Context Navigation

source: branches/samba-3.3.x/source/utils/net_util.c

Visit:

Last change on this file was 280, checked in by Silvan Scherrer, 16 years ago
fix to NULL user
File size: 17.6 KB

Line
1	/*
2	* Unix SMB/CIFS implementation.
3	* Helper routines for net
4	* Copyright (C) Volker Lendecke 2006
5	* Copyright (C) Kai Blin 2008
6	*
7	* This program is free software; you can redistribute it and/or modify
8	* it under the terms of the GNU General Public License as published by
9	* the Free Software Foundation; either version 3 of the License, or
10	* (at your option) any later version.
11	*
12	* This program is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	* GNU General Public License for more details.
16	*
17	* You should have received a copy of the GNU General Public License
18	* along with this program; if not, see <http://www.gnu.org/licenses/>.
19	*/
20
21
22	#include "includes.h"
23	#include "utils/net.h"
24
25	NTSTATUS net_rpc_lookup_name(struct net_context *c,
26	TALLOC_CTX mem_ctx, struct cli_state cli,
27	const char name, const char *ret_domain,
28	const char *ret_name, DOM_SID ret_sid,
29	enum lsa_SidType *ret_type)
30	{
31	struct rpc_pipe_client *lsa_pipe;
32	POLICY_HND pol;
33	NTSTATUS result = NT_STATUS_OK;
34	const char **dom_names;
35	DOM_SID *sids;
36	enum lsa_SidType *types;
37
38	ZERO_STRUCT(pol);
39
40	result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
41	&lsa_pipe);
42	if (!NT_STATUS_IS_OK(result)) {
43	d_fprintf(stderr, "Could not initialise lsa pipe\n");
44	return result;
45	}
46
47	result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
48	SEC_RIGHTS_MAXIMUM_ALLOWED,
49	&pol);
50	if (!NT_STATUS_IS_OK(result)) {
51	d_fprintf(stderr, "open_policy failed: %s\n",
52	nt_errstr(result));
53	return result;
54	}
55
56	result = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1,
57	&name, &dom_names, 1, &sids, &types);
58
59	if (!NT_STATUS_IS_OK(result)) {
60	/* This can happen easily, don't log an error */
61	goto done;
62	}
63
64	if (ret_domain != NULL) {
65	*ret_domain = dom_names[0];
66	}
67	if (ret_name != NULL) {
68	*ret_name = talloc_strdup(mem_ctx, name);
69	}
70	if (ret_sid != NULL) {
71	sid_copy(ret_sid, &sids[0]);
72	}
73	if (ret_type != NULL) {
74	*ret_type = types[0];
75	}
76
77	done:
78	if (is_valid_policy_hnd(&pol)) {
79	rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
80	}
81	TALLOC_FREE(lsa_pipe);
82
83	return result;
84	}
85
86	/****************************************************************************
87	Connect to \\server\service.
88	****************************************************************************/
89
90	NTSTATUS connect_to_service(struct net_context *c,
91	struct cli_state **cli_ctx,
92	struct sockaddr_storage *server_ss,
93	const char *server_name,
94	const char *service_name,
95	const char *service_type)
96	{
97	NTSTATUS nt_status;
98	int flags = 0;
99	#ifdef __OS2__
100	if (!c->opt_user_name \|\| c->opt_user_name == NULL) {
101	d_printf("The username was not set.\n");
102	return NT_STATUS_LOGON_FAILURE;
103	}
104	#endif
105	c->opt_password = net_prompt_pass(c, c->opt_user_name);
106
107	if (c->opt_kerberos) {
108	flags \|= CLI_FULL_CONNECTION_USE_KERBEROS;
109	}
110
111	if (c->opt_kerberos && c->opt_password) {
112	flags \|= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
113	}
114
115	nt_status = cli_full_connection(cli_ctx, NULL, server_name,
116	server_ss, c->opt_port,
117	service_name, service_type,
118	c->opt_user_name, c->opt_workgroup,
119	c->opt_password, flags, Undefined, NULL);
120	if (!NT_STATUS_IS_OK(nt_status)) {
121	d_fprintf(stderr, "Could not connect to server %s\n", server_name);
122
123	/* Display a nicer message depending on the result */
124
125	if (NT_STATUS_V(nt_status) ==
126	NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
127	d_fprintf(stderr, "The username or password was not correct.\n");
128
129	if (NT_STATUS_V(nt_status) ==
130	NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
131	d_fprintf(stderr, "The account was locked out.\n");
132
133	if (NT_STATUS_V(nt_status) ==
134	NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
135	d_fprintf(stderr, "The account was disabled.\n");
136	return nt_status;
137	}
138
139	if (c->smb_encrypt) {
140	nt_status = cli_force_encryption(*cli_ctx,
141	c->opt_user_name,
142	c->opt_password,
