summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net.c62
-rw-r--r--source3/utils/net.h2
-rw-r--r--source3/utils/net_ads.c37
-rw-r--r--source3/utils/net_conf.c816
-rw-r--r--source3/utils/net_dns.c44
-rw-r--r--source3/utils/net_dom.c59
-rw-r--r--source3/utils/net_domain.c75
-rw-r--r--source3/utils/net_help.c1
-rw-r--r--source3/utils/net_lookup.c2
-rw-r--r--source3/utils/net_rpc.c589
-rw-r--r--source3/utils/net_rpc_audit.c182
-rw-r--r--source3/utils/net_rpc_join.c61
-rw-r--r--source3/utils/net_rpc_rights.c6
-rw-r--r--source3/utils/net_rpc_samsync.c12
-rw-r--r--source3/utils/net_rpc_sh_acct.c14
-rw-r--r--source3/utils/net_sam.c2
-rw-r--r--source3/utils/ntlm_auth.c423
-rw-r--r--source3/utils/pdbedit.c201
-rw-r--r--source3/utils/smbcacls.c37
-rw-r--r--source3/utils/smbcontrol.c57
-rw-r--r--source3/utils/smbcquotas.c35
-rw-r--r--source3/utils/smbfilter.c28
-rw-r--r--source3/utils/smbget.c12
23 files changed, 1520 insertions, 1237 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index bf70d08d8b..586ea2fdb6 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -88,6 +88,7 @@ int opt_testmode = False;
int opt_have_ip = False;
struct sockaddr_storage opt_dest_ip;
+bool smb_encrypt;
extern bool AllowDebugChange;
@@ -178,9 +179,7 @@ NTSTATUS connect_to_service(struct cli_state **c,
service_name, service_type,
opt_user_name, opt_workgroup,
opt_password, 0, Undefined, NULL);
- if (NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- } else {
+ if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, "Could not connect to server %s\n", server_name);
/* Display a nicer message depending on the result */
@@ -196,9 +195,40 @@ NTSTATUS connect_to_service(struct cli_state **c,
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
d_fprintf(stderr, "The account was disabled.\n");
-
return nt_status;
}
+
+ if (smb_encrypt) {
+ nt_status = cli_force_encryption(*c,
+ opt_user_name,
+ opt_password,
+ opt_workgroup);
+
+ if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
+ d_printf("Encryption required and "
+ "server that doesn't support "
+ "UNIX extensions - failing connect\n");
+ } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) {
+ d_printf("Encryption required and "
+ "can't get UNIX CIFS extensions "
+ "version from server.\n");
+ } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
+ d_printf("Encryption required and "
+ "share %s doesn't support "
+ "encryption.\n", service_name);
+ } else if (!NT_STATUS_IS_OK(nt_status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(nt_status));
+ }
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(*c);
+ *c = NULL;
+ }
+ }
+
+ return nt_status;
}
/****************************************************************************
@@ -287,12 +317,24 @@ NTSTATUS connect_to_ipc_krb5(struct cli_state **c,
SAFE_FREE(user_and_realm);
- if (NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- } else {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
return nt_status;
}
+
+ if (smb_encrypt) {
+ nt_status = cli_cm_force_encryption(*c,
+ user_and_realm,
+ opt_password,
+ opt_workgroup,
+ "IPC$");
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(*c);
+ *c = NULL;
+ }
+ }
+
+ return nt_status;
}
/**
@@ -988,6 +1030,7 @@ static struct functable net_func[] = {
{"port", 'p', POPT_ARG_INT, &opt_port},
{"myname", 'n', POPT_ARG_STRING, &opt_requester_name},
{"server", 'S', POPT_ARG_STRING, &opt_host},
+ {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"container", 'c', POPT_ARG_STRING, &opt_container},
{"comment", 'C', POPT_ARG_STRING, &opt_comment},
{"maxusers", 'M', POPT_ARG_INT, &opt_maxusers},
@@ -1010,7 +1053,7 @@ static struct functable net_func[] = {
{"acls", 0, POPT_ARG_NONE, &opt_acls},
{"attrs", 0, POPT_ARG_NONE, &opt_attrs},
{"timestamps", 0, POPT_ARG_NONE, &opt_timestamps},
- {"exclude", 'e', POPT_ARG_STRING, &opt_exclude},
+ {"exclude", 'X', POPT_ARG_STRING, &opt_exclude},
{"destination", 0, POPT_ARG_STRING, &opt_destination},
{"tallocreport", 0, POPT_ARG_NONE, &do_talloc_report},
@@ -1037,6 +1080,9 @@ static struct functable net_func[] = {
net_help(argc, argv);
exit(0);
break;
+ case 'e':
+ smb_encrypt=true;
+ break;
case 'I':
if (!interpret_string_addr(&opt_dest_ip,
poptGetOptArg(pc), 0)) {
diff --git a/source3/utils/net.h b/source3/utils/net.h
index 2ffa4d77b1..3a4b1da7b0 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -42,7 +42,7 @@ struct rpc_sh_ctx {
struct cli_state *cli;
DOM_SID *domain_sid;
- char *domain_name;
+ const char *domain_name;
const char *whoami;
const char *thiscmd;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 141031dacb..732ba8d8b6 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -817,7 +817,7 @@ static int net_ads_leave(int argc, const char **argv)
struct cli_state *cli = NULL;
TALLOC_CTX *ctx;
DOM_SID *dom_sid = NULL;
- char *short_domain_name = NULL;
+ const char *short_domain_name = NULL;
if (!secrets_init()) {
DEBUG(1,("Failed to initialise secrets database\n"));
@@ -961,7 +961,8 @@ static NTSTATUS check_ads_config( void )
********************************************************************/
static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
- struct sockaddr_storage *pss, char **domain,
+ struct sockaddr_storage *pss,
+ const char **domain,
DOM_SID **dom_sid,
const char *password)
{
@@ -1255,7 +1256,6 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads )
ADS_STATUS status;
fstring salt;
char *std_salt;
- LDAPMessage *res = NULL;
const char *machine_name = global_myname();
status = ads_domain_func_level( ads, &domain_func );
@@ -1278,24 +1278,11 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads )
if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) {
char *upn;
- int count;
-
- status = ads_find_machine_acct(ads, &res, machine_name);
- if (!ADS_ERR_OK(status)) {
- return False;
- }
-
- if ( (count = ads_count_replies(ads, res)) != 1 ) {
- DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
- return False;
- }
- upn = ads_pull_string(ads, ctx, res, "userPrincipalName");
+ upn = ads_get_upn(ads, ctx, machine_name);
if ( upn ) {
fstrcpy( salt, upn );
}
-
- ads_msgfree(ads, res);
}
return kerberos_secrets_store_des_salt( salt );
@@ -1308,14 +1295,13 @@ static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads )
#if defined(WITH_DNS_UPDATES)
#include "dns.h"
DNS_ERROR DoDNSUpdate(char *pszServerName,
- const char *pszDomainName,
- const char *pszHostName,
- const struct in_addr *iplist, int num_addrs );
-
+ const char *pszDomainName, const char *pszHostName,
+ const struct sockaddr_storage *sslist,
+ size_t num_addrs );
static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads,
const char *machine_name,
- const struct in_addr *addrs,
+ const struct sockaddr_storage *addrs,
int num_addrs)
{
struct dns_rr_ns *nameservers = NULL;
@@ -1404,7 +1390,7 @@ done:
static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads)
{
int num_addrs;
- struct in_addr *iplist = NULL;
+ struct sockaddr_storage *iplist = NULL;
fstring machine_name;
NTSTATUS status;
@@ -1460,8 +1446,7 @@ int net_ads_join(int argc, const char **argv)
ADS_STRUCT *ads = NULL;
ADS_STATUS status;
NTSTATUS nt_status;
- char *machine_account = NULL;
- char *short_domain_name = NULL;
+ const char *short_domain_name = NULL;
char *tmp_password, *password;
TALLOC_CTX *ctx = NULL;
DOM_SID *domain_sid = NULL;
@@ -1698,7 +1683,6 @@ int net_ads_join(int argc, const char **argv)
d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm);
- SAFE_FREE(machine_account);
TALLOC_FREE( ctx );
ads_destroy(&ads);
@@ -1708,7 +1692,6 @@ fail:
/* issue an overall failure message at the end. */
d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status));
- SAFE_FREE(machine_account);
TALLOC_FREE( ctx );
ads_destroy(&ads);
diff --git a/source3/utils/net_conf.c b/source3/utils/net_conf.c
index 16b372ca72..26ed41b2a0 100644
--- a/source3/utils/net_conf.c
+++ b/source3/utils/net_conf.c
@@ -2,7 +2,7 @@
* Samba Unix/Linux SMB client library
* Distributed SMB/CIFS Server Management Utility
* Local configuration interface
- * Copyright (C) Michael Adam 2007
+ * Copyright (C) Michael Adam 2007-2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,17 +19,23 @@
*/
/*
- * This is an interface to the configuration stored inside the
- * samba registry. In the future there might be support for other
- * configuration backends as well.
+ * This is an interface to Samba's configuration as made available
+ * by the libnet_conf interface (source/libnet/libnet_conf.c).
+ *
+ * This currently supports local interaction with the configuration
+ * stored in the registry. But other backends and remote access via
+ * rpc might get implemented in the future.
*/
#include "includes.h"
#include "utils/net.h"
+#include "libnet/libnet.h"
-/*
+/**********************************************************************
+ *
* usage functions
- */
+ *
+ **********************************************************************/
static int net_conf_list_usage(int argc, const char **argv)
{
@@ -42,9 +48,9 @@ static int net_conf_import_usage(int argc, const char**argv)
d_printf("USAGE: net conf import [--test|-T] <filename> "
"[<servicename>]\n"
"\t[--test|-T] testmode - do not act, just print "
- "what would be done\n"
+ "what would be done\n"
"\t<servicename> only import service <servicename>, "
- "ignore the rest\n");
+ "ignore the rest\n");
return -1;
}
@@ -105,356 +111,16 @@ static int net_conf_delparm_usage(int argc, const char **argv)
}
-/*
+/**********************************************************************
+ *
* Helper functions
- */
-
-static char *format_value(TALLOC_CTX *mem_ctx, struct registry_value *value)
-{
- char *result = NULL;
-
- /* what if mem_ctx = NULL? */
-
- switch (value->type) {
- case REG_DWORD:
- result = talloc_asprintf(mem_ctx, "%d", value->v.dword);
- break;
- case REG_SZ:
- case REG_EXPAND_SZ:
- result = talloc_asprintf(mem_ctx, "%s", value->v.sz.str);
- break;
- case REG_MULTI_SZ: {
- uint32 j;
- for (j = 0; j < value->v.multi_sz.num_strings; j++) {
- result = talloc_asprintf(mem_ctx, "\"%s\" ",
- value->v.multi_sz.strings[j]);
- }
- break;
- }
- case REG_BINARY:
- result = talloc_asprintf(mem_ctx, "binary (%d bytes)",
- (int)value->v.binary.length);
- break;
- default:
- result = talloc_asprintf(mem_ctx, "<unprintable>");
- break;
- }
- return result;
-}
-
-/*
- * add a value to a key.
- */
-static WERROR reg_setvalue_internal(struct registry_key *key,
- const char *valname,
- const char *valstr)
-{
- struct registry_value val;
- WERROR werr = WERR_OK;
- char *subkeyname;
- const char *canon_valname;
- const char *canon_valstr;
-
- if (!lp_canonicalize_parameter_with_value(valname, valstr,
- &canon_valname,
- &canon_valstr))
- {
- if (canon_valname == NULL) {
- d_fprintf(stderr, "invalid parameter '%s' given\n",
- valname);
- } else {
- d_fprintf(stderr, "invalid value '%s' given for "
- "parameter '%s'\n", valstr, valname);
- }
- werr = WERR_INVALID_PARAM;
- goto done;
- }
-
- ZERO_STRUCT(val);
-
- val.type = REG_SZ;
- val.v.sz.str = CONST_DISCARD(char *, canon_valstr);
- val.v.sz.len = strlen(canon_valstr) + 1;
-
- if (registry_smbconf_valname_forbidden(canon_valname)) {
- d_fprintf(stderr, "Parameter '%s' not allowed in registry.\n",
- canon_valname);
- werr = WERR_INVALID_PARAM;
- goto done;
- }
-
- subkeyname = strrchr_m(key->key->name, '\\');
- if ((subkeyname == NULL) || (*(subkeyname +1) == '\0')) {
- d_fprintf(stderr, "Invalid registry key '%s' given as "
- "smbconf section.\n", key->key->name);
- werr = WERR_INVALID_PARAM;
- goto done;
- }
- subkeyname++;
- if (!strequal(subkeyname, GLOBAL_NAME) &&
- lp_parameter_is_global(valname))
- {
- d_fprintf(stderr, "Global paramter '%s' not allowed in "
- "service definition ('%s').\n", canon_valname,
- subkeyname);
- werr = WERR_INVALID_PARAM;
- goto done;
- }
-
- werr = reg_setvalue(key, canon_valname, &val);
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr,
- "Error adding value '%s' to "
- "key '%s': %s\n",
- canon_valname, key->key->name, dos_errstr(werr));
- }
-
-done:
- return werr;
-}
-
-/*
- * Open a subkey of KEY_SMBCONF (i.e a service)
- * - variant without error output (q = quiet)-
- */
-static WERROR smbconf_open_path_q(TALLOC_CTX *ctx, const char *subkeyname,
- uint32 desired_access,
- struct registry_key **key)
-{
- WERROR werr = WERR_OK;
- char *path = NULL;
- NT_USER_TOKEN *token;
-
- if (!(token = registry_create_admin_token(ctx))) {
- DEBUG(1, ("Error creating admin token\n"));
- goto done;
- }
-
- if (subkeyname == NULL) {
- path = talloc_strdup(ctx, KEY_SMBCONF);
- } else {
- path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, subkeyname);
- }
-
- werr = reg_open_path(ctx, path, desired_access,
- token, key);
-
-done:
- TALLOC_FREE(path);
- return werr;
-}
-
-/*
- * Open a subkey of KEY_SMBCONF (i.e a service)
- * - variant with error output -
- */
-static WERROR smbconf_open_path(TALLOC_CTX *ctx, const char *subkeyname,
- uint32 desired_access,
- struct registry_key **key)
-{
- WERROR werr = WERR_OK;
-
- werr = smbconf_open_path_q(ctx, subkeyname, desired_access, key);
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr, "Error opening registry path '%s\\%s': %s\n",
- KEY_SMBCONF,
- (subkeyname == NULL) ? "" : subkeyname,
- dos_errstr(werr));
- }
-
- return werr;
-}
-
-/*
- * open the base key KEY_SMBCONF
- */
-static WERROR smbconf_open_basepath(TALLOC_CTX *ctx, uint32 desired_access,
- struct registry_key **key)
-{
- return smbconf_open_path(ctx, NULL, desired_access, key);
-}
-
-/*
- * delete a subkey of KEY_SMBCONF
- */
-static WERROR reg_delkey_internal(TALLOC_CTX *ctx, const char *keyname)
-{
- WERROR werr = WERR_OK;
- struct registry_key *key = NULL;
-
- werr = smbconf_open_basepath(ctx, REG_KEY_WRITE, &key);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
- }
-
- werr = reg_deletekey_recursive(key, key, keyname);
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr, "Error deleting registry key %s\\%s: %s\n",
- KEY_SMBCONF, keyname, dos_errstr(werr));
- }
-
-done:
- TALLOC_FREE(key);
- return werr;
-}
-
-/*
- * create a subkey of KEY_SMBCONF
- */
-static WERROR reg_createkey_internal(TALLOC_CTX *ctx,
- const char * subkeyname,
- struct registry_key **newkey)
-{
- WERROR werr = WERR_OK;
- struct registry_key *create_parent = NULL;
- TALLOC_CTX *create_ctx;
- enum winreg_CreateAction action = REG_ACTION_NONE;
-
- /* create a new talloc ctx for creation. it will hold
- * the intermediate parent key (SMBCONF) for creation
- * and will be destroyed when leaving this function... */
- if (!(create_ctx = talloc_new(ctx))) {
- werr = WERR_NOMEM;
- goto done;
- }
-
- werr = smbconf_open_basepath(create_ctx, REG_KEY_WRITE, &create_parent);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
- }
-
- werr = reg_createkey(ctx, create_parent, subkeyname,
- REG_KEY_WRITE, newkey, &action);
- if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) {
- d_fprintf(stderr, "Key '%s' already exists.\n", subkeyname);
- werr = WERR_ALREADY_EXISTS;
- }
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr, "Error creating key %s: %s\n",
- subkeyname, dos_errstr(werr));
- }
-
-done:
- TALLOC_FREE(create_ctx);
- return werr;
-}
+ *
+ **********************************************************************/
-/*
- * check if a subkey of KEY_SMBCONF of a given name exists
+/**
+ * This formats an in-memory smbconf parameter to a string.
