static int net_lookup_dc(int argc, const char **argv)
{
struct ip_service *ip_list;
struct in_addr addr;
char *pdc_str = NULL;
const char *domain=opt_target_workgroup;
char *sitename = NULL;
int count, i;
if (argc > 0)
domain=argv[0];
/* first get PDC */
if (!get_pdc_ip(domain, &addr))
return -1;
asprintf(&pdc_str, "%s", inet_ntoa(addr));
d_printf("%s\n", pdc_str);
sitename = sitename_fetch(domain);
if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, sitename, &ip_list, &count, False))) {
SAFE_FREE(pdc_str);
SAFE_FREE(sitename);
return 0;
}
SAFE_FREE(sitename);
for (i=0;i<count;i++) {
char *dc_str = inet_ntoa(ip_list[i].ip);
if (!strequal(pdc_str, dc_str))
d_printf("%s\n", dc_str);
}
SAFE_FREE(pdc_str);
return 0;
}
static int net_lookup_pdc(struct net_context *c, int argc, const char **argv)
{
struct sockaddr_storage ss;
char *pdc_str = NULL;
const char *domain;
char addr[INET6_ADDRSTRLEN];
if (lp_security() == SEC_ADS) {
domain = lp_realm();
} else {
domain = c->opt_target_workgroup;
}
if (argc > 0)
domain=argv[0];
/* first get PDC */
if (!get_pdc_ip(domain, &ss))
return -1;
print_sockaddr(addr, sizeof(addr), &ss);
if (asprintf(&pdc_str, "%s", addr) == -1) {
return -1;
}
d_printf("%s\n", pdc_str);
SAFE_FREE(pdc_str);
return 0;
}
BOOL net_find_pdc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
{
if (get_pdc_ip(domain_name, server_ip)) {
if (is_zero_ip(*server_ip))
return False;
if (!name_status_find(domain_name, 0x1b, 0x20, *server_ip, server_name))
return False;
return True;
}
else
return False;
}
static int net_lookup_ldap(int argc, const char **argv)
{
#ifdef HAVE_LDAP
char *srvlist;
const char *domain;
int rc;
struct in_addr addr;
struct hostent *hostent;
if (argc > 0)
domain = argv[0];
else
domain = opt_target_workgroup;
DEBUG(9, ("Lookup up ldap for domain %s\n", domain));
rc = ldap_domain2hostlist(domain, &srvlist);
if ((rc == LDAP_SUCCESS) && srvlist) {
print_ldap_srvlist(srvlist);
return 0;
}
DEBUG(9, ("Looking up DC for domain %s\n", domain));
if (!get_pdc_ip(domain, &addr))
return -1;
hostent = gethostbyaddr((char *) &addr.s_addr, sizeof(addr.s_addr),
AF_INET);
if (!hostent)
return -1;
DEBUG(9, ("Found DC with DNS name %s\n", hostent->h_name));
domain = strchr(hostent->h_name, '.');
if (!domain)
return -1;
domain++;
DEBUG(9, ("Looking up ldap for domain %s\n", domain));
rc = ldap_domain2hostlist(domain, &srvlist);
if ((rc == LDAP_SUCCESS) && srvlist) {
print_ldap_srvlist(srvlist);
return 0;
}
return -1;
#endif
DEBUG(1,("No LDAP support\n"));
return -1;
}
bool net_find_pdc(struct sockaddr_storage *server_ss,
fstring server_name,
const char *domain_name)
{
if (!get_pdc_ip(domain_name, server_ss)) {
return false;
}
if (is_zero_addr(server_ss)) {
return false;
}
if (!name_status_find(domain_name, 0x1b, 0x20, server_ss, server_name)) {
return false;
}
return true;
}
static int net_lookup_dc(struct net_context *c, int argc, const char **argv)
{
struct ip_service *ip_list;
struct sockaddr_storage ss;
char *pdc_str = NULL;
const char *domain = NULL;
char *sitename = NULL;
int count, i;
char addr[INET6_ADDRSTRLEN];
bool sec_ads = (lp_security() == SEC_ADS);
if (sec_ads) {
domain = lp_realm();
} else {
domain = c->opt_target_workgroup;
}
if (argc > 0)
domain=argv[0];
/* first get PDC */
if (!get_pdc_ip(domain, &ss))
return -1;
print_sockaddr(addr, sizeof(addr), &ss);
