2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
32 * @brief RPC based subcommands for the 'net' utility.
34 * This file should contain much of the functionality that used to
35 * be found in rpcclient, execpt that the commands should change
36 * less often, and the fucntionality should be sane (the user is not
37 * expected to know a rid/sid before they conduct an operation etc.)
39 * @todo Perhaps eventually these should be split out into a number
40 * of files, as this could get quite big.
45 * Many of the RPC functions need the domain sid. This function gets
46 * it at the start of every run
48 * @param cli A cli_state already connected to the remote machine
50 * @return The Domain SID of the remote machine.
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
55 const char **domain_name)
57 struct rpc_pipe_client *lsa_pipe;
59 NTSTATUS result = NT_STATUS_OK;
60 union lsa_PolicyInformation *info = NULL;
62 lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
64 d_fprintf(stderr, "Could not initialise lsa pipe\n");
68 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
69 SEC_RIGHTS_MAXIMUM_ALLOWED,
71 if (!NT_STATUS_IS_OK(result)) {
72 d_fprintf(stderr, "open_policy failed: %s\n",
77 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
79 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
81 if (!NT_STATUS_IS_OK(result)) {
82 d_fprintf(stderr, "lsaquery failed: %s\n",
87 *domain_name = info->account_domain.name.string;
88 *domain_sid = info->account_domain.sid;
90 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
91 TALLOC_FREE(lsa_pipe);
97 * Run a single RPC command, from start to finish.
99 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
100 * @param conn_flag a NET_FLAG_ combination. Passed to
101 * net_make_ipc_connection.
102 * @param argc Standard main() style argc
103 * @param argc Standard main() style argv. Initial components are already
105 * @return A shell status integer (0 for success)
108 int run_rpc_command(struct cli_state *cli_arg,
115 struct cli_state *cli = NULL;
116 struct rpc_pipe_client *pipe_hnd = NULL;
120 const char *domain_name;
122 /* make use of cli_state handed over as an argument, if possible */
124 nt_status = net_make_ipc_connection(conn_flags, &cli);
125 if (!NT_STATUS_IS_OK(nt_status)) {
126 DEBUG(1, ("failed to make ipc connection: %s\n",
127 nt_errstr(nt_status)));
140 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
141 DEBUG(0, ("talloc_init() failed\n"));
146 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
148 if (!NT_STATUS_IS_OK(nt_status)) {
153 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
154 if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
155 /* Always try and create an schannel netlogon pipe. */
156 pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
157 PIPE_AUTH_LEVEL_PRIVACY,
161 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
162 nt_errstr(nt_status) ));
167 pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
169 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
170 cli_get_pipe_name(pipe_idx),
171 nt_errstr(nt_status) ));
178 nt_status = fn(domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
180 if (!NT_STATUS_IS_OK(nt_status)) {
181 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
183 DEBUG(5, ("rpc command function succedded\n"));
186 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
188 TALLOC_FREE(pipe_hnd);
192 /* close the connection only if it was opened here */
197 talloc_destroy(mem_ctx);
198 return (!NT_STATUS_IS_OK(nt_status));
202 * Force a change of the trust acccount password.
204 * All parameters are provided by the run_rpc_command function, except for
205 * argc, argv which are passes through.
207 * @param domain_sid The domain sid aquired from the remote server
208 * @param cli A cli_state connected to the server.
209 * @param mem_ctx Talloc context, destoyed on compleation of the function.
210 * @param argc Standard main() style argc
211 * @param argc Standard main() style argv. Initial components are already
214 * @return Normal NTSTATUS return.
217 static NTSTATUS rpc_changetrustpw_internals(const DOM_SID *domain_sid,
218 const char *domain_name,
219 struct cli_state *cli,
220 struct rpc_pipe_client *pipe_hnd,
226 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup);
230 * Force a change of the trust acccount password.
232 * @param argc Standard main() style argc
233 * @param argc Standard main() style argv. Initial components are already
236 * @return A shell status integer (0 for success)
239 int net_rpc_changetrustpw(int argc, const char **argv)
241 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
242 rpc_changetrustpw_internals,
247 * Join a domain, the old way.
249 * This uses 'machinename' as the inital password, and changes it.
251 * The password should be created with 'server manager' or equiv first.
253 * All parameters are provided by the run_rpc_command function, except for
254 * argc, argv which are passes through.
256 * @param domain_sid The domain sid aquired from the remote server
257 * @param cli A cli_state connected to the server.
258 * @param mem_ctx Talloc context, destoyed on compleation of the function.
259 * @param argc Standard main() style argc
260 * @param argc Standard main() style argv. Initial components are already
263 * @return Normal NTSTATUS return.
266 static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid,
267 const char *domain_name,
268 struct cli_state *cli,
269 struct rpc_pipe_client *pipe_hnd,
275 fstring trust_passwd;
276 unsigned char orig_trust_passwd_hash[16];
278 uint32 sec_channel_type;
280 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &result);
282 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
285 nt_errstr(result) ));
290 check what type of join - if the user want's to join as
291 a BDC, the server must agree that we are a BDC.
294 sec_channel_type = get_sec_channel_type(argv[0]);
296 sec_channel_type = get_sec_channel_type(NULL);
299 fstrcpy(trust_passwd, global_myname());
300 strlower_m(trust_passwd);
303 * Machine names can be 15 characters, but the max length on
304 * a password is 14. --jerry
307 trust_passwd[14] = '\0';
309 E_md4hash(trust_passwd, orig_trust_passwd_hash);
311 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup,
312 orig_trust_passwd_hash,
315 if (NT_STATUS_IS_OK(result))
316 printf("Joined domain %s.\n",opt_target_workgroup);
319 if (!secrets_store_domain_sid(opt_target_workgroup, domain_sid)) {
320 DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup));
321 result = NT_STATUS_UNSUCCESSFUL;
328 * Join a domain, the old way.
330 * @param argc Standard main() style argc
331 * @param argc Standard main() style argv. Initial components are already
334 * @return A shell status integer (0 for success)
337 static int net_rpc_perform_oldjoin(int argc, const char **argv)
339 return run_rpc_command(NULL, PI_NETLOGON,
340 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
341 rpc_oldjoin_internals,
346 * Join a domain, the old way. This function exists to allow
347 * the message to be displayed when oldjoin was explicitly
348 * requested, but not when it was implied by "net rpc join"
350 * @param argc Standard main() style argc
351 * @param argc Standard main() style argv. Initial components are already
354 * @return A shell status integer (0 for success)
357 static int net_rpc_oldjoin(int argc, const char **argv)
359 int rc = net_rpc_perform_oldjoin(argc, argv);
362 d_fprintf(stderr, "Failed to join domain\n");
369 * Basic usage function for 'net rpc join'
370 * @param argc Standard main() style argc
371 * @param argc Standard main() style argv. Initial components are already
375 static int rpc_join_usage(int argc, const char **argv)
377 d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
378 "\t to join a domain with admin username & password\n"\
379 "\t\t password will be prompted if needed and none is specified\n"\
380 "\t <type> can be (default MEMBER)\n"\
381 "\t\t BDC - Join as a BDC\n"\
382 "\t\t PDC - Join as a PDC\n"\
383 "\t\t MEMBER - Join as a MEMBER server\n");
385 net_common_flags_usage(argc, argv);
390 * 'net rpc join' entrypoint.
391 * @param argc Standard main() style argc
392 * @param argc Standard main() style argv. Initial components are already
395 * Main 'net_rpc_join()' (where the admin username/password is used) is
397 * Try to just change the password, but if that doesn't work, use/prompt
398 * for a username/password.
401 int net_rpc_join(int argc, const char **argv)
403 if (lp_server_role() == ROLE_STANDALONE) {
404 d_printf("cannot join as standalone machine\n");
408 if (strlen(global_myname()) > 15) {
409 d_printf("Our netbios name can be at most 15 chars long, "
410 "\"%s\" is %u chars long\n",
411 global_myname(), (unsigned int)strlen(global_myname()));
415 if ((net_rpc_perform_oldjoin(argc, argv) == 0))
418 return net_rpc_join_newstyle(argc, argv);
422 * display info about a rpc domain
424 * All parameters are provided by the run_rpc_command function, except for
425 * argc, argv which are passed through.
427 * @param domain_sid The domain sid acquired from the remote server
428 * @param cli A cli_state connected to the server.
429 * @param mem_ctx Talloc context, destoyed on completion of the function.
430 * @param argc Standard main() style argc
431 * @param argv Standard main() style argv. Initial components are already
434 * @return Normal NTSTATUS return.
437 NTSTATUS rpc_info_internals(const DOM_SID *domain_sid,
438 const char *domain_name,
439 struct cli_state *cli,
440 struct rpc_pipe_client *pipe_hnd,
445 POLICY_HND connect_pol, domain_pol;
446 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
447 union samr_DomainInfo *info = NULL;
450 sid_to_fstring(sid_str, domain_sid);
452 /* Get sam policy handle */
453 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
455 MAXIMUM_ALLOWED_ACCESS,
457 if (!NT_STATUS_IS_OK(result)) {
458 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
462 /* Get domain policy handle */
463 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
465 MAXIMUM_ALLOWED_ACCESS,
466 CONST_DISCARD(struct dom_sid2 *, domain_sid),
468 if (!NT_STATUS_IS_OK(result)) {
469 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
473 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
477 if (NT_STATUS_IS_OK(result)) {
478 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
479 d_printf("Domain SID: %s\n", sid_str);
480 d_printf("Sequence number: %llu\n",
481 (unsigned long long)info->info2.sequence_num);
482 d_printf("Num users: %u\n", info->info2.num_users);
483 d_printf("Num domain groups: %u\n", info->info2.num_groups);
484 d_printf("Num local groups: %u\n", info->info2.num_aliases);
492 * 'net rpc info' entrypoint.
493 * @param argc Standard main() style argc
494 * @param argc Standard main() style argv. Initial components are already
498 int net_rpc_info(int argc, const char **argv)
500 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_PDC,
506 * Fetch domain SID into the local secrets.tdb
508 * All parameters are provided by the run_rpc_command function, except for
509 * argc, argv which are passes through.
511 * @param domain_sid The domain sid acquired from the remote server
512 * @param cli A cli_state connected to the server.
513 * @param mem_ctx Talloc context, destoyed on completion of the function.
514 * @param argc Standard main() style argc
515 * @param argv Standard main() style argv. Initial components are already
518 * @return Normal NTSTATUS return.
521 static NTSTATUS rpc_getsid_internals(const DOM_SID *domain_sid,
522 const char *domain_name,
523 struct cli_state *cli,
524 struct rpc_pipe_client *pipe_hnd,
531 sid_to_fstring(sid_str, domain_sid);
532 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
533 sid_str, domain_name);
535 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
536 DEBUG(0,("Can't store domain SID\n"));
537 return NT_STATUS_UNSUCCESSFUL;
544 * 'net rpc getsid' entrypoint.
545 * @param argc Standard main() style argc
546 * @param argc Standard main() style argv. Initial components are already
550 int net_rpc_getsid(int argc, const char **argv)
552 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
553 rpc_getsid_internals,
557 /****************************************************************************/
560 * Basic usage function for 'net rpc user'
561 * @param argc Standard main() style argc.
562 * @param argv Standard main() style argv. Initial components are already
566 static int rpc_user_usage(int argc, const char **argv)
568 return net_help_user(argc, argv);
572 * Add a new user to a remote RPC server
574 * @param argc Standard main() style argc
575 * @param argv Standard main() style argv. Initial components are already
578 * @return A shell status integer (0 for success)
581 static int rpc_user_add(int argc, const char **argv)
583 NET_API_STATUS status;
584 struct USER_INFO_1 info1;
585 uint32_t parm_error = 0;
588 d_printf("User must be specified\n");
589 rpc_user_usage(argc, argv);
595 info1.usri1_name = argv[0];
597 info1.usri1_password = argv[1];
600 status = NetUserAdd(opt_host, 1, (uint8_t *)&info1, &parm_error);
603 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
604 argv[0], libnetapi_get_error_string(netapi_ctx, status));
607 d_printf("Added user '%s'.\n", argv[0]);
614 * Rename a user on a remote RPC server
616 * All parameters are provided by the run_rpc_command function, except for
617 * argc, argv which are passes through.
619 * @param domain_sid The domain sid acquired from the remote server
620 * @param cli A cli_state connected to the server.
621 * @param mem_ctx Talloc context, destoyed on completion of the function.
622 * @param argc Standard main() style argc
623 * @param argv Standard main() style argv. Initial components are already
626 * @return Normal NTSTATUS return.
629 static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
630 const char *domain_name,
631 struct cli_state *cli,
632 struct rpc_pipe_client *pipe_hnd,
637 POLICY_HND connect_pol, domain_pol, user_pol;
638 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
639 uint32 info_level = 7;
640 const char *old_name, *new_name;
641 struct samr_Ids user_rids, name_types;
642 struct lsa_String lsa_acct_name;
643 union samr_UserInfo *info = NULL;
646 d_printf("Old and new username must be specified\n");
647 rpc_user_usage(argc, argv);
654 /* Get sam policy handle */
656 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
658 MAXIMUM_ALLOWED_ACCESS,
661 if (!NT_STATUS_IS_OK(result)) {
665 /* Get domain policy handle */
667 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
669 MAXIMUM_ALLOWED_ACCESS,
670 CONST_DISCARD(struct dom_sid2 *, domain_sid),
672 if (!NT_STATUS_IS_OK(result)) {
676 init_lsa_String(&lsa_acct_name, old_name);
678 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
684 if (!NT_STATUS_IS_OK(result)) {
688 /* Open domain user */
689 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
691 MAXIMUM_ALLOWED_ACCESS,
695 if (!NT_STATUS_IS_OK(result)) {
699 /* Query user info */
700 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
705 if (!NT_STATUS_IS_OK(result)) {
709 init_samr_user_info7(&info->info7, new_name);
712 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
717 if (!NT_STATUS_IS_OK(result)) {
722 if (!NT_STATUS_IS_OK(result)) {
723 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name,
726 d_printf("Renamed user from %s to %s\n", old_name, new_name);
732 * Rename a user on a remote RPC server
734 * @param argc Standard main() style argc
735 * @param argv Standard main() style argv. Initial components are already
738 * @return A shell status integer (0 for success)
741 static int rpc_user_rename(int argc, const char **argv)
743 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_rename_internals,
748 * Delete a user from a remote RPC server
750 * @param argc Standard main() style argc
751 * @param argv Standard main() style argv. Initial components are already
754 * @return A shell status integer (0 for success)
757 static int rpc_user_delete(int argc, const char **argv)
759 NET_API_STATUS status;
762 d_printf("User must be specified\n");
763 rpc_user_usage(argc, argv);
767 status = NetUserDel(opt_host, argv[0]);
770 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
772 libnetapi_get_error_string(netapi_ctx, status));
775 d_printf("Deleted user '%s'.\n", argv[0]);
782 * Set a password for a user on a remote RPC server
784 * All parameters are provided by the run_rpc_command function, except for
785 * argc, argv which are passes through.
787 * @param domain_sid The domain sid acquired from the remote server
788 * @param cli A cli_state connected to the server.
789 * @param mem_ctx Talloc context, destoyed on completion of the function.
790 * @param argc Standard main() style argc
791 * @param argv Standard main() style argv. Initial components are already
794 * @return Normal NTSTATUS return.
797 static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
798 const char *domain_name,
799 struct cli_state *cli,
800 struct rpc_pipe_client *pipe_hnd,
805 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
806 POLICY_HND connect_pol, domain_pol, user_pol;
809 const char *new_password;
811 union samr_UserInfo info;
814 d_printf("User must be specified\n");
815 rpc_user_usage(argc, argv);
822 new_password = argv[1];
824 asprintf(&prompt, "Enter new password for %s:", user);
825 new_password = getpass(prompt);
829 /* Get sam policy and domain handles */
831 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
833 MAXIMUM_ALLOWED_ACCESS,
836 if (!NT_STATUS_IS_OK(result)) {
840 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
842 MAXIMUM_ALLOWED_ACCESS,
843 CONST_DISCARD(struct dom_sid2 *, domain_sid),
846 if (!NT_STATUS_IS_OK(result)) {
850 /* Get handle on user */
853 struct samr_Ids user_rids, name_types;
854 struct lsa_String lsa_acct_name;
856 init_lsa_String(&lsa_acct_name, user);
858 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
864 if (!NT_STATUS_IS_OK(result)) {
868 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
870 MAXIMUM_ALLOWED_ACCESS,
874 if (!NT_STATUS_IS_OK(result)) {
879 /* Set password on account */
881 encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
883 init_samr_user_info24(&info.info24, pwbuf, 24);
885 SamOEMhashBlob(info.info24.password.data, 516,
886 &cli->user_session_key);
888 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
893 if (!NT_STATUS_IS_OK(result)) {
897 /* Display results */
905 * Set a user's password on a remote RPC server
907 * @param argc Standard main() style argc
908 * @param argv Standard main() style argv. Initial components are already
911 * @return A shell status integer (0 for success)
914 static int rpc_user_password(int argc, const char **argv)
916 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_password_internals,
921 * List user's groups on a remote RPC server
923 * All parameters are provided by the run_rpc_command function, except for
924 * argc, argv which are passes through.
926 * @param domain_sid The domain sid acquired from the remote server
927 * @param cli A cli_state connected to the server.
928 * @param mem_ctx Talloc context, destoyed on completion of the function.
929 * @param argc Standard main() style argc
930 * @param argv Standard main() style argv. Initial components are already
933 * @return Normal NTSTATUS return.
