static NTSTATUS libnet_dssync_lookup_nc(TALLOC_CTX *mem_ctx,
struct dssync_context *ctx)
{
NTSTATUS status;
WERROR werr;
int32_t level = 1;
union drsuapi_DsNameRequest req;
int32_t level_out;
struct drsuapi_DsNameString names[1];
union drsuapi_DsNameCtr ctr;
names[0].str = talloc_asprintf(mem_ctx, "%s\\", ctx->domain_name);
NT_STATUS_HAVE_NO_MEMORY(names[0].str);
req.req1.codepage = 1252; /* german */
req.req1.language = 0x00000407; /* german */
req.req1.count = 1;
req.req1.names = names;
req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN;
req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
status = rpccli_drsuapi_DsCrackNames(ctx->cli, mem_ctx,
&ctx->bind_handle,
level,
&req,
&level_out,
&ctr,
&werr);
if (!NT_STATUS_IS_OK(status)) {
ctx->error_message = talloc_asprintf(ctx,
"Failed to lookup DN for domain name: %s",
get_friendly_werror_msg(werr));
return status;
}
if (!W_ERROR_IS_OK(werr)) {
return werror_to_ntstatus(werr);
}
if (ctr.ctr1->count != 1) {
return NT_STATUS_UNSUCCESSFUL;
}
if (ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
return NT_STATUS_UNSUCCESSFUL;
}
ctx->nc_dn = talloc_strdup(mem_ctx, ctr.ctr1->array[0].result_name);
NT_STATUS_HAVE_NO_MEMORY(ctx->nc_dn);
if (!ctx->dns_domain_name) {
ctx->dns_domain_name = talloc_strdup_upper(mem_ctx,
ctr.ctr1->array[0].dns_domain_name);
NT_STATUS_HAVE_NO_MEMORY(ctx->dns_domain_name);
}
return NT_STATUS_OK;
}
const char *libnetapi_errstr(NET_API_STATUS status)
{
if (status & 0xc0000000) {
return get_friendly_nt_error_msg(NT_STATUS(status));
}
return get_friendly_werror_msg(W_ERROR(status));
}
char *libnetapi_errstr(NET_API_STATUS status)
{
TALLOC_CTX *frame = talloc_stackframe();
char *ret;
if (status & 0xc0000000) {
ret = talloc_strdup(NULL,
get_friendly_nt_error_msg(NT_STATUS(status)));
} else {
ret = talloc_strdup(NULL,
get_friendly_werror_msg(W_ERROR(status)));
}
TALLOC_FREE(frame);
return ret;
}
static WERROR cmd_drsuapi_getncchanges(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
WERROR werr;
struct policy_handle bind_handle;
struct dcerpc_binding_handle *b = cli->binding_handle;
struct GUID bind_guid;
struct drsuapi_DsBindInfoCtr bind_info;
struct drsuapi_DsBindInfo28 info28;
const char *nc_dn = NULL;
DATA_BLOB session_key;
uint32_t level = 8;
bool single = false;
uint32_t level_out = 0;
union drsuapi_DsGetNCChangesRequest req;
union drsuapi_DsGetNCChangesCtr ctr;
struct drsuapi_DsReplicaObjectIdentifier nc;
struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
uint32_t out_level = 0;
int y;
uint32_t supported_extensions = 0;
uint32_t replica_flags = DRSUAPI_DRS_WRIT_REP |
DRSUAPI_DRS_INIT_SYNC |
DRSUAPI_DRS_PER_SYNC |
DRSUAPI_DRS_GET_ANC |
DRSUAPI_DRS_NEVER_SYNCED;
if (argc > 3) {
printf("usage: %s [naming_context_or_object_dn [single]]\n", argv[0]);
return WERR_OK;
}
if (argc >= 2) {
nc_dn = argv[1];
}
if (argc == 3) {
if (strequal(argv[2], "single")) {
single = true;
} else {
printf("warning: ignoring unknown argument '%s'\n",
argv[2]);
}
}
ZERO_STRUCT(info28);
ZERO_STRUCT(req);
GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
info28.site_guid = GUID_zero();
info28.pid = 0;
info28.repl_epoch = 0;
bind_info.length = 28;
bind_info.info.info28 = info28;
status = dcerpc_drsuapi_DsBind(b, mem_ctx,
&bind_guid,
&bind_info,
&bind_handle,
&werr);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
if (bind_info.length == 24) {
supported_extensions = bind_info.info.info24.supported_extensions;
} else if (bind_info.length == 28) {
supported_extensions = bind_info.info.info28.supported_extensions;
