2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
22 #include "../utils/net.h"
27 * @brief RPC based subcommands for the 'net' utility.
29 * This file should contain much of the functionality that used to
30 * be found in rpcclient, execpt that the commands should change
31 * less often, and the fucntionality should be sane (the user is not
32 * expected to know a rid/sid before they conduct an operation etc.)
34 * @todo Perhaps eventually these should be split out into a number
35 * of files, as this could get quite big.
39 /* A function of this type is passed to the 'run_rpc_command' wrapper */
40 typedef NTSTATUS (*rpc_command_fn)(const DOM_SID *, struct cli_state *, TALLOC_CTX *, int, const char **);
43 * Many of the RPC functions need the domain sid. This function gets
44 * it at the start of every run
46 * @param cli A cli_state already connected to the remote machine
48 * @return The Domain SID of the remote machine.
51 static DOM_SID *net_get_remote_domain_sid(struct cli_state *cli)
55 NTSTATUS result = NT_STATUS_OK;
56 uint32 info_class = 5;
60 if (!(domain_sid = malloc(sizeof(DOM_SID)))){
61 DEBUG(0,("net_get_remote_domain_sid: malloc returned NULL!\n"));
65 if (!(mem_ctx=talloc_init("net_get_remote_domain_sid")))
67 DEBUG(0,("net_get_remote_domain_sid: talloc_init returned NULL!\n"));
72 if (!cli_nt_session_open (cli, PI_LSARPC)) {
73 fprintf(stderr, "could not initialise lsa pipe\n");
77 result = cli_lsa_open_policy(cli, mem_ctx, False,
78 SEC_RIGHTS_MAXIMUM_ALLOWED,
80 if (!NT_STATUS_IS_OK(result)) {
84 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
85 domain_name, domain_sid);
86 if (!NT_STATUS_IS_OK(result)) {
90 cli_lsa_close(cli, mem_ctx, &pol);
91 cli_nt_session_close(cli);
92 talloc_destroy(mem_ctx);
97 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
99 if (!NT_STATUS_IS_OK(result)) {
100 fprintf(stderr, "error: %s\n", nt_errstr(result));
107 * Run a single RPC command, from start to finish.
109 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
110 * @param conn_flag a NET_FLAG_ combination. Passed to
111 * net_make_ipc_connection.
112 * @param argc Standard main() style argc
113 * @param argc Standard main() style argv. Initial components are already
115 * @return A shell status integer (0 for success)
118 static int run_rpc_command(struct cli_state *cli_arg, const int pipe_idx, int conn_flags,
120 int argc, const char **argv)
122 struct cli_state *cli = NULL;
127 /* make use of cli_state handed over as an argument, if possible */
129 cli = net_make_ipc_connection(conn_flags);
137 domain_sid = net_get_remote_domain_sid(cli);
141 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
142 DEBUG(0, ("talloc_init() failed\n"));
147 if (!cli_nt_session_open(cli, pipe_idx)) {
148 DEBUG(0, ("Could not initialise pipe\n"));
151 nt_status = fn(domain_sid, cli, mem_ctx, argc, argv);
153 if (!NT_STATUS_IS_OK(nt_status)) {
154 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
156 DEBUG(5, ("rpc command function succedded\n"));
160 if (cli->nt_pipe_fnum)
161 cli_nt_session_close(cli);
163 /* close the connection only if it was opened here */
167 talloc_destroy(mem_ctx);
169 return (!NT_STATUS_IS_OK(nt_status));
173 /****************************************************************************/
177 * Force a change of the trust acccount password.
179 * All parameters are provided by the run_rpc_command function, except for
180 * argc, argv which are passes through.
182 * @param domain_sid The domain sid aquired from the remote server
183 * @param cli A cli_state connected to the server.
184 * @param mem_ctx Talloc context, destoyed on compleation of the function.
185 * @param argc Standard main() style argc
186 * @param argc Standard main() style argv. Initial components are already
189 * @return Normal NTSTATUS return.
192 static NTSTATUS rpc_changetrustpw_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
193 int argc, const char **argv) {
195 return trust_pw_find_change_and_store_it(cli, mem_ctx, opt_target_workgroup);
199 * Force a change of the trust acccount password.
201 * @param argc Standard main() style argc
202 * @param argc Standard main() style argv. Initial components are already
205 * @return A shell status integer (0 for success)
208 int net_rpc_changetrustpw(int argc, const char **argv)
210 return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_changetrustpw_internals,
215 /****************************************************************************/
219 * Join a domain, the old way.
221 * This uses 'machinename' as the inital password, and changes it.
223 * The password should be created with 'server manager' or equiv first.
225 * All parameters are provided by the run_rpc_command function, except for
226 * argc, argv which are passes through.
228 * @param domain_sid The domain sid aquired from the remote server
229 * @param cli A cli_state connected to the server.
230 * @param mem_ctx Talloc context, destoyed on compleation of the function.
231 * @param argc Standard main() style argc
232 * @param argc Standard main() style argv. Initial components are already
235 * @return Normal NTSTATUS return.
238 static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid, struct cli_state *cli,
240 int argc, const char **argv) {
242 fstring trust_passwd;
243 unsigned char orig_trust_passwd_hash[16];
245 uint32 sec_channel_type;
248 check what type of join - if the user want's to join as
249 a BDC, the server must agree that we are a BDC.
252 sec_channel_type = get_sec_channel_type(argv[0]);
254 sec_channel_type = get_sec_channel_type(NULL);
257 fstrcpy(trust_passwd, global_myname());
258 strlower(trust_passwd);
261 * Machine names can be 15 characters, but the max length on
262 * a password is 14. --jerry
265 trust_passwd[14] = '\0';
267 E_md4hash(trust_passwd, orig_trust_passwd_hash);
269 result = trust_pw_change_and_store_it(cli, mem_ctx, opt_target_workgroup,
270 orig_trust_passwd_hash,
273 if (NT_STATUS_IS_OK(result))
274 printf("Joined domain %s.\n",opt_target_workgroup);
277 if (!secrets_store_domain_sid(opt_target_workgroup, domain_sid)) {
278 DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup));
279 result = NT_STATUS_UNSUCCESSFUL;
286 * Join a domain, the old way.
288 * @param argc Standard main() style argc
289 * @param argc Standard main() style argv. Initial components are already
292 * @return A shell status integer (0 for success)
295 static int net_rpc_oldjoin(int argc, const char **argv)
297 return run_rpc_command(NULL, PI_NETLOGON,
298 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
299 rpc_oldjoin_internals,
304 * Basic usage function for 'net rpc join'
305 * @param argc Standard main() style argc
306 * @param argc Standard main() style argv. Initial components are already
310 static int rpc_join_usage(int argc, const char **argv)
312 d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
313 "\t to join a domain with admin username & password\n"\
314 "\t\t password will be prompted if needed and none is specified\n"\
315 "\t <type> can be (default MEMBER)\n"\
316 "\t\t BDC - Join as a BDC\n"\
317 "\t\t PDC - Join as a PDC\n"\
318 "\t\t MEMBER - Join as a MEMBER server\n");
320 net_common_flags_usage(argc, argv);
325 * 'net rpc join' entrypoint.
