From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/utils/net_util.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 source3/utils/net_util.c (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c new file mode 100644 index 0000000000..805104cefa --- /dev/null +++ b/source3/utils/net_util.c @@ -0,0 +1,89 @@ +/* + * Unix SMB/CIFS implementation. + * Helper routines for net + * Copyright (C) Volker Lendecke 2006 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +#include "includes.h" +#include "utils/net.h" + +BOOL is_valid_policy_hnd(const POLICY_HND *hnd) +{ + POLICY_HND tmp; + ZERO_STRUCT(tmp); + return (memcmp(&tmp, hnd, sizeof(tmp)) != 0); +} + +NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, + const char *name, const char **ret_domain, + const char **ret_name, DOM_SID *ret_sid, + enum SID_NAME_USE *ret_type) +{ + struct rpc_pipe_client *lsa_pipe; + POLICY_HND pol; + NTSTATUS result = NT_STATUS_OK; + const char **dom_names; + DOM_SID *sids; + uint32_t *types; + + ZERO_STRUCT(pol); + + lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result); + if (lsa_pipe == NULL) { + d_fprintf(stderr, "Could not initialise lsa pipe\n"); + return result; + } + + result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &pol); + if (!NT_STATUS_IS_OK(result)) { + d_fprintf(stderr, "open_policy failed: %s\n", + nt_errstr(result)); + return result; + } + + result = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1, + &name, &dom_names, &sids, &types); + + if (!NT_STATUS_IS_OK(result)) { + /* This can happen easily, don't log an error */ + goto done; + } + + if (ret_domain != NULL) { + *ret_domain = dom_names[0]; + } + if (ret_name != NULL) { + *ret_name = talloc_strdup(mem_ctx, name); + } + if (ret_sid != NULL) { + sid_copy(ret_sid, &sids[0]); + } + if (ret_type != NULL) { + *ret_type = types[0]; + } + + done: + if (is_valid_policy_hnd(&pol)) { + rpccli_lsa_close(lsa_pipe, mem_ctx, &pol); + } + cli_rpc_pipe_close(lsa_pipe); + + return result; +} -- cgit From 2b8abc030b1eca43f7c0c05dc96eebeb6c492030 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 Jun 2006 21:30:21 +0000 Subject: r16644: Fix bug #3887 reported by jason@ncac.gwu.edu by converting the lookup_XX functions to correctly return SID_NAME_TYPE enums. Jeremy. (This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 805104cefa..953c67d62e 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -39,7 +39,7 @@ NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, NTSTATUS result = NT_STATUS_OK; const char **dom_names; DOM_SID *sids; - uint32_t *types; + enum SID_NAME_USE *types; ZERO_STRUCT(pol); -- cgit From 2b27c93a9a8471693d7dcb5fdbe8afe65b22ff66 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Sep 2006 14:28:06 +0000 Subject: r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951) --- source3/utils/net_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 953c67d62e..be39a75465 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -32,14 +32,14 @@ BOOL is_valid_policy_hnd(const POLICY_HND *hnd) NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, const char *name, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, - enum SID_NAME_USE *ret_type) + enum lsa_SidType *ret_type) { struct rpc_pipe_client *lsa_pipe; POLICY_HND pol; NTSTATUS result = NT_STATUS_OK; const char **dom_names; DOM_SID *sids; - enum SID_NAME_USE *types; + enum lsa_SidType *types; ZERO_STRUCT(pol); -- cgit From 05ba38f7549f91670761928f1c959b65eb4bcec1 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 20 Sep 2006 22:49:02 +0000 Subject: r18747: replace rpccli_lsa_close() with rpccli_lsa_Close() (This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index be39a75465..db6420d6b7 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -81,7 +81,7 @@ NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, done: if (is_valid_policy_hnd(&pol)) { - rpccli_lsa_close(lsa_pipe, mem_ctx, &pol); + rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol); } cli_rpc_pipe_close(lsa_pipe); -- cgit From 7eb828135bd7407851a10c32d57c404ecb030140 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 27 Jun 2007 11:42:17 +0000 Subject: r23627: Allow to pass down the lookup-level to rpccli_lsa_lookup_names(). Guenther (This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index db6420d6b7..be12b0f866 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -59,7 +59,7 @@ NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, } result = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1, - &name, &dom_names, &sids, &types); + &name, &dom_names, 1, &sids, &types); if (!NT_STATUS_IS_OK(result)) { /* This can happen easily, don't log an error */ -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index be12b0f866..34355c90eb 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/utils/net_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 34355c90eb..e418072569 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -14,8 +14,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index e418072569..c08eae3337 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -21,7 +21,7 @@ #include "includes.h" #include "utils/net.h" -BOOL is_valid_policy_hnd(const POLICY_HND *hnd) +bool is_valid_policy_hnd(const POLICY_HND *hnd) { POLICY_HND tmp; ZERO_STRUCT(tmp); -- cgit From 16fca542d7f3b05f3d97cdab34c5f1907bd0a170 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Apr 2008 19:54:57 +0200 Subject: Move is_valid_policy_hnd() out of net. Guenther (This used to be commit aae4d91e726ef8dcad173cdd1d6f719d94462948) --- source3/utils/net_util.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index c08eae3337..f844992d56 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -21,13 +21,6 @@ #include "includes.h" #include "utils/net.h" -bool is_valid_policy_hnd(const POLICY_HND *hnd) -{ - POLICY_HND tmp; - ZERO_STRUCT(tmp); - return (memcmp(&tmp, hnd, sizeof(tmp)) != 0); -} - NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, const char *name, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, -- cgit From e73e8297f5484b6c7f525917679414c09a145cf0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Apr 2008 13:51:46 +0200 Subject: Replace cli_rpc_pipe_close by a talloc destructor on rpc_pipe_struct (This used to be commit 99fc3283c4ecc791f5a242bd1983b4352ce3e6cf) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index f844992d56..576c2191b3 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -75,7 +75,7 @@ NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, if (is_valid_policy_hnd(&pol)) { rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol); } - cli_rpc_pipe_close(lsa_pipe); + TALLOC_FREE(lsa_pipe); return result; } -- cgit From f5769109447d8da0f09b102d444a816ad97a00dc Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 9 May 2008 23:22:12 +0200 Subject: net: Remove globals (This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e) --- source3/utils/net_util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 576c2191b3..db3e51b9b3 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -21,7 +21,8 @@ #include "includes.h" #include "utils/net.h" -NTSTATUS net_rpc_lookup_name(TALLOC_CTX *mem_ctx, struct cli_state *cli, +NTSTATUS net_rpc_lookup_name(struct net_context *c, + TALLOC_CTX *mem_ctx, struct cli_state *cli, const char *name, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type) -- cgit From 16938883e6fcae7601eb6343177aa2d56dd2136e Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 12 May 2008 11:53:23 +0200 Subject: net: Use true/false instead of True/False. (This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a) --- source3/utils/net_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index db3e51b9b3..ebf9fe9993 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -42,7 +42,7 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c, return result; } - result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False, + result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) { -- cgit From b5965290417200a52da1f4c87f745a7044e84453 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 13 May 2008 21:18:09 +0200 Subject: net: Move more utility functions into net_util.c (This used to be commit 0f5ebdf0bc5610bf93a4db67c9f9513683306c66) --- source3/utils/net_util.c | 466 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 466 insertions(+) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index ebf9fe9993..771c7e4f46 