936 static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
937 const char *domain_name,
938 struct cli_state *cli,
939 struct rpc_pipe_client *pipe_hnd,
944 POLICY_HND connect_pol, domain_pol, user_pol;
945 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
947 struct samr_RidWithAttributeArray *rid_array = NULL;
948 struct lsa_Strings names;
949 struct samr_Ids types;
950 uint32_t *lrids = NULL;
951 struct samr_Ids rids, name_types;
952 struct lsa_String lsa_acct_name;
956 d_printf("User must be specified\n");
957 rpc_user_usage(argc, argv);
960 /* Get sam policy handle */
962 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
964 MAXIMUM_ALLOWED_ACCESS,
966 if (!NT_STATUS_IS_OK(result)) goto done;
968 /* Get domain policy handle */
970 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
972 MAXIMUM_ALLOWED_ACCESS,
973 CONST_DISCARD(struct dom_sid2 *, domain_sid),
975 if (!NT_STATUS_IS_OK(result)) goto done;
977 /* Get handle on user */
979 init_lsa_String(&lsa_acct_name, argv[0]);
981 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
988 if (!NT_STATUS_IS_OK(result)) goto done;
990 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
992 MAXIMUM_ALLOWED_ACCESS,
995 if (!NT_STATUS_IS_OK(result)) goto done;
997 result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
1001 if (!NT_STATUS_IS_OK(result)) goto done;
1005 if (rid_array->count) {
1006 if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
1007 result = NT_STATUS_NO_MEMORY;
1011 for (i = 0; i < rid_array->count; i++)
1012 lrids[i] = rid_array->rids[i].rid;
1014 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
1021 if (!NT_STATUS_IS_OK(result)) {
1025 /* Display results */
1027 for (i = 0; i < names.count; i++)
1028 printf("%s\n", names.names[i].string);
1035 * List a user's groups from a remote RPC server
1037 * @param argc Standard main() style argc
1038 * @param argv Standard main() style argv. Initial components are already
1041 * @return A shell status integer (0 for success)
1044 static int rpc_user_info(int argc, const char **argv)
1046 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
1051 * List users on a remote RPC server
1053 * All parameters are provided by the run_rpc_command function, except for
1054 * argc, argv which are passes through.
1056 * @param domain_sid The domain sid acquired from the remote server
1057 * @param cli A cli_state connected to the server.
1058 * @param mem_ctx Talloc context, destoyed on completion of the function.
1059 * @param argc Standard main() style argc
1060 * @param argv Standard main() style argv. Initial components are already
1063 * @return Normal NTSTATUS return.
1066 static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
1067 const char *domain_name,
1068 struct cli_state *cli,
1069 struct rpc_pipe_client *pipe_hnd,
1070 TALLOC_CTX *mem_ctx,
1074 POLICY_HND connect_pol, domain_pol;
1075 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1076 uint32 start_idx=0, num_entries, i, loop_count = 0;
1078 /* Get sam policy handle */
1080 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1082 MAXIMUM_ALLOWED_ACCESS,
1084 if (!NT_STATUS_IS_OK(result)) {
1088 /* Get domain policy handle */
1090 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1092 MAXIMUM_ALLOWED_ACCESS,
1093 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1095 if (!NT_STATUS_IS_OK(result)) {
1099 /* Query domain users */
1100 if (opt_long_list_entries)
1101 d_printf("\nUser name Comment"\
1102 "\n-----------------------------\n");
1104 const char *user = NULL;
1105 const char *desc = NULL;
1106 uint32 max_entries, max_size;
1107 uint32_t total_size, returned_size;
1108 union samr_DispInfo info;
1110 get_query_dispinfo_params(
1111 loop_count, &max_entries, &max_size);
1113 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
1123 start_idx += info.info1.count;
1124 num_entries = info.info1.count;
1126 for (i = 0; i < num_entries; i++) {
1127 user = info.info1.entries[i].account_name.string;
1128 if (opt_long_list_entries)
1129 desc = info.info1.entries[i].description.string;
1130 if (opt_long_list_entries)
1131 printf("%-21.21s %s\n", user, desc);
1133 printf("%s\n", user);
1135 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1142 * 'net rpc user' entrypoint.
1143 * @param argc Standard main() style argc
1144 * @param argc Standard main() style argv. Initial components are already
1148 int net_rpc_user(int argc, const char **argv)
1150 NET_API_STATUS status;
1152 struct functable func[] = {
1153 {"add", rpc_user_add},
1154 {"info", rpc_user_info},
1155 {"delete", rpc_user_delete},
1156 {"password", rpc_user_password},
1157 {"rename", rpc_user_rename},
1161 status = libnetapi_init(&netapi_ctx);
1165 libnetapi_set_username(netapi_ctx, opt_user_name);
1166 libnetapi_set_password(netapi_ctx, opt_password);
1169 return run_rpc_command(NULL,PI_SAMR, 0,
1170 rpc_user_list_internals,
1174 return net_run_function(argc, argv, func, rpc_user_usage);
1177 static NTSTATUS rpc_sh_user_list(TALLOC_CTX *mem_ctx,
1178 struct rpc_sh_ctx *ctx,
1179 struct rpc_pipe_client *pipe_hnd,
1180 int argc, const char **argv)
1182 return rpc_user_list_internals(ctx->domain_sid, ctx->domain_name,
1183 ctx->cli, pipe_hnd, mem_ctx,
1187 static NTSTATUS rpc_sh_user_info(TALLOC_CTX *mem_ctx,
1188 struct rpc_sh_ctx *ctx,
1189 struct rpc_pipe_client *pipe_hnd,
1190 int argc, const char **argv)
1192 return rpc_user_info_internals(ctx->domain_sid, ctx->domain_name,
1193 ctx->cli, pipe_hnd, mem_ctx,
1197 static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
1198 struct rpc_sh_ctx *ctx,
1199 struct rpc_pipe_client *pipe_hnd,
1200 int argc, const char **argv,
1202 TALLOC_CTX *mem_ctx,
1203 struct rpc_sh_ctx *ctx,
1204 struct rpc_pipe_client *pipe_hnd,
1205 POLICY_HND *user_hnd,
1206 int argc, const char **argv))
1208 POLICY_HND connect_pol, domain_pol, user_pol;
1209 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1212 enum lsa_SidType type;
1215 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1216 return NT_STATUS_INVALID_PARAMETER;
1219 ZERO_STRUCT(connect_pol);
1220 ZERO_STRUCT(domain_pol);
1221 ZERO_STRUCT(user_pol);
1223 result = net_rpc_lookup_name(mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1224 argv[0], NULL, NULL, &sid, &type);
1225 if (!NT_STATUS_IS_OK(result)) {
1226 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1231 if (type != SID_NAME_USER) {
1232 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1233 sid_type_lookup(type));
1234 result = NT_STATUS_NO_SUCH_USER;
1238 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1239 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1240 result = NT_STATUS_NO_SUCH_USER;
1244 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1246 MAXIMUM_ALLOWED_ACCESS,
1248 if (!NT_STATUS_IS_OK(result)) {
1252 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1254 MAXIMUM_ALLOWED_ACCESS,
1257 if (!NT_STATUS_IS_OK(result)) {
1261 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1263 MAXIMUM_ALLOWED_ACCESS,
1266 if (!NT_STATUS_IS_OK(result)) {
1270 result = fn(mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1273 if (is_valid_policy_hnd(&user_pol)) {
1274 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1276 if (is_valid_policy_hnd(&domain_pol)) {
1277 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1279 if (is_valid_policy_hnd(&connect_pol)) {
1280 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1285 static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx,
1286 struct rpc_sh_ctx *ctx,
1287 struct rpc_pipe_client *pipe_hnd,
1288 POLICY_HND *user_hnd,
1289 int argc, const char **argv)
1292 union samr_UserInfo *info = NULL;
1295 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1296 return NT_STATUS_INVALID_PARAMETER;
1299 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1303 if (!NT_STATUS_IS_OK(result)) {
1307 d_printf("user rid: %d, group rid: %d\n",
1309 info->info21.primary_gid);
1314 static NTSTATUS rpc_sh_user_show(TALLOC_CTX *mem_ctx,
1315 struct rpc_sh_ctx *ctx,
1316 struct rpc_pipe_client *pipe_hnd,
1317 int argc, const char **argv)
1319 return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1320 rpc_sh_user_show_internals);
1323 #define FETCHSTR(name, rec) \
1324 do { if (strequal(ctx->thiscmd, name)) { \
1325 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1328 #define SETSTR(name, rec, flag) \
1329 do { if (strequal(ctx->thiscmd, name)) { \
1330 init_lsa_String(&(info->info21.rec), argv[0]); \
1331 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1334 static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
1335 struct rpc_sh_ctx *ctx,
1336 struct rpc_pipe_client *pipe_hnd,
1337 POLICY_HND *user_hnd,
1338 int argc, const char **argv)
1341 const char *username;
1342 const char *oldval = "";
1343 union samr_UserInfo *info = NULL;
1346 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1348 return NT_STATUS_INVALID_PARAMETER;
1351 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1355 if (!NT_STATUS_IS_OK(result)) {
1359 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1361 FETCHSTR("fullname", full_name);
1362 FETCHSTR("homedir", home_directory);
1363 FETCHSTR("homedrive", home_drive);
1364 FETCHSTR("logonscript", logon_script);
1365 FETCHSTR("profilepath", profile_path);
1366 FETCHSTR("description", description);
1369 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1373 if (strcmp(argv[0], "NULL") == 0) {
1377 ZERO_STRUCT(info->info21);
1379 SETSTR("fullname", full_name, FULL_NAME);
1380 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1381 SETSTR("homedrive", home_drive, HOME_DRIVE);
1382 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1383 SETSTR("profilepath", profile_path, PROFILE_PATH);
1384 SETSTR("description", description, DESCRIPTION);
1386 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1391 d_printf("Set %s's %s from [%s] to [%s]\n", username,
1392 ctx->thiscmd, oldval, argv[0]);
1399 #define HANDLEFLG(name, rec) \
1400 do { if (strequal(ctx->thiscmd, name)) { \
1401 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1403 newflags = oldflags | ACB_##rec; \
1405 newflags = oldflags & ~ACB_##rec; \
1408 static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx,
1409 struct rpc_sh_ctx *ctx,
1410 struct rpc_pipe_client *pipe_hnd,
1411 int argc, const char **argv)
1413 return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1414 rpc_sh_user_str_edit_internals);
1417 static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
1418 struct rpc_sh_ctx *ctx,
1419 struct rpc_pipe_client *pipe_hnd,
1420 POLICY_HND *user_hnd,
1421 int argc, const char **argv)
1424 const char *username;
1425 const char *oldval = "unknown";
1426 uint32 oldflags, newflags;
1428 union samr_UserInfo *info = NULL;
1431 ((argc == 1) && !strequal(argv[0], "yes") &&
1432 !strequal(argv[0], "no"))) {
1433 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1435 return NT_STATUS_INVALID_PARAMETER;
1438 newval = strequal(argv[0], "yes");
1440 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1444 if (!NT_STATUS_IS_OK(result)) {
1448 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1449 oldflags = info->info21.acct_flags;
1450 newflags = info->info21.acct_flags;
1452 HANDLEFLG("disabled", DISABLED);
1453 HANDLEFLG("pwnotreq", PWNOTREQ);
1454 HANDLEFLG("autolock", AUTOLOCK);
1455 HANDLEFLG("pwnoexp", PWNOEXP);
1458 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1462 ZERO_STRUCT(info->info21);
1464 info->info21.acct_flags = newflags;
1465 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1467 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1472 if (NT_STATUS_IS_OK(result)) {
1473 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1474 ctx->thiscmd, oldval, argv[0]);
1482 static NTSTATUS rpc_sh_user_flag_edit(TALLOC_CTX *mem_ctx,
1483 struct rpc_sh_ctx *ctx,
1484 struct rpc_pipe_client *pipe_hnd,
1485 int argc, const char **argv)
1487 return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1488 rpc_sh_user_flag_edit_internals);
1491 struct rpc_sh_cmd *net_rpc_user_edit_cmds(TALLOC_CTX *mem_ctx,
1492 struct rpc_sh_ctx *ctx)
1494 static struct rpc_sh_cmd cmds[] = {
1496 { "fullname", NULL, PI_SAMR, rpc_sh_user_str_edit,
1497 "Show/Set a user's full name" },
1499 { "homedir", NULL, PI_SAMR, rpc_sh_user_str_edit,
1500 "Show/Set a user's home directory" },
1502 { "homedrive", NULL, PI_SAMR, rpc_sh_user_str_edit,
1503 "Show/Set a user's home drive" },
1505 { "logonscript", NULL, PI_SAMR, rpc_sh_user_str_edit,
1506 "Show/Set a user's logon script" },
1508 { "profilepath", NULL, PI_SAMR, rpc_sh_user_str_edit,
1509 "Show/Set a user's profile path" },
1511 { "description", NULL, PI_SAMR, rpc_sh_user_str_edit,
1512 "Show/Set a user's description" },
1514 { "disabled", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1515 "Show/Set whether a user is disabled" },
1517 { "autolock", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1518 "Show/Set whether a user locked out" },
1520 { "pwnotreq", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1521 "Show/Set whether a user does not need a password" },
1523 { "pwnoexp", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1524 "Show/Set whether a user's password does not expire" },
1526 { NULL, NULL, 0, NULL, NULL }
1532 struct rpc_sh_cmd *net_rpc_user_cmds(TALLOC_CTX *mem_ctx,
1533 struct rpc_sh_ctx *ctx)
1535 static struct rpc_sh_cmd cmds[] = {
1537 { "list", NULL, PI_SAMR, rpc_sh_user_list,
1538 "List available users" },
1540 { "info", NULL, PI_SAMR, rpc_sh_user_info,
1541 "List the domain groups a user is member of" },
1543 { "show", NULL, PI_SAMR, rpc_sh_user_show,
1544 "Show info about a user" },
1546 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1547 "Show/Modify a user's fields" },
1549 { NULL, NULL, 0, NULL, NULL }
1555 /****************************************************************************/
1558 * Basic usage function for 'net rpc group'
1559 * @param argc Standard main() style argc.
1560 * @param argv Standard main() style argv. Initial components are already
1564 static int rpc_group_usage(int argc, const char **argv)
1566 return net_help_group(argc, argv);
1570 * Delete group on a remote RPC server
1572 * All parameters are provided by the run_rpc_command function, except for
1573 * argc, argv which are passes through.
1575 * @param domain_sid The domain sid acquired from the remote server
1576 * @param cli A cli_state connected to the server.
1577 * @param mem_ctx Talloc context, destoyed on completion of the function.
1578 * @param argc Standard main() style argc
1579 * @param argv Standard main() style argv. Initial components are already
1582 * @return Normal NTSTATUS return.
