2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
24 #include "utils/net.h"
26 static int net_mode_share;
31 * @brief RPC based subcommands for the 'net' utility.
33 * This file should contain much of the functionality that used to
34 * be found in rpcclient, execpt that the commands should change
35 * less often, and the fucntionality should be sane (the user is not
36 * expected to know a rid/sid before they conduct an operation etc.)
38 * @todo Perhaps eventually these should be split out into a number
39 * of files, as this could get quite big.
44 * Many of the RPC functions need the domain sid. This function gets
45 * it at the start of every run
47 * @param cli A cli_state already connected to the remote machine
49 * @return The Domain SID of the remote machine.
52 static DOM_SID *net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, char **domain_name)
54 struct rpc_pipe_client *lsa_pipe;
57 NTSTATUS result = NT_STATUS_OK;
58 uint32 info_class = 5;
60 lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
62 fprintf(stderr, "could not initialise lsa pipe\n");
66 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
67 SEC_RIGHTS_MAXIMUM_ALLOWED,
69 if (!NT_STATUS_IS_OK(result)) {
73 result = rpccli_lsa_query_info_policy(lsa_pipe, mem_ctx, &pol, info_class,
74 domain_name, &domain_sid);
75 if (!NT_STATUS_IS_OK(result)) {
77 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
79 if (!NT_STATUS_IS_OK(result)) {
80 fprintf(stderr, "error: %s\n", nt_errstr(result));
87 rpccli_lsa_close(lsa_pipe, mem_ctx, &pol);
88 cli_rpc_pipe_close(lsa_pipe);
95 * Run a single RPC command, from start to finish.
97 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
98 * @param conn_flag a NET_FLAG_ combination. Passed to
99 * net_make_ipc_connection.
100 * @param argc Standard main() style argc
101 * @param argc Standard main() style argv. Initial components are already
103 * @return A shell status integer (0 for success)
106 int run_rpc_command(struct cli_state *cli_arg,
113 struct cli_state *cli = NULL;
114 struct rpc_pipe_client *pipe_hnd = NULL;
120 /* make use of cli_state handed over as an argument, if possible */
122 cli = net_make_ipc_connection(conn_flags);
133 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
134 DEBUG(0, ("talloc_init() failed\n"));
139 domain_sid = net_get_remote_domain_sid(cli, mem_ctx, &domain_name);
141 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
142 if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
143 /* Always try and create an schannel netlogon pipe. */
144 pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
145 PIPE_AUTH_LEVEL_PRIVACY,
149 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
150 nt_errstr(nt_status) ));
155 pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
157 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
158 cli_get_pipe_name(pipe_idx),
159 nt_errstr(nt_status) ));
166 nt_status = fn(domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
168 if (!NT_STATUS_IS_OK(nt_status)) {
169 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
171 DEBUG(5, ("rpc command function succedded\n"));
174 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
176 cli_rpc_pipe_close(pipe_hnd);
180 /* close the connection only if it was opened here */
185 talloc_destroy(mem_ctx);
186 return (!NT_STATUS_IS_OK(nt_status));
190 * Force a change of the trust acccount password.
192 * All parameters are provided by the run_rpc_command function, except for
193 * argc, argv which are passes through.
195 * @param domain_sid The domain sid aquired from the remote server
196 * @param cli A cli_state connected to the server.
197 * @param mem_ctx Talloc context, destoyed on compleation of the function.
198 * @param argc Standard main() style argc
199 * @param argc Standard main() style argv. Initial components are already
202 * @return Normal NTSTATUS return.
205 static NTSTATUS rpc_changetrustpw_internals(const DOM_SID *domain_sid,
206 const char *domain_name,
207 struct cli_state *cli,
208 struct rpc_pipe_client *pipe_hnd,
214 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup);
218 * Force a change of the trust acccount password.
220 * @param argc Standard main() style argc
221 * @param argc Standard main() style argv. Initial components are already
224 * @return A shell status integer (0 for success)
227 int net_rpc_changetrustpw(int argc, const char **argv)
229 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
230 rpc_changetrustpw_internals,
235 * Join a domain, the old way.
237 * This uses 'machinename' as the inital password, and changes it.
239 * The password should be created with 'server manager' or equiv first.
241 * All parameters are provided by the run_rpc_command function, except for
242 * argc, argv which are passes through.
244 * @param domain_sid The domain sid aquired from the remote server
245 * @param cli A cli_state connected to the server.
246 * @param mem_ctx Talloc context, destoyed on compleation of the function.
247 * @param argc Standard main() style argc
248 * @param argc Standard main() style argv. Initial components are already
251 * @return Normal NTSTATUS return.
254 static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid,
255 const char *domain_name,
256 struct cli_state *cli,
257 struct rpc_pipe_client *pipe_hnd,
263 fstring trust_passwd;
264 unsigned char orig_trust_passwd_hash[16];
266 uint32 sec_channel_type;
268 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &result);
270 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
273 nt_errstr(result) ));
278 check what type of join - if the user want's to join as
279 a BDC, the server must agree that we are a BDC.
282 sec_channel_type = get_sec_channel_type(argv[0]);
284 sec_channel_type = get_sec_channel_type(NULL);
287 fstrcpy(trust_passwd, global_myname());
288 strlower_m(trust_passwd);
291 * Machine names can be 15 characters, but the max length on
292 * a password is 14. --jerry
295 trust_passwd[14] = '\0';
297 E_md4hash(trust_passwd, orig_trust_passwd_hash);
299 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup,
300 orig_trust_passwd_hash,
303 if (NT_STATUS_IS_OK(result))
304 printf("Joined domain %s.\n",opt_target_workgroup);
307 if (!secrets_store_domain_sid(opt_target_workgroup, domain_sid)) {
308 DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup));
309 result = NT_STATUS_UNSUCCESSFUL;
316 * Join a domain, the old way.
318 * @param argc Standard main() style argc
319 * @param argc Standard main() style argv. Initial components are already
322 * @return A shell status integer (0 for success)
325 static int net_rpc_perform_oldjoin(int argc, const char **argv)
327 return run_rpc_command(NULL, PI_NETLOGON,
328 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
329 rpc_oldjoin_internals,
334 * Join a domain, the old way. This function exists to allow
335 * the message to be displayed when oldjoin was explicitly
336 * requested, but not when it was implied by "net rpc join"
338 * @param argc Standard main() style argc
339 * @param argc Standard main() style argv. Initial components are already
342 * @return A shell status integer (0 for success)
345 static int net_rpc_oldjoin(int argc, const char **argv)
347 int rc = net_rpc_perform_oldjoin(argc, argv);
350 d_printf("Failed to join domain\n");
357 * Basic usage function for 'net rpc join'
358 * @param argc Standard main() style argc
359 * @param argc Standard main() style argv. Initial components are already
363 static int rpc_join_usage(int argc, const char **argv)
365 d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
366 "\t to join a domain with admin username & password\n"\
367 "\t\t password will be prompted if needed and none is specified\n"\
368 "\t <type> can be (default MEMBER)\n"\
369 "\t\t BDC - Join as a BDC\n"\
370 "\t\t PDC - Join as a PDC\n"\
371 "\t\t MEMBER - Join as a MEMBER server\n");
373 net_common_flags_usage(argc, argv);
378 * 'net rpc join' entrypoint.
379 * @param argc Standard main() style argc
380 * @param argc Standard main() style argv. Initial components are already
383 * Main 'net_rpc_join()' (where the admain username/password is used) is
385 * Try to just change the password, but if that doesn't work, use/prompt
386 * for a username/password.
389 int net_rpc_join(int argc, const char **argv)
391 if ((net_rpc_perform_oldjoin(argc, argv) == 0))
394 return net_rpc_join_newstyle(argc, argv);
398 * display info about a rpc domain
400 * All parameters are provided by the run_rpc_command function, except for
401 * argc, argv which are passed through.
403 * @param domain_sid The domain sid acquired from the remote server
404 * @param cli A cli_state connected to the server.
405 * @param mem_ctx Talloc context, destoyed on completion of the function.
406 * @param argc Standard main() style argc
407 * @param argv Standard main() style argv. Initial components are already
410 * @return Normal NTSTATUS return.
413 static NTSTATUS rpc_info_internals(const DOM_SID *domain_sid,
414 const char *domain_name,
415 struct cli_state *cli,
416 struct rpc_pipe_client *pipe_hnd,
421 POLICY_HND connect_pol, domain_pol;
422 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
426 sid_to_string(sid_str, domain_sid);
428 /* Get sam policy handle */
429 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
431 if (!NT_STATUS_IS_OK(result)) {
435 /* Get domain policy handle */
436 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
437 MAXIMUM_ALLOWED_ACCESS,
438 domain_sid, &domain_pol);
439 if (!NT_STATUS_IS_OK(result)) {
444 result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
446 if (NT_STATUS_IS_OK(result)) {
447 TALLOC_CTX *ctx = talloc_init("rpc_info_internals");
448 d_printf("Domain Name: %s\n", unistr2_tdup(ctx, &ctr.info.inf2.uni_domain));
449 d_printf("Domain SID: %s\n", sid_str);
450 d_printf("Sequence number: %u\n", ctr.info.inf2.seq_num.low);
451 d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs);
452 d_printf("Num domain groups: %u\n", ctr.info.inf2.num_domain_grps);
453 d_printf("Num local groups: %u\n", ctr.info.inf2.num_local_grps);
462 * 'net rpc info' entrypoint.
463 * @param argc Standard main() style argc
464 * @param argc Standard main() style argv. Initial components are already
468 int net_rpc_info(int argc, const char **argv)
470 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
476 * Fetch domain SID into the local secrets.tdb
478 * All parameters are provided by the run_rpc_command function, except for
479 * argc, argv which are passes through.
481 * @param domain_sid The domain sid acquired from the remote server
482 * @param cli A cli_state connected to the server.
483 * @param mem_ctx Talloc context, destoyed on completion of the function.
484 * @param argc Standard main() style argc
485 * @param argv Standard main() style argv. Initial components are already
488 * @return Normal NTSTATUS return.
491 static NTSTATUS rpc_getsid_internals(const DOM_SID *domain_sid,
492 const char *domain_name,
493 struct cli_state *cli,
494 struct rpc_pipe_client *pipe_hnd,
501 sid_to_string(sid_str, domain_sid);
502 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
503 sid_str, domain_name);
505 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
506 DEBUG(0,("Can't store domain SID\n"));
507 return NT_STATUS_UNSUCCESSFUL;
514 * 'net rpc getsid' entrypoint.
515 * @param argc Standard main() style argc
516 * @param argc Standard main() style argv. Initial components are already
520 int net_rpc_getsid(int argc, const char **argv)
522 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
523 rpc_getsid_internals,
527 /****************************************************************************/
530 * Basic usage function for 'net rpc user'
531 * @param argc Standard main() style argc.
532 * @param argv Standard main() style argv. Initial components are already
536 static int rpc_user_usage(int argc, const char **argv)
538 return net_help_user(argc, argv);
542 * Add a new user to a remote RPC server
544 * All parameters are provided by the run_rpc_command function, except for
545 * argc, argv which are passes through.
547 * @param domain_sid The domain sid acquired from the remote server
548 * @param cli A cli_state connected to the server.
549 * @param mem_ctx Talloc context, destoyed on completion of the function.
550 * @param argc Standard main() style argc
551 * @param argv Standard main() style argv. Initial components are already
554 * @return Normal NTSTATUS return.
557 static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
558 const char *domain_name,
559 struct cli_state *cli,
560 struct rpc_pipe_client *pipe_hnd,
562 int argc, const char **argv)
565 POLICY_HND connect_pol, domain_pol, user_pol;
566 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
567 const char *acct_name;
569 uint32 unknown, user_rid;
572 d_printf("User must be specified\n");
573 rpc_user_usage(argc, argv);
579 /* Get sam policy handle */
581 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
583 if (!NT_STATUS_IS_OK(result)) {
587 /* Get domain policy handle */
589 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
590 MAXIMUM_ALLOWED_ACCESS,
591 domain_sid, &domain_pol);
592 if (!NT_STATUS_IS_OK(result)) {
596 /* Create domain user */
598 acb_info = ACB_NORMAL;
599 unknown = 0xe005000b; /* No idea what this is - a permission mask? */
601 result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
602 acct_name, acb_info, unknown,
603 &user_pol, &user_rid);
604 if (!NT_STATUS_IS_OK(result)) {
609 if (!NT_STATUS_IS_OK(result)) {
610 d_printf("Failed to add user %s - %s\n", acct_name,
613 d_printf("Added user %s\n", acct_name);
619 * Add a new user to a remote RPC server
621 * @param argc Standard main() style argc
622 * @param argv Standard main() style argv. Initial components are already
625 * @return A shell status integer (0 for success)
628 static int rpc_user_add(int argc, const char **argv)
630 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_add_internals,
635 * Delete a user from a remote RPC server
637 * All parameters are provided by the run_rpc_command function, except for
638 * argc, argv which are passes through.
640 * @param domain_sid The domain sid acquired from the remote server
641 * @param cli A cli_state connected to the server.
642 * @param mem_ctx Talloc context, destoyed on completion of the function.
643 * @param argc Standard main() style argc
644 * @param argv Standard main() style argv. Initial components are already
647 * @return Normal NTSTATUS return.
650 static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
651 const char *domain_name,
652 struct cli_state *cli,
653 struct rpc_pipe_client *pipe_hnd,
658 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
659 POLICY_HND connect_pol, domain_pol, user_pol;
662 d_printf("User must be specified\n");
663 rpc_user_usage(argc, argv);
666 /* Get sam policy and domain handles */
668 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
671 if (!NT_STATUS_IS_OK(result)) {
675 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
676 MAXIMUM_ALLOWED_ACCESS,
677 domain_sid, &domain_pol);
679 if (!NT_STATUS_IS_OK(result)) {
683 /* Get handle on user */
686 uint32 *user_rids, num_rids, *name_types;
687 uint32 flags = 0x000003e8; /* Unknown */
689 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
691 &num_rids, &user_rids,
694 if (!NT_STATUS_IS_OK(result)) {
698 result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
699 MAXIMUM_ALLOWED_ACCESS,
700 user_rids[0], &user_pol);
702 if (!NT_STATUS_IS_OK(result)) {
709 result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
711 if (!NT_STATUS_IS_OK(result)) {
715 /* Display results */
716 if (!NT_STATUS_IS_OK(result)) {
717 d_printf("Failed to delete user account - %s\n", nt_errstr(result));
719 d_printf("Deleted user account\n");
727 * Rename a user on a remote RPC server
729 * All parameters are provided by the run_rpc_command function, except for
730 * argc, argv which are passes through.
732 * @param domain_sid The domain sid acquired from the remote server
733 * @param cli A cli_state connected to the server.
734 * @param mem_ctx Talloc context, destoyed on completion of the function.
735 * @param argc Standard main() style argc
736 * @param argv Standard main() style argv. Initial components are already
739 * @return Normal NTSTATUS return.
742 static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
743 const char *domain_name,
744 struct cli_state *cli,
745 struct rpc_pipe_client *pipe_hnd,
750 POLICY_HND connect_pol, domain_pol, user_pol;
751 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
752 uint32 info_level = 7;
753 const char *old_name, *new_name;
755 uint32 flags = 0x000003e8; /* Unknown */
756 uint32 num_rids, *name_types;
757 uint32 num_names = 1;
759 SAM_USERINFO_CTR *user_ctr;
760 SAM_USERINFO_CTR ctr;
761 SAM_USER_INFO_7 info7;
764 d_printf("Old and new username must be specified\n");
765 rpc_user_usage(argc, argv);
773 ZERO_STRUCT(user_ctr);
775 /* Get sam policy handle */
777 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
779 if (!NT_STATUS_IS_OK(result)) {
783 /* Get domain policy handle */
785 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
786 MAXIMUM_ALLOWED_ACCESS,
787 domain_sid, &domain_pol);
788 if (!NT_STATUS_IS_OK(result)) {
792 names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
794 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
795 flags, num_names, names,
796 &num_rids, &user_rid, &name_types);
797 if (!NT_STATUS_IS_OK(result)) {
801 /* Open domain user */
802 result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
803 MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol);
805 if (!NT_STATUS_IS_OK(result)) {
809 /* Query user info */
810 result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
811 info_level, &user_ctr);
813 if (!NT_STATUS_IS_OK(result)) {
817 ctr.switch_value = info_level;
818 ctr.info.id7 = &info7;
820 init_sam_user_info7(&info7, new_name);
823 result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol,
824 info_level, &cli->user_session_key, &ctr);
826 if (!NT_STATUS_IS_OK(result)) {
831 if (!NT_STATUS_IS_OK(result)) {
832 d_printf("Failed to rename user from %s to %s - %s\n", old_name, new_name,
835 d_printf("Renamed user from %s to %s\n", old_name, new_name);
841 * Rename a user on a remote RPC server
843 * @param argc Standard main() style argc
844 * @param argv Standard main() style argv. Initial components are already
847 * @return A shell status integer (0 for success)
850 static int rpc_user_rename(int argc, const char **argv)
852 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_rename_internals,
857 * Delete a user from a remote RPC server
859 * @param argc Standard main() style argc
860 * @param argv Standard main() style argv. Initial components are already
863 * @return A shell status integer (0 for success)
866 static int rpc_user_delete(int argc, const char **argv)
868 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_del_internals,
873 * Set a password for a user on a remote RPC server
875 * All parameters are provided by the run_rpc_command function, except for
876 * argc, argv which are passes through.
