2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
32 * @brief RPC based subcommands for the 'net' utility.
34 * This file should contain much of the functionality that used to
35 * be found in rpcclient, execpt that the commands should change
36 * less often, and the fucntionality should be sane (the user is not
37 * expected to know a rid/sid before they conduct an operation etc.)
39 * @todo Perhaps eventually these should be split out into a number
40 * of files, as this could get quite big.
45 * Many of the RPC functions need the domain sid. This function gets
46 * it at the start of every run
48 * @param cli A cli_state already connected to the remote machine
50 * @return The Domain SID of the remote machine.
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
55 const char **domain_name)
57 struct rpc_pipe_client *lsa_pipe;
59 NTSTATUS result = NT_STATUS_OK;
60 union lsa_PolicyInformation *info = NULL;
62 lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
64 d_fprintf(stderr, "Could not initialise lsa pipe\n");
68 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
69 SEC_RIGHTS_MAXIMUM_ALLOWED,
71 if (!NT_STATUS_IS_OK(result)) {
72 d_fprintf(stderr, "open_policy failed: %s\n",
77 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
79 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
81 if (!NT_STATUS_IS_OK(result)) {
82 d_fprintf(stderr, "lsaquery failed: %s\n",
87 *domain_name = info->account_domain.name.string;
88 *domain_sid = info->account_domain.sid;
90 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
91 TALLOC_FREE(lsa_pipe);
97 * Run a single RPC command, from start to finish.
99 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
100 * @param conn_flag a NET_FLAG_ combination. Passed to
101 * net_make_ipc_connection.
102 * @param argc Standard main() style argc.
103 * @param argv Standard main() style argv. Initial components are already
105 * @return A shell status integer (0 for success).
108 int run_rpc_command(struct net_context *c,
109 struct cli_state *cli_arg,
116 struct cli_state *cli = NULL;
117 struct rpc_pipe_client *pipe_hnd = NULL;
121 const char *domain_name;
123 /* make use of cli_state handed over as an argument, if possible */
125 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
126 if (!NT_STATUS_IS_OK(nt_status)) {
127 DEBUG(1, ("failed to make ipc connection: %s\n",
128 nt_errstr(nt_status)));
141 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
142 DEBUG(0, ("talloc_init() failed\n"));
147 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
149 if (!NT_STATUS_IS_OK(nt_status)) {
154 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
155 if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
156 /* Always try and create an schannel netlogon pipe. */
157 pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
158 PIPE_AUTH_LEVEL_PRIVACY,
162 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
163 nt_errstr(nt_status) ));
168 if (conn_flags & NET_FLAGS_SEAL) {
169 pipe_hnd = cli_rpc_pipe_open_ntlmssp(cli, pipe_idx,
170 PIPE_AUTH_LEVEL_PRIVACY,
176 pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
179 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
180 cli_get_pipe_name(pipe_idx),
181 nt_errstr(nt_status) ));
188 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
190 if (!NT_STATUS_IS_OK(nt_status)) {
191 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
193 DEBUG(5, ("rpc command function succedded\n"));
196 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
198 TALLOC_FREE(pipe_hnd);
202 /* close the connection only if it was opened here */
207 talloc_destroy(mem_ctx);
208 return (!NT_STATUS_IS_OK(nt_status));
212 * Force a change of the trust acccount password.
214 * All parameters are provided by the run_rpc_command function, except for
215 * argc, argv which are passed through.
217 * @param domain_sid The domain sid acquired from the remote server.
218 * @param cli A cli_state connected to the server.
219 * @param mem_ctx Talloc context, destroyed on completion of the function.
220 * @param argc Standard main() style argc.
221 * @param argv Standard main() style argv. Initial components are already
224 * @return Normal NTSTATUS return.
227 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
228 const DOM_SID *domain_sid,
229 const char *domain_name,
230 struct cli_state *cli,
231 struct rpc_pipe_client *pipe_hnd,
237 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
241 * Force a change of the trust acccount password.
243 * @param argc Standard main() style argc.
244 * @param argv Standard main() style argv. Initial components are already
247 * @return A shell status integer (0 for success).
250 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
252 if (c->display_usage) {
254 "net rpc changetrustpw\n"
255 " Change the machine trust password\n");
259 return run_rpc_command(c, NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
260 rpc_changetrustpw_internals,
265 * Join a domain, the old way.
267 * This uses 'machinename' as the inital password, and changes it.
269 * The password should be created with 'server manager' or equiv first.
271 * All parameters are provided by the run_rpc_command function, except for
272 * argc, argv which are passed through.
274 * @param domain_sid The domain sid acquired from the remote server.
275 * @param cli A cli_state connected to the server.
276 * @param mem_ctx Talloc context, destroyed on completion of the function.
277 * @param argc Standard main() style argc.
278 * @param argv Standard main() style argv. Initial components are already
281 * @return Normal NTSTATUS return.
284 static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
285 const DOM_SID *domain_sid,
286 const char *domain_name,
287 struct cli_state *cli,
288 struct rpc_pipe_client *pipe_hnd,
294 fstring trust_passwd;
295 unsigned char orig_trust_passwd_hash[16];
297 uint32 sec_channel_type;
299 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &result);
301 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
304 nt_errstr(result) ));
309 check what type of join - if the user want's to join as
310 a BDC, the server must agree that we are a BDC.
313 sec_channel_type = get_sec_channel_type(argv[0]);
315 sec_channel_type = get_sec_channel_type(NULL);
318 fstrcpy(trust_passwd, global_myname());
319 strlower_m(trust_passwd);
322 * Machine names can be 15 characters, but the max length on
323 * a password is 14. --jerry
326 trust_passwd[14] = '\0';
328 E_md4hash(trust_passwd, orig_trust_passwd_hash);
330 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
331 orig_trust_passwd_hash,
334 if (NT_STATUS_IS_OK(result))
335 printf("Joined domain %s.\n", c->opt_target_workgroup);
338 if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
339 DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
340 result = NT_STATUS_UNSUCCESSFUL;
347 * Join a domain, the old way.
349 * @param argc Standard main() style argc.
350 * @param argv Standard main() style argv. Initial components are already
353 * @return A shell status integer (0 for success).
356 static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
358 return run_rpc_command(c, NULL, PI_NETLOGON,
359 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
360 rpc_oldjoin_internals,
365 * Join a domain, the old way. This function exists to allow
366 * the message to be displayed when oldjoin was explicitly
367 * requested, but not when it was implied by "net rpc join".
369 * @param argc Standard main() style argc.
370 * @param argv Standard main() style argv. Initial components are already
373 * @return A shell status integer (0 for success).
376 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
380 if (c->display_usage) {
383 " Join a domain the old way\n");
387 rc = net_rpc_perform_oldjoin(c, argc, argv);
390 d_fprintf(stderr, "Failed to join domain\n");
397 * 'net rpc join' entrypoint.
398 * @param argc Standard main() style argc.
399 * @param argv Standard main() style argv. Initial components are already
402 * Main 'net_rpc_join()' (where the admin username/password is used) is
404 * Try to just change the password, but if that doesn't work, use/prompt
405 * for a username/password.
408 int net_rpc_join(struct net_context *c, int argc, const char **argv)
410 if (c->display_usage) {
412 "net rpc join -U <username>[%%password] <type>\n"
414 " username\tName of the admin user"
415 " password\tPassword of the admin user, will "
416 "prompt if not specified\n"
417 " type\tCan be one of the following:\n"
418 "\t\tMEMBER\tJoin as member server (default)\n"
419 "\t\tBDC\tJoin as BDC\n"
420 "\t\tPDC\tJoin as PDC\n");
424 if (lp_server_role() == ROLE_STANDALONE) {
425 d_printf("cannot join as standalone machine\n");
429 if (strlen(global_myname()) > 15) {
430 d_printf("Our netbios name can be at most 15 chars long, "
431 "\"%s\" is %u chars long\n",
432 global_myname(), (unsigned int)strlen(global_myname()));
436 if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
439 return net_rpc_join_newstyle(c, argc, argv);
443 * display info about a rpc domain
445 * All parameters are provided by the run_rpc_command function, except for
446 * argc, argv which are passed through.
448 * @param domain_sid The domain sid acquired from the remote server
449 * @param cli A cli_state connected to the server.
450 * @param mem_ctx Talloc context, destroyed on completion of the function.
451 * @param argc Standard main() style argc.
452 * @param argv Standard main() style argv. Initial components are already
455 * @return Normal NTSTATUS return.
458 NTSTATUS rpc_info_internals(struct net_context *c,
459 const DOM_SID *domain_sid,
460 const char *domain_name,
461 struct cli_state *cli,
462 struct rpc_pipe_client *pipe_hnd,
467 POLICY_HND connect_pol, domain_pol;
468 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
469 union samr_DomainInfo *info = NULL;
472 sid_to_fstring(sid_str, domain_sid);
474 /* Get sam policy handle */
475 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
477 MAXIMUM_ALLOWED_ACCESS,
479 if (!NT_STATUS_IS_OK(result)) {
480 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
484 /* Get domain policy handle */
485 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
487 MAXIMUM_ALLOWED_ACCESS,
488 CONST_DISCARD(struct dom_sid2 *, domain_sid),
490 if (!NT_STATUS_IS_OK(result)) {
491 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
495 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
499 if (NT_STATUS_IS_OK(result)) {
500 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
501 d_printf("Domain SID: %s\n", sid_str);
502 d_printf("Sequence number: %llu\n",
503 (unsigned long long)info->info2.sequence_num);
504 d_printf("Num users: %u\n", info->info2.num_users);
505 d_printf("Num domain groups: %u\n", info->info2.num_groups);
506 d_printf("Num local groups: %u\n", info->info2.num_aliases);
514 * 'net rpc info' entrypoint.
515 * @param argc Standard main() style argc.
516 * @param argv Standard main() style argv. Initial components are already
520 int net_rpc_info(struct net_context *c, int argc, const char **argv)
522 if (c->display_usage) {
525 " Display information about the domain\n");
529 return run_rpc_command(c, NULL, PI_SAMR, NET_FLAGS_PDC,
535 * Fetch domain SID into the local secrets.tdb.
537 * All parameters are provided by the run_rpc_command function, except for
538 * argc, argv which are passed through.
540 * @param domain_sid The domain sid acquired from the remote server.
541 * @param cli A cli_state connected to the server.
542 * @param mem_ctx Talloc context, destroyed on completion of the function.
543 * @param argc Standard main() style argc.
544 * @param argv Standard main() style argv. Initial components are already
547 * @return Normal NTSTATUS return.
550 static NTSTATUS rpc_getsid_internals(struct net_context *c,
551 const DOM_SID *domain_sid,
552 const char *domain_name,
553 struct cli_state *cli,
554 struct rpc_pipe_client *pipe_hnd,
561 sid_to_fstring(sid_str, domain_sid);
562 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
563 sid_str, domain_name);
565 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
566 DEBUG(0,("Can't store domain SID\n"));
567 return NT_STATUS_UNSUCCESSFUL;
574 * 'net rpc getsid' entrypoint.
575 * @param argc Standard main() style argc.
576 * @param argv Standard main() style argv. Initial components are already
580 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
582 if (c->display_usage) {
585 " Fetch domain SID into local secrets.tdb\n");
589 return run_rpc_command(c, NULL, PI_SAMR,
590 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
591 rpc_getsid_internals,
595 /****************************************************************************/
598 * Basic usage function for 'net rpc user'.
599 * @param argc Standard main() style argc.
600 * @param argv Standard main() style argv. Initial components are already
604 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
606 return net_user_usage(c, argc, argv);
610 * Add a new user to a remote RPC server.
612 * @param argc Standard main() style argc.
613 * @param argv Standard main() style argv. Initial components are already
616 * @return A shell status integer (0 for success).
619 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
621 NET_API_STATUS status;
622 struct USER_INFO_1 info1;
623 uint32_t parm_error = 0;
625 if (argc < 1 || c->display_usage) {
626 rpc_user_usage(c, argc, argv);
632 info1.usri1_name = argv[0];
634 info1.usri1_password = argv[1];
637 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
640 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
641 argv[0], libnetapi_get_error_string(c->netapi_ctx,
645 d_printf("Added user '%s'.\n", argv[0]);
652 * Rename a user on a remote RPC server.
654 * All parameters are provided by the run_rpc_command function, except for
655 * argc, argv which are passed through.
657 * @param domain_sid The domain sid acquired from the remote server.
658 * @param cli A cli_state connected to the server.
659 * @param mem_ctx Talloc context, destroyed on completion of the function.
660 * @param argc Standard main() style argc.
661 * @param argv Standard main() style argv. Initial components are already
664 * @return Normal NTSTATUS return.
667 static NTSTATUS rpc_user_rename_internals(struct net_context *c,
668 const DOM_SID *domain_sid,
669 const char *domain_name,
670 struct cli_state *cli,
671 struct rpc_pipe_client *pipe_hnd,
676 POLICY_HND connect_pol, domain_pol, user_pol;
677 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
678 uint32 info_level = 7;
679 const char *old_name, *new_name;
680 struct samr_Ids user_rids, name_types;
681 struct lsa_String lsa_acct_name;
682 union samr_UserInfo *info = NULL;
684 if (argc != 2 || c->display_usage) {
685 rpc_user_usage(c, argc, argv);
692 /* Get sam policy handle */
694 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
696 MAXIMUM_ALLOWED_ACCESS,
699 if (!NT_STATUS_IS_OK(result)) {
703 /* Get domain policy handle */
705 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
707 MAXIMUM_ALLOWED_ACCESS,
708 CONST_DISCARD(struct dom_sid2 *, domain_sid),
710 if (!NT_STATUS_IS_OK(result)) {
714 init_lsa_String(&lsa_acct_name, old_name);
716 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
722 if (!NT_STATUS_IS_OK(result)) {
726 /* Open domain user */
727 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
729 MAXIMUM_ALLOWED_ACCESS,
733 if (!NT_STATUS_IS_OK(result)) {
737 /* Query user info */
738 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
743 if (!NT_STATUS_IS_OK(result)) {
747 init_samr_user_info7(&info->info7, new_name);
750 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
755 if (!NT_STATUS_IS_OK(result)) {
760 if (!NT_STATUS_IS_OK(result)) {
761 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name,
764 d_printf("Renamed user from %s to %s\n", old_name, new_name);
770 * Rename a user on a remote RPC server.
772 * @param argc Standard main() style argc.
773 * @param argv Standard main() style argv. Initial components are already
776 * @return A shell status integer (0 for success).
779 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
781 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_user_rename_internals,
786 * Delete a user from a remote RPC server.
788 * @param argc Standard main() style argc.
789 * @param argv Standard main() style argv. Initial components are already
792 * @return A shell status integer (0 for success).
795 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
797 NET_API_STATUS status;
799 if (argc < 1 || c->display_usage) {
800 rpc_user_usage(c, argc, argv);
804 status = NetUserDel(c->opt_host, argv[0]);
807 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
809 libnetapi_get_error_string(c->netapi_ctx, status));
812 d_printf("Deleted user '%s'.\n", argv[0]);
819 * Set a password for a user on a remote RPC server.
821 * All parameters are provided by the run_rpc_command function, except for
822 * argc, argv which are passed through.
824 * @param domain_sid The domain sid acquired from the remote server.
825 * @param cli A cli_state connected to the server.
826 * @param mem_ctx Talloc context, destroyed on completion of the function.
827 * @param argc Standard main() style argc.
828 * @param argv Standard main() style argv. Initial components are already
831 * @return Normal NTSTATUS return.
834 static NTSTATUS rpc_user_password_internals(struct net_context *c,
835 const DOM_SID *domain_sid,
836 const char *domain_name,
837 struct cli_state *cli,
838 struct rpc_pipe_client *pipe_hnd,
843 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
844 POLICY_HND connect_pol, domain_pol, user_pol;
847 const char *new_password;
849 union samr_UserInfo info;
851 if (argc < 1 || c->display_usage) {
852 rpc_user_usage(c, argc, argv);
859 new_password = argv[1];
861 asprintf(&prompt, "Enter new password for %s:", user);
862 new_password = getpass(prompt);
866 /* Get sam policy and domain handles */
868 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
870 MAXIMUM_ALLOWED_ACCESS,
873 if (!NT_STATUS_IS_OK(result)) {
877 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
879 MAXIMUM_ALLOWED_ACCESS,
880 CONST_DISCARD(struct dom_sid2 *, domain_sid),
883 if (!NT_STATUS_IS_OK(result)) {
887 /* Get handle on user */
890 struct samr_Ids user_rids, name_types;
891 struct lsa_String lsa_acct_name;
893 init_lsa_String(&lsa_acct_name, user);
895 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
901 if (!NT_STATUS_IS_OK(result)) {
905 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
907 MAXIMUM_ALLOWED_ACCESS,
911 if (!NT_STATUS_IS_OK(result)) {
916 /* Set password on account */
918 encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
920 init_samr_user_info24(&info.info24, pwbuf, 24);
922 SamOEMhashBlob(info.info24.password.data, 516,
923 &cli->user_session_key);
925 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
930 if (!NT_STATUS_IS_OK(result)) {
934 /* Display results */
942 * Set a user's password on a remote RPC server.
944 * @param argc Standard main() style argc.
945 * @param argv Standard main() style argv. Initial components are already
948 * @return A shell status integer (0 for success).
951 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
953 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_user_password_internals,
958 * List user's groups on a remote RPC server.
960 * All parameters are provided by the run_rpc_command function, except for
961 * argc, argv which are passed through.
963 * @param domain_sid The domain sid acquired from the remote server.
964 * @param cli A cli_state connected to the server.
965 * @param mem_ctx Talloc context, destroyed on completion of the function.
966 * @param argc Standard main() style argc.
967 * @param argv Standard main() style argv. Initial components are already
970 * @return Normal NTSTATUS return.