} else if (bind_info.length == 32) {
supported_extensions = bind_info.info.info32.supported_extensions;
} else if (bind_info.length == 48) {
supported_extensions = bind_info.info.info48.supported_extensions;
} else if (bind_info.length == 52) {
supported_extensions = bind_info.info.info52.supported_extensions;
}
if (!nc_dn) {
union drsuapi_DsNameCtr crack_ctr;
const char *name;
name = talloc_asprintf(mem_ctx, "%s\\", lp_workgroup());
W_ERROR_HAVE_NO_MEMORY(name);
werr = cracknames(cli, mem_ctx,
&bind_handle,
DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
1,
&name,
&crack_ctr);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
if (crack_ctr.ctr1->count != 1) {
return WERR_NO_SUCH_DOMAIN;
}
if (crack_ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
return WERR_NO_SUCH_DOMAIN;
}
nc_dn = talloc_strdup(mem_ctx, crack_ctr.ctr1->array[0].result_name);
W_ERROR_HAVE_NO_MEMORY(nc_dn);
printf("using: %s\n", nc_dn);
}
nc.dn = nc_dn;
nc.guid = GUID_zero();
nc.sid = (struct dom_sid) {0};
if (supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
level = 8;
req.req8.naming_context = &nc;
req.req8.replica_flags = replica_flags;
req.req8.max_object_count = 402;
req.req8.max_ndr_size = 402116;
if (single) {
req.req8.extended_op = DRSUAPI_EXOP_REPL_OBJ;
}
} else {
level = 5;
req.req5.naming_context = &nc;
req.req5.replica_flags = replica_flags;
req.req5.max_object_count = 402;
req.req5.max_ndr_size = 402116;
if (single) {
req.req5.extended_op = DRSUAPI_EXOP_REPL_OBJ;
}
}
for (y=0; ;y++) {
if (level == 8) {
DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
(long long)req.req8.highwatermark.tmp_highest_usn,
(long long)req.req8.highwatermark.highest_usn));
}
status = dcerpc_drsuapi_DsGetNCChanges(b, mem_ctx,
&bind_handle,
level,
&req,
&level_out,
&ctr,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
printf("Failed to get NC Changes: %s",
get_friendly_nt_error_msg(status));
goto out;
}
if (!W_ERROR_IS_OK(werr)) {
printf("Failed to get NC Changes: %s",
get_friendly_werror_msg(werr));
goto out;
}
if (level_out == 1) {
out_level = 1;
ctr1 = &ctr.ctr1;
} else if (level_out == 2 && ctr.ctr2.mszip1.ts) {
out_level = 1;
ctr1 = &ctr.ctr2.mszip1.ts->ctr1;
}
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to get Session Key: %s",
nt_errstr(status));
return ntstatus_to_werror(status);
}
if (out_level == 1) {
DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
(long long)ctr1->new_highwatermark.tmp_highest_usn,
(long long)ctr1->new_highwatermark.highest_usn));
#if 0
libnet_dssync_decrypt_attributes(mem_ctx,
&session_key,
ctr1->first_object);
#endif
if (ctr1->more_data) {
req.req5.highwatermark = ctr1->new_highwatermark;
continue;
}
}
if (level_out == 6) {
out_level = 6;
ctr6 = &ctr.ctr6;
} else if (level_out == 7
&& ctr.ctr7.level == 6
&& ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP
&& ctr.ctr7.ctr.mszip6.ts) {
out_level = 6;
ctr6 = &ctr.ctr7.ctr.mszip6.ts->ctr6;
} else if (level_out == 7
&& ctr.ctr7.level == 6
&& ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_XPRESS
&& ctr.ctr7.ctr.xpress6.ts) {
out_level = 6;
ctr6 = &ctr.ctr7.ctr.xpress6.ts->ctr6;
}
if (out_level == 6) {
DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
(long long)ctr6->new_highwatermark.tmp_highest_usn,
(long long)ctr6->new_highwatermark.highest_usn));
#if 0
libnet_dssync_decrypt_attributes(mem_ctx,
&session_key,
ctr6->first_object);
#endif
if (ctr6->more_data) {
req.req8.highwatermark = ctr6->new_highwatermark;
continue;
}
}
break;
}
out:
return werr;
}
/* List of commands exported by this module */