878 * @param domain_sid The domain sid acquired from the remote server
879 * @param cli A cli_state connected to the server.
880 * @param mem_ctx Talloc context, destoyed on completion of the function.
881 * @param argc Standard main() style argc
882 * @param argv Standard main() style argv. Initial components are already
885 * @return Normal NTSTATUS return.
888 static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
889 const char *domain_name,
890 struct cli_state *cli,
891 struct rpc_pipe_client *pipe_hnd,
896 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
897 POLICY_HND connect_pol, domain_pol, user_pol;
898 SAM_USERINFO_CTR ctr;
899 SAM_USER_INFO_24 p24;
902 const char *new_password;
906 d_printf("User must be specified\n");
907 rpc_user_usage(argc, argv);
914 new_password = argv[1];
916 asprintf(&prompt, "Enter new password for %s:", user);
917 new_password = getpass(prompt);
921 /* Get sam policy and domain handles */
923 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
926 if (!NT_STATUS_IS_OK(result)) {
930 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
931 MAXIMUM_ALLOWED_ACCESS,
932 domain_sid, &domain_pol);
934 if (!NT_STATUS_IS_OK(result)) {
938 /* Get handle on user */
941 uint32 *user_rids, num_rids, *name_types;
942 uint32 flags = 0x000003e8; /* Unknown */
944 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
946 &num_rids, &user_rids,
949 if (!NT_STATUS_IS_OK(result)) {
953 result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
954 MAXIMUM_ALLOWED_ACCESS,
955 user_rids[0], &user_pol);
957 if (!NT_STATUS_IS_OK(result)) {
962 /* Set password on account */
967 encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
969 init_sam_user_info24(&p24, (char *)pwbuf,24);
971 ctr.switch_value = 24;
972 ctr.info.id24 = &p24;
974 result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24,
975 &cli->user_session_key, &ctr);
977 if (!NT_STATUS_IS_OK(result)) {
981 /* Display results */
989 * Set a user's password on a remote RPC server
991 * @param argc Standard main() style argc
992 * @param argv Standard main() style argv. Initial components are already
995 * @return A shell status integer (0 for success)
998 static int rpc_user_password(int argc, const char **argv)
1000 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_password_internals,
1005 * List user's groups on a remote RPC server
1007 * All parameters are provided by the run_rpc_command function, except for
1008 * argc, argv which are passes through.
1010 * @param domain_sid The domain sid acquired from the remote server
1011 * @param cli A cli_state connected to the server.
1012 * @param mem_ctx Talloc context, destoyed on completion of the function.
1013 * @param argc Standard main() style argc
1014 * @param argv Standard main() style argv. Initial components are already
1017 * @return Normal NTSTATUS return.
1020 static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
1021 const char *domain_name,
1022 struct cli_state *cli,
1023 struct rpc_pipe_client *pipe_hnd,
1024 TALLOC_CTX *mem_ctx,
1028 POLICY_HND connect_pol, domain_pol, user_pol;
1029 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1030 uint32 *rids, num_rids, *name_types, num_names;
1031 uint32 flags = 0x000003e8; /* Unknown */
1037 d_printf("User must be specified\n");
1038 rpc_user_usage(argc, argv);
1039 return NT_STATUS_OK;
1041 /* Get sam policy handle */
1043 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1045 if (!NT_STATUS_IS_OK(result)) goto done;
1047 /* Get domain policy handle */
1049 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1050 MAXIMUM_ALLOWED_ACCESS,
1051 domain_sid, &domain_pol);
1052 if (!NT_STATUS_IS_OK(result)) goto done;
1054 /* Get handle on user */
1056 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
1058 &num_rids, &rids, &name_types);
1060 if (!NT_STATUS_IS_OK(result)) goto done;
1062 result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
1063 MAXIMUM_ALLOWED_ACCESS,
1064 rids[0], &user_pol);
1065 if (!NT_STATUS_IS_OK(result)) goto done;
1067 result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol,
1068 &num_rids, &user_gids);
1070 if (!NT_STATUS_IS_OK(result)) goto done;
1075 rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);
1077 for (i = 0; i < num_rids; i++)
1078 rids[i] = user_gids[i].g_rid;
1080 result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, &domain_pol,
1082 &num_names, &names, &name_types);
1084 if (!NT_STATUS_IS_OK(result)) {
1088 /* Display results */
1090 for (i = 0; i < num_names; i++)
1091 printf("%s\n", names[i]);
1098 * List a user's groups from a remote RPC server
1100 * @param argc Standard main() style argc
1101 * @param argv Standard main() style argv. Initial components are already
1104 * @return A shell status integer (0 for success)
1107 static int rpc_user_info(int argc, const char **argv)
1109 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
1114 * List users on a remote RPC server
1116 * All parameters are provided by the run_rpc_command function, except for
1117 * argc, argv which are passes through.
1119 * @param domain_sid The domain sid acquired from the remote server
1120 * @param cli A cli_state connected to the server.
1121 * @param mem_ctx Talloc context, destoyed on completion of the function.
1122 * @param argc Standard main() style argc
1123 * @param argv Standard main() style argv. Initial components are already
1126 * @return Normal NTSTATUS return.
1129 static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
1130 const char *domain_name,
1131 struct cli_state *cli,
1132 struct rpc_pipe_client *pipe_hnd,
1133 TALLOC_CTX *mem_ctx,
1137 POLICY_HND connect_pol, domain_pol;
1138 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1139 uint32 start_idx=0, num_entries, i, loop_count = 0;
1140 SAM_DISPINFO_CTR ctr;
1141 SAM_DISPINFO_1 info1;
1143 /* Get sam policy handle */
1145 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1147 if (!NT_STATUS_IS_OK(result)) {
1151 /* Get domain policy handle */
1153 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1154 MAXIMUM_ALLOWED_ACCESS,
1155 domain_sid, &domain_pol);
1156 if (!NT_STATUS_IS_OK(result)) {
1160 /* Query domain users */
1163 ctr.sam.info1 = &info1;
1164 if (opt_long_list_entries)
1165 d_printf("\nUser name Comment"\
1166 "\n-----------------------------\n");
1169 uint32 max_entries, max_size;
1171 get_query_dispinfo_params(
1172 loop_count, &max_entries, &max_size);
1174 result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
1175 &start_idx, 1, &num_entries,
1176 max_entries, max_size, &ctr);
1179 for (i = 0; i < num_entries; i++) {
1180 unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user)-1);
1181 if (opt_long_list_entries)
1182 unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)-1);
1184 if (opt_long_list_entries)
1185 printf("%-21.21s %s\n", user, desc);
1187 printf("%s\n", user);
1189 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1196 * 'net rpc user' entrypoint.
1197 * @param argc Standard main() style argc
1198 * @param argc Standard main() style argv. Initial components are already
1202 int net_rpc_user(int argc, const char **argv)
1204 struct functable func[] = {
1205 {"add", rpc_user_add},
1206 {"info", rpc_user_info},
1207 {"delete", rpc_user_delete},
1208 {"password", rpc_user_password},
1209 {"rename", rpc_user_rename},
1214 return run_rpc_command(NULL,PI_SAMR, 0,
1215 rpc_user_list_internals,
1219 return net_run_function(argc, argv, func, rpc_user_usage);
1222 /****************************************************************************/
1225 * Basic usage function for 'net rpc group'
1226 * @param argc Standard main() style argc.
1227 * @param argv Standard main() style argv. Initial components are already
1231 static int rpc_group_usage(int argc, const char **argv)
1233 return net_help_group(argc, argv);
1237 * Delete group on a remote RPC server
1239 * All parameters are provided by the run_rpc_command function, except for
1240 * argc, argv which are passes through.
1242 * @param domain_sid The domain sid acquired from the remote server
1243 * @param cli A cli_state connected to the server.
1244 * @param mem_ctx Talloc context, destoyed on completion of the function.
1245 * @param argc Standard main() style argc
1246 * @param argv Standard main() style argv. Initial components are already
1249 * @return Normal NTSTATUS return.
1252 static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
1253 const char *domain_name,
1254 struct cli_state *cli,
1255 struct rpc_pipe_client *pipe_hnd,
1256 TALLOC_CTX *mem_ctx,
1260 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1261 BOOL group_is_primary = False;
1262 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1264 uint32 *group_rids, num_rids, *name_types, num_members,
1265 *group_attrs, group_rid;
1266 uint32 flags = 0x000003e8; /* Unknown */
1269 /* DOM_GID *user_gids; */
1270 SAM_USERINFO_CTR *user_ctr;
1274 d_printf("specify group\n");
1275 rpc_group_usage(argc,argv);
1276 return NT_STATUS_OK; /* ok? */
1279 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1282 if (!NT_STATUS_IS_OK(result)) {
1283 d_printf("Request samr_connect failed\n");
1287 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1288 MAXIMUM_ALLOWED_ACCESS,
1289 domain_sid, &domain_pol);
1291 if (!NT_STATUS_IS_OK(result)) {
1292 d_printf("Request open_domain failed\n");
1296 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
1298 &num_rids, &group_rids,
1301 if (!NT_STATUS_IS_OK(result)) {
1302 d_printf("Lookup of '%s' failed\n",argv[0]);
1306 switch (name_types[0])
1308 case SID_NAME_DOM_GRP:
1309 result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
1310 MAXIMUM_ALLOWED_ACCESS,
1311 group_rids[0], &group_pol);
1312 if (!NT_STATUS_IS_OK(result)) {
1313 d_printf("Request open_group failed");
1317 group_rid = group_rids[0];
1319 result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
1320 &num_members, &group_rids,
1323 if (!NT_STATUS_IS_OK(result)) {
1324 d_printf("Unable to query group members of %s",argv[0]);
1329 d_printf("Domain Group %s (rid: %d) has %d members\n",
1330 argv[0],group_rid,num_members);
1333 /* Check if group is anyone's primary group */
1334 for (i = 0; i < num_members; i++)
1336 result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
1337 MAXIMUM_ALLOWED_ACCESS,
1338 group_rids[i], &user_pol);
1340 if (!NT_STATUS_IS_OK(result)) {
1341 d_printf("Unable to open group member %d\n",group_rids[i]);
1345 ZERO_STRUCT(user_ctr);
1347 result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
1350 if (!NT_STATUS_IS_OK(result)) {
1351 d_printf("Unable to lookup userinfo for group member %d\n",group_rids[i]);
1355 if (user_ctr->info.id21->group_rid == group_rid) {
1356 unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name,
1359 d_printf("Group is primary group of %s\n",temp);
1360 group_is_primary = True;
1363 rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
1366 if (group_is_primary) {
1367 d_printf("Unable to delete group because some of it's "
1368 "members have it as primary group\n");
1369 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1373 /* remove all group members */
1374 for (i = 0; i < num_members; i++)
1377 d_printf("Remove group member %d...",group_rids[i]);
1378 result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, group_rids[i]);
1380 if (NT_STATUS_IS_OK(result)) {
1385 d_printf("failed\n");
1390 result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol);
1393 /* removing a local group is easier... */
1394 case SID_NAME_ALIAS:
1395 result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
1396 MAXIMUM_ALLOWED_ACCESS,
1397 group_rids[0], &group_pol);
1399 if (!NT_STATUS_IS_OK(result)) {
1400 d_printf("Request open_alias failed\n");
1404 result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol);
1407 d_printf("%s is of type %s. This command is only for deleting local or global groups\n",
1408 argv[0],sid_type_lookup(name_types[0]));
1409 result = NT_STATUS_UNSUCCESSFUL;
1414 if (NT_STATUS_IS_OK(result)) {
1416 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types[0]),argv[0]);
1418 d_printf("Deleting of %s failed: %s\n",argv[0],
1419 get_friendly_nt_error_msg(result));
1427 static int rpc_group_delete(int argc, const char **argv)
1429 return run_rpc_command(NULL, PI_SAMR, 0, rpc_group_delete_internals,
1433 static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
1434 const char *domain_name,
1435 struct cli_state *cli,
1436 struct rpc_pipe_client *pipe_hnd,
1437 TALLOC_CTX *mem_ctx,
1441 POLICY_HND connect_pol, domain_pol, group_pol;
1442 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1443 GROUP_INFO_CTR group_info;
1446 d_printf("Group name must be specified\n");
1447 rpc_group_usage(argc, argv);
1448 return NT_STATUS_OK;
1451 /* Get sam policy handle */
1453 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1455 if (!NT_STATUS_IS_OK(result)) goto done;
1457 /* Get domain policy handle */
1459 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1460 MAXIMUM_ALLOWED_ACCESS,
1461 domain_sid, &domain_pol);
1462 if (!NT_STATUS_IS_OK(result)) goto done;
1464 /* Create the group */
1466 result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol,
1467 argv[0], MAXIMUM_ALLOWED_ACCESS,
1469 if (!NT_STATUS_IS_OK(result)) goto done;
1471 if (strlen(opt_comment) == 0) goto done;
1473 /* We've got a comment to set */
1475 group_info.switch_value1 = 4;
1476 init_samr_group_info4(&group_info.group.info4, opt_comment);
1478 result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &group_info);
1479 if (!NT_STATUS_IS_OK(result)) goto done;
1482 if (NT_STATUS_IS_OK(result))
1483 DEBUG(5, ("add group succeeded\n"));
1485 d_printf("add group failed: %s\n", nt_errstr(result));
1490 static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
1491 const char *domain_name,
1492 struct cli_state *cli,
1493 struct rpc_pipe_client *pipe_hnd,
1494 TALLOC_CTX *mem_ctx,
1498 POLICY_HND connect_pol, domain_pol, alias_pol;
1499 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1500 ALIAS_INFO_CTR alias_info;
1503 d_printf("Alias name must be specified\n");
1504 rpc_group_usage(argc, argv);
1505 return NT_STATUS_OK;
1508 /* Get sam policy handle */
1510 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1512 if (!NT_STATUS_IS_OK(result)) goto done;
1514 /* Get domain policy handle */
1516 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1517 MAXIMUM_ALLOWED_ACCESS,
1518 domain_sid, &domain_pol);
1519 if (!NT_STATUS_IS_OK(result)) goto done;
1521 /* Create the group */
1523 result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol,
1524 argv[0], &alias_pol);
1525 if (!NT_STATUS_IS_OK(result)) goto done;
1527 if (strlen(opt_comment) == 0) goto done;
1529 /* We've got a comment to set */
1531 alias_info.level = 3;
1532 init_samr_alias_info3(&alias_info.alias.info3, opt_comment);
1534 result = rpccli_samr_set_aliasinfo(pipe_hnd, mem_ctx, &alias_pol, &alias_info);
1535 if (!NT_STATUS_IS_OK(result)) goto done;
1538 if (NT_STATUS_IS_OK(result))
1539 DEBUG(5, ("add alias succeeded\n"));
1541 d_printf("add alias failed: %s\n", nt_errstr(result));
1546 static int rpc_group_add(int argc, const char **argv)
1549 return run_rpc_command(NULL, PI_SAMR, 0,
1550 rpc_alias_add_internals,
1553 return run_rpc_command(NULL, PI_SAMR, 0,
1554 rpc_group_add_internals,
1558 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1559 TALLOC_CTX *mem_ctx,
1562 enum SID_NAME_USE *type)
1564 DOM_SID *sids = NULL;
1565 uint32 *types = NULL;
1566 struct rpc_pipe_client *pipe_hnd;
1568 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1570 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
1575 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, False,
1576 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
1578 if (!NT_STATUS_IS_OK(result)) {
1582 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1583 &name, &sids, &types);
1585 if (NT_STATUS_IS_OK(result)) {
1586 sid_copy(sid, &sids[0]);
1590 rpccli_lsa_close(pipe_hnd, mem_ctx, &lsa_pol);
1594 cli_rpc_pipe_close(pipe_hnd);
1597 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1599 /* Try as S-1-5-whatever */
1603 if (string_to_sid(&tmp_sid, name)) {
1604 sid_copy(sid, &tmp_sid);
1605 *type = SID_NAME_UNKNOWN;
1606 result = NT_STATUS_OK;
1613 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1614 TALLOC_CTX *mem_ctx,
1615 const DOM_SID *group_sid,
1618 POLICY_HND connect_pol, domain_pol;
1621 POLICY_HND group_pol;
1624 uint32 *rids = NULL;
1625 uint32 *rid_types = NULL;
1629 sid_copy(&sid, group_sid);
1631 if (!sid_split_rid(&sid, &group_rid)) {
1632 return NT_STATUS_UNSUCCESSFUL;
1635 /* Get sam policy handle */
1636 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1638 if (!NT_STATUS_IS_OK(result)) {
1642 /* Get domain policy handle */
1643 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1644 MAXIMUM_ALLOWED_ACCESS,
1646 if (!NT_STATUS_IS_OK(result)) {
1650 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
1652 &num_rids, &rids, &rid_types);
1654 if (!NT_STATUS_IS_OK(result)) {
1655 d_printf("Could not lookup up group member %s\n", member);
1659 result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
1660 MAXIMUM_ALLOWED_ACCESS,
1661 group_rid, &group_pol);