973 static NTSTATUS rpc_user_info_internals(struct net_context *c,
974 const DOM_SID *domain_sid,
975 const char *domain_name,
976 struct cli_state *cli,
977 struct rpc_pipe_client *pipe_hnd,
982 POLICY_HND connect_pol, domain_pol, user_pol;
983 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
985 struct samr_RidWithAttributeArray *rid_array = NULL;
986 struct lsa_Strings names;
987 struct samr_Ids types;
988 uint32_t *lrids = NULL;
989 struct samr_Ids rids, name_types;
990 struct lsa_String lsa_acct_name;
993 if (argc < 1 || c->display_usage) {
994 rpc_user_usage(c, argc, argv);
997 /* Get sam policy handle */
999 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1001 MAXIMUM_ALLOWED_ACCESS,
1003 if (!NT_STATUS_IS_OK(result)) goto done;
1005 /* Get domain policy handle */
1007 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1009 MAXIMUM_ALLOWED_ACCESS,
1010 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1012 if (!NT_STATUS_IS_OK(result)) goto done;
1014 /* Get handle on user */
1016 init_lsa_String(&lsa_acct_name, argv[0]);
1018 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1025 if (!NT_STATUS_IS_OK(result)) goto done;
1027 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1029 MAXIMUM_ALLOWED_ACCESS,
1032 if (!NT_STATUS_IS_OK(result)) goto done;
1034 result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
1038 if (!NT_STATUS_IS_OK(result)) goto done;
1042 if (rid_array->count) {
1043 if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
1044 result = NT_STATUS_NO_MEMORY;
1048 for (i = 0; i < rid_array->count; i++)
1049 lrids[i] = rid_array->rids[i].rid;
1051 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
1058 if (!NT_STATUS_IS_OK(result)) {
1062 /* Display results */
1064 for (i = 0; i < names.count; i++)
1065 printf("%s\n", names.names[i].string);
1072 * List a user's groups from a remote RPC server.
1074 * @param argc Standard main() style argc.
1075 * @param argv Standard main() style argv. Initial components are already
1078 * @return A shell status integer (0 for success)
1081 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
1083 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_user_info_internals,
1088 * List users on a remote RPC server.
1090 * All parameters are provided by the run_rpc_command function, except for
1091 * argc, argv which are passed through.
1093 * @param domain_sid The domain sid acquired from the remote server.
1094 * @param cli A cli_state connected to the server.
1095 * @param mem_ctx Talloc context, destroyed on completion of the function.
1096 * @param argc Standard main() style argc.
1097 * @param argv Standard main() style argv. Initial components are already
1100 * @return Normal NTSTATUS return.
1103 static NTSTATUS rpc_user_list_internals(struct net_context *c,
1104 const DOM_SID *domain_sid,
1105 const char *domain_name,
1106 struct cli_state *cli,
1107 struct rpc_pipe_client *pipe_hnd,
1108 TALLOC_CTX *mem_ctx,
1112 POLICY_HND connect_pol, domain_pol;
1113 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1114 uint32 start_idx=0, num_entries, i, loop_count = 0;
1116 /* Get sam policy handle */
1118 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1120 MAXIMUM_ALLOWED_ACCESS,
1122 if (!NT_STATUS_IS_OK(result)) {
1126 /* Get domain policy handle */
1128 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1130 MAXIMUM_ALLOWED_ACCESS,
1131 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1133 if (!NT_STATUS_IS_OK(result)) {
1137 /* Query domain users */
1138 if (c->opt_long_list_entries)
1139 d_printf("\nUser name Comment"
1140 "\n-----------------------------\n");
1142 const char *user = NULL;
1143 const char *desc = NULL;
1144 uint32 max_entries, max_size;
1145 uint32_t total_size, returned_size;
1146 union samr_DispInfo info;
1148 get_query_dispinfo_params(
1149 loop_count, &max_entries, &max_size);
1151 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
1161 start_idx += info.info1.count;
1162 num_entries = info.info1.count;
1164 for (i = 0; i < num_entries; i++) {
1165 user = info.info1.entries[i].account_name.string;
1166 if (c->opt_long_list_entries)
1167 desc = info.info1.entries[i].description.string;
1168 if (c->opt_long_list_entries)
1169 printf("%-21.21s %s\n", user, desc);
1171 printf("%s\n", user);
1173 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1180 * 'net rpc user' entrypoint.
1181 * @param argc Standard main() style argc.
1182 * @param argv Standard main() style argv. Initial components are already
1186 int net_rpc_user(struct net_context *c, int argc, const char **argv)
1188 NET_API_STATUS status;
1190 struct functable func[] = {
1195 "Add specified user",
1196 "net rpc user add\n"
1197 " Add specified user"
1203 "List domain groups of user",
1204 "net rpc user info\n"
1205 " Lis domain groups of user"
1211 "Remove specified user",
1212 "net rpc user delete\n"
1213 " Remove specified user"
1219 "Change user password",
1220 "net rpc user password\n"
1221 " Change user password"
1227 "Rename specified user",
1228 "net rpc user rename\n"
1229 " Rename specified user"
1231 {NULL, NULL, 0, NULL, NULL}
1234 status = libnetapi_init(&c->netapi_ctx);
1238 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
1239 libnetapi_set_password(c->netapi_ctx, c->opt_password);
1242 if (c->display_usage) {
1243 d_printf("Usage:\n");
1244 d_printf("net rpc user\n"
1245 " List all users\n");
1246 net_display_usage_from_functable(func);
1250 return run_rpc_command(c, NULL,PI_SAMR, 0,
1251 rpc_user_list_internals,
1255 return net_run_function(c, argc, argv, "net rpc user", func);
1258 static NTSTATUS rpc_sh_user_list(struct net_context *c,
1259 TALLOC_CTX *mem_ctx,
1260 struct rpc_sh_ctx *ctx,
1261 struct rpc_pipe_client *pipe_hnd,
1262 int argc, const char **argv)
1264 return rpc_user_list_internals(c, ctx->domain_sid, ctx->domain_name,
1265 ctx->cli, pipe_hnd, mem_ctx,
1269 static NTSTATUS rpc_sh_user_info(struct net_context *c,
1270 TALLOC_CTX *mem_ctx,
1271 struct rpc_sh_ctx *ctx,
1272 struct rpc_pipe_client *pipe_hnd,
1273 int argc, const char **argv)
1275 return rpc_user_info_internals(c, ctx->domain_sid, ctx->domain_name,
1276 ctx->cli, pipe_hnd, mem_ctx,
1280 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
1281 TALLOC_CTX *mem_ctx,
1282 struct rpc_sh_ctx *ctx,
1283 struct rpc_pipe_client *pipe_hnd,
1284 int argc, const char **argv,
1286 struct net_context *c,
1287 TALLOC_CTX *mem_ctx,
1288 struct rpc_sh_ctx *ctx,
1289 struct rpc_pipe_client *pipe_hnd,
1290 POLICY_HND *user_hnd,
1291 int argc, const char **argv))
1293 POLICY_HND connect_pol, domain_pol, user_pol;
1294 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1297 enum lsa_SidType type;
1300 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1301 return NT_STATUS_INVALID_PARAMETER;
1304 ZERO_STRUCT(connect_pol);
1305 ZERO_STRUCT(domain_pol);
1306 ZERO_STRUCT(user_pol);
1308 result = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1309 argv[0], NULL, NULL, &sid, &type);
1310 if (!NT_STATUS_IS_OK(result)) {
1311 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1316 if (type != SID_NAME_USER) {
1317 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1318 sid_type_lookup(type));
1319 result = NT_STATUS_NO_SUCH_USER;
1323 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1324 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1325 result = NT_STATUS_NO_SUCH_USER;
1329 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1331 MAXIMUM_ALLOWED_ACCESS,
1333 if (!NT_STATUS_IS_OK(result)) {
1337 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1339 MAXIMUM_ALLOWED_ACCESS,
1342 if (!NT_STATUS_IS_OK(result)) {
1346 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1348 MAXIMUM_ALLOWED_ACCESS,
1351 if (!NT_STATUS_IS_OK(result)) {
1355 result = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1358 if (is_valid_policy_hnd(&user_pol)) {
1359 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1361 if (is_valid_policy_hnd(&domain_pol)) {
1362 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1364 if (is_valid_policy_hnd(&connect_pol)) {
1365 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1370 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1371 TALLOC_CTX *mem_ctx,
1372 struct rpc_sh_ctx *ctx,
1373 struct rpc_pipe_client *pipe_hnd,
1374 POLICY_HND *user_hnd,
1375 int argc, const char **argv)
1378 union samr_UserInfo *info = NULL;
1381 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1382 return NT_STATUS_INVALID_PARAMETER;
1385 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1389 if (!NT_STATUS_IS_OK(result)) {
1393 d_printf("user rid: %d, group rid: %d\n",
1395 info->info21.primary_gid);
1400 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1401 TALLOC_CTX *mem_ctx,
1402 struct rpc_sh_ctx *ctx,
1403 struct rpc_pipe_client *pipe_hnd,
1404 int argc, const char **argv)
1406 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1407 rpc_sh_user_show_internals);
1410 #define FETCHSTR(name, rec) \
1411 do { if (strequal(ctx->thiscmd, name)) { \
1412 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1415 #define SETSTR(name, rec, flag) \
1416 do { if (strequal(ctx->thiscmd, name)) { \
1417 init_lsa_String(&(info->info21.rec), argv[0]); \
1418 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1421 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1422 TALLOC_CTX *mem_ctx,
1423 struct rpc_sh_ctx *ctx,
1424 struct rpc_pipe_client *pipe_hnd,
1425 POLICY_HND *user_hnd,
1426 int argc, const char **argv)
1429 const char *username;
1430 const char *oldval = "";
1431 union samr_UserInfo *info = NULL;
1434 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1436 return NT_STATUS_INVALID_PARAMETER;
1439 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1443 if (!NT_STATUS_IS_OK(result)) {
1447 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1449 FETCHSTR("fullname", full_name);
1450 FETCHSTR("homedir", home_directory);
1451 FETCHSTR("homedrive", home_drive);
1452 FETCHSTR("logonscript", logon_script);
1453 FETCHSTR("profilepath", profile_path);
1454 FETCHSTR("description", description);
1457 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1461 if (strcmp(argv[0], "NULL") == 0) {
1465 ZERO_STRUCT(info->info21);
1467 SETSTR("fullname", full_name, FULL_NAME);
1468 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1469 SETSTR("homedrive", home_drive, HOME_DRIVE);
1470 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1471 SETSTR("profilepath", profile_path, PROFILE_PATH);
1472 SETSTR("description", description, DESCRIPTION);
1474 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1479 d_printf("Set %s's %s from [%s] to [%s]\n", username,
1480 ctx->thiscmd, oldval, argv[0]);
1487 #define HANDLEFLG(name, rec) \
1488 do { if (strequal(ctx->thiscmd, name)) { \
1489 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1491 newflags = oldflags | ACB_##rec; \
1493 newflags = oldflags & ~ACB_##rec; \
1496 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1497 TALLOC_CTX *mem_ctx,
1498 struct rpc_sh_ctx *ctx,
1499 struct rpc_pipe_client *pipe_hnd,
1500 int argc, const char **argv)
1502 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1503 rpc_sh_user_str_edit_internals);
1506 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1507 TALLOC_CTX *mem_ctx,
1508 struct rpc_sh_ctx *ctx,
1509 struct rpc_pipe_client *pipe_hnd,
1510 POLICY_HND *user_hnd,
1511 int argc, const char **argv)
1514 const char *username;
1515 const char *oldval = "unknown";
1516 uint32 oldflags, newflags;
1518 union samr_UserInfo *info = NULL;
1521 ((argc == 1) && !strequal(argv[0], "yes") &&
1522 !strequal(argv[0], "no"))) {
1523 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1525 return NT_STATUS_INVALID_PARAMETER;
1528 newval = strequal(argv[0], "yes");
1530 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1534 if (!NT_STATUS_IS_OK(result)) {
1538 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1539 oldflags = info->info21.acct_flags;
1540 newflags = info->info21.acct_flags;
1542 HANDLEFLG("disabled", DISABLED);
1543 HANDLEFLG("pwnotreq", PWNOTREQ);
1544 HANDLEFLG("autolock", AUTOLOCK);
1545 HANDLEFLG("pwnoexp", PWNOEXP);
1548 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1552 ZERO_STRUCT(info->info21);
1554 info->info21.acct_flags = newflags;
1555 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1557 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1562 if (NT_STATUS_IS_OK(result)) {
1563 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1564 ctx->thiscmd, oldval, argv[0]);
1572 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1573 TALLOC_CTX *mem_ctx,
1574 struct rpc_sh_ctx *ctx,
1575 struct rpc_pipe_client *pipe_hnd,
1576 int argc, const char **argv)
1578 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1579 rpc_sh_user_flag_edit_internals);
1582 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1583 TALLOC_CTX *mem_ctx,
1584 struct rpc_sh_ctx *ctx)
1586 static struct rpc_sh_cmd cmds[] = {
1588 { "fullname", NULL, PI_SAMR, rpc_sh_user_str_edit,
1589 "Show/Set a user's full name" },
1591 { "homedir", NULL, PI_SAMR, rpc_sh_user_str_edit,
1592 "Show/Set a user's home directory" },
1594 { "homedrive", NULL, PI_SAMR, rpc_sh_user_str_edit,
1595 "Show/Set a user's home drive" },
1597 { "logonscript", NULL, PI_SAMR, rpc_sh_user_str_edit,
1598 "Show/Set a user's logon script" },
1600 { "profilepath", NULL, PI_SAMR, rpc_sh_user_str_edit,
1601 "Show/Set a user's profile path" },
1603 { "description", NULL, PI_SAMR, rpc_sh_user_str_edit,
1604 "Show/Set a user's description" },
1606 { "disabled", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1607 "Show/Set whether a user is disabled" },
1609 { "autolock", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1610 "Show/Set whether a user locked out" },
1612 { "pwnotreq", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1613 "Show/Set whether a user does not need a password" },
1615 { "pwnoexp", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1616 "Show/Set whether a user's password does not expire" },
1618 { NULL, NULL, 0, NULL, NULL }
1624 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1625 TALLOC_CTX *mem_ctx,
1626 struct rpc_sh_ctx *ctx)
1628 static struct rpc_sh_cmd cmds[] = {
1630 { "list", NULL, PI_SAMR, rpc_sh_user_list,
1631 "List available users" },
1633 { "info", NULL, PI_SAMR, rpc_sh_user_info,
1634 "List the domain groups a user is member of" },
1636 { "show", NULL, PI_SAMR, rpc_sh_user_show,
1637 "Show info about a user" },
1639 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1640 "Show/Modify a user's fields" },
1642 { NULL, NULL, 0, NULL, NULL }
1648 /****************************************************************************/
1651 * Basic usage function for 'net rpc group'.
1652 * @param argc Standard main() style argc.
1653 * @param argv Standard main() style argv. Initial components are already
1657 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1659 return net_group_usage(c, argc, argv);
1663 * Delete group on a remote RPC server.
1665 * All parameters are provided by the run_rpc_command function, except for
1666 * argc, argv which are passed through.
1668 * @param domain_sid The domain sid acquired from the remote server.
1669 * @param cli A cli_state connected to the server.
1670 * @param mem_ctx Talloc context, destroyed on completion of the function.
1671 * @param argc Standard main() style argc.
1672 * @param argv Standard main() style argv. Initial components are already
1675 * @return Normal NTSTATUS return.
