root/source3/rpcclient/cmd_netlogon.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. cmd_netlogon_logon_ctrl2
  2. cmd_netlogon_getanydcname
  3. cmd_netlogon_getdcname
  4. cmd_netlogon_dsr_getdcname
  5. cmd_netlogon_dsr_getdcnameex
  6. cmd_netlogon_dsr_getdcnameex2
  7. cmd_netlogon_dsr_getsitename
  8. cmd_netlogon_logon_ctrl
  9. display_sam_sync
  10. cmd_netlogon_sam_sync
  11. cmd_netlogon_sam_deltas
  12. cmd_netlogon_sam_logon
  13. cmd_netlogon_change_trust_pw
  14. cmd_netlogon_gettrustrid
  15. cmd_netlogon_dsr_enumtrustdom
  16. cmd_netlogon_deregisterdnsrecords
  17. cmd_netlogon_dsr_getforesttrustinfo
  18. cmd_netlogon_enumtrusteddomains
  19. cmd_netlogon_enumtrusteddomainsex
  20. cmd_netlogon_getdcsitecoverage
  21. cmd_netlogon_database_redo
  22. cmd_netlogon_capabilities

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    RPC pipe client
   4 
   5    Copyright (C) Tim Potter 2000
   6    Copyright (C) Guenther Deschner 2008
   7 
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12    
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17    
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21 
  22 #include "includes.h"
  23 #include "rpcclient.h"
  24 
  25 static WERROR cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
  26                                        TALLOC_CTX *mem_ctx, int argc,
  27                                        const char **argv)
  28 {
  29         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
  30         WERROR werr;
  31         const char *logon_server = cli->desthost;
  32         enum netr_LogonControlCode function_code = NETLOGON_CONTROL_REDISCOVER;
  33         uint32_t level = 1;
  34         union netr_CONTROL_DATA_INFORMATION data;
  35         union netr_CONTROL_QUERY_INFORMATION query;
  36         const char *domain = lp_workgroup();
  37 
  38         if (argc > 5) {
  39                 fprintf(stderr, "Usage: %s <logon_server> <function_code> "
  40                         "<level> <domain>\n", argv[0]);
  41                 return WERR_OK;
  42         }
  43 
  44         if (argc >= 2) {
  45                 logon_server = argv[1];
  46         }
  47 
  48         if (argc >= 3) {
  49                 function_code = atoi(argv[2]);
  50         }
  51 
  52         if (argc >= 4) {
  53                 level = atoi(argv[3]);
  54         }
  55 
  56         if (argc >= 5) {
  57                 domain = argv[4];
  58         }
  59 
  60         switch (function_code) {
  61                 case NETLOGON_CONTROL_REDISCOVER:
  62                 case NETLOGON_CONTROL_TC_QUERY:
  63                         data.domain = domain;
  64                         break;
  65                 default:
  66                         break;
  67         }
  68 
  69         status = rpccli_netr_LogonControl2(cli, mem_ctx,
  70                                           logon_server,
  71                                           function_code,
  72                                           level,
  73                                           &data,
  74                                           &query,
  75                                           &werr);
  76         if (!NT_STATUS_IS_OK(status)) {
  77                 return ntstatus_to_werror(status);
  78         }
  79 
  80         if (!W_ERROR_IS_OK(werr)) {
  81                 return werr;
  82         }
  83 
  84         /* Display results */
  85 
  86         return werr;
  87 }
  88 
  89 static WERROR cmd_netlogon_getanydcname(struct rpc_pipe_client *cli, 
     /* [<][>][^][v][top][bottom][index][help] */
  90                                         TALLOC_CTX *mem_ctx, int argc, 
  91                                         const char **argv)
  92 {
  93         const char *dcname = NULL;
  94         WERROR werr;
  95         NTSTATUS status;
  96         int old_timeout;
  97 
  98         if (argc != 2) {
  99                 fprintf(stderr, "Usage: %s domainname\n", argv[0]);
 100                 return WERR_OK;
 101         }
 102 
 103         /* Make sure to wait for our DC's reply */
 104         old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
 105         rpccli_set_timeout(cli, MAX(old_timeout, 30000)); /* At least 30 sec */
 106 
 107         status = rpccli_netr_GetAnyDCName(cli, mem_ctx,
 108                                           cli->desthost,
 109                                           argv[1],
 110                                           &dcname,
 111                                           &werr);
 112         rpccli_set_timeout(cli, old_timeout);
 113 
 114         if (!NT_STATUS_IS_OK(status)) {
 115                 return ntstatus_to_werror(status);
 116         }
 117 
 118         if (!W_ERROR_IS_OK(werr)) {
 119                 return werr;
 120         }
 121 
 122         /* Display results */
 123 
 124         printf("%s\n", dcname);
 125 
 126         return werr;
 127 }
 128 
 129 static WERROR cmd_netlogon_getdcname(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 130                                      TALLOC_CTX *mem_ctx, int argc,
 131                                      const char **argv)
 132 {
 133         const char *dcname = NULL;
 134         NTSTATUS status;
 135         WERROR werr;
 136         int old_timeout;
 137 
 138         if (argc != 2) {
 139                 fprintf(stderr, "Usage: %s domainname\n", argv[0]);
 140                 return WERR_OK;
 141         }
 142 
 143         /* Make sure to wait for our DC's reply */
 144         old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
 145         rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
 146 
 147         status = rpccli_netr_GetDcName(cli, mem_ctx,
 148                                        cli->desthost,
 149                                        argv[1],
 150                                        &dcname,
 151                                        &werr);
 152         rpccli_set_timeout(cli, old_timeout);
 153 
 154         if (!NT_STATUS_IS_OK(status)) {
 155                 return ntstatus_to_werror(status);
 156         }
 157 
