/**************************************************************************** connect to \\server\service ****************************************************************************/ NTSTATUS connect_to_service(struct cli_state **c, struct in_addr *server_ip, const char *server_name, const char *service_name, const char *service_type) { NTSTATUS nt_status; if (!opt_password && !opt_machine_pass) { char *pass = getpass("Password:"******"Could not connect to server %s\n", server_name); /* Display a nicer message depending on the result */ if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_LOGON_FAILURE)) d_fprintf(stderr, "The username or password was not correct.\n"); if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT)) d_fprintf(stderr, "The account was locked out.\n"); if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED)) d_fprintf(stderr, "The account was disabled.\n"); return nt_status; } }
static int net_registry_getvaluesraw(struct net_context *c, int argc, const char **argv) { WERROR werr; int ret = -1; struct registry_key *key = NULL; TALLOC_CTX *ctx = talloc_stackframe(); uint32_t idx; if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net rpc registry getvaluesraw " "<key>\n"); goto done; } werr = open_key(ctx, argv[0], REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "open_key failed: %s\n", win_errstr(werr)); goto done; } idx = 0; while (true) { struct registry_value *val; werr = reg_enumvalue(talloc_tos(), key, idx, NULL, &val); if (W_ERROR_EQUAL(werr, WERR_NO_MORE_ITEMS)) { ret = 0; break; } if (!W_ERROR_IS_OK(werr)) { break; } print_registry_value(val, true); TALLOC_FREE(val); idx += 1; } done: TALLOC_FREE(ctx); return ret; }
int net_vampire(struct net_context *ctx, int argc, const char **argv) { NTSTATUS status; struct libnet_context *libnetctx; struct libnet_Vampire *r; char *tmp, *targetdir = NULL; const char *domain_name; switch (argc) { case 0: /* no args -> fail */ return net_vampire_usage(ctx, argc, argv); case 1: /* only DOMAIN */ tmp = talloc_strdup(ctx, argv[0]); break; case 2: /* domain and target dir */ tmp = talloc_strdup(ctx, argv[0]); targetdir = talloc_strdup(ctx, argv[1]); break; default: /* too many args -> fail */ return net_vampire_usage(ctx, argc, argv); } domain_name = tmp; libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx); if (!libnetctx) { return -1; } libnetctx->cred = ctx->credentials; r = talloc(ctx, struct libnet_Vampire); if (!r) { return -1; } /* prepare parameters for the vampire */ r->in.netbios_name = lp_netbios_name(ctx->lp_ctx); r->in.domain_name = domain_name; r->in.targetdir = targetdir; r->out.error_string = NULL; /* do the domain vampire */ status = libnet_Vampire(libnetctx, r, r); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "Vampire of domain failed: %s\n", r->out.error_string ? r->out.error_string : nt_errstr(status)); talloc_free(r); talloc_free(libnetctx); return -1; } d_printf("Vampired domain %s (%s)\n", r->out.domain_name, dom_sid_string(ctx, r->out.domain_sid)); talloc_free(libnetctx); return 0; }
static int net_usershare_delete(struct net_context *c, int argc, const char **argv) { char *us_path; char *sharename; if (argc != 1 || c->display_usage) { return net_usershare_delete_usage(c, argc, argv); } if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) { d_fprintf(stderr, _("strlower_talloc failed\n")); return -1; } if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) { d_fprintf(stderr, _("net usershare delete: share name %s contains " "invalid characters (any of %s)\n"), sharename, INVALID_SHARENAME_CHARS); TALLOC_FREE(sharename); return -1; } us_path = talloc_asprintf(talloc_tos(), "%s/%s", lp_usershare_path(talloc_tos()), sharename); if (!us_path) { TALLOC_FREE(sharename); return -1; } if (unlink(us_path) != 0) { d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. " "Error was %s\n"), us_path, strerror(errno)); TALLOC_FREE(sharename); return -1; } TALLOC_FREE(sharename); return 0; }