326 * @param argc Standard main() style argc
327 * @param argc Standard main() style argv. Initial components are already
330 * Main 'net_rpc_join()' (where the admain username/password is used) is
332 * Try to just change the password, but if that doesn't work, use/prompt
333 * for a username/password.
336 int net_rpc_join(int argc, const char **argv)
338 if ((net_rpc_oldjoin(argc, argv) == 0))
341 return net_rpc_join_newstyle(argc, argv);
347 * display info about a rpc domain
349 * All parameters are provided by the run_rpc_command function, except for
350 * argc, argv which are passed through.
352 * @param domain_sid The domain sid acquired from the remote server
353 * @param cli A cli_state connected to the server.
354 * @param mem_ctx Talloc context, destoyed on completion of the function.
355 * @param argc Standard main() style argc
356 * @param argv Standard main() style argv. Initial components are already
359 * @return Normal NTSTATUS return.
363 rpc_info_internals(const DOM_SID *domain_sid, struct cli_state *cli,
364 TALLOC_CTX *mem_ctx, int argc, const char **argv)
366 POLICY_HND connect_pol, domain_pol;
367 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
371 sid_to_string(sid_str, domain_sid);
373 /* Get sam policy handle */
374 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
376 if (!NT_STATUS_IS_OK(result)) {
380 /* Get domain policy handle */
381 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
382 MAXIMUM_ALLOWED_ACCESS,
383 domain_sid, &domain_pol);
384 if (!NT_STATUS_IS_OK(result)) {
389 result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
391 if (NT_STATUS_IS_OK(result)) {
392 TALLOC_CTX *ctx = talloc_init("rpc_info_internals");
393 d_printf("Domain Name: %s\n", unistr2_tdup(ctx, &ctr.info.inf2.uni_domain));
394 d_printf("Domain SID: %s\n", sid_str);
395 d_printf("Sequence number: %u\n", ctr.info.inf2.seq_num);
396 d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs);
397 d_printf("Num domain groups: %u\n", ctr.info.inf2.num_domain_grps);
398 d_printf("Num local groups: %u\n", ctr.info.inf2.num_local_grps);
408 * 'net rpc info' entrypoint.
409 * @param argc Standard main() style argc
410 * @param argc Standard main() style argv. Initial components are already
413 int net_rpc_info(int argc, const char **argv)
415 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
422 * Fetch domain SID into the local secrets.tdb
424 * All parameters are provided by the run_rpc_command function, except for
425 * argc, argv which are passes through.
427 * @param domain_sid The domain sid acquired from the remote server
428 * @param cli A cli_state connected to the server.
429 * @param mem_ctx Talloc context, destoyed on completion of the function.
430 * @param argc Standard main() style argc
431 * @param argv Standard main() style argv. Initial components are already
434 * @return Normal NTSTATUS return.
438 rpc_getsid_internals(const DOM_SID *domain_sid, struct cli_state *cli,
439 TALLOC_CTX *mem_ctx, int argc, const char **argv)
443 sid_to_string(sid_str, domain_sid);
444 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
445 sid_str, lp_workgroup());
447 if (!secrets_store_domain_sid(global_myname(), domain_sid)) {
448 DEBUG(0,("Can't store domain SID\n"));
449 return NT_STATUS_UNSUCCESSFUL;
457 * 'net rpc getsid' entrypoint.
458 * @param argc Standard main() style argc
459 * @param argc Standard main() style argv. Initial components are already
462 int net_rpc_getsid(int argc, const char **argv)
464 return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
465 rpc_getsid_internals,
470 /****************************************************************************/
473 * Basic usage function for 'net rpc user'
474 * @param argc Standard main() style argc.
475 * @param argv Standard main() style argv. Initial components are already
479 static int rpc_user_usage(int argc, const char **argv)
481 return net_help_user(argc, argv);
485 * Add a new user to a remote RPC server
487 * All parameters are provided by the run_rpc_command function, except for
488 * argc, argv which are passes through.
490 * @param domain_sid The domain sid acquired from the remote server
491 * @param cli A cli_state connected to the server.
492 * @param mem_ctx Talloc context, destoyed on completion of the function.
493 * @param argc Standard main() style argc
494 * @param argv Standard main() style argv. Initial components are already
497 * @return Normal NTSTATUS return.
500 static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
501 int argc, const char **argv) {
503 POLICY_HND connect_pol, domain_pol, user_pol;
504 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
505 const char *acct_name;
507 uint32 unknown, user_rid;
510 d_printf("User must be specified\n");
511 rpc_user_usage(argc, argv);
517 /* Get sam policy handle */
519 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
521 if (!NT_STATUS_IS_OK(result)) {
525 /* Get domain policy handle */
527 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
528 MAXIMUM_ALLOWED_ACCESS,
529 domain_sid, &domain_pol);
530 if (!NT_STATUS_IS_OK(result)) {
534 /* Create domain user */
536 acb_info = ACB_NORMAL;
537 unknown = 0xe005000b; /* No idea what this is - a permission mask? */
539 result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
540 acct_name, acb_info, unknown,
541 &user_pol, &user_rid);
542 if (!NT_STATUS_IS_OK(result)) {
547 if (!NT_STATUS_IS_OK(result)) {
548 d_printf("Failed to add user %s - %s\n", acct_name,
551 d_printf("Added user %s\n", acct_name);
557 * Add a new user to a remote RPC server
559 * @param argc Standard main() style argc
560 * @param argv Standard main() style argv. Initial components are already
563 * @return A shell status integer (0 for success)
566 static int rpc_user_add(int argc, const char **argv)
568 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_add_internals,
573 * Delete a user from a remote RPC server
575 * All parameters are provided by the run_rpc_command function, except for
576 * argc, argv which are passes through.
578 * @param domain_sid The domain sid acquired from the remote server
579 * @param cli A cli_state connected to the server.
580 * @param mem_ctx Talloc context, destoyed on completion of the function.
581 * @param argc Standard main() style argc
582 * @param argv Standard main() style argv. Initial components are already
585 * @return Normal NTSTATUS return.
588 static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
589 struct cli_state *cli,
591 int argc, const char **argv)
593 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
594 POLICY_HND connect_pol, domain_pol, user_pol;
597 d_printf("User must be specified\n");
598 rpc_user_usage(argc, argv);
601 /* Get sam policy and domain handles */
603 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
606 if (!NT_STATUS_IS_OK(result)) {
610 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
611 MAXIMUM_ALLOWED_ACCESS,
612 domain_sid, &domain_pol);
614 if (!NT_STATUS_IS_OK(result)) {
618 /* Get handle on user */
621 uint32 *user_rids, num_rids, *name_types;
622 uint32 flags = 0x000003e8; /* Unknown */
624 result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
626 &num_rids, &user_rids,
629 if (!NT_STATUS_IS_OK(result)) {
633 result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
634 MAXIMUM_ALLOWED_ACCESS,
635 user_rids[0], &user_pol);
637 if (!NT_STATUS_IS_OK(result)) {
644 result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
646 if (!NT_STATUS_IS_OK(result)) {
650 /* Display results */
658 * Delete a user from a remote RPC server
660 * @param argc Standard main() style argc
661 * @param argv Standard main() style argv. Initial components are already
664 * @return A shell status integer (0 for success)
667 static int rpc_user_delete(int argc, const char **argv)
669 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_del_internals,
674 * List user's groups on a remote RPC server
676 * All parameters are provided by the run_rpc_command function, except for
677 * argc, argv which are passes through.
