mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
add support for DsEnumerateDomainTrusted for enumerating all the
trusted domains in a forest.
This commit is contained in:
parent
d57d9b99df
commit
c691c7f7d9
@ -28,6 +28,10 @@
|
||||
|
||||
#define DS_GETPRIMDOMINFO 0x00
|
||||
|
||||
/* Opcodes available on PIPE_NETLOGON */
|
||||
|
||||
#define DS_ENUM_DOM_TRUSTS 0x28
|
||||
|
||||
|
||||
/* macros for RPC's */
|
||||
|
||||
@ -85,7 +89,49 @@ typedef struct
|
||||
NTSTATUS status;
|
||||
} DS_R_GETPRIMDOMINFO;
|
||||
|
||||
typedef struct {
|
||||
/* static portion of structure */
|
||||
uint32 netbios_ptr;
|
||||
uint32 dns_ptr;
|
||||
uint32 flags;
|
||||
uint32 parent_index;
|
||||
uint32 trust_type;
|
||||
uint32 trust_attributes;
|
||||
uint32 sid_ptr;
|
||||
GUID guid;
|
||||
|
||||
UNISTR2 netbios_domain;
|
||||
UNISTR2 dns_domain;
|
||||
DOM_SID2 sid;
|
||||
|
||||
} DS_DOMAIN_TRUSTS;
|
||||
|
||||
typedef struct {
|
||||
|
||||
uint32 ptr;
|
||||
uint32 max_count;
|
||||
DS_DOMAIN_TRUSTS *trusts;
|
||||
|
||||
} DS_DOMAIN_TRUSTS_CTR;
|
||||
|
||||
/* DS_Q_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() request */
|
||||
typedef struct
|
||||
{
|
||||
uint32 server_ptr;
|
||||
UNISTR2 server;
|
||||
uint32 flags;
|
||||
|
||||
} DS_Q_ENUM_DOM_TRUSTS;
|
||||
|
||||
/* DS_R_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() response */
|
||||
typedef struct
|
||||
{
|
||||
uint32 num_domains;
|
||||
DS_DOMAIN_TRUSTS_CTR domains;
|
||||
|
||||
NTSTATUS status;
|
||||
|
||||
} DS_R_ENUM_DOM_TRUSTS;
|
||||
|
||||
|
||||
#endif /* _RPC_DS_H */
|
||||
|
@ -22,6 +22,10 @@
|
||||
|
||||
/* implementations of client side DsXXX() functions */
|
||||
|
||||
/********************************************************************
|
||||
Get information about the server and directory services
|
||||
********************************************************************/
|
||||
|
||||
NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
uint16 level, DS_DOMINFO_CTR *ctr)
|
||||
{
|
||||
@ -40,7 +44,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
|
||||
q.level = level;
|
||||
|
||||
if (!ds_io_q_getprimdominfo("", &q, &qbuf, 0)
|
||||
if (!ds_io_q_getprimdominfo("", &qbuf, 0, &q)
|
||||
|| !rpc_api_pipe_req(cli, DS_GETPRIMDOMINFO, &qbuf, &rbuf)) {
|
||||
result = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
@ -48,7 +52,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
|
||||
/* Unmarshall response */
|
||||
|
||||
if (!ds_io_r_getprimdominfo("", &r, &rbuf, 0)) {
|
||||
if (!ds_io_r_getprimdominfo("", &rbuf, 0, &r)) {
|
||||
result = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
}
|
||||
@ -71,3 +75,50 @@ done:
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
Enumerate trusted domains in an AD forest
|
||||
********************************************************************/
|
||||
|
||||
NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
const char *server, uint32 flags,
|
||||
DS_DOMAIN_TRUSTS **trusts, uint32 *num_domains)
|
||||
{
|
||||
prs_struct qbuf, rbuf;
|
||||
DS_Q_ENUM_DOM_TRUSTS q;
|
||||
DS_R_ENUM_DOM_TRUSTS r;
|
||||
NTSTATUS result;
|
||||
|
||||
ZERO_STRUCT(q);
|
||||
ZERO_STRUCT(r);
|
||||
|
||||
/* Initialise parse structures */
|
||||
|
||||
prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
|
||||
prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
|
||||
|
||||
init_q_ds_enum_domain_trusts( &q, server, flags );
|
||||
|
||||
if (!ds_io_q_enum_domain_trusts("", &qbuf, 0, &q)
|
||||
|| !rpc_api_pipe_req(cli, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) {
|
||||
result = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Unmarshall response */
|
||||
|
||||
if (!ds_io_r_enum_domain_trusts("", &rbuf, 0, &r)) {
|
||||
result = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
result = r.status;
|
||||
|
||||
done:
|
||||
prs_mem_free(&qbuf);
|
||||
prs_mem_free(&rbuf);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,7 +1,8 @@
|
||||
/*
|
||||
* Unix SMB/CIFS implementation.
