2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
32 * @brief RPC based subcommands for the 'net' utility.
34 * This file should contain much of the functionality that used to
35 * be found in rpcclient, execpt that the commands should change
36 * less often, and the fucntionality should be sane (the user is not
37 * expected to know a rid/sid before they conduct an operation etc.)
39 * @todo Perhaps eventually these should be split out into a number
40 * of files, as this could get quite big.
45 * Many of the RPC functions need the domain sid. This function gets
46 * it at the start of every run
48 * @param cli A cli_state already connected to the remote machine
50 * @return The Domain SID of the remote machine.
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
55 const char **domain_name)
57 struct rpc_pipe_client *lsa_pipe;
59 NTSTATUS result = NT_STATUS_OK;
60 union lsa_PolicyInformation *info = NULL;
62 lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
64 d_fprintf(stderr, "Could not initialise lsa pipe\n");
68 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
69 SEC_RIGHTS_MAXIMUM_ALLOWED,
71 if (!NT_STATUS_IS_OK(result)) {
72 d_fprintf(stderr, "open_policy failed: %s\n",
77 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
79 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
81 if (!NT_STATUS_IS_OK(result)) {
82 d_fprintf(stderr, "lsaquery failed: %s\n",
87 *domain_name = info->account_domain.name.string;
88 *domain_sid = info->account_domain.sid;
90 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
91 TALLOC_FREE(lsa_pipe);
97 * Run a single RPC command, from start to finish.
99 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
100 * @param conn_flag a NET_FLAG_ combination. Passed to
101 * net_make_ipc_connection.
102 * @param argc Standard main() style argc
103 * @param argc Standard main() style argv. Initial components are already
105 * @return A shell status integer (0 for success)
108 int run_rpc_command(struct cli_state *cli_arg,
115 struct cli_state *cli = NULL;
116 struct rpc_pipe_client *pipe_hnd = NULL;
120 const char *domain_name;
122 /* make use of cli_state handed over as an argument, if possible */
124 nt_status = net_make_ipc_connection(conn_flags, &cli);
125 if (!NT_STATUS_IS_OK(nt_status)) {
126 DEBUG(1, ("failed to make ipc connection: %s\n",
127 nt_errstr(nt_status)));
140 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
141 DEBUG(0, ("talloc_init() failed\n"));
146 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
148 if (!NT_STATUS_IS_OK(nt_status)) {
153 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
154 if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
155 /* Always try and create an schannel netlogon pipe. */
156 pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
157 PIPE_AUTH_LEVEL_PRIVACY,
161 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
162 nt_errstr(nt_status) ));
167 pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
169 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
170 cli_get_pipe_name(pipe_idx),
171 nt_errstr(nt_status) ));
178 nt_status = fn(domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
180 if (!NT_STATUS_IS_OK(nt_status)) {
181 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
183 DEBUG(5, ("rpc command function succedded\n"));
186 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
188 TALLOC_FREE(pipe_hnd);
192 /* close the connection only if it was opened here */
197 talloc_destroy(mem_ctx);
198 return (!NT_STATUS_IS_OK(nt_status));
202 * Force a change of the trust acccount password.
204 * All parameters are provided by the run_rpc_command function, except for
205 * argc, argv which are passes through.
207 * @param domain_sid The domain sid aquired from the remote server
208 * @param cli A cli_state connected to the server.
209 * @param mem_ctx Talloc context, destoyed on compleation of the function.
210 * @param argc Standard main() style argc
211 * @param argc Standard main() style argv. Initial components are already
214 * @return Normal NTSTATUS return.
217 static NTSTATUS rpc_changetrustpw_internals(const DOM_SID *domain_sid,
218 const char *domain_name,
219 struct cli_state *cli,
220 struct rpc_pipe_client *pipe_hnd,
226 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup);
230 * Force a change of the trust acccount password.
232 * @param argc Standard main() style argc
233 * @param argc Standard main() style argv. Initial components are already
236 * @return A shell status integer (0 for success)
239 int net_rpc_changetrustpw(int argc, const char **argv)
241 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
242 rpc_changetrustpw_internals,
247 * Join a domain, the old way.
249 * This uses 'machinename' as the inital password, and changes it.
251 * The password should be created with 'server manager' or equiv first.
253 * All parameters are provided by the run_rpc_command function, except for
254 * argc, argv which are passes through.
256 * @param domain_sid The domain sid aquired from the remote server
257 * @param cli A cli_state connected to the server.
258 * @param mem_ctx Talloc context, destoyed on compleation of the function.
259 * @param argc Standard main() style argc
260 * @param argc Standard main() style argv. Initial components are already
263 * @return Normal NTSTATUS return.
266 static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid,
267 const char *domain_name,
268 struct cli_state *cli,
269 struct rpc_pipe_client *pipe_hnd,
275 fstring trust_passwd;
276 unsigned char orig_trust_passwd_hash[16];
278 uint32 sec_channel_type;
280 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &result);
282 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
285 nt_errstr(result) ));
290 check what type of join - if the user want's to join as
291 a BDC, the server must agree that we are a BDC.
294 sec_channel_type = get_sec_channel_type(argv[0]);
296 sec_channel_type = get_sec_channel_type(NULL);
299 fstrcpy(trust_passwd, global_myname());
300 strlower_m(trust_passwd);
303 * Machine names can be 15 characters, but the max length on
304 * a password is 14. --jerry
307 trust_passwd[14] = '\0';
309 E_md4hash(trust_passwd, orig_trust_passwd_hash);
311 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup,
312 orig_trust_passwd_hash,
315 if (NT_STATUS_IS_OK(result))
316 printf("Joined domain %s.\n",opt_target_workgroup);
319 if (!secrets_store_domain_sid(opt_target_workgroup, domain_sid)) {
320 DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup));
321 result = NT_STATUS_UNSUCCESSFUL;
328 * Join a domain, the old way.
330 * @param argc Standard main() style argc
331 * @param argc Standard main() style argv. Initial components are already
334 * @return A shell status integer (0 for success)
337 static int net_rpc_perform_oldjoin(int argc, const char **argv)
339 return run_rpc_command(NULL, PI_NETLOGON,
340 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
341 rpc_oldjoin_internals,
346 * Join a domain, the old way. This function exists to allow
347 * the message to be displayed when oldjoin was explicitly
348 * requested, but not when it was implied by "net rpc join"
350 * @param argc Standard main() style argc
351 * @param argc Standard main() style argv. Initial components are already
354 * @return A shell status integer (0 for success)
357 static int net_rpc_oldjoin(int argc, const char **argv)
359 int rc = net_rpc_perform_oldjoin(argc, argv);
362 d_fprintf(stderr, "Failed to join domain\n");
369 * Basic usage function for 'net rpc join'
370 * @param argc Standard main() style argc
371 * @param argc Standard main() style argv. Initial components are already
375 static int rpc_join_usage(int argc, const char **argv)
377 d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
378 "\t to join a domain with admin username & password\n"\
379 "\t\t password will be prompted if needed and none is specified\n"\
380 "\t <type> can be (default MEMBER)\n"\
381 "\t\t BDC - Join as a BDC\n"\
382 "\t\t PDC - Join as a PDC\n"\
383 "\t\t MEMBER - Join as a MEMBER server\n");
385 net_common_flags_usage(argc, argv);
390 * 'net rpc join' entrypoint.
391 * @param argc Standard main() style argc
392 * @param argc Standard main() style argv. Initial components are already
395 * Main 'net_rpc_join()' (where the admin username/password is used) is
397 * Try to just change the password, but if that doesn't work, use/prompt
398 * for a username/password.
401 int net_rpc_join(int argc, const char **argv)
403 if (lp_server_role() == ROLE_STANDALONE) {
404 d_printf("cannot join as standalone machine\n");
408 if (strlen(global_myname()) > 15) {
409 d_printf("Our netbios name can be at most 15 chars long, "
410 "\"%s\" is %u chars long\n",
411 global_myname(), (unsigned int)strlen(global_myname()));
415 if ((net_rpc_perform_oldjoin(argc, argv) == 0))
418 return net_rpc_join_newstyle(argc, argv);
422 * display info about a rpc domain
424 * All parameters are provided by the run_rpc_command function, except for
425 * argc, argv which are passed through.
427 * @param domain_sid The domain sid acquired from the remote server
428 * @param cli A cli_state connected to the server.
429 * @param mem_ctx Talloc context, destoyed on completion of the function.
430 * @param argc Standard main() style argc
431 * @param argv Standard main() style argv. Initial components are already
434 * @return Normal NTSTATUS return.
437 NTSTATUS rpc_info_internals(const DOM_SID *domain_sid,
438 const char *domain_name,
439 struct cli_state *cli,
440 struct rpc_pipe_client *pipe_hnd,
445 POLICY_HND connect_pol, domain_pol;
446 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
447 union samr_DomainInfo *info = NULL;
450 sid_to_fstring(sid_str, domain_sid);
452 /* Get sam policy handle */
453 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
455 MAXIMUM_ALLOWED_ACCESS,
457 if (!NT_STATUS_IS_OK(result)) {
458 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
462 /* Get domain policy handle */
463 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
465 MAXIMUM_ALLOWED_ACCESS,
466 CONST_DISCARD(struct dom_sid2 *, domain_sid),
468 if (!NT_STATUS_IS_OK(result)) {
469 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
473 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
477 if (NT_STATUS_IS_OK(result)) {
478 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
479 d_printf("Domain SID: %s\n", sid_str);
480 d_printf("Sequence number: %llu\n",
481 (unsigned long long)info->info2.sequence_num);
482 d_printf("Num users: %u\n", info->info2.num_users);
483 d_printf("Num domain groups: %u\n", info->info2.num_groups);
484 d_printf("Num local groups: %u\n", info->info2.num_aliases);
492 * 'net rpc info' entrypoint.
493 * @param argc Standard main() style argc
494 * @param argc Standard main() style argv. Initial components are already
498 int net_rpc_info(int argc, const char **argv)
500 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_PDC,
506 * Fetch domain SID into the local secrets.tdb
508 * All parameters are provided by the run_rpc_command function, except for
509 * argc, argv which are passes through.
511 * @param domain_sid The domain sid acquired from the remote server
512 * @param cli A cli_state connected to the server.
513 * @param mem_ctx Talloc context, destoyed on completion of the function.
514 * @param argc Standard main() style argc
515 * @param argv Standard main() style argv. Initial components are already
518 * @return Normal NTSTATUS return.
521 static NTSTATUS rpc_getsid_internals(const DOM_SID *domain_sid,
522 const char *domain_name,
523 struct cli_state *cli,
524 struct rpc_pipe_client *pipe_hnd,
531 sid_to_fstring(sid_str, domain_sid);
532 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
533 sid_str, domain_name);
535 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
536 DEBUG(0,("Can't store domain SID\n"));
537 return NT_STATUS_UNSUCCESSFUL;
544 * 'net rpc getsid' entrypoint.
545 * @param argc Standard main() style argc
546 * @param argc Standard main() style argv. Initial components are already
550 int net_rpc_getsid(int argc, const char **argv)
552 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
553 rpc_getsid_internals,
557 /****************************************************************************/
560 * Basic usage function for 'net rpc user'
561 * @param argc Standard main() style argc.
562 * @param argv Standard main() style argv. Initial components are already
566 static int rpc_user_usage(int argc, const char **argv)
568 return net_help_user(argc, argv);
572 * Add a new user to a remote RPC server
574 * @param argc Standard main() style argc
575 * @param argv Standard main() style argv. Initial components are already
578 * @return A shell status integer (0 for success)
581 static int rpc_user_add(int argc, const char **argv)
583 NET_API_STATUS status;
584 struct USER_INFO_1 info1;
585 uint32_t parm_error = 0;
588 d_printf("User must be specified\n");
589 rpc_user_usage(argc, argv);
595 info1.usri1_name = argv[0];
597 info1.usri1_password = argv[1];
600 status = NetUserAdd(opt_host, 1, (uint8_t *)&info1, &parm_error);
603 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
604 argv[0], libnetapi_get_error_string(NULL, status));
607 d_printf("Added user '%s'.\n", argv[0]);
614 * Rename a user on a remote RPC server
616 * All parameters are provided by the run_rpc_command function, except for
617 * argc, argv which are passes through.
619 * @param domain_sid The domain sid acquired from the remote server
620 * @param cli A cli_state connected to the server.
621 * @param mem_ctx Talloc context, destoyed on completion of the function.
622 * @param argc Standard main() style argc
623 * @param argv Standard main() style argv. Initial components are already
626 * @return Normal NTSTATUS return.
629 static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
630 const char *domain_name,
631 struct cli_state *cli,
632 struct rpc_pipe_client *pipe_hnd,
637 POLICY_HND connect_pol, domain_pol, user_pol;
638 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
639 uint32 info_level = 7;
640 const char *old_name, *new_name;
641 struct samr_Ids user_rids, name_types;
642 struct lsa_String lsa_acct_name;
643 union samr_UserInfo *info = NULL;
646 d_printf("Old and new username must be specified\n");
647 rpc_user_usage(argc, argv);
654 /* Get sam policy handle */
656 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
658 MAXIMUM_ALLOWED_ACCESS,
661 if (!NT_STATUS_IS_OK(result)) {
665 /* Get domain policy handle */
667 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
669 MAXIMUM_ALLOWED_ACCESS,
670 CONST_DISCARD(struct dom_sid2 *, domain_sid),
672 if (!NT_STATUS_IS_OK(result)) {
676 init_lsa_String(&lsa_acct_name, old_name);
678 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
684 if (!NT_STATUS_IS_OK(result)) {
688 /* Open domain user */
689 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
691 MAXIMUM_ALLOWED_ACCESS,
695 if (!NT_STATUS_IS_OK(result)) {
699 /* Query user info */
700 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
705 if (!NT_STATUS_IS_OK(result)) {
709 init_samr_user_info7(&info->info7, new_name);
712 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
717 if (!NT_STATUS_IS_OK(result)) {
722 if (!NT_STATUS_IS_OK(result)) {
723 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name,
726 d_printf("Renamed user from %s to %s\n", old_name, new_name);
732 * Rename a user on a remote RPC server
734 * @param argc Standard main() style argc
735 * @param argv Standard main() style argv. Initial components are already
738 * @return A shell status integer (0 for success)
741 static int rpc_user_rename(int argc, const char **argv)
743 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_rename_internals,
748 * Delete a user from a remote RPC server
750 * @param argc Standard main() style argc
751 * @param argv Standard main() style argv. Initial components are already
754 * @return A shell status integer (0 for success)
757 static int rpc_user_delete(int argc, const char **argv)
759 NET_API_STATUS status;
762 d_printf("User must be specified\n");
763 rpc_user_usage(argc, argv);
767 status = NetUserDel(opt_host, argv[0]);
770 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
772 libnetapi_get_error_string(NULL, status));
775 d_printf("Deleted user '%s'.\n", argv[0]);
782 * Set a password for a user on a remote RPC server
784 * All parameters are provided by the run_rpc_command function, except for
785 * argc, argv which are passes through.
787 * @param domain_sid The domain sid acquired from the remote server
788 * @param cli A cli_state connected to the server.
789 * @param mem_ctx Talloc context, destoyed on completion of the function.
790 * @param argc Standard main() style argc
791 * @param argv Standard main() style argv. Initial components are already
794 * @return Normal NTSTATUS return.
797 static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
798 const char *domain_name,
799 struct cli_state *cli,
800 struct rpc_pipe_client *pipe_hnd,
805 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
806 POLICY_HND connect_pol, domain_pol, user_pol;
809 const char *new_password;
811 union samr_UserInfo info;
814 d_printf("User must be specified\n");
815 rpc_user_usage(argc, argv);
822 new_password = argv[1];
824 asprintf(&prompt, "Enter new password for %s:", user);
825 new_password = getpass(prompt);
829 /* Get sam policy and domain handles */
831 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
833 MAXIMUM_ALLOWED_ACCESS,
836 if (!NT_STATUS_IS_OK(result)) {
840 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
842 MAXIMUM_ALLOWED_ACCESS,
843 CONST_DISCARD(struct dom_sid2 *, domain_sid),
846 if (!NT_STATUS_IS_OK(result)) {
850 /* Get handle on user */
853 struct samr_Ids user_rids, name_types;
854 struct lsa_String lsa_acct_name;
856 init_lsa_String(&lsa_acct_name, user);
858 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
864 if (!NT_STATUS_IS_OK(result)) {
868 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
870 MAXIMUM_ALLOWED_ACCESS,
874 if (!NT_STATUS_IS_OK(result)) {
879 /* Set password on account */
881 encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
883 init_samr_user_info24(&info.info24, pwbuf, 24);
885 SamOEMhashBlob(info.info24.password.data, 516,
886 &cli->user_session_key);
888 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
893 if (!NT_STATUS_IS_OK(result)) {
897 /* Display results */
905 * Set a user's password on a remote RPC server
907 * @param argc Standard main() style argc
908 * @param argv Standard main() style argv. Initial components are already
911 * @return A shell status integer (0 for success)
914 static int rpc_user_password(int argc, const char **argv)
916 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_password_internals,
921 * List user's groups on a remote RPC server
923 * All parameters are provided by the run_rpc_command function, except for
924 * argc, argv which are passes through.
926 * @param domain_sid The domain sid acquired from the remote server
927 * @param cli A cli_state connected to the server.
928 * @param mem_ctx Talloc context, destoyed on completion of the function.
929 * @param argc Standard main() style argc
930 * @param argv Standard main() style argv. Initial components are already
933 * @return Normal NTSTATUS return.