1663 if (!NT_STATUS_IS_OK(result)) {
1667 result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
1670 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
1674 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
1675 TALLOC_CTX *mem_ctx,
1676 const DOM_SID *alias_sid,
1679 POLICY_HND connect_pol, domain_pol;
1682 POLICY_HND alias_pol;
1685 enum SID_NAME_USE member_type;
1689 sid_copy(&sid, alias_sid);
1691 if (!sid_split_rid(&sid, &alias_rid)) {
1692 return NT_STATUS_UNSUCCESSFUL;
1695 result = get_sid_from_name(pipe_hnd->cli, mem_ctx, member,
1696 &member_sid, &member_type);
1698 if (!NT_STATUS_IS_OK(result)) {
1699 d_printf("Could not lookup up group member %s\n", member);
1703 /* Get sam policy handle */
1704 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1706 if (!NT_STATUS_IS_OK(result)) {
1710 /* Get domain policy handle */
1711 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1712 MAXIMUM_ALLOWED_ACCESS,
1714 if (!NT_STATUS_IS_OK(result)) {
1718 result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
1719 MAXIMUM_ALLOWED_ACCESS,
1720 alias_rid, &alias_pol);
1722 if (!NT_STATUS_IS_OK(result)) {
1726 result = rpccli_samr_add_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
1728 if (!NT_STATUS_IS_OK(result)) {
1733 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
1737 static NTSTATUS rpc_group_addmem_internals(const DOM_SID *domain_sid,
1738 const char *domain_name,
1739 struct cli_state *cli,
1740 struct rpc_pipe_client *pipe_hnd,
1741 TALLOC_CTX *mem_ctx,
1746 enum SID_NAME_USE group_type;
1749 d_printf("Usage: 'net rpc group addmem <group> <member>\n");
1750 return NT_STATUS_UNSUCCESSFUL;
1753 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
1754 &group_sid, &group_type))) {
1755 d_printf("Could not lookup group name %s\n", argv[0]);
1756 return NT_STATUS_UNSUCCESSFUL;
1759 if (group_type == SID_NAME_DOM_GRP) {
1760 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
1761 &group_sid, argv[1]);
1763 if (!NT_STATUS_IS_OK(result)) {
1764 d_printf("Could not add %s to %s: %s\n",
1765 argv[1], argv[0], nt_errstr(result));
1770 if (group_type == SID_NAME_ALIAS) {
1771 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
1772 &group_sid, argv[1]);
1774 if (!NT_STATUS_IS_OK(result)) {
1775 d_printf("Could not add %s to %s: %s\n",
1776 argv[1], argv[0], nt_errstr(result));
1781 d_printf("Can only add members to global or local groups which "
1782 "%s is not\n", argv[0]);
1784 return NT_STATUS_UNSUCCESSFUL;
1787 static int rpc_group_addmem(int argc, const char **argv)
1789 return run_rpc_command(NULL, PI_SAMR, 0,
1790 rpc_group_addmem_internals,
1794 static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
1795 TALLOC_CTX *mem_ctx,
1796 const DOM_SID *group_sid,
1799 POLICY_HND connect_pol, domain_pol;
1802 POLICY_HND group_pol;
1805 uint32 *rids = NULL;
1806 uint32 *rid_types = NULL;
1810 sid_copy(&sid, group_sid);
1812 if (!sid_split_rid(&sid, &group_rid))
1813 return NT_STATUS_UNSUCCESSFUL;
1815 /* Get sam policy handle */
1816 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1818 if (!NT_STATUS_IS_OK(result))
1821 /* Get domain policy handle */
1822 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1823 MAXIMUM_ALLOWED_ACCESS,
1825 if (!NT_STATUS_IS_OK(result))
1828 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
1830 &num_rids, &rids, &rid_types);
1832 if (!NT_STATUS_IS_OK(result)) {
1833 d_printf("Could not lookup up group member %s\n", member);
1837 result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
1838 MAXIMUM_ALLOWED_ACCESS,
1839 group_rid, &group_pol);
1841 if (!NT_STATUS_IS_OK(result))
1844 result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
1847 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
1851 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
1852 TALLOC_CTX *mem_ctx,
1853 const DOM_SID *alias_sid,
1856 POLICY_HND connect_pol, domain_pol;
1859 POLICY_HND alias_pol;
1862 enum SID_NAME_USE member_type;
1866 sid_copy(&sid, alias_sid);
1868 if (!sid_split_rid(&sid, &alias_rid))
1869 return NT_STATUS_UNSUCCESSFUL;
1871 result = get_sid_from_name(pipe_hnd->cli, mem_ctx, member,
1872 &member_sid, &member_type);
1874 if (!NT_STATUS_IS_OK(result)) {
1875 d_printf("Could not lookup up group member %s\n", member);
1879 /* Get sam policy handle */
1880 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1882 if (!NT_STATUS_IS_OK(result)) {
1886 /* Get domain policy handle */
1887 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
1888 MAXIMUM_ALLOWED_ACCESS,
1890 if (!NT_STATUS_IS_OK(result)) {
1894 result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
1895 MAXIMUM_ALLOWED_ACCESS,
1896 alias_rid, &alias_pol);
1898 if (!NT_STATUS_IS_OK(result))
1901 result = rpccli_samr_del_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
1903 if (!NT_STATUS_IS_OK(result))
1907 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
1911 static NTSTATUS rpc_group_delmem_internals(const DOM_SID *domain_sid,
1912 const char *domain_name,
1913 struct cli_state *cli,
1914 struct rpc_pipe_client *pipe_hnd,
1915 TALLOC_CTX *mem_ctx,
1920 enum SID_NAME_USE group_type;
1923 d_printf("Usage: 'net rpc group delmem <group> <member>\n");
1924 return NT_STATUS_UNSUCCESSFUL;
1927 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
1928 &group_sid, &group_type))) {
1929 d_printf("Could not lookup group name %s\n", argv[0]);
1930 return NT_STATUS_UNSUCCESSFUL;
1933 if (group_type == SID_NAME_DOM_GRP) {
1934 NTSTATUS result = rpc_del_groupmem(pipe_hnd, mem_ctx,
1935 &group_sid, argv[1]);
1937 if (!NT_STATUS_IS_OK(result)) {
1938 d_printf("Could not del %s from %s: %s\n",
1939 argv[1], argv[0], nt_errstr(result));
1944 if (group_type == SID_NAME_ALIAS) {
1945 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
1946 &group_sid, argv[1]);
1948 if (!NT_STATUS_IS_OK(result)) {
1949 d_printf("Could not del %s from %s: %s\n",
1950 argv[1], argv[0], nt_errstr(result));
1955 d_printf("Can only delete members from global or local groups which "
1956 "%s is not\n", argv[0]);
1958 return NT_STATUS_UNSUCCESSFUL;
1961 static int rpc_group_delmem(int argc, const char **argv)
1963 return run_rpc_command(NULL, PI_SAMR, 0,
1964 rpc_group_delmem_internals,
1969 * List groups on a remote RPC server
1971 * All parameters are provided by the run_rpc_command function, except for
1972 * argc, argv which are passes through.
1974 * @param domain_sid The domain sid acquired from the remote server
1975 * @param cli A cli_state connected to the server.
1976 * @param mem_ctx Talloc context, destoyed on completion of the function.
1977 * @param argc Standard main() style argc
1978 * @param argv Standard main() style argv. Initial components are already
1981 * @return Normal NTSTATUS return.
1984 static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
1985 const char *domain_name,
1986 struct cli_state *cli,
1987 struct rpc_pipe_client *pipe_hnd,
1988 TALLOC_CTX *mem_ctx,
1992 POLICY_HND connect_pol, domain_pol;
1993 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1994 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
1995 struct acct_info *groups;
1996 BOOL global = False;
1998 BOOL builtin = False;
2006 for (i=0; i<argc; i++) {
2007 if (strequal(argv[i], "global"))
2010 if (strequal(argv[i], "local"))
2013 if (strequal(argv[i], "builtin"))
2017 /* Get sam policy handle */
2019 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2021 if (!NT_STATUS_IS_OK(result)) {
2025 /* Get domain policy handle */
2027 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
2028 MAXIMUM_ALLOWED_ACCESS,
2029 domain_sid, &domain_pol);
2030 if (!NT_STATUS_IS_OK(result)) {
2034 /* Query domain groups */
2035 if (opt_long_list_entries)
2036 d_printf("\nGroup name Comment"\
2037 "\n-----------------------------\n");
2039 SAM_DISPINFO_CTR ctr;
2040 SAM_DISPINFO_3 info3;
2045 ctr.sam.info3 = &info3;
2049 get_query_dispinfo_params(
2050 loop_count, &max_entries, &max_size);
2052 result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
2053 &start_idx, 3, &num_entries,
2054 max_entries, max_size, &ctr);
2056 if (!NT_STATUS_IS_OK(result) &&
2057 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2060 for (i = 0; i < num_entries; i++) {
2062 fstring group, desc;
2064 unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group)-1);
2065 unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc)-1);
2067 if (opt_long_list_entries)
2068 printf("%-21.21s %-50.50s\n",
2071 printf("%s\n", group);
2073 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2074 /* query domain aliases */
2079 /* The max_size field in cli_samr_enum_als_groups is more like
2080 * an account_control field with indiviual bits what to
2081 * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get
2082 * everything. I'm too lazy (sorry) to get this through to
2083 * rpc_parse/ etc. Volker */
2085 result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
2087 &groups, &num_entries);
2089 if (!NT_STATUS_IS_OK(result) &&
2090 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2093 for (i = 0; i < num_entries; i++) {
2095 char *description = NULL;
2097 if (opt_long_list_entries) {
2099 POLICY_HND alias_pol;
2102 if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
2107 (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
2110 (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
2112 description = unistr2_tdup(mem_ctx,
2113 ctr.alias.info3.description.string);
2117 if (description != NULL) {
2118 printf("%-21.21s %-50.50s\n",
2119 groups[i].acct_name,
2122 printf("%s\n", groups[i].acct_name);
2125 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2126 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
2127 /* Get builtin policy handle */
2129 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
2130 MAXIMUM_ALLOWED_ACCESS,
2131 &global_sid_Builtin, &domain_pol);
2132 if (!NT_STATUS_IS_OK(result)) {
2135 /* query builtin aliases */
2138 if (!builtin) break;
2140 result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
2141 &start_idx, max_entries,
2142 &groups, &num_entries);
2144 if (!NT_STATUS_IS_OK(result) &&
2145 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2148 for (i = 0; i < num_entries; i++) {
2150 char *description = NULL;
2152 if (opt_long_list_entries) {
2154 POLICY_HND alias_pol;
2157 if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
2162 (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
2165 (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
2167 description = unistr2_tdup(mem_ctx,
2168 ctr.alias.info3.description.string);
2172 if (description != NULL) {
2173 printf("%-21.21s %-50.50s\n",
2174 groups[i].acct_name,
2177 printf("%s\n", groups[i].acct_name);
2180 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2186 static int rpc_group_list(int argc, const char **argv)
2188 return run_rpc_command(NULL, PI_SAMR, 0,
2189 rpc_group_list_internals,
2193 static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
2194 TALLOC_CTX *mem_ctx,
2195 const char *domain_name,
2196 const DOM_SID *domain_sid,
2197 POLICY_HND *domain_pol,
2201 POLICY_HND group_pol;
2202 uint32 num_members, *group_rids, *group_attrs;
2209 sid_to_string(sid_str, domain_sid);
2211 result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,
2212 MAXIMUM_ALLOWED_ACCESS,
2215 if (!NT_STATUS_IS_OK(result))
2218 result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
2219 &num_members, &group_rids,
2222 if (!NT_STATUS_IS_OK(result))
2225 while (num_members > 0) {
2226 int this_time = 512;
2228 if (num_members < this_time)
2229 this_time = num_members;
2231 result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol,
2232 this_time, group_rids,
2233 &num_names, &names, &name_types);
2235 if (!NT_STATUS_IS_OK(result))
2238 /* We only have users as members, but make the output
2239 the same as the output of alias members */
2241 for (i = 0; i < this_time; i++) {
2243 if (opt_long_list_entries) {
2244 printf("%s-%d %s\\%s %d\n", sid_str,
2245 group_rids[i], domain_name, names[i],
2248 printf("%s\\%s\n", domain_name, names[i]);
2252 num_members -= this_time;
2256 return NT_STATUS_OK;
2259 static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
2260 TALLOC_CTX *mem_ctx,
2261 POLICY_HND *domain_pol,
2265 struct rpc_pipe_client *lsa_pipe;
2266 POLICY_HND alias_pol, lsa_pol;
2268 DOM_SID *alias_sids;
2274 result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,
2275 MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);
2277 if (!NT_STATUS_IS_OK(result))
2280 result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol,
2281 &num_members, &alias_sids);
2283 if (!NT_STATUS_IS_OK(result)) {
2284 d_printf("Couldn't list alias members\n");
2288 if (num_members == 0) {
2289 return NT_STATUS_OK;
2292 lsa_pipe = cli_rpc_pipe_open_noauth(pipe_hnd->cli, PI_LSARPC, &result);
2294 d_printf("Couldn't open LSA pipe. Error was %s\n",
2295 nt_errstr(result) );
2299 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
2300 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2302 if (!NT_STATUS_IS_OK(result)) {
2303 d_printf("Couldn't open LSA policy handle\n");
2304 cli_rpc_pipe_close(lsa_pipe);
2308 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
2310 &domains, &names, &types);
2312 if (!NT_STATUS_IS_OK(result) &&
2313 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2314 d_printf("Couldn't lookup SIDs\n");
2315 cli_rpc_pipe_close(lsa_pipe);
2319 for (i = 0; i < num_members; i++) {
2321 sid_to_string(sid_str, &alias_sids[i]);
2323 if (opt_long_list_entries) {
2324 printf("%s %s\\%s %d\n", sid_str,
2325 domains[i] ? domains[i] : "*unknown*",
2326 names[i] ? names[i] : "*unknown*", types[i]);
2329 printf("%s\\%s\n", domains[i], names[i]);
2331 printf("%s\n", sid_str);
2335 cli_rpc_pipe_close(lsa_pipe);
2336 return NT_STATUS_OK;
2339 static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
2340 const char *domain_name,
2341 struct cli_state *cli,
2342 struct rpc_pipe_client *pipe_hnd,
2343 TALLOC_CTX *mem_ctx,
2348 POLICY_HND connect_pol, domain_pol;
2349 uint32 num_rids, *rids, *rid_types;
2351 /* Get sam policy handle */
2353 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2356 if (!NT_STATUS_IS_OK(result))
2359 /* Get domain policy handle */
2361 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
2362 MAXIMUM_ALLOWED_ACCESS,
2363 domain_sid, &domain_pol);
2365 if (!NT_STATUS_IS_OK(result))
2368 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
2369 1, argv, &num_rids, &rids, &rid_types);
2371 if (!NT_STATUS_IS_OK(result)) {
2373 /* Ok, did not find it in the global sam, try with builtin */
2375 DOM_SID sid_Builtin;
2377 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
2379 string_to_sid(&sid_Builtin, "S-1-5-32");
2381 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
2382 MAXIMUM_ALLOWED_ACCESS,
2383 &sid_Builtin, &domain_pol);
2385 if (!NT_STATUS_IS_OK(result)) {
2386 d_printf("Couldn't find group %s\n", argv[0]);
2390 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
2394 if (!NT_STATUS_IS_OK(result)) {
2395 d_printf("Couldn't find group %s\n", argv[0]);
2400 if (num_rids != 1) {
2401 d_printf("Couldn't find group %s\n", argv[0]);
2405 if (rid_types[0] == SID_NAME_DOM_GRP) {
2406 return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
2407 domain_sid, &domain_pol,
2411 if (rid_types[0] == SID_NAME_ALIAS) {
2412 return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
2416 return NT_STATUS_NO_SUCH_GROUP;
2419 static int rpc_group_members(int argc, const char **argv)
2422 return rpc_group_usage(argc, argv);
2425 return run_rpc_command(NULL, PI_SAMR, 0,
2426 rpc_group_members_internals,
2430 static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
2431 const char *domain_name,
2432 struct cli_state *cli,
2433 struct rpc_pipe_client *pipe_hnd,
2434 TALLOC_CTX *mem_ctx,
2439 POLICY_HND connect_pol, domain_pol, group_pol;
2440 uint32 num_rids, *rids, *rid_types;
2444 d_printf("Usage: 'net rpc group rename group newname'\n");
2445 return NT_STATUS_UNSUCCESSFUL;
2448 /* Get sam policy handle */
2450 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2453 if (!NT_STATUS_IS_OK(result))
2456 /* Get domain policy handle */
2458 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
2459 MAXIMUM_ALLOWED_ACCESS,
2460 domain_sid, &domain_pol);
2462 if (!NT_STATUS_IS_OK(result))
2465 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
2466 1, argv, &num_rids, &rids, &rid_types);
2468 if (num_rids != 1) {
2469 d_printf("Couldn't find group %s\n", argv[0]);
2473 if (rid_types[0] != SID_NAME_DOM_GRP) {
2474 d_printf("Can only rename domain groups\n");
2475 return NT_STATUS_UNSUCCESSFUL;
2478 result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
2479 MAXIMUM_ALLOWED_ACCESS,
2480 rids[0], &group_pol);
2482 if (!NT_STATUS_IS_OK(result))
2487 ctr.switch_value1 = 2;
2488 init_samr_group_info2(&ctr.group.info2, argv[1]);
2490 result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr);
2492 if (!NT_STATUS_IS_OK(result))
2495 return NT_STATUS_NO_SUCH_GROUP;
2498 static int rpc_group_rename(int argc, const char **argv)
2501 return rpc_group_usage(argc, argv);
2504 return run_rpc_command(NULL, PI_SAMR, 0,
2505 rpc_group_rename_internals,
2510 * 'net rpc group' entrypoint.
