diff options
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net.c | 1 | ||||
| -rw-r--r-- | source3/utils/net_ads_cldap.c | 10 | ||||
| -rw-r--r-- | source3/utils/net_groupmap.c | 112 | ||||
| -rw-r--r-- | source3/utils/net_privileges.c | 354 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 324 |
5 files changed, 9 insertions, 792 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index e4484488b6..f6d6de0a74 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -647,7 +647,6 @@ static struct functable net_func[] = { #ifdef WITH_FAKE_KASERVER {"AFSKEY", net_afskey}, #endif - {"PRIV", net_priv}, {"HELP", net_help}, {NULL, NULL} diff --git a/source3/utils/net_ads_cldap.c b/source3/utils/net_ads_cldap.c index 1903172cf7..44de9cb891 100644 --- a/source3/utils/net_ads_cldap.c +++ b/source3/utils/net_ads_cldap.c @@ -29,7 +29,7 @@ struct cldap_netlogon_reply { uint32 type; uint32 flags; - UUID_FLAT guid; + GUID guid; char forest[MAX_DNS_LABEL]; char domain[MAX_DNS_LABEL]; @@ -241,8 +241,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) reply->type = IVAL(p, 0); p += 4; reply->flags = IVAL(p, 0); p += 4; - memcpy(&reply->guid.info, p, UUID_FLAT_SIZE); - p += UUID_FLAT_SIZE; + memcpy(&reply->guid.info, p, GUID_SIZE); + p += GUID_SIZE; p += pull_netlogon_string(reply->forest, p, (const char *)os3.data); p += pull_netlogon_string(reply->domain, p, (const char *)os3.data); @@ -316,8 +316,8 @@ int ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("0x%x\n", reply.type); break; } - d_printf("GUID: %s\n", - smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + d_printf("GUID: "); + print_guid(&reply.guid); d_printf("Flags:\n" "\tIs a PDC: %s\n" "\tIs a GC of the forest: %s\n" diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index 48406f72b8..2b487ef17b 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -608,104 +608,6 @@ static int net_groupmap_cleanup(int argc, const char **argv) return 0; } -static int net_groupmap_addmem(int argc, const char **argv) -{ - DOM_SID alias, member; - NTSTATUS result; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap addmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_add_aliasmem(&alias, &member)) { - d_printf("Could not add sid %s to alias %s: %s\n", - argv[1], argv[0], nt_errstr(result)); - return -1; - } - - return 0; -} - -static int net_groupmap_delmem(int argc, const char **argv) -{ - DOM_SID alias, member; - NTSTATUS result; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap delmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_del_aliasmem(&alias, &member)) { - d_printf("Could not delete sid %s from alias %s: %s\n", - argv[1], argv[0], nt_errstr(result)); - return -1; - } - - return 0; -} - -static int net_groupmap_listmem(int argc, const char **argv) -{ - DOM_SID alias; - DOM_SID *members; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&alias, argv[0]) ) { - d_printf("Usage: net groupmap listmem alias-sid\n"); - return -1; - } - - if (!pdb_enum_aliasmem(&alias, &members, &num)) { - d_printf("Could not list members for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(members[i]))); - } - - SAFE_FREE(members); - - return 0; -} - -static int net_groupmap_memberships(int argc, const char **argv) -{ - DOM_SID member; - DOM_SID *aliases; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&member, argv[0]) ) { - d_printf("Usage: net groupmap memberof sid\n"); - return -1; - } - - if (!pdb_enum_alias_memberships(&member, &aliases, &num)) { - d_printf("Could not list memberships for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(aliases[i]))); - } - - SAFE_FREE(aliases); - - return 0; -} - int net_help_groupmap(int argc, const char **argv) { d_printf("net groupmap add"\ @@ -714,14 +616,6 @@ int net_help_groupmap(int argc, const char **argv) "\n Update a group mapping\n"); d_printf("net groupmap delete"\ "\n Remove a group mapping\n"); - d_printf("net groupmap addmember"\ - "\n Add a foreign alias member\n"); - d_printf("net groupmap delmember"\ - "\n Delete a foreign alias member\n"); - d_printf("net groupmap listmembers"\ - "\n List foreign group members\n"); - d_printf("net groupmap memberships"\ - "\n List foreign group memberships\n"); d_printf("net groupmap list"\ "\n List current group map\n"); d_printf("net groupmap set"\ @@ -744,22 +638,16 @@ int net_groupmap(int argc, const char **argv) {"delete", net_groupmap_delete}, {"set", net_groupmap_set}, {"cleanup", net_groupmap_cleanup}, - {"addmem", net_groupmap_addmem}, - {"delmem", net_groupmap_delmem}, - {"listmem", net_groupmap_listmem}, - {"memberships", net_groupmap_memberships}, {"list", net_groupmap_list}, {"help", net_help_groupmap}, {NULL, NULL} }; /* we shouldn't have silly checks like this */ -#if 0 if (getuid() != 0) { d_printf("You must be root to edit group mappings.