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -80,3 +80,469 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c, return result; } + +/**************************************************************************** + Connect to \\server\service. +****************************************************************************/ + +NTSTATUS connect_to_service(struct net_context *c, + struct cli_state **cli_ctx, + struct sockaddr_storage *server_ss, + const char *server_name, + const char *service_name, + const char *service_type) +{ + NTSTATUS nt_status; + + c->opt_password = net_prompt_pass(c, c->opt_user_name); + if (!c->opt_password) { + return NT_STATUS_NO_MEMORY; + } + + nt_status = cli_full_connection(cli_ctx, NULL, server_name, + server_ss, c->opt_port, + service_name, service_type, + c->opt_user_name, c->opt_workgroup, + c->opt_password, 0, Undefined, NULL); + if (!NT_STATUS_IS_OK(nt_status)) { + d_fprintf(stderr, "Could not connect to server %s\n", server_name); + + /* Display a nicer message depending on the result */ + + if (NT_STATUS_V(nt_status) == + NT_STATUS_V(NT_STATUS_LOGON_FAILURE)) + d_fprintf(stderr, "The username or password was not correct.\n"); + + if (NT_STATUS_V(nt_status) == + NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT)) + d_fprintf(stderr, "The account was locked out.\n"); + + if (NT_STATUS_V(nt_status) == + NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED)) + d_fprintf(stderr, "The account was disabled.\n"); + return nt_status; + } + + if (c->smb_encrypt) { + nt_status = cli_force_encryption(*cli_ctx, + c->opt_user_name, + c->opt_password, + c->opt_workgroup); + + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { + d_printf("Encryption required and " + "server that doesn't support " + "UNIX extensions - failing connect\n"); + } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) { + d_printf("Encryption required and " + "can't get UNIX CIFS extensions " + "version from server.\n"); + } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) { + d_printf("Encryption required and " + "share %s doesn't support " + "encryption.\n", service_name); + } else if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("Encryption required and " + "setup failed with error %s.\n", + nt_errstr(nt_status)); + } + + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(*cli_ctx); + *cli_ctx = NULL; + } + } + + return nt_status; +} + +/**************************************************************************** + Connect to \\server\ipc$. +****************************************************************************/ + +NTSTATUS connect_to_ipc(struct net_context *c, + struct cli_state **cli_ctx, + struct sockaddr_storage *server_ss, + const char *server_name) +{ + return connect_to_service(c, cli_ctx, server_ss, server_name, "IPC$", + "IPC"); +} + +/**************************************************************************** + Connect to \\server\ipc$ anonymously. +****************************************************************************/ + +NTSTATUS connect_to_ipc_anonymous(struct net_context *c, + struct cli_state **cli_ctx, + struct sockaddr_storage *server_ss, + const char *server_name) +{ + NTSTATUS nt_status; + + nt_status = cli_full_connection(cli_ctx, c->opt_requester_name, + server_name, server_ss, c->opt_port, + "IPC$", "IPC", + "", "", + "", 0, Undefined, NULL); + + if (NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } else { + DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status))); + return nt_status; + } +} + +/**************************************************************************** + Return malloced user@realm for krb5 login. +****************************************************************************/ + +static char *get_user_and_realm(const char *username) +{ + char *user_and_realm = NULL; + + if (!username) { + return NULL; + } + if (strchr_m(username, '@')) { + user_and_realm = SMB_STRDUP(username); + } else { + if (asprintf(&user_and_realm, "%s@%s", username, lp_realm()) == -1) { + user_and_realm = NULL; + } + } + return user_and_realm; +} + +/**************************************************************************** + Connect to \\server\ipc$ using