2511 * @param argc Standard main() style argc
2512 * @param argc Standard main() style argv. Initial components are already
2516 int net_rpc_group(int argc, const char **argv)
2518 struct functable func[] = {
2519 {"add", rpc_group_add},
2520 {"delete", rpc_group_delete},
2521 {"addmem", rpc_group_addmem},
2522 {"delmem", rpc_group_delmem},
2523 {"list", rpc_group_list},
2524 {"members", rpc_group_members},
2525 {"rename", rpc_group_rename},
2530 return run_rpc_command(NULL, PI_SAMR, 0,
2531 rpc_group_list_internals,
2535 return net_run_function(argc, argv, func, rpc_group_usage);
2538 /****************************************************************************/
2540 static int rpc_share_usage(int argc, const char **argv)
2542 return net_help_share(argc, argv);
2546 * Add a share on a remote RPC server
2548 * All parameters are provided by the run_rpc_command function, except for
2549 * argc, argv which are passes through.
2551 * @param domain_sid The domain sid acquired from the remote server
2552 * @param cli A cli_state connected to the server.
2553 * @param mem_ctx Talloc context, destoyed on completion of the function.
2554 * @param argc Standard main() style argc
2555 * @param argv Standard main() style argv. Initial components are already
2558 * @return Normal NTSTATUS return.
2560 static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid,
2561 const char *domain_name,
2562 struct cli_state *cli,
2563 struct rpc_pipe_client *pipe_hnd,
2564 TALLOC_CTX *mem_ctx,int argc,
2568 char *sharename=talloc_strdup(mem_ctx, argv[0]);
2570 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
2571 uint32 num_users=0, perms=0;
2572 char *password=NULL; /* don't allow a share password */
2575 path = strchr(sharename, '=');
2577 return NT_STATUS_UNSUCCESSFUL;
2580 result = rpccli_srvsvc_net_share_add(pipe_hnd, mem_ctx, sharename, type,
2581 opt_comment, perms, opt_maxusers,
2582 num_users, path, password,
2584 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
2587 static int rpc_share_add(int argc, const char **argv)
2589 if ((argc < 1) || !strchr(argv[0], '=')) {
2590 DEBUG(1,("Sharename or path not specified on add\n"));
2591 return rpc_share_usage(argc, argv);
2593 return run_rpc_command(NULL, PI_SRVSVC, 0,
2594 rpc_share_add_internals,
2599 * Delete a share on a remote RPC server
2601 * All parameters are provided by the run_rpc_command function, except for
2602 * argc, argv which are passes through.
2604 * @param domain_sid The domain sid acquired from the remote server
2605 * @param cli A cli_state connected to the server.
2606 * @param mem_ctx Talloc context, destoyed on completion of the function.
2607 * @param argc Standard main() style argc
2608 * @param argv Standard main() style argv. Initial components are already
2611 * @return Normal NTSTATUS return.
2613 static NTSTATUS rpc_share_del_internals(const DOM_SID *domain_sid,
2614 const char *domain_name,
2615 struct cli_state *cli,
2616 struct rpc_pipe_client *pipe_hnd,
2617 TALLOC_CTX *mem_ctx,
2623 result = rpccli_srvsvc_net_share_del(pipe_hnd, mem_ctx, argv[0]);
2624 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
2628 * Delete a share on a remote RPC server
2630 * @param domain_sid The domain sid acquired from the remote server
2631 * @param argc Standard main() style argc
2632 * @param argv Standard main() style argv. Initial components are already
2635 * @return A shell status integer (0 for success)
2637 static int rpc_share_delete(int argc, const char **argv)
2640 DEBUG(1,("Sharename not specified on delete\n"));
2641 return rpc_share_usage(argc, argv);
2643 return run_rpc_command(NULL, PI_SRVSVC, 0,
2644 rpc_share_del_internals,
2649 * Formatted print of share info
2651 * @param info1 pointer to SRV_SHARE_INFO_1 to format
2654 static void display_share_info_1(SRV_SHARE_INFO_1 *info1)
2656 fstring netname = "", remark = "";
2658 rpcstr_pull_unistr2_fstring(netname, &info1->info_1_str.uni_netname);
2659 rpcstr_pull_unistr2_fstring(remark, &info1->info_1_str.uni_remark);
2661 if (opt_long_list_entries) {
2662 d_printf("%-12s %-8.8s %-50s\n",
2663 netname, share_type[info1->info_1.type], remark);
2665 d_printf("%s\n", netname);
2670 static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
2671 TALLOC_CTX *mem_ctx,
2675 SRV_SHARE_INFO_CTR *ctr)
2678 SRV_SHARE_INFO info;
2680 /* no specific share requested, enumerate all */
2684 uint32 preferred_len = 0xffffffff;
2686 init_enum_hnd(&hnd, 0);
2688 return rpccli_srvsvc_net_share_enum(pipe_hnd, mem_ctx, level, ctr,
2689 preferred_len, &hnd);
2692 /* request just one share */
2693 result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, argv[0], level, &info);
2695 if (!W_ERROR_IS_OK(result))
2701 ctr->info_level = ctr->switch_value = level;
2702 ctr->ptr_share_info = ctr->ptr_entries = 1;
2703 ctr->num_entries = ctr->num_entries2 = 1;
2709 SRV_SHARE_INFO_1 *info1;
2711 ctr->share.info1 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_1, 1);
2712 info1 = ctr->share.info1;
2714 memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1));
2716 /* Copy pointer crap */
2718 memcpy(&info1->info_1, &info.share.info1.info_1, sizeof(SH_INFO_1));
2720 /* Duplicate strings */
2722 s = unistr2_tdup(mem_ctx, &info.share.info1.info_1_str.uni_netname);
2724 init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE);
2726 s = unistr2_tdup(mem_ctx, &info.share.info1.info_1_str.uni_remark);
2728 init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE);
2733 SRV_SHARE_INFO_2 *info2;
2735 ctr->share.info2 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_2, 1);
2736 info2 = ctr->share.info2;
2738 memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2));
2740 /* Copy pointer crap */
2742 memcpy(&info2->info_2, &info.share.info2.info_2, sizeof(SH_INFO_2));
2744 /* Duplicate strings */
2746 s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_netname);
2748 init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE);
2750 s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_remark);
2752 init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE);
2754 s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_path);
2756 init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE);
2758 s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_passwd);
2760 init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE);
2765 SRV_SHARE_INFO_502 *info502;
2767 ctr->share.info502 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_502, 1);
2768 info502 = ctr->share.info502;
2770 memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502));
2772 /* Copy pointer crap */
2774 memcpy(&info502->info_502, &info.share.info502.info_502, sizeof(SH_INFO_502));
2776 /* Duplicate strings */
2778 s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_netname);
2780 init_unistr2(&info502->info_502_str.uni_netname, s, UNI_STR_TERMINATE);
2782 s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_remark);
2784 init_unistr2(&info502->info_502_str.uni_remark, s, UNI_STR_TERMINATE);
2786 s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_path);
2788 init_unistr2(&info502->info_502_str.uni_path, s, UNI_STR_TERMINATE);
2790 s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_passwd);
2792 init_unistr2(&info502->info_502_str.uni_passwd, s, UNI_STR_TERMINATE);
2794 info502->info_502_str.sd = dup_sec_desc(mem_ctx, info.share.info502.info_502_str.sd);
2805 * List shares on a remote RPC server
2807 * All parameters are provided by the run_rpc_command function, except for
2808 * argc, argv which are passes through.
2810 * @param domain_sid The domain sid acquired from the remote server
2811 * @param cli A cli_state connected to the server.
2812 * @param mem_ctx Talloc context, destoyed on completion of the function.
2813 * @param argc Standard main() style argc
2814 * @param argv Standard main() style argv. Initial components are already
2817 * @return Normal NTSTATUS return.
2820 static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid,
2821 const char *domain_name,
2822 struct cli_state *cli,
2823 struct rpc_pipe_client *pipe_hnd,
2824 TALLOC_CTX *mem_ctx,
2828 SRV_SHARE_INFO_CTR ctr;
2830 uint32 i, level = 1;
2832 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr);
2833 if (!W_ERROR_IS_OK(result))
2836 /* Display results */
2838 if (opt_long_list_entries) {
2840 "\nEnumerating shared resources (exports) on remote server:\n\n"\
2841 "\nShare name Type Description\n"\
2842 "---------- ---- -----------\n");
2844 for (i = 0; i < ctr.num_entries; i++)
2845 display_share_info_1(&ctr.share.info1[i]);
2847 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
2851 * 'net rpc share list' entrypoint.
2852 * @param argc Standard main() style argc
2853 * @param argv Standard main() style argv. Initial components are already
2856 static int rpc_share_list(int argc, const char **argv)
2858 return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_list_internals, argc, argv);
2861 static BOOL check_share_availability(struct cli_state *cli, const char *netname)
2863 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
2864 d_printf("skipping [%s]: not a file share.\n", netname);
2874 static BOOL check_share_sanity(struct cli_state *cli, fstring netname, uint32 type)
2876 /* only support disk shares */
2877 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
2878 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
2882 /* skip builtin shares */
2883 /* FIXME: should print$ be added too ? */
2884 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
2885 strequal(netname,"global"))
2888 if (opt_exclude && in_list(netname, opt_exclude, False)) {
2889 printf("excluding [%s]\n", netname);
2893 return check_share_availability(cli, netname);
2897 * Migrate shares from a remote RPC server to the local RPC srever
2899 * All parameters are provided by the run_rpc_command function, except for
2900 * argc, argv which are passes through.
2902 * @param domain_sid The domain sid acquired from the remote server
2903 * @param cli A cli_state connected to the server.
2904 * @param mem_ctx Talloc context, destoyed on completion of the function.
2905 * @param argc Standard main() style argc
2906 * @param argv Standard main() style argv. Initial components are already
2909 * @return Normal NTSTATUS return.
2912 static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid,
2913 const char *domain_name,
2914 struct cli_state *cli,
2915 struct rpc_pipe_client *pipe_hnd,
2916 TALLOC_CTX *mem_ctx,
2921 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
2922 SRV_SHARE_INFO_CTR ctr_src;
2923 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
2924 char *password = NULL; /* don't allow a share password */
2926 struct rpc_pipe_client *srvsvc_pipe = NULL;
2927 struct cli_state *cli_dst = NULL;
2928 uint32 level = 502; /* includes secdesc */
2930 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
2931 if (!W_ERROR_IS_OK(result))
2934 /* connect destination PI_SRVSVC */
2935 nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
2936 if (!NT_STATUS_IS_OK(nt_status))
2940 for (i = 0; i < ctr_src.num_entries; i++) {
2942 fstring netname = "", remark = "", path = "";
2943 /* reset error-code */
2944 nt_status = NT_STATUS_UNSUCCESSFUL;
2946 rpcstr_pull_unistr2_fstring(
2947 netname, &ctr_src.share.info502[i].info_502_str.uni_netname);
2948 rpcstr_pull_unistr2_fstring(
2949 remark, &ctr_src.share.info502[i].info_502_str.uni_remark);
2950 rpcstr_pull_unistr2_fstring(
2951 path, &ctr_src.share.info502[i].info_502_str.uni_path);
2953 if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type))
2956 /* finally add the share on the dst server */
2958 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
2959 netname, path, remark);
2961 result = rpccli_srvsvc_net_share_add(srvsvc_pipe, mem_ctx, netname, type, remark,
2962 ctr_src.share.info502[i].info_502.perms,
2963 ctr_src.share.info502[i].info_502.max_uses,
2964 ctr_src.share.info502[i].info_502.num_uses,
2965 path, password, level,
2968 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
2969 printf(" [%s] does already exist\n", netname);
2973 if (!W_ERROR_IS_OK(result)) {
2974 printf("cannot add share: %s\n", dos_errstr(result));
2980 nt_status = NT_STATUS_OK;
2984 cli_shutdown(cli_dst);
2992 * Migrate shares from a rpc-server to another
2994 * @param argc Standard main() style argc
2995 * @param argv Standard main() style argv. Initial components are already
2998 * @return A shell status integer (0 for success)
3000 static int rpc_share_migrate_shares(int argc, const char **argv)
3004 printf("no server to migrate\n");
3008 return run_rpc_command(NULL, PI_SRVSVC, 0,
3009 rpc_share_migrate_shares_internals,
3016 * @param f file_info
3017 * @param mask current search mask
3018 * @param state arg-pointer
3021 static void copy_fn(const char *mnt, file_info *f, const char *mask, void *state)
3023 static NTSTATUS nt_status;
3024 static struct copy_clistate *local_state;
3025 static fstring filename, new_mask;
3029 local_state = (struct copy_clistate *)state;
3030 nt_status = NT_STATUS_UNSUCCESSFUL;
3032 if (strequal(f->name, ".") || strequal(f->name, ".."))
3035 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3038 if (f->mode & aDIR) {
3040 DEBUG(3,("got dir: %s\n", f->name));
3042 fstrcpy(dir, local_state->cwd);
3044 fstrcat(dir, f->name);
3046 switch (net_mode_share)
3048 case NET_MODE_SHARE_MIGRATE:
3049 /* create that directory */
3050 nt_status = net_copy_file(local_state->mem_ctx,
3051 local_state->cli_share_src,
3052 local_state->cli_share_dst,
3054 opt_acls? True : False,
3055 opt_attrs? True : False,
3056 opt_timestamps? True : False,
3060 d_printf("Unsupported mode %d\n", net_mode_share);
3064 if (!NT_STATUS_IS_OK(nt_status))
3065 printf("could not handle dir %s: %s\n",
3066 dir, nt_errstr(nt_status));
3068 /* search below that directory */
3069 fstrcpy(new_mask, dir);
3070 fstrcat(new_mask, "\\*");
3072 old_dir = local_state->cwd;
3073 local_state->cwd = dir;
3074 if (!sync_files(local_state, new_mask))
3075 printf("could not handle files\n");
3076 local_state->cwd = old_dir;
3083 fstrcpy(filename, local_state->cwd);
3084 fstrcat(filename, "\\");
3085 fstrcat(filename, f->name);
3087 DEBUG(3,("got file: %s\n", filename));
3089 switch (net_mode_share)
3091 case NET_MODE_SHARE_MIGRATE:
3092 nt_status = net_copy_file(local_state->mem_ctx,
3093 local_state->cli_share_src,
3094 local_state->cli_share_dst,
3096 opt_acls? True : False,
3097 opt_attrs? True : False,
3098 opt_timestamps? True: False,
3102 d_printf("Unsupported file mode %d\n", net_mode_share);
3106 if (!NT_STATUS_IS_OK(nt_status))
3107 printf("could not handle file %s: %s\n",
3108 filename, nt_errstr(nt_status));
3113 * sync files, can be called recursivly to list files
3114 * and then call copy_fn for each file
3116 * @param cp_clistate pointer to the copy_clistate we work with
3117 * @param mask the current search mask
3119 * @return Boolean result
3121 BOOL sync_files(struct copy_clistate *cp_clistate, pstring mask)
3124 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3126 if (cli_list(cp_clistate->cli_share_src, mask, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3127 d_printf("listing %s failed with error: %s\n",
3128 mask, cli_errstr(cp_clistate->cli_share_src));
3137 * Set the top level directory permissions before we do any further copies.
3138 * Should set up ACL inheritance.
3141 BOOL copy_top_level_perms(struct copy_clistate *cp_clistate,
3142 const char *sharename)
3144 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3146 switch (net_mode_share) {
3147 case NET_MODE_SHARE_MIGRATE:
3148 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3149 nt_status = net_copy_fileattr(cp_clistate->mem_ctx,
3150 cp_clistate->cli_share_src,
3151 cp_clistate->cli_share_dst,
3153 opt_acls? True : False,
3154 opt_attrs? True : False,
3155 opt_timestamps? True: False,
3159 d_printf("Unsupported mode %d\n", net_mode_share);
3163 if (!NT_STATUS_IS_OK(nt_status)) {
3164 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3165 sharename, nt_errstr(nt_status));
3173 * Sync all files inside a remote share to another share (over smb)
3175 * All parameters are provided by the run_rpc_command function, except for
3176 * argc, argv which are passes through.
3178 * @param domain_sid The domain sid acquired from the remote server
3179 * @param cli A cli_state connected to the server.