\nExiting...\n"); return -1; } -#endif if ( argc ) return net_run_function(argc, argv, func, net_help_groupmap); diff --git a/source3/utils/net_privileges.c b/source3/utils/net_privileges.c deleted file mode 100644 index 62f2da33ee..0000000000 --- a/source3/utils/net_privileges.c +++ /dev/null @@ -1,354 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. - * Copyright (C) Gerald Carter 2003. - * Copyright (C) Simo Sorce 2003. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -#include "includes.h" -#include "../utils/net.h" - -extern PRIVS privs[]; - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static uint32 get_int_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return 0; - - return atoi(p+1); -} - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static char* get_string_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return NULL; - - return (p+1); -} - -/********************************************************* - Dump a GROUP_MAP entry to stdout (long or short listing) -**********************************************************/ - -static void print_priv_entry(const char *privname, const char *description, const char *sid_list) -{ - - if (!sid_list) { - d_printf("Error getting privilege list!\n"); - return; - } - - d_printf("%s\n", privname); - - if (description) { - d_printf("\tdescription: %s\n", description); - } - - d_printf("\tSIDS: %s\n", sid_list); -} - -/********************************************************* - List the groups. -**********************************************************/ -static int net_priv_list(int argc, const char **argv) -{ - fstring privname = ""; - fstring sid_string = ""; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (!StrnCaseCmp(argv[i], "privname", strlen("privname"))) { - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (*sid_string) { - /* list all privileges of a single sid */ - - } else { - char *sid_list = NULL; - - if (*privname) { - const char *description = NULL; - - BOOL found = False; - - for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - if (!StrCaseCmp(privs[i].priv, privname)) { - description = privs[i].description; - found = True; - break; - } - } - if (!found) { - d_printf("No such privilege!\n"); - return -1; - } - - /* Get the current privilege from the database */ - pdb_get_privilege_entry(privname, &sid_list); - print_priv_entry(privname, description, sid_list); - - SAFE_FREE(sid_list); - - } else for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - - if (!pdb_get_privilege_entry(privs[i].priv, &sid_list)) - continue; - - print_priv_entry(privs[i].priv, privs[i].description, sid_list); - - SAFE_FREE(sid_list); - } - } - - return 0; -} - -/********************************************************* - Add a sid to a privilege entry -**********************************************************/ - -static int net_priv_add(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) { - BOOL found; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (!StrCaseCmp(privs[j].priv, privname)) { - found = True; - break; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (!privname[0]) { - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (!sid_string[0]) { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } - - if (!pdb_add_sid_to_privilege(privname, &sid)) { - d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully added SID %s to privilege %s\n", sid_string, privname); - return 0; -} - -/********************************************************* - Remove a SID froma privilege entry -**********************************************************/ - -static int net_priv_remove(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) { - BOOL found; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (!StrCaseCmp(privs[j].priv, privname)) { - found = True; - break; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (!privname[0]) { - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (!sid_string[0]) { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } - - if (!pdb_remove_sid_from_privilege(privname, &sid)) { - d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully removed SID %s from privilege %s\n", sid_string, privname); - return 0; -} - -int net_help_priv(int argc, const char **argv) -{ - d_printf("net priv add sid\n" \ - " Add sid to privilege\n"); - d_printf("net priv remove sid\n"\ - " Remove sid from privilege\n"); - d_printf("net priv list\n"\ - " List sids per privilege\n"); - - return -1; -} - - -/*********************************************************** - migrated functionality from smbgroupedit - **********************************************************/ -int net_priv(int argc, const char **argv) -{ - struct functable func[] = { - {"add", net_priv_add}, - {"remove", net_priv_remove}, - {"list", net_priv_list}, - {"help", net_help_priv}, - {NULL, NULL} - }; - - /* we shouldn't have silly checks like this */ - if (getuid() != 0) { - d_printf("You must be root to edit privilege mappings.\nExiting...\n"); - return -1; - } - - if ( argc ) - return net_run_function(argc, argv, func, net_help_priv); - - return net_help_priv(argc, argv); -} - diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index af96413c5a..3f7aba8366 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -49,10 +49,6 @@ #define BIT_EXPORT 0x02000000 #define BIT_FIX_INIT 0x04000000 #define BIT_BADPWRESET 0x08000000 -#define BIT_TRUSTDOM 0x10000000 -#define BIT_TRUSTPW 0x20000000 -#define BIT_TRUSTSID 0x40000000 -#define BIT_TRUSTFLAGS 0x80000000 #define MASK_ALWAYS_GOOD 0x0000001F #define MASK_USER_GOOD 0x00401F00 @@ -228,121 +224,6 @@ static int print_user_info (struct pdb_context *in, const char *username, BOOL v return ret; } - - -/** - * Trust password flag name to flag conversion - * - * @param flag_name SAM_TRUST_PASSWD structure flag name - * @return flag value - **/ - -static int trustpw_flag(const char* flag_name) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (!StrCaseCmp(flags[i].name, flag_name)) { - return flags[i].val; - } - } - - return 0; -} - - -/** - * Trust password flag to flag name conversion - * - * @param val SAM_TRUST_PASSWD structure flag - * @return passed flag name - **/ - -static char* trustpw_flag_name(const int val) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (flags[i].val == val) { - return strdup(flags[i].name); - } - } - - return strdup("unknown flag"); -} - - -/** - * Print trust password structure information - * - * @param mem_ctx memory context (for unicode name conversion) - * @param trust SAM_TRUST_PASSWD structure - * @param verbose verbose mode on/off - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_info(TALLOC_CTX *mem_ctx, SAM_TRUST_PASSWD *trust, BOOL verbose) -{ - char *dom_name; - if (!mem_ctx || !trust) return -1; - - /* convert unicode domain name to char* */ - if (!pull_ucs2_talloc(mem_ctx, &dom_name, trust->private.uni_name)) return -1; - dom_name[trust->private.uni_name_len] = 0; - - /* different output depending on level of verbosity */ - if (verbose) { - printf("Domain name: %s\n", dom_name); - printf("Domain SID: %s\n", sid_string_static(&trust->private.domain_sid)); - printf("Trust password %s\n", trust->private.pass); - printf("Trust type: %s\n", trustpw_flag_name(trust->private.flags)); - printf("Last modified %s\n", trust->private.mod_time ? http_timestring(trust->private.mod_time) : "0"); - - } else { - printf("%s:%s\n", dom_name, sid_string_static(&trust->private.domain_sid)); - } - - return 0; -} - - -/** - * Print trust password information by given name - * - * @param in initialised pdb_context - * @param name domain name of the trust password - * @param verbose verbose mode on/off - * @param smbpwdstyle smbpassword-style output (ignored here) - * @return 0 on success, otherwise failure - **/ - -static int print_trust_info(struct pdb_context *in, const char *name, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - if (NT_STATUS_IS_OK(in->pdb_gettrustpwnam(in, &trust, name))) { - return print_trustpw_info(mem_ctx, &trust, verbose); - } - - return -1; -} /********************************************************* List Users @@ -373,47 +254,6 @@ static int print_users_list (struct pdb_context *in, BOOL verbosity, BOOL smbpwd return 0; } - -/** - * List trust passwords - * - * @param in initialised pdb context - * @param verbose turn on/off verbose mode - * @param smbpwdstyle ignored here (there was no trust passwords in smbpasswd file) - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_list(struct pdb_context *in, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - /* start enumeration and initialise memory context */ - status = in->pdb_settrustpwent(in); - if (NT_STATUS_IS_ERR(status)) return -1; - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - /* small separation to make it clear these are not regular accounts */ - if (!verbose) printf("---\n"); - - do { - /* fetch next trust password */ - status = in->pdb_gettrustpwent(in, &trust); - - if (trust.private.uni_name_len) { - /* print trust password info */ - if (verbose) printf ("---------------\n"); - print_trustpw_info(mem_ctx, &trust, verbose); - } - - } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(status, NT_STATUS_OK)); - - talloc_destroy(mem_ctx); - return 0; -} - - /********************************************************* Fix a list of Users for uninitialised passwords **********************************************************/ @@ -698,129 +538,6 @@ static int new_machine (struct pdb_context *in, const char *machine_in) return 0; } - -/** - * Add new trusting domain account - * - * @param in initialised pdb_context - * @param dom_name trusted domain name given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustdom(struct pdb_context *in, const char *dom_name) -{ - /* TODO */ - return -1; -} - - -/** - * Add new trust relationship password - * - * @param in initialised pdb_context - * @param dom_name trusting domain name given in command line - * @param dom_sid domain sid given in command line - * @param flag trust password type flag given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustpw(struct pdb_context *in, const char *dom_name, - const char *dom_sid, const char* flag) -{ - TALLOC_CTX *mem_ctx = NULL; - SAM_TRUST_PASSWD trust; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_hnd; - DOM_SID *domain_sid = NULL; - smb_ucs2_t *uni_name = NULL; - char *givenpass, *domain_name = NULL; - struct in_addr srv_ip; - fstring srv_name, myname; - struct cli_state *cli; - time_t lct; - - if (!dom_name) return -1; - - mem_ctx = talloc_init("pdbedit: adding new trust password"); - - /* unicode name */ - trust.private.uni_name_len = strnlen(dom_name, 32); - push_ucs2_talloc(mem_ctx, &uni_name, dom_name); - strncpy_w(trust.private.uni_name, uni_name, 32); - - /* flags */ - trust.private.flags = trustpw_flag(flag); - - /* trusting SID */ - if (!dom_sid) { - /* if sid is not specified in command line, do our best - to establish it */ - - /* find domain PDC */ - if (!get_pdc_ip(dom_name, &srv_ip)) - return -1; - if (is_zero_ip(srv_ip)) - return -1; - if (!name_status_find(dom_name, 0x1b, 0x20, srv_ip, srv_name)) - return -1; - - get_myname(myname); - - /* Connect the domain pdc... */ - nt_status = cli_full_connection(&cli, myname, srv_name, &srv_ip, 139, - "IPC$", "IPC", "", "", "", 0, Undefined, NULL); - if (NT_STATUS_IS_ERR(nt_status)) - return -1; - if (!cli_nt_session_open(cli, PI_LSARPC)) - return -1; - - /* ...and query the domain sid */ - nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, - &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd, - 5, &domain_name, &domain_sid); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - cli_nt_session_close(cli); - cli_shutdown(cli); - - /* copying sid to trust password structure */ - sid_copy(&trust.private.domain_sid, domain_sid); - - } else { - if (!string_to_sid(&trust.private.domain_sid, dom_sid)) { - printf("Error: wrong SID specified !