1585 static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
1586 const char *domain_name,
1587 struct cli_state *cli,
1588 struct rpc_pipe_client *pipe_hnd,
1589 TALLOC_CTX *mem_ctx,
1593 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1594 bool group_is_primary = False;
1595 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1597 struct samr_RidTypeArray *rids = NULL;
1600 /* DOM_GID *user_gids; */
1602 struct samr_Ids group_rids, name_types;
1603 struct lsa_String lsa_acct_name;
1604 union samr_UserInfo *info = NULL;
1607 d_printf("specify group\n");
1608 rpc_group_usage(argc,argv);
1609 return NT_STATUS_OK; /* ok? */
1612 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1614 MAXIMUM_ALLOWED_ACCESS,
1617 if (!NT_STATUS_IS_OK(result)) {
1618 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1622 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1624 MAXIMUM_ALLOWED_ACCESS,
1625 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1628 if (!NT_STATUS_IS_OK(result)) {
1629 d_fprintf(stderr, "Request open_domain failed\n");
1633 init_lsa_String(&lsa_acct_name, argv[0]);
1635 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1641 if (!NT_STATUS_IS_OK(result)) {
1642 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1646 switch (name_types.ids[0])
1648 case SID_NAME_DOM_GRP:
1649 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1651 MAXIMUM_ALLOWED_ACCESS,
1654 if (!NT_STATUS_IS_OK(result)) {
1655 d_fprintf(stderr, "Request open_group failed");
1659 group_rid = group_rids.ids[0];
1661 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1665 if (!NT_STATUS_IS_OK(result)) {
1666 d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1671 d_printf("Domain Group %s (rid: %d) has %d members\n",
1672 argv[0],group_rid, rids->count);
1675 /* Check if group is anyone's primary group */
1676 for (i = 0; i < rids->count; i++)
1678 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1680 MAXIMUM_ALLOWED_ACCESS,
1684 if (!NT_STATUS_IS_OK(result)) {
1685 d_fprintf(stderr, "Unable to open group member %d\n",
1690 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1695 if (!NT_STATUS_IS_OK(result)) {
1696 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1701 if (info->info21.primary_gid == group_rid) {
1703 d_printf("Group is primary group of %s\n",
1704 info->info21.account_name.string);
1706 group_is_primary = True;
1709 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1712 if (group_is_primary) {
1713 d_fprintf(stderr, "Unable to delete group because some "
1714 "of it's members have it as primary group\n");
1715 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1719 /* remove all group members */
1720 for (i = 0; i < rids->count; i++)
1723 d_printf("Remove group member %d...",
1725 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1729 if (NT_STATUS_IS_OK(result)) {
1734 d_printf("failed\n");
1739 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1743 /* removing a local group is easier... */
1744 case SID_NAME_ALIAS:
1745 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1747 MAXIMUM_ALLOWED_ACCESS,
1751 if (!NT_STATUS_IS_OK(result)) {
1752 d_fprintf(stderr, "Request open_alias failed\n");
1756 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1760 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1761 argv[0],sid_type_lookup(name_types.ids[0]));
1762 result = NT_STATUS_UNSUCCESSFUL;
1767 if (NT_STATUS_IS_OK(result)) {
1769 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1771 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1772 get_friendly_nt_error_msg(result));
1780 static int rpc_group_delete(int argc, const char **argv)
1782 return run_rpc_command(NULL, PI_SAMR, 0, rpc_group_delete_internals,
1786 static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
1787 const char *domain_name,
1788 struct cli_state *cli,
1789 struct rpc_pipe_client *pipe_hnd,
1790 TALLOC_CTX *mem_ctx,
1794 POLICY_HND connect_pol, domain_pol, group_pol;
1795 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1796 union samr_GroupInfo group_info;
1797 struct lsa_String grp_name;
1801 d_printf("Group name must be specified\n");
1802 rpc_group_usage(argc, argv);
1803 return NT_STATUS_OK;
1806 init_lsa_String(&grp_name, argv[0]);
1808 /* Get sam policy handle */
1810 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1812 MAXIMUM_ALLOWED_ACCESS,
1814 if (!NT_STATUS_IS_OK(result)) goto done;
1816 /* Get domain policy handle */
1818 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1820 MAXIMUM_ALLOWED_ACCESS,
1821 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1823 if (!NT_STATUS_IS_OK(result)) goto done;
1825 /* Create the group */
1827 result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
1830 MAXIMUM_ALLOWED_ACCESS,
1833 if (!NT_STATUS_IS_OK(result)) goto done;
1835 if (strlen(opt_comment) == 0) goto done;
1837 /* We've got a comment to set */
1839 init_lsa_String(&group_info.description, opt_comment);
1841 result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
1845 if (!NT_STATUS_IS_OK(result)) goto done;
1848 if (NT_STATUS_IS_OK(result))
1849 DEBUG(5, ("add group succeeded\n"));
1851 d_fprintf(stderr, "add group failed: %s\n", nt_errstr(result));
1856 static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
1857 const char *domain_name,
1858 struct cli_state *cli,
1859 struct rpc_pipe_client *pipe_hnd,
1860 TALLOC_CTX *mem_ctx,
1864 POLICY_HND connect_pol, domain_pol, alias_pol;
1865 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1866 union samr_AliasInfo alias_info;
1867 struct lsa_String alias_name;
1871 d_printf("Alias name must be specified\n");
1872 rpc_group_usage(argc, argv);
1873 return NT_STATUS_OK;
1876 init_lsa_String(&alias_name, argv[0]);
1878 /* Get sam policy handle */
1880 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1882 MAXIMUM_ALLOWED_ACCESS,
1884 if (!NT_STATUS_IS_OK(result)) goto done;
1886 /* Get domain policy handle */
1888 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1890 MAXIMUM_ALLOWED_ACCESS,
1891 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1893 if (!NT_STATUS_IS_OK(result)) goto done;
1895 /* Create the group */
1897 result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
1900 MAXIMUM_ALLOWED_ACCESS,
1903 if (!NT_STATUS_IS_OK(result)) goto done;
1905 if (strlen(opt_comment) == 0) goto done;
1907 /* We've got a comment to set */
1909 init_lsa_String(&alias_info.description, opt_comment);
1911 result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
1916 if (!NT_STATUS_IS_OK(result)) goto done;
1919 if (NT_STATUS_IS_OK(result))
1920 DEBUG(5, ("add alias succeeded\n"));
1922 d_fprintf(stderr, "add alias failed: %s\n", nt_errstr(result));
1927 static int rpc_group_add(int argc, const char **argv)
1930 return run_rpc_command(NULL, PI_SAMR, 0,
1931 rpc_alias_add_internals,
1934 return run_rpc_command(NULL, PI_SAMR, 0,
1935 rpc_group_add_internals,
1939 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1940 TALLOC_CTX *mem_ctx,
1943 enum lsa_SidType *type)
1945 DOM_SID *sids = NULL;
1946 enum lsa_SidType *types = NULL;
1947 struct rpc_pipe_client *pipe_hnd;
1949 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1951 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
1956 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, False,
1957 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
1959 if (!NT_STATUS_IS_OK(result)) {
1963 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1964 &name, NULL, 1, &sids, &types);
1966 if (NT_STATUS_IS_OK(result)) {
1967 sid_copy(sid, &sids[0]);
1971 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
1975 TALLOC_FREE(pipe_hnd);
1978 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1980 /* Try as S-1-5-whatever */
1984 if (string_to_sid(&tmp_sid, name)) {
1985 sid_copy(sid, &tmp_sid);
1986 *type = SID_NAME_UNKNOWN;
1987 result = NT_STATUS_OK;
1994 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1995 TALLOC_CTX *mem_ctx,
1996 const DOM_SID *group_sid,
1999 POLICY_HND connect_pol, domain_pol;
2002 POLICY_HND group_pol;
2004 struct samr_Ids rids, rid_types;
2005 struct lsa_String lsa_acct_name;
2009 sid_copy(&sid, group_sid);
2011 if (!sid_split_rid(&sid, &group_rid)) {
2012 return NT_STATUS_UNSUCCESSFUL;
2015 /* Get sam policy handle */
2016 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2018 MAXIMUM_ALLOWED_ACCESS,
2020 if (!NT_STATUS_IS_OK(result)) {
2024 /* Get domain policy handle */
2025 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2027 MAXIMUM_ALLOWED_ACCESS,
2030 if (!NT_STATUS_IS_OK(result)) {
2034 init_lsa_String(&lsa_acct_name, member);
2036 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2043 if (!NT_STATUS_IS_OK(result)) {
2044 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2048 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2050 MAXIMUM_ALLOWED_ACCESS,
2054 if (!NT_STATUS_IS_OK(result)) {
2058 result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
2061 0x0005); /* unknown flags */
2064 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2068 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2069 TALLOC_CTX *mem_ctx,
2070 const DOM_SID *alias_sid,
2073 POLICY_HND connect_pol, domain_pol;
2076 POLICY_HND alias_pol;
2079 enum lsa_SidType member_type;
2083 sid_copy(&sid, alias_sid);
2085 if (!sid_split_rid(&sid, &alias_rid)) {
2086 return NT_STATUS_UNSUCCESSFUL;
2089 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2090 member, &member_sid, &member_type);
2092 if (!NT_STATUS_IS_OK(result)) {
2093 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2097 /* Get sam policy handle */
2098 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2100 MAXIMUM_ALLOWED_ACCESS,
2102 if (!NT_STATUS_IS_OK(result)) {
2106 /* Get domain policy handle */
2107 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2109 MAXIMUM_ALLOWED_ACCESS,
2112 if (!NT_STATUS_IS_OK(result)) {
2116 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2118 MAXIMUM_ALLOWED_ACCESS,
2122 if (!NT_STATUS_IS_OK(result)) {
2126 result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
2130 if (!NT_STATUS_IS_OK(result)) {
2135 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2139 static NTSTATUS rpc_group_addmem_internals(const DOM_SID *domain_sid,
2140 const char *domain_name,
2141 struct cli_state *cli,
2142 struct rpc_pipe_client *pipe_hnd,
2143 TALLOC_CTX *mem_ctx,
2148 enum lsa_SidType group_type;
2151 d_printf("Usage: 'net rpc group addmem <group> <member>\n");
2152 return NT_STATUS_UNSUCCESSFUL;
2155 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2156 &group_sid, &group_type))) {
2157 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2158 return NT_STATUS_UNSUCCESSFUL;
2161 if (group_type == SID_NAME_DOM_GRP) {
2162 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2163 &group_sid, argv[1]);
2165 if (!NT_STATUS_IS_OK(result)) {
2166 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2167 argv[1], argv[0], nt_errstr(result));
2172 if (group_type == SID_NAME_ALIAS) {
2173 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2174 &group_sid, argv[1]);
2176 if (!NT_STATUS_IS_OK(result)) {
2177 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2178 argv[1], argv[0], nt_errstr(result));
2183 d_fprintf(stderr, "Can only add members to global or local groups "
2184 "which %s is not\n", argv[0]);
2186 return NT_STATUS_UNSUCCESSFUL;
2189 static int rpc_group_addmem(int argc, const char **argv)
2191 return run_rpc_command(NULL, PI_SAMR, 0,
2192 rpc_group_addmem_internals,
2196 static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
2197 TALLOC_CTX *mem_ctx,
2198 const DOM_SID *group_sid,
2201 POLICY_HND connect_pol, domain_pol;
2204 POLICY_HND group_pol;
2206 struct samr_Ids rids, rid_types;
2207 struct lsa_String lsa_acct_name;
2211 sid_copy(&sid, group_sid);
2213 if (!sid_split_rid(&sid, &group_rid))
2214 return NT_STATUS_UNSUCCESSFUL;
2216 /* Get sam policy handle */
2217 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2219 MAXIMUM_ALLOWED_ACCESS,
2221 if (!NT_STATUS_IS_OK(result))
2224 /* Get domain policy handle */
2225 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2227 MAXIMUM_ALLOWED_ACCESS,
2230 if (!NT_STATUS_IS_OK(result))
2233 init_lsa_String(&lsa_acct_name, member);
2235 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2241 if (!NT_STATUS_IS_OK(result)) {
2242 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2246 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2248 MAXIMUM_ALLOWED_ACCESS,
2252 if (!NT_STATUS_IS_OK(result))
2255 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
2260 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2264 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2265 TALLOC_CTX *mem_ctx,
2266 const DOM_SID *alias_sid,
2269 POLICY_HND connect_pol, domain_pol;
2272 POLICY_HND alias_pol;
2275 enum lsa_SidType member_type;
2279 sid_copy(&sid, alias_sid);
2281 if (!sid_split_rid(&sid, &alias_rid))
2282 return NT_STATUS_UNSUCCESSFUL;
2284 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2285 member, &member_sid, &member_type);
2287 if (!NT_STATUS_IS_OK(result)) {
2288 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2292 /* Get sam policy handle */
2293 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2295 MAXIMUM_ALLOWED_ACCESS,
2297 if (!NT_STATUS_IS_OK(result)) {
2301 /* Get domain policy handle */
2302 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2304 MAXIMUM_ALLOWED_ACCESS,
2307 if (!NT_STATUS_IS_OK(result)) {
2311 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2313 MAXIMUM_ALLOWED_ACCESS,
2317 if (!NT_STATUS_IS_OK(result))
2320 result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2324 if (!NT_STATUS_IS_OK(result))
2328 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2332 static NTSTATUS rpc_group_delmem_internals(const DOM_SID *domain_sid,
2333 const char *domain_name,
2334 struct cli_state *cli,
2335 struct rpc_pipe_client *pipe_hnd,
2336 TALLOC_CTX *mem_ctx,
2341 enum lsa_SidType group_type;
2344 d_printf("Usage: 'net rpc group delmem <group> <member>\n");
2345 return NT_STATUS_UNSUCCESSFUL;
2348 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2349 &group_sid, &group_type))) {
2350 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2351 return NT_STATUS_UNSUCCESSFUL;
2354 if (group_type == SID_NAME_DOM_GRP) {
2355 NTSTATUS result = rpc_del_groupmem(pipe_hnd, mem_ctx,
2356 &group_sid, argv[1]);
2358 if (!NT_STATUS_IS_OK(result)) {
2359 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2360 argv[1], argv[0], nt_errstr(result));
2365 if (group_type == SID_NAME_ALIAS) {
2366 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2367 &group_sid, argv[1]);
2369 if (!NT_STATUS_IS_OK(result)) {
2370 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2371 argv[1], argv[0], nt_errstr(result));
2376 d_fprintf(stderr, "Can only delete members from global or local groups "
2377 "which %s is not\n", argv[0]);
2379 return NT_STATUS_UNSUCCESSFUL;
2382 static int rpc_group_delmem(int argc, const char **argv)
2384 return run_rpc_command(NULL, PI_SAMR, 0,
2385 rpc_group_delmem_internals,
2390 * List groups on a remote RPC server
2392 * All parameters are provided by the run_rpc_command function, except for
2393 * argc, argv which are passes through.
2395 * @param domain_sid The domain sid acquired from the remote server
2396 * @param cli A cli_state connected to the server.
2397 * @param mem_ctx Talloc context, destoyed on completion of the function.
2398 * @param argc Standard main() style argc
2399 * @param argv Standard main() style argv. Initial components are already
2402 * @return Normal NTSTATUS return.
2405 static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
2406 const char *domain_name,
2407 struct cli_state *cli,
2408 struct rpc_pipe_client *pipe_hnd,
2409 TALLOC_CTX *mem_ctx,
2413 POLICY_HND connect_pol, domain_pol;
2414 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2415 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2416 struct samr_SamArray *groups = NULL;
2417 bool global = False;
2419 bool builtin = False;
2427 for (i=0; i<argc; i++) {
2428 if (strequal(argv[i], "global"))
2431 if (strequal(argv[i], "local"))
2434 if (strequal(argv[i], "builtin"))
2438 /* Get sam policy handle */
2440 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2442 MAXIMUM_ALLOWED_ACCESS,
2444 if (!NT_STATUS_IS_OK(result)) {
2448 /* Get domain policy handle */
2450 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2452 MAXIMUM_ALLOWED_ACCESS,
2453 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2455 if (!NT_STATUS_IS_OK(result)) {
2459 /* Query domain groups */
2460 if (opt_long_list_entries)
2461 d_printf("\nGroup name Comment"\
2462 "\n-----------------------------\n");
2464 uint32_t max_size, total_size, returned_size;
2465 union samr_DispInfo info;
2469 get_query_dispinfo_params(
2470 loop_count, &max_entries, &max_size);
2472 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2481 num_entries = info.info3.count;
2482 start_idx += info.info3.count;
2484 if (!NT_STATUS_IS_OK(result) &&
2485 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2488 for (i = 0; i < num_entries; i++) {
2490 const char *group = NULL;
2491 const char *desc = NULL;
2493 group = info.info3.entries[i].account_name.string;
2494 desc = info.info3.entries[i].description.string;
2496 if (opt_long_list_entries)
2497 printf("%-21.21s %-50.50s\n",
2500 printf("%s\n", group);
2502 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2503 /* query domain aliases */
2508 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2514 if (!NT_STATUS_IS_OK(result) &&
2515 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2518 for (i = 0; i < num_entries; i++) {
2520 const char *description = NULL;
2522 if (opt_long_list_entries) {
2524 POLICY_HND alias_pol;
2525 union samr_AliasInfo *info = NULL;
2527 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2530 groups->entries[i].idx,
2532 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2536 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2538 description = info->description.string;
2542 if (description != NULL) {
2543 printf("%-21.21s %-50.50s\n",
2544 groups->entries[i].name.string,
2547 printf("%s\n", groups->entries[i].name.string);
2550 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2551 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2552 /* Get builtin policy handle */
2554 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2556 MAXIMUM_ALLOWED_ACCESS,
2557 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2559 if (!NT_STATUS_IS_OK(result)) {
2562 /* query builtin aliases */
2565 if (!builtin) break;
2567 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2573 if (!NT_STATUS_IS_OK(result) &&
2574 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2577 for (i = 0; i < num_entries; i++) {
2579 const char *description = NULL;
2581 if (opt_long_list_entries) {
2583 POLICY_HND alias_pol;
2584 union samr_AliasInfo *info = NULL;
2586 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2589 groups->entries[i].idx,
2591 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2595 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2597 description = info->description.string;
2601 if (description != NULL) {
2602 printf("%-21.21s %-50.50s\n",
2603 groups->entries[i].name.string,
2606 printf("%s\n", groups->entries[i].name.string);
2609 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2615 static int rpc_group_list(int argc, const char **argv)
2617 return run_rpc_command(NULL, PI_SAMR, 0,
2618 rpc_group_list_internals,
2622 static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
2623 TALLOC_CTX *mem_ctx,
2624 const char *domain_name,
2625 const DOM_SID *domain_sid,
2626 POLICY_HND *domain_pol,
2630 POLICY_HND group_pol;
2631 uint32 num_members, *group_rids;
2633 struct samr_RidTypeArray *rids = NULL;
2634 struct lsa_Strings names;
2635 struct samr_Ids types;
2638 sid_to_fstring(sid_str, domain_sid);
2640 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2642 MAXIMUM_ALLOWED_ACCESS,
2646 if (!NT_STATUS_IS_OK(result))
2649 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2653 if (!NT_STATUS_IS_OK(result))
2656 num_members = rids->count;
2657 group_rids = rids->rids;
2659 while (num_members > 0) {
2660 int this_time = 512;
2662 if (num_members < this_time)
2663 this_time = num_members;
2665 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2672 if (!NT_STATUS_IS_OK(result))
2675 /* We only have users as members, but make the output
2676 the same as the output of alias members */
2678 for (i = 0; i < this_time; i++) {
2680 if (opt_long_list_entries) {
2681 printf("%s-%d %s\\%s %d\n", sid_str,
2682 group_rids[i], domain_name,
2683 names.names[i].string,
2686 printf("%s\\%s\n", domain_name,
2687 names.names[i].string);
2691 num_members -= this_time;
2695 return NT_STATUS_OK;
2698 static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
2699 TALLOC_CTX *mem_ctx,
2700 POLICY_HND *domain_pol,
2704 struct rpc_pipe_client *lsa_pipe;
2705 POLICY_HND alias_pol, lsa_pol;
2707 DOM_SID *alias_sids;
2710 enum lsa_SidType *types;
2712 struct lsa_SidArray sid_array;
2714 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2716 MAXIMUM_ALLOWED_ACCESS,
2720 if (!NT_STATUS_IS_OK(result))
2723 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2727 if (!NT_STATUS_IS_OK(result)) {
2728 d_fprintf(stderr, "Couldn't list alias members\n");
2732 num_members = sid_array.num_sids;
2734 if (num_members == 0) {
2735 return NT_STATUS_OK;
2738 lsa_pipe = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2739 PI_LSARPC, &result);
2741 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2742 nt_errstr(result) );
2746 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
2747 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2749 if (!NT_STATUS_IS_OK(result)) {
2750 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2751 TALLOC_FREE(lsa_pipe);
2755 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2757 d_fprintf(stderr, "Out of memory\n");
2758 TALLOC_FREE(lsa_pipe);
2759 return NT_STATUS_NO_MEMORY;
2762 for (i=0; i<num_members; i++) {
2763 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2766 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
2768 &domains, &names, &types);
2770 if (!NT_STATUS_IS_OK(result) &&
2771 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2772 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2773 TALLOC_FREE(lsa_pipe);
2777 for (i = 0; i < num_members; i++) {
2779 sid_to_fstring(sid_str, &alias_sids[i]);
2781 if (opt_long_list_entries) {
2782 printf("%s %s\\%s %d\n", sid_str,
2783 domains[i] ? domains[i] : "*unknown*",
2784 names[i] ? names[i] : "*unknown*", types[i]);
2787 printf("%s\\%s\n", domains[i], names[i]);
2789 printf("%s\n", sid_str);
2793 TALLOC_FREE(lsa_pipe);
2794 return NT_STATUS_OK;
2797 static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
2798 const char *domain_name,
2799 struct cli_state *cli,
2800 struct rpc_pipe_client *pipe_hnd,
2801 TALLOC_CTX *mem_ctx,
2806 POLICY_HND connect_pol, domain_pol;
2807 struct samr_Ids rids, rid_types;
2808 struct lsa_String lsa_acct_name;
2810 /* Get sam policy handle */
2812 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2814 MAXIMUM_ALLOWED_ACCESS,
2817 if (!NT_STATUS_IS_OK(result))
2820 /* Get domain policy handle */
2822 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2824 MAXIMUM_ALLOWED_ACCESS,
2825 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2828 if (!NT_STATUS_IS_OK(result))
2831 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2833 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2840 if (!NT_STATUS_IS_OK(result)) {
2842 /* Ok, did not find it in the global sam, try with builtin */
2844 DOM_SID sid_Builtin;
2846 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2848 sid_copy(&sid_Builtin, &global_sid_Builtin);
2850 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2852 MAXIMUM_ALLOWED_ACCESS,
2856 if (!NT_STATUS_IS_OK(result)) {
2857 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2861 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2868 if (!NT_STATUS_IS_OK(result)) {
2869 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2874 if (rids.count != 1) {
2875 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2879 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2880 return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
2881 domain_sid, &domain_pol,
2885 if (rid_types.ids[0] == SID_NAME_ALIAS) {
2886 return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
2890 return NT_STATUS_NO_SUCH_GROUP;
2893 static int rpc_group_members(int argc, const char **argv)
2896 return rpc_group_usage(argc, argv);
2899 return run_rpc_command(NULL, PI_SAMR, 0,
2900 rpc_group_members_internals,
2904 static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
2905 const char *domain_name,
2906 struct cli_state *cli,
2907 struct rpc_pipe_client *pipe_hnd,
2908 TALLOC_CTX *mem_ctx,
2913 POLICY_HND connect_pol, domain_pol, group_pol;
2914 union samr_GroupInfo group_info;
2915 struct samr_Ids rids, rid_types;
2916 struct lsa_String lsa_acct_name;
2919 d_printf("Usage: 'net rpc group rename group newname'\n");
2920 return NT_STATUS_UNSUCCESSFUL;
2923 /* Get sam policy handle */
2925 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2927 MAXIMUM_ALLOWED_ACCESS,
2930 if (!NT_STATUS_IS_OK(result))
2933 /* Get domain policy handle */
2935 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2937 MAXIMUM_ALLOWED_ACCESS,
2938 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2941 if (!NT_STATUS_IS_OK(result))
2944 init_lsa_String(&lsa_acct_name, argv[0]);
2946 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2953 if (rids.count != 1) {
2954 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2958 if (rid_types.ids[0] != SID_NAME_DOM_GRP) {
2959 d_fprintf(stderr, "Can only rename domain groups\n");
2960 return NT_STATUS_UNSUCCESSFUL;
2963 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2965 MAXIMUM_ALLOWED_ACCESS,
2969 if (!NT_STATUS_IS_OK(result))
2972 init_lsa_String(&group_info.name, argv[1]);
2974 result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
2979 if (!NT_STATUS_IS_OK(result))
2982 return NT_STATUS_NO_SUCH_GROUP;
2985 static int rpc_group_rename(int argc, const char **argv)
2988 return rpc_group_usage(argc, argv);
2991 return run_rpc_command(NULL, PI_SAMR, 0,
2992 rpc_group_rename_internals,
2997 * 'net rpc group' entrypoint.