+ * The result string is allocated with talloc.
*/
-static bool smbconf_key_exists(TALLOC_CTX *ctx, const char *subkeyname)
-{
- bool ret = False;
- WERROR werr = WERR_OK;
- TALLOC_CTX *mem_ctx;
- struct registry_key *key;
-
- if (!(mem_ctx = talloc_new(ctx))) {
- d_fprintf(stderr, "ERROR: Out of memory...!\n");
- goto done;
- }
-
- werr = smbconf_open_path_q(mem_ctx, subkeyname, REG_KEY_READ, &key);
- if (W_ERROR_IS_OK(werr)) {
- ret = True;
- }
-
-done:
- TALLOC_FREE(mem_ctx);
- return ret;
-}
-
-static bool smbconf_value_exists(TALLOC_CTX *ctx, struct registry_key *key,
- const char *param)
-{
- bool ret = False;
- WERROR werr = WERR_OK;
- struct registry_value *value = NULL;
-
- werr = reg_queryvalue(ctx, key, param, &value);
- if (W_ERROR_IS_OK(werr)) {
- ret = True;
- }
-
- TALLOC_FREE(value);
- return ret;
-}
-
-static WERROR list_values(TALLOC_CTX *ctx, struct registry_key *key)
-{
- WERROR werr = WERR_OK;
- uint32 idx = 0;
- struct registry_value *valvalue = NULL;
- char *valname = NULL;
-
- for (idx = 0;
- W_ERROR_IS_OK(werr = reg_enumvalue(ctx, key, idx, &valname,
- &valvalue));
- idx++)
- {
- d_printf("\t%s = %s\n", valname, format_value(ctx, valvalue));
- }
- if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
- d_fprintf(stderr, "Error enumerating values: %s\n",
- dos_errstr(werr));
- goto done;
- }
- werr = WERR_OK;
-
-done:
- return werr;
-}
-
-static WERROR drop_smbconf_internal(TALLOC_CTX *ctx)
-{
- char *path, *p;
- WERROR werr = WERR_OK;
- NT_USER_TOKEN *token;
- struct registry_key *parent_key = NULL;
- struct registry_key *new_key = NULL;
- TALLOC_CTX* tmp_ctx = NULL;
- enum winreg_CreateAction action;
-
- tmp_ctx = talloc_new(ctx);
- if (tmp_ctx == NULL) {
- werr = WERR_NOMEM;
- goto done;
- }
-
- if (!(token = registry_create_admin_token(tmp_ctx))) {
- /* what is the appropriate error code here? */
- werr = WERR_CAN_NOT_COMPLETE;
- goto done;
- }
-
- path = talloc_strdup(tmp_ctx, KEY_SMBCONF);
- if (path == NULL) {
- d_fprintf(stderr, "ERROR: out of memory!\n");
- werr = WERR_NOMEM;
- goto done;
- }
- p = strrchr(path, '\\');
- *p = '\0';
- werr = reg_open_path(tmp_ctx, path, REG_KEY_WRITE, token, &parent_key);
-
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
- }
-
- werr = reg_deletekey_recursive(tmp_ctx, parent_key, p+1);
-
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
- }
-
- werr = reg_createkey(tmp_ctx, parent_key, p+1, REG_KEY_WRITE,
- &new_key, &action);
-
-done:
- TALLOC_FREE(tmp_ctx);
- return werr;
-}
-
static char *parm_valstr(TALLOC_CTX *ctx, struct parm_struct *parm,
struct share_params *share)
{
@@ -481,14 +147,14 @@ static char *parm_valstr(TALLOC_CTX *ctx, struct parm_struct *parm,
valstr = talloc_asprintf(ctx, "%s", BOOLSTR(!*(bool *)ptr));
break;
case P_ENUM:
- for (i = 0; parm->enum_list[i].name; i++) {
- if (*(int *)ptr == parm->enum_list[i].value)
+ for (i = 0; parm->enum_list[i].name; i++) {
+ if (*(int *)ptr == parm->enum_list[i].value)
{
valstr = talloc_asprintf(ctx, "%s",
- parm->enum_list[i].name);
- break;
- }
- }
+ parm->enum_list[i].name);
+ break;
+ }
+ }
break;
case P_OCTAL: {
char *o = octal_string(*(int *)ptr);
@@ -529,14 +195,18 @@ static char *parm_valstr(TALLOC_CTX *ctx, struct parm_struct *parm,
return valstr;
}
+/**
+ * This functions imports a configuration that has previously
+ * been loaded with lp_load() to registry.
+ */
static int import_process_service(TALLOC_CTX *ctx,
+ struct libnet_conf_ctx *conf_ctx,
struct share_params *share)
{
int ret = -1;
struct parm_struct *parm;
int pnum = 0;
const char *servicename;
- struct registry_key *key;
WERROR werr;
char *valstr = NULL;
TALLOC_CTX *tmp_ctx = NULL;
@@ -553,13 +223,13 @@ static int import_process_service(TALLOC_CTX *ctx,
if (opt_testmode) {
d_printf("[%s]\n", servicename);
} else {
- if (smbconf_key_exists(tmp_ctx, servicename)) {
- werr = reg_delkey_internal(tmp_ctx, servicename);
+ if (libnet_conf_share_exists(conf_ctx, servicename)) {
+ werr = libnet_conf_delete_share(conf_ctx, servicename);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
}
- werr = reg_createkey_internal(tmp_ctx, servicename, &key);
+ werr = libnet_conf_create_share(conf_ctx, servicename);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
@@ -567,9 +237,11 @@ static int import_process_service(TALLOC_CTX *ctx,
while ((parm = lp_next_parameter(share->service, &pnum, 0)))
{
- if ((share->service < 0 && parm->p_class == P_LOCAL)
+ if ((share->service < 0) && (parm->p_class == P_LOCAL)
&& !(parm->flags & FLAG_GLOBAL))
+ {
continue;
+ }
valstr = parm_valstr(tmp_ctx, parm, share);
@@ -577,9 +249,15 @@ static int import_process_service(TALLOC_CTX *ctx,
if (opt_testmode) {
d_printf("\t%s = %s\n", parm->label, valstr);
} else {
- werr = reg_setvalue_internal(key, parm->label,
- valstr);
+ werr = libnet_conf_set_parameter(conf_ctx,
+ servicename,
+ parm->label,
+ valstr);
if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr,
+ "Error setting parameter '%s'"
+ ": %s\n", parm->label,
+ dos_errstr(werr));
goto done;
}
}
@@ -597,7 +275,10 @@ done:
return ret;
}
-/* return True iff there are nondefault globals */
+/**
+ * Return true iff there are nondefault globals in the
+ * currently loaded configuration.
+ */
static bool globals_exist(void)
{
int i = 0;
@@ -605,25 +286,31 @@ static bool globals_exist(void)
while ((parm = lp_next_parameter(GLOBAL_SECTION_SNUM, &i, 0)) != NULL) {
if (parm->type != P_SEP) {
- return True;
+ return true;
}
}
- return False;
+ return false;
}
-/*
- * the conf functions
- */
-int net_conf_list(int argc, const char **argv)
+/**********************************************************************
+ *
+ * the main conf functions
+ *
+ **********************************************************************/
+
+static int net_conf_list(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
WERROR werr = WERR_OK;
int ret = -1;
TALLOC_CTX *ctx;
- struct registry_key *base_key = NULL;
- struct registry_key *sub_key = NULL;
- uint32 idx_key = 0;
- char *subkey_name = NULL;
+ uint32_t num_shares;
+ char **share_names;
+ uint32_t *num_params;
+ char ***param_names;
+ char ***param_values;
+ uint32_t share_count, param_count;
ctx = talloc_init("list");
@@ -632,54 +319,25 @@ int net_conf_list(int argc, const char **argv)
goto done;
}
- werr = smbconf_open_basepath(ctx, REG_KEY_READ, &base_key);
+ werr = libnet_conf_get_config(ctx, conf_ctx, &num_shares, &share_names,
+ &num_params, &param_names, &param_values);
if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error getting config: %s\n",
+ dos_errstr(werr));
goto done;
}
- if (smbconf_key_exists(ctx, GLOBAL_NAME)) {
- werr = reg_openkey(ctx, base_key, GLOBAL_NAME,
- REG_KEY_READ, &sub_key);
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr, "Error opening subkey '%s' : %s\n",
- subkey_name, dos_errstr(werr));
- goto done;
- }
- d_printf("[%s]\n", GLOBAL_NAME);
- if (!W_ERROR_IS_OK(list_values(ctx, sub_key))) {
- goto done;
- }
- d_printf("\n");
- }
-
- for (idx_key = 0;
- W_ERROR_IS_OK(werr = reg_enumkey(ctx, base_key, idx_key,
- &subkey_name, NULL));
- idx_key++)
- {
- if (strequal(subkey_name, GLOBAL_NAME)) {
- continue;
- }
- d_printf("[%s]\n", subkey_name);
-
- werr = reg_openkey(ctx, base_key, subkey_name,
- REG_KEY_READ, &sub_key);
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr,
- "Error opening subkey '%s': %s\n",
- subkey_name, dos_errstr(werr));
- goto done;
- }
- if (!W_ERROR_IS_OK(list_values(ctx, sub_key))) {
- goto done;
+ for (share_count = 0; share_count < num_shares; share_count++) {
+ d_printf("[%s]\n", share_names[share_count]);
+ for (param_count = 0; param_count < num_params[share_count];
+ param_count++)
+ {
+ d_printf("\t%s = %s\n",
+ param_names[share_count][param_count],
+ param_values[share_count][param_count]);
}
d_printf("\n");
}
- if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
- d_fprintf(stderr, "Error enumerating subkeys: %s\n",
- dos_errstr(werr));
- goto done;
- }
ret = 0;
@@ -688,12 +346,13 @@ done:
return ret;
}
-int net_conf_import(int argc, const char **argv)
+static int net_conf_import(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
const char *filename = NULL;
const char *servicename = NULL;
- bool service_found = False;
+ bool service_found = false;
TALLOC_CTX *ctx;
struct share_iterator *shares;
struct share_params *share;
@@ -717,10 +376,10 @@ int net_conf_import(int argc, const char **argv)
filename));
if (!lp_load(filename,
- False, /* global_only */
- True, /* save_defaults */
- False, /* add_ipc */
- True)) /* initialize_globals */
+ false, /* global_only */
+ true, /* save_defaults */
+ false, /* add_ipc */
+ true)) /* initialize_globals */
{
d_fprintf(stderr, "Error parsing configuration file.\n");
goto done;
@@ -734,8 +393,8 @@ int net_conf_import(int argc, const char **argv)
if (((servicename == NULL) && globals_exist()) ||
strequal(servicename, GLOBAL_NAME))
{
- service_found = True;
- if (import_process_service(ctx, &global_share) != 0) {
+ service_found = true;
+ if (import_process_service(ctx, conf_ctx, &global_share) != 0) {
goto done;
}
}
@@ -753,8 +412,8 @@ int net_conf_import(int argc, const char **argv)
if ((servicename == NULL)
|| strequal(servicename, lp_servicename(share->service)))
{
- service_found = True;
- if (import_process_service(ctx, share)!= 0) {
+ service_found = true;
+ if (import_process_service(ctx, conf_ctx, share)!= 0) {
goto done;
}
}
@@ -774,13 +433,13 @@ done:
return ret;
}
-int net_conf_listshares(int argc, const char **argv)
+static int net_conf_listshares(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
WERROR werr = WERR_OK;
int ret = -1;
- struct registry_key *key;
- uint32 idx = 0;
- char *subkey_name = NULL;
+ uint32_t count, num_shares = 0;
+ char **share_names = NULL;
TALLOC_CTX *ctx;
ctx = talloc_init("listshares");
@@ -790,22 +449,15 @@ int net_conf_listshares(int argc, const char **argv)
goto done;
}
- werr = smbconf_open_basepath(ctx, SEC_RIGHTS_ENUM_SUBKEYS, &key);
+ werr = libnet_conf_get_share_names(ctx, conf_ctx, &num_shares,
+ &share_names);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
- for (idx = 0;
- W_ERROR_IS_OK(werr = reg_enumkey(ctx, key, idx,
- &subkey_name, NULL));
- idx++)
+ for (count = 0; count < num_shares; count++)
{
- d_printf("%s\n", subkey_name);
- }
- if (! W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
- d_fprintf(stderr, "Error enumerating subkeys: %s\n",
- dos_errstr(werr));
- goto done;
+ d_printf("%s\n", share_names[count]);
}
ret = 0;
@@ -815,7 +467,8 @@ done:
return ret;
}
-int net_conf_drop(int argc, const char **argv)
+static int net_conf_drop(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
WERROR werr;
@@ -825,7 +478,7 @@ int net_conf_drop(int argc, const char **argv)
goto done;
}
- werr = drop_smbconf_internal(NULL);
+ werr = libnet_conf_drop(conf_ctx);
if (!W_ERROR_IS_OK(werr)) {
d_fprintf(stderr, "Error deleting configuration: %s\n",
dos_errstr(werr));
@@ -838,12 +491,17 @@ done:
return ret;
}
-int net_conf_showshare(int argc, const char **argv)
+static int net_conf_showshare(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
WERROR werr = WERR_OK;
- struct registry_key *key = NULL;
+ const char *sharename = NULL;
TALLOC_CTX *ctx;
+ uint32_t num_params;
+ uint32_t count;
+ char **param_names;
+ char **param_values;
ctx = talloc_init("showshare");
@@ -852,15 +510,21 @@ int net_conf_showshare(int argc, const char **argv)
goto done;
}
- werr = smbconf_open_path(ctx, argv[0], REG_KEY_READ, &key);
+ sharename = argv[0];
+
+ werr = libnet_conf_get_share(ctx, conf_ctx, sharename, &num_params,
+ &param_names, &param_values);
if (!W_ERROR_IS_OK(werr)) {
+ d_printf("error getting share parameters: %s\n",
+ dos_errstr(werr));
goto done;
}
- d_printf("[%s]\n", argv[0]);
+ d_printf("[%s]\n", sharename);
- if (!W_ERROR_IS_OK(list_values(ctx, key))) {
- goto done;
+ for (count = 0; count < num_params; count++) {
+ d_printf("\t%s = %s\n", param_names[count],
+ param_values[count]);
}
ret = 0;
@@ -870,11 +534,17 @@ done:
return ret;
}
-int net_conf_addshare(int argc, const char **argv)
+/**
+ * Add a share, with a couple of standard parameters, partly optional.
