diff options
-rw-r--r-- | source3/include/rpc_ds.h | 46 | ||||
-rw-r--r-- | source3/rpc_client/cli_ds.c | 55 | ||||
-rw-r--r-- | source3/rpc_parse/parse_ds.c | 187 | ||||
-rw-r--r-- | source3/rpcclient/cmd_ds.c | 18 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 4 |
5 files changed, 303 insertions, 7 deletions
diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h index c01d10554e..22b2430595 100644 --- a/source3/include/rpc_ds.h +++ b/source3/include/rpc_ds.h @@ -28,6 +28,10 @@ #define DS_GETPRIMDOMINFO 0x00 +/* Opcodes available on PIPE_NETLOGON */ + +#define DS_ENUM_DOM_TRUSTS 0x28 + /* macros for RPC's */ @@ -85,7 +89,49 @@ typedef struct NTSTATUS status; } DS_R_GETPRIMDOMINFO; +typedef struct { + /* static portion of structure */ + uint32 netbios_ptr; + uint32 dns_ptr; + uint32 flags; + uint32 parent_index; + uint32 trust_type; + uint32 trust_attributes; + uint32 sid_ptr; + GUID guid; + + UNISTR2 netbios_domain; + UNISTR2 dns_domain; + DOM_SID2 sid; + +} DS_DOMAIN_TRUSTS; + +typedef struct { + + uint32 ptr; + uint32 max_count; + DS_DOMAIN_TRUSTS *trusts; + +} DS_DOMAIN_TRUSTS_CTR; + +/* DS_Q_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() request */ +typedef struct +{ + uint32 server_ptr; + UNISTR2 server; + uint32 flags; + +} DS_Q_ENUM_DOM_TRUSTS; + +/* DS_R_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() response */ +typedef struct +{ + uint32 num_domains; + DS_DOMAIN_TRUSTS_CTR domains; + + NTSTATUS status; +} DS_R_ENUM_DOM_TRUSTS; #endif /* _RPC_DS_H */ diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c index f0edeca000..e73a0b795a 100644 --- a/source3/rpc_client/cli_ds.c +++ b/source3/rpc_client/cli_ds.c @@ -22,6 +22,10 @@ /* implementations of client side DsXXX() functions */ +/******************************************************************** + Get information about the server and directory services +********************************************************************/ + NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, uint16 level, DS_DOMINFO_CTR *ctr) { @@ -40,7 +44,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, q.level = level; - if (!ds_io_q_getprimdominfo("", &q, &qbuf, 0) + if (!ds_io_q_getprimdominfo("", &qbuf, 0, &q) || !rpc_api_pipe_req(cli, DS_GETPRIMDOMINFO, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -48,7 +52,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Unmarshall response */ - if (!ds_io_r_getprimdominfo("", &r, &rbuf, 0)) { + if (!ds_io_r_getprimdominfo("", &rbuf, 0, &r)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -71,3 +75,50 @@ done: return result; } + +/******************************************************************** + Enumerate trusted domains in an AD forest +********************************************************************/ + +NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx, + const char *server, uint32 flags, + DS_DOMAIN_TRUSTS **trusts, uint32 *num_domains) +{ + prs_struct qbuf, rbuf; + DS_Q_ENUM_DOM_TRUSTS q; + DS_R_ENUM_DOM_TRUSTS r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + init_q_ds_enum_domain_trusts( &q, server, flags ); + + if (!ds_io_q_enum_domain_trusts("", &qbuf, 0, &q) + || !rpc_api_pipe_req(cli, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!ds_io_r_enum_domain_trusts("", &rbuf, 0, &r)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + result = r.status; + +done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + + diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c index ab07631831..8edd38226b 100644 --- a/source3/rpc_parse/parse_ds.c +++ b/source3/rpc_parse/parse_ds.c @@ -1,7 +1,8 @@ /* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines - * Copyright (C) Gerald Carter 2002 + + * Copyright (C) Gerald Carter 2002-2003 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,6 +21,9 @@ #include "includes.h" +/************************************************************************ +************************************************************************/ + static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic) { DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic; @@ -68,7 +72,10 @@ static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSR } -BOOL ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_struct *ps, int depth) +/************************************************************************ +************************************************************************/ + +BOOL ds_io_q_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_Q_GETPRIMDOMINFO *q_u) { prs_debug(ps, depth, desc, "ds_io_q_getprimdominfo"); depth++; @@ -82,7 +89,10 @@ BOOL ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_str return True; } -BOOL ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_struct *ps, int depth) +/************************************************************************ +************************************************************************/ + +BOOL ds_io_r_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_R_GETPRIMDOMINFO *r_u) { prs_debug(ps, depth, desc, "ds_io_r_getprimdominfo"); depth++; @@ -120,3 +130,174 @@ BOOL ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_str return True; } + +/************************************************************************ + initialize a DS_ENUM_DOM_TRUSTS structure +************************************************************************/ + +BOOL init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server, + uint32 flags ) +{ + int len; + + q->flags = flags; + + if ( server && *server ) + q->server_ptr = 1; + else + q->server_ptr = 0; + + len = q->server_ptr ? strlen(server)+1 : 0; + + init_unistr2( &q->server, server, len ); + + return True; +} + +/************************************************************************ +************************************************************************/ + +static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS *trust) +{ + prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr"); + depth++; + + if ( !prs_uint32( "netbios_ptr", ps, depth, &trust->netbios_ptr ) ) + return False; + + if ( !prs_uint32( "dns_ptr", ps, depth, &trust->dns_ptr ) ) + return False; + + if ( !prs_uint32( "flags", ps, depth, &trust->flags ) ) + return False; + + if ( !prs_uint32( "parent_index", ps, depth, &trust->parent_index ) ) + return False; + + if ( !prs_uint32( "trust_type", ps, depth, &trust->trust_type ) ) + return False; + + if ( !prs_uint32( "trust_attributes", ps, depth, &trust->trust_attributes ) ) + return False; + + if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) ) + return False; + + if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) ) + return False; + + return True; +} + +/************************************************************************ +************************************************************************/ + +static BOOL ds_io_dom_trusts_ctr( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS_CTR *ctr) +{ + int i; + + prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr"); + depth++; + + if ( !prs_uint32( "ptr", ps, depth, &ctr->ptr ) ) + return False; + + if ( !prs_uint32( "max_count", ps, depth, &ctr->max_count ) ) + return False; + + /* are we done? */ + + if ( ctr->max_count == 0 ) + return True; + + /* allocate the domain trusts array are parse it */ + + ctr->trusts = (DS_DOMAIN_TRUSTS*)talloc(ps->mem_ctx, sizeof(DS_DOMAIN_TRUSTS)*ctr->max_count); + + if ( !ctr->trusts ) + return False; + + /* this stinks; the static portion o fthe structure is read here and then + we need another loop to read the UNISTR2's and SID's */ + + for ( i=0; i<ctr->max_count;i++ ) { + if ( !ds_io_domain_trusts("domain_trusts", ps, depth, &ctr->trusts[i] ) ) + return False; + } + + for ( i=0; i<ctr->max_count; i++ ) { + + if ( !smb_io_unistr2("netbios_domain", &ctr->trusts[i].netbios_domain, ctr->trusts[i].netbios_ptr, ps, depth) ) + return False; + + if(!prs_align(ps)) + return False; + + if ( !smb_io_unistr2("dns_domain", &ctr->trusts[i].dns_domain, ctr->trusts[i].dns_ptr, ps, depth) ) + return False; + + if(!prs_align(ps)) + return False; + + if ( ctr->trusts[i].sid_ptr ) { + if ( !smb_io_dom_sid2("sid", &ctr->trusts[i].sid, ps, depth ) ) + return False; + } + } + + return True; +} + +/************************************************************************ + initialize a DS_ENUM_DOM_TRUSTS request +************************************************************************/ + +BOOL ds_io_q_enum_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_Q_ENUM_DOM_TRUSTS *q_u) +{ + prs_debug(ps, depth, desc, "ds_io_q_enum_domain_trusts"); + depth++; + + if ( !prs_align(ps) ) + return False; + + if ( !prs_uint32( "server_ptr", ps, depth, &q_u->server_ptr ) ) + return False; + + if ( !smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth) ) + return False; + + if ( !prs_uint32( "flags", ps, depth, &q_u->flags ) ) + return False; + + return True; +} + +/************************************************************************ +************************************************************************/ + +BOOL ds_io_r_enum_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_R_ENUM_DOM_TRUSTS *r_u) +{ + prs_debug(ps, depth, desc, "ds_io_r_enum_domain_trusts"); + depth++; + + if(!prs_align(ps)) + return False; + + if ( !prs_uint32( "num_domains", ps, depth, &r_u->num_domains ) ) + return False; + + if ( r_u->num_domains ) { + if ( !ds_io_dom_trusts_ctr("domains", ps, depth, &r_u->domains ) ) + return False; + } + + if(!prs_align(ps)) + return False; + + if ( !prs_ntstatus("status", ps, depth, &r_u->status ) ) + return False; + + return True; +} + + diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c index 4c2f52e291..be677519c4 100644 --- a/source3/rpcclient/cmd_ds.c +++ b/source3/rpcclient/cmd_ds.c @@ -47,13 +47,29 @@ static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli, return result; } +static NTSTATUS cmd_ds_enum_domain_trusts(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS result; + uint32 flags = 0x1; + DS_DOMAIN_TRUSTS *trusts = NULL; + int num_domains = 0; + + result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags, + &trusts, &num_domains ); + + return result; +} + /* List of commands exported by this module */ struct cmd_set ds_commands[] = { { "LSARPC-DS" }, - { "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" }, + { "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" }, + { "dsenumdomtrusts", RPC_RTYPE_NTSTATUS, cmd_ds_enum_domain_trusts, NULL, PI_NETLOGON, "Enumerate all trusted domains in an AD forest", "" }, { NULL } }; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index e684f05ecb..b4c4d2a9cb 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -519,7 +519,9 @@ static NTSTATUS do_cmd(struct cli_state *cli, } } - if ((cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) { + /* some of the DsXXX commands use the netlogon pipe */ + + if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) { uint32 neg_flags = 0x000001ff; uint32 sec_channel_type; |