2998 * @param argc Standard main() style argc
2999 * @param argc Standard main() style argv. Initial components are already
3003 int net_rpc_group(int argc, const char **argv)
3005 struct functable func[] = {
3006 {"add", rpc_group_add},
3007 {"delete", rpc_group_delete},
3008 {"addmem", rpc_group_addmem},
3009 {"delmem", rpc_group_delmem},
3010 {"list", rpc_group_list},
3011 {"members", rpc_group_members},
3012 {"rename", rpc_group_rename},
3017 return run_rpc_command(NULL, PI_SAMR, 0,
3018 rpc_group_list_internals,
3022 return net_run_function(argc, argv, func, rpc_group_usage);
3025 /****************************************************************************/
3027 static int rpc_share_usage(int argc, const char **argv)
3029 return net_help_share(argc, argv);
3033 * Add a share on a remote RPC server
3035 * All parameters are provided by the run_rpc_command function, except for
3036 * argc, argv which are passes through.
3038 * @param domain_sid The domain sid acquired from the remote server
3039 * @param cli A cli_state connected to the server.
3040 * @param mem_ctx Talloc context, destoyed on completion of the function.
3041 * @param argc Standard main() style argc
3042 * @param argv Standard main() style argv. Initial components are already
3045 * @return Normal NTSTATUS return.
3047 static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid,
3048 const char *domain_name,
3049 struct cli_state *cli,
3050 struct rpc_pipe_client *pipe_hnd,
3051 TALLOC_CTX *mem_ctx,int argc,
3058 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3059 uint32 num_users=0, perms=0;
3060 char *password=NULL; /* don't allow a share password */
3062 union srvsvc_NetShareInfo info;
3063 struct srvsvc_NetShareInfo2 info2;
3064 uint32_t parm_error = 0;
3066 if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
3067 return NT_STATUS_NO_MEMORY;
3070 path = strchr(sharename, '=');
3072 return NT_STATUS_UNSUCCESSFUL;
3075 info2.name = sharename;
3077 info2.comment = opt_comment;
3078 info2.permissions = perms;
3079 info2.max_users = opt_maxusers;
3080 info2.current_users = num_users;
3082 info2.password = password;
3084 info.info2 = &info2;
3086 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
3095 static int rpc_share_add(int argc, const char **argv)
3097 if ((argc < 1) || !strchr(argv[0], '=')) {
3098 DEBUG(1,("Sharename or path not specified on add\n"));
3099 return rpc_share_usage(argc, argv);
3101 return run_rpc_command(NULL, PI_SRVSVC, 0,
3102 rpc_share_add_internals,
3107 * Delete a share on a remote RPC server
3109 * All parameters are provided by the run_rpc_command function, except for
3110 * argc, argv which are passes through.
3112 * @param domain_sid The domain sid acquired from the remote server
3113 * @param cli A cli_state connected to the server.
3114 * @param mem_ctx Talloc context, destoyed on completion of the function.
3115 * @param argc Standard main() style argc
3116 * @param argv Standard main() style argv. Initial components are already
3119 * @return Normal NTSTATUS return.
3121 static NTSTATUS rpc_share_del_internals(const DOM_SID *domain_sid,
3122 const char *domain_name,
3123 struct cli_state *cli,
3124 struct rpc_pipe_client *pipe_hnd,
3125 TALLOC_CTX *mem_ctx,
3131 return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
3139 * Delete a share on a remote RPC server
3141 * @param domain_sid The domain sid acquired from the remote server
3142 * @param argc Standard main() style argc
3143 * @param argv Standard main() style argv. Initial components are already
3146 * @return A shell status integer (0 for success)
3148 static int rpc_share_delete(int argc, const char **argv)
3151 DEBUG(1,("Sharename not specified on delete\n"));
3152 return rpc_share_usage(argc, argv);
3154 return run_rpc_command(NULL, PI_SRVSVC, 0,
3155 rpc_share_del_internals,
3160 * Formatted print of share info
3162 * @param info1 pointer to SRV_SHARE_INFO_1 to format
3165 static void display_share_info_1(struct srvsvc_NetShareInfo1 *r)
3167 if (opt_long_list_entries) {
3168 d_printf("%-12s %-8.8s %-50s\n",
3170 share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
3173 d_printf("%s\n", r->name);
3177 static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
3178 TALLOC_CTX *mem_ctx,
3182 struct srvsvc_NetShareInfoCtr *info_ctr)
3186 union srvsvc_NetShareInfo info;
3188 /* no specific share requested, enumerate all */
3191 uint32_t preferred_len = 0xffffffff;
3192 uint32_t total_entries = 0;
3193 uint32_t resume_handle = 0;
3195 info_ctr->level = level;
3197 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
3207 /* request just one share */
3208 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
3215 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
3220 ZERO_STRUCTP(info_ctr);
3222 info_ctr->level = level;
3227 struct srvsvc_NetShareCtr1 *ctr1;
3229 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3230 W_ERROR_HAVE_NO_MEMORY(ctr1);
3233 ctr1->array = info.info1;
3235 info_ctr->ctr.ctr1 = ctr1;
3239 struct srvsvc_NetShareCtr2 *ctr2;
3241 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3242 W_ERROR_HAVE_NO_MEMORY(ctr2);
3245 ctr2->array = info.info2;
3247 info_ctr->ctr.ctr2 = ctr2;
3251 struct srvsvc_NetShareCtr502 *ctr502;
3253 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3254 W_ERROR_HAVE_NO_MEMORY(ctr502);
3257 ctr502->array = info.info502;
3259 info_ctr->ctr.ctr502 = ctr502;
3267 * List shares on a remote RPC server
3269 * All parameters are provided by the run_rpc_command function, except for
3270 * argc, argv which are passes through.
3272 * @param domain_sid The domain sid acquired from the remote server
3273 * @param cli A cli_state connected to the server.
3274 * @param mem_ctx Talloc context, destoyed on completion of the function.
3275 * @param argc Standard main() style argc
3276 * @param argv Standard main() style argv. Initial components are already
3279 * @return Normal NTSTATUS return.
3282 static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid,
3283 const char *domain_name,
3284 struct cli_state *cli,
3285 struct rpc_pipe_client *pipe_hnd,
3286 TALLOC_CTX *mem_ctx,
3290 struct srvsvc_NetShareInfoCtr info_ctr;
3291 struct srvsvc_NetShareCtr1 ctr1;
3293 uint32 i, level = 1;
3295 ZERO_STRUCT(info_ctr);
3299 info_ctr.ctr.ctr1 = &ctr1;
3301 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr);
3302 if (!W_ERROR_IS_OK(result))
3305 /* Display results */
3307 if (opt_long_list_entries) {
3309 "\nEnumerating shared resources (exports) on remote server:\n\n"\
3310 "\nShare name Type Description\n"\
3311 "---------- ---- -----------\n");
3313 for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
3314 display_share_info_1(&info_ctr.ctr.ctr1->array[i]);
3316 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
3320 * 'net rpc share list' entrypoint.
3321 * @param argc Standard main() style argc
3322 * @param argv Standard main() style argv. Initial components are already
3325 static int rpc_share_list(int argc, const char **argv)
3327 return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_list_internals, argc, argv);
3330 static bool check_share_availability(struct cli_state *cli, const char *netname)
3332 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3333 d_printf("skipping [%s]: not a file share.\n", netname);
3343 static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type)
3345 /* only support disk shares */
3346 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3347 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3351 /* skip builtin shares */
3352 /* FIXME: should print$ be added too ? */
3353 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3354 strequal(netname,"global"))
3357 if (opt_exclude && in_list(netname, opt_exclude, False)) {
3358 printf("excluding [%s]\n", netname);
3362 return check_share_availability(cli, netname);
3366 * Migrate shares from a remote RPC server to the local RPC server
3368 * All parameters are provided by the run_rpc_command function, except for
3369 * argc, argv which are passed through.
3371 * @param domain_sid The domain sid acquired from the remote server
3372 * @param cli A cli_state connected to the server.
3373 * @param mem_ctx Talloc context, destroyed on completion of the function.
3374 * @param argc Standard main() style argc
3375 * @param argv Standard main() style argv. Initial components are already
3378 * @return Normal NTSTATUS return.
3381 static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid,
3382 const char *domain_name,
3383 struct cli_state *cli,
3384 struct rpc_pipe_client *pipe_hnd,
3385 TALLOC_CTX *mem_ctx,
3390 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3391 struct srvsvc_NetShareInfoCtr ctr_src;
3393 struct rpc_pipe_client *srvsvc_pipe = NULL;
3394 struct cli_state *cli_dst = NULL;
3395 uint32 level = 502; /* includes secdesc */
3396 uint32_t parm_error = 0;
3398 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3399 if (!W_ERROR_IS_OK(result))
3402 /* connect destination PI_SRVSVC */
3403 nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
3404 if (!NT_STATUS_IS_OK(nt_status))
3408 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3410 union srvsvc_NetShareInfo info;
3411 struct srvsvc_NetShareInfo502 info502 =
3412 ctr_src.ctr.ctr502->array[i];
3414 /* reset error-code */
3415 nt_status = NT_STATUS_UNSUCCESSFUL;
3417 if (!check_share_sanity(cli, info502.name, info502.type))
3420 /* finally add the share on the dst server */
3422 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
3423 info502.name, info502.path, info502.comment);
3425 info.info502 = &info502;
3427 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3428 srvsvc_pipe->desthost,
3434 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3435 printf(" [%s] does already exist\n",
3440 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3441 printf("cannot add share: %s\n", dos_errstr(result));
3447 nt_status = NT_STATUS_OK;
3451 cli_shutdown(cli_dst);
3459 * Migrate shares from a rpc-server to another
3461 * @param argc Standard main() style argc
3462 * @param argv Standard main() style argv. Initial components are already
3465 * @return A shell status integer (0 for success)
3467 static int rpc_share_migrate_shares(int argc, const char **argv)
3471 printf("no server to migrate\n");
3475 return run_rpc_command(NULL, PI_SRVSVC, 0,
3476 rpc_share_migrate_shares_internals,
3483 * @param f file_info
3484 * @param mask current search mask
3485 * @param state arg-pointer
3488 static void copy_fn(const char *mnt, file_info *f, const char *mask, void *state)
3490 static NTSTATUS nt_status;
3491 static struct copy_clistate *local_state;
3492 static fstring filename, new_mask;
3496 local_state = (struct copy_clistate *)state;
3497 nt_status = NT_STATUS_UNSUCCESSFUL;
3499 if (strequal(f->name, ".") || strequal(f->name, ".."))
3502 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3505 if (f->mode & aDIR) {
3507 DEBUG(3,("got dir: %s\n", f->name));
3509 fstrcpy(dir, local_state->cwd);
3511 fstrcat(dir, f->name);
3513 switch (net_mode_share)
3515 case NET_MODE_SHARE_MIGRATE:
3516 /* create that directory */
3517 nt_status = net_copy_file(local_state->mem_ctx,
3518 local_state->cli_share_src,
3519 local_state->cli_share_dst,
3521 opt_acls? True : False,
3522 opt_attrs? True : False,
3523 opt_timestamps? True : False,
3527 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3531 if (!NT_STATUS_IS_OK(nt_status))
3532 printf("could not handle dir %s: %s\n",
3533 dir, nt_errstr(nt_status));
3535 /* search below that directory */
3536 fstrcpy(new_mask, dir);
3537 fstrcat(new_mask, "\\*");
3539 old_dir = local_state->cwd;
3540 local_state->cwd = dir;
3541 if (!sync_files(local_state, new_mask))
3542 printf("could not handle files\n");
3543 local_state->cwd = old_dir;
3550 fstrcpy(filename, local_state->cwd);
3551 fstrcat(filename, "\\");
3552 fstrcat(filename, f->name);
3554 DEBUG(3,("got file: %s\n", filename));
3556 switch (net_mode_share)
3558 case NET_MODE_SHARE_MIGRATE:
3559 nt_status = net_copy_file(local_state->mem_ctx,
3560 local_state->cli_share_src,
3561 local_state->cli_share_dst,
3563 opt_acls? True : False,
3564 opt_attrs? True : False,
3565 opt_timestamps? True: False,
3569 d_fprintf(stderr, "Unsupported file mode %d\n", net_mode_share);
3573 if (!NT_STATUS_IS_OK(nt_status))
3574 printf("could not handle file %s: %s\n",
3575 filename, nt_errstr(nt_status));
3580 * sync files, can be called recursivly to list files
3581 * and then call copy_fn for each file
3583 * @param cp_clistate pointer to the copy_clistate we work with
3584 * @param mask the current search mask
3586 * @return Boolean result
3588 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
3590 struct cli_state *targetcli;
3591 char *targetpath = NULL;
3593 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3595 if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
3596 mask, &targetcli, &targetpath ) ) {
3597 d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
3598 mask, cli_errstr(cp_clistate->cli_share_src));
3602 if (cli_list(targetcli, targetpath, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3603 d_fprintf(stderr, "listing %s failed with error: %s\n",
3604 mask, cli_errstr(targetcli));
3613 * Set the top level directory permissions before we do any further copies.
3614 * Should set up ACL inheritance.