+ *
+ * This is a high level utility function of the net conf utility,
+ * not a direct frontend to the libnet_conf API.
+ */
+static int net_conf_addshare(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
WERROR werr = WERR_OK;
- struct registry_key *newkey = NULL;
char *sharename = NULL;
const char *path = NULL;
const char *comment = NULL;
@@ -926,7 +596,6 @@ int net_conf_addshare(int argc, const char **argv)
net_conf_addshare_usage(argc, argv);
goto done;
}
-
case 2:
path = argv[1];
sharename = strdup_lower(argv[0]);
@@ -960,6 +629,12 @@ int net_conf_addshare(int argc, const char **argv)
goto done;
}
+ if (libnet_conf_share_exists(conf_ctx, sharename)) {
+ d_fprintf(stderr, "ERROR: share %s already exists.\n",
+ sharename);
+ goto done;
+ }
+
/* validate path */
if (path[0] != '/') {
@@ -989,43 +664,63 @@ int net_conf_addshare(int argc, const char **argv)
* create the share
*/
- werr = reg_createkey_internal(NULL, argv[0], &newkey);
+ werr = libnet_conf_create_share(conf_ctx, sharename);
if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error creating share %s: %s\n",
+ sharename, dos_errstr(werr));
goto done;
}
- /* add config params as values */
+ /*
+ * fill the share with parameters
+ */
- werr = reg_setvalue_internal(newkey, "path", path);
- if (!W_ERROR_IS_OK(werr))
+ werr = libnet_conf_set_parameter(conf_ctx, sharename, "path", path);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error setting parameter %s: %s\n",
+ "path", dos_errstr(werr));
goto done;
+ }
if (comment != NULL) {
- werr = reg_setvalue_internal(newkey, "comment", comment);
- if (!W_ERROR_IS_OK(werr))
+ werr = libnet_conf_set_parameter(conf_ctx, sharename, "comment",
+ comment);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error setting parameter %s: %s\n",
+ "comment", dos_errstr(werr));
goto done;
+ }
}
- werr = reg_setvalue_internal(newkey, "guest ok", guest_ok);
- if (!W_ERROR_IS_OK(werr))
+ werr = libnet_conf_set_parameter(conf_ctx, sharename, "guest ok",
+ guest_ok);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error setting parameter %s: %s\n",
+ "'guest ok'", dos_errstr(werr));
goto done;
+ }
- werr = reg_setvalue_internal(newkey, "writeable", writeable);
- if (!W_ERROR_IS_OK(werr))
+ werr = libnet_conf_set_parameter(conf_ctx, sharename, "writeable",
+ writeable);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error setting parameter %s: %s\n",
+ "writeable", dos_errstr(werr));
goto done;
+ }
ret = 0;
done:
- TALLOC_FREE(newkey);
SAFE_FREE(sharename);
return ret;
}
-int net_conf_delshare(int argc, const char **argv)
+static int net_conf_delshare(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
const char *sharename = NULL;
+ WERROR werr = WERR_OK;
if (argc != 1) {
net_conf_delshare_usage(argc, argv);
@@ -1033,24 +728,26 @@ int net_conf_delshare(int argc, const char **argv)
}
sharename = argv[0];
- if (W_ERROR_IS_OK(reg_delkey_internal(NULL, sharename))) {
- ret = 0;
+ werr = libnet_conf_delete_share(conf_ctx, sharename);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error deleting share %s: %s\n",
+ sharename, dos_errstr(werr));
+ goto done;
}
+
+ ret = 0;
done:
return ret;
}
-static int net_conf_setparm(int argc, const char **argv)
+static int net_conf_setparm(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
WERROR werr = WERR_OK;
- struct registry_key *key = NULL;
char *service = NULL;
char *param = NULL;
const char *value_str = NULL;
- TALLOC_CTX *ctx;
-
- ctx = talloc_init("setparm");
if (argc != 3) {
net_conf_setparm_usage(argc, argv);
@@ -1060,39 +757,39 @@ static int net_conf_setparm(int argc, const char **argv)
param = strdup_lower(argv[1]);
value_str = argv[2];
- if (!smbconf_key_exists(ctx, service)) {
- werr = reg_createkey_internal(ctx, service, &key);
- } else {
- werr = smbconf_open_path(ctx, service, REG_KEY_READ, &key);
- }
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
+ if (!libnet_conf_share_exists(conf_ctx, service)) {
+ werr = libnet_conf_create_share(conf_ctx, service);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error creating share '%s': %s\n",
+ service, dos_errstr(werr));
+ goto done;
+ }
}
- werr = reg_setvalue_internal(key, param, value_str);
+ werr = libnet_conf_set_parameter(conf_ctx, service, param, value_str);
+
if (!W_ERROR_IS_OK(werr)) {
d_fprintf(stderr, "Error setting value '%s': %s\n",
param, dos_errstr(werr));
goto done;
}
-
ret = 0;
done:
SAFE_FREE(service);
- TALLOC_FREE(ctx);
+ SAFE_FREE(param);
return ret;
}
-static int net_conf_getparm(int argc, const char **argv)
+static int net_conf_getparm(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
WERROR werr = WERR_OK;
- struct registry_key *key = NULL;
char *service = NULL;
char *param = NULL;
- struct registry_value *value = NULL;
+ char *valstr = NULL;
TALLOC_CTX *ctx;
ctx = talloc_init("getparm");
@@ -1104,26 +801,25 @@ static int net_conf_getparm(int argc, const char **argv)
service = strdup_lower(argv[0]);
param = strdup_lower(argv[1]);
- if (!smbconf_key_exists(ctx, service)) {
+ werr = libnet_conf_get_parameter(ctx, conf_ctx, service, param, &valstr);
+
+ if (W_ERROR_EQUAL(werr, WERR_NO_SUCH_SERVICE)) {
d_fprintf(stderr,
- "ERROR: given service '%s' does not exist.\n",
+ "Error: given service '%s' does not exist.\n",
service);
goto done;
- }
-
- werr = smbconf_open_path(ctx, service, REG_KEY_READ, &key);
- if (!W_ERROR_IS_OK(werr)) {
+ } else if (W_ERROR_EQUAL(werr, WERR_INVALID_PARAM)) {
+ d_fprintf(stderr,
+ "Error: given parameter '%s' is not set.\n",
+ param);
goto done;
- }
-
- werr = reg_queryvalue(ctx, key, param, &value);
- if (!W_ERROR_IS_OK(werr)) {
- d_fprintf(stderr, "Error querying value '%s': %s.\n",
+ } else if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "Error getting value '%s': %s.\n",
param, dos_errstr(werr));
goto done;
}
- d_printf("%s\n", format_value(ctx, value));
+ d_printf("%s\n", valstr);
ret = 0;
done:
@@ -1133,16 +829,13 @@ done:
return ret;
}
-static int net_conf_delparm(int argc, const char **argv)
+static int net_conf_delparm(struct libnet_conf_ctx *conf_ctx,
+ int argc, const char **argv)
{
int ret = -1;
WERROR werr = WERR_OK;
- struct registry_key *key = NULL;
char *service = NULL;
char *param = NULL;
- TALLOC_CTX *ctx;
-
- ctx = talloc_init("delparm");
if (argc != 2) {
net_conf_delparm_usage(argc, argv);
@@ -1151,26 +844,19 @@ static int net_conf_delparm(int argc, const char **argv)
service = strdup_lower(argv[0]);
param = strdup_lower(argv[1]);
- if (!smbconf_key_exists(ctx, service)) {
+ werr = libnet_conf_delete_parameter(conf_ctx, service, param);
+
+ if (W_ERROR_EQUAL(werr, WERR_NO_SUCH_SERVICE)) {
d_fprintf(stderr,
"Error: given service '%s' does not exist.\n",
service);
goto done;
- }
-
- werr = smbconf_open_path(ctx, service, REG_KEY_READ, &key);
- if (!W_ERROR_IS_OK(werr)) {
- goto done;
- }
-
- if (!smbconf_value_exists(ctx, key, param)) {
+ } else if (W_ERROR_EQUAL(werr, WERR_INVALID_PARAM)) {
d_fprintf(stderr,
"Error: given parameter '%s' is not set.\n",
param);
goto done;
- }
- werr = reg_deletevalue(key, param);
- if (!W_ERROR_IS_OK(werr)) {
+ } else if (!W_ERROR_IS_OK(werr)) {
d_fprintf(stderr, "Error deleting value '%s': %s.\n",
param, dos_errstr(werr));
goto done;
@@ -1179,31 +865,105 @@ static int net_conf_delparm(int argc, const char **argv)
ret = 0;
done:
+ SAFE_FREE(service);
+ SAFE_FREE(param);
+ return ret;
+}
+
+
+/**********************************************************************
+ *
+ * Wrapper and net_conf_run_function mechanism.
+ *
+ **********************************************************************/
+
+/**
+ * Wrapper function to call the main conf functions.
+ * The wrapper calls handles opening and closing of the
+ * configuration.
+ */
+static int net_conf_wrap_function(int (*fn)(struct libnet_conf_ctx *,
+ int, const char **),
+ int argc, const char **argv)
+{
+ WERROR werr;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+ struct libnet_conf_ctx *conf_ctx;
+ int ret = -1;
+
+ werr = libnet_conf_open(mem_ctx, &conf_ctx);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ return -1;
+ }
+
+ ret = fn(conf_ctx, argc, argv);
+
+ libnet_conf_close(conf_ctx);
+
return ret;
}
/*
+ * We need a functable struct of our own, because the
+ * functions are called through a wrapper that handles
+ * the opening and closing of the configuration, and so on.
+ */
+struct conf_functable {
+ const char *funcname;
+ int (*fn)(struct libnet_conf_ctx *ctx, int argc, const char **argv);
+ const char *helptext;
+};
+
+/**
+ * This imitates net_run_function2 but calls the main functions
+ * through the wrapper net_conf_wrap_function().
+ */
+static int net_conf_run_function(int argc, const char **argv,
+ const char *whoami,
+ struct conf_functable *table)
+{
+ int i;
+
+ if (argc != 0) {
+ for (i=0; table[i].funcname; i++) {
+ if (StrCaseCmp(argv[0], table[i].funcname) == 0)
+ return net_conf_wrap_function(table[i].fn,
+ argc-1,
+ argv+1);
+ }
+ }
+
+ for (i=0; table[i].funcname; i++) {
+ d_printf("%s %-15s %s\n", whoami, table[i].funcname,
+ table[i].helptext);
+ }
+
+ return -1;
+}
+
+/*
* Entry-point for all the CONF functions.
