps, depth, desc, "ds_io_q_getprimdominfo");
depth++;
@@ -82,7 +89,10 @@ BOOL ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_str
return True;
}
-BOOL ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_struct *ps, int depth)
+/************************************************************************
+************************************************************************/
+
+BOOL ds_io_r_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_R_GETPRIMDOMINFO *r_u)
{
prs_debug(ps, depth, desc, "ds_io_r_getprimdominfo");
depth++;
@@ -120,3 +130,174 @@ BOOL ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_str
return True;
}
+
+/************************************************************************
+ initialize a DS_ENUM_DOM_TRUSTS structure
+************************************************************************/
+
+BOOL init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server,
+ uint32 flags )
+{
+ int len;
+
+ q->flags = flags;
+
+ if ( server && *server )
+ q->server_ptr = 1;
+ else
+ q->server_ptr = 0;
+
+ len = q->server_ptr ? strlen(server)+1 : 0;
+
+ init_unistr2( &q->server, server, len );
+
+ return True;
+}
+
+/************************************************************************
+************************************************************************/
+
+static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS *trust)
+{
+ prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
+ depth++;
+
+ if ( !prs_uint32( "netbios_ptr", ps, depth, &trust->netbios_ptr ) )
+ return False;
+
+ if ( !prs_uint32( "dns_ptr", ps, depth, &trust->dns_ptr ) )
+ return False;
+
+ if ( !prs_uint32( "flags", ps, depth, &trust->flags ) )
+ return False;
+
+ if ( !prs_uint32( "parent_index", ps, depth, &trust->parent_index ) )
+ return False;
+
+ if ( !prs_uint32( "trust_type", ps, depth, &trust->trust_type ) )
+ return False;
+
+ if ( !prs_uint32( "trust_attributes", ps, depth, &trust->trust_attributes ) )
+ return False;
+
+ if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) )
+ return False;
+
+ if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) )
+ return False;
+
+ return True;
+}
+
+/************************************************************************
+************************************************************************/
+
+static BOOL ds_io_dom_trusts_ctr( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS_CTR *ctr)
+{
+ int i;
+
+ prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
+ depth++;
+
+ if ( !prs_uint32( "ptr", ps, depth, &ctr->ptr ) )
+ return False;
+
+ if ( !prs_uint32( "max_count", ps, depth, &ctr->max_count ) )
+ return False;
+
+ /* are we done? */
+
+ if ( ctr->max_count == 0 )
+ return True;
+
+ /* allocate the domain trusts array are parse it */
+
+ ctr->trusts = (DS_DOMAIN_TRUSTS*)talloc(ps->mem_ctx, sizeof(DS_DOMAIN_TRUSTS)*ctr->max_count);
+
+ if ( !ctr->trusts )
+ return False;
+
+ /* this stinks; the static portion o fthe structure is read here and then
+ we need another loop to read the UNISTR2's and SID's */
+
+ for ( i=0; i<ctr->max_count;i++ ) {
+ if ( !ds_io_domain_trusts("domain_trusts", ps, depth, &ctr->trusts[i] ) )
+ return False;
+ }
+
+ for ( i=0; i<ctr->max_count; i++ ) {
+
+ if ( !smb_io_unistr2("netbios_domain", &ctr->trusts[i].netbios_domain, ctr->trusts[i].netbios_ptr, ps, depth) )
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if ( !smb_io_unistr2("dns_domain", &ctr->trusts[i].dns_domain, ctr->trusts[i].dns_ptr, ps, depth) )
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if ( ctr->trusts[i].sid_ptr ) {
+ if ( !smb_io_dom_sid2("sid", &ctr->trusts[i].sid, ps, depth ) )
+ return False;
+ }
+ }
+
+ return True;
+}
+
+/************************************************************************
+ initialize a DS_ENUM_DOM_TRUSTS request
+************************************************************************/
+
+BOOL ds_io_q_enum_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_Q_ENUM_DOM_TRUSTS *q_u)
+{
+ prs_debug(ps, depth, desc, "ds_io_q_enum_domain_trusts");
+ depth++;
+
+ if ( !prs_align(ps) )
+ return False;
+
+ if ( !prs_uint32( "server_ptr", ps, depth, &q_u->server_ptr ) )
+ return False;
+
+ if ( !smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth) )
+ return False;
+
+ if ( !prs_uint32( "flags", ps, depth, &q_u->flags ) )
+ return False;
+
+ return True;
+}
+
+/************************************************************************
+************************************************************************/
+
+BOOL ds_io_r_enum_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_R_ENUM_DOM_TRUSTS *r_u)
+{
+ prs_debug(ps, depth, desc, "ds_io_r_enum_domain_trusts");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if ( !prs_uint32( "num_domains", ps, depth, &r_u->num_domains ) )
+ return False;
+
+ if ( r_u->num_domains ) {
+ if ( !ds_io_dom_trusts_ctr("domains", ps, depth, &r_u->domains ) )
+ return False;
+ }
+
+ if(!prs_align(ps))
+ return False;
+
+ if ( !prs_ntstatus("status", ps, depth, &r_u->status ) )
+ return False;
+
+ return True;
+}
+
+
diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c
index 4c2f52e291..be677519c4 100644
--- a/source3/rpcclient/cmd_ds.c
+++ b/source3/rpcclient/cmd_ds.c
@@ -47,13 +47,29 @@ static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli,
return result;
}
+static NTSTATUS cmd_ds_enum_domain_trusts(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ NTSTATUS result;
+ uint32 flags = 0x1;
+ DS_DOMAIN_TRUSTS *trusts = NULL;
+ int num_domains = 0;
+
+ result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags,
+ &trusts, &num_domains );
+
+ return result;
+}
+
/* List of commands exported by this module */
struct cmd_set ds_commands[] = {
{ "LSARPC-DS" },
- { "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
+ { "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
+ { "dsenumdomtrusts", RPC_RTYPE_NTSTATUS, cmd_ds_enum_domain_trusts, NULL, PI_NETLOGON, "Enumerate all trusted domains in an AD forest", "" },
{ NULL }
};
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index e684f05ecb..b4c4d2a9cb 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -519,7 +519,9 @@ static NTSTATUS do_cmd(struct cli_state *cli,
}
}
- if ((cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
+ /* some of the DsXXX commands use the netlogon pipe */
+
+ if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
uint32 neg_flags = 0x000001ff;
uint32 sec_channel_type;