2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
29 extern const char *share_type[];
34 * @brief RPC based subcommands for the 'net' utility.
36 * This file should contain much of the functionality that used to
37 * be found in rpcclient, execpt that the commands should change
38 * less often, and the fucntionality should be sane (the user is not
39 * expected to know a rid/sid before they conduct an operation etc.)
41 * @todo Perhaps eventually these should be split out into a number
42 * of files, as this could get quite big.
47 * Many of the RPC functions need the domain sid. This function gets
48 * it at the start of every run
50 * @param cli A cli_state already connected to the remote machine
52 * @return The Domain SID of the remote machine.
55 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
57 const char **domain_name)
59 struct rpc_pipe_client *lsa_pipe;
61 NTSTATUS result = NT_STATUS_OK;
62 union lsa_PolicyInformation *info = NULL;
64 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
66 if (!NT_STATUS_IS_OK(result)) {
67 d_fprintf(stderr, "Could not initialise lsa pipe\n");
71 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
72 SEC_RIGHTS_MAXIMUM_ALLOWED,
74 if (!NT_STATUS_IS_OK(result)) {
75 d_fprintf(stderr, "open_policy failed: %s\n",
80 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
82 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
84 if (!NT_STATUS_IS_OK(result)) {
85 d_fprintf(stderr, "lsaquery failed: %s\n",
90 *domain_name = info->account_domain.name.string;
91 *domain_sid = info->account_domain.sid;
93 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
94 TALLOC_FREE(lsa_pipe);
100 * Run a single RPC command, from start to finish.
102 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
103 * @param conn_flag a NET_FLAG_ combination. Passed to
104 * net_make_ipc_connection.
105 * @param argc Standard main() style argc.
106 * @param argv Standard main() style argv. Initial components are already
108 * @return A shell status integer (0 for success).
111 int run_rpc_command(struct net_context *c,
112 struct cli_state *cli_arg,
113 const struct ndr_syntax_id *interface,
119 struct cli_state *cli = NULL;
120 struct rpc_pipe_client *pipe_hnd = NULL;
124 const char *domain_name;
126 /* make use of cli_state handed over as an argument, if possible */
128 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
129 if (!NT_STATUS_IS_OK(nt_status)) {
130 DEBUG(1, ("failed to make ipc connection: %s\n",
131 nt_errstr(nt_status)));
144 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
145 DEBUG(0, ("talloc_init() failed\n"));
150 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
152 if (!NT_STATUS_IS_OK(nt_status)) {
157 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
158 if (lp_client_schannel()
159 && (ndr_syntax_id_equal(interface,
160 &ndr_table_netlogon.syntax_id))) {
161 /* Always try and create an schannel netlogon pipe. */
162 nt_status = cli_rpc_pipe_open_schannel(
164 PIPE_AUTH_LEVEL_PRIVACY, domain_name,
166 if (!NT_STATUS_IS_OK(nt_status)) {
167 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
168 nt_errstr(nt_status) ));
173 if (conn_flags & NET_FLAGS_SEAL) {
174 nt_status = cli_rpc_pipe_open_ntlmssp(
176 PIPE_AUTH_LEVEL_PRIVACY,
177 lp_workgroup(), c->opt_user_name,
178 c->opt_password, &pipe_hnd);
180 nt_status = cli_rpc_pipe_open_noauth(
184 if (!NT_STATUS_IS_OK(nt_status)) {
185 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
186 cli_get_pipe_name_from_iface(
187 debug_ctx(), cli, interface),
188 nt_errstr(nt_status) ));
195 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
197 if (!NT_STATUS_IS_OK(nt_status)) {
198 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
200 DEBUG(5, ("rpc command function succedded\n"));
203 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
205 TALLOC_FREE(pipe_hnd);
209 /* close the connection only if it was opened here */
214 talloc_destroy(mem_ctx);
215 return (!NT_STATUS_IS_OK(nt_status));
219 * Force a change of the trust acccount password.
221 * All parameters are provided by the run_rpc_command function, except for
222 * argc, argv which are passed through.
224 * @param domain_sid The domain sid acquired from the remote server.
225 * @param cli A cli_state connected to the server.
226 * @param mem_ctx Talloc context, destroyed on completion of the function.
227 * @param argc Standard main() style argc.
228 * @param argv Standard main() style argv. Initial components are already
231 * @return Normal NTSTATUS return.
234 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
235 const DOM_SID *domain_sid,
236 const char *domain_name,
237 struct cli_state *cli,
238 struct rpc_pipe_client *pipe_hnd,
244 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
248 * Force a change of the trust acccount password.
250 * @param argc Standard main() style argc.
251 * @param argv Standard main() style argv. Initial components are already
254 * @return A shell status integer (0 for success).
257 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
259 if (c->display_usage) {
261 "net rpc changetrustpw\n"
262 " Change the machine trust password\n");
266 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
267 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
268 rpc_changetrustpw_internals,
273 * Join a domain, the old way.
275 * This uses 'machinename' as the inital password, and changes it.
277 * The password should be created with 'server manager' or equiv first.
279 * All parameters are provided by the run_rpc_command function, except for
280 * argc, argv which are passed through.
282 * @param domain_sid The domain sid acquired from the remote server.
283 * @param cli A cli_state connected to the server.
284 * @param mem_ctx Talloc context, destroyed on completion of the function.
285 * @param argc Standard main() style argc.
286 * @param argv Standard main() style argv. Initial components are already
289 * @return Normal NTSTATUS return.
292 static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
293 const DOM_SID *domain_sid,
294 const char *domain_name,
295 struct cli_state *cli,
296 struct rpc_pipe_client *pipe_hnd,
302 fstring trust_passwd;
303 unsigned char orig_trust_passwd_hash[16];
305 uint32 sec_channel_type;
307 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
309 if (!NT_STATUS_IS_OK(result)) {
310 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
313 nt_errstr(result) ));
318 check what type of join - if the user want's to join as
319 a BDC, the server must agree that we are a BDC.
322 sec_channel_type = get_sec_channel_type(argv[0]);
324 sec_channel_type = get_sec_channel_type(NULL);
327 fstrcpy(trust_passwd, global_myname());
328 strlower_m(trust_passwd);
331 * Machine names can be 15 characters, but the max length on
332 * a password is 14. --jerry
335 trust_passwd[14] = '\0';
337 E_md4hash(trust_passwd, orig_trust_passwd_hash);
339 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
340 orig_trust_passwd_hash,
343 if (NT_STATUS_IS_OK(result))
344 printf("Joined domain %s.\n", c->opt_target_workgroup);
347 if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
348 DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
349 result = NT_STATUS_UNSUCCESSFUL;
356 * Join a domain, the old way.
358 * @param argc Standard main() style argc.
359 * @param argv Standard main() style argv. Initial components are already
362 * @return A shell status integer (0 for success).
365 static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
367 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
368 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
369 rpc_oldjoin_internals,
374 * Join a domain, the old way. This function exists to allow
375 * the message to be displayed when oldjoin was explicitly
376 * requested, but not when it was implied by "net rpc join".
378 * @param argc Standard main() style argc.
379 * @param argv Standard main() style argv. Initial components are already
382 * @return A shell status integer (0 for success).
385 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
389 if (c->display_usage) {
392 " Join a domain the old way\n");
396 rc = net_rpc_perform_oldjoin(c, argc, argv);
399 d_fprintf(stderr, "Failed to join domain\n");
406 * 'net rpc join' entrypoint.
407 * @param argc Standard main() style argc.
408 * @param argv Standard main() style argv. Initial components are already
411 * Main 'net_rpc_join()' (where the admin username/password is used) is
413 * Try to just change the password, but if that doesn't work, use/prompt
414 * for a username/password.
417 int net_rpc_join(struct net_context *c, int argc, const char **argv)
419 if (c->display_usage) {
421 "net rpc join -U <username>[%%password] <type>\n"
423 " username\tName of the admin user"
424 " password\tPassword of the admin user, will "
425 "prompt if not specified\n"
426 " type\tCan be one of the following:\n"
427 "\t\tMEMBER\tJoin as member server (default)\n"
428 "\t\tBDC\tJoin as BDC\n"
429 "\t\tPDC\tJoin as PDC\n");
433 if (lp_server_role() == ROLE_STANDALONE) {
434 d_printf("cannot join as standalone machine\n");
438 if (strlen(global_myname()) > 15) {
439 d_printf("Our netbios name can be at most 15 chars long, "
440 "\"%s\" is %u chars long\n",
441 global_myname(), (unsigned int)strlen(global_myname()));
445 if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
448 return net_rpc_join_newstyle(c, argc, argv);
452 * display info about a rpc domain
454 * All parameters are provided by the run_rpc_command function, except for
455 * argc, argv which are passed through.
457 * @param domain_sid The domain sid acquired from the remote server
458 * @param cli A cli_state connected to the server.
459 * @param mem_ctx Talloc context, destroyed on completion of the function.
460 * @param argc Standard main() style argc.
461 * @param argv Standard main() style argv. Initial components are already
464 * @return Normal NTSTATUS return.
467 NTSTATUS rpc_info_internals(struct net_context *c,
468 const DOM_SID *domain_sid,
469 const char *domain_name,
470 struct cli_state *cli,
471 struct rpc_pipe_client *pipe_hnd,
476 POLICY_HND connect_pol, domain_pol;
477 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
478 union samr_DomainInfo *info = NULL;
481 sid_to_fstring(sid_str, domain_sid);
483 /* Get sam policy handle */
484 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
486 MAXIMUM_ALLOWED_ACCESS,
488 if (!NT_STATUS_IS_OK(result)) {
489 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
493 /* Get domain policy handle */
494 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
496 MAXIMUM_ALLOWED_ACCESS,
497 CONST_DISCARD(struct dom_sid2 *, domain_sid),
499 if (!NT_STATUS_IS_OK(result)) {
500 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
504 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
508 if (NT_STATUS_IS_OK(result)) {
509 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
510 d_printf("Domain SID: %s\n", sid_str);
511 d_printf("Sequence number: %llu\n",
512 (unsigned long long)info->info2.sequence_num);
513 d_printf("Num users: %u\n", info->info2.num_users);
514 d_printf("Num domain groups: %u\n", info->info2.num_groups);
515 d_printf("Num local groups: %u\n", info->info2.num_aliases);
523 * 'net rpc info' entrypoint.
524 * @param argc Standard main() style argc.
525 * @param argv Standard main() style argv. Initial components are already
529 int net_rpc_info(struct net_context *c, int argc, const char **argv)
531 if (c->display_usage) {
534 " Display information about the domain\n");
538 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
539 NET_FLAGS_PDC, rpc_info_internals,
544 * Fetch domain SID into the local secrets.tdb.
546 * All parameters are provided by the run_rpc_command function, except for
547 * argc, argv which are passed through.
549 * @param domain_sid The domain sid acquired from the remote server.
550 * @param cli A cli_state connected to the server.
551 * @param mem_ctx Talloc context, destroyed on completion of the function.
552 * @param argc Standard main() style argc.
553 * @param argv Standard main() style argv. Initial components are already
556 * @return Normal NTSTATUS return.
559 static NTSTATUS rpc_getsid_internals(struct net_context *c,
560 const DOM_SID *domain_sid,
561 const char *domain_name,
562 struct cli_state *cli,
563 struct rpc_pipe_client *pipe_hnd,
570 sid_to_fstring(sid_str, domain_sid);
571 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
572 sid_str, domain_name);
574 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
575 DEBUG(0,("Can't store domain SID\n"));
576 return NT_STATUS_UNSUCCESSFUL;
583 * 'net rpc getsid' entrypoint.
584 * @param argc Standard main() style argc.
585 * @param argv Standard main() style argv. Initial components are already
589 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
591 if (c->display_usage) {
594 " Fetch domain SID into local secrets.tdb\n");
598 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
599 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
600 rpc_getsid_internals,
604 /****************************************************************************/
607 * Basic usage function for 'net rpc user'.
608 * @param argc Standard main() style argc.
609 * @param argv Standard main() style argv. Initial components are already
613 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
615 return net_user_usage(c, argc, argv);
619 * Add a new user to a remote RPC server.
621 * @param argc Standard main() style argc.
622 * @param argv Standard main() style argv. Initial components are already
625 * @return A shell status integer (0 for success).
628 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
630 NET_API_STATUS status;
631 struct USER_INFO_1 info1;
632 uint32_t parm_error = 0;
634 if (argc < 1 || c->display_usage) {
635 rpc_user_usage(c, argc, argv);
641 info1.usri1_name = argv[0];
643 info1.usri1_password = argv[1];
646 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
649 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
650 argv[0], libnetapi_get_error_string(c->netapi_ctx,
654 d_printf("Added user '%s'.\n", argv[0]);
661 * Rename a user on a remote RPC server.
663 * @param argc Standard main() style argc.
664 * @param argv Standard main() style argv. Initial components are already
667 * @return A shell status integer (0 for success).
670 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
672 NET_API_STATUS status;
673 struct USER_INFO_0 u0;
674 uint32_t parm_err = 0;
676 if (argc != 2 || c->display_usage) {
677 rpc_user_usage(c, argc, argv);
681 u0.usri0_name = argv[1];
683 status = NetUserSetInfo(c->opt_host, argv[0],
684 0, (uint8_t *)&u0, &parm_err);
686 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n",
688 libnetapi_get_error_string(c->netapi_ctx, status));
690 d_printf("Renamed user from %s to %s\n", argv[0], argv[1]);
697 * Delete a user from a remote RPC server.
699 * @param argc Standard main() style argc.
700 * @param argv Standard main() style argv. Initial components are already
703 * @return A shell status integer (0 for success).
706 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
708 NET_API_STATUS status;
710 if (argc < 1 || c->display_usage) {
711 rpc_user_usage(c, argc, argv);
715 status = NetUserDel(c->opt_host, argv[0]);
718 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
720 libnetapi_get_error_string(c->netapi_ctx, status));
723 d_printf("Deleted user '%s'.\n", argv[0]);
730 * Set a user's password on a remote RPC server.
732 * @param argc Standard main() style argc.
733 * @param argv Standard main() style argv. Initial components are already
736 * @return A shell status integer (0 for success).
739 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
741 NET_API_STATUS status;
743 struct USER_INFO_1003 u1003;
744 uint32_t parm_err = 0;
746 if (argc < 1 || c->display_usage) {
747 rpc_user_usage(c, argc, argv);
752 u1003.usri1003_password = argv[1];
754 asprintf(&prompt, "Enter new password for %s:", argv[0]);
755 u1003.usri1003_password = getpass(prompt);
759 status = NetUserSetInfo(c->opt_host, argv[0], 1003, (uint8_t *)&u1003, &parm_err);
761 /* Display results */
763 d_fprintf(stderr, "Failed to set password for '%s' with: %s.\n",
764 argv[0], libnetapi_get_error_string(c->netapi_ctx,
773 * List a user's groups from a remote RPC server.
775 * @param argc Standard main() style argc.
776 * @param argv Standard main() style argv. Initial components are already
779 * @return A shell status integer (0 for success)
782 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
785 NET_API_STATUS status;
786 struct GROUP_USERS_INFO_0 *u0 = NULL;
787 uint32_t entries_read = 0;
788 uint32_t total_entries = 0;
792 if (argc < 1 || c->display_usage) {
793 rpc_user_usage(c, argc, argv);
797 status = NetUserGetGroups(c->opt_host,
805 d_fprintf(stderr, "Failed to get groups for '%s' with: %s.\n",
806 argv[0], libnetapi_get_error_string(c->netapi_ctx,
811 for (i=0; i < entries_read; i++) {
812 printf("%s\n", u0->grui0_name);
820 * List users on a remote RPC server.
822 * All parameters are provided by the run_rpc_command function, except for
823 * argc, argv which are passed through.
825 * @param domain_sid The domain sid acquired from the remote server.
826 * @param cli A cli_state connected to the server.
827 * @param mem_ctx Talloc context, destroyed on completion of the function.
828 * @param argc Standard main() style argc.
829 * @param argv Standard main() style argv. Initial components are already
832 * @return Normal NTSTATUS return.
835 static int rpc_user_list(struct net_context *c, int argc, const char **argv)
837 NET_API_STATUS status;
838 uint32_t start_idx=0, num_entries, i, loop_count = 0;
839 struct NET_DISPLAY_USER *info = NULL;
842 /* Query domain users */
843 if (c->opt_long_list_entries)
844 d_printf("\nUser name Comment"
845 "\n-----------------------------\n");
847 uint32_t max_entries, max_size;
849 get_query_dispinfo_params(
850 loop_count, &max_entries, &max_size);
852 status = NetQueryDisplayInformation(c->opt_host,
859 if (status != 0 && status != ERROR_MORE_DATA) {
863 info = (struct NET_DISPLAY_USER *)buffer;
865 for (i = 0; i < num_entries; i++) {
867 if (c->opt_long_list_entries)
868 printf("%-21.21s %s\n", info->usri1_name,
869 info->usri1_comment);
871 printf("%s\n", info->usri1_name);
875 NetApiBufferFree(buffer);
878 start_idx += num_entries;
880 } while (status == ERROR_MORE_DATA);
886 * 'net rpc user' entrypoint.
887 * @param argc Standard main() style argc.