936 static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
937 const char *domain_name,
938 struct cli_state *cli,
939 struct rpc_pipe_client *pipe_hnd,
944 POLICY_HND connect_pol, domain_pol, user_pol;
945 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
947 struct samr_RidWithAttributeArray *rid_array = NULL;
948 struct lsa_Strings names;
949 struct samr_Ids types;
950 uint32_t *lrids = NULL;
951 struct samr_Ids rids, name_types;
952 struct lsa_String lsa_acct_name;
956 d_printf("User must be specified\n");
957 rpc_user_usage(argc, argv);
960 /* Get sam policy handle */
962 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
964 MAXIMUM_ALLOWED_ACCESS,
966 if (!NT_STATUS_IS_OK(result)) goto done;
968 /* Get domain policy handle */
970 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
972 MAXIMUM_ALLOWED_ACCESS,
973 CONST_DISCARD(struct dom_sid2 *, domain_sid),
975 if (!NT_STATUS_IS_OK(result)) goto done;
977 /* Get handle on user */
979 init_lsa_String(&lsa_acct_name, argv[0]);
981 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
988 if (!NT_STATUS_IS_OK(result)) goto done;
990 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
992 MAXIMUM_ALLOWED_ACCESS,
995 if (!NT_STATUS_IS_OK(result)) goto done;
997 result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
1001 if (!NT_STATUS_IS_OK(result)) goto done;
1005 if (rid_array->count) {
1006 if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
1007 result = NT_STATUS_NO_MEMORY;
1011 for (i = 0; i < rid_array->count; i++)
1012 lrids[i] = rid_array->rids[i].rid;
1014 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
1021 if (!NT_STATUS_IS_OK(result)) {
1025 /* Display results */
1027 for (i = 0; i < names.count; i++)
1028 printf("%s\n", names.names[i].string);
1035 * List a user's groups from a remote RPC server
1037 * @param argc Standard main() style argc
1038 * @param argv Standard main() style argv. Initial components are already
1041 * @return A shell status integer (0 for success)
1044 static int rpc_user_info(int argc, const char **argv)
1046 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
1051 * List users on a remote RPC server
1053 * All parameters are provided by the run_rpc_command function, except for
1054 * argc, argv which are passes through.
1056 * @param domain_sid The domain sid acquired from the remote server
1057 * @param cli A cli_state connected to the server.
1058 * @param mem_ctx Talloc context, destoyed on completion of the function.
1059 * @param argc Standard main() style argc
1060 * @param argv Standard main() style argv. Initial components are already
1063 * @return Normal NTSTATUS return.
1066 static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
1067 const char *domain_name,
1068 struct cli_state *cli,
1069 struct rpc_pipe_client *pipe_hnd,
1070 TALLOC_CTX *mem_ctx,
1074 POLICY_HND connect_pol, domain_pol;
1075 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1076 uint32 start_idx=0, num_entries, i, loop_count = 0;
1078 /* Get sam policy handle */
1080 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1082 MAXIMUM_ALLOWED_ACCESS,
1084 if (!NT_STATUS_IS_OK(result)) {
1088 /* Get domain policy handle */
1090 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1092 MAXIMUM_ALLOWED_ACCESS,
1093 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1095 if (!NT_STATUS_IS_OK(result)) {
1099 /* Query domain users */
1100 if (opt_long_list_entries)
1101 d_printf("\nUser name Comment"\
1102 "\n-----------------------------\n");
1104 const char *user = NULL;
1105 const char *desc = NULL;
1106 uint32 max_entries, max_size;
1107 uint32_t total_size, returned_size;
1108 union samr_DispInfo info;
1110 get_query_dispinfo_params(
1111 loop_count, &max_entries, &max_size);
1113 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
1123 start_idx += info.info1.count;
1124 num_entries = info.info1.count;
1126 for (i = 0; i < num_entries; i++) {
1127 user = info.info1.entries[i].account_name.string;
1128 if (opt_long_list_entries)
1129 desc = info.info1.entries[i].description.string;
1130 if (opt_long_list_entries)
1131 printf("%-21.21s %s\n", user, desc);
1133 printf("%s\n", user);
1135 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1142 * 'net rpc user' entrypoint.
1143 * @param argc Standard main() style argc
1144 * @param argc Standard main() style argv. Initial components are already
1148 int net_rpc_user(int argc, const char **argv)
1150 struct libnetapi_ctx *ctx = NULL;
1151 NET_API_STATUS status;
1153 struct functable func[] = {
1154 {"add", rpc_user_add},
1155 {"info", rpc_user_info},
1156 {"delete", rpc_user_delete},
1157 {"password", rpc_user_password},
1158 {"rename", rpc_user_rename},
1162 status = libnetapi_init(&ctx);
1166 libnetapi_set_username(ctx, opt_user_name);
1167 libnetapi_set_password(ctx, opt_password);
1170 return run_rpc_command(NULL,PI_SAMR, 0,
1171 rpc_user_list_internals,
1175 return net_run_function(argc, argv, func, rpc_user_usage);
1178 static NTSTATUS rpc_sh_user_list(TALLOC_CTX *mem_ctx,
1179 struct rpc_sh_ctx *ctx,
1180 struct rpc_pipe_client *pipe_hnd,
1181 int argc, const char **argv)
1183 return rpc_user_list_internals(ctx->domain_sid, ctx->domain_name,
1184 ctx->cli, pipe_hnd, mem_ctx,
1188 static NTSTATUS rpc_sh_user_info(TALLOC_CTX *mem_ctx,
1189 struct rpc_sh_ctx *ctx,
1190 struct rpc_pipe_client *pipe_hnd,
1191 int argc, const char **argv)
1193 return rpc_user_info_internals(ctx->domain_sid, ctx->domain_name,
1194 ctx->cli, pipe_hnd, mem_ctx,
1198 static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
1199 struct rpc_sh_ctx *ctx,
1200 struct rpc_pipe_client *pipe_hnd,
1201 int argc, const char **argv,
1203 TALLOC_CTX *mem_ctx,
1204 struct rpc_sh_ctx *ctx,
1205 struct rpc_pipe_client *pipe_hnd,
1206 POLICY_HND *user_hnd,
1207 int argc, const char **argv))
1209 POLICY_HND connect_pol, domain_pol, user_pol;
1210 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1213 enum lsa_SidType type;
1216 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1217 return NT_STATUS_INVALID_PARAMETER;
1220 ZERO_STRUCT(connect_pol);
1221 ZERO_STRUCT(domain_pol);
1222 ZERO_STRUCT(user_pol);
1224 result = net_rpc_lookup_name(mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1225 argv[0], NULL, NULL, &sid, &type);
1226 if (!NT_STATUS_IS_OK(result)) {
1227 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1232 if (type != SID_NAME_USER) {
1233 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1234 sid_type_lookup(type));
1235 result = NT_STATUS_NO_SUCH_USER;
1239 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1240 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1241 result = NT_STATUS_NO_SUCH_USER;
1245 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1247 MAXIMUM_ALLOWED_ACCESS,
1249 if (!NT_STATUS_IS_OK(result)) {
1253 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1255 MAXIMUM_ALLOWED_ACCESS,
1258 if (!NT_STATUS_IS_OK(result)) {
1262 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1264 MAXIMUM_ALLOWED_ACCESS,
1267 if (!NT_STATUS_IS_OK(result)) {
1271 result = fn(mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1274 if (is_valid_policy_hnd(&user_pol)) {
1275 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1277 if (is_valid_policy_hnd(&domain_pol)) {
1278 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1280 if (is_valid_policy_hnd(&connect_pol)) {
1281 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1286 static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx,
1287 struct rpc_sh_ctx *ctx,
1288 struct rpc_pipe_client *pipe_hnd,
1289 POLICY_HND *user_hnd,
1290 int argc, const char **argv)
1293 union samr_UserInfo *info = NULL;
1296 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1297 return NT_STATUS_INVALID_PARAMETER;
1300 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1304 if (!NT_STATUS_IS_OK(result)) {
1308 d_printf("user rid: %d, group rid: %d\n",
1310 info->info21.primary_gid);
1315 static NTSTATUS rpc_sh_user_show(TALLOC_CTX *mem_ctx,
1316 struct rpc_sh_ctx *ctx,
1317 struct rpc_pipe_client *pipe_hnd,
1318 int argc, const char **argv)
1320 return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1321 rpc_sh_user_show_internals);
1324 #define FETCHSTR(name, rec) \
1325 do { if (strequal(ctx->thiscmd, name)) { \
1326 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1329 #define SETSTR(name, rec, flag) \
1330 do { if (strequal(ctx->thiscmd, name)) { \
1331 init_lsa_String(&(info->info21.rec), argv[0]); \
1332 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1335 static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
1336 struct rpc_sh_ctx *ctx,
1337 struct rpc_pipe_client *pipe_hnd,
1338 POLICY_HND *user_hnd,
1339 int argc, const char **argv)
1342 const char *username;
1343 const char *oldval = "";
1344 union samr_UserInfo *info = NULL;
1347 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1349 return NT_STATUS_INVALID_PARAMETER;
1352 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1356 if (!NT_STATUS_IS_OK(result)) {
1360 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1362 FETCHSTR("fullname", full_name);
1363 FETCHSTR("homedir", home_directory);
1364 FETCHSTR("homedrive", home_drive);
1365 FETCHSTR("logonscript", logon_script);
1366 FETCHSTR("profilepath", profile_path);
1367 FETCHSTR("description", description);
1370 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1374 if (strcmp(argv[0], "NULL") == 0) {
1378 ZERO_STRUCT(info->info21);
1380 SETSTR("fullname", full_name, FULL_NAME);
1381 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1382 SETSTR("homedrive", home_drive, HOME_DRIVE);
1383 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1384 SETSTR("profilepath", profile_path, PROFILE_PATH);
1385 SETSTR("description", description, DESCRIPTION);
1387 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1392 d_printf("Set %s's %s from [%s] to [%s]\n", username,
1393 ctx->thiscmd, oldval, argv[0]);
1400 #define HANDLEFLG(name, rec) \
1401 do { if (strequal(ctx->thiscmd, name)) { \
1402 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1404 newflags = oldflags | ACB_##rec; \
1406 newflags = oldflags & ~ACB_##rec; \
1409 static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx,
1410 struct rpc_sh_ctx *ctx,
1411 struct rpc_pipe_client *pipe_hnd,
1412 int argc, const char **argv)
1414 return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1415 rpc_sh_user_str_edit_internals);
1418 static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
1419 struct rpc_sh_ctx *ctx,
1420 struct rpc_pipe_client *pipe_hnd,
1421 POLICY_HND *user_hnd,
1422 int argc, const char **argv)
1425 const char *username;
1426 const char *oldval = "unknown";
1427 uint32 oldflags, newflags;
1429 union samr_UserInfo *info = NULL;
1432 ((argc == 1) && !strequal(argv[0], "yes") &&
1433 !strequal(argv[0], "no"))) {
1434 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1436 return NT_STATUS_INVALID_PARAMETER;
1439 newval = strequal(argv[0], "yes");
1441 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1445 if (!NT_STATUS_IS_OK(result)) {
1449 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1450 oldflags = info->info21.acct_flags;
1451 newflags = info->info21.acct_flags;
1453 HANDLEFLG("disabled", DISABLED);
1454 HANDLEFLG("pwnotreq", PWNOTREQ);
1455 HANDLEFLG("autolock", AUTOLOCK);
1456 HANDLEFLG("pwnoexp", PWNOEXP);
1459 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1463 ZERO_STRUCT(info->info21);
1465 info->info21.acct_flags = newflags;
1466 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1468 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1473 if (NT_STATUS_IS_OK(result)) {
1474 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1475 ctx->thiscmd, oldval, argv[0]);
1483 static NTSTATUS rpc_sh_user_flag_edit(TALLOC_CTX *mem_ctx,
1484 struct rpc_sh_ctx *ctx,
1485 struct rpc_pipe_client *pipe_hnd,
1486 int argc, const char **argv)
1488 return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1489 rpc_sh_user_flag_edit_internals);
1492 struct rpc_sh_cmd *net_rpc_user_edit_cmds(TALLOC_CTX *mem_ctx,
1493 struct rpc_sh_ctx *ctx)
1495 static struct rpc_sh_cmd cmds[] = {
1497 { "fullname", NULL, PI_SAMR, rpc_sh_user_str_edit,
1498 "Show/Set a user's full name" },
1500 { "homedir", NULL, PI_SAMR, rpc_sh_user_str_edit,
1501 "Show/Set a user's home directory" },
1503 { "homedrive", NULL, PI_SAMR, rpc_sh_user_str_edit,
1504 "Show/Set a user's home drive" },
1506 { "logonscript", NULL, PI_SAMR, rpc_sh_user_str_edit,
1507 "Show/Set a user's logon script" },
1509 { "profilepath", NULL, PI_SAMR, rpc_sh_user_str_edit,
1510 "Show/Set a user's profile path" },
1512 { "description", NULL, PI_SAMR, rpc_sh_user_str_edit,
1513 "Show/Set a user's description" },
1515 { "disabled", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1516 "Show/Set whether a user is disabled" },
1518 { "autolock", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1519 "Show/Set whether a user locked out" },
1521 { "pwnotreq", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1522 "Show/Set whether a user does not need a password" },
1524 { "pwnoexp", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1525 "Show/Set whether a user's password does not expire" },
1527 { NULL, NULL, 0, NULL, NULL }
1533 struct rpc_sh_cmd *net_rpc_user_cmds(TALLOC_CTX *mem_ctx,
1534 struct rpc_sh_ctx *ctx)
1536 static struct rpc_sh_cmd cmds[] = {
1538 { "list", NULL, PI_SAMR, rpc_sh_user_list,
1539 "List available users" },
1541 { "info", NULL, PI_SAMR, rpc_sh_user_info,
1542 "List the domain groups a user is member of" },
1544 { "show", NULL, PI_SAMR, rpc_sh_user_show,
1545 "Show info about a user" },
1547 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1548 "Show/Modify a user's fields" },
1550 { NULL, NULL, 0, NULL, NULL }
1556 /****************************************************************************/
1559 * Basic usage function for 'net rpc group'
1560 * @param argc Standard main() style argc.
1561 * @param argv Standard main() style argv. Initial components are already
1565 static int rpc_group_usage(int argc, const char **argv)
1567 return net_help_group(argc, argv);
1571 * Delete group on a remote RPC server
1573 * All parameters are provided by the run_rpc_command function, except for
1574 * argc, argv which are passes through.
1576 * @param domain_sid The domain sid acquired from the remote server
1577 * @param cli A cli_state connected to the server.
1578 * @param mem_ctx Talloc context, destoyed on completion of the function.
1579 * @param argc Standard main() style argc
1580 * @param argv Standard main() style argv. Initial components are already
1583 * @return Normal NTSTATUS return.