if (asprintf(&pdc_str, "%s", addr) == -1) {
return -1;
}
d_printf("%s\n", pdc_str);
sitename = sitename_fetch(talloc_tos(), domain);
if (!NT_STATUS_IS_OK(get_sorted_dc_list(domain, sitename,
&ip_list, &count, sec_ads))) {
SAFE_FREE(pdc_str);
TALLOC_FREE(sitename);
return 0;
}
TALLOC_FREE(sitename);
for (i=0;i<count;i++) {
print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
if (!strequal(pdc_str, addr))
d_printf("%s\n", addr);
}
SAFE_FREE(pdc_str);
return 0;
}
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
struct sockaddr_storage *server_ss,
char **server_name)
{
const char *d = domain ? domain : c->opt_target_workgroup;
if (c->opt_host) {
*server_name = SMB_STRDUP(c->opt_host);
}
if (c->opt_have_ip) {
*server_ss = c->opt_dest_ip;
if (!*server_name) {
char addr[INET6_ADDRSTRLEN];
print_sockaddr(addr, sizeof(addr), &c->opt_dest_ip);
*server_name = SMB_STRDUP(addr);
}
} else if (*server_name) {
/* resolve the IP address */
if (!resolve_name(*server_name, server_ss, 0x20, false)) {
DEBUG(1,("Unable to resolve server name\n"));
return false;
}
} else if (flags & NET_FLAGS_PDC) {
fstring dc_name;
struct sockaddr_storage pdc_ss;
if (!get_pdc_ip(d, &pdc_ss)) {
DEBUG(1,("Unable to resolve PDC server address\n"));
return false;
}
if (is_zero_addr(&pdc_ss)) {
return false;
}
if (!name_status_find(d, 0x1b, 0x20, &pdc_ss, dc_name)) {
return false;
}
*server_name = SMB_STRDUP(dc_name);
*server_ss = pdc_ss;
} else if (flags & NET_FLAGS_DMB) {
struct sockaddr_storage msbrow_ss;
char addr[INET6_ADDRSTRLEN];
/* if (!resolve_name(MSBROWSE, &msbrow_ip, 1, false)) */
if (!resolve_name(d, &msbrow_ss, 0x1B, false)) {
DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
return false;
}
*server_ss = msbrow_ss;
print_sockaddr(addr, sizeof(addr), server_ss);
*server_name = SMB_STRDUP(addr);
} else if (flags & NET_FLAGS_MASTER) {
struct sockaddr_storage brow_ss;
char addr[INET6_ADDRSTRLEN];
if (!resolve_name(d, &brow_ss, 0x1D, false)) {
/* go looking for workgroups */
DEBUG(1,("Unable to resolve master browser via name lookup\n"));
return false;
}
*server_ss = brow_ss;
print_sockaddr(addr, sizeof(addr), server_ss);
*server_name = SMB_STRDUP(addr);
} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
if (!interpret_string_addr(server_ss,
"127.0.0.1", AI_NUMERICHOST)) {
DEBUG(1,("Unable to resolve 127.0.0.1\n"));
return false;
}
*server_name = SMB_STRDUP("127.0.0.1");
}
if (!*server_name) {
DEBUG(1,("no server to connect to\n"));
return false;
}
return true;
}
static int net_lookup_ldap(struct net_context *c, int argc, const char **argv)
{
#ifdef HAVE_ADS
const char *domain;
struct sockaddr_storage ss;
struct dns_rr_srv *dcs = NULL;
int numdcs = 0;
char *sitename;
TALLOC_CTX *ctx;
NTSTATUS status;
int ret;
char h_name[MAX_DNS_NAME_LENGTH];
if (argc > 0)
domain = argv[0];
else
domain = c->opt_target_workgroup;
if ( (ctx = talloc_init("net_lookup_ldap")) == NULL ) {
d_fprintf(stderr,"net_lookup_ldap: talloc_init() %s!\n",
_("failed"));
return -1;
}
sitename = sitename_fetch(ctx, domain);
DEBUG(9, ("Lookup up ldap for domain %s\n", domain));
status = ads_dns_query_dcs(ctx,
domain,
sitename,
&dcs,
&numdcs);
if ( NT_STATUS_IS_OK(status) && numdcs ) {
print_ldap_srvlist(dcs, numdcs);
TALLOC_FREE( ctx );
return 0;
}
DEBUG(9, ("Looking up PDC for domain %s\n", domain));
if (!get_pdc_ip(domain, &ss)) {
TALLOC_FREE( ctx );
return -1;