888 * @param argv Standard main() style argv. Initial components are already
892 int net_rpc_user(struct net_context *c, int argc, const char **argv)
894 NET_API_STATUS status;
896 struct functable func[] = {
901 "Add specified user",
903 " Add specified user"
909 "List domain groups of user",
910 "net rpc user info\n"
911 " Lis domain groups of user"
917 "Remove specified user",
918 "net rpc user delete\n"
919 " Remove specified user"
925 "Change user password",
926 "net rpc user password\n"
927 " Change user password"
933 "Rename specified user",
934 "net rpc user rename\n"
935 " Rename specified user"
937 {NULL, NULL, 0, NULL, NULL}
940 status = libnetapi_init(&c->netapi_ctx);
944 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
945 libnetapi_set_password(c->netapi_ctx, c->opt_password);
946 if (c->opt_kerberos) {
947 libnetapi_set_use_kerberos(c->netapi_ctx);
951 if (c->display_usage) {
952 d_printf("Usage:\n");
953 d_printf("net rpc user\n"
954 " List all users\n");
955 net_display_usage_from_functable(func);
959 return rpc_user_list(c, argc, argv);
962 return net_run_function(c, argc, argv, "net rpc user", func);
965 static NTSTATUS rpc_sh_user_list(struct net_context *c,
967 struct rpc_sh_ctx *ctx,
968 struct rpc_pipe_client *pipe_hnd,
969 int argc, const char **argv)
971 return werror_to_ntstatus(W_ERROR(rpc_user_list(c, argc, argv)));
974 static NTSTATUS rpc_sh_user_info(struct net_context *c,
976 struct rpc_sh_ctx *ctx,
977 struct rpc_pipe_client *pipe_hnd,
978 int argc, const char **argv)
980 return werror_to_ntstatus(W_ERROR(rpc_user_info(c, argc, argv)));
983 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
985 struct rpc_sh_ctx *ctx,
986 struct rpc_pipe_client *pipe_hnd,
987 int argc, const char **argv,
989 struct net_context *c,
991 struct rpc_sh_ctx *ctx,
992 struct rpc_pipe_client *pipe_hnd,
993 POLICY_HND *user_hnd,
994 int argc, const char **argv))
996 POLICY_HND connect_pol, domain_pol, user_pol;
997 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1000 enum lsa_SidType type;
1003 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1004 return NT_STATUS_INVALID_PARAMETER;
1007 ZERO_STRUCT(connect_pol);
1008 ZERO_STRUCT(domain_pol);
1009 ZERO_STRUCT(user_pol);
1011 result = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1012 argv[0], NULL, NULL, &sid, &type);
1013 if (!NT_STATUS_IS_OK(result)) {
1014 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1019 if (type != SID_NAME_USER) {
1020 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1021 sid_type_lookup(type));
1022 result = NT_STATUS_NO_SUCH_USER;
1026 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1027 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1028 result = NT_STATUS_NO_SUCH_USER;
1032 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1034 MAXIMUM_ALLOWED_ACCESS,
1036 if (!NT_STATUS_IS_OK(result)) {
1040 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1042 MAXIMUM_ALLOWED_ACCESS,
1045 if (!NT_STATUS_IS_OK(result)) {
1049 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1051 MAXIMUM_ALLOWED_ACCESS,
1054 if (!NT_STATUS_IS_OK(result)) {
1058 result = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1061 if (is_valid_policy_hnd(&user_pol)) {
1062 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1064 if (is_valid_policy_hnd(&domain_pol)) {
1065 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1067 if (is_valid_policy_hnd(&connect_pol)) {
1068 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1073 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1074 TALLOC_CTX *mem_ctx,
1075 struct rpc_sh_ctx *ctx,
1076 struct rpc_pipe_client *pipe_hnd,
1077 POLICY_HND *user_hnd,
1078 int argc, const char **argv)
1081 union samr_UserInfo *info = NULL;
1084 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1085 return NT_STATUS_INVALID_PARAMETER;
1088 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1092 if (!NT_STATUS_IS_OK(result)) {
1096 d_printf("user rid: %d, group rid: %d\n",
1098 info->info21.primary_gid);
1103 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1104 TALLOC_CTX *mem_ctx,
1105 struct rpc_sh_ctx *ctx,
1106 struct rpc_pipe_client *pipe_hnd,
1107 int argc, const char **argv)
1109 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1110 rpc_sh_user_show_internals);
1113 #define FETCHSTR(name, rec) \
1114 do { if (strequal(ctx->thiscmd, name)) { \
1115 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1118 #define SETSTR(name, rec, flag) \
1119 do { if (strequal(ctx->thiscmd, name)) { \
1120 init_lsa_String(&(info->info21.rec), argv[0]); \
1121 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1124 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1125 TALLOC_CTX *mem_ctx,
1126 struct rpc_sh_ctx *ctx,
1127 struct rpc_pipe_client *pipe_hnd,
1128 POLICY_HND *user_hnd,
1129 int argc, const char **argv)
1132 const char *username;
1133 const char *oldval = "";
1134 union samr_UserInfo *info = NULL;
1137 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1139 return NT_STATUS_INVALID_PARAMETER;
1142 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1146 if (!NT_STATUS_IS_OK(result)) {
1150 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1152 FETCHSTR("fullname", full_name);
1153 FETCHSTR("homedir", home_directory);
1154 FETCHSTR("homedrive", home_drive);
1155 FETCHSTR("logonscript", logon_script);
1156 FETCHSTR("profilepath", profile_path);
1157 FETCHSTR("description", description);
1160 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1164 if (strcmp(argv[0], "NULL") == 0) {
1168 ZERO_STRUCT(info->info21);
1170 SETSTR("fullname", full_name, FULL_NAME);
1171 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1172 SETSTR("homedrive", home_drive, HOME_DRIVE);
1173 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1174 SETSTR("profilepath", profile_path, PROFILE_PATH);
1175 SETSTR("description", description, DESCRIPTION);
1177 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1182 d_printf("Set %s's %s from [%s] to [%s]\n", username,
1183 ctx->thiscmd, oldval, argv[0]);
1190 #define HANDLEFLG(name, rec) \
1191 do { if (strequal(ctx->thiscmd, name)) { \
1192 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1194 newflags = oldflags | ACB_##rec; \
1196 newflags = oldflags & ~ACB_##rec; \
1199 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1200 TALLOC_CTX *mem_ctx,
1201 struct rpc_sh_ctx *ctx,
1202 struct rpc_pipe_client *pipe_hnd,
1203 int argc, const char **argv)
1205 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1206 rpc_sh_user_str_edit_internals);
1209 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1210 TALLOC_CTX *mem_ctx,
1211 struct rpc_sh_ctx *ctx,
1212 struct rpc_pipe_client *pipe_hnd,
1213 POLICY_HND *user_hnd,
1214 int argc, const char **argv)
1217 const char *username;
1218 const char *oldval = "unknown";
1219 uint32 oldflags, newflags;
1221 union samr_UserInfo *info = NULL;
1224 ((argc == 1) && !strequal(argv[0], "yes") &&
1225 !strequal(argv[0], "no"))) {
1226 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1228 return NT_STATUS_INVALID_PARAMETER;
1231 newval = strequal(argv[0], "yes");
1233 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1237 if (!NT_STATUS_IS_OK(result)) {
1241 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1242 oldflags = info->info21.acct_flags;
1243 newflags = info->info21.acct_flags;
1245 HANDLEFLG("disabled", DISABLED);
1246 HANDLEFLG("pwnotreq", PWNOTREQ);
1247 HANDLEFLG("autolock", AUTOLOCK);
1248 HANDLEFLG("pwnoexp", PWNOEXP);
1251 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1255 ZERO_STRUCT(info->info21);
1257 info->info21.acct_flags = newflags;
1258 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1260 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1265 if (NT_STATUS_IS_OK(result)) {
1266 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1267 ctx->thiscmd, oldval, argv[0]);
1275 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1276 TALLOC_CTX *mem_ctx,
1277 struct rpc_sh_ctx *ctx,
1278 struct rpc_pipe_client *pipe_hnd,
1279 int argc, const char **argv)
1281 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1282 rpc_sh_user_flag_edit_internals);
1285 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1286 TALLOC_CTX *mem_ctx,
1287 struct rpc_sh_ctx *ctx)
1289 static struct rpc_sh_cmd cmds[] = {
1291 { "fullname", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1292 "Show/Set a user's full name" },
1294 { "homedir", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1295 "Show/Set a user's home directory" },
1297 { "homedrive", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1298 "Show/Set a user's home drive" },
1300 { "logonscript", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1301 "Show/Set a user's logon script" },
1303 { "profilepath", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1304 "Show/Set a user's profile path" },
1306 { "description", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1307 "Show/Set a user's description" },
1309 { "disabled", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1310 "Show/Set whether a user is disabled" },
1312 { "autolock", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1313 "Show/Set whether a user locked out" },
1315 { "pwnotreq", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1316 "Show/Set whether a user does not need a password" },
1318 { "pwnoexp", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1319 "Show/Set whether a user's password does not expire" },
1321 { NULL, NULL, 0, NULL, NULL }
1327 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1328 TALLOC_CTX *mem_ctx,
1329 struct rpc_sh_ctx *ctx)
1331 static struct rpc_sh_cmd cmds[] = {
1333 { "list", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_list,
1334 "List available users" },
1336 { "info", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_info,
1337 "List the domain groups a user is member of" },
1339 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_show,
1340 "Show info about a user" },
1342 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1343 "Show/Modify a user's fields" },
1345 { NULL, NULL, 0, NULL, NULL }
1351 /****************************************************************************/
1354 * Basic usage function for 'net rpc group'.
1355 * @param argc Standard main() style argc.
1356 * @param argv Standard main() style argv. Initial components are already
1360 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1362 return net_group_usage(c, argc, argv);
1366 * Delete group on a remote RPC server.
1368 * All parameters are provided by the run_rpc_command function, except for
1369 * argc, argv which are passed through.
1371 * @param domain_sid The domain sid acquired from the remote server.
1372 * @param cli A cli_state connected to the server.
1373 * @param mem_ctx Talloc context, destroyed on completion of the function.
1374 * @param argc Standard main() style argc.
1375 * @param argv Standard main() style argv. Initial components are already
1378 * @return Normal NTSTATUS return.
1381 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1382 const DOM_SID *domain_sid,
1383 const char *domain_name,
1384 struct cli_state *cli,
1385 struct rpc_pipe_client *pipe_hnd,
1386 TALLOC_CTX *mem_ctx,
1390 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1391 bool group_is_primary = false;
1392 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1394 struct samr_RidTypeArray *rids = NULL;
1397 /* DOM_GID *user_gids; */
1399 struct samr_Ids group_rids, name_types;
1400 struct lsa_String lsa_acct_name;
1401 union samr_UserInfo *info = NULL;
1403 if (argc < 1 || c->display_usage) {
1404 rpc_group_usage(c, argc,argv);
1405 return NT_STATUS_OK; /* ok? */
1408 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1410 MAXIMUM_ALLOWED_ACCESS,
1413 if (!NT_STATUS_IS_OK(result)) {
1414 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1418 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1420 MAXIMUM_ALLOWED_ACCESS,
1421 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1424 if (!NT_STATUS_IS_OK(result)) {
1425 d_fprintf(stderr, "Request open_domain failed\n");
1429 init_lsa_String(&lsa_acct_name, argv[0]);
1431 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1437 if (!NT_STATUS_IS_OK(result)) {
1438 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1442 switch (name_types.ids[0])
1444 case SID_NAME_DOM_GRP:
1445 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1447 MAXIMUM_ALLOWED_ACCESS,
1450 if (!NT_STATUS_IS_OK(result)) {
1451 d_fprintf(stderr, "Request open_group failed");
1455 group_rid = group_rids.ids[0];
1457 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1461 if (!NT_STATUS_IS_OK(result)) {
1462 d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1466 if (c->opt_verbose) {
1467 d_printf("Domain Group %s (rid: %d) has %d members\n",
1468 argv[0],group_rid, rids->count);
1471 /* Check if group is anyone's primary group */
1472 for (i = 0; i < rids->count; i++)
1474 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1476 MAXIMUM_ALLOWED_ACCESS,
1480 if (!NT_STATUS_IS_OK(result)) {
1481 d_fprintf(stderr, "Unable to open group member %d\n",
1486 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1491 if (!NT_STATUS_IS_OK(result)) {
1492 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1497 if (info->info21.primary_gid == group_rid) {
1498 if (c->opt_verbose) {
1499 d_printf("Group is primary group of %s\n",
1500 info->info21.account_name.string);
1502 group_is_primary = true;
1505 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1508 if (group_is_primary) {
1509 d_fprintf(stderr, "Unable to delete group because some "
1510 "of it's members have it as primary group\n");
1511 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1515 /* remove all group members */
1516 for (i = 0; i < rids->count; i++)
1519 d_printf("Remove group member %d...",
1521 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1525 if (NT_STATUS_IS_OK(result)) {
1530 d_printf("failed\n");
1535 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1539 /* removing a local group is easier... */
1540 case SID_NAME_ALIAS:
1541 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1543 MAXIMUM_ALLOWED_ACCESS,
1547 if (!NT_STATUS_IS_OK(result)) {
1548 d_fprintf(stderr, "Request open_alias failed\n");
1552 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1556 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1557 argv[0],sid_type_lookup(name_types.ids[0]));
1558 result = NT_STATUS_UNSUCCESSFUL;
1562 if (NT_STATUS_IS_OK(result)) {
1564 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1566 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1567 get_friendly_nt_error_msg(result));
1575 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
1577 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1578 rpc_group_delete_internals, argc,argv);
1581 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
1583 NET_API_STATUS status;
1584 struct GROUP_INFO_1 info1;
1585 uint32_t parm_error = 0;
1587 if (argc != 1 || c->display_usage) {
1588 rpc_group_usage(c, argc, argv);
1594 info1.grpi1_name = argv[0];
1595 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1596 info1.grpi1_comment = c->opt_comment;
1599 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1602 d_fprintf(stderr, "Failed to add group '%s' with: %s.\n",
1603 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1607 d_printf("Added group '%s'.\n", argv[0]);
1613 static int rpc_alias_add_internals(struct net_context *c, int argc, const char **argv)
1615 NET_API_STATUS status;
1616 struct LOCALGROUP_INFO_1 info1;
1617 uint32_t parm_error = 0;
1619 if (argc != 1 || c->display_usage) {
1620 rpc_group_usage(c, argc, argv);
1626 info1.lgrpi1_name = argv[0];
1627 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1628 info1.lgrpi1_comment = c->opt_comment;
1631 status = NetLocalGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1634 d_fprintf(stderr, "Failed to add alias '%s' with: %s.\n",
1635 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1639 d_printf("Added alias '%s'.\n", argv[0]);
1645 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
1647 if (c->opt_localgroup)
1648 return rpc_alias_add_internals(c, argc, argv);
1650 return rpc_group_add_internals(c, argc, argv);
1653 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1654 TALLOC_CTX *mem_ctx,
1657 enum lsa_SidType *type)
1659 DOM_SID *sids = NULL;
1660 enum lsa_SidType *types = NULL;
1661 struct rpc_pipe_client *pipe_hnd;
1663 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1665 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
1667 if (!NT_STATUS_IS_OK(result)) {
1671 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
1672 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
1674 if (!NT_STATUS_IS_OK(result)) {
1678 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1679 &name, NULL, 1, &sids, &types);
1681 if (NT_STATUS_IS_OK(result)) {
1682 sid_copy(sid, &sids[0]);
1686 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
1690 TALLOC_FREE(pipe_hnd);
1693 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1695 /* Try as S-1-5-whatever */
1699 if (string_to_sid(&tmp_sid, name)) {
1700 sid_copy(sid, &tmp_sid);
1701 *type = SID_NAME_UNKNOWN;
1702 result = NT_STATUS_OK;
1709 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1710 TALLOC_CTX *mem_ctx,
1711 const DOM_SID *group_sid,
1714 POLICY_HND connect_pol, domain_pol;
1717 POLICY_HND group_pol;
1719 struct samr_Ids rids, rid_types;
1720 struct lsa_String lsa_acct_name;
1724 sid_copy(&sid, group_sid);
1726 if (!sid_split_rid(&sid, &group_rid)) {
1727 return NT_STATUS_UNSUCCESSFUL;
1730 /* Get sam policy handle */
1731 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1733 MAXIMUM_ALLOWED_ACCESS,
1735 if (!NT_STATUS_IS_OK(result)) {
1739 /* Get domain policy handle */
1740 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1742 MAXIMUM_ALLOWED_ACCESS,
1745 if (!NT_STATUS_IS_OK(result)) {
1749 init_lsa_String(&lsa_acct_name, member);
1751 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1758 if (!NT_STATUS_IS_OK(result)) {
1759 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
1763 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1765 MAXIMUM_ALLOWED_ACCESS,
1769 if (!NT_STATUS_IS_OK(result)) {
1773 result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
1776 0x0005); /* unknown flags */
1779 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1783 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
1784 TALLOC_CTX *mem_ctx,
1785 const DOM_SID *alias_sid,
1788 POLICY_HND connect_pol, domain_pol;
1791 POLICY_HND alias_pol;
1794 enum lsa_SidType member_type;
1798 sid_copy(&sid, alias_sid);