679 * @param domain_sid The domain sid acquired from the remote server
680 * @param cli A cli_state connected to the server.
681 * @param mem_ctx Talloc context, destoyed on completion of the function.
682 * @param argc Standard main() style argc
683 * @param argv Standard main() style argv. Initial components are already
686 * @return Normal NTSTATUS return.
690 rpc_user_info_internals(const DOM_SID *domain_sid, struct cli_state *cli,
691 TALLOC_CTX *mem_ctx, int argc, const char **argv)
693 POLICY_HND connect_pol, domain_pol, user_pol;
694 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
695 uint32 *rids, num_rids, *name_types, num_names;
696 uint32 flags = 0x000003e8; /* Unknown */
702 d_printf("User must be specified\n");
703 rpc_user_usage(argc, argv);
706 /* Get sam policy handle */
708 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
710 if (!NT_STATUS_IS_OK(result)) goto done;
712 /* Get domain policy handle */
714 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
715 MAXIMUM_ALLOWED_ACCESS,
716 domain_sid, &domain_pol);
717 if (!NT_STATUS_IS_OK(result)) goto done;
719 /* Get handle on user */
721 result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
723 &num_rids, &rids, &name_types);
725 if (!NT_STATUS_IS_OK(result)) goto done;
727 result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
728 MAXIMUM_ALLOWED_ACCESS,
730 if (!NT_STATUS_IS_OK(result)) goto done;
732 result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol,
733 &num_rids, &user_gids);
737 rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
739 for (i = 0; i < num_rids; i++)
740 rids[i] = user_gids[i].g_rid;
742 result = cli_samr_lookup_rids(cli, mem_ctx, &domain_pol,
743 flags, num_rids, rids,
744 &num_names, &names, &name_types);
746 if (!NT_STATUS_IS_OK(result)) {
750 /* Display results */
752 for (i = 0; i < num_names; i++)
753 printf("%s\n", names[i]);
760 * List a user's groups from a remote RPC server
762 * @param argc Standard main() style argc
763 * @param argv Standard main() style argv. Initial components are already
766 * @return A shell status integer (0 for success)
769 static int rpc_user_info(int argc, const char **argv)
771 return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
776 * List users on a remote RPC server
778 * All parameters are provided by the run_rpc_command function, except for
779 * argc, argv which are passes through.
781 * @param domain_sid The domain sid acquired from the remote server
782 * @param cli A cli_state connected to the server.
783 * @param mem_ctx Talloc context, destoyed on completion of the function.
784 * @param argc Standard main() style argc
785 * @param argv Standard main() style argv. Initial components are already
788 * @return Normal NTSTATUS return.
792 rpc_user_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
793 TALLOC_CTX *mem_ctx, int argc, const char **argv)
795 POLICY_HND connect_pol, domain_pol;
796 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
797 uint32 start_idx=0, num_entries, i, loop_count = 0;
798 SAM_DISPINFO_CTR ctr;
799 SAM_DISPINFO_1 info1;
801 /* Get sam policy handle */
803 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
805 if (!NT_STATUS_IS_OK(result)) {
809 /* Get domain policy handle */
811 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
812 MAXIMUM_ALLOWED_ACCESS,
813 domain_sid, &domain_pol);
814 if (!NT_STATUS_IS_OK(result)) {
818 /* Query domain users */
821 ctr.sam.info1 = &info1;
822 if (opt_long_list_entries)
823 d_printf("\nUser name Comment"\
824 "\n-----------------------------\n");
827 uint32 max_entries, max_size;
829 get_query_dispinfo_params(
830 loop_count, &max_entries, &max_size);
832 result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
833 &start_idx, 1, &num_entries,
834 max_entries, max_size, &ctr);
837 for (i = 0; i < num_entries; i++) {
838 unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user)-1);
839 if (opt_long_list_entries)
840 unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)-1);
842 if (opt_long_list_entries)
843 printf("%-21.21s %s\n", user, desc);
845 printf("%s\n", user);
847 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
854 * 'net rpc user' entrypoint.
855 * @param argc Standard main() style argc
856 * @param argc Standard main() style argv. Initial components are already
860 int net_rpc_user(int argc, const char **argv)
862 struct functable func[] = {
863 {"add", rpc_user_add},
864 {"info", rpc_user_info},
865 {"delete", rpc_user_delete},
870 if (opt_long_list_entries) {
873 return run_rpc_command(NULL,PI_SAMR, 0,
874 rpc_user_list_internals,
878 return net_run_function(argc, argv, func, rpc_user_usage);
882 /****************************************************************************/
885 * Basic usage function for 'net rpc group'
886 * @param argc Standard main() style argc.
887 * @param argv Standard main() style argv. Initial components are already
891 static int rpc_group_usage(int argc, const char **argv)
893 return net_help_group(argc, argv);
897 * List groups on a remote RPC server
899 * All parameters are provided by the run_rpc_command function, except for
900 * argc, argv which are passes through.
902 * @param domain_sid The domain sid acquired from the remote server
903 * @param cli A cli_state connected to the server.
904 * @param mem_ctx Talloc context, destoyed on completion of the function.
905 * @param argc Standard main() style argc
906 * @param argv Standard main() style argv. Initial components are already
909 * @return Normal NTSTATUS return.
913 rpc_group_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
914 TALLOC_CTX *mem_ctx, int argc, const char **argv)
916 POLICY_HND connect_pol, domain_pol;
917 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
918 uint32 start_idx=0, max_entries=250, num_entries, i;
919 struct acct_info *groups;
920 DOM_SID global_sid_Builtin;
922 string_to_sid(&global_sid_Builtin, "S-1-5-32");
924 /* Get sam policy handle */
926 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
928 if (!NT_STATUS_IS_OK(result)) {
932 /* Get domain policy handle */
934 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
935 MAXIMUM_ALLOWED_ACCESS,
936 domain_sid, &domain_pol);
937 if (!NT_STATUS_IS_OK(result)) {
941 /* Query domain groups */
942 if (opt_long_list_entries)
943 d_printf("\nGroup name Comment"\
944 "\n-----------------------------\n");
946 result = cli_samr_enum_dom_groups(cli, mem_ctx, &domain_pol,
947 &start_idx, max_entries,
948 &groups, &num_entries);
950 for (i = 0; i < num_entries; i++) {
951 if (opt_long_list_entries)
952 printf("%-21.21s %-50.50s\n",
954 groups[i].acct_desc);
956 printf("%-21.21s\n", groups[i].acct_name);
958 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
959 /* query domain aliases */
961 result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol,
962 &start_idx, max_entries,
963 &groups, &num_entries);
965 for (i = 0; i < num_entries; i++) {
966 if (opt_long_list_entries)
967 printf("%-21.21s %-50.50s\n",
969 groups[i].acct_desc);
971 printf("%-21.21s\n", groups[i].acct_name);
973 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
974 cli_samr_close(cli, mem_ctx, &domain_pol);
975 /* Get builtin policy handle */
977 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
978 MAXIMUM_ALLOWED_ACCESS,
979 &global_sid_Builtin, &domain_pol);
980 if (!NT_STATUS_IS_OK(result)) {
983 /* query builtin aliases */
985 result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol,
986 &start_idx, max_entries,
987 &groups, &num_entries);
989 for (i = 0; i < num_entries; i++) {
990 if (opt_long_list_entries)
991 printf("%-21.21s %-50.50s\n",
993 groups[i].acct_desc);
995 printf("%s\n", groups[i].acct_name);
997 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1004 * 'net rpc group' entrypoint.
