bool cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
{
char *rparam = NULL;
char *rdata = NULL;
char *p;
unsigned int rdrcnt,rprcnt;
char param[1024];
memset(param, 0, sizeof(param));
/* send a SMBtrans command with api NetWkstaUserLogon */
p = param;
SSVAL(p,0,132); /* api number */
p += 2;
strlcpy(p,"OOWb54WrLh",sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
strlcpy(p,"WB21BWDWWDDDDDDDzzzD",sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
SSVAL(p,0,1);
p += 2;
strlcpy(p,user,sizeof(param)-PTR_DIFF(p,param));
strupper_m(p);
p += 21;
p++;
p += 15;
p++;
strlcpy(p, workstation,sizeof(param)-PTR_DIFF(p,param));
strupper_m(p);
p += 16;
SSVAL(p, 0, CLI_BUFFER_SIZE);
p += 2;
SSVAL(p, 0, CLI_BUFFER_SIZE);
p += 2;
if (cli_api(cli,
param, PTR_DIFF(p,param),1024, /* param, length, max */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
&rparam, &rprcnt, /* return params, return size */
&rdata, &rdrcnt /* return data, return size */
)) {
cli->rap_error = rparam? SVAL(rparam,0) : -1;
p = rdata;
if (cli->rap_error == 0) {
DEBUG(4,("NetWkstaUserLogon success\n"));
/*
* The cli->privileges = SVAL(p, 24); field was set here
* but it was not use anywhere else.
*/
/* The cli->eff_name field used to be set here
but it wasn't used anywhere else. */
} else {
DEBUG(1,("NetwkstaUserLogon gave error %d\n", cli->rap_error));
}
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return (cli->rap_error == 0);
}
int cli_printjob_del(struct cli_state *cli, int job)
{
char *rparam = NULL;
char *rdata = NULL;
char *p;
unsigned int rdrcnt,rprcnt;
int ret = -1;
char param[1024];
memset(param,'\0',sizeof(param));
p = param;
SSVAL(p,0,81); /* DosPrintJobDel() */
p += 2;
strlcpy_base(p,"W", param,sizeof(param));
p = skip_string(param,sizeof(param),p);
strlcpy_base(p,"", param,sizeof(param));
p = skip_string(param,sizeof(param),p);
SSVAL(p,0,job);
p += 2;
if (cli_api(cli,
param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, maxlen */
&rparam, &rprcnt, /* return params, length */
&rdata, &rdrcnt)) { /* return data, length */
ret = SVAL(rparam,0);
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return ret;
}
bool cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password,
const char *old_password)
{
char param[1024];
unsigned char data[532];
char *p = param;
unsigned char old_pw_hash[16];
unsigned char new_pw_hash[16];
unsigned int data_len;
unsigned int param_len = 0;
char *rparam = NULL;
char *rdata = NULL;
unsigned int rprcnt, rdrcnt;
if (strlen(user) >= sizeof(fstring)-1) {
DEBUG(0,("cli_oem_change_password: user name %s is too long.\n", user));
return False;
}
SSVAL(p,0,214); /* SamOEMChangePassword command. */
p += 2;
strlcpy(p, "zsT", sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
strlcpy(p, "B516B16", sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
strlcpy(p,user, sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
SSVAL(p,0,532);
p += 2;
param_len = PTR_DIFF(p,param);
/*
* Get the Lanman hash of the old password, we
* use this as the key to make_oem_passwd_hash().
*/
E_deshash(old_password, old_pw_hash);
encode_pw_buffer(data, new_password, STR_ASCII);
#ifdef DEBUG_PASSWORD
DEBUG(100,("make_oem_passwd_hash\n"));
dump_data(100, data, 516);
#endif
arcfour_crypt( (unsigned char *)data, (unsigned char *)old_pw_hash, 516);
/*
* Now place the old password hash in the data.
*/
E_deshash(new_password, new_pw_hash);
E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]);
data_len = 532;
if (!cli_api(cli,
param, param_len, 4, /* param, length, max */
(char *)data, data_len, 0, /* data, length, max */
&rparam, &rprcnt,
&rdata, &rdrcnt)) {
DEBUG(0,("cli_oem_change_password: Failed to send password change for user %s\n",
user ));
return False;
}
if (rparam) {
cli->rap_error = SVAL(rparam,0);
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return (cli->rap_error == 0);
}
bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype,
void (*fn)(const char *, uint32_t, const char *, void *),
void *state)
{
char *rparam = NULL;
char *rdata = NULL;
char *rdata_end = NULL;
unsigned int rdrcnt,rprcnt;
char *p;
char param[1024];
int uLevel = 1;
size_t len;
uint32_t func = RAP_NetServerEnum2;
char *last_entry = NULL;
int total_cnt = 0;
int return_cnt = 0;
int res;
errno = 0; /* reset */
/*
* This may take more than one transaction, so we should loop until
* we no longer get a more data to process or we have all of the
* items.
*/
do {
/* send a SMBtrans command with api NetServerEnum */
p = param;
SIVAL(p,0,func); /* api number */
p += 2;
if (func == RAP_NetServerEnum3) {
strlcpy(p,"WrLehDzz", sizeof(param)-PTR_DIFF(p,param));
} else {
strlcpy(p,"WrLehDz", sizeof(param)-PTR_DIFF(p,param));
}
p = skip_string(param, sizeof(param), p);
strlcpy(p,"B16BBDz", sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param, sizeof(param), p);
SSVAL(p,0,uLevel);
SSVAL(p,2,CLI_BUFFER_SIZE);
p += 4;
SIVAL(p,0,stype);
p += 4;
/* If we have more data, tell the server where
* to continue from.
*/
len = push_ascii(p,
workgroup,
sizeof(param) - PTR_DIFF(p,param) - 1,
STR_TERMINATE|STR_UPPER);
if (len == 0) {
SAFE_FREE(last_entry);
return false;
}
p += len;
if (func == RAP_NetServerEnum3) {
len = push_ascii(p,
last_entry ? last_entry : "",
sizeof(param) - PTR_DIFF(p,param) - 1,
STR_TERMINATE);
if (len == 0) {
SAFE_FREE(last_entry);
return false;
}
p += len;
}
/* Next time through we need to use the continue api */
func = RAP_NetServerEnum3;
if (!cli_api(cli,
param, PTR_DIFF(p,param), 8, /* params, length, max */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
&rparam, &rprcnt, /* return params, return size */
&rdata, &rdrcnt)) { /* return data, return size */
/* break out of the loop on error */
res = -1;
break;
}
rdata_end = rdata + rdrcnt;
res = rparam ? SVAL(rparam,0) : -1;
if (res == 0 || res == ERRmoredata ||
(res != -1 && cli_errno(cli) == 0)) {
char *sname = NULL;
int i, count;
int converter=SVAL(rparam,2);
/* Get the number of items returned in this buffer */
count = SVAL(rparam, 4);
/* The next field contains the number of items left,
* including those returned in this buffer. So the
* first time through this should contain all of the
* entries.
*/
if (total_cnt == 0) {
total_cnt = SVAL(rparam, 6);
}
/* Keep track of how many we have read */
return_cnt += count;
p = rdata;
/* The last name in the previous NetServerEnum reply is
* sent back to server in the NetServerEnum3 request
* (last_entry). The next reply should repeat this entry
* as the first element. We have no proof that this is
* always true, but from traces that seems to be the
* behavior from Window Servers. So first lets do a lot
* of checking, just being paranoid. If the string
* matches then we already saw this entry so skip it.
*
* NOTE: sv1_name field must be null terminated and has
* a max size of 16 (NetBIOS Name).
*/
if (last_entry && count && p &&
(strncmp(last_entry, p, 16) == 0)) {
count -= 1; /* Skip this entry */
return_cnt = -1; /* Not part of total, so don't count. */
p = rdata + 26; /* Skip the whole record */
}
for (i = 0; i < count; i++, p += 26) {
int comment_offset;
const char *cmnt;
const char *p1;
char *s1, *s2;
TALLOC_CTX *frame = talloc_stackframe();
uint32_t entry_stype;
if (p + 26 > rdata_end) {
TALLOC_FREE(frame);
break;
}
sname = p;
comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
cmnt = comment_offset?(rdata+comment_offset):"";
if (comment_offset < 0 || comment_offset >= (int)rdrcnt) {
TALLOC_FREE(frame);
continue;
}
/* Work out the comment length. */
for (p1 = cmnt, len = 0; *p1 &&
p1 < rdata_end; len++)
p1++;
if (!*p1) {
len++;
}
entry_stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
pull_string_talloc(frame,rdata,0,
&s1,sname,16,STR_ASCII);
pull_string_talloc(frame,rdata,0,
&s2,cmnt,len,STR_ASCII);
if (!s1 || !s2) {
TALLOC_FREE(frame);
continue;
}
fn(s1, entry_stype, s2, state);
TALLOC_FREE(frame);
}
/* We are done with the old last entry, so now we can free it */
if (last_entry) {
SAFE_FREE(last_entry); /* This will set it to null */
}
/* We always make a copy of the last entry if we have one */
if (sname) {
last_entry = smb_xstrdup(sname);
}
/* If we have more data, but no last entry then error out */
if (!last_entry && (res == ERRmoredata)) {
errno = EINVAL;
res = 0;
}
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
} while ((res == ERRmoredata) && (total_cnt > return_cnt));
SAFE_FREE(rparam);
SAFE_FREE(rdata);
SAFE_FREE(last_entry);
if (res == -1) {
errno = cli_errno(cli);
} else {
if (!return_cnt) {
/* this is a very special case, when the domain master for the
work group isn't part of the work group itself, there is something
wild going on */
errno = ENOENT;
}
}
return(return_cnt > 0);
}
int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32_t, const char *, void *), void *state)
{
char *rparam = NULL;
char *rdata = NULL;
char *p;
unsigned int rdrcnt,rprcnt;
char param[1024];
int count = -1;
/* now send a SMBtrans command with api RNetShareEnum */
p = param;
SSVAL(p,0,0); /* api number */
p += 2;
strlcpy(p,"WrLeh",sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
strlcpy(p,"B13BWz",sizeof(param)-PTR_DIFF(p,param));
p = skip_string(param,sizeof(param),p);
SSVAL(p,0,1);
/*
* Win2k needs a *smaller* buffer than 0xFFFF here -
* it returns "out of server memory" with 0xFFFF !!! JRA.