1800 if (!sid_split_rid(&sid, &alias_rid)) {
1801 return NT_STATUS_UNSUCCESSFUL;
1804 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
1805 member, &member_sid, &member_type);
1807 if (!NT_STATUS_IS_OK(result)) {
1808 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
1812 /* Get sam policy handle */
1813 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1815 MAXIMUM_ALLOWED_ACCESS,
1817 if (!NT_STATUS_IS_OK(result)) {
1821 /* Get domain policy handle */
1822 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1824 MAXIMUM_ALLOWED_ACCESS,
1827 if (!NT_STATUS_IS_OK(result)) {
1831 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1833 MAXIMUM_ALLOWED_ACCESS,
1837 if (!NT_STATUS_IS_OK(result)) {
1841 result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
1845 if (!NT_STATUS_IS_OK(result)) {
1850 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1854 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
1855 const DOM_SID *domain_sid,
1856 const char *domain_name,
1857 struct cli_state *cli,
1858 struct rpc_pipe_client *pipe_hnd,
1859 TALLOC_CTX *mem_ctx,
1864 enum lsa_SidType group_type;
1866 if (argc != 2 || c->display_usage) {
1868 "net rpc group addmem <group> <member>\n"
1869 " Add a member to a group\n"
1870 " group\tGroup to add member to\n"
1871 " member\tMember to add to group\n");
1872 return NT_STATUS_UNSUCCESSFUL;
1875 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
1876 &group_sid, &group_type))) {
1877 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
1878 return NT_STATUS_UNSUCCESSFUL;
1881 if (group_type == SID_NAME_DOM_GRP) {
1882 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
1883 &group_sid, argv[1]);
1885 if (!NT_STATUS_IS_OK(result)) {
1886 d_fprintf(stderr, "Could not add %s to %s: %s\n",
1887 argv[1], argv[0], nt_errstr(result));
1892 if (group_type == SID_NAME_ALIAS) {
1893 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
1894 &group_sid, argv[1]);
1896 if (!NT_STATUS_IS_OK(result)) {
1897 d_fprintf(stderr, "Could not add %s to %s: %s\n",
1898 argv[1], argv[0], nt_errstr(result));
1903 d_fprintf(stderr, "Can only add members to global or local groups "
1904 "which %s is not\n", argv[0]);
1906 return NT_STATUS_UNSUCCESSFUL;
1909 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
1911 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1912 rpc_group_addmem_internals,
1916 static NTSTATUS rpc_del_groupmem(struct net_context *c,
1917 struct rpc_pipe_client *pipe_hnd,
1918 TALLOC_CTX *mem_ctx,
1919 const DOM_SID *group_sid,
1922 POLICY_HND connect_pol, domain_pol;
1925 POLICY_HND group_pol;
1927 struct samr_Ids rids, rid_types;
1928 struct lsa_String lsa_acct_name;
1932 sid_copy(&sid, group_sid);
1934 if (!sid_split_rid(&sid, &group_rid))
1935 return NT_STATUS_UNSUCCESSFUL;
1937 /* Get sam policy handle */
1938 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1940 MAXIMUM_ALLOWED_ACCESS,
1942 if (!NT_STATUS_IS_OK(result))
1945 /* Get domain policy handle */
1946 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1948 MAXIMUM_ALLOWED_ACCESS,
1951 if (!NT_STATUS_IS_OK(result))
1954 init_lsa_String(&lsa_acct_name, member);
1956 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1962 if (!NT_STATUS_IS_OK(result)) {
1963 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
1967 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1969 MAXIMUM_ALLOWED_ACCESS,
1973 if (!NT_STATUS_IS_OK(result))
1976 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1981 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1985 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
1986 TALLOC_CTX *mem_ctx,
1987 const DOM_SID *alias_sid,
1990 POLICY_HND connect_pol, domain_pol;
1993 POLICY_HND alias_pol;
1996 enum lsa_SidType member_type;
2000 sid_copy(&sid, alias_sid);
2002 if (!sid_split_rid(&sid, &alias_rid))
2003 return NT_STATUS_UNSUCCESSFUL;
2005 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2006 member, &member_sid, &member_type);
2008 if (!NT_STATUS_IS_OK(result)) {
2009 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2013 /* Get sam policy handle */
2014 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2016 MAXIMUM_ALLOWED_ACCESS,
2018 if (!NT_STATUS_IS_OK(result)) {
2022 /* Get domain policy handle */
2023 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2025 MAXIMUM_ALLOWED_ACCESS,
2028 if (!NT_STATUS_IS_OK(result)) {
2032 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2034 MAXIMUM_ALLOWED_ACCESS,
2038 if (!NT_STATUS_IS_OK(result))
2041 result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2045 if (!NT_STATUS_IS_OK(result))
2049 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2053 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2054 const DOM_SID *domain_sid,
2055 const char *domain_name,
2056 struct cli_state *cli,
2057 struct rpc_pipe_client *pipe_hnd,
2058 TALLOC_CTX *mem_ctx,
2063 enum lsa_SidType group_type;
2065 if (argc != 2 || c->display_usage) {
2067 "net rpc group delmem <group> <member>\n"
2068 " Delete a member from a group\n"
2069 " group\tGroup to delete member from\n"
2070 " member\tMember to delete from group\n");
2071 return NT_STATUS_UNSUCCESSFUL;
2074 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2075 &group_sid, &group_type))) {
2076 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2077 return NT_STATUS_UNSUCCESSFUL;
2080 if (group_type == SID_NAME_DOM_GRP) {
2081 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2082 &group_sid, argv[1]);
2084 if (!NT_STATUS_IS_OK(result)) {
2085 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2086 argv[1], argv[0], nt_errstr(result));
2091 if (group_type == SID_NAME_ALIAS) {
2092 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2093 &group_sid, argv[1]);
2095 if (!NT_STATUS_IS_OK(result)) {
2096 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2097 argv[1], argv[0], nt_errstr(result));
2102 d_fprintf(stderr, "Can only delete members from global or local groups "
2103 "which %s is not\n", argv[0]);
2105 return NT_STATUS_UNSUCCESSFUL;
2108 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2110 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2111 rpc_group_delmem_internals,
2116 * List groups on a remote RPC server.
2118 * All parameters are provided by the run_rpc_command function, except for
2119 * argc, argv which are passes through.
2121 * @param domain_sid The domain sid acquired from the remote server.
2122 * @param cli A cli_state connected to the server.
2123 * @param mem_ctx Talloc context, destroyed on completion of the function.
2124 * @param argc Standard main() style argc.
2125 * @param argv Standard main() style argv. Initial components are already
2128 * @return Normal NTSTATUS return.
2131 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2132 const DOM_SID *domain_sid,
2133 const char *domain_name,
2134 struct cli_state *cli,
2135 struct rpc_pipe_client *pipe_hnd,
2136 TALLOC_CTX *mem_ctx,
2140 POLICY_HND connect_pol, domain_pol;
2141 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2142 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2143 struct samr_SamArray *groups = NULL;
2144 bool global = false;
2146 bool builtin = false;
2148 if (c->display_usage) {
2150 "net rpc group list [global] [local] [builtin]\n"
2151 " List groups on RPC server\n"
2152 " global\tList global groups\n"
2153 " local\tList local groups\n"
2154 " builtin\tList builtin groups\n"
2155 " If none of global, local or builtin is "
2156 "specified, all three options are considered set\n");
2157 return NT_STATUS_OK;
2166 for (i=0; i<argc; i++) {
2167 if (strequal(argv[i], "global"))
2170 if (strequal(argv[i], "local"))
2173 if (strequal(argv[i], "builtin"))
2177 /* Get sam policy handle */
2179 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2181 MAXIMUM_ALLOWED_ACCESS,
2183 if (!NT_STATUS_IS_OK(result)) {
2187 /* Get domain policy handle */
2189 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2191 MAXIMUM_ALLOWED_ACCESS,
2192 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2194 if (!NT_STATUS_IS_OK(result)) {
2198 /* Query domain groups */
2199 if (c->opt_long_list_entries)
2200 d_printf("\nGroup name Comment"
2201 "\n-----------------------------\n");
2203 uint32_t max_size, total_size, returned_size;
2204 union samr_DispInfo info;
2208 get_query_dispinfo_params(
2209 loop_count, &max_entries, &max_size);
2211 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2220 num_entries = info.info3.count;
2221 start_idx += info.info3.count;
2223 if (!NT_STATUS_IS_OK(result) &&
2224 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2227 for (i = 0; i < num_entries; i++) {
2229 const char *group = NULL;
2230 const char *desc = NULL;
2232 group = info.info3.entries[i].account_name.string;
2233 desc = info.info3.entries[i].description.string;
2235 if (c->opt_long_list_entries)
2236 printf("%-21.21s %-50.50s\n",
2239 printf("%s\n", group);
2241 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2242 /* query domain aliases */
2247 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2253 if (!NT_STATUS_IS_OK(result) &&
2254 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2257 for (i = 0; i < num_entries; i++) {
2259 const char *description = NULL;
2261 if (c->opt_long_list_entries) {
2263 POLICY_HND alias_pol;
2264 union samr_AliasInfo *info = NULL;
2266 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2269 groups->entries[i].idx,
2271 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2275 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2277 description = info->description.string;
2281 if (description != NULL) {
2282 printf("%-21.21s %-50.50s\n",
2283 groups->entries[i].name.string,
2286 printf("%s\n", groups->entries[i].name.string);
2289 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2290 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2291 /* Get builtin policy handle */
2293 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2295 MAXIMUM_ALLOWED_ACCESS,
2296 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2298 if (!NT_STATUS_IS_OK(result)) {
2301 /* query builtin aliases */
2304 if (!builtin) break;
2306 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2312 if (!NT_STATUS_IS_OK(result) &&
2313 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2316 for (i = 0; i < num_entries; i++) {
2318 const char *description = NULL;
2320 if (c->opt_long_list_entries) {
2322 POLICY_HND alias_pol;
2323 union samr_AliasInfo *info = NULL;
2325 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2328 groups->entries[i].idx,
2330 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2334 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2336 description = info->description.string;
2340 if (description != NULL) {
2341 printf("%-21.21s %-50.50s\n",
2342 groups->entries[i].name.string,
2345 printf("%s\n", groups->entries[i].name.string);
2348 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2354 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
2356 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2357 rpc_group_list_internals,
2361 static NTSTATUS rpc_list_group_members(struct net_context *c,
2362 struct rpc_pipe_client *pipe_hnd,
2363 TALLOC_CTX *mem_ctx,
2364 const char *domain_name,
2365 const DOM_SID *domain_sid,
2366 POLICY_HND *domain_pol,
2370 POLICY_HND group_pol;
2371 uint32 num_members, *group_rids;
2373 struct samr_RidTypeArray *rids = NULL;
2374 struct lsa_Strings names;
2375 struct samr_Ids types;
2378 sid_to_fstring(sid_str, domain_sid);
2380 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2382 MAXIMUM_ALLOWED_ACCESS,
2386 if (!NT_STATUS_IS_OK(result))
2389 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2393 if (!NT_STATUS_IS_OK(result))
2396 num_members = rids->count;
2397 group_rids = rids->rids;
2399 while (num_members > 0) {
2400 int this_time = 512;
2402 if (num_members < this_time)
2403 this_time = num_members;
2405 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2412 if (!NT_STATUS_IS_OK(result))
2415 /* We only have users as members, but make the output
2416 the same as the output of alias members */
2418 for (i = 0; i < this_time; i++) {
2420 if (c->opt_long_list_entries) {
2421 printf("%s-%d %s\\%s %d\n", sid_str,
2422 group_rids[i], domain_name,
2423 names.names[i].string,
2426 printf("%s\\%s\n", domain_name,
2427 names.names[i].string);
2431 num_members -= this_time;
2435 return NT_STATUS_OK;
2438 static NTSTATUS rpc_list_alias_members(struct net_context *c,
2439 struct rpc_pipe_client *pipe_hnd,
2440 TALLOC_CTX *mem_ctx,
2441 POLICY_HND *domain_pol,
2445 struct rpc_pipe_client *lsa_pipe;
2446 POLICY_HND alias_pol, lsa_pol;
2448 DOM_SID *alias_sids;
2451 enum lsa_SidType *types;
2453 struct lsa_SidArray sid_array;
2455 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2457 MAXIMUM_ALLOWED_ACCESS,
2461 if (!NT_STATUS_IS_OK(result))
2464 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2468 if (!NT_STATUS_IS_OK(result)) {
2469 d_fprintf(stderr, "Couldn't list alias members\n");
2473 num_members = sid_array.num_sids;
2475 if (num_members == 0) {
2476 return NT_STATUS_OK;
2479 result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2480 &ndr_table_lsarpc.syntax_id,
2482 if (!NT_STATUS_IS_OK(result)) {
2483 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2484 nt_errstr(result) );
2488 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
2489 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2491 if (!NT_STATUS_IS_OK(result)) {
2492 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2493 TALLOC_FREE(lsa_pipe);
2497 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2499 d_fprintf(stderr, "Out of memory\n");
2500 TALLOC_FREE(lsa_pipe);
2501 return NT_STATUS_NO_MEMORY;
2504 for (i=0; i<num_members; i++) {
2505 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2508 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
2509 num_members, alias_sids,
2510 &domains, &names, &types);
2512 if (!NT_STATUS_IS_OK(result) &&
2513 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2514 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2515 TALLOC_FREE(lsa_pipe);
2519 for (i = 0; i < num_members; i++) {
2521 sid_to_fstring(sid_str, &alias_sids[i]);
2523 if (c->opt_long_list_entries) {
2524 printf("%s %s\\%s %d\n", sid_str,
2525 domains[i] ? domains[i] : "*unknown*",
2526 names[i] ? names[i] : "*unknown*", types[i]);
2529 printf("%s\\%s\n", domains[i], names[i]);
2531 printf("%s\n", sid_str);
2535 TALLOC_FREE(lsa_pipe);
2536 return NT_STATUS_OK;
2539 static NTSTATUS rpc_group_members_internals(struct net_context *c,
2540 const DOM_SID *domain_sid,
2541 const char *domain_name,
2542 struct cli_state *cli,
2543 struct rpc_pipe_client *pipe_hnd,
2544 TALLOC_CTX *mem_ctx,
2549 POLICY_HND connect_pol, domain_pol;
2550 struct samr_Ids rids, rid_types;
2551 struct lsa_String lsa_acct_name;
2553 /* Get sam policy handle */
2555 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2557 MAXIMUM_ALLOWED_ACCESS,
2560 if (!NT_STATUS_IS_OK(result))
2563 /* Get domain policy handle */
2565 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2567 MAXIMUM_ALLOWED_ACCESS,
2568 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2571 if (!NT_STATUS_IS_OK(result))
2574 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2576 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2583 if (!NT_STATUS_IS_OK(result)) {
2585 /* Ok, did not find it in the global sam, try with builtin */
2587 DOM_SID sid_Builtin;
2589 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2591 sid_copy(&sid_Builtin, &global_sid_Builtin);
2593 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2595 MAXIMUM_ALLOWED_ACCESS,
2599 if (!NT_STATUS_IS_OK(result)) {
2600 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2604 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2611 if (!NT_STATUS_IS_OK(result)) {
2612 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2617 if (rids.count != 1) {
2618 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2622 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2623 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
2624 domain_sid, &domain_pol,
2628 if (rid_types.ids[0] == SID_NAME_ALIAS) {
2629 return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
2633 return NT_STATUS_NO_SUCH_GROUP;
2636 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
2638 if (argc != 1 || c->display_usage) {
2639 return rpc_group_usage(c, argc, argv);
2642 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2643 rpc_group_members_internals,
2647 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
2649 NET_API_STATUS status;
2650 struct GROUP_INFO_0 g0;
2654 d_printf("Usage: 'net rpc group rename group newname'\n");
2658 g0.grpi0_name = argv[1];
2660 status = NetGroupSetInfo(c->opt_host,
2667 d_fprintf(stderr, "Renaming group %s failed with: %s\n",
2668 argv[0], libnetapi_get_error_string(c->netapi_ctx,
2676 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
2678 if (argc != 2 || c->display_usage) {
2679 return rpc_group_usage(c, argc, argv);
2682 return rpc_group_rename_internals(c, argc, argv);
2686 * 'net rpc group' entrypoint.
2687 * @param argc Standard main() style argc.
2688 * @param argv Standard main() style argv. Initial components are already
2692 int net_rpc_group(struct net_context *c, int argc, const char **argv)
2694 NET_API_STATUS status;
2696 struct functable func[] = {
2701 "Create specified group",
2702 "net rpc group add\n"
2703 " Create specified group"
2709 "Delete specified group",
2710 "net rpc group delete\n"
2711 " Delete specified group"
2717 "Add member to group",
2718 "net rpc group addmem\n"
2719 " Add member to group"
2725 "Remove member from group",
2726 "net rpc group delmem\n"
2727 " Remove member from group"
2734 "net rpc group list\n"
2741 "List group members",
2742 "net rpc group members\n"
2743 " List group members"
2750 "net rpc group rename\n"
2753 {NULL, NULL, 0, NULL, NULL}
2756 status = libnetapi_init(&c->netapi_ctx);
2760 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
2761 libnetapi_set_password(c->netapi_ctx, c->opt_password);
2762 if (c->opt_kerberos) {
2763 libnetapi_set_use_kerberos(c->netapi_ctx);
2767 if (c->display_usage) {
2768 d_printf("Usage:\n");
2769 d_printf("net rpc group\n"
2770 " Alias for net rpc group list global local "
2772 net_display_usage_from_functable(func);
2776 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2777 rpc_group_list_internals,
2781 return net_run_function(c, argc, argv, "net rpc group", func);
2784 /****************************************************************************/
2786 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
2788 return net_share_usage(c, argc, argv);
2792 * Add a share on a remote RPC server.
