2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Guenther Deschner 2008
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "rpcclient.h"
24 #include "../libcli/auth/libcli_auth.h"
25 #include "../librpc/gen_ndr/ndr_netlogon.h"
26 #include "../librpc/gen_ndr/cli_netlogon.h"
27 #include "rpc_client/cli_netlogon.h"
30 static WERROR
cmd_netlogon_logon_ctrl2(struct rpc_pipe_client
*cli
,
31 TALLOC_CTX
*mem_ctx
, int argc
,
34 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
36 const char *logon_server
= cli
->desthost
;
37 enum netr_LogonControlCode function_code
= NETLOGON_CONTROL_REDISCOVER
;
39 union netr_CONTROL_DATA_INFORMATION data
;
40 union netr_CONTROL_QUERY_INFORMATION query
;
41 const char *domain
= lp_workgroup();
44 fprintf(stderr
, "Usage: %s <logon_server> <function_code> "
45 "<level> <domain>\n", argv
[0]);
50 logon_server
= argv
[1];
54 function_code
= atoi(argv
[2]);
58 level
= atoi(argv
[3]);
65 switch (function_code
) {
66 case NETLOGON_CONTROL_REDISCOVER
:
67 case NETLOGON_CONTROL_TC_QUERY
:
74 status
= rpccli_netr_LogonControl2(cli
, mem_ctx
,
81 if (!NT_STATUS_IS_OK(status
)) {
82 return ntstatus_to_werror(status
);
85 if (!W_ERROR_IS_OK(werr
)) {
94 static WERROR
cmd_netlogon_getanydcname(struct rpc_pipe_client
*cli
,
95 TALLOC_CTX
*mem_ctx
, int argc
,
98 const char *dcname
= NULL
;
104 fprintf(stderr
, "Usage: %s domainname\n", argv
[0]);
108 /* Make sure to wait for our DC's reply */
109 old_timeout
= rpccli_set_timeout(cli
, 30000); /* 30 seconds. */
110 rpccli_set_timeout(cli
, MAX(old_timeout
, 30000)); /* At least 30 sec */
112 status
= rpccli_netr_GetAnyDCName(cli
, mem_ctx
,
117 rpccli_set_timeout(cli
, old_timeout
);
119 if (!NT_STATUS_IS_OK(status
)) {
120 return ntstatus_to_werror(status
);
123 if (!W_ERROR_IS_OK(werr
)) {
127 /* Display results */
129 printf("%s\n", dcname
);
134 static WERROR
cmd_netlogon_getdcname(struct rpc_pipe_client
*cli
,
135 TALLOC_CTX
*mem_ctx
, int argc
,
138 const char *dcname
= NULL
;
144 fprintf(stderr
, "Usage: %s domainname\n", argv
[0]);
148 /* Make sure to wait for our DC's reply */
149 old_timeout
= rpccli_set_timeout(cli
, 30000); /* 30 seconds. */
150 rpccli_set_timeout(cli
, MAX(30000, old_timeout
)); /* At least 30 sec */
152 status
= rpccli_netr_GetDcName(cli
, mem_ctx
,
157 rpccli_set_timeout(cli
, old_timeout
);
159 if (!NT_STATUS_IS_OK(status
)) {
160 return ntstatus_to_werror(status
);
163 if (!W_ERROR_IS_OK(werr
)) {
167 /* Display results */
169 printf("%s\n", dcname
);
174 static WERROR
cmd_netlogon_dsr_getdcname(struct rpc_pipe_client
*cli
,
175 TALLOC_CTX
*mem_ctx
, int argc
,
179 WERROR werr
= WERR_OK
;
180 uint32 flags
= DS_RETURN_DNS_NAME
;
181 const char *server_name
= cli
->desthost
;
182 const char *domain_name
;
183 struct GUID domain_guid
= GUID_zero();
184 struct GUID site_guid
= GUID_zero();
185 struct netr_DsRGetDCNameInfo
*info
= NULL
;
188 fprintf(stderr
, "Usage: %s [domain_name] [domain_guid] "
189 "[site_guid] [flags]\n", argv
[0]);
194 domain_name
= argv
[1];
197 if (!NT_STATUS_IS_OK(GUID_from_string(argv
[2], &domain_guid
))) {
203 if (!NT_STATUS_IS_OK(GUID_from_string(argv
[3], &site_guid
))) {
209 sscanf(argv
[4], "%x", &flags
);
211 debug_dsdcinfo_flags(1,flags
);
213 result
= rpccli_netr_DsRGetDCName(cli
, mem_ctx
,
222 if (W_ERROR_IS_OK(werr
)) {
223 d_printf("DsGetDcName gave: %s\n",
224 NDR_PRINT_STRUCT_STRING(mem_ctx
, netr_DsRGetDCNameInfo
, info
));