static int dbwrap_tool_store_hex(struct db_context *db, const char *keyname, const char *data) { NTSTATUS status; DATA_BLOB datablob; TDB_DATA tdbdata; TALLOC_CTX *tmp_ctx = talloc_stackframe(); datablob = strhex_to_data_blob(tmp_ctx, data); if(strlen(data) > 0 && datablob.length == 0) { d_fprintf(stderr, "ERROR: could not convert hex string to data blob\n" " Not a valid hex string?\n"); talloc_free(tmp_ctx); return -1; } tdbdata.dptr = (unsigned char *)datablob.data; tdbdata.dsize = datablob.length; if (dbwrap_is_persistent(db)) { status = dbwrap_trans_store_bystring(db, keyname, tdbdata, TDB_REPLACE); } else { status = dbwrap_store_bystring(db, keyname, tdbdata, TDB_REPLACE); } if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "ERROR: could not store string key '%s': %s\n", keyname, nt_errstr(status)); talloc_free(tmp_ctx); return -1; } talloc_free(tmp_ctx); return 0; }
static int net_registry_enumerate(struct net_context *c, int argc, const char **argv) { WERROR werr; struct registry_key *key = NULL; TALLOC_CTX *ctx = talloc_stackframe(); char *subkey_name; NTTIME modtime; uint32_t count; char *valname = NULL; struct registry_value *valvalue = NULL; int ret = -1; if (argc != 1 || c->display_usage) { d_printf("Usage: net registry enumerate <path>\n"); d_printf("Example: net registry enumerate " "'HKLM\\Software\\Samba'\n"); goto done; } werr = open_key(ctx, argv[0], REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "open_key failed: %s\n", win_errstr(werr)); goto done; } for (count = 0; werr = reg_enumkey(ctx, key, count, &subkey_name, &modtime), W_ERROR_IS_OK(werr); count++) { print_registry_key(subkey_name, &modtime); } if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { goto done; } for (count = 0; werr = reg_enumvalue(ctx, key, count, &valname, &valvalue), W_ERROR_IS_OK(werr); count++) { print_registry_value_with_name(valname, valvalue); } if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { goto done; } ret = 0; done: TALLOC_FREE(ctx); return ret; }
static int net_getdomainsid(int argc, const char **argv) { DOM_SID domain_sid; fstring sid_str; if(!initialize_password_db(False)) { DEBUG(1, ("WARNING: Could not open passdb - domain sid may not reflect passdb\n" "backend knowlege (such as the sid stored in LDAP)\n")); } /* first check to see if we can even access secrets, so we don't panic when we can't. */ if (!secrets_init()) { d_fprintf(stderr, "Unable to open secrets.tdb. " "Can't fetch domainSID for name: %s\n", get_global_sam_name()); return 1; } /* Generate one, if it doesn't exist */ get_global_sam_sid(); if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) { d_fprintf(stderr, "Could not fetch local SID\n"); return 1; } sid_to_string(sid_str, &domain_sid); d_printf("SID for domain %s is: %s\n", global_myname(), sid_str); if (!secrets_fetch_domain_sid(opt_workgroup, &domain_sid)) { d_fprintf(stderr, "Could not fetch domain SID\n"); return 1; } sid_to_string(sid_str, &domain_sid); d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str); return 0; }
/* Retrieve our local SID or the SID for the specified name */ static int net_getlocalsid(struct net_context *c, int argc, const char **argv) { struct dom_sid sid; const char *name; fstring sid_str; if (argc >= 1) { name = argv[0]; } else { name = lp_netbios_name(); } if(!initialize_password_db(false, NULL)) { d_fprintf(stderr, _("WARNING: Could not open passdb\n")); return 1; } /* first check to see if we can even access secrets, so we don't panic when we can't. */ if (!secrets_init()) { d_fprintf(stderr, _("Unable to open secrets.tdb. Can't fetch domain " "SID for name: %s\n"), name); return 1; } /* Generate one, if it doesn't exist */ get_global_sam_sid(); if (!secrets_fetch_domain_sid(name, &sid)) { DEBUG(0, ("Can't fetch domain SID for name: %s\n", name)); return 1; } sid_to_fstring(sid_str, &sid); d_printf(_("SID for domain %s is: %s\n"), name, sid_str); return 0; }