2794 * @param argc Standard main() style argc.
2795 * @param argv Standard main() style argv. Initial components are already
2798 * @return A shell status integer (0 for success).
2801 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
2803 NET_API_STATUS status;
2806 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
2807 uint32 num_users=0, perms=0;
2808 char *password=NULL; /* don't allow a share password */
2809 struct SHARE_INFO_2 i2;
2810 uint32_t parm_error = 0;
2812 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
2813 return rpc_share_usage(c, argc, argv);
2816 if ((sharename = talloc_strdup(c, argv[0])) == NULL) {
2820 path = strchr(sharename, '=');
2827 i2.shi2_netname = sharename;
2828 i2.shi2_type = type;
2829 i2.shi2_remark = c->opt_comment;
2830 i2.shi2_permissions = perms;
2831 i2.shi2_max_uses = c->opt_maxusers;
2832 i2.shi2_current_uses = num_users;
2833 i2.shi2_path = path;
2834 i2.shi2_passwd = password;
2836 status = NetShareAdd(c->opt_host,
2841 printf("NetShareAdd failed with: %s\n",
2842 libnetapi_get_error_string(c->netapi_ctx, status));
2849 * Delete a share on a remote RPC server.
2851 * @param domain_sid The domain sid acquired from the remote server.
2852 * @param argc Standard main() style argc.
2853 * @param argv Standard main() style argv. Initial components are already
2856 * @return A shell status integer (0 for success).
2858 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
2860 if (argc < 1 || c->display_usage) {
2861 return rpc_share_usage(c, argc, argv);
2864 return NetShareDel(c->opt_host, argv[0], 0);
2868 * Formatted print of share info
2870 * @param r pointer to SHARE_INFO_1 to format
2873 static void display_share_info_1(struct net_context *c,
2874 struct SHARE_INFO_1 *r)
2876 if (c->opt_long_list_entries) {
2877 d_printf("%-12s %-8.8s %-50s\n",
2879 share_type[r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
2882 d_printf("%s\n", r->shi1_netname);
2886 static WERROR get_share_info(struct net_context *c,
2887 struct rpc_pipe_client *pipe_hnd,
2888 TALLOC_CTX *mem_ctx,
2892 struct srvsvc_NetShareInfoCtr *info_ctr)
2896 union srvsvc_NetShareInfo info;
2898 /* no specific share requested, enumerate all */
2901 uint32_t preferred_len = 0xffffffff;
2902 uint32_t total_entries = 0;
2903 uint32_t resume_handle = 0;
2905 info_ctr->level = level;
2907 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
2917 /* request just one share */
2918 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
2925 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
2930 ZERO_STRUCTP(info_ctr);
2932 info_ctr->level = level;
2937 struct srvsvc_NetShareCtr1 *ctr1;
2939 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
2940 W_ERROR_HAVE_NO_MEMORY(ctr1);
2943 ctr1->array = info.info1;
2945 info_ctr->ctr.ctr1 = ctr1;
2949 struct srvsvc_NetShareCtr2 *ctr2;
2951 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
2952 W_ERROR_HAVE_NO_MEMORY(ctr2);
2955 ctr2->array = info.info2;
2957 info_ctr->ctr.ctr2 = ctr2;
2961 struct srvsvc_NetShareCtr502 *ctr502;
2963 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
2964 W_ERROR_HAVE_NO_MEMORY(ctr502);
2967 ctr502->array = info.info502;
2969 info_ctr->ctr.ctr502 = ctr502;
2977 * 'net rpc share list' entrypoint.
2978 * @param argc Standard main() style argc.
2979 * @param argv Standard main() style argv. Initial components are already
2982 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
2984 NET_API_STATUS status;
2985 struct SHARE_INFO_1 *i1 = NULL;
2986 uint32_t entries_read = 0;
2987 uint32_t total_entries = 0;
2988 uint32_t resume_handle = 0;
2989 uint32_t i, level = 1;
2991 if (c->display_usage) {
2993 "net rpc share list\n"
2994 " List shares on remote server\n");
2998 status = NetShareEnum(c->opt_host,
3009 /* Display results */
3011 if (c->opt_long_list_entries) {
3013 "\nEnumerating shared resources (exports) on remote server:\n\n"
3014 "\nShare name Type Description\n"
3015 "---------- ---- -----------\n");
3017 for (i = 0; i < entries_read; i++)
3018 display_share_info_1(c, &i1[i]);
3023 static bool check_share_availability(struct cli_state *cli, const char *netname)
3025 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3026 d_printf("skipping [%s]: not a file share.\n", netname);
3036 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3037 const char *netname, uint32 type)
3039 /* only support disk shares */
3040 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3041 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3045 /* skip builtin shares */
3046 /* FIXME: should print$ be added too ? */
3047 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3048 strequal(netname,"global"))
3051 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3052 printf("excluding [%s]\n", netname);
3056 return check_share_availability(cli, netname);
3060 * Migrate shares from a remote RPC server to the local RPC server.
3062 * All parameters are provided by the run_rpc_command function, except for
3063 * argc, argv which are passed through.
3065 * @param domain_sid The domain sid acquired from the remote server.
3066 * @param cli A cli_state connected to the server.
3067 * @param mem_ctx Talloc context, destroyed on completion of the function.
3068 * @param argc Standard main() style argc.
3069 * @param argv Standard main() style argv. Initial components are already
3072 * @return Normal NTSTATUS return.
3075 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3076 const DOM_SID *domain_sid,
3077 const char *domain_name,
3078 struct cli_state *cli,
3079 struct rpc_pipe_client *pipe_hnd,
3080 TALLOC_CTX *mem_ctx,
3085 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3086 struct srvsvc_NetShareInfoCtr ctr_src;
3088 struct rpc_pipe_client *srvsvc_pipe = NULL;
3089 struct cli_state *cli_dst = NULL;
3090 uint32 level = 502; /* includes secdesc */
3091 uint32_t parm_error = 0;
3093 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3095 if (!W_ERROR_IS_OK(result))
3098 /* connect destination PI_SRVSVC */
3099 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3100 &ndr_table_srvsvc.syntax_id);
3101 if (!NT_STATUS_IS_OK(nt_status))
3105 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3107 union srvsvc_NetShareInfo info;
3108 struct srvsvc_NetShareInfo502 info502 =
3109 ctr_src.ctr.ctr502->array[i];
3111 /* reset error-code */
3112 nt_status = NT_STATUS_UNSUCCESSFUL;
3114 if (!check_share_sanity(c, cli, info502.name, info502.type))
3117 /* finally add the share on the dst server */
3119 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
3120 info502.name, info502.path, info502.comment);
3122 info.info502 = &info502;
3124 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3125 srvsvc_pipe->desthost,
3131 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3132 printf(" [%s] does already exist\n",
3137 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3138 printf("cannot add share: %s\n", dos_errstr(result));
3144 nt_status = NT_STATUS_OK;
3148 cli_shutdown(cli_dst);
3156 * Migrate shares from a RPC server to another.
3158 * @param argc Standard main() style argc.
3159 * @param argv Standard main() style argv. Initial components are already
3162 * @return A shell status integer (0 for success).
3164 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3167 if (c->display_usage) {
3169 "net rpc share migrate shares\n"
3170 " Migrate shares to local server\n");
3175 printf("no server to migrate\n");
3179 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3180 rpc_share_migrate_shares_internals,
3187 * @param f file_info
3188 * @param mask current search mask
3189 * @param state arg-pointer
3192 static void copy_fn(const char *mnt, file_info *f,
3193 const char *mask, void *state)
3195 static NTSTATUS nt_status;
3196 static struct copy_clistate *local_state;
3197 static fstring filename, new_mask;
3200 struct net_context *c;
3202 local_state = (struct copy_clistate *)state;
3203 nt_status = NT_STATUS_UNSUCCESSFUL;
3207 if (strequal(f->name, ".") || strequal(f->name, ".."))
3210 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3213 if (f->mode & aDIR) {
3215 DEBUG(3,("got dir: %s\n", f->name));
3217 fstrcpy(dir, local_state->cwd);
3219 fstrcat(dir, f->name);
3221 switch (net_mode_share)
3223 case NET_MODE_SHARE_MIGRATE:
3224 /* create that directory */
3225 nt_status = net_copy_file(c, local_state->mem_ctx,
3226 local_state->cli_share_src,
3227 local_state->cli_share_dst,
3229 c->opt_acls? true : false,
3230 c->opt_attrs? true : false,
3231 c->opt_timestamps? true:false,
3235 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3239 if (!NT_STATUS_IS_OK(nt_status))
3240 printf("could not handle dir %s: %s\n",
3241 dir, nt_errstr(nt_status));
3243 /* search below that directory */
3244 fstrcpy(new_mask, dir);
3245 fstrcat(new_mask, "\\*");
3247 old_dir = local_state->cwd;
3248 local_state->cwd = dir;
3249 if (!sync_files(local_state, new_mask))
3250 printf("could not handle files\n");
3251 local_state->cwd = old_dir;
3258 fstrcpy(filename, local_state->cwd);
3259 fstrcat(filename, "\\");
3260 fstrcat(filename, f->name);
3262 DEBUG(3,("got file: %s\n", filename));
3264 switch (net_mode_share)
3266 case NET_MODE_SHARE_MIGRATE:
3267 nt_status = net_copy_file(c, local_state->mem_ctx,
3268 local_state->cli_share_src,
3269 local_state->cli_share_dst,
3271 c->opt_acls? true : false,
3272 c->opt_attrs? true : false,
3273 c->opt_timestamps? true: false,
3277 d_fprintf(stderr, "Unsupported file mode %d\n", net_mode_share);
3281 if (!NT_STATUS_IS_OK(nt_status))
3282 printf("could not handle file %s: %s\n",
3283 filename, nt_errstr(nt_status));
3288 * sync files, can be called recursivly to list files
3289 * and then call copy_fn for each file
3291 * @param cp_clistate pointer to the copy_clistate we work with
3292 * @param mask the current search mask
3294 * @return Boolean result
3296 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
3298 struct cli_state *targetcli;
3299 char *targetpath = NULL;
3301 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3303 if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
3304 mask, &targetcli, &targetpath ) ) {
3305 d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
3306 mask, cli_errstr(cp_clistate->cli_share_src));
3310 if (cli_list(targetcli, targetpath, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3311 d_fprintf(stderr, "listing %s failed with error: %s\n",
3312 mask, cli_errstr(targetcli));
3321 * Set the top level directory permissions before we do any further copies.
3322 * Should set up ACL inheritance.
3325 bool copy_top_level_perms(struct net_context *c,
3326 struct copy_clistate *cp_clistate,
3327 const char *sharename)
3329 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3331 switch (net_mode_share) {
3332 case NET_MODE_SHARE_MIGRATE:
3333 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3334 nt_status = net_copy_fileattr(c,
3335 cp_clistate->mem_ctx,
3336 cp_clistate->cli_share_src,
3337 cp_clistate->cli_share_dst,
3339 c->opt_acls? true : false,
3340 c->opt_attrs? true : false,
3341 c->opt_timestamps? true: false,
3345 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3349 if (!NT_STATUS_IS_OK(nt_status)) {
3350 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3351 sharename, nt_errstr(nt_status));
3359 * Sync all files inside a remote share to another share (over smb).
3361 * All parameters are provided by the run_rpc_command function, except for
3362 * argc, argv which are passed through.
3364 * @param domain_sid The domain sid acquired from the remote server.
3365 * @param cli A cli_state connected to the server.
3366 * @param mem_ctx Talloc context, destroyed on completion of the function.
3367 * @param argc Standard main() style argc.
3368 * @param argv Standard main() style argv. Initial components are already
3371 * @return Normal NTSTATUS return.
3374 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
3375 const DOM_SID *domain_sid,
3376 const char *domain_name,
3377 struct cli_state *cli,
3378 struct rpc_pipe_client *pipe_hnd,
3379 TALLOC_CTX *mem_ctx,
3384 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3385 struct srvsvc_NetShareInfoCtr ctr_src;
3388 struct copy_clistate cp_clistate;
3389 bool got_src_share = false;
3390 bool got_dst_share = false;
3391 const char *mask = "\\*";
3394 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
3396 nt_status = NT_STATUS_NO_MEMORY;
3400 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3403 if (!W_ERROR_IS_OK(result))
3406 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3408 struct srvsvc_NetShareInfo502 info502 =
3409 ctr_src.ctr.ctr502->array[i];
3411 if (!check_share_sanity(c, cli, info502.name, info502.type))
3414 /* one might not want to mirror whole discs :) */
3415 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3416 d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
3420 switch (net_mode_share)
3422 case NET_MODE_SHARE_MIGRATE:
3426 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3429 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3431 c->opt_acls ? "including" : "without",
3432 c->opt_attrs ? "including" : "without",
3433 c->opt_timestamps ? "(preserving timestamps)" : "");
3435 cp_clistate.mem_ctx = mem_ctx;
3436 cp_clistate.cli_share_src = NULL;
3437 cp_clistate.cli_share_dst = NULL;
3438 cp_clistate.cwd = NULL;
3439 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3442 /* open share source */
3443 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
3444 &cli->dest_ss, cli->desthost,
3445 info502.name, "A:");
3446 if (!NT_STATUS_IS_OK(nt_status))
3449 got_src_share = true;
3451 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3452 /* open share destination */
3453 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
3454 NULL, dst, info502.name, "A:");
3455 if (!NT_STATUS_IS_OK(nt_status))
3458 got_dst_share = true;
3461 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
3462 d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
3463 nt_status = NT_STATUS_UNSUCCESSFUL;
3467 if (!sync_files(&cp_clistate, mask)) {
3468 d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
3469 nt_status = NT_STATUS_UNSUCCESSFUL;
3474 nt_status = NT_STATUS_OK;
3479 cli_shutdown(cp_clistate.cli_share_src);
3482 cli_shutdown(cp_clistate.cli_share_dst);
3489 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
3491 if (c->display_usage) {
3493 "net share migrate files\n"
3494 " Migrate files to local server\n");
3499 d_printf("no server to migrate\n");
3503 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3504 rpc_share_migrate_files_internals,
3509 * Migrate share-ACLs from a remote RPC server to the local RPC server.
3511 * All parameters are provided by the run_rpc_command function, except for
3512 * argc, argv which are passed through.
3514 * @param domain_sid The domain sid acquired from the remote server.
3515 * @param cli A cli_state connected to the server.
3516 * @param mem_ctx Talloc context, destroyed on completion of the function.
3517 * @param argc Standard main() style argc.
3518 * @param argv Standard main() style argv. Initial components are already
3521 * @return Normal NTSTATUS return.
3524 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
3525 const DOM_SID *domain_sid,
3526 const char *domain_name,
3527 struct cli_state *cli,
3528 struct rpc_pipe_client *pipe_hnd,
3529 TALLOC_CTX *mem_ctx,
3534 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3535 struct srvsvc_NetShareInfoCtr ctr_src;
3536 union srvsvc_NetShareInfo info;
3538 struct rpc_pipe_client *srvsvc_pipe = NULL;
3539 struct cli_state *cli_dst = NULL;
3540 uint32 level = 502; /* includes secdesc */
3541 uint32_t parm_error = 0;
3543 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3546 if (!W_ERROR_IS_OK(result))
3549 /* connect destination PI_SRVSVC */
3550 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3551 &ndr_table_srvsvc.syntax_id);
3552 if (!NT_STATUS_IS_OK(nt_status))
3556 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3558 struct srvsvc_NetShareInfo502 info502 =
3559 ctr_src.ctr.ctr502->array[i];
3561 /* reset error-code */
3562 nt_status = NT_STATUS_UNSUCCESSFUL;
3564 if (!check_share_sanity(c, cli, info502.name, info502.type))
3567 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3568 info502.name, info502.path, info502.comment);
3571 display_sec_desc(info502.sd_buf.sd);
3573 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3574 info.info502 = &info502;
3576 /* finally modify the share on the dst server */
3577 nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
3578 srvsvc_pipe->desthost,
3584 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3585 printf("cannot set share-acl: %s\n", dos_errstr(result));
3591 nt_status = NT_STATUS_OK;
3595 cli_shutdown(cli_dst);
3603 * Migrate share-acls from a RPC server to another.
3605 * @param argc Standard main() style argc.
3606 * @param argv Standard main() style argv. Initial components are already
3609 * @return A shell status integer (0 for success).
3611 static int rpc_share_migrate_security(struct net_context *c, int argc,
3614 if (c->display_usage) {
3616 "net rpc share migrate security\n"
3617 " Migrate share-acls to local server\n");
3622 d_printf("no server to migrate\n");
3626 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3627 rpc_share_migrate_security_internals,
3632 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
3633 * from one server to another.
3635 * @param argc Standard main() style argc.
3636 * @param argv Standard main() style argv. Initial components are already
3639 * @return A shell status integer (0 for success).