1005 * @param argc Standard main() style argc
1006 * @param argc Standard main() style argv. Initial components are already
1010 int net_rpc_group(int argc, const char **argv)
1012 struct functable func[] = {
1014 {"add", rpc_group_add},
1015 {"delete", rpc_group_delete},
1021 if (opt_long_list_entries) {
1024 return run_rpc_command(NULL, PI_SAMR, 0,
1025 rpc_group_list_internals,
1029 return net_run_function(argc, argv, func, rpc_group_usage);
1032 /****************************************************************************/
1034 static int rpc_share_usage(int argc, const char **argv)
1036 return net_help_share(argc, argv);
1040 * Add a share on a remote RPC server
1042 * All parameters are provided by the run_rpc_command function, except for
1043 * argc, argv which are passes through.
1045 * @param domain_sid The domain sid acquired from the remote server
1046 * @param cli A cli_state connected to the server.
1047 * @param mem_ctx Talloc context, destoyed on completion of the function.
1048 * @param argc Standard main() style argc
1049 * @param argv Standard main() style argv. Initial components are already
1052 * @return Normal NTSTATUS return.
1055 rpc_share_add_internals(const DOM_SID *domain_sid, struct cli_state *cli,
1056 TALLOC_CTX *mem_ctx,int argc, const char **argv)
1059 char *sharename=talloc_strdup(mem_ctx, argv[0]);
1061 uint32 type=0; /* only allow disk shares to be added */
1062 uint32 num_users=0, perms=0;
1063 char *password=NULL; /* don't allow a share password */
1065 path = strchr(sharename, '=');
1067 return NT_STATUS_UNSUCCESSFUL;
1070 result = cli_srvsvc_net_share_add(cli, mem_ctx, sharename, type,
1071 opt_comment, perms, opt_maxusers,
1072 num_users, path, password);
1073 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1076 static int rpc_share_add(int argc, const char **argv)
1078 if ((argc < 1) || !strchr(argv[0], '=')) {
1079 DEBUG(1,("Sharename or path not specified on add\n"));
1080 return rpc_share_usage(argc, argv);
1082 return run_rpc_command(NULL, PI_SRVSVC, 0,
1083 rpc_share_add_internals,
1088 * Delete a share on a remote RPC server
1090 * All parameters are provided by the run_rpc_command function, except for
1091 * argc, argv which are passes through.
1093 * @param domain_sid The domain sid acquired from the remote server
1094 * @param cli A cli_state connected to the server.
1095 * @param mem_ctx Talloc context, destoyed on completion of the function.
1096 * @param argc Standard main() style argc
1097 * @param argv Standard main() style argv. Initial components are already
1100 * @return Normal NTSTATUS return.
1103 rpc_share_del_internals(const DOM_SID *domain_sid, struct cli_state *cli,
1104 TALLOC_CTX *mem_ctx,int argc, const char **argv)
1108 result = cli_srvsvc_net_share_del(cli, mem_ctx, argv[0]);
1109 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1113 * Delete a share on a remote RPC server
1115 * @param domain_sid The domain sid acquired from the remote server
1116 * @param argc Standard main() style argc
1117 * @param argv Standard main() style argv. Initial components are already
1120 * @return A shell status integer (0 for success)
1122 static int rpc_share_delete(int argc, const char **argv)
1125 DEBUG(1,("Sharename not specified on delete\n"));
1126 return rpc_share_usage(argc, argv);
1128 return run_rpc_command(NULL, PI_SRVSVC, 0,
1129 rpc_share_del_internals,
1134 * Formatted print of share info
1136 * @param info1 pointer to SRV_SHARE_INFO_1 to format
1139 static void display_share_info_1(SRV_SHARE_INFO_1 *info1)
1141 fstring netname = "", remark = "";
1143 rpcstr_pull_unistr2_fstring(netname, &info1->info_1_str.uni_netname);
1144 rpcstr_pull_unistr2_fstring(remark, &info1->info_1_str.uni_remark);
1146 if (opt_long_list_entries) {
1147 d_printf("%-12.12s %-8.8s %-50.50s\n",
1148 netname, share_type[info1->info_1.type], remark);
1150 d_printf("%-12.12s\n", netname);
1156 * List shares on a remote RPC server
1158 * All parameters are provided by the run_rpc_command function, except for
1159 * argc, argv which are passes through.
1161 * @param domain_sid The domain sid acquired from the remote server
1162 * @param cli A cli_state connected to the server.
1163 * @param mem_ctx Talloc context, destoyed on completion of the function.
1164 * @param argc Standard main() style argc
1165 * @param argv Standard main() style argv. Initial components are already
1168 * @return Normal NTSTATUS return.
1172 rpc_share_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
1173 TALLOC_CTX *mem_ctx, int argc, const char **argv)
1175 SRV_SHARE_INFO_CTR ctr;
1178 uint32 preferred_len = 0xffffffff, i;
1180 init_enum_hnd(&hnd, 0);
1182 result = cli_srvsvc_net_share_enum(
1183 cli, mem_ctx, 1, &ctr, preferred_len, &hnd);
1185 if (!W_ERROR_IS_OK(result))
1188 /* Display results */
1190 if (opt_long_list_entries) {
1192 "\nEnumerating shared resources (exports) on remote server:\n\n"\
1193 "\nShare name Type Description\n"\
1194 "---------- ---- -----------\n");
1196 for (i = 0; i < ctr.num_entries; i++)
1197 display_share_info_1(&ctr.share.info1[i]);
1199 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1203 * 'net rpc share' entrypoint.
1204 * @param argc Standard main() style argc
1205 * @param argv Standard main() style argv. Initial components are already
1209 int net_rpc_share(int argc, const char **argv)
1211 struct functable func[] = {
1212 {"add", rpc_share_add},
1213 {"delete", rpc_share_delete},
1218 return run_rpc_command(NULL, PI_SRVSVC, 0,
1219 rpc_share_list_internals,
1222 return net_run_function(argc, argv, func, rpc_share_usage);
1225 /****************************************************************************/
1227 static int rpc_file_usage(int argc, const char **argv)
1229 return net_help_file(argc, argv);
1233 * Close a file on a remote RPC server
1235 * All parameters are provided by the run_rpc_command function, except for
1236 * argc, argv which are passes through.