*/
int net_conf(int argc, const char **argv)
{
int ret = -1;
- struct functable2 func[] = {
+ struct conf_functable func_table[] = {
{"list", net_conf_list,
"Dump the complete configuration in smb.conf like format."},
{"import", net_conf_import,
"Import configuration from file in smb.conf format."},
{"listshares", net_conf_listshares,
- "List the registry shares."},
+ "List the share names."},
{"drop", net_conf_drop,
- "Delete the complete configuration from registry."},
+ "Delete the complete configuration."},
{"showshare", net_conf_showshare,
- "Show the definition of a registry share."},
+ "Show the definition of a share."},
{"addshare", net_conf_addshare,
- "Create a new registry share."},
+ "Create a new share."},
{"delshare", net_conf_delshare,
- "Delete a registry share."},
+ "Delete a share."},
{"setparm", net_conf_setparm,
"Store a parameter."},
{"getparm", net_conf_getparm,
@@ -1213,16 +973,8 @@ int net_conf(int argc, const char **argv)
{NULL, NULL, NULL}
};
- if (!registry_init_regdb()) {
- d_fprintf(stderr, "Error initializing the registry!\n");
- goto done;
- }
-
- ret = net_run_function2(argc, argv, "net conf", func);
+ ret = net_conf_run_function(argc, argv, "net conf", func_table);
- regdb_close();
-
-done:
return ret;
}
diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index 8b82a96892..fb6644d6b2 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -32,14 +32,15 @@
DNS_ERROR DoDNSUpdate(char *pszServerName,
const char *pszDomainName, const char *pszHostName,
- const struct in_addr *iplist, size_t num_addrs );
+ const struct sockaddr_storage *sslist,
+ size_t num_addrs );
/*********************************************************************
*********************************************************************/
DNS_ERROR DoDNSUpdate(char *pszServerName,
const char *pszDomainName, const char *pszHostName,
- const struct in_addr *iplist, size_t num_addrs )
+ const struct sockaddr_storage *sslist, size_t num_addrs )
{
DNS_ERROR err;
struct dns_connection *conn;
@@ -47,7 +48,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
OM_uint32 minor;
struct dns_update_request *req, *resp;
- if ( (num_addrs <= 0) || !iplist ) {
+ if ( (num_addrs <= 0) || !sslist ) {
return ERROR_DNS_INVALID_PARAMETER;
}
@@ -65,7 +66,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
*/
err = dns_create_probe(mem_ctx, pszDomainName, pszHostName,
- num_addrs, iplist, &req);
+ num_addrs, sslist, &req);
if (!ERR_DNS_IS_OK(err)) goto error;
err = dns_update_transaction(mem_ctx, conn, req, &resp);
@@ -81,7 +82,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
*/
err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
- iplist, num_addrs, &req);
+ sslist, num_addrs, &req);
if (!ERR_DNS_IS_OK(err)) goto error;
err = dns_update_transaction(mem_ctx, conn, req, &resp);
@@ -141,33 +142,42 @@ error:
/*********************************************************************
*********************************************************************/
-int get_my_ip_address( struct in_addr **ips )
+int get_my_ip_address( struct sockaddr_storage **pp_ss )
+
{
struct iface_struct nics[MAX_INTERFACES];
int i, n;
- struct in_addr *list;
+ struct sockaddr_storage *list = NULL;
int count = 0;
/* find the first non-loopback address from our list of interfaces */
n = get_interfaces(nics, MAX_INTERFACES);
-
- if ( (list = SMB_MALLOC_ARRAY( struct in_addr, n )) == NULL ) {
+
+ if (n <= 0) {
+ return -1;
+ }
+
+ if ( (list = SMB_MALLOC_ARRAY( struct sockaddr_storage, n )) == NULL ) {
return -1;
}
for ( i=0; i<n; i++ ) {
+ if (is_loopback_addr(&nics[i].ip)) {
+ continue;
+ }
+#if defined(HAVE_IPV6)
if ((nics[i].ip.ss_family == AF_INET)) {
- struct in_addr ifip;
-
- ifip = ((const struct sockaddr_in *)&nics[i].ip)->sin_addr;
-
- if (!is_loopback_ip_v4(ifip)) {
- memcpy(&list[count++], &ifip, sizeof(struct in_addr));
- }
+ memcpy(&list[count++], &nics[i].ip,
+ sizeof(struct sockaddr_storage));
+ } else
+#endif
+ if (nics[i].ip.ss_family == AF_INET) {
+ memcpy(&list[count++], &nics[i].ip,
+ sizeof(struct sockaddr_storage));
}
}
- *ips = list;
+ *pp_ss = list;
return count;
}
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c
index fd386c95a8..30993ae2fa 100644
--- a/source3/utils/net_dom.c
+++ b/source3/utils/net_dom.c
@@ -19,7 +19,7 @@
#include "includes.h"
#include "utils/net.h"
-#include "lib/netapi/joindomain.h"
+#include "lib/netapi/netapi.h"
static int net_dom_usage(int argc, const char **argv)
{
@@ -43,6 +43,7 @@ int net_help_dom(int argc, const char **argv)
static int net_dom_unjoin(int argc, const char **argv)
{
+ struct libnetapi_ctx *ctx = NULL;
const char *server_name = NULL;
const char *account = NULL;
const char *password = NULL;
@@ -50,8 +51,8 @@ static int net_dom_unjoin(int argc, const char **argv)
WKSSVC_JOIN_FLAGS_JOIN_TYPE;
struct cli_state *cli = NULL;
bool reboot = false;
- NTSTATUS status;
- WERROR werr;
+ NTSTATUS ntstatus;
+ NET_API_STATUS status;
int ret = -1;
int i;
@@ -82,17 +83,25 @@ static int net_dom_unjoin(int argc, const char **argv)
}
if (reboot) {
- status = net_make_ipc_connection_ex(opt_workgroup, server_name,
- NULL, 0, &cli);
- if (!NT_STATUS_IS_OK(status)) {
+ ntstatus = net_make_ipc_connection_ex(opt_workgroup, server_name,
+ NULL, 0, &cli);
+ if (!NT_STATUS_IS_OK(ntstatus)) {
return -1;
}
}
- werr = NetUnjoinDomain(server_name, account, password, unjoin_flags);
- if (!W_ERROR_IS_OK(werr)) {
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return -1;
+ }
+
+ libnetapi_set_username(ctx, opt_user_name);
+ libnetapi_set_password(ctx, opt_password);
+
+ status = NetUnjoinDomain(server_name, account, password, unjoin_flags);
+ if (status != 0) {
printf("Failed to unjoin domain: %s\n",
- get_friendly_nt_error_msg(werror_to_ntstatus(werr)));
+ libnetapi_errstr(status));
goto done;
}
@@ -121,11 +130,13 @@ static int net_dom_unjoin(int argc, const char **argv)
cli_shutdown(cli);
}
+ /* libnetapi_free(ctx); */
return ret;
}
static int net_dom_join(int argc, const char **argv)
{
+ struct libnetapi_ctx *ctx = NULL;
const char *server_name = NULL;
const char *domain_name = NULL;
const char *account_ou = NULL;
@@ -135,8 +146,8 @@ static int net_dom_join(int argc, const char **argv)
WKSSVC_JOIN_FLAGS_JOIN_TYPE;
struct cli_state *cli = NULL;
bool reboot = false;
- NTSTATUS status;
- WERROR werr;
+ NTSTATUS ntstatus;
+ NET_API_STATUS status;
int ret = -1;
int i;
@@ -183,21 +194,28 @@ static int net_dom_join(int argc, const char **argv)
}
if (reboot) {
- status = net_make_ipc_connection_ex(opt_workgroup, server_name,
- NULL, 0, &cli);
- if (!NT_STATUS_IS_OK(status)) {
+ ntstatus = net_make_ipc_connection_ex(opt_workgroup, server_name,
+ NULL, 0, &cli);
+ if (!NT_STATUS_IS_OK(ntstatus)) {
return -1;
}
}
/* check if domain is a domain or a workgroup */
- werr = NetJoinDomain(server_name, domain_name, account_ou,
- Account, password, join_flags);
- if (!W_ERROR_IS_OK(werr)) {
- printf("Failed to join domain: %s (WERROR: %s)\n",
- get_friendly_nt_error_msg(werror_to_ntstatus(werr)),
- dos_errstr(werr));
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return -1;
+ }
+
+ libnetapi_set_username(ctx, opt_user_name);
+ libnetapi_set_password(ctx, opt_password);
+
+ status = NetJoinDomain(server_name, domain_name, account_ou,
+ Account, password, join_flags);
+ if (status != 0) {
+ printf("Failed to join domain: %s\n",
+ libnetapi_errstr(status));
goto done;
}
@@ -226,6 +244,7 @@ static int net_dom_join(int argc, const char **argv)
cli_shutdown(cli);
}
+ /* libnetapi_free(ctx); */
return ret;
}
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
index 3f1908e242..74b35d0d66 100644
--- a/source3/utils/net_domain.c
+++ b/source3/utils/net_domain.c
@@ -37,6 +37,11 @@
goto done; \
}
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
/*******************************************************************
Leave an AD domain. Windows XP disables the machine account.
We'll try the same. The old code would do an LDAP delete.
@@ -71,9 +76,12 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
if ( !NT_STATUS_IS_OK(status) )
return status;
-
- status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol);
+
+ status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &sam_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ dom_sid,
+ &domain_pol);
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -98,8 +106,11 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
/* Open handle on user */
- status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
+ status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ user_rid,
+ &user_pol);
if ( !NT_STATUS_IS_OK(status) ) {
goto done;
}
@@ -108,7 +119,7 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, 16, &qctr);
if ( !NT_STATUS_IS_OK(status) ) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
goto done;
}
@@ -123,11 +134,11 @@ NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
&cli->user_session_key, &ctr);
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
- rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol);
cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
@@ -157,7 +168,7 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *
********************************************************************/
NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli,
- char **domain, DOM_SID **sid )
+ const char **domain, DOM_SID **sid )
{
struct rpc_pipe_client *pipe_hnd = NULL;
POLICY_HND lsa_pol;
@@ -204,10 +215,12 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
const char *const_acct_name;
+ struct lsa_String lsa_acct_name;
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
uint32 acb_info = ACB_WSTRUST;
+ uint32 acct_flags;
uint32 fields_present;
uchar pwbuf[532];
SAM_USERINFO_CTR ctr;
@@ -217,6 +230,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
uchar md5buffer[16];
DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
+ uint32_t access_granted = 0;
/* Open the domain */
@@ -231,9 +245,12 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
if ( !NT_STATUS_IS_OK(status) )
return status;
-
- status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol);
+
+ status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &sam_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ dom_sid,
+ &domain_pol);
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -243,10 +260,25 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
strlower_m(acct_name);
const_acct_name = acct_name;
- /* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ init_lsa_String(&lsa_acct_name, acct_name);
- status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
+ /* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
+ status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
@@ -266,7 +298,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
/* We *must* do this.... don't ask... */
if (NT_STATUS_IS_OK(status)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
@@ -284,8 +316,11 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
/* Open handle on user */
- status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
+ status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ user_rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -336,7 +371,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
return status;
}
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
return status;
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 2cb601f917..908be0512a 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -48,6 +48,7 @@ int net_common_flags_usage(int argc, const char **argv)
d_printf("\t-l or --long\t\t\tDisplay full information\n");
d_printf("\t-V or --version\t\t\tPrint samba version information\n");
d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n");
+ d_printf("\t-e or --encrypt\t\tEncrypt SMB transport (UNIX extended servers only)\n");
return -1;
}
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index 20298faa29..8c01b5b4ba 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -401,7 +401,7 @@ static int net_lookup_dsgetdcname(int argc, const char **argv)
site_name = sitename_fetch(domain_name);
}
- status = DsGetDcName(mem_ctx, NULL, domain_name, NULL, site_name,
+ status = dsgetdcname(mem_ctx, domain_name, NULL, site_name,
flags, &info);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed with: %s\n", nt_errstr(status));
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index ab0cc73e49..7091063817 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -23,6 +23,11 @@
#include "includes.h"
#include "utils/net.h"
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@@ -51,7 +56,8 @@ static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
**/
NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- DOM_SID **domain_sid, char **domain_name)
+ DOM_SID **domain_sid,
+ const char **domain_name)
{
struct rpc_pipe_client *lsa_pipe;
POLICY_HND pol;
@@ -112,7 +118,7 @@ int run_rpc_command(struct cli_state *cli_arg,
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
DOM_SID *domain_sid;
- char *domain_name;
+ const char *domain_name;
/* make use of cli_state handed over as an argument, if possible */
if (!cli_arg) {
@@ -451,11 +457,13 @@ NTSTATUS rpc_info_internals(const DOM_SID *domain_sid,
d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
goto done;
@@ -586,8 +594,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
- uint32 access_mask, user_rid;
+ uint32 acct_flags, user_rid;
+ uint32_t access_granted = 0;
if (argc < 1) {
d_printf("User must be specified\n");
@@ -596,6 +606,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
}
acct_name = argv[0];
+ init_lsa_String(&lsa_acct_name, acct_name);
/* Get sam policy handle */
@@ -606,10 +617,12 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -617,11 +630,21 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
/* Create domain user */
acb_info = ACB_NORMAL;
- access_mask = 0xe005000b;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, access_mask,
- &user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -643,9 +666,11 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -670,7 +695,8 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
d_fprintf(stderr, "Failed to set password for user %s - %s\n",
acct_name, nt_errstr(result));
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Failed to delete user %s - %s\n",
@@ -682,10 +708,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
}
done:
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to add user %s - %s\n", acct_name,
- nt_errstr(result));
+ d_fprintf(stderr, "Failed to add user '%s' with %s.\n",
+ acct_name, nt_errstr(result));
} else {
- d_printf("Added user %s\n", acct_name);
+ d_printf("Added user '%s'.\n", acct_name);
}
return result;
}
@@ -732,12 +758,16 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND connect_pol, domain_pol, user_pol;
+ const char *acct_name;
if (argc < 1) {
d_printf("User must be specified\n");
rpc_user_usage(argc, argv);
return NT_STATUS_OK;
}
+
+ acct_name = argv[0];
+
/* Get sam policy and domain handles */
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
@@ -747,9 +777,11 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -762,7 +794,7 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
uint32 flags = 0x000003e8; /* Unknown */
result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
- flags, 1, &argv[0],
+ flags, 1, &acct_name,
&num_rids, &user_rids,
&name_types);
@@ -770,9 +802,11 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -781,20 +815,21 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
/* Delete user */
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- /* Display results */
+ done:
if (!NT_STATUS_IS_OK(result)) {
- d_fprintf(stderr, "Failed to delete user account - %s\n", nt_errstr(result));
- } else {
- d_printf("Deleted user account\n");
- }
+ d_fprintf(stderr, "Failed to delete user '%s' with %s.\n",
+ acct_name, nt_errstr(result));
+ } else {
+ d_printf("Deleted user '%s'.\n", acct_name);
+ }
- done:
return result;
}
@@ -856,10 +891,12 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -877,8 +914,11 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
}
/* Open domain user */
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rid[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -1005,9 +1045,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -1028,9 +1070,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -1123,10 +1167,12 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get handle on user */
@@ -1137,9 +1183,11 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(result)) goto done;