1678 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1679 const DOM_SID *domain_sid,
1680 const char *domain_name,
1681 struct cli_state *cli,
1682 struct rpc_pipe_client *pipe_hnd,
1683 TALLOC_CTX *mem_ctx,
1687 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1688 bool group_is_primary = false;
1689 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1691 struct samr_RidTypeArray *rids = NULL;
1694 /* DOM_GID *user_gids; */
1696 struct samr_Ids group_rids, name_types;
1697 struct lsa_String lsa_acct_name;
1698 union samr_UserInfo *info = NULL;
1700 if (argc < 1 || c->display_usage) {
1701 rpc_group_usage(c, argc,argv);
1702 return NT_STATUS_OK; /* ok? */
1705 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1707 MAXIMUM_ALLOWED_ACCESS,
1710 if (!NT_STATUS_IS_OK(result)) {
1711 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1715 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1717 MAXIMUM_ALLOWED_ACCESS,
1718 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1721 if (!NT_STATUS_IS_OK(result)) {
1722 d_fprintf(stderr, "Request open_domain failed\n");
1726 init_lsa_String(&lsa_acct_name, argv[0]);
1728 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1734 if (!NT_STATUS_IS_OK(result)) {
1735 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1739 switch (name_types.ids[0])
1741 case SID_NAME_DOM_GRP:
1742 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1744 MAXIMUM_ALLOWED_ACCESS,
1747 if (!NT_STATUS_IS_OK(result)) {
1748 d_fprintf(stderr, "Request open_group failed");
1752 group_rid = group_rids.ids[0];
1754 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1758 if (!NT_STATUS_IS_OK(result)) {
1759 d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1763 if (c->opt_verbose) {
1764 d_printf("Domain Group %s (rid: %d) has %d members\n",
1765 argv[0],group_rid, rids->count);
1768 /* Check if group is anyone's primary group */
1769 for (i = 0; i < rids->count; i++)
1771 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1773 MAXIMUM_ALLOWED_ACCESS,
1777 if (!NT_STATUS_IS_OK(result)) {
1778 d_fprintf(stderr, "Unable to open group member %d\n",
1783 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1788 if (!NT_STATUS_IS_OK(result)) {
1789 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1794 if (info->info21.primary_gid == group_rid) {
1795 if (c->opt_verbose) {
1796 d_printf("Group is primary group of %s\n",
1797 info->info21.account_name.string);
1799 group_is_primary = true;
1802 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1805 if (group_is_primary) {
1806 d_fprintf(stderr, "Unable to delete group because some "
1807 "of it's members have it as primary group\n");
1808 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1812 /* remove all group members */
1813 for (i = 0; i < rids->count; i++)
1816 d_printf("Remove group member %d...",
1818 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1822 if (NT_STATUS_IS_OK(result)) {
1827 d_printf("failed\n");
1832 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1836 /* removing a local group is easier... */
1837 case SID_NAME_ALIAS:
1838 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1840 MAXIMUM_ALLOWED_ACCESS,
1844 if (!NT_STATUS_IS_OK(result)) {
1845 d_fprintf(stderr, "Request open_alias failed\n");
1849 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1853 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1854 argv[0],sid_type_lookup(name_types.ids[0]));
1855 result = NT_STATUS_UNSUCCESSFUL;
1859 if (NT_STATUS_IS_OK(result)) {
1861 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1863 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1864 get_friendly_nt_error_msg(result));
1872 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
1874 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_group_delete_internals,
1878 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
1880 NET_API_STATUS status;
1881 struct GROUP_INFO_1 info1;
1882 uint32_t parm_error = 0;
1884 if (argc != 1 || c->display_usage) {
1885 rpc_group_usage(c, argc, argv);
1891 info1.grpi1_name = argv[0];
1892 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1893 info1.grpi1_comment = c->opt_comment;
1896 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1899 d_fprintf(stderr, "Failed to add group '%s' with: %s.\n",
1900 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1904 d_printf("Added group '%s'.\n", argv[0]);
1910 static NTSTATUS rpc_alias_add_internals(struct net_context *c,
1911 const DOM_SID *domain_sid,
1912 const char *domain_name,
1913 struct cli_state *cli,
1914 struct rpc_pipe_client *pipe_hnd,
1915 TALLOC_CTX *mem_ctx,
1919 POLICY_HND connect_pol, domain_pol, alias_pol;
1920 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1921 union samr_AliasInfo alias_info;
1922 struct lsa_String alias_name;
1925 if (argc != 1 || c->display_usage) {
1926 rpc_group_usage(c, argc, argv);
1927 return NT_STATUS_OK;
1930 init_lsa_String(&alias_name, argv[0]);
1932 /* Get sam policy handle */
1934 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1936 MAXIMUM_ALLOWED_ACCESS,
1938 if (!NT_STATUS_IS_OK(result)) goto done;
1940 /* Get domain policy handle */
1942 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1944 MAXIMUM_ALLOWED_ACCESS,
1945 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1947 if (!NT_STATUS_IS_OK(result)) goto done;
1949 /* Create the group */
1951 result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
1954 MAXIMUM_ALLOWED_ACCESS,
1957 if (!NT_STATUS_IS_OK(result)) goto done;
1959 if (strlen(c->opt_comment) == 0) goto done;
1961 /* We've got a comment to set */
1963 init_lsa_String(&alias_info.description, c->opt_comment);
1965 result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
1970 if (!NT_STATUS_IS_OK(result)) goto done;
1973 if (NT_STATUS_IS_OK(result))
1974 DEBUG(5, ("add alias succeeded\n"));
1976 d_fprintf(stderr, "add alias failed: %s\n", nt_errstr(result));
1981 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
1983 if (c->opt_localgroup)
1984 return run_rpc_command(c, NULL, PI_SAMR, 0,
1985 rpc_alias_add_internals,
1988 return rpc_group_add_internals(c, argc, argv);
1991 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1992 TALLOC_CTX *mem_ctx,
1995 enum lsa_SidType *type)
1997 DOM_SID *sids = NULL;
1998 enum lsa_SidType *types = NULL;
1999 struct rpc_pipe_client *pipe_hnd;
2001 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2003 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
2008 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
2009 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2011 if (!NT_STATUS_IS_OK(result)) {
2015 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
2016 &name, NULL, 1, &sids, &types);
2018 if (NT_STATUS_IS_OK(result)) {
2019 sid_copy(sid, &sids[0]);
2023 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
2027 TALLOC_FREE(pipe_hnd);
2030 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
2032 /* Try as S-1-5-whatever */
2036 if (string_to_sid(&tmp_sid, name)) {
2037 sid_copy(sid, &tmp_sid);
2038 *type = SID_NAME_UNKNOWN;
2039 result = NT_STATUS_OK;
2046 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
2047 TALLOC_CTX *mem_ctx,
2048 const DOM_SID *group_sid,
2051 POLICY_HND connect_pol, domain_pol;
2054 POLICY_HND group_pol;
2056 struct samr_Ids rids, rid_types;
2057 struct lsa_String lsa_acct_name;
2061 sid_copy(&sid, group_sid);
2063 if (!sid_split_rid(&sid, &group_rid)) {
2064 return NT_STATUS_UNSUCCESSFUL;
2067 /* Get sam policy handle */
2068 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2070 MAXIMUM_ALLOWED_ACCESS,
2072 if (!NT_STATUS_IS_OK(result)) {
2076 /* Get domain policy handle */
2077 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2079 MAXIMUM_ALLOWED_ACCESS,
2082 if (!NT_STATUS_IS_OK(result)) {
2086 init_lsa_String(&lsa_acct_name, member);
2088 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2095 if (!NT_STATUS_IS_OK(result)) {
2096 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2100 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2102 MAXIMUM_ALLOWED_ACCESS,
2106 if (!NT_STATUS_IS_OK(result)) {
2110 result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
2113 0x0005); /* unknown flags */
2116 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2120 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2121 TALLOC_CTX *mem_ctx,
2122 const DOM_SID *alias_sid,
2125 POLICY_HND connect_pol, domain_pol;
2128 POLICY_HND alias_pol;
2131 enum lsa_SidType member_type;
2135 sid_copy(&sid, alias_sid);
2137 if (!sid_split_rid(&sid, &alias_rid)) {
2138 return NT_STATUS_UNSUCCESSFUL;
2141 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2142 member, &member_sid, &member_type);
2144 if (!NT_STATUS_IS_OK(result)) {
2145 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2149 /* Get sam policy handle */
2150 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2152 MAXIMUM_ALLOWED_ACCESS,
2154 if (!NT_STATUS_IS_OK(result)) {
2158 /* Get domain policy handle */
2159 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2161 MAXIMUM_ALLOWED_ACCESS,
2164 if (!NT_STATUS_IS_OK(result)) {
2168 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2170 MAXIMUM_ALLOWED_ACCESS,
2174 if (!NT_STATUS_IS_OK(result)) {
2178 result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
2182 if (!NT_STATUS_IS_OK(result)) {
2187 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2191 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
2192 const DOM_SID *domain_sid,
2193 const char *domain_name,
2194 struct cli_state *cli,
2195 struct rpc_pipe_client *pipe_hnd,
2196 TALLOC_CTX *mem_ctx,
2201 enum lsa_SidType group_type;
2203 if (argc != 2 || c->display_usage) {
2205 "net rpc group addmem <group> <member>\n"
2206 " Add a member to a group\n"
2207 " group\tGroup to add member to\n"
2208 " member\tMember to add to group\n");
2209 return NT_STATUS_UNSUCCESSFUL;
2212 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2213 &group_sid, &group_type))) {
2214 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2215 return NT_STATUS_UNSUCCESSFUL;
2218 if (group_type == SID_NAME_DOM_GRP) {
2219 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2220 &group_sid, argv[1]);
2222 if (!NT_STATUS_IS_OK(result)) {
2223 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2224 argv[1], argv[0], nt_errstr(result));
2229 if (group_type == SID_NAME_ALIAS) {
2230 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2231 &group_sid, argv[1]);
2233 if (!NT_STATUS_IS_OK(result)) {
2234 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2235 argv[1], argv[0], nt_errstr(result));
2240 d_fprintf(stderr, "Can only add members to global or local groups "
2241 "which %s is not\n", argv[0]);
2243 return NT_STATUS_UNSUCCESSFUL;
2246 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
2248 return run_rpc_command(c, NULL, PI_SAMR, 0,
2249 rpc_group_addmem_internals,
2253 static NTSTATUS rpc_del_groupmem(struct net_context *c,
2254 struct rpc_pipe_client *pipe_hnd,
2255 TALLOC_CTX *mem_ctx,
2256 const DOM_SID *group_sid,
2259 POLICY_HND connect_pol, domain_pol;
2262 POLICY_HND group_pol;
2264 struct samr_Ids rids, rid_types;
2265 struct lsa_String lsa_acct_name;
2269 sid_copy(&sid, group_sid);
2271 if (!sid_split_rid(&sid, &group_rid))
2272 return NT_STATUS_UNSUCCESSFUL;
2274 /* Get sam policy handle */
2275 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2277 MAXIMUM_ALLOWED_ACCESS,
2279 if (!NT_STATUS_IS_OK(result))
2282 /* Get domain policy handle */
2283 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2285 MAXIMUM_ALLOWED_ACCESS,
2288 if (!NT_STATUS_IS_OK(result))
2291 init_lsa_String(&lsa_acct_name, member);
2293 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2299 if (!NT_STATUS_IS_OK(result)) {
2300 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2304 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2306 MAXIMUM_ALLOWED_ACCESS,
2310 if (!NT_STATUS_IS_OK(result))
2313 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
2318 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2322 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2323 TALLOC_CTX *mem_ctx,
2324 const DOM_SID *alias_sid,
2327 POLICY_HND connect_pol, domain_pol;
2330 POLICY_HND alias_pol;
2333 enum lsa_SidType member_type;
2337 sid_copy(&sid, alias_sid);
2339 if (!sid_split_rid(&sid, &alias_rid))
2340 return NT_STATUS_UNSUCCESSFUL;
2342 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2343 member, &member_sid, &member_type);
2345 if (!NT_STATUS_IS_OK(result)) {
2346 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2350 /* Get sam policy handle */
2351 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2353 MAXIMUM_ALLOWED_ACCESS,
2355 if (!NT_STATUS_IS_OK(result)) {
2359 /* Get domain policy handle */
2360 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2362 MAXIMUM_ALLOWED_ACCESS,
2365 if (!NT_STATUS_IS_OK(result)) {
2369 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2371 MAXIMUM_ALLOWED_ACCESS,
2375 if (!NT_STATUS_IS_OK(result))
2378 result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2382 if (!NT_STATUS_IS_OK(result))
2386 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2390 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2391 const DOM_SID *domain_sid,
2392 const char *domain_name,
2393 struct cli_state *cli,
2394 struct rpc_pipe_client *pipe_hnd,
2395 TALLOC_CTX *mem_ctx,
2400 enum lsa_SidType group_type;
2402 if (argc != 2 || c->display_usage) {
2404 "net rpc group delmem <group> <member>\n"
2405 " Delete a member from a group\n"
2406 " group\tGroup to delete member from\n"
2407 " member\tMember to delete from group\n");
2408 return NT_STATUS_UNSUCCESSFUL;
2411 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2412 &group_sid, &group_type))) {
2413 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2414 return NT_STATUS_UNSUCCESSFUL;
2417 if (group_type == SID_NAME_DOM_GRP) {
2418 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2419 &group_sid, argv[1]);
2421 if (!NT_STATUS_IS_OK(result)) {
2422 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2423 argv[1], argv[0], nt_errstr(result));
2428 if (group_type == SID_NAME_ALIAS) {
2429 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2430 &group_sid, argv[1]);
2432 if (!NT_STATUS_IS_OK(result)) {
2433 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2434 argv[1], argv[0], nt_errstr(result));
2439 d_fprintf(stderr, "Can only delete members from global or local groups "
2440 "which %s is not\n", argv[0]);
2442 return NT_STATUS_UNSUCCESSFUL;
2445 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2447 return run_rpc_command(c, NULL, PI_SAMR, 0,
2448 rpc_group_delmem_internals,
2453 * List groups on a remote RPC server.
2455 * All parameters are provided by the run_rpc_command function, except for
2456 * argc, argv which are passes through.
2458 * @param domain_sid The domain sid acquired from the remote server.
2459 * @param cli A cli_state connected to the server.
2460 * @param mem_ctx Talloc context, destroyed on completion of the function.
2461 * @param argc Standard main() style argc.
2462 * @param argv Standard main() style argv. Initial components are already
2465 * @return Normal NTSTATUS return.
2468 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2469 const DOM_SID *domain_sid,
2470 const char *domain_name,
2471 struct cli_state *cli,
2472 struct rpc_pipe_client *pipe_hnd,
2473 TALLOC_CTX *mem_ctx,
2477 POLICY_HND connect_pol, domain_pol;
2478 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2479 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2480 struct samr_SamArray *groups = NULL;
2481 bool global = false;
2483 bool builtin = false;
2485 if (c->display_usage) {
2487 "net rpc group list [global] [local] [builtin]\n"
2488 " List groups on RPC server\n"
2489 " global\tList global groups\n"
2490 " local\tList local groups\n"
2491 " builtin\tList builtin groups\n"
2492 " If none of global, local or builtin is "
2493 "specified, all three options are considered set\n");
2494 return NT_STATUS_OK;
2503 for (i=0; i<argc; i++) {
2504 if (strequal(argv[i], "global"))
2507 if (strequal(argv[i], "local"))
2510 if (strequal(argv[i], "builtin"))
2514 /* Get sam policy handle */
2516 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2518 MAXIMUM_ALLOWED_ACCESS,
2520 if (!NT_STATUS_IS_OK(result)) {
2524 /* Get domain policy handle */
2526 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2528 MAXIMUM_ALLOWED_ACCESS,
2529 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2531 if (!NT_STATUS_IS_OK(result)) {
2535 /* Query domain groups */
2536 if (c->opt_long_list_entries)
2537 d_printf("\nGroup name Comment"
2538 "\n-----------------------------\n");
2540 uint32_t max_size, total_size, returned_size;
2541 union samr_DispInfo info;
2545 get_query_dispinfo_params(
2546 loop_count, &max_entries, &max_size);
2548 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2557 num_entries = info.info3.count;
2558 start_idx += info.info3.count;
2560 if (!NT_STATUS_IS_OK(result) &&
2561 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2564 for (i = 0; i < num_entries; i++) {
2566 const char *group = NULL;
2567 const char *desc = NULL;
2569 group = info.info3.entries[i].account_name.string;
2570 desc = info.info3.entries[i].description.string;
2572 if (c->opt_long_list_entries)
2573 printf("%-21.21s %-50.50s\n",
2576 printf("%s\n", group);
2578 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2579 /* query domain aliases */
2584 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2590 if (!NT_STATUS_IS_OK(result) &&
2591 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2594 for (i = 0; i < num_entries; i++) {
2596 const char *description = NULL;
2598 if (c->opt_long_list_entries) {
2600 POLICY_HND alias_pol;
2601 union samr_AliasInfo *info = NULL;
2603 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2606 groups->entries[i].idx,
2608 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2612 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2614 description = info->description.string;
2618 if (description != NULL) {
2619 printf("%-21.21s %-50.50s\n",
2620 groups->entries[i].name.string,
2623 printf("%s\n", groups->entries[i].name.string);
2626 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2627 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2628 /* Get builtin policy handle */
2630 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2632 MAXIMUM_ALLOWED_ACCESS,
2633 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2635 if (!NT_STATUS_IS_OK(result)) {
2638 /* query builtin aliases */
2641 if (!builtin) break;
2643 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2649 if (!NT_STATUS_IS_OK(result) &&
2650 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2653 for (i = 0; i < num_entries; i++) {
2655 const char *description = NULL;
2657 if (c->opt_long_list_entries) {
2659 POLICY_HND alias_pol;
2660 union samr_AliasInfo *info = NULL;
2662 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2665 groups->entries[i].idx,
2667 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2671 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2673 description = info->description.string;
2677 if (description != NULL) {
2678 printf("%-21.21s %-50.50s\n",
2679 groups->entries[i].name.string,
2682 printf("%s\n", groups->entries[i].name.string);
2685 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2691 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
2693 return run_rpc_command(c, NULL, PI_SAMR, 0,
2694 rpc_group_list_internals,
2698 static NTSTATUS rpc_list_group_members(struct net_context *c,
2699 struct rpc_pipe_client *pipe_hnd,
2700 TALLOC_CTX *mem_ctx,
2701 const char *domain_name,
2702 const DOM_SID *domain_sid,
2703 POLICY_HND *domain_pol,
2707 POLICY_HND group_pol;
2708 uint32 num_members, *group_rids;
2710 struct samr_RidTypeArray *rids = NULL;
2711 struct lsa_Strings names;
2712 struct samr_Ids types;
2715 sid_to_fstring(sid_str, domain_sid);
2717 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2719 MAXIMUM_ALLOWED_ACCESS,
2723 if (!NT_STATUS_IS_OK(result))
2726 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2730 if (!NT_STATUS_IS_OK(result))
2733 num_members = rids->count;
2734 group_rids = rids->rids;
2736 while (num_members > 0) {
2737 int this_time = 512;
2739 if (num_members < this_time)
2740 this_time = num_members;
2742 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2749 if (!NT_STATUS_IS_OK(result))
2752 /* We only have users as members, but make the output
2753 the same as the output of alias members */
2755 for (i = 0; i < this_time; i++) {
2757 if (c->opt_long_list_entries) {
2758 printf("%s-%d %s\\%s %d\n", sid_str,
2759 group_rids[i], domain_name,
2760 names.names[i].string,
2763 printf("%s\\%s\n", domain_name,
2764 names.names[i].string);
2768 num_members -= this_time;
2772 return NT_STATUS_OK;
2775 static NTSTATUS rpc_list_alias_members(struct net_context *c,
2776 struct rpc_pipe_client *pipe_hnd,
2777 TALLOC_CTX *mem_ctx,
2778 POLICY_HND *domain_pol,
2782 struct rpc_pipe_client *lsa_pipe;
2783 POLICY_HND alias_pol, lsa_pol;
2785 DOM_SID *alias_sids;
2788 enum lsa_SidType *types;
2790 struct lsa_SidArray sid_array;
2792 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2794 MAXIMUM_ALLOWED_ACCESS,
2798 if (!NT_STATUS_IS_OK(result))
2801 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2805 if (!NT_STATUS_IS_OK(result)) {
2806 d_fprintf(stderr, "Couldn't list alias members\n");
2810 num_members = sid_array.num_sids;
2812 if (num_members == 0) {
2813 return NT_STATUS_OK;
2816 lsa_pipe = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2817 PI_LSARPC, &result);
2819 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2820 nt_errstr(result) );
2824 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
2825 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2827 if (!NT_STATUS_IS_OK(result)) {
2828 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2829 TALLOC_FREE(lsa_pipe);
2833 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2835 d_fprintf(stderr, "Out of memory\n");
2836 TALLOC_FREE(lsa_pipe);
2837 return NT_STATUS_NO_MEMORY;
2840 for (i=0; i<num_members; i++) {
2841 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2844 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
2845 num_members, alias_sids,
2846 &domains, &names, &types);
2848 if (!NT_STATUS_IS_OK(result) &&
2849 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2850 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2851 TALLOC_FREE(lsa_pipe);
2855 for (i = 0; i < num_members; i++) {
2857 sid_to_fstring(sid_str, &alias_sids[i]);
2859 if (c->opt_long_list_entries) {
2860 printf("%s %s\\%s %d\n", sid_str,
2861 domains[i] ? domains[i] : "*unknown*",
2862 names[i] ? names[i] : "*unknown*", types[i]);
2865 printf("%s\\%s\n", domains[i], names[i]);
2867 printf("%s\n", sid_str);
2871 TALLOC_FREE(lsa_pipe);
2872 return NT_STATUS_OK;
2875 static NTSTATUS rpc_group_members_internals(struct net_context *c,
2876 const DOM_SID *domain_sid,
2877 const char *domain_name,
2878 struct cli_state *cli,
2879 struct rpc_pipe_client *pipe_hnd,
2880 TALLOC_CTX *mem_ctx,
2885 POLICY_HND connect_pol, domain_pol;
2886 struct samr_Ids rids, rid_types;
2887 struct lsa_String lsa_acct_name;
2889 /* Get sam policy handle */
2891 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2893 MAXIMUM_ALLOWED_ACCESS,
2896 if (!NT_STATUS_IS_OK(result))
2899 /* Get domain policy handle */
2901 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2903 MAXIMUM_ALLOWED_ACCESS,
2904 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2907 if (!NT_STATUS_IS_OK(result))
2910 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2912 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2919 if (!NT_STATUS_IS_OK(result)) {
2921 /* Ok, did not find it in the global sam, try with builtin */
2923 DOM_SID sid_Builtin;
2925 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2927 sid_copy(&sid_Builtin, &global_sid_Builtin);
2929 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2931 MAXIMUM_ALLOWED_ACCESS,
2935 if (!NT_STATUS_IS_OK(result)) {
2936 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2940 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2947 if (!NT_STATUS_IS_OK(result)) {
2948 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2953 if (rids.count != 1) {
2954 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2958 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2959 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
2960 domain_sid, &domain_pol,
2964 if (rid_types.ids[0] == SID_NAME_ALIAS) {
2965 return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
2969 return NT_STATUS_NO_SUCH_GROUP;
2972 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
2974 if (argc != 1 || c->display_usage) {
2975 return rpc_group_usage(c, argc, argv);
2978 return run_rpc_command(c, NULL, PI_SAMR, 0,
2979 rpc_group_members_internals,
2983 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
2985 NET_API_STATUS status;
2986 struct GROUP_INFO_0 g0;
2990 d_printf("Usage: 'net rpc group rename group newname'\n");
2994 g0.grpi0_name = argv[1];
2996 status = NetGroupSetInfo(c->opt_host,
3003 d_fprintf(stderr, "Renaming group %s failed with: %s\n",
3004 argv[0], libnetapi_get_error_string(c->netapi_ctx,
3012 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
3014 if (argc != 2 || c->display_usage) {
3015 return rpc_group_usage(c, argc, argv);
3018 return rpc_group_rename_internals(c, argc, argv);
3022 * 'net rpc group' entrypoint.