1238 * @param domain_sid The domain sid acquired from the remote server
1239 * @param cli A cli_state connected to the server.
1240 * @param mem_ctx Talloc context, destoyed on completion of the function.
1241 * @param argc Standard main() style argc
1242 * @param argv Standard main() style argv. Initial components are already
1245 * @return Normal NTSTATUS return.
1248 rpc_file_close_internals(const DOM_SID *domain_sid, struct cli_state *cli,
1249 TALLOC_CTX *mem_ctx, int argc, const char **argv)
1252 result = cli_srvsvc_net_file_close(cli, mem_ctx, atoi(argv[0]));
1253 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1257 * Close a file on a remote RPC server
1259 * @param argc Standard main() style argc
1260 * @param argv Standard main() style argv. Initial components are already
1263 * @return A shell status integer (0 for success)
1265 static int rpc_file_close(int argc, const char **argv)
1268 DEBUG(1, ("No fileid given on close\n"));
1269 return(rpc_file_usage(argc, argv));
1272 return run_rpc_command(NULL, PI_SRVSVC, 0,
1273 rpc_file_close_internals,
1278 * Formatted print of open file info
1280 * @param info3 FILE_INFO_3 contents
1281 * @param str3 strings for FILE_INFO_3
1284 static void display_file_info_3(FILE_INFO_3 *info3, FILE_INFO_3_STR *str3)
1286 fstring user = "", path = "";
1288 rpcstr_pull_unistr2_fstring(user, &str3->uni_user_name);
1289 rpcstr_pull_unistr2_fstring(path, &str3->uni_path_name);
1291 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
1292 info3->id, user, info3->perms, info3->num_locks, path);
1296 * List open files on a remote RPC server
1298 * All parameters are provided by the run_rpc_command function, except for
1299 * argc, argv which are passes through.
1301 * @param domain_sid The domain sid acquired from the remote server
1302 * @param cli A cli_state connected to the server.
1303 * @param mem_ctx Talloc context, destoyed on completion of the function.
1304 * @param argc Standard main() style argc
1305 * @param argv Standard main() style argv. Initial components are already
1308 * @return Normal NTSTATUS return.
1312 rpc_file_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
1313 TALLOC_CTX *mem_ctx, int argc, const char **argv)
1315 SRV_FILE_INFO_CTR ctr;
1318 uint32 preferred_len = 0xffffffff, i;
1319 const char *username=NULL;
1321 init_enum_hnd(&hnd, 0);
1323 /* if argc > 0, must be user command */
1325 username = smb_xstrdup(argv[0]);
1327 result = cli_srvsvc_net_file_enum(
1328 cli, mem_ctx, 3, username, &ctr, preferred_len, &hnd);
1330 if (!W_ERROR_IS_OK(result))
1333 /* Display results */
1336 "\nEnumerating open files on remote server:\n\n"\
1337 "\nFileId Opened by Perms Locks Path"\
1338 "\n------ --------- ----- ----- ---- \n");
1339 for (i = 0; i < ctr.num_entries; i++)
1340 display_file_info_3(&ctr.file.info3[i].info_3,
1341 &ctr.file.info3[i].info_3_str);
1343 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1348 * List files for a user on a remote RPC server
1350 * @param argc Standard main() style argc
1351 * @param argv Standard main() style argv. Initial components are already
1354 * @return A shell status integer (0 for success)
1356 static int rpc_file_user(int argc, const char **argv)
1359 DEBUG(1, ("No username given\n"));
1360 return(rpc_file_usage(argc, argv));
1363 return run_rpc_command(NULL, PI_SRVSVC, 0,
1364 rpc_file_list_internals,
1370 * 'net rpc file' entrypoint.
1371 * @param argc Standard main() style argc
1372 * @param argv Standard main() style argv. Initial components are already
1376 int net_rpc_file(int argc, const char **argv)
1378 struct functable func[] = {
1379 {"close", rpc_file_close},
1380 {"user", rpc_file_user},
1382 {"info", rpc_file_info},
1388 return run_rpc_command(NULL, PI_SRVSVC, 0,
1389 rpc_file_list_internals,
1392 return net_run_function(argc, argv, func, rpc_file_usage);
1395 /****************************************************************************/
1400 * ABORT the shutdown of a remote RPC Server
1402 * All parameters are provided by the run_rpc_command function, except for
1403 * argc, argv which are passed through.
1405 * @param domain_sid The domain sid aquired from the remote server
1406 * @param cli A cli_state connected to the server.
1407 * @param mem_ctx Talloc context, destoyed on compleation of the function.
1408 * @param argc Standard main() style argc
1409 * @param argv Standard main() style argv. Initial components are already
1412 * @return Normal NTSTATUS return.
1415 static NTSTATUS rpc_shutdown_abort_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
1416 int argc, const char **argv)
1418 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1420 result = cli_reg_abort_shutdown(cli, mem_ctx);
1422 if (NT_STATUS_IS_OK(result))
1423 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
1425 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
1432 * ABORT the Shut down of a remote RPC server
1434 * @param argc Standard main() style argc
1435 * @param argv Standard main() style argv. Initial components are already
1438 * @return A shell status integer (0 for success)
1441 static int rpc_shutdown_abort(int argc, const char **argv)
1443 return run_rpc_command(NULL, PI_WINREG, 0, rpc_shutdown_abort_internals,
1448 * Shut down a remote RPC Server
1450 * All parameters are provided by the run_rpc_command function, except for
1451 * argc, argv which are passes through.
1453 * @param domain_sid The domain sid aquired from the remote server
1454 * @param cli A cli_state connected to the server.
1455 * @param mem_ctx Talloc context, destoyed on compleation of the function.
1456 * @param argc Standard main() style argc
1457 * @param argc Standard main() style argv. Initial components are already
1460 * @return Normal NTSTATUS return.
1463 static NTSTATUS rpc_shutdown_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
1464 int argc, const char **argv)
1466 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1467 const char *msg = "This machine will be shutdown shortly";
1468 uint32 timeout = 20;
1473 struct poptOption long_options[] = {
1474 {"message", 'm', POPT_ARG_STRING, &msg},
1475 {"timeout", 't', POPT_ARG_INT, &timeout},
1476 {"reboot", 'r', POPT_ARG_NONE, &reboot},
1477 {"force", 'f', POPT_ARG_NONE, &force},
1481 pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
1482 POPT_CONTEXT_KEEP_FIRST);
1484 rc = poptGetNextOpt(pc);
1487 /* an error occurred during option processing */
1488 DEBUG(0, ("%s: %s\n",
1489 poptBadOption(pc, POPT_BADOPTION_NOALIAS),
1491 return NT_STATUS_INVALID_PARAMETER;
1498 timeout = opt_timeout;
1501 /* create an entry */
1502 result = cli_reg_shutdown(cli, mem_ctx, msg, timeout, opt_reboot, opt_force);
1504 if (NT_STATUS_IS_OK(result))
1505 DEBUG(5,("Shutdown of remote machine succeeded\n"));
1507 DEBUG(0,("Shutdown of remote machine failed!\n"));
1513 * Shut down a remote RPC server
1515 * @param argc Standard main() style argc
1516 * @param argc Standard main() style argv. Initial components are already
1519 * @return A shell status integer (0 for success)
1522 static int rpc_shutdown(int argc, const char **argv)
1524 return run_rpc_command(NULL, PI_WINREG, 0, rpc_shutdown_internals,
1528 /***************************************************************************
1529 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
1531 ***************************************************************************/
1534 * Add interdomain trust account to the RPC server.