143	c->opt_workgroup);
144
145	if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
146	d_printf("Encryption required and "
147	"server that doesn't support "
148	"UNIX extensions - failing connect\n");
149	} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) {
150	d_printf("Encryption required and "
151	"can't get UNIX CIFS extensions "
152	"version from server.\n");
153	} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
154	d_printf("Encryption required and "
155	"share %s doesn't support "
156	"encryption.\n", service_name);
157	} else if (!NT_STATUS_IS_OK(nt_status)) {
158	d_printf("Encryption required and "
159	"setup failed with error %s.\n",
160	nt_errstr(nt_status));
161	}
162
163	if (!NT_STATUS_IS_OK(nt_status)) {
164	cli_shutdown(*cli_ctx);
165	*cli_ctx = NULL;
166	}
167	}
168
169	return nt_status;
170	}
171
172	/****************************************************************************
173	Connect to \\server\ipc$.
174	****************************************************************************/
175
176	NTSTATUS connect_to_ipc(struct net_context *c,
177	struct cli_state **cli_ctx,
178	struct sockaddr_storage *server_ss,
179	const char *server_name)
180	{
181	return connect_to_service(c, cli_ctx, server_ss, server_name, "IPC$",
182	"IPC");
183	}
184
185	/****************************************************************************
186	Connect to \\server\ipc$ anonymously.
187	****************************************************************************/
188
189	NTSTATUS connect_to_ipc_anonymous(struct net_context *c,
190	struct cli_state **cli_ctx,
191	struct sockaddr_storage *server_ss,
192	const char *server_name)
193	{
194	NTSTATUS nt_status;
195
196	nt_status = cli_full_connection(cli_ctx, c->opt_requester_name,
197	server_name, server_ss, c->opt_port,
198	"IPC$", "IPC",
199	"", "",
200	"", 0, Undefined, NULL);
201
202	if (NT_STATUS_IS_OK(nt_status)) {
203	return nt_status;
204	} else {
205	DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status)));
206	return nt_status;
207	}
208	}
209
210	/****************************************************************************
211	Return malloced user@realm for krb5 login.
212	****************************************************************************/
213
214	static char get_user_and_realm(const char username)
215	{
216	char *user_and_realm = NULL;
217
218	if (!username) {
219	return NULL;
220	}
221	if (strchr_m(username, '@')) {
222	user_and_realm = SMB_STRDUP(username);
223	} else {
224	if (asprintf(&user_and_realm, "%s@%s", username, lp_realm()) == -1) {
225	user_and_realm = NULL;
226	}
227	}
228	return user_and_realm;
229	}
230
231	/****************************************************************************
232	Connect to \\server\ipc$ using KRB5.
233	****************************************************************************/
234
235	NTSTATUS connect_to_ipc_krb5(struct net_context *c,
236	struct cli_state **cli_ctx,
237	struct sockaddr_storage *server_ss,
238	const char *server_name)
239	{
240	NTSTATUS nt_status;
241	char *user_and_realm = NULL;
242
243	/* FIXME: Should get existing kerberos ticket if possible. */
244	c->opt_password = net_prompt_pass(c, c->opt_user_name);
245	if (!c->opt_password) {
246	return NT_STATUS_NO_MEMORY;
247	}
248
249	user_and_realm = get_user_and_realm(c->opt_user_name);
250	if (!user_and_realm) {
251	return NT_STATUS_NO_MEMORY;
252	}
253
254	nt_status = cli_full_connection(cli_ctx, NULL, server_name,
255	server_ss, c->opt_port,
256	"IPC$", "IPC",
257	user_and_realm, c->opt_workgroup,
258	c->opt_password,
259	CLI_FULL_CONNECTION_USE_KERBEROS,
260	Undefined, NULL);
261
262	SAFE_FREE(user_and_realm);
263
264	if (!NT_STATUS_IS_OK(nt_status)) {
265	DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
266	return nt_status;
267	}
268
269	if (c->smb_encrypt) {
270	nt_status = cli_cm_force_encryption(*cli_ctx,
271	user_and_realm,
272	c->opt_password,
273	c->opt_workgroup,
274	"IPC$");
275	if (!NT_STATUS_IS_OK(nt_status)) {
276	cli_shutdown(*cli_ctx);
277	*cli_ctx = NULL;
278	}
279	}
280
281	return nt_status;
282	}
283
284	/**
285	* Connect a server and open a given pipe
286	*
287	* @param cli_dst A cli_state
288	* @param pipe The pipe to open
289	* @param got_pipe boolean that stores if we got a pipe
290	*
291	* @return Normal NTSTATUS return.