static int net_registry_deletekey(struct net_context *c, int argc, const char **argv) { WERROR werr; char *subkeyname; struct registry_key *hivekey = NULL; TALLOC_CTX *ctx = talloc_stackframe(); int ret = -1; if (argc != 1 || c->display_usage) { d_printf("Usage: net registry deletekey <path>\n"); d_printf("Example: net registry deletekey " "'HKLM\\Software\\Samba\\smbconf.127.0.0.1'\n"); goto done; } if (strlen(argv[0]) == 0) { d_fprintf(stderr, "error: zero length key name given\n"); goto done; } werr = open_hive(ctx, argv[0], REG_KEY_WRITE, &hivekey, &subkeyname); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "open_hive failed: %s\n", win_errstr(werr)); goto done; } werr = reg_deletekey(hivekey, subkeyname); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, "reg_deletekey failed: %s\n", win_errstr(werr)); goto done; } ret = 0; done: TALLOC_FREE(ctx); return ret; }
static int net_changesecretpw(struct net_context *c, int argc, const char **argv) { char *trust_pw; enum netr_SchannelType sec_channel_type = SEC_CHAN_WKSTA; if(c->opt_force) { if (c->opt_stdin) { set_line_buffering(stdin); set_line_buffering(stdout); set_line_buffering(stderr); } trust_pw = get_pass(_("Enter machine password: "******"Error in reading machine password\n")); return 1; } if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) { d_fprintf(stderr, _("Unable to write the machine account password in the secrets database")); return 1; } else { d_printf(_("Modified trust account password in secrets database\n")); } } else { d_printf(_("Machine account password change requires the -f flag.\n" "Do NOT use this function unless you know what it does!\n" "This function will change the ADS Domain member " "machine account password in the secrets.tdb file!\n")); } return 0; }
struct cli_state *net_make_ipc_connection_ex( const char *domain, const char *server, struct in_addr *ip, unsigned flags) { char *server_name = NULL; struct in_addr server_ip; struct cli_state *cli = NULL; NTSTATUS nt_status; if ( !server || !ip ) { if (!net_find_server(domain, flags, &server_ip, &server_name)) { d_fprintf(stderr, "Unable to find a suitable server\n"); return NULL; } } else { server_name = SMB_STRDUP( server ); server_ip = *ip; } if (flags & NET_FLAGS_ANONYMOUS) { nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name); } else { nt_status = connect_to_ipc(&cli, &server_ip, server_name); } /* store the server in the affinity cache if it was a PDC */ if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) ) saf_store( cli->server_domain, cli->desthost ); SAFE_FREE(server_name); if (NT_STATUS_IS_OK(nt_status)) { return cli; } else { d_fprintf(stderr, "Connection failed: %s\n", nt_errstr(nt_status)); return NULL; } }
static bool wbinfo_auth_krb5(char *username, const char *pass, const char *cctype, uint32 flags) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); fstrcpy(request.data.auth.user, username); fstrcpy(request.data.auth.pass, pass); request.flags = flags; fstrcpy(request.data.auth.krb5_cc_type, cctype); request.data.auth.uid = geteuid(); result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response); /* Display response */ d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype); if (response.data.auth.nt_status) d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, response.data.auth.nt_status, response.data.auth.error_string); if (result == NSS_STATUS_SUCCESS) { if (request.flags & WBFLAG_PAM_INFO3_TEXT) { if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) { d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n"); } } if (response.data.auth.krb5ccname[0] != '\0') { d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname); } else { d_printf("no credentials cached\n"); } } return result == NSS_STATUS_SUCCESS; }
static int net_registry_getvalue_internal(struct net_context *c, int argc, const char **argv, bool raw) { WERROR werr; int ret = -1; struct registry_key *key = NULL; struct registry_value *value = NULL; TALLOC_CTX *ctx = talloc_stackframe(); if (argc != 2 || c->display_usage) { d_fprintf(stderr, "%s\n%s", _("Usage:"), _("net registry getvalue <key> <valuename>\n")); goto done; } werr = open_key(ctx, argv[0], REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, _("open_key failed: %s\n"), win_errstr(werr)); goto done; } werr = reg_queryvalue(ctx, key, argv[1], &value); if (!W_ERROR_IS_OK(werr)) { d_fprintf(stderr, _("reg_queryvalue failed: %s\n"), win_errstr(werr)); goto done; } print_registry_value(value, raw); ret = 0; done: TALLOC_FREE(ctx); return ret; }