 158         if (!W_ERROR_IS_OK(werr)) {
 159                 return werr;
 160         }
 161 
 162         /* Display results */
 163 
 164         printf("%s\n", dcname);
 165 
 166         return werr;
 167 }
 168 
 169 static WERROR cmd_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 170                                          TALLOC_CTX *mem_ctx, int argc,
 171                                          const char **argv)
 172 {
 173         NTSTATUS result;
 174         WERROR werr = WERR_OK;
 175         uint32 flags = DS_RETURN_DNS_NAME;
 176         const char *server_name = cli->desthost;
 177         const char *domain_name;
 178         struct GUID domain_guid = GUID_zero();
 179         struct GUID site_guid = GUID_zero();
 180         struct netr_DsRGetDCNameInfo *info = NULL;
 181 
 182         if (argc < 2) {
 183                 fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
 184                                 "[site_guid] [flags]\n", argv[0]);
 185                 return WERR_OK;
 186         }
 187 
 188         if (argc >= 2)
 189                 domain_name = argv[1];
 190 
 191         if (argc >= 3) {
 192                 if (!NT_STATUS_IS_OK(GUID_from_string(argv[2], &domain_guid))) {
 193                         return WERR_NOMEM;
 194                 }
 195         }
 196 
 197         if (argc >= 4) {
 198                 if (!NT_STATUS_IS_OK(GUID_from_string(argv[3], &site_guid))) {
 199                         return WERR_NOMEM;
 200                 }
 201         }
 202 
 203         if (argc >= 5)
 204                 sscanf(argv[4], "%x", &flags);
 205 
 206         debug_dsdcinfo_flags(1,flags);
 207 
 208         result = rpccli_netr_DsRGetDCName(cli, mem_ctx,
 209                                           server_name,
 210                                           domain_name,
 211                                           &domain_guid,
 212                                           &site_guid,
 213                                           flags,
 214                                           &info,
 215                                           &werr);
 216 
 217         if (W_ERROR_IS_OK(werr)) {
 218                 d_printf("DsGetDcName gave: %s\n",
 219                 NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
 220                 return WERR_OK;
 221         }
 222 
 223         printf("rpccli_netlogon_dsr_getdcname returned %s\n",
 224                win_errstr(werr));
 225 
 226         return werr;
 227 }
 228 
 229 static WERROR cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 230                                            TALLOC_CTX *mem_ctx, int argc,
 231                                            const char **argv)
 232 {
 233         WERROR result;
 234         NTSTATUS status;
 235         uint32_t flags = DS_RETURN_DNS_NAME;
 236         const char *server_name = cli->desthost;
 237         const char *domain_name;
 238         const char *site_name = NULL;
 239         struct GUID domain_guid = GUID_zero();
 240         struct netr_DsRGetDCNameInfo *info = NULL;
 241 
 242         if (argc < 2) {
 243                 fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
 244                                 "[site_name] [flags]\n", argv[0]);
 245                 return WERR_OK;
 246         }
 247 
 248         domain_name = argv[1];
 249 
 250         if (argc >= 3) {
 251                 if (!NT_STATUS_IS_OK(GUID_from_string(argv[2], &domain_guid))) {
 252                         return WERR_NOMEM;
 253                 }
 254         }
 255 
 256         if (argc >= 4) {
 257                 site_name = argv[3];
 258         }
 259 
 260         if (argc >= 5) {
 261                 sscanf(argv[4], "%x", &flags);
 262         }
 263 
 264         debug_dsdcinfo_flags(1,flags);
 265 
 266         status = rpccli_netr_DsRGetDCNameEx(cli, mem_ctx,
 267                                             server_name,
 268                                             domain_name,
 269                                             &domain_guid,
 270                                             site_name,
 271                                             flags,
 272                                             &info,
 273                                             &result);
 274         if (!NT_STATUS_IS_OK(status)) {
 275                 return ntstatus_to_werror(status);
 276         }
 277 
 278         if (!W_ERROR_IS_OK(result)) {
 279                 return result;
 280         }
 281 
 282         d_printf("DsRGetDCNameEx gave %s\n",
 283                 NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
 284 
 285         return result;
 286 }
 287 
 288 static WERROR cmd_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 289                                             TALLOC_CTX *mem_ctx, int argc,
 290                                             const char **argv)
 291 {
 292         WERROR result;
 293         NTSTATUS status;
 294         uint32_t flags = DS_RETURN_DNS_NAME;
 295         const char *server_name = cli->desthost;
 296         const char *domain_name = NULL;
 297         const char *client_account = NULL;
 298         uint32_t mask = 0;
 299         const char *site_name = NULL;
 300         struct GUID domain_guid = GUID_zero();
 301         struct netr_DsRGetDCNameInfo *info = NULL;
 302 
 303         if (argc < 2) {
 304                 fprintf(stderr, "Usage: %s [client_account] [acb_mask] "
 305                                 "[domain_name] [domain_guid] [site_name] "
 306                                 "[flags]\n", argv[0]);
 307                 return WERR_OK;
 308         }
 309 
 310         if (argc >= 2) {
 311                 client_account = argv[1];
 312         }
 313 
 314         if (argc >= 3) {
 315                 mask = atoi(argv[2]);
 316         }
 317 
 318         if (argc >= 4) {
 319                 domain_name = argv[3];
 320         }
 321 
 322         if (argc >= 5) {
 323                 if (!NT_STATUS_IS_OK(GUID_from_string(argv[4], &domain_guid))) {
 324                         return WERR_NOMEM;
 325                 }
 326         }