3180 * @param mem_ctx Talloc context, destoyed on completion of the function.
3181 * @param argc Standard main() style argc
3182 * @param argv Standard main() style argv. Initial components are already
3185 * @return Normal NTSTATUS return.
3188 static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid,
3189 const char *domain_name,
3190 struct cli_state *cli,
3191 struct rpc_pipe_client *pipe_hnd,
3192 TALLOC_CTX *mem_ctx,
3197 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3198 SRV_SHARE_INFO_CTR ctr_src;
3201 struct copy_clistate cp_clistate;
3202 BOOL got_src_share = False;
3203 BOOL got_dst_share = False;
3204 pstring mask = "\\*";
3207 dst = SMB_STRDUP(opt_destination?opt_destination:"127.0.0.1");
3209 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3211 if (!W_ERROR_IS_OK(result))
3214 for (i = 0; i < ctr_src.num_entries; i++) {
3216 fstring netname = "";
3218 rpcstr_pull_unistr2_fstring(
3219 netname, &ctr_src.share.info502[i].info_502_str.uni_netname);
3221 if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type))
3224 /* one might not want to mirror whole discs :) */
3225 if (strequal(netname, "print$") || netname[1] == '$') {
3226 d_printf("skipping [%s]: builtin/hidden share\n", netname);
3230 switch (net_mode_share)
3232 case NET_MODE_SHARE_MIGRATE:
3236 d_printf("Unsupported mode %d\n", net_mode_share);
3239 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3241 opt_acls ? "including" : "without",
3242 opt_attrs ? "including" : "without",
3243 opt_timestamps ? "(preserving timestamps)" : "");
3245 cp_clistate.mem_ctx = mem_ctx;
3246 cp_clistate.cli_share_src = NULL;
3247 cp_clistate.cli_share_dst = NULL;
3248 cp_clistate.cwd = NULL;
3249 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3251 /* open share source */
3252 nt_status = connect_to_service(&cp_clistate.cli_share_src,
3253 &cli->dest_ip, cli->desthost,
3255 if (!NT_STATUS_IS_OK(nt_status))
3258 got_src_share = True;
3260 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3261 /* open share destination */
3262 nt_status = connect_to_service(&cp_clistate.cli_share_dst,
3263 NULL, dst, netname, "A:");
3264 if (!NT_STATUS_IS_OK(nt_status))
3267 got_dst_share = True;
3270 if (!copy_top_level_perms(&cp_clistate, netname)) {
3271 d_printf("Could not handle the top level directory permissions for the share: %s\n", netname);
3272 nt_status = NT_STATUS_UNSUCCESSFUL;
3276 if (!sync_files(&cp_clistate, mask)) {
3277 d_printf("could not handle files for share: %s\n", netname);
3278 nt_status = NT_STATUS_UNSUCCESSFUL;
3283 nt_status = NT_STATUS_OK;
3288 cli_shutdown(cp_clistate.cli_share_src);
3291 cli_shutdown(cp_clistate.cli_share_dst);
3297 static int rpc_share_migrate_files(int argc, const char **argv)
3301 printf("no server to migrate\n");
3305 return run_rpc_command(NULL, PI_SRVSVC, 0,
3306 rpc_share_migrate_files_internals,
3311 * Migrate share-ACLs from a remote RPC server to the local RPC srever
3313 * All parameters are provided by the run_rpc_command function, except for
3314 * argc, argv which are passes through.
3316 * @param domain_sid The domain sid acquired from the remote server
3317 * @param cli A cli_state connected to the server.
3318 * @param mem_ctx Talloc context, destoyed on completion of the function.
3319 * @param argc Standard main() style argc
3320 * @param argv Standard main() style argv. Initial components are already
3323 * @return Normal NTSTATUS return.
3326 static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid,
3327 const char *domain_name,
3328 struct cli_state *cli,
3329 struct rpc_pipe_client *pipe_hnd,
3330 TALLOC_CTX *mem_ctx,
3335 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3336 SRV_SHARE_INFO_CTR ctr_src;
3337 SRV_SHARE_INFO info;
3339 struct rpc_pipe_client *srvsvc_pipe = NULL;
3340 struct cli_state *cli_dst = NULL;
3341 uint32 level = 502; /* includes secdesc */
3343 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3345 if (!W_ERROR_IS_OK(result))
3348 /* connect destination PI_SRVSVC */
3349 nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
3350 if (!NT_STATUS_IS_OK(nt_status))
3354 for (i = 0; i < ctr_src.num_entries; i++) {
3356 fstring netname = "", remark = "", path = "";
3357 /* reset error-code */
3358 nt_status = NT_STATUS_UNSUCCESSFUL;
3360 rpcstr_pull_unistr2_fstring(
3361 netname, &ctr_src.share.info502[i].info_502_str.uni_netname);
3362 rpcstr_pull_unistr2_fstring(
3363 remark, &ctr_src.share.info502[i].info_502_str.uni_remark);
3364 rpcstr_pull_unistr2_fstring(
3365 path, &ctr_src.share.info502[i].info_502_str.uni_path);
3367 if (!check_share_sanity(cli, netname, ctr_src.share.info502[i].info_502.type))
3370 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3371 netname, path, remark);
3374 display_sec_desc(ctr_src.share.info502[i].info_502_str.sd);
3379 info.switch_value = level;
3380 info.ptr_share_ctr = 1;
3382 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3383 info.share.info502 = ctr_src.share.info502[i];
3385 /* finally modify the share on the dst server */
3386 result = rpccli_srvsvc_net_share_set_info(srvsvc_pipe, mem_ctx, netname, level, &info);
3388 if (!W_ERROR_IS_OK(result)) {
3389 printf("cannot set share-acl: %s\n", dos_errstr(result));
3395 nt_status = NT_STATUS_OK;
3399 cli_shutdown(cli_dst);
3407 * Migrate share-acls from a rpc-server to another
3409 * @param argc Standard main() style argc
3410 * @param argv Standard main() style argv. Initial components are already
3413 * @return A shell status integer (0 for success)
3415 static int rpc_share_migrate_security(int argc, const char **argv)
3419 printf("no server to migrate\n");
3423 return run_rpc_command(NULL, PI_SRVSVC, 0,
3424 rpc_share_migrate_security_internals,
3429 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
3430 * from one server to another
3432 * @param argc Standard main() style argc
3433 * @param argv Standard main() style argv. Initial components are already
3436 * @return A shell status integer (0 for success)
3439 static int rpc_share_migrate_all(int argc, const char **argv)
3444 printf("no server to migrate\n");
3448 /* order is important. we don't want to be locked out by the share-acl
3449 * before copying files - gd */
3451 ret = run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_shares_internals, argc, argv);
3455 ret = run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_files_internals, argc, argv);
3459 return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_security_internals, argc, argv);
3464 * 'net rpc share migrate' entrypoint.
3465 * @param argc Standard main() style argc
3466 * @param argv Standard main() style argv. Initial components are already
3469 static int rpc_share_migrate(int argc, const char **argv)
3472 struct functable func[] = {
3473 {"all", rpc_share_migrate_all},
3474 {"files", rpc_share_migrate_files},
3475 {"help", rpc_share_usage},
3476 {"security", rpc_share_migrate_security},
3477 {"shares", rpc_share_migrate_shares},
3481 net_mode_share = NET_MODE_SHARE_MIGRATE;
3483 return net_run_function(argc, argv, func, rpc_share_usage);
3492 static int num_server_aliases;
3493 static struct full_alias *server_aliases;
3496 * Add an alias to the static list.
3498 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
3500 if (server_aliases == NULL)
3501 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
3503 server_aliases[num_server_aliases] = *alias;
3504 num_server_aliases += 1;
3508 * For a specific domain on the server, fetch all the aliases
3509 * and their members. Add all of them to the server_aliases.
3512 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
3513 TALLOC_CTX *mem_ctx,
3514 POLICY_HND *connect_pol,
3515 const DOM_SID *domain_sid)
3517 uint32 start_idx, max_entries, num_entries, i;
3518 struct acct_info *groups;
3520 POLICY_HND domain_pol;
3522 /* Get domain policy handle */
3524 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol,
3525 MAXIMUM_ALLOWED_ACCESS,
3526 domain_sid, &domain_pol);
3527 if (!NT_STATUS_IS_OK(result))
3534 result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
3535 &start_idx, max_entries,
3536 &groups, &num_entries);
3538 for (i = 0; i < num_entries; i++) {
3540 POLICY_HND alias_pol;
3541 struct full_alias alias;
3545 result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
3546 MAXIMUM_ALLOWED_ACCESS,
3549 if (!NT_STATUS_IS_OK(result))
3552 result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx,
3556 if (!NT_STATUS_IS_OK(result))
3559 result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol);
3560 if (!NT_STATUS_IS_OK(result))
3563 alias.members = NULL;
3565 if (alias.num_members > 0) {
3566 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
3568 for (j = 0; j < alias.num_members; j++)
3569 sid_copy(&alias.members[j],
3573 sid_copy(&alias.sid, domain_sid);
3574 sid_append_rid(&alias.sid, groups[i].rid);
3576 push_alias(mem_ctx, &alias);
3578 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
3580 result = NT_STATUS_OK;
3583 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
3589 * Dump server_aliases as names for debugging purposes.
3592 static NTSTATUS rpc_aliaslist_dump(const DOM_SID *domain_sid,
3593 const char *domain_name,
3594 struct cli_state *cli,
3595 struct rpc_pipe_client *pipe_hnd,
3596 TALLOC_CTX *mem_ctx,
3604 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
3605 SEC_RIGHTS_MAXIMUM_ALLOWED,
3607 if (!NT_STATUS_IS_OK(result))
3610 for (i=0; i<num_server_aliases; i++) {
3616 struct full_alias *alias = &server_aliases[i];
3618 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
3620 &domains, &names, &types);
3621 if (!NT_STATUS_IS_OK(result))
3624 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
3626 if (alias->num_members == 0) {
3631 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
3634 &domains, &names, &types);
3636 if (!NT_STATUS_IS_OK(result) &&
3637 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
3640 for (j=0; j<alias->num_members; j++)
3641 DEBUG(1, ("%s\\%s (%d); ",
3642 domains[j] ? domains[j] : "*unknown*",
3643 names[j] ? names[j] : "*unknown*",types[j]));
3647 rpccli_lsa_close(pipe_hnd, mem_ctx, &lsa_pol);
3649 return NT_STATUS_OK;
3653 * Fetch a list of all server aliases and their members into
3657 static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid,
3658 const char *domain_name,
3659 struct cli_state *cli,
3660 struct rpc_pipe_client *pipe_hnd,
3661 TALLOC_CTX *mem_ctx,
3666 POLICY_HND connect_pol;
3668 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
3671 if (!NT_STATUS_IS_OK(result))
3674 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
3675 &global_sid_Builtin);
3677 if (!NT_STATUS_IS_OK(result))
3680 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
3683 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
3688 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
3690 token->num_sids = 4;
3692 token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4);
3694 token->user_sids[0] = *user_sid;
3695 sid_copy(&token->user_sids[1], &global_sid_World);
3696 sid_copy(&token->user_sids[2], &global_sid_Network);
3697 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
3700 static void free_user_token(NT_USER_TOKEN *token)
3702 SAFE_FREE(token->user_sids);
3705 static BOOL is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
3709 for (i=0; i<token->num_sids; i++) {
3710 if (sid_compare(sid, &token->user_sids[i]) == 0)
3716 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
3718 if (is_sid_in_token(token, sid))
3721 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
3723 sid_copy(&token->user_sids[token->num_sids], sid);
3725 token->num_sids += 1;
3730 NT_USER_TOKEN token;
3733 static void dump_user_token(struct user_token *token)
3737 d_printf("%s\n", token->name);
3739 for (i=0; i<token->token.num_sids; i++) {
3740 d_printf(" %s\n", sid_string_static(&token->token.user_sids[i]));
3744 static BOOL is_alias_member(DOM_SID *sid, struct full_alias *alias)
3748 for (i=0; i<alias->num_members; i++) {
3749 if (sid_compare(sid, &alias->members[i]) == 0)
3756 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
3760 for (i=0; i<num_server_aliases; i++) {
3761 if (is_alias_member(&sid, &server_aliases[i]))
3762 add_sid_to_token(token, &server_aliases[i].sid);
3767 * We got a user token with all the SIDs we can know about without asking the
3768 * server directly. These are the user and domain group sids. All of these can
3769 * be members of aliases. So scan the list of aliases for each of the SIDs and
3770 * add them to the token.
3773 static void collect_alias_memberships(NT_USER_TOKEN *token)
3775 int num_global_sids = token->num_sids;
3778 for (i=0; i<num_global_sids; i++) {
3779 collect_sid_memberships(token, token->user_sids[i]);
3783 static BOOL get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
3785 struct winbindd_request request;
3786 struct winbindd_response response;
3794 fstr_sprintf(full_name, "%s%c%s",
3795 domain, *lp_winbind_separator(), user);
3797 /* First let's find out the user sid */
3799 ZERO_STRUCT(request);
3800 ZERO_STRUCT(response);
3802 fstrcpy(request.data.name.dom_name, domain);
3803 fstrcpy(request.data.name.name, user);
3805 result = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
3807 if (result != NSS_STATUS_SUCCESS) {
3808 DEBUG(1, ("winbind could not find %s\n", full_name));
3812 if (response.data.sid.type != SID_NAME_USER) {
3813 DEBUG(1, ("%s is not a user\n", full_name));
3817 string_to_sid(&user_sid, response.data.sid.sid);
3819 init_user_token(token, &user_sid);
3821 /* And now the groups winbind knows about */
3823 ZERO_STRUCT(response);
3825 fstrcpy(request.data.username, full_name);
3827 result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
3829 if (result != NSS_STATUS_SUCCESS) {
3830 DEBUG(1, ("winbind could not get groups of %s\n", full_name));
3834 for (i = 0; i < response.data.num_entries; i++) {
3835 gid_t gid = ((gid_t *)response.extra_data)[i];
3838 struct winbindd_request sidrequest;
3839 struct winbindd_response sidresponse;
3841 ZERO_STRUCT(sidrequest);
3842 ZERO_STRUCT(sidresponse);
3844 sidrequest.data.gid = gid;
3846 result = winbindd_request_response(WINBINDD_GID_TO_SID,
3847 &sidrequest, &sidresponse);
3849 if (result != NSS_STATUS_SUCCESS) {
3850 DEBUG(1, ("winbind could not find SID of gid %d\n",
3855 DEBUG(3, (" %s\n", sidresponse.data.sid.sid));
3857 string_to_sid(&sid, sidresponse.data.sid.sid);
3858 add_sid_to_token(token, &sid);
3861 SAFE_FREE(response.extra_data);
3867 * Get a list of all user tokens we want to look at
3870 static BOOL get_user_tokens(int *num_tokens, struct user_token **user_tokens)
3872 struct winbindd_request request;
3873 struct winbindd_response response;
3874 const char *extra_data;
3877 struct user_token *result;
3879 if (lp_winbind_use_default_domain() &&
3880 (opt_target_workgroup == NULL)) {
3881 d_printf("winbind use default domain = yes set, please "
3882 "specify a workgroup\n");
3886 /* Send request to winbind daemon */
3888 ZERO_STRUCT(request);
3889 ZERO_STRUCT(response);
3891 if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
3895 /* Look through extra data */
3897 if (!response.extra_data)
3900 extra_data = (const char *)response.extra_data;
3903 while(next_token(&extra_data, name, ",", sizeof(fstring))) {
3907 result = SMB_MALLOC_ARRAY(struct user_token, *num_tokens);
3909 if (result == NULL) {
3910 DEBUG(1, ("Could not malloc sid array\n"));
3914 extra_data = (const char *)response.extra_data;
3917 while(next_token(&extra_data, name, ",", sizeof(fstring))) {
3919 fstring domain, user;
3922 fstrcpy(result[i].name, name);
3924 p = strchr(name, *lp_winbind_separator());
3926 DEBUG(3, ("%s\n", name));
3929 fstrcpy(domain, opt_target_workgroup);
3930 fstrcpy(user, name);
3933 fstrcpy(domain, name);
3938 get_user_sids(domain, user, &(result[i].token));
3942 SAFE_FREE(response.extra_data);
3944 *user_tokens = result;
3949 static BOOL get_user_tokens_from_file(FILE *f,
3951 struct user_token **tokens)
3953 struct user_token *token = NULL;
3958 if (fgets(line, sizeof(line)-1, f) == NULL) {
3962 if (line[strlen(line)-1] == '\n')
3963 line[strlen(line)-1] = '\0';
3965 if (line[0] == ' ') {
3969 string_to_sid(&sid, &line[1]);
3971 if (token == NULL) {
3972 DEBUG(0, ("File does not begin with username"));
3976 add_sid_to_token(&token->token, &sid);
3980 /* And a new user... */
3983 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
3984 if (*tokens == NULL) {
3985 DEBUG(0, ("Could not realloc tokens\n"));
3989 token = &((*tokens)[*num_tokens-1]);
3991 fstrcpy(token->name, line);
3992 token->token.num_sids = 0;
3993 token->token.user_sids = NULL;
4002 * Show the list of all users that have access to a share
4005 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4006 TALLOC_CTX *mem_ctx,
4007 const char *netname,
4009 struct user_token *tokens)
4012 SEC_DESC *share_sd = NULL;
4013 SEC_DESC *root_sd = NULL;
4014 struct cli_state *cli = pipe_hnd->cli;
4016 SRV_SHARE_INFO info;
4020 result = rpccli_srvsvc_net_share_get_info(pipe_hnd, mem_ctx, netname,
4023 if (!W_ERROR_IS_OK(result)) {
4024 DEBUG(1, ("Coult not query secdesc for share %s\n",
4029 share_sd = info.share.info502.info_502_str.sd;
4030 if (share_sd == NULL) {
4031 DEBUG(1, ("Got no secdesc for share %s\n",
4037 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4041 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4044 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4047 for (i=0; i<num_tokens; i++) {
4051 if (share_sd != NULL) {
4052 if (!se_access_check(share_sd, &tokens[i].token,
4053 1, &acc_granted, &status)) {
4054 DEBUG(1, ("Could not check share_sd for "
4060 if (!NT_STATUS_IS_OK(status))
4064 if (root_sd == NULL) {
4065 d_printf(" %s\n", tokens[i].name);
4069 if (!se_access_check(root_sd, &tokens[i].token,
4070 1, &acc_granted, &status)) {
4071 DEBUG(1, ("Could not check root_sd for user %s\n",
4076 if (!NT_STATUS_IS_OK(status))
4079 d_printf(" %s\n", tokens[i].name);
4083 cli_close(cli, fnum);
4095 static void collect_share(const char *name, uint32 m,
4096 const char *comment, void *state)
4098 struct share_list *share_list = (struct share_list *)state;
4100 if (m != STYPE_DISKTREE)
4103 share_list->num_shares += 1;
4104 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4105 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4108 static void rpc_share_userlist_usage(void)
4114 * List shares on a remote RPC server, including the security descriptors
4116 * All parameters are provided by the run_rpc_command function, except for
4117 * argc, argv which are passes through.