}
ret = sys_getnameinfo((struct sockaddr *)&ss,
sizeof(struct sockaddr_storage),
h_name, sizeof(h_name),
NULL, 0,
NI_NAMEREQD);
if (ret) {
TALLOC_FREE( ctx );
return -1;
}
DEBUG(9, ("Found PDC with DNS name %s\n", h_name));
domain = strchr(h_name, '.');
if (!domain) {
TALLOC_FREE( ctx );
return -1;
}
domain++;
DEBUG(9, ("Looking up ldap for domain %s\n", domain));
status = ads_dns_query_dcs(ctx,
domain,
sitename,
&dcs,
&numdcs);
if ( NT_STATUS_IS_OK(status) && numdcs ) {
print_ldap_srvlist(dcs, numdcs);
TALLOC_FREE( ctx );
return 0;
}
TALLOC_FREE( ctx );
return -1;
#endif
DEBUG(1,("No ADS support\n"));
return -1;
}
BOOL net_find_server(const char *domain, unsigned flags, struct in_addr *server_ip, char **server_name)
{
const char *d = domain ? domain : opt_target_workgroup;
if (opt_host) {
*server_name = SMB_STRDUP(opt_host);
}
if (opt_have_ip) {
*server_ip = opt_dest_ip;
if (!*server_name) {
*server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
}
} else if (*server_name) {
/* resolve the IP address */
if (!resolve_name(*server_name, server_ip, 0x20)) {
DEBUG(1,("Unable to resolve server name\n"));
return False;
}
} else if (flags & NET_FLAGS_PDC) {
struct in_addr pdc_ip;
if (get_pdc_ip(d, &pdc_ip)) {
fstring dc_name;
if (is_zero_ip(pdc_ip))
return False;
if ( !name_status_find(d, 0x1b, 0x20, pdc_ip, dc_name) )
return False;
*server_name = SMB_STRDUP(dc_name);
*server_ip = pdc_ip;
}
} else if (flags & NET_FLAGS_DMB) {
struct in_addr msbrow_ip;
/* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
if (!resolve_name(d, &msbrow_ip, 0x1B)) {
DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
return False;
} else {
*server_ip = msbrow_ip;
}
*server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
} else if (flags & NET_FLAGS_MASTER) {
struct in_addr brow_ips;
if (!resolve_name(d, &brow_ips, 0x1D)) {
/* go looking for workgroups */
DEBUG(1,("Unable to resolve master browser via name lookup\n"));
return False;
} else {
*server_ip = brow_ips;
}
*server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
*server_ip = loopback_ip;
*server_name = SMB_STRDUP("127.0.0.1");
}
if (!server_name || !*server_name) {
DEBUG(1,("no server to connect to\n"));
return False;
}
return True;
}
static int net_lookup_ldap(int argc, const char **argv)
{
#ifdef HAVE_ADS
const char *domain;
struct in_addr addr;
struct hostent *hostent;
struct dns_rr_srv *dcs = NULL;
int numdcs = 0;
char *sitename;
TALLOC_CTX *ctx;
NTSTATUS status;
if (argc > 0)
domain = argv[0];
else
domain = opt_target_workgroup;
sitename = sitename_fetch(domain);
if ( (ctx = talloc_init("net_lookup_ldap")) == NULL ) {
d_fprintf(stderr, "net_lookup_ldap: talloc_inti() failed!\n");
SAFE_FREE(sitename);
return -1;
}
DEBUG(9, ("Lookup up ldap for domain %s\n", domain));
status = ads_dns_query_dcs( ctx, domain, sitename, &dcs, &numdcs );
if ( NT_STATUS_IS_OK(status) && numdcs ) {
print_ldap_srvlist(dcs, numdcs);
TALLOC_FREE( ctx );
SAFE_FREE(sitename);
return 0;
}
DEBUG(9, ("Looking up DC for domain %s\n", domain));
if (!get_pdc_ip(domain, &addr)) {
TALLOC_FREE( ctx );
SAFE_FREE(sitename);
return -1;
}
hostent = gethostbyaddr((char *) &addr.s_addr, sizeof(addr.s_addr),
AF_INET);
if (!hostent) {
TALLOC_FREE( ctx );
SAFE_FREE(sitename);
return -1;
}
DEBUG(9, ("Found DC with DNS name %s\n", hostent->h_name));
domain = strchr(hostent->h_name, '.');
