diff options
| author | Günther Deschner <gd@samba.org> | 2014-03-11 18:14:39 +0100 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2014-03-12 10:57:27 +0100 |
| commit | 9e01f3cbc4752539128e5452f567ff2e73c3ec9d (patch) | |
| tree | 698f323eaa2024bf0ba4bc0ba0a85a9b678cb988 /source3 | |
| parent | a8c2807a26d2f1ff094ed7ea5724c0394f79b888 (diff) | |
| download | samba-9e01f3cbc4752539128e5452f567ff2e73c3ec9d.tar.gz samba-9e01f3cbc4752539128e5452f567ff2e73c3ec9d.tar.xz samba-9e01f3cbc4752539128e5452f567ff2e73c3ec9d.zip | |
s3-net: modify the current "net ads kerberos pac" command.
Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow
dumping of individial pac buffer types. Ommitting type= or using type=0 will
dump the whole PAC structure on stdout.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/utils/net_ads.c | 115 |
1 files changed, 77 insertions, 38 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 19c28b12f7..f54cf235da 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2597,27 +2597,15 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char ** return ret; } -static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv) +static int net_ads_kerberos_pac_common(struct net_context *c, int argc, const char **argv, + struct PAC_DATA_CTR **pac_data_ctr) { - struct PAC_LOGON_INFO *info = NULL; - struct PAC_DATA *pac_data = NULL; - struct PAC_DATA_CTR *pac_data_ctr = NULL; - TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; int ret = -1; const char *impersonate_princ_s = NULL; const char *local_service = NULL; int i; - if (c->display_usage) { - d_printf( "%s\n" - "net ads kerberos pac [impersonation_principal]\n" - " %s\n", - _("Usage:"), - _("Dump the Kerberos PAC")); - return 0; - } - for (i=0; i<argc; i++) { if (strnequal(argv[i], "impersonate", strlen("impersonate"))) { impersonate_princ_s = get_string_param(argv[i]); @@ -2633,13 +2621,8 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar } } - mem_ctx = talloc_init("net_ads_kerberos_pac"); - if (!mem_ctx) { - goto out; - } - if (local_service == NULL) { - local_service = talloc_asprintf(mem_ctx, "%s$@%s", + local_service = talloc_asprintf(c, "%s$@%s", lp_netbios_name(), lp_realm()); if (local_service == NULL) { goto out; @@ -2648,7 +2631,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar c->opt_password = net_prompt_pass(c, c->opt_user_name); - status = kerberos_return_pac(mem_ctx, + status = kerberos_return_pac(c, c->opt_user_name, c->opt_password, 0, @@ -2660,39 +2643,95 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar 2592000, /* one month */ impersonate_princ_s, local_service, - &pac_data_ctr); + pac_data_ctr); if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to query kerberos PAC: %s\n"), nt_errstr(status)); goto out; } - pac_data = pac_data_ctr->pac_data; + ret = 0; + out: + return ret; +} - for (i=0; i < pac_data->num_buffers; i++) { +static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char **argv) +{ + struct PAC_DATA_CTR *pac_data_ctr = NULL; + int i; + int ret = -1; + enum PAC_TYPE type = 0; - if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) { - continue; + if (c->display_usage) { + d_printf( "%s\n" + "net ads kerberos pac dump [impersonate=string] [local_service=string] [pac_buffer_type=int]\n" + " %s\n", + _("Usage:"), + _("Dump the Kerberos PAC")); + return -1; + } + + for (i=0; i<argc; i++) { + if (strnequal(argv[i], "pac_buffer_type", strlen("pac_buffer_type"))) { + type = get_int_param(argv[i]); } + } - info = pac_data->buffers[i].info->logon_info.info; - if (!info) { - goto out; + ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr); + if (ret) { + return ret; + } + + if (type == 0) { + + char *s = NULL; + + s = NDR_PRINT_STRUCT_STRING(c, PAC_DATA, + pac_data_ctr->pac_data); + if (s != NULL) { + d_printf(_("The Pac: %s\n"), s); + talloc_free(s); } - break; + return 0; } - if (info) { - const char *s; - s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info); - d_printf(_("The Pac: %s\n"), s); + for (i=0; i < pac_data_ctr->pac_data->num_buffers; i++) { + + char *s = NULL; + + if (pac_data_ctr->pac_data->buffers[i].type != type) { + continue; + } + + s = NDR_PRINT_UNION_STRING(c, PAC_INFO, type, + pac_data_ctr->pac_data->buffers[i].info); + if (s != NULL) { + d_printf(_("The Pac: %s\n"), s); + talloc_free(s); + } + break; } - ret = 0; - out: - TALLOC_FREE(mem_ctx); - return ret; + return 0; +} + +static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv) +{ + struct functable func[] = { + { + "dump", + net_ads_kerberos_pac_dump, + NET_TRANSPORT_ADS, + N_("Dump Kerberos PAC"), + N_("net ads kerberos pac dump\n" + " Dump a Kerberos PAC to stdout") + }, + + {NULL, NULL, 0, NULL, NULL} + }; + + return net_run_function(c, argc, argv, "net ads kerberos pac", func); } static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv) |