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol,
@@ -1230,10 +1278,12 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -1374,16 +1424,20 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
goto done;
}
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- ctx->domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ ctx->domain_sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rid, &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -1392,13 +1446,13 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
done:
if (is_valid_policy_hnd(&user_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
if (is_valid_policy_hnd(&domain_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
}
if (is_valid_policy_hnd(&connect_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
}
return result;
}
@@ -1738,11 +1792,13 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
d_fprintf(stderr, "Request samr_connect failed\n");
goto done;
}
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
-
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
+
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_domain failed\n");
goto done;
@@ -1761,9 +1817,11 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
switch (name_types[0])
{
case SID_NAME_DOM_GRP:
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[0], &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_group failed");
goto done;
@@ -1788,9 +1846,11 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
/* Check if group is anyone's primary group */
for (i = 0; i < num_members; i++)
{
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[i], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids[i],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]);
@@ -1815,7 +1875,7 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
group_is_primary = True;
}
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
if (group_is_primary) {
@@ -1842,21 +1902,25 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
}
}
- result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol);
+ result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
+ &group_pol);
break;
/* removing a local group is easier... */
case SID_NAME_ALIAS:
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rids[0], &group_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Request open_alias failed\n");
goto done;
}
-
- result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol);
+
+ result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
+ &group_pol);
break;
default:
d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
@@ -1896,6 +1960,8 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, group_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
GROUP_INFO_CTR group_info;
+ struct lsa_String grp_name;
+ uint32_t rid = 0;
if (argc != 1) {
d_printf("Group name must be specified\n");
@@ -1903,6 +1969,8 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
return NT_STATUS_OK;
}
+ init_lsa_String(&grp_name, argv[0]);
+
/* Get sam policy handle */
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
@@ -1910,17 +1978,22 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Create the group */
- result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol,
- argv[0], MAXIMUM_ALLOWED_ACCESS,
- &group_pol);
+ result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &grp_name,
+ MAXIMUM_ALLOWED_ACCESS,
+ &group_pol,
+ &rid);
if (!NT_STATUS_IS_OK(result)) goto done;
if (strlen(opt_comment) == 0) goto done;
@@ -1953,6 +2026,8 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, alias_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
ALIAS_INFO_CTR alias_info;
+ struct lsa_String alias_name;
+ uint32_t rid = 0;
if (argc != 1) {
d_printf("Alias name must be specified\n");
@@ -1960,6 +2035,8 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
return NT_STATUS_OK;
}
+ init_lsa_String(&alias_name, argv[0]);
+
/* Get sam policy handle */
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
@@ -1967,16 +2044,22 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(result)) goto done;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) goto done;
/* Create the group */
- result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol,
- argv[0], &alias_pol);
+ result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &alias_name,
+ MAXIMUM_ALLOWED_ACCESS,
+ &alias_pol,
+ &rid);
if (!NT_STATUS_IS_OK(result)) goto done;
if (strlen(opt_comment) == 0) goto done;
@@ -2093,11 +2176,13 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
if (!NT_STATUS_IS_OK(result)) {
return result;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -2111,9 +2196,11 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
goto done;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -2122,7 +2209,7 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
@@ -2161,18 +2248,22 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- alias_rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ alias_rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result)) {
return result;
@@ -2185,7 +2276,7 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
}
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
@@ -2272,11 +2363,13 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
&connect_pol);
if (!NT_STATUS_IS_OK(result))
return result;
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2289,9 +2382,11 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
goto done;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -2299,7 +2394,7 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
@@ -2337,18 +2432,22 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- alias_rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ alias_rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2359,7 +2458,7 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
return result;
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
return result;
}
@@ -2478,10 +2577,12 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -2554,15 +2655,15 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
POLICY_HND alias_pol;
ALIAS_INFO_CTR ctr;
- if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
- &domain_pol,
- 0x8,
- groups[i].rid,
- &alias_pol))) &&
+ if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 0x8,
+ groups[i].rid,
+ &alias_pol))) &&
(NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
&alias_pol, 3,
&ctr))) &&
- (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+ (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
&alias_pol)))) {
description = unistr2_to_ascii_talloc(mem_ctx,
ctr.alias.info3.description.string);
@@ -2578,12 +2679,14 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
}
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
/* Get builtin policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &global_sid_Builtin, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -2609,15 +2712,15 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
POLICY_HND alias_pol;
ALIAS_INFO_CTR ctr;
- if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
- &domain_pol,
- 0x8,
- groups[i].rid,
- &alias_pol))) &&
+ if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 0x8,
+ groups[i].rid,
+ &alias_pol))) &&
(NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
&alias_pol, 3,
&ctr))) &&
- (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+ (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
&alias_pol)))) {
description = unistr2_to_ascii_talloc(mem_ctx,
ctr.alias.info3.description.string);
@@ -2663,9 +2766,11 @@ static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
fstring sid_str;
sid_to_fstring(sid_str, domain_sid);
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rid, &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2726,8 +2831,11 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
enum lsa_SidType *types;
int i;
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,
- MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2812,10 +2920,12 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
return result;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2829,13 +2939,15 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
DOM_SID sid_Builtin;
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
string_to_sid(&sid_Builtin, "S-1-5-32");
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &sid_Builtin, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &sid_Builtin,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
@@ -2909,10 +3021,12 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
return result;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2930,9 +3044,11 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
return NT_STATUS_UNSUCCESSFUL;
}
- result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- rids[0], &group_pol);
+ result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ rids[0],
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -4000,10 +4116,12 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
POLICY_HND domain_pol;
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -4022,10 +4140,11 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
DOM_SID *members;
int j;
- result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- groups[i].rid,
- &alias_pol);
+ result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ groups[i].rid,
+ &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -4036,7 +4155,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol);
+ result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -4060,7 +4179,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
result = NT_STATUS_OK;
done:
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
return result;
}
@@ -4160,7 +4279,7 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid,
result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
domain_sid);
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
done:
return result;
}
@@ -5335,8 +5454,11 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
+ uint32_t access_granted = 0;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5346,36 +5468,48 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
-
+
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
return NT_STATUS_NO_MEMORY;
}
strupper_m(acct_name);
+ init_lsa_String(&lsa_acct_name, acct_name);
+
/* Get samr policy handle */
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Create trusting domain's account */
- acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
-
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
- &user_pol, &user_rid);
+ acb_info = ACB_NORMAL;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -5503,11 +5637,13 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-
+
/* Get domain policy handle */
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- domain_sid, &domain_pol);
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ CONST_DISCARD(struct dom_sid2 *, domain_sid),
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -5520,9 +5656,11 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rids[0], &user_pol);
+ result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rids[0],
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -5545,7 +5683,8 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
/* Delete user */
- result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+ result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+ &user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -5603,7 +5742,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
DOM_SID *domain_sid;
char* domain_name;
- char* domain_name_pol;
+ const char* domain_name_pol;
char* acct_name;
fstring pdc_name;
char *dc_name;
@@ -5846,24 +5985,30 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
const char *trusted_dom_name)
{
NTSTATUS nt_status;
- LSA_TRUSTED_DOMAIN_INFO *info;
+ union lsa_TrustedDomainInfo info;
char *cleartextpwd = NULL;
DATA_BLOB data;
- nt_status = rpccli_lsa_query_trusted_domain_info_by_sid(pipe_hnd, mem_ctx, pol, 4, &dom_sid, &info);
-
+ nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
+ pol,
+ &dom_sid,
+ LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
+ &info);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0,("Could not query trusted domain info. Error was %s\n",
nt_errstr(nt_status)));
goto done;
}
- data = data_blob(NULL, info->password.password.length);
+ data = data_blob(NULL, info.password.password->length);
- memcpy(data.data, info->password.password.data, info->password.password.length);
- data.length = info->password.password.length;
-
- cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, &data);
+ memcpy(data.data,
+ info.password.password->data,
+ info.password.password->length);
+ data.length = info.password.password->length;
+
+ cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password,
+ &data);
if (cleartextpwd == NULL) {
DEBUG(0,("retrieved NULL password\n"));
@@ -5907,7 +6052,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
DOM_SID *domain_sids;
char **trusted_dom_names;
fstring pdc_name;
- char *dummy;
+ const char *dummy;
/*
* Listing trusted domains (stored in secrets.tdb, if local)
@@ -6047,7 +6192,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
DOM_SID *domain_sids;
char **trusted_dom_names;
fstring pdc_name;
- char *dummy;
+ const char *dummy;
/* trusting domains listing variables */
POLICY_HND domain_hnd;
@@ -6186,12 +6331,14 @@ static int rpc_trustdom_list(int argc, const char **argv)
talloc_destroy(mem_ctx);
return -1;
};
-
+
/* SamrOpenDomain - we have to open domain policy handle in order to be
able to enumerate accounts*/
- nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
- queried_dom_sid, &domain_hnd);
+ nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_hnd,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ queried_dom_sid,
+ &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
nt_errstr(nt_status)));
@@ -6267,12 +6414,12 @@ static int rpc_trustdom_list(int argc, const char **argv)
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
/* close opened samr and domain policy handles */
- nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd);
+ nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
};
- nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd);
+ nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
};
diff --git a/source3/utils/net_rpc_audit.c b/source3/utils/net_rpc_audit.c
index b7fda2b8e3..50bd555f16 100644
--- a/source3/utils/net_rpc_audit.c
+++ b/source3/utils/net_rpc_audit.c
@@ -1,21 +1,21 @@
-/*
- Samba Unix/Linux SMB client library
- Distributed SMB/CIFS Server Management Utility
+/*
+ Samba Unix/Linux SMB client library
+ Distributed SMB/CIFS Server Management Utility
Copyright (C) 2006 Guenther Deschner
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
-
+
#include "includes.h"
#include "utils/net.h"
@@ -54,29 +54,26 @@ static void print_auditing_category(const char *policy, const char *value)
pad_len = col_len - strlen(policy);
padding[pad_len] = 0;
do padding[--pad_len] = ' '; while (pad_len > 0);
-
+
d_printf("\t%s%s%s\n", policy, padding, value);
}
-
/********************************************************************
********************************************************************/
static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
- const char *domain_name,
+ const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- LSA_INFO_CTR dom;
+ union lsa_PolicyInformation info;
int i;
-
- uint32 info_class = 2;
- uint32 audit_category;
+ uint32_t audit_category;
if (argc < 1 || argc > 2) {
d_printf("insufficient arguments\n");
@@ -89,7 +86,7 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
+ result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
@@ -97,15 +94,16 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
- info_class,
- &dom);
+ result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- for (i=0; i < dom.info.id2.count1; i++) {
+ for (i=0; i < info.audit_events.count; i++) {
const char *val = NULL, *policy = NULL;
@@ -113,14 +111,15 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
continue;
}
- val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
+ val = audit_policy_str(mem_ctx, info.audit_events.settings[i]);
policy = audit_description_str(i);
print_auditing_category(policy, val);
}
done:
if (!NT_STATUS_IS_OK(result)) {
- d_printf("failed to get auditing policy: %s\n", nt_errstr(result));
+ d_printf("failed to get auditing policy: %s\n",
+ nt_errstr(result));
}
return result;
@@ -130,19 +129,17 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