4119 * @param domain_sid The domain sid acquired from the remote server
4120 * @param cli A cli_state connected to the server.
4121 * @param mem_ctx Talloc context, destoyed on completion of the function.
4122 * @param argc Standard main() style argc
4123 * @param argv Standard main() style argv. Initial components are already
4126 * @return Normal NTSTATUS return.
4129 static NTSTATUS rpc_share_allowedusers_internals(const DOM_SID *domain_sid,
4130 const char *domain_name,
4131 struct cli_state *cli,
4132 struct rpc_pipe_client *pipe_hnd,
4133 TALLOC_CTX *mem_ctx,
4143 struct user_token *tokens = NULL;
4146 struct share_list share_list;
4149 rpc_share_userlist_usage();
4150 return NT_STATUS_UNSUCCESSFUL;
4156 f = fopen(argv[0], "r");
4160 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4161 return NT_STATUS_UNSUCCESSFUL;
4164 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4170 DEBUG(0, ("Could not read users from file\n"));
4171 return NT_STATUS_UNSUCCESSFUL;
4174 for (i=0; i<num_tokens; i++)
4175 collect_alias_memberships(&tokens[i].token);
4177 init_enum_hnd(&hnd, 0);
4179 share_list.num_shares = 0;
4180 share_list.shares = NULL;
4182 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4185 DEBUG(0, ("Error returning browse list: %s\n",
4190 for (i = 0; i < share_list.num_shares; i++) {
4191 char *netname = share_list.shares[i];
4193 if (netname[strlen(netname)-1] == '$')
4196 d_printf("%s\n", netname);
4198 show_userlist(pipe_hnd, mem_ctx, netname,
4199 num_tokens, tokens);
4202 for (i=0; i<num_tokens; i++) {
4203 free_user_token(&tokens[i].token);
4206 SAFE_FREE(share_list.shares);
4208 return NT_STATUS_OK;
4211 static int rpc_share_allowedusers(int argc, const char **argv)
4215 result = run_rpc_command(NULL, PI_SAMR, 0,
4216 rpc_aliaslist_internals,
4221 result = run_rpc_command(NULL, PI_LSARPC, 0,
4227 return run_rpc_command(NULL, PI_SRVSVC, 0,
4228 rpc_share_allowedusers_internals,
4232 int net_usersidlist(int argc, const char **argv)
4235 struct user_token *tokens = NULL;
4239 net_usersidlist_usage(argc, argv);
4243 if (!get_user_tokens(&num_tokens, &tokens)) {
4244 DEBUG(0, ("Could not get the user/sid list\n"));
4248 for (i=0; i<num_tokens; i++) {
4249 dump_user_token(&tokens[i]);
4250 free_user_token(&tokens[i].token);
4257 int net_usersidlist_usage(int argc, const char **argv)
4259 d_printf("net usersidlist\n"
4260 "\tprints out a list of all users the running winbind knows\n"
4261 "\tabout, together with all their SIDs. This is used as\n"
4262 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4264 net_common_flags_usage(argc, argv);
4269 * 'net rpc share' entrypoint.
4270 * @param argc Standard main() style argc
4271 * @param argv Standard main() style argv. Initial components are already
4275 int net_rpc_share(int argc, const char **argv)
4277 struct functable func[] = {
4278 {"add", rpc_share_add},
4279 {"delete", rpc_share_delete},
4280 {"allowedusers", rpc_share_allowedusers},
4281 {"migrate", rpc_share_migrate},
4282 {"list", rpc_share_list},
4287 return run_rpc_command(NULL, PI_SRVSVC, 0,
4288 rpc_share_list_internals,
4291 return net_run_function(argc, argv, func, rpc_share_usage);
4294 /****************************************************************************/
4296 static int rpc_file_usage(int argc, const char **argv)
4298 return net_help_file(argc, argv);
4302 * Close a file on a remote RPC server
4304 * All parameters are provided by the run_rpc_command function, except for
4305 * argc, argv which are passes through.
4307 * @param domain_sid The domain sid acquired from the remote server
4308 * @param cli A cli_state connected to the server.
4309 * @param mem_ctx Talloc context, destoyed on completion of the function.
4310 * @param argc Standard main() style argc
4311 * @param argv Standard main() style argv. Initial components are already
4314 * @return Normal NTSTATUS return.
4316 static NTSTATUS rpc_file_close_internals(const DOM_SID *domain_sid,
4317 const char *domain_name,
4318 struct cli_state *cli,
4319 struct rpc_pipe_client *pipe_hnd,
4320 TALLOC_CTX *mem_ctx,
4325 result = rpccli_srvsvc_net_file_close(pipe_hnd, mem_ctx, atoi(argv[0]));
4326 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
4330 * Close a file on a remote RPC server
4332 * @param argc Standard main() style argc
4333 * @param argv Standard main() style argv. Initial components are already
4336 * @return A shell status integer (0 for success)
4338 static int rpc_file_close(int argc, const char **argv)
4341 DEBUG(1, ("No fileid given on close\n"));
4342 return(rpc_file_usage(argc, argv));
4345 return run_rpc_command(NULL, PI_SRVSVC, 0,
4346 rpc_file_close_internals,
4351 * Formatted print of open file info
4353 * @param info3 FILE_INFO_3 contents
4354 * @param str3 strings for FILE_INFO_3
4357 static void display_file_info_3(FILE_INFO_3 *info3, FILE_INFO_3_STR *str3)
4359 fstring user = "", path = "";
4361 rpcstr_pull_unistr2_fstring(user, &str3->uni_user_name);
4362 rpcstr_pull_unistr2_fstring(path, &str3->uni_path_name);
4364 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
4365 info3->id, user, info3->perms, info3->num_locks, path);
4369 * List open files on a remote RPC server
4371 * All parameters are provided by the run_rpc_command function, except for
4372 * argc, argv which are passes through.
4374 * @param domain_sid The domain sid acquired from the remote server
4375 * @param cli A cli_state connected to the server.
4376 * @param mem_ctx Talloc context, destoyed on completion of the function.
4377 * @param argc Standard main() style argc
4378 * @param argv Standard main() style argv. Initial components are already
4381 * @return Normal NTSTATUS return.
4384 static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid,
4385 const char *domain_name,
4386 struct cli_state *cli,
4387 struct rpc_pipe_client *pipe_hnd,
4388 TALLOC_CTX *mem_ctx,
4392 SRV_FILE_INFO_CTR ctr;
4395 uint32 preferred_len = 0xffffffff, i;
4396 const char *username=NULL;
4398 init_enum_hnd(&hnd, 0);
4400 /* if argc > 0, must be user command */
4402 username = smb_xstrdup(argv[0]);
4404 result = rpccli_srvsvc_net_file_enum(pipe_hnd,
4405 mem_ctx, 3, username, &ctr, preferred_len, &hnd);
4407 if (!W_ERROR_IS_OK(result))
4410 /* Display results */
4413 "\nEnumerating open files on remote server:\n\n"\
4414 "\nFileId Opened by Perms Locks Path"\
4415 "\n------ --------- ----- ----- ---- \n");
4416 for (i = 0; i < ctr.num_entries; i++)
4417 display_file_info_3(&ctr.file.info3[i].info_3,
4418 &ctr.file.info3[i].info_3_str);
4420 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
4424 * List files for a user on a remote RPC server
4426 * @param argc Standard main() style argc
4427 * @param argv Standard main() style argv. Initial components are already
4430 * @return A shell status integer (0 for success)
4433 static int rpc_file_user(int argc, const char **argv)
4436 DEBUG(1, ("No username given\n"));
4437 return(rpc_file_usage(argc, argv));
4440 return run_rpc_command(NULL, PI_SRVSVC, 0,
4441 rpc_file_list_internals,
4446 * 'net rpc file' entrypoint.
4447 * @param argc Standard main() style argc
4448 * @param argv Standard main() style argv. Initial components are already
4452 int net_rpc_file(int argc, const char **argv)
4454 struct functable func[] = {
4455 {"close", rpc_file_close},
4456 {"user", rpc_file_user},
4458 {"info", rpc_file_info},
4464 return run_rpc_command(NULL, PI_SRVSVC, 0,
4465 rpc_file_list_internals,
4468 return net_run_function(argc, argv, func, rpc_file_usage);
4472 * ABORT the shutdown of a remote RPC Server over, initshutdown pipe
4474 * All parameters are provided by the run_rpc_command function, except for
4475 * argc, argv which are passed through.
4477 * @param domain_sid The domain sid aquired from the remote server
4478 * @param cli A cli_state connected to the server.
4479 * @param mem_ctx Talloc context, destoyed on compleation of the function.
4480 * @param argc Standard main() style argc
4481 * @param argv Standard main() style argv. Initial components are already
4484 * @return Normal NTSTATUS return.
4487 static NTSTATUS rpc_shutdown_abort_internals(const DOM_SID *domain_sid,
4488 const char *domain_name,
4489 struct cli_state *cli,
4490 struct rpc_pipe_client *pipe_hnd,
4491 TALLOC_CTX *mem_ctx,
4495 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4497 result = rpccli_shutdown_abort(pipe_hnd, mem_ctx);
4499 if (NT_STATUS_IS_OK(result)) {
4500 d_printf("\nShutdown successfully aborted\n");
4501 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
4503 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
4509 * ABORT the shutdown of a remote RPC Server, over winreg pipe
4511 * All parameters are provided by the run_rpc_command function, except for
4512 * argc, argv which are passed through.
4514 * @param domain_sid The domain sid aquired from the remote server
4515 * @param cli A cli_state connected to the server.
4516 * @param mem_ctx Talloc context, destoyed on compleation of the function.
4517 * @param argc Standard main() style argc
4518 * @param argv Standard main() style argv. Initial components are already
4521 * @return Normal NTSTATUS return.
4524 static NTSTATUS rpc_reg_shutdown_abort_internals(const DOM_SID *domain_sid,
4525 const char *domain_name,
4526 struct cli_state *cli,
4527 struct rpc_pipe_client *pipe_hnd,
4528 TALLOC_CTX *mem_ctx,
4532 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4534 result = werror_to_ntstatus(rpccli_reg_abort_shutdown(pipe_hnd, mem_ctx));
4536 if (NT_STATUS_IS_OK(result)) {
4537 d_printf("\nShutdown successfully aborted\n");
4538 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
4540 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
4546 * ABORT the Shut down of a remote RPC server
4548 * @param argc Standard main() style argc
4549 * @param argv Standard main() style argv. Initial components are already
4552 * @return A shell status integer (0 for success)
4555 static int rpc_shutdown_abort(int argc, const char **argv)
4557 int rc = run_rpc_command(NULL, PI_SHUTDOWN, 0,
4558 rpc_shutdown_abort_internals,
4564 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
4566 return run_rpc_command(NULL, PI_WINREG, 0,
4567 rpc_reg_shutdown_abort_internals,
4572 * Shut down a remote RPC Server via initshutdown pipe
4574 * All parameters are provided by the run_rpc_command function, except for
4575 * argc, argv which are passes through.
4577 * @param domain_sid The domain sid aquired from the remote server
4578 * @param cli A cli_state connected to the server.
4579 * @param mem_ctx Talloc context, destoyed on compleation of the function.
4580 * @param argc Standard main() style argc
4581 * @param argc Standard main() style argv. Initial components are already
4584 * @return Normal NTSTATUS return.
4587 static NTSTATUS rpc_init_shutdown_internals(const DOM_SID *domain_sid,
4588 const char *domain_name,
4589 struct cli_state *cli,
4590 struct rpc_pipe_client *pipe_hnd,
4591 TALLOC_CTX *mem_ctx,
4595 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4596 const char *msg = "This machine will be shutdown shortly";
4597 uint32 timeout = 20;
4603 timeout = opt_timeout;
4606 /* create an entry */
4607 result = rpccli_shutdown_init(pipe_hnd, mem_ctx, msg, timeout, opt_reboot,
4610 if (NT_STATUS_IS_OK(result)) {
4611 d_printf("\nShutdown of remote machine succeeded\n");
4612 DEBUG(5,("Shutdown of remote machine succeeded\n"));
4614 DEBUG(1,("Shutdown of remote machine failed!\n"));
4620 * Shut down a remote RPC Server via winreg pipe
4622 * All parameters are provided by the run_rpc_command function, except for
4623 * argc, argv which are passes through.
4625 * @param domain_sid The domain sid aquired from the remote server
4626 * @param cli A cli_state connected to the server.
4627 * @param mem_ctx Talloc context, destoyed on compleation of the function.
4628 * @param argc Standard main() style argc
4629 * @param argc Standard main() style argv. Initial components are already
4632 * @return Normal NTSTATUS return.
4635 static NTSTATUS rpc_reg_shutdown_internals(const DOM_SID *domain_sid,
4636 const char *domain_name,
4637 struct cli_state *cli,
4638 struct rpc_pipe_client *pipe_hnd,
4639 TALLOC_CTX *mem_ctx,
4644 const char *msg = "This machine will be shutdown shortly";
4645 uint32 timeout = 20;
4650 struct poptOption long_options[] = {
4651 {"message", 'm', POPT_ARG_STRING, &msg},
4652 {"timeout", 't', POPT_ARG_INT, &timeout},
4653 {"reboot", 'r', POPT_ARG_NONE, &reboot},
4654 {"force", 'f', POPT_ARG_NONE, &force},
4658 pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
4659 POPT_CONTEXT_KEEP_FIRST);
4661 rc = poptGetNextOpt(pc);
4664 /* an error occurred during option processing */
4665 DEBUG(0, ("%s: %s\n",
4666 poptBadOption(pc, POPT_BADOPTION_NOALIAS),
4668 return NT_STATUS_INVALID_PARAMETER;
4675 timeout = opt_timeout;
4678 /* create an entry */
4679 result = rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force);
4681 if (W_ERROR_IS_OK(result)) {
4682 d_printf("\nShutdown of remote machine succeeded\n");
4684 d_printf("\nShutdown of remote machine failed\n");
4685 if (W_ERROR_EQUAL(result,WERR_MACHINE_LOCKED))
4686 d_printf("\nMachine locked, use -f switch to force\n");
4688 d_printf("\nresult was: %s\n", dos_errstr(result));
4691 return werror_to_ntstatus(result);
4695 * Shut down a remote RPC server
4697 * @param argc Standard main() style argc
4698 * @param argc Standard main() style argv. Initial components are already
4701 * @return A shell status integer (0 for success)
4704 static int rpc_shutdown(int argc, const char **argv)
4706 int rc = run_rpc_command(NULL, PI_SHUTDOWN, 0,
4707 rpc_init_shutdown_internals,
4711 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
4712 rc = run_rpc_command(NULL, PI_WINREG, 0,
4713 rpc_reg_shutdown_internals, argc, argv);
4719 /***************************************************************************
4720 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
4722 ***************************************************************************/
4725 * Add interdomain trust account to the RPC server.
4726 * All parameters (except for argc and argv) are passed by run_rpc_command
4729 * @param domain_sid The domain sid acquired from the server
4730 * @param cli A cli_state connected to the server.
4731 * @param mem_ctx Talloc context, destoyed on completion of the function.