KRB5. +****************************************************************************/ + +NTSTATUS connect_to_ipc_krb5(struct net_context *c, + struct cli_state **cli_ctx, + struct sockaddr_storage *server_ss, + const char *server_name) +{ + NTSTATUS nt_status; + char *user_and_realm = NULL; + + /* FIXME: Should get existing kerberos ticket if possible. */ + c->opt_password = net_prompt_pass(c, c->opt_user_name); + if (!c->opt_password) { + return NT_STATUS_NO_MEMORY; + } + + user_and_realm = get_user_and_realm(c->opt_user_name); + if (!user_and_realm) { + return NT_STATUS_NO_MEMORY; + } + + nt_status = cli_full_connection(cli_ctx, NULL, server_name, + server_ss, c->opt_port, + "IPC$", "IPC", + user_and_realm, c->opt_workgroup, + c->opt_password, + CLI_FULL_CONNECTION_USE_KERBEROS, + Undefined, NULL); + + SAFE_FREE(user_and_realm); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status))); + return nt_status; + } + + if (c->smb_encrypt) { + nt_status = cli_cm_force_encryption(*cli_ctx, + user_and_realm, + c->opt_password, + c->opt_workgroup, + "IPC$"); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(*cli_ctx); + *cli_ctx = NULL; + } + } + + return nt_status; +} + +/** + * Connect a server and open a given pipe + * + * @param cli_dst A cli_state + * @param pipe The pipe to open + * @param got_pipe boolean that stores if we got a pipe + * + * @return Normal NTSTATUS return. + **/ +NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, + struct rpc_pipe_client **pp_pipe_hnd, int pipe_num) +{ + NTSTATUS nt_status; + char *server_name = SMB_STRDUP("127.0.0.1"); + struct cli_state *cli_tmp = NULL; + struct rpc_pipe_client *pipe_hnd = NULL; + + if (server_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (c->opt_destination) { + SAFE_FREE(server_name); + if ((server_name = SMB_STRDUP(c->opt_destination)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + /* make a connection to a named pipe */ + nt_status = connect_to_ipc(c, &cli_tmp, NULL, server_name); + if (!NT_STATUS_IS_OK(nt_status)) { + SAFE_FREE(server_name); + return nt_status; + } + + pipe_hnd = cli_rpc_pipe_open_noauth(cli_tmp, pipe_num, &nt_status); + if (!pipe_hnd) { + DEBUG(0, ("couldn't not initialize pipe\n")); + cli_shutdown(cli_tmp); + SAFE_FREE(server_name); + return nt_status; + } + + *cli_dst = cli_tmp; + *pp_pipe_hnd = pipe_hnd; + SAFE_FREE(server_name); + + return nt_status; +} + +/**************************************************************************** + Use the local machine account (krb) and password for this session. +****************************************************************************/ + +int net_use_krb_machine_account(struct net_context *c) +{ + char *user_name = NULL; + + if (!secrets_init()) { + d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); + exit(1); + } + + c->opt_password = secrets_fetch_machine_password( + c->opt_target_workgroup, NULL, NULL); + if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { + return -1; + } + c->opt_user_name = user_name; + return 0; +} + +/**************************************************************************** + Use the machine account name and password for this session. +****************************************************************************/ + +int net_use_machine_account(struct net_context *c) +{ + char *user_name = NULL; + + if (!secrets_init()) { + d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); + exit(1); + } + + c->opt_password = secrets_fetch_machine_password( + c->opt_target_workgroup, NULL, NULL); + if (asprintf(&user_name, "%s$", global_myname()) == -1) { + return -1; + } + c->opt_user_name = user_name; + return 0; +} + +bool net_find_server(struct net_context *c, + const char *domain, + unsigned flags, + struct sockaddr_storage *server_ss, + char **server_name) +{ + const char *d = domain ? domain : c->opt_target_workgroup; + + if (c->opt_host) { + *server_name = SMB_STRDUP(c->opt_host); + } + + if (c->opt_have_ip) { + *server_ss = c->opt_dest_ip; + if (!