********************************************************************/
static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
- const char *domain_name,
+ const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- LSA_INFO_CTR dom;
-
- uint32 info_class = 2;
- uint32 audit_policy, audit_category;
+ union lsa_PolicyInformation info;
+ uint32_t audit_policy, audit_category;
if (argc < 2 || argc > 3) {
d_printf("insufficient arguments\n");
@@ -170,7 +167,7 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
return NT_STATUS_INVALID_PARAMETER;
}
- result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
+ result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
@@ -178,29 +175,32 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
- info_class,
- &dom);
+ result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- dom.info.id2.auditsettings[audit_category] = audit_policy;
+ info.audit_events.settings[audit_category] = audit_policy;
+
+ result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
- result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
- info_class,
- dom);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
- info_class,
- &dom);
-
+ result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
{
- const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]);
+ const char *val = audit_policy_str(mem_ctx, info.audit_events.settings[audit_category]);
const char *policy = audit_description_str(audit_category);
print_auditing_category(policy, val);
}
@@ -209,11 +209,14 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(result)) {
d_printf("failed to set audit policy: %s\n", nt_errstr(result));
}
-
+
return result;
}
-static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv,
@@ -221,11 +224,9 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- LSA_INFO_CTR dom;
-
- uint32 info_class = 2;
+ union lsa_PolicyInformation info;
- result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
+ result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
@@ -233,19 +234,20 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
goto done;
}
- result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
- info_class,
- &dom);
-
+ result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- dom.info.id2.auditing_enabled = enable;
+ info.audit_events.auditing_mode = enable;
- result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
- info_class,
- dom);
+ result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -253,59 +255,60 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
done:
if (!NT_STATUS_IS_OK(result)) {
- d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable",
- nt_errstr(result));
+ d_printf("failed to %s audit policy: %s\n",
+ enable ? "enable":"disable", nt_errstr(result));
}
return result;
}
+
/********************************************************************
********************************************************************/
static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
- const char *domain_name,
+ const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
- return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False);
+ return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
+ false);
}
/********************************************************************
********************************************************************/
static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
- const char *domain_name,
+ const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
- return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True);
+ return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
+ true);
}
/********************************************************************
********************************************************************/
static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
- const char *domain_name,
+ const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- LSA_INFO_CTR dom;
+ union lsa_PolicyInformation info;
int i;
- uint32 info_class = 2;
-
- result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
+ result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
@@ -313,53 +316,52 @@ static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
goto done;
}
- result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
- info_class,
- &dom);
-
+ result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_AUDIT_EVENTS,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
printf("Auditing:\t\t");
- switch (dom.info.id2.auditing_enabled) {
- case True:
+ switch (info.audit_events.auditing_mode) {
+ case true:
printf("Enabled");
break;
- case False:
+ case false:
printf("Disabled");
break;
default:
- printf("unknown (%d)", dom.info.id2.auditing_enabled);
+ printf("unknown (%d)", info.audit_events.auditing_mode);
break;
}
printf("\n");
- printf("Auditing categories:\t%d\n", dom.info.id2.count1);
+ printf("Auditing categories:\t%d\n", info.audit_events.count);
printf("Auditing settings:\n");
- for (i=0; i < dom.info.id2.count1; i++) {
- const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
+ for (i=0; i < info.audit_events.count; i++) {
+ const char *val = audit_policy_str(mem_ctx, info.audit_events.settings[i]);
const char *policy = audit_description_str(i);
print_auditing_category(policy, val);
}
done:
if (!NT_STATUS_IS_OK(result)) {
- d_printf("failed to list auditing policies: %s\n", nt_errstr(result));
+ d_printf("failed to list auditing policies: %s\n",
+ nt_errstr(result));
}
return result;
}
-
-
/********************************************************************
********************************************************************/
static int rpc_audit_get(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_LSARPC, 0,
+ return run_rpc_command(NULL, PI_LSARPC, 0,
rpc_audit_get_internal, argc, argv);
}
@@ -368,7 +370,7 @@ static int rpc_audit_get(int argc, const char **argv)
static int rpc_audit_set(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_LSARPC, 0,
+ return run_rpc_command(NULL, PI_LSARPC, 0,
rpc_audit_set_internal, argc, argv);
}
@@ -377,7 +379,7 @@ static int rpc_audit_set(int argc, const char **argv)
static int rpc_audit_enable(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_LSARPC, 0,
+ return run_rpc_command(NULL, PI_LSARPC, 0,
rpc_audit_enable_internal, argc, argv);
}
@@ -386,7 +388,7 @@ static int rpc_audit_enable(int argc, const char **argv)
static int rpc_audit_disable(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_LSARPC, 0,
+ return run_rpc_command(NULL, PI_LSARPC, 0,
rpc_audit_disable_internal, argc, argv);
}
@@ -395,14 +397,14 @@ static int rpc_audit_disable(int argc, const char **argv)
static int rpc_audit_list(int argc, const char **argv)
{
- return run_rpc_command(NULL, PI_LSARPC, 0,
+ return run_rpc_command(NULL, PI_LSARPC, 0,
rpc_audit_list_internal, argc, argv);
}
/********************************************************************
********************************************************************/
-int net_rpc_audit(int argc, const char **argv)
+int net_rpc_audit(int argc, const char **argv)
{
struct functable func[] = {
{"get", rpc_audit_get},
@@ -412,9 +414,9 @@ int net_rpc_audit(int argc, const char **argv)
{"list", rpc_audit_list},
{NULL, NULL}
};
-
+
if (argc)
return net_run_function(argc, argv, func, net_help_audit);
-
+
return net_help_audit(argc, argv);
}
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 0c25a53365..27819bb6ab 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -34,6 +34,12 @@
goto done; \
}
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
+
/**
* confirm that a domain join is still valid
*
@@ -45,7 +51,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server,
{
enum security_types sec;
unsigned int conn_flags = NET_FLAGS_PDC;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -132,7 +138,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
@@ -155,11 +161,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
NTSTATUS result;
int retval = 1;
- char *domain = NULL;
+ const char *domain = NULL;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
+ struct lsa_String lsa_acct_name;
+ uint32 acct_flags=0;
+ uint32_t access_granted = 0;
/* check what type of join */
if (argc >= 0) {
@@ -235,10 +244,12 @@ int net_rpc_join_newstyle(int argc, const char **argv)
&sam_pol),
"could not connect to SAM database");
-
- CHECK_RPC_ERR(rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- domain_sid, &domain_pol),
+
+ CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &sam_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ domain_sid,
+ &domain_pol),
"could not open domain");
/* Create domain user */
@@ -249,10 +260,24 @@ int net_rpc_join_newstyle(int argc, const char **argv)
strlower_m(acct_name);
const_acct_name = acct_name;
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info,
- 0xe005000b, &user_pol,
- &user_rid);
+ init_lsa_String(&lsa_acct_name, acct_name);
+
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
@@ -271,7 +296,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
/* We *must* do this.... don't ask... */
if (NT_STATUS_IS_OK(result)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
CHECK_RPC_ERR_DEBUG(rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
@@ -292,9 +317,11 @@ int net_rpc_join_newstyle(int argc, const char **argv)
/* Open handle on user */
CHECK_RPC_ERR_DEBUG(
- rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- user_rid, &user_pol),
+ rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+ &domain_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ user_rid,
+ &user_pol),
("could not re-open existing user %s: %s\n",
acct_name, nt_errstr(result)));
@@ -344,7 +371,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
result = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
&cli->user_session_key, &ctr);
- rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
/* Now check the whole process from top-to-bottom */
@@ -413,7 +440,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
/* Now store the secret in the secrets database */
- strupper_m(domain);
+ strupper_m(CONST_DISCARD(char *, domain));
if (!secrets_store_domain_sid(domain, domain_sid)) {
DEBUG(0, ("error storing domain sid for %s\n", domain));
diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c
index 23be8859e0..5f222b8c7e 100644
--- a/source3/utils/net_rpc_rights.c
+++ b/source3/utils/net_rpc_rights.c
@@ -28,9 +28,9 @@ static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
fstring name)
{
POLICY_HND pol;
- enum lsa_SidType *sid_types;
+ enum lsa_SidType *sid_types = NULL;
NTSTATUS result;
- char **domains, **names;
+ char **domains = NULL, **names = NULL;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
@@ -202,7 +202,7 @@ static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd,
NTSTATUS result;
uint32 enum_context=0;
uint32 pref_max_length=0x1000;
- DOM_SID *sids;
+ DOM_SID *sids = NULL;
uint32 count=0;
int i;
fstring name;
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index ca3279ee3a..e1f0cd3751 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
uchar trust_password[16];
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_channel_type = 0;
if (!secrets_fetch_trust_account_password(domain_name,
@@ -365,7 +365,8 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d
old_string = pdb_get_munged_dial(account);
mung.length = delta->hdr_parameters.uni_str_len;
mung.data = (uint8 *) delta->uni_parameters.buffer;
- newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung);
+ newstr = (mung.length == 0) ? NULL :
+ base64_encode_data_blob(talloc_tos(), mung);
if (STRING_CHANGED_NC(old_string, newstr))
pdb_set_munged_dial(account, newstr, PDB_CHANGED);
@@ -486,7 +487,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
return NT_STATUS_NO_MEMORY;
}
- if (!(passwd = Get_Pwnam(account))) {
+ if (!(passwd = Get_Pwnam_alloc(sam_account, account))) {
/* Create appropriate user */
if (delta->acb_info & ACB_NORMAL) {
add_script = talloc_strdup(sam_account,
@@ -525,7 +526,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
}
/* try and find the possible unix account again */
- if ( !(passwd = Get_Pwnam(account)) ) {
+ if ( !(passwd = Get_Pwnam_alloc(sam_account, account)) ) {
d_fprintf(stderr, "Could not create posix account info for '%s'\n", account);
nt_ret = NT_STATUS_NO_SUCH_USER;
goto done;
@@ -1422,12 +1423,11 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name,
base64_blob.data = (unsigned char *)value;
base64_blob.length = strlen(value);
- base64 = base64_encode_data_blob(base64_blob);
+ base64 = base64_encode_data_blob(value, base64_blob);
SMB_ASSERT(base64 != NULL);
res = fprintf(add_fd, "%s:: %s\n", attr_name, base64);
TALLOC_FREE(value);
- TALLOC_FREE(base64);
return res;
}
diff --git a/source3/utils/net_rpc_sh_acct.c b/source3/utils/net_rpc_sh_acct.c
index ac0ffca1f3..12da031d4b 100644
--- a/source3/utils/net_rpc_sh_acct.c
+++ b/source3/utils/net_rpc_sh_acct.c
@@ -54,10 +54,12 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
}
/* Get domain policy handle */
-
- result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- ctx->domain_sid, &domain_pol);
+
+ result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+ &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ ctx->domain_sid,
+ &domain_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -118,10 +120,10 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
done:
if (is_valid_policy_hnd(&domain_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
}
if (is_valid_policy_hnd(&connect_pol)) {
- rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+ rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
}
return result;
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index bd1f6cd686..52f8f911e1 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -1135,7 +1135,7 @@ static int net_sam_do_list(int argc, const char **argv,
}
}
- search->search_end(search);
+ pdb_search_destroy(search);
return 0;
}
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 7e2771c900..a3a403d7bd 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1,23 +1,24 @@
-/*
+/*
Unix SMB/CIFS implementation.
Winbind status program.
Copyright (C) Tim Potter 2000-2003
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
- Copyright (C) Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it> 2000
+ Copyright (C) Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it> 2000
Copyright (C) Robert O'Callahan 2006 (added cached credential code).
+ Copyright (C) Kai Blin <kai@samba.org> 2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -28,7 +29,8 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-#define SQUID_BUFFER_SIZE 2010
+#define INITIAL_BUFFER_SIZE 300
+#define MAX_BUFFER_SIZE 630000
enum stdio_helper_mode {
SQUID_2_4_BASIC,
@@ -42,28 +44,56 @@ enum stdio_helper_mode {
NUM_HELPER_MODES
};
-typedef void (*stdio_helper_function)(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length);
+enum ntlm_auth_cli_state {
+ CLIENT_INITIAL = 0,
+ CLIENT_RESPONSE,
+ CLIENT_FINISHED,
+ CLIENT_ERROR
+};
+
+enum ntlm_auth_svr_state {
+ SERVER_INITIAL = 0,
+ SERVER_CHALLENGE,
+ SERVER_FINISHED,
+ SERVER_ERROR
+};
+
+struct ntlm_auth_state {
+ TALLOC_CTX *mem_ctx;
+ enum stdio_helper_mode helper_mode;
+ enum ntlm_auth_cli_state cli_state;
+ enum ntlm_auth_svr_state svr_state;
+ struct ntlmssp_state *ntlmssp_state;
+ uint32_t neg_flags;
+ char *want_feature_list;
+ bool have_session_key;
+ DATA_BLOB session_key;
+ DATA_BLOB initial_message;
+};
+
+typedef void (*stdio_helper_function)(struct ntlm_auth_state *state, char *buf,
+ int length);
-static void manage_squid_basic_request (enum stdio_helper_mode stdio_helper_mode,
+static void manage_squid_basic_request (struct ntlm_auth_state *state,
char *buf, int length);
-static void manage_squid_ntlmssp_request (enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length);
+static void manage_squid_ntlmssp_request (struct ntlm_auth_state *state,
+ char *buf, int length);
-static void manage_client_ntlmssp_request (enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length);
+static void manage_client_ntlmssp_request (struct ntlm_auth_state *state,
+ char *buf, int length);
-static void manage_gss_spnego_request (enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length);
+static void manage_gss_spnego_request (struct ntlm_auth_state *state,
+ char *buf, int length);
-static void manage_gss_spnego_client_request (enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length);
+static void manage_gss_spnego_client_request (struct ntlm_auth_state *state,