3023 * @param argc Standard main() style argc.
3024 * @param argv Standard main() style argv. Initial components are already
3028 int net_rpc_group(struct net_context *c, int argc, const char **argv)
3030 NET_API_STATUS status;
3032 struct functable func[] = {
3037 "Create specified group",
3038 "net rpc group add\n"
3039 " Create specified group"
3045 "Delete specified group",
3046 "net rpc group delete\n"
3047 " Delete specified group"
3053 "Add member to group",
3054 "net rpc group addmem\n"
3055 " Add member to group"
3061 "Remove member from group",
3062 "net rpc group delmem\n"
3063 " Remove member from group"
3070 "net rpc group list\n"
3077 "List group members",
3078 "net rpc group members\n"
3079 " List group members"
3086 "net rpc group rename\n"
3089 {NULL, NULL, 0, NULL, NULL}
3092 status = libnetapi_init(&c->netapi_ctx);
3096 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
3097 libnetapi_set_password(c->netapi_ctx, c->opt_password);
3100 if (c->display_usage) {
3101 d_printf("Usage:\n");
3102 d_printf("net rpc group\n"
3103 " Alias for net rpc group list global local "
3105 net_display_usage_from_functable(func);
3109 return run_rpc_command(c, NULL, PI_SAMR, 0,
3110 rpc_group_list_internals,
3114 return net_run_function(c, argc, argv, "net rpc group", func);
3117 /****************************************************************************/
3119 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
3121 return net_share_usage(c, argc, argv);
3125 * Add a share on a remote RPC server.
3127 * All parameters are provided by the run_rpc_command function, except for
3128 * argc, argv which are passed through.
3130 * @param domain_sid The domain sid acquired from the remote server.
3131 * @param cli A cli_state connected to the server.
3132 * @param mem_ctx Talloc context, destroyed on completion of the function.
3133 * @param argc Standard main() style argc.
3134 * @param argv Standard main() style argv. Initial components are already
3137 * @return Normal NTSTATUS return.
3139 static NTSTATUS rpc_share_add_internals(struct net_context *c,
3140 const DOM_SID *domain_sid,
3141 const char *domain_name,
3142 struct cli_state *cli,
3143 struct rpc_pipe_client *pipe_hnd,
3144 TALLOC_CTX *mem_ctx,int argc,
3151 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3152 uint32 num_users=0, perms=0;
3153 char *password=NULL; /* don't allow a share password */
3155 union srvsvc_NetShareInfo info;
3156 struct srvsvc_NetShareInfo2 info2;
3157 uint32_t parm_error = 0;
3159 if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
3160 return NT_STATUS_NO_MEMORY;
3163 path = strchr(sharename, '=');
3165 return NT_STATUS_UNSUCCESSFUL;
3168 info2.name = sharename;
3170 info2.comment = c->opt_comment;
3171 info2.permissions = perms;
3172 info2.max_users = c->opt_maxusers;
3173 info2.current_users = num_users;
3175 info2.password = password;
3177 info.info2 = &info2;
3179 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
3188 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
3190 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
3191 return rpc_share_usage(c, argc, argv);
3193 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3194 rpc_share_add_internals,
3199 * Delete a share on a remote RPC server.
3201 * All parameters are provided by the run_rpc_command function, except for
3202 * argc, argv which are passed through.
3204 * @param domain_sid The domain sid acquired from the remote server.
3205 * @param cli A cli_state connected to the server.
3206 * @param mem_ctx Talloc context, destroyed on completion of the function.
3207 * @param argc Standard main() style argc.
3208 * @param argv Standard main() style argv. Initial components are already
3211 * @return Normal NTSTATUS return.
3213 static NTSTATUS rpc_share_del_internals(struct net_context *c,
3214 const DOM_SID *domain_sid,
3215 const char *domain_name,
3216 struct cli_state *cli,
3217 struct rpc_pipe_client *pipe_hnd,
3218 TALLOC_CTX *mem_ctx,
3224 return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
3232 * Delete a share on a remote RPC server.
3234 * @param domain_sid The domain sid acquired from the remote server.
3235 * @param argc Standard main() style argc.
3236 * @param argv Standard main() style argv. Initial components are already
3239 * @return A shell status integer (0 for success).
3241 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
3243 if (argc < 1 || c->display_usage) {
3244 return rpc_share_usage(c, argc, argv);
3246 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3247 rpc_share_del_internals,
3252 * Formatted print of share info
3254 * @param info1 pointer to SRV_SHARE_INFO_1 to format
3257 static void display_share_info_1(struct net_context *c,
3258 struct srvsvc_NetShareInfo1 *r)
3260 if (c->opt_long_list_entries) {
3261 d_printf("%-12s %-8.8s %-50s\n",
3263 c->share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
3266 d_printf("%s\n", r->name);
3270 static WERROR get_share_info(struct net_context *c,
3271 struct rpc_pipe_client *pipe_hnd,
3272 TALLOC_CTX *mem_ctx,
3276 struct srvsvc_NetShareInfoCtr *info_ctr)
3280 union srvsvc_NetShareInfo info;
3282 /* no specific share requested, enumerate all */
3285 uint32_t preferred_len = 0xffffffff;
3286 uint32_t total_entries = 0;
3287 uint32_t resume_handle = 0;
3289 info_ctr->level = level;
3291 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
3301 /* request just one share */
3302 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
3309 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
3314 ZERO_STRUCTP(info_ctr);
3316 info_ctr->level = level;
3321 struct srvsvc_NetShareCtr1 *ctr1;
3323 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3324 W_ERROR_HAVE_NO_MEMORY(ctr1);
3327 ctr1->array = info.info1;
3329 info_ctr->ctr.ctr1 = ctr1;
3333 struct srvsvc_NetShareCtr2 *ctr2;
3335 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3336 W_ERROR_HAVE_NO_MEMORY(ctr2);
3339 ctr2->array = info.info2;
3341 info_ctr->ctr.ctr2 = ctr2;
3345 struct srvsvc_NetShareCtr502 *ctr502;
3347 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3348 W_ERROR_HAVE_NO_MEMORY(ctr502);
3351 ctr502->array = info.info502;
3353 info_ctr->ctr.ctr502 = ctr502;
3361 * List shares on a remote RPC server.
3363 * All parameters are provided by the run_rpc_command function, except for
3364 * argc, argv which are passed through.
3366 * @param domain_sid The domain sid acquired from the remote server.
3367 * @param cli A cli_state connected to the server.
3368 * @param mem_ctx Talloc context, destroyed on completion of the function.
3369 * @param argc Standard main() style argc.
3370 * @param argv Standard main() style argv. Initial components are already
3373 * @return Normal NTSTATUS return.
3376 static NTSTATUS rpc_share_list_internals(struct net_context *c,
3377 const DOM_SID *domain_sid,
3378 const char *domain_name,
3379 struct cli_state *cli,
3380 struct rpc_pipe_client *pipe_hnd,
3381 TALLOC_CTX *mem_ctx,
3385 struct srvsvc_NetShareInfoCtr info_ctr;
3386 struct srvsvc_NetShareCtr1 ctr1;
3388 uint32 i, level = 1;
3390 ZERO_STRUCT(info_ctr);
3394 info_ctr.ctr.ctr1 = &ctr1;
3396 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3398 if (!W_ERROR_IS_OK(result))
3401 /* Display results */
3403 if (c->opt_long_list_entries) {
3405 "\nEnumerating shared resources (exports) on remote server:\n\n"
3406 "\nShare name Type Description\n"
3407 "---------- ---- -----------\n");
3409 for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
3410 display_share_info_1(c, &info_ctr.ctr.ctr1->array[i]);
3412 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
3416 * 'net rpc share list' entrypoint.
3417 * @param argc Standard main() style argc.
3418 * @param argv Standard main() style argv. Initial components are already
3421 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
3423 if (c->display_usage) {
3425 "net rpc share list\n"
3426 " List shares on remote server\n");
3430 return run_rpc_command(c, NULL, PI_SRVSVC, 0, rpc_share_list_internals,
3434 static bool check_share_availability(struct cli_state *cli, const char *netname)
3436 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3437 d_printf("skipping [%s]: not a file share.\n", netname);
3447 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3448 const char *netname, uint32 type)
3450 /* only support disk shares */
3451 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3452 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3456 /* skip builtin shares */
3457 /* FIXME: should print$ be added too ? */
3458 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3459 strequal(netname,"global"))
3462 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3463 printf("excluding [%s]\n", netname);
3467 return check_share_availability(cli, netname);
3471 * Migrate shares from a remote RPC server to the local RPC server.
3473 * All parameters are provided by the run_rpc_command function, except for
3474 * argc, argv which are passed through.
3476 * @param domain_sid The domain sid acquired from the remote server.
3477 * @param cli A cli_state connected to the server.
3478 * @param mem_ctx Talloc context, destroyed on completion of the function.
3479 * @param argc Standard main() style argc.
3480 * @param argv Standard main() style argv. Initial components are already
3483 * @return Normal NTSTATUS return.
3486 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3487 const DOM_SID *domain_sid,
3488 const char *domain_name,
3489 struct cli_state *cli,
3490 struct rpc_pipe_client *pipe_hnd,
3491 TALLOC_CTX *mem_ctx,
3496 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3497 struct srvsvc_NetShareInfoCtr ctr_src;
3499 struct rpc_pipe_client *srvsvc_pipe = NULL;
3500 struct cli_state *cli_dst = NULL;
3501 uint32 level = 502; /* includes secdesc */
3502 uint32_t parm_error = 0;
3504 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3506 if (!W_ERROR_IS_OK(result))
3509 /* connect destination PI_SRVSVC */
3510 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, PI_SRVSVC);
3511 if (!NT_STATUS_IS_OK(nt_status))
3515 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3517 union srvsvc_NetShareInfo info;
3518 struct srvsvc_NetShareInfo502 info502 =
3519 ctr_src.ctr.ctr502->array[i];
3521 /* reset error-code */
3522 nt_status = NT_STATUS_UNSUCCESSFUL;
3524 if (!check_share_sanity(c, cli, info502.name, info502.type))
3527 /* finally add the share on the dst server */
3529 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
3530 info502.name, info502.path, info502.comment);
3532 info.info502 = &info502;
3534 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3535 srvsvc_pipe->desthost,
3541 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3542 printf(" [%s] does already exist\n",
3547 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3548 printf("cannot add share: %s\n", dos_errstr(result));
3554 nt_status = NT_STATUS_OK;
3558 cli_shutdown(cli_dst);
3566 * Migrate shares from a RPC server to another.
3568 * @param argc Standard main() style argc.
3569 * @param argv Standard main() style argv. Initial components are already
3572 * @return A shell status integer (0 for success).
3574 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3577 if (c->display_usage) {
3579 "net rpc share migrate shares\n"
3580 " Migrate shares to local server\n");
3585 printf("no server to migrate\n");
3589 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3590 rpc_share_migrate_shares_internals,
3597 * @param f file_info
3598 * @param mask current search mask
3599 * @param state arg-pointer
3602 static void copy_fn(const char *mnt, file_info *f,
3603 const char *mask, void *state)
3605 static NTSTATUS nt_status;
3606 static struct copy_clistate *local_state;
3607 static fstring filename, new_mask;
3610 struct net_context *c;
3612 local_state = (struct copy_clistate *)state;
3613 nt_status = NT_STATUS_UNSUCCESSFUL;
3617 if (strequal(f->name, ".") || strequal(f->name, ".."))
3620 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3623 if (f->mode & aDIR) {
3625 DEBUG(3,("got dir: %s\n", f->name));
3627 fstrcpy(dir, local_state->cwd);
3629 fstrcat(dir, f->name);
3631 switch (net_mode_share)
3633 case NET_MODE_SHARE_MIGRATE:
3634 /* create that directory */
3635 nt_status = net_copy_file(c, local_state->mem_ctx,
3636 local_state->cli_share_src,
3637 local_state->cli_share_dst,
3639 c->opt_acls? true : false,
3640 c->opt_attrs? true : false,
3641 c->opt_timestamps? true:false,
3645 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3649 if (!NT_STATUS_IS_OK(nt_status))
3650 printf("could not handle dir %s: %s\n",
3651 dir, nt_errstr(nt_status));
3653 /* search below that directory */
3654 fstrcpy(new_mask, dir);
3655 fstrcat(new_mask, "\\*");
3657 old_dir = local_state->cwd;
3658 local_state->cwd = dir;
3659 if (!sync_files(local_state, new_mask))
3660 printf("could not handle files\n");
3661 local_state->cwd = old_dir;
3668 fstrcpy(filename, local_state->cwd);
3669 fstrcat(filename, "\\");
3670 fstrcat(filename, f->name);
3672 DEBUG(3,("got file: %s\n", filename));
3674 switch (net_mode_share)
3676 case NET_MODE_SHARE_MIGRATE:
3677 nt_status = net_copy_file(c, local_state->mem_ctx,
3678 local_state->cli_share_src,
3679 local_state->cli_share_dst,
3681 c->opt_acls? true : false,
3682 c->opt_attrs? true : false,
3683 c->opt_timestamps? true: false,
3687 d_fprintf(stderr, "Unsupported file mode %d\n", net_mode_share);
3691 if (!NT_STATUS_IS_OK(nt_status))
3692 printf("could not handle file %s: %s\n",
3693 filename, nt_errstr(nt_status));
3698 * sync files, can be called recursivly to list files
3699 * and then call copy_fn for each file
3701 * @param cp_clistate pointer to the copy_clistate we work with
3702 * @param mask the current search mask
3704 * @return Boolean result
3706 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
3708 struct cli_state *targetcli;
3709 char *targetpath = NULL;
3711 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3713 if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
3714 mask, &targetcli, &targetpath ) ) {
3715 d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
3716 mask, cli_errstr(cp_clistate->cli_share_src));
3720 if (cli_list(targetcli, targetpath, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3721 d_fprintf(stderr, "listing %s failed with error: %s\n",
3722 mask, cli_errstr(targetcli));
3731 * Set the top level directory permissions before we do any further copies.
3732 * Should set up ACL inheritance.
3735 bool copy_top_level_perms(struct net_context *c,
3736 struct copy_clistate *cp_clistate,
3737 const char *sharename)
3739 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3741 switch (net_mode_share) {
3742 case NET_MODE_SHARE_MIGRATE:
3743 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3744 nt_status = net_copy_fileattr(c,
3745 cp_clistate->mem_ctx,
3746 cp_clistate->cli_share_src,
3747 cp_clistate->cli_share_dst,
3749 c->opt_acls? true : false,
3750 c->opt_attrs? true : false,
3751 c->opt_timestamps? true: false,
3755 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3759 if (!NT_STATUS_IS_OK(nt_status)) {
3760 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3761 sharename, nt_errstr(nt_status));
3769 * Sync all files inside a remote share to another share (over smb).
3771 * All parameters are provided by the run_rpc_command function, except for
3772 * argc, argv which are passed through.
3774 * @param domain_sid The domain sid acquired from the remote server.
3775 * @param cli A cli_state connected to the server.
3776 * @param mem_ctx Talloc context, destroyed on completion of the function.
3777 * @param argc Standard main() style argc.
3778 * @param argv Standard main() style argv. Initial components are already
3781 * @return Normal NTSTATUS return.