3617 bool copy_top_level_perms(struct copy_clistate *cp_clistate,
3618 const char *sharename)
3620 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3622 switch (net_mode_share) {
3623 case NET_MODE_SHARE_MIGRATE:
3624 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3625 nt_status = net_copy_fileattr(cp_clistate->mem_ctx,
3626 cp_clistate->cli_share_src,
3627 cp_clistate->cli_share_dst,
3629 opt_acls? True : False,
3630 opt_attrs? True : False,
3631 opt_timestamps? True: False,
3635 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3639 if (!NT_STATUS_IS_OK(nt_status)) {
3640 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3641 sharename, nt_errstr(nt_status));
3649 * Sync all files inside a remote share to another share (over smb)
3651 * All parameters are provided by the run_rpc_command function, except for
3652 * argc, argv which are passes through.
3654 * @param domain_sid The domain sid acquired from the remote server
3655 * @param cli A cli_state connected to the server.
3656 * @param mem_ctx Talloc context, destoyed on completion of the function.
3657 * @param argc Standard main() style argc
3658 * @param argv Standard main() style argv. Initial components are already
3661 * @return Normal NTSTATUS return.
3664 static NTSTATUS rpc_share_migrate_files_internals(const DOM_SID *domain_sid,
3665 const char *domain_name,
3666 struct cli_state *cli,
3667 struct rpc_pipe_client *pipe_hnd,
3668 TALLOC_CTX *mem_ctx,
3673 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3674 struct srvsvc_NetShareInfoCtr ctr_src;
3677 struct copy_clistate cp_clistate;
3678 bool got_src_share = False;
3679 bool got_dst_share = False;
3680 const char *mask = "\\*";
3683 dst = SMB_STRDUP(opt_destination?opt_destination:"127.0.0.1");
3685 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3687 if (!W_ERROR_IS_OK(result))
3690 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3692 struct srvsvc_NetShareInfo502 info502 =
3693 ctr_src.ctr.ctr502->array[i];
3695 if (!check_share_sanity(cli, info502.name, info502.type))
3698 /* one might not want to mirror whole discs :) */
3699 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3700 d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
3704 switch (net_mode_share)
3706 case NET_MODE_SHARE_MIGRATE:
3710 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3713 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3715 opt_acls ? "including" : "without",
3716 opt_attrs ? "including" : "without",
3717 opt_timestamps ? "(preserving timestamps)" : "");
3719 cp_clistate.mem_ctx = mem_ctx;
3720 cp_clistate.cli_share_src = NULL;
3721 cp_clistate.cli_share_dst = NULL;
3722 cp_clistate.cwd = NULL;
3723 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3725 /* open share source */
3726 nt_status = connect_to_service(&cp_clistate.cli_share_src,
3727 &cli->dest_ss, cli->desthost,
3728 info502.name, "A:");
3729 if (!NT_STATUS_IS_OK(nt_status))
3732 got_src_share = True;
3734 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3735 /* open share destination */
3736 nt_status = connect_to_service(&cp_clistate.cli_share_dst,
3737 NULL, dst, info502.name, "A:");
3738 if (!NT_STATUS_IS_OK(nt_status))
3741 got_dst_share = True;
3744 if (!copy_top_level_perms(&cp_clistate, info502.name)) {
3745 d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
3746 nt_status = NT_STATUS_UNSUCCESSFUL;
3750 if (!sync_files(&cp_clistate, mask)) {
3751 d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
3752 nt_status = NT_STATUS_UNSUCCESSFUL;
3757 nt_status = NT_STATUS_OK;
3762 cli_shutdown(cp_clistate.cli_share_src);
3765 cli_shutdown(cp_clistate.cli_share_dst);
3771 static int rpc_share_migrate_files(int argc, const char **argv)
3775 printf("no server to migrate\n");
3779 return run_rpc_command(NULL, PI_SRVSVC, 0,
3780 rpc_share_migrate_files_internals,
3785 * Migrate share-ACLs from a remote RPC server to the local RPC srever
3787 * All parameters are provided by the run_rpc_command function, except for
3788 * argc, argv which are passes through.
3790 * @param domain_sid The domain sid acquired from the remote server
3791 * @param cli A cli_state connected to the server.
3792 * @param mem_ctx Talloc context, destoyed on completion of the function.
3793 * @param argc Standard main() style argc
3794 * @param argv Standard main() style argv. Initial components are already
3797 * @return Normal NTSTATUS return.
3800 static NTSTATUS rpc_share_migrate_security_internals(const DOM_SID *domain_sid,
3801 const char *domain_name,
3802 struct cli_state *cli,
3803 struct rpc_pipe_client *pipe_hnd,
3804 TALLOC_CTX *mem_ctx,
3809 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3810 struct srvsvc_NetShareInfoCtr ctr_src;
3811 union srvsvc_NetShareInfo info;
3813 struct rpc_pipe_client *srvsvc_pipe = NULL;
3814 struct cli_state *cli_dst = NULL;
3815 uint32 level = 502; /* includes secdesc */
3816 uint32_t parm_error = 0;
3818 result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3820 if (!W_ERROR_IS_OK(result))
3823 /* connect destination PI_SRVSVC */
3824 nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
3825 if (!NT_STATUS_IS_OK(nt_status))
3829 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3831 struct srvsvc_NetShareInfo502 info502 =
3832 ctr_src.ctr.ctr502->array[i];
3834 /* reset error-code */
3835 nt_status = NT_STATUS_UNSUCCESSFUL;
3837 if (!check_share_sanity(cli, info502.name, info502.type))
3840 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3841 info502.name, info502.path, info502.comment);
3844 display_sec_desc(info502.sd_buf.sd);
3846 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3847 info.info502 = &info502;
3849 /* finally modify the share on the dst server */
3850 nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
3851 srvsvc_pipe->desthost,
3857 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3858 printf("cannot set share-acl: %s\n", dos_errstr(result));
3864 nt_status = NT_STATUS_OK;
3868 cli_shutdown(cli_dst);
3876 * Migrate share-acls from a rpc-server to another
3878 * @param argc Standard main() style argc
3879 * @param argv Standard main() style argv. Initial components are already
3882 * @return A shell status integer (0 for success)
3884 static int rpc_share_migrate_security(int argc, const char **argv)
3888 printf("no server to migrate\n");
3892 return run_rpc_command(NULL, PI_SRVSVC, 0,
3893 rpc_share_migrate_security_internals,
3898 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
3899 * from one server to another
3901 * @param argc Standard main() style argc
3902 * @param argv Standard main() style argv. Initial components are already
3905 * @return A shell status integer (0 for success)
3908 static int rpc_share_migrate_all(int argc, const char **argv)
3913 printf("no server to migrate\n");
3917 /* order is important. we don't want to be locked out by the share-acl
3918 * before copying files - gd */
3920 ret = run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_shares_internals, argc, argv);
3924 ret = run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_files_internals, argc, argv);
3928 return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_migrate_security_internals, argc, argv);
3933 * 'net rpc share migrate' entrypoint.
3934 * @param argc Standard main() style argc
3935 * @param argv Standard main() style argv. Initial components are already
3938 static int rpc_share_migrate(int argc, const char **argv)
3941 struct functable func[] = {
3942 {"all", rpc_share_migrate_all},
3943 {"files", rpc_share_migrate_files},
3944 {"help", rpc_share_usage},
3945 {"security", rpc_share_migrate_security},
3946 {"shares", rpc_share_migrate_shares},
3950 net_mode_share = NET_MODE_SHARE_MIGRATE;
3952 return net_run_function(argc, argv, func, rpc_share_usage);
3961 static int num_server_aliases;
3962 static struct full_alias *server_aliases;
3965 * Add an alias to the static list.
3967 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
3969 if (server_aliases == NULL)
3970 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
3972 server_aliases[num_server_aliases] = *alias;
3973 num_server_aliases += 1;
3977 * For a specific domain on the server, fetch all the aliases
3978 * and their members. Add all of them to the server_aliases.
3981 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
3982 TALLOC_CTX *mem_ctx,
3983 POLICY_HND *connect_pol,
3984 const DOM_SID *domain_sid)
3986 uint32 start_idx, max_entries, num_entries, i;
3987 struct samr_SamArray *groups = NULL;
3989 POLICY_HND domain_pol;
3991 /* Get domain policy handle */
3993 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
3995 MAXIMUM_ALLOWED_ACCESS,
3996 CONST_DISCARD(struct dom_sid2 *, domain_sid),
3998 if (!NT_STATUS_IS_OK(result))
4005 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
4011 for (i = 0; i < num_entries; i++) {
4013 POLICY_HND alias_pol;
4014 struct full_alias alias;
4015 struct lsa_SidArray sid_array;
4018 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
4020 MAXIMUM_ALLOWED_ACCESS,
4021 groups->entries[i].idx,
4023 if (!NT_STATUS_IS_OK(result))
4026 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
4029 if (!NT_STATUS_IS_OK(result))
4032 alias.num_members = sid_array.num_sids;
4034 result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
4035 if (!NT_STATUS_IS_OK(result))
4038 alias.members = NULL;
4040 if (alias.num_members > 0) {
4041 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
4043 for (j = 0; j < alias.num_members; j++)
4044 sid_copy(&alias.members[j],
4045 sid_array.sids[j].sid);
4048 sid_copy(&alias.sid, domain_sid);
4049 sid_append_rid(&alias.sid, groups->entries[i].idx);
4051 push_alias(mem_ctx, &alias);
4053 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4055 result = NT_STATUS_OK;
4058 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
4064 * Dump server_aliases as names for debugging purposes.
4067 static NTSTATUS rpc_aliaslist_dump(const DOM_SID *domain_sid,
4068 const char *domain_name,
4069 struct cli_state *cli,
4070 struct rpc_pipe_client *pipe_hnd,
4071 TALLOC_CTX *mem_ctx,
4079 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
4080 SEC_RIGHTS_MAXIMUM_ALLOWED,
4082 if (!NT_STATUS_IS_OK(result))
4085 for (i=0; i<num_server_aliases; i++) {
4088 enum lsa_SidType *types;
4091 struct full_alias *alias = &server_aliases[i];
4093 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4095 &domains, &names, &types);
4096 if (!NT_STATUS_IS_OK(result))
4099 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4101 if (alias->num_members == 0) {
4106 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4109 &domains, &names, &types);
4111 if (!NT_STATUS_IS_OK(result) &&
4112 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4115 for (j=0; j<alias->num_members; j++)
4116 DEBUG(1, ("%s\\%s (%d); ",
4117 domains[j] ? domains[j] : "*unknown*",
4118 names[j] ? names[j] : "*unknown*",types[j]));
4122 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
4124 return NT_STATUS_OK;
4128 * Fetch a list of all server aliases and their members into
4132 static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid,
4133 const char *domain_name,
4134 struct cli_state *cli,
4135 struct rpc_pipe_client *pipe_hnd,
4136 TALLOC_CTX *mem_ctx,
4141 POLICY_HND connect_pol;
4143 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
4145 MAXIMUM_ALLOWED_ACCESS,
4148 if (!NT_STATUS_IS_OK(result))
4151 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4152 &global_sid_Builtin);
4154 if (!NT_STATUS_IS_OK(result))
4157 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4160 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
4165 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
4167 token->num_sids = 4;
4169 if (!(token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4))) {
4170 d_fprintf(stderr, "malloc failed\n");
4171 token->num_sids = 0;
4175 token->user_sids[0] = *user_sid;
4176 sid_copy(&token->user_sids[1], &global_sid_World);
4177 sid_copy(&token->user_sids[2], &global_sid_Network);
4178 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
4181 static void free_user_token(NT_USER_TOKEN *token)
4183 SAFE_FREE(token->user_sids);
4186 static bool is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
4190 for (i=0; i<token->num_sids; i++) {
4191 if (sid_compare(sid, &token->user_sids[i]) == 0)
4197 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
4199 if (is_sid_in_token(token, sid))
4202 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
4203 if (!token->user_sids) {
4207 sid_copy(&token->user_sids[token->num_sids], sid);
4209 token->num_sids += 1;
4214 NT_USER_TOKEN token;
4217 static void dump_user_token(struct user_token *token)
4221 d_printf("%s\n", token->name);
4223 for (i=0; i<token->token.num_sids; i++) {
4224 d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
4228 static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
4232 for (i=0; i<alias->num_members; i++) {
4233 if (sid_compare(sid, &alias->members[i]) == 0)
4240 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
4244 for (i=0; i<num_server_aliases; i++) {
4245 if (is_alias_member(&sid, &server_aliases[i]))
4246 add_sid_to_token(token, &server_aliases[i].sid);
4251 * We got a user token with all the SIDs we can know about without asking the
4252 * server directly. These are the user and domain group sids. All of these can
4253 * be members of aliases. So scan the list of aliases for each of the SIDs and
4254 * add them to the token.
4257 static void collect_alias_memberships(NT_USER_TOKEN *token)
4259 int num_global_sids = token->num_sids;
4262 for (i=0; i<num_global_sids; i++) {
4263 collect_sid_memberships(token, token->user_sids[i]);
4267 static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
4269 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4270 enum wbcSidType type;
4272 struct wbcDomainSid wsid;
4273 char *sid_str = NULL;
4275 uint32_t num_groups;
4276 gid_t *groups = NULL;
4279 fstr_sprintf(full_name, "%s%c%s",
4280 domain, *lp_winbind_separator(), user);
4282 /* First let's find out the user sid */
4284 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4286 if (!WBC_ERROR_IS_OK(wbc_status)) {
4287 DEBUG(1, ("winbind could not find %s: %s\n",
4288 full_name, wbcErrorString(wbc_status)));
4292 wbc_status = wbcSidToString(&wsid, &sid_str);
4293 if (!WBC_ERROR_IS_OK(wbc_status)) {
4297 if (type != SID_NAME_USER) {
4298 wbcFreeMemory(sid_str);
4299 DEBUG(1, ("%s is not a user\n", full_name));
4303 string_to_sid(&user_sid, sid_str);
4304 wbcFreeMemory(sid_str);
4307 init_user_token(token, &user_sid);
4309 /* And now the groups winbind knows about */
4311 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4312 if (!WBC_ERROR_IS_OK(wbc_status)) {
4313 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4314 full_name, wbcErrorString(wbc_status)));
4318 for (i = 0; i < num_groups; i++) {
4319 gid_t gid = groups[i];
4322 wbc_status = wbcGidToSid(gid, &wsid);
4323 if (!WBC_ERROR_IS_OK(wbc_status)) {
4324 DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
4325 gid, wbcErrorString(wbc_status)));
4326 wbcFreeMemory(groups);
4330 wbc_status = wbcSidToString(&wsid, &sid_str);
4331 if (!WBC_ERROR_IS_OK(wbc_status)) {
4332 wbcFreeMemory(groups);
4336 DEBUG(3, (" %s\n", sid_str));
4338 string_to_sid(&sid, sid_str);
4339 wbcFreeMemory(sid_str);
4342 add_sid_to_token(token, &sid);
4344 wbcFreeMemory(groups);
4350 * Get a list of all user tokens we want to look at
4353 static bool get_user_tokens(int *num_tokens, struct user_token **user_tokens)
4355 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4356 uint32_t i, num_users;
4358 struct user_token *result;
4359 TALLOC_CTX *frame = NULL;
4361 if (lp_winbind_use_default_domain() &&
4362 (opt_target_workgroup == NULL)) {
4363 d_fprintf(stderr, "winbind use default domain = yes set, "
4364 "please specify a workgroup\n");
4368 /* Send request to winbind daemon */
4370 wbc_status = wbcListUsers(NULL, &num_users, &users);
4371 if (!WBC_ERROR_IS_OK(wbc_status)) {
4372 DEBUG(1, ("winbind could not list users: %s\n",
4373 wbcErrorString(wbc_status)));
4377 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4379 if (result == NULL) {
4380 DEBUG(1, ("Could not malloc sid array\n"));
4381 wbcFreeMemory(users);
4385 frame = talloc_stackframe();
4386 for (i=0; i < num_users; i++) {
4387 fstring domain, user;
4390 fstrcpy(result[i].name, users[i]);
4392 p = strchr(users[i], *lp_winbind_separator());
4394 DEBUG(3, ("%s\n", users[i]));
4397 fstrcpy(domain, opt_target_workgroup);
4398 fstrcpy(user, users[i]);
4401 fstrcpy(domain, users[i]);
4406 get_user_sids(domain, user, &(result[i].token));
4410 wbcFreeMemory(users);
4412 *num_tokens = num_users;
4413 *user_tokens = result;
4418 static bool get_user_tokens_from_file(FILE *f,
4420 struct user_token **tokens)
4422 struct user_token *token = NULL;
4427 if (fgets(line, sizeof(line)-1, f) == NULL) {
4431 if (line[strlen(line)-1] == '\n')
4432 line[strlen(line)-1] = '\0';
4434 if (line[0] == ' ') {
4438 string_to_sid(&sid, &line[1]);
4440 if (token == NULL) {
4441 DEBUG(0, ("File does not begin with username"));
4445 add_sid_to_token(&token->token, &sid);
4449 /* And a new user... */
4452 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4453 if (*tokens == NULL) {
4454 DEBUG(0, ("Could not realloc tokens\n"));
4458 token = &((*tokens)[*num_tokens-1]);
4460 fstrcpy(token->name, line);
4461 token->token.num_sids = 0;
4462 token->token.user_sids = NULL;
4471 * Show the list of all users that have access to a share
4474 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4475 TALLOC_CTX *mem_ctx,
4476 const char *netname,
4478 struct user_token *tokens)
4481 SEC_DESC *share_sd = NULL;
4482 SEC_DESC *root_sd = NULL;
4483 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4485 union srvsvc_NetShareInfo info;
4490 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4497 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4498 DEBUG(1, ("Coult not query secdesc for share %s\n",
4503 share_sd = info.info502->sd_buf.sd;
4504 if (share_sd == NULL) {
4505 DEBUG(1, ("Got no secdesc for share %s\n",
4511 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4515 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4518 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4521 for (i=0; i<num_tokens; i++) {
4524 if (share_sd != NULL) {
4525 if (!se_access_check(share_sd, &tokens[i].token,
4526 1, &acc_granted, &status)) {
4527 DEBUG(1, ("Could not check share_sd for "
4533 if (!NT_STATUS_IS_OK(status))
4537 if (root_sd == NULL) {
4538 d_printf(" %s\n", tokens[i].name);
4542 if (!se_access_check(root_sd, &tokens[i].token,
4543 1, &acc_granted, &status)) {
4544 DEBUG(1, ("Could not check root_sd for user %s\n",
4549 if (!NT_STATUS_IS_OK(status))
4552 d_printf(" %s\n", tokens[i].name);
4556 cli_close(cli, fnum);
4568 static void collect_share(const char *name, uint32 m,
4569 const char *comment, void *state)
4571 struct share_list *share_list = (struct share_list *)state;
4573 if (m != STYPE_DISKTREE)
4576 share_list->num_shares += 1;
4577 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4578 if (!share_list->shares) {
4579 share_list->num_shares = 0;
4582 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4585 static void rpc_share_userlist_usage(void)
4591 * List shares on a remote RPC server, including the security descriptors
4593 * All parameters are provided by the run_rpc_command function, except for
4594 * argc, argv which are passes through.