3642 static int rpc_share_migrate_all(struct net_context *c, int argc,
3647 if (c->display_usage) {
3649 "net rpc share migrate all\n"
3650 " Migrates shares including all share settings\n");
3655 d_printf("no server to migrate\n");
3659 /* order is important. we don't want to be locked out by the share-acl
3660 * before copying files - gd */
3662 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3663 rpc_share_migrate_shares_internals, argc, argv);
3667 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3668 rpc_share_migrate_files_internals, argc, argv);
3672 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3673 rpc_share_migrate_security_internals, argc,
3679 * 'net rpc share migrate' entrypoint.
3680 * @param argc Standard main() style argc.
3681 * @param argv Standard main() style argv. Initial components are already
3684 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
3687 struct functable func[] = {
3690 rpc_share_migrate_all,
3692 "Migrate shares from remote to local server",
3693 "net rpc share migrate all\n"
3694 " Migrate shares from remote to local server"
3698 rpc_share_migrate_files,
3700 "Migrate files from remote to local server",
3701 "net rpc share migrate files\n"
3702 " Migrate files from remote to local server"
3706 rpc_share_migrate_security,
3708 "Migrate share-ACLs from remote to local server",
3709 "net rpc share migrate security\n"
3710 " Migrate share-ACLs from remote to local server"
3714 rpc_share_migrate_shares,
3716 "Migrate shares from remote to local server",
3717 "net rpc share migrate shares\n"
3718 " Migrate shares from remote to local server"
3720 {NULL, NULL, 0, NULL, NULL}
3723 net_mode_share = NET_MODE_SHARE_MIGRATE;
3725 return net_run_function(c, argc, argv, "net rpc share migrate", func);
3734 static int num_server_aliases;
3735 static struct full_alias *server_aliases;
3738 * Add an alias to the static list.
3740 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
3742 if (server_aliases == NULL)
3743 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
3745 server_aliases[num_server_aliases] = *alias;
3746 num_server_aliases += 1;
3750 * For a specific domain on the server, fetch all the aliases
3751 * and their members. Add all of them to the server_aliases.
3754 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
3755 TALLOC_CTX *mem_ctx,
3756 POLICY_HND *connect_pol,
3757 const DOM_SID *domain_sid)
3759 uint32 start_idx, max_entries, num_entries, i;
3760 struct samr_SamArray *groups = NULL;
3762 POLICY_HND domain_pol;
3764 /* Get domain policy handle */
3766 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
3768 MAXIMUM_ALLOWED_ACCESS,
3769 CONST_DISCARD(struct dom_sid2 *, domain_sid),
3771 if (!NT_STATUS_IS_OK(result))
3778 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
3784 for (i = 0; i < num_entries; i++) {
3786 POLICY_HND alias_pol;
3787 struct full_alias alias;
3788 struct lsa_SidArray sid_array;
3791 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
3793 MAXIMUM_ALLOWED_ACCESS,
3794 groups->entries[i].idx,
3796 if (!NT_STATUS_IS_OK(result))
3799 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
3802 if (!NT_STATUS_IS_OK(result))
3805 alias.num_members = sid_array.num_sids;
3807 result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
3808 if (!NT_STATUS_IS_OK(result))
3811 alias.members = NULL;
3813 if (alias.num_members > 0) {
3814 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
3816 for (j = 0; j < alias.num_members; j++)
3817 sid_copy(&alias.members[j],
3818 sid_array.sids[j].sid);
3821 sid_copy(&alias.sid, domain_sid);
3822 sid_append_rid(&alias.sid, groups->entries[i].idx);
3824 push_alias(mem_ctx, &alias);
3826 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
3828 result = NT_STATUS_OK;
3831 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
3837 * Dump server_aliases as names for debugging purposes.
3840 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
3841 const DOM_SID *domain_sid,
3842 const char *domain_name,
3843 struct cli_state *cli,
3844 struct rpc_pipe_client *pipe_hnd,
3845 TALLOC_CTX *mem_ctx,
3853 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
3854 SEC_RIGHTS_MAXIMUM_ALLOWED,
3856 if (!NT_STATUS_IS_OK(result))
3859 for (i=0; i<num_server_aliases; i++) {
3862 enum lsa_SidType *types;
3865 struct full_alias *alias = &server_aliases[i];
3867 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
3869 &domains, &names, &types);
3870 if (!NT_STATUS_IS_OK(result))
3873 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
3875 if (alias->num_members == 0) {
3880 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
3883 &domains, &names, &types);
3885 if (!NT_STATUS_IS_OK(result) &&
3886 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
3889 for (j=0; j<alias->num_members; j++)
3890 DEBUG(1, ("%s\\%s (%d); ",
3891 domains[j] ? domains[j] : "*unknown*",
3892 names[j] ? names[j] : "*unknown*",types[j]));
3896 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
3898 return NT_STATUS_OK;
3902 * Fetch a list of all server aliases and their members into
3906 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
3907 const DOM_SID *domain_sid,
3908 const char *domain_name,
3909 struct cli_state *cli,
3910 struct rpc_pipe_client *pipe_hnd,
3911 TALLOC_CTX *mem_ctx,
3916 POLICY_HND connect_pol;
3918 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
3920 MAXIMUM_ALLOWED_ACCESS,
3923 if (!NT_STATUS_IS_OK(result))
3926 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
3927 &global_sid_Builtin);
3929 if (!NT_STATUS_IS_OK(result))
3932 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
3935 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
3940 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
3942 token->num_sids = 4;
3944 if (!(token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4))) {
3945 d_fprintf(stderr, "malloc failed\n");
3946 token->num_sids = 0;
3950 token->user_sids[0] = *user_sid;
3951 sid_copy(&token->user_sids[1], &global_sid_World);
3952 sid_copy(&token->user_sids[2], &global_sid_Network);
3953 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
3956 static void free_user_token(NT_USER_TOKEN *token)
3958 SAFE_FREE(token->user_sids);
3961 static bool is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
3965 for (i=0; i<token->num_sids; i++) {
3966 if (sid_compare(sid, &token->user_sids[i]) == 0)
3972 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
3974 if (is_sid_in_token(token, sid))
3977 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
3978 if (!token->user_sids) {
3982 sid_copy(&token->user_sids[token->num_sids], sid);
3984 token->num_sids += 1;
3989 NT_USER_TOKEN token;
3992 static void dump_user_token(struct user_token *token)
3996 d_printf("%s\n", token->name);
3998 for (i=0; i<token->token.num_sids; i++) {
3999 d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
4003 static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
4007 for (i=0; i<alias->num_members; i++) {
4008 if (sid_compare(sid, &alias->members[i]) == 0)
4015 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
4019 for (i=0; i<num_server_aliases; i++) {
4020 if (is_alias_member(&sid, &server_aliases[i]))
4021 add_sid_to_token(token, &server_aliases[i].sid);
4026 * We got a user token with all the SIDs we can know about without asking the
4027 * server directly. These are the user and domain group sids. All of these can
4028 * be members of aliases. So scan the list of aliases for each of the SIDs and
4029 * add them to the token.
4032 static void collect_alias_memberships(NT_USER_TOKEN *token)
4034 int num_global_sids = token->num_sids;
4037 for (i=0; i<num_global_sids; i++) {
4038 collect_sid_memberships(token, token->user_sids[i]);
4042 static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
4044 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4045 enum wbcSidType type;
4047 struct wbcDomainSid wsid;
4048 char *sid_str = NULL;
4050 uint32_t num_groups;
4051 gid_t *groups = NULL;
4054 fstr_sprintf(full_name, "%s%c%s",
4055 domain, *lp_winbind_separator(), user);
4057 /* First let's find out the user sid */
4059 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4061 if (!WBC_ERROR_IS_OK(wbc_status)) {
4062 DEBUG(1, ("winbind could not find %s: %s\n",
4063 full_name, wbcErrorString(wbc_status)));
4067 wbc_status = wbcSidToString(&wsid, &sid_str);
4068 if (!WBC_ERROR_IS_OK(wbc_status)) {
4072 if (type != SID_NAME_USER) {
4073 wbcFreeMemory(sid_str);
4074 DEBUG(1, ("%s is not a user\n", full_name));
4078 string_to_sid(&user_sid, sid_str);
4079 wbcFreeMemory(sid_str);
4082 init_user_token(token, &user_sid);
4084 /* And now the groups winbind knows about */
4086 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4087 if (!WBC_ERROR_IS_OK(wbc_status)) {
4088 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4089 full_name, wbcErrorString(wbc_status)));
4093 for (i = 0; i < num_groups; i++) {
4094 gid_t gid = groups[i];
4097 wbc_status = wbcGidToSid(gid, &wsid);
4098 if (!WBC_ERROR_IS_OK(wbc_status)) {
4099 DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
4100 gid, wbcErrorString(wbc_status)));
4101 wbcFreeMemory(groups);
4105 wbc_status = wbcSidToString(&wsid, &sid_str);
4106 if (!WBC_ERROR_IS_OK(wbc_status)) {
4107 wbcFreeMemory(groups);
4111 DEBUG(3, (" %s\n", sid_str));
4113 string_to_sid(&sid, sid_str);
4114 wbcFreeMemory(sid_str);
4117 add_sid_to_token(token, &sid);
4119 wbcFreeMemory(groups);
4125 * Get a list of all user tokens we want to look at
4128 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4129 struct user_token **user_tokens)
4131 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4132 uint32_t i, num_users;
4134 struct user_token *result;
4135 TALLOC_CTX *frame = NULL;
4137 if (lp_winbind_use_default_domain() &&
4138 (c->opt_target_workgroup == NULL)) {
4139 d_fprintf(stderr, "winbind use default domain = yes set, "
4140 "please specify a workgroup\n");
4144 /* Send request to winbind daemon */
4146 wbc_status = wbcListUsers(NULL, &num_users, &users);
4147 if (!WBC_ERROR_IS_OK(wbc_status)) {
4148 DEBUG(1, ("winbind could not list users: %s\n",
4149 wbcErrorString(wbc_status)));
4153 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4155 if (result == NULL) {
4156 DEBUG(1, ("Could not malloc sid array\n"));
4157 wbcFreeMemory(users);
4161 frame = talloc_stackframe();
4162 for (i=0; i < num_users; i++) {
4163 fstring domain, user;
4166 fstrcpy(result[i].name, users[i]);
4168 p = strchr(users[i], *lp_winbind_separator());
4170 DEBUG(3, ("%s\n", users[i]));
4173 fstrcpy(domain, c->opt_target_workgroup);
4174 fstrcpy(user, users[i]);
4177 fstrcpy(domain, users[i]);
4182 get_user_sids(domain, user, &(result[i].token));
4186 wbcFreeMemory(users);
4188 *num_tokens = num_users;
4189 *user_tokens = result;
4194 static bool get_user_tokens_from_file(FILE *f,
4196 struct user_token **tokens)
4198 struct user_token *token = NULL;
4203 if (fgets(line, sizeof(line)-1, f) == NULL) {
4207 if (line[strlen(line)-1] == '\n')
4208 line[strlen(line)-1] = '\0';
4210 if (line[0] == ' ') {
4214 string_to_sid(&sid, &line[1]);
4216 if (token == NULL) {
4217 DEBUG(0, ("File does not begin with username"));
4221 add_sid_to_token(&token->token, &sid);
4225 /* And a new user... */
4228 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4229 if (*tokens == NULL) {
4230 DEBUG(0, ("Could not realloc tokens\n"));
4234 token = &((*tokens)[*num_tokens-1]);
4236 fstrcpy(token->name, line);
4237 token->token.num_sids = 0;
4238 token->token.user_sids = NULL;
4247 * Show the list of all users that have access to a share
4250 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4251 TALLOC_CTX *mem_ctx,
4252 const char *netname,
4254 struct user_token *tokens)
4257 SEC_DESC *share_sd = NULL;
4258 SEC_DESC *root_sd = NULL;
4259 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4261 union srvsvc_NetShareInfo info;
4266 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4273 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4274 DEBUG(1, ("Coult not query secdesc for share %s\n",
4279 share_sd = info.info502->sd_buf.sd;
4280 if (share_sd == NULL) {
4281 DEBUG(1, ("Got no secdesc for share %s\n",
4287 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4291 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4294 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4297 for (i=0; i<num_tokens; i++) {
4300 if (share_sd != NULL) {
4301 if (!se_access_check(share_sd, &tokens[i].token,
4302 1, &acc_granted, &status)) {
4303 DEBUG(1, ("Could not check share_sd for "
4309 if (!NT_STATUS_IS_OK(status))
4313 if (root_sd == NULL) {
4314 d_printf(" %s\n", tokens[i].name);
4318 if (!se_access_check(root_sd, &tokens[i].token,
4319 1, &acc_granted, &status)) {
4320 DEBUG(1, ("Could not check root_sd for user %s\n",
4325 if (!NT_STATUS_IS_OK(status))
4328 d_printf(" %s\n", tokens[i].name);
4332 cli_close(cli, fnum);
4344 static void collect_share(const char *name, uint32 m,
4345 const char *comment, void *state)
4347 struct share_list *share_list = (struct share_list *)state;
4349 if (m != STYPE_DISKTREE)
4352 share_list->num_shares += 1;
4353 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4354 if (!share_list->shares) {
4355 share_list->num_shares = 0;
4358 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4362 * List shares on a remote RPC server, including the security descriptors.
4364 * All parameters are provided by the run_rpc_command function, except for
4365 * argc, argv which are passed through.
4367 * @param domain_sid The domain sid acquired from the remote server.
4368 * @param cli A cli_state connected to the server.
4369 * @param mem_ctx Talloc context, destroyed on completion of the function.
4370 * @param argc Standard main() style argc.
4371 * @param argv Standard main() style argv. Initial components are already
4374 * @return Normal NTSTATUS return.
4377 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
4378 const DOM_SID *domain_sid,
4379 const char *domain_name,
4380 struct cli_state *cli,
4381 struct rpc_pipe_client *pipe_hnd,
4382 TALLOC_CTX *mem_ctx,
4392 struct user_token *tokens = NULL;
4395 struct share_list share_list;
4400 f = fopen(argv[0], "r");
4404 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4405 return NT_STATUS_UNSUCCESSFUL;
4408 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4414 DEBUG(0, ("Could not read users from file\n"));
4415 return NT_STATUS_UNSUCCESSFUL;
4418 for (i=0; i<num_tokens; i++)
4419 collect_alias_memberships(&tokens[i].token);
4421 init_enum_hnd(&hnd, 0);
4423 share_list.num_shares = 0;
4424 share_list.shares = NULL;
4426 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4429 DEBUG(0, ("Error returning browse list: %s\n",
4434 for (i = 0; i < share_list.num_shares; i++) {
4435 char *netname = share_list.shares[i];
4437 if (netname[strlen(netname)-1] == '$')
4440 d_printf("%s\n", netname);
4442 show_userlist(pipe_hnd, mem_ctx, netname,
4443 num_tokens, tokens);
4446 for (i=0; i<num_tokens; i++) {
4447 free_user_token(&tokens[i].token);
4450 SAFE_FREE(share_list.shares);
4452 return NT_STATUS_OK;
4455 static int rpc_share_allowedusers(struct net_context *c, int argc,
4460 if (c->display_usage) {
4462 "net rpc share allowedusers\n"
4463 " List allowed users\n");
4467 result = run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
4468 rpc_aliaslist_internals,
4473 result = run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
4479 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4480 rpc_share_allowedusers_internals,
4484 int net_usersidlist(struct net_context *c, int argc, const char **argv)
4487 struct user_token *tokens = NULL;
4491 net_usersidlist_usage(c, argc, argv);
4495 if (!get_user_tokens(c, &num_tokens, &tokens)) {
4496 DEBUG(0, ("Could not get the user/sid list\n"));
4500 for (i=0; i<num_tokens; i++) {
4501 dump_user_token(&tokens[i]);
4502 free_user_token(&tokens[i].token);
4509 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
4511 d_printf("net usersidlist\n"
4512 "\tprints out a list of all users the running winbind knows\n"
4513 "\tabout, together with all their SIDs. This is used as\n"
4514 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4516 net_common_flags_usage(c, argc, argv);
4521 * 'net rpc share' entrypoint.
4522 * @param argc Standard main() style argc.