1535 * All parameters (except for argc and argv) are passed by run_rpc_command
1538 * @param domain_sid The domain sid acquired from the server
1539 * @param cli A cli_state connected to the server.
1540 * @param mem_ctx Talloc context, destoyed on completion of the function.
1541 * @param argc Standard main() style argc
1542 * @param argc Standard main() style argv. Initial components are already
1545 * @return normal NTSTATUS return code
1548 static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
1549 int argc, const char **argv) {
1551 POLICY_HND connect_pol, domain_pol, user_pol;
1552 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1555 uint32 unknown, user_rid;
1558 d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
1559 return NT_STATUS_INVALID_PARAMETER;
1563 * Make valid trusting domain account (ie. uppercased and with '$' appended)
1566 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
1567 return NT_STATUS_NO_MEMORY;
1570 strupper(acct_name);
1572 /* Get samr policy handle */
1573 result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1575 if (!NT_STATUS_IS_OK(result)) {
1579 /* Get domain policy handle */
1580 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
1581 MAXIMUM_ALLOWED_ACCESS,
1582 domain_sid, &domain_pol);
1583 if (!NT_STATUS_IS_OK(result)) {
1587 /* Create trusting domain's account */
1588 acb_info = ACB_DOMTRUST;
1589 unknown = 0xe00500b0; /* No idea what this is - a permission mask?
1590 mimir: yes, most probably it is */
1592 result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
1593 acct_name, acb_info, unknown,
1594 &user_pol, &user_rid);
1595 if (!NT_STATUS_IS_OK(result)) {
1600 SAM_USERINFO_CTR ctr;
1601 SAM_USER_INFO_24 p24;
1602 fstring ucs2_trust_password;
1606 ucs2_pw_len = push_ucs2(NULL, ucs2_trust_password, argv[1],
1607 sizeof(ucs2_trust_password), 0);
1609 encode_pw_buffer((char *)pwbuf, ucs2_trust_password,
1615 init_sam_user_info24(&p24, (char *)pwbuf, 24);
1617 ctr.switch_value = 24;
1618 ctr.info.id24 = &p24;
1620 result = cli_samr_set_userinfo(cli, mem_ctx, &user_pol, 24,
1621 cli->user_session_key, &ctr);
1623 if (!NT_STATUS_IS_OK(result)) {
1624 DEBUG(0,("Could not set trust account password: %s\n",
1625 nt_errstr(result)));
1631 SAFE_FREE(acct_name);
1636 * Create interdomain trust account for a remote domain.
1638 * @param argc standard argc
1639 * @param argv standard argv without initial components
1641 * @return Integer status (0 means success)
1644 static int rpc_trustdom_add(int argc, const char **argv)
1646 return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_add_internals,
1652 * Delete interdomain trust account for a remote domain.
1654 * @param argc standard argc
1655 * @param argv standard argv without initial components
1657 * @return Integer status (0 means success)
1660 static int rpc_trustdom_del(int argc, const char **argv)
1662 d_printf("Sorry, not yet implemented.\n");
1668 * Establish trust relationship to a trusting domain.
1669 * Interdomain account must already be created on remote PDC.
1671 * @param argc standard argc
1672 * @param argv standard argv without initial components
1674 * @return Integer status (0 means success)
1677 static int rpc_trustdom_establish(int argc, const char **argv)
1679 struct cli_state *cli;
1680 struct in_addr server_ip;
1681 POLICY_HND connect_hnd;
1682 TALLOC_CTX *mem_ctx;
1685 WKS_INFO_100 wks_info;
1692 * Connect to \\server\ipc$ as 'our domain' account with password
1696 d_printf("Usage: net rpc trustdom establish <domain_name>\n");
1700 domain_name = smb_xstrdup(argv[0]);
1701 strupper(domain_name);
1703 /* account name used at first is our domain's name with '$' */
1704 asprintf(&acct_name, "%s$", lp_workgroup());
1705 strupper(acct_name);
1708 * opt_workgroup will be used by connection functions further,
1709 * hence it should be set to remote domain name instead of ours
1711 if (opt_workgroup) {
1712 opt_workgroup = smb_xstrdup(domain_name);
1715 opt_user_name = acct_name;
1717 /* find the domain controller */
1718 if (!net_find_dc(&server_ip, pdc_name, domain_name)) {
1719 DEBUG(0, ("Coulnd find domain controller for domain %s\n", domain_name));
1723 /* connect to ipc$ as username/password */
1724 nt_status = connect_to_ipc(&cli, &server_ip, pdc_name);
1725 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
1727 /* Is it trusting domain account for sure ? */
1728 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
1729 nt_errstr(nt_status)));
1734 * Connect to \\server\ipc$ again (this time anonymously)
1737 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, (char*)pdc_name);
1739 if (NT_STATUS_IS_ERR(nt_status)) {
1740 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
1741 domain_name, nt_errstr(nt_status)));
1745 * Use NetServerEnum2 to make sure we're talking to a proper server
1748 if (!cli_get_pdc_name(cli, domain_name, (char*)pdc_name)) {
1749 DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\
1750 for domain %s\n", domain_name));
1754 * Call WksQueryInfo to check remote server's capabilities
1755 * note: It is now used only to get unicode domain name
1758 if (!cli_nt_session_open(cli, PI_WKSSVC)) {
1759 DEBUG(0, ("Couldn't not initialise wkssvc pipe\n"));
1763 if (!(mem_ctx = talloc_init("establishing trust relationship to domain %s",
1765 DEBUG(0, ("talloc_init() failed\n"));
1770 nt_status = cli_wks_query_info(cli, mem_ctx, &wks_info);
1772 if (NT_STATUS_IS_ERR(nt_status)) {
1773 DEBUG(0, ("WksQueryInfo call failed.\n"));
1777 if (cli->nt_pipe_fnum)
1778 cli_nt_session_close(cli);
1782 * Call LsaOpenPolicy and LsaQueryInfo
1785 if (!(mem_ctx = talloc_init("rpc_trustdom_establish"))) {
1786 DEBUG(0, ("talloc_init() failed\n"));
1791 if (!cli_nt_session_open(cli, PI_LSARPC)) {
1792 DEBUG(0, ("Could not initialise lsa pipe\n"));
1797 nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
1799 if (NT_STATUS_IS_ERR(nt_status)) {
1800 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
1801 nt_errstr(nt_status)));
1805 /* Querying info level 5 */
1807 nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd,
1808 5 /* info level */, domain_name,
1810 if (NT_STATUS_IS_ERR(nt_status)) {
1811 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
1812 nt_errstr(nt_status)));
1819 /* There should be actually query info level 3 (following nt serv behaviour),
1820 but I still don't know if it's _really_ necessary */
1823 * Store the password in secrets db