4596 * @param domain_sid The domain sid acquired from the remote server
4597 * @param cli A cli_state connected to the server.
4598 * @param mem_ctx Talloc context, destoyed on completion of the function.
4599 * @param argc Standard main() style argc
4600 * @param argv Standard main() style argv. Initial components are already
4603 * @return Normal NTSTATUS return.
4606 static NTSTATUS rpc_share_allowedusers_internals(const DOM_SID *domain_sid,
4607 const char *domain_name,
4608 struct cli_state *cli,
4609 struct rpc_pipe_client *pipe_hnd,
4610 TALLOC_CTX *mem_ctx,
4620 struct user_token *tokens = NULL;
4623 struct share_list share_list;
4626 rpc_share_userlist_usage();
4627 return NT_STATUS_UNSUCCESSFUL;
4633 f = fopen(argv[0], "r");
4637 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4638 return NT_STATUS_UNSUCCESSFUL;
4641 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4647 DEBUG(0, ("Could not read users from file\n"));
4648 return NT_STATUS_UNSUCCESSFUL;
4651 for (i=0; i<num_tokens; i++)
4652 collect_alias_memberships(&tokens[i].token);
4654 init_enum_hnd(&hnd, 0);
4656 share_list.num_shares = 0;
4657 share_list.shares = NULL;
4659 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4662 DEBUG(0, ("Error returning browse list: %s\n",
4667 for (i = 0; i < share_list.num_shares; i++) {
4668 char *netname = share_list.shares[i];
4670 if (netname[strlen(netname)-1] == '$')
4673 d_printf("%s\n", netname);
4675 show_userlist(pipe_hnd, mem_ctx, netname,
4676 num_tokens, tokens);
4679 for (i=0; i<num_tokens; i++) {
4680 free_user_token(&tokens[i].token);
4683 SAFE_FREE(share_list.shares);
4685 return NT_STATUS_OK;
4688 static int rpc_share_allowedusers(int argc, const char **argv)
4692 result = run_rpc_command(NULL, PI_SAMR, 0,
4693 rpc_aliaslist_internals,
4698 result = run_rpc_command(NULL, PI_LSARPC, 0,
4704 return run_rpc_command(NULL, PI_SRVSVC, 0,
4705 rpc_share_allowedusers_internals,
4709 int net_usersidlist(int argc, const char **argv)
4712 struct user_token *tokens = NULL;
4716 net_usersidlist_usage(argc, argv);
4720 if (!get_user_tokens(&num_tokens, &tokens)) {
4721 DEBUG(0, ("Could not get the user/sid list\n"));
4725 for (i=0; i<num_tokens; i++) {
4726 dump_user_token(&tokens[i]);
4727 free_user_token(&tokens[i].token);
4734 int net_usersidlist_usage(int argc, const char **argv)
4736 d_printf("net usersidlist\n"
4737 "\tprints out a list of all users the running winbind knows\n"
4738 "\tabout, together with all their SIDs. This is used as\n"
4739 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4741 net_common_flags_usage(argc, argv);
4746 * 'net rpc share' entrypoint.
4747 * @param argc Standard main() style argc
4748 * @param argv Standard main() style argv. Initial components are already
4752 int net_rpc_share(int argc, const char **argv)
4754 struct functable func[] = {
4755 {"add", rpc_share_add},
4756 {"delete", rpc_share_delete},
4757 {"allowedusers", rpc_share_allowedusers},
4758 {"migrate", rpc_share_migrate},
4759 {"list", rpc_share_list},
4764 return run_rpc_command(NULL, PI_SRVSVC, 0,
4765 rpc_share_list_internals,
4768 return net_run_function(argc, argv, func, rpc_share_usage);
4771 static NTSTATUS rpc_sh_share_list(TALLOC_CTX *mem_ctx,
4772 struct rpc_sh_ctx *ctx,
4773 struct rpc_pipe_client *pipe_hnd,
4774 int argc, const char **argv)
4776 return rpc_share_list_internals(ctx->domain_sid, ctx->domain_name,
4777 ctx->cli, pipe_hnd, mem_ctx,
4781 static NTSTATUS rpc_sh_share_add(TALLOC_CTX *mem_ctx,
4782 struct rpc_sh_ctx *ctx,
4783 struct rpc_pipe_client *pipe_hnd,
4784 int argc, const char **argv)
4788 uint32_t parm_err = 0;
4789 union srvsvc_NetShareInfo info;
4790 struct srvsvc_NetShareInfo2 info2;
4792 if ((argc < 2) || (argc > 3)) {
4793 d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
4795 return NT_STATUS_INVALID_PARAMETER;
4798 info2.name = argv[0];
4799 info2.type = STYPE_DISKTREE;
4800 info2.comment = (argc == 3) ? argv[2] : "";
4801 info2.permissions = 0;
4802 info2.max_users = 0;
4803 info2.current_users = 0;
4804 info2.path = argv[1];
4805 info2.password = NULL;
4807 info.info2 = &info2;
4809 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
4819 static NTSTATUS rpc_sh_share_delete(TALLOC_CTX *mem_ctx,
4820 struct rpc_sh_ctx *ctx,
4821 struct rpc_pipe_client *pipe_hnd,
4822 int argc, const char **argv)
4828 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4829 return NT_STATUS_INVALID_PARAMETER;
4832 status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
4841 static NTSTATUS rpc_sh_share_info(TALLOC_CTX *mem_ctx,
4842 struct rpc_sh_ctx *ctx,
4843 struct rpc_pipe_client *pipe_hnd,
4844 int argc, const char **argv)
4846 union srvsvc_NetShareInfo info;
4851 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4852 return NT_STATUS_INVALID_PARAMETER;
4855 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4861 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4865 d_printf("Name: %s\n", info.info2->name);
4866 d_printf("Comment: %s\n", info.info2->comment);
4867 d_printf("Path: %s\n", info.info2->path);
4868 d_printf("Password: %s\n", info.info2->password);
4871 return werror_to_ntstatus(result);
4874 struct rpc_sh_cmd *net_rpc_share_cmds(TALLOC_CTX *mem_ctx,
4875 struct rpc_sh_ctx *ctx)
4877 static struct rpc_sh_cmd cmds[] = {
4879 { "list", NULL, PI_SRVSVC, rpc_sh_share_list,
4880 "List available shares" },
4882 { "add", NULL, PI_SRVSVC, rpc_sh_share_add,
4885 { "delete", NULL, PI_SRVSVC, rpc_sh_share_delete,
4888 { "info", NULL, PI_SRVSVC, rpc_sh_share_info,
4889 "Get information about a share" },
4891 { NULL, NULL, 0, NULL, NULL }
4897 /****************************************************************************/
4899 static int rpc_file_usage(int argc, const char **argv)
4901 return net_help_file(argc, argv);
4905 * Close a file on a remote RPC server
4907 * All parameters are provided by the run_rpc_command function, except for
4908 * argc, argv which are passes through.
4910 * @param domain_sid The domain sid acquired from the remote server
4911 * @param cli A cli_state connected to the server.
4912 * @param mem_ctx Talloc context, destoyed on completion of the function.
4913 * @param argc Standard main() style argc
4914 * @param argv Standard main() style argv. Initial components are already
4917 * @return Normal NTSTATUS return.
4919 static NTSTATUS rpc_file_close_internals(const DOM_SID *domain_sid,
4920 const char *domain_name,
4921 struct cli_state *cli,
4922 struct rpc_pipe_client *pipe_hnd,
4923 TALLOC_CTX *mem_ctx,
4927 return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx,
4929 atoi(argv[0]), NULL);
4933 * Close a file on a remote RPC server
4935 * @param argc Standard main() style argc
4936 * @param argv Standard main() style argv. Initial components are already
4939 * @return A shell status integer (0 for success)
4941 static int rpc_file_close(int argc, const char **argv)
4944 DEBUG(1, ("No fileid given on close\n"));
4945 return(rpc_file_usage(argc, argv));
4948 return run_rpc_command(NULL, PI_SRVSVC, 0,
4949 rpc_file_close_internals,
4954 * Formatted print of open file info
4956 * @param r struct srvsvc_NetFileInfo3 contents
4959 static void display_file_info_3(struct srvsvc_NetFileInfo3 *r)
4961 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
4962 r->fid, r->user, r->permissions, r->num_locks, r->path);
4966 * List open files on a remote RPC server
4968 * All parameters are provided by the run_rpc_command function, except for
4969 * argc, argv which are passes through.
4971 * @param domain_sid The domain sid acquired from the remote server
4972 * @param cli A cli_state connected to the server.
4973 * @param mem_ctx Talloc context, destoyed on completion of the function.
4974 * @param argc Standard main() style argc
4975 * @param argv Standard main() style argv. Initial components are already
4978 * @return Normal NTSTATUS return.
4981 static NTSTATUS rpc_file_list_internals(const DOM_SID *domain_sid,
4982 const char *domain_name,
4983 struct cli_state *cli,
4984 struct rpc_pipe_client *pipe_hnd,
4985 TALLOC_CTX *mem_ctx,
4989 struct srvsvc_NetFileInfoCtr info_ctr;
4990 struct srvsvc_NetFileCtr3 ctr3;
4993 uint32 preferred_len = 0xffffffff, i;
4994 const char *username=NULL;
4995 uint32_t total_entries = 0;
4996 uint32_t resume_handle = 0;
4998 /* if argc > 0, must be user command */
5000 username = smb_xstrdup(argv[0]);
5002 ZERO_STRUCT(info_ctr);
5006 info_ctr.ctr.ctr3 = &ctr3;
5008 status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx,
5018 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result))
5021 /* Display results */
5024 "\nEnumerating open files on remote server:\n\n"\
5025 "\nFileId Opened by Perms Locks Path"\
5026 "\n------ --------- ----- ----- ---- \n");
5027 for (i = 0; i < total_entries; i++)
5028 display_file_info_3(&info_ctr.ctr.ctr3->array[i]);
5030 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
5034 * List files for a user on a remote RPC server
5036 * @param argc Standard main() style argc
5037 * @param argv Standard main() style argv. Initial components are already
5040 * @return A shell status integer (0 for success)
5043 static int rpc_file_user(int argc, const char **argv)
5046 DEBUG(1, ("No username given\n"));
5047 return(rpc_file_usage(argc, argv));
5050 return run_rpc_command(NULL, PI_SRVSVC, 0,
5051 rpc_file_list_internals,
5056 * 'net rpc file' entrypoint.
5057 * @param argc Standard main() style argc
5058 * @param argv Standard main() style argv. Initial components are already
5062 int net_rpc_file(int argc, const char **argv)
5064 struct functable func[] = {
5065 {"close", rpc_file_close},
5066 {"user", rpc_file_user},
5068 {"info", rpc_file_info},
5074 return run_rpc_command(NULL, PI_SRVSVC, 0,
5075 rpc_file_list_internals,
5078 return net_run_function(argc, argv, func, rpc_file_usage);
5082 * ABORT the shutdown of a remote RPC Server over, initshutdown pipe
5084 * All parameters are provided by the run_rpc_command function, except for
5085 * argc, argv which are passed through.
5087 * @param domain_sid The domain sid aquired from the remote server
5088 * @param cli A cli_state connected to the server.
5089 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5090 * @param argc Standard main() style argc
5091 * @param argv Standard main() style argv. Initial components are already
5094 * @return Normal NTSTATUS return.
5097 static NTSTATUS rpc_shutdown_abort_internals(const DOM_SID *domain_sid,
5098 const char *domain_name,
5099 struct cli_state *cli,
5100 struct rpc_pipe_client *pipe_hnd,
5101 TALLOC_CTX *mem_ctx,
5105 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5107 result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
5109 if (NT_STATUS_IS_OK(result)) {
5110 d_printf("\nShutdown successfully aborted\n");
5111 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5113 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5119 * ABORT the shutdown of a remote RPC Server, over winreg pipe
5121 * All parameters are provided by the run_rpc_command function, except for
5122 * argc, argv which are passed through.
5124 * @param domain_sid The domain sid aquired from the remote server
5125 * @param cli A cli_state connected to the server.
5126 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5127 * @param argc Standard main() style argc
5128 * @param argv Standard main() style argv. Initial components are already
5131 * @return Normal NTSTATUS return.
5134 static NTSTATUS rpc_reg_shutdown_abort_internals(const DOM_SID *domain_sid,
5135 const char *domain_name,
5136 struct cli_state *cli,
5137 struct rpc_pipe_client *pipe_hnd,
5138 TALLOC_CTX *mem_ctx,
5142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5144 result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
5146 if (NT_STATUS_IS_OK(result)) {
5147 d_printf("\nShutdown successfully aborted\n");
5148 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5150 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5156 * ABORT the Shut down of a remote RPC server
5158 * @param argc Standard main() style argc
5159 * @param argv Standard main() style argv. Initial components are already
5162 * @return A shell status integer (0 for success)
5165 static int rpc_shutdown_abort(int argc, const char **argv)
5167 int rc = run_rpc_command(NULL, PI_INITSHUTDOWN, 0,
5168 rpc_shutdown_abort_internals,
5174 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5176 return run_rpc_command(NULL, PI_WINREG, 0,
5177 rpc_reg_shutdown_abort_internals,
5182 * Shut down a remote RPC Server via initshutdown pipe
5184 * All parameters are provided by the run_rpc_command function, except for
5185 * argc, argv which are passes through.
5187 * @param domain_sid The domain sid aquired from the remote server
5188 * @param cli A cli_state connected to the server.
5189 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5190 * @param argc Standard main() style argc
5191 * @param argc Standard main() style argv. Initial components are already
5194 * @return Normal NTSTATUS return.
5197 NTSTATUS rpc_init_shutdown_internals(const DOM_SID *domain_sid,
5198 const char *domain_name,
5199 struct cli_state *cli,
5200 struct rpc_pipe_client *pipe_hnd,
5201 TALLOC_CTX *mem_ctx,
5205 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5206 const char *msg = "This machine will be shutdown shortly";
5207 uint32 timeout = 20;
5208 struct initshutdown_String msg_string;
5209 struct initshutdown_String_sub s;
5215 timeout = opt_timeout;
5219 msg_string.name = &s;
5221 /* create an entry */
5222 result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
5223 &msg_string, timeout, opt_force, opt_reboot, NULL);
5225 if (NT_STATUS_IS_OK(result)) {
5226 d_printf("\nShutdown of remote machine succeeded\n");
5227 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5229 DEBUG(1,("Shutdown of remote machine failed!\n"));
5235 * Shut down a remote RPC Server via winreg pipe
5237 * All parameters are provided by the run_rpc_command function, except for
5238 * argc, argv which are passes through.
5240 * @param domain_sid The domain sid aquired from the remote server
5241 * @param cli A cli_state connected to the server.
5242 * @param mem_ctx Talloc context, destoyed on compleation of the function.
5243 * @param argc Standard main() style argc
5244 * @param argc Standard main() style argv. Initial components are already
5247 * @return Normal NTSTATUS return.
5250 NTSTATUS rpc_reg_shutdown_internals(const DOM_SID *domain_sid,
5251 const char *domain_name,
5252 struct cli_state *cli,
5253 struct rpc_pipe_client *pipe_hnd,
5254 TALLOC_CTX *mem_ctx,
5258 const char *msg = "This machine will be shutdown shortly";
5259 uint32 timeout = 20;
5260 struct initshutdown_String msg_string;
5261 struct initshutdown_String_sub s;
5269 msg_string.name = &s;
5272 timeout = opt_timeout;
5275 /* create an entry */
5276 result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
5277 &msg_string, timeout, opt_force, opt_reboot, &werr);
5279 if (NT_STATUS_IS_OK(result)) {
5280 d_printf("\nShutdown of remote machine succeeded\n");
5282 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5283 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5284 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5286 d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
5293 * Shut down a remote RPC server
5295 * @param argc Standard main() style argc
5296 * @param argc Standard main() style argv. Initial components are already
5299 * @return A shell status integer (0 for success)
5302 static int rpc_shutdown(int argc, const char **argv)
5304 int rc = run_rpc_command(NULL, PI_INITSHUTDOWN, 0,
5305 rpc_init_shutdown_internals,
5309 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5310 rc = run_rpc_command(NULL, PI_WINREG, 0,
5311 rpc_reg_shutdown_internals, argc, argv);
5317 /***************************************************************************
5318 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5320 ***************************************************************************/
5323 * Add interdomain trust account to the RPC server.