1586 static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
1587 const char *domain_name,
1588 struct cli_state *cli,
1589 struct rpc_pipe_client *pipe_hnd,
1590 TALLOC_CTX *mem_ctx,
1594 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1595 bool group_is_primary = False;
1596 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1598 struct samr_RidTypeArray *rids = NULL;
1601 /* DOM_GID *user_gids; */
1603 struct samr_Ids group_rids, name_types;
1604 struct lsa_String lsa_acct_name;
1605 union samr_UserInfo *info = NULL;
1608 d_printf("specify group\n");
1609 rpc_group_usage(argc,argv);
1610 return NT_STATUS_OK; /* ok? */
1613 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1615 MAXIMUM_ALLOWED_ACCESS,
1618 if (!NT_STATUS_IS_OK(result)) {
1619 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1623 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1625 MAXIMUM_ALLOWED_ACCESS,
1626 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1629 if (!NT_STATUS_IS_OK(result)) {
1630 d_fprintf(stderr, "Request open_domain failed\n");
1634 init_lsa_String(&lsa_acct_name, argv[0]);
1636 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1642 if (!NT_STATUS_IS_OK(result)) {
1643 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1647 switch (name_types.ids[0])
1649 case SID_NAME_DOM_GRP:
1650 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1652 MAXIMUM_ALLOWED_ACCESS,
1655 if (!NT_STATUS_IS_OK(result)) {
1656 d_fprintf(stderr, "Request open_group failed");
1660 group_rid = group_rids.ids[0];
1662 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1666 if (!NT_STATUS_IS_OK(result)) {
1667 d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1672 d_printf("Domain Group %s (rid: %d) has %d members\n",
1673 argv[0],group_rid, rids->count);
1676 /* Check if group is anyone's primary group */
1677 for (i = 0; i < rids->count; i++)
1679 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1681 MAXIMUM_ALLOWED_ACCESS,
1685 if (!NT_STATUS_IS_OK(result)) {
1686 d_fprintf(stderr, "Unable to open group member %d\n",
1691 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1696 if (!NT_STATUS_IS_OK(result)) {
1697 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1702 if (info->info21.primary_gid == group_rid) {
1704 d_printf("Group is primary group of %s\n",
1705 info->info21.account_name.string);
1707 group_is_primary = True;
1710 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1713 if (group_is_primary) {
1714 d_fprintf(stderr, "Unable to delete group because some "
1715 "of it's members have it as primary group\n");
1716 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1720 /* remove all group members */
1721 for (i = 0; i < rids->count; i++)
1724 d_printf("Remove group member %d...",
1726 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1730 if (NT_STATUS_IS_OK(result)) {
1735 d_printf("failed\n");
1740 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1744 /* removing a local group is easier... */
1745 case SID_NAME_ALIAS:
1746 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1748 MAXIMUM_ALLOWED_ACCESS,
1752 if (!NT_STATUS_IS_OK(result)) {
1753 d_fprintf(stderr, "Request open_alias failed\n");
1757 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1761 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1762 argv[0],sid_type_lookup(name_types.ids[0]));
1763 result = NT_STATUS_UNSUCCESSFUL;
1768 if (NT_STATUS_IS_OK(result)) {
1770 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1772 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1773 get_friendly_nt_error_msg(result));
1781 static int rpc_group_delete(int argc, const char **argv)
1783 return run_rpc_command(NULL, PI_SAMR, 0, rpc_group_delete_internals,
1787 static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
1788 const char *domain_name,
1789 struct cli_state *cli,
1790 struct rpc_pipe_client *pipe_hnd,
1791 TALLOC_CTX *mem_ctx,
1795 POLICY_HND connect_pol, domain_pol, group_pol;
1796 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1797 union samr_GroupInfo group_info;
1798 struct lsa_String grp_name;
1802 d_printf("Group name must be specified\n");
1803 rpc_group_usage(argc, argv);
1804 return NT_STATUS_OK;
1807 init_lsa_String(&grp_name, argv[0]);
1809 /* Get sam policy handle */
1811 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1813 MAXIMUM_ALLOWED_ACCESS,
1815 if (!NT_STATUS_IS_OK(result)) goto done;
1817 /* Get domain policy handle */
1819 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1821 MAXIMUM_ALLOWED_ACCESS,
1822 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1824 if (!NT_STATUS_IS_OK(result)) goto done;
1826 /* Create the group */
1828 result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
1831 MAXIMUM_ALLOWED_ACCESS,
1834 if (!NT_STATUS_IS_OK(result)) goto done;
1836 if (strlen(opt_comment) == 0) goto done;
1838 /* We've got a comment to set */
1840 init_lsa_String(&group_info.description, opt_comment);
1842 result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
1846 if (!NT_STATUS_IS_OK(result)) goto done;
1849 if (NT_STATUS_IS_OK(result))
1850 DEBUG(5, ("add group succeeded\n"));
1852 d_fprintf(stderr, "add group failed: %s\n", nt_errstr(result));
1857 static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
1858 const char *domain_name,
1859 struct cli_state *cli,
1860 struct rpc_pipe_client *pipe_hnd,
1861 TALLOC_CTX *mem_ctx,
1865 POLICY_HND connect_pol, domain_pol, alias_pol;
1866 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1867 union samr_AliasInfo alias_info;
1868 struct lsa_String alias_name;
1872 d_printf("Alias name must be specified\n");
1873 rpc_group_usage(argc, argv);
1874 return NT_STATUS_OK;
1877 init_lsa_String(&alias_name, argv[0]);
1879 /* Get sam policy handle */
1881 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1883 MAXIMUM_ALLOWED_ACCESS,
1885 if (!NT_STATUS_IS_OK(result)) goto done;
1887 /* Get domain policy handle */
1889 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1891 MAXIMUM_ALLOWED_ACCESS,
1892 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1894 if (!NT_STATUS_IS_OK(result)) goto done;
1896 /* Create the group */
1898 result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
1901 MAXIMUM_ALLOWED_ACCESS,
1904 if (!NT_STATUS_IS_OK(result)) goto done;
1906 if (strlen(opt_comment) == 0) goto done;
1908 /* We've got a comment to set */
1910 init_lsa_String(&alias_info.description, opt_comment);
1912 result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
1917 if (!NT_STATUS_IS_OK(result)) goto done;
1920 if (NT_STATUS_IS_OK(result))
1921 DEBUG(5, ("add alias succeeded\n"));
1923 d_fprintf(stderr, "add alias failed: %s\n", nt_errstr(result));
1928 static int rpc_group_add(int argc, const char **argv)
1931 return run_rpc_command(NULL, PI_SAMR, 0,
1932 rpc_alias_add_internals,
1935 return run_rpc_command(NULL, PI_SAMR, 0,
1936 rpc_group_add_internals,
1940 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1941 TALLOC_CTX *mem_ctx,
1944 enum lsa_SidType *type)
1946 DOM_SID *sids = NULL;
1947 enum lsa_SidType *types = NULL;
1948 struct rpc_pipe_client *pipe_hnd;
1950 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1952 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
1957 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, False,
1958 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
1960 if (!NT_STATUS_IS_OK(result)) {
1964 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1965 &name, NULL, 1, &sids, &types);
1967 if (NT_STATUS_IS_OK(result)) {
1968 sid_copy(sid, &sids[0]);
1972 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
1976 TALLOC_FREE(pipe_hnd);
1979 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1981 /* Try as S-1-5-whatever */
1985 if (string_to_sid(&tmp_sid, name)) {
1986 sid_copy(sid, &tmp_sid);
1987 *type = SID_NAME_UNKNOWN;
1988 result = NT_STATUS_OK;
1995 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1996 TALLOC_CTX *mem_ctx,
1997 const DOM_SID *group_sid,
2000 POLICY_HND connect_pol, domain_pol;
2003 POLICY_HND group_pol;
2005 struct samr_Ids rids, rid_types;
2006 struct lsa_String lsa_acct_name;
2010 sid_copy(&sid, group_sid);
2012 if (!sid_split_rid(&sid, &group_rid)) {
2013 return NT_STATUS_UNSUCCESSFUL;
2016 /* Get sam policy handle */
2017 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2019 MAXIMUM_ALLOWED_ACCESS,
2021 if (!NT_STATUS_IS_OK(result)) {
2025 /* Get domain policy handle */
2026 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2028 MAXIMUM_ALLOWED_ACCESS,
2031 if (!NT_STATUS_IS_OK(result)) {
2035 init_lsa_String(&lsa_acct_name, member);
2037 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2044 if (!NT_STATUS_IS_OK(result)) {
2045 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2049 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2051 MAXIMUM_ALLOWED_ACCESS,
2055 if (!NT_STATUS_IS_OK(result)) {
2059 result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
2062 0x0005); /* unknown flags */
2065 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2069 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2070 TALLOC_CTX *mem_ctx,
2071 const DOM_SID *alias_sid,
2074 POLICY_HND connect_pol, domain_pol;
2077 POLICY_HND alias_pol;
2080 enum lsa_SidType member_type;
2084 sid_copy(&sid, alias_sid);
2086 if (!sid_split_rid(&sid, &alias_rid)) {
2087 return NT_STATUS_UNSUCCESSFUL;
2090 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2091 member, &member_sid, &member_type);
2093 if (!NT_STATUS_IS_OK(result)) {
2094 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2098 /* Get sam policy handle */
2099 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2101 MAXIMUM_ALLOWED_ACCESS,
2103 if (!NT_STATUS_IS_OK(result)) {
2107 /* Get domain policy handle */
2108 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2110 MAXIMUM_ALLOWED_ACCESS,
2113 if (!NT_STATUS_IS_OK(result)) {
2117 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2119 MAXIMUM_ALLOWED_ACCESS,
2123 if (!NT_STATUS_IS_OK(result)) {
2127 result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
2131 if (!NT_STATUS_IS_OK(result)) {
2136 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2140 static NTSTATUS rpc_group_addmem_internals(const DOM_SID *domain_sid,
2141 const char *domain_name,
2142 struct cli_state *cli,
2143 struct rpc_pipe_client *pipe_hnd,
2144 TALLOC_CTX *mem_ctx,
2149 enum lsa_SidType group_type;
2152 d_printf("Usage: 'net rpc group addmem <group> <member>\n");
2153 return NT_STATUS_UNSUCCESSFUL;
2156 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2157 &group_sid, &group_type))) {
2158 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2159 return NT_STATUS_UNSUCCESSFUL;
2162 if (group_type == SID_NAME_DOM_GRP) {
2163 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2164 &group_sid, argv[1]);
2166 if (!NT_STATUS_IS_OK(result)) {
2167 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2168 argv[1], argv[0], nt_errstr(result));
2173 if (group_type == SID_NAME_ALIAS) {
2174 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2175 &group_sid, argv[1]);
2177 if (!NT_STATUS_IS_OK(result)) {
2178 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2179 argv[1], argv[0], nt_errstr(result));
2184 d_fprintf(stderr, "Can only add members to global or local groups "
2185 "which %s is not\n", argv[0]);
2187 return NT_STATUS_UNSUCCESSFUL;
2190 static int rpc_group_addmem(int argc, const char **argv)
2192 return run_rpc_command(NULL, PI_SAMR, 0,
2193 rpc_group_addmem_internals,
2197 static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
2198 TALLOC_CTX *mem_ctx,
2199 const DOM_SID *group_sid,
2202 POLICY_HND connect_pol, domain_pol;
2205 POLICY_HND group_pol;
2207 struct samr_Ids rids, rid_types;
2208 struct lsa_String lsa_acct_name;
2212 sid_copy(&sid, group_sid);
2214 if (!sid_split_rid(&sid, &group_rid))
2215 return NT_STATUS_UNSUCCESSFUL;
2217 /* Get sam policy handle */
2218 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2220 MAXIMUM_ALLOWED_ACCESS,
2222 if (!NT_STATUS_IS_OK(result))
2225 /* Get domain policy handle */
2226 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2228 MAXIMUM_ALLOWED_ACCESS,
2231 if (!NT_STATUS_IS_OK(result))
2234 init_lsa_String(&lsa_acct_name, member);
2236 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2242 if (!NT_STATUS_IS_OK(result)) {
2243 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2247 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2249 MAXIMUM_ALLOWED_ACCESS,
2253 if (!NT_STATUS_IS_OK(result))
2256 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
2261 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2265 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2266 TALLOC_CTX *mem_ctx,
2267 const DOM_SID *alias_sid,
2270 POLICY_HND connect_pol, domain_pol;
2273 POLICY_HND alias_pol;
2276 enum lsa_SidType member_type;
2280 sid_copy(&sid, alias_sid);
2282 if (!sid_split_rid(&sid, &alias_rid))
2283 return NT_STATUS_UNSUCCESSFUL;
2285 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2286 member, &member_sid, &member_type);
2288 if (!NT_STATUS_IS_OK(result)) {
2289 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2293 /* Get sam policy handle */
2294 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2296 MAXIMUM_ALLOWED_ACCESS,
2298 if (!NT_STATUS_IS_OK(result)) {
2302 /* Get domain policy handle */
2303 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2305 MAXIMUM_ALLOWED_ACCESS,
2308 if (!NT_STATUS_IS_OK(result)) {
2312 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2314 MAXIMUM_ALLOWED_ACCESS,
2318 if (!NT_STATUS_IS_OK(result))
2321 result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2325 if (!NT_STATUS_IS_OK(result))
2329 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2333 static NTSTATUS rpc_group_delmem_internals(const DOM_SID *domain_sid,
2334 const char *domain_name,
2335 struct cli_state *cli,
2336 struct rpc_pipe_client *pipe_hnd,
2337 TALLOC_CTX *mem_ctx,
2342 enum lsa_SidType group_type;
2345 d_printf("Usage: 'net rpc group delmem <group> <member>\n");
2346 return NT_STATUS_UNSUCCESSFUL;
2349 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2350 &group_sid, &group_type))) {
2351 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2352 return NT_STATUS_UNSUCCESSFUL;
2355 if (group_type == SID_NAME_DOM_GRP) {
2356 NTSTATUS result = rpc_del_groupmem(pipe_hnd, mem_ctx,
2357 &group_sid, argv[1]);
2359 if (!NT_STATUS_IS_OK(result)) {
2360 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2361 argv[1], argv[0], nt_errstr(result));
2366 if (group_type == SID_NAME_ALIAS) {
2367 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2368 &group_sid, argv[1]);
2370 if (!NT_STATUS_IS_OK(result)) {
2371 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2372 argv[1], argv[0], nt_errstr(result));
2377 d_fprintf(stderr, "Can only delete members from global or local groups "
2378 "which %s is not\n", argv[0]);
2380 return NT_STATUS_UNSUCCESSFUL;
2383 static int rpc_group_delmem(int argc, const char **argv)
2385 return run_rpc_command(NULL, PI_SAMR, 0,
2386 rpc_group_delmem_internals,
2391 * List groups on a remote RPC server
2393 * All parameters are provided by the run_rpc_command function, except for
2394 * argc, argv which are passes through.
2396 * @param domain_sid The domain sid acquired from the remote server
2397 * @param cli A cli_state connected to the server.
2398 * @param mem_ctx Talloc context, destoyed on completion of the function.
2399 * @param argc Standard main() style argc
2400 * @param argv Standard main() style argv. Initial components are already
2403 * @return Normal NTSTATUS return.
2406 static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
2407 const char *domain_name,
2408 struct cli_state *cli,
2409 struct rpc_pipe_client *pipe_hnd,
2410 TALLOC_CTX *mem_ctx,
2414 POLICY_HND connect_pol, domain_pol;
2415 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2416 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2417 struct samr_SamArray *groups = NULL;
2418 bool global = False;
2420 bool builtin = False;
2428 for (i=0; i<argc; i++) {
2429 if (strequal(argv[i], "global"))
2432 if (strequal(argv[i], "local"))
2435 if (strequal(argv[i], "builtin"))
2439 /* Get sam policy handle */
2441 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2443 MAXIMUM_ALLOWED_ACCESS,
2445 if (!NT_STATUS_IS_OK(result)) {
2449 /* Get domain policy handle */
2451 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2453 MAXIMUM_ALLOWED_ACCESS,
2454 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2456 if (!NT_STATUS_IS_OK(result)) {
2460 /* Query domain groups */
2461 if (opt_long_list_entries)
2462 d_printf("\nGroup name Comment"\
2463 "\n-----------------------------\n");
2465 uint32_t max_size, total_size, returned_size;
2466 union samr_DispInfo info;
2470 get_query_dispinfo_params(
2471 loop_count, &max_entries, &max_size);
2473 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2482 num_entries = info.info3.count;
2483 start_idx += info.info3.count;
2485 if (!NT_STATUS_IS_OK(result) &&
2486 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2489 for (i = 0; i < num_entries; i++) {
2491 const char *group = NULL;
2492 const char *desc = NULL;
2494 group = info.info3.entries[i].account_name.string;
2495 desc = info.info3.entries[i].description.string;
2497 if (opt_long_list_entries)
2498 printf("%-21.21s %-50.50s\n",
2501 printf("%s\n", group);
2503 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2504 /* query domain aliases */
2509 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2515 if (!NT_STATUS_IS_OK(result) &&
2516 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2519 for (i = 0; i < num_entries; i++) {
2521 const char *description = NULL;
2523 if (opt_long_list_entries) {
2525 POLICY_HND alias_pol;
2526 union samr_AliasInfo *info = NULL;
2528 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2531 groups->entries[i].idx,
2533 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2537 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2539 description = info->description.string;
2543 if (description != NULL) {
2544 printf("%-21.21s %-50.50s\n",
2545 groups->entries[i].name.string,
2548 printf("%s\n", groups->entries[i].name.string);
2551 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2552 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2553 /* Get builtin policy handle */
2555 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2557 MAXIMUM_ALLOWED_ACCESS,
2558 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2560 if (!NT_STATUS_IS_OK(result)) {
2563 /* query builtin aliases */
2566 if (!builtin) break;
2568 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2574 if (!NT_STATUS_IS_OK(result) &&
2575 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2578 for (i = 0; i < num_entries; i++) {
2580 const char *description = NULL;
2582 if (opt_long_list_entries) {
2584 POLICY_HND alias_pol;
2585 union samr_AliasInfo *info = NULL;
2587 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2590 groups->entries[i].idx,
2592 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2596 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2598 description = info->description.string;
2602 if (description != NULL) {
2603 printf("%-21.21s %-50.50s\n",
2604 groups->entries[i].name.string,
2607 printf("%s\n", groups->entries[i].name.string);
2610 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2616 static int rpc_group_list(int argc, const char **argv)
2618 return run_rpc_command(NULL, PI_SAMR, 0,
2619 rpc_group_list_internals,
2623 static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
2624 TALLOC_CTX *mem_ctx,
2625 const char *domain_name,
2626 const DOM_SID *domain_sid,
2627 POLICY_HND *domain_pol,
2631 POLICY_HND group_pol;
2632 uint32 num_members, *group_rids;
2634 struct samr_RidTypeArray *rids = NULL;
2635 struct lsa_Strings names;
2636 struct samr_Ids types;
2639 sid_to_fstring(sid_str, domain_sid);
2641 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2643 MAXIMUM_ALLOWED_ACCESS,
2647 if (!NT_STATUS_IS_OK(result))
2650 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2654 if (!NT_STATUS_IS_OK(result))
2657 num_members = rids->count;
2658 group_rids = rids->rids;
2660 while (num_members > 0) {
2661 int this_time = 512;
2663 if (num_members < this_time)
2664 this_time = num_members;
2666 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2673 if (!NT_STATUS_IS_OK(result))
2676 /* We only have users as members, but make the output
2677 the same as the output of alias members */
2679 for (i = 0; i < this_time; i++) {
2681 if (opt_long_list_entries) {
2682 printf("%s-%d %s\\%s %d\n", sid_str,
2683 group_rids[i], domain_name,
2684 names.names[i].string,
2687 printf("%s\\%s\n", domain_name,
2688 names.names[i].string);
2692 num_members -= this_time;
2696 return NT_STATUS_OK;
2699 static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
2700 TALLOC_CTX *mem_ctx,
2701 POLICY_HND *domain_pol,
2705 struct rpc_pipe_client *lsa_pipe;
2706 POLICY_HND alias_pol, lsa_pol;
2708 DOM_SID *alias_sids;
2711 enum lsa_SidType *types;
2713 struct lsa_SidArray sid_array;
2715 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2717 MAXIMUM_ALLOWED_ACCESS,
2721 if (!NT_STATUS_IS_OK(result))
2724 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2728 if (!NT_STATUS_IS_OK(result)) {
2729 d_fprintf(stderr, "Couldn't list alias members\n");
2733 num_members = sid_array.num_sids;
2735 if (num_members == 0) {
2736 return NT_STATUS_OK;
2739 lsa_pipe = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2740 PI_LSARPC, &result);
2742 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2743 nt_errstr(result) );
2747 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
2748 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2750 if (!NT_STATUS_IS_OK(result)) {
2751 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2752 TALLOC_FREE(lsa_pipe);
2756 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2758 d_fprintf(stderr, "Out of memory\n");
2759 TALLOC_FREE(lsa_pipe);
2760 return NT_STATUS_NO_MEMORY;
2763 for (i=0; i<num_members; i++) {
2764 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2767 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
2769 &domains, &names, &types);
2771 if (!NT_STATUS_IS_OK(result) &&
2772 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2773 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2774 TALLOC_FREE(lsa_pipe);
2778 for (i = 0; i < num_members; i++) {
2780 sid_to_fstring(sid_str, &alias_sids[i]);
2782 if (opt_long_list_entries) {
2783 printf("%s %s\\%s %d\n", sid_str,
2784 domains[i] ? domains[i] : "*unknown*",
2785 names[i] ? names[i] : "*unknown*", types[i]);
2788 printf("%s\\%s\n", domains[i], names[i]);
2790 printf("%s\n", sid_str);
2794 TALLOC_FREE(lsa_pipe);
2795 return NT_STATUS_OK;
2798 static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
2799 const char *domain_name,
2800 struct cli_state *cli,
2801 struct rpc_pipe_client *pipe_hnd,
2802 TALLOC_CTX *mem_ctx,
2807 POLICY_HND connect_pol, domain_pol;
2808 struct samr_Ids rids, rid_types;
2809 struct lsa_String lsa_acct_name;
2811 /* Get sam policy handle */
2813 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2815 MAXIMUM_ALLOWED_ACCESS,
2818 if (!NT_STATUS_IS_OK(result))
2821 /* Get domain policy handle */
2823 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2825 MAXIMUM_ALLOWED_ACCESS,
2826 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2829 if (!NT_STATUS_IS_OK(result))
2832 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2834 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2841 if (!NT_STATUS_IS_OK(result)) {
2843 /* Ok, did not find it in the global sam, try with builtin */
2845 DOM_SID sid_Builtin;
2847 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2849 sid_copy(&sid_Builtin, &global_sid_Builtin);
2851 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2853 MAXIMUM_ALLOWED_ACCESS,
2857 if (!NT_STATUS_IS_OK(result)) {
2858 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2862 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2869 if (!NT_STATUS_IS_OK(result)) {
2870 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2875 if (rids.count != 1) {
2876 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2880 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2881 return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
2882 domain_sid, &domain_pol,
2886 if (rid_types.ids[0] == SID_NAME_ALIAS) {
2887 return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
2891 return NT_STATUS_NO_SUCH_GROUP;
2894 static int rpc_group_members(int argc, const char **argv)
2897 return rpc_group_usage(argc, argv);
2900 return run_rpc_command(NULL, PI_SAMR, 0,
2901 rpc_group_members_internals,
2905 static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
2906 const char *domain_name,
2907 struct cli_state *cli,
2908 struct rpc_pipe_client *pipe_hnd,
2909 TALLOC_CTX *mem_ctx,
2914 POLICY_HND connect_pol, domain_pol, group_pol;
2915 union samr_GroupInfo group_info;
2916 struct samr_Ids rids, rid_types;
2917 struct lsa_String lsa_acct_name;
2920 d_printf("Usage: 'net rpc group rename group newname'\n");
2921 return NT_STATUS_UNSUCCESSFUL;
2924 /* Get sam policy handle */
2926 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2928 MAXIMUM_ALLOWED_ACCESS,
2931 if (!NT_STATUS_IS_OK(result))
2934 /* Get domain policy handle */
2936 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2938 MAXIMUM_ALLOWED_ACCESS,
2939 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2942 if (!NT_STATUS_IS_OK(result))
2945 init_lsa_String(&lsa_acct_name, argv[0]);
2947 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2954 if (rids.count != 1) {
2955 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2959 if (rid_types.ids[0] != SID_NAME_DOM_GRP) {
2960 d_fprintf(stderr, "Can only rename domain groups\n");
2961 return NT_STATUS_UNSUCCESSFUL;
2964 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2966 MAXIMUM_ALLOWED_ACCESS,
2970 if (!NT_STATUS_IS_OK(result))
2973 init_lsa_String(&group_info.name, argv[1]);
2975 result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
2980 if (!NT_STATUS_IS_OK(result))
2983 return NT_STATUS_NO_SUCH_GROUP;
2986 static int rpc_group_rename(int argc, const char **argv)
2989 return rpc_group_usage(argc, argv);
2992 return run_rpc_command(NULL, PI_SAMR, 0,
2993 rpc_group_rename_internals,
2998 * 'net rpc group' entrypoint.