228 printf("rpccli_netlogon_dsr_getdcname returned %s\n",
234 static WERROR
cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client
*cli
,
235 TALLOC_CTX
*mem_ctx
, int argc
,
240 uint32_t flags
= DS_RETURN_DNS_NAME
;
241 const char *server_name
= cli
->desthost
;
242 const char *domain_name
;
243 const char *site_name
= NULL
;
244 struct GUID domain_guid
= GUID_zero();
245 struct netr_DsRGetDCNameInfo
*info
= NULL
;
248 fprintf(stderr
, "Usage: %s [domain_name] [domain_guid] "
249 "[site_name] [flags]\n", argv
[0]);
253 domain_name
= argv
[1];
256 if (!NT_STATUS_IS_OK(GUID_from_string(argv
[2], &domain_guid
))) {
266 sscanf(argv
[4], "%x", &flags
);
269 debug_dsdcinfo_flags(1,flags
);
271 status
= rpccli_netr_DsRGetDCNameEx(cli
, mem_ctx
,
279 if (!NT_STATUS_IS_OK(status
)) {
280 return ntstatus_to_werror(status
);
283 if (!W_ERROR_IS_OK(result
)) {
287 d_printf("DsRGetDCNameEx gave %s\n",
288 NDR_PRINT_STRUCT_STRING(mem_ctx
, netr_DsRGetDCNameInfo
, info
));
293 static WERROR
cmd_netlogon_dsr_getdcnameex2(struct rpc_pipe_client
*cli
,
294 TALLOC_CTX
*mem_ctx
, int argc
,
299 uint32_t flags
= DS_RETURN_DNS_NAME
;
300 const char *server_name
= cli
->desthost
;
301 const char *domain_name
= NULL
;
302 const char *client_account
= NULL
;
304 const char *site_name
= NULL
;
305 struct GUID domain_guid
= GUID_zero();
306 struct netr_DsRGetDCNameInfo
*info
= NULL
;
309 fprintf(stderr
, "Usage: %s [client_account] [acb_mask] "
310 "[domain_name] [domain_guid] [site_name] "
311 "[flags]\n", argv
[0]);
316 client_account
= argv
[1];
320 mask
= atoi(argv
[2]);
324 domain_name
= argv
[3];
328 if (!NT_STATUS_IS_OK(GUID_from_string(argv
[4], &domain_guid
))) {
338 sscanf(argv
[6], "%x", &flags
);
341 debug_dsdcinfo_flags(1,flags
);
343 status
= rpccli_netr_DsRGetDCNameEx2(cli
, mem_ctx
,
353 if (!NT_STATUS_IS_OK(status
)) {
354 return ntstatus_to_werror(status
);
357 if (!W_ERROR_IS_OK(result
)) {
361 d_printf("DsRGetDCNameEx2 gave %s\n",
362 NDR_PRINT_STRUCT_STRING(mem_ctx
, netr_DsRGetDCNameInfo
, info
));
368 static WERROR
cmd_netlogon_dsr_getsitename(struct rpc_pipe_client
*cli
,
369 TALLOC_CTX
*mem_ctx
, int argc
,
374 const char *sitename
= NULL
;
377 fprintf(stderr
, "Usage: %s computername\n", argv
[0]);
381 status
= rpccli_netr_DsRGetSiteName(cli
, mem_ctx
,
385 if (!NT_STATUS_IS_OK(status
)) {
386 return ntstatus_to_werror(status
);
389 if (!W_ERROR_IS_OK(werr
)) {
390 printf("rpccli_netlogon_dsr_gesitename returned %s\n",
391 nt_errstr(werror_to_ntstatus(werr
)));
395 printf("Computer %s is on Site: %s\n", argv
[1], sitename
);
400 static WERROR
cmd_netlogon_logon_ctrl(struct rpc_pipe_client
*cli
,
401 TALLOC_CTX
*mem_ctx
, int argc
,
404 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
406 const char *logon_server
= cli
->desthost
;
407 enum netr_LogonControlCode function_code
= 1;
409 union netr_CONTROL_QUERY_INFORMATION info
;
412 fprintf(stderr
, "Usage: %s <logon_server> <function_code> "
413 "<level>\n", argv
[0]);
418 logon_server
= argv
[1];
422 function_code
= atoi(argv
[2]);
426 level
= atoi(argv
[3]);
429 status
= rpccli_netr_LogonControl(cli
, mem_ctx
,
435 if (!NT_STATUS_IS_OK(status
)) {
436 return ntstatus_to_werror(status
);
439 if (!W_ERROR_IS_OK(werr
)) {
443 /* Display results */
448 /* Display sam synchronisation information */
450 static void display_sam_sync(struct netr_DELTA_ENUM_ARRAY
*r
)
454 for (i
=0; i
< r
->num_deltas
; i
++) {
456 union netr_DELTA_UNION u