struct cmd_set drsuapi_commands[] = {
{ "DRSUAPI" },
{ "dscracknames", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_cracknames, &ndr_table_drsuapi, NULL, "Crack Name", "" },
{ "dsgetdcinfo", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_getdcinfo, &ndr_table_drsuapi, NULL, "Get Domain Controller Info", "" },
{ "dsgetncchanges", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_getncchanges, &ndr_table_drsuapi, NULL, "Get NC Changes", "" },
{ "dswriteaccountspn", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_writeaccountspn, &ndr_table_drsuapi, NULL, "Write Account SPN", "" },
{ NULL }
};
static void handle_value_input(struct regedit *regedit, int c)
{
struct value_item *vitem;
bool binmode = false;
WERROR err;
int sel;
switch (c) {
case KEY_DOWN:
value_list_driver(regedit->vl, ML_CURSOR_DOWN);
break;
case KEY_UP:
value_list_driver(regedit->vl, ML_CURSOR_UP);
break;
case KEY_NPAGE:
value_list_driver(regedit->vl, ML_CURSOR_PGDN);
break;
case KEY_PPAGE:
value_list_driver(regedit->vl, ML_CURSOR_PGUP);
break;
case KEY_HOME:
value_list_driver(regedit->vl, ML_CURSOR_HOME);
break;
case KEY_END:
value_list_driver(regedit->vl, ML_CURSOR_END);
break;
case 'b':
case 'B':
binmode = true;
/* Falthrough... */
case '\n':
case KEY_ENTER:
vitem = value_list_get_current_item(regedit->vl);
if (vitem) {
struct tree_node *node;
const char *name = NULL;
node = tree_view_get_current_node(regedit->keys);
sel = dialog_edit_value(regedit, node->key, vitem->type,
vitem, binmode, &err, &name);
if (!W_ERROR_IS_OK(err)) {
const char *msg = get_friendly_werror_msg(err);
dialog_notice(regedit, DIA_ALERT, "Error",
"Error editing value:\n%s", msg);
} else if (sel == DIALOG_OK) {
tree_node_reopen_key(regedit->registry_context,
node);
value_list_load(regedit->vl, node->key);
value_list_set_current_item_by_name(regedit->vl,
name);
talloc_free(discard_const(name));
}
}
break;
case 'n':
case 'N': {
int new_type;
sel = dialog_select_type(regedit, &new_type);
if (sel == DIALOG_OK) {
struct tree_node *node;
const char *name = NULL;
node = tree_view_get_current_node(regedit->keys);
sel = dialog_edit_value(regedit, node->key, new_type,
NULL, false, &err, &name);
if (!W_ERROR_IS_OK(err)) {
const char *msg = get_friendly_werror_msg(err);
dialog_notice(regedit, DIA_ALERT, "Error",
"Error creating value:\n%s", msg);
} else if (sel == DIALOG_OK) {
tree_node_reopen_key(regedit->registry_context,
node);
value_list_load(regedit->vl, node->key);
value_list_set_current_item_by_name(regedit->vl,
name);
talloc_free(discard_const(name));
}
}
break;
}
case 'd':
case 'D':
vitem = value_list_get_current_item(regedit->vl);
if (vitem) {
sel = dialog_notice(regedit, DIA_CONFIRM,
"Delete Value",
"Really delete value \"%s\"?",
vitem->value_name);
if (sel == DIALOG_OK) {
struct tree_node *node;
node = tree_view_get_current_node(regedit->keys);
reg_del_value(regedit, node->key,
vitem->value_name);
tree_node_reopen_key(regedit->registry_context,
node);
value_list_load(regedit->vl, node->key);
}
}
break;
}
value_list_show(regedit->vl);
}
static void handle_tree_input(struct regedit *regedit, int c)
{
struct tree_node *node;
switch (c) {
case KEY_DOWN:
tree_view_driver(regedit->keys, ML_CURSOR_DOWN);
load_values(regedit);
break;
case KEY_UP:
tree_view_driver(regedit->keys, ML_CURSOR_UP);
load_values(regedit);
break;
case KEY_NPAGE:
tree_view_driver(regedit->keys, ML_CURSOR_PGDN);
load_values(regedit);
break;
case KEY_PPAGE:
tree_view_driver(regedit->keys, ML_CURSOR_PGUP);
load_values(regedit);
break;
case KEY_HOME:
tree_view_driver(regedit->keys, ML_CURSOR_HOME);