2999 * @param argc Standard main() style argc
3000 * @param argc Standard main() style argv. Initial components are already
3004 int net_rpc_group(int argc, const char **argv)
3006 struct functable func[] = {
3007 {"add", rpc_group_add},
3008 {"delete", rpc_group_delete},
3009 {"addmem", rpc_group_addmem},
3010 {"delmem", rpc_group_delmem},
3011 {"list", rpc_group_list},
3012 {"members", rpc_group_members},
3013 {"rename", rpc_group_rename},
3018 return run_rpc_command(NULL, PI_SAMR, 0,
3019 rpc_group_list_internals,
3023 return net_run_function(argc, argv, func, rpc_group_usage);
3026 /****************************************************************************/
3028 static int rpc_share_usage(int argc, const char **argv)
3030 return net_help_share(argc, argv);
3034 * Add a share on a remote RPC server
3036 * All parameters are provided by the run_rpc_command function, except for
3037 * argc, argv which are passes through.
3039 * @param domain_sid The domain sid acquired from the remote server
3040 * @param cli A cli_state connected to the server.
3041 * @param mem_ctx Talloc context, destoyed on completion of the function.
3042 * @param argc Standard main() style argc
3043 * @param argv Standard main() style argv. Initial components are already
3046 * @return Normal NTSTATUS return.
3048 static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid,
3049 const char *domain_name,
3050 struct cli_state *cli,
3051 struct rpc_pipe_client *pipe_hnd,
3052 TALLOC_CTX *mem_ctx,int argc,
3059 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3060 uint32 num_users=0, perms=0;
3061 char *password=NULL; /* don't allow a share password */
3063 union srvsvc_NetShareInfo info;
3064 struct srvsvc_NetShareInfo2 info2;
3065 uint32_t parm_error = 0;
3067 if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
3068 return NT_STATUS_NO_MEMORY;
3071 path = strchr(sharename, '=');
3073 return NT_STATUS_UNSUCCESSFUL;
3076 info2.name = sharename;
3078 info2.comment = opt_comment;
3079 info2.permissions = perms;
3080 info2.max_users = opt_maxusers;
3081 info2.current_users = num_users;
3083 info2.password = password;
3085 info.info2 = &info2;
3087 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
3096 static int rpc_share_add(int argc, const char **argv)
3098 if ((argc < 1) || !strchr(argv[0], '=')) {
3099 DEBUG(1,("Sharename or path not specified on add\n"));
3100 return rpc_share_usage(argc, argv);
3102 return run_rpc_command(NULL, PI_SRVSVC, 0,
3103 rpc_share_add_internals,
3108 * Delete a share on a remote RPC server
3110 * All parameters are provided by the run_rpc_command function, except for
3111 * argc, argv which are passes through.
3113 * @param domain_sid The domain sid acquired from the remote server
3114 * @param cli A cli_state connected to the server.
3115 * @param mem_ctx Talloc context, destoyed on completion of the function.
3116 * @param argc Standard main() style argc
3117 * @param argv Standard main() style argv. Initial components are already
3120 * @return Normal NTSTATUS return.
3122 static NTSTATUS rpc_share_del_internals(const DOM_SID *domain_sid,
3123 const char *domain_name,
3124 struct cli_state *cli,
3125 struct rpc_pipe_client *pipe_hnd,
3126 TALLOC_CTX *mem_ctx,
3132 return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
3140 * Delete a share on a remote RPC server
3142 * @param domain_sid The domain sid acquired from the remote server
3143 * @param argc Standard main() style argc
3144 * @param argv Standard main() style argv. Initial components are already
3147 * @return A shell status integer (0 for success)
3149 static int rpc_share_delete(int argc, const char **argv)
3152 DEBUG(1,("Sharename not specified on delete\n"));
3153 return rpc_share_usage(argc, argv);
3155 return run_rpc_command(NULL, PI_SRVSVC, 0,
3156 rpc_share_del_internals,
3161 * Formatted print of share info
3163 * @param info1 pointer to SRV_SHARE_INFO_1 to format
3166 static void display_share_info_1(struct srvsvc_NetShareInfo1 *r)
3168 if (opt_long_list_entries) {
3169 d_printf("%-12s %-8.8s %-50s\n",
3171 share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
3174 d_printf("%s\n", r->name);
3178 static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
3179 TALLOC_CTX *mem_ctx,
3183 struct srvsvc_NetShareInfoCtr *info_ctr)
3187 union srvsvc_NetShareInfo info;
3189 /* no specific share requested, enumerate all */
3192 uint32_t preferred_len = 0xffffffff;
3193 uint32_t total_entries = 0;
3194 uint32_t resume_handle = 0;
3196 info_ctr->level = level;
3198 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
3208 /* request just one share */
3209 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
3216 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
3221 ZERO_STRUCTP(info_ctr);
3223 info_ctr->level = level;
3228 struct srvsvc_NetShareCtr1 *ctr1;
3230 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3231 W_ERROR_HAVE_NO_MEMORY(ctr1);
3234 ctr1->array = info.info1;
3236 info_ctr->ctr.ctr1 = ctr1;
3240 struct srvsvc_NetShareCtr2 *ctr2;
3242 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3243 W_ERROR_HAVE_NO_MEMORY(ctr2);
3246 ctr2->array = info.info2;
3248 info_ctr->ctr.ctr2 = ctr2;
3252 struct srvsvc_NetShareCtr502 *ctr502;
3254 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3255 W_ERROR_HAVE_NO_MEMORY(ctr502);
3258 ctr502->array = info.info502;
3260 info_ctr->ctr.ctr502 = ctr502;
3268 * List shares on a remote RPC server
3270 * All parameters are provided by the run_rpc_command function, except for
3271 * argc, argv which are passes through.
3273 * @param domain_sid The domain sid acquired from the remote server
3274 * @param cli A cli_state connected to the server.
3275 * @param mem_ctx Talloc context, destoyed on completion of the function.
3276 * @param argc Standard main() style argc
3277 * @param argv Standard main() style argv. Initial components are already
3280 * @return Normal NTSTATUS return.
3283 static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid,
3284 const char *domain_name,
3285 struct cli_state *cli,
3286 struct rpc_pipe_client *pipe_hnd,
3287 TALLOC_CTX *mem_ctx,
3291 struct srvsvc_NetShareInfoCtr info_ctr;
3292 struct srvsvc_NetShareCtr1 ctr1;
3294 uint32 i, level = 1;
3296 ZERO_STRUCT(info_ctr);
3300 info_ctr.ctr.ctr1 = &ctr1;
3302 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr);
3303 if (!W_ERROR_IS_OK(result))
3306 /* Display results */
3308 if (opt_long_list_entries) {
3310 "\nEnumerating shared resources (exports) on remote server:\n\n"\
3311 "\nShare name Type Description\n"\
3312 "---------- ---- -----------\n");
3314 for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
3315 display_share_info_1(&info_ctr.ctr.ctr1->array[i]);
3317 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
3321 * 'net rpc share list' entrypoint.
3322 * @param argc Standard main() style argc
3323 * @param argv Standard main() style argv. Initial components are already
3326 static int rpc_share_list(int argc, const char **argv)
3328 return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_list_internals, argc, argv);
3331 static bool check_share_availability(struct cli_state *cli, const char *netname)
3333 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3334 d_printf("skipping [%s]: not a file share.\n", netname);
3344 static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type)
3346 /* only support disk shares */
3347 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3348 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3352 /* skip builtin shares */
3353 /* FIXME: should print$ be added too ? */
3354 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3355 strequal(netname,"global"))
3358 if (opt_exclude && in_list(netname, opt_exclude, False)) {
3359 printf("excluding [%s]\n", netname);
3363 return check_share_availability(cli, netname);
3367 * Migrate shares from a remote RPC server to the local RPC server
3369 * All parameters are provided by the run_rpc_command function, except for
3370 * argc, argv which are passed through.
3372 * @param domain_sid The domain sid acquired from the remote server
3373 * @param cli A cli_state connected to the server.
3374 * @param mem_ctx Talloc context, destroyed on completion of the function.
3375 * @param argc Standard main() style argc
3376 * @param argv Standard main() style argv. Initial components are already
3379 * @return Normal NTSTATUS return.
3382 static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid,
3383 const char *domain_name,
3384 struct cli_state *cli,
3385 struct rpc_pipe_client *pipe_hnd,
3386 TALLOC_CTX *mem_ctx,
3391 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3392 struct srvsvc_NetShareInfoCtr ctr_src;
3394 struct rpc_pipe_client *srvsvc_pipe = NULL;
3395 struct cli_state *cli_dst = NULL;
3396 uint32 level = 502; /* includes secdesc */
3397 uint32_t parm_error = 0;
3399 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3400 if (!W_ERROR_IS_OK(result))
3403 /* connect destination PI_SRVSVC */
3404 nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
3405 if (!NT_STATUS_IS_OK(nt_status))
3409 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3411 union srvsvc_NetShareInfo info;
3412 struct srvsvc_NetShareInfo502 info502 =
3413 ctr_src.ctr.ctr502->array[i];
3415 /* reset error-code */
3416 nt_status = NT_STATUS_UNSUCCESSFUL;
3418 if (!check_share_sanity(cli, info502.name, info502.type))
3421 /* finally add the share on the dst server */
3423 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
3424 info502.name, info502.path, info502.comment);
3426 info.info502 = &info502;
3428 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3429 srvsvc_pipe->desthost,
3435 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3436 printf(" [%s] does already exist\n",
3441 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3442 printf("cannot add share: %s\n", dos_errstr(result));
3448 nt_status = NT_STATUS_OK;
3452 cli_shutdown(cli_dst);
3460 * Migrate shares from a rpc-server to another
3462 * @param argc Standard main() style argc
3463 * @param argv Standard main() style argv. Initial components are already
3466 * @return A shell status integer (0 for success)
3468 static int rpc_share_migrate_shares(int argc, const char **argv)
3472 printf("no server to migrate\n");
3476 return run_rpc_command(NULL, PI_SRVSVC, 0,
3477 rpc_share_migrate_shares_internals,
3484 * @param f file_info
3485 * @param mask current search mask
3486 * @param state arg-pointer
3489 static void copy_fn(const char *mnt, file_info *f, const char *mask, void *state)
3491 static NTSTATUS nt_status;
3492 static struct copy_clistate *local_state;
3493 static fstring filename, new_mask;
3497 local_state = (struct copy_clistate *)state;
3498 nt_status = NT_STATUS_UNSUCCESSFUL;
3500 if (strequal(f->name, ".") || strequal(f->name, ".."))
3503 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3506 if (f->mode & aDIR) {
3508 DEBUG(3,("got dir: %s\n", f->name));
3510 fstrcpy(dir, local_state->cwd);
3512 fstrcat(dir, f->name);
3514 switch (net_mode_share)
3516 case NET_MODE_SHARE_MIGRATE:
3517 /* create that directory */
3518 nt_status = net_copy_file(local_state->mem_ctx,
3519 local_state->cli_share_src,
3520 local_state->cli_share_dst,
3522 opt_acls? True : False,
3523 opt_attrs? True : False,
3524 opt_timestamps? True : False,
3528 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3532 if (!NT_STATUS_IS_OK(nt_status))
3533 printf("could not handle dir %s: %s\n",
3534 dir, nt_errstr(nt_status));
3536 /* search below that directory */
3537 fstrcpy(new_mask, dir);
3538 fstrcat(new_mask, "\\*");
3540 old_dir = local_state->cwd;
3541 local_state->cwd = dir;
3542 if (!sync_files(local_state, new_mask))
3543 printf("could not handle files\n");
3544 local_state->cwd = old_dir;
3551 fstrcpy(filename, local_state->cwd);
3552 fstrcat(filename, "\\");
3553 fstrcat(filename, f->name);
3555 DEBUG(3,("got file: %s\n", filename));
3557 switch (net_mode_share)
3559 case NET_MODE_SHARE_MIGRATE:
3560 nt_status = net_copy_file(local_state->mem_ctx,
3561 local_state->cli_share_src,
3562 local_state->cli_share_dst,
3564 opt_acls? True : False,
3565 opt_attrs? True : False,
3566 opt_timestamps? True: False,
3570 d_fprintf(stderr, "Unsupported file mode %d\n", net_mode_share);
3574 if (!NT_STATUS_IS_OK(nt_status))
3575 printf("could not handle file %s: %s\n",
3576 filename, nt_errstr(nt_status));
3581 * sync files, can be called recursivly to list files
3582 * and then call copy_fn for each file
3584 * @param cp_clistate pointer to the copy_clistate we work with
3585 * @param mask the current search mask
3587 * @return Boolean result
3589 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
3591 struct cli_state *targetcli;
3592 char *targetpath = NULL;
3594 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3596 if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
3597 mask, &targetcli, &targetpath ) ) {
3598 d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
3599 mask, cli_errstr(cp_clistate->cli_share_src));
3603 if (cli_list(targetcli, targetpath, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3604 d_fprintf(stderr, "listing %s failed with error: %s\n",
3605 mask, cli_errstr(targetcli));
3614 * Set the top level directory permissions before we do any further copies.