= r
->delta_enum
[i
].delta_union
;
457 union netr_DELTA_ID_UNION id
= r
->delta_enum
[i
].delta_id_union
;
459 switch (r
->delta_enum
[i
].delta_type
) {
460 case NETR_DELTA_DOMAIN
:
461 printf("Domain: %s\n",
462 u
.domain
->domain_name
.string
);
464 case NETR_DELTA_GROUP
:
465 printf("Group: %s\n",
466 u
.group
->group_name
.string
);
468 case NETR_DELTA_DELETE_GROUP
:
469 printf("Delete Group: %d\n",
470 u
.delete_account
.unknown
);
472 case NETR_DELTA_RENAME_GROUP
:
473 printf("Rename Group: %s -> %s\n",
474 u
.rename_group
->OldName
.string
,
475 u
.rename_group
->NewName
.string
);
477 case NETR_DELTA_USER
:
478 printf("Account: %s\n",
479 u
.user
->account_name
.string
);
481 case NETR_DELTA_DELETE_USER
:
482 printf("Delete User: %d\n",
485 case NETR_DELTA_RENAME_USER
:
486 printf("Rename user: %s -> %s\n",
487 u
.rename_user
->OldName
.string
,
488 u
.rename_user
->NewName
.string
);
490 case NETR_DELTA_GROUP_MEMBER
:
491 for (j
=0; j
< u
.group_member
->num_rids
; j
++) {
492 printf("rid 0x%x, attrib 0x%08x\n",
493 u
.group_member
->rids
[j
],
494 u
.group_member
->attribs
[j
]);
497 case NETR_DELTA_ALIAS
:
498 printf("Alias: %s\n",
499 u
.alias
->alias_name
.string
);
501 case NETR_DELTA_DELETE_ALIAS
:
502 printf("Delete Alias: %d\n",
503 r
->delta_enum
[i
].delta_id_union
.rid
);
505 case NETR_DELTA_RENAME_ALIAS
:
506 printf("Rename alias: %s -> %s\n",
507 u
.rename_alias
->OldName
.string
,
508 u
.rename_alias
->NewName
.string
);
510 case NETR_DELTA_ALIAS_MEMBER
:
511 for (j
=0; j
< u
.alias_member
->sids
.num_sids
; j
++) {
513 sid_to_fstring(sid_str
,
514 u
.alias_member
->sids
.sids
[j
].sid
);
515 printf("%s\n", sid_str
);
518 case NETR_DELTA_POLICY
:
521 case NETR_DELTA_TRUSTED_DOMAIN
:
522 printf("Trusted Domain: %s\n",
523 u
.trusted_domain
->domain_name
.string
);
525 case NETR_DELTA_DELETE_TRUST
:
526 printf("Delete Trust: %d\n",
527 u
.delete_trust
.unknown
);
529 case NETR_DELTA_ACCOUNT
:
532 case NETR_DELTA_DELETE_ACCOUNT
:
533 printf("Delete Account: %d\n",
534 u
.delete_account
.unknown
);
536 case NETR_DELTA_SECRET
:
539 case NETR_DELTA_DELETE_SECRET
:
540 printf("Delete Secret: %d\n",
541 u
.delete_secret
.unknown
);
543 case NETR_DELTA_DELETE_GROUP2
:
544 printf("Delete Group2: %s\n",
545 u
.delete_group
->account_name
);
547 case NETR_DELTA_DELETE_USER2
:
548 printf("Delete User2: %s\n",
549 u
.delete_user
->account_name
);
551 case NETR_DELTA_MODIFY_COUNT
:
552 printf("sam sequence update: 0x%016llx\n",
553 (unsigned long long) *u
.modified_count
);
556 printf("unknown delta type 0x%02x\n",
557 r
->delta_enum
[i
].delta_type
);
563 /* Perform sam synchronisation */
565 static NTSTATUS
cmd_netlogon_sam_sync(struct rpc_pipe_client
*cli
,
566 TALLOC_CTX
*mem_ctx
, int argc
,
569 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
570 const char *logon_server
= cli
->desthost
;
571 const char *computername
= global_myname();
572 struct netr_Authenticator credential
;
573 struct netr_Authenticator return_authenticator
;
574 enum netr_SamDatabaseID database_id
= SAM_DATABASE_DOMAIN
;
575 uint16_t restart_state
= 0;
576 uint32_t sync_context
= 0;
579 fprintf(stderr
, "Usage: %s [database_id]\n", argv
[0]);
584 database_id
= atoi(argv
[1]);
587 /* Synchronise sam database */
590 struct netr_DELTA_ENUM_ARRAY
*delta_enum_array
= NULL
;
592 netlogon_creds_client_authenticator(cli
->dc
, &credential
);
594 result
= rpccli_netr_DatabaseSync2(cli
, mem_ctx
,
598 &return_authenticator
,
605 /* Check returned credentials. */
606 if (!netlogon_creds_client_check(cli
->dc
,
607 &return_authenticator
.cred
)) {
608 DEBUG(0,("credentials chain check failed\n"));
609 return NT_STATUS_ACCESS_DENIED
;
612 if (NT_STATUS_IS_ERR(result
)) {
616 /* Display results */
618 display_sam_sync(delta_enum_array
);
620 TALLOC_FREE(delta_enum_array
);
622 } while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
627 /* Perform sam delta synchronisation */
629 static NTSTATUS
cmd_netlogon_sam_deltas(struct rpc_pipe_client
*cli
,
630 TALLOC_CTX
*mem_ctx
, int argc
,
633 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
635 const char *logon_server
= cli
->desthost
;
636 const char *computername
= global_myname();
637 struct netr_Authenticator credential
;
638 struct netr_Authenticator return_authenticator
;
639 enum netr_SamDatabaseID database_id
= SAM_DATABASE_DOMAIN
;
640 uint64_t sequence_num
;
643 fprintf(stderr
, "Usage: %s database_id seqnum\n", argv
[0]);
647 database_id
= atoi(argv
[1]);
650 sequence_num
= tmp
& 0xffff;
653 struct netr_DELTA_ENUM_ARRAY
*delta_enum_array
= NULL
;
655 netlogon_creds_client_authenticator(cli
->dc
, &credential
);
657 result
= rpccli_netr_DatabaseDeltas(cli
, mem_ctx
,
661 &return_authenticator
,
667 /* Check returned credentials. */
668 if (!netlogon_creds_client_check(cli
->dc
,
669 &return_authenticator
.cred
)) {
670 DEBUG(0,("credentials chain check failed\n"));
671 return NT_STATUS_ACCESS_DENIED
;
674 if (NT_STATUS_IS_ERR(result
)) {
678 /* Display results */
680 display_sam_sync(delta_enum_array
);
682 TALLOC_FREE(delta_enum_array
);
684 } while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
689 /* Log on a domain user */
691 static NTSTATUS
cmd_netlogon_sam_logon(struct rpc_pipe_client
*cli
,
692 TALLOC_CTX
*mem_ctx
, int argc
,
695 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
696 int logon_type
= NetlogonNetworkInformation
;
697 const char *username
, *password
;
699 uint32 logon_param
= 0;
700 const char *workstation
= NULL
;
702 /* Check arguments */
704 if (argc
< 3 || argc
> 7) {
705 fprintf(stderr
, "Usage: samlogon <username> <password> [workstation]"
706 "[logon_type (1 or 2)] [auth level (2 or 3)] [logon_parameter]\n");
714 workstation
= argv
[3];
717 sscanf(argv
[4], "%i", &logon_type
);
720 sscanf(argv
[5], "%i", &auth_level
);
723 sscanf(argv
[6], "%x", &logon_param
);
725 /* Perform the sam logon */
727 result
= rpccli_netlogon_sam_logon(cli
, mem_ctx
, logon_param
, lp_workgroup(), username
, password
, workstation
, logon_type
);
729 if (!NT_STATUS_IS_OK(result
))
736 /* Change the trust account password */
738 static NTSTATUS
cmd_netlogon_change_trust_pw(struct rpc_pipe_client
*cli
,
739 TALLOC_CTX
*mem_ctx
, int argc
,
742 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
744 /* Check arguments */
747 fprintf(stderr
, "Usage: change_trust_pw");
751 /* Perform the sam logon */
753 result
= trust_pw_find_change_and_store_it(cli
, mem_ctx
,
756 if (!NT_STATUS_IS_OK(result
))
763 static WERROR
cmd_netlogon_gettrustrid(struct rpc_pipe_client
*cli
,
764 TALLOC_CTX
*mem_ctx
, int argc
,
767 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
768 WERROR werr
= WERR_GENERAL_FAILURE
;
769 const char *server_name
= cli
->desthost
;
770 const char *domain_name
= lp_workgroup();
773 if (argc
< 1 || argc
> 3) {
774 fprintf(stderr
, "Usage: %s <server_name> <domain_name>\n",