if (!domain) {
TALLOC_FREE( ctx );
SAFE_FREE(sitename);
return -1;
}
domain++;
DEBUG(9, ("Looking up ldap for domain %s\n", domain));
status = ads_dns_query_dcs( ctx, domain, sitename, &dcs, &numdcs );
if ( NT_STATUS_IS_OK(status) && numdcs ) {
print_ldap_srvlist(dcs, numdcs);
TALLOC_FREE( ctx );
SAFE_FREE(sitename);
return 0;
}
TALLOC_FREE( ctx );
SAFE_FREE(sitename);
return -1;
#endif
DEBUG(1,("No ADS support\n"));
return -1;
}
NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct in_addr pdc_ip;
fstring dc_name;
struct cli_state *cli;
DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
domain));
if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
/* Use the PDC *only* for this */
if ( !get_pdc_ip(domain, &pdc_ip) ) {
DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
goto failed;
}
if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) )
goto failed;
} else {
/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
fstrcpy( dc_name, remote_machine );
}
/* if this next call fails, then give up. We can't do
password changes on BDC's --jerry */
if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name,
NULL, 0,
"IPC$", "IPC",
"", "",
"", 0, Undefined, NULL))) {
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
nt_status = NT_STATUS_UNSUCCESSFUL;
goto failed;
}
/*
* Ok - we have an anonymous connection to the IPC$ share.
* Now start the NT Domain stuff :-).
*/
if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
dc_name, cli_errstr(cli)));
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto failed;
}
nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, domain);
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
failed:
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
timestring(False), domain));
}
else
DEBUG(5,("change_trust_account_password: sucess!\n"));
return nt_status;
}
NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct sockaddr_storage pdc_ss;
fstring dc_name;
struct cli_state *cli = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
domain));
if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
/* Use the PDC *only* for this */
if ( !get_pdc_ip(domain, &pdc_ss) ) {
DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
goto failed;
}
if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) )
goto failed;
} else {
/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
fstrcpy( dc_name, remote_machine );
}
/* if this next call fails, then give up. We can't do
password changes on BDC's --jerry */
if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name,
NULL, 0,
"IPC$", "IPC",
"", "",
"", 0, Undefined, NULL))) {
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
nt_status = NT_STATUS_UNSUCCESSFUL;
goto failed;
}
/*
* Ok - we have an anonymous connection to the IPC$ share.
* Now start the NT Domain stuff :-).
*/
/* Shouldn't we open this with schannel ? JRA. */
nt_status = cli_rpc_pipe_open_noauth(
cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
dc_name, nt_errstr(nt_status)));
cli_shutdown(cli);
cli = NULL;
goto failed;
}
nt_status = trust_pw_find_change_and_store_it(
netlogon_pipe, netlogon_pipe, domain);
cli_shutdown(cli);
cli = NULL;
failed:
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
current_timestring(talloc_tos(), False), domain));
}
else
DEBUG(5,("change_trust_account_password: sucess!\n"));
return nt_status;
}