 327 
 328         if (argc >= 6) {
 329                 site_name = argv[5];
 330         }
 331 
 332         if (argc >= 7) {
 333                 sscanf(argv[6], "%x", &flags);
 334         }
 335 
 336         debug_dsdcinfo_flags(1,flags);
 337 
 338         status = rpccli_netr_DsRGetDCNameEx2(cli, mem_ctx,
 339                                              server_name,
 340                                              client_account,
 341                                              mask,
 342                                              domain_name,
 343                                              &domain_guid,
 344                                              site_name,
 345                                              flags,
 346                                              &info,
 347                                              &result);
 348         if (!NT_STATUS_IS_OK(status)) {
 349                 return ntstatus_to_werror(status);
 350         }
 351 
 352         if (!W_ERROR_IS_OK(result)) {
 353                 return result;
 354         }
 355 
 356         d_printf("DsRGetDCNameEx2 gave %s\n",
 357                 NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
 358 
 359         return result;
 360 }
 361 
 362 
 363 static WERROR cmd_netlogon_dsr_getsitename(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 364                                            TALLOC_CTX *mem_ctx, int argc,
 365                                            const char **argv)
 366 {
 367         WERROR werr;
 368         NTSTATUS status;
 369         const char *sitename = NULL;
 370 
 371         if (argc != 2) {
 372                 fprintf(stderr, "Usage: %s computername\n", argv[0]);
 373                 return WERR_OK;
 374         }
 375 
 376         status = rpccli_netr_DsRGetSiteName(cli, mem_ctx,
 377                                             argv[1],
 378                                             &sitename,
 379                                             &werr);
 380         if (!NT_STATUS_IS_OK(status)) {
 381                 return ntstatus_to_werror(status);
 382         }
 383 
 384         if (!W_ERROR_IS_OK(werr)) {
 385                 printf("rpccli_netlogon_dsr_gesitename returned %s\n",
 386                        nt_errstr(werror_to_ntstatus(werr)));
 387                 return werr;
 388         }
 389 
 390         printf("Computer %s is on Site: %s\n", argv[1], sitename);
 391 
 392         return WERR_OK;
 393 }
 394 
 395 static WERROR cmd_netlogon_logon_ctrl(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 396                                       TALLOC_CTX *mem_ctx, int argc,
 397                                       const char **argv)
 398 {
 399         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 400         WERROR werr;
 401         const char *logon_server = cli->desthost;
 402         enum netr_LogonControlCode function_code = 1;
 403         uint32_t level = 1;
 404         union netr_CONTROL_QUERY_INFORMATION info;
 405 
 406         if (argc > 4) {
 407                 fprintf(stderr, "Usage: %s <logon_server> <function_code> "
 408                         "<level>\n", argv[0]);
 409                 return WERR_OK;
 410         }
 411 
 412         if (argc >= 2) {
 413                 logon_server = argv[1];
 414         }
 415 
 416         if (argc >= 3) {
 417                 function_code = atoi(argv[2]);
 418         }
 419 
 420         if (argc >= 4) {
 421                 level = atoi(argv[3]);
 422         }
 423 
 424         status = rpccli_netr_LogonControl(cli, mem_ctx,
 425                                           logon_server,
 426                                           function_code,
 427                                           level,
 428                                           &info,
 429                                           &werr);
 430         if (!NT_STATUS_IS_OK(status)) {
 431                 return ntstatus_to_werror(status);
 432         }
 433 
 434         if (!W_ERROR_IS_OK(werr)) {
 435                 return werr;
 436         }
 437 
 438         /* Display results */
 439 
 440         return werr;
 441 }
 442 
 443 /* Display sam synchronisation information */
 444 
 445 static void display_sam_sync(struct netr_DELTA_ENUM_ARRAY *r)
     /* [<][>][^][v][top][bottom][index][help] */
 446 {
 447         uint32_t i, j;
 448 
 449         for (i=0; i < r->num_deltas; i++) {
 450 
 451                 union netr_DELTA_UNION u = r->delta_enum[i].delta_union;
 452                 union netr_DELTA_ID_UNION id = r->delta_enum[i].delta_id_union;
 453 
 454                 switch (r->delta_enum[i].delta_type) {
 455                 case NETR_DELTA_DOMAIN:
 456                         printf("Domain: %s\n",
 457                                 u.domain->domain_name.string);
 458                         break;
 459                 case NETR_DELTA_GROUP:
 460                         printf("Group: %s\n",
 461                                 u.group->group_name.string);
 462                         break;
 463                 case NETR_DELTA_DELETE_GROUP:
 464                         printf("Delete Group: %d\n",
 465                                 u.delete_account.unknown);
 466                         break;
 467                 case NETR_DELTA_RENAME_GROUP:
 468                         printf("Rename Group: %s -> %s\n",
 469                                 u.rename_group->OldName.string,
 470                                 u.rename_group->NewName.string);
 471                         break;
 472                 case NETR_DELTA_USER:
 473                         printf("Account: %s\n",
 474                                 u.user->account_name.string);
 475                         break;
 476                 case NETR_DELTA_DELETE_USER:
 477                         printf("Delete User: %d\n",
 478                                 id.rid);
 479                         break;
 480                 case NETR_DELTA_RENAME_USER:
 481                         printf("Rename user: %s -> %s\n",
 482                                 u.rename_user->OldName.string,