5324 * All parameters (except for argc and argv) are passed by run_rpc_command
5327 * @param domain_sid The domain sid acquired from the server
5328 * @param cli A cli_state connected to the server.
5329 * @param mem_ctx Talloc context, destoyed on completion of the function.
5330 * @param argc Standard main() style argc
5331 * @param argc Standard main() style argv. Initial components are already
5334 * @return normal NTSTATUS return code
5337 static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
5338 const char *domain_name,
5339 struct cli_state *cli,
5340 struct rpc_pipe_client *pipe_hnd,
5341 TALLOC_CTX *mem_ctx,
5345 POLICY_HND connect_pol, domain_pol, user_pol;
5346 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5348 struct lsa_String lsa_acct_name;
5350 uint32 acct_flags=0;
5352 uint32_t access_granted = 0;
5353 union samr_UserInfo info;
5356 d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
5357 return NT_STATUS_INVALID_PARAMETER;
5361 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5364 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5365 return NT_STATUS_NO_MEMORY;
5368 strupper_m(acct_name);
5370 init_lsa_String(&lsa_acct_name, acct_name);
5372 /* Get samr policy handle */
5373 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5375 MAXIMUM_ALLOWED_ACCESS,
5377 if (!NT_STATUS_IS_OK(result)) {
5381 /* Get domain policy handle */
5382 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5384 MAXIMUM_ALLOWED_ACCESS,
5385 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5387 if (!NT_STATUS_IS_OK(result)) {
5391 /* Create trusting domain's account */
5392 acb_info = ACB_NORMAL;
5393 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5394 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5395 SAMR_USER_ACCESS_SET_PASSWORD |
5396 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5397 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5399 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5407 if (!NT_STATUS_IS_OK(result)) {
5413 struct samr_LogonHours hours;
5414 struct lsa_BinaryString parameters;
5415 const int units_per_week = 168;
5418 encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
5420 ZERO_STRUCT(notime);
5422 ZERO_STRUCT(parameters);
5424 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
5426 result = NT_STATUS_NO_MEMORY;
5429 hours.units_per_week = units_per_week;
5430 memset(hours.bits, 0xFF, units_per_week);
5432 init_samr_user_info23(&info.info23,
5433 notime, notime, notime,
5434 notime, notime, notime,
5435 NULL, NULL, NULL, NULL, NULL,
5436 NULL, NULL, NULL, NULL, ¶meters,
5437 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
5439 0, 0, 0, 0, 0, 0, 0,
5442 SamOEMhashBlob(info.info23.password.data, 516,
5443 &cli->user_session_key);
5445 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5450 if (!NT_STATUS_IS_OK(result)) {
5451 DEBUG(0,("Could not set trust account password: %s\n",
5452 nt_errstr(result)));
5458 SAFE_FREE(acct_name);
5463 * Create interdomain trust account for a remote domain.
5465 * @param argc standard argc
5466 * @param argv standard argv without initial components
5468 * @return Integer status (0 means success)
5471 static int rpc_trustdom_add(int argc, const char **argv)
5474 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_add_internals,
5477 d_printf("Usage: net rpc trustdom add <domain>\n");
5484 * Remove interdomain trust account from the RPC server.
5485 * All parameters (except for argc and argv) are passed by run_rpc_command
5488 * @param domain_sid The domain sid acquired from the server
5489 * @param cli A cli_state connected to the server.
5490 * @param mem_ctx Talloc context, destoyed on completion of the function.
5491 * @param argc Standard main() style argc
5492 * @param argc Standard main() style argv. Initial components are already
5495 * @return normal NTSTATUS return code
5498 static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
5499 const char *domain_name,
5500 struct cli_state *cli,
5501 struct rpc_pipe_client *pipe_hnd,
5502 TALLOC_CTX *mem_ctx,
5506 POLICY_HND connect_pol, domain_pol, user_pol;
5507 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5509 DOM_SID trust_acct_sid;
5510 struct samr_Ids user_rids, name_types;
5511 struct lsa_String lsa_acct_name;
5514 d_printf("Usage: net rpc trustdom del <domain_name>\n");
5515 return NT_STATUS_INVALID_PARAMETER;
5519 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5521 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5523 if (acct_name == NULL)
5524 return NT_STATUS_NO_MEMORY;
5526 strupper_m(acct_name);
5528 /* Get samr policy handle */
5529 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5531 MAXIMUM_ALLOWED_ACCESS,
5533 if (!NT_STATUS_IS_OK(result)) {
5537 /* Get domain policy handle */
5538 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5540 MAXIMUM_ALLOWED_ACCESS,
5541 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5543 if (!NT_STATUS_IS_OK(result)) {
5547 init_lsa_String(&lsa_acct_name, acct_name);
5549 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5556 if (!NT_STATUS_IS_OK(result)) {
5560 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5562 MAXIMUM_ALLOWED_ACCESS,
5566 if (!NT_STATUS_IS_OK(result)) {
5570 /* append the rid to the domain sid */
5571 sid_copy(&trust_acct_sid, domain_sid);
5572 if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
5576 /* remove the sid */
5578 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5581 if (!NT_STATUS_IS_OK(result)) {
5587 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
5590 if (!NT_STATUS_IS_OK(result)) {
5594 if (!NT_STATUS_IS_OK(result)) {
5595 DEBUG(0,("Could not set trust account password: %s\n",
5596 nt_errstr(result)));
5605 * Delete interdomain trust account for a remote domain.
5607 * @param argc standard argc
5608 * @param argv standard argv without initial components
5610 * @return Integer status (0 means success)
5613 static int rpc_trustdom_del(int argc, const char **argv)
5616 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_del_internals,
5619 d_printf("Usage: net rpc trustdom del <domain>\n");
5624 static NTSTATUS rpc_trustdom_get_pdc(struct cli_state *cli,
5625 TALLOC_CTX *mem_ctx,
5626 const char *domain_name)
5628 char *dc_name = NULL;
5629 const char *buffer = NULL;
5630 struct rpc_pipe_client *netr;
5633 /* Use NetServerEnum2 */
5635 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
5637 return NT_STATUS_OK;
5640 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
5641 for domain %s\n", domain_name));
5643 /* Try netr_GetDcName */
5645 netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &status);
5650 status = rpccli_netr_GetDcName(netr, mem_ctx,
5657 if (NT_STATUS_IS_OK(status)) {
5661 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
5662 for domain %s\n", domain_name));
5668 * Establish trust relationship to a trusting domain.
5669 * Interdomain account must already be created on remote PDC.
5671 * @param argc standard argc
5672 * @param argv standard argv without initial components
5674 * @return Integer status (0 means success)
5677 static int rpc_trustdom_establish(int argc, const char **argv)
5679 struct cli_state *cli = NULL;
5680 struct sockaddr_storage server_ss;
5681 struct rpc_pipe_client *pipe_hnd = NULL;
5682 POLICY_HND connect_hnd;
5683 TALLOC_CTX *mem_ctx;
5685 DOM_SID *domain_sid;
5690 union lsa_PolicyInformation *info = NULL;
5693 * Connect to \\server\ipc$ as 'our domain' account with password
5697 d_printf("Usage: net rpc trustdom establish <domain_name>\n");
5701 domain_name = smb_xstrdup(argv[0]);
5702 strupper_m(domain_name);
5704 /* account name used at first is our domain's name with '$' */
5705 asprintf(&acct_name, "%s$", lp_workgroup());
5706 strupper_m(acct_name);
5709 * opt_workgroup will be used by connection functions further,
5710 * hence it should be set to remote domain name instead of ours
5712 if (opt_workgroup) {
5713 opt_workgroup = smb_xstrdup(domain_name);
5716 opt_user_name = acct_name;
5718 /* find the domain controller */
5719 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
5720 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
5724 /* connect to ipc$ as username/password */
5725 nt_status = connect_to_ipc(&cli, &server_ss, pdc_name);
5726 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
5728 /* Is it trusting domain account for sure ? */
5729 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
5730 nt_errstr(nt_status)));
5734 /* store who we connected to */
5736 saf_store( domain_name, pdc_name );
5739 * Connect to \\server\ipc$ again (this time anonymously)
5742 nt_status = connect_to_ipc_anonymous(&cli, &server_ss, (char*)pdc_name);
5744 if (NT_STATUS_IS_ERR(nt_status)) {
5745 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
5746 domain_name, nt_errstr(nt_status)));
5750 if (!(mem_ctx = talloc_init("establishing trust relationship to "
5751 "domain %s", domain_name))) {
5752 DEBUG(0, ("talloc_init() failed\n"));
5757 /* Make sure we're talking to a proper server */
5759 nt_status = rpc_trustdom_get_pdc(cli, mem_ctx, domain_name);
5760 if (!NT_STATUS_IS_OK(nt_status)) {
5762 talloc_destroy(mem_ctx);
5767 * Call LsaOpenPolicy and LsaQueryInfo
5770 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
5772 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
5774 talloc_destroy(mem_ctx);
5778 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
5780 if (NT_STATUS_IS_ERR(nt_status)) {
5781 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5782 nt_errstr(nt_status)));
5784 talloc_destroy(mem_ctx);
5788 /* Querying info level 5 */
5790 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
5792 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
5794 if (NT_STATUS_IS_ERR(nt_status)) {
5795 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5796 nt_errstr(nt_status)));
5798 talloc_destroy(mem_ctx);
5802 domain_sid = info->account_domain.sid;
5804 /* There should be actually query info level 3 (following nt serv behaviour),
5805 but I still don't know if it's _really_ necessary */
5808 * Store the password in secrets db
5811 if (!pdb_set_trusteddom_pw(domain_name, opt_password, domain_sid)) {
5812 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5814 talloc_destroy(mem_ctx);
5819 * Close the pipes and clean up
5822 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
5823 if (NT_STATUS_IS_ERR(nt_status)) {
5824 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
5825 nt_errstr(nt_status)));
5827 talloc_destroy(mem_ctx);
5833 talloc_destroy(mem_ctx);
5835 d_printf("Trust to domain %s established\n", domain_name);
5840 * Revoke trust relationship to the remote domain
5842 * @param argc standard argc
5843 * @param argv standard argv without initial components
5845 * @return Integer status (0 means success)
5848 static int rpc_trustdom_revoke(int argc, const char **argv)
5853 if (argc < 1) return -1;
5855 /* generate upper cased domain name */
5856 domain_name = smb_xstrdup(argv[0]);
5857 strupper_m(domain_name);
5859 /* delete password of the trust */
5860 if (!pdb_del_trusteddom_pw(domain_name)) {
5861 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
5868 SAFE_FREE(domain_name);
5873 * Usage for 'net rpc trustdom' command
5875 * @param argc standard argc
5876 * @param argv standard argv without inital components
5878 * @return Integer status returned to shell
5881 static int rpc_trustdom_usage(int argc, const char **argv)
5883 d_printf(" net rpc trustdom add \t\t add trusting domain's account\n");
5884 d_printf(" net rpc trustdom del \t\t delete trusting domain's account\n");
5885 d_printf(" net rpc trustdom establish \t establish relationship to trusted domain\n");
5886 d_printf(" net rpc trustdom revoke \t abandon relationship to trusted domain\n");
5887 d_printf(" net rpc trustdom list \t show current interdomain trust relationships\n");
5888 d_printf(" net rpc trustdom vampire \t vampire interdomain trust relationships from remote server\n");
5893 static NTSTATUS rpc_query_domain_sid(const DOM_SID *domain_sid,
5894 const char *domain_name,
5895 struct cli_state *cli,
5896 struct rpc_pipe_client *pipe_hnd,
5897 TALLOC_CTX *mem_ctx,
5902 sid_to_fstring(str_sid, domain_sid);
5903 d_printf("%s\n", str_sid);
5904 return NT_STATUS_OK;
5907 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
5909 fstring ascii_sid, padding;
5910 int pad_len, col_len = 20;
5912 /* convert sid into ascii string */
5913 sid_to_fstring(ascii_sid, dom_sid);
5915 /* calculate padding space for d_printf to look nicer */
5916 pad_len = col_len - strlen(trusted_dom_name);
5917 padding[pad_len] = 0;
5918 do padding[--pad_len] = ' '; while (pad_len);
5920 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
5923 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
5924 TALLOC_CTX *mem_ctx,
5927 const char *trusted_dom_name)
5930 union lsa_TrustedDomainInfo *info = NULL;
5931 char *cleartextpwd = NULL;
5934 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
5937 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
5939 if (NT_STATUS_IS_ERR(nt_status)) {
5940 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
5941 nt_errstr(nt_status)));
5945 data = data_blob(info->password.password->data,
5946 info->password.password->length);
5948 cleartextpwd = decrypt_trustdom_secret(
5949 rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data);
5951 if (cleartextpwd == NULL) {
5952 DEBUG(0,("retrieved NULL password\n"));
5953 nt_status = NT_STATUS_UNSUCCESSFUL;
5957 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
5958 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5959 nt_status = NT_STATUS_UNSUCCESSFUL;
5963 #ifdef DEBUG_PASSWORD
5964 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
5965 "password: [%s]\n", trusted_dom_name,
5966 sid_string_dbg(&dom_sid), cleartextpwd));
5970 SAFE_FREE(cleartextpwd);
5971 data_blob_free(&data);
5976 static int rpc_trustdom_vampire(int argc, const char **argv)
5978 /* common variables */
5979 TALLOC_CTX* mem_ctx;
5980 struct cli_state *cli = NULL;
5981 struct rpc_pipe_client *pipe_hnd = NULL;
5983 const char *domain_name = NULL;
5984 DOM_SID *queried_dom_sid;
5985 POLICY_HND connect_hnd;
5986 union lsa_PolicyInformation *info = NULL;
5988 /* trusted domains listing variables */
5989 unsigned int enum_ctx = 0;
5991 struct lsa_DomainList dom_list;
5995 * Listing trusted domains (stored in secrets.tdb, if local)
5998 mem_ctx = talloc_init("trust relationships vampire");
6001 * set domain and pdc name to local samba server (default)
6002 * or to remote one given in command line
6005 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
6006 domain_name = opt_workgroup;
6007 opt_target_workgroup = opt_workgroup;
6009 fstrcpy(pdc_name, global_myname());
6010 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6011 opt_target_workgroup = domain_name;
6014 /* open \PIPE\lsarpc and open policy handle */
6015 nt_status = net_make_ipc_connection(NET_FLAGS_PDC, &cli);
6016 if (!NT_STATUS_IS_OK(nt_status)) {
6017 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6018 nt_errstr(nt_status)));
6019 talloc_destroy(mem_ctx);
6023 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6025 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6026 nt_errstr(nt_status) ));
6028 talloc_destroy(mem_ctx);
6032 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
6034 if (NT_STATUS_IS_ERR(nt_status)) {
6035 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6036 nt_errstr(nt_status)));
6038 talloc_destroy(mem_ctx);
6042 /* query info level 5 to obtain sid of a domain being queried */
6043 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6045 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6048 if (NT_STATUS_IS_ERR(nt_status)) {
6049 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6050 nt_errstr(nt_status)));
6052 talloc_destroy(mem_ctx);
6056 queried_dom_sid = info->account_domain.sid;
6059 * Keep calling LsaEnumTrustdom over opened pipe until
6060 * the end of enumeration is reached
6063 d_printf("Vampire trusted domains:\n\n");
6066 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6071 if (NT_STATUS_IS_ERR(nt_status)) {
6072 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6073 nt_errstr(nt_status)));
6075 talloc_destroy(mem_ctx);
6079 for (i = 0; i < dom_list.count; i++) {
6081 print_trusted_domain(dom_list.domains[i].sid,
6082 dom_list.domains[i].name.string);
6084 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6085 *dom_list.domains[i].sid,
6086 dom_list.domains[i].name.string);
6087 if (!NT_STATUS_IS_OK(nt_status)) {
6089 talloc_destroy(mem_ctx);
6095 * in case of no trusted domains say something rather
6096 * than just display blank line
6098 if (!dom_list.count) d_printf("none\n");
6100 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6102 /* close this connection before doing next one */
6103 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6104 if (NT_STATUS_IS_ERR(nt_status)) {
6105 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6106 nt_errstr(nt_status)));
6108 talloc_destroy(mem_ctx);
6112 /* close lsarpc pipe and connection to IPC$ */
6115 talloc_destroy(mem_ctx);
6119 static int rpc_trustdom_list(int argc, const char **argv)
6121 /* common variables */
6122 TALLOC_CTX* mem_ctx;
6123 struct cli_state *cli = NULL, *remote_cli = NULL;
6124 struct rpc_pipe_client *pipe_hnd = NULL;
6126 const char *domain_name = NULL;
6127 DOM_SID *queried_dom_sid;
6129 int ascii_dom_name_len;
6130 POLICY_HND connect_hnd;
6131 union lsa_PolicyInformation *info = NULL;
6133 /* trusted domains listing variables */
6134 unsigned int num_domains, enum_ctx = 0;
6135 int i, pad_len, col_len = 20;
6136 struct lsa_DomainList dom_list;
6139 /* trusting domains listing variables */
6140 POLICY_HND domain_hnd;
6141 struct samr_SamArray *trusts = NULL;
6144 * Listing trusted domains (stored in secrets.tdb, if local)
6147 mem_ctx = talloc_init("trust relationships listing");
6150 * set domain and pdc name to local samba server (default)
6151 * or to remote one given in command line
6154 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
6155 domain_name = opt_workgroup;
6156 opt_target_workgroup = opt_workgroup;
6158 fstrcpy(pdc_name, global_myname());
6159 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6160 opt_target_workgroup = domain_name;
6163 /* open \PIPE\lsarpc and open policy handle */
6164 nt_status = net_make_ipc_connection(NET_FLAGS_PDC, &cli);
6165 if (!NT_STATUS_IS_OK(nt_status)) {
6166 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6167 nt_errstr(nt_status)));
6168 talloc_destroy(mem_ctx);