3784 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
3785 const DOM_SID *domain_sid,
3786 const char *domain_name,
3787 struct cli_state *cli,
3788 struct rpc_pipe_client *pipe_hnd,
3789 TALLOC_CTX *mem_ctx,
3794 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3795 struct srvsvc_NetShareInfoCtr ctr_src;
3798 struct copy_clistate cp_clistate;
3799 bool got_src_share = false;
3800 bool got_dst_share = false;
3801 const char *mask = "\\*";
3804 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
3806 nt_status = NT_STATUS_NO_MEMORY;
3810 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3813 if (!W_ERROR_IS_OK(result))
3816 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3818 struct srvsvc_NetShareInfo502 info502 =
3819 ctr_src.ctr.ctr502->array[i];
3821 if (!check_share_sanity(c, cli, info502.name, info502.type))
3824 /* one might not want to mirror whole discs :) */
3825 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3826 d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
3830 switch (net_mode_share)
3832 case NET_MODE_SHARE_MIGRATE:
3836 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3839 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3841 c->opt_acls ? "including" : "without",
3842 c->opt_attrs ? "including" : "without",
3843 c->opt_timestamps ? "(preserving timestamps)" : "");
3845 cp_clistate.mem_ctx = mem_ctx;
3846 cp_clistate.cli_share_src = NULL;
3847 cp_clistate.cli_share_dst = NULL;
3848 cp_clistate.cwd = NULL;
3849 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3852 /* open share source */
3853 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
3854 &cli->dest_ss, cli->desthost,
3855 info502.name, "A:");
3856 if (!NT_STATUS_IS_OK(nt_status))
3859 got_src_share = true;
3861 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3862 /* open share destination */
3863 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
3864 NULL, dst, info502.name, "A:");
3865 if (!NT_STATUS_IS_OK(nt_status))
3868 got_dst_share = true;
3871 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
3872 d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
3873 nt_status = NT_STATUS_UNSUCCESSFUL;
3877 if (!sync_files(&cp_clistate, mask)) {
3878 d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
3879 nt_status = NT_STATUS_UNSUCCESSFUL;
3884 nt_status = NT_STATUS_OK;
3889 cli_shutdown(cp_clistate.cli_share_src);
3892 cli_shutdown(cp_clistate.cli_share_dst);
3899 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
3901 if (c->display_usage) {
3903 "net share migrate files\n"
3904 " Migrate files to local server\n");
3909 d_printf("no server to migrate\n");
3913 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3914 rpc_share_migrate_files_internals,
3919 * Migrate share-ACLs from a remote RPC server to the local RPC server.
3921 * All parameters are provided by the run_rpc_command function, except for
3922 * argc, argv which are passed through.
3924 * @param domain_sid The domain sid acquired from the remote server.
3925 * @param cli A cli_state connected to the server.
3926 * @param mem_ctx Talloc context, destroyed on completion of the function.
3927 * @param argc Standard main() style argc.
3928 * @param argv Standard main() style argv. Initial components are already
3931 * @return Normal NTSTATUS return.
3934 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
3935 const DOM_SID *domain_sid,
3936 const char *domain_name,
3937 struct cli_state *cli,
3938 struct rpc_pipe_client *pipe_hnd,
3939 TALLOC_CTX *mem_ctx,
3944 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3945 struct srvsvc_NetShareInfoCtr ctr_src;
3946 union srvsvc_NetShareInfo info;
3948 struct rpc_pipe_client *srvsvc_pipe = NULL;
3949 struct cli_state *cli_dst = NULL;
3950 uint32 level = 502; /* includes secdesc */
3951 uint32_t parm_error = 0;
3953 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3956 if (!W_ERROR_IS_OK(result))
3959 /* connect destination PI_SRVSVC */
3960 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, PI_SRVSVC);
3961 if (!NT_STATUS_IS_OK(nt_status))
3965 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3967 struct srvsvc_NetShareInfo502 info502 =
3968 ctr_src.ctr.ctr502->array[i];
3970 /* reset error-code */
3971 nt_status = NT_STATUS_UNSUCCESSFUL;
3973 if (!check_share_sanity(c, cli, info502.name, info502.type))
3976 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3977 info502.name, info502.path, info502.comment);
3980 display_sec_desc(info502.sd_buf.sd);
3982 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3983 info.info502 = &info502;
3985 /* finally modify the share on the dst server */
3986 nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
3987 srvsvc_pipe->desthost,
3993 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3994 printf("cannot set share-acl: %s\n", dos_errstr(result));
4000 nt_status = NT_STATUS_OK;
4004 cli_shutdown(cli_dst);
4012 * Migrate share-acls from a RPC server to another.
4014 * @param argc Standard main() style argc.
4015 * @param argv Standard main() style argv. Initial components are already
4018 * @return A shell status integer (0 for success).
4020 static int rpc_share_migrate_security(struct net_context *c, int argc,
4023 if (c->display_usage) {
4025 "net rpc share migrate security\n"
4026 " Migrate share-acls to local server\n");
4031 d_printf("no server to migrate\n");
4035 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4036 rpc_share_migrate_security_internals,
4041 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
4042 * from one server to another.
4044 * @param argc Standard main() style argc.
4045 * @param argv Standard main() style argv. Initial components are already
4048 * @return A shell status integer (0 for success).
4051 static int rpc_share_migrate_all(struct net_context *c, int argc,
4056 if (c->display_usage) {
4058 "net rpc share migrate all\n"
4059 " Migrates shares including all share settings\n");
4064 d_printf("no server to migrate\n");
4068 /* order is important. we don't want to be locked out by the share-acl
4069 * before copying files - gd */
4071 ret = run_rpc_command(c, NULL, PI_SRVSVC, 0,
4072 rpc_share_migrate_shares_internals, argc, argv);
4076 ret = run_rpc_command(c, NULL, PI_SRVSVC, 0,
4077 rpc_share_migrate_files_internals, argc, argv);
4081 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4082 rpc_share_migrate_security_internals, argc,
4088 * 'net rpc share migrate' entrypoint.
4089 * @param argc Standard main() style argc.
4090 * @param argv Standard main() style argv. Initial components are already
4093 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
4096 struct functable func[] = {
4099 rpc_share_migrate_all,
4101 "Migrate shares from remote to local server",
4102 "net rpc share migrate all\n"
4103 " Migrate shares from remote to local server"
4107 rpc_share_migrate_files,
4109 "Migrate files from remote to local server",
4110 "net rpc share migrate files\n"
4111 " Migrate files from remote to local server"
4115 rpc_share_migrate_security,
4117 "Migrate share-ACLs from remote to local server",
4118 "net rpc share migrate security\n"
4119 " Migrate share-ACLs from remote to local server"
4123 rpc_share_migrate_shares,
4125 "Migrate shares from remote to local server",
4126 "net rpc share migrate shares\n"
4127 " Migrate shares from remote to local server"
4129 {NULL, NULL, 0, NULL, NULL}
4132 net_mode_share = NET_MODE_SHARE_MIGRATE;
4134 return net_run_function(c, argc, argv, "net rpc share migrate", func);
4143 static int num_server_aliases;
4144 static struct full_alias *server_aliases;
4147 * Add an alias to the static list.
4149 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
4151 if (server_aliases == NULL)
4152 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
4154 server_aliases[num_server_aliases] = *alias;
4155 num_server_aliases += 1;
4159 * For a specific domain on the server, fetch all the aliases
4160 * and their members. Add all of them to the server_aliases.
4163 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
4164 TALLOC_CTX *mem_ctx,
4165 POLICY_HND *connect_pol,
4166 const DOM_SID *domain_sid)
4168 uint32 start_idx, max_entries, num_entries, i;
4169 struct samr_SamArray *groups = NULL;
4171 POLICY_HND domain_pol;
4173 /* Get domain policy handle */
4175 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
4177 MAXIMUM_ALLOWED_ACCESS,
4178 CONST_DISCARD(struct dom_sid2 *, domain_sid),
4180 if (!NT_STATUS_IS_OK(result))
4187 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
4193 for (i = 0; i < num_entries; i++) {
4195 POLICY_HND alias_pol;
4196 struct full_alias alias;
4197 struct lsa_SidArray sid_array;
4200 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
4202 MAXIMUM_ALLOWED_ACCESS,
4203 groups->entries[i].idx,
4205 if (!NT_STATUS_IS_OK(result))
4208 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
4211 if (!NT_STATUS_IS_OK(result))
4214 alias.num_members = sid_array.num_sids;
4216 result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
4217 if (!NT_STATUS_IS_OK(result))
4220 alias.members = NULL;
4222 if (alias.num_members > 0) {
4223 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
4225 for (j = 0; j < alias.num_members; j++)
4226 sid_copy(&alias.members[j],
4227 sid_array.sids[j].sid);
4230 sid_copy(&alias.sid, domain_sid);
4231 sid_append_rid(&alias.sid, groups->entries[i].idx);
4233 push_alias(mem_ctx, &alias);
4235 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4237 result = NT_STATUS_OK;
4240 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
4246 * Dump server_aliases as names for debugging purposes.
4249 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
4250 const DOM_SID *domain_sid,
4251 const char *domain_name,
4252 struct cli_state *cli,
4253 struct rpc_pipe_client *pipe_hnd,
4254 TALLOC_CTX *mem_ctx,
4262 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
4263 SEC_RIGHTS_MAXIMUM_ALLOWED,
4265 if (!NT_STATUS_IS_OK(result))
4268 for (i=0; i<num_server_aliases; i++) {
4271 enum lsa_SidType *types;
4274 struct full_alias *alias = &server_aliases[i];
4276 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4278 &domains, &names, &types);
4279 if (!NT_STATUS_IS_OK(result))
4282 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4284 if (alias->num_members == 0) {
4289 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4292 &domains, &names, &types);
4294 if (!NT_STATUS_IS_OK(result) &&
4295 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4298 for (j=0; j<alias->num_members; j++)
4299 DEBUG(1, ("%s\\%s (%d); ",
4300 domains[j] ? domains[j] : "*unknown*",
4301 names[j] ? names[j] : "*unknown*",types[j]));
4305 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
4307 return NT_STATUS_OK;
4311 * Fetch a list of all server aliases and their members into
4315 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
4316 const DOM_SID *domain_sid,
4317 const char *domain_name,
4318 struct cli_state *cli,
4319 struct rpc_pipe_client *pipe_hnd,
4320 TALLOC_CTX *mem_ctx,
4325 POLICY_HND connect_pol;
4327 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
4329 MAXIMUM_ALLOWED_ACCESS,
4332 if (!NT_STATUS_IS_OK(result))
4335 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4336 &global_sid_Builtin);
4338 if (!NT_STATUS_IS_OK(result))
4341 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4344 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
4349 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
4351 token->num_sids = 4;
4353 if (!(token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4))) {
4354 d_fprintf(stderr, "malloc failed\n");
4355 token->num_sids = 0;
4359 token->user_sids[0] = *user_sid;
4360 sid_copy(&token->user_sids[1], &global_sid_World);
4361 sid_copy(&token->user_sids[2], &global_sid_Network);
4362 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
4365 static void free_user_token(NT_USER_TOKEN *token)
4367 SAFE_FREE(token->user_sids);
4370 static bool is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
4374 for (i=0; i<token->num_sids; i++) {
4375 if (sid_compare(sid, &token->user_sids[i]) == 0)
4381 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
4383 if (is_sid_in_token(token, sid))
4386 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
4387 if (!token->user_sids) {
4391 sid_copy(&token->user_sids[token->num_sids], sid);
4393 token->num_sids += 1;
4398 NT_USER_TOKEN token;
4401 static void dump_user_token(struct user_token *token)
4405 d_printf("%s\n", token->name);
4407 for (i=0; i<token->token.num_sids; i++) {
4408 d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
4412 static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
4416 for (i=0; i<alias->num_members; i++) {
4417 if (sid_compare(sid, &alias->members[i]) == 0)
4424 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
4428 for (i=0; i<num_server_aliases; i++) {
4429 if (is_alias_member(&sid, &server_aliases[i]))
4430 add_sid_to_token(token, &server_aliases[i].sid);
4435 * We got a user token with all the SIDs we can know about without asking the
4436 * server directly. These are the user and domain group sids. All of these can
4437 * be members of aliases. So scan the list of aliases for each of the SIDs and
4438 * add them to the token.
4441 static void collect_alias_memberships(NT_USER_TOKEN *token)
4443 int num_global_sids = token->num_sids;
4446 for (i=0; i<num_global_sids; i++) {
4447 collect_sid_memberships(token, token->user_sids[i]);
4451 static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
4453 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4454 enum wbcSidType type;
4456 struct wbcDomainSid wsid;
4457 char *sid_str = NULL;
4459 uint32_t num_groups;
4460 gid_t *groups = NULL;
4463 fstr_sprintf(full_name, "%s%c%s",
4464 domain, *lp_winbind_separator(), user);
4466 /* First let's find out the user sid */
4468 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4470 if (!WBC_ERROR_IS_OK(wbc_status)) {
4471 DEBUG(1, ("winbind could not find %s: %s\n",
4472 full_name, wbcErrorString(wbc_status)));
4476 wbc_status = wbcSidToString(&wsid, &sid_str);
4477 if (!WBC_ERROR_IS_OK(wbc_status)) {
4481 if (type != SID_NAME_USER) {
4482 wbcFreeMemory(sid_str);
4483 DEBUG(1, ("%s is not a user\n", full_name));
4487 string_to_sid(&user_sid, sid_str);
4488 wbcFreeMemory(sid_str);
4491 init_user_token(token, &user_sid);
4493 /* And now the groups winbind knows about */
4495 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4496 if (!WBC_ERROR_IS_OK(wbc_status)) {
4497 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4498 full_name, wbcErrorString(wbc_status)));
4502 for (i = 0; i < num_groups; i++) {
4503 gid_t gid = groups[i];
4506 wbc_status = wbcGidToSid(gid, &wsid);
4507 if (!WBC_ERROR_IS_OK(wbc_status)) {
4508 DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
4509 gid, wbcErrorString(wbc_status)));
4510 wbcFreeMemory(groups);
4514 wbc_status = wbcSidToString(&wsid, &sid_str);
4515 if (!WBC_ERROR_IS_OK(wbc_status)) {
4516 wbcFreeMemory(groups);
4520 DEBUG(3, (" %s\n", sid_str));
4522 string_to_sid(&sid, sid_str);
4523 wbcFreeMemory(sid_str);
4526 add_sid_to_token(token, &sid);
4528 wbcFreeMemory(groups);
4534 * Get a list of all user tokens we want to look at
4537 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4538 struct user_token **user_tokens)
4540 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4541 uint32_t i, num_users;
4543 struct user_token *result;
4544 TALLOC_CTX *frame = NULL;
4546 if (lp_winbind_use_default_domain() &&
4547 (c->opt_target_workgroup == NULL)) {
4548 d_fprintf(stderr, "winbind use default domain = yes set, "
4549 "please specify a workgroup\n");
4553 /* Send request to winbind daemon */
4555 wbc_status = wbcListUsers(NULL, &num_users, &users);
4556 if (!WBC_ERROR_IS_OK(wbc_status)) {
4557 DEBUG(1, ("winbind could not list users: %s\n",
4558 wbcErrorString(wbc_status)));
4562 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4564 if (result == NULL) {
4565 DEBUG(1, ("Could not malloc sid array\n"));
4566 wbcFreeMemory(users);
4570 frame = talloc_stackframe();
4571 for (i=0; i < num_users; i++) {
4572 fstring domain, user;
4575 fstrcpy(result[i].name, users[i]);
4577 p = strchr(users[i], *lp_winbind_separator());
4579 DEBUG(3, ("%s\n", users[i]));
4582 fstrcpy(domain, c->opt_target_workgroup);
4583 fstrcpy(user, users[i]);
4586 fstrcpy(domain, users[i]);
4591 get_user_sids(domain, user, &(result[i].token));
4595 wbcFreeMemory(users);
4597 *num_tokens = num_users;
4598 *user_tokens = result;
4603 static bool get_user_tokens_from_file(FILE *f,
4605 struct user_token **tokens)
4607 struct user_token *token = NULL;
4612 if (fgets(line, sizeof(line)-1, f) == NULL) {
4616 if (line[strlen(line)-1] == '\n')
4617 line[strlen(line)-1] = '\0';
4619 if (line[0] == ' ') {
4623 string_to_sid(&sid, &line[1]);
4625 if (token == NULL) {
4626 DEBUG(0, ("File does not begin with username"));
4630 add_sid_to_token(&token->token, &sid);
4634 /* And a new user... */
4637 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4638 if (*tokens == NULL) {
4639 DEBUG(0, ("Could not realloc tokens\n"));
4643 token = &((*tokens)[*num_tokens-1]);
4645 fstrcpy(token->name, line);
4646 token->token.num_sids = 0;
4647 token->token.user_sids = NULL;
4656 * Show the list of all users that have access to a share
4659 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4660 TALLOC_CTX *mem_ctx,
4661 const char *netname,
4663 struct user_token *tokens)
4666 SEC_DESC *share_sd = NULL;
4667 SEC_DESC *root_sd = NULL;
4668 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4670 union srvsvc_NetShareInfo info;
4675 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4682 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4683 DEBUG(1, ("Coult not query secdesc for share %s\n",
4688 share_sd = info.info502->sd_buf.sd;
4689 if (share_sd == NULL) {
4690 DEBUG(1, ("Got no secdesc for share %s\n",
4696 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4700 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4703 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4706 for (i=0; i<num_tokens; i++) {
4709 if (share_sd != NULL) {
4710 if (!se_access_check(share_sd, &tokens[i].token,
4711 1, &acc_granted, &status)) {
4712 DEBUG(1, ("Could not check share_sd for "
4718 if (!NT_STATUS_IS_OK(status))
4722 if (root_sd == NULL) {
4723 d_printf(" %s\n", tokens[i].name);
4727 if (!se_access_check(root_sd, &tokens[i].token,
4728 1, &acc_granted, &status)) {
4729 DEBUG(1, ("Could not check root_sd for user %s\n",
4734 if (!NT_STATUS_IS_OK(status))
4737 d_printf(" %s\n", tokens[i].name);
4741 cli_close(cli, fnum);
4753 static void collect_share(const char *name, uint32 m,
4754 const char *comment, void *state)
4756 struct share_list *share_list = (struct share_list *)state;
4758 if (m != STYPE_DISKTREE)
4761 share_list->num_shares += 1;
4762 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4763 if (!share_list->shares) {
4764 share_list->num_shares = 0;
4767 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4771 * List shares on a remote RPC server, including the security descriptors.
4773 * All parameters are provided by the run_rpc_command function, except for
4774 * argc, argv which are passed through.
4776 * @param domain_sid The domain sid acquired from the remote server.
4777 * @param cli A cli_state connected to the server.
4778 * @param mem_ctx Talloc context, destroyed on completion of the function.
4779 * @param argc Standard main() style argc.
4780 * @param argv Standard main() style argv. Initial components are already
4783 * @return Normal NTSTATUS return.