static char winbind_separator_int(bool strict) { struct winbindd_response response; static bool got_sep; static char sep; if (got_sep) return sep; ZERO_STRUCT(response); /* Send off request */ if (winbindd_request_response(WINBINDD_INFO, NULL, &response) != NSS_STATUS_SUCCESS) { d_fprintf(stderr, "could not obtain winbind separator!\n"); if (strict) { return 0; } /* HACK: (this module should not call lp_ funtions) */ return *lp_winbind_separator(cmdline_lp_ctx); } sep = response.data.info.winbind_separator; got_sep = true; if (!sep) { d_fprintf(stderr, "winbind separator was NULL!\n"); if (strict) { return 0; } /* HACK: (this module should not call lp_ funtions) */ sep = *lp_winbind_separator(cmdline_lp_ctx); } return sep; }
static int net_g_lock_do(struct net_context *c, int argc, const char **argv) { struct net_g_lock_do_state state; const char *name, *cmd; int timeout; NTSTATUS status; if (argc != 3) { d_printf("Usage: net g_lock do <lockname> <timeout> " "<command>\n"); return -1; } name = argv[0]; timeout = atoi(argv[1]); cmd = argv[2]; state.cmd = cmd; state.result = -1; status = g_lock_do(name, G_LOCK_WRITE, timeval_set(timeout / 1000, timeout % 1000), net_g_lock_do_fn, &state); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "ERROR: g_lock_do failed: %s\n", nt_errstr(status)); goto done; } if (state.result == -1) { d_fprintf(stderr, "ERROR: system() returned %s\n", strerror(errno)); goto done; } d_fprintf(stderr, "command returned %d\n", state.result); done: return state.result; }
/** * dbwrap_tool_erase: erase the whole data base * the keyname argument is not used. */ static int dbwrap_tool_erase(struct db_context *db, const char *keyname, void *data) { int ret; ret = db->traverse(db, delete_fn, NULL); if (ret < 0) { d_fprintf(stderr, "ERROR erasing the database\n"); return -1; } return 0; }
static int dbwrap_tool_listkeys(struct db_context *db, const char *keyname, const char *data) { NTSTATUS status; status = dbwrap_traverse_read(db, listkey_fn, NULL, NULL); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "ERROR listing db keys\n"); return -1; } return 0; }
/** * dbwrap_tool_erase: erase the whole data base * the keyname argument is not used. */ static int dbwrap_tool_erase(struct db_context *db, const char *keyname, const char *data) { NTSTATUS status; status = dbwrap_traverse(db, delete_fn, NULL, NULL); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "ERROR erasing the database\n"); return -1; } return 0; }
static int dbwrap_tool_listkeys(struct db_context *db, const char *keyname, void *data) { int ret; ret = db->traverse_read(db, listkey_fn, NULL); if (ret < 0) { d_fprintf(stderr, "ERROR listing db keys\n"); return -1; } return 0; }
static const char *get_winbind_domain(void) { static struct wbcInterfaceDetails *details; details = init_interface_details(); if (!details) { d_fprintf(stderr, "could not obtain winbind domain name!\n"); /* HACK: (this module should not call lp_ functions) */ return lp_workgroup(); } return details->netbios_domain; }
static int net_conf_list(struct net_context *c, struct smbconf_ctx *conf_ctx, int argc, const char **argv) { sbcErr err; int ret = -1; TALLOC_CTX *mem_ctx; uint32_t num_shares; uint32_t share_count, param_count; struct smbconf_service **shares = NULL; mem_ctx = talloc_stackframe(); if (argc != 0 || c->display_usage) { net_conf_list_usage(c, argc, argv); goto done; } err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &shares); if (!SBC_ERROR_IS_OK(err)) { d_fprintf(stderr, _("Error getting config: %s\n"), sbcErrorString(err)); goto done; } for (share_count = 0; share_count < num_shares; share_count++) { const char *indent = ""; if (shares[share_count]->name != NULL) { d_printf("[%s]\n", shares[share_count]->name); indent = "\t"; } for (param_count = 0; param_count < shares[share_count]->num_params; param_count++) { d_printf("%s%s = %s\n", indent, shares[share_count]->param_names[param_count], shares[share_count]->param_values[param_count]); } d_printf("\n"); } ret = 0; done: TALLOC_FREE(mem_ctx); return ret; }