1826 if (!secrets_store_trusted_domain_password(domain_name, wks_info.uni_lan_grp.buffer,
1827 wks_info.uni_lan_grp.uni_str_len, opt_password,
1829 DEBUG(0, ("Storing password for trusted domain failed.\n"));
1834 * Close the pipes and clean up
1837 nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd);
1838 if (NT_STATUS_IS_ERR(nt_status)) {
1839 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
1840 nt_errstr(nt_status)));
1844 if (cli->nt_pipe_fnum)
1845 cli_nt_session_close(cli);
1847 talloc_destroy(mem_ctx);
1849 DEBUG(0, ("Success!\n"));
1854 * Revoke trust relationship to the remote domain
1856 * @param argc standard argc
1857 * @param argv standard argv without initial components
1859 * @return Integer status (0 means success)
1862 static int rpc_trustdom_revoke(int argc, const char **argv)
1866 if (argc < 1) return -1;
1868 /* generate upper cased domain name */
1869 domain_name = smb_xstrdup(argv[0]);
1870 strupper(domain_name);
1872 /* delete password of the trust */
1873 if (!trusted_domain_password_delete(domain_name)) {
1874 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
1883 * Usage for 'net rpc trustdom' command
1885 * @param argc standard argc
1886 * @param argv standard argv without inital components
1888 * @return Integer status returned to shell
1891 static int rpc_trustdom_usage(int argc, const char **argv)
1893 d_printf(" net rpc trustdom add \t\t add trusting domain's account\n");
1894 d_printf(" net rpc trustdom del \t\t delete trusting domain's account\n");
1895 d_printf(" net rpc trustdom establish \t establish relationship to trusted domain\n");
1896 d_printf(" net rpc trustdom revoke \t abandon relationship to trusted domain\n");
1897 d_printf(" net rpc trustdom list \t show current interdomain trust relationships\n");
1902 static NTSTATUS rpc_query_domain_sid(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx,
1903 int argc, const char **argv)
1906 sid_to_string(str_sid, domain_sid);
1907 d_printf("%s\n", str_sid);
1908 return NT_STATUS_OK;
1912 static int rpc_trustdom_list(int argc, const char **argv)
1914 /* common variables */
1915 TALLOC_CTX* mem_ctx;
1916 struct cli_state *cli, *remote_cli;
1918 const char *domain_name = NULL;
1919 DOM_SID queried_dom_sid;
1920 fstring ascii_sid, padding;
1921 int ascii_dom_name_len;
1922 POLICY_HND connect_hnd;
1924 /* trusted domains listing variables */
1926 int num_domains, i, pad_len, col_len = 20;
1927 DOM_SID *domain_sids;
1928 char **trusted_dom_names;
1929 fstring pdc_name, dummy;
1931 /* trusting domains listing variables */
1932 POLICY_HND domain_hnd;
1933 char **trusting_dom_names;
1934 uint32 *trusting_dom_rids;
1937 * Listing trusted domains (stored in secrets.tdb, if local)
1940 mem_ctx = talloc_init("trust relationships listing");
1943 * set domain and pdc name to local samba server (default)
1944 * or to remote one given in command line
1947 if (StrCaseCmp(opt_workgroup, lp_workgroup())) {
1948 domain_name = opt_workgroup;
1949 opt_target_workgroup = opt_workgroup;
1951 fstrcpy(pdc_name, global_myname());
1952 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
1953 opt_target_workgroup = domain_name;
1956 /* open \PIPE\lsarpc and open policy handle */
1957 if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) {
1958 DEBUG(0, ("Couldn't connect to domain controller\n"));
1962 if (!cli_nt_session_open(cli, PI_LSARPC)) {
1963 DEBUG(0, ("Could not initialise lsa pipe\n"));
1967 nt_status = cli_lsa_open_policy2(cli, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
1969 if (NT_STATUS_IS_ERR(nt_status)) {
1970 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
1971 nt_errstr(nt_status)));
1975 /* query info level 5 to obtain sid of a domain being queried */
1976 nt_status = cli_lsa_query_info_policy(
1977 cli, mem_ctx, &connect_hnd, 5 /* info level */,
1978 dummy, &queried_dom_sid);
1980 if (NT_STATUS_IS_ERR(nt_status)) {
1981 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
1982 nt_errstr(nt_status)));
1987 * Keep calling LsaEnumTrustdom over opened pipe until
1988 * the end of enumeration is reached
1991 d_printf("Trusted domains list:\n\n");
1994 nt_status = cli_lsa_enum_trust_dom(cli, mem_ctx, &connect_hnd, &enum_ctx,
1996 &trusted_dom_names, &domain_sids);
1998 if (NT_STATUS_IS_ERR(nt_status)) {
1999 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
2000 nt_errstr(nt_status)));
2004 for (i = 0; i < num_domains; i++) {
2005 /* convert sid into ascii string */
2006 sid_to_string(ascii_sid, &(domain_sids[i]));
2008 /* calculate padding space for d_printf to look nicer */
2009 pad_len = col_len - strlen(trusted_dom_names[i]);
2010 padding[pad_len] = 0;
2011 do padding[--pad_len] = ' '; while (pad_len);
2013 d_printf("%s%s%s\n", trusted_dom_names[i], padding, ascii_sid);
2017 * in case of no trusted domains say something rather
2018 * than just display blank line
2020 if (!num_domains) d_printf("none\n");
2022 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
2024 /* close this connection before doing next one */
2025 nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd);
2026 if (NT_STATUS_IS_ERR(nt_status)) {
2027 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
2028 nt_errstr(nt_status)));
2032 cli_nt_session_close(cli);
2035 * Listing trusting domains (stored in passdb backend, if local)
2038 d_printf("\nTrusting domains list:\n\n");
2041 * Open \PIPE\samr and get needed policy handles
2043 if (!cli_nt_session_open(cli, PI_SAMR)) {
2044 DEBUG(0, ("Could not initialise samr pipe\n"));
2049 nt_status = cli_samr_connect(cli, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
2051 if (!NT_STATUS_IS_OK(nt_status)) {
2052 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
2053 nt_errstr(nt_status)));
2057 /* SamrOpenDomain - we have to open domain policy handle in order to be
2058 able to enumerate accounts*/
2059 nt_status = cli_samr_open_domain(cli, mem_ctx, &connect_hnd,
2060 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
2061 &queried_dom_sid, &domain_hnd);
2062 if (!NT_STATUS_IS_OK(nt_status)) {
2063 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
2064 nt_errstr(nt_status)));
2069 * perform actual enumeration
2072 enum_ctx = 0; /* reset enumeration context from last enumeration */
2075 nt_status = cli_samr_enum_dom_users(cli, mem_ctx, &domain_hnd,
2076 &enum_ctx, ACB_DOMTRUST, 0xffff,
2077 &trusting_dom_names, &trusting_dom_rids,
2079 if (NT_STATUS_IS_ERR(nt_status)) {
2080 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
2081 nt_errstr(nt_status)));