4786 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
4787 const DOM_SID *domain_sid,
4788 const char *domain_name,
4789 struct cli_state *cli,
4790 struct rpc_pipe_client *pipe_hnd,
4791 TALLOC_CTX *mem_ctx,
4801 struct user_token *tokens = NULL;
4804 struct share_list share_list;
4809 f = fopen(argv[0], "r");
4813 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4814 return NT_STATUS_UNSUCCESSFUL;
4817 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4823 DEBUG(0, ("Could not read users from file\n"));
4824 return NT_STATUS_UNSUCCESSFUL;
4827 for (i=0; i<num_tokens; i++)
4828 collect_alias_memberships(&tokens[i].token);
4830 init_enum_hnd(&hnd, 0);
4832 share_list.num_shares = 0;
4833 share_list.shares = NULL;
4835 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4838 DEBUG(0, ("Error returning browse list: %s\n",
4843 for (i = 0; i < share_list.num_shares; i++) {
4844 char *netname = share_list.shares[i];
4846 if (netname[strlen(netname)-1] == '$')
4849 d_printf("%s\n", netname);
4851 show_userlist(pipe_hnd, mem_ctx, netname,
4852 num_tokens, tokens);
4855 for (i=0; i<num_tokens; i++) {
4856 free_user_token(&tokens[i].token);
4859 SAFE_FREE(share_list.shares);
4861 return NT_STATUS_OK;
4864 static int rpc_share_allowedusers(struct net_context *c, int argc,
4869 if (c->display_usage) {
4871 "net rpc share allowedusers\n"
4872 " List allowed users\n");
4876 result = run_rpc_command(c, NULL, PI_SAMR, 0,
4877 rpc_aliaslist_internals,
4882 result = run_rpc_command(c, NULL, PI_LSARPC, 0,
4888 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4889 rpc_share_allowedusers_internals,
4893 int net_usersidlist(struct net_context *c, int argc, const char **argv)
4896 struct user_token *tokens = NULL;
4900 net_usersidlist_usage(c, argc, argv);
4904 if (!get_user_tokens(c, &num_tokens, &tokens)) {
4905 DEBUG(0, ("Could not get the user/sid list\n"));
4909 for (i=0; i<num_tokens; i++) {
4910 dump_user_token(&tokens[i]);
4911 free_user_token(&tokens[i].token);
4918 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
4920 d_printf("net usersidlist\n"
4921 "\tprints out a list of all users the running winbind knows\n"
4922 "\tabout, together with all their SIDs. This is used as\n"
4923 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4925 net_common_flags_usage(c, argc, argv);
4930 * 'net rpc share' entrypoint.
4931 * @param argc Standard main() style argc.
4932 * @param argv Standard main() style argv. Initial components are already
4936 int net_rpc_share(struct net_context *c, int argc, const char **argv)
4938 struct functable func[] = {
4944 "net rpc share add\n"
4952 "net rpc share delete\n"
4957 rpc_share_allowedusers,
4959 "Modify allowed users",
4960 "net rpc share allowedusers\n"
4961 " Modify allowed users"
4967 "Migrate share to local server",
4968 "net rpc share migrate\n"
4969 " Migrate share to local server"
4976 "net rpc share list\n"
4979 {NULL, NULL, 0, NULL, NULL}
4984 if (c->display_usage) {
4988 " Alias for net rpc share list\n");
4989 net_display_usage_from_functable(func);
4993 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4994 rpc_share_list_internals,
4998 return net_run_function(c, argc, argv, "net rpc share", func);
5001 static NTSTATUS rpc_sh_share_list(struct net_context *c,
5002 TALLOC_CTX *mem_ctx,
5003 struct rpc_sh_ctx *ctx,
5004 struct rpc_pipe_client *pipe_hnd,
5005 int argc, const char **argv)
5007 return rpc_share_list_internals(c, ctx->domain_sid, ctx->domain_name,
5008 ctx->cli, pipe_hnd, mem_ctx,
5012 static NTSTATUS rpc_sh_share_add(struct net_context *c,
5013 TALLOC_CTX *mem_ctx,
5014 struct rpc_sh_ctx *ctx,
5015 struct rpc_pipe_client *pipe_hnd,
5016 int argc, const char **argv)
5020 uint32_t parm_err = 0;
5021 union srvsvc_NetShareInfo info;
5022 struct srvsvc_NetShareInfo2 info2;
5024 if ((argc < 2) || (argc > 3)) {
5025 d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
5027 return NT_STATUS_INVALID_PARAMETER;
5030 info2.name = argv[0];
5031 info2.type = STYPE_DISKTREE;
5032 info2.comment = (argc == 3) ? argv[2] : "";
5033 info2.permissions = 0;
5034 info2.max_users = 0;
5035 info2.current_users = 0;
5036 info2.path = argv[1];
5037 info2.password = NULL;
5039 info.info2 = &info2;
5041 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
5051 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
5052 TALLOC_CTX *mem_ctx,
5053 struct rpc_sh_ctx *ctx,
5054 struct rpc_pipe_client *pipe_hnd,
5055 int argc, const char **argv)
5061 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
5062 return NT_STATUS_INVALID_PARAMETER;
5065 status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
5074 static NTSTATUS rpc_sh_share_info(struct net_context *c,
5075 TALLOC_CTX *mem_ctx,
5076 struct rpc_sh_ctx *ctx,
5077 struct rpc_pipe_client *pipe_hnd,
5078 int argc, const char **argv)
5080 union srvsvc_NetShareInfo info;
5085 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
5086 return NT_STATUS_INVALID_PARAMETER;
5089 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
5095 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
5099 d_printf("Name: %s\n", info.info2->name);
5100 d_printf("Comment: %s\n", info.info2->comment);
5101 d_printf("Path: %s\n", info.info2->path);
5102 d_printf("Password: %s\n", info.info2->password);
5105 return werror_to_ntstatus(result);
5108 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
5109 struct rpc_sh_ctx *ctx)
5111 static struct rpc_sh_cmd cmds[] = {
5113 { "list", NULL, PI_SRVSVC, rpc_sh_share_list,
5114 "List available shares" },
5116 { "add", NULL, PI_SRVSVC, rpc_sh_share_add,
5119 { "delete", NULL, PI_SRVSVC, rpc_sh_share_delete,
5122 { "info", NULL, PI_SRVSVC, rpc_sh_share_info,
5123 "Get information about a share" },
5125 { NULL, NULL, 0, NULL, NULL }
5131 /****************************************************************************/
5133 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
5135 return net_file_usage(c, argc, argv);
5139 * Close a file on a remote RPC server.
5141 * All parameters are provided by the run_rpc_command function, except for
5142 * argc, argv which are passed through.
5144 * @param c A net_context structure.
5145 * @param domain_sid The domain sid acquired from the remote server.
5146 * @param cli A cli_state connected to the server.
5147 * @param mem_ctx Talloc context, destroyed on completion of the function.
5148 * @param argc Standard main() style argc.
5149 * @param argv Standard main() style argv. Initial components are already
5152 * @return Normal NTSTATUS return.
5154 static NTSTATUS rpc_file_close_internals(struct net_context *c,
5155 const DOM_SID *domain_sid,
5156 const char *domain_name,
5157 struct cli_state *cli,
5158 struct rpc_pipe_client *pipe_hnd,
5159 TALLOC_CTX *mem_ctx,
5163 return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx,
5165 atoi(argv[0]), NULL);
5169 * Close a file on a remote RPC server.
5171 * @param argc Standard main() style argc.
5172 * @param argv Standard main() style argv. Initial components are already
5175 * @return A shell status integer (0 for success).
5177 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
5179 if (argc < 1 || c->display_usage) {
5180 return rpc_file_usage(c, argc, argv);
5183 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5184 rpc_file_close_internals,
5189 * Formatted print of open file info
5191 * @param r struct srvsvc_NetFileInfo3 contents
5194 static void display_file_info_3(struct srvsvc_NetFileInfo3 *r)
5196 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
5197 r->fid, r->user, r->permissions, r->num_locks, r->path);
5201 * List open files on a remote RPC server.
5203 * All parameters are provided by the run_rpc_command function, except for
5204 * argc, argv which are passed through.
5206 * @param c A net_context structure.
5207 * @param domain_sid The domain sid acquired from the remote server.
5208 * @param cli A cli_state connected to the server.
5209 * @param mem_ctx Talloc context, destroyed on completion of the function.
5210 * @param argc Standard main() style argc.
5211 * @param argv Standard main() style argv. Initial components are already
5214 * @return Normal NTSTATUS return.
5217 static NTSTATUS rpc_file_list_internals(struct net_context *c,
5218 const DOM_SID *domain_sid,
5219 const char *domain_name,
5220 struct cli_state *cli,
5221 struct rpc_pipe_client *pipe_hnd,
5222 TALLOC_CTX *mem_ctx,
5226 struct srvsvc_NetFileInfoCtr info_ctr;
5227 struct srvsvc_NetFileCtr3 ctr3;
5230 uint32 preferred_len = 0xffffffff, i;
5231 const char *username=NULL;
5232 uint32_t total_entries = 0;
5233 uint32_t resume_handle = 0;
5235 /* if argc > 0, must be user command */
5237 username = smb_xstrdup(argv[0]);
5239 ZERO_STRUCT(info_ctr);
5243 info_ctr.ctr.ctr3 = &ctr3;
5245 status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx,
5255 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result))
5258 /* Display results */
5261 "\nEnumerating open files on remote server:\n\n"
5262 "\nFileId Opened by Perms Locks Path"
5263 "\n------ --------- ----- ----- ---- \n");
5264 for (i = 0; i < total_entries; i++)
5265 display_file_info_3(&info_ctr.ctr.ctr3->array[i]);
5267 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
5271 * List files for a user on a remote RPC server.
5273 * @param argc Standard main() style argc.
5274 * @param argv Standard main() style argv. Initial components are already
5277 * @return A shell status integer (0 for success)..
5280 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
5282 if (argc < 1 || c->display_usage) {
5283 return rpc_file_usage(c, argc, argv);
5286 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5287 rpc_file_list_internals,
5292 * 'net rpc file' entrypoint.
5293 * @param argc Standard main() style argc.
5294 * @param argv Standard main() style argv. Initial components are already
5298 int net_rpc_file(struct net_context *c, int argc, const char **argv)
5300 struct functable func[] = {
5305 "Close opened file",
5306 "net rpc file close\n"
5307 " Close opened file"
5313 "List files opened by user",
5314 "net rpc file user\n"
5315 " List files opened by user"
5322 "Display information about opened file",
5323 "net rpc file info\n"
5324 " Display information about opened file"
5327 {NULL, NULL, 0, NULL, NULL}
5331 if (c->display_usage) {
5332 d_printf("Usage:\n");
5333 d_printf("net rpc file\n"
5334 " List opened files\n");
5335 net_display_usage_from_functable(func);
5339 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5340 rpc_file_list_internals,
5344 return net_run_function(c, argc, argv, "net rpc file", func);
5348 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
5350 * All parameters are provided by the run_rpc_command function, except for
5351 * argc, argv which are passed through.
5353 * @param c A net_context structure.
5354 * @param domain_sid The domain sid acquired from the remote server.
5355 * @param cli A cli_state connected to the server.
5356 * @param mem_ctx Talloc context, destroyed on completion of the function.
5357 * @param argc Standard main() style argc.
5358 * @param argv Standard main() style argv. Initial components are already
5361 * @return Normal NTSTATUS return.
5364 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
5365 const DOM_SID *domain_sid,
5366 const char *domain_name,
5367 struct cli_state *cli,
5368 struct rpc_pipe_client *pipe_hnd,
5369 TALLOC_CTX *mem_ctx,
5373 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5375 result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
5377 if (NT_STATUS_IS_OK(result)) {
5378 d_printf("\nShutdown successfully aborted\n");
5379 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5381 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5387 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
5389 * All parameters are provided by the run_rpc_command function, except for
5390 * argc, argv which are passed through.
5392 * @param c A net_context structure.
5393 * @param domain_sid The domain sid acquired from the remote server.
5394 * @param cli A cli_state connected to the server.
5395 * @param mem_ctx Talloc context, destroyed on completion of the function.
5396 * @param argc Standard main() style argc.
5397 * @param argv Standard main() style argv. Initial components are already
5400 * @return Normal NTSTATUS return.
5403 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
5404 const DOM_SID *domain_sid,
5405 const char *domain_name,
5406 struct cli_state *cli,
5407 struct rpc_pipe_client *pipe_hnd,
5408 TALLOC_CTX *mem_ctx,
5412 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5414 result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
5416 if (NT_STATUS_IS_OK(result)) {
5417 d_printf("\nShutdown successfully aborted\n");
5418 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5420 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5426 * ABORT the shutdown of a remote RPC server.
5428 * @param argc Standard main() style argc.
5429 * @param argv Standard main() style argv. Initial components are already
5432 * @return A shell status integer (0 for success).
5435 static int rpc_shutdown_abort(struct net_context *c, int argc,
5440 if (c->display_usage) {
5442 "net rpc abortshutdown\n"
5443 " Abort a scheduled shutdown\n");
5447 rc = run_rpc_command(c, NULL, PI_INITSHUTDOWN, 0,
5448 rpc_shutdown_abort_internals, argc, argv);
5453 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5455 return run_rpc_command(c, NULL, PI_WINREG, 0,
5456 rpc_reg_shutdown_abort_internals,
5461 * Shut down a remote RPC Server via initshutdown pipe.
5463 * All parameters are provided by the run_rpc_command function, except for
5464 * argc, argv which are passed through.
5466 * @param c A net_context structure.
5467 * @param domain_sid The domain sid acquired from the remote server.
5468 * @param cli A cli_state connected to the server.
5469 * @param mem_ctx Talloc context, destroyed on completion of the function.
5470 * @param argc Standard main() style argc.
5471 * @param argv Standard main() style argv. Initial components are already
5474 * @return Normal NTSTATUS return.
5477 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
5478 const DOM_SID *domain_sid,
5479 const char *domain_name,
5480 struct cli_state *cli,
5481 struct rpc_pipe_client *pipe_hnd,
5482 TALLOC_CTX *mem_ctx,
5486 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5487 const char *msg = "This machine will be shutdown shortly";
5488 uint32 timeout = 20;
5489 struct initshutdown_String msg_string;
5490 struct initshutdown_String_sub s;
5492 if (c->opt_comment) {
5493 msg = c->opt_comment;
5495 if (c->opt_timeout) {
5496 timeout = c->opt_timeout;
5500 msg_string.name = &s;
5502 /* create an entry */
5503 result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
5504 &msg_string, timeout, c->opt_force, c->opt_reboot,
5507 if (NT_STATUS_IS_OK(result)) {
5508 d_printf("\nShutdown of remote machine succeeded\n");
5509 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5511 DEBUG(1,("Shutdown of remote machine failed!\n"));
5517 * Shut down a remote RPC Server via winreg pipe.
5519 * All parameters are provided by the run_rpc_command function, except for
5520 * argc, argv which are passed through.
5522 * @param c A net_context structure.
5523 * @param domain_sid The domain sid acquired from the remote server.
5524 * @param cli A cli_state connected to the server.
5525 * @param mem_ctx Talloc context, destroyed on completion of the function.
5526 * @param argc Standard main() style argc.
5527 * @param argv Standard main() style argv. Initial components are already
5530 * @return Normal NTSTATUS return.
5533 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5534 const DOM_SID *domain_sid,
5535 const char *domain_name,
5536 struct cli_state *cli,
5537 struct rpc_pipe_client *pipe_hnd,
5538 TALLOC_CTX *mem_ctx,
5542 const char *msg = "This machine will be shutdown shortly";
5543 uint32 timeout = 20;
5544 struct initshutdown_String msg_string;
5545 struct initshutdown_String_sub s;
5549 if (c->opt_comment) {
5550 msg = c->opt_comment;
5553 msg_string.name = &s;
5555 if (c->opt_timeout) {
5556 timeout = c->opt_timeout;
5559 /* create an entry */
5560 result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
5561 &msg_string, timeout, c->opt_force, c->opt_reboot,
5564 if (NT_STATUS_IS_OK(result)) {
5565 d_printf("\nShutdown of remote machine succeeded\n");
5567 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5568 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5569 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5571 d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
5578 * Shut down a remote RPC server.
5580 * @param argc Standard main() style argc.
5581 * @param argv Standard main() style argv. Initial components are already
5584 * @return A shell status integer (0 for success).
5587 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
5591 if (c->display_usage) {
5593 "net rpc shutdown\n"
5594 " Shut down a remote RPC server\n");
5598 rc = run_rpc_command(c, NULL, PI_INITSHUTDOWN, 0,
5599 rpc_init_shutdown_internals, argc, argv);
5602 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5603 rc = run_rpc_command(c, NULL, PI_WINREG, 0,
5604 rpc_reg_shutdown_internals, argc, argv);
5610 /***************************************************************************
5611 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5612 ***************************************************************************/
5615 * Add interdomain trust account to the RPC server.
5616 * All parameters (except for argc and argv) are passed by run_rpc_command
5619 * @param c A net_context structure.
5620 * @param domain_sid The domain sid acquired from the server.
5621 * @param cli A cli_state connected to the server.
5622 * @param mem_ctx Talloc context, destroyed on completion of the function.
5623 * @param argc Standard main() style argc.
5624 * @param argv Standard main() style argv. Initial components are already
5627 * @return normal NTSTATUS return code.
5630 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
5631 const DOM_SID *domain_sid,
5632 const char *domain_name,
5633 struct cli_state *cli,
5634 struct rpc_pipe_client *pipe_hnd,
5635 TALLOC_CTX *mem_ctx,
5639 POLICY_HND connect_pol, domain_pol, user_pol;
5640 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5642 struct lsa_String lsa_acct_name;
5644 uint32 acct_flags=0;
5646 uint32_t access_granted = 0;
5647 union samr_UserInfo info;
5650 d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
5651 return NT_STATUS_INVALID_PARAMETER;
5655 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5658 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5659 return NT_STATUS_NO_MEMORY;
5662 strupper_m(acct_name);
5664 init_lsa_String(&lsa_acct_name, acct_name);
5666 /* Get samr policy handle */
5667 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5669 MAXIMUM_ALLOWED_ACCESS,
5671 if (!NT_STATUS_IS_OK(result)) {
5675 /* Get domain policy handle */
5676 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5678 MAXIMUM_ALLOWED_ACCESS,
5679 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5681 if (!NT_STATUS_IS_OK(result)) {
5685 /* Create trusting domain's account */
5686 acb_info = ACB_NORMAL;
5687 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5688 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5689 SAMR_USER_ACCESS_SET_PASSWORD |
5690 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5691 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5693 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5701 if (!NT_STATUS_IS_OK(result)) {
5707 struct samr_LogonHours hours;
5708 struct lsa_BinaryString parameters;
5709 const int units_per_week = 168;
5712 encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
5714 ZERO_STRUCT(notime);
5716 ZERO_STRUCT(parameters);
5718 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
5720 result = NT_STATUS_NO_MEMORY;
5723 hours.units_per_week = units_per_week;
5724 memset(hours.bits, 0xFF, units_per_week);
5726 init_samr_user_info23(&info.info23,
5727 notime, notime, notime,
5728 notime, notime, notime,
5729 NULL, NULL, NULL, NULL, NULL,
5730 NULL, NULL, NULL, NULL, ¶meters,
5731 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
5733 0, 0, 0, 0, 0, 0, 0,
5736 SamOEMhashBlob(info.info23.password.data, 516,
5737 &cli->user_session_key);
5739 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5744 if (!NT_STATUS_IS_OK(result)) {
5745 DEBUG(0,("Could not set trust account password: %s\n",
5746 nt_errstr(result)));
5752 SAFE_FREE(acct_name);
5757 * Create interdomain trust account for a remote domain.