292	**/
293	NTSTATUS connect_dst_pipe(struct net_context c, struct cli_state *cli_dst,
294	struct rpc_pipe_client **pp_pipe_hnd,
295	const struct ndr_syntax_id *interface)
296	{
297	NTSTATUS nt_status;
298	char *server_name = SMB_STRDUP("127.0.0.1");
299	struct cli_state *cli_tmp = NULL;
300	struct rpc_pipe_client *pipe_hnd = NULL;
301
302	if (server_name == NULL) {
303	return NT_STATUS_NO_MEMORY;
304	}
305
306	if (c->opt_destination) {
307	SAFE_FREE(server_name);
308	if ((server_name = SMB_STRDUP(c->opt_destination)) == NULL) {
309	return NT_STATUS_NO_MEMORY;
310	}
311	}
312
313	/* make a connection to a named pipe */
314	nt_status = connect_to_ipc(c, &cli_tmp, NULL, server_name);
315	if (!NT_STATUS_IS_OK(nt_status)) {
316	SAFE_FREE(server_name);
317	return nt_status;
318	}
319
320	nt_status = cli_rpc_pipe_open_noauth(cli_tmp, interface,
321	&pipe_hnd);
322	if (!NT_STATUS_IS_OK(nt_status)) {
323	DEBUG(0, ("couldn't not initialize pipe\n"));
324	cli_shutdown(cli_tmp);
325	SAFE_FREE(server_name);
326	return nt_status;
327	}
328
329	*cli_dst = cli_tmp;
330	*pp_pipe_hnd = pipe_hnd;
331	SAFE_FREE(server_name);
332
333	return nt_status;
334	}
335
336	/****************************************************************************
337	Use the local machine account (krb) and password for this session.
338	****************************************************************************/
339
340	int net_use_krb_machine_account(struct net_context *c)
341	{
342	char *user_name = NULL;
343
344	if (!secrets_init()) {
345	d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
346	exit(1);
347	}
348
349	c->opt_password = secrets_fetch_machine_password(
350	c->opt_target_workgroup, NULL, NULL);
351	if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
352	return -1;
353	}
354	c->opt_user_name = user_name;
355	return 0;
356	}
357
358	/****************************************************************************