3615 * Should set up ACL inheritance.
3618 bool copy_top_level_perms(struct copy_clistate *cp_clistate,
3619 const char *sharename)
3621 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3623 switch (net_mode_share) {
3624 case NET_MODE_SHARE_MIGRATE:
3625 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3626 nt_status = net_copy_fileattr(cp_clistate->mem_ctx,
3627 cp_clistate->cli_share_src,
3628 cp_clistate->cli_share_dst,
3630 opt_acls? True : False,
3631 opt_attrs? True : False,
3632 opt_timestamps? True: False,
3636 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3640 if (!NT_STATUS_IS_OK(nt_status)) {
3641 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3642 sharename, nt_errstr(nt_status));
3650 * Sync all files inside a remote share to another share (over smb)
3652 * All parameters are provided by the run_rpc_command function, except for
3653 * argc, argv which are passes through.
3655 * @param domain_sid The domain sid acquired from the remote server
3656 * @param cli A cli_state connected to the server.
3657 * @param mem_ctx Talloc context, destoyed on completion of the function.
3658 * @param argc Standard main() style argc
3659 * @param argv Standard main() style argv. Initial components are already
3662 * @return Normal NTSTATUS return.
3665 static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid,
3666 const char *domain_name,
3667 struct cli_state *cli,
3668 struct rpc_pipe_client *pipe_hnd,
3669 TALLOC_CTX *mem_ctx,
3674 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3675 struct srvsvc_NetShareInfoCtr ctr_src;
3678 struct copy_clistate cp_clistate;
3679 bool got_src_share = False;
3680 bool got_dst_share = False;
3681 const char *mask = "\\*";
3684 dst = SMB_STRDUP(opt_destination?opt_destination:"127.0.0.1");
3686 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3688 if (!W_ERROR_IS_OK(result))
3691 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3693 struct srvsvc_NetShareInfo502 info502 =
3694 ctr_src.ctr.ctr502->array[i];
3696 if (!check_share_sanity(cli, info502.name, info502.type))
3699 /* one might not want to mirror whole discs :) */
3700 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3701 d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
3705 switch (net_mode_share)
3707 case NET_MODE_SHARE_MIGRATE:
3711 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3714 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3716 opt_acls ? "including" : "without",
3717 opt_attrs ? "including" : "without",
3718 opt_timestamps ? "(preserving timestamps)" : "");
3720 cp_clistate.mem_ctx = mem_ctx;
3721 cp_clistate.cli_share_src = NULL;
3722 cp_clistate.cli_share_dst = NULL;
3723 cp_clistate.cwd = NULL;
3724 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3726 /* open share source */
3727 nt_status = connect_to_service(&cp_clistate.cli_share_src,
3728 &cli->dest_ss, cli->desthost,
3729 info502.name, "A:");
3730 if (!NT_STATUS_IS_OK(nt_status))
3733 got_src_share = True;
3735 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3736 /* open share destination */
3737 nt_status = connect_to_service(&cp_clistate.cli_share_dst,
3738 NULL, dst, info502.name, "A:");
3739 if (!NT_STATUS_IS_OK(nt_status))
3742 got_dst_share = True;
3745 if (!copy_top_level_perms(&cp_clistate, info502.name)) {
3746 d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
3747 nt_status = NT_STATUS_UNSUCCESSFUL;
3751 if (!sync_files(&cp_clistate, mask)) {
3752 d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
3753 nt_status = NT_STATUS_UNSUCCESSFUL;
3758 nt_status = NT_STATUS_OK;
3763 cli_shutdown(cp_clistate.cli_share_src);
3766 cli_shutdown(cp_clistate.cli_share_dst);
3772 static int rpc_share_migrate_files(int argc, const char **argv)
3776 printf("no server to migrate\n");
3780 return run_rpc_command(NULL, PI_SRVSVC, 0,
3781 rpc_share_migrate_files_internals,
3786 * Migrate share-ACLs from a remote RPC server to the local RPC srever
3788 * All parameters are provided by the run_rpc_command function, except for
3789 * argc, argv which are passes through.
3791 * @param domain_sid The domain sid acquired from the remote server
3792 * @param cli A cli_state connected to the server.
3793 * @param mem_ctx Talloc context, destoyed on completion of the function.
3794 * @param argc Standard main() style argc
3795 * @param argv Standard main() style argv. Initial components are already
3798 * @return Normal NTSTATUS return.
3801 static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid,
3802 const char *domain_name,
3803 struct cli_state *cli,
3804 struct rpc_pipe_client *pipe_hnd,
3805 TALLOC_CTX *mem_ctx,
3810 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3811 struct srvsvc_NetShareInfoCtr ctr_src;
3812 union srvsvc_NetShareInfo info;
3814 struct rpc_pipe_client *srvsvc_pipe = NULL;
3815 struct cli_state *cli_dst = NULL;
3816 uint32 level = 502; /* includes secdesc */
3817 uint32_t parm_error = 0;
3819 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3821 if (!W_ERROR_IS_OK(result))
3824 /* connect destination PI_SRVSVC */
3825 nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
3826 if (!NT_STATUS_IS_OK(nt_status))
3830 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3832 struct srvsvc_NetShareInfo502 info502 =
3833 ctr_src.ctr.ctr502->array[i];
3835 /* reset error-code */
3836 nt_status = NT_STATUS_UNSUCCESSFUL;
3838 if (!check_share_sanity(cli, info502.name, info502.type))
3841 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3842 info502.name, info502.path, info502.comment);
3845 display_sec_desc(info502.sd_buf.sd);
3847 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3848 info.info502 = &info502;
3850 /* finally modify the share on the dst server */
3851 nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
3852 srvsvc_pipe->desthost,
3858 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3859 printf("cannot set share-acl: %s\n", dos_errstr(result));
3865 nt_status = NT_STATUS_OK;
3869 cli_shutdown(cli_dst);
3877 * Migrate share-acls from a rpc-server to another
3879 * @param argc Standard main() style argc
3880 * @param argv Standard main() style argv. Initial components are already
3883 * @return A shell status integer (0 for success)
3885 static int rpc_share_migrate_security(int argc, const char **argv)
3889 printf("no server to migrate\n");
3893 return run_rpc_command(NULL, PI_SRVSVC, 0,
3894 rpc_share_migrate_security_internals,
3899 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
3900 * from one server to another
3902 * @param argc Standard main() style argc
3903 * @param argv Standard main() style argv. Initial components are already
3906 * @return A shell status integer (0 for success)
3909 static int rpc_share_migrate_all(int argc, const char **argv)
3914 printf("no server to migrate\n");
3918 /* order is important. we don't want to be locked out by the share-acl
3919 * before copying files - gd */
3921 ret = run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_shares_internals, argc, argv);
3925 ret = run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_files_internals, argc, argv);
3929 return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_security_internals, argc, argv);
3934 * 'net rpc share migrate' entrypoint.
3935 * @param argc Standard main() style argc
3936 * @param argv Standard main() style argv. Initial components are already
3939 static int rpc_share_migrate(int argc, const char **argv)
3942 struct functable func[] = {
3943 {"all", rpc_share_migrate_all},
3944 {"files", rpc_share_migrate_files},
3945 {"help", rpc_share_usage},
3946 {"security", rpc_share_migrate_security},
3947 {"shares", rpc_share_migrate_shares},
3951 net_mode_share = NET_MODE_SHARE_MIGRATE;
3953 return net_run_function(argc, argv, func, rpc_share_usage);
3962 static int num_server_aliases;
3963 static struct full_alias *server_aliases;
3966 * Add an alias to the static list.
3968 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
3970 if (server_aliases == NULL)
3971 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
3973 server_aliases[num_server_aliases] = *alias;
3974 num_server_aliases += 1;
3978 * For a specific domain on the server, fetch all the aliases
3979 * and their members. Add all of them to the server_aliases.
3982 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
3983 TALLOC_CTX *mem_ctx,
3984 POLICY_HND *connect_pol,
3985 const DOM_SID *domain_sid)
3987 uint32 start_idx, max_entries, num_entries, i;
3988 struct samr_SamArray *groups = NULL;
3990 POLICY_HND domain_pol;
3992 /* Get domain policy handle */
3994 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
3996 MAXIMUM_ALLOWED_ACCESS,
3997 CONST_DISCARD(struct dom_sid2 *, domain_sid),
3999 if (!NT_STATUS_IS_OK(result))
4006 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
4012 for (i = 0; i < num_entries; i++) {
4014 POLICY_HND alias_pol;
4015 struct full_alias alias;
4016 struct lsa_SidArray sid_array;
4019 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
4021 MAXIMUM_ALLOWED_ACCESS,
4022 groups->entries[i].idx,
4024 if (!NT_STATUS_IS_OK(result))
4027 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
4030 if (!NT_STATUS_IS_OK(result))
4033 alias.num_members = sid_array.num_sids;
4035 result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
4036 if (!NT_STATUS_IS_OK(result))
4039 alias.members = NULL;
4041 if (alias.num_members > 0) {
4042 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
4044 for (j = 0; j < alias.num_members; j++)
4045 sid_copy(&alias.members[j],
4046 sid_array.sids[j].sid);
4049 sid_copy(&alias.sid, domain_sid);
4050 sid_append_rid(&alias.sid, groups->entries[i].idx);
4052 push_alias(mem_ctx, &alias);
4054 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4056 result = NT_STATUS_OK;
4059 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
4065 * Dump server_aliases as names for debugging purposes.
4068 static NTSTATUS rpc_aliaslist_dump(const DOM_SID *domain_sid,
4069 const char *domain_name,
4070 struct cli_state *cli,
4071 struct rpc_pipe_client *pipe_hnd,
4072 TALLOC_CTX *mem_ctx,
4080 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
4081 SEC_RIGHTS_MAXIMUM_ALLOWED,
4083 if (!NT_STATUS_IS_OK(result))
4086 for (i=0; i<num_server_aliases; i++) {
4089 enum lsa_SidType *types;
4092 struct full_alias *alias = &server_aliases[i];
4094 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4096 &domains, &names, &types);
4097 if (!NT_STATUS_IS_OK(result))
4100 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4102 if (alias->num_members == 0) {
4107 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4110 &domains, &names, &types);
4112 if (!NT_STATUS_IS_OK(result) &&
4113 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4116 for (j=0; j<alias->num_members; j++)
4117 DEBUG(1, ("%s\\%s (%d); ",
4118 domains[j] ? domains[j] : "*unknown*",
4119 names[j] ? names[j] : "*unknown*",types[j]));
4123 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
4125 return NT_STATUS_OK;
4129 * Fetch a list of all server aliases and their members into
4133 static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid,
4134 const char *domain_name,
4135 struct cli_state *cli,
4136 struct rpc_pipe_client *pipe_hnd,
4137 TALLOC_CTX *mem_ctx,
4142 POLICY_HND connect_pol;
4144 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
4146 MAXIMUM_ALLOWED_ACCESS,
4149 if (!NT_STATUS_IS_OK(result))
4152 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4153 &global_sid_Builtin);
4155 if (!NT_STATUS_IS_OK(result))
4158 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4161 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
4166 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
4168 token->num_sids = 4;
4170 if (!(token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4))) {
4171 d_fprintf(stderr, "malloc failed\n");
4172 token->num_sids = 0;
4176 token->user_sids[0] = *user_sid;
4177 sid_copy(&token->user_sids[1], &global_sid_World);
4178 sid_copy(&token->user_sids[2], &global_sid_Network);
4179 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
4182 static void free_user_token(NT_USER_TOKEN *token)
4184 SAFE_FREE(token->user_sids);
4187 static bool is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
4191 for (i=0; i<token->num_sids; i++) {
4192 if (sid_compare(sid, &token->user_sids[i]) == 0)
4198 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
4200 if (is_sid_in_token(token, sid))
4203 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
4204 if (!token->user_sids) {
4208 sid_copy(&token->user_sids[token->num_sids], sid);
4210 token->num_sids += 1;
4215 NT_USER_TOKEN token;
4218 static void dump_user_token(struct user_token *token)
4222 d_printf("%s\n", token->name);
4224 for (i=0; i<token->token.num_sids; i++) {
4225 d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
4229 static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
4233 for (i=0; i<alias->num_members; i++) {
4234 if (sid_compare(sid, &alias->members[i]) == 0)
4241 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
4245 for (i=0; i<num_server_aliases; i++) {
4246 if (is_alias_member(&sid, &server_aliases[i]))
4247 add_sid_to_token(token, &server_aliases[i].sid);
4252 * We got a user token with all the SIDs we can know about without asking the
4253 * server directly. These are the user and domain group sids. All of these can
4254 * be members of aliases. So scan the list of aliases for each of the SIDs and
4255 * add them to the token.
4258 static void collect_alias_memberships(NT_USER_TOKEN *token)
4260 int num_global_sids = token->num_sids;
4263 for (i=0; i<num_global_sids; i++) {
4264 collect_sid_memberships(token, token->user_sids[i]);
4268 static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
4270 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4271 enum wbcSidType type;
4273 struct wbcDomainSid wsid;
4274 char *sid_str = NULL;
4276 uint32_t num_groups;
4277 gid_t *groups = NULL;
4280 fstr_sprintf(full_name, "%s%c%s",
4281 domain, *lp_winbind_separator(), user);
4283 /* First let's find out the user sid */
4285 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4287 if (!WBC_ERROR_IS_OK(wbc_status)) {
4288 DEBUG(1, ("winbind could not find %s: %s\n",
4289 full_name, wbcErrorString(wbc_status)));
4293 wbc_status = wbcSidToString(&wsid, &sid_str);
4294 if (!WBC_ERROR_IS_OK(wbc_status)) {
4298 if (type != SID_NAME_USER) {
4299 wbcFreeMemory(sid_str);
4300 DEBUG(1, ("%s is not a user\n", full_name));
4304 string_to_sid(&user_sid, sid_str);
4305 wbcFreeMemory(sid_str);
4308 init_user_token(token, &user_sid);
4310 /* And now the groups winbind knows about */
4312 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4313 if (!WBC_ERROR_IS_OK(wbc_status)) {
4314 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4315 full_name, wbcErrorString(wbc_status)));
4319 for (i = 0; i < num_groups; i++) {
4320 gid_t gid = groups[i];
4323 wbc_status = wbcGidToSid(gid, &wsid);
4324 if (!WBC_ERROR_IS_OK(wbc_status)) {
4325 DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
4326 gid, wbcErrorString(wbc_status)));
4327 wbcFreeMemory(groups);
4331 wbc_status = wbcSidToString(&wsid, &sid_str);
4332 if (!WBC_ERROR_IS_OK(wbc_status)) {
4333 wbcFreeMemory(groups);
4337 DEBUG(3, (" %s\n", sid_str));
4339 string_to_sid(&sid, sid_str);
4340 wbcFreeMemory(sid_str);
4343 add_sid_to_token(token, &sid);
4345 wbcFreeMemory(groups);
4351 * Get a list of all user tokens we want to look at
4354 static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens)
4356 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4357 uint32_t i, num_users;
4359 struct user_token *result;
4360 TALLOC_CTX *frame = NULL;
4362 if (lp_winbind_use_default_domain() &&
4363 (opt_target_workgroup == NULL)) {
4364 d_fprintf(stderr, "winbind use default domain = yes set, "
4365 "please specify a workgroup\n");
4369 /* Send request to winbind daemon */
4371 wbc_status = wbcListUsers(NULL, &num_users, &users);
4372 if (!WBC_ERROR_IS_OK(wbc_status)) {
4373 DEBUG(1, ("winbind could not list users: %s\n",
4374 wbcErrorString(wbc_status)));
4378 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4380 if (result == NULL) {
4381 DEBUG(1, ("Could not malloc sid array\n"));
4382 wbcFreeMemory(users);
4386 frame = talloc_stackframe();
4387 for (i=0; i < num_users; i++) {
4388 fstring domain, user;
4391 fstrcpy(result[i].name, users[i]);
4393 p = strchr(users[i], *lp_winbind_separator());
4395 DEBUG(3, ("%s\n", users[i]));
4398 fstrcpy(domain, opt_target_workgroup);
4399 fstrcpy(user, users[i]);
4402 fstrcpy(domain, users[i]);
4407 get_user_sids(domain, user, &(result[i].token));
4411 wbcFreeMemory(users);
4413 *num_tokens = num_users;
4414 *user_tokens = result;
4419 static bool get_user_tokens_from_file(FILE *f,
4421 struct user_token **tokens)
4423 struct user_token *token = NULL;
4428 if (fgets(line, sizeof(line)-1, f) == NULL) {
4432 if (line[strlen(line)-1] == '\n')
4433 line[strlen(line)-1] = '\0';
4435 if (line[0] == ' ') {
4439 string_to_sid(&sid, &line[1]);
4441 if (token == NULL) {
4442 DEBUG(0, ("File does not begin with username"));
4446 add_sid_to_token(&token->token, &sid);
4450 /* And a new user... */
4453 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4454 if (*tokens == NULL) {
4455 DEBUG(0, ("Could not realloc tokens\n"));
4459 token = &((*tokens)[*num_tokens-1]);
4461 fstrcpy(token->name, line);
4462 token->token.num_sids = 0;
4463 token->token.user_sids = NULL;
4472 * Show the list of all users that have access to a share
4475 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4476 TALLOC_CTX *mem_ctx,
4477 const char *netname,
4479 struct user_token *tokens)
4482 SEC_DESC *share_sd = NULL;
4483 SEC_DESC *root_sd = NULL;
4484 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4486 union srvsvc_NetShareInfo info;
4491 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4498 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4499 DEBUG(1, ("Coult not query secdesc for share %s\n",
4504 share_sd = info.info502->sd_buf.sd;
4505 if (share_sd == NULL) {
4506 DEBUG(1, ("Got no secdesc for share %s\n",
4512 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4516 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4519 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4522 for (i=0; i<num_tokens; i++) {
4525 if (share_sd != NULL) {
4526 if (!se_access_check(share_sd, &tokens[i].token,
4527 1, &acc_granted, &status)) {
4528 DEBUG(1, ("Could not check share_sd for "
4534 if (!NT_STATUS_IS_OK(status))
4538 if (root_sd == NULL) {
4539 d_printf(" %s\n", tokens[i].name);
4543 if (!se_access_check(root_sd, &tokens[i].token,
4544 1, &acc_granted, &status)) {
4545 DEBUG(1, ("Could not check root_sd for user %s\n",
4550 if (!NT_STATUS_IS_OK(status))
4553 d_printf(" %s\n", tokens[i].name);
4557 cli_close(cli, fnum);
4569 static void collect_share(const char *name, uint32 m,
4570 const char *comment, void *state)
4572 struct share_list *share_list = (struct share_list *)state;
4574 if (m != STYPE_DISKTREE)
4577 share_list->num_shares += 1;
4578 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4579 if (!share_list->shares) {
4580 share_list->num_shares = 0;
4583 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4586 static void rpc_share_userlist_usage(void)
4592 * List shares on a remote RPC server, including the security descriptors
4594 * All parameters are provided by the run_rpc_command function, except for
4595 * argc, argv which are passes through.