4732 * @param argc Standard main() style argc
4733 * @param argc Standard main() style argv. Initial components are already
4736 * @return normal NTSTATUS return code
4739 static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
4740 const char *domain_name,
4741 struct cli_state *cli,
4742 struct rpc_pipe_client *pipe_hnd,
4743 TALLOC_CTX *mem_ctx,
4747 POLICY_HND connect_pol, domain_pol, user_pol;
4748 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4751 uint32 unknown, user_rid;
4754 d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
4755 return NT_STATUS_INVALID_PARAMETER;
4759 * Make valid trusting domain account (ie. uppercased and with '$' appended)
4762 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
4763 return NT_STATUS_NO_MEMORY;
4766 strupper_m(acct_name);
4768 /* Get samr policy handle */
4769 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
4771 if (!NT_STATUS_IS_OK(result)) {
4775 /* Get domain policy handle */
4776 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
4777 MAXIMUM_ALLOWED_ACCESS,
4778 domain_sid, &domain_pol);
4779 if (!NT_STATUS_IS_OK(result)) {
4783 /* Create trusting domain's account */
4784 acb_info = ACB_NORMAL;
4785 unknown = 0xe00500b0; /* No idea what this is - a permission mask?
4786 mimir: yes, most probably it is */
4788 result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
4789 acct_name, acb_info, unknown,
4790 &user_pol, &user_rid);
4791 if (!NT_STATUS_IS_OK(result)) {
4796 SAM_USERINFO_CTR ctr;
4797 SAM_USER_INFO_23 p23;
4803 encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
4807 ZERO_STRUCT(notime);
4811 memset(hrs.hours, 0xFF, sizeof(hrs.hours));
4812 acb_info = ACB_DOMTRUST;
4814 init_sam_user_info23A(&p23, ¬ime, ¬ime, ¬ime,
4815 ¬ime, ¬ime, ¬ime,
4816 nostr, nostr, nostr, nostr, nostr,
4817 nostr, nostr, nostr, nostr, nostr,
4818 0, 0, acb_info, ACCT_FLAGS, 168, &hrs,
4819 0, 0, (char *)pwbuf);
4820 ctr.switch_value = 23;
4821 ctr.info.id23 = &p23;
4822 p23.passmustchange = 0;
4824 result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23,
4825 &cli->user_session_key, &ctr);
4827 if (!NT_STATUS_IS_OK(result)) {
4828 DEBUG(0,("Could not set trust account password: %s\n",
4829 nt_errstr(result)));
4835 SAFE_FREE(acct_name);
4840 * Create interdomain trust account for a remote domain.
4842 * @param argc standard argc
4843 * @param argv standard argv without initial components
4845 * @return Integer status (0 means success)
4848 static int rpc_trustdom_add(int argc, const char **argv)
4851 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_add_internals,
4854 d_printf("Usage: net rpc trustdom add <domain>\n");
4861 * Remove interdomain trust account from the RPC server.
4862 * All parameters (except for argc and argv) are passed by run_rpc_command
4865 * @param domain_sid The domain sid acquired from the server
4866 * @param cli A cli_state connected to the server.
4867 * @param mem_ctx Talloc context, destoyed on completion of the function.
4868 * @param argc Standard main() style argc
4869 * @param argc Standard main() style argv. Initial components are already
4872 * @return normal NTSTATUS return code
4875 static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
4876 const char *domain_name,
4877 struct cli_state *cli,
4878 struct rpc_pipe_client *pipe_hnd,
4879 TALLOC_CTX *mem_ctx,
4883 POLICY_HND connect_pol, domain_pol, user_pol;
4884 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4887 DOM_SID trust_acct_sid;
4888 uint32 *user_rids, num_rids, *name_types;
4889 uint32 flags = 0x000003e8; /* Unknown */
4892 d_printf("Usage: net rpc trustdom del <domain_name>\n");
4893 return NT_STATUS_INVALID_PARAMETER;
4897 * Make valid trusting domain account (ie. uppercased and with '$' appended)
4899 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
4901 if (acct_name == NULL)
4902 return NT_STATUS_NO_MEMORY;
4904 strupper_m(acct_name);
4906 names = TALLOC_ARRAY(mem_ctx, const char *, 1);
4907 names[0] = acct_name;
4910 /* Get samr policy handle */
4911 result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
4913 if (!NT_STATUS_IS_OK(result)) {
4917 /* Get domain policy handle */
4918 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
4919 MAXIMUM_ALLOWED_ACCESS,
4920 domain_sid, &domain_pol);
4921 if (!NT_STATUS_IS_OK(result)) {
4925 result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, flags, 1,
4927 &user_rids, &name_types);
4929 if (!NT_STATUS_IS_OK(result)) {
4933 result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
4934 MAXIMUM_ALLOWED_ACCESS,
4935 user_rids[0], &user_pol);
4937 if (!NT_STATUS_IS_OK(result)) {
4941 /* append the rid to the domain sid */
4942 sid_copy(&trust_acct_sid, domain_sid);
4943 if (!sid_append_rid(&trust_acct_sid, user_rids[0])) {
4947 /* remove the sid */
4949 result = rpccli_samr_remove_sid_foreign_domain(pipe_hnd, mem_ctx, &user_pol,
4952 if (!NT_STATUS_IS_OK(result)) {
4958 result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
4960 if (!NT_STATUS_IS_OK(result)) {
4964 if (!NT_STATUS_IS_OK(result)) {
4965 DEBUG(0,("Could not set trust account password: %s\n",
4966 nt_errstr(result)));
4975 * Delete interdomain trust account for a remote domain.
4977 * @param argc standard argc
4978 * @param argv standard argv without initial components
4980 * @return Integer status (0 means success)
4983 static int rpc_trustdom_del(int argc, const char **argv)
4986 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_del_internals,
4989 d_printf("Usage: net rpc trustdom del <domain>\n");
4996 * Establish trust relationship to a trusting domain.
4997 * Interdomain account must already be created on remote PDC.
4999 * @param argc standard argc
5000 * @param argv standard argv without initial components
5002 * @return Integer status (0 means success)
5005 static int rpc_trustdom_establish(int argc, const char **argv)
5007 struct cli_state *cli = NULL;
5008 struct in_addr server_ip;
5009 struct rpc_pipe_client *pipe_hnd = NULL;
5010 POLICY_HND connect_hnd;
5011 TALLOC_CTX *mem_ctx;
5013 DOM_SID *domain_sid;
5014 smb_ucs2_t *uni_domain_name;
5017 char* domain_name_pol;
5022 * Connect to \\server\ipc$ as 'our domain' account with password
5026 d_printf("Usage: net rpc trustdom establish <domain_name>\n");
5030 domain_name = smb_xstrdup(argv[0]);
5031 strupper_m(domain_name);
5033 /* account name used at first is our domain's name with '$' */
5034 asprintf(&acct_name, "%s$", lp_workgroup());
5035 strupper_m(acct_name);
5038 * opt_workgroup will be used by connection functions further,
5039 * hence it should be set to remote domain name instead of ours
5041 if (opt_workgroup) {
5042 opt_workgroup = smb_xstrdup(domain_name);
5045 opt_user_name = acct_name;
5047 /* find the domain controller */
5048 if (!net_find_pdc(&server_ip, pdc_name, domain_name)) {
5049 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
5053 /* connect to ipc$ as username/password */
5054 nt_status = connect_to_ipc(&cli, &server_ip, pdc_name);
5055 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
5057 /* Is it trusting domain account for sure ? */
5058 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
5059 nt_errstr(nt_status)));
5064 * Connect to \\server\ipc$ again (this time anonymously)
5067 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, (char*)pdc_name);
5069 if (NT_STATUS_IS_ERR(nt_status)) {
5070 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
5071 domain_name, nt_errstr(nt_status)));
5075 * Use NetServerEnum2 to make sure we're talking to a proper server
5078 if (!cli_get_pdc_name(cli, domain_name, (char*)pdc_name)) {
5079 DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\
5080 for domain %s\n", domain_name));
5083 if (!(mem_ctx = talloc_init("establishing trust relationship to "
5084 "domain %s", domain_name))) {
5085 DEBUG(0, ("talloc_init() failed\n"));
5091 * Call LsaOpenPolicy and LsaQueryInfo
5094 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
5096 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
5101 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
5103 if (NT_STATUS_IS_ERR(nt_status)) {
5104 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5105 nt_errstr(nt_status)));
5110 /* Querying info level 5 */
5112 nt_status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &connect_hnd,
5114 &domain_name_pol, &domain_sid);
5115 if (NT_STATUS_IS_ERR(nt_status)) {
5116 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5117 nt_errstr(nt_status)));
5122 if (push_ucs2_talloc(mem_ctx, &uni_domain_name, domain_name_pol) == (size_t)-1) {
5123 DEBUG(0, ("Could not convert domain name %s to unicode\n",
5129 /* There should be actually query info level 3 (following nt serv behaviour),
5130 but I still don't know if it's _really_ necessary */
5133 * Store the password in secrets db
5136 if (!secrets_store_trusted_domain_password(domain_name,
5138 strlen_w(uni_domain_name)+1,
5141 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5147 * Close the pipes and clean up
5150 nt_status = rpccli_lsa_close(pipe_hnd, mem_ctx, &connect_hnd);
5151 if (NT_STATUS_IS_ERR(nt_status)) {
5152 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
5153 nt_errstr(nt_status)));
5160 talloc_destroy(mem_ctx);
5162 d_printf("Trust to domain %s established\n", domain_name);
5167 * Revoke trust relationship to the remote domain
5169 * @param argc standard argc
5170 * @param argv standard argv without initial components
5172 * @return Integer status (0 means success)
5175 static int rpc_trustdom_revoke(int argc, const char **argv)
5179 if (argc < 1) return -1;
5181 /* generate upper cased domain name */
5182 domain_name = smb_xstrdup(argv[0]);
5183 strupper_m(domain_name);
5185 /* delete password of the trust */
5186 if (!trusted_domain_password_delete(domain_name)) {
5187 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
5196 * Usage for 'net rpc trustdom' command
5198 * @param argc standard argc
5199 * @param argv standard argv without inital components
5201 * @return Integer status returned to shell
5204 static int rpc_trustdom_usage(int argc, const char **argv)
5206 d_printf(" net rpc trustdom add \t\t add trusting domain's account\n");
5207 d_printf(" net rpc trustdom del \t\t delete trusting domain's account\n");
5208 d_printf(" net rpc trustdom establish \t establish relationship to trusted domain\n");
5209 d_printf(" net rpc trustdom revoke \t abandon relationship to trusted domain\n");
5210 d_printf(" net rpc trustdom list \t show current interdomain trust relationships\n");
5211 d_printf(" net rpc trustdom vampire \t vampire interdomain trust relationships from remote server\n");
5216 static NTSTATUS rpc_query_domain_sid(const DOM_SID *domain_sid,
5217 const char *domain_name,
5218 struct cli_state *cli,
5219 struct rpc_pipe_client *pipe_hnd,
5220 TALLOC_CTX *mem_ctx,
5225 sid_to_string(str_sid, domain_sid);
5226 d_printf("%s\n", str_sid);
5227 return NT_STATUS_OK;
5230 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
5232 fstring ascii_sid, padding;
5233 int pad_len, col_len = 20;
5235 /* convert sid into ascii string */
5236 sid_to_string(ascii_sid, dom_sid);
5238 /* calculate padding space for d_printf to look nicer */
5239 pad_len = col_len - strlen(trusted_dom_name);
5240 padding[pad_len] = 0;
5241 do padding[--pad_len] = ' '; while (pad_len);
5243 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
5246 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
5247 TALLOC_CTX *mem_ctx,
5250 const char *trusted_dom_name)
5253 LSA_TRUSTED_DOMAIN_INFO *info;
5254 char *cleartextpwd = NULL;
5256 smb_ucs2_t *uni_dom_name;
5258 nt_status = rpccli_lsa_query_trusted_domain_info_by_sid(pipe_hnd, mem_ctx, pol, 4, &dom_sid, &info);
5260 if (NT_STATUS_IS_ERR(nt_status)) {
5261 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
5262 nt_errstr(nt_status)));
5266 data = data_blob(NULL, info->password.password.length);
5268 memcpy(data.data, info->password.password.data, info->password.password.length);
5269 data.length = info->password.password.length;
5271 cleartextpwd = decrypt_trustdom_secret(pipe_hnd->cli->pwd.password, &data);
5273 if (cleartextpwd == NULL) {
5274 DEBUG(0,("retrieved NULL password\n"));
5275 nt_status = NT_STATUS_UNSUCCESSFUL;
5279 if (push_ucs2_talloc(mem_ctx, &uni_dom_name, trusted_dom_name) == (size_t)-1) {
5280 DEBUG(0, ("Could not convert domain name %s to unicode\n",
5282 nt_status = NT_STATUS_UNSUCCESSFUL;
5286 if (!secrets_store_trusted_domain_password(trusted_dom_name,
5288 strlen_w(uni_dom_name)+1,
5291 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5292 nt_status = NT_STATUS_UNSUCCESSFUL;
5296 DEBUG(100,("sucessfully vampired trusted domain [%s], sid: [%s], password: [%s]\n",
5297 trusted_dom_name, sid_string_static(&dom_sid), cleartextpwd));
5300 SAFE_FREE(cleartextpwd);
5301 data_blob_free(&data);
5306 static int rpc_trustdom_vampire(int argc, const char **argv)
5308 /* common variables */
5309 TALLOC_CTX* mem_ctx;
5310 struct cli_state *cli = NULL;
5311 struct rpc_pipe_client *pipe_hnd = NULL;
5313 const char *domain_name = NULL;
5314 DOM_SID *queried_dom_sid;
5315 POLICY_HND connect_hnd;
5317 /* trusted domains listing variables */
5318 unsigned int num_domains, enum_ctx = 0;
5320 DOM_SID *domain_sids;
5321 char **trusted_dom_names;
5326 * Listing trusted domains (stored in secrets.tdb, if local)
5329 mem_ctx = talloc_init("trust relationships vampire");
5332 * set domain and pdc name to local samba server (default)
5333 * or to remote one given in command line
5336 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
5337 domain_name = opt_workgroup;
5338 opt_target_workgroup = opt_workgroup;
5340 fstrcpy(pdc_name, global_myname());
5341 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
5342 opt_target_workgroup = domain_name;
5345 /* open \PIPE\lsarpc and open policy handle */
5346 if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) {
5347 DEBUG(0, ("Couldn't connect to domain controller\n"));
5351 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
5353 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
5354 nt_errstr(nt_status) ));
5359 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
5361 if (NT_STATUS_IS_ERR(nt_status)) {
5362 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5363 nt_errstr(nt_status)));
5368 /* query info level 5 to obtain sid of a domain being queried */
5369 nt_status = rpccli_lsa_query_info_policy(
5370 pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */,
5371 &dummy, &queried_dom_sid);
5373 if (NT_STATUS_IS_ERR(nt_status)) {
5374 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5375 nt_errstr(nt_status)));
5381 * Keep calling LsaEnumTrustdom over opened pipe until
5382 * the end of enumeration is reached
5385 d_printf("Vampire trusted domains:\n\n");
5388 nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
5390 &trusted_dom_names, &domain_sids);
5392 if (NT_STATUS_IS_ERR(nt_status)) {
5393 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
5394 nt_errstr(nt_status)));
5399 for (i = 0; i < num_domains; i++) {
5401 print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
5403 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
5404 domain_sids[i], trusted_dom_names[i]);
5405 if (!NT_STATUS_IS_OK(nt_status)) {
5412 * in case of no trusted domains say something rather
5413 * than just display blank line
5415 if (!num_domains) d_printf("none\n");
5417 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
5419 /* close this connection before doing next one */
5420 nt_status = rpccli_lsa_close(pipe_hnd, mem_ctx, &connect_hnd);
5421 if (NT_STATUS_IS_ERR(nt_status)) {
5422 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
5423 nt_errstr(nt_status)));
5428 /* close lsarpc pipe and connection to IPC$ */
5431 talloc_destroy(mem_ctx);
5435 static int rpc_trustdom_list(int argc, const char **argv)
5437 /* common variables */
5438 TALLOC_CTX* mem_ctx;
5439 struct cli_state *cli = NULL, *remote_cli = NULL;
5440 struct rpc_pipe_client *pipe_hnd = NULL;
5442 const char *domain_name = NULL;
5443 DOM_SID *queried_dom_sid;
5445 int ascii_dom_name_len;
5446 POLICY_HND connect_hnd;
5448 /* trusted domains listing variables */
5449 unsigned int num_domains, enum_ctx = 0;
5450 int i, pad_len, col_len = 20;
5451 DOM_SID *domain_sids;
5452 char **trusted_dom_names;
5456 /* trusting domains listing variables */
5457 POLICY_HND domain_hnd;
5458 char **trusting_dom_names;
5459 uint32 *trusting_dom_rids;
5462 * Listing trusted domains (stored in secrets.tdb, if local)
5465 mem_ctx = talloc_init("trust relationships listing");
5468 * set domain and pdc name to local samba server (default)
5469 * or to remote one given in command line
5472 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
5473 domain_name = opt_workgroup;
5474 opt_target_workgroup = opt_workgroup;
5476 fstrcpy(pdc_name, global_myname());
5477 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
5478 opt_target_workgroup = domain_name;
5481 /* open \PIPE\lsarpc and open policy handle */
5482 if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) {
5483 DEBUG(0, ("Couldn't connect to domain controller\n"));
5487 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
5489 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
5490 nt_errstr(nt_status) ));
5494 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
5496 if (NT_STATUS_IS_ERR(nt_status)) {
5497 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5498 nt_errstr(nt_status)));
5502 /* query info level 5 to obtain sid of a domain being queried */
5503 nt_status = rpccli_lsa_query_info_policy(
5504 pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */,
5505 &dummy, &queried_dom_sid);