6172 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &nt_status);
6174 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6175 nt_errstr(nt_status) ));
6177 talloc_destroy(mem_ctx);
6181 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
6183 if (NT_STATUS_IS_ERR(nt_status)) {
6184 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6185 nt_errstr(nt_status)));
6187 talloc_destroy(mem_ctx);
6191 /* query info level 5 to obtain sid of a domain being queried */
6192 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6194 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6197 if (NT_STATUS_IS_ERR(nt_status)) {
6198 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6199 nt_errstr(nt_status)));
6201 talloc_destroy(mem_ctx);
6205 queried_dom_sid = info->account_domain.sid;
6208 * Keep calling LsaEnumTrustdom over opened pipe until
6209 * the end of enumeration is reached
6212 d_printf("Trusted domains list:\n\n");
6215 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6220 if (NT_STATUS_IS_ERR(nt_status)) {
6221 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6222 nt_errstr(nt_status)));
6224 talloc_destroy(mem_ctx);
6228 for (i = 0; i < dom_list.count; i++) {
6229 print_trusted_domain(dom_list.domains[i].sid,
6230 dom_list.domains[i].name.string);
6234 * in case of no trusted domains say something rather
6235 * than just display blank line
6237 if (!dom_list.count) d_printf("none\n");
6239 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6241 /* close this connection before doing next one */
6242 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6243 if (NT_STATUS_IS_ERR(nt_status)) {
6244 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6245 nt_errstr(nt_status)));
6247 talloc_destroy(mem_ctx);
6251 TALLOC_FREE(pipe_hnd);
6254 * Listing trusting domains (stored in passdb backend, if local)
6257 d_printf("\nTrusting domains list:\n\n");
6260 * Open \PIPE\samr and get needed policy handles
6262 pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status);
6264 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6266 talloc_destroy(mem_ctx);
6271 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6273 SA_RIGHT_SAM_OPEN_DOMAIN,
6275 if (!NT_STATUS_IS_OK(nt_status)) {
6276 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6277 nt_errstr(nt_status)));
6279 talloc_destroy(mem_ctx);
6283 /* SamrOpenDomain - we have to open domain policy handle in order to be
6284 able to enumerate accounts*/
6285 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6287 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
6290 if (!NT_STATUS_IS_OK(nt_status)) {
6291 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6292 nt_errstr(nt_status)));
6294 talloc_destroy(mem_ctx);
6299 * perform actual enumeration
6302 enum_ctx = 0; /* reset enumeration context from last enumeration */
6305 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6312 if (NT_STATUS_IS_ERR(nt_status)) {
6313 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6314 nt_errstr(nt_status)));
6316 talloc_destroy(mem_ctx);
6320 for (i = 0; i < num_domains; i++) {
6322 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6325 * get each single domain's sid (do we _really_ need this ?):
6326 * 1) connect to domain's pdc
6327 * 2) query the pdc for domain's sid
6330 /* get rid of '$' tail */
6331 ascii_dom_name_len = strlen(str);
6332 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6333 str[ascii_dom_name_len - 1] = '\0';
6335 /* calculate padding space for d_printf to look nicer */
6336 pad_len = col_len - strlen(str);
6337 padding[pad_len] = 0;
6338 do padding[--pad_len] = ' '; while (pad_len);
6340 /* set opt_* variables to remote domain */
6342 opt_workgroup = talloc_strdup(mem_ctx, str);
6343 opt_target_workgroup = opt_workgroup;
6345 d_printf("%s%s", str, padding);
6347 /* connect to remote domain controller */
6348 nt_status = net_make_ipc_connection(
6349 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6351 if (NT_STATUS_IS_OK(nt_status)) {
6352 /* query for domain's sid */
6353 if (run_rpc_command(remote_cli, PI_LSARPC, 0, rpc_query_domain_sid, argc, argv))
6354 d_fprintf(stderr, "couldn't get domain's sid\n");
6356 cli_shutdown(remote_cli);
6359 d_fprintf(stderr, "domain controller is not "
6361 nt_errstr(nt_status));
6365 if (!num_domains) d_printf("none\n");
6367 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6369 /* close opened samr and domain policy handles */
6370 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6371 if (!NT_STATUS_IS_OK(nt_status)) {
6372 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6375 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6376 if (!NT_STATUS_IS_OK(nt_status)) {
6377 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6380 /* close samr pipe and connection to IPC$ */
6383 talloc_destroy(mem_ctx);
6388 * Entrypoint for 'net rpc trustdom' code
6390 * @param argc standard argc
6391 * @param argv standard argv without initial components
6393 * @return Integer status (0 means success)
6396 static int rpc_trustdom(int argc, const char **argv)
6398 struct functable func[] = {
6399 {"add", rpc_trustdom_add},
6400 {"del", rpc_trustdom_del},
6401 {"establish", rpc_trustdom_establish},
6402 {"revoke", rpc_trustdom_revoke},
6403 {"help", rpc_trustdom_usage},
6404 {"list", rpc_trustdom_list},
6405 {"vampire", rpc_trustdom_vampire},
6410 rpc_trustdom_usage(argc, argv);
6414 return (net_run_function(argc, argv, func, rpc_user_usage));
6418 * Check if a server will take rpc commands
6419 * @param flags Type of server to connect to (PDC, DMB, localhost)
6420 * if the host is not explicitly specified
6421 * @return bool (true means rpc supported)
6423 bool net_rpc_check(unsigned flags)
6425 struct cli_state *cli;
6427 struct sockaddr_storage server_ss;
6428 char *server_name = NULL;
6431 /* flags (i.e. server type) may depend on command */
6432 if (!net_find_server(NULL, flags, &server_ss, &server_name))
6435 if ((cli = cli_initialise()) == NULL) {
6439 status = cli_connect(cli, server_name, &server_ss);
6440 if (!NT_STATUS_IS_OK(status))
6442 if (!attempt_netbios_session_request(&cli, global_myname(),
6443 server_name, &server_ss))
6445 if (!cli_negprot(cli))
6447 if (cli->protocol < PROTOCOL_NT1)
6456 /* dump sam database via samsync rpc calls */
6457 static int rpc_samdump(int argc, const char **argv) {
6458 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS, rpc_samdump_internals,
6462 /* syncronise sam database via samsync rpc calls */
6463 static int rpc_vampire(int argc, const char **argv) {
6464 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS, rpc_vampire_internals,
6469 * Migrate everything from a print-server
6471 * @param argc Standard main() style argc
6472 * @param argv Standard main() style argv. Initial components are already
6475 * @return A shell status integer (0 for success)
6477 * The order is important !
6478 * To successfully add drivers the print-queues have to exist !
6479 * Applying ACLs should be the last step, because you're easily locked out
6482 static int rpc_printer_migrate_all(int argc, const char **argv)
6487 printf("no server to migrate\n");
6491 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_printers_internals, argc, argv);
6495 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_drivers_internals, argc, argv);
6499 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_forms_internals, argc, argv);
6503 ret = run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_settings_internals, argc, argv);
6507 return run_rpc_command(NULL, PI_SPOOLSS, 0, rpc_printer_migrate_security_internals, argc, argv);
6512 * Migrate print-drivers from a print-server
6514 * @param argc Standard main() style argc
6515 * @param argv Standard main() style argv. Initial components are already
6518 * @return A shell status integer (0 for success)
6520 static int rpc_printer_migrate_drivers(int argc, const char **argv)
6523 printf("no server to migrate\n");
6527 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6528 rpc_printer_migrate_drivers_internals,
6533 * Migrate print-forms from a print-server
6535 * @param argc Standard main() style argc
6536 * @param argv Standard main() style argv. Initial components are already
6539 * @return A shell status integer (0 for success)
6541 static int rpc_printer_migrate_forms(int argc, const char **argv)
6544 printf("no server to migrate\n");
6548 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6549 rpc_printer_migrate_forms_internals,
6554 * Migrate printers from a print-server
6556 * @param argc Standard main() style argc
6557 * @param argv Standard main() style argv. Initial components are already
6560 * @return A shell status integer (0 for success)
6562 static int rpc_printer_migrate_printers(int argc, const char **argv)
6565 printf("no server to migrate\n");
6569 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6570 rpc_printer_migrate_printers_internals,
6575 * Migrate printer-ACLs from a print-server
6577 * @param argc Standard main() style argc
6578 * @param argv Standard main() style argv. Initial components are already
6581 * @return A shell status integer (0 for success)
6583 static int rpc_printer_migrate_security(int argc, const char **argv)
6586 printf("no server to migrate\n");
6590 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6591 rpc_printer_migrate_security_internals,
6596 * Migrate printer-settings from a print-server
6598 * @param argc Standard main() style argc
6599 * @param argv Standard main() style argv. Initial components are already
6602 * @return A shell status integer (0 for success)
6604 static int rpc_printer_migrate_settings(int argc, const char **argv)
6607 printf("no server to migrate\n");
6611 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6612 rpc_printer_migrate_settings_internals,
6617 * 'net rpc printer' entrypoint.
6618 * @param argc Standard main() style argc
6619 * @param argv Standard main() style argv. Initial components are already
6623 int rpc_printer_migrate(int argc, const char **argv)
6626 /* ouch: when addriver and setdriver are called from within
6627 rpc_printer_migrate_drivers_internals, the printer-queue already
6630 struct functable func[] = {
6631 {"all", rpc_printer_migrate_all},
6632 {"drivers", rpc_printer_migrate_drivers},
6633 {"forms", rpc_printer_migrate_forms},
6634 {"help", rpc_printer_usage},
6635 {"printers", rpc_printer_migrate_printers},
6636 {"security", rpc_printer_migrate_security},
6637 {"settings", rpc_printer_migrate_settings},
6641 return net_run_function(argc, argv, func, rpc_printer_usage);
6646 * List printers on a remote RPC server
6648 * @param argc Standard main() style argc
6649 * @param argv Standard main() style argv. Initial components are already
6652 * @return A shell status integer (0 for success)
6654 static int rpc_printer_list(int argc, const char **argv)
6657 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6658 rpc_printer_list_internals,
6663 * List printer-drivers on a remote RPC server
6665 * @param argc Standard main() style argc
6666 * @param argv Standard main() style argv. Initial components are already
6669 * @return A shell status integer (0 for success)
6671 static int rpc_printer_driver_list(int argc, const char **argv)
6674 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6675 rpc_printer_driver_list_internals,
6680 * Publish printer in ADS via MSRPC
6682 * @param argc Standard main() style argc
6683 * @param argv Standard main() style argv. Initial components are already
6686 * @return A shell status integer (0 for success)
6688 static int rpc_printer_publish_publish(int argc, const char **argv)
6691 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6692 rpc_printer_publish_publish_internals,
6697 * Update printer in ADS via MSRPC
6699 * @param argc Standard main() style argc
6700 * @param argv Standard main() style argv. Initial components are already
6703 * @return A shell status integer (0 for success)
6705 static int rpc_printer_publish_update(int argc, const char **argv)
6708 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6709 rpc_printer_publish_update_internals,
6714 * UnPublish printer in ADS via MSRPC
6716 * @param argc Standard main() style argc
6717 * @param argv Standard main() style argv. Initial components are already
6720 * @return A shell status integer (0 for success)
6722 static int rpc_printer_publish_unpublish(int argc, const char **argv)
6725 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6726 rpc_printer_publish_unpublish_internals,
6731 * List published printers via MSRPC
6733 * @param argc Standard main() style argc
6734 * @param argv Standard main() style argv. Initial components are already
6737 * @return A shell status integer (0 for success)
6739 static int rpc_printer_publish_list(int argc, const char **argv)
6742 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6743 rpc_printer_publish_list_internals,
6749 * Publish printer in ADS
6751 * @param argc Standard main() style argc
6752 * @param argv Standard main() style argv. Initial components are already
6755 * @return A shell status integer (0 for success)
6757 static int rpc_printer_publish(int argc, const char **argv)
6760 struct functable func[] = {
6761 {"publish", rpc_printer_publish_publish},
6762 {"update", rpc_printer_publish_update},
6763 {"unpublish", rpc_printer_publish_unpublish},
6764 {"list", rpc_printer_publish_list},
6765 {"help", rpc_printer_usage},
6770 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6771 rpc_printer_publish_list_internals,
6774 return net_run_function(argc, argv, func, rpc_printer_usage);
6780 * Display rpc printer help page.
6781 * @param argc Standard main() style argc
6782 * @param argv Standard main() style argv. Initial components are already
6785 int rpc_printer_usage(int argc, const char **argv)
6787 return net_help_printer(argc, argv);
6791 * 'net rpc printer' entrypoint.
6792 * @param argc Standard main() style argc
6793 * @param argv Standard main() style argv. Initial components are already
6796 int net_rpc_printer(int argc, const char **argv)
6798 struct functable func[] = {
6799 {"list", rpc_printer_list},
6800 {"migrate", rpc_printer_migrate},
6801 {"driver", rpc_printer_driver_list},
6802 {"publish", rpc_printer_publish},
6807 return run_rpc_command(NULL, PI_SPOOLSS, 0,
6808 rpc_printer_list_internals,
6811 return net_run_function(argc, argv, func, rpc_printer_usage);
6814 /****************************************************************************/
6818 * Basic usage function for 'net rpc'
6819 * @param argc Standard main() style argc
6820 * @param argv Standard main() style argv. Initial components are already
6824 int net_rpc_usage(int argc, const char **argv)
6826 d_printf(" net rpc info \t\t\tshow basic info about a domain \n");
6827 d_printf(" net rpc join \t\t\tto join a domain \n");
6828 d_printf(" net rpc oldjoin \t\tto join a domain created in server manager\n");
6829 d_printf(" net rpc testjoin \t\ttests that a join is valid\n");
6830 d_printf(" net rpc user \t\t\tto add, delete and list users\n");
6831 d_printf(" net rpc password <username> [<password>] -Uadmin_username%%admin_pass\n");
6832 d_printf(" net rpc group \t\tto list groups\n");
6833 d_printf(" net rpc share \t\tto add, delete, list and migrate shares\n");
6834 d_printf(" net rpc printer \t\tto list and migrate printers\n");
6835 d_printf(" net rpc file \t\t\tto list open files\n");
6836 d_printf(" net rpc changetrustpw \tto change the trust account password\n");
6837 d_printf(" net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
6838 d_printf(" net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
6839 d_printf(" net rpc samdump \t\tdisplay an NT PDC's users, groups and other data\n");
6840 d_printf(" net rpc trustdom \t\tto create trusting domain's account or establish trust\n");
6841 d_printf(" net rpc abortshutdown \tto abort the shutdown of a remote server\n");
6842 d_printf(" net rpc shutdown \t\tto shutdown a remote server\n");
6843 d_printf(" net rpc rights\t\tto manage privileges assigned to SIDs\n");
6844 d_printf(" net rpc registry\t\tto manage registry hives\n");
6845 d_printf(" net rpc service\t\tto start, stop and query services\n");
6846 d_printf(" net rpc audit\t\t\tto modify global auditing settings\n");
6847 d_printf(" net rpc shell\t\t\tto open an interactive shell for remote server/account management\n");
6849 d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
6850 d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
6851 d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
6852 d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
6853 d_printf("\t-C or --comment=<message>\ttext message to display on impending shutdown\n");
6859 * Help function for 'net rpc'. Calls command specific help if requested
6860 * or displays usage of net rpc
6861 * @param argc Standard main() style argc
6862 * @param argv Standard main() style argv. Initial components are already
6866 int net_rpc_help(int argc, const char **argv)
6868 struct functable func[] = {
6869 {"join", rpc_join_usage},
6870 {"user", rpc_user_usage},
6871 {"group", rpc_group_usage},
6872 {"share", rpc_share_usage},
6873 /*{"changetrustpw", rpc_changetrustpw_usage}, */
6874 {"trustdom", rpc_trustdom_usage},
6875 /*{"abortshutdown", rpc_shutdown_abort_usage},*/
6876 /*{"shutdown", rpc_shutdown_usage}, */
6877 {"vampire", rpc_vampire_usage},
6882 net_rpc_usage(argc, argv);
6886 return (net_run_function(argc, argv, func, rpc_user_usage));
6890 * 'net rpc' entrypoint.
6891 * @param argc Standard main() style argc
6892 * @param argv Standard main() style argv. Initial components are already
6896 int net_rpc(int argc, const char **argv)
6898 struct functable func[] = {
6899 {"audit", net_rpc_audit},
6900 {"info", net_rpc_info},
6901 {"join", net_rpc_join},
6902 {"oldjoin", net_rpc_oldjoin},
6903 {"testjoin", net_rpc_testjoin},
6904 {"user", net_rpc_user},
6905 {"password", rpc_user_password},
6906 {"group", net_rpc_group},
6907 {"share", net_rpc_share},
6908 {"file", net_rpc_file},
6909 {"printer", net_rpc_printer},
6910 {"changetrustpw", net_rpc_changetrustpw},
6911 {"trustdom", rpc_trustdom},
6912 {"abortshutdown", rpc_shutdown_abort},
6913 {"shutdown", rpc_shutdown},
6914 {"samdump", rpc_samdump},
6915 {"vampire", rpc_vampire},
6916 {"getsid", net_rpc_getsid},
6917 {"rights", net_rpc_rights},
6918 {"service", net_rpc_service},
6919 {"registry", net_rpc_registry},
6920 {"shell", net_rpc_shell},
6921 {"help", net_rpc_help},
6924 return net_run_function(argc, argv, func, net_rpc_usage);
git.samba.org / samba.git / blob