359	Use the machine account name and password for this session.
360	****************************************************************************/
361
362	int net_use_machine_account(struct net_context *c)
363	{
364	char *user_name = NULL;
365
366	if (!secrets_init()) {
367	d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
368	exit(1);
369	}
370
371	c->opt_password = secrets_fetch_machine_password(
372	c->opt_target_workgroup, NULL, NULL);
373	if (asprintf(&user_name, "%s$", global_myname()) == -1) {
374	return -1;
375	}
376	c->opt_user_name = user_name;
377	return 0;
378	}
379
380	bool net_find_server(struct net_context *c,
381	const char *domain,
382	unsigned flags,
383	struct sockaddr_storage *server_ss,
384	char **server_name)
385	{
386	const char *d = domain ? domain : c->opt_target_workgroup;
387
388	if (c->opt_host) {
389	*server_name = SMB_STRDUP(c->opt_host);
390	}
391
392	if (c->opt_have_ip) {
393	*server_ss = c->opt_dest_ip;
394	if (!*server_name) {
395	char addr[INET6_ADDRSTRLEN];
396	print_sockaddr(addr, sizeof(addr), &c->opt_dest_ip);
397	*server_name = SMB_STRDUP(addr);
398	}
399	} else if (*server_name) {
400	/* resolve the IP address */
401	if (!resolve_name(*server_name, server_ss, 0x20)) {
402	DEBUG(1,("Unable to resolve server name\n"));
403	return false;
404	}
405	} else if (flags & NET_FLAGS_PDC) {
406	fstring dc_name;
407	struct sockaddr_storage pdc_ss;
408
409	if (!get_pdc_ip(d, &pdc_ss)) {
410	DEBUG(1,("Unable to resolve PDC server address\n"));
411	return false;
412	}
413
414	if (is_zero_addr(&pdc_ss)) {
415	return false;
416	}
417
418	if (!name_status_find(d, 0x1b, 0x20, &pdc_ss, dc_name)) {
419	return false;
420	}
421
422	*server_name = SMB_STRDUP(dc_name);
423	*server_ss = pdc_ss;
424	} else if (flags & NET_FLAGS_DMB) {
425	struct sockaddr_storage msbrow_ss;
426	char addr[INET6_ADDRSTRLEN];
427
428	/* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
429	if (!resolve_name(d, &msbrow_ss, 0x1B)) {
430	DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
431	return false;
432	}
433	*server_ss = msbrow_ss;
434	print_sockaddr(addr, sizeof(addr), server_ss);
435	*server_name = SMB_STRDUP(addr);
436	} else if (flags & NET_FLAGS_MASTER) {
437	struct sockaddr_storage brow_ss;
438	char addr[INET6_ADDRSTRLEN];
439	if (!resolve_name(d, &brow_ss, 0x1D)) {
440	/* go looking for workgroups */
441	DEBUG(1,("Unable to resolve master browser via name lookup\n"));
442	return false;
443	}
444	*server_ss = brow_ss;
445	print_sockaddr(addr, sizeof(addr), server_ss);
446	*server_name = SMB_STRDUP(addr);
447	} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
448	if (!interpret_string_addr(server_ss,
449	"127.0.0.1", AI_NUMERICHOST)) {
450	DEBUG(1,("Unable to resolve 127.0.0.1\n"));
451	return false;
452	}
453	*server_name = SMB_STRDUP("127.0.0.1");
454	}
455
456	if (!*server_name) {
457	DEBUG(1,("no server to connect to\n"));
458	return false;
459	}
460
461	return true;
462	}
463
464	bool net_find_pdc(struct sockaddr_storage *server_ss,
465	fstring server_name,
466	const char *domain_name)
467	{
468	if (!get_pdc_ip(domain_name, server_ss)) {
469	return false;
470	}
471	if (is_zero_addr(server_ss)) {
472	return false;
473	}
474
475	if (!name_status_find(domain_name, 0x1b, 0x20, server_ss, server_name)) {
476	return false;
477	}
478
479	return true;
480	}
481
482	NTSTATUS net_make_ipc_connection(struct net_context *c, unsigned flags,
483	struct cli_state **pcli)
484	{
485	return net_make_ipc_connection_ex(c, c->opt_workgroup, NULL, NULL, flags, pcli);
486	}
487
488	NTSTATUS net_make_ipc_connection_ex(struct net_context c ,const char domain,
489	const char *server,
490	struct sockaddr_storage *pss,
491	unsigned flags, struct cli_state **pcli)
492	{
493	char *server_name = NULL;
494	struct sockaddr_storage server_ss;
495	struct cli_state *cli = NULL;
496	NTSTATUS nt_status;
497
498	if ( !server \|\| !pss ) {
499	if (!net_find_server(c, domain, flags, &server_ss,
500	&server_name)) {
501	d_fprintf(stderr, "Unable to find a suitable server "
502	"for domain %s\n", domain);