5507 if (NT_STATUS_IS_ERR(nt_status)) {
5508 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5509 nt_errstr(nt_status)));
5514 * Keep calling LsaEnumTrustdom over opened pipe until
5515 * the end of enumeration is reached
5518 d_printf("Trusted domains list:\n\n");
5521 nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
5523 &trusted_dom_names, &domain_sids);
5525 if (NT_STATUS_IS_ERR(nt_status)) {
5526 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
5527 nt_errstr(nt_status)));
5531 for (i = 0; i < num_domains; i++) {
5532 print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
5536 * in case of no trusted domains say something rather
5537 * than just display blank line
5539 if (!num_domains) d_printf("none\n");
5541 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
5543 /* close this connection before doing next one */
5544 nt_status = rpccli_lsa_close(pipe_hnd, mem_ctx, &connect_hnd);
5545 if (NT_STATUS_IS_ERR(nt_status)) {
5546 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
5547 nt_errstr(nt_status)));
5551 cli_rpc_pipe_close(pipe_hnd);
5554 * Listing trusting domains (stored in passdb backend, if local)
5557 d_printf("\nTrusting domains list:\n\n");
5560 * Open \PIPE\samr and get needed policy handles
5562 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status);
5564 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
5569 nt_status = rpccli_samr_connect(pipe_hnd, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
5571 if (!NT_STATUS_IS_OK(nt_status)) {
5572 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
5573 nt_errstr(nt_status)));
5577 /* SamrOpenDomain - we have to open domain policy handle in order to be
5578 able to enumerate accounts*/
5579 nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd,
5580 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
5581 queried_dom_sid, &domain_hnd);
5582 if (!NT_STATUS_IS_OK(nt_status)) {
5583 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
5584 nt_errstr(nt_status)));
5589 * perform actual enumeration
5592 enum_ctx = 0; /* reset enumeration context from last enumeration */
5595 nt_status = rpccli_samr_enum_dom_users(pipe_hnd, mem_ctx, &domain_hnd,
5596 &enum_ctx, ACB_DOMTRUST, 0xffff,
5597 &trusting_dom_names, &trusting_dom_rids,
5599 if (NT_STATUS_IS_ERR(nt_status)) {
5600 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
5601 nt_errstr(nt_status)));
5605 for (i = 0; i < num_domains; i++) {
5608 * get each single domain's sid (do we _really_ need this ?):
5609 * 1) connect to domain's pdc
5610 * 2) query the pdc for domain's sid
5613 /* get rid of '$' tail */
5614 ascii_dom_name_len = strlen(trusting_dom_names[i]);
5615 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
5616 trusting_dom_names[i][ascii_dom_name_len - 1] = '\0';
5618 /* calculate padding space for d_printf to look nicer */
5619 pad_len = col_len - strlen(trusting_dom_names[i]);
5620 padding[pad_len] = 0;
5621 do padding[--pad_len] = ' '; while (pad_len);
5623 /* set opt_* variables to remote domain */
5624 strupper_m(trusting_dom_names[i]);
5625 opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]);
5626 opt_target_workgroup = opt_workgroup;
5628 d_printf("%s%s", trusting_dom_names[i], padding);
5630 /* connect to remote domain controller */
5631 remote_cli = net_make_ipc_connection(NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS);
5633 /* query for domain's sid */
5634 if (run_rpc_command(remote_cli, PI_LSARPC, 0, rpc_query_domain_sid, argc, argv))
5635 d_printf("couldn't get domain's sid\n");
5637 cli_shutdown(remote_cli);
5640 d_printf("domain controller is not responding\n");
5644 if (!num_domains) d_printf("none\n");
5646 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
5648 /* close opened samr and domain policy handles */
5649 nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd);
5650 if (!NT_STATUS_IS_OK(nt_status)) {
5651 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
5654 nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd);
5655 if (!NT_STATUS_IS_OK(nt_status)) {
5656 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
5659 /* close samr pipe and connection to IPC$ */
5662 talloc_destroy(mem_ctx);
5667 * Entrypoint for 'net rpc trustdom' code
5669 * @param argc standard argc
5670 * @param argv standard argv without initial components
5672 * @return Integer status (0 means success)
5675 static int rpc_trustdom(int argc, const char **argv)
5677 struct functable func[] = {
5678 {"add", rpc_trustdom_add},
5679 {"del", rpc_trustdom_del},
5680 {"establish", rpc_trustdom_establish},
5681 {"revoke", rpc_trustdom_revoke},
5682 {"help", rpc_trustdom_usage},
5683 {"list", rpc_trustdom_list},
5684 {"vampire", rpc_trustdom_vampire},
5689 rpc_trustdom_usage(argc, argv);
5693 return (net_run_function(argc, argv, func, rpc_user_usage));
5697 * Check if a server will take rpc commands
5698 * @param flags Type of server to connect to (PDC, DMB, localhost)
5699 * if the host is not explicitly specified
5700 * @return BOOL (true means rpc supported)
5702 BOOL net_rpc_check(unsigned flags)
5704 struct cli_state cli;
5706 struct in_addr server_ip;
5707 char *server_name = NULL;
5709 /* flags (i.e. server type) may depend on command */
5710 if (!net_find_server(flags, &server_ip, &server_name))
5714 if (cli_initialise(&cli) == False)
5717 if (!cli_connect(&cli, server_name, &server_ip))
5719 if (!attempt_netbios_session_request(&cli, global_myname(),
5720 server_name, &server_ip))
5722 if (!cli_negprot(&cli))
5724 if (cli.protocol < PROTOCOL_NT1)
5733 /* dump sam database via samsync rpc calls */
5734 static int rpc_samdump(int argc, const char **argv) {
5735 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS, rpc_samdump_internals,
5739 /* syncronise sam database via samsync rpc calls */
5740 static int rpc_vampire(int argc, const char **argv) {
5741 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS, rpc_vampire_internals,
5746 * Migrate everything from a print-server
5748 * @param argc Standard main() style argc
5749 * @param argv Standard main() style argv. Initial components are already
5752 * @return A shell status integer (0 for success)
5754 * The order is important !
5755 * To successfully add drivers the print-queues have to exist !
5756 * Applying ACLs should be the last step, because you're easily locked out
5759 static int rpc_printer_migrate_all(int argc, const char **argv)
5764 printf("no server to migrate\n");
5768 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_printers_internals, argc, argv);
5772 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_drivers_internals, argc, argv);
5776 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_forms_internals, argc, argv);
5780 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_settings_internals, argc, argv);
5784 return run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_security_internals, argc, argv);
5789 * Migrate print-drivers from a print-server
5791 * @param argc Standard main() style argc
5792 * @param argv Standard main() style argv. Initial components are already
5795 * @return A shell status integer (0 for success)
5797 static int rpc_printer_migrate_drivers(int argc, const char **argv)
5800 printf("no server to migrate\n");
5804 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5805 rpc_printer_migrate_drivers_internals,
5810 * Migrate print-forms from a print-server
5812 * @param argc Standard main() style argc
5813 * @param argv Standard main() style argv. Initial components are already
5816 * @return A shell status integer (0 for success)
5818 static int rpc_printer_migrate_forms(int argc, const char **argv)
5821 printf("no server to migrate\n");
5825 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5826 rpc_printer_migrate_forms_internals,
5831 * Migrate printers from a print-server
5833 * @param argc Standard main() style argc
5834 * @param argv Standard main() style argv. Initial components are already
5837 * @return A shell status integer (0 for success)
5839 static int rpc_printer_migrate_printers(int argc, const char **argv)
5842 printf("no server to migrate\n");
5846 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5847 rpc_printer_migrate_printers_internals,
5852 * Migrate printer-ACLs from a print-server
5854 * @param argc Standard main() style argc
5855 * @param argv Standard main() style argv. Initial components are already
5858 * @return A shell status integer (0 for success)
5860 static int rpc_printer_migrate_security(int argc, const char **argv)
5863 printf("no server to migrate\n");
5867 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5868 rpc_printer_migrate_security_internals,
5873 * Migrate printer-settings from a print-server
5875 * @param argc Standard main() style argc
5876 * @param argv Standard main() style argv. Initial components are already
5879 * @return A shell status integer (0 for success)
5881 static int rpc_printer_migrate_settings(int argc, const char **argv)
5884 printf("no server to migrate\n");
5888 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5889 rpc_printer_migrate_settings_internals,
5894 * 'net rpc printer' entrypoint.
5895 * @param argc Standard main() style argc
5896 * @param argv Standard main() style argv. Initial components are already
5900 int rpc_printer_migrate(int argc, const char **argv)
5903 /* ouch: when addriver and setdriver are called from within
5904 rpc_printer_migrate_drivers_internals, the printer-queue already
5907 struct functable func[] = {
5908 {"all", rpc_printer_migrate_all},
5909 {"drivers", rpc_printer_migrate_drivers},
5910 {"forms", rpc_printer_migrate_forms},
5911 {"help", rpc_printer_usage},
5912 {"printers", rpc_printer_migrate_printers},
5913 {"security", rpc_printer_migrate_security},
5914 {"settings", rpc_printer_migrate_settings},
5918 return net_run_function(argc, argv, func, rpc_printer_usage);
5923 * List printers on a remote RPC server
5925 * @param argc Standard main() style argc
5926 * @param argv Standard main() style argv. Initial components are already
5929 * @return A shell status integer (0 for success)
5931 static int rpc_printer_list(int argc, const char **argv)
5934 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5935 rpc_printer_list_internals,
5940 * List printer-drivers on a remote RPC server
5942 * @param argc Standard main() style argc
5943 * @param argv Standard main() style argv. Initial components are already
5946 * @return A shell status integer (0 for success)
5948 static int rpc_printer_driver_list(int argc, const char **argv)
5951 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5952 rpc_printer_driver_list_internals,
5957 * Publish printer in ADS via MSRPC
5959 * @param argc Standard main() style argc
5960 * @param argv Standard main() style argv. Initial components are already
5963 * @return A shell status integer (0 for success)
5965 static int rpc_printer_publish_publish(int argc, const char **argv)
5968 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5969 rpc_printer_publish_publish_internals,
5974 * Update printer in ADS via MSRPC
5976 * @param argc Standard main() style argc
5977 * @param argv Standard main() style argv. Initial components are already
5980 * @return A shell status integer (0 for success)
5982 static int rpc_printer_publish_update(int argc, const char **argv)
5985 return run_rpc_command(NULL, PI_SPOOLSS, 0,
5986 rpc_printer_publish_update_internals,
5991 * UnPublish printer in ADS via MSRPC
5993 * @param argc Standard main() style argc
5994 * @param argv Standard main() style argv. Initial components are already
5997 * @return A shell status integer (0 for success)
5999 static int rpc_printer_publish_unpublish(int argc, const char **argv)
6002 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6003 rpc_printer_publish_unpublish_internals,
6008 * List published printers via MSRPC
6010 * @param argc Standard main() style argc
6011 * @param argv Standard main() style argv. Initial components are already
6014 * @return A shell status integer (0 for success)
6016 static int rpc_printer_publish_list(int argc, const char **argv)
6019 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6020 rpc_printer_publish_list_internals,
6026 * Publish printer in ADS
6028 * @param argc Standard main() style argc
6029 * @param argv Standard main() style argv. Initial components are already
6032 * @return A shell status integer (0 for success)
6034 static int rpc_printer_publish(int argc, const char **argv)
6037 struct functable func[] = {
6038 {"publish", rpc_printer_publish_publish},
6039 {"update", rpc_printer_publish_update},
6040 {"unpublish", rpc_printer_publish_unpublish},
6041 {"list", rpc_printer_publish_list},
6042 {"help", rpc_printer_usage},
6047 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6048 rpc_printer_publish_list_internals,
6051 return net_run_function(argc, argv, func, rpc_printer_usage);
6057 * Display rpc printer help page.
6058 * @param argc Standard main() style argc
6059 * @param argv Standard main() style argv. Initial components are already
6062 int rpc_printer_usage(int argc, const char **argv)
6064 return net_help_printer(argc, argv);
6068 * 'net rpc printer' entrypoint.
6069 * @param argc Standard main() style argc
6070 * @param argv Standard main() style argv. Initial components are already
6073 int net_rpc_printer(int argc, const char **argv)
6075 struct functable func[] = {
6076 {"list", rpc_printer_list},
6077 {"migrate", rpc_printer_migrate},
6078 {"driver", rpc_printer_driver_list},
6079 {"publish", rpc_printer_publish},
6084 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6085 rpc_printer_list_internals,
6088 return net_run_function(argc, argv, func, rpc_printer_usage);
6091 /****************************************************************************/
6095 * Basic usage function for 'net rpc'
6096 * @param argc Standard main() style argc
6097 * @param argv Standard main() style argv. Initial components are already
6101 int net_rpc_usage(int argc, const char **argv)
6103 d_printf(" net rpc info \t\t\tshow basic info about a domain \n");
6104 d_printf(" net rpc join \t\t\tto join a domain \n");
6105 d_printf(" net rpc oldjoin \t\t\tto join a domain created in server manager\n");
6106 d_printf(" net rpc testjoin \t\ttests that a join is valid\n");
6107 d_printf(" net rpc user \t\t\tto add, delete and list users\n");
6108 d_printf(" net rpc password <username> [<password>] -Uadmin_username%%admin_pass\n");
6109 d_printf(" net rpc group \t\tto list groups\n");
6110 d_printf(" net rpc share \t\tto add, delete, list and migrate shares\n");
6111 d_printf(" net rpc printer \t\tto list and migrate printers\n");
6112 d_printf(" net rpc file \t\t\tto list open files\n");
6113 d_printf(" net rpc changetrustpw \tto change the trust account password\n");
6114 d_printf(" net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
6115 d_printf(" net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
6116 d_printf(" net rpc samdump \t\tdiplay an NT PDC's users, groups and other data\n");
6117 d_printf(" net rpc trustdom \t\tto create trusting domain's account or establish trust\n");
6118 d_printf(" net rpc abortshutdown \tto abort the shutdown of a remote server\n");
6119 d_printf(" net rpc shutdown \t\tto shutdown a remote server\n");
6120 d_printf(" net rpc rights\t\tto manage privileges assigned to SIDs\n");
6121 d_printf(" net rpc registry\t\tto manage registry hives\n");
6122 d_printf(" net rpc service\t\tto start, stop and query services\n");
6124 d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
6125 d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
6126 d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
6127 d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
6128 d_printf("\t-C or --comment=<message>\ttext message to display on impending shutdown\n");
6134 * Help function for 'net rpc'. Calls command specific help if requested
6135 * or displays usage of net rpc
6136 * @param argc Standard main() style argc
6137 * @param argv Standard main() style argv. Initial components are already
6141 int net_rpc_help(int argc, const char **argv)
6143 struct functable func[] = {
6144 {"join", rpc_join_usage},
6145 {"user", rpc_user_usage},
6146 {"group", rpc_group_usage},
6147 {"share", rpc_share_usage},
6148 /*{"changetrustpw", rpc_changetrustpw_usage}, */
6149 {"trustdom", rpc_trustdom_usage},
6150 /*{"abortshutdown", rpc_shutdown_abort_usage},*/
6151 /*{"shutdown", rpc_shutdown_usage}, */
6152 {"vampire", rpc_vampire_usage},
6157 net_rpc_usage(argc, argv);
6161 return (net_run_function(argc, argv, func, rpc_user_usage));
6166 * 'net rpc' entrypoint.
6167 * @param argc Standard main() style argc
6168 * @param argv Standard main() style argv. Initial components are already
6172 int net_rpc(int argc, const char **argv)
6174 struct functable func[] = {
6175 {"info", net_rpc_info},
6176 {"join", net_rpc_join},
6177 {"oldjoin", net_rpc_oldjoin},
6178 {"testjoin", net_rpc_testjoin},
6179 {"user", net_rpc_user},
6180 {"password", rpc_user_password},
6181 {"group", net_rpc_group},
6182 {"share", net_rpc_share},
6183 {"file", net_rpc_file},
6184 {"printer", net_rpc_printer},
6185 {"changetrustpw", net_rpc_changetrustpw},
6186 {"trustdom", rpc_trustdom},
6187 {"abortshutdown", rpc_shutdown_abort},
6188 {"shutdown", rpc_shutdown},
6189 {"samdump", rpc_samdump},
6190 {"vampire", rpc_vampire},
6191 {"getsid", net_rpc_getsid},
6192 {"rights", net_rpc_rights},
6193 {"service", net_rpc_service},
6194 {"registry", net_rpc_registry},
6195 {"help", net_rpc_help},
6198 return net_run_function(argc, argv, func, net_rpc_usage);
git.samba.org / samba.git / blob