780 server_name
= argv
[1];
784 domain_name
= argv
[2];
787 status
= rpccli_netr_LogonGetTrustRid(cli
, mem_ctx
,
792 if (!NT_STATUS_IS_OK(status
)) {
796 if (W_ERROR_IS_OK(werr
)) {
797 printf("Rid: %d\n", rid
);
803 static WERROR
cmd_netlogon_dsr_enumtrustdom(struct rpc_pipe_client
*cli
,
804 TALLOC_CTX
*mem_ctx
, int argc
,
807 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
808 WERROR werr
= WERR_GENERAL_FAILURE
;
809 const char *server_name
= cli
->desthost
;
810 uint32_t trust_flags
= NETR_TRUST_FLAG_IN_FOREST
;
811 struct netr_DomainTrustList trusts
;
813 if (argc
< 1 || argc
> 3) {
814 fprintf(stderr
, "Usage: %s <server_name> <trust_flags>\n",
820 server_name
= argv
[1];
824 sscanf(argv
[2], "%x", &trust_flags
);
827 status
= rpccli_netr_DsrEnumerateDomainTrusts(cli
, mem_ctx
,
832 if (!NT_STATUS_IS_OK(status
)) {
836 if (W_ERROR_IS_OK(werr
)) {
839 printf("%d domains returned\n", trusts
.count
);
841 for (i
=0; i
<trusts
.count
; i
++ ) {
843 trusts
.array
[i
].dns_name
,
844 trusts
.array
[i
].netbios_name
);
851 static WERROR
cmd_netlogon_deregisterdnsrecords(struct rpc_pipe_client
*cli
,
852 TALLOC_CTX
*mem_ctx
, int argc
,
855 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
856 WERROR werr
= WERR_GENERAL_FAILURE
;
857 const char *server_name
= cli
->desthost
;
858 const char *domain
= lp_workgroup();
859 const char *dns_host
= NULL
;
861 if (argc
< 1 || argc
> 4) {
862 fprintf(stderr
, "Usage: %s <server_name> <domain_name> "
863 "<dns_host>\n", argv
[0]);
868 server_name
= argv
[1];
879 status
= rpccli_netr_DsrDeregisterDNSHostRecords(cli
, mem_ctx
,
886 if (!NT_STATUS_IS_OK(status
)) {
890 if (W_ERROR_IS_OK(werr
)) {
897 static WERROR
cmd_netlogon_dsr_getforesttrustinfo(struct rpc_pipe_client
*cli
,
898 TALLOC_CTX
*mem_ctx
, int argc
,
901 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
902 WERROR werr
= WERR_GENERAL_FAILURE
;
903 const char *server_name
= cli
->desthost
;
904 const char *trusted_domain_name
= NULL
;
905 struct lsa_ForestTrustInformation
*info
= NULL
;
908 if (argc
< 1 || argc
> 4) {
909 fprintf(stderr
, "Usage: %s <server_name> <trusted_domain_name> "
910 "<flags>\n", argv
[0]);
915 server_name
= argv
[1];
919 trusted_domain_name
= argv
[2];
923 sscanf(argv
[3], "%x", &flags
);
926 status
= rpccli_netr_DsRGetForestTrustInformation(cli
, mem_ctx
,
932 if (!NT_STATUS_IS_OK(status
)) {
936 if (W_ERROR_IS_OK(werr
)) {
943 static NTSTATUS
cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client
*cli
,
944 TALLOC_CTX
*mem_ctx
, int argc
,
947 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
948 const char *server_name
= cli
->desthost
;
949 struct netr_Blob blob
;
952 if (argc
< 1 || argc
> 3) {
953 fprintf(stderr
, "Usage: %s <server_name>\n", argv
[0]);
958 server_name
= argv
[1];
961 status
= rpccli_netr_NetrEnumerateTrustedDomains(cli
, mem_ctx
,
964 if (!NT_STATUS_IS_OK(status
)) {
969 dump_data(1, blob
.data
, blob
.length
);
974 static WERROR
cmd_netlogon_enumtrusteddomainsex(struct rpc_pipe_client
*cli
,
975 TALLOC_CTX
*mem_ctx
, int argc
,
978 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
979 WERROR werr
= WERR_GENERAL_FAILURE
;
980 const char *server_name
= cli
->desthost
;
981 struct netr_DomainTrustList list
;
983 if (argc
< 1 || argc
> 3) {
984 fprintf(stderr
, "Usage: %s <server_name>\n", argv
[0]);
989 server_name
= argv
[1];
992 status
= rpccli_netr_NetrEnumerateTrustedDomainsEx(cli