4523 * @param argv Standard main() style argv. Initial components are already
4527 int net_rpc_share(struct net_context *c, int argc, const char **argv)
4529 NET_API_STATUS status;
4531 struct functable func[] = {
4537 "net rpc share add\n"
4545 "net rpc share delete\n"
4550 rpc_share_allowedusers,
4552 "Modify allowed users",
4553 "net rpc share allowedusers\n"
4554 " Modify allowed users"
4560 "Migrate share to local server",
4561 "net rpc share migrate\n"
4562 " Migrate share to local server"
4569 "net rpc share list\n"
4572 {NULL, NULL, 0, NULL, NULL}
4575 status = libnetapi_init(&c->netapi_ctx);
4579 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
4580 libnetapi_set_password(c->netapi_ctx, c->opt_password);
4581 if (c->opt_kerberos) {
4582 libnetapi_set_use_kerberos(c->netapi_ctx);
4586 if (c->display_usage) {
4590 " Alias for net rpc share list\n");
4591 net_display_usage_from_functable(func);
4595 return rpc_share_list(c, argc, argv);
4598 return net_run_function(c, argc, argv, "net rpc share", func);
4601 static NTSTATUS rpc_sh_share_list(struct net_context *c,
4602 TALLOC_CTX *mem_ctx,
4603 struct rpc_sh_ctx *ctx,
4604 struct rpc_pipe_client *pipe_hnd,
4605 int argc, const char **argv)
4608 return werror_to_ntstatus(W_ERROR(rpc_share_list(c, argc, argv)));
4611 static NTSTATUS rpc_sh_share_add(struct net_context *c,
4612 TALLOC_CTX *mem_ctx,
4613 struct rpc_sh_ctx *ctx,
4614 struct rpc_pipe_client *pipe_hnd,
4615 int argc, const char **argv)
4617 NET_API_STATUS status;
4618 uint32_t parm_err = 0;
4619 struct SHARE_INFO_2 i2;
4621 if ((argc < 2) || (argc > 3)) {
4622 d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
4624 return NT_STATUS_INVALID_PARAMETER;
4627 i2.shi2_netname = argv[0];
4628 i2.shi2_type = STYPE_DISKTREE;
4629 i2.shi2_remark = (argc == 3) ? argv[2] : "";
4630 i2.shi2_permissions = 0;
4631 i2.shi2_max_uses = 0;
4632 i2.shi2_current_uses = 0;
4633 i2.shi2_path = argv[1];
4634 i2.shi2_passwd = NULL;
4636 status = NetShareAdd(pipe_hnd->desthost,
4641 return werror_to_ntstatus(W_ERROR(status));
4644 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
4645 TALLOC_CTX *mem_ctx,
4646 struct rpc_sh_ctx *ctx,
4647 struct rpc_pipe_client *pipe_hnd,
4648 int argc, const char **argv)
4651 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4652 return NT_STATUS_INVALID_PARAMETER;
4655 return werror_to_ntstatus(W_ERROR(NetShareDel(pipe_hnd->desthost, argv[0], 0)));
4658 static NTSTATUS rpc_sh_share_info(struct net_context *c,
4659 TALLOC_CTX *mem_ctx,
4660 struct rpc_sh_ctx *ctx,
4661 struct rpc_pipe_client *pipe_hnd,
4662 int argc, const char **argv)
4664 union srvsvc_NetShareInfo info;
4669 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4670 return NT_STATUS_INVALID_PARAMETER;
4673 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4679 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4683 d_printf("Name: %s\n", info.info2->name);
4684 d_printf("Comment: %s\n", info.info2->comment);
4685 d_printf("Path: %s\n", info.info2->path);
4686 d_printf("Password: %s\n", info.info2->password);
4689 return werror_to_ntstatus(result);
4692 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
4693 struct rpc_sh_ctx *ctx)
4695 static struct rpc_sh_cmd cmds[] = {
4697 { "list", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_list,
4698 "List available shares" },
4700 { "add", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_add,
4703 { "delete", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_delete,
4706 { "info", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_info,
4707 "Get information about a share" },
4709 { NULL, NULL, 0, NULL, NULL }
4715 /****************************************************************************/
4717 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
4719 return net_file_usage(c, argc, argv);
4723 * Close a file on a remote RPC server.
4725 * @param argc Standard main() style argc.
4726 * @param argv Standard main() style argv. Initial components are already
4729 * @return A shell status integer (0 for success).
4731 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
4733 if (argc < 1 || c->display_usage) {
4734 return rpc_file_usage(c, argc, argv);
4737 return NetFileClose(c->opt_host, atoi(argv[0]));
4741 * Formatted print of open file info
4743 * @param r struct FILE_INFO_3 contents
4746 static void display_file_info_3(struct FILE_INFO_3 *r)
4748 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
4749 r->fi3_id, r->fi3_username, r->fi3_permissions,
4750 r->fi3_num_locks, r->fi3_pathname);
4754 * List files for a user on a remote RPC server.
4756 * @param argc Standard main() style argc.
4757 * @param argv Standard main() style argv. Initial components are already
4760 * @return A shell status integer (0 for success)..
4763 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
4765 NET_API_STATUS status;
4766 uint32 preferred_len = 0xffffffff, i;
4767 const char *username=NULL;
4768 uint32_t total_entries = 0;
4769 uint32_t entries_read = 0;
4770 uint32_t resume_handle = 0;
4771 struct FILE_INFO_3 *i3 = NULL;
4773 if (c->display_usage) {
4774 return rpc_file_usage(c, argc, argv);
4777 /* if argc > 0, must be user command */
4779 username = smb_xstrdup(argv[0]);
4782 status = NetFileEnum(c->opt_host,
4796 /* Display results */
4799 "\nEnumerating open files on remote server:\n\n"
4800 "\nFileId Opened by Perms Locks Path"
4801 "\n------ --------- ----- ----- ---- \n");
4802 for (i = 0; i < entries_read; i++) {
4803 display_file_info_3(&i3[i]);
4810 * 'net rpc file' entrypoint.
4811 * @param argc Standard main() style argc.
4812 * @param argv Standard main() style argv. Initial components are already
4816 int net_rpc_file(struct net_context *c, int argc, const char **argv)
4818 NET_API_STATUS status;
4820 struct functable func[] = {
4825 "Close opened file",
4826 "net rpc file close\n"
4827 " Close opened file"
4833 "List files opened by user",
4834 "net rpc file user\n"
4835 " List files opened by user"
4842 "Display information about opened file",
4843 "net rpc file info\n"
4844 " Display information about opened file"
4847 {NULL, NULL, 0, NULL, NULL}
4850 status = libnetapi_init(&c->netapi_ctx);
4854 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
4855 libnetapi_set_password(c->netapi_ctx, c->opt_password);
4856 if (c->opt_kerberos) {
4857 libnetapi_set_use_kerberos(c->netapi_ctx);
4861 if (c->display_usage) {
4862 d_printf("Usage:\n");
4863 d_printf("net rpc file\n"
4864 " List opened files\n");
4865 net_display_usage_from_functable(func);
4869 return rpc_file_user(c, argc, argv);
4872 return net_run_function(c, argc, argv, "net rpc file", func);
4876 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
4878 * All parameters are provided by the run_rpc_command function, except for
4879 * argc, argv which are passed through.
4881 * @param c A net_context structure.
4882 * @param domain_sid The domain sid acquired from the remote server.
4883 * @param cli A cli_state connected to the server.
4884 * @param mem_ctx Talloc context, destroyed on completion of the function.
4885 * @param argc Standard main() style argc.
4886 * @param argv Standard main() style argv. Initial components are already
4889 * @return Normal NTSTATUS return.
4892 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
4893 const DOM_SID *domain_sid,
4894 const char *domain_name,
4895 struct cli_state *cli,
4896 struct rpc_pipe_client *pipe_hnd,
4897 TALLOC_CTX *mem_ctx,
4901 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4903 result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
4905 if (NT_STATUS_IS_OK(result)) {
4906 d_printf("\nShutdown successfully aborted\n");
4907 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
4909 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
4915 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
4917 * All parameters are provided by the run_rpc_command function, except for
4918 * argc, argv which are passed through.
4920 * @param c A net_context structure.
4921 * @param domain_sid The domain sid acquired from the remote server.
4922 * @param cli A cli_state connected to the server.
4923 * @param mem_ctx Talloc context, destroyed on completion of the function.
4924 * @param argc Standard main() style argc.
4925 * @param argv Standard main() style argv. Initial components are already
4928 * @return Normal NTSTATUS return.
4931 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
4932 const DOM_SID *domain_sid,
4933 const char *domain_name,
4934 struct cli_state *cli,
4935 struct rpc_pipe_client *pipe_hnd,
4936 TALLOC_CTX *mem_ctx,
4940 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4942 result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
4944 if (NT_STATUS_IS_OK(result)) {
4945 d_printf("\nShutdown successfully aborted\n");
4946 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
4948 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
4954 * ABORT the shutdown of a remote RPC server.
4956 * @param argc Standard main() style argc.
4957 * @param argv Standard main() style argv. Initial components are already
4960 * @return A shell status integer (0 for success).
4963 static int rpc_shutdown_abort(struct net_context *c, int argc,
4968 if (c->display_usage) {
4970 "net rpc abortshutdown\n"
4971 " Abort a scheduled shutdown\n");
4975 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown.syntax_id, 0,
4976 rpc_shutdown_abort_internals, argc, argv);
4981 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
4983 return run_rpc_command(c, NULL, &ndr_table_winreg.syntax_id, 0,
4984 rpc_reg_shutdown_abort_internals,
4989 * Shut down a remote RPC Server via initshutdown pipe.
4991 * All parameters are provided by the run_rpc_command function, except for
4992 * argc, argv which are passed through.
4994 * @param c A net_context structure.
4995 * @param domain_sid The domain sid acquired from the remote server.
4996 * @param cli A cli_state connected to the server.
4997 * @param mem_ctx Talloc context, destroyed on completion of the function.
4998 * @param argc Standard main() style argc.
4999 * @param argv Standard main() style argv. Initial components are already
5002 * @return Normal NTSTATUS return.
5005 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
5006 const DOM_SID *domain_sid,
5007 const char *domain_name,
5008 struct cli_state *cli,
5009 struct rpc_pipe_client *pipe_hnd,
5010 TALLOC_CTX *mem_ctx,
5014 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5015 const char *msg = "This machine will be shutdown shortly";
5016 uint32 timeout = 20;
5017 struct initshutdown_String msg_string;
5018 struct initshutdown_String_sub s;
5020 if (c->opt_comment) {
5021 msg = c->opt_comment;
5023 if (c->opt_timeout) {
5024 timeout = c->opt_timeout;
5028 msg_string.name = &s;
5030 /* create an entry */
5031 result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
5032 &msg_string, timeout, c->opt_force, c->opt_reboot,
5035 if (NT_STATUS_IS_OK(result)) {
5036 d_printf("\nShutdown of remote machine succeeded\n");
5037 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5039 DEBUG(1,("Shutdown of remote machine failed!\n"));
5045 * Shut down a remote RPC Server via winreg pipe.
5047 * All parameters are provided by the run_rpc_command function, except for
5048 * argc, argv which are passed through.
5050 * @param c A net_context structure.
5051 * @param domain_sid The domain sid acquired from the remote server.
5052 * @param cli A cli_state connected to the server.
5053 * @param mem_ctx Talloc context, destroyed on completion of the function.
5054 * @param argc Standard main() style argc.
5055 * @param argv Standard main() style argv. Initial components are already
5058 * @return Normal NTSTATUS return.
5061 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5062 const DOM_SID *domain_sid,
5063 const char *domain_name,
5064 struct cli_state *cli,
5065 struct rpc_pipe_client *pipe_hnd,
5066 TALLOC_CTX *mem_ctx,
5070 const char *msg = "This machine will be shutdown shortly";
5071 uint32 timeout = 20;
5072 struct initshutdown_String msg_string;
5073 struct initshutdown_String_sub s;
5077 if (c->opt_comment) {
5078 msg = c->opt_comment;
5081 msg_string.name = &s;
5083 if (c->opt_timeout) {
5084 timeout = c->opt_timeout;
5087 /* create an entry */
5088 result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
5089 &msg_string, timeout, c->opt_force, c->opt_reboot,
5092 if (NT_STATUS_IS_OK(result)) {
5093 d_printf("\nShutdown of remote machine succeeded\n");
5095 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5096 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5097 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5099 d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
5106 * Shut down a remote RPC server.
5108 * @param argc Standard main() style argc.
5109 * @param argv Standard main() style argv. Initial components are already
5112 * @return A shell status integer (0 for success).
5115 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
5119 if (c->display_usage) {
5121 "net rpc shutdown\n"
5122 " Shut down a remote RPC server\n");
5126 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown.syntax_id, 0,
5127 rpc_init_shutdown_internals, argc, argv);
5130 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5131 rc = run_rpc_command(c, NULL, &ndr_table_winreg.syntax_id, 0,
5132 rpc_reg_shutdown_internals, argc, argv);
5138 /***************************************************************************
5139 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5140 ***************************************************************************/
5143 * Add interdomain trust account to the RPC server.
5144 * All parameters (except for argc and argv) are passed by run_rpc_command
5147 * @param c A net_context structure.
5148 * @param domain_sid The domain sid acquired from the server.
5149 * @param cli A cli_state connected to the server.
5150 * @param mem_ctx Talloc context, destroyed on completion of the function.
5151 * @param argc Standard main() style argc.
5152 * @param argv Standard main() style argv. Initial components are already
5155 * @return normal NTSTATUS return code.
5158 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
5159 const DOM_SID *domain_sid,
5160 const char *domain_name,
5161 struct cli_state *cli,
5162 struct rpc_pipe_client *pipe_hnd,
5163 TALLOC_CTX *mem_ctx,
5167 POLICY_HND connect_pol, domain_pol, user_pol;
5168 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5170 struct lsa_String lsa_acct_name;
5172 uint32 acct_flags=0;
5174 uint32_t access_granted = 0;
5175 union samr_UserInfo info;
5176 unsigned int orig_timeout;
5179 d_printf("Usage: net rpc trustdom add <domain_name> "
5180 "<trust password>\n");
5181 return NT_STATUS_INVALID_PARAMETER;
5185 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5188 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5189 return NT_STATUS_NO_MEMORY;
5192 strupper_m(acct_name);
5194 init_lsa_String(&lsa_acct_name, acct_name);
5196 /* Get samr policy handle */
5197 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5199 MAXIMUM_ALLOWED_ACCESS,
5201 if (!NT_STATUS_IS_OK(result)) {
5205 /* Get domain policy handle */
5206 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5208 MAXIMUM_ALLOWED_ACCESS,
5209 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5211 if (!NT_STATUS_IS_OK(result)) {
5215 /* This call can take a long time - allow the server to time out.
5216 * 35 seconds should do it. */
5218 orig_timeout = rpccli_set_timeout(pipe_hnd, 35000);
5220 /* Create trusting domain's account */
5221 acb_info = ACB_NORMAL;
5222 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5223 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5224 SAMR_USER_ACCESS_SET_PASSWORD |
5225 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5226 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5228 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5237 /* And restore our original timeout. */
5238 rpccli_set_timeout(pipe_hnd, orig_timeout);
5240 if (!NT_STATUS_IS_OK(result)) {
5241 d_printf("net rpc trustdom add: create user %s failed %s\n",
5242 acct_name, nt_errstr(result));
5248 struct samr_LogonHours hours;
5249 struct lsa_BinaryString parameters;
5250 const int units_per_week = 168;
5251 struct samr_CryptPassword crypt_pwd;
5253 ZERO_STRUCT(notime);
5255 ZERO_STRUCT(parameters);
5257 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
5259 result = NT_STATUS_NO_MEMORY;
5262 hours.units_per_week = units_per_week;
5263 memset(hours.bits, 0xFF, units_per_week);
5265 init_samr_CryptPassword(argv[1],
5266 &cli->user_session_key,
5269 init_samr_user_info23(&info.info23,
5270 notime, notime, notime,
5271 notime, notime, notime,
5272 NULL, NULL, NULL, NULL, NULL,
5273 NULL, NULL, NULL, NULL, ¶meters,
5274 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
5276 0, 0, 0, 0, 0, 0, 0,
5277 crypt_pwd.data, 24);
5279 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5284 if (!NT_STATUS_IS_OK(result)) {
5285 DEBUG(0,("Could not set trust account password: %s\n",
5286 nt_errstr(result)));
5292 SAFE_FREE(acct_name);
5297 * Create interdomain trust account for a remote domain.
5299 * @param argc Standard argc.
5300 * @param argv Standard argv without initial components.
5302 * @return Integer status (0 means success).
5305 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
5307 if (argc > 0 && !c->display_usage) {
5308 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
5309 rpc_trustdom_add_internals, argc, argv);
5312 "net rpc trustdom add <domain_name> <trust password>\n");
5319 * Remove interdomain trust account from the RPC server.
5320 * All parameters (except for argc and argv) are passed by run_rpc_command
5323 * @param c A net_context structure.
5324 * @param domain_sid The domain sid acquired from the server.
5325 * @param cli A cli_state connected to the server.
5326 * @param mem_ctx Talloc context, destroyed on completion of the function.
5327 * @param argc Standard main() style argc.
5328 * @param argv Standard main() style argv. Initial components are already
5331 * @return normal NTSTATUS return code.