4597 * @param domain_sid The domain sid acquired from the remote server
4598 * @param cli A cli_state connected to the server.
4599 * @param mem_ctx Talloc context, destoyed on completion of the function.
4600 * @param argc Standard main() style argc
4601 * @param argv Standard main() style argv. Initial components are already
4604 * @return Normal NTSTATUS return.
4607 static NTSTATUS rpc_share_allowedusers_internals(const DOM_SID *domain_sid,
4608 const char *domain_name,
4609 struct cli_state *cli,
4610 struct rpc_pipe_client *pipe_hnd,
4611 TALLOC_CTX *mem_ctx,
4621 struct user_token *tokens = NULL;
4624 struct share_list share_list;
4627 rpc_share_userlist_usage();
4628 return NT_STATUS_UNSUCCESSFUL;
4634 f = fopen(argv[0], "r");
4638 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4639 return NT_STATUS_UNSUCCESSFUL;
4642 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4648 DEBUG(0, ("Could not read users from file\n"));
4649 return NT_STATUS_UNSUCCESSFUL;
4652 for (i=0; i<num_tokens; i++)
4653 collect_alias_memberships(&tokens[i].token);
4655 init_enum_hnd(&hnd, 0);
4657 share_list.num_shares = 0;
4658 share_list.shares = NULL;
4660 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4663 DEBUG(0, ("Error returning browse list: %s\n",
4668 for (i = 0; i < share_list.num_shares; i++) {
4669 char *netname = share_list.shares[i];
4671 if (netname[strlen(netname)-1] == '$')
4674 d_printf("%s\n", netname);
4676 show_userlist(pipe_hnd, mem_ctx, netname,
4677 num_tokens, tokens);
4680 for (i=0; i<num_tokens; i++) {
4681 free_user_token(&tokens[i].token);
4684 SAFE_FREE(share_list.shares);
4686 return NT_STATUS_OK;
4689 static int rpc_share_allowedusers(int argc, const char **argv)
4693 result = run_rpc_command(NULL, PI_SAMR, 0,
4694 rpc_aliaslist_internals,
4699 result = run_rpc_command(NULL, PI_LSARPC, 0,
4705 return run_rpc_command(NULL, PI_SRVSVC, 0,
4706 rpc_share_allowedusers_internals,
4710 int net_usersidlist(int argc, const char **argv)
4713 struct user_token *tokens = NULL;
4717 net_usersidlist_usage(argc, argv);
4721 if (!get_user_tokens(&num_tokens, &tokens)) {
4722 DEBUG(0, ("Could not get the user/sid list\n"));
4726 for (i=0; i<num_tokens; i++) {
4727 dump_user_token(&tokens[i]);
4728 free_user_token(&tokens[i].token);
4735 int net_usersidlist_usage(int argc, const char **argv)
4737 d_printf("net usersidlist\n"
4738 "\tprints out a list of all users the running winbind knows\n"
4739 "\tabout, together with all their SIDs. This is used as\n"
4740 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4742 net_common_flags_usage(argc, argv);
4747 * 'net rpc share' entrypoint.
4748 * @param argc Standard main() style argc
4749 * @param argv Standard main() style argv. Initial components are already
4753 int net_rpc_share(int argc, const char **argv)
4755 struct functable func[] = {
4756 {"add", rpc_share_add},
4757 {"delete", rpc_share_delete},
4758 {"allowedusers", rpc_share_allowedusers},
4759 {"migrate", rpc_share_migrate},
4760 {"list", rpc_share_list},
4765 return run_rpc_command(NULL, PI_SRVSVC, 0,
4766 rpc_share_list_internals,
4769 return net_run_function(argc, argv, func, rpc_share_usage);
4772 static NTSTATUS rpc_sh_share_list(TALLOC_CTX *mem_ctx,
4773 struct rpc_sh_ctx *ctx,
4774 struct rpc_pipe_client *pipe_hnd,
4775 int argc, const char **argv)
4777 return rpc_share_list_internals(ctx->domain_sid, ctx->domain_name,
4778 ctx->cli, pipe_hnd, mem_ctx,
4782 static NTSTATUS rpc_sh_share_add(TALLOC_CTX *mem_ctx,
4783 struct rpc_sh_ctx *ctx,
4784 struct rpc_pipe_client *pipe_hnd,
4785 int argc, const char **argv)
4789 uint32_t parm_err = 0;
4790 union srvsvc_NetShareInfo info;
4791 struct srvsvc_NetShareInfo2 info2;
4793 if ((argc < 2) || (argc > 3)) {
4794 d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
4796 return NT_STATUS_INVALID_PARAMETER;
4799 info2.name = argv[0];
4800 info2.type = STYPE_DISKTREE;
4801 info2.comment = (argc == 3) ? argv[2] : "";
4802 info2.permissions = 0;
4803 info2.max_users = 0;
4804 info2.current_users = 0;
4805 info2.path = argv[1];
4806 info2.password = NULL;
4808 info.info2 = &info2;
4810 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
4820 static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx,
4821 struct rpc_sh_ctx *ctx,
4822 struct rpc_pipe_client *pipe_hnd,
4823 int argc, const char **argv)
4829 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4830 return NT_STATUS_INVALID_PARAMETER;
4833 status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
4842 static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx,
4843 struct rpc_sh_ctx *ctx,
4844 struct rpc_pipe_client *pipe_hnd,
4845 int argc, const char **argv)
4847 union srvsvc_NetShareInfo info;
4852 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4853 return NT_STATUS_INVALID_PARAMETER;
4856 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4862 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4866 d_printf("Name: %s\n", info.info2->name);
4867 d_printf("Comment: %s\n", info.info2->comment);
4868 d_printf("Path: %s\n", info.info2->path);
4869 d_printf("Password: %s\n", info.info2->password);
4872 return werror_to_ntstatus(result);
4875 struct rpc_sh_cmd *net_rpc_share_cmds(TALLOC_CTX *mem_ctx,
4876 struct rpc_sh_ctx *ctx)
4878 static struct rpc_sh_cmd cmds[] = {
4880 { "list", NULL, PI_SRVSVC, rpc_sh_share_list,
4881 "List available shares" },
4883 { "add", NULL, PI_SRVSVC, rpc_sh_share_add,
4886 { "delete", NULL, PI_SRVSVC, rpc_sh_share_delete,
4889 { "info", NULL, PI_SRVSVC, rpc_sh_share_info,
4890 "Get information about a share" },
4892 { NULL, NULL, 0, NULL, NULL }
4898 /****************************************************************************/
4900 static int rpc_file_usage(int argc, const char **argv)
4902 return net_help_file(argc, argv);
4906 * Close a file on a remote RPC server
4908 * All parameters are provided by the run_rpc_command function, except for
4909 * argc, argv which are passes through.
4911 * @param domain_sid The domain sid acquired from the remote server
4912 * @param cli A cli_state connected to the server.
4913 * @param mem_ctx Talloc context, destoyed on completion of the function.
4914 * @param argc Standard main() style argc
4915 * @param argv Standard main() style argv. Initial components are already
4918 * @return Normal NTSTATUS return.
4920 static NTSTATUS rpc_file_close_internals(const DOM_SID *domain_sid,
4921 const char *domain_name,
4922 struct cli_state *cli,
4923 struct rpc_pipe_client *pipe_hnd,
4924 TALLOC_CTX *mem_ctx,
4928 return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx,
4930 atoi(argv[0]), NULL);
4934 * Close a file on a remote RPC server
4936 * @param argc Standard main() style argc
4937 * @param argv Standard main() style argv. Initial components are already
4940 * @return A shell status integer (0 for success)
4942 static int rpc_file_close(int argc, const char **argv)
4945 DEBUG(1, ("No fileid given on close\n"));
4946 return(rpc_file_usage(argc, argv));
4949 return run_rpc_command(NULL, PI_SRVSVC, 0,
4950 rpc_file_close_internals,
4955 * Formatted print of open file info
4957 * @param r struct srvsvc_NetFileInfo3 contents
4960 static void display_file_info_3(struct srvsvc_NetFileInfo3 *r)
4962 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
4963 r->fid, r->user, r->permissions, r->num_locks, r->path);
4967 * List open files on a remote RPC server
4969 * All parameters are provided by the run_rpc_command function, except for
4970 * argc, argv which are passes through.
4972 * @param domain_sid The domain sid acquired from the remote server
4973 * @param cli A cli_state connected to the server.
4974 * @param mem_ctx Talloc context, destoyed on completion of the function.
4975 * @param argc Standard main() style argc
4976 * @param argv Standard main() style argv. Initial components are already
4979 * @return Normal NTSTATUS return.
4982 static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid,
4983 const char *domain_name,
4984 struct cli_state *cli,
4985 struct rpc_pipe_client *pipe_hnd,
4986 TALLOC_CTX *mem_ctx,
4990 struct srvsvc_NetFileInfoCtr info_ctr;
4991 struct srvsvc_NetFileCtr3 ctr3;
4994 uint32 preferred_len = 0xffffffff, i;
4995 const char *username=NULL;
4996 uint32_t total_entries = 0;
4997 uint32_t resume_handle = 0;
4999 /* if argc > 0, must be user command */
5001 username = smb_xstrdup(argv[0]);
5003 ZERO_STRUCT(info_ctr);
5007 info_ctr.ctr.ctr3 = &ctr3;
5009 status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx,
5019 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result))
5022 /* Display results */
5025 "\nEnumerating open files on remote server:\n\n"\
5026 "\nFileId Opened by Perms Locks Path"\
5027 "\n------ --------- ----- ----- ---- \n");
5028 for (i = 0; i < total_entries; i++)
5029 display_file_info_3(&info_ctr.ctr.ctr3->array[i]);
5031 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
5035 * List files for a user on a remote RPC server
5037 * @param argc Standard main() style argc
5038 * @param argv Standard main() style argv. Initial components are already
5041 * @return A shell status integer (0 for success)
5044 static int rpc_file_user(int argc, const char **argv)
5047 DEBUG(1, ("No username given\n"));
5048 return(rpc_file_usage(argc, argv));
5051 return run_rpc_command(NULL, PI_SRVSVC, 0,
5052 rpc_file_list_internals,
5057 * 'net rpc file' entrypoint.
5058 * @param argc Standard main() style argc
5059 * @param argv Standard main() style argv. Initial components are already
5063 int net_rpc_file(int argc, const char **argv)
5065 struct functable func[] = {
5066 {"close", rpc_file_close},
5067 {"user", rpc_file_user},
5069 {"info", rpc_file_info},
5075 return run_rpc_command(NULL, PI_SRVSVC, 0,
5076 rpc_file_list_internals,
5079 return net_run_function(argc, argv, func, rpc_file_usage);
5083 * ABORT the shutdown of a remote RPC Server over, initshutdown pipe
5085 * All parameters are provided by the run_rpc_command function, except for
5086 * argc, argv which are passed through.
5088 * @param domain_sid The domain sid aquired from the remote server
5089 * @param cli A cli_state connected to the server.
5090 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5091 * @param argc Standard main() style argc
5092 * @param argv Standard main() style argv. Initial components are already
5095 * @return Normal NTSTATUS return.
5098 static NTSTATUS rpc_shutdown_abort_internals(const DOM_SID *domain_sid,
5099 const char *domain_name,
5100 struct cli_state *cli,
5101 struct rpc_pipe_client *pipe_hnd,
5102 TALLOC_CTX *mem_ctx,
5106 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5108 result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
5110 if (NT_STATUS_IS_OK(result)) {
5111 d_printf("\nShutdown successfully aborted\n");
5112 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5114 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5120 * ABORT the shutdown of a remote RPC Server, over winreg pipe
5122 * All parameters are provided by the run_rpc_command function, except for
5123 * argc, argv which are passed through.
5125 * @param domain_sid The domain sid aquired from the remote server
5126 * @param cli A cli_state connected to the server.
5127 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5128 * @param argc Standard main() style argc
5129 * @param argv Standard main() style argv. Initial components are already
5132 * @return Normal NTSTATUS return.
5135 static NTSTATUS rpc_reg_shutdown_abort_internals(const DOM_SID *domain_sid,
5136 const char *domain_name,
5137 struct cli_state *cli,
5138 struct rpc_pipe_client *pipe_hnd,
5139 TALLOC_CTX *mem_ctx,
5143 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5145 result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
5147 if (NT_STATUS_IS_OK(result)) {
5148 d_printf("\nShutdown successfully aborted\n");
5149 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5151 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5157 * ABORT the Shut down of a remote RPC server
5159 * @param argc Standard main() style argc
5160 * @param argv Standard main() style argv. Initial components are already
5163 * @return A shell status integer (0 for success)
5166 static int rpc_shutdown_abort(int argc, const char **argv)
5168 int rc = run_rpc_command(NULL, PI_INITSHUTDOWN, 0,
5169 rpc_shutdown_abort_internals,
5175 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5177 return run_rpc_command(NULL, PI_WINREG, 0,
5178 rpc_reg_shutdown_abort_internals,
5183 * Shut down a remote RPC Server via initshutdown pipe
5185 * All parameters are provided by the run_rpc_command function, except for
5186 * argc, argv which are passes through.
5188 * @param domain_sid The domain sid aquired from the remote server
5189 * @param cli A cli_state connected to the server.
5190 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5191 * @param argc Standard main() style argc
5192 * @param argc Standard main() style argv. Initial components are already
5195 * @return Normal NTSTATUS return.
5198 NTSTATUS rpc_init_shutdown_internals(const DOM_SID *domain_sid,
5199 const char *domain_name,
5200 struct cli_state *cli,
5201 struct rpc_pipe_client *pipe_hnd,
5202 TALLOC_CTX *mem_ctx,
5206 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5207 const char *msg = "This machine will be shutdown shortly";
5208 uint32 timeout = 20;
5209 struct initshutdown_String msg_string;
5210 struct initshutdown_String_sub s;
5216 timeout = opt_timeout;
5220 msg_string.name = &s;
5222 /* create an entry */
5223 result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
5224 &msg_string, timeout, opt_force, opt_reboot, NULL);
5226 if (NT_STATUS_IS_OK(result)) {
5227 d_printf("\nShutdown of remote machine succeeded\n");
5228 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5230 DEBUG(1,("Shutdown of remote machine failed!\n"));
5236 * Shut down a remote RPC Server via winreg pipe
5238 * All parameters are provided by the run_rpc_command function, except for
5239 * argc, argv which are passes through.
5241 * @param domain_sid The domain sid aquired from the remote server
5242 * @param cli A cli_state connected to the server.
5243 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5244 * @param argc Standard main() style argc
5245 * @param argc Standard main() style argv. Initial components are already
5248 * @return Normal NTSTATUS return.
5251 NTSTATUS rpc_reg_shutdown_internals(const DOM_SID *domain_sid,
5252 const char *domain_name,
5253 struct cli_state *cli,
5254 struct rpc_pipe_client *pipe_hnd,
5255 TALLOC_CTX *mem_ctx,
5259 const char *msg = "This machine will be shutdown shortly";
5260 uint32 timeout = 20;
5261 struct initshutdown_String msg_string;
5262 struct initshutdown_String_sub s;
5270 msg_string.name = &s;
5273 timeout = opt_timeout;
5276 /* create an entry */
5277 result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
5278 &msg_string, timeout, opt_force, opt_reboot, &werr);
5280 if (NT_STATUS_IS_OK(result)) {
5281 d_printf("\nShutdown of remote machine succeeded\n");
5283 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5284 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5285 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5287 d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
5294 * Shut down a remote RPC server
5296 * @param argc Standard main() style argc
5297 * @param argc Standard main() style argv. Initial components are already
5300 * @return A shell status integer (0 for success)
5303 static int rpc_shutdown(int argc, const char **argv)
5305 int rc = run_rpc_command(NULL, PI_INITSHUTDOWN, 0,
5306 rpc_init_shutdown_internals,
5310 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5311 rc = run_rpc_command(NULL, PI_WINREG, 0,
5312 rpc_reg_shutdown_internals, argc, argv);
5318 /***************************************************************************
5319 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5321 ***************************************************************************/
5324 * Add interdomain trust account to the RPC server.