load_values(regedit);
break;
case KEY_END:
tree_view_driver(regedit->keys, ML_CURSOR_END);
load_values(regedit);
break;
case '\n':
case KEY_ENTER:
case KEY_RIGHT:
node = tree_view_get_current_node(regedit->keys);
if (node && tree_node_has_children(node)) {
WERROR rv;
rv = tree_node_load_children(node);
if (W_ERROR_IS_OK(rv)) {
print_path(regedit, node->child_head);
tree_view_update(regedit->keys, node->child_head);
value_list_load(regedit->vl, node->child_head->key);
} else {
const char *msg = get_friendly_werror_msg(rv);
dialog_notice(regedit, DIA_ALERT, "Loading Subkeys",
"Failed to load subkeys: %s", msg);
}
}
break;
case KEY_LEFT:
node = tree_view_get_current_node(regedit->keys);
if (node && !tree_node_is_top_level(node)) {
print_path(regedit, node->parent);
node = node->parent;
tree_view_update(regedit->keys, tree_node_first(node));
tree_view_set_current_node(regedit->keys, node);
value_list_load(regedit->vl, node->key);
}
break;
case 'n':
case 'N':
node = tree_view_get_current_node(regedit->keys);
add_reg_key(regedit, node, false);
break;
case 's':
case 'S':
node = tree_view_get_current_node(regedit->keys);
add_reg_key(regedit, node, true);
break;
case 'd':
case 'D': {
int sel;
node = tree_view_get_current_node(regedit->keys);
if (tree_node_is_top_level(node)) {
break;
}
sel = dialog_notice(regedit, DIA_CONFIRM,
"Delete Key",
"Really delete key \"%s\"?",
node->name);
if (sel == DIALOG_OK) {
WERROR rv;
struct tree_node *pop;
struct tree_node *parent = node->parent;
rv = reg_key_del(node, parent->key, node->name);
if (W_ERROR_IS_OK(rv)) {
tree_node_reopen_key(regedit->registry_context,
parent);
tree_view_clear(regedit->keys);
pop = tree_node_pop(&node);
talloc_free(pop);
node = parent->child_head;
if (node == NULL) {
node = tree_node_first(parent);
print_path(regedit, node);
}
tree_view_update(regedit->keys, node);
value_list_load(regedit->vl, node->key);
} else {
const char *msg = get_friendly_werror_msg(rv);
dialog_notice(regedit, DIA_ALERT, "Delete Key",
"Failed to delete key: %s", msg);
}
}
break;
}
}
tree_view_show(regedit->keys);
value_list_show(regedit->vl);
}
static void add_reg_key(struct regedit *regedit, struct tree_node *node,
bool subkey)
{
const char *name;
const char *msg;
if (!subkey && tree_node_is_top_level(node)) {
return;
}
msg = "Enter name of new key";
if (subkey) {
msg = "Enter name of new subkey";
}
dialog_input(regedit, &name, "New Key", msg);
if (name) {
WERROR rv;
struct registry_key *new_key;
struct tree_node *new_node;
struct tree_node *list;
struct tree_node *parent;
if (subkey) {
parent = node;
list = node->child_head;
} else {
parent = node->parent;
list = tree_node_first(node);
SMB_ASSERT(list != NULL);
}
rv = reg_key_add_name(regedit, parent->key, name,
NULL, NULL, &new_key);
if (W_ERROR_IS_OK(rv)) {
/* The list of subkeys may not be present in
cache yet, so if not, don't bother allocating
a new node for the key. */
if (list) {
new_node = tree_node_new(parent, parent,
name, new_key);
SMB_ASSERT(new_node);
tree_node_insert_sorted(list, new_node);
} else {
/* Reopen the parent key to make sure the
new subkey will be noticed. */
tree_node_reopen_key(regedit->registry_context,
parent);
}
list = tree_node_first(node);
tree_view_clear(regedit->keys);
tree_view_update(regedit->keys, list);
if (!subkey) {
node = new_node;
}
tree_view_set_current_node(regedit->keys, node);
load_values(regedit);
} else {
msg = get_friendly_werror_msg(rv);
dialog_notice(regedit, DIA_ALERT, "New Key",
"Failed to create key: %s", msg);
}
talloc_free(discard_const(name));
}
}