 483                                 u.rename_user->NewName.string);
 484                         break;
 485                 case NETR_DELTA_GROUP_MEMBER:
 486                         for (j=0; j < u.group_member->num_rids; j++) {
 487                                 printf("rid 0x%x, attrib 0x%08x\n",
 488                                         u.group_member->rids[j],
 489                                         u.group_member->attribs[j]);
 490                         }
 491                         break;
 492                 case NETR_DELTA_ALIAS:
 493                         printf("Alias: %s\n",
 494                                 u.alias->alias_name.string);
 495                         break;
 496                 case NETR_DELTA_DELETE_ALIAS:
 497                         printf("Delete Alias: %d\n",
 498                                 r->delta_enum[i].delta_id_union.rid);
 499                         break;
 500                 case NETR_DELTA_RENAME_ALIAS:
 501                         printf("Rename alias: %s -> %s\n",
 502                                 u.rename_alias->OldName.string,
 503                                 u.rename_alias->NewName.string);
 504                         break;
 505                 case NETR_DELTA_ALIAS_MEMBER:
 506                         for (j=0; j < u.alias_member->sids.num_sids; j++) {
 507                                 fstring sid_str;
 508                                 sid_to_fstring(sid_str,
 509                                         u.alias_member->sids.sids[j].sid);
 510                                 printf("%s\n", sid_str);
 511                         }
 512                         break;
 513                 case NETR_DELTA_POLICY:
 514                         printf("Policy\n");
 515                         break;
 516                 case NETR_DELTA_TRUSTED_DOMAIN:
 517                         printf("Trusted Domain: %s\n",
 518                                 u.trusted_domain->domain_name.string);
 519                         break;
 520                 case NETR_DELTA_DELETE_TRUST:
 521                         printf("Delete Trust: %d\n",
 522                                 u.delete_trust.unknown);
 523                         break;
 524                 case NETR_DELTA_ACCOUNT:
 525                         printf("Account\n");
 526                         break;
 527                 case NETR_DELTA_DELETE_ACCOUNT:
 528                         printf("Delete Account: %d\n",
 529                                 u.delete_account.unknown);
 530                         break;
 531                 case NETR_DELTA_SECRET:
 532                         printf("Secret\n");
 533                         break;
 534                 case NETR_DELTA_DELETE_SECRET:
 535                         printf("Delete Secret: %d\n",
 536                                 u.delete_secret.unknown);
 537                         break;
 538                 case NETR_DELTA_DELETE_GROUP2:
 539                         printf("Delete Group2: %s\n",
 540                                 u.delete_group->account_name);
 541                         break;
 542                 case NETR_DELTA_DELETE_USER2:
 543                         printf("Delete User2: %s\n",
 544                                 u.delete_user->account_name);
 545                         break;
 546                 case NETR_DELTA_MODIFY_COUNT:
 547                         printf("sam sequence update: 0x%016llx\n",
 548                                 (unsigned long long) *u.modified_count);
 549                         break;
 550                 default:
 551                         printf("unknown delta type 0x%02x\n",
 552                                 r->delta_enum[i].delta_type);
 553                         break;
 554                 }
 555         }
 556 }
 557 
 558 /* Perform sam synchronisation */
 559 
 560 static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 561                                       TALLOC_CTX *mem_ctx, int argc,
 562                                       const char **argv)
 563 {
 564         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 565         const char *logon_server = cli->desthost;
 566         const char *computername = global_myname();
 567         struct netr_Authenticator credential;
 568         struct netr_Authenticator return_authenticator;
 569         enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
 570         uint16_t restart_state = 0;
 571         uint32_t sync_context = 0;
 572 
 573         if (argc > 2) {
 574                 fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
 575                 return NT_STATUS_OK;
 576         }
 577 
 578         if (argc == 2) {
 579                 database_id = atoi(argv[1]);
 580         }
 581 
 582         /* Synchronise sam database */
 583 
 584         do {
 585                 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
 586 
 587                 netlogon_creds_client_step(cli->dc, &credential);
 588 
 589                 result = rpccli_netr_DatabaseSync2(cli, mem_ctx,
 590                                                    logon_server,
 591                                                    computername,
 592                                                    &credential,
 593                                                    &return_authenticator,
 594                                                    database_id,
 595                                                    restart_state,
 596                                                    &sync_context,
 597                                                    &delta_enum_array,
 598                                                    0xffff);
 599 
 600                 /* Check returned credentials. */
 601                 if (!netlogon_creds_client_check(cli->dc,
 602                                                  &return_authenticator.cred)) {
 603                         DEBUG(0,("credentials chain check failed\n"));
 604                         return NT_STATUS_ACCESS_DENIED;
 605                 }
 606 
 607                 if (NT_STATUS_IS_ERR(result)) {