, mem_ctx
,
996 if (!NT_STATUS_IS_OK(status
)) {
1000 if (W_ERROR_IS_OK(werr
)) {
1001 printf("success\n");
1007 static WERROR
cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client
*cli
,
1008 TALLOC_CTX
*mem_ctx
, int argc
,
1011 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
1012 WERROR werr
= WERR_GENERAL_FAILURE
;
1013 const char *server_name
= cli
->desthost
;
1014 struct DcSitesCtr
*ctr
= NULL
;
1016 if (argc
< 1 || argc
> 3) {
1017 fprintf(stderr
, "Usage: %s <server_name>\n", argv
[0]);
1022 server_name
= argv
[1];
1025 status
= rpccli_netr_DsrGetDcSiteCoverageW(cli
, mem_ctx
,
1029 if (!NT_STATUS_IS_OK(status
)) {
1033 if (W_ERROR_IS_OK(werr
) && ctr
->num_sites
) {
1035 printf("sites covered by this DC: %d\n", ctr
->num_sites
);
1036 for (i
=0; i
<ctr
->num_sites
; i
++) {
1037 printf("%s\n", ctr
->sites
[i
].string
);
1044 static NTSTATUS
cmd_netlogon_database_redo(struct rpc_pipe_client
*cli
,
1045 TALLOC_CTX
*mem_ctx
, int argc
,
1048 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
1049 const char *server_name
= cli
->desthost
;
1050 uint32_t neg_flags
= NETLOGON_NEG_AUTH2_ADS_FLAGS
;
1051 struct netr_Authenticator clnt_creds
, srv_cred
;
1052 struct netr_DELTA_ENUM_ARRAY
*delta_enum_array
= NULL
;
1053 unsigned char trust_passwd_hash
[16];
1054 enum netr_SchannelType sec_channel_type
= 0;
1055 struct netr_ChangeLogEntry e
;
1059 fprintf(stderr
, "Usage: %s <user rid>\n", argv
[0]);
1060 return NT_STATUS_OK
;
1064 sscanf(argv
[1], "%d", &rid
);
1067 if (!secrets_fetch_trust_account_password(lp_workgroup(),
1069 NULL
, &sec_channel_type
)) {
1070 return NT_STATUS_UNSUCCESSFUL
;
1073 status
= rpccli_netlogon_setup_creds(cli
,
1074 server_name
, /* server name */
1075 lp_workgroup(), /* domain */
1076 global_myname(), /* client name */
1077 global_myname(), /* machine account name */
1082 if (!NT_STATUS_IS_OK(status
)) {
1086 netlogon_creds_client_authenticator(cli
->dc
, &clnt_creds
);
1091 e
.db_index
= SAM_DATABASE_DOMAIN
;
1092 e
.delta_type
= NETR_DELTA_USER
;
1094 status
= rpccli_netr_DatabaseRedo(cli
, mem_ctx
,
1100 0, /* is calculated automatically */
1103 if (!netlogon_creds_client_check(cli
->dc
, &srv_cred
.cred
)) {
1104 DEBUG(0,("credentials chain check failed\n"));
1105 return NT_STATUS_ACCESS_DENIED
;
1111 static NTSTATUS
cmd_netlogon_capabilities(struct rpc_pipe_client
*cli
,
1112 TALLOC_CTX
*mem_ctx
, int argc
,
1115 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
1116 struct netr_Authenticator credential
;
1117 struct netr_Authenticator return_authenticator
;
1118 union netr_Capabilities capabilities
;
1122 fprintf(stderr
, "Usage: %s <level>\n", argv
[0]);
1123 return NT_STATUS_OK
;
1127 level
= atoi(argv
[1]);
1130 ZERO_STRUCT(return_authenticator
);
1132 netlogon_creds_client_authenticator(cli
->dc
, &credential
);
1134 status
= rpccli_netr_LogonGetCapabilities(cli
, mem_ctx
,
1138 &return_authenticator
,
1142 if (!netlogon_creds_client_check(cli
->dc
,
1143 &return_authenticator
.cred
)) {
1144 DEBUG(0,("credentials chain check failed\n"));
1145 return NT_STATUS_ACCESS_DENIED
;
1148 printf("capabilities: 0x%08x\n", capabilities
.server_capabilities
);
1153 /* List of commands exported by this module */
1155 struct cmd_set netlogon_commands
[] = {
1159 { "logonctrl2", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_logon_ctrl2
, &ndr_table_netlogon
.syntax_id
, NULL
, "Logon Control 2", "" },