503	nt_status = NT_STATUS_UNSUCCESSFUL;
504	goto done;
505	}
506	} else {
507	server_name = SMB_STRDUP( server );
508	server_ss = *pss;
509	}
510
511	if (flags & NET_FLAGS_ANONYMOUS) {
512	nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
513	server_name);
514	} else {
515	nt_status = connect_to_ipc(c, &cli, &server_ss,
516	server_name);
517	}
518
519	/* store the server in the affinity cache if it was a PDC */
520
521	if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
522	saf_store( cli->server_domain, cli->desthost );
523
524	SAFE_FREE(server_name);
525	if (!NT_STATUS_IS_OK(nt_status)) {
526	d_fprintf(stderr, "Connection failed: %s\n",
527	nt_errstr(nt_status));
528	cli = NULL;
529	} else if (c->opt_request_timeout) {
530	cli_set_timeout(cli, c->opt_request_timeout * 1000);
531	}
532
533	done:
534	if (pcli != NULL) {
535	*pcli = cli;
536	}
537	return nt_status;
538	}
539
540	/****************************************************************************
541	****************************************************************************/
542
543	const char net_prompt_pass(struct net_context c, const char *user)
544	{
545	char *prompt = NULL;
546	const char *pass = NULL;
547
548	if (c->opt_password) {
549	return c->opt_password;
550	}
551
552	if (c->opt_machine_pass) {
553	return NULL;
554	}
555
556	if (c->opt_kerberos && !c->opt_user_specified) {
557	return NULL;
558	}
559
560	if (asprintf(&prompt, "Enter %s's password:", user) == -1) {
561	return NULL;
562	}
563
564	pass = getpass(prompt);
565	SAFE_FREE(prompt);
566
567	return pass;
568	}
569
570	int net_run_function(struct net_context c, int argc, const char *argv,
571	const char whoami, struct functable table)
572	{
573	int i;
574
575	if (argc != 0) {
576	for (i=0; table[i].funcname != NULL; i++) {
577	if (StrCaseCmp(argv[0], table[i].funcname) == 0)
578	return table[i].fn(c, argc-1, argv+1);
579	}
580	}
581
582	if (c->display_usage == false) {
583	d_fprintf(stderr, "Invalid command: %s %s\n", whoami,
584	(argc > 0)?argv[0]:"");
585	}
586	d_printf("Usage:\n");
587	for (i=0; table[i].funcname != NULL; i++) {
588	if(c->display_usage == false)
589	d_printf("%s %-15s %s\n", whoami, table[i].funcname,
590	table[i].description);
591	else
592	d_printf("%s\n", table[i].usage);
593	}
594
595	return c->display_usage?0:-1;
596	}
597
598	void net_display_usage_from_functable(struct functable *table)
599	{
600	int i;
601	for (i=0; table[i].funcname != NULL; i++) {
602	d_printf("%s\n", table[i].usage);
603	}
604	}
605
606	const char *net_share_type_str(int num_type)
607	{
608	switch(num_type) {
609	case 0: return "Disk";
610	case 1: return "Print";
611	case 2: return "Dev";
612	case 3: return "IPC";
613	default: return "Unknown";
614	}
615	}
616
617	NTSTATUS net_scan_dc(struct net_context *c,
618	struct cli_state *cli,
619	struct net_dc_info *dc_info)
620	{
621	TALLOC_CTX *mem_ctx = talloc_tos();
622	struct rpc_pipe_client *dssetup_pipe = NULL;
623	union dssetup_DsRoleInfo info;
624	NTSTATUS status;
625
626	ZERO_STRUCTP(dc_info);
627
628	status = cli_rpc_pipe_open_noauth(cli, &ndr_table_dssetup.syntax_id,
629	&dssetup_pipe);
630	if (!NT_STATUS_IS_OK(status)) {
631	return status;
632	}
633
634	status = rpccli_dssetup_DsRoleGetPrimaryDomainInformation(dssetup_pipe, mem_ctx,
635	DS_ROLE_BASIC_INFORMATION,
636	&info,
637	NULL);
638	TALLOC_FREE(dssetup_pipe);
639
640	if (!NT_STATUS_IS_OK(status)) {
641	return status;
642	}
643
644	dc_info->is_dc = (info.basic.role & (DS_ROLE_PRIMARY_DC\|DS_ROLE_BACKUP_DC));
645	dc_info->is_pdc = (info.basic.role & DS_ROLE_PRIMARY_DC);
646	dc_info->is_ad = (info.basic.flags & DS_ROLE_PRIMARY_DS_RUNNING);
647	dc_info->is_mixed_mode = (info.basic.flags & DS_ROLE_PRIMARY_DS_MIXED_MODE);
648	dc_info->netbios_domain_name = talloc_strdup(mem_ctx, info.basic.domain);
649	dc_info->dns_domain_name = talloc_strdup(mem_ctx, info.basic.dns_domain);
650	dc_info->forest_name = talloc_strdup(mem_ctx, info.basic.forest);
651
652	return NT_STATUS_OK;
653	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: