Beispiel #1
0
static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
					   TALLOC_CTX *mem_ctx, int argc,
					   const char **argv)
{
	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
	NTSTATUS result;
	const char *server_name = cli->desthost;
	struct netr_Authenticator clnt_creds, srv_cred;
	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
	struct netr_ChangeLogEntry e;
	uint32_t rid = 500;
	struct dcerpc_binding_handle *b = cli->binding_handle;
	struct netlogon_creds_CredentialState *creds = NULL;

	if (argc > 2) {
		fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
		return NT_STATUS_OK;
	}

	if (argc == 2) {
		sscanf(argv[1], "%d", &rid);
	}

	if (rpcclient_netlogon_creds == NULL) {
		return NT_STATUS_UNSUCCESSFUL;
	}

	status = netlogon_creds_cli_lock(rpcclient_netlogon_creds,
					 mem_ctx, &creds);
	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}

	netlogon_creds_client_authenticator(creds, &clnt_creds);

	ZERO_STRUCT(e);

	e.object_rid		= rid;
	e.db_index		= SAM_DATABASE_DOMAIN;
	e.delta_type		= NETR_DELTA_USER;

	status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
					  server_name,
					  lp_netbios_name(),
					  &clnt_creds,
					  &srv_cred,
					  e,
					  0, /* is calculated automatically */
					  &delta_enum_array,
					  &result);
	if (!NT_STATUS_IS_OK(status)) {
		TALLOC_FREE(creds);
		return status;
	}

	if (!netlogon_creds_client_check(creds, &srv_cred.cred)) {
		DEBUG(0,("credentials chain check failed\n"));
		TALLOC_FREE(creds);
		return NT_STATUS_ACCESS_DENIED;
	}
	TALLOC_FREE(creds);

	return result;
}
Beispiel #2
0
static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
					   TALLOC_CTX *mem_ctx, int argc,
					   const char **argv)
{
	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
	NTSTATUS result;
	const char *server_name = cli->desthost;
	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
	struct netr_Authenticator clnt_creds, srv_cred;
	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
	unsigned char trust_passwd_hash[16];
	enum netr_SchannelType sec_channel_type = 0;
	struct netr_ChangeLogEntry e;
	uint32_t rid = 500;
	struct dcerpc_binding_handle *b = cli->binding_handle;

	if (argc > 2) {
		fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
		return NT_STATUS_OK;
	}

	if (argc == 2) {
		sscanf(argv[1], "%d", &rid);
	}

	if (!secrets_fetch_trust_account_password(lp_workgroup(),
						  trust_passwd_hash,
						  NULL, &sec_channel_type)) {
		return NT_STATUS_UNSUCCESSFUL;
	}

	status = rpccli_netlogon_setup_creds(cli,
					     server_name, /* server name */
					     lp_workgroup(), /* domain */
					     lp_netbios_name(), /* client name */
					     lp_netbios_name(), /* machine account name */
					     trust_passwd_hash,
					     sec_channel_type,
					     &neg_flags);

	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}

	netlogon_creds_client_authenticator(cli->dc, &clnt_creds);

	ZERO_STRUCT(e);

	e.object_rid		= rid;
	e.db_index		= SAM_DATABASE_DOMAIN;
	e.delta_type		= NETR_DELTA_USER;

	status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
					  server_name,
					  lp_netbios_name(),
					  &clnt_creds,
					  &srv_cred,
					  e,
					  0, /* is calculated automatically */
					  &delta_enum_array,
					  &result);
	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}

	if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
		DEBUG(0,("credentials chain check failed\n"));
		return NT_STATUS_ACCESS_DENIED;
	}

	return result;
}