5334 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
5335 const DOM_SID *domain_sid,
5336 const char *domain_name,
5337 struct cli_state *cli,
5338 struct rpc_pipe_client *pipe_hnd,
5339 TALLOC_CTX *mem_ctx,
5343 POLICY_HND connect_pol, domain_pol, user_pol;
5344 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5346 DOM_SID trust_acct_sid;
5347 struct samr_Ids user_rids, name_types;
5348 struct lsa_String lsa_acct_name;
5351 d_printf("Usage: net rpc trustdom del <domain_name>\n");
5352 return NT_STATUS_INVALID_PARAMETER;
5356 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5358 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5360 if (acct_name == NULL)
5361 return NT_STATUS_NO_MEMORY;
5363 strupper_m(acct_name);
5365 /* Get samr policy handle */
5366 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5368 MAXIMUM_ALLOWED_ACCESS,
5370 if (!NT_STATUS_IS_OK(result)) {
5374 /* Get domain policy handle */
5375 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5377 MAXIMUM_ALLOWED_ACCESS,
5378 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5380 if (!NT_STATUS_IS_OK(result)) {
5384 init_lsa_String(&lsa_acct_name, acct_name);
5386 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5393 if (!NT_STATUS_IS_OK(result)) {
5394 d_printf("net rpc trustdom del: LookupNames on user %s failed %s\n",
5395 acct_name, nt_errstr(result) );
5399 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5401 MAXIMUM_ALLOWED_ACCESS,
5405 if (!NT_STATUS_IS_OK(result)) {
5406 d_printf("net rpc trustdom del: OpenUser on user %s failed %s\n",
5407 acct_name, nt_errstr(result) );
5411 /* append the rid to the domain sid */
5412 sid_copy(&trust_acct_sid, domain_sid);
5413 if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
5417 /* remove the sid */
5419 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5422 if (!NT_STATUS_IS_OK(result)) {
5423 d_printf("net rpc trustdom del: RemoveMemberFromForeignDomain on user %s failed %s\n",
5424 acct_name, nt_errstr(result) );
5430 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
5433 if (!NT_STATUS_IS_OK(result)) {
5434 d_printf("net rpc trustdom del: DeleteUser on user %s failed %s\n",
5435 acct_name, nt_errstr(result) );
5439 if (!NT_STATUS_IS_OK(result)) {
5440 d_printf("Could not set trust account password: %s\n",
5450 * Delete interdomain trust account for a remote domain.
5452 * @param argc Standard argc.
5453 * @param argv Standard argv without initial components.
5455 * @return Integer status (0 means success).
5458 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
5460 if (argc > 0 && !c->display_usage) {
5461 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
5462 rpc_trustdom_del_internals, argc, argv);
5465 "net rpc trustdom del <domain>\n");
5470 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
5471 struct cli_state *cli,
5472 TALLOC_CTX *mem_ctx,
5473 const char *domain_name)
5475 char *dc_name = NULL;
5476 const char *buffer = NULL;
5477 struct rpc_pipe_client *netr;
5480 /* Use NetServerEnum2 */
5482 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
5484 return NT_STATUS_OK;
5487 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
5488 for domain %s\n", domain_name));
5490 /* Try netr_GetDcName */
5492 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
5494 if (!NT_STATUS_IS_OK(status)) {
5498 status = rpccli_netr_GetDcName(netr, mem_ctx,
5505 if (NT_STATUS_IS_OK(status)) {
5509 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
5510 for domain %s\n", domain_name));
5516 * Establish trust relationship to a trusting domain.
5517 * Interdomain account must already be created on remote PDC.
5519 * @param c A net_context structure.
5520 * @param argc Standard argc.
5521 * @param argv Standard argv without initial components.
5523 * @return Integer status (0 means success).
5526 static int rpc_trustdom_establish(struct net_context *c, int argc,
5529 struct cli_state *cli = NULL;
5530 struct sockaddr_storage server_ss;
5531 struct rpc_pipe_client *pipe_hnd = NULL;
5532 POLICY_HND connect_hnd;
5533 TALLOC_CTX *mem_ctx;
5535 DOM_SID *domain_sid;
5540 union lsa_PolicyInformation *info = NULL;
5543 * Connect to \\server\ipc$ as 'our domain' account with password
5546 if (argc != 1 || c->display_usage) {
5548 "net rpc trustdom establish <domain_name>\n");
5552 domain_name = smb_xstrdup(argv[0]);
5553 strupper_m(domain_name);
5555 /* account name used at first is our domain's name with '$' */
5556 asprintf(&acct_name, "%s$", lp_workgroup());
5557 strupper_m(acct_name);
5560 * opt_workgroup will be used by connection functions further,
5561 * hence it should be set to remote domain name instead of ours
5563 if (c->opt_workgroup) {
5564 c->opt_workgroup = smb_xstrdup(domain_name);
5567 c->opt_user_name = acct_name;
5569 /* find the domain controller */
5570 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
5571 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
5575 /* connect to ipc$ as username/password */
5576 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
5577 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
5579 /* Is it trusting domain account for sure ? */
5580 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
5581 nt_errstr(nt_status)));
5585 /* store who we connected to */
5587 saf_store( domain_name, pdc_name );
5590 * Connect to \\server\ipc$ again (this time anonymously)
5593 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
5596 if (NT_STATUS_IS_ERR(nt_status)) {
5597 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
5598 domain_name, nt_errstr(nt_status)));
5602 if (!(mem_ctx = talloc_init("establishing trust relationship to "
5603 "domain %s", domain_name))) {
5604 DEBUG(0, ("talloc_init() failed\n"));
5609 /* Make sure we're talking to a proper server */
5611 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
5612 if (!NT_STATUS_IS_OK(nt_status)) {
5614 talloc_destroy(mem_ctx);
5619 * Call LsaOpenPolicy and LsaQueryInfo
5622 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
5624 if (!NT_STATUS_IS_OK(nt_status)) {
5625 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
5627 talloc_destroy(mem_ctx);
5631 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
5633 if (NT_STATUS_IS_ERR(nt_status)) {
5634 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5635 nt_errstr(nt_status)));
5637 talloc_destroy(mem_ctx);
5641 /* Querying info level 5 */
5643 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
5645 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
5647 if (NT_STATUS_IS_ERR(nt_status)) {
5648 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5649 nt_errstr(nt_status)));
5651 talloc_destroy(mem_ctx);
5655 domain_sid = info->account_domain.sid;
5657 /* There should be actually query info level 3 (following nt serv behaviour),
5658 but I still don't know if it's _really_ necessary */
5661 * Store the password in secrets db
5664 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
5665 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5667 talloc_destroy(mem_ctx);
5672 * Close the pipes and clean up
5675 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
5676 if (NT_STATUS_IS_ERR(nt_status)) {
5677 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
5678 nt_errstr(nt_status)));
5680 talloc_destroy(mem_ctx);
5686 talloc_destroy(mem_ctx);
5688 d_printf("Trust to domain %s established\n", domain_name);
5693 * Revoke trust relationship to the remote domain.
5695 * @param c A net_context structure.
5696 * @param argc Standard argc.
5697 * @param argv Standard argv without initial components.
5699 * @return Integer status (0 means success).
5702 static int rpc_trustdom_revoke(struct net_context *c, int argc,
5708 if (argc < 1 || c->display_usage) {
5710 "net rpc trustdom revoke <domain_name>\n"
5711 " Revoke trust relationship\n"
5712 " domain_name\tName of domain to revoke trust\n");
5716 /* generate upper cased domain name */
5717 domain_name = smb_xstrdup(argv[0]);
5718 strupper_m(domain_name);
5720 /* delete password of the trust */
5721 if (!pdb_del_trusteddom_pw(domain_name)) {
5722 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
5729 SAFE_FREE(domain_name);
5733 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
5734 const DOM_SID *domain_sid,
5735 const char *domain_name,
5736 struct cli_state *cli,
5737 struct rpc_pipe_client *pipe_hnd,
5738 TALLOC_CTX *mem_ctx,
5743 sid_to_fstring(str_sid, domain_sid);
5744 d_printf("%s\n", str_sid);
5745 return NT_STATUS_OK;
5748 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
5750 fstring ascii_sid, padding;
5751 int pad_len, col_len = 20;
5753 /* convert sid into ascii string */
5754 sid_to_fstring(ascii_sid, dom_sid);
5756 /* calculate padding space for d_printf to look nicer */
5757 pad_len = col_len - strlen(trusted_dom_name);
5758 padding[pad_len] = 0;
5759 do padding[--pad_len] = ' '; while (pad_len);
5761 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
5764 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
5765 TALLOC_CTX *mem_ctx,
5768 const char *trusted_dom_name)
5771 union lsa_TrustedDomainInfo *info = NULL;
5772 char *cleartextpwd = NULL;
5773 uint8_t nt_hash[16];
5776 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
5779 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
5781 if (NT_STATUS_IS_ERR(nt_status)) {
5782 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
5783 nt_errstr(nt_status)));
5787 data = data_blob(info->password.password->data,
5788 info->password.password->length);
5790 if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
5791 DEBUG(0, ("Could not retrieve password hash\n"));
5795 cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
5797 if (cleartextpwd == NULL) {
5798 DEBUG(0,("retrieved NULL password\n"));
5799 nt_status = NT_STATUS_UNSUCCESSFUL;
5803 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
5804 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5805 nt_status = NT_STATUS_UNSUCCESSFUL;
5809 #ifdef DEBUG_PASSWORD
5810 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
5811 "password: [%s]\n", trusted_dom_name,
5812 sid_string_dbg(&dom_sid), cleartextpwd));
5816 SAFE_FREE(cleartextpwd);
5817 data_blob_free(&data);
5822 static int rpc_trustdom_vampire(struct net_context *c, int argc,
5825 /* common variables */
5826 TALLOC_CTX* mem_ctx;
5827 struct cli_state *cli = NULL;
5828 struct rpc_pipe_client *pipe_hnd = NULL;
5830 const char *domain_name = NULL;
5831 DOM_SID *queried_dom_sid;
5832 POLICY_HND connect_hnd;
5833 union lsa_PolicyInformation *info = NULL;
5835 /* trusted domains listing variables */
5836 unsigned int enum_ctx = 0;
5838 struct lsa_DomainList dom_list;
5841 if (c->display_usage) {
5843 "net rpc trustdom vampire\n"
5844 " Vampire trust relationship from remote server\n");
5849 * Listing trusted domains (stored in secrets.tdb, if local)
5852 mem_ctx = talloc_init("trust relationships vampire");
5855 * set domain and pdc name to local samba server (default)
5856 * or to remote one given in command line
5859 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
5860 domain_name = c->opt_workgroup;
5861 c->opt_target_workgroup = c->opt_workgroup;
5863 fstrcpy(pdc_name, global_myname());
5864 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
5865 c->opt_target_workgroup = domain_name;
5868 /* open \PIPE\lsarpc and open policy handle */
5869 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
5870 if (!NT_STATUS_IS_OK(nt_status)) {
5871 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
5872 nt_errstr(nt_status)));
5873 talloc_destroy(mem_ctx);
5877 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
5879 if (!NT_STATUS_IS_OK(nt_status)) {
5880 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
5881 nt_errstr(nt_status) ));
5883 talloc_destroy(mem_ctx);
5887 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
5889 if (NT_STATUS_IS_ERR(nt_status)) {
5890 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5891 nt_errstr(nt_status)));
5893 talloc_destroy(mem_ctx);
5897 /* query info level 5 to obtain sid of a domain being queried */
5898 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
5900 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
5903 if (NT_STATUS_IS_ERR(nt_status)) {
5904 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5905 nt_errstr(nt_status)));
5907 talloc_destroy(mem_ctx);
5911 queried_dom_sid = info->account_domain.sid;
5914 * Keep calling LsaEnumTrustdom over opened pipe until
5915 * the end of enumeration is reached
5918 d_printf("Vampire trusted domains:\n\n");
5921 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
5926 if (NT_STATUS_IS_ERR(nt_status)) {
5927 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
5928 nt_errstr(nt_status)));
5930 talloc_destroy(mem_ctx);
5934 for (i = 0; i < dom_list.count; i++) {
5936 print_trusted_domain(dom_list.domains[i].sid,
5937 dom_list.domains[i].name.string);
5939 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
5940 *dom_list.domains[i].sid,
5941 dom_list.domains[i].name.string);
5942 if (!NT_STATUS_IS_OK(nt_status)) {
5944 talloc_destroy(mem_ctx);
5950 * in case of no trusted domains say something rather
5951 * than just display blank line
5953 if (!dom_list.count) d_printf("none\n");
5955 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
5957 /* close this connection before doing next one */
5958 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
5959 if (NT_STATUS_IS_ERR(nt_status)) {
5960 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
5961 nt_errstr(nt_status)));
5963 talloc_destroy(mem_ctx);
5967 /* close lsarpc pipe and connection to IPC$ */
5970 talloc_destroy(mem_ctx);
5974 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
5976 /* common variables */
5977 TALLOC_CTX* mem_ctx;
5978 struct cli_state *cli = NULL, *remote_cli = NULL;
5979 struct rpc_pipe_client *pipe_hnd = NULL;
5981 const char *domain_name = NULL;
5982 DOM_SID *queried_dom_sid;
5984 int ascii_dom_name_len;
5985 POLICY_HND connect_hnd;
5986 union lsa_PolicyInformation *info = NULL;
5988 /* trusted domains listing variables */
5989 unsigned int num_domains, enum_ctx = 0;
5990 int i, pad_len, col_len = 20;
5991 struct lsa_DomainList dom_list;
5994 /* trusting domains listing variables */
5995 POLICY_HND domain_hnd;
5996 struct samr_SamArray *trusts = NULL;
5998 if (c->display_usage) {
6000 "net rpc trustdom list\n"
6001 " List trust relationships\n");
6006 * Listing trusted domains (stored in secrets.tdb, if local)
6009 mem_ctx = talloc_init("trust relationships listing");
6012 * set domain and pdc name to local samba server (default)
6013 * or to remote one given in command line
6016 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6017 domain_name = c->opt_workgroup;
6018 c->opt_target_workgroup = c->opt_workgroup;
6020 fstrcpy(pdc_name, global_myname());
6021 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6022 c->opt_target_workgroup = domain_name;
6025 /* open \PIPE\lsarpc and open policy handle */
6026 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6027 if (!NT_STATUS_IS_OK(nt_status)) {
6028 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6029 nt_errstr(nt_status)));
6030 talloc_destroy(mem_ctx);
6034 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6036 if (!NT_STATUS_IS_OK(nt_status)) {
6037 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6038 nt_errstr(nt_status) ));
6040 talloc_destroy(mem_ctx);
6044 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
6046 if (NT_STATUS_IS_ERR(nt_status)) {
6047 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6048 nt_errstr(nt_status)));
6050 talloc_destroy(mem_ctx);
6054 /* query info level 5 to obtain sid of a domain being queried */
6055 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6057 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6060 if (NT_STATUS_IS_ERR(nt_status)) {
6061 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6062 nt_errstr(nt_status)));
6064 talloc_destroy(mem_ctx);
6068 queried_dom_sid = info->account_domain.sid;
6071 * Keep calling LsaEnumTrustdom over opened pipe until
6072 * the end of enumeration is reached
6075 d_printf("Trusted domains list:\n\n");
6078 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6083 if (NT_STATUS_IS_ERR(nt_status)) {
6084 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6085 nt_errstr(nt_status)));
6087 talloc_destroy(mem_ctx);
6091 for (i = 0; i < dom_list.count; i++) {
6092 print_trusted_domain(dom_list.domains[i].sid,
6093 dom_list.domains[i].name.string);
6097 * in case of no trusted domains say something rather
6098 * than just display blank line
6100 if (!dom_list.count) d_printf("none\n");
6102 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6104 /* close this connection before doing next one */
6105 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6106 if (NT_STATUS_IS_ERR(nt_status)) {
6107 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6108 nt_errstr(nt_status)));
6110 talloc_destroy(mem_ctx);
6114 TALLOC_FREE(pipe_hnd);
6117 * Listing trusting domains (stored in passdb backend, if local)
6120 d_printf("\nTrusting domains list:\n\n");
6123 * Open \PIPE\samr and get needed policy handles
6125 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
6127 if (!NT_STATUS_IS_OK(nt_status)) {
6128 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6130 talloc_destroy(mem_ctx);
6135 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6137 SA_RIGHT_SAM_OPEN_DOMAIN,
6139 if (!NT_STATUS_IS_OK(nt_status)) {
6140 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6141 nt_errstr(nt_status)));
6143 talloc_destroy(mem_ctx);
6147 /* SamrOpenDomain - we have to open domain policy handle in order to be
6148 able to enumerate accounts*/
6149 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6151 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
6154 if (!NT_STATUS_IS_OK(nt_status)) {
6155 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6156 nt_errstr(nt_status)));
6158 talloc_destroy(mem_ctx);
6163 * perform actual enumeration
6166 enum_ctx = 0; /* reset enumeration context from last enumeration */
6169 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6176 if (NT_STATUS_IS_ERR(nt_status)) {
6177 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6178 nt_errstr(nt_status)));
6180 talloc_destroy(mem_ctx);
6184 for (i = 0; i < num_domains; i++) {
6186 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6189 * get each single domain's sid (do we _really_ need this ?):
6190 * 1) connect to domain's pdc
6191 * 2) query the pdc for domain's sid
6194 /* get rid of '$' tail */
6195 ascii_dom_name_len = strlen(str);
6196 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6197 str[ascii_dom_name_len - 1] = '\0';
6199 /* calculate padding space for d_printf to look nicer */
6200 pad_len = col_len - strlen(str);
6201 padding[pad_len] = 0;
6202 do padding[--pad_len] = ' '; while (pad_len);
6204 /* set opt_* variables to remote domain */
6206 c->opt_workgroup = talloc_strdup(mem_ctx, str);
6207 c->opt_target_workgroup = c->opt_workgroup;
6209 d_printf("%s%s", str, padding);
6211 /* connect to remote domain controller */
6212 nt_status = net_make_ipc_connection(c,
6213 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6215 if (NT_STATUS_IS_OK(nt_status)) {
6216 /* query for domain's sid */
6217 if (run_rpc_command(
6219 &ndr_table_lsarpc.syntax_id, 0,
6220 rpc_query_domain_sid, argc,
6222 d_fprintf(stderr, "couldn't get domain's sid\n");
6224 cli_shutdown(remote_cli);
6227 d_fprintf(stderr, "domain controller is not "
6229 nt_errstr(nt_status));
6233 if (!num_domains) d_printf("none\n");
6235 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6237 /* close opened samr and domain policy handles */
6238 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6239 if (!NT_STATUS_IS_OK(nt_status)) {
6240 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6243 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6244 if (!NT_STATUS_IS_OK(nt_status)) {
6245 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6248 /* close samr pipe and connection to IPC$ */
6251 talloc_destroy(mem_ctx);
6256 * Entrypoint for 'net rpc trustdom' code.