*/
SSVAL(p,2,0xFFE0);
p += 4;
if (cli_api(cli,
param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
NULL, 0, 0xFFE0, /* data, length, maxlen - Win2k needs a small buffer here too ! */
&rparam, &rprcnt, /* return params, length */
&rdata, &rdrcnt)) /* return data, length */
{
int res = rparam? SVAL(rparam,0) : -1;
if (res == 0 || res == ERRmoredata) {
int converter=SVAL(rparam,2);
int i;
char *rdata_end = rdata + rdrcnt;
count=SVAL(rparam,4);
p = rdata;
for (i=0;i<count;i++,p+=20) {
char *sname;
int type;
int comment_offset;
const char *cmnt;
const char *p1;
char *s1, *s2;
size_t len;
TALLOC_CTX *frame = talloc_stackframe();
if (p + 20 > rdata_end) {
TALLOC_FREE(frame);
break;
}
sname = p;
type = SVAL(p,14);
comment_offset = (IVAL(p,16) & 0xFFFF) - converter;
if (comment_offset < 0 ||
comment_offset > (int)rdrcnt) {
TALLOC_FREE(frame);
break;
}
cmnt = comment_offset?(rdata+comment_offset):"";
/* Work out the comment length. */
for (p1 = cmnt, len = 0; *p1 &&
p1 < rdata_end; len++)
p1++;
if (!*p1) {
len++;
}
pull_string_talloc(frame,rdata,0,
&s1,sname,14,STR_ASCII);
pull_string_talloc(frame,rdata,0,
&s2,cmnt,len,STR_ASCII);
if (!s1 || !s2) {
TALLOC_FREE(frame);
continue;
}
fn(s1, type, s2, state);
TALLOC_FREE(frame);
}
} else {
DEBUG(4,("NetShareEnum res=%d\n", res));
}
} else {
DEBUG(4,("NetShareEnum failed\n"));
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return count;
}
int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state)
{
char *rparam = NULL;
char *rdata = NULL;
char *p;
unsigned int rdrcnt,rprcnt;
pstring param;
int count = -1;
/* now send a SMBtrans command with api RNetShareEnum */
p = param;
SSVAL(p,0,0); /* api number */
p += 2;
pstrcpy_base(p,"WrLeh",param);
p = skip_string(param,sizeof(param),p);
pstrcpy_base(p,"B13BWz",param);
p = skip_string(param,sizeof(param),p);
SSVAL(p,0,1);
/*
* Win2k needs a *smaller* buffer than 0xFFFF here -
* it returns "out of server memory" with 0xFFFF !!! JRA.
*/
SSVAL(p,2,0xFFE0);
p += 4;
if (cli_api(cli,
param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
NULL, 0, 0xFFE0, /* data, length, maxlen - Win2k needs a small buffer here too ! */
&rparam, &rprcnt, /* return params, length */
&rdata, &rdrcnt)) /* return data, length */
{
int res = rparam? SVAL(rparam,0) : -1;
if (res == 0 || res == ERRmoredata) {
int converter=SVAL(rparam,2);
int i;
count=SVAL(rparam,4);
p = rdata;
for (i=0;i<count;i++,p+=20) {
char *sname = p;
int type = SVAL(p,14);
int comment_offset = IVAL(p,16) & 0xFFFF;
const char *cmnt = comment_offset?(rdata+comment_offset-converter):"";
pstring s1, s2;
pull_ascii_pstring(s1, sname);
pull_ascii_pstring(s2, cmnt);
fn(s1, type, s2, state);
}
} else {
DEBUG(4,("NetShareEnum res=%d\n", res));
}
} else {
DEBUG(4,("NetShareEnum failed\n"));
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return count;
}
/****************************************************************************
call a NetServerEnum for the specified workgroup and servertype mask. This
function then calls the specified callback function for each name returned.