5759 * @param argc Standard argc.
5760 * @param argv Standard argv without initial components.
5762 * @return Integer status (0 means success).
5765 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
5767 if (argc > 0 && !c->display_usage) {
5768 return run_rpc_command(c, NULL, PI_SAMR, 0,
5769 rpc_trustdom_add_internals, argc, argv);
5772 "net rpc trustdom add <domain>\n");
5779 * Remove interdomain trust account from the RPC server.
5780 * All parameters (except for argc and argv) are passed by run_rpc_command
5783 * @param c A net_context structure.
5784 * @param domain_sid The domain sid acquired from the server.
5785 * @param cli A cli_state connected to the server.
5786 * @param mem_ctx Talloc context, destroyed on completion of the function.
5787 * @param argc Standard main() style argc.
5788 * @param argv Standard main() style argv. Initial components are already
5791 * @return normal NTSTATUS return code.
5794 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
5795 const DOM_SID *domain_sid,
5796 const char *domain_name,
5797 struct cli_state *cli,
5798 struct rpc_pipe_client *pipe_hnd,
5799 TALLOC_CTX *mem_ctx,
5803 POLICY_HND connect_pol, domain_pol, user_pol;
5804 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5806 DOM_SID trust_acct_sid;
5807 struct samr_Ids user_rids, name_types;
5808 struct lsa_String lsa_acct_name;
5811 d_printf("Usage: net rpc trustdom del <domain_name>\n");
5812 return NT_STATUS_INVALID_PARAMETER;
5816 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5818 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5820 if (acct_name == NULL)
5821 return NT_STATUS_NO_MEMORY;
5823 strupper_m(acct_name);
5825 /* Get samr policy handle */
5826 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5828 MAXIMUM_ALLOWED_ACCESS,
5830 if (!NT_STATUS_IS_OK(result)) {
5834 /* Get domain policy handle */
5835 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5837 MAXIMUM_ALLOWED_ACCESS,
5838 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5840 if (!NT_STATUS_IS_OK(result)) {
5844 init_lsa_String(&lsa_acct_name, acct_name);
5846 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5853 if (!NT_STATUS_IS_OK(result)) {
5857 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5859 MAXIMUM_ALLOWED_ACCESS,
5863 if (!NT_STATUS_IS_OK(result)) {
5867 /* append the rid to the domain sid */
5868 sid_copy(&trust_acct_sid, domain_sid);
5869 if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
5873 /* remove the sid */
5875 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5878 if (!NT_STATUS_IS_OK(result)) {
5884 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
5887 if (!NT_STATUS_IS_OK(result)) {
5891 if (!NT_STATUS_IS_OK(result)) {
5892 DEBUG(0,("Could not set trust account password: %s\n",
5893 nt_errstr(result)));
5902 * Delete interdomain trust account for a remote domain.
5904 * @param argc Standard argc.
5905 * @param argv Standard argv without initial components.
5907 * @return Integer status (0 means success).
5910 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
5912 if (argc > 0 && !c->display_usage) {
5913 return run_rpc_command(c, NULL, PI_SAMR, 0,
5914 rpc_trustdom_del_internals, argc, argv);
5917 "net rpc trustdom del <domain>\n");
5922 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
5923 struct cli_state *cli,
5924 TALLOC_CTX *mem_ctx,
5925 const char *domain_name)
5927 char *dc_name = NULL;
5928 const char *buffer = NULL;
5929 struct rpc_pipe_client *netr;
5932 /* Use NetServerEnum2 */
5934 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
5936 return NT_STATUS_OK;
5939 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
5940 for domain %s\n", domain_name));
5942 /* Try netr_GetDcName */
5944 netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &status);
5949 status = rpccli_netr_GetDcName(netr, mem_ctx,
5956 if (NT_STATUS_IS_OK(status)) {
5960 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
5961 for domain %s\n", domain_name));
5967 * Establish trust relationship to a trusting domain.
5968 * Interdomain account must already be created on remote PDC.
5970 * @param c A net_context structure.
5971 * @param argc Standard argc.
5972 * @param argv Standard argv without initial components.
5974 * @return Integer status (0 means success).
5977 static int rpc_trustdom_establish(struct net_context *c, int argc,
5980 struct cli_state *cli = NULL;
5981 struct sockaddr_storage server_ss;
5982 struct rpc_pipe_client *pipe_hnd = NULL;
5983 POLICY_HND connect_hnd;
5984 TALLOC_CTX *mem_ctx;
5986 DOM_SID *domain_sid;
5991 union lsa_PolicyInformation *info = NULL;
5994 * Connect to \\server\ipc$ as 'our domain' account with password
5997 if (argc != 1 || c->display_usage) {
5999 "net rpc trustdom establish <domain_name>\n");
6003 domain_name = smb_xstrdup(argv[0]);
6004 strupper_m(domain_name);
6006 /* account name used at first is our domain's name with '$' */
6007 asprintf(&acct_name, "%s$", lp_workgroup());
6008 strupper_m(acct_name);
6011 * opt_workgroup will be used by connection functions further,
6012 * hence it should be set to remote domain name instead of ours
6014 if (c->opt_workgroup) {
6015 c->opt_workgroup = smb_xstrdup(domain_name);
6018 c->opt_user_name = acct_name;
6020 /* find the domain controller */
6021 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
6022 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
6026 /* connect to ipc$ as username/password */
6027 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
6028 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
6030 /* Is it trusting domain account for sure ? */
6031 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
6032 nt_errstr(nt_status)));
6036 /* store who we connected to */
6038 saf_store( domain_name, pdc_name );
6041 * Connect to \\server\ipc$ again (this time anonymously)
6044 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
6047 if (NT_STATUS_IS_ERR(nt_status)) {
6048 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
6049 domain_name, nt_errstr(nt_status)));
6053 if (!(mem_ctx = talloc_init("establishing trust relationship to "
6054 "domain %s", domain_name))) {
6055 DEBUG(0, ("talloc_init() failed\n"));
6060 /* Make sure we're talking to a proper server */
6062 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
6063 if (!NT_STATUS_IS_OK(nt_status)) {
6065 talloc_destroy(mem_ctx);
6070 * Call LsaOpenPolicy and LsaQueryInfo
6073 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6075 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
6077 talloc_destroy(mem_ctx);
6081 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
6083 if (NT_STATUS_IS_ERR(nt_status)) {
6084 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6085 nt_errstr(nt_status)));
6087 talloc_destroy(mem_ctx);
6091 /* Querying info level 5 */
6093 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6095 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6097 if (NT_STATUS_IS_ERR(nt_status)) {
6098 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6099 nt_errstr(nt_status)));
6101 talloc_destroy(mem_ctx);
6105 domain_sid = info->account_domain.sid;
6107 /* There should be actually query info level 3 (following nt serv behaviour),
6108 but I still don't know if it's _really_ necessary */
6111 * Store the password in secrets db
6114 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
6115 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6117 talloc_destroy(mem_ctx);
6122 * Close the pipes and clean up
6125 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6126 if (NT_STATUS_IS_ERR(nt_status)) {
6127 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
6128 nt_errstr(nt_status)));
6130 talloc_destroy(mem_ctx);
6136 talloc_destroy(mem_ctx);
6138 d_printf("Trust to domain %s established\n", domain_name);
6143 * Revoke trust relationship to the remote domain.
6145 * @param c A net_context structure.
6146 * @param argc Standard argc.
6147 * @param argv Standard argv without initial components.
6149 * @return Integer status (0 means success).
6152 static int rpc_trustdom_revoke(struct net_context *c, int argc,
6158 if (argc < 1 || c->display_usage) {
6160 "net rpc trustdom revoke <domain_name>\n"
6161 " Revoke trust relationship\n"
6162 " domain_name\tName of domain to revoke trust\n");
6166 /* generate upper cased domain name */
6167 domain_name = smb_xstrdup(argv[0]);
6168 strupper_m(domain_name);
6170 /* delete password of the trust */
6171 if (!pdb_del_trusteddom_pw(domain_name)) {
6172 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
6179 SAFE_FREE(domain_name);
6183 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
6184 const DOM_SID *domain_sid,
6185 const char *domain_name,
6186 struct cli_state *cli,
6187 struct rpc_pipe_client *pipe_hnd,
6188 TALLOC_CTX *mem_ctx,
6193 sid_to_fstring(str_sid, domain_sid);
6194 d_printf("%s\n", str_sid);
6195 return NT_STATUS_OK;
6198 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
6200 fstring ascii_sid, padding;
6201 int pad_len, col_len = 20;
6203 /* convert sid into ascii string */
6204 sid_to_fstring(ascii_sid, dom_sid);
6206 /* calculate padding space for d_printf to look nicer */
6207 pad_len = col_len - strlen(trusted_dom_name);
6208 padding[pad_len] = 0;
6209 do padding[--pad_len] = ' '; while (pad_len);
6211 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
6214 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
6215 TALLOC_CTX *mem_ctx,
6218 const char *trusted_dom_name)
6221 union lsa_TrustedDomainInfo *info = NULL;
6222 char *cleartextpwd = NULL;
6223 uint8_t nt_hash[16];
6226 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
6229 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
6231 if (NT_STATUS_IS_ERR(nt_status)) {
6232 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6233 nt_errstr(nt_status)));
6237 data = data_blob(info->password.password->data,
6238 info->password.password->length);
6240 if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
6241 DEBUG(0, ("Could not retrieve password hash\n"));
6245 cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
6247 if (cleartextpwd == NULL) {
6248 DEBUG(0,("retrieved NULL password\n"));
6249 nt_status = NT_STATUS_UNSUCCESSFUL;
6253 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
6254 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6255 nt_status = NT_STATUS_UNSUCCESSFUL;
6259 #ifdef DEBUG_PASSWORD
6260 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
6261 "password: [%s]\n", trusted_dom_name,
6262 sid_string_dbg(&dom_sid), cleartextpwd));
6266 SAFE_FREE(cleartextpwd);
6267 data_blob_free(&data);
6272 static int rpc_trustdom_vampire(struct net_context *c, int argc,
6275 /* common variables */
6276 TALLOC_CTX* mem_ctx;
6277 struct cli_state *cli = NULL;
6278 struct rpc_pipe_client *pipe_hnd = NULL;
6280 const char *domain_name = NULL;
6281 DOM_SID *queried_dom_sid;
6282 POLICY_HND connect_hnd;
6283 union lsa_PolicyInformation *info = NULL;
6285 /* trusted domains listing variables */
6286 unsigned int enum_ctx = 0;
6288 struct lsa_DomainList dom_list;
6291 if (c->display_usage) {
6293 "net rpc trustdom vampire\n"
6294 " Vampire trust relationship from remote server\n");
6299 * Listing trusted domains (stored in secrets.tdb, if local)
6302 mem_ctx = talloc_init("trust relationships vampire");
6305 * set domain and pdc name to local samba server (default)
6306 * or to remote one given in command line
6309 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6310 domain_name = c->opt_workgroup;
6311 c->opt_target_workgroup = c->opt_workgroup;
6313 fstrcpy(pdc_name, global_myname());
6314 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6315 c->opt_target_workgroup = domain_name;
6318 /* open \PIPE\lsarpc and open policy handle */
6319 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6320 if (!NT_STATUS_IS_OK(nt_status)) {
6321 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6322 nt_errstr(nt_status)));
6323 talloc_destroy(mem_ctx);
6327 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6329 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6330 nt_errstr(nt_status) ));
6332 talloc_destroy(mem_ctx);
6336 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
6338 if (NT_STATUS_IS_ERR(nt_status)) {
6339 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6340 nt_errstr(nt_status)));
6342 talloc_destroy(mem_ctx);
6346 /* query info level 5 to obtain sid of a domain being queried */
6347 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6349 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6352 if (NT_STATUS_IS_ERR(nt_status)) {
6353 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6354 nt_errstr(nt_status)));
6356 talloc_destroy(mem_ctx);
6360 queried_dom_sid = info->account_domain.sid;
6363 * Keep calling LsaEnumTrustdom over opened pipe until
6364 * the end of enumeration is reached
6367 d_printf("Vampire trusted domains:\n\n");
6370 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6375 if (NT_STATUS_IS_ERR(nt_status)) {
6376 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6377 nt_errstr(nt_status)));
6379 talloc_destroy(mem_ctx);
6383 for (i = 0; i < dom_list.count; i++) {
6385 print_trusted_domain(dom_list.domains[i].sid,
6386 dom_list.domains[i].name.string);
6388 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6389 *dom_list.domains[i].sid,
6390 dom_list.domains[i].name.string);
6391 if (!NT_STATUS_IS_OK(nt_status)) {
6393 talloc_destroy(mem_ctx);
6399 * in case of no trusted domains say something rather
6400 * than just display blank line
6402 if (!dom_list.count) d_printf("none\n");
6404 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6406 /* close this connection before doing next one */
6407 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6408 if (NT_STATUS_IS_ERR(nt_status)) {
6409 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6410 nt_errstr(nt_status)));
6412 talloc_destroy(mem_ctx);
6416 /* close lsarpc pipe and connection to IPC$ */
6419 talloc_destroy(mem_ctx);
6423 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
6425 /* common variables */
6426 TALLOC_CTX* mem_ctx;
6427 struct cli_state *cli = NULL, *remote_cli = NULL;
6428 struct rpc_pipe_client *pipe_hnd = NULL;
6430 const char *domain_name = NULL;
6431 DOM_SID *queried_dom_sid;
6433 int ascii_dom_name_len;
6434 POLICY_HND connect_hnd;
6435 union lsa_PolicyInformation *info = NULL;
6437 /* trusted domains listing variables */
6438 unsigned int num_domains, enum_ctx = 0;
6439 int i, pad_len, col_len = 20;
6440 struct lsa_DomainList dom_list;
6443 /* trusting domains listing variables */
6444 POLICY_HND domain_hnd;
6445 struct samr_SamArray *trusts = NULL;
6447 if (c->display_usage) {
6449 "net rpc trustdom list\n"
6450 " List trust relationships\n");
6455 * Listing trusted domains (stored in secrets.tdb, if local)
6458 mem_ctx = talloc_init("trust relationships listing");
6461 * set domain and pdc name to local samba server (default)
6462 * or to remote one given in command line
6465 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6466 domain_name = c->opt_workgroup;
6467 c->opt_target_workgroup = c->opt_workgroup;
6469 fstrcpy(pdc_name, global_myname());
6470 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6471 c->opt_target_workgroup = domain_name;
6474 /* open \PIPE\lsarpc and open policy handle */
6475 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6476 if (!NT_STATUS_IS_OK(nt_status)) {
6477 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6478 nt_errstr(nt_status)));
6479 talloc_destroy(mem_ctx);
6483 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6485 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6486 nt_errstr(nt_status) ));
6488 talloc_destroy(mem_ctx);
6492 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
6494 if (NT_STATUS_IS_ERR(nt_status)) {
6495 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6496 nt_errstr(nt_status)));
6498 talloc_destroy(mem_ctx);
6502 /* query info level 5 to obtain sid of a domain being queried */
6503 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6505 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6508 if (NT_STATUS_IS_ERR(nt_status)) {
6509 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6510 nt_errstr(nt_status)));
6512 talloc_destroy(mem_ctx);
6516 queried_dom_sid = info->account_domain.sid;
6519 * Keep calling LsaEnumTrustdom over opened pipe until
6520 * the end of enumeration is reached
6523 d_printf("Trusted domains list:\n\n");
6526 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6531 if (NT_STATUS_IS_ERR(nt_status)) {
6532 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6533 nt_errstr(nt_status)));
6535 talloc_destroy(mem_ctx);
6539 for (i = 0; i < dom_list.count; i++) {
6540 print_trusted_domain(dom_list.domains[i].sid,
6541 dom_list.domains[i].name.string);
6545 * in case of no trusted domains say something rather
6546 * than just display blank line
6548 if (!dom_list.count) d_printf("none\n");
6550 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6552 /* close this connection before doing next one */
6553 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6554 if (NT_STATUS_IS_ERR(nt_status)) {
6555 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6556 nt_errstr(nt_status)));
6558 talloc_destroy(mem_ctx);
6562 TALLOC_FREE(pipe_hnd);
6565 * Listing trusting domains (stored in passdb backend, if local)
6568 d_printf("\nTrusting domains list:\n\n");
6571 * Open \PIPE\samr and get needed policy handles
6573 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status);
6575 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6577 talloc_destroy(mem_ctx);
6582 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6584 SA_RIGHT_SAM_OPEN_DOMAIN,
6586 if (!NT_STATUS_IS_OK(nt_status)) {
6587 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6588 nt_errstr(nt_status)));
6590 talloc_destroy(mem_ctx);
6594 /* SamrOpenDomain - we have to open domain policy handle in order to be
6595 able to enumerate accounts*/
6596 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6598 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
6601 if (!NT_STATUS_IS_OK(nt_status)) {
6602 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6603 nt_errstr(nt_status)));
6605 talloc_destroy(mem_ctx);
6610 * perform actual enumeration
6613 enum_ctx = 0; /* reset enumeration context from last enumeration */
6616 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6623 if (NT_STATUS_IS_ERR(nt_status)) {
6624 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6625 nt_errstr(nt_status)));
6627 talloc_destroy(mem_ctx);
6631 for (i = 0; i < num_domains; i++) {
6633 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6636 * get each single domain's sid (do we _really_ need this ?):
6637 * 1) connect to domain's pdc
6638 * 2) query the pdc for domain's sid
6641 /* get rid of '$' tail */
6642 ascii_dom_name_len = strlen(str);
6643 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6644 str[ascii_dom_name_len - 1] = '\0';
6646 /* calculate padding space for d_printf to look nicer */
6647 pad_len = col_len - strlen(str);
6648 padding[pad_len] = 0;
6649 do padding[--pad_len] = ' '; while (pad_len);
6651 /* set opt_* variables to remote domain */
6653 c->opt_workgroup = talloc_strdup(mem_ctx, str);
6654 c->opt_target_workgroup = c->opt_workgroup;
6656 d_printf("%s%s", str, padding);
6658 /* connect to remote domain controller */
6659 nt_status = net_make_ipc_connection(c,
6660 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6662 if (NT_STATUS_IS_OK(nt_status)) {
6663 /* query for domain's sid */
6664 if (run_rpc_command(c, remote_cli, PI_LSARPC, 0,
6665 rpc_query_domain_sid, argc,
6667 d_fprintf(stderr, "couldn't get domain's sid\n");
6669 cli_shutdown(remote_cli);
6672 d_fprintf(stderr, "domain controller is not "
6674 nt_errstr(nt_status));
6678 if (!num_domains) d_printf("none\n");
6680 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6682 /* close opened samr and domain policy handles */
6683 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6684 if (!NT_STATUS_IS_OK(nt_status)) {
6685 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6688 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6689 if (!NT_STATUS_IS_OK(nt_status)) {
6690 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6693 /* close samr pipe and connection to IPC$ */
6696 talloc_destroy(mem_ctx);
6701 * Entrypoint for 'net rpc trustdom' code.