*server_name) { + char addr[INET6_ADDRSTRLEN]; + print_sockaddr(addr, sizeof(addr), &c->opt_dest_ip); + *server_name = SMB_STRDUP(addr); + } + } else if (*server_name) { + /* resolve the IP address */ + if (!resolve_name(*server_name, server_ss, 0x20)) { + DEBUG(1,("Unable to resolve server name\n")); + return false; + } + } else if (flags & NET_FLAGS_PDC) { + fstring dc_name; + struct sockaddr_storage pdc_ss; + + if (!get_pdc_ip(d, &pdc_ss)) { + DEBUG(1,("Unable to resolve PDC server address\n")); + return false; + } + + if (is_zero_addr(&pdc_ss)) { + return false; + } + + if (!name_status_find(d, 0x1b, 0x20, &pdc_ss, dc_name)) { + return false; + } + + *server_name = SMB_STRDUP(dc_name); + *server_ss = pdc_ss; + } else if (flags & NET_FLAGS_DMB) { + struct sockaddr_storage msbrow_ss; + char addr[INET6_ADDRSTRLEN]; + + /* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */ + if (!resolve_name(d, &msbrow_ss, 0x1B)) { + DEBUG(1,("Unable to resolve domain browser via name lookup\n")); + return false; + } + *server_ss = msbrow_ss; + print_sockaddr(addr, sizeof(addr), server_ss); + *server_name = SMB_STRDUP(addr); + } else if (flags & NET_FLAGS_MASTER) { + struct sockaddr_storage brow_ss; + char addr[INET6_ADDRSTRLEN]; + if (!resolve_name(d, &brow_ss, 0x1D)) { + /* go looking for workgroups */ + DEBUG(1,("Unable to resolve master browser via name lookup\n")); + return false; + } + *server_ss = brow_ss; + print_sockaddr(addr, sizeof(addr), server_ss); + *server_name = SMB_STRDUP(addr); + } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) { + if (!interpret_string_addr(server_ss, + "127.0.0.1", AI_NUMERICHOST)) { + DEBUG(1,("Unable to resolve 127.0.0.1\n")); + return false; + } + *server_name = SMB_STRDUP("127.0.0.1"); + } + + if (!*server_name) { + DEBUG(1,("no server to connect to\n")); + return false; + } + + return true; +} + +bool net_find_pdc(struct sockaddr_storage *server_ss, + fstring server_name, + const char *domain_name) +{ + if (!get_pdc_ip(domain_name, server_ss)) { + return false; + } + if (is_zero_addr(server_ss)) { + return false; + } + + if (!name_status_find(domain_name, 0x1b, 0x20, server_ss, server_name)) { + return false; + } + + return true; +} + +NTSTATUS net_make_ipc_connection(struct net_context *c, unsigned flags, + struct cli_state **pcli) +{ + return net_make_ipc_connection_ex(c, NULL, NULL, NULL, flags, pcli); +} + +NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, + const char *server, + struct sockaddr_storage *pss, + unsigned flags, struct cli_state **pcli) +{ + char *server_name = NULL; + struct sockaddr_storage server_ss; + struct cli_state *cli = NULL; + NTSTATUS nt_status; + + if ( !server || !pss ) { + if (!net_find_server(c, domain, flags, &server_ss, + &server_name)) { + d_fprintf(stderr, "Unable to find a suitable server\n"); + nt_status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + server_name = SMB_STRDUP( server ); + server_ss = *pss; + } + + if (flags & NET_FLAGS_ANONYMOUS) { + nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss, + server_name); + } else { + nt_status = connect_to_ipc(c, &cli, &server_ss, + server_name); + } + + /* store the server in the affinity cache if it was a PDC */ + + if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) ) + saf_store( cli->server_domain, cli->desthost ); + + SAFE_FREE(server_name); + if (!NT_STATUS_IS_OK(nt_status)) { + d_fprintf(stderr, "Connection failed: %s\n", + nt_errstr(nt_status)); + cli = NULL; + } + +done: + if (pcli != NULL) { + *pcli = cli; + } + return nt_status; +} + +/**************************************************************************** +****************************************************************************/ + +const char *net_prompt_pass(struct net_context *c, const char *user) +{ + char *prompt = NULL; + const char *pass = NULL; + + if (c->opt_password) { + return c->opt_password; + } + + if (c->opt_machine_pass) { + return NULL; + } + + asprintf(&prompt, "Enter %s's password:", user); + if (!prompt) { + return NULL; + } + + pass = getpass(prompt); + SAFE_FREE(prompt); + + return pass; +} + -- cgit From 6fd35d25bff4e1ceef07613c732dd7800afda35f Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 18 May 2008 10:56:32 +0200 Subject: net: Move net_run_function/net_run_function2 to net_util.c (This used to be commit 73fb5f392dbc1966ec34217e39d565200e071aaf) --- source3/utils/net_util.