6258 * @param argc Standard argc.
6259 * @param argv Standard argv without initial components.
6261 * @return Integer status (0 means success).
6264 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
6266 struct functable func[] = {
6271 "Add trusted domain's account",
6272 "net rpc trustdom add\n"
6273 " Add trusted domain's account"
6279 "Remove trusted domain's account",
6280 "net rpc trustdom del\n"
6281 " Remove trusted domain's account"
6285 rpc_trustdom_establish,
6287 "Establish trust relationship",
6288 "net rpc trustdom establish\n"
6289 " Establish trust relationship"
6293 rpc_trustdom_revoke,
6295 "Revoke trust relationship",
6296 "net rpc trustdom revoke\n"
6297 " Revoke trust relationship"
6303 "List domain trusts",
6304 "net rpc trustdom list\n"
6305 " List domain trusts"
6309 rpc_trustdom_vampire,
6311 "Vampire trusts from remote server",
6312 "net rpc trustdom vampire\n"
6313 " Vampire trusts from remote server"
6315 {NULL, NULL, 0, NULL, NULL}
6318 return net_run_function(c, argc, argv, "net rpc trustdom", func);
6322 * Check if a server will take rpc commands
6323 * @param flags Type of server to connect to (PDC, DMB, localhost)
6324 * if the host is not explicitly specified
6325 * @return bool (true means rpc supported)
6327 bool net_rpc_check(struct net_context *c, unsigned flags)
6329 struct cli_state *cli;
6331 struct sockaddr_storage server_ss;
6332 char *server_name = NULL;
6335 /* flags (i.e. server type) may depend on command */
6336 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
6339 if ((cli = cli_initialise()) == NULL) {
6343 status = cli_connect(cli, server_name, &server_ss);
6344 if (!NT_STATUS_IS_OK(status))
6346 if (!attempt_netbios_session_request(&cli, global_myname(),
6347 server_name, &server_ss))
6349 if (!cli_negprot(cli))
6351 if (cli->protocol < PROTOCOL_NT1)
6360 /* dump sam database via samsync rpc calls */
6361 static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
6362 if (c->display_usage) {
6365 " Dump remote SAM database\n");
6369 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
6370 NET_FLAGS_ANONYMOUS,
6371 rpc_samdump_internals, argc, argv);
6374 /* syncronise sam database via samsync rpc calls */
6375 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
6377 struct functable func[] = {
6382 "Dump remote SAM database to ldif",
6383 "net rpc vampire ldif\n"
6384 " Dump remote SAM database to LDIF file or stdout"
6390 "Dump remote SAM database to Kerberos Keytab",
6391 "net rpc vampire keytab\n"
6392 " Dump remote SAM database to Kerberos keytab file"
6395 {NULL, NULL, 0, NULL, NULL}
6399 if (c->display_usage) {
6402 " Vampire remote SAM database\n");
6406 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
6407 NET_FLAGS_ANONYMOUS,
6408 rpc_vampire_internals,
6412 return net_run_function(c, argc, argv, "net rpc vampire", func);
6416 * Migrate everything from a print server.
6418 * @param c A net_context structure.
6419 * @param argc Standard main() style argc.
6420 * @param argv Standard main() style argv. Initial components are already
6423 * @return A shell status integer (0 for success).
6425 * The order is important !
6426 * To successfully add drivers the print queues have to exist !
6427 * Applying ACLs should be the last step, because you're easily locked out.
6430 static int rpc_printer_migrate_all(struct net_context *c, int argc,
6435 if (c->display_usage) {
6437 "net rpc printer migrate all\n"
6438 " Migrate everything from a print server\n");
6443 d_printf("no server to migrate\n");
6447 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6448 rpc_printer_migrate_printers_internals, argc,
6453 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6454 rpc_printer_migrate_drivers_internals, argc,
6459 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6460 rpc_printer_migrate_forms_internals, argc, argv);
6464 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6465 rpc_printer_migrate_settings_internals, argc,
6470 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6471 rpc_printer_migrate_security_internals, argc,
6477 * Migrate print drivers from a print server.
6479 * @param c A net_context structure.
6480 * @param argc Standard main() style argc.
6481 * @param argv Standard main() style argv. Initial components are already
6484 * @return A shell status integer (0 for success).
6486 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
6489 if (c->display_usage) {
6491 "net rpc printer migrate drivers\n"
6492 " Migrate print-drivers from a print-server\n");
6497 d_printf("no server to migrate\n");
6501 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6502 rpc_printer_migrate_drivers_internals,
6507 * Migrate print-forms from a print-server.
6509 * @param c A net_context structure.
6510 * @param argc Standard main() style argc.
6511 * @param argv Standard main() style argv. Initial components are already
6514 * @return A shell status integer (0 for success).
6516 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
6519 if (c->display_usage) {
6521 "net rpc printer migrate forms\n"
6522 " Migrate print-forms from a print-server\n");
6527 d_printf("no server to migrate\n");
6531 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6532 rpc_printer_migrate_forms_internals,
6537 * Migrate printers from a print-server.
6539 * @param c A net_context structure.
6540 * @param argc Standard main() style argc.
6541 * @param argv Standard main() style argv. Initial components are already
6544 * @return A shell status integer (0 for success).
6546 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
6549 if (c->display_usage) {
6551 "net rpc printer migrate printers\n"
6552 " Migrate printers from a print-server\n");
6557 d_printf("no server to migrate\n");
6561 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6562 rpc_printer_migrate_printers_internals,
6567 * Migrate printer-ACLs from a print-server
6569 * @param c A net_context structure.
6570 * @param argc Standard main() style argc.
6571 * @param argv Standard main() style argv. Initial components are already
6574 * @return A shell status integer (0 for success).
6576 static int rpc_printer_migrate_security(struct net_context *c, int argc,
6579 if (c->display_usage) {
6581 "net rpc printer migrate security\n"
6582 " Migrate printer-ACLs from a print-server\n");
6587 d_printf("no server to migrate\n");
6591 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6592 rpc_printer_migrate_security_internals,
6597 * Migrate printer-settings from a print-server.
6599 * @param c A net_context structure.
6600 * @param argc Standard main() style argc.
6601 * @param argv Standard main() style argv. Initial components are already
6604 * @return A shell status integer (0 for success).
6606 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
6609 if (c->display_usage) {
6611 "net rpc printer migrate settings\n"
6612 " Migrate printer-settings from a print-server\n");
6617 d_printf("no server to migrate\n");
6621 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6622 rpc_printer_migrate_settings_internals,
6627 * 'net rpc printer' entrypoint.
6629 * @param c A net_context structure.
6630 * @param argc Standard main() style argc.
6631 * @param argv Standard main() style argv. Initial components are already
6635 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
6638 /* ouch: when addriver and setdriver are called from within
6639 rpc_printer_migrate_drivers_internals, the printer-queue already
6642 struct functable func[] = {
6645 rpc_printer_migrate_all,
6647 "Migrate all from remote to local print server",
6648 "net rpc printer migrate all\n"
6649 " Migrate all from remote to local print server"
6653 rpc_printer_migrate_drivers,
6655 "Migrate drivers to local server",
6656 "net rpc printer migrate drivers\n"
6657 " Migrate drivers to local server"
6661 rpc_printer_migrate_forms,
6663 "Migrate froms to local server",
6664 "net rpc printer migrate forms\n"
6665 " Migrate froms to local server"
6669 rpc_printer_migrate_printers,
6671 "Migrate printers to local server",
6672 "net rpc printer migrate printers\n"
6673 " Migrate printers to local server"
6677 rpc_printer_migrate_security,
6679 "Mirgate printer ACLs to local server",
6680 "net rpc printer migrate security\n"
6681 " Mirgate printer ACLs to local server"
6685 rpc_printer_migrate_settings,
6687 "Migrate printer settings to local server",
6688 "net rpc printer migrate settings\n"
6689 " Migrate printer settings to local server"
6691 {NULL, NULL, 0, NULL, NULL}
6694 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
6699 * List printers on a remote RPC server.
6701 * @param c A net_context structure.
6702 * @param argc Standard main() style argc.
6703 * @param argv Standard main() style argv. Initial components are already
6706 * @return A shell status integer (0 for success).
6708 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
6710 if (c->display_usage) {
6712 "net rpc printer list\n"
6713 " List printers on a remote RPC server\n");
6717 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6718 rpc_printer_list_internals,
6723 * List printer-drivers on a remote RPC server.
6725 * @param c A net_context structure.
6726 * @param argc Standard main() style argc.
6727 * @param argv Standard main() style argv. Initial components are already
6730 * @return A shell status integer (0 for success).
6732 static int rpc_printer_driver_list(struct net_context *c, int argc,
6735 if (c->display_usage) {
6737 "net rpc printer driver\n"
6738 " List printer-drivers on a remote RPC server\n");
6742 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6743 rpc_printer_driver_list_internals,
6748 * Publish printer in ADS via MSRPC.
6750 * @param c A net_context structure.
6751 * @param argc Standard main() style argc.
6752 * @param argv Standard main() style argv. Initial components are already
6755 * @return A shell status integer (0 for success).
6757 static int rpc_printer_publish_publish(struct net_context *c, int argc,
6760 if (c->display_usage) {
6762 "net rpc printer publish publish\n"
6763 " Publish printer in ADS via MSRPC\n");
6767 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6768 rpc_printer_publish_publish_internals,
6773 * Update printer in ADS via MSRPC.
6775 * @param c A net_context structure.
6776 * @param argc Standard main() style argc.
6777 * @param argv Standard main() style argv. Initial components are already
6780 * @return A shell status integer (0 for success).
6782 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
6784 if (c->display_usage) {
6786 "net rpc printer publish update\n"
6787 " Update printer in ADS via MSRPC\n");
6791 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6792 rpc_printer_publish_update_internals,
6797 * UnPublish printer in ADS via MSRPC.
6799 * @param c A net_context structure.
6800 * @param argc Standard main() style argc.
6801 * @param argv Standard main() style argv. Initial components are already
6804 * @return A shell status integer (0 for success).
6806 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
6809 if (c->display_usage) {
6811 "net rpc printer publish unpublish\n"
6812 " UnPublish printer in ADS via MSRPC\n");
6816 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6817 rpc_printer_publish_unpublish_internals,
6822 * List published printers via MSRPC.
6824 * @param c A net_context structure.
6825 * @param argc Standard main() style argc.
6826 * @param argv Standard main() style argv. Initial components are already
6829 * @return A shell status integer (0 for success).
6831 static int rpc_printer_publish_list(struct net_context *c, int argc,
6834 if (c->display_usage) {
6836 "net rpc printer publish list\n"
6837 " List published printers via MSRPC\n");
6841 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6842 rpc_printer_publish_list_internals,
6848 * Publish printer in ADS.
6850 * @param c A net_context structure.
6851 * @param argc Standard main() style argc.
6852 * @param argv Standard main() style argv. Initial components are already
6855 * @return A shell status integer (0 for success).
6857 static int rpc_printer_publish(struct net_context *c, int argc,
6861 struct functable func[] = {
6864 rpc_printer_publish_publish,
6866 "Publish printer in AD",
6867 "net rpc printer publish publish\n"
6868 " Publish printer in AD"
6872 rpc_printer_publish_update,
6874 "Update printer in AD",
6875 "net rpc printer publish update\n"
6876 " Update printer in AD"
6880 rpc_printer_publish_unpublish,
6882 "Unpublish printer",
6883 "net rpc printer publish unpublish\n"
6884 " Unpublish printer"
6888 rpc_printer_publish_list,
6890 "List published printers",
6891 "net rpc printer publish list\n"
6892 " List published printers"
6894 {NULL, NULL, 0, NULL, NULL}
6898 if (c->display_usage) {
6899 d_printf("Usage:\n");
6900 d_printf("net rpc printer publish\n"
6901 " List published printers\n"
6902 " Alias of net rpc printer publish list\n");
6903 net_display_usage_from_functable(func);
6906 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6907 rpc_printer_publish_list_internals,
6911 return net_run_function(c, argc, argv, "net rpc printer publish",func);
6917 * Display rpc printer help page.
6919 * @param c A net_context structure.
6920 * @param argc Standard main() style argc.
6921 * @param argv Standard main() style argv. Initial components are already
6924 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
6926 d_printf("net rpc printer LIST [printer] [misc. options] [targets]\n"
6927 "\tlists all printers on print-server\n\n");
6928 d_printf("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
6929 "\tlists all printer-drivers on print-server\n\n");
6930 d_printf("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
6931 "\tpublishes printer settings in Active Directory\n"
6932 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n");
6933 d_printf("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
6934 "\n\tmigrates printers from remote to local server\n\n");
6935 d_printf("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
6936 "\n\tmigrates printer-settings from remote to local server\n\n");
6937 d_printf("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
6938 "\n\tmigrates printer-drivers from remote to local server\n\n");
6939 d_printf("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
6940 "\n\tmigrates printer-forms from remote to local server\n\n");
6941 d_printf("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
6942 "\n\tmigrates printer-ACLs from remote to local server\n\n");
6943 d_printf("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
6944 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
6945 "\tremote to local print-server\n\n");
6946 net_common_methods_usage(c, argc, argv);
6947 net_common_flags_usage(c, argc, argv);
6949 "\t-v or --verbose\t\t\tgive verbose output\n"
6950 "\t --destination\t\tmigration target server (default: localhost)\n");
6956 * 'net rpc printer' entrypoint.
6958 * @param c A net_context structure.
6959 * @param argc Standard main() style argc.
6960 * @param argv Standard main() style argv. Initial components are already
6963 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
6965 struct functable func[] = {
6970 "List all printers on print server",
6971 "net rpc printer list\n"
6972 " List all printers on print server"
6976 rpc_printer_migrate,
6978 "Migrate printer to local server",
6979 "net rpc printer migrate\n"
6980 " Migrate printer to local server"
6984 rpc_printer_driver_list,
6986 "List printer drivers",
6987 "net rpc printer driver\n"
6988 " List printer drivers"
6992 rpc_printer_publish,
6994 "Publish printer in AD",
6995 "net rpc printer publish\n"
6996 " Publish printer in AD"
6998 {NULL, NULL, 0, NULL, NULL}
7002 if (c->display_usage) {
7003 d_printf("Usage:\n");
7004 d_printf("net rpc printer\n"
7005 " List printers\n");
7006 net_display_usage_from_functable(func);
7009 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
7010 rpc_printer_list_internals,
7014 return net_run_function(c, argc, argv, "net rpc printer", func);
7018 * 'net rpc' entrypoint.
7020 * @param c A net_context structure.
7021 * @param argc Standard main() style argc.
7022 * @param argv Standard main() style argv. Initial components are already
7026 int net_rpc(struct net_context *c, int argc, const char **argv)
7028 struct functable func[] = {
7033 "Modify global audit settings",
7035 " Modify global audit settings"
7041 "Show basic info about a domain",
7043 " Show basic info about a domain"
7057 "Join a domain created in server manager",
7059 " Join a domain created in server manager"
7065 "Test that a join is valid",
7066 "net rpc testjoin\n"
7067 " Test that a join is valid"
7073 "List/modify users",
7075 " List/modify users"
7081 "Change a user password",
7082 "net rpc password\n"
7083 " Change a user password\n"
7084 " Alias for net rpc user password"
7090 "List/modify groups",
7092 " List/modify groups"
7098 "List/modify shares",
7100 " List/modify shares"
7114 "List/modify printers",
7116 " List/modify printers"
7120 net_rpc_changetrustpw,
7122 "Change trust account password",
7123 "net rpc changetrustpw\n"
7124 " Change trust account password"
7130 "Modify domain trusts",
7131 "net rpc trustdom\n"
7132 " Modify domain trusts"
7138 "Abort a remote shutdown",
7139 "net rpc abortshutdown\n"
7140 " Abort a remote shutdown"
7146 "Shutdown a remote server",
7147 "net rpc shutdown\n"
7148 " Shutdown a remote server"
7154 "Dump SAM data of remote NT PDC",
7156 " Dump SAM data of remote NT PDC"
7162 "Sync a remote NT PDC's data into local passdb",
7164 " Sync a remote NT PDC's data into local passdb"
7170 "Fetch the domain sid into local secrets.tdb",
7172 " Fetch the domain sid into local secrets.tdb"
7178 "Manage privileges assigned to SID",
7180 " Manage privileges assigned to SID"
7186 "Start/stop/query remote services",
7188 " Start/stop/query remote services"
7194 "Manage registry hives",
7195 "net rpc registry\n"
7196 " Manage registry hives"
7202 "Open interactive shell on remote server",
7204 " Open interactive shell on remote server"
7206 {NULL, NULL, 0, NULL, NULL}
7208 return net_run_function(c, argc, argv, "net rpc", func);
git.samba.org / metze / samba / wb-ndr.git / blob