5325 * All parameters (except for argc and argv) are passed by run_rpc_command
5328 * @param domain_sid The domain sid acquired from the server
5329 * @param cli A cli_state connected to the server.
5330 * @param mem_ctx Talloc context, destoyed on completion of the function.
5331 * @param argc Standard main() style argc
5332 * @param argc Standard main() style argv. Initial components are already
5335 * @return normal NTSTATUS return code
5338 static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
5339 const char *domain_name,
5340 struct cli_state *cli,
5341 struct rpc_pipe_client *pipe_hnd,
5342 TALLOC_CTX *mem_ctx,
5346 POLICY_HND connect_pol, domain_pol, user_pol;
5347 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5349 struct lsa_String lsa_acct_name;
5351 uint32 acct_flags=0;
5353 uint32_t access_granted = 0;
5354 union samr_UserInfo info;
5357 d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
5358 return NT_STATUS_INVALID_PARAMETER;
5362 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5365 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5366 return NT_STATUS_NO_MEMORY;
5369 strupper_m(acct_name);
5371 init_lsa_String(&lsa_acct_name, acct_name);
5373 /* Get samr policy handle */
5374 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5376 MAXIMUM_ALLOWED_ACCESS,
5378 if (!NT_STATUS_IS_OK(result)) {
5382 /* Get domain policy handle */
5383 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5385 MAXIMUM_ALLOWED_ACCESS,
5386 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5388 if (!NT_STATUS_IS_OK(result)) {
5392 /* Create trusting domain's account */
5393 acb_info = ACB_NORMAL;
5394 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5395 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5396 SAMR_USER_ACCESS_SET_PASSWORD |
5397 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5398 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5400 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5408 if (!NT_STATUS_IS_OK(result)) {
5414 struct samr_LogonHours hours;
5415 struct lsa_BinaryString parameters;
5416 const int units_per_week = 168;
5419 encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
5421 ZERO_STRUCT(notime);
5423 ZERO_STRUCT(parameters);
5425 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
5427 result = NT_STATUS_NO_MEMORY;
5430 hours.units_per_week = units_per_week;
5431 memset(hours.bits, 0xFF, units_per_week);
5433 init_samr_user_info23(&info.info23,
5434 notime, notime, notime,
5435 notime, notime, notime,
5436 NULL, NULL, NULL, NULL, NULL,
5437 NULL, NULL, NULL, NULL, ¶meters,
5438 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
5440 0, 0, 0, 0, 0, 0, 0,
5443 SamOEMhashBlob(info.info23.password.data, 516,
5444 &cli->user_session_key);
5446 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5451 if (!NT_STATUS_IS_OK(result)) {
5452 DEBUG(0,("Could not set trust account password: %s\n",
5453 nt_errstr(result)));
5459 SAFE_FREE(acct_name);
5464 * Create interdomain trust account for a remote domain.
5466 * @param argc standard argc
5467 * @param argv standard argv without initial components
5469 * @return Integer status (0 means success)
5472 static int rpc_trustdom_add(int argc, const char **argv)
5475 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_add_internals,
5478 d_printf("Usage: net rpc trustdom add <domain>\n");
5485 * Remove interdomain trust account from the RPC server.
5486 * All parameters (except for argc and argv) are passed by run_rpc_command
5489 * @param domain_sid The domain sid acquired from the server
5490 * @param cli A cli_state connected to the server.
5491 * @param mem_ctx Talloc context, destoyed on completion of the function.
5492 * @param argc Standard main() style argc
5493 * @param argc Standard main() style argv. Initial components are already
5496 * @return normal NTSTATUS return code
5499 static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
5500 const char *domain_name,
5501 struct cli_state *cli,
5502 struct rpc_pipe_client *pipe_hnd,
5503 TALLOC_CTX *mem_ctx,
5507 POLICY_HND connect_pol, domain_pol, user_pol;
5508 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5510 DOM_SID trust_acct_sid;
5511 struct samr_Ids user_rids, name_types;
5512 struct lsa_String lsa_acct_name;
5515 d_printf("Usage: net rpc trustdom del <domain_name>\n");
5516 return NT_STATUS_INVALID_PARAMETER;
5520 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5522 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5524 if (acct_name == NULL)
5525 return NT_STATUS_NO_MEMORY;
5527 strupper_m(acct_name);
5529 /* Get samr policy handle */
5530 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5532 MAXIMUM_ALLOWED_ACCESS,
5534 if (!NT_STATUS_IS_OK(result)) {
5538 /* Get domain policy handle */
5539 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5541 MAXIMUM_ALLOWED_ACCESS,
5542 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5544 if (!NT_STATUS_IS_OK(result)) {
5548 init_lsa_String(&lsa_acct_name, acct_name);
5550 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5557 if (!NT_STATUS_IS_OK(result)) {
5561 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5563 MAXIMUM_ALLOWED_ACCESS,
5567 if (!NT_STATUS_IS_OK(result)) {
5571 /* append the rid to the domain sid */
5572 sid_copy(&trust_acct_sid, domain_sid);
5573 if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
5577 /* remove the sid */
5579 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5582 if (!NT_STATUS_IS_OK(result)) {
5588 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
5591 if (!NT_STATUS_IS_OK(result)) {
5595 if (!NT_STATUS_IS_OK(result)) {
5596 DEBUG(0,("Could not set trust account password: %s\n",
5597 nt_errstr(result)));
5606 * Delete interdomain trust account for a remote domain.
5608 * @param argc standard argc
5609 * @param argv standard argv without initial components
5611 * @return Integer status (0 means success)
5614 static int rpc_trustdom_del(int argc, const char **argv)
5617 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_del_internals,
5620 d_printf("Usage: net rpc trustdom del <domain>\n");
5625 static NTSTATUS rpc_trustdom_get_pdc(struct cli_state *cli,
5626 TALLOC_CTX *mem_ctx,
5627 const char *domain_name)
5629 char *dc_name = NULL;
5630 const char *buffer = NULL;
5631 struct rpc_pipe_client *netr;
5634 /* Use NetServerEnum2 */
5636 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
5638 return NT_STATUS_OK;
5641 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
5642 for domain %s\n", domain_name));
5644 /* Try netr_GetDcName */
5646 netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &status);
5651 status = rpccli_netr_GetDcName(netr, mem_ctx,
5658 if (NT_STATUS_IS_OK(status)) {
5662 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
5663 for domain %s\n", domain_name));
5669 * Establish trust relationship to a trusting domain.
5670 * Interdomain account must already be created on remote PDC.
5672 * @param argc standard argc
5673 * @param argv standard argv without initial components
5675 * @return Integer status (0 means success)
5678 static int rpc_trustdom_establish(int argc, const char **argv)
5680 struct cli_state *cli = NULL;
5681 struct sockaddr_storage server_ss;
5682 struct rpc_pipe_client *pipe_hnd = NULL;
5683 POLICY_HND connect_hnd;
5684 TALLOC_CTX *mem_ctx;
5686 DOM_SID *domain_sid;
5691 union lsa_PolicyInformation *info = NULL;
5694 * Connect to \\server\ipc$ as 'our domain' account with password
5698 d_printf("Usage: net rpc trustdom establish <domain_name>\n");
5702 domain_name = smb_xstrdup(argv[0]);
5703 strupper_m(domain_name);
5705 /* account name used at first is our domain's name with '$' */
5706 asprintf(&acct_name, "%s$", lp_workgroup());
5707 strupper_m(acct_name);
5710 * opt_workgroup will be used by connection functions further,
5711 * hence it should be set to remote domain name instead of ours
5713 if (opt_workgroup) {
5714 opt_workgroup = smb_xstrdup(domain_name);
5717 opt_user_name = acct_name;
5719 /* find the domain controller */
5720 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
5721 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
5725 /* connect to ipc$ as username/password */
5726 nt_status = connect_to_ipc(&cli, &server_ss, pdc_name);
5727 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
5729 /* Is it trusting domain account for sure ? */
5730 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
5731 nt_errstr(nt_status)));
5735 /* store who we connected to */
5737 saf_store( domain_name, pdc_name );
5740 * Connect to \\server\ipc$ again (this time anonymously)
5743 nt_status = connect_to_ipc_anonymous(&cli, &server_ss, (char*)pdc_name);
5745 if (NT_STATUS_IS_ERR(nt_status)) {
5746 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
5747 domain_name, nt_errstr(nt_status)));
5751 if (!(mem_ctx = talloc_init("establishing trust relationship to "
5752 "domain %s", domain_name))) {
5753 DEBUG(0, ("talloc_init() failed\n"));
5758 /* Make sure we're talking to a proper server */
5760 nt_status = rpc_trustdom_get_pdc(cli, mem_ctx, domain_name);
5761 if (!NT_STATUS_IS_OK(nt_status)) {
5763 talloc_destroy(mem_ctx);
5768 * Call LsaOpenPolicy and LsaQueryInfo
5771 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
5773 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
5775 talloc_destroy(mem_ctx);
5779 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
5781 if (NT_STATUS_IS_ERR(nt_status)) {
5782 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5783 nt_errstr(nt_status)));
5785 talloc_destroy(mem_ctx);
5789 /* Querying info level 5 */
5791 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
5793 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
5795 if (NT_STATUS_IS_ERR(nt_status)) {
5796 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5797 nt_errstr(nt_status)));
5799 talloc_destroy(mem_ctx);
5803 domain_sid = info->account_domain.sid;
5805 /* There should be actually query info level 3 (following nt serv behaviour),
5806 but I still don't know if it's _really_ necessary */
5809 * Store the password in secrets db
5812 if (!pdb_set_trusteddom_pw(domain_name, opt_password, domain_sid)) {
5813 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5815 talloc_destroy(mem_ctx);
5820 * Close the pipes and clean up
5823 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
5824 if (NT_STATUS_IS_ERR(nt_status)) {
5825 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
5826 nt_errstr(nt_status)));
5828 talloc_destroy(mem_ctx);
5834 talloc_destroy(mem_ctx);
5836 d_printf("Trust to domain %s established\n", domain_name);
5841 * Revoke trust relationship to the remote domain
5843 * @param argc standard argc
5844 * @param argv standard argv without initial components
5846 * @return Integer status (0 means success)
5849 static int rpc_trustdom_revoke(int argc, const char **argv)
5854 if (argc < 1) return -1;
5856 /* generate upper cased domain name */
5857 domain_name = smb_xstrdup(argv[0]);
5858 strupper_m(domain_name);
5860 /* delete password of the trust */
5861 if (!pdb_del_trusteddom_pw(domain_name)) {
5862 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
5869 SAFE_FREE(domain_name);
5874 * Usage for 'net rpc trustdom' command
5876 * @param argc standard argc
5877 * @param argv standard argv without inital components
5879 * @return Integer status returned to shell
5882 static int rpc_trustdom_usage(int argc, const char **argv)
5884 d_printf(" net rpc trustdom add \t\t add trusting domain's account\n");
5885 d_printf(" net rpc trustdom del \t\t delete trusting domain's account\n");
5886 d_printf(" net rpc trustdom establish \t establish relationship to trusted domain\n");
5887 d_printf(" net rpc trustdom revoke \t abandon relationship to trusted domain\n");
5888 d_printf(" net rpc trustdom list \t show current interdomain trust relationships\n");
5889 d_printf(" net rpc trustdom vampire \t vampire interdomain trust relationships from remote server\n");
5894 static NTSTATUS rpc_query_domain_sid(const DOM_SID *domain_sid,
5895 const char *domain_name,
5896 struct cli_state *cli,
5897 struct rpc_pipe_client *pipe_hnd,
5898 TALLOC_CTX *mem_ctx,
5903 sid_to_fstring(str_sid, domain_sid);
5904 d_printf("%s\n", str_sid);
5905 return NT_STATUS_OK;
5908 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
5910 fstring ascii_sid, padding;
5911 int pad_len, col_len = 20;
5913 /* convert sid into ascii string */
5914 sid_to_fstring(ascii_sid, dom_sid);
5916 /* calculate padding space for d_printf to look nicer */
5917 pad_len = col_len - strlen(trusted_dom_name);
5918 padding[pad_len] = 0;
5919 do padding[--pad_len] = ' '; while (pad_len);
5921 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
5924 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
5925 TALLOC_CTX *mem_ctx,
5928 const char *trusted_dom_name)
5931 union lsa_TrustedDomainInfo *info = NULL;
5932 char *cleartextpwd = NULL;
5935 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
5938 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
5940 if (NT_STATUS_IS_ERR(nt_status)) {
5941 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
5942 nt_errstr(nt_status)));
5946 data = data_blob(info->password.password->data,
5947 info->password.password->length);
5949 cleartextpwd = decrypt_trustdom_secret(
5950 rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data);
5952 if (cleartextpwd == NULL) {
5953 DEBUG(0,("retrieved NULL password\n"));
5954 nt_status = NT_STATUS_UNSUCCESSFUL;
5958 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
5959 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5960 nt_status = NT_STATUS_UNSUCCESSFUL;
5964 #ifdef DEBUG_PASSWORD
5965 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
5966 "password: [%s]\n", trusted_dom_name,
5967 sid_string_dbg(&dom_sid), cleartextpwd));
5971 SAFE_FREE(cleartextpwd);
5972 data_blob_free(&data);
5977 static int rpc_trustdom_vampire(int argc, const char **argv)
5979 /* common variables */
5980 TALLOC_CTX* mem_ctx;
5981 struct cli_state *cli = NULL;
5982 struct rpc_pipe_client *pipe_hnd = NULL;
5984 const char *domain_name = NULL;
5985 DOM_SID *queried_dom_sid;
5986 POLICY_HND connect_hnd;
5987 union lsa_PolicyInformation *info = NULL;
5989 /* trusted domains listing variables */
5990 unsigned int enum_ctx = 0;
5992 struct lsa_DomainList dom_list;
5996 * Listing trusted domains (stored in secrets.tdb, if local)
5999 mem_ctx = talloc_init("trust relationships vampire");
6002 * set domain and pdc name to local samba server (default)
6003 * or to remote one given in command line
6006 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
6007 domain_name = opt_workgroup;
6008 opt_target_workgroup = opt_workgroup;
6010 fstrcpy(pdc_name, global_myname());
6011 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6012 opt_target_workgroup = domain_name;
6015 /* open \PIPE\lsarpc and open policy handle */
6016 nt_status = net_make_ipc_connection(NET_FLAGS_PDC, &cli);
6017 if (!NT_STATUS_IS_OK(nt_status)) {
6018 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6019 nt_errstr(nt_status)));
6020 talloc_destroy(mem_ctx);
6024 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6026 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6027 nt_errstr(nt_status) ));
6029 talloc_destroy(mem_ctx);
6033 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
6035 if (NT_STATUS_IS_ERR(nt_status)) {
6036 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6037 nt_errstr(nt_status)));
6039 talloc_destroy(mem_ctx);
6043 /* query info level 5 to obtain sid of a domain being queried */
6044 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6046 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6049 if (NT_STATUS_IS_ERR(nt_status)) {
6050 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6051 nt_errstr(nt_status)));
6053 talloc_destroy(mem_ctx);
6057 queried_dom_sid = info->account_domain.sid;
6060 * Keep calling LsaEnumTrustdom over opened pipe until
6061 * the end of enumeration is reached
6064 d_printf("Vampire trusted domains:\n\n");
6067 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6072 if (NT_STATUS_IS_ERR(nt_status)) {
6073 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6074 nt_errstr(nt_status)));
6076 talloc_destroy(mem_ctx);
6080 for (i = 0; i < dom_list.count; i++) {
6082 print_trusted_domain(dom_list.domains[i].sid,
6083 dom_list.domains[i].name.string);
6085 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6086 *dom_list.domains[i].sid,
6087 dom_list.domains[i].name.string);
6088 if (!NT_STATUS_IS_OK(nt_status)) {
6090 talloc_destroy(mem_ctx);
6096 * in case of no trusted domains say something rather
6097 * than just display blank line
6099 if (!dom_list.count) d_printf("none\n");
6101 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6103 /* close this connection before doing next one */
6104 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6105 if (NT_STATUS_IS_ERR(nt_status)) {
6106 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6107 nt_errstr(nt_status)));
6109 talloc_destroy(mem_ctx);
6113 /* close lsarpc pipe and connection to IPC$ */
6116 talloc_destroy(mem_ctx);
6120 static int rpc_trustdom_list(int argc, const char **argv)
6122 /* common variables */
6123 TALLOC_CTX* mem_ctx;
6124 struct cli_state *cli = NULL, *remote_cli = NULL;
6125 struct rpc_pipe_client *pipe_hnd = NULL;
6127 const char *domain_name = NULL;
6128 DOM_SID *queried_dom_sid;
6130 int ascii_dom_name_len;
6131 POLICY_HND connect_hnd;
6132 union lsa_PolicyInformation *info = NULL;
6134 /* trusted domains listing variables */
6135 unsigned int num_domains, enum_ctx = 0;
6136 int i, pad_len, col_len = 20;
6137 struct lsa_DomainList dom_list;
6140 /* trusting domains listing variables */
6141 POLICY_HND domain_hnd;
6142 struct samr_SamArray *trusts = NULL;
6145 * Listing trusted domains (stored in secrets.tdb, if local)
6148 mem_ctx = talloc_init("trust relationships listing");
6151 * set domain and pdc name to local samba server (default)
6152 * or to remote one given in command line
6155 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
6156 domain_name = opt_workgroup;
6157 opt_target_workgroup = opt_workgroup;
6159 fstrcpy(pdc_name, global_myname());
6160 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6161 opt_target_workgroup = domain_name;
6164 /* open \PIPE\lsarpc and open policy handle */
6165 nt_status = net_make_ipc_connection(NET_FLAGS_PDC, &cli);
6166 if (!NT_STATUS_IS_OK(nt_status)) {
6167 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6168 nt_errstr(nt_status)));
6169 talloc_destroy(mem_ctx);
