diff options
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net_dom.c | 8 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 492 | ||||
| -rw-r--r-- | source3/utils/net_rpc_shell.c | 9 | ||||
| -rw-r--r-- | source3/utils/smbpasswd.c | 42 |
4 files changed, 126 insertions, 425 deletions
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c index f13b9c23d0..5544cf8a2d 100644 --- a/source3/utils/net_dom.c +++ b/source3/utils/net_dom.c @@ -37,8 +37,8 @@ static int net_dom_unjoin(struct net_context *c, int argc, const char **argv) const char *server_name = NULL; const char *account = NULL; const char *password = NULL; - uint32_t unjoin_flags = WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE | - WKSSVC_JOIN_FLAGS_JOIN_TYPE; + uint32_t unjoin_flags = NETSETUP_ACCT_DELETE | + NETSETUP_JOIN_DOMAIN; struct cli_state *cli = NULL; bool do_reboot = false; NTSTATUS ntstatus; @@ -125,8 +125,8 @@ static int net_dom_join(struct net_context *c, int argc, const char **argv) const char *account_ou = NULL; const char *Account = NULL; const char *password = NULL; - uint32_t join_flags = WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | - WKSSVC_JOIN_FLAGS_JOIN_TYPE; + uint32_t join_flags = NETSETUP_ACCT_CREATE | + NETSETUP_JOIN_DOMAIN; struct cli_state *cli = NULL; bool do_reboot = false; NTSTATUS ntstatus; diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 347ddd039f..6db5bc753b 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -658,135 +658,37 @@ static int rpc_user_add(struct net_context *c, int argc, const char **argv) /** * Rename a user on a remote RPC server. * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passed through. - * - * @param domain_sid The domain sid acquired from the remote server. - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already * stripped. * - * @return Normal NTSTATUS return. + * @return A shell status integer (0 for success). **/ -static NTSTATUS rpc_user_rename_internals(struct net_context *c, - const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) +static int rpc_user_rename(struct net_context *c, int argc, const char **argv) { - POLICY_HND connect_pol, domain_pol, user_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 info_level = 7; - const char *old_name, *new_name; - struct samr_Ids user_rids, name_types; - struct lsa_String lsa_acct_name; - union samr_UserInfo *info = NULL; + NET_API_STATUS status; + struct USER_INFO_0 u0; + uint32_t parm_err = 0; if (argc != 2 || c->display_usage) { rpc_user_usage(c, argc, argv); - return NT_STATUS_OK; - } - - old_name = argv[0]; - new_name = argv[1]; - - /* Get sam policy handle */ - - result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->desthost, - MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Get domain policy handle */ - - result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, domain_sid), - &domain_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - init_lsa_String(&lsa_acct_name, old_name); - - result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Open domain user */ - result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids.ids[0], - &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Query user info */ - result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, - &user_pol, - info_level, - &info); - - if (!NT_STATUS_IS_OK(result)) { - goto done; + return 0; } - init_samr_user_info7(&info->info7, new_name); + u0.usri0_name = argv[1]; - /* Set new name */ - result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, - &user_pol, - info_level, - info); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - done: - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name, - nt_errstr(result)); + status = NetUserSetInfo(c->opt_host, argv[0], + 0, (uint8_t *)&u0, &parm_err); + if (status) { + d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", + argv[0], argv[1], + libnetapi_get_error_string(c->netapi_ctx, status)); } else { - d_printf("Renamed user from %s to %s\n", old_name, new_name); + d_printf("Renamed user from %s to %s\n", argv[0], argv[1]); } - return result; -} -/** - * Rename a user on a remote RPC server. - * - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. - * - * @return A shell status integer (0 for success). - **/ - -static int rpc_user_rename(struct net_context *c, int argc, const char **argv) -{ - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, - rpc_user_rename_internals, argc, argv); + return status; } /** @@ -823,271 +725,93 @@ static int rpc_user_delete(struct net_context *c, int argc, const char **argv) } /** - * Set a password for a user on a remote RPC server. - * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passed