 608                         break;
 609                 }
 610 
 611                 /* Display results */
 612 
 613                 display_sam_sync(delta_enum_array);
 614 
 615                 TALLOC_FREE(delta_enum_array);
 616 
 617         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 618 
 619         return result;
 620 }
 621 
 622 /* Perform sam delta synchronisation */
 623 
 624 static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 625                                         TALLOC_CTX *mem_ctx, int argc,
 626                                         const char **argv)
 627 {
 628         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 629         uint32_t tmp;
 630         const char *logon_server = cli->desthost;
 631         const char *computername = global_myname();
 632         struct netr_Authenticator credential;
 633         struct netr_Authenticator return_authenticator;
 634         enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
 635         uint64_t sequence_num;
 636 
 637         if (argc != 3) {
 638                 fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]);
 639                 return NT_STATUS_OK;
 640         }
 641 
 642         database_id = atoi(argv[1]);
 643         tmp = atoi(argv[2]);
 644 
 645         sequence_num = tmp & 0xffff;
 646 
 647         do {
 648                 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
 649 
 650                 netlogon_creds_client_step(cli->dc, &credential);
 651 
 652                 result = rpccli_netr_DatabaseDeltas(cli, mem_ctx,
 653                                                     logon_server,
 654                                                     computername,
 655                                                     &credential,
 656                                                     &return_authenticator,
 657                                                     database_id,
 658                                                     &sequence_num,
 659                                                     &delta_enum_array,
 660                                                     0xffff);
 661 
 662                 /* Check returned credentials. */
 663                 if (!netlogon_creds_client_check(cli->dc,
 664                                                  &return_authenticator.cred)) {
 665                         DEBUG(0,("credentials chain check failed\n"));
 666                         return NT_STATUS_ACCESS_DENIED;
 667                 }
 668 
 669                 if (NT_STATUS_IS_ERR(result)) {
 670                         break;
 671                 }
 672 
 673                 /* Display results */
 674 
 675                 display_sam_sync(delta_enum_array);
 676 
 677                 TALLOC_FREE(delta_enum_array);
 678 
 679         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 680 
 681         return result;
 682 }
 683 
 684 /* Log on a domain user */
 685 
 686 static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli, 
     /* [<][>][^][v][top][bottom][index][help] */
 687                                        TALLOC_CTX *mem_ctx, int argc,
 688                                        const char **argv)
 689 {
 690         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 691         int logon_type = NetlogonNetworkInformation;
 692         const char *username, *password;
 693         int auth_level = 2;
 694         uint32 logon_param = 0;
 695         const char *workstation = NULL;
 696 
 697         /* Check arguments */
 698 
 699         if (argc < 3 || argc > 7) {
 700                 fprintf(stderr, "Usage: samlogon <username> <password> [workstation]"
 701                         "[logon_type (1 or 2)] [auth level (2 or 3)] [logon_parameter]\n");
 702                 return NT_STATUS_OK;
 703         }
 704 
 705         username = argv[1];
 706         password = argv[2];
 707 
 708         if (argc >= 4) 
 709                 workstation = argv[3];
 710 
 711         if (argc >= 5)
 712                 sscanf(argv[4], "%i", &logon_type);
 713 
 714         if (argc >= 6)
 715                 sscanf(argv[5], "%i", &auth_level);
 716 
 717         if (argc == 7)
 718                 sscanf(argv[6], "%x", &logon_param);
 719 
 720         /* Perform the sam logon */
 721 
 722         result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, logon_type);
 723 
 724         if (!NT_STATUS_IS_OK(result))
 725                 goto done;
 726 
 727  done:
 728         return result;
 729 }
 730 
 731 /* Change the trust account password */
 732 
 733 static NTSTATUS cmd_netlogon_change_trust_pw(struct rpc_pipe_client *cli, 
     /* [<][>][^][v][top][bottom][index][help] */
 734                                              TALLOC_CTX *mem_ctx, int argc,
 735                                              const char **argv)
 736 {
 737         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 738 
 739         /* Check arguments */
 740 
 741         if (argc > 1) {
 742                 fprintf(stderr, "Usage: change_trust_pw");
 743                 return NT_STATUS_OK;
 744         }
 745 
 746         /* Perform the sam logon */
 747 
 748         result = trust_pw_find_change_and_store_it(cli, mem_ctx,
 749                                                    lp_workgroup());
 750 
 751         if (!NT_STATUS_IS_OK(result))
 752                 goto done;
 753 
 754  done:
 755         return result;
 756 }
 757 
 758 static WERROR cmd_netlogon_gettrustrid(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 759                                        TALLOC_CTX *mem_ctx, int argc,
 760                                        const char **argv)
 761 {
 762         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 763         WERROR werr = WERR_GENERAL_FAILURE;
 764         const char *server_name = cli->desthost;
 765         const char *domain_name = lp_workgroup();
 766         uint32_t rid = 0;
 767 
 768         if (argc < 1 || argc > 3) {
 769                 fprintf(stderr, "Usage: %s <server_name> <domain_name>\n",
 770                         argv[0]);
 771                 return WERR_OK;
 772         }
 773 
 774         if (argc >= 2) {
 775                 server_name = argv[1];
 776         }
 777 
 778         if (argc >= 3) {
 779                 domain_name = argv[2];
 780         }
 781 
 782         status = rpccli_netr_LogonGetTrustRid(cli, mem_ctx,
 783                                               server_name,
 784                                               domain_name,
 785                                               &rid,
 786                                               &werr);
 787         if (!NT_STATUS_IS_OK(status)) {
 788                 goto done;
 789         }
 790 
 791         if (W_ERROR_IS_OK(werr)) {
 792                 printf("Rid: %d\n", rid);
 793         }
 794  done:
 795         return werr;
 796 }
 797 
 798 static WERROR cmd_netlogon_dsr_enumtrustdom(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 799                                             TALLOC_CTX *mem_ctx, int argc,
 800                                             const char **argv)
 801 {
 802         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 803         WERROR werr = WERR_GENERAL_FAILURE;
 804         const char *server_name = cli->desthost;
 805         uint32_t trust_flags = NETR_TRUST_FLAG_IN_FOREST;
 806         struct netr_DomainTrustList trusts;
 807 
 808         if (argc < 1 || argc > 3) {
 809                 fprintf(stderr, "Usage: %s <server_name> <trust_flags>\n",
 810                         argv[0]);
 811                 return WERR_OK;
 812         }
 813 
 814         if (argc >= 2) {
 815                 server_name = argv[1];
 816         }
 817 
 818         if (argc >= 3) {
 819                 sscanf(argv[2], "%x", &trust_flags);
 820         }
 821 
 822         status = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
 823                                                       server_name,
 824                                                       trust_flags,
 825                                                       &trusts,
 826                                                       &werr);
 827         if (!NT_STATUS_IS_OK(status)) {
 828                 goto done;
 829         }
 830 
 831         if (W_ERROR_IS_OK(werr)) {
 832                 int i;
 833 
 834                 printf("%d domains returned\n", trusts.count);
 835 
 836                 for (i=0; i<trusts.count; i++ ) {
 837                         printf("%s (%s)\n",
 838                                 trusts.array[i].dns_name,
 839                                 trusts.array[i].netbios_name);
 840                 }
 841         }
 842  done:
 843         return werr;
 844 }
 845 
 846 static WERROR cmd_netlogon_deregisterdnsrecords(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 847                                                 TALLOC_CTX *mem_ctx, int argc,
 848                                                 const char **argv)
 849 {
 850         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 851         WERROR werr = WERR_GENERAL_FAILURE;
 852         const char *server_name = cli->desthost;
 853         const char *domain = lp_workgroup();
 854         const char *dns_host = NULL;
 855 
 856         if (argc < 1 || argc > 4) {
 857                 fprintf(stderr, "Usage: %s <server_name> <domain_name> "
 858                         "<dns_host>\n", argv[0]);
 859                 return WERR_OK;
 860         }
 861 
 862         if (argc >= 2) {
 863                 server_name = argv[1];
 864         }
 865 
 866         if (argc >= 3) {
 867                 domain = argv[2];
 868         }
 869 
 870         if (argc >= 4) {
 871                 dns_host = argv[3];
 872         }
 873 
 874         status = rpccli_netr_DsrDeregisterDNSHostRecords(cli, mem_ctx,
 875                                                          server_name,
 876                                                          domain,
 877                                                          NULL,
 878                                                          NULL,
 879                                                          dns_host,
 880                                                          &werr);
 881         if (!NT_STATUS_IS_OK(status)) {
 882                 goto done;
 883         }
 884 
 885         if (W_ERROR_IS_OK(werr)) {
 886                 printf("success\n");
 887         }
 888  done:
 889         return werr;
 890 }
 891 
 892 static WERROR cmd_netlogon_dsr_getforesttrustinfo(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 893                                                   TALLOC_CTX *mem_ctx, int argc,
 894                                                   const char **argv)
 895 {
 896         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 897         WERROR werr = WERR_GENERAL_FAILURE;
 898         const char *server_name = cli->desthost;
 899         const char *trusted_domain_name = NULL;
 900         struct lsa_ForestTrustInformation *info = NULL;
 901         uint32_t flags = 0;
 902 
 903         if (argc < 1 || argc > 4) {
 904                 fprintf(stderr, "Usage: %s <server_name> <trusted_domain_name> "
 905                         "<flags>\n", argv[0]);
 906                 return WERR_OK;
 907         }
 908 
 909         if (argc >= 2) {
 910                 server_name = argv[1];
 911         }
 912 
 913         if (argc >= 3) {
 914                 trusted_domain_name = argv[2];
 915         }
 916 
 917         if (argc >= 4) {
 918                 sscanf(argv[3], "%x", &flags);
 919         }
 920 
 921         status = rpccli_netr_DsRGetForestTrustInformation(cli, mem_ctx,
 922                                                          server_name,
 923                                                          trusted_domain_name,
 924                                                          flags,
 925                                                          &info,
 926                                                          &werr);
 927         if (!NT_STATUS_IS_OK(status)) {
 928                 goto done;
 929         }
 930 
 931         if (W_ERROR_IS_OK(werr)) {
