static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
NTSTATUS result;
const char *server_name = cli->desthost;
struct netr_Authenticator clnt_creds, srv_cred;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct netr_ChangeLogEntry e;
uint32_t rid = 500;
struct dcerpc_binding_handle *b = cli->binding_handle;
struct netlogon_creds_CredentialState *creds = NULL;
if (argc > 2) {
fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
return NT_STATUS_OK;
}
if (argc == 2) {
sscanf(argv[1], "%d", &rid);
}
if (rpcclient_netlogon_creds == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
status = netlogon_creds_cli_lock(rpcclient_netlogon_creds,
mem_ctx, &creds);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
netlogon_creds_client_authenticator(creds, &clnt_creds);
ZERO_STRUCT(e);
e.object_rid = rid;
e.db_index = SAM_DATABASE_DOMAIN;
e.delta_type = NETR_DELTA_USER;
status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
server_name,
lp_netbios_name(),
&clnt_creds,
&srv_cred,
e,
0, /* is calculated automatically */
&delta_enum_array,
&result);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(creds);
return status;
}
if (!netlogon_creds_client_check(creds, &srv_cred.cred)) {
DEBUG(0,("credentials chain check failed\n"));
TALLOC_FREE(creds);
return NT_STATUS_ACCESS_DENIED;
}
TALLOC_FREE(creds);
return result;
}
static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
NTSTATUS result;
const char *server_name = cli->desthost;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct netr_Authenticator clnt_creds, srv_cred;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
unsigned char trust_passwd_hash[16];
enum netr_SchannelType sec_channel_type = 0;
struct netr_ChangeLogEntry e;
uint32_t rid = 500;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc > 2) {
fprintf(stderr, "Usage: %s <user rid>\n", argv[0]);
return NT_STATUS_OK;
}
if (argc == 2) {
sscanf(argv[1], "%d", &rid);
}
if (!secrets_fetch_trust_account_password(lp_workgroup(),
trust_passwd_hash,
NULL, &sec_channel_type)) {
return NT_STATUS_UNSUCCESSFUL;
}
status = rpccli_netlogon_setup_creds(cli,
server_name, /* server name */
lp_workgroup(), /* domain */
lp_netbios_name(), /* client name */
lp_netbios_name(), /* machine account name */
trust_passwd_hash,
sec_channel_type,
&neg_flags);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
ZERO_STRUCT(e);
e.object_rid = rid;
e.db_index = SAM_DATABASE_DOMAIN;
e.delta_type = NETR_DELTA_USER;
status = dcerpc_netr_DatabaseRedo(b, mem_ctx,
server_name,
lp_netbios_name(),
&clnt_creds,
&srv_cred,
e,
0, /* is calculated automatically */
&delta_enum_array,
&result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
DEBUG(0,("credentials chain check failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
return result;
}