2085 for (i = 0; i < num_domains; i++) {
2088 * get each single domain's sid (do we _really_ need this ?):
2089 * 1) connect to domain's pdc
2090 * 2) query the pdc for domain's sid
2093 /* get rid of '$' tail */
2094 ascii_dom_name_len = strlen(trusting_dom_names[i]);
2095 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
2096 trusting_dom_names[i][ascii_dom_name_len - 1] = '\0';
2098 /* calculate padding space for d_printf to look nicer */
2099 pad_len = col_len - strlen(trusting_dom_names[i]);
2100 padding[pad_len] = 0;
2101 do padding[--pad_len] = ' '; while (pad_len);
2103 /* set opt_* variables to remote domain */
2104 strupper(trusting_dom_names[i]);
2105 opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]);
2106 opt_target_workgroup = opt_workgroup;
2108 d_printf("%s%s", trusting_dom_names[i], padding);
2110 /* connect to remote domain controller */
2111 remote_cli = net_make_ipc_connection(NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS);
2113 /* query for domain's sid */
2114 if (run_rpc_command(remote_cli, PI_LSARPC, 0, rpc_query_domain_sid, argc, argv))
2115 d_printf("couldn't get domain's sid\n");
2117 cli_shutdown(remote_cli);
2120 d_printf("domain controller is not responding\n");
2124 if (!num_domains) d_printf("none\n");
2126 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
2128 /* close opened samr and domain policy handles */
2129 nt_status = cli_samr_close(cli, mem_ctx, &domain_hnd);
2130 if (!NT_STATUS_IS_OK(nt_status)) {
2131 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
2134 nt_status = cli_samr_close(cli, mem_ctx, &connect_hnd);
2135 if (!NT_STATUS_IS_OK(nt_status)) {
2136 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
2139 /* close samr pipe and connection to IPC$ */
2140 cli_nt_session_close(cli);
2143 talloc_destroy(mem_ctx);
2148 * Entrypoint for 'net rpc trustdom' code
2150 * @param argc standard argc
2151 * @param argv standard argv without initial components
2153 * @return Integer status (0 means success)
2156 static int rpc_trustdom(int argc, const char **argv)
2158 struct functable func[] = {
2159 {"add", rpc_trustdom_add},
2160 {"del", rpc_trustdom_del},
2161 {"establish", rpc_trustdom_establish},
2162 {"revoke", rpc_trustdom_revoke},
2163 {"help", rpc_trustdom_usage},
2164 {"list", rpc_trustdom_list},
2169 rpc_trustdom_usage(argc, argv);
2173 return (net_run_function(argc, argv, func, rpc_user_usage));
2177 * Check if a server will take rpc commands
2178 * @param flags Type of server to connect to (PDC, DMB, localhost)
2179 * if the host is not explicitly specified
2180 * @return BOOL (true means rpc supported)
2182 BOOL net_rpc_check(unsigned flags)
2184 struct cli_state cli;
2186 struct in_addr server_ip;
2187 char *server_name = NULL;
2189 /* flags (i.e. server type) may depend on command */
2190 if (!net_find_server(flags, &server_ip, &server_name))
2194 if (cli_initialise(&cli) == False)
2197 if (!cli_connect(&cli, server_name, &server_ip))
2199 if (!attempt_netbios_session_request(&cli, global_myname(),
2200 server_name, &server_ip))
2202 if (!cli_negprot(&cli))
2204 if (cli.protocol < PROTOCOL_NT1)
2214 /****************************************************************************/
2218 * Basic usage function for 'net rpc'
2219 * @param argc Standard main() style argc
2220 * @param argv Standard main() style argv. Initial components are already
2224 int net_rpc_usage(int argc, const char **argv)
2226 d_printf(" net rpc info \t\t\tshow basic info about a domain \n");
2227 d_printf(" net rpc join \t\t\tto join a domain \n");
2228 d_printf(" net rpc oldjoin \t\t\tto join a domain created in server manager\n\n\n");
2229 d_printf(" net rpc testjoin \t\ttests that a join is valid\n");
2230 d_printf(" net rpc user \t\t\tto add, delete and list users\n");
2231 d_printf(" net rpc group \t\tto list groups\n");
2232 d_printf(" net rpc share \t\tto add, delete, and list shares\n");
2233 d_printf(" net rpc file \t\t\tto list open files\n");
2234 d_printf(" net rpc changetrustpw \tto change the trust account password\n");
2235 d_printf(" net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
2236 d_printf(" net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
2237 d_printf(" net rpc samdump \t\tdiplay an NT PDC's users, groups and other data\n");
2238 d_printf(" net rpc trustdom \t\tto create trusting domain's account\n"
2239 "\t\t\t\t\tor establish trust\n");
2240 d_printf(" net rpc abortshutdown \tto abort the shutdown of a remote server\n");
2241 d_printf(" net rpc shutdown \t\tto shutdown a remote server\n");
2243 d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
2244 d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
2245 d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
2246 d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
2247 d_printf("\t-c or --comment=<message>\ttext message to display on impending shutdown\n");
2253 * Help function for 'net rpc'. Calls command specific help if requested
2254 * or displays usage of net rpc
2255 * @param argc Standard main() style argc
2256 * @param argv Standard main() style argv. Initial components are already
2260 int net_rpc_help(int argc, const char **argv)
2262 struct functable func[] = {
2263 {"join", rpc_join_usage},
2264 {"user", rpc_user_usage},
2265 {"group", rpc_group_usage},
2266 {"share", rpc_share_usage},
2267 /*{"changetrustpw", rpc_changetrustpw_usage}, */
2268 {"trustdom", rpc_trustdom_usage},
2269 /*{"abortshutdown", rpc_shutdown_abort_usage},*/
2270 /*{"shutdown", rpc_shutdown_usage}, */
2275 net_rpc_usage(argc, argv);
2279 return (net_run_function(argc, argv, func, rpc_user_usage));
2284 * 'net rpc' entrypoint.
2285 * @param argc Standard main() style argc
2286 * @param argv Standard main() style argv. Initial components are already
2290 int net_rpc(int argc, const char **argv)
2292 struct functable func[] = {
2293 {"info", net_rpc_info},
2294 {"join", net_rpc_join},
2295 {"oldjoin", net_rpc_oldjoin},
2296 {"testjoin", net_rpc_testjoin},
2297 {"user", net_rpc_user},
2298 {"group", net_rpc_group},
2299 {"share", net_rpc_share},
2300 {"file", net_rpc_file},
2301 {"changetrustpw", net_rpc_changetrustpw},
2302 {"trustdom", rpc_trustdom},
2303 {"abortshutdown", rpc_shutdown_abort},
2304 {"shutdown", rpc_shutdown},
2305 {"samdump", rpc_samdump},
2306 {"vampire", rpc_vampire},
2307 {"getsid", net_rpc_getsid},
2308 {"help", net_rpc_help},
2311 return net_run_function(argc, argv, func, net_rpc_usage);