6173 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6175 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6176 nt_errstr(nt_status) ));
6178 talloc_destroy(mem_ctx);
6182 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
6184 if (NT_STATUS_IS_ERR(nt_status)) {
6185 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6186 nt_errstr(nt_status)));
6188 talloc_destroy(mem_ctx);
6192 /* query info level 5 to obtain sid of a domain being queried */
6193 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6195 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6198 if (NT_STATUS_IS_ERR(nt_status)) {
6199 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6200 nt_errstr(nt_status)));
6202 talloc_destroy(mem_ctx);
6206 queried_dom_sid = info->account_domain.sid;
6209 * Keep calling LsaEnumTrustdom over opened pipe until
6210 * the end of enumeration is reached
6213 d_printf("Trusted domains list:\n\n");
6216 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6221 if (NT_STATUS_IS_ERR(nt_status)) {
6222 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6223 nt_errstr(nt_status)));
6225 talloc_destroy(mem_ctx);
6229 for (i = 0; i < dom_list.count; i++) {
6230 print_trusted_domain(dom_list.domains[i].sid,
6231 dom_list.domains[i].name.string);
6235 * in case of no trusted domains say something rather
6236 * than just display blank line
6238 if (!dom_list.count) d_printf("none\n");
6240 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6242 /* close this connection before doing next one */
6243 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6244 if (NT_STATUS_IS_ERR(nt_status)) {
6245 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6246 nt_errstr(nt_status)));
6248 talloc_destroy(mem_ctx);
6252 TALLOC_FREE(pipe_hnd);
6255 * Listing trusting domains (stored in passdb backend, if local)
6258 d_printf("\nTrusting domains list:\n\n");
6261 * Open \PIPE\samr and get needed policy handles
6263 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status);
6265 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6267 talloc_destroy(mem_ctx);
6272 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6274 SA_RIGHT_SAM_OPEN_DOMAIN,
6276 if (!NT_STATUS_IS_OK(nt_status)) {
6277 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6278 nt_errstr(nt_status)));
6280 talloc_destroy(mem_ctx);
6284 /* SamrOpenDomain - we have to open domain policy handle in order to be
6285 able to enumerate accounts*/
6286 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6288 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
6291 if (!NT_STATUS_IS_OK(nt_status)) {
6292 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6293 nt_errstr(nt_status)));
6295 talloc_destroy(mem_ctx);
6300 * perform actual enumeration
6303 enum_ctx = 0; /* reset enumeration context from last enumeration */
6306 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6313 if (NT_STATUS_IS_ERR(nt_status)) {
6314 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6315 nt_errstr(nt_status)));
6317 talloc_destroy(mem_ctx);
6321 for (i = 0; i < num_domains; i++) {
6323 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6326 * get each single domain's sid (do we _really_ need this ?):
6327 * 1) connect to domain's pdc
6328 * 2) query the pdc for domain's sid
6331 /* get rid of '$' tail */
6332 ascii_dom_name_len = strlen(str);
6333 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6334 str[ascii_dom_name_len - 1] = '\0';
6336 /* calculate padding space for d_printf to look nicer */
6337 pad_len = col_len - strlen(str);
6338 padding[pad_len] = 0;
6339 do padding[--pad_len] = ' '; while (pad_len);
6341 /* set opt_* variables to remote domain */
6343 opt_workgroup = talloc_strdup(mem_ctx, str);
6344 opt_target_workgroup = opt_workgroup;
6346 d_printf("%s%s", str, padding);
6348 /* connect to remote domain controller */
6349 nt_status = net_make_ipc_connection(
6350 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6352 if (NT_STATUS_IS_OK(nt_status)) {
6353 /* query for domain's sid */
6354 if (run_rpc_command(remote_cli, PI_LSARPC, 0, rpc_query_domain_sid, argc, argv))
6355 d_fprintf(stderr, "couldn't get domain's sid\n");
6357 cli_shutdown(remote_cli);
6360 d_fprintf(stderr, "domain controller is not "
6362 nt_errstr(nt_status));
6366 if (!num_domains) d_printf("none\n");
6368 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6370 /* close opened samr and domain policy handles */
6371 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6372 if (!NT_STATUS_IS_OK(nt_status)) {
6373 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6376 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6377 if (!NT_STATUS_IS_OK(nt_status)) {
6378 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6381 /* close samr pipe and connection to IPC$ */
6384 talloc_destroy(mem_ctx);
6389 * Entrypoint for 'net rpc trustdom' code
6391 * @param argc standard argc
6392 * @param argv standard argv without initial components
6394 * @return Integer status (0 means success)
6397 static int rpc_trustdom(int argc, const char **argv)
6399 struct functable func[] = {
6400 {"add", rpc_trustdom_add},
6401 {"del", rpc_trustdom_del},
6402 {"establish", rpc_trustdom_establish},
6403 {"revoke", rpc_trustdom_revoke},
6404 {"help", rpc_trustdom_usage},
6405 {"list", rpc_trustdom_list},
6406 {"vampire", rpc_trustdom_vampire},
6411 rpc_trustdom_usage(argc, argv);
6415 return (net_run_function(argc, argv, func, rpc_user_usage));
6419 * Check if a server will take rpc commands
6420 * @param flags Type of server to connect to (PDC, DMB, localhost)
6421 * if the host is not explicitly specified
6422 * @return bool (true means rpc supported)
6424 bool net_rpc_check(unsigned flags)
6426 struct cli_state *cli;
6428 struct sockaddr_storage server_ss;
6429 char *server_name = NULL;
6432 /* flags (i.e. server type) may depend on command */
6433 if (!net_find_server(NULL, flags, &server_ss, &server_name))
6436 if ((cli = cli_initialise()) == NULL) {
6440 status = cli_connect(cli, server_name, &server_ss);
6441 if (!NT_STATUS_IS_OK(status))
6443 if (!attempt_netbios_session_request(&cli, global_myname(),
6444 server_name, &server_ss))
6446 if (!cli_negprot(cli))
6448 if (cli->protocol < PROTOCOL_NT1)
6457 /* dump sam database via samsync rpc calls */
6458 static int rpc_samdump(int argc, const char **argv) {
6459 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS, rpc_samdump_internals,
6463 /* syncronise sam database via samsync rpc calls */
6464 static int rpc_vampire(int argc, const char **argv) {
6465 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS, rpc_vampire_internals,
6470 * Migrate everything from a print-server
6472 * @param argc Standard main() style argc
6473 * @param argv Standard main() style argv. Initial components are already
6476 * @return A shell status integer (0 for success)
6478 * The order is important !
6479 * To successfully add drivers the print-queues have to exist !
6480 * Applying ACLs should be the last step, because you're easily locked out
6483 static int rpc_printer_migrate_all(int argc, const char **argv)
6488 printf("no server to migrate\n");
6492 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_printers_internals, argc, argv);
6496 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_drivers_internals, argc, argv);
6500 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_forms_internals, argc, argv);
6504 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_settings_internals, argc, argv);
6508 return run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_security_internals, argc, argv);
6513 * Migrate print-drivers from a print-server
6515 * @param argc Standard main() style argc
6516 * @param argv Standard main() style argv. Initial components are already
6519 * @return A shell status integer (0 for success)
6521 static int rpc_printer_migrate_drivers(int argc, const char **argv)
6524 printf("no server to migrate\n");
6528 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6529 rpc_printer_migrate_drivers_internals,
6534 * Migrate print-forms from a print-server
6536 * @param argc Standard main() style argc
6537 * @param argv Standard main() style argv. Initial components are already
6540 * @return A shell status integer (0 for success)
6542 static int rpc_printer_migrate_forms(int argc, const char **argv)
6545 printf("no server to migrate\n");
6549 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6550 rpc_printer_migrate_forms_internals,
6555 * Migrate printers from a print-server
6557 * @param argc Standard main() style argc
6558 * @param argv Standard main() style argv. Initial components are already
6561 * @return A shell status integer (0 for success)
6563 static int rpc_printer_migrate_printers(int argc, const char **argv)
6566 printf("no server to migrate\n");
6570 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6571 rpc_printer_migrate_printers_internals,
6576 * Migrate printer-ACLs from a print-server
6578 * @param argc Standard main() style argc
6579 * @param argv Standard main() style argv. Initial components are already
6582 * @return A shell status integer (0 for success)
6584 static int rpc_printer_migrate_security(int argc, const char **argv)
6587 printf("no server to migrate\n");
6591 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6592 rpc_printer_migrate_security_internals,
6597 * Migrate printer-settings from a print-server
6599 * @param argc Standard main() style argc
6600 * @param argv Standard main() style argv. Initial components are already
6603 * @return A shell status integer (0 for success)
6605 static int rpc_printer_migrate_settings(int argc, const char **argv)
6608 printf("no server to migrate\n");
6612 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6613 rpc_printer_migrate_settings_internals,
6618 * 'net rpc printer' entrypoint.
6619 * @param argc Standard main() style argc
6620 * @param argv Standard main() style argv. Initial components are already
6624 int rpc_printer_migrate(int argc, const char **argv)
6627 /* ouch: when addriver and setdriver are called from within
6628 rpc_printer_migrate_drivers_internals, the printer-queue already
6631 struct functable func[] = {
6632 {"all", rpc_printer_migrate_all},
6633 {"drivers", rpc_printer_migrate_drivers},
6634 {"forms", rpc_printer_migrate_forms},
6635 {"help", rpc_printer_usage},
6636 {"printers", rpc_printer_migrate_printers},
6637 {"security", rpc_printer_migrate_security},
6638 {"settings", rpc_printer_migrate_settings},
6642 return net_run_function(argc, argv, func, rpc_printer_usage);
6647 * List printers on a remote RPC server
6649 * @param argc Standard main() style argc
6650 * @param argv Standard main() style argv. Initial components are already
6653 * @return A shell status integer (0 for success)
6655 static int rpc_printer_list(int argc, const char **argv)
6658 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6659 rpc_printer_list_internals,
6664 * List printer-drivers on a remote RPC server
6666 * @param argc Standard main() style argc
6667 * @param argv Standard main() style argv. Initial components are already
6670 * @return A shell status integer (0 for success)
6672 static int rpc_printer_driver_list(int argc, const char **argv)
6675 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6676 rpc_printer_driver_list_internals,
6681 * Publish printer in ADS via MSRPC
6683 * @param argc Standard main() style argc
6684 * @param argv Standard main() style argv. Initial components are already
6687 * @return A shell status integer (0 for success)
6689 static int rpc_printer_publish_publish(int argc, const char **argv)
6692 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6693 rpc_printer_publish_publish_internals,
6698 * Update printer in ADS via MSRPC
6700 * @param argc Standard main() style argc
6701 * @param argv Standard main() style argv. Initial components are already
6704 * @return A shell status integer (0 for success)
6706 static int rpc_printer_publish_update(int argc, const char **argv)
6709 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6710 rpc_printer_publish_update_internals,
6715 * UnPublish printer in ADS via MSRPC
6717 * @param argc Standard main() style argc
6718 * @param argv Standard main() style argv. Initial components are already
6721 * @return A shell status integer (0 for success)
6723 static int rpc_printer_publish_unpublish(int argc, const char **argv)
6726 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6727 rpc_printer_publish_unpublish_internals,
6732 * List published printers via MSRPC
6734 * @param argc Standard main() style argc
6735 * @param argv Standard main() style argv. Initial components are already
6738 * @return A shell status integer (0 for success)
6740 static int rpc_printer_publish_list(int argc, const char **argv)
6743 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6744 rpc_printer_publish_list_internals,
6750 * Publish printer in ADS
6752 * @param argc Standard main() style argc
6753 * @param argv Standard main() style argv. Initial components are already
6756 * @return A shell status integer (0 for success)
6758 static int rpc_printer_publish(int argc, const char **argv)
6761 struct functable func[] = {
6762 {"publish", rpc_printer_publish_publish},
6763 {"update", rpc_printer_publish_update},
6764 {"unpublish", rpc_printer_publish_unpublish},
6765 {"list", rpc_printer_publish_list},
6766 {"help", rpc_printer_usage},
6771 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6772 rpc_printer_publish_list_internals,
6775 return net_run_function(argc, argv, func, rpc_printer_usage);
6781 * Display rpc printer help page.
6782 * @param argc Standard main() style argc
6783 * @param argv Standard main() style argv. Initial components are already
6786 int rpc_printer_usage(int argc, const char **argv)
6788 return net_help_printer(argc, argv);
6792 * 'net rpc printer' entrypoint.
6793 * @param argc Standard main() style argc
6794 * @param argv Standard main() style argv. Initial components are already
6797 int net_rpc_printer(int argc, const char **argv)
6799 struct functable func[] = {
6800 {"list", rpc_printer_list},
6801 {"migrate", rpc_printer_migrate},
6802 {"driver", rpc_printer_driver_list},
6803 {"publish", rpc_printer_publish},
6808 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6809 rpc_printer_list_internals,
6812 return net_run_function(argc, argv, func, rpc_printer_usage);
6815 /****************************************************************************/
6819 * Basic usage function for 'net rpc'
6820 * @param argc Standard main() style argc
6821 * @param argv Standard main() style argv. Initial components are already
6825 int net_rpc_usage(int argc, const char **argv)
6827 d_printf(" net rpc info \t\t\tshow basic info about a domain \n");
6828 d_printf(" net rpc join \t\t\tto join a domain \n");
6829 d_printf(" net rpc oldjoin \t\tto join a domain created in server manager\n");
6830 d_printf(" net rpc testjoin \t\ttests that a join is valid\n");
6831 d_printf(" net rpc user \t\t\tto add, delete and list users\n");
6832 d_printf(" net rpc password <username> [<password>] -Uadmin_username%%admin_pass\n");
6833 d_printf(" net rpc group \t\tto list groups\n");
6834 d_printf(" net rpc share \t\tto add, delete, list and migrate shares\n");
6835 d_printf(" net rpc printer \t\tto list and migrate printers\n");
6836 d_printf(" net rpc file \t\t\tto list open files\n");
6837 d_printf(" net rpc changetrustpw \tto change the trust account password\n");
6838 d_printf(" net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
6839 d_printf(" net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
6840 d_printf(" net rpc samdump \t\tdisplay an NT PDC's users, groups and other data\n");
6841 d_printf(" net rpc trustdom \t\tto create trusting domain's account or establish trust\n");
6842 d_printf(" net rpc abortshutdown \tto abort the shutdown of a remote server\n");
6843 d_printf(" net rpc shutdown \t\tto shutdown a remote server\n");
6844 d_printf(" net rpc rights\t\tto manage privileges assigned to SIDs\n");
6845 d_printf(" net rpc registry\t\tto manage registry hives\n");
6846 d_printf(" net rpc service\t\tto start, stop and query services\n");
6847 d_printf(" net rpc audit\t\t\tto modify global auditing settings\n");
6848 d_printf(" net rpc shell\t\t\tto open an interactive shell for remote server/account management\n");
6850 d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
6851 d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
6852 d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
6853 d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
6854 d_printf("\t-C or --comment=<message>\ttext message to display on impending shutdown\n");
6860 * Help function for 'net rpc'. Calls command specific help if requested
6861 * or displays usage of net rpc
6862 * @param argc Standard main() style argc
6863 * @param argv Standard main() style argv. Initial components are already
6867 int net_rpc_help(int argc, const char **argv)
6869 struct functable func[] = {
6870 {"join", rpc_join_usage},
6871 {"user", rpc_user_usage},
6872 {"group", rpc_group_usage},
6873 {"share", rpc_share_usage},
6874 /*{"changetrustpw", rpc_changetrustpw_usage}, */
6875 {"trustdom", rpc_trustdom_usage},
6876 /*{"abortshutdown", rpc_shutdown_abort_usage},*/
6877 /*{"shutdown", rpc_shutdown_usage}, */
6878 {"vampire", rpc_vampire_usage},
6883 net_rpc_usage(argc, argv);
6887 return (net_run_function(argc, argv, func, rpc_user_usage));
6891 * 'net rpc' entrypoint.
6892 * @param argc Standard main() style argc
6893 * @param argv Standard main() style argv. Initial components are already
6897 int net_rpc(int argc, const char **argv)
6899 struct functable func[] = {
6900 {"audit", net_rpc_audit},
6901 {"info", net_rpc_info},
6902 {"join", net_rpc_join},
6903 {"oldjoin", net_rpc_oldjoin},
6904 {"testjoin", net_rpc_testjoin},
6905 {"user", net_rpc_user},
6906 {"password", rpc_user_password},
6907 {"group", net_rpc_group},
6908 {"share", net_rpc_share},
6909 {"file", net_rpc_file},
6910 {"printer", net_rpc_printer},
6911 {"changetrustpw", net_rpc_changetrustpw},
6912 {"trustdom", rpc_trustdom},
6913 {"abortshutdown", rpc_shutdown_abort},
6914 {"shutdown", rpc_shutdown},
6915 {"samdump", rpc_samdump},
6916 {"vampire", rpc_vampire},
6917 {"getsid", net_rpc_getsid},
6918 {"rights", net_rpc_rights},
6919 {"service", net_rpc_service},
6920 {"registry", net_rpc_registry},
6921 {"shell", net_rpc_shell},
6922 {"help", net_rpc_help},
6925 return net_run_function(argc, argv, func, net_rpc_usage);