static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID dom_sid; uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; union lsa_TrustedDomainInfo *info = NULL; enum lsa_TrustDomInfoEnum info_class = 1; uint8_t nt_hash[16]; if (argc > 3 || argc < 2) { printf("Usage: %s [sid] [info_class]\n", argv[0]); return NT_STATUS_OK; } if (!string_to_sid(&dom_sid, argv[1])) return NT_STATUS_NO_MEMORY; if (argc == 3) info_class = atoi(argv[2]); result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx, &pol, &dom_sid, info_class, &info); if (!NT_STATUS_IS_OK(result)) goto done; if (!rpccli_get_pwd_hash(cli, nt_hash)) { d_fprintf(stderr, "Could not get pwd hash\n"); goto done; } display_trust_dom_info(mem_ctx, info, info_class, nt_hash); done: rpccli_lsa_Close(cli, mem_ctx, &pol); return result; }
static int dbwrap_tool_delete(struct db_context *db, const char *keyname, const char *data) { NTSTATUS status; status = dbwrap_trans_delete_bystring(db, keyname); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "ERROR deleting record %s : %s\n", keyname, nt_errstr(status)); return -1; } return 0; }
/* run a function from a function table. If not found then call the specified usage function */ int net_run_function(int argc, const char **argv, struct functable *table, int (*usage_fn)(int argc, const char **argv)) { int i; if (argc < 1) { d_printf("\nUsage: \n"); return usage_fn(argc, argv); } for (i=0; table[i].funcname; i++) { if (StrCaseCmp(argv[0], table[i].funcname) == 0) return table[i].fn(argc-1, argv+1); } d_fprintf(stderr, "No command: %s\n", argv[0]); return usage_fn(argc, argv); }
static struct wbcInterfaceDetails *init_interface_details(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; static struct wbcInterfaceDetails *details; if (details) { return details; } wbc_status = wbcInterfaceDetails(&details); if (!WBC_ERROR_IS_OK(wbc_status)) { d_fprintf(stderr, "could not obtain winbind interface details!\n"); } return details; }
int net_use_machine_account(void) { char *user_name = NULL; if (!secrets_init()) { d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); exit(1); } opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); if (asprintf(&user_name, "%s$", global_myname()) == -1) { return -1; } opt_user_name = user_name; return 0; }
static bool search_maxrid(struct pdb_search *search, const char *type, uint32 *max_rid) { struct samr_displayentry *entries; uint32 i, num_entries; if (search == NULL) { d_fprintf(stderr, _("get_maxrid: Could not search %s\n"), type); return false; } num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries); for (i=0; i<num_entries; i++) *max_rid = MAX(*max_rid, entries[i].rid); TALLOC_FREE(search); return true; }
int net_use_krb_machine_account(struct net_context *c) { char *user_name = NULL; if (!secrets_init()) { d_fprintf(stderr,_("ERROR: Unable to open secrets database\n")); exit(1); } c->opt_password = secrets_fetch_machine_password( c->opt_target_workgroup, NULL, NULL); if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { return -1; } c->opt_user_name = user_name; return 0; }
/** * Delete an entry in the cache * * @param argv key to delete an entry of * @return 0 on success, otherwise failure **/ static int net_cache_del(int argc, const char **argv) { const char *keystr = argv[0]; if (argc < 1) { d_printf("\nUsage: net cache del <key string>\n"); return -1; } if(gencache_del(keystr)) { d_printf("Entry deleted.\n"); return 0; } d_fprintf(stderr, "Couldn't delete specified entry\n"); return -1; }
static int dbwrap_tool_fetch_uint32(struct db_context *db, const char *keyname, const char *data) { uint32_t value; NTSTATUS ret; ret = dbwrap_fetch_uint32(db, keyname, &value); if (NT_STATUS_IS_OK(ret)) { d_printf("%u\n", value); return 0; } else { d_fprintf(stderr, "ERROR: could not fetch uint32 key '%s': " "%s\n", nt_errstr(ret), keyname); return -1; } }