|
||||
* RPC Pipe client / server routines
|
||||
* Copyright (C) Gerald Carter 2002
|
||||
|
||||
* Copyright (C) Gerald Carter 2002-2003
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -20,6 +21,9 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic)
|
||||
{
|
||||
DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
|
||||
@ -68,7 +72,10 @@ static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSR
|
||||
|
||||
}
|
||||
|
||||
BOOL ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_struct *ps, int depth)
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
BOOL ds_io_q_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_Q_GETPRIMDOMINFO *q_u)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "ds_io_q_getprimdominfo");
|
||||
depth++;
|
||||
@ -82,7 +89,10 @@ BOOL ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_str
|
||||
return True;
|
||||
}
|
||||
|
||||
BOOL ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_struct *ps, int depth)
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
BOOL ds_io_r_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_R_GETPRIMDOMINFO *r_u)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "ds_io_r_getprimdominfo");
|
||||
depth++;
|
||||
@ -120,3 +130,174 @@ BOOL ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_str
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
initialize a DS_ENUM_DOM_TRUSTS structure
|
||||
************************************************************************/
|
||||
|
||||
BOOL init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server,
|
||||
uint32 flags )
|
||||
{
|
||||
int len;
|
||||
|
||||
q->flags = flags;
|
||||
|
||||
if ( server && *server )
|
||||
q->server_ptr = 1;
|
||||
else
|
||||
q->server_ptr = 0;
|
||||
|
||||
len = q->server_ptr ? strlen(server)+1 : 0;
|
||||
|
||||
init_unistr2( &q->server, server, len );
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS *trust)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
|
||||
depth++;
|
||||
|
||||
if ( !prs_uint32( "netbios_ptr", ps, depth, &trust->netbios_ptr ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "dns_ptr", ps, depth, &trust->dns_ptr ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "flags", ps, depth, &trust->flags ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "parent_index", ps, depth, &trust->parent_index ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "trust_type", ps, depth, &trust->trust_type ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "trust_attributes", ps, depth, &trust->trust_attributes ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) )
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
static BOOL ds_io_dom_trusts_ctr( const char *desc, prs_struct *ps, int depth, DS_DOMAIN_TRUSTS_CTR *ctr)
|
||||
{
|
||||
int i;
|
||||
|
||||
prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
|
||||
depth++;
|
||||
|
||||
if ( !prs_uint32( "ptr", ps, depth, &ctr->ptr ) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "max_count", ps, depth, &ctr->max_count ) )
|
||||
return False;
|
||||
|
||||
/* are we done? */
|
||||
|
||||
if ( ctr->max_count == 0 )
|
||||
return True;
|
||||
|
||||
/* allocate the domain trusts array are parse it */
|
||||
|
||||
ctr->trusts = (DS_DOMAIN_TRUSTS*)talloc(ps->mem_ctx, sizeof(DS_DOMAIN_TRUSTS)*ctr->max_count);
|
||||
|
||||
if ( !ctr->trusts )
|
||||
return False;
|
||||
|
||||
/* this stinks; the static portion o fthe structure is read here and then
|
||||
we need another loop to read the UNISTR2's and SID's */