The callback function takes 4 arguments: the machine name, the server type,
the comment and a state pointer.
****************************************************************************/
BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
void (*fn)(const char *, uint32, const char *, void *),
void *state)
{
char *rparam = NULL;
char *rdata = NULL;
unsigned int rdrcnt,rprcnt;
char *p;
pstring param;
int uLevel = 1;
int count = -1;
errno = 0; /* reset */
/* send a SMBtrans command with api NetServerEnum */
p = param;
SSVAL(p,0,0x68); /* api number */
p += 2;
pstrcpy_base(p,"WrLehDz", param);
p = skip_string(p,1);
pstrcpy_base(p,"B16BBDz", param);
p = skip_string(p,1);
SSVAL(p,0,uLevel);
SSVAL(p,2,CLI_BUFFER_SIZE);
p += 4;
SIVAL(p,0,stype);
p += 4;
p += push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1, STR_TERMINATE|STR_UPPER);
if (cli_api(cli,
param, PTR_DIFF(p,param), 8, /* params, length, max */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
&rparam, &rprcnt, /* return params, return size */
&rdata, &rdrcnt /* return data, return size */
)) {
int res = rparam? SVAL(rparam,0) : -1;
if (res == 0 || res == ERRmoredata) {
int i;
int converter=SVAL(rparam,2);
count=SVAL(rparam,4);
p = rdata;
for (i = 0;i < count;i++, p += 26) {
char *sname = p;
int comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
const char *cmnt = comment_offset?(rdata+comment_offset):"";
pstring s1, s2;
if (comment_offset < 0 || comment_offset > (int)rdrcnt) continue;
stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
pull_ascii_pstring(s1, sname);
pull_ascii_pstring(s2, cmnt);
fn(s1, stype, s2, state);
}
}
}
SAFE_FREE(rparam);
SAFE_FREE(rdata);
if (count < 0) {
errno = cli_errno(cli);
} else {
if (!count) {
/* this is a very special case, when the domain master for the
work group isn't part of the work group itself, there is something
wild going on */
errno = ENOENT;
}
}
return(count > 0);
}
int cli_print_queue(struct cli_state *cli,
void (*fn)(struct print_job_info *))
{
char *rparam = NULL;
char *rdata = NULL;
char *p;
unsigned int rdrcnt, rprcnt;
char param[1024];
int result_code=0;
int i = -1;
memset(param,'\0',sizeof(param));
p = param;
SSVAL(p,0,76); /* API function number 76 (DosPrintJobEnum) */
p += 2;
strlcpy_base(p,"zWrLeh", param, sizeof(param)); /* parameter description? */
p = skip_string(param,sizeof(param),p);
strlcpy_base(p,"WWzWWDDzz", param, sizeof(param)); /* returned data format */
p = skip_string(param,sizeof(param),p);
strlcpy_base(p,cli->share, param, sizeof(param)); /* name of queue */
p = skip_string(param,sizeof(param),p);
SSVAL(p,0,2); /* API function level 2, PRJINFO_2 data structure */
SSVAL(p,2,1000); /* size of bytes of returned data buffer */
p += 4;
strlcpy_base(p,"", param,sizeof(param)); /* subformat */
p = skip_string(param,sizeof(param),p);
DEBUG(4,("doing cli_print_queue for %s\n", cli->share));
if (cli_api(cli,
param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, maxlen */
&rparam, &rprcnt, /* return params, length */
&rdata, &rdrcnt)) { /* return data, length */
int converter;
result_code = SVAL(rparam,0);
converter = SVAL(rparam,2); /* conversion factor */
if (result_code == 0) {
struct print_job_info job;
p = rdata;
for (i = 0; i < SVAL(rparam,4); ++i) {
job.id = SVAL(p,0);
job.priority = SVAL(p,2);
fstrcpy(job.user,
fix_char_ptr(SVAL(p,4), converter,
rdata, rdrcnt));
job.t = make_unix_date3(
p + 12, cli_state_server_time_zone(cli));
job.size = IVAL(p,16);
fstrcpy(job.name,fix_char_ptr(SVAL(p,24),
converter,
rdata, rdrcnt));
fn(&job);
p += 28;
}
}
}
/* If any parameters or data were returned, free the storage. */
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return i;
}