+ char *buf, int length);
-static void manage_ntlm_server_1_request (enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length);
+static void manage_ntlm_server_1_request (struct ntlm_auth_state *state,
+ char *buf, int length);
-static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_mode, char *buf, int length);
+static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
+ char *buf, int length);
static const struct {
enum stdio_helper_mode mode;
@@ -123,7 +153,7 @@ static char winbind_separator(void)
d_printf("winbind separator was NULL!\n");
return *lp_winbind_separator();
}
-
+
return sep;
}
@@ -679,14 +709,9 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m
return NT_STATUS_MORE_PROCESSING_REQUIRED;
}
-static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length)
+static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
- static NTLMSSP_STATE *ntlmssp_state = NULL;
- static char* want_feature_list = NULL;
- static uint32 neg_flags = 0;
- static bool have_session_key = False;
- static DATA_BLOB session_key;
DATA_BLOB request, reply;
NTSTATUS nt_status;
@@ -699,8 +724,9 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
if (strlen(buf) > 3) {
if(strncmp(buf, "SF ", 3) == 0){
DEBUG(10, ("Setting flags to negotioate\n"));
- SAFE_FREE(want_feature_list);
- want_feature_list = SMB_STRNDUP(buf+3, strlen(buf)-3);
+ TALLOC_FREE(state->want_feature_list);
+ state->want_feature_list = talloc_strdup(state->mem_ctx,
+ buf+3);
x_fprintf(x_stdout, "OK\n");
return;
}
@@ -710,9 +736,11 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
}
if ((strncmp(buf, "PW ", 3) == 0)) {
- /* The calling application wants us to use a local password (rather than winbindd) */
+ /* The calling application wants us to use a local password
+ * (rather than winbindd) */
- opt_password = SMB_STRNDUP((const char *)request.data, request.length);
+ opt_password = SMB_STRNDUP((const char *)request.data,
+ request.length);
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
@@ -727,25 +755,33 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
}
if (strncmp(buf, "YR", 2) == 0) {
- if (ntlmssp_state)
- ntlmssp_end(&ntlmssp_state);
+ if (state->ntlmssp_state)
+ ntlmssp_end(&state->ntlmssp_state);
+ state->svr_state = SERVER_INITIAL;
} else if (strncmp(buf, "KK", 2) == 0) {
-
+ /* No special preprocessing required */
} else if (strncmp(buf, "GF", 2) == 0) {
DEBUG(10, ("Requested negotiated NTLMSSP flags\n"));
- x_fprintf(x_stdout, "GF 0x%08lx\n", have_session_key?neg_flags:0l);
+
+ if (state->svr_state == SERVER_FINISHED) {
+ x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags);
+ }
+ else {
+ x_fprintf(x_stdout, "BH\n");
+ }
data_blob_free(&request);
return;
} else if (strncmp(buf, "GK", 2) == 0) {
DEBUG(10, ("Requested NTLMSSP session key\n"));
- if(have_session_key) {
- char *key64 = base64_encode_data_blob(session_key);
+ if(state->have_session_key) {
+ char *key64 = base64_encode_data_blob(state->mem_ctx,
+ state->session_key);
x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>");
TALLOC_FREE(key64);
} else {
x_fprintf(x_stdout, "BH\n");
}
-
+
data_blob_free(&request);
return;
} else {
@@ -754,65 +790,62 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
return;
}
- if (!ntlmssp_state) {
- if (!NT_STATUS_IS_OK(nt_status = ntlm_auth_start_ntlmssp_server(&ntlmssp_state))) {
+ if (!state->ntlmssp_state) {
+ nt_status = ntlm_auth_start_ntlmssp_server(
+ &state->ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
return;
}
- ntlmssp_want_feature_list(ntlmssp_state, want_feature_list);
+ ntlmssp_want_feature_list(state->ntlmssp_state,
+ state->want_feature_list);
}
DEBUG(10, ("got NTLMSSP packet:\n"));
dump_data(10, request.data, request.length);
- nt_status = ntlmssp_update(ntlmssp_state, request, &reply);
-
+ nt_status = ntlmssp_update(state->ntlmssp_state, request, &reply);
+
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- char *reply_base64 = base64_encode_data_blob(reply);
+ char *reply_base64 = base64_encode_data_blob(state->mem_ctx,
+ reply);
x_fprintf(x_stdout, "TT %s\n", reply_base64);
TALLOC_FREE(reply_base64);
data_blob_free(&reply);
+ state->svr_state = SERVER_CHALLENGE;
DEBUG(10, ("NTLMSSP challenge\n"));
} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status)));
- ntlmssp_end(&ntlmssp_state);
+ ntlmssp_end(&state->ntlmssp_state);
} else if (!NT_STATUS_IS_OK(nt_status)) {
x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status));
DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status)));
} else {
- x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context);
+ x_fprintf(x_stdout, "AF %s\n",
+ (char *)state->ntlmssp_state->auth_context);
DEBUG(10, ("NTLMSSP OK!\n"));
-
- if(have_session_key)
- data_blob_free(&session_key);
- session_key = data_blob(ntlmssp_state->session_key.data,
- ntlmssp_state->session_key.length);
- neg_flags = ntlmssp_state->neg_flags;
- have_session_key = True;
+
+ if(state->have_session_key)
+ data_blob_free(&state->session_key);
+ state->session_key = data_blob(
+ state->ntlmssp_state->session_key.data,
+ state->ntlmssp_state->session_key.length);
+ state->neg_flags = state->ntlmssp_state->neg_flags;
+ state->have_session_key = true;
+ state->svr_state = SERVER_FINISHED;
}
data_blob_free(&request);
}
-static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length)
+static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
- /* The statics here are *HORRIBLE* and this entire concept
- needs to be rewritten. Essentially it's using these statics
- as the state in a state machine. BLEEEGH ! JRA. */
-
- static NTLMSSP_STATE *ntlmssp_state = NULL;
- static DATA_BLOB initial_message;
- static char* want_feature_list = NULL;
- static uint32 neg_flags = 0;
- static bool have_session_key = False;
- static DATA_BLOB session_key;
DATA_BLOB request, reply;
NTSTATUS nt_status;
- bool first = False;
-
+
if (!opt_username || !*opt_username) {
x_fprintf(x_stderr, "username must be specified!\n\n");
exit(1);
@@ -827,8 +860,9 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
if (strlen(buf) > 3) {
if(strncmp(buf, "SF ", 3) == 0) {
DEBUG(10, ("Looking for flags to negotiate\n"));
- SAFE_FREE(want_feature_list);
- want_feature_list = SMB_STRNDUP(buf+3, strlen(buf)-3);
+ talloc_free(state->want_feature_list);
+ state->want_feature_list = talloc_strdup(state->mem_ctx,
+ buf+3);
x_fprintf(x_stdout, "OK\n");
return;
}
@@ -840,7 +874,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
if (strncmp(buf, "PW ", 3) == 0) {
/* We asked for a password and obviously got it :-) */
- opt_password = SMB_STRNDUP((const char *)request.data, request.length);
+ opt_password = SMB_STRNDUP((const char *)request.data,
+ request.length);
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
@@ -854,8 +889,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
return;
}
- if (!ntlmssp_state && use_cached_creds) {
- /* check whether credentials are usable. */
+ if (!state->ntlmssp_state && use_cached_creds) {
+ /* check whether cached credentials are usable. */
DATA_BLOB empty_blob = data_blob_null;
nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL);
@@ -866,30 +901,39 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
}
if (opt_password == NULL && !use_cached_creds) {
-
/* Request a password from the calling process. After
- sending it, the calling process should retry asking for the negotiate. */
-
+ sending it, the calling process should retry asking for the
+ negotiate. */
+
DEBUG(10, ("Requesting password\n"));
x_fprintf(x_stdout, "PW\n");
return;
}
if (strncmp(buf, "YR", 2) == 0) {
- if (ntlmssp_state)
- ntlmssp_end(&ntlmssp_state);
+ if (state->ntlmssp_state)
+ ntlmssp_end(&state->ntlmssp_state);
+ state->cli_state = CLIENT_INITIAL;
} else if (strncmp(buf, "TT", 2) == 0) {
-
+ /* No special preprocessing required */
} else if (strncmp(buf, "GF", 2) == 0) {
DEBUG(10, ("Requested negotiated NTLMSSP flags\n"));
- x_fprintf(x_stdout, "GF 0x%08lx\n", have_session_key?neg_flags:0l);
+
+ if(state->cli_state == CLIENT_FINISHED) {
+ x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags);
+ }
+ else {
+ x_fprintf(x_stdout, "BH\n");
+ }
+
data_blob_free(&request);
return;
} else if (strncmp(buf, "GK", 2) == 0 ) {
DEBUG(10, ("Requested session key\n"));
- if(have_session_key) {
- char *key64 = base64_encode_data_blob(session_key);
+ if(state->cli_state == CLIENT_FINISHED) {
+ char *key64 = base64_encode_data_blob(state->mem_ctx,
+ state->session_key);
x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>");
TALLOC_FREE(key64);
}
@@ -905,67 +949,75 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
return;
}
- if (!ntlmssp_state) {
- if (!NT_STATUS_IS_OK(nt_status = ntlm_auth_start_ntlmssp_client(&ntlmssp_state))) {
+ if (!state->ntlmssp_state) {
+ nt_status = ntlm_auth_start_ntlmssp_client(
+ &state->ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
return;
}
- ntlmssp_want_feature_list(ntlmssp_state, want_feature_list);
- first = True;
- initial_message = data_blob_null;
+ ntlmssp_want_feature_list(state->ntlmssp_state,
+ state->want_feature_list);
+ state->initial_message = data_blob_null;
}
DEBUG(10, ("got NTLMSSP packet:\n"));
dump_data(10, request.data, request.length);
- if (use_cached_creds && !opt_password && !first) {
- nt_status = do_ccache_ntlm_auth(initial_message, request, &reply);
+ if (use_cached_creds && !opt_password &&
+ (state->cli_state == CLIENT_RESPONSE)) {
+ nt_status = do_ccache_ntlm_auth(state->initial_message, request,
+ &reply);
} else {
- nt_status = ntlmssp_update(ntlmssp_state, request, &reply);
+ nt_status = ntlmssp_update(state->ntlmssp_state, request,
+ &reply);
}
-
+
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- char *reply_base64 = base64_encode_data_blob(reply);
- if (first) {
+ char *reply_base64 = base64_encode_data_blob(state->mem_ctx,
+ reply);
+ if (state->cli_state == CLIENT_INITIAL) {
x_fprintf(x_stdout, "YR %s\n", reply_base64);
- } else {
- x_fprintf(x_stdout, "KK %s\n", reply_base64);
- }
- TALLOC_FREE(reply_base64);
- if (first) {
- initial_message = reply;
+ state->initial_message = reply;
+ state->cli_state = CLIENT_RESPONSE;
} else {
+ x_fprintf(x_stdout, "KK %s\n", reply_base64);
data_blob_free(&reply);
}
+ TALLOC_FREE(reply_base64);
DEBUG(10, ("NTLMSSP challenge\n"));
} else if (NT_STATUS_IS_OK(nt_status)) {
- char *reply_base64 = base64_encode_data_blob(reply);
+ char *reply_base64 = base64_encode_data_blob(talloc_tos(),
+ reply);
x_fprintf(x_stdout, "AF %s\n", reply_base64);
TALLOC_FREE(reply_base64);
- if(have_session_key)
- data_blob_free(&session_key);
+ if(state->have_session_key)
+ data_blob_free(&state->session_key);
- session_key = data_blob(ntlmssp_state->session_key.data,
- ntlmssp_state->session_key.length);
- neg_flags = ntlmssp_state->neg_flags;
- have_session_key = True;
+ state->session_key = data_blob(
+ state->ntlmssp_state->session_key.data,
+ state->ntlmssp_state->session_key.length);
+ state->neg_flags = state->ntlmssp_state->neg_flags;
+ state->have_session_key = true;
DEBUG(10, ("NTLMSSP OK!\n"));
- if (ntlmssp_state)
- ntlmssp_end(&ntlmssp_state);
+ state->cli_state = CLIENT_FINISHED;
+ if (state->ntlmssp_state)
+ ntlmssp_end(&state->ntlmssp_state);
} else {
x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status)));
- if (ntlmssp_state)
- ntlmssp_end(&ntlmssp_state);
+ state->cli_state = CLIENT_ERROR;
+ if (state->ntlmssp_state)
+ ntlmssp_end(&state->ntlmssp_state);
}
data_blob_free(&request);
}
-static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length)
+static void manage_squid_basic_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
char *user, *pass;
user=buf;
@@ -979,7 +1031,7 @@ static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode,
*pass='\0';
pass++;
- if (stdio_helper_mode == SQUID_2_5_BASIC) {
+ if (state->helper_mode == SQUID_2_5_BASIC) {
rfc1738_unescape(user);
rfc1738_unescape(pass);
}
@@ -1039,7 +1091,7 @@ static void offer_gss_spnego_mechs(void) {
return;
}
- reply_base64 = base64_encode_data_blob(token);
+ reply_base64 = base64_encode_data_blob(talloc_tos(), token);
x_fprintf(x_stdout, "TT %s *\n", reply_base64);
TALLOC_FREE(reply_base64);
@@ -1048,8 +1100,8 @@ static void offer_gss_spnego_mechs(void) {
return;
}
-static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length)
+static void manage_gss_spnego_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
static NTLMSSP_STATE *ntlmssp_state = NULL;
SPNEGO_DATA request, response;
@@ -1163,6 +1215,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
char *principal;
DATA_BLOB ap_rep;
DATA_BLOB session_key;
+ PAC_DATA *pac_data = NULL;
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide Kerberos data\n"));
@@ -1177,7 +1230,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
status = ads_verify_ticket(mem_ctx, lp_realm(), 0,
&request.negTokenInit.mechToken,
- &principal, NULL, &ap_rep,
+ &principal, &pac_data, &ap_rep,
&session_key, True);
talloc_destroy(mem_ctx);
@@ -1275,7 +1328,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
return;
}
- reply_base64 = base64_encode_data_blob(token);
+ reply_base64 = base64_encode_data_blob(talloc_tos(), token);
x_fprintf(x_stdout, "%s %s %s\n",
reply_code, reply_base64, reply_argument);
@@ -1342,7 +1395,7 @@ static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego)
write_spnego_data(&to_server, &spnego);
data_blob_free(&spnego.negTokenInit.mechToken);
- to_server_base64 = base64_encode_data_blob(to_server);
+ to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server);
data_blob_free(&to_server);
x_fprintf(x_stdout, "KK %s\n", to_server_base64);
TALLOC_FREE(to_server_base64);
@@ -1400,7 +1453,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego)
write_spnego_data(&to_server, &spnego);
data_blob_free(&request);
- to_server_base64 = base64_encode_data_blob(to_server);
+ to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server);
data_blob_free(&to_server);
x_fprintf(x_stdout, "KK %s\n", to_server_base64);
TALLOC_FREE(to_server_base64);
@@ -1489,7 +1542,7 @@ static bool manage_client_krb5_init(SPNEGO_DATA spnego)
return False;
}
- reply_base64 = base64_encode_data_blob(to_server);
+ reply_base64 = base64_encode_data_blob(talloc_tos(), to_server);
x_fprintf(x_stdout, "KK %s *\n", reply_base64);
TALLOC_FREE(reply_base64);
@@ -1521,8 +1574,8 @@ static void manage_client_krb5_targ(SPNEGO_DATA spnego)
#endif
-static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length)
+static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
DATA_BLOB request;
SPNEGO_DATA spnego;
@@ -1659,8 +1712,8 @@ static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper
return;
}
-static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mode,
- char *buf, int length)
+static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
char *request, *parameter;
static DATA_BLOB challenge;
@@ -1852,7 +1905,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod
}
}
-static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_mode, char *buf, int length)
+static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
+ char *buf, int length)
{
char *request, *parameter;
static DATA_BLOB new_nt_pswd;
@@ -2062,57 +2116,93 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_
}
}
-static void manage_squid_request(enum stdio_helper_mode helper_mode, stdio_helper_function fn)
+static void manage_squid_request(struct ntlm_auth_state *state,
+ stdio_helper_function fn)
{
- char buf[SQUID_BUFFER_SIZE+1];
- int length;
+ char *buf;
+ char tmp[INITIAL_BUFFER_SIZE+1];
+ int length, buf_size = 0;
char *c;
- static bool err;
- /* this is not a typo - x_fgets doesn't work too well under squid */
- if (fgets(buf, sizeof(buf)-1, stdin) == NULL) {
- if (ferror(stdin)) {
- DEBUG(1, ("fgets() failed! dying..... errno=%d (%s)\n", ferror(stdin),
- strerror(ferror(stdin))));
-
- exit(1); /* BIIG buffer */
- }
- exit(0);
- }
-
- c=(char *)memchr(buf,'\n',sizeof(buf)-1);
- if (c) {
- *c = '\0';
- length = c-buf;
- } else {
- err = 1;
- return;
- }
- if (err) {
- DEBUG(2, ("Oversized message\n"));
+ buf = talloc_strdup(state->mem_ctx, "");
+ if (!buf) {
+ DEBUG(0, ("Failed to allocate input buffer.\n"));
x_fprintf(x_stderr, "ERR\n");
- err = 0;
- return;
+ exit(1);
}
+ do {
+
+ /* this is not a typo - x_fgets doesn't work too well under
+ * squid */
+ if (fgets(tmp, sizeof(tmp)-1, stdin) == NULL) {
+ if (ferror(stdin)) {
+ DEBUG(1, ("fgets() failed! dying..... errno=%d "
+ "(%s)\n", ferror(stdin),
+ strerror(ferror(stdin))));
+
+ exit(1);
+ }
+ exit(0);
+ }
+
+ buf = talloc_strdup_append_buffer(buf, tmp);
+ buf_size += INITIAL_BUFFER_SIZE;
+
+ if (buf_size > MAX_BUFFER_SIZE) {