 932                 printf("success\n");
 933         }
 934  done:
 935         return werr;
 936 }
 937 
 938 static WERROR cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 939                                               TALLOC_CTX *mem_ctx, int argc,
 940                                               const char **argv)
 941 {
 942         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 943         WERROR werr = WERR_GENERAL_FAILURE;
 944         const char *server_name = cli->desthost;
 945         struct netr_Blob blob;
 946 
 947 
 948         if (argc < 1 || argc > 3) {
 949                 fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
 950                 return WERR_OK;
 951         }
 952 
 953         if (argc >= 2) {
 954                 server_name = argv[1];
 955         }
 956 
 957         status = rpccli_netr_NetrEnumerateTrustedDomains(cli, mem_ctx,
 958                                                          server_name,
 959                                                          &blob,
 960                                                          &werr);
 961         if (!NT_STATUS_IS_OK(status)) {
 962                 goto done;
 963         }
 964 
 965         if (W_ERROR_IS_OK(werr)) {
 966                 printf("success\n");
 967                 dump_data(1, blob.data, blob.length);
 968         }
 969  done:
 970         return werr;
 971 }
 972 
 973 static WERROR cmd_netlogon_enumtrusteddomainsex(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 974                                                 TALLOC_CTX *mem_ctx, int argc,
 975                                                 const char **argv)
 976 {
 977         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 978         WERROR werr = WERR_GENERAL_FAILURE;
 979         const char *server_name = cli->desthost;
 980         struct netr_DomainTrustList list;
 981 
 982         if (argc < 1 || argc > 3) {
 983                 fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
 984                 return WERR_OK;
 985         }
 986 
 987         if (argc >= 2) {
 988                 server_name = argv[1];
 989         }
 990 
 991         status = rpccli_netr_NetrEnumerateTrustedDomainsEx(cli, mem_ctx,
 992                                                            server_name,
 993                                                            &list,
 994                                                            &werr);
 995         if (!NT_STATUS_IS_OK(status)) {
 996                 goto done;
 997         }
 998 
 999         if (W_ERROR_IS_OK(werr)) {
1000                 printf("success\n");
1001         }
1002  done:
1003         return werr;
1004 }
1005 
1006 static WERROR cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
1007                                              TALLOC_CTX *mem_ctx, int argc,
1008                                              const char **argv)
1009 {
1010         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1011         WERROR werr = WERR_GENERAL_FAILURE;
1012         const char *server_name = cli->desthost;
1013         struct DcSitesCtr *ctr = NULL;
1014 
1015         if (argc < 1 || argc > 3) {
1016                 fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
1017                 return WERR_OK;
1018         }
1019 
1020         if (argc >= 2) {
1021                 server_name = argv[1];
1022         }
1023 
1024         status = rpccli_netr_DsrGetDcSiteCoverageW(cli, mem_ctx,
1025                                                    server_name,
1026                                                    &ctr,
1027                                                    &werr);
1028         if (!NT_STATUS_IS_OK(status)) {
1029                 goto done;
1030         }
1031 
1032         if (W_ERROR_IS_OK(werr) && ctr->num_sites) {
1033                 int i;
1034                 printf("sites covered by this DC: %d\n", ctr->num_sites);
1035                 for (i=0; i<ctr->num_sites; i++) {
1036                         printf("%s\n", ctr->sites[i].string);
1037                 }
1038         }
1039  done:
1040         return werr;
1041 }
1042 
1043 static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
1044                                            TALLOC_CTX *mem_ctx, int argc,
1045                                            const char **argv)
1046 {
1047         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1048         const char *server_name = cli->desthost;
1049         uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
1050         struct netr_Authenticator clnt_creds, srv_cred;
1051         struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1052         unsigned char trust_passwd_hash[16];
1053         uint32_t sec_channel_type = 0;
1054         struct netr_ChangeLogEntry e;
1055         uint32_t rid = 500;
1056 
1057         if (argc > 2) {
1058                 fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
1059                 return NT_STATUS_OK;
1060         }
1061 
1062         if (argc == 2) {
1063                 sscanf(argv[1], "%d", &rid);
1064         }
1065 
1066         if (!secrets_fetch_trust_account_password(lp_workgroup(),
1067                                                   trust_passwd_hash,
1068                                                   NULL, &sec_channel_type)) {
1069                 return NT_STATUS_UNSUCCESSFUL;
1070         }
1071 
1072         status = rpccli_netlogon_setup_creds(cli,
1073                                              server_name, /* server name */
1074                                              lp_workgroup(), /* domain */
1075                                              global_myname(), /* client name */
1076                                              global_myname(), /* machine account name */
1077                                              trust_passwd_hash,
1078                                              sec_channel_type,
1079                                              &neg_flags);
1080 
1081         if (!NT_STATUS_IS_OK(status)) {
1082                 return status;