1160 { "getanydcname", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_getanydcname
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get trusted DC name", "" },
1161 { "getdcname", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_getdcname
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get trusted PDC name", "" },
1162 { "dsr_getdcname", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_getdcname
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get trusted DC name", "" },
1163 { "dsr_getdcnameex", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_getdcnameex
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get trusted DC name", "" },
1164 { "dsr_getdcnameex2", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_getdcnameex2
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get trusted DC name", "" },
1165 { "dsr_getsitename", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_getsitename
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get sitename", "" },
1166 { "dsr_getforesttrustinfo", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_getforesttrustinfo
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get Forest Trust Info", "" },
1167 { "logonctrl", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_logon_ctrl
, &ndr_table_netlogon
.syntax_id
, NULL
, "Logon Control", "" },
1168 { "samsync", RPC_RTYPE_NTSTATUS
, cmd_netlogon_sam_sync
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Sam Synchronisation", "" },
1169 { "samdeltas", RPC_RTYPE_NTSTATUS
, cmd_netlogon_sam_deltas
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Query Sam Deltas", "" },
1170 { "samlogon", RPC_RTYPE_NTSTATUS
, cmd_netlogon_sam_logon
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Sam Logon", "" },
1171 { "change_trust_pw", RPC_RTYPE_NTSTATUS
, cmd_netlogon_change_trust_pw
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Change Trust Account Password", "" },
1172 { "gettrustrid", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_gettrustrid
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get trust rid", "" },
1173 { "dsr_enumtrustdom", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_enumtrustdom
, &ndr_table_netlogon
.syntax_id
, NULL
, "Enumerate trusted domains", "" },
1174 { "dsenumdomtrusts", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_dsr_enumtrustdom
, &ndr_table_netlogon
.syntax_id
, NULL
, "Enumerate all trusted domains in an AD forest", "" },
1175 { "deregisterdnsrecords", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_deregisterdnsrecords
, &ndr_table_netlogon
.syntax_id
, NULL
, "Deregister DNS records", "" },
1176 { "netrenumtrusteddomains", RPC_RTYPE_NTSTATUS
, cmd_netlogon_enumtrusteddomains
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Enumerate trusted domains", "" },
1177 { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_enumtrusteddomainsex
, &ndr_table_netlogon
.syntax_id
, NULL
, "Enumerate trusted domains", "" },
1178 { "getdcsitecoverage", RPC_RTYPE_WERROR
, NULL
, cmd_netlogon_getdcsitecoverage
, &ndr_table_netlogon
.syntax_id
, NULL
, "Get the Site-Coverage from a DC", "" },
1179 { "database_redo", RPC_RTYPE_NTSTATUS
, cmd_netlogon_database_redo
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Replicate single object from a DC", "" },
1180 { "capabilities", RPC_RTYPE_NTSTATUS
, cmd_netlogon_capabilities
, NULL
, &ndr_table_netlogon
.syntax_id
, NULL
, "Return Capabilities", "" },