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 771c7e4f46..20f004b790 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -546,3 +546,49 @@ const char *net_prompt_pass(struct net_context *c, const char *user) return pass; } +/* + run a function from a function table. If not found then + call the specified usage function +*/ +int net_run_function(struct net_context *c, int argc, const char **argv, + struct functable *table, + int (*usage_fn)(struct net_context *c, + int argc, const char **argv)) +{ + int i; + + if (argc < 1) { + d_printf("\nUsage: \n"); + return usage_fn(c, argc, argv); + } + for (i=0; table[i].funcname; i++) { + if (StrCaseCmp(argv[0], table[i].funcname) == 0) + return table[i].fn(c, argc-1, argv+1); + } + d_fprintf(stderr, "No command: %s\n", argv[0]); + return usage_fn(c, argc, argv); +} + +/* + * run a function from a function table. + */ +int net_run_function2(struct net_context *c, int argc, const char **argv, + const char *whoami, struct functable2 *table) +{ + int i; + + if (argc != 0) { + for (i=0; table[i].funcname; i++) { + if (StrCaseCmp(argv[0], table[i].funcname) == 0) + return table[i].fn(c, argc-1, argv+1); + } + } + + for (i=0; table[i].funcname != NULL; i++) { + d_printf("%s %-15s %s\n", whoami, table[i].funcname, + table[i].helptext); + } + + return -1; +} + -- cgit From 44c260743cc01d7fa07b66b771b94de98b5b7444 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 22 May 2008 09:41:21 +0200 Subject: net: Add net_run_function3 (This used to be commit ba1108f06ae5860c8f418dc383b027068780abf9) --- source3/utils/net_util.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 20f004b790..c641e61c5c 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -592,3 +592,30 @@ int net_run_function2(struct net_context *c, int argc, const char **argv, return -1; } +int net_run_function3(struct net_context *c, int argc, const char **argv, + const char *whoami, struct functable3 *table) +{ + int i; + if (argc != 0) { + for (i=0; table[i].funcname != NULL; i++) { + if (StrCaseCmp(argv[0], table[i].funcname) == 0) + return table[i].fn(c, argc-1, argv+1); + } + } + + if (c->display_usage == false) { + d_fprintf(stderr, "Invalid command: %s %s\n", whoami, + (argc > 0)?argv[0]:""); + } + d_printf("Usage:\n"); + for (i=0; table[i].funcname != NULL; i++) { + if(c->display_usage == false) + d_printf("%s %-15s %s\n", whoami, table[i].funcname, + table[i].description); + else + d_printf("%s\n", table[i].usage); + } + + return c->display_usage?0:-1; +} + -- cgit From 223d1bce777a3ed9b8bb08e4c85535aee6118eee Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 18 May 2008 19:12:24 +0200 Subject: net: Use functable2 to give a short help text for top-level functions. (This used to be commit e9be24a2cbbd9bc7075c0fe75d44d51184f84dba) --- source3/utils/net_util.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index c641e61c5c..826a2fb40f 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -584,6 +584,9 @@ int net_run_function2(struct net_context *c, int argc, const char **argv, } } + d_fprintf(stderr, "Invalid command: %s %s\n", whoami, + (argc > 0)?argv[0]:""); + d_printf("Usage:\n"); for (i=0; table[i].funcname != NULL; i++) { d_printf("%s %-15s %s\n", whoami, table[i].funcname, table[i].helptext); -- cgit From 8efc535a4a5d02fe8e887d916213f1a0f0dda0af Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 5 Jun 2008 23:22:19 +0200 Subject: net: Add net_display_usage_from_functable() (This used to be commit de0e15b35ea46cfcdd82f45eb3329c44d7aacb90) --- source3/utils/net_util.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 826a2fb40f..695d285390 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -622,3 +622,10 @@ int net_run_function3(struct net_context *c, int argc, const char **argv, return c->display_usage?0:-1; } +void net_display_usage_from_functable(struct functable3 *table) +{ + int i; + for (i=0; table[i].funcname != NULL; i++) { + d_printf("%s\n", table[i].usage); + } +} -- cgit From 255bdb26025a5025bc60637dd924f6ec71c49ee5 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sat, 7 Jun 2008 02:25:08 +0200 Subject: net: Rename functable3 to functable, get rid of old functables (This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07) --- source3/utils/net_util.c | 53 ++---------------------------------------------- 1 file changed, 2 insertions(+), 51 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 695d285390..6029231d74 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -546,57 +546,8 @@ const char *net_prompt_pass(struct net_context *c, const char *user) return pass; } -/* - run a function from a function table. If not found then - call the specified usage function -*/ int net_run_function(struct net_context *c, int argc, const char **argv, - struct functable *table, - int (*usage_fn)(struct net_context *c, - int argc, const char **argv)) -{ - int i; - - if (argc < 1) { - d_printf("\nUsage: \n"); - return usage_fn(c, argc, argv); - } - for (i=0; table[i].funcname; i++) { - if (StrCaseCmp(argv[0], table[i].funcname) == 0) - return table[i].fn(c, argc-1, argv+1); - } - d_fprintf(stderr, "No command: %s\n", argv[0]); - return usage_fn(c, argc, argv); -} - -/* - * run a function from a function table. - */ -int net_run_function2(struct net_context *c, int argc, const char **argv, - const char *whoami, struct functable2 *table) -{ - int i; - - if (argc != 0) { - for (i=0; table[i].funcname; i++) { - if (StrCaseCmp(argv[0], table[i].funcname) == 0) - return table[i].fn(c, argc-1, argv+1); - } - } - - d_fprintf(stderr, "Invalid command: %s %s\n", whoami, - (argc > 0)?argv[0]:""); - d_printf("Usage:\n"); - for (i=0; table[i].funcname != NULL; i++) { - d_printf("%s %-15s %s\n", whoami, table[i].funcname, - table[i].helptext); - } - - return -1; -} - -int net_run_function3(struct net_context *c, int argc, const char **argv, - const char *whoami, struct functable3 *table) + const char *whoami, struct functable *table) { int i; if (argc != 0) { @@ -622,7 +573,7 @@ int net_run_function3(struct net_context *c, int argc, const char **argv, return c->display_usage?0:-1; } -void net_display_usage_from_functable(struct functable3 *table) +void net_display_usage_from_functable(struct functable *table) { int i; for (i=0; table[i].funcname != NULL; i++) { -- cgit From 37ae3f9c20b9882522abb33276e716dca296d63f Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Jun 2008 12:14:32 -0500 Subject: net: Fix crash when specifying invalid options on the command line (This used to be commit 4c3bfea9f8d238f9100eaa264b9b2941dff5a6dd) --- source3/utils/net_util.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 6029231d74..8938b9cf01 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -550,6 +550,14 @@ int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table) { int i; + + if (!table) { + d_fprintf(stderr, "Invalid command. Run \"%s\" for more details.\n", + whoami); + return 1; + } + + if (argc != 0) { for (i=0; table[i].funcname != NULL; i++) { if (StrCaseCmp(argv[0], table[i].funcname) == 0) -- cgit From accc68f63e91e8684d7186fa718bd51e2e4e8922 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sat, 21 Jun 2008 00:07:21 +0200 Subject: net: Don't crash on invalid command line options. This backs out the workaround Jerry added in 4c3bfea9f8d238f9100eaa264b9b2941dff5a6dd. Thanks for the catch. (This used to be commit 20e0bb4800938863cb0aac1a19473748132043fc) --- source3/utils/net_util.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 8938b9cf01..ae1d4ea2b6 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -551,13 +551,6 @@ int net_run_function(struct net_context *c, int argc, const char **argv, { int i; - if (!table) { - d_fprintf(stderr, "Invalid command. Run \"%s\" for more details.\n", - whoami); - return 1; - } - - if (argc != 0) { for (i=0; table[i].funcname != NULL; i++) { if (StrCaseCmp(argv[0], table[i].funcname) == 0) -- cgit From 1335da2a7cc639310e5d389e8e8dbe67c4e7ca25 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 11:04:31 +0200 Subject: Refactoring: Change calling conventions for cli_rpc_pipe_open_noauth Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779) --- source3/utils/net_util.