+ DEBUG(2, ("Oversized message\n"));
+ x_fprintf(x_stderr, "ERR\n");
+ talloc_free(buf);
+ return;
+ }
+
+ c = strchr(buf, '\n');
+ } while (c == NULL);
+
+ *c = '\0';
+ length = c-buf;
+
DEBUG(10, ("Got '%s' from squid (length: %d).\n",buf,length));
if (buf[0] == '\0') {
DEBUG(2, ("Invalid Request\n"));
x_fprintf(x_stderr, "ERR\n");
+ talloc_free(buf);
return;
}
-
- fn(helper_mode, buf, length);
+
+ fn(state, buf, length);
+ talloc_free(buf);
}
static void squid_stream(enum stdio_helper_mode stdio_mode, stdio_helper_function fn) {
+ TALLOC_CTX *mem_ctx;
+ struct ntlm_auth_state *state;
+
/* initialize FDescs */
x_setbuf(x_stdout, NULL);
x_setbuf(x_stderr, NULL);
+
+ mem_ctx = talloc_init("ntlm_auth");
+ if (!mem_ctx) {
+ DEBUG(0, ("squid_stream: Failed to create talloc context\n"));
+ x_fprintf(x_stderr, "ERR\n");
+ exit(1);
+ }
+
+ state = talloc_zero(mem_ctx, struct ntlm_auth_state);
+ if (!state) {
+ DEBUG(0, ("squid_stream: Failed to talloc ntlm_auth_state\n"));
+ x_fprintf(x_stderr, "ERR\n");
+ exit(1);
+ }
+
+ state->mem_ctx = mem_ctx;
+ state->helper_mode = stdio_mode;
+
while(1) {
- manage_squid_request(stdio_mode, fn);
+ manage_squid_request(state, fn);
}
}
@@ -2232,7 +2322,8 @@ enum {
{ "use-cached-creds", 0, POPT_ARG_NONE, &use_cached_creds, OPT_USE_CACHED_CREDS, "Use cached credentials if no password is given"},
{ "diagnostics", 0, POPT_ARG_NONE, &diagnostics, OPT_DIAGNOSTICS, "Perform diagnostics on the authentictaion chain"},
{ "require-membership-of", 0, POPT_ARG_STRING, &require_membership_of, OPT_REQUIRE_MEMBERSHIP, "Require that a user be a member of this group (either name or SID) for authentication to succeed" },
- POPT_COMMON_SAMBA
+ POPT_COMMON_CONFIGFILE
+ POPT_COMMON_VERSION
POPT_TABLEEND
};
@@ -2240,14 +2331,6 @@ enum {
load_case_tables();
dbf = x_stderr;
-
- /* Samba client initialisation */
-
- if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
- d_fprintf(stderr, "ntlm_auth: error opening config file %s. Error was %s\n",
- get_dyn_CONFIGFILE(), strerror(errno));
- exit(1);
- }
/* Parse options */
@@ -2260,6 +2343,18 @@ enum {
return 1;
}
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ /* Get generic config options like --configfile */
+ }
+
+ poptFreeContext(pc);
+
+ if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
+ d_fprintf(stderr, "ntlm_auth: error opening config file %s. Error was %s\n",
+ get_dyn_CONFIGFILE(), strerror(errno));
+ exit(1);
+ }
+
pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 6884783396..e1d6709073 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -61,69 +61,85 @@ static int export_database (struct pdb_methods *in,
struct pdb_methods *out,
const char *username)
{
- struct samu *user = NULL;
NTSTATUS status;
+ struct pdb_search *u_search;
+ struct samr_displayentry userentry;
DEBUG(3, ("export_database: username=\"%s\"\n", username ? username : "(NULL)"));
- status = in->setsampwent(in, 0, 0);
- if ( NT_STATUS_IS_ERR(status) ) {
- fprintf(stderr, "Unable to set account database iterator for %s!\n",
- in->name);
+ u_search = pdb_search_init(PDB_USER_SEARCH);
+ if (u_search == NULL) {
+ DEBUG(0, ("pdb_search_init failed\n"));
return 1;
}
- if ( ( user = samu_new( NULL ) ) == NULL ) {
- fprintf(stderr, "export_database: Memory allocation failure!\n");
+ if (!in->search_users(in, u_search, 0)) {
+ DEBUG(0, ("Could not start searching users\n"));
+ pdb_search_destroy(u_search);
return 1;
}
- while ( NT_STATUS_IS_OK(in->getsampwent(in, user)) )
- {
- DEBUG(4, ("Processing account %s\n", user->username));
+ while (u_search->next_entry(u_search, &userentry)) {
+ struct samu *user;
+ struct samu *account;
+ DOM_SID user_sid;
- /* If we don't have a specific user or if we do and
- the login name matches */
+ DEBUG(4, ("Processing account %s\n", userentry.account_name));
- if ( !username || (strcmp(username, user->username) == 0)) {
- struct samu *account;
+ if ((username != NULL)
+ && (strcmp(username, userentry.account_name) != 0)) {
+ /*
+ * ignore unwanted users
+ */
+ continue;
+ }
- if ( (account = samu_new( NULL )) == NULL ) {
- fprintf(stderr, "export_database: Memory allocation failure!\n");
- TALLOC_FREE( user );
- in->endsampwent( in );
- return 1;
- }
+ user = samu_new(talloc_tos());
+ if (user == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ break;
+ }
- printf("Importing account for %s...", user->username);
- if ( !NT_STATUS_IS_OK(out->getsampwnam( out, account, user->username )) ) {
- status = out->add_sam_account(out, user);
- } else {
- status = out->update_sam_account( out, user );
- }
+ sid_compose(&user_sid, get_global_sam_sid(), userentry.rid);
- if ( NT_STATUS_IS_OK(status) ) {
- printf( "ok\n");
- } else {
- printf( "failed\n");
- }
+ status = in->getsampwsid(in, user, &user_sid);
- TALLOC_FREE( account );
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("getsampwsid failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(user);
+ continue;
}
- /* clean up and get ready for another run */
+ account = samu_new(NULL);
+ if (account == NULL) {
+ fprintf(stderr, "export_database: Memory allocation "
+ "failure!\n");
+ TALLOC_FREE( user );
+ pdb_search_destroy(u_search);
+ return 1;
+ }
- TALLOC_FREE( user );
+ printf("Importing account for %s...", user->username);
+ status = out->getsampwnam(out, account, user->username);
- if ( ( user = samu_new( NULL ) ) == NULL ) {
- fprintf(stderr, "export_database: Memory allocation failure!\n");
- return 1;
+ if (NT_STATUS_IS_OK(status)) {
+ status = out->update_sam_account( out, user );
+ } else {
+ status = out->add_sam_account(out, user);
+ }
+
+ if ( NT_STATUS_IS_OK(status) ) {
+ printf( "ok\n");
+ } else {
+ printf( "failed\n");
}
- }
- TALLOC_FREE( user );
+ TALLOC_FREE( account );
+ TALLOC_FREE( user );
+ }
- in->endsampwent(in);
+ pdb_search_destroy(u_search);
return 0;
}
@@ -326,33 +342,50 @@ static int print_user_info (struct pdb_methods *in, const char *username, bool v
**********************************************************/
static int print_users_list (struct pdb_methods *in, bool verbosity, bool smbpwdstyle)
{
- struct samu *sam_pwent=NULL;
- bool check;
-
- check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0));
- if (!check) {
+ struct pdb_search *u_search;
+ struct samr_displayentry userentry;
+
+ u_search = pdb_search_init(PDB_USER_SEARCH);
+ if (u_search == NULL) {
+ DEBUG(0, ("pdb_search_init failed\n"));
return 1;
}
- check = True;
- if ( (sam_pwent = samu_new( NULL )) == NULL ) {
+ if (!in->search_users(in, u_search, 0)) {
+ DEBUG(0, ("Could not start searching users\n"));
+ pdb_search_destroy(u_search);
return 1;
}
- while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) {
+ while (u_search->next_entry(u_search, &userentry)) {
+ struct samu *sam_pwent;
+ DOM_SID user_sid;
+ NTSTATUS status;
+
+ sam_pwent = samu_new(talloc_tos());
+ if (sam_pwent == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ break;
+ }
+
+ sid_compose(&user_sid, get_global_sam_sid(), userentry.rid);
+
+ status = in->getsampwsid(in, sam_pwent, &user_sid);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("getsampwsid failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(sam_pwent);
+ continue;
+ }
+
if (verbosity)
printf ("---------------\n");
print_sam_info (sam_pwent, verbosity, smbpwdstyle);
TALLOC_FREE(sam_pwent);
-
- if ( (sam_pwent = samu_new( NULL )) == NULL ) {
- check = False;
- }
}
- if (check)
- TALLOC_FREE(sam_pwent);
-
- in->endsampwent(in);
+ pdb_search_destroy(u_search);
+
return 0;
}
@@ -361,38 +394,50 @@ static int print_users_list (struct pdb_methods *in, bool verbosity, bool smbpwd
**********************************************************/
static int fix_users_list (struct pdb_methods *in)
{
- struct samu *sam_pwent=NULL;
- bool check;
-
- check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0));
- if (!check) {
+ struct pdb_search *u_search;
+ struct samr_displayentry userentry;
+
+ u_search = pdb_search_init(PDB_USER_SEARCH);
+ if (u_search == NULL) {
+ DEBUG(0, ("pdb_search_init failed\n"));
return 1;
}
- check = True;
- if ( (sam_pwent = samu_new( NULL )) == NULL ) {
+ if (!in->search_users(in, u_search, 0)) {
+ DEBUG(0, ("Could not start searching users\n"));
+ pdb_search_destroy(u_search);
return 1;
}
- while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) {
- printf("Updating record for user %s\n", pdb_get_username(sam_pwent));
-
- if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
- printf("Update of user %s failed!\n", pdb_get_username(sam_pwent));
+ while (u_search->next_entry(u_search, &userentry)) {
+ struct samu *sam_pwent;
+ DOM_SID user_sid;
+ NTSTATUS status;
+
+ sam_pwent = samu_new(talloc_tos());
+ if (sam_pwent == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ break;
}
- TALLOC_FREE(sam_pwent);
- if ( (sam_pwent = samu_new( NULL )) == NULL ) {
- check = False;
+
+ sid_compose(&user_sid, get_global_sam_sid(), userentry.rid);
+
+ status = in->getsampwsid(in, sam_pwent, &user_sid);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("getsampwsid failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(sam_pwent);
+ continue;
}
- if (!check) {
- fprintf(stderr, "Failed to initialise new struct samu structure (out of memory?)\n");
+
+ if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
+ printf("Update of user %s failed!\n",
+ pdb_get_username(sam_pwent));
}
-
- }
- if (check)
TALLOC_FREE(sam_pwent);
-
- in->endsampwent(in);
+ }
+ pdb_search_destroy(u_search);
return 0;
}
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 958f8e255e..134f561760 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -822,7 +822,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
*******************************************************/
static struct cli_state *connect_one(const char *server, const char *share)
{
- struct cli_state *c;
+ struct cli_state *c = NULL;
struct sockaddr_storage ss;
NTSTATUS nt_status;
zero_addr(&ss);
@@ -834,20 +834,33 @@ static struct cli_state *connect_one(const char *server, const char *share)
}
}
- if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server,
- &ss, 0,
- share, "?????",
- get_cmdline_auth_info_username(),
- lp_workgroup(),
- get_cmdline_auth_info_password(),
- 0,
- get_cmdline_auth_info_signing_state(),
- NULL))) {
- return c;
- } else {
+ nt_status = cli_full_connection(&c, global_myname(), server,
+ &ss, 0,
+ share, "?????",
+ get_cmdline_auth_info_username(),
+ lp_workgroup(),
+ get_cmdline_auth_info_password(),
+ get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
+ get_cmdline_auth_info_signing_state(),
+ NULL);
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
return NULL;
}
+
+ if (get_cmdline_auth_info_smb_encrypt()) {
+ nt_status = cli_cm_force_encryption(c,
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ lp_workgroup(),
+ share);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(c);
+ c = NULL;
+ }
+ }
+
+ return c;
}
/****************************************************************************
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index fe0c22911e..76036bfdde 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -1008,6 +1008,62 @@ static bool do_dump_event_list(struct messaging_context *msg_ctx,
return send_message(msg_ctx, pid, MSG_DUMP_EVENT_LIST, NULL, 0);
}
+static bool do_winbind_dump_domain_list(struct messaging_context *msg_ctx,
+ const struct server_id pid,
+ const int argc, const char **argv)
+{
+ const char *domain = NULL;
+ int domain_len = 0;
+ struct server_id myid;
+ uint8_t *buf = NULL;
+ int buf_len = 0;
+
+ myid = pid_to_procid(sys_getpid());
+
+ if (argc < 1 || argc > 2) {
+ fprintf(stderr, "Usage: smbcontrol <dest> dump_domain_list "
+ "<domain>\n");
+ return false;
+ }
+
+ if (argc == 2) {
+ domain = argv[1];
+ domain_len = strlen(argv[1]) + 1;
+ }
+
+ messaging_register(msg_ctx, NULL, MSG_WINBIND_DUMP_DOMAIN_LIST,
+ print_pid_string_cb);
+
+ buf_len = sizeof(myid)+domain_len;
+ buf = SMB_MALLOC(buf_len);
+ if (!buf) {
+ return false;
+ }
+
+ memcpy(buf, &myid, sizeof(myid));
+ memcpy(&buf[sizeof(myid)], domain, domain_len);
+
+ if (!send_message(msg_ctx, pid, MSG_WINBIND_DUMP_DOMAIN_LIST,
+ buf, buf_len))
+ {
+ SAFE_FREE(buf);
+ return false;
+ }
+
+ wait_replies(msg_ctx, procid_to_pid(&pid) == 0);
+
+ /* No replies were received within the timeout period */
+
+ SAFE_FREE(buf);
+ if (num_replies == 0) {
+ printf("No replies received\n");
+ }
+
+ messaging_deregister(msg_ctx, MSG_WINBIND_DUMP_DOMAIN_LIST, NULL);
+
+ return num_replies;
+}
+
static void winbind_validate_cache_cb(struct messaging_context *msg,
void *private_data,
uint32_t msg_type,
@@ -1150,6 +1206,7 @@ static const struct {
{ "dump-event-list", do_dump_event_list, "Dump event list"},
{ "validate-cache" , do_winbind_validate_cache,
"Validate winbind's credential cache" },
+ { "dump-domain-list", do_winbind_dump_domain_list, "Dump winbind domain list"},
{ "noop", do_noop, "Do nothing" },
{ NULL }
};
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
index e6aa5e86cf..508a2dc8ca 100644
--- a/source3/utils/smbcquotas.c
+++ b/source3/utils/smbcquotas.c
@@ -380,20 +380,33 @@ static struct cli_state *connect_one(const char *share)
}
}
- if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server,
- &ss, 0,
- share, "?????",
- get_cmdline_auth_info_username(),
- lp_workgroup(),
- get_cmdline_auth_info_password(),
- 0,
- get_cmdline_auth_info_signing_state(),
- NULL))) {
- return c;
- } else {
+ nt_status = cli_full_connection(&c, global_myname(), server,
+ &ss, 0,
+ share, "?????",
+ get_cmdline_auth_info_username(),
+ lp_workgroup(),
+ get_cmdline_auth_info_password(),
+ 0,
+ get_cmdline_auth_info_signing_state(),
+ NULL);
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
return NULL;
}
+
+ if (get_cmdline_auth_info_smb_encrypt()) {
+ nt_status = cli_cm_force_encryption(c,
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ lp_workgroup(),
+ share);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(c);
+ return NULL;
+ }
+ }
+
+ return c;
}
/****************************************************************************
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index 912d575c60..8db969722a 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -114,6 +114,30 @@ static void filter_request(char *buf)
}
+/****************************************************************************
+ Send an smb to a fd.
+****************************************************************************/
+
+static bool send_smb(int fd, char *buffer)
+{
+ size_t len;
+ size_t nwritten=0;
+ ssize_t ret;
+
+ len = smb_len(buffer) + 4;
+
+ while (nwritten < len) {
+ ret = write_data(fd,buffer+nwritten,len - nwritten);
+ if (ret <= 0) {
+ DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
+ (int)len,(int)ret, strerror(errno) ));
+ return false;
+ }
+ nwritten += ret;
+ }
+
+ return true;
+}
static void filter_child(int c, struct sockaddr_storage *dest_ss)
{
@@ -145,7 +169,7 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
if (num <= 0) continue;
if (c != -1 && FD_ISSET(c, &fds)) {
- if (!receive_smb(c, packet, 0, NULL)) {
+ if (!receive_smb_raw(c, packet, 0, 0, NULL)) {
d_printf("client closed connection\n");
exit(0);
}
@@ -156,7 +180,7 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
}
}
if (s != -1 && FD_ISSET(s, &fds)) {
- if (!receive_smb(s, packet, 0, NULL)) {
+ if (!receive_smb_raw(s, packet, 0, 0, NULL)) {
d_printf("server closed connection\n");
exit(0);
}
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
index ac662e6ace..63b7f48626 100644
--- a/source3/utils/smbget.c
+++ b/source3/utils/smbget.c
@@ -521,9 +521,11 @@ int main(int argc, const char **argv)
int c = 0;
const char *file = NULL;
char *rcfile = NULL;
+ bool smb_encrypt = false;
TALLOC_CTX *frame = talloc_stackframe();
struct poptOption long_options[] = {
{"guest", 'a', POPT_ARG_NONE, NULL, 'a', "Work as user guest" },
+ {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"resume", 'r', POPT_ARG_NONE, &_resume, 0, "Automatically resume aborted files" },
{"recursive", 'R', POPT_ARG_NONE, &_recursive, 0, "Recursively download files" },
{"username", 'u', POPT_ARG_STRING, &username, 'u', "Username to use" },
@@ -568,6 +570,9 @@ int main(int argc, const char **argv)
case 'a':
username = ""; password = "";
break;
+ case 'e':
+ smb_encrypt = true;
+ break;
}
}
@@ -586,6 +591,13 @@ int main(int argc, const char **argv)
return 1;
}
+ if (smb_encrypt) {
+ SMBCCTX *smb_ctx = smbc_set_context(NULL);
+ smbc_option_set(smb_ctx,
+ CONST_DISCARD(char *, "smb_encrypt_level"),
+ "require");
+ }
+
columns = get_num_cols();
total_start_time = time(NULL);