1083         }
1084 
1085         netlogon_creds_client_step(cli->dc, &clnt_creds);
1086 
1087         ZERO_STRUCT(e);
1088 
1089         e.object_rid            = rid;
1090         e.db_index              = SAM_DATABASE_DOMAIN;
1091         e.delta_type            = NETR_DELTA_USER;
1092 
1093         status = rpccli_netr_DatabaseRedo(cli, mem_ctx,
1094                                           server_name,
1095                                           global_myname(),
1096                                           &clnt_creds,
1097                                           &srv_cred,
1098                                           e,
1099                                           0, /* is calculated automatically */
1100                                           &delta_enum_array);
1101 
1102         if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
1103                 DEBUG(0,("credentials chain check failed\n"));
1104                 return NT_STATUS_ACCESS_DENIED;
1105         }
1106 
1107         return status;
1108 }
1109 
1110 static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli,
     /* [<][>][^][v][top][bottom][index][help] */
1111                                           TALLOC_CTX *mem_ctx, int argc,
1112                                           const char **argv)
1113 {
1114         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1115         struct netr_Authenticator credential;
1116         struct netr_Authenticator return_authenticator;
1117         union netr_Capabilities capabilities;
1118         uint32_t level = 1;
1119 
1120         if (argc > 2) {
1121                 fprintf(stderr, "Usage: %s <level>\n", argv[0]);
1122                 return NT_STATUS_OK;
1123         }
1124 
1125         if (argc == 2) {
1126                 level = atoi(argv[1]);
1127         }
1128 
1129 #if 0
1130         netlogon_creds_client_step(cli->dc, &credential);
1131 #else
1132         ZERO_STRUCT(credential);
1133 #endif
1134 
1135         status = rpccli_netr_LogonGetCapabilities(cli, mem_ctx,
1136                                                   cli->desthost,
1137                                                   global_myname(),
1138                                                   &credential,
1139                                                   &return_authenticator,
1140                                                   level,
1141                                                   &capabilities);
1142 #if 0
1143         if (!netlogon_creds_client_check(cli->dc,
1144                                          &return_authenticator.cred)) {
1145                 DEBUG(0,("credentials chain check failed\n"));
1146                 return NT_STATUS_ACCESS_DENIED;
1147         }
1148 #endif
1149 
1150         return status;
1151 }
1152 
1153 /* List of commands exported by this module */
1154 
1155 struct cmd_set netlogon_commands[] = {
1156 
1157         { "NETLOGON" },
1158 
1159         { "logonctrl2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl2, &ndr_table_netlogon.syntax_id, NULL, "Logon Control 2",     "" },
1160         { "getanydcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getanydcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name",     "" },
1161         { "getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted PDC name",     "" },
1162         { "dsr_getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcname, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name",     "" },
1163         { "dsr_getdcnameex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name",     "" },
1164         { "dsr_getdcnameex2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex2, &ndr_table_netlogon.syntax_id, NULL, "Get trusted DC name",     "" },
1165         { "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, &ndr_table_netlogon.syntax_id, NULL, "Get sitename",     "" },
1166         { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, &ndr_table_netlogon.syntax_id, NULL, "Get Forest Trust Info",     "" },
1167         { "logonctrl",  RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, &ndr_table_netlogon.syntax_id, NULL, "Logon Control",       "" },
1168         { "samsync",    RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync,    NULL, &ndr_table_netlogon.syntax_id, NULL, "Sam Synchronisation", "" },
1169         { "samdeltas",  RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas,  NULL, &ndr_table_netlogon.syntax_id, NULL, "Query Sam Deltas",    "" },
1170         { "samlogon",   RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon,   NULL, &ndr_table_netlogon.syntax_id, NULL, "Sam Logon",           "" },
1171         { "change_trust_pw",   RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw,   NULL, &ndr_table_netlogon.syntax_id, NULL, "Change Trust Account Password",           "" },
1172         { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, &ndr_table_netlogon.syntax_id, NULL, "Get trust rid",     "" },
1173         { "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains",     "" },
1174         { "dsenumdomtrusts",  RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, &ndr_table_netlogon.syntax_id, NULL, "Enumerate all trusted domains in an AD forest",     "" },
1175         { "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, &ndr_table_netlogon.syntax_id, NULL, "Deregister DNS records",     "" },
1176         { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains",     "" },
1177         { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains",     "" },
1178         { "getdcsitecoverage", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcsitecoverage, &ndr_table_netlogon.syntax_id, NULL, "Get the Site-Coverage from a DC",     "" },
1179         { "database_redo", RPC_RTYPE_NTSTATUS, cmd_netlogon_database_redo, NULL, &ndr_table_netlogon.syntax_id, NULL, "Replicate single object from a DC",     "" },
1180         { "capabilities", RPC_RTYPE_NTSTATUS, cmd_netlogon_capabilities, NULL, &ndr_table_netlogon.syntax_id, NULL, "Return Capabilities",     "" },
1181 
1182         { NULL }
1183 };

/* [<][>][^][v][top][bottom][index][help] */