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index ae1d4ea2b6..b976c65970 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -36,8 +36,9 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c, ZERO_STRUCT(pol); - lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result); - if (lsa_pipe == NULL) { + result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + &lsa_pipe); + if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not initialise lsa pipe\n"); return result; } @@ -303,8 +304,9 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } - pipe_hnd = cli_rpc_pipe_open_noauth(cli_tmp, pipe_num, &nt_status); - if (!pipe_hnd) { + nt_status = cli_rpc_pipe_open_noauth(cli_tmp, cli_get_iface(pipe_num), + &pipe_hnd); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("couldn't not initialize pipe\n")); cli_shutdown(cli_tmp); SAFE_FREE(server_name); -- cgit From 05cc3fda05ced80828d8a7bbc00674c495bf46d3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 18:44:32 +0200 Subject: Refactoring: connect_dst_pipe uses ndr_syntax_id instead of pipe_idx (This used to be commit 0f77746f36b98acc5171727fa3fc236af9fd2000) --- source3/utils/net_util.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index b976c65970..be00dde16e 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -279,7 +279,8 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, * @return Normal NTSTATUS return. **/ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, - struct rpc_pipe_client **pp_pipe_hnd, int pipe_num) + struct rpc_pipe_client **pp_pipe_hnd, + const struct ndr_syntax_id *interface) { NTSTATUS nt_status; char *server_name = SMB_STRDUP("127.0.0.1"); @@ -304,7 +305,7 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } - nt_status = cli_rpc_pipe_open_noauth(cli_tmp, cli_get_iface(pipe_num), + nt_status = cli_rpc_pipe_open_noauth(cli_tmp, interface, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("couldn't not initialize pipe\n")); -- cgit From 6913f986f4213e056f724ed3be3aee313c07d78c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 21:37:09 +0200 Subject: net: add "-k" switch for kerberos authentication (in preparation for #5416). Guenther (This used to be commit 4cce94d464b16d29b638da3a581d98a237959b63) --- source3/utils/net_util.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index be00dde16e..eb39c739e7 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -94,17 +94,23 @@ NTSTATUS connect_to_service(struct net_context *c, const char *service_type) { NTSTATUS nt_status; + int flags = 0; c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (!c->opt_password) { - return NT_STATUS_NO_MEMORY; + + if (c->opt_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + + if (c->opt_kerberos && c->opt_password) { + flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, service_name, service_type, c->opt_user_name, c->opt_workgroup, - c->opt_password, 0, Undefined, NULL); + c->opt_password, flags, Undefined, NULL); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); @@ -538,6 +544,10 @@ const char *net_prompt_pass(struct net_context *c, const char *user) return NULL; } + if (c->opt_kerberos && !c->opt_user_specified) { + return NULL; + } + asprintf(&prompt, "Enter %s's password:", user); if (!prompt) { return NULL; -- cgit From 129e71a97a991f9cd79c9eca65b21e4789d5f303 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 21 Aug 2008 15:27:22 -0700 Subject: Fix broken net rpc join message when DC can't be found. Ensure we pass in a domain name. Jeremy. (This used to be commit 33019fe2b5f521c143fc79edb915eca69b9ed98d) --- source3/utils/net_util.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_util.c') diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index eb39c739e7..88850d29df 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -476,7 +476,7 @@ bool net_find_pdc(struct sockaddr_storage *server_ss, NTSTATUS net_make_ipc_connection(struct net_context *c, unsigned flags, struct cli_state **pcli) { - return net_make_ipc_connection_ex(c, NULL, NULL, NULL, flags, pcli); + return net_make_ipc_connection_ex(c, c->opt_workgroup, NULL, NULL, flags, pcli); } NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, @@ -492,7 +492,8 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, if ( !server || !pss ) { if (!net_find_server(c, domain, flags, &server_ss, &server_name)) { - d_fprintf(stderr, "Unable to find a suitable server\n"); + d_fprintf(stderr, "Unable to find a suitable server " + "for domain %s\n", domain); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; } -- cgit