|
||||
|
||||
for ( i=0; i<ctr->max_count;i++ ) {
|
||||
if ( !ds_io_domain_trusts("domain_trusts", ps, depth, &ctr->trusts[i] ) )
|
||||
return False;
|
||||
}
|
||||
|
||||
for ( i=0; i<ctr->max_count; i++ ) {
|
||||
|
||||
if ( !smb_io_unistr2("netbios_domain", &ctr->trusts[i].netbios_domain, ctr->trusts[i].netbios_ptr, ps, depth) )
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if ( !smb_io_unistr2("dns_domain", &ctr->trusts[i].dns_domain, ctr->trusts[i].dns_ptr, ps, depth) )
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if ( ctr->trusts[i].sid_ptr ) {
|
||||
if ( !smb_io_dom_sid2("sid", &ctr->trusts[i].sid, ps, depth ) )
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
initialize a DS_ENUM_DOM_TRUSTS request
|
||||
************************************************************************/
|
||||
|
||||
BOOL ds_io_q_enum_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_Q_ENUM_DOM_TRUSTS *q_u)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "ds_io_q_enum_domain_trusts");
|
||||
depth++;
|
||||
|
||||
if ( !prs_align(ps) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "server_ptr", ps, depth, &q_u->server_ptr ) )
|
||||
return False;
|
||||
|
||||
if ( !smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth) )
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "flags", ps, depth, &q_u->flags ) )
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
************************************************************************/
|
||||
|
||||
BOOL ds_io_r_enum_domain_trusts( const char *desc, prs_struct *ps, int depth, DS_R_ENUM_DOM_TRUSTS *r_u)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "ds_io_r_enum_domain_trusts");
|
||||
depth++;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if ( !prs_uint32( "num_domains", ps, depth, &r_u->num_domains ) )
|
||||
return False;
|
||||
|
||||
if ( r_u->num_domains ) {
|
||||
if ( !ds_io_dom_trusts_ctr("domains", ps, depth, &r_u->domains ) )
|
||||
return False;
|
||||
}
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if ( !prs_ntstatus("status", ps, depth, &r_u->status ) )
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
|
@ -47,13 +47,29 @@ static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
static NTSTATUS cmd_ds_enum_domain_trusts(struct cli_state *cli,
|
||||
TALLOC_CTX *mem_ctx, int argc,
|
||||
const char **argv)
|
||||
{
|
||||
NTSTATUS result;
|
||||
uint32 flags = 0x1;
|
||||
DS_DOMAIN_TRUSTS *trusts = NULL;
|
||||
int num_domains = 0;
|
||||
|
||||
result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags,
|
||||
&trusts, &num_domains );
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/* List of commands exported by this module */
|
||||
|
||||
struct cmd_set ds_commands[] = {
|
||||
|
||||
{ "LSARPC-DS" },
|
||||
|
||||
{ "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
|
||||
{ "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
|
||||
{ "dsenumdomtrusts", RPC_RTYPE_NTSTATUS, cmd_ds_enum_domain_trusts, NULL, PI_NETLOGON, "Enumerate all trusted domains in an AD forest", "" },
|
||||
|
||||
{ NULL }
|
||||
};
|
||||
|
@ -519,7 +519,9 @@ static NTSTATUS do_cmd(struct cli_state *cli,
|
||||
}
|
||||
}
|
||||
|
||||
if ((cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
|
||||
/* some of the DsXXX commands use the netlogon pipe */
|
||||
|
||||
if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
|
||||
uint32 neg_flags = 0x000001ff;
|
||||
uint32 sec_channel_type;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user