through. + * Set a user's password on a remote RPC server. * - * @param domain_sid The domain sid acquired from the remote server. - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destroyed on completion of the function. * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already * stripped. * - * @return Normal NTSTATUS return. + * @return A shell status integer (0 for success). **/ -static NTSTATUS rpc_user_password_internals(struct net_context *c, - const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) +static int rpc_user_password(struct net_context *c, int argc, const char **argv) { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_pol, domain_pol, user_pol; - const char *user; - const char *new_password; + NET_API_STATUS status; char *prompt = NULL; - union samr_UserInfo info; - struct samr_CryptPassword crypt_pwd; + struct USER_INFO_1003 u1003; + uint32_t parm_err = 0; if (argc < 1 || c->display_usage) { rpc_user_usage(c, argc, argv); - return NT_STATUS_OK; + return 0; } - user = argv[0]; - if (argv[1]) { - new_password = argv[1]; + u1003.usri1003_password = argv[1]; } else { - asprintf(&prompt, "Enter new password for %s:", user); - new_password = getpass(prompt); + asprintf(&prompt, "Enter new password for %s:", argv[0]); + u1003.usri1003_password = getpass(prompt); SAFE_FREE(prompt); } - /* Get sam policy and domain handles */ - - result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->desthost, - MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, domain_sid), - &domain_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Get handle on user */ - - { - struct samr_Ids user_rids, name_types; - struct lsa_String lsa_acct_name; - - init_lsa_String(&lsa_acct_name, user); - - result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &user_rids, - &name_types); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rids.ids[0], - &user_pol); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - } - - /* Set password on account */ - - init_samr_CryptPassword(new_password, - &cli->user_session_key, - &crypt_pwd); - - init_samr_user_info24(&info.info24, crypt_pwd.data, 24); - - result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, - &user_pol, - 24, - &info); - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } + status = NetUserSetInfo(c->opt_host, argv[0], 1003, (uint8_t *)&u1003, &parm_err); /* Display results */ + if (status != 0) { + d_fprintf(stderr, "Failed to set password for '%s' with: %s.\n", + argv[0], libnetapi_get_error_string(c->netapi_ctx, + status)); + return -1; + } - done: - return result; - + return 0; } /** - * Set a user's password on a remote RPC server. + * List a user's groups from a remote RPC server. * * @param argc Standard main() style argc. * @param argv Standard main() style argv. Initial components are already * stripped. * - * @return A shell status integer (0 for success). + * @return A shell status integer (0 for success) **/ -static int rpc_user_password(struct net_context *c, int argc, const char **argv) -{ - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, - rpc_user_password_internals, argc, argv); -} - -/** - * List user's groups on a remote RPC server. - * - * All parameters are provided by the run_rpc_command function, except for - * argc, argv which are passed through. - * - * @param domain_sid The domain sid acquired from the remote server. - * @param cli A cli_state connected to the server. - * @param mem_ctx Talloc context, destroyed on completion of the function. - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. - * - * @return Normal NTSTATUS return. - **/ +static int rpc_user_info(struct net_context *c, int argc, const char **argv) -static NTSTATUS rpc_user_info_internals(struct net_context *c, - const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) { - POLICY_HND connect_pol, domain_pol, user_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + NET_API_STATUS status; + struct GROUP_USERS_INFO_0 *u0 = NULL; + uint32_t entries_read = 0; + uint32_t total_entries = 0; int i; - struct samr_RidWithAttributeArray *rid_array = NULL; - struct lsa_Strings names; - struct samr_Ids types; - uint32_t *lrids = NULL; - struct samr_Ids rids, name_types; - struct lsa_String lsa_acct_name; if (argc < 1 || c->display_usage) { rpc_user_usage(c, argc, argv); - return NT_STATUS_OK; + return 0; } - /* Get sam policy handle */ - - result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->desthost, - MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - if (!NT_STATUS_IS_OK(result)) goto done; - - /* Get domain policy handle */ - - result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, domain_sid), - &domain_pol); - if (!NT_STATUS_IS_OK(result)) goto done; - - /* Get handle on user */ - - init_lsa_String(&lsa_acct_name, argv[0]); - - result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, - &domain_pol, - 1, - &lsa_acct_name, - &rids, - &name_types); - - if (!NT_STATUS_IS_OK(result)) goto done; - - result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, - &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - rids.ids[0], - &user_pol); - if (!NT_STATUS_IS_OK(result)) goto done; - - result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx, - &user_pol, - &rid_array); - - if (!NT_STATUS_IS_OK(result)) goto done; - - /* Look up rids */ - - if (rid_array->count) { - if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i = 0; i < rid_array->count; i++) - lrids[i] = rid_array->rids[i].rid; - - result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx, - &domain_pol, - rid_array->count, - lrids, - &names, - &types); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Display results */ - - for (i = 0; i < names.count; i++) - printf("%s\n", names.names[i].string); + status = NetUserGetGroups(c->opt_host, + argv[0], + 0, + (uint8_t **)&u0, + (uint32_t)-1, + &entries_read, + &total_entries); + if (status != 0) { + d_fprintf(stderr, "Failed to get groups for '%s' with: %s.\n", + argv[0], libnetapi_get_error_string(c->netapi_ctx, + status)); + return -1; } - done: - return result; -} -/** - * List a user's groups from a remote RPC server. - * - * @param argc Standard main() style argc. - * @param argv Standard main() style argv. Initial components are already - * stripped. - * - * @return A shell status integer (0 for success) - **/ + for (i=0; i < entries_read; i++) { + printf("%s\n", u0->grui0_name); + u0++; + } -static int rpc_user_info(struct net_context *c, int argc, const char **argv) -{ - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, - rpc_user_info_internals, argc, argv); + return 0; } /** @@ -1106,80 +830,54 @@ static int rpc_user_info(struct net_context *c, int argc, const char **argv) * @return Normal NTSTATUS return. **/ -static NTSTATUS rpc_user_list_internals(struct net_context *c, - const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) +static int rpc_user_list(struct net_context *c, int argc, const char **argv) { - POLICY_HND connect_pol, domain_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 start_idx=0, num_entries, i, loop_count = 0; - - /* Get sam policy handle */ - - result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->desthost, - MAXIMUM_ALLOWED_ACCESS, - &connect_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Get domain policy handle */ - - result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, domain_sid), - &domain_pol); - if (!NT_STATUS_IS_OK(result)) { - goto done; - } + NET_API_STATUS status; + uint32_t start_idx=0, num_entries, i, loop_count = 0; + struct NET_DISPLAY_USER *info = NULL; + void *buffer = NULL; /* Query domain users */ if (c->opt_long_list_entries) d_printf("\nUser name Comment" "\n-----------------------------\n"); do { - const char *user = NULL; - const char *desc = NULL; - uint32 max_entries, max_size; - uint32_t total_size, returned_size; - union samr_DispInfo info; + uint32_t max_entries, max_size; get_query_dispinfo_params( loop_count, &max_entries, &max_size); - result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx, - &domain_pol, - 1, - start_idx, - max_entries, - max_size, - &total_size, - &returned_size, - &info); - loop_count++; - start_idx += info.info1.count; - num_entries = info.info1.count; + status = NetQueryDisplayInformation(c->opt_host, + 1, + start_idx, + max_entries, + max_size, + &num_entries, + &buffer); + if (status != 0 && status != ERROR_MORE_DATA) { + return status; + } + + info = (struct NET_DISPLAY_USER *)buffer; for (i = 0; i < num_entries; i++) { - user = info.info1.entries[i].account_name.string; - if (c->opt_long_list_entries) - desc = info.info1.entries[i].description.string; + if (c->opt_long_list_entries) - printf("%-21.21s %s\n", user, desc); + printf("%-21.21s %s\n", info->usri1_name, + info->usri1_comment); else - printf("%s\n", user); + printf("%s\n", info->usri1_name); + info++; } - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - done: - return result; + NetApiBufferFree(buffer); + + loop_count++; + start_idx += num_entries; + + } while (status == ERROR_MORE_DATA); + + return status; } /** @@ -1256,9 +954,7 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0, - rpc_user_list_internals, - argc, argv); + return rpc_user_list(c, argc, argv); } return net_run_function(c, argc, argv, "net rpc user", func); @@ -1270,9 +966,7 @@ static NTSTATUS rpc_sh_user_list(struct net_context *c, struct rpc_pipe_client *pipe_hnd, int argc, const char **argv) { - return rpc_user_list_internals(c, ctx->domain_sid, ctx->domain_name, - ctx->cli, pipe_hnd, mem_ctx, - argc, argv); + return werror_to_ntstatus(W_ERROR(rpc_user_list(c, argc, argv))); } static NTSTATUS rpc_sh_user_info(struct net_context *c, @@ -1281,9 +975,7 @@ static NTSTATUS rpc_sh_user_info(struct net_context *c, struct rpc_pipe_client *pipe_hnd, int argc, const char **argv) { - return rpc_user_info_internals(c, ctx->domain_sid, ctx->domain_name, - ctx->cli, pipe_hnd, mem_ctx, - argc, argv); + return werror_to_ntstatus(W_ERROR(rpc_user_info(c, argc, argv))); } static NTSTATUS rpc_sh_handle_user(struct net_context *c, diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c index c6051dc976..3aaed1ed18 100644 --- a/source3/utils/net_rpc_shell.c +++ b/source3/utils/net_rpc_shell.c @@ -217,6 +217,15 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv) return -1; } + if (libnetapi_init(&c->netapi_ctx) != 0) { + return -1; + } + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { + libnetapi_set_use_kerberos(c->netapi_ctx); + } + ctx = TALLOC_P(NULL, struct rpc_sh_ctx); if (ctx == NULL) { d_fprintf(stderr, "talloc failed\n"); diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 493a249bea..600fe52f0d 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -210,7 +210,7 @@ static char *prompt_for_new_password(bool stdin_get) fstring new_pw; ZERO_ARRAY(new_pw); - + p = get_pass("New SMB password:", stdin_get); fstrcpy(new_pw, p); @@ -254,7 +254,7 @@ static NTSTATUS password_change(const char *remote_mach, char *username, SAFE_FREE(err_str); return ret; } - + ret = local_password_change(username, local_flags, new_pw, &err_str, &msg_str); @@ -278,7 +278,7 @@ static bool store_ldap_admin_pw (char* pw) if (!secrets_init()) return False; - + return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw); } @@ -316,7 +316,7 @@ static int process_root(int local_flags) DEBUG(0, ("Failed to open passdb!\n")); exit(1); } - + /* Ensure we have a SAM sid. */ get_global_sam_sid(); @@ -330,7 +330,7 @@ static int process_root(int local_flags) (remote_machine != NULL))) { usage(); } - + /* Only load interfaces if we are doing network operations. */ if (remote_machine) { @@ -386,19 +386,19 @@ static int process_root(int local_flags) exit(1); } } - + /* prepare uppercased and '$' terminated username */ slprintf(buf, sizeof(buf) - 1, "%s$", user_name); fstrcpy(user_name, buf); - + } else { - + if (remote_machine != NULL) { old_passwd = get_pass("Old SMB password:",stdin_passwd_get); } - + if (!(local_flags & LOCAL_SET_PASSWORD)) { - + /* * If we are trying to enable a user, first we need to find out * if they are using a modern version of the smbpasswd file that @@ -407,10 +407,10 @@ static int process_root(int local_flags) * password. If not (ie. they have a no stored password in the * smbpasswd file) then we need to prompt for a new password. */ - + if(local_flags & LOCAL_ENABLE_USER) { struct samu *sampass = NULL; - + sampass = samu_new( NULL ); if (!sampass) { fprintf(stderr, "talloc fail for struct samu.\n"); @@ -428,10 +428,10 @@ static int process_root(int local_flags) TALLOC_FREE(sampass); } } - + if((local_flags & LOCAL_SET_PASSWORD) && (new_passwd == NULL)) { new_passwd = prompt_for_new_password(stdin_passwd_get); - + if(!new_passwd) { fprintf(stderr, "Unable to get new password.\n"); exit(1); @@ -451,7 +451,7 @@ static int process_root(int local_flags) printf("Password changed for user %s on %s.\n", user_name, remote_machine ); } else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) { struct samu *sampass = NULL; - + sampass = samu_new( NULL ); if (!sampass) { fprintf(stderr, "talloc fail for struct samu.\n"); @@ -507,7 +507,7 @@ static int process_nonroot(int local_flags) exit(1); } } - + /* * A non-root user is always setting a password * via a remote machine (even if that machine is @@ -523,13 +523,13 @@ static int process_nonroot(int local_flags) if (remote_machine != NULL) { old_pw = get_pass("Old SMB password:",stdin_passwd_get); } - + if (!new_passwd) { new_pw = prompt_for_new_password(stdin_passwd_get); } else new_pw = smb_xstrdup(new_passwd); - + if (!new_pw) { fprintf(stderr, "Unable to get new password.\n"); exit(1); @@ -561,7 +561,7 @@ int main(int argc, char **argv) TALLOC_CTX *frame = talloc_stackframe(); int local_flags = 0; int ret; - + AllowDebugChange = False; #if defined(HAVE_SET_AUTH_PARAMETERS) @@ -577,12 +577,12 @@ int main(int argc, char **argv) local_flags = process_options(argc, argv, local_flags); setup_logging("smbpasswd", True); - + /* * Set the machine NETBIOS name if not already * set from the config file. */ - + if (!init_names()) return 1; |