6703 * @param argc Standard argc.
6704 * @param argv Standard argv without initial components.
6706 * @return Integer status (0 means success).
6709 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
6711 struct functable func[] = {
6716 "Add trusted domain's account",
6717 "net rpc trustdom add\n"
6718 " Add trusted domain's account"
6724 "Remove trusted domain's account",
6725 "net rpc trustdom del\n"
6726 " Remove trusted domain's account"
6730 rpc_trustdom_establish,
6732 "Establish trust relationship",
6733 "net rpc trustdom establish\n"
6734 " Establish trust relationship"
6738 rpc_trustdom_revoke,
6740 "Revoke trust relationship",
6741 "net rpc trustdom revoke\n"
6742 " Revoke trust relationship"
6748 "List domain trusts",
6749 "net rpc trustdom list\n"
6750 " List domain trusts"
6754 rpc_trustdom_vampire,
6756 "Vampire trusts from remote server",
6757 "net rpc trustdom vampire\n"
6758 " Vampire trusts from remote server"
6760 {NULL, NULL, 0, NULL, NULL}
6763 return net_run_function(c, argc, argv, "net rpc trustdom", func);
6767 * Check if a server will take rpc commands
6768 * @param flags Type of server to connect to (PDC, DMB, localhost)
6769 * if the host is not explicitly specified
6770 * @return bool (true means rpc supported)
6772 bool net_rpc_check(struct net_context *c, unsigned flags)
6774 struct cli_state *cli;
6776 struct sockaddr_storage server_ss;
6777 char *server_name = NULL;
6780 /* flags (i.e. server type) may depend on command */
6781 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
6784 if ((cli = cli_initialise()) == NULL) {
6788 status = cli_connect(cli, server_name, &server_ss);
6789 if (!NT_STATUS_IS_OK(status))
6791 if (!attempt_netbios_session_request(&cli, global_myname(),
6792 server_name, &server_ss))
6794 if (!cli_negprot(cli))
6796 if (cli->protocol < PROTOCOL_NT1)
6805 /* dump sam database via samsync rpc calls */
6806 static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
6807 if (c->display_usage) {
6810 " Dump remote SAM database\n");
6814 return run_rpc_command(c, NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS,
6815 rpc_samdump_internals, argc, argv);
6818 /* syncronise sam database via samsync rpc calls */
6819 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
6821 struct functable func[] = {
6826 "Dump remote SAM database to ldif",
6827 "net rpc vampire ldif\n"
6828 " Dump remote SAM database to LDIF file or stdout"
6834 "Dump remote SAM database to Kerberos Keytab",
6835 "net rpc vampire keytab\n"
6836 " Dump remote SAM database to Kerberos keytab file"
6839 {NULL, NULL, 0, NULL, NULL}
6843 if (c->display_usage) {
6846 " Vampire remote SAM database\n");
6850 return run_rpc_command(c, NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS,
6851 rpc_vampire_internals,
6855 return net_run_function(c, argc, argv, "net rpc vampire", func);
6859 * Migrate everything from a print server.
6861 * @param c A net_context structure.
6862 * @param argc Standard main() style argc.
6863 * @param argv Standard main() style argv. Initial components are already
6866 * @return A shell status integer (0 for success).
6868 * The order is important !
6869 * To successfully add drivers the print queues have to exist !
6870 * Applying ACLs should be the last step, because you're easily locked out.
6873 static int rpc_printer_migrate_all(struct net_context *c, int argc,
6878 if (c->display_usage) {
6880 "net rpc printer migrate all\n"
6881 " Migrate everything from a print server\n");
6886 d_printf("no server to migrate\n");
6890 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6891 rpc_printer_migrate_printers_internals, argc,
6896 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6897 rpc_printer_migrate_drivers_internals, argc,
6902 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6903 rpc_printer_migrate_forms_internals, argc, argv);
6907 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6908 rpc_printer_migrate_settings_internals, argc,
6913 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6914 rpc_printer_migrate_security_internals, argc,
6920 * Migrate print drivers from a print server.
6922 * @param c A net_context structure.
6923 * @param argc Standard main() style argc.
6924 * @param argv Standard main() style argv. Initial components are already
6927 * @return A shell status integer (0 for success).
6929 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
6932 if (c->display_usage) {
6934 "net rpc printer migrate drivers\n"
6935 " Migrate print-drivers from a print-server\n");
6940 d_printf("no server to migrate\n");
6944 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6945 rpc_printer_migrate_drivers_internals,
6950 * Migrate print-forms from a print-server.
6952 * @param c A net_context structure.
6953 * @param argc Standard main() style argc.
6954 * @param argv Standard main() style argv. Initial components are already
6957 * @return A shell status integer (0 for success).
6959 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
6962 if (c->display_usage) {
6964 "net rpc printer migrate forms\n"
6965 " Migrate print-forms from a print-server\n");
6970 d_printf("no server to migrate\n");
6974 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6975 rpc_printer_migrate_forms_internals,
6980 * Migrate printers from a print-server.
6982 * @param c A net_context structure.
6983 * @param argc Standard main() style argc.
6984 * @param argv Standard main() style argv. Initial components are already
6987 * @return A shell status integer (0 for success).
6989 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
6992 if (c->display_usage) {
6994 "net rpc printer migrate printers\n"
6995 " Migrate printers from a print-server\n");
7000 d_printf("no server to migrate\n");
7004 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7005 rpc_printer_migrate_printers_internals,
7010 * Migrate printer-ACLs from a print-server
7012 * @param c A net_context structure.
7013 * @param argc Standard main() style argc.
7014 * @param argv Standard main() style argv. Initial components are already
7017 * @return A shell status integer (0 for success).
7019 static int rpc_printer_migrate_security(struct net_context *c, int argc,
7022 if (c->display_usage) {
7024 "net rpc printer migrate security\n"
7025 " Migrate printer-ACLs from a print-server\n");
7030 d_printf("no server to migrate\n");
7034 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7035 rpc_printer_migrate_security_internals,
7040 * Migrate printer-settings from a print-server.
7042 * @param c A net_context structure.
7043 * @param argc Standard main() style argc.
7044 * @param argv Standard main() style argv. Initial components are already
7047 * @return A shell status integer (0 for success).
7049 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
7052 if (c->display_usage) {
7054 "net rpc printer migrate settings\n"
7055 " Migrate printer-settings from a print-server\n");
7060 d_printf("no server to migrate\n");
7064 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7065 rpc_printer_migrate_settings_internals,
7070 * 'net rpc printer' entrypoint.
7072 * @param c A net_context structure.
7073 * @param argc Standard main() style argc.
7074 * @param argv Standard main() style argv. Initial components are already
7078 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
7081 /* ouch: when addriver and setdriver are called from within
7082 rpc_printer_migrate_drivers_internals, the printer-queue already
7085 struct functable func[] = {
7088 rpc_printer_migrate_all,
7090 "Migrate all from remote to local print server",
7091 "net rpc printer migrate all\n"
7092 " Migrate all from remote to local print server"
7096 rpc_printer_migrate_drivers,
7098 "Migrate drivers to local server",
7099 "net rpc printer migrate drivers\n"
7100 " Migrate drivers to local server"
7104 rpc_printer_migrate_forms,
7106 "Migrate froms to local server",
7107 "net rpc printer migrate forms\n"
7108 " Migrate froms to local server"
7112 rpc_printer_migrate_printers,
7114 "Migrate printers to local server",
7115 "net rpc printer migrate printers\n"
7116 " Migrate printers to local server"
7120 rpc_printer_migrate_security,
7122 "Mirgate printer ACLs to local server",
7123 "net rpc printer migrate security\n"
7124 " Mirgate printer ACLs to local server"
7128 rpc_printer_migrate_settings,
7130 "Migrate printer settings to local server",
7131 "net rpc printer migrate settings\n"
7132 " Migrate printer settings to local server"
7134 {NULL, NULL, 0, NULL, NULL}
7137 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
7142 * List printers on a remote RPC server.
7144 * @param c A net_context structure.
7145 * @param argc Standard main() style argc.
7146 * @param argv Standard main() style argv. Initial components are already
7149 * @return A shell status integer (0 for success).
7151 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
7153 if (c->display_usage) {
7155 "net rpc printer list\n"
7156 " List printers on a remote RPC server\n");
7160 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7161 rpc_printer_list_internals,
7166 * List printer-drivers on a remote RPC server.
7168 * @param c A net_context structure.
7169 * @param argc Standard main() style argc.
7170 * @param argv Standard main() style argv. Initial components are already
7173 * @return A shell status integer (0 for success).
7175 static int rpc_printer_driver_list(struct net_context *c, int argc,
7178 if (c->display_usage) {
7180 "net rpc printer driver\n"
7181 " List printer-drivers on a remote RPC server\n");
7185 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7186 rpc_printer_driver_list_internals,
7191 * Publish printer in ADS via MSRPC.
7193 * @param c A net_context structure.
7194 * @param argc Standard main() style argc.
7195 * @param argv Standard main() style argv. Initial components are already
7198 * @return A shell status integer (0 for success).
7200 static int rpc_printer_publish_publish(struct net_context *c, int argc,
7203 if (c->display_usage) {
7205 "net rpc printer publish publish\n"
7206 " Publish printer in ADS via MSRPC\n");
7210 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7211 rpc_printer_publish_publish_internals,
7216 * Update printer in ADS via MSRPC.
7218 * @param c A net_context structure.
7219 * @param argc Standard main() style argc.
7220 * @param argv Standard main() style argv. Initial components are already
7223 * @return A shell status integer (0 for success).
7225 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
7227 if (c->display_usage) {
7229 "net rpc printer publish update\n"
7230 " Update printer in ADS via MSRPC\n");
7234 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7235 rpc_printer_publish_update_internals,
7240 * UnPublish printer in ADS via MSRPC.
7242 * @param c A net_context structure.
7243 * @param argc Standard main() style argc.
7244 * @param argv Standard main() style argv. Initial components are already
7247 * @return A shell status integer (0 for success).
7249 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
7252 if (c->display_usage) {
7254 "net rpc printer publish unpublish\n"
7255 " UnPublish printer in ADS via MSRPC\n");
7259 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7260 rpc_printer_publish_unpublish_internals,
7265 * List published printers via MSRPC.
7267 * @param c A net_context structure.
7268 * @param argc Standard main() style argc.
7269 * @param argv Standard main() style argv. Initial components are already
7272 * @return A shell status integer (0 for success).
7274 static int rpc_printer_publish_list(struct net_context *c, int argc,
7277 if (c->display_usage) {
7279 "net rpc printer publish list\n"
7280 " List published printers via MSRPC\n");
7284 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7285 rpc_printer_publish_list_internals,
7291 * Publish printer in ADS.
7293 * @param c A net_context structure.
7294 * @param argc Standard main() style argc.
7295 * @param argv Standard main() style argv. Initial components are already
7298 * @return A shell status integer (0 for success).
7300 static int rpc_printer_publish(struct net_context *c, int argc,
7304 struct functable func[] = {
7307 rpc_printer_publish_publish,
7309 "Publish printer in AD",
7310 "net rpc printer publish publish\n"
7311 " Publish printer in AD"
7315 rpc_printer_publish_update,
7317 "Update printer in AD",
7318 "net rpc printer publish update\n"
7319 " Update printer in AD"
7323 rpc_printer_publish_unpublish,
7325 "Unpublish printer",
7326 "net rpc printer publish unpublish\n"
7327 " Unpublish printer"
7331 rpc_printer_publish_list,
7333 "List published printers",
7334 "net rpc printer publish list\n"
7335 " List published printers"
7337 {NULL, NULL, 0, NULL, NULL}
7341 if (c->display_usage) {
7342 d_printf("Usage:\n");
7343 d_printf("net rpc printer publish\n"
7344 " List published printers\n"
7345 " Alias of net rpc printer publish list\n");
7346 net_display_usage_from_functable(func);
7349 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7350 rpc_printer_publish_list_internals,
7354 return net_run_function(c, argc, argv, "net rpc printer publish",func);
7360 * Display rpc printer help page.
7362 * @param c A net_context structure.
7363 * @param argc Standard main() style argc.
7364 * @param argv Standard main() style argv. Initial components are already
7367 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
7369 d_printf("net rpc printer LIST [printer] [misc. options] [targets]\n"
7370 "\tlists all printers on print-server\n\n");
7371 d_printf("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
7372 "\tlists all printer-drivers on print-server\n\n");
7373 d_printf("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
7374 "\tpublishes printer settings in Active Directory\n"
7375 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n");
7376 d_printf("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
7377 "\n\tmigrates printers from remote to local server\n\n");
7378 d_printf("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
7379 "\n\tmigrates printer-settings from remote to local server\n\n");
7380 d_printf("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
7381 "\n\tmigrates printer-drivers from remote to local server\n\n");
7382 d_printf("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
7383 "\n\tmigrates printer-forms from remote to local server\n\n");
7384 d_printf("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
7385 "\n\tmigrates printer-ACLs from remote to local server\n\n");
7386 d_printf("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
7387 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
7388 "\tremote to local print-server\n\n");
7389 net_common_methods_usage(c, argc, argv);
7390 net_common_flags_usage(c, argc, argv);
7392 "\t-v or --verbose\t\t\tgive verbose output\n"
7393 "\t --destination\t\tmigration target server (default: localhost)\n");
7399 * 'net rpc printer' entrypoint.
7401 * @param c A net_context structure.
7402 * @param argc Standard main() style argc.
7403 * @param argv Standard main() style argv. Initial components are already
7406 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
7408 struct functable func[] = {
7413 "List all printers on print server",
7414 "net rpc printer list\n"
7415 " List all printers on print server"
7419 rpc_printer_migrate,
7421 "Migrate printer to local server",
7422 "net rpc printer migrate\n"
7423 " Migrate printer to local server"
7427 rpc_printer_driver_list,
7429 "List printer drivers",
7430 "net rpc printer driver\n"
7431 " List printer drivers"
7435 rpc_printer_publish,
7437 "Publish printer in AD",
7438 "net rpc printer publish\n"
7439 " Publish printer in AD"
7441 {NULL, NULL, 0, NULL, NULL}
7445 if (c->display_usage) {
7446 d_printf("Usage:\n");
7447 d_printf("net rpc printer\n"
7448 " List printers\n");
7449 net_display_usage_from_functable(func);
7452 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7453 rpc_printer_list_internals,
7457 return net_run_function(c, argc, argv, "net rpc printer", func);
7461 * 'net rpc' entrypoint.
7463 * @param c A net_context structure.
7464 * @param argc Standard main() style argc.
7465 * @param argv Standard main() style argv. Initial components are already
7469 int net_rpc(struct net_context *c, int argc, const char **argv)
7471 struct functable func[] = {
7476 "Modify global audit settings",
7478 " Modify global audit settings"
7484 "Show basic info about a domain",
7486 " Show basic info about a domain"
7500 "Join a domain created in server manager",
7502 " Join a domain created in server manager"
7508 "Test that a join is valid",
7509 "net rpc testjoin\n"
7510 " Test that a join is valid"
7516 "List/modify users",
7518 " List/modify users"
7524 "Change a user password",
7525 "net rpc password\n"
7526 " Change a user password\n"
7527 " Alias for net rpc user password"
7533 "List/modify groups",
7535 " List/modify groups"
7541 "List/modify shares",
7543 " List/modify shares"
7557 "List/modify printers",
7559 " List/modify printers"
7563 net_rpc_changetrustpw,
7565 "Change trust account password",
7566 "net rpc changetrustpw\n"
7567 " Change trust account password"
7573 "Modify domain trusts",
7574 "net rpc trustdom\n"
7575 " Modify domain trusts"
7581 "Abort a remote shutdown",
7582 "net rpc abortshutdown\n"
7583 " Abort a remote shutdown"
7589 "Shutdown a remote server",
7590 "net rpc shutdown\n"
7591 " Shutdown a remote server"
7597 "Dump SAM data of remote NT PDC",
7599 " Dump SAM data of remote NT PDC"
7605 "Sync a remote NT PDC's data into local passdb",
7607 " Sync a remote NT PDC's data into local passdb"
7613 "Fetch the domain sid into local secrets.tdb",
7615 " Fetch the domain sid into local secrets.tdb"
7621 "Manage privileges assigned to SID",
7623 " Manage privileges assigned to SID"
7629 "Start/stop/query remote services",
7631 " Start/stop/query remote services"
7637 "Manage registry hives",
7638 "net rpc registry\n"
7639 " Manage registry hives"
7645 "Open interactive shell on remote server",
7647 " Open interactive shell on remote server"
7649 {NULL, NULL, 0, NULL, NULL}
7651 return net_run_function(c, argc, argv, "net rpc", func);
git.samba.org / metze / samba / wip.git / blob