\n"); - return -1; - } - } - - /* password */ - givenpass = getpass("password:"); - memset(trust.private.pass, '\0', FSTRING_LEN); - strncpy(trust.private.pass, givenpass, FSTRING_LEN); - - /* last change time */ - lct = time(NULL); - trust.private.mod_time = lct; - - /* store trust password in passdb */ - nt_status = in->pdb_add_trust_passwd(in, &trust); - - talloc_destroy(mem_ctx); - if (NT_STATUS_IS_OK(nt_status)) - return 0; - - return -1; -} - - /********************************************************* Delete user entry **********************************************************/ @@ -886,7 +603,6 @@ int main (int argc, char **argv) static BOOL verbose = False; static BOOL spstyle = False; static BOOL machine = False; - static BOOL trustdom = False; static BOOL add_user = False; static BOOL delete_user = False; static BOOL modify_user = False; @@ -910,10 +626,6 @@ int main (int argc, char **argv) static long int account_policy_value = 0; BOOL account_policy_value_set = False; static BOOL badpw_reset = False; - /* trust password parameters */ - static char *trustpw = NULL; - static char *trustsid = NULL; - static char *trustflags = NULL; struct pdb_context *bin; struct pdb_context *bout; @@ -934,12 +646,8 @@ int main (int argc, char **argv) {"group SID", 'G', POPT_ARG_STRING, &group_sid, 0, "set group SID or RID", NULL}, {"create", 'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL}, {"modify", 'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL}, - {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"machine", 'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL}, - {"trustdom", 'I', POPT_ARG_NONE, &trustdom, 0, "account is a domain trust account", NULL}, - {"trustpw", 'N', POPT_ARG_STRING, &trustpw, 0, "trust password's domain name", NULL}, - {"trustsid", 'T', POPT_ARG_STRING, &trustsid, 0, "trust password's domain sid", NULL}, - {"trustflags", 'F', POPT_ARG_STRING, &trustflags, 0, "trust password flags", NULL}, + {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"backend", 'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL}, {"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL}, {"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL}, @@ -991,10 +699,6 @@ int main (int argc, char **argv) (logon_script ? BIT_LOGSCRIPT : 0) + (profile_path ? BIT_PROFILE : 0) + (machine ? BIT_MACHINE : 0) + - (trustdom ? BIT_TRUSTDOM : 0) + - (trustpw ? BIT_TRUSTPW : 0) + - (trustsid ? BIT_TRUSTSID : 0) + - (trustflags ? BIT_TRUSTFLAGS : 0) + (user_name ? BIT_USER : 0) + (list_users ? BIT_LIST : 0) + (force_initialised_password ? BIT_FIX_INIT : 0) + @@ -1094,14 +798,10 @@ int main (int argc, char **argv) /* list users operations */ if (checkparms & BIT_LIST) { if (!(checkparms & ~BIT_LIST)) { - print_users_list (bdef, verbose, spstyle); - return print_trustpw_list(bdef, verbose, spstyle); + return print_users_list (bdef, verbose, spstyle); } if (!(checkparms & ~(BIT_USER + BIT_LIST))) { return print_user_info (bdef, user_name, verbose, spstyle); - - } else if (!(checkparms & ~(BIT_TRUSTPW + BIT_LIST))) { - return print_trust_info(bdef, trustpw, verbose, spstyle); } } @@ -1117,21 +817,15 @@ int main (int argc, char **argv) /* account operation */ if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { /* check use of -u option */ - if (!(checkparms & (BIT_USER + BIT_TRUSTPW))) { + if (!(checkparms & BIT_USER)) { fprintf (stderr, "Username not specified! (use -u option)\n"); return -1; } /* account creation operations */ - if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE + BIT_TRUSTDOM))) { - /* machine trust account */ + if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) { if (checkparms & BIT_MACHINE) { return new_machine (bdef, user_name); - /* interdomain trust account */ - } else if (checkparms & BIT_TRUSTDOM) { - return new_trustdom(bdef, user_name); - - /* ordinary user account */ } else { return new_user (bdef, user_name, full_name, home_dir, home_drive, logon_script, @@ -1160,15 +854,6 @@ int main (int argc, char **argv) } } - /* trust password operation */ - if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { - /* trust password creation */ - if (!(checkparms & ~(BIT_CREATE + BIT_TRUSTPW + BIT_TRUSTSID + BIT_TRUSTFLAGS))) { - return new_trustpw(bdef, trustpw, trustsid, trustflags); - } - } - - if (setparms >= 0x20) { fprintf (stderr, "Incompatible or insufficient options on command line!\n"); } @@ -1176,4 +861,